On the internet, now everybody knows you're not a dog
Internet anonymity is being eroded by desires to streamline online transactions and the demands of web businesses to know more about us. But is this new world, where everybody knows your name, really a good thing?
Our online identity is made up of a cluster of diverse personas, each deployed in different circumstances. Your Twitter personality - and identity - may be different to the one you use on Facebook or LinkedIn, while the persona you turn to when commenting on a sports website will be at variance to the alter ego you use on your corporate blog.
While online anonymity is used both for good and evil — say, by whistleblowers and trolls respectively — it's this ability to use an inconsistent and even contradictory set of personas that makes the internet so creative, and so attractive to many people. As the old joke goes, on the internet, nobody knows you are a dog.
From a commercial point of view, fragmented identity is something of an irritant
But while this fluid concept of identity has been part of the web from the early days, it's increasingly at odds with the internet economy. From a commercial point of view, this fragmented identity is an irritant: companies would much rather be able to tie a persona to a person – to turn an online identity into a verifiable human being.
That's because much of the web economy is based on businesses gathering up the scraps of data that we shed as we roam the internet – information about where we've been, what we've read or which products we've browsed and bought. All this material is collated, analysed and sold on as a package of information to companies that can use it to target advertising at us. It's far easier to track a consumer wandering the web that it is to follow their journey through the high street.
As well as the needs of businesses, individuals too could benefit from being able to present a more 'real' identity online, to authenticate themselves across a variety of websites and services more easily than the traditional method of having to set up and remember a different password for each site. A single, verified online identity would save the time and hassle caused by keeping logins separate, and if kept safe, it would also spare us the trouble that can come with losing or forgetting those passwords.
As such, there is a gradual movement on a number of fronts to strengthen the links between individuals' online and offline personas. That doesn't mean it's an easy transition, however, and it's leading to some friction between businesses and web users along the way.
For example, when it comes to making sure users' identities are the same offline and online, Facebook's policy is clear: "Facebook is a community where people use their real identities. We require everyone to provide their real names, so you always know who you're connecting with... The name you use should be your real name as it would be listed on your credit card, student ID, etc." Indeed, Facebook feels so strongly about real names that in Germany it has just launched — and won — a legal action to allow it to ban the use of fake names on the site.
And our social media identities are becoming valuable beyond the boundaries of the website where they were created. "Social media as a source of identity is already being used widely," said Bob Tarzey, analyst with Quocirca: Facebook users, for example, can use their identity to sign into services such as Spotify, or other websites to post comments - a link that has been resisted by some users.
Increasing numbers of organisations are using social media identities as a way of recognising customers and staff
Tarzey sees these identities being used more broadly in the future, which he describes as 'bring your own identity' or BYO-ID. "If you've got a way of authenticating yourself and you are comfortable with it for accessing your bank account, then why should your employer not use the same thing? BYOD happened because companies had to respond to what staff did and that's probably what will drive BYO-ID," Tarzey told ZDNet.
According to Quocirca research sponsored by CA Technologies, increasing numbers of organisations are using social media identities as a way of recognising customers and staff — leading to increased interest in identity and access management technologies. "Is it even possible in future that your Facebook or Google identity could be the basis for your access to online banking?" the research asks.
Governments are also keen to introduce a more certain online identity. In the UK, the trend is taking the form of the Identity Assurance Programme, which works with PayPal, the Post Office, Experian, Verizon and others to create ways for the public to assert their identities in order to access government services. The White House is also working on a project called the National Strategy for Trusted Identities in Cyberspace (NSTIC), which has similar objectives.
And there are others: retailers, banks and mobile phone companies are keen to provide these identity services, too. One industry group, dubbed Fido (Fast Identity Online), aims to develop an identity authentication protocol that bypasses the need for passwords and, with the likes of PayPal and Lenovo among its members, develop the hardware, software, and services that works with it.
One identity to rule them all?
Much of this makes sense — the more passwords a user has, the more likely they are to be lost, forgotten or written on post-it notes. Using a form of global single sign-on would make life easier for many, and cut costs for businesses and governments that want to know who they are really doing business with online.
But at what cost? Unless very clear guidelines are put in place around how that data could be reused, many would be reluctant to hand so much sensitive information about their behaviour online to any one organisation.
The attraction of a federated identity model, where a number of different entities from retailers to banks or mobile phone companies could offer identity verification, is that is would help quash fears about any government knowing too much about our online habits.
All this works up to a point: governments would simply need to wield the legal tools at their disposal to get private companies to share what they know about users in the interests, justified or otherwise, of national security.
For some consumers, fragmented identities are desirable, or even necessary. Splitting online identities means individuals can explore interests privately without having that knowledge of that impinge on the online face they present to the world at large. For those living under repressive regimes, the need to make sure online identities can't be tied to real ones is even more vital. Multiple identities allow people the freedom to express themselves without repercussions — a freedom that, for good or ill, could be lost with a single, federated ID.
If consumers are already worried about how their data is being used, as we move into this new world of BYO-ID, organisations of all sizes need up their game in terms of security, honesty and transparency when it comes to gathering, storing and reusing our identities. They also need to do a better job of selling the benefits to us.
All of this can be dealt with, but there is also fear that as we move further from the idea that 'on the internet, nobody knows you are a dog' to an online world with more limited anonymity, we risk hounding out the creative energy — and the openness — that made the web so innovative in the first place.