Click or scroll down Circle me on Google+ Fork me on GitHub Ask me on Stack Overflow Gild me on Reddit Code Ninja, Entrepreneur, Idiot ChalkHQ — consulting, prototyping, mentoring HighF.in — resolve innefficiencies in your startup's workflow Ear-Drum.org — online open-mic / creative space The Dirac Equation (click to WikiPedia) A maxim Sun Tzu references in his magnum opus The Art of War

If you know the enemy and know yourself, you need not fear the result of a hundred battles.
If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself, you will succumb in every battle.
Fork me on GitHub

Tags

actionscript ad-hoc networks Adobe AIR anonymous Apple array Browsing convert Debugger Error Facebook file permissions Flash Flex fonts function future Google Google Plus grid hackers html javascript logs loop network p2p php privacy regexp Security Server social ssl technology terminal time Twitter upgrade Web 2.0 Web 3.0 Web 4.0 Web 5.0 wordpress

Featured Posts

  • Javascript: Undefined parameters
  • The Web, A Look Forward
  • Let Postfix send mail through your Gmail Account – Snow Leopard
  • Archives

  • April 2013
  • December 2011
  • July 2011
  • June 2011
  • March 2011
  • February 2011
  • January 2011
  • November 2010
  • October 2010
  • September 2010
  • July 2010
  • May 2010
  • Categories

  • Code
  • Design
  • Opinion
  • Security
  • Tools
  • Uncategorized
  • Tag: login to facebook

    What is Identity

    Every few months I delete my Facebook account citing lack of ethics in their business model and the way it's being executed. The FTC agrees with me, Austrians and Germans agree with me, and the Privacy Commissioner of Canada agrees with me. Facebook consistently seeks to undermine the illusion of privacy they present to us, and to violate laws and the rights of its users to perpetually maintain a "social graph" that contains mind-bogglingly detailed information about each and every person on the service including what websites you visit (that have a like or connect button installed), and what actions you do and personal information you share on many of these sites. I then inevitably sign up again to access their API in order to stay current as a developer where clients need to access people, and if their target audience is on Facebook; the client needs to be on Facebook too, and I better know how to give them that access.

    What does Facebook have to do with identity? There's a new feature in Facebook's account settings that allows you to link your Facebook account with what are considered other identity providers (ie: Google, Yahoo) using OpenID. This means you can log into Facebook with credentials from these other services; and/or if you happen to log out of Facebook and into say Google a Like button on someone's blog would still recognize you as logged into Facebook. So what's in a username when a username is only weakly linked to your identity?

    An email address is strongly linked to your identity; I can send you an email, but because email addresses are easy to spoof I cannot be sure an email is really from you without extra layers of security that aren't for the average user, or a really good Turing test which is unfeasible especially in the age of social networks where relationships are just as easy for anyone to discover and spoof. An email address is analogous to a driver's licence. Underage people create accounts with fake birthdays to get around COPPA just as they get a fake licence to buy beer. It's unfeasible for the average person to create fake driver's licenses as it is for them to hack into someone's email account; but fairly trivial for people to acquire the knowledge to use both technologies for identity theft or spoofing.

    In the real world your identity is a culmination of the information that resides in other people's brains and in 'the system' about you. You are the impact you have on the world. In a court of law where identifying you can mean the death penalty or not, the only thing more convincing than DNA is DNA plus photo evidence plus eye-witness testimony plus a trail of other evidence. It is fairly trivial to plant some DNA as it is to hack into someone's online accounts; it's easy to brute force, phish, or Firesheep an account and gain access to credentials. In a digital world gaining access to and duping the bits used as a digital passport is easy, it's hard to post a thousand status updates, photos, and blog posts over a period of years as someone else while over those years interacting with other real people in that person's life. Because identity is a culmination of the impact you have.

    People get upset when they can't access the first of their ten thousand tweets; no matter how trivial it was; because it's perceived as a part of their identity. Our history and our breadcrumbs are our identity. Our interaction with the world is accumulated validation that we are who we unconsciously present ourselves to be. When logging into online banking or anything else that requires extra security we set up secret questions and answers about our identity; and symbiotically depending on what parts of my life history is exposed to a given observer the nature of their perception of my identity is accordingly changed —Yet I wouldn't go so far as to say that we have multiple identities because of it. If two people are looking at the same sculpture from two different angles, then there are not two sculptures; only two representations of the same sculpture. There are no two people in my life who have the exact same account and there is no person including me who has the full account of my identity. The vast majority of our lives are forgotten or not known even to us. For example if someone found an old journal that belonged to your great great great great grandfather, reading it would add to your knowledge of your identity; it would uncover a part of your identity. There is no reason why a computer program could not be one of the mediums to store and retrieve parts of your identity, but your identity follows and remains attached to you.

    Your family impacts your identity and so does your social interaction, as well as your knowledge and experience acquired. Identity rubs off and is transient. I am who I am because of who everyone else is. It's not just attached to my consciousness or my physical body, but both, and everything else those two things have together or individually interacted with either physically, digitally, or vicariously. Identity is a culmination of the impact you have on the world. Any website where you make an account wether strongly or weakly tied to your identity is merely a representation and thus an extension of it.

    There are no social networks. There are only tools and services with social features. Google+, Facebook, and Twitter are all broadcasting and link discovery tools, and they are all ways to waste time. Forget about the motives and business models of the companies and their inherent overlap. Google+ gives you more finely tuned and personal search results, Twitter allows for trends to be easily sparked and monitored, and Facebook exposes your breadcrumbs to help you find people and discover parts of their identity that would otherwise be hidden to you. None of these things are inherently good or bad in theory and none of them are a complete picture of you.

    The idea of only using one social network, or only having one ultimate online identity is not only silly (because they are all merely representations of your identity), but it leaves you vulnerable to exploitation. You should have many online accounts and many places where you publicly aggregate and maintain a list and links to those accounts so that if one goes out of business you still have breadcrumbs, and so that if one gets hacked you can mention it on all the others. You should use different login credentials so that it's totally unfeasible for anyone to gain access to the majority of them, and so that the patterned imprint of your identity on the web becomes easy to tell apart from what a given hacker would do with your account if they gained access to one of them. You should treat everything you post as public because it ultimately is and consider it to be public domain. The notion that these companies respect what's in their TOS is a marketing gimmick, although you can still use tools given to differentiate these public parts of your identity it is and should be seen merely as a form of curation rather than any form of security; and you should seek to maintain aspects of your identity privately, offline, and between close relatives and friends.