Two sides of Internet identity

September 6, 2005

The issue of identity on the Internet is a tricky one, and one of the things that makes it so confusing is that people often want them to do two different things:

  1. prove who someone is: the web site really is EBay's.
  2. prove who someone isn't: that email isn't from a well-known spammer.

This is confusing because the issue mostly doesn't came up in the real world, where physical identities are generally one to a person. Checking drivers' licenses at the door is all you need, whether you want to enforce a guest list or keep your creepy stalker ex-boyfriend out.

But no feasible Internet identity scheme is one to a person. This means that while Internet identity schemes (ranging from Microsoft Passport to LiveJournal user names to OpenID) can provide positive identification (you are someone I know), they cannot provide negative identification.

In turn, this means that if you need negative identification on the Internet the only way to create it is manually, with a 'whitelist' of positive identification. If you want to make sure your creepy stalker ex-boyfriend is not reading your LiveJournal, you have to restrict who can read it to only people you've approved (and hope that you haven't been fooled by one of them).

Even positive identities mean less than people would like them to because it is very hard to reliably link one identity to another, especially to real world identities. VeriSign itself was once fooled into issuing a SSL certificate to a 'Microsoft' that wasn't the one headquartered in Redmond Washington (one story on this is here).

Any time someone proposes an Internet scheme that relies on negative identities (including but not limited to 'we can kill spam by requiring everyone to digitally sign their email, then refuse email signed by known spammers'), you should run for the hills.

Written on 06 September 2005.
« Why print-based debugging is so popular
The MSN search spider has gone crazy »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Sep 6 00:00:14 2005
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.