On the internet, now everybody knows you're not a dog

On the internet, now everybody knows you're not a dog

Summary: Internet anonymity is being eroded by desires to streamline online transactions and the demands of web businesses to know more about us. But is this new world, where everybody knows your name, really a good thing?

SHARE:
Dog with laptop
On the internet, nobody knows if you're a dog. But with the rise of 'federated ID', does this still hold true?

Our online identity is made up of a cluster of diverse personas, each deployed in different circumstances. Your Twitter personality - and identity - may be different to the one you use on Facebook or LinkedIn, while the persona you turn to when commenting on a sports website will be at variance to the alter ego you use on your corporate blog.

While online anonymity is used both for good and evil — say, by whistleblowers and trolls respectively — it's this ability to use an inconsistent and even contradictory set of personas that makes the internet so creative, and so attractive to many people. As the old joke goes, on the internet, nobody knows you are a dog.

From a commercial point of view, fragmented identity is something of an irritant

But while this fluid concept of identity has been part of the web from the early days, it's increasingly at odds with the internet economy. From a commercial point of view, this fragmented identity is an irritant: companies would much rather be able to tie a persona to a person – to turn an online identity into a verifiable human being.

That's because much of the web economy is based on businesses gathering up the scraps of data that we shed as we roam the internet – information about where we've been, what we've read or which products we've browsed and bought. All this material is collated, analysed and sold on as a package of information to companies that can use it to target advertising at us. It's far easier to track a consumer wandering the web that it is to follow their journey through the high street.

As well as the needs of businesses, individuals too could benefit from being able to present a more 'real' identity online, to authenticate themselves across a variety of websites and services more easily than the traditional method of having to set up and remember a different password for each site. A single, verified online identity would save the time and hassle caused by keeping logins separate, and if kept safe, it would also spare us the trouble that can come with losing or forgetting those passwords.

As such, there is a gradual movement on a number of fronts to strengthen the links between individuals' online and offline personas. That doesn't mean it's an easy transition, however, and it's leading to some friction between businesses and web users along the way.

For example, when it comes to making sure users' identities are the same offline and online, Facebook's policy is clear: "Facebook is a community where people use their real identities. We require everyone to provide their real names, so you always know who you're connecting with... The name you use should be your real name as it would be listed on your credit card, student ID, etc." Indeed, Facebook feels so strongly about real names that in Germany it has just launched — and won — a legal action to allow it to ban the use of fake names on the site.

BYO-ID?

And our social media identities are becoming valuable beyond the boundaries of the website where they were created. "Social media as a source of identity is already being used widely," said Bob Tarzey, analyst with Quocirca: Facebook users, for example, can use their identity to sign into services such as Spotify, or other websites to post comments - a link that has been resisted by some users.

Increasing numbers of organisations are using social media identities as a way of recognising customers and staff

Tarzey sees these identities being used more broadly in the future, which he describes as 'bring your own identity' or BYO-ID. "If you've got a way of authenticating yourself and you are comfortable with it for accessing your bank account, then why should your employer not use the same thing? BYOD happened because companies had to respond to what staff did and that's probably what will drive BYO-ID," Tarzey told ZDNet.

According to Quocirca research sponsored by CA Technologies, increasing numbers of organisations are using social media identities as a way of recognising customers and staff — leading to increased interest in identity and access management technologies. "Is it even possible in future that your Facebook or Google identity could be the basis for your access to online banking?" the research asks.

Governments are also keen to introduce a more certain online identity. In the UK, the trend is taking the form of the Identity Assurance Programme, which works with PayPal, the Post Office, Experian, Verizon and others to create ways for the public to assert their identities in order to access government services. The White House is also working on a project called the National Strategy for Trusted Identities in Cyberspace (NSTIC), which has similar objectives.

And there are others: retailers, banks and mobile phone companies are keen to provide these identity services, too. One industry group, dubbed Fido (Fast Identity Online), aims to develop an identity authentication protocol that bypasses the need for passwords and, with the likes of PayPal and Lenovo among its members, develop the hardware, software, and services that works with it.

One identity to rule them all?

Much of this makes sense — the more passwords a user has, the more likely they are to be lost, forgotten or written on post-it notes. Using a form of global single sign-on would make life easier for many, and cut costs for businesses and governments that want to know who they are really doing business with online.

But at what cost? Unless very clear guidelines are put in place around how that data could be reused, many would be reluctant to hand so much sensitive information about their behaviour online to any one organisation.

The attraction of a federated identity model, where a number of different entities from retailers to banks or mobile phone companies could offer identity verification, is that is would help quash fears about any government knowing too much about our online habits.

All this works up to a point: governments would simply need to wield the legal tools at their disposal to get private companies to share what they know about users in the interests, justified or otherwise, of national security.

For some consumers, fragmented identities are desirable, or even necessary. Splitting online identities means individuals can explore interests privately without having that knowledge of that impinge on the online face they present to the world at large. For those living under repressive regimes, the need to make sure online identities can't be tied to real ones is even more vital. Multiple identities allow people the freedom to express themselves without repercussions — a freedom that, for good or ill, could be lost with a single, federated ID.

The data-wary

Consumers are becoming increasingly cautious about how their data is used or misused. Recently, analysts warned that consumers may shut off the flow of 'little data' that the internet economy requires to exist.

If consumers are already worried about how their data is being used, as we move into this new world of BYO-ID, organisations of all sizes need up their game in terms of security, honesty and transparency when it comes to gathering, storing and reusing our identities. They also need to do a better job of selling the benefits to us.

All of this can be dealt with, but there is also fear that as we move further from the idea that 'on the internet, nobody knows you are a dog' to an online world with more limited anonymity, we risk hounding out the creative energy — and the openness — that made the web so innovative in the first place.

Topics: Enterprise Software, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • I use Keypass

    http://keepass.info/

    And have tons of accounts for pretty much everything; email accounts just for resonding the news like this (tech news, ones for political news, ect), emails for forums, emails for subscriptions, ect. It isn't that hard to keep your passwords and accounts seperated.

    Has a rule of thumb I never use Facebook or Twitter, never saw the appeal (I'm the odd one out from my generation I suppose). Though I do like Tumblr and Reddit (yes, I have seperate accounts for those, too).
    icyrock
  • Re: Wow

    I guess people like DavidWilliams35 only add fuel to the fire of tending to require real identities.
    huntm856
    • My takeaway from him is that

      ZDNet's spam filters are like gun control legislation. They only work on honest people.
      baggins_z
  • The problem is...

    ...that companies that use data aren't sufficiently willing to tell people how they intend to use it, or to give users tools to control that use and pull back their data if it isn't used in accordance with their wishes.

    I give a lot of data to some ad-based companies because they are forthright in telling me how they intend to use it, and I understand and approve of those uses.

    But I block social network and ad network cookies and trackers, and anything else that tracks me across sites, because most companies that do cross-site tracking and user profiling don't even seek to gain my input, or tell me what they are doing with that data.
    huntm856
    • You Mean

      Like Google and Facebook
      bb_apptix
  • Apply your thoughts on anonymous & oppressive governments

    http://realcampaignreform.org/babka/liberty_for.htm

    Why is compulsory disclosure is considered a good thing?
    Nowadays, few people question the propriety of disclosure of campaign contributions. Even conservatives and some libertarians have come to the conclusion that we must know who is behind the Congressman, or who is funding a particular commercial. Some Americans believe that disclosure is essential to the proper operation of democracy.

    Let's carry this premise to its logical conclusion.

    How many Americans insist their "oughta be a law" requiring the media to divulge their "governmental sources?" Imagine the trouble Woodward and Bernstein would've had if they'd had to disclose who "Deep Throat" was.

    How many people want government compelled disclosure of the names, addresses, vocations and employers of persons who "volunteer" for campaigns? After all, some people's time is quite valuable.

    Or how many people believe we need to end the secret ballot? Is it possible that some people voting for particular candidates because they expect to receive special favors from the government if the candidate wins?

    This could be done. After all, the secret ballot isn't required by the Constitution. During the colonial period many government officials were elected by voice or a show of hands. This practice didn't die out entirely until the 1860s. And paper ballots didn't become popular until early in the 19th century. At first, voters made their own ballots and brought them to the polls. Then political parties started printing ballots and the polling places became akin to an open auction. Ticket distributors would fight with each other and the elderly were scared away. And that's why we have secret ballots today -- to protect the voters from reprisals and threats of violence.

    But shouldn't we also want to protect political donors from potential reprisals from candidates they didn't support, especially if the candidates the donors opposed are elected to office and have the power of government behind them?

    This seems obvious, but for some reason we've gone the opposite way on financial disclosure. Why? Anonymous political documents predate the settling of our country. The first was a document written in the 1570s under the fictitious name Junius Brutus. In English it's titled A Defense of Liberty Against Tyrants. According to historians, this document played a role in the destruction of the Stuarts, then the royal family of Great Britain. And this document also influenced America's patriots.

    There are other pre-revolutionary examples, including the story of John Peter Zenger, whose case was a precedent for the 1st Amendment freedom of the press and the concept of fully informed juries.

    Another example was John Dickson, a colonial patriot who anonymously protested the preponderance of taxes by Parliament in his Letters from a Farmer in Pennsylvania. Add to this list, Thomas Paine's Common Sense, which was published with the byline "An Englishman."

    But the best examples occurred during the debate over the Constitution itself. Publius, the pseudonym of James Madison, Alexander Hamilton, and John Jay, wrote the Federalist Papers. And let's give equal time to "Brutus," "Federal Farmer," "Centinel," and "Cato" -- all of them took the anti-federalist position. (Too bad they lost.)

    The list goes on, but the point is this: Government-compelled disclosure is unconstitutional and un-American.

    Does disclosure have its place? Sure it does. Any campaign can choose to report its donors to the public and most probably would because the voters might want it (although there was no disclosure at all before the 1970s); and politicians tend to give voters what they want, whenever they can. Voluntary disclosure might even be more reliable because campaigns could hire companies like Price Waterhouse to provide validity to their disclosures. In a regulation-free atmosphere, campaigns most likely would compete with their opponents to provide the clearest disclosure. They might even subject their reports to independent audits. This would be in marked contrast to the obscure forms that are now filed with the Federal Election Commission.
    Repeal
  • why is this all about consumers/citizen?

    I am surprised your article doesn't discuss the implications for businesses. Businesses commonly hide their identity behind anonymized DNS records and third party service providers...

    Does a future with offline/online single ID mean that DNS will become more transparent and business anonymity will be banned?

    I think it would be a good idea, one that consumers should see as the minimum required compensation for being forced to let, even partially, of online anonymity.
    danielnicollet
  • I can see no benefit to compulsory "real identity" systems in most cases

    I joined Facebook with my real name for the sole purpose of connecting with real human beings that I want to connect with, and not for any commercial organization's benefit. I do not use my real identity / name for things like posting comments on websites -- yes, what you see here is NOT my real name ;-)

    Why do I not want my real name associate with online commentary? Because anybody and their mother can google a name and pull up every comment posted by that identity. I should be able to post flamebait or otherwise honest but unpopular ideas for discussion without having to worry that the gubmint or a current/future employer will use such comments against me.

    The reality of all these "real id" systems that websites are pushing is that (a) their only concern/desire/purpose is to use them to monetize your online activity by selling your identification for marketing purposes; and (b) such systems allow people or organizations to identify unpopular ideas and cause you (the 'real' poster) actual harm based on your speech.

    Forcing real identification online will ensure that you will either have to thoroughly self-censor your thoughts/ideas/speech, or you will be severely punished by others for your speech. That is an absolute 100% guaranteed result. Even here in the good ol' You Ess of Ay. Not a week goes by that I don't read about some fool getting picked up by law enforcement for something they posted online (in most cases, some dimwit bragged about a crime they committed) ... but I have no doubts that in the near future the same LEO engines will be targeting political dissenters. And even if you have no reason to fear law enforcement (yeah, right), you will at a minimum be personally attacked by private individuals and organizations for any unpopular speech.

    If I see a posting by an asshat online, I reserve the right to call him/her an asshat online. But by the fact that he/she is an asshat, I don't want to put my real name up there so as to forestall any personal cyber stalking (or worse yet, direct physical attacks in real life). Once your real name is out there, getting personal info like where you live or where you work is only a few clicks away ... and the clear threat of direct personal harm is far too real in this society for that to not be of grave concern.

    For anyone who might brush off my concerns as the ramblings of an unbalanced paranoid mindset, perhaps they'd like to consider the likely results of posting negative comments about your job or a company you've done business with. Already in the here and now people are getting fired for posting unflattering commentary about work (search "bitter barista") and many companies are suing / cyber-stalking / harassing people who post negative reviews about service or products (just search for general consumer rights information, there are tons of anecdotes & reports on this subject).

    Forcing "real id" as a requirement to engage in public discourse or to use products / services online is a bad idea, and I would hope people open their eyes to the threat this trend poses.
    Gravyboat McGee
  • What does this sound like?

    “Governments are also keen to introduce a more certain online identity.. The White House is also working on a project called the National Strategy for Trusted Identities in Cyberspace (NSTIC),“

    “Using a form of global single sign-on would make life easier for many, and cut costs for businesses and governments that want to know who they are really doing business with online.”

    “,,,governments would simply need to wield the legal tools at their disposal to get private companies to share what they know about users in the interests, justified or otherwise, of national security.”

    Sounds like “Big Brother” to me.

    Doc
    Doc.Savage
  • How about the inverse problem?

    I need to know that the login page is legitimate and not a fake.
    Some sites address me with my private user ID so I know they are legitimate.
    mwein103
  • If compulsory real names are good...

    then presumably we should ban all books published under pseudonyms too. For that matter, we should make artists of all kinds sign their work with their real names, right? What utter nonsense.
    6502coder
  • No Way

    I don't want my LinkedIn and Facebook profiles the same, or connected in any way. I use LinkedIn for one thing and I use Facebook for entirely different reasons. The former is work related and the latter is for play and social and hobby interests.

    I don't have a YouTube account because in order to get that I have to have a Google account, and I choose not to deal with Google. As a previous poster stated, they "use data [and] aren't sufficiently willing to tell people how they intend to use it, or to give users tools to control that use and pull back their data if it isn't used in accordance with their wishes." They steal your data and then say they didn't realize they were doing it. Yeah, right...

    I also don't want my hobby message board personas connected to my LinkedIn or FaceBook or anything else. I wish to be able to post freely.

    I don't use Twitter because I don't feel a need to tell people when I'm eating lunch, using the restroom, or getting my hair cut.
    bb_apptix
  • Real vs Trolls

    There is a lot to be said for being able to speak your mind without fear of some form of repercussion. Anonymity seems to offer that, but one thing I have noticed increasingly over the years is that younger people especially tend to use anonymous forums to say hateful, nasty things they wouldn't say if people knew who they were. Freedom to speak candidly becomes freedom to be a jerk and even create real harm to the targets of their poison. ZDNet's comments are full of this kind of careless venom instead of real discussion. Nothing in the world will stop hateful people from saying poisonous things, but at least if they know everyone can see who they are, they might throttle it back a little; think twice before saying something that they could (and should) be accountable for.
    JoeFoerster
  • What a gold mine

    for identity thieves. As China and Anonymous have shown, it is very difficult to make an online presence hack proof.
    don3605