Friday and Saturday saw the annual UK MVP Open Day. Aside from the excellent presentations (and the sulk at being accused of heckling by Colin) a thought and conversation I’d be having with a wee blonde lass all week was proven. I had been receiving a large amount of grief for not being on the social "networking" site facebook and a bunch of people threatened to create an account in my name on there; so I ended up making a pre-emptive strike. This nicely illustrates the problem of identity versus persona.
My argument (for Maz) is that we don’t have display an internet identity, we display internet personas.
Identity : the state or fact of being the same one as described.
Persona : the mask or façade presented to satisfy the demands of the situation or the environment.
Dictionary.com. Dictionary.com Unabridged (v 1.1). Random House, Inc. (accessed: October 28, 2007).
The ease by which fake profiles can be created on social networking sites clearly defines the separation between the two concepts. From a technical point of view a users identity is tied to authentication and authorisation (claims in SAML talk); your identity on facebook is your login information nothing more, and we’re gradually becoming well trained not to give that away. What other people recognise "you" by is your persona; the public facing information you provide; and there is no way to check the veracity of that persona, except by validating those incidents or attributes known by shared experience.
I’ve been finding other people I know not via search, but by looking at the friends lists of people I have added, a self administered web of trust. However when you have a bunch of MVP tricksters who are going to "friend" a fake profile then casual users will be none the wiser that the profile at the centre of the trust web is false. Ian Hislop illustrated this nicely on "Have I got news for you" a few weeks back in a throw away comment. He said that during conversations with multiple friends they mentioned that they had been communicating with him on facebook quite happily; despite the fact (known technophobe/Luddite that he is) he hadn’t actually created a facebook account himself.
George Galloway is an interesting case; as Craig has pointed out his facebook profile has a disclaimer;
This is George Galloway - all the other profiles purporting to be me are not the Real Deal! I’ll be on this page myself as often as my commitments allow but most of the time the page will be run by comrades. Further information about my activities can be found on my website and my Myspace account http://www.myspace.com/georgegalloway
However that leads to another social networking site; which raises even more creditability issues. Even if it linked to a page on an "official" site how do you evaluate if the official site really belongs to him? Come to that, how to you evaluate if this site is really mine if you’ve never met me and haven’t ever received a business card with my URI on it? (aside from evaluating the depth of attributed content on the site, links to actual events, people that purport to know me and deciding it might just be too much work to make a fake site from someone who is only important in his own mind <g>; but for public personalities perhaps the work to fake a web presence and the potential for mischief or fraud would make the endeavour worthwhile.) It’s interesting to note that people who I’ve always said "I am not on facebook" to are happily accepting my friends requests without any further checking.
Perhaps it’s the inclusion of photographs that engender a level of trust. People believe they can recognise faces (even if, like me, you’re awful at putting names to them), but again photographs are selective, they’re just another part of a public persona, a façade presented by the owner of the account. Even the concept of a friends list is another chance to lie. Myspace with its teen competitiveness makes friends lists meaningless, or redefines friends as "someone I don’t know at all, but she has sexy photos so I’ll add her to my friends list to make myself look cool". I may be somewhat old fashioned, but in general friends are people I’ve met or interacted with on a regular basis, even if it is in virtual space.
Beyond validation of email addresses social networking sites make no attempt to validate information placed upon them, without that you are not looking at an identity when you view a facebook profile, you are looking at a persona and perhaps you are looking at a tissue of lies. This even holds true with Information Cards / the Identity Metasystem; you need to validate the information received, or assign a trust level to it; but at least SAML doesn’t claim truth.
(My real facebook profile is here; anything else has been created by Craig Murphy, Phil Winstanley or any other number of reprobates... I promise I’ll go back to technical blogging soon and leave the sociology to Maz)