Does identity matter online?

THIS ARTICLE CONTAINS LINKS WHICH ARE NOT SAFE FOR WORK

This week’s on-line news has been filled with stories about privacy, online identity and identity deception. Identity and gender play has a long history in life online online dating back to the earliest days of the Internet and text based MUDs and MUSEs. Using false or even misleading identities is widely viewed in the Internet community as an aspect of “role playing” and an acceptable or even playful activity. But is it always? Does identity matter online?

I was recently the target of an identity based attack in which one user of an online community service of which I was a member created several false identities known as sock puppets and attempted to use one of these false identities to lure me into an online sexual relationship. It appears that this person may have searched MySpace for an appropriate name and person to use in this deception, including using the “handle” of a real person and finding an image of another person that resembled her. The deception was discovered quickly through a combination of intuition and computer based linguistic analysis, and subsequently confirmed by examining IP addresses in the server logs.

Certainly in some contexts, i.e. online games or Dungeons and Dragons, role playing is an entirely appropriate activity. In other cases, using a false identity is a criminal offense such as when stolen identities are used to make purchases or to access someone else’s personal information through practices such as “pretexting“.

Sherry Turkle’s seminal book on identity in the Internet age, Life on the Screen: Identity in the Age of the Internet, described the psychological effect of playing multiple roles online:

“MUDs are dramatic examples of how computer-mediated communication can serve as a place for the construction and reconstruction of identity… much of the appeal of MUDs—a combination of real time interaction with other people, anonymity (or, in some cases, the illusion of anonymity), and the ability to assume a role as close to or as far from one’s “real self” as one chooses. ” Turkle writes in her even earlier work Second Self, “Terrified of being alone, yet afraid of intimacy, we experience widespread feelings of emptiness, of disconnection, of the unreality of self. And here the computer, a companion without emotional demands, offers a compromise. You can be a loner, but never alone. You can interact, but need never feel vulnerable to another person.”

But as this week’s news illustrates, that feeling of invulnerability has turned out to be almost entirely an illusion. Over on Craigslist, we had the so called RFJason CL Experiment (warning: not safe for work) in which Jason Fortuny a Seattle web developer posted a sexually explicit ad (warning: not safe for work) on the Seattle Craigslist for a female submissive seeking a male dominant partner which he had apparently copied from Craigslist in another area. He then posted the responses he got including true names, e-mail addresses and photographs to the web. Bizzarely he used his own true identity when posting the results of his “experiment” to the web, a decision which has spawned threats of litigation and even violence (see coverage at http://www.waxy.org/). Fortuny’s experiment has already spawned at least one copycat (warning: not safe for work) and has sent ripples of paranoia through the BDSM community.

A break in at Second Life exposed customer account data including not only payment information which was encrypted, but also users true names which were stored unencrypted in clear text. Since many participants in Second Life engage in cybersex (attachable genetalia of various types are the best selling accesories in SL) users may not be too pleased to learn that their true identities might be disclosed in a similar manner. Over in Germany, police investigating a child pornography ring seized Tor servers used to send “anonymous” e-mails. Just how anonymous these e-mails will actually be remains to be seen.

It is a widely held belief within the Internet community that anonymity is good, but required presentation of true identity is bad. However, I believe that several important aspects of online identity are overlooked in this very simplified view. First, identity is power. In many cases, if I know your identity but you don’t know mine, this knowledge gives me power over you that you do not have over me. Consider the examples of pretexting and identity theft in which the perpetrator uses knowledge of the victims identity to obtain personal information or make purchases. Different people or organizations may have different abilities to identify you and control or harm you through this knowledge.

Vernor Vinge’s wonderful book True Names opens with the words:

“In the once upon a time days of the First Age of Magic, the prudent sorcerer regarded his own true name as his most valued possession but also the greatest threat to his continued good health, for –the stories go–once an enemy,even a weak unskilled enemy, learned the sorcer’s true name, then routine and widely known spells could destroy or even enslave even the most powerful. As times passed, and we graduated to the Age of Reason and thence to the first and second industrial revolutions, such notions were discredited. Now it seems that the Wheel has turned full circle (even if there never really was a First Age) and we are back to worrying about true names again.”

Vinge’s words seem especially prescient this week.

The use of a person’s identity to gain power actually has a long history in witchcraft and the occult. Some types of sympathetic magic use identification of objects to influence, gain power or control over a person. Most people are familiar with the Hollywood version, in which a voodoo doll or “poppet” is used to harm someone by sticking the doll with pins. While actual voudon practices differ significantly from this Hollywood version, the idea that a person’s identity (represented by personal items, hair, fingernails, etc.) can be used to gain power over them has a long history in many cultures and traditions.

Again from Vinge:

The first hint Mr. Slippery had that his own True Name might be known–and, for that matter, known to the Great Enemy–came with the appearance of two black Lincolns humming up the long dirt driveway that stretched through the dripping pine forest down to Road 29. Roger Pollack was in his garden weeding, had been there nearly the whole morning, enjoying the barely perceptible drizzle and the overcast, and trying to find the initiative to go inside and do work that actually makes money. He looked up the moment the intruders turned, wheels squealing, into his driveway. Thirty seconds passed, and the cars came out of the third-generation forest to pull up beside and behind Pollack’s Honda. Four heavy-set men and a hard-looking female piled out, started purposefully across his well-tended cabbage patch, crushing tender young plants with a disregard which told Roger that this was no social call.

Second, identity isn’t only about who you are, but also about who you aren’t. Positive identification gives you the ability to prove that you are not a person whereas anonymity does not. This morning BoingBoing has a story about a fake NSA site where you can check to see if you or a friend are listed as a terrorism suspect in a faux database apparently created from white pages and user submissions. While this site is apparently meant as a joke, in a related true story, a man was recently denied a home loan because his credit report mistakenly indicated that he was one of the sons of former Iraqi dictator Saddam Hussein. Imagine a variation of Fortuny’s experiment in which all of the e-mails posted were fictitious. If you were listed in such a false database, how could you prove to your spouse or employer that you were innocent? It might prove difficult or impossible to do so today.

Meanwhile, on YouTube, we learned that LonelyGirl15 was not only not a real person but actually a project produced by a group of filmmakers, and possibly a project backed by the giant Hollywood agency CAA. While video bloggers expressed their dismay over the deception, some also pointed out that part of what made LonelyGirl15 interesting was not knowing whether she was real or fake. Now that we know LonelyGirl15 is a fake, its unclear whether she’ll draw the same audience although her creators claim:

Right now, the biggest mystery of Lonelygirl15 is “who is she?” We think this is an oversimplification. Lonelygirl15 is a reflection of everyone. She is no more real or fictitious than the portions of our personalities that we choose to show (or hide) when we interact with the people around us. Regardless, there are deeper mysteries buried within the plot, dialogue, and background of the Lonelygirl15 videos, and many of our tireless and dedicated fans have unearthed some of these. There are many more to come.

As this insightful video blogger points out, part of what made Lonelygirl15 interesting was the question of whether she was fake or not. Now that we know, its not clear that anyone will keep tuning in to her videos. In another identity related business story, Facebook released some new features raising the spectre that the service might be used to stalk people. Such an uproar was created that the company had to rush to release modificatons to their offering and make a variety of public statements to reassure users. The full fall out of these events is not yet clear. So our third point is that controlling identity (including false identities) not only gives power, it is important to making money on-line.

A number of companies are now trying to capitalize on this idea allowing users to “claim” their online publications and tie these to a unified online identity scheme. For example, ClaimID’s service allows users to “track, verify, classify, annotate, prioritize, and share” information about them online. However, none of these services deal with the issue of who is claiming an identity. It is entirely possible for someone that is not you to claim your identity or create and attribute phony documents to you. In the absence of some sort of biometric identifier, it is hard to see how services like ClaimID can really prevent this from happening.

Where does all of this leave us? It seems that 2006 may be the year in which many of the issues related to online identity management reach a critical point at which a stronger means of online identity management will be developed. It is clear that the care free days of online role playing are over, but the full impact of these events is not yet clear. Time will tell.