A few days ago I received an email accusing me of having perpetrated some unspecified antisocial act on a Web site, presumably a blog. Unfortunately, the writer did not provide an URL and so I was unable to check the facts for myself. The name of the site was given but it meant nothing to me and didn’t seem the sort of site I would visit.
I wrote to the author of the email, expressing my mystification and asking for further details. So far, I have received no reply. Perhaps she does not monitor her email regularly or has realized that she has made a mistake or… There are so many possibilities and I leave you to think up your own.
This does, however, raise a genuine problem. There are so many people online these days looking for names that the likelihood of any name being repeated is very high: “SilverTiger”, in various formats, is itself hardly a rarity. On sites that allow interaction, it is usually sufficient simply to type in a name and there is no verification at all. If someone comments on your blog signing himself “SilverTiger”, you may have no way of knowing whether it is this SilverTiger or someone else who also uses the name legitimately, or someone trying to cause mischief by pretending to be one or other of the real SilverTigers.
In one sense this doesn’t matter because none of us has exclusive rights to a particular name. On the other hand, we do have exclusive rights to our identity, no matter what name we normally attach to it. I do not want to be blamed for mischief perpetrated by others in my name but I also want to be recognized as myself when I present myself in the public sphere.
The problem, then, is: How do I protect myself from people fraudulently assuming my identity and how do I prove my identity?
One context in which this double-barrelled problem is relevant is in blogging. There are blogs I visit regularly and on which I leave comments. What is to prevent someone, out of resentment or simple mischief, going onto those and other sites and behaving badly, using my name, to the detriment of my reputation? Very little, it seems to me.
There is of course OpenID but this is still far from being a complete solution. For one thing, there are many sites where you can register an OpenID name. There isn’t much to prevent someone creating an OpenID on one site that is a passable imitation of your OpenID on another site. This would be enough to fool many people. Secondly, not many sites yet use OpenID to verify people signing in. Finding a site that both uses it and allows use of the particular OpenID you registered is hit and miss, to say the least.
It seems to me that there needs to be a much more rigorous system, perhaps similar to the domain name system, where a single agency, or at least very few agencies, register people’s online identities, making them verifiable and preventing others from impersonating you.