Identity / Profiles / Trust

Sarah Perez has an interesting post on RWW, on the "end of online anonymity":

Firstly, repercussions of the Lori Drew case:

A precedent-setting case, the Lori Drew MySpace trial, has just come to an end. If you're unfamiliar, this was a case where an overprotective mom established a fake online identity to bully her daughter's [13 y/o] rival [who then committed suicide]. The judge's ruling has now criminalized the act of creating a fake persona online. In the case of Drew, most would agree she deserves the punishment she received. However, the aftershocks of the ruling could very well impact the online identity creation process for years to come if it's not overturned.

I wonder what a fake persona counts as - is a nom de plume ok if its clear who you are on investigation? And how is this going to be enforced across chatrooms and social nets everywhere? I suspect a rash of "real sounding" names will emerge unless people are forced to hand over credit card details or similar, which will break a huge amount of the internet "good guy" stuff (the spammers will carry on relentlessly regardless....)

And this, of course, is what the Big Boys want - as Sarah notes:

Here, companies like Facebook, Google, and others are already in position to offer a solution for making sure people are who they say they are. Facebook Connect, Google Friend Connect, and Yahoo's Open Strategy, have all been busy trying to grab land on the new frontier of identity management. All of them want to be your de facto online identity provider.

Because for them, the scary alternative is that YOU may do it themselves - see the diagram below:



We first started alerting y'all to the coming metadata war 18 months ago, when we had to look at the Federation vs Aggregation isues for a client. You see, there is no real reason why Facebook or any of the others have to be your MetaData aggregator - but of course, they all desperately want to be, because therein lies your digital footprint, that can (so the theory goes) be monetsied - especially if you have to hand over that gold standard, a credit card billing address. Now Sarah notes that:

No matter who wins, though, it's anonymity that loses. For the sites that move to these types of authentication methods, no longer will their users be able to create disposable usernames and passwords so they can troll around harassing others and leaving juvenile comments. Instead, all participants are themselves online - and subject to the same standards for behavior that you would expect to see if you encountered them in a real-life public situation.

That is a 2 edged sword though - some people note that its only via anonymity that they can get personal data into healing situations online. Others argue that all you do is replace virtual with real world trolls.

We think its not a straight jump from authentication to loss of anonymity, in that it is perfectly possible to be authenticated but be a pseudonym - all you need is a trusted authentication party. This can be structured in ways where it can be owned by its users, or a subset, or nobody rather than by a corporate entity. Of course, the corporates know this which is why they have sought to get (very) close to Open ID, Open Source etc, under the "Keep your friends close but your enemies closer" rule - and the SocNets all want to muscle in on Google's act here - as Sarah notes:

The reality is that we have, in fact, turned over vast amounts of our personal identity to this company in exchange for free webmail with pretty themes, snappy web browsing experiences, free analytics tools, more. As Allen Stern noted this weekend, "Google Knows Where I Am and Everything I Do." (If you want to jump even deeper down that rabbit hole, take a closer look at Google's User Data Empire)

But is the resultant Puritan State of affairs sustainable? (hmmm...no affairs in a nonanonymous world - that's a non starter or starters ):

The only way to prevent reputations from being damaged in the process is to always "be on your best behavior" in public. Frankly, that's no fun. No more wild boys nights out? No more getting silly and stupid with your friends? No - not unless you're willing to live with the consequences of having it plastered online in the morning.

Ain't human nature, won't happen methinks. Who wants to live ina Global Village where everyone knows your business (in fact is prdicting it before you do it). People will not trade that for the supposed (and as yet unproven long term) utility of social connectedness. We will muddle through.... I suspect the real growth business going forward is identity scramblers and anonymisers.

Two interesting pieces on influence in the last few days. Firstly, at the Web Expo 2.0 in Berlin, Nate Elliot of Jupiter did an interesting session on who really influences you in his talk The Future of Influence, from whence comes this matrix wot I made:



In essence, his argument is that we trust people like us a lot, and our friends most, especially when they respond to our Requests for Information. No real surprises there, its the current mantra (what his real angle was about is what marketers can do, which was focus on the "personal, unsolicited box" - illuminating in a sort of Beacon privacy worrying way). However, Nate's main talk was on New vs Classic influentials - the "Gladwellian Tipping Pointers" being the Classics, the "Wired Generation" being the New. Got a Blog, on Twitter, comment on forums? You are a New influencer.

But I must say I was a bit surprised that the Mantra was still being used, as in my experience I (and sundry oddball others) do tend to trust friends for some things, but not big things that we don't think they know a lot about. In that respect I do like the "Solicited, Broadcast" model - or even the "Unsolicited" model if it has people with expertise doing reviews - or just sheer numbers like on Amazon. That I am not alone has been brought out by an interesting piece of research by....Jupiter Research. I saw it on C:Net via Profy:

Facebook likes to trumpet the value of "trusted referrals"-- recommendations and ads with the endorsements of members of your friends list. But a new study from Jupiter Research, commissioned by analytics company BuzzLogic, says that consumer purchases are more likely to be influenced by what they read on a blog versus what their social-networking rosters recommend.

Half of all those surveyed who identify as "blog readers" (people who read more than one blog per month, a fifth of total survey respondents) say that blogs are important to them when it comes to making purchasing decisions. But they don't necessarily find them to be all that reliable: only 15 percent of blog readers, and five percent of all those surveyed said that in the past year they had trusted a blog to help them make a purchase decision.

That's still higher than the number of people who said they used social-network recommendations, though: ten percent of "blog readers," and four percent of all those surveyed.

Results of the survey are similar when it comes to advertising: a quarter of "blog readers" say they trust ads on blogs that they read (versus 43 percent on "familiar" or mainstream media sites), but a slightly lower 19 percent say they trust the ads on social networks.

Are these contradictory - at first I thought so, but then realised they were just starting to be very specific in niche categories. Bloggers who I read I begin to trust over time - and I interact with them, so they move slowly into the "Personal, Solicited" space. They get there by dint of the huge amount of information they give out about the person - after reading a blog a while, you know whether the writer/s are pimps or genuine, and you can see context up the wazoo. This is why they have a Right to Brand as New Influencers.

As to Social Nets, well there again "it depends". I think we do trust our friends and the People Like Us on a Social Net if we solicit the information we think they are competent to give us (restaurants, cameras etc). (question - is trust higher in an early adoption phase of a network - say Twitter - as we think more people are Like Us?).

But also, clearly, the Punters are ahead of the Marketers here in the big picture - Nate is saying the Marketers best play is to go "Personal, Unsolicited" - ie into SocNet land (think Beacon) - but the users have already sussed this and don't quite trust it so much anymore - even if you do dress it up as seeming to come "solicited" from their activity feeds.

Or maybe because of that.....

Last word to Svetlana Gladkova at Profy:

As a blogger I can’t help but be happy about such a rosy picture of the future with reliable bloggers working with the best advertisers to drive readers into making the right buying decisions.

For all the Web 2.0 companies wanting to have an alternative model from Free!, then look no farther than Talk Talk, that paragon of Telco virtue. It has hit on a new wheeze - if you can't get enough customers voluntarily, why not just transfer those (paying) customers from its competitors to yourself?

Yesterday we received 2 letters, addressed to people with my surname but not any of our initials, thanking us for joining Talk Talk and informing us that both our phone numbers were to be switched over from BT - they knew the phone numbers, I have no idea how they got them.

Anyway, tried to sort it out today, was kept hanging on the 'phone for 15 minutes with no reply at all - its an 0870 number (higher rate national dial) so there is an extra revenue stream to go....

Have called BT to assure them we are not leaving, and have mailed Ofcom to complain - and blogged it here too. Lets see what happens.....

Alexander Van Elsas writes about Facebook's latest sca...er service to gather your data - sorry, enhance your experience. Facebook are putting a search box in the system so, in their words:

By integrating web search into Facebook, you can increase the information available to share with your friends, family and coworkers on the site. For example, your friend may invite you to an event at a new restaurant. Without leaving Facebook, you can check out the details of the restaurant on the web. Or, say you see photos in your News Feed about a friend's recent trip to Dubai. Inspired, you can search the web for more information about travel without having to leave Facebook.

Did you get the "without leaving Facebook" bit? And hands up all of you who want your friends to know what you search for. Whether this will work is moot, I prefer to search off the browser toolbar and open another window, but some may be drawn to do everything in Facebook. But lets be clear, this is an attempt to get more of your data for facemining. Alexander writes that:

Am I the only one that finds that they get scarier every day. Facebook not only builds walls that ensure it’s nearly impossible to get out of, but now they also track and trace me while I am searching the web?

.....

Ignorance is bliss they say. I say we’re all a bunch of morons that we allow this to happen. By giving companies like Facebook access to such large amounts of private data we are opening the doors for a privacy nightmare. And that door can’t be closed anymore. Facebook doesn’t forget.

I feel a bit sad about the "we" here. Research has shown that the people throwing away their privacy with gay abandon are mainly Gen Y, who are still too young / naive / idealistic / inexperienced etc etc to know the risks of doing such a thing, and this trust is being ruthlessly exploited by those who profit from this most invasive of digital sharecropping schemes. Old 'net hands like Alexander (and us etc) saying they're unwise to do this are dismissed out of hand, its just the new Parent 2.0 thang.

So how does one get it across to the Bright Young Things that they are being total dumb-asses about this, when so many PR dollars are being pumped into lauding their every disclosure? That this is clearly the next scheme for Facebook to refine its business model is clear, so ther is no point appealing to their better nature (anyway, thats leaving the company in droves, it would seem).

Update - Helen Keegan suggests I spell out the risks of giving too much data away. I'd say, in order of damage magnitude and timing the main things are:

- Identity Theft - can rob you of your money and credit reputation, and takes time, effort and money to put right
- Handing over too much information to people who do not necessarily have your best interests at heart. As an experiment I suggest scraping a profile of someone you know on Facebook, or Twitter etc - thats all their transactions - and see what you an deduce about them, and think about what you could do with that data if you "had it in for them".
- Changing Zeitgeist - what is "in" and "out" changes over time, you will not want to be held up for things in your 30's and 40's that you did in your 20's. Especially as what many people (from every generation) do in their 20's is not always that well advised. Just ask Claire Swires - or maybe not
(Hmm...in hindsight, not just in the 20's - one can be a prat anytime in one's life)

Sadly, the only answer is probably recourse to law and regulation - the only time Google started to take serious notice of privacy concerns, and Facebook ditto, was when regulators started to take an interest (Facebook "withdrew" Beacon after the original blogstorm but its still there, ticking away).

A week after the whole United Airlines Fiasco, sir* Tim Berners Lee warns about the use of the Web as a way to to promote the ideas of the conspiracy theorists, religious nutters, corporate communicators and other assorted crazies:

The use of the web to spread fears that flicking the switch on the LHC could create a Black Hole that could swallow up the Earth particularly concerned him, he said. In a similar vein was the spread of rumours that the MMR vaccine given to children in Britain was harmful.

And I thought the Black Hole story was a feint by the LHC PR to disguise the furore about its cost ....

Anyway, Sir Tim told BBC News that there needed to be new systems that would give websites a label for trustworthiness once they had been proved reliable sources.

"On the web the thinking of cults can spread very rapidly and suddenly a cult which was 12 people who had some deep personal issues suddenly find a formula which is very believable," he said. "A sort of conspiracy theory of sorts and which you can imagine spreading to thousands of people and being deeply damaging."

Sir Tim and colleagues at the World Wide Web consortium had looked at simple ways of branding websites - but concluded that a whole variety of different mechanisms was needed.

This has been well known for ages though - memeticists have been studying what makes some memes survive for centuries and others die very fast, and the sad conclusion is that "sticky" ideas are more like mental parasites than particulalrly good for you (a recent, fairly approachable book on this is Made to Stick).

Sir Tim's suggestion is that the Web itself accredits websites in various ways so the reader can ascertain the worthiness of the source. Duncan Riley believes that sir Tim has "Lost the plot"

Is not the very nature of the internet, a free platform for most, a conduit that allows the truth to shine when all around us is lies? Do not internet users in China find ways of bypassing the national firewall so they to can find the truth. Do not those of us in free countries benefit from receiving news that isn’t filtered and controlled by the corporate media elite? Is not this very freedom protection against wrongdoing?

While comforting, the view that the truth will shine out, of its own accord, against the best endeavours of those who will suppress it is a sticky meme itself, but seldom correct when put under scrutiny. Freedom of information has been hard fought for by our forefathers in the West, and even today is under continual attack.

This ties to one of the big themes the 'Net will have to solve over the next few years, which is around the cycle of Trust, Privacy and Identity. No one system is capable of giving an accurate picture, and any system which becomes too popular will be gamed unless there is constant vigilance (Wikipedia being the best cared for publicly available system out there at the moment).

Thus the best approach going forward will be some ability to cross reference, a sort of triangulation of trust approach, where multiple authentication sources are used.

*He doesn't like being called Sir

Today Google said it would anonymise search data after 9 months, rather than 18 months, notes El Reg quoting a Google blog post over here.

Of course, it would be much more heartening if their embrace of their famous "Don't Be Evil"principles came from their own good will, rather than being pushed (hard) every inch of the way by the European Union, and the appointment of a respected US lawyer to look into anti-trust issues. And they even note that the shorter time frame would protect users against the risk of litigants such as Viacom ( which gained access to YouTube's user logs ) sueing to gain access to Google's stored search data - doing well by doing good

Google has taken it all overall with typical good grace:

While we’re glad that this will bring some additional improvement in privacy, we’re also concerned about the potential loss of security, quality and innovation that may result from having less data. As the period prior to anonymization gets shorter, the added privacy benefits are less significant and the utility lost from the data grows. So, it’s difficult to find the perfect equilibrium between privacy on the one hand, and other factors, such as innovation and security, on the other.

Loss of privacy and security from having data anonymised earlier - can someone explain that one?

Update - it would seem there is also a bonus play, Google giving way on Chrome privacy after worries from the EU et al, notes the Washington Post.

From El Reg

City of London police questioned BT earlier this week as part of a probe into the covert wiretapping and profiling of the internet use of tens of thousands of BT customers during tests of Phorm's adware system.

Good. I'm a great fan of BT, they are a very progressive Telco, but this sort of thing is bad - makes users unhappy, destroys trust - and there are so many great services a Telco can run if it has user trust.

Microsoft is working on privacy functions in its browser, notes the BBC:

By clicking a button, users of IE8 will be able to limit how much information is recorded about where they go online and what they do.
As are the others.....

By comparison Apple's Safari browser already has a privacy mode and developers working for Mozilla, creators of Firefox, are reportedly working on a similar feature for future versions.

Other browsers, such as Xerobank, take a more thorough approach to privacy and try to anonymise all web use.

I forget who it was predicted about 18 months ago that privacy would be handled by the independent Browser companies, as no-one helse has the motivation (usually the opposite in fact - look at how the Popup scourge was fixed). Props anyway......

From TechCrunch, news of the aftershock of Facebook Beacon:

Facebook’s controversial and widely-disdained Beacon service, which it originally introduced in November, has led to the company behind slapped with another class action lawsuit. The suit alleges that Facebook never sought user approval before collecting personal information, and was also keeping tabs on people who weren’t even signed up for Facebook.

And its not as if they learned from their mistake:

Beacon hasn’t been Facebook’s only privacy misstep. The social network instituted a system earlier this year that added images of a user’s friends to some advertisements, confusing and upsetting many users. Our own $25 million suit against Facebook for the unlawful use of Michael Arrington’s likeness to endorse shoddy products is still pending.

Once could be an unfortunate mistake, twice looks like it may be deliberate and in the DNA of the business, as some allege. We predicted last year that 2008 would be the year that privacy started to bite back, but this is from a very interesting direction (think of it as user-generated discontent ) Coupled with some of the other recent court decisions I think the pendulum is shifting towards the right in the online game..

A day after we posted our phishing warning on CNN Alerts, the first MSNBC alerts dropped into the mailbox. They also look like phishing scams, both on the link where you have to go to the story and also on the "remove from this list" link, which was the approach used by the CNN Alert scam.

Clearly the bank / paypal email reset scams are losing impact.