Someone take me off this email Please! From: Phil Hunt [mailto:phil.hunt@yahoo.com] Sent: Tuesday, August 02, 2011 04:12 PM To: Nicholas Crown Cc: community@lists.idcommons.net ; Blakley, Bob ; community@kantarainitiative.org Subject: Re: [Kantara - Community] [community] Google+ "real" names and NSTIC I think the case of Google+ demonstrates the need for selective disclosure capability in multi-property / multi-community services and especially in federated scenarios. Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? The fact that many multi-site service providers don't have selective disclosure is probably the largest reason many users are violating site policy and creating avatars/fake names in the first place! Google is not unique here. This is a broadly adopted anti-pattern. Phil phil.hunt@yahoo.commailto:phil.hunt@yahoo.com On 2011-08-02, at 11:15 AM, Nicholas Crown wrote: And how does an anonymous online profile help the Ugandan facing a death penalty for homosexuality, or a person facing murder in the US for being gay? Was it a post on Facebook that tipped the scale for them? The issue in Ugunda is one of an oppressive government regime. The people there do need to fight for their freedom, or flee. In the U.S. example, it's against the law to kill someone for their sexual orientation. Having a social networking site that supports pseudonym's would not have prevented the deranged person from taking another's life. Nick On Tue, Aug 2, 2011 at 12:09 PM, Blakley,Bob mailto:Bob.Blakley@gartner.com> wrote: Nicholas, Translation of your question: Why can't people with unpopular views just stand up in public and be killed for them, or stay in the closet? It's great to stand up for what you believe in in a nice safe affluent white suburb where everything is theoretical. It's a lot different to come out of the closet in Uganda, where the government is trying to impose the death penalty for homosexuality. And you don't have to go to Uganda; people are killed for being gay every year in most states of the USA. And gay isn't the only thing that can get you killed – ask any Muslim you happen to meet. -- bob BOB BLAKLEY Vice President & Distinguished Analyst, Gartner ITP Identity & Privacy bob.blakley@gartner.commailto:bob.blakley@gartner.com | +1 (512) 657-0768tel:%2B1%20%28512%29%20657-0768 http://www.gartner.comhttp://www.gartner.com/ | http://blogs.gartner.com/bob-blakley/ From: Nicholas Crown mailto:nick@thecrowns.org> Reply-To: Nicholas Crown mailto:nick@thecrowns.org> Date: Mon, 1 Aug 2011 18:09:30 -0400 To: "community@lists.idcommons.netmailto:community@lists.idcommons.net" mailto:community@lists.idcommons.net>, "community@kantarainitiative.orgmailto:community@kantarainitiative.org" mailto:community@kantarainitiative.org> Subject: Re: [community] Google+ "real" names and NSTIC but that is a totally different problem then the one I am raising which is whether people with medical conditions they want to talk about with others and get support (share +1s) or a buddhist in Kansas (can share freely with other buddhists or seekers without their hyper conservative christian neighbors finding out) or having a feminist persona that is not linked to your work identity in the tech industry (and if it was you would find work had to come by in the valley) is free to use google+ not linked to a "real name". Why can't people just be who they are and stand in their own shoes for what they believe in? Trying to be a buddhist behind closed doors in Kansas does no one any good. If you believe in feminist tenants, than stand up for those and speak your voice. I understand that persecution could come in any one of these cases, but that is the beauty of taking a stand on the truth. If your ideal is not worth sharing with your own ID, then it's not for you. About the only one that I struggle with is the case where you have some medical condition you would like to discuss in a private setting. Can that case not be solved with a private/closed group? If it's too sensitive for that, then take it offline. Nick On Mon, Aug 1, 2011 at 4:49 PM, Tony Rutkowski mailto:trutkowski@netmagic.com> wrote: "Rights to anonymity." Surely you are joking. In law, there is no such network based right. In technology, there is no such capability. Like Scott McNealy said rather publicly in 1995 - Privacy: get over it. --tony On 8/1/2011 5:38 PM, Stephen Wilson wrote: (3) If you use crime prevention as the rationale for taking away users' rights to anonymity, then ____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.netmailto:community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.netmailto:community-unsubscribe@lists.idcommons.net For all list information and functions, see: http://lists.idcommons.net/lists/info/community ________________________________ This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner makes no warranty that this e-mail is error or virus free. ____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.netmailto:community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.netmailto:community-unsubscribe@lists.idcommons.net For all list information and functions, see: http://lists.idcommons.net/lists/info/community

Yes! Context is key. In the case of Google+ or any social network whose stated or otherwise implied goal is to foster online relationships, anonymity or falsifying one's identity to project an alter ego is, in my opinion, counterproductive. Yes, the service provider also has commercial interest in pursuing this goal, but I can't blame them for that. After all, that is why they exist. We are just as much to blame for sharing our data under their TOS, then they are for exploiting us. It doesn't make it right, but it is our reality given the current legal and social environment our privileged lives have afforded us. In the end, if I were to meet you on the street and we were to strike up a conversation, during which I introduced myself to you, what name would you use to reciprocate? If you told me your name was "Security Man", I would take pause. Now, if you told your name was Bob Smith, but you also go by the nickname of "Security Man", then all is good. I know this is a simple example, but it gets at the heart of why this is important to me. I cannot (or would prefer not to) have a relationship, online or offline, with someone who is not honest about themselves. As we all know, relationships require trust. Now, I know you could argue that you can trust someone without knowing their real name, but for me (call me old fashioned), this is foundational. Even if you begin a relationship without revealing your identity (real name is a proxy), if that relationship progresses or increases in value, eventually you will share your true identity. Or, it will be revealed indirectly through the fingerprint of your interaction with the other person. I guess I'm in the minority on this, and that's OK. All of us are coming to this topic with varying worldviews that underpin our interpretation of reality, so no surprise there. I do appreciate the respectful and thought provoking conversation from this group. I can't stop thinking about this topic now… Nick On Tue, Aug 2, 2011 at 4:25 PM, Joni Brennan wrote:

"Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? "

I was thinking about this more over lunch and you hit the point I was thinking of Phil... The key to it all = context

Some times real names are needed (surely for Levels 3+4) not really for 1 and level 2 is a bit fuzzy re to be real or not to be real. Rather to be legal or not to be legal?

Funny part is that "Identity Woman" was disabled because those are words and not thought of as names. Kaliya could have called herself Ramona Peterson (made up) and google+ would not have blinked at it because it "sounds like" a real name where "Identity Woman" does not.

Real names, anonymity, privacy... all matter differently based upon the context they are used.

=Joni

On Tue, Aug 2, 2011 at 1:12 PM, Phil Hunt wrote:

...

I think the case of Google+ demonstrates the need for selective disclosure capability in multi-property / multi-community services and especially in federated scenarios.

Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need?

The fact that many multi-site service providers don't have selective disclosure is probably the largest reason many users are violating site policy and creating avatars/fake names in the first place!

Google is not unique here. This is a broadly adopted anti-pattern.

Phil

phil.hunt@yahoo.com

On 2011-08-02, at 11:15 AM, Nicholas Crown wrote:

And how does an anonymous online profile help the Ugandan facing a death penalty for homosexuality, or a person facing murder in the US for being gay? Was it a post on Facebook that tipped the scale for them?

The issue in Ugunda is one of an oppressive government regime. The people there do need to fight for their freedom, or flee. In the U.S. example, it's against the law to kill someone for their sexual orientation. Having a social networking site that supports pseudonym's would not have prevented the deranged person from taking another's life.

Nick

On Tue, Aug 2, 2011 at 12:09 PM, Blakley,Bob wrote:

...

Nicholas,

Translation of your question:

Why can't people with unpopular views just stand up in public and be killed for them, or stay in the closet?

It's great to stand up for what you believe in in a nice safe affluent white suburb where everything is theoretical. It's a lot different to come out of the closet in Uganda, where the government is trying to impose the death penalty for homosexuality.

And you don't have to go to Uganda; people are killed for being gay every year in most states of the USA.

And gay isn't the only thing that can get you killed – ask any Muslim you happen to meet.

-- bob

BOB BLAKLEY

Vice President & Distinguished Analyst, Gartner ITP Identity & Privacy

bob.blakley@gartner.com | +1 (512) 657-0768 http://www.gartner.com | http://blogs.gartner.com/bob-blakley/

From: Nicholas Crown Reply-To: Nicholas Crown Date: Mon, 1 Aug 2011 18:09:30 -0400 To: "community@lists.idcommons.net" , " community@kantarainitiative.org" Subject: Re: [community] Google+ "real" names and NSTIC

but that is a totally different problem then the one I am raising which is whether people with medical conditions they want to talk about with others and get support (share +1s) or a buddhist in Kansas (can share freely with other buddhists or seekers without their hyper conservative christian neighbors finding out) or having a feminist persona that is not linked to your work identity in the tech industry (and if it was you would find work had to come by in the valley) is free to use google+ not linked to a "real name".

Why can't people just be who they are and stand in their own shoes for what they believe in? Trying to be a buddhist behind closed doors in Kansas does no one any good. If you believe in feminist tenants, than stand up for those and speak your voice. I understand that persecution could come in any one of these cases, but that is the beauty of taking a stand on the truth. If your ideal is not worth sharing with your own ID, then it's not for you. About the only one that I struggle with is the case where you have some medical condition you would like to discuss in a private setting. Can that case not be solved with a private/closed group? If it's too sensitive for that, then take it offline.

Nick

On Mon, Aug 1, 2011 at 4:49 PM, Tony Rutkowski

...

wrote:

...

"Rights to anonymity." Surely you are joking.

In law, there is no such network based right. In technology, there is no such capability.

Like Scott McNealy said rather publicly in 1995 - Privacy: get over it.

--tony

On 8/1/2011 5:38 PM, Stephen Wilson wrote:

...

(3) If you use crime prevention as the rationale for taking away users' rights to anonymity, then

______________________________**______________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.**idcommons.net

For all list information and functions, see: http://lists.idcommons.net/**lists/info/communityhttp://lists.idcommons.net/lists/info/community

------------------------------ This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner makes no warranty that this e-mail is error or virus free.

____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.net

For all list information and functions, see: http://lists.idcommons.net/lists/info/community

_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community

Nick - In the interests of clarity: I generally agree with your first paragraph, but I tihnk your second paragraph mixes the very contexts which your argument hinges on. What I mean is this: - social networks have a stated goal of 'fostering online relationships', but as you point out, that is in fact secondary to their implicit and often unstated goal of making money out of information about their subscribers. As someone put it: "You are not Facebook's customer, you are Facebook's product...". - the importance of that distinction is thrown into sharp relief by the example you give in your second paragraph. What you describe is the way in which introducing yourself pseudonymously can violate unspoken social conventions. I agree. However, it is a mistake to assume that those social conventions apply in the same way when you use social networks: specifically, most social networks intentionally lull you into thinking that you are playing by normal social rules - but when it is normal, in everyday social intercourse, for there to be a third party listening to the conversation between Nick Crown and Bob Smith with the explicit intention of profiting from it? This is why (and I'm afraid lots of those on this list will have heard me say this before, so my apologies for the repetition) I so dislike the phrase "social networking". In my view, you can have 'social interaction' and 'networked interaction', and if you go on the assumption that both of them operate according to the same rules, you're deluding yourself. That is, in my view, the Big Con of 'social networks'... R On Wed, 03 Aug 2011 10:26 -0500, "Nicholas Crown" wrote: Yes! Context is key. In the case of Google+ or any social network whose stated or otherwise implied goal is to foster online relationships, anonymity or falsifying one's identity to project an alter ego is, in my opinion, counterproductive. Yes, the service provider also has commercial interest in pursuing this goal, but I can't blame them for that. After all, that is why they exist. We are just as much to blame for sharing our data under their TOS, then they are for exploiting us. It doesn't make it right, but it is our reality given the current legal and social environment our privileged lives have afforded us. In the end, if I were to meet you on the street and we were to strike up a conversation, during which I introduced myself to you, what name would you use to reciprocate? If you told me your name was "Security Man", I would take pause. Now, if you told your name was Bob Smith, but you also go by the nickname of "Security Man", then all is good. I know this is a simple example, but it gets at the heart of why this is important to me. I cannot (or would prefer not to) have a relationship, online or offline, with someone who is not honest about themselves. As we all know, relationships require trust. Now, I know you could argue that you can trust someone without knowing their real name, but for me (call me old fashioned), this is foundational. Even if you begin a relationship without revealing your identity (real name is a proxy), if that relationship progresses or increases in value, eventually you will share your true identity. Or, it will be revealed indirectly through the fingerprint of your interaction with the other person. I guess I'm in the minority on this, and that's OK. All of us are coming to this topic with varying worldviews that underpin our interpretation of reality, so no surprise there. I do appreciate the respectful and thought provoking conversation from this group. I can't stop thinking about this topic now… Nick On Tue, Aug 2, 2011 at 4:25 PM, Joni Brennan <[1]joni@ieee-isto.org> wrote: "Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? " I was thinking about this more over lunch and you hit the point I was thinking of Phil... The key to it all = context Some times real names are needed (surely for Levels 3+4) not really for 1 and level 2 is a bit fuzzy re to be real or not to be real. Rather to be legal or not to be legal? Funny part is that "Identity Woman" was disabled because those are words and not thought of as names. Kaliya could have called herself Ramona Peterson (made up) and google+ would not have blinked at it because it "sounds like" a real name where "Identity Woman" does not. Real names, anonymity, privacy... all matter differently based upon the context they are used. =Joni On Tue, Aug 2, 2011 at 1:12 PM, Phil Hunt <[2]phil.hunt@yahoo.com> wrote: I think the case of Google+ demonstrates the need for selective disclosure capability in multi-property / multi-community services and especially in federated scenarios. Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? The fact that many multi-site service providers don't have selective disclosure is probably the largest reason many users are violating site policy and creating avatars/fake names in the first place! Google is not unique here. This is a broadly adopted anti-pattern. Phil [3]phil.hunt@yahoo.com On 2011-08-02, at 11:15 AM, Nicholas Crown wrote: And how does an anonymous online profile help the Ugandan facing a death penalty for homosexuality, or a person facing murder in the US for being gay? Was it a post on Facebook that tipped the scale for them? The issue in Ugunda is one of an oppressive government regime. The people there do need to fight for their freedom, or flee. In the U.S. example, it's against the law to kill someone for their sexual orientation. Having a social networking site that supports pseudonym's would not have prevented the deranged person from taking another's life. Nick On Tue, Aug 2, 2011 at 12:09 PM, Blakley,Bob <[4]Bob.Blakley@gartner.com> wrote: Nicholas, Translation of your question: Why can't people with unpopular views just stand up in public and be killed for them, or stay in the closet? It's great to stand up for what you believe in in a nice safe affluent white suburb where everything is theoretical. It's a lot different to come out of the closet in Uganda, where the government is trying to impose the death penalty for homosexuality. And you don't have to go to Uganda; people are killed for being gay every year in most states of the USA. And gay isn't the only thing that can get you killed – ask any Muslim you happen to meet. -- bob BOB BLAKLEY Vice President & Distinguished Analyst, Gartner ITP Identity & Privacy [5]bob.blakley@gartner.com | [6]+1 (512) 657-0768 [7]http://www.gartner.com | [8]http://blogs.gartner.com/bob-blakl ey/ From: Nicholas Crown <[9]nick@thecrowns.org> Reply-To: Nicholas Crown <[10]nick@thecrowns.org> Date: Mon, 1 Aug 2011 18:09:30 -0400 To: "[11]community@lists.idcommons.net" <[12]community@lists.idcommons.net>, "[13]community@kantarainitiative.org" <[14]community@kantarainitiative.org> Subject: Re: [community] Google+ "real" names and NSTIC but that is a totally different problem then the one I am raising which is whether people with medical conditions they want to talk about with others and get support (share +1s) or a buddhist in Kansas (can share freely with other buddhists or seekers without their hyper conservative christian neighbors finding out) or having a feminist persona that is not linked to your work identity in the tech industry (and if it was you would find work had to come by in the valley) is free to use google+ not linked to a "real name". Why can't people just be who they are and stand in their own shoes for what they believe in? Trying to be a buddhist behind closed doors in Kansas does no one any good. If you believe in feminist tenants, than stand up for those and speak your voice. I understand that persecution could come in any one of these cases, but that is the beauty of taking a stand on the truth. If your ideal is not worth sharing with your own ID, then it's not for you. About the only one that I struggle with is the case where you have some medical condition you would like to discuss in a private setting. Can that case not be solved with a private/closed group? If it's too sensitive for that, then take it offline. Nick On Mon, Aug 1, 2011 at 4:49 PM, Tony Rutkowski <[15]trutkowski@netmagic.com> wrote: "Rights to anonymity." Surely you are joking. In law, there is no such network based right. In technology, there is no such capability. Like Scott McNealy said rather publicly in 1995 - Privacy: get over it. --tony On 8/1/2011 5:38 PM, Stephen Wilson wrote: (3) If you use crime prevention as the rationale for taking away users' rights to anonymity, then ____________________________________________________________ You received this message as a subscriber on the list: [16]community@lists.idcommons.net To be removed from the list, send any message to: [17]community-unsubscribe@lists.idcommons.net For all list information and functions, see: [18]http://lists.idcommons.net/lists/info/community ____________________________________________________________ This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner makes no warranty that this e-mail is error or virus free. ____________________________________________________________ You received this message as a subscriber on the list: [19]community@lists.idcommons.net To be removed from the list, send any message to: [20]community-unsubscribe@lists.idcommons.net For all list information and functions, see: [21]http://lists.idcommons.net/lists/info/community _______________________________________________ Community mailing list [22]Community@kantarainitiative.org [23]http://kantarainitiative.org/mailman/listinfo/community _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community References 1. mailto:joni@ieee-isto.org 2. mailto:phil.hunt@yahoo.com 3. mailto:phil.hunt@yahoo.com 4. mailto:Bob.Blakley@gartner.com 5. mailto:bob.blakley@gartner.com 6. tel:%2B1%20%28512%29%20657-0768 7. http://www.gartner.com/ 8. http://blogs.gartner.com/bob-blakley 9. mailto:nick@thecrowns.org 10. mailto:nick@thecrowns.org 11. mailto:community@lists.idcommons.net 12. mailto:community@lists.idcommons.net 13. mailto:community@kantarainitiative.org 14. mailto:community@kantarainitiative.org 15. mailto:trutkowski@netmagic.com 16. mailto:community@lists.idcommons.net 17. mailto:community-unsubscribe@lists.idcommons.net 18. http://lists.idcommons.net/lists/info/community 19. mailto:community@lists.idcommons.net 20. mailto:community-unsubscribe@lists.idcommons.net 21. http://lists.idcommons.net/lists/info/community 22. mailto:Community@kantarainitiative.org 23. http://kantarainitiative.org/mailman/listinfo/community Robin Wilton +44 (0)705 005 2931

One further thing to think about - I am a malicious person. I create a pseudonym and begin to "friend" people - play Farmville with them start exchanging entries in each others pages - and then I put a photo on a popular friends page - only that photo is a Trojan that installs when you download the picture. What do we do about that? ________________________________ From: community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org] On Behalf Of Robin Wilton Sent: Wednesday, August 03, 2011 12:11 PM To: Nicholas Crown Cc: community@kantarainitiative.org Subject: Re: [Kantara - Community] [community] Google+ "real" names and NSTIC Nick - In the interests of clarity: I generally agree with your first paragraph, but I tihnk your second paragraph mixes the very contexts which your argument hinges on. What I mean is this: - social networks have a stated goal of 'fostering online relationships', but as you point out, that is in fact secondary to their implicit and often unstated goal of making money out of information about their subscribers. As someone put it: "You are not Facebook's customer, you are Facebook's product...". - the importance of that distinction is thrown into sharp relief by the example you give in your second paragraph. What you describe is the way in which introducing yourself pseudonymously can violate unspoken social conventions. I agree. However, it is a mistake to assume that those social conventions apply in the same way when you use social networks: specifically, most social networks intentionally lull you into thinking that you are playing by normal social rules - but when it is normal, in everyday social intercourse, for there to be a third party listening to the conversation between Nick Crown and Bob Smith with the explicit intention of profiting from it? This is why (and I'm afraid lots of those on this list will have heard me say this before, so my apologies for the repetition) I so dislike the phrase "social networking". In my view, you can have 'social interaction' and 'networked interaction', and if you go on the assumption that both of them operate according to the same rules, you're deluding yourself. That is, in my view, the Big Con of 'social networks'... R On Wed, 03 Aug 2011 10:26 -0500, "Nicholas Crown" wrote: Yes! Context is key. In the case of Google+ or any social network whose stated or otherwise implied goal is to foster online relationships, anonymity or falsifying one's identity to project an alter ego is, in my opinion, counterproductive. Yes, the service provider also has commercial interest in pursuing this goal, but I can't blame them for that. After all, that is why they exist. We are just as much to blame for sharing our data under their TOS, then they are for exploiting us. It doesn't make it right, but it is our reality given the current legal and social environment our privileged lives have afforded us. In the end, if I were to meet you on the street and we were to strike up a conversation, during which I introduced myself to you, what name would you use to reciprocate? If you told me your name was "Security Man", I would take pause. Now, if you told your name was Bob Smith, but you also go by the nickname of "Security Man", then all is good. I know this is a simple example, but it gets at the heart of why this is important to me. I cannot (or would prefer not to) have a relationship, online or offline, with someone who is not honest about themselves. As we all know, relationships require trust. Now, I know you could argue that you can trust someone without knowing their real name, but for me (call me old fashioned), this is foundational. Even if you begin a relationship without revealing your identity (real name is a proxy), if that relationship progresses or increases in value, eventually you will share your true identity. Or, it will be revealed indirectly through the fingerprint of your interaction with the other person. I guess I'm in the minority on this, and that's OK. All of us are coming to this topic with varying worldviews that underpin our interpretation of reality, so no surprise there. I do appreciate the respectful and thought provoking conversation from this group. I can't stop thinking about this topic now... Nick On Tue, Aug 2, 2011 at 4:25 PM, Joni Brennan wrote: "Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? " I was thinking about this more over lunch and you hit the point I was thinking of Phil... The key to it all = context Some times real names are needed (surely for Levels 3+4) not really for 1 and level 2 is a bit fuzzy re to be real or not to be real. Rather to be legal or not to be legal? Funny part is that "Identity Woman" was disabled because those are words and not thought of as names. Kaliya could have called herself Ramona Peterson (made up) and google+ would not have blinked at it because it "sounds like" a real name where "Identity Woman" does not. Real names, anonymity, privacy... all matter differently based upon the context they are used. =Joni On Tue, Aug 2, 2011 at 1:12 PM, Phil Hunt wrote: I think the case of Google+ demonstrates the need for selective disclosure capability in multi-property / multi-community services and especially in federated scenarios. Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? The fact that many multi-site service providers don't have selective disclosure is probably the largest reason many users are violating site policy and creating avatars/fake names in the first place! Google is not unique here. This is a broadly adopted anti-pattern. Phil phil.hunt@yahoo.com mailto:phil.hunt@yahoo.com On 2011-08-02, at 11:15 AM, Nicholas Crown wrote: And how does an anonymous online profile help the Ugandan facing a death penalty for homosexuality, or a person facing murder in the US for being gay? Was it a post on Facebook that tipped the scale for them? The issue in Ugunda is one of an oppressive government regime. The people there do need to fight for their freedom, or flee. In the U.S. example, it's against the law to kill someone for their sexual orientation. Having a social networking site that supports pseudonym's would not have prevented the deranged person from taking another's life. Nick On Tue, Aug 2, 2011 at 12:09 PM, Blakley,Bob wrote: Nicholas, Translation of your question: Why can't people with unpopular views just stand up in public and be killed for them, or stay in the closet? It's great to stand up for what you believe in in a nice safe affluent white suburb where everything is theoretical. It's a lot different to come out of the closet in Uganda, where the government is trying to impose the death penalty for homosexuality. And you don't have to go to Uganda; people are killed for being gay every year in most states of the USA. And gay isn't the only thing that can get you killed - ask any Muslim you happen to meet. -- bob BOB BLAKLEY Vice President & Distinguished Analyst, Gartner ITP Identity & Privacy bob.blakley@gartner.com | +1 (512) 657-0768 tel:%2B1%20%28512%29%20657-0768 http://www.gartner.com http://www.gartner.com/ | http://blogs.gartner.com/bob-blakley/ From: Nicholas Crown Reply-To: Nicholas Crown Date: Mon, 1 Aug 2011 18:09:30 -0400 To: "community@lists.idcommons.net" , "community@kantarainitiative.org" Subject: Re: [community] Google+ "real" names and NSTIC but that is a totally different problem then the one I am raising which is whether people with medical conditions they want to talk about with others and get support (share +1s) or a buddhist in Kansas (can share freely with other buddhists or seekers without their hyper conservative christian neighbors finding out) or having a feminist persona that is not linked to your work identity in the tech industry (and if it was you would find work had to come by in the valley) is free to use google+ not linked to a "real name". Why can't people just be who they are and stand in their own shoes for what they believe in? Trying to be a buddhist behind closed doors in Kansas does no one any good. If you believe in feminist tenants, than stand up for those and speak your voice. I understand that persecution could come in any one of these cases, but that is the beauty of taking a stand on the truth. If your ideal is not worth sharing with your own ID, then it's not for you. About the only one that I struggle with is the case where you have some medical condition you would like to discuss in a private setting. Can that case not be solved with a private/closed group? If it's too sensitive for that, then take it offline. Nick On Mon, Aug 1, 2011 at 4:49 PM, Tony Rutkowski wrote: "Rights to anonymity." Surely you are joking. In law, there is no such network based right. In technology, there is no such capability. Like Scott McNealy said rather publicly in 1995 - Privacy: get over it. --tony On 8/1/2011 5:38 PM, Stephen Wilson wrote: (3) If you use crime prevention as the rationale for taking away users' rights to anonymity, then ____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.net For all list information and functions, see: http://lists.idcommons.net/lists/info/community ________________________________ This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner makes no warranty that this e-mail is error or virus free. ____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.net For all list information and functions, see: http://lists.idcommons.net/lists/info/community _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community Robin Wilton +44 (0)705 005 2931

Hi Everyone! Since I'm jumping into the middle of this discussion from out of nowhere I'd like apologize right up-front. I have been negligent in that I have not been disciplined in making the time to follow, let alone participate, in these discussion threads. That is in no way a reflection of the importance I place on the subject you are all addressing. Quite the contrary, this subject is central to what my company is doing and is of personal importance to me as well. I have found this particular thread to be very thought provoking with excellent points being made all around. In particular, for me Heather framed the "context" objective, and challenge quite nicely - as have others. I for one believe there are contexts within which anonymity is both valid and valuable. I don't know if you happened to see Fred Wilson's post today - some good points on the value of anonymity. Rather than repeat the points made there, I'll simply post it here for your convenience: http://bit.ly/o4haHJ Taking the lead from Fred's post and the insights of others on this thread, I think there is not only value in anonymity (given the right context), but in "verified anonymity". By this I simply mean verifying that the individual claiming to own a "persona" at a given point in time is in fact the true "owner" of that persona. If someone has built a reputation associated with a particular persona, (and many have), then there is value in protecting against someone "e-personating" the owner by hijacking that persona. Keith -----Original Message----- From: community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org] On Behalf Of heather vescent Sent: Wednesday, August 03, 2011 9:53 AM To: Nicholas Crown Cc: community@lists.idcommons.net; Blakley,Bob; Phil Hunt; community@kantarainitiative.org Subject: Re: [Kantara - Community] [community] Google+ "real" names and NSTIC Nick, It's about paradigms. The worldview you have and are representing in the conversation is just one worldview. There are others. That doesn't mean one is necessarily better than another; but the systems should allow for multiple, potentially conflicting worldview to co-exist. You might be put off by meeting "Security Man" but other's wouldn't. Your worldview can easily exist within the current system. The ability to express and live your worldview is not changed by allowing the ability to express and live in a different worldview. You can still use your real names - you're not required to have a handle or other name. What is critical about this conversation is building the system to allow these multiple, potentially conflicting worldview/paradigms about using identity. It's not a discussion about which one is the right or correct paradigm. It's about building a system that does not exclude the expression of these paradigms. Cheers, -Heather On Wed, Aug 3, 2011 at 8:26 AM, Nicholas Crown wrote: Yes! Context is key. In the case of Google+ or any social network whose stated or otherwise implied goal is to foster online relationships, anonymity or falsifying one's identity to project an alter ego is, in my opinion, counterproductive. Yes, the service provider also has commercial interest in pursuing this goal, but I can't blame them for that. After all, that is why they exist. We are just as much to blame for sharing our data under their TOS, then they are for exploiting us. It doesn't make it right, but it is our reality given the current legal and social environment our privileged lives have afforded us. In the end, if I were to meet you on the street and we were to strike up a conversation, during which I introduced myself to you, what name would you use to reciprocate? If you told me your name was "Security Man", I would take pause. Now, if you told your name was Bob Smith, but you also go by the nickname of "Security Man", then all is good. I know this is a simple example, but it gets at the heart of why this is important to me. I cannot (or would prefer not to) have a relationship, online or offline, with someone who is not honest about themselves. As we all know, relationships require trust. Now, I know you could argue that you can trust someone without knowing their real name, but for me (call me old fashioned), this is foundational. Even if you begin a relationship without revealing your identity (real name is a proxy), if that relationship progresses or increases in value, eventually you will share your true identity. Or, it will be revealed indirectly through the fingerprint of your interaction with the other person. I guess I'm in the minority on this, and that's OK. All of us are coming to this topic with varying worldviews that underpin our interpretation of reality, so no surprise there. I do appreciate the respectful and thought provoking conversation from this group. I can't stop thinking about this topic now. Nick On Tue, Aug 2, 2011 at 4:25 PM, Joni Brennan wrote: "Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? " I was thinking about this more over lunch and you hit the point I was thinking of Phil... The key to it all = context Some times real names are needed (surely for Levels 3+4) not really for 1 and level 2 is a bit fuzzy re to be real or not to be real. Rather to be legal or not to be legal? Funny part is that "Identity Woman" was disabled because those are words and not thought of as names. Kaliya could have called herself Ramona Peterson (made up) and google+ would not have blinked at it because it "sounds like" a real name where "Identity Woman" does not. Real names, anonymity, privacy... all matter differently based upon the context they are used. =Joni On Tue, Aug 2, 2011 at 1:12 PM, Phil Hunt wrote: I think the case of Google+ demonstrates the need for selective disclosure capability in multi-property / multi-community services and especially in federated scenarios. Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? The fact that many multi-site service providers don't have selective disclosure is probably the largest reason many users are violating site policy and creating avatars/fake names in the first place! Google is not unique here. This is a broadly adopted anti-pattern. Phil phil.hunt@yahoo.com On 2011-08-02, at 11:15 AM, Nicholas Crown wrote: And how does an anonymous online profile help the Ugandan facing a death penalty for homosexuality, or a person facing murder in the US for being gay? Was it a post on Facebook that tipped the scale for them? The issue in Ugunda is one of an oppressive government regime. The people there do need to fight for their freedom, or flee. In the U.S. example, it's against the law to kill someone for their sexual orientation. Having a social networking site that supports pseudonym's would not have prevented the deranged person from taking another's life. Nick On Tue, Aug 2, 2011 at 12:09 PM, Blakley,Bob wrote: Nicholas, Translation of your question: Why can't people with unpopular views just stand up in public and be killed for them, or stay in the closet? It's great to stand up for what you believe in in a nice safe affluent white suburb where everything is theoretical. It's a lot different to come out of the closet in Uganda, where the government is trying to impose the death penalty for homosexuality. And you don't have to go to Uganda; people are killed for being gay every year in most states of the USA. And gay isn't the only thing that can get you killed - ask any Muslim you happen to meet. -- bob BOB BLAKLEY Vice President & Distinguished Analyst, Gartner ITP Identity & Privacy bob.blakley@gartner.com | +1 (512) 657-0768 tel:%2B1%20%28512%29%20657-0768 http://www.gartner.com http://www.gartner.com/ | http://blogs.gartner.com/bob-blakley/ From: Nicholas Crown Reply-To: Nicholas Crown Date: Mon, 1 Aug 2011 18:09:30 -0400 To: "community@lists.idcommons.net" , "community@kantarainitiative.org" Subject: Re: [community] Google+ "real" names and NSTIC but that is a totally different problem then the one I am raising which is whether people with medical conditions they want to talk about with others and get support (share +1s) or a buddhist in Kansas (can share freely with other buddhists or seekers without their hyper conservative christian neighbors finding out) or having a feminist persona that is not linked to your work identity in the tech industry (and if it was you would find work had to come by in the valley) is free to use google+ not linked to a "real name". Why can't people just be who they are and stand in their own shoes for what they believe in? Trying to be a buddhist behind closed doors in Kansas does no one any good. If you believe in feminist tenants, than stand up for those and speak your voice. I understand that persecution could come in any one of these cases, but that is the beauty of taking a stand on the truth. If your ideal is not worth sharing with your own ID, then it's not for you. About the only one that I struggle with is the case where you have some medical condition you would like to discuss in a private setting. Can that case not be solved with a private/closed group? If it's too sensitive for that, then take it offline. Nick On Mon, Aug 1, 2011 at 4:49 PM, Tony Rutkowski wrote: "Rights to anonymity." Surely you are joking. In law, there is no such network based right. In technology, there is no such capability. Like Scott McNealy said rather publicly in 1995 - Privacy: get over it. --tony On 8/1/2011 5:38 PM, Stephen Wilson wrote: (3) If you use crime prevention as the rationale for taking away users' rights to anonymity, then ____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists. mailto:community-unsubscribe@lists.idcommons.net idcommons.net For all list information and functions, see: http://lists.idcommons.net/ http://lists.idcommons.net/lists/info/community lists/info/community _____ This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner makes no warranty that this e-mail is error or virus free. ____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.net For all list information and functions, see: http://lists.idcommons.net/lists/info/community _______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community ____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.net For all list information and functions, see: http://lists.idcommons.net/lists/info/community -- Heather Schlegel, heathervescent Practical Futurist, Product Developer & Agent of Cacophony @heathervescent // www.heathervescent.com http://www.heathervescent.com/ // skype: heathervescent

*"IdentityWoman works as a name for me. I know who IdentityWoman is, and isn't that the point?"* * * I get that. As you said, you *know who she is*. Nick On Wed, Aug 3, 2011 at 12:30 PM, Phil Hunt wrote:

Nick,

IdentityWoman works as a name for me. I know who IdentityWoman is, and isn't that the point?

The only possible explanation for real names is google needs a way to arbitrate between two people with legal claims to the same name. A basic problem in most social networks.

Phil

phil.hunt@yahoo.com

On 2011-08-03, at 8:26 AM, Nicholas Crown wrote:

Yes! Context is key.

In the case of Google+ or any social network whose stated or otherwise implied goal is to foster online relationships, anonymity or falsifying one's identity to project an alter ego is, in my opinion, counterproductive. Yes, the service provider also has commercial interest in pursuing this goal, but I can't blame them for that. After all, that is why they exist. We are just as much to blame for sharing our data under their TOS, then they are for exploiting us. It doesn't make it right, but it is our reality given the current legal and social environment our privileged lives have afforded us.

In the end, if I were to meet you on the street and we were to strike up a conversation, during which I introduced myself to you, what name would you use to reciprocate? If you told me your name was "Security Man", I would take pause. Now, if you told your name was Bob Smith, but you also go by the nickname of "Security Man", then all is good. I know this is a simple example, but it gets at the heart of why this is important to me. I cannot (or would prefer not to) have a relationship, online or offline, with someone who is not honest about themselves. As we all know, relationships require trust. Now, I know you could argue that you can trust someone without knowing their real name, but for me (call me old fashioned), this is foundational. Even if you begin a relationship without revealing your identity (real name is a proxy), if that relationship progresses or increases in value, eventually you will share your true identity. Or, it will be revealed indirectly through the fingerprint of your interaction with the other person.

I guess I'm in the minority on this, and that's OK. All of us are coming to this topic with varying worldviews that underpin our interpretation of reality, so no surprise there.

I do appreciate the respectful and thought provoking conversation from this group. I can't stop thinking about this topic now…

Nick

On Tue, Aug 2, 2011 at 4:25 PM, Joni Brennan wrote:

...

"Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? "

I was thinking about this more over lunch and you hit the point I was thinking of Phil... The key to it all = context

Some times real names are needed (surely for Levels 3+4) not really for 1 and level 2 is a bit fuzzy re to be real or not to be real. Rather to be legal or not to be legal?

Funny part is that "Identity Woman" was disabled because those are words and not thought of as names. Kaliya could have called herself Ramona Peterson (made up) and google+ would not have blinked at it because it "sounds like" a real name where "Identity Woman" does not.

Real names, anonymity, privacy... all matter differently based upon the context they are used.

=Joni

On Tue, Aug 2, 2011 at 1:12 PM, Phil Hunt wrote:

...

I think the case of Google+ demonstrates the need for selective disclosure capability in multi-property / multi-community services and especially in federated scenarios.

Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need?

The fact that many multi-site service providers don't have selective disclosure is probably the largest reason many users are violating site policy and creating avatars/fake names in the first place!

Google is not unique here. This is a broadly adopted anti-pattern.

Phil

phil.hunt@yahoo.com

On 2011-08-02, at 11:15 AM, Nicholas Crown wrote:

And how does an anonymous online profile help the Ugandan facing a death penalty for homosexuality, or a person facing murder in the US for being gay? Was it a post on Facebook that tipped the scale for them?

The issue in Ugunda is one of an oppressive government regime. The people there do need to fight for their freedom, or flee. In the U.S. example, it's against the law to kill someone for their sexual orientation. Having a social networking site that supports pseudonym's would not have prevented the deranged person from taking another's life.

Nick

On Tue, Aug 2, 2011 at 12:09 PM, Blakley,Bob wrote:

...

Nicholas,

Translation of your question:

Why can't people with unpopular views just stand up in public and be killed for them, or stay in the closet?

It's great to stand up for what you believe in in a nice safe affluent white suburb where everything is theoretical. It's a lot different to come out of the closet in Uganda, where the government is trying to impose the death penalty for homosexuality.

And you don't have to go to Uganda; people are killed for being gay every year in most states of the USA.

And gay isn't the only thing that can get you killed – ask any Muslim you happen to meet.

-- bob

BOB BLAKLEY

Vice President & Distinguished Analyst, Gartner ITP Identity & Privacy

bob.blakley@gartner.com | +1 (512) 657-0768 http://www.gartner.com | http://blogs.gartner.com/bob-blakley/

From: Nicholas Crown Reply-To: Nicholas Crown Date: Mon, 1 Aug 2011 18:09:30 -0400 To: "community@lists.idcommons.net" , " community@kantarainitiative.org" Subject: Re: [community] Google+ "real" names and NSTIC

but that is a totally different problem then the one I am raising which is whether people with medical conditions they want to talk about with others and get support (share +1s) or a buddhist in Kansas (can share freely with other buddhists or seekers without their hyper conservative christian neighbors finding out) or having a feminist persona that is not linked to your work identity in the tech industry (and if it was you would find work had to come by in the valley) is free to use google+ not linked to a "real name".

Why can't people just be who they are and stand in their own shoes for what they believe in? Trying to be a buddhist behind closed doors in Kansas does no one any good. If you believe in feminist tenants, than stand up for those and speak your voice. I understand that persecution could come in any one of these cases, but that is the beauty of taking a stand on the truth. If your ideal is not worth sharing with your own ID, then it's not for you. About the only one that I struggle with is the case where you have some medical condition you would like to discuss in a private setting. Can that case not be solved with a private/closed group? If it's too sensitive for that, then take it offline.

Nick

On Mon, Aug 1, 2011 at 4:49 PM, Tony Rutkowski < trutkowski@netmagic.com> wrote:

...

"Rights to anonymity." Surely you are joking.

In law, there is no such network based right. In technology, there is no such capability.

Like Scott McNealy said rather publicly in 1995 - Privacy: get over it.

--tony

On 8/1/2011 5:38 PM, Stephen Wilson wrote:

...

(3) If you use crime prevention as the rationale for taking away users' rights to anonymity, then

______________________________**______________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.**idcommons.net

For all list information and functions, see: http://lists.idcommons.net/**lists/info/communityhttp://lists.idcommons.net/lists/info/community

------------------------------ This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner makes no warranty that this e-mail is error or virus free.

____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.net

For all list information and functions, see: http://lists.idcommons.net/lists/info/community

_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community

Nick, On Aug 3, 2011, at 11:26 AM, Nicholas Crown wrote:

If you told me your name was "Security Man", I would take pause. Now, if you told your name was Bob Smith, but you also go by the nickname of "Security Man", then all is good. I know this is a simple example, but it gets at the heart of why this is important to me. I cannot (or would prefer not to) have a relationship, online or offline, with someone who is not honest about themselves. As we all know, relationships require trust.

When I first knew Kaliya Hamlin, I _only_ knew her as "Identity Woman". I read posts by her on her blog, and her emails. I trusted that the person known as "Identity Woman" would write about Internet identity issues. On her eponymous blog, I could see that she is also called "Kaliya Hamlin". I associated those names together, and there seemed little (if any) risk to me making that association. Later I attended one of the first IIW events and met Kaliya in person. She organized the unconference, and talked about unconferences and Internet identity. I think Kaliya has been quite honest with me (even though we barely know each other) about who she is, for that shared aspect where we interact - I feel like I understand her stance on identity issues, and the information I do know about her has been maintained consistently through our interactions in the areas which I know her. So, where's the problem with her using the name "Identity Woman" instead of "Kaliya Hamlin"? The obvious issue seems to be that someone else could use "Identity Woman" and impersonate her, right? Speaking personally, I would probably understand immediately that someone was impersonating her if the impostor were to post something obviously inconsistent with what I have understood to be her views on identity. And if the impostor made a statement about something other than identity, it is likely that I either wouldn't care particularly, or wouldn't trust that statement unless I had additional knowledge of Identity Woman's expertise or involvement in that subject (which in many cases I wouldn't have, and in the cases I did, I would expect her view to be consistent with her previously-expressed views). Further, what if someone were to impersonate her by using the name "Kaliya Hamlin"? Where would be the difference between impersonation using one name vs. the other? I also have friends who use pseudonyms in public context (Facebook, Twitter, others) but don't publicly associate those pseudonyms with their "real" names. In those cases, I use my "secret" knowledge of those people to understand that they are who they say they are, and that the nickname is for a person I know - sometimes that context is very personal (ie. the nickname link is known only to me and the other person) Nicknames are valid in human life. I don't see anyone who uses a nickname as dishonest by definition. And humans are inclined to "trust" people who act in a consistent way, regardless of their name - I think that works even online, and is context-dependent (the amount of trust varies according to the context within which it is needed). Nicknames are sometimes useful in preventing abuse (or easy correlation) of someone in one context because you know them in another context (imagine if Kathy Sierra had used a pseudonym not publicly associated with her "real name" or address - perhaps she might still be writing publicly?) - John https://twitter.com/frumioj

Hi Everyone! Since I'm jumping into the middle of this discussion from out of nowhere I'd like apologize right up-front. I have been negligent in that I have not been disciplined in making the time to follow, let alone participate, in these discussion threads. That is in no way a reflection of the importance I place on the subject you are all addressing. Quite the contrary, this subject is central to what my company is doing and is of personal importance to me as well. I have found this particular thread to be very thought provoking with excellent points being made all around. In particular, for me Heather framed the "context" objective, and challenge quite nicely - as have others. I for one believe there are contexts within which anonymity is both valid and valuable. I don't know if you happened to see Fred Wilson's post today - some good points on the value of anonymity. Rather than repeat the points made there, I'll simply post it here for your convenience: http://bit.ly/o4haHJ Taking the lead from Fred's post and the insights of others on this thread, I think there is not only value in anonymity (given the right context), but in "verified anonymity". By this I simply mean verifying that the individual claiming to own a "persona" at a given point in time is in fact the true "owner" of that persona. If someone has built a reputation associated with a particular persona, (and many have), then there is value in protecting against someone "e-personating" the owner by hijacking that persona. Keith President, AssertID -----Original Message----- From: community-bounces@kantarainitiative.org [mailto:community-bounces@kantarainitiative.org] On Behalf Of Nicholas Crown Sent: Wednesday, August 03, 2011 11:30 AM To: John Kemp Cc: community@lists.idcommons.net; Blakley,Bob; Phil Hunt; community@kantarainitiative.org Subject: Re: [Kantara - Community] [community] Google+ "real" names and NSTIC Hi John: On Wed, Aug 3, 2011 at 1:01 PM, John Kemp wrote: Nick, On Aug 3, 2011, at 11:26 AM, Nicholas Crown wrote:

If you told me your name was "Security Man", I would take pause. Now, if you told your name was Bob Smith, but you also go by the nickname of "Security Man", then all is good. I know this is a simple example, but it gets at the heart of why this is important to me. I cannot (or would prefer not to) have a relationship, online or offline, with someone who is not honest about themselves. As we all know, relationships require trust.

When I first knew Kaliya Hamlin, I _only_ knew her as "Identity Woman". I read posts by her on her blog, and her emails. I trusted that the person known as "Identity Woman" would write about Internet identity issues. On her eponymous blog, I could see that she is also called "Kaliya Hamlin". I associated those names together, and there seemed little (if any) risk to me making that association. Later I attended one of the first IIW events and met Kaliya in person. She organized the unconference, and talked about unconferences and Internet identity. I think Kaliya has been quite honest with me (even though we barely know each other) about who she is, for that shared aspect where we interact - I feel like I understand her stance on identity issues, and the information I do know about her has been maintained consistently through our interactions in the areas which I know her. So, where's the problem with her using the name "Identity Woman" instead of "Kaliya Hamlin"? The obvious issue seems to be that someone else could use "Identity Woman" and impersonate her, right? Speaking personally, I would probably understand immediately that someone was impersonating her if the impostor were to post something obviously inconsistent with what I have understood to be her views on identity. And if the impostor made a statement about something other than identity, it is likely that I either wouldn't care particularly, or wouldn't trust that statement unless I had additional knowledge of Identity Woman's expertise or involvement in that subject (which in many cases I wouldn't have, and in the cases I did, I would expect her view to be consistent with her previously-expressed views). Further, what if someone were to impersonate her by using the name "Kaliya Hamlin"? Where would be the difference between impersonation using one name vs. the other? I also have friends who use pseudonyms in public context (Facebook, Twitter, others) but don't publicly associate those pseudonyms with their "real" names. In those cases, I use my "secret" knowledge of those people to understand that they are who they say they are, and that the nickname is for a person I know - sometimes that context is very personal (ie. the nickname link is known only to me and the other person) Nicknames are valid in human life. I don't see anyone who uses a nickname as dishonest by definition. And humans are inclined to "trust" people who act in a consistent way, regardless of their name - I think that works even online, and is context-dependent (the amount of trust varies according to the context within which it is needed). Nicknames are sometimes useful in preventing abuse (or easy correlation) of someone in one context because you know them in another context (imagine if Kathy Sierra had used a pseudonym not publicly associated with her "real name" or address - perhaps she might still be writing publicly?) This is helpful. What Heather said about not forcing one model over the other is one of the challenges that we are left to solve. So, the responsibility is on us as individuals participating in "networked interactions" to evaluate the context and information available at the point of interaction in determining whether or not to engage in an interaction. What if the system offered via some labeling technique some additional context that indicated whether or not the person on the other end is using a pseudonym? If interacting with someone who has been "verified" (getting back to the assurance level) , their profile looks different. If it's a pseudonym, you would know it and that could aid you in determining whether or not you should engage. Or, is this vetting process best left up to the community as a whole? Nick - John https://twitter.com/frumioj

Nick, On Aug 3, 2011, at 2:29 PM, Nicholas Crown wrote:

Hi John:

[…]

...

Nicknames are valid in human life. I don't see anyone who uses a nickname as dishonest by definition. And humans are inclined to "trust" people who act in a consistent way, regardless of their name - I think that works even online, and is context-dependent (the amount of trust varies according to the context within which it is needed). Nicknames are sometimes useful in preventing abuse (or easy correlation) of someone in one context because you know them in another context (imagine if Kathy Sierra had used a pseudonym not publicly associated with her "real name" or address - perhaps she might still be writing publicly?)

This is helpful. What Heather said about not forcing one model over the other is one of the challenges that we are left to solve. So, the responsibility is on us as individuals participating in "networked interactions" to evaluate the context and information available at the point of interaction in determining whether or not to engage in an interaction.

What if the system offered via some labeling technique some additional context that indicated whether or not the person on the other end is using a pseudonym? If interacting with someone who has been "verified" (getting back to the assurance level) , their profile looks different. If it's a pseudonym, you would know it and that could aid you in determining whether or not you should engage. Or, is this vetting process best left up to the community as a whole?

I can imagine my bank making an assertion that my DBA business account name is "Binary Art". I can imagine that someone can register a trademark and have a lawyer or the gov't assert that the trademark name is "Identity Woman". I can imagine the gov't asserting that my legal name is "Johannes Kempes". All of these are useful in certain contexts (bank when someone wants to pay me or accept payment from me, gov't when checking that my passport is valid, trademark when resolving a trademark dispute). So yes, there are various situations where "verified names" carry some weight. There are a lot of other human contexts where people just need a way of referring to "that person who writes about issues of identity at this blog URL" or "that man with the blue eyes, dark beard and Australian accent" - in such cases, they assign a name - sometimes merely by accepting that name from the person asserting their own name. And in such cases, it often doesn't matter what the actual name is - the (consistent) behavior of the entity claiming that name is more important in determining trust than the name itself. Regards, - John

Nick

- John

https://twitter.com/frumioj

____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.net

For all list information and functions, see: http://lists.idcommons.net/lists/info/community

Hear hear. On 4 August 2011 01:26, Nicholas Crown wrote:

Yes! Context is key.

In the case of Google+ or any social network whose stated or otherwise implied goal is to foster online relationships, anonymity or falsifying one's identity to project an alter ego is, in my opinion, counterproductive. Yes, the service provider also has commercial interest in pursuing this goal, but I can't blame them for that. After all, that is why they exist. We are just as much to blame for sharing our data under their TOS, then they are for exploiting us. It doesn't make it right, but it is our reality given the current legal and social environment our privileged lives have afforded us.

In the end, if I were to meet you on the street and we were to strike up a conversation, during which I introduced myself to you, what name would you use to reciprocate? If you told me your name was "Security Man", I would take pause. Now, if you told your name was Bob Smith, but you also go by the nickname of "Security Man", then all is good. I know this is a simple example, but it gets at the heart of why this is important to me. I cannot (or would prefer not to) have a relationship, online or offline, with someone who is not honest about themselves. As we all know, relationships require trust. Now, I know you could argue that you can trust someone without knowing their real name, but for me (call me old fashioned), this is foundational. Even if you begin a relationship without revealing your identity (real name is a proxy), if that relationship progresses or increases in value, eventually you will share your true identity. Or, it will be revealed indirectly through the fingerprint of your interaction with the other person.

I guess I'm in the minority on this, and that's OK. All of us are coming to this topic with varying worldviews that underpin our interpretation of reality, so no surprise there.

I do appreciate the respectful and thought provoking conversation from this group. I can't stop thinking about this topic now…

Nick

On Tue, Aug 2, 2011 at 4:25 PM, Joni Brennan wrote:

...

"Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need? "

I was thinking about this more over lunch and you hit the point I was thinking of Phil... The key to it all = context

Some times real names are needed (surely for Levels 3+4) not really for 1 and level 2 is a bit fuzzy re to be real or not to be real. Rather to be legal or not to be legal?

Funny part is that "Identity Woman" was disabled because those are words and not thought of as names. Kaliya could have called herself Ramona Peterson (made up) and google+ would not have blinked at it because it "sounds like" a real name where "Identity Woman" does not.

Real names, anonymity, privacy... all matter differently based upon the context they are used.

=Joni

On Tue, Aug 2, 2011 at 1:12 PM, Phil Hunt wrote:

...

I think the case of Google+ demonstrates the need for selective disclosure capability in multi-property / multi-community services and especially in federated scenarios.

Google acting as the IDP for Google properties is using profiles in a generic way for many services. So in one service it may be appropriate to have 'real name' or other sensitive attributes. But in another service, what is the need?

The fact that many multi-site service providers don't have selective disclosure is probably the largest reason many users are violating site policy and creating avatars/fake names in the first place!

Google is not unique here. This is a broadly adopted anti-pattern.

Phil

phil.hunt@yahoo.com

On 2011-08-02, at 11:15 AM, Nicholas Crown wrote:

And how does an anonymous online profile help the Ugandan facing a death penalty for homosexuality, or a person facing murder in the US for being gay? Was it a post on Facebook that tipped the scale for them?

The issue in Ugunda is one of an oppressive government regime. The people there do need to fight for their freedom, or flee. In the U.S. example, it's against the law to kill someone for their sexual orientation. Having a social networking site that supports pseudonym's would not have prevented the deranged person from taking another's life.

Nick

On Tue, Aug 2, 2011 at 12:09 PM, Blakley,Bob wrote:

...

Nicholas,

Translation of your question:

Why can't people with unpopular views just stand up in public and be killed for them, or stay in the closet?

It's great to stand up for what you believe in in a nice safe affluent white suburb where everything is theoretical. It's a lot different to come out of the closet in Uganda, where the government is trying to impose the death penalty for homosexuality.

And you don't have to go to Uganda; people are killed for being gay every year in most states of the USA.

And gay isn't the only thing that can get you killed – ask any Muslim you happen to meet.

-- bob

BOB BLAKLEY

Vice President & Distinguished Analyst, Gartner ITP Identity & Privacy

bob.blakley@gartner.com | +1 (512) 657-0768 http://www.gartner.com | http://blogs.gartner.com/bob-blakley/

From: Nicholas Crown Reply-To: Nicholas Crown Date: Mon, 1 Aug 2011 18:09:30 -0400 To: "community@lists.idcommons.net" , " community@kantarainitiative.org" Subject: Re: [community] Google+ "real" names and NSTIC

but that is a totally different problem then the one I am raising which is whether people with medical conditions they want to talk about with others and get support (share +1s) or a buddhist in Kansas (can share freely with other buddhists or seekers without their hyper conservative christian neighbors finding out) or having a feminist persona that is not linked to your work identity in the tech industry (and if it was you would find work had to come by in the valley) is free to use google+ not linked to a "real name".

Why can't people just be who they are and stand in their own shoes for what they believe in? Trying to be a buddhist behind closed doors in Kansas does no one any good. If you believe in feminist tenants, than stand up for those and speak your voice. I understand that persecution could come in any one of these cases, but that is the beauty of taking a stand on the truth. If your ideal is not worth sharing with your own ID, then it's not for you. About the only one that I struggle with is the case where you have some medical condition you would like to discuss in a private setting. Can that case not be solved with a private/closed group? If it's too sensitive for that, then take it offline.

Nick

On Mon, Aug 1, 2011 at 4:49 PM, Tony Rutkowski < trutkowski@netmagic.com> wrote:

...

"Rights to anonymity." Surely you are joking.

In law, there is no such network based right. In technology, there is no such capability.

Like Scott McNealy said rather publicly in 1995 - Privacy: get over it.

--tony

On 8/1/2011 5:38 PM, Stephen Wilson wrote:

...

(3) If you use crime prevention as the rationale for taking away users' rights to anonymity, then

______________________________**______________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.**idcommons.net

For all list information and functions, see: http://lists.idcommons.net/**lists/info/communityhttp://lists.idcommons.net/lists/info/community

------------------------------ This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner makes no warranty that this e-mail is error or virus free.

____________________________________________________________ You received this message as a subscriber on the list: community@lists.idcommons.net To be removed from the list, send any message to: community-unsubscribe@lists.idcommons.net

For all list information and functions, see: http://lists.idcommons.net/lists/info/community

_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community

_______________________________________________ Community mailing list Community@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/community

-- Employment-from-home. Make mine part-time. You've go a job for me working full-time from an office? No thanks. Clique Space(TM). Practical, Ubiquitous, Individual, and Real-time Security and Identity in Cyberspace. Research paper on Clique Space: http://ssrn.com/abstract=1714848 Owen's Garden of Thought: http://owenpaulthomas.blogspot.com/ Twitter: @CliqueSpace http://www.elance.com/CliqueSpacewww.cliquespace.net Skype: owen.paul.thomas Mobile: +61 401 493 433