Obsessive about Real Identity?

What, I'm not real enough?!I had started to write this in mid-October but never finished it… and the database crashed at some point while I was in the middle of writing it, losing almost all of the article 🙁 In the mean time, the recent interest in this topic, as well as M Linden’s announcement that they would allow people to register avatars with their real life names, as well as Wallace Linden’s strange article on linking real life data to your avatar, seemed to make everybody write what they thought about this subject, even my dearest friend, Extropia DaSilva. At the same time, the world apparently is moving towards having all your life posted to the public at large with Facebook leading the way, and this is seen as a Good Thing... with only the Alphaville Herald disagreeing. To make things even more interesting, Linden Lab just bought the social networking tool Avatar United, a Facebook clone where you’re not forced to use real names to register and which supposedly will (one day, perhaps) link your profile with your avatar name.

So, well, I recovered what I could from that 3-month article and rewrote the rest… enjoy 🙂 (or not!)

The recent subtle push to increase enterprise and academic acceptance of Second Life® (even though we have to be honest here and remember that SL is 99% residential use, and will very likely always remain like that) has pushed the focus again on identity and privacy; more recently, M Linden’s comments that 2010 would allow people to register avatars with their real name, Wallace Linden’s strange article on real life identity, some SL forum polls, and Linden Lab buying Avatar United, pushed the whole issue back into the foreground — again. It looks and feels like 2007, when Linden lab started to introduce third-party age validation.

Not surprisingly, the stance taken by Facebook on “revealing your real self” might have been a strong incentive for Linden Lab to re-evaluate their policies. Or… perhaps there is more?

One of those reasons has been the push to validate Second Life merchants, in order to turn content theft into the much more serious crime of identity theft or credit card fraud, which — hopefully — will be a stronger deterrent and limit piracy.

The other reason, however, has been for long the “need” for businesses to have an idea with whom they’re dealing with. Also, a few have expressed the idea that relationships can only be formed if you know who’s on the other side of the computer screen. The latter, as said, is not limited to Second Life.

And there is a third reason, which is a bit more obscure and will probably happen “under the hood”. Again, we can point at Facebook and see what it entails.

The Anonymous Internet

Consider the early days of the Internet. You can still notice who are veteran Internauts (do people still remember that stupid name?) by their email addresses. They usually have just three letters before the @ symbol. This was an ancient tradition, before AOL joined up their email systems with the Internet (so, yes, a long time ago!), and people just used the initials of their (real) names to create their email addresses. In those days, there was little thinking about who was who. People — human beings all! — were just three-letter acronyms. You wouldn’t expect to meet most of them anyway: the Internet was global and widespread, and it was far more likely to exchange emails with a colleague in Honolulu than with your roomie — just because that colleague would have access to the Internet, while your roomie was more worried about what to dress for the next party, or watched TV.

The corporate world sort of limited the choices you had in “business emails”. It was felt that email addresses ought to better reflect an employee’s real name. Common abbreviations (when usernames were supposed to have 8 characters or less) was an initial and the last name, or the first name and the initial of the last one, truncated to just 8 characters. Once system administrators finally managed to add more than 8 characters, the trend changed again to the more common format [email protected], which is still popular today.

But at the same time, phone numbers (even personal, mobile numbers) remained an arbitrary sequence of numbers. Why? The idea is that you’re supposed to only give your phone number to people you know/trust, and that nobody is supposed to “guess” your phone number unless you wish to do so. It’s not a “technological” limitation: nowadays, there is simply no reason to use “numbers” instead of an acronym or an email address for your phone number. After all, over 4 billion phone numbers are on mobile phones, and all of them are really pocket computers. All of them could use different ways of calling people over the phone. Skype certainly works fine without phone numbers. Yes, we can argue about “legacy compatibility”, but really, “telephoning” seems to try to be compatible with something developed 130 or so years ago… how many 130-year-old telephones are still connected to the telephone network? 🙂

To find a person’s phone number, you have to use a directory/index. Most people will be willingly listed on those. Most will also place their phone numbers (and email addresses of course) on business cards, either physical or virtual ones, specially if they’re in business and wish to be “in touch”. Thus, people voluntarily use “nicknames” for the “telephone network” and publish them as part of their “corporate identity”.

All this is deliberately placed between quotes because, well, we don’t usually think about phone numbers that way. The interesting aspect is that, until very recently, you could not make reverse searches on telephone numbers: this means that if you randomly got a phone number out of thin air, you cannot easily find the person it belongs to. Of course, with people voluntarily placing their phone numbers on web sites and social networking tools, it’s highly likely that, sooner or later, Google will indeed index it. But the point still remains: phone numbers do not represent uniquely an “identity”. E-mail addresses — although the recent trends (at least in the corporate world; in the academic world, e-mail addresses like [email protected] are still popular) are to put the name as part of the address — in a sense are also a “personal” choice, in the privacy sense of the word: most people will only “reveal” their e-mail addresses to people they know or that they have a personal or professional interest in, and it will not always be “obvious” what your e-mail address is if you don’t give it to others. Similarly, except for professional use, if you receive an e-mail out of the blue, it might not be obvious whom it belongs to: [email protected] may be anyone, even someone not called “John Smith” — although it’s quite certain that someone like [email protected] is, indeed, Microsoft’s Bill Gates. Why is that so? It’s actually a notion of trust transferral. Due to the way the Internet e-mail system actually works, only people inside their own domain are able to set up their e-mail addresses, and it’s highly likely that a company will not create “fake” e-mail addresses for their employees (or at least that’s what we expect not to happen). Granted, although under the .com domain anyone can register any domain name, in practice, due to the threat of litigation, it’s often hard to get another company’s name and use it for illegitimate purposes. (Some countries will not allow anyone but the legitimate trademark owner or company name owner to register for a domain name, and may require formal proof of intellectual property rights over that domain name before it is set up at a country’s registrar.)

So once you trust that a company’s domain name is, indeed, legitimate, you will also trust that an e-mail address from that company will, indeed, be assigned to a legitimate employee of that company. This is a concept that doesn’t exist, say, for phone numbers, which are quasi-randomly assigned (or even if they aren’t, the relationship between the company name with its telephone number is not clear). Personal e-mail addresses, however, have absolutely no relationship with someone’s identity. Nevertheless, we’re prepared to accept an e-mail address as a legitimate identification of a person — often even legally binding. Which might be surprising, since it’s quite easy to forge an e-mail address, or a message coming from a forged e-mail address — it happens every day with the billions of messages sent by spammers.

Similarly, nicknames on IRC and other more primitive forms of online communication, started by being pretty random and anonymous, “funny” monikers. The whole concept of “using your real name” for an IRC nickname was simply ludicrous. What would be the point — except potentially to laugh at a colleague if they just typed something pretty stupid (because, say, they were drunk 🙂 ) and made a sad figure of themselves? Practical jokesters might be curious about who was behind a nickname, but there was little point beyond that. Unless, of course, we were talking with a criminal (or potential criminal) under surveillance…

The Web curiously was the first place where things started to get a bit blurred. The notion of the “home page” — a place where you put your personal pictures and rant about yourself in narcissistic hedonism — slowly caught on. In the very early days, it was probably the place for your academic resumée (CV), but soon it became the space where you placed what you were interested in. The early Web, being mostly a geek-controlled environment, soon had lots of pages saying what episode of “Star Trek” you liked best, or lists of cheat codes for your favourite game, or how to rewire your computer to get some extra performance from your motherboard.

But parallel to this, companies started to advertise their services on the Web too. And asking you to give them their credit card numbers. Up to that time, people gladly gave their credit cards to complete strangers on shops, but also on phone calls, faxes, or letters. The Web, however, made people still think twice. What if the page I’m seeing is not what I believe it is? Is this “microsoft.com” address really the page for Microsoft? How do I know who is behind that page?

Granted, digital certificates validated by reputable third parties gave people an extra sense of security, meaning that the page they’re seeing is really from the company it claims to be. But obviously just because you have a digital certificate and a page starting with https:// it doesn’t mean that the company is not a fraud. They might be an established company selling fake goods, or double-charging your credit card, or engaging in any kind of illegal business. How could you know? On the Internet, nobody knows you’re a dog — and even if you show proof you’re a dog, how do I know you’re an honest dog?

(As a side note, this old 1993 cartoon is the reason why most people in my country routinely get credit cards but wouldn’t dream of ever using them on a web site. Such is the power of a cartoon!)

About Gwyneth Llewelyn

I'm just a virtual girl in a virtual world...