The Problem of Trust (“Are You Really Who You Say You Are?”)
So, you got an email or a friend invite from Bill Gates, Neil DeGrasse Tyson, Robert Scoble, Donald Trump, or YOUR MOM… but did you really? How do you know?
As the New York Times recently reported with Disinformation for Hire, a Shadow Industry, Is Quietly Booming:
Back-alley firms meddle in elections and promote falsehoods on behalf of clients who can claim deniability, escalating our era of unreality.
[There is a] secretive industry that security analysts and American officials say is exploding in scale: disinformation for hire.
Private firms, straddling traditional marketing and the shadow world of geopolitical influence operations, are selling services once conducted principally by intelligence agencies.
They sow discord, meddle in elections, seed false narratives and push viral conspiracies, mostly on social media. And they offer clients something precious: deniability.
Between organized efforts to sow distrust and spread misinformation, and the age-old efforts of con men and hackers to assume the identity of others, we now live in an “Age of Unreality” where we assume that one social media account is real, but if we get a second invite from that same person that they’ve been hacked or that someone is trying to assume their identity.
Unfortunately, we don’t apply this same skepticism to the news we read or the emails we receive. If we do apply such skepticism, it becomes a stressful and paranoid-level of distrust as we try to filter truth from mistaken understandings, deliberate misinformation, or various “bad actors” preying upon the trust and confidence of others.
|
|
|
Verifying Trust (“Prove Who You Say You Are!”)
Domain Name Service Security (DNSSEC), Secure Electronic Mail (NIST Practices), and Pretty Good Privacy (PGP) Encryption all try to solve the problem of proving, authenticating, and verifying identity on the internet. While the standards and best practices exist, and the issue of “assumed identity and misinformation” has been discussed since 1993 and earlier, businesses, consumers, and users are all mostly unaware of these standards. Various businesses and social media corporations try to better educate users in verifying who they befriend, open email documents from, or send money to, but the standard of verifying identity and trust just isn’t there yet
Along those lines, I’ve been trying to get the blue “Verified Badge” (
|
|
|
|
|
|
The Perils of Mistrust (“Facebook Jail”, Twitter Suspensions)
If I’ve learned anything these past few years, and especially these past few weeks, I’ve discovered it’s far easier to get thrown into “Facebook Jail” than it is to prove my identity despite providing government documentation and notarized affidavits to these companies.
There are numerous articles on the internet about how to apply for Confirmed Identities and Verified Accounts on social media sites like Facebook and Twitter, but as you can see from my linked pictures, that process is not easy, not consistent, not standard, and not consistently reproducible. Social media verification is capricious and arbitrary.
I don’t have an answer or solution yet. I think this is an excellent opportunity for social media companies to unite behind a single standard of identity management, authentication, and verification. I think that Google Identity (Open Authentication, or “OAuth”) is one of the best ways to manage identities online, while Facebook Identity/Privacy/Security and Twitter Identities are two of the worst at self-policing, validating, and verifying.
Identity Authentication, Validation, and Verification are issues I’m trying to solve myself both in my personal use of the Internet and my professional career. Secure Socket Layers (SSL) , Transport Layer Security (TLS), Multi-Factor Authentication (MFA/2FA), and Public/Private Key Encryption are all tools that should be implemented everywhere regardless of users’ perceived need.
The internet equivalent of REAL ID needs to become a reality. We already have Domain Name Servers (DNS) to map domain names to Internet Protocol (IP) addresses. We need the same for identity management: keyservers that map and verify users allowing us to verify and confirm people are who they say they are.