I was thinking about online identity — again — because I was working on a report for a client of ours and I was thinking about some issues around multiple identities. In cyberspace, multiple identities make sense in a way that has no analogue in the analogue world, if you see what I mean. Now, a fundamental objection to letting people have multiple identities is that it will enable them to get up to no good. And it is certainly true that there are people out there getting up to no go. When I was writing a post about virtual commerce over on Digital Money, I came across this interesting piece about the activities of fraudsters after virtual gold.
Operationally, gold frauding is much cheaper than gold farming as you don't need to spend time building up characters, farming assets, and waiting to be banned. Since you are hitting accounts and looting them on a one-time basis, you are not going to trigger traditional gold farming detectors…. and if you get banned, on to the next victim.
While the theft of virtual gold may well be a serious problem, in the great scheme of things it's probably not the no.1 priority of law enforcement (which is why kids use two-factor authentication for these kinds of games). But we have to recognise that there are much more serious problems.
Michigan resident and twice-married mother-of-five has been charged with “using the Internet to entice a minor into sexual activity”, after she seduced a 15-year-old boy while playing World of Warcraft. 35-year-old Angie L. Jenkins told the teenager she was 21, while he swore he was 20.
Without minimising the seriousness, I do find this example particularly useful: both participants in an online exchange were lying! What can we do about this? Well, to continue with the World of Warcraft (WoW) theme, let's looks at what Blizzard actually tried to do: they decided to introduce a "RealID" system (not to be confused with the US government's "RealID" system because the WoW system was intended to be secure).
the RealID system also identifies you by your real name instead of a character name or alternate identity. Friends who may have previously known you by your character name will now know you by your real name, whether you've ever told them or not. This is information pulled straight from Blizzard's account information and billing system – information that was previously private.
How on earth could anyone have imagined that this was a good idea? Apart from anything else, the "real name" associated with the account that my kids use is me, not them, because it's my card that's used to pay for their subscription. I'm very uncomfortable with them using their own debit cards online precisely because I don't want them to give out their real name. But the story gets even more crazy.
Another enhanced feature of RealID is the ability to see friends of friends. Once you're on a friend's RealID list, you can now see the (real) names of anyone they have added to their RealID. The idea behind this function is to allow players to easily add mutual friends without having to ask a dozen people for their e-mail address. The potential use behind it to find out more information about someone that trusts you with their RealID is far worse.
This is so wrong. I spoke about the "chatroom paradox" (an example I often use to illustrate this point) at the BCS ISSG "Privacy Day" recently. The point is that people seem to want the "real" identity of counterparties but don't want to disclose their "real" identity in case the counterparty misuses it. Blizzard really misjudged what people want and so they had to abandon their plan.
Sidney Eve Matrix, a film and media professor at Queen's University in Kingston, Ont., who studies cyberculture. "They know the culture requires to some extent an online persona. … It was a cultural misstep, really."
It isn't just about having a persona, it's about having a persona that can demonstrate certain credentaials (eg, I am over 18, I live in the UK, whatever). In fact, it's about having a number of persona and, I would argue, it's about having persona that are relevant to transactions.
“Who are you?” equates narrowly to Identity. It is only Identity at a sufficient level of trust the meet the requirements of a specific entitlement. In the simplest case, the person can be completely anonymous; in a municipal car park, only the ability to pay makes sense. However, they may keep a record of your car registration number. Requests for Housing Benefits are at the other end of the scale. The identity offered does not need a unique code.
I prefer to see these issues separated: I think that you do need a unique identifier, but that that identifier should not be part of transactions, and I think that there should be privacy rather than anonymity for low-value payments, but the central point is correct. I wonder if the attitudes forged by WoW and such like mean that the next generation will be far more tuned-in to what identity means in cyberspace: we have to stop forcing our "cardboard age" notions of identity on to them or we'll never make any progress in solving real problems.
Incidentally, if you are interested in the idea that WoW and the like are more than just games, I happen to have on my desk a spare copy of the excellent "Fun, Inc." signed by the author Tom Chatfield. I will cheerfully send this interesting book free to the first person to respond to this post with the name of the WoW character, who became popular due to a video of the game that circulated around the Internet, who famously led his friends to their doom because he wasn't listening to the other players plotting their moves. The phenomenon has since spread beyond the boundaries of the gaming community into other online and mainstream media, so that the name has become a byword for a team member whose reckless enthusiasm and inattention to plans leads to disaster.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers