
A Proposal to Fix Online Identity - llambda
http://www.readwriteweb.com/archives/a_proposal_to_fix_online_identity.php?_utm_source=null
======
jfarmer
Why do people think online identity is broken? Better yet, why do people even
think this is a "problem" at all?

~~~
droithomme
Well in some cases oppressive governments and corporate controlled governments
aren't able to track and validate the origin of all net activity. So in that
sense it's broken. The trick is how to package fixing this in a way that the
public will support?

~~~
mjwalshe
Normally "protecting children" comes into it some where :-(

------
cheald
Edit: I've PGP-signed this comment to prove my point. Here's my public key:
<https://gist.github.com/1803486>

You can verify the signature of this message, and know for certain that the
person who controls the "cheald" github account rubberstamped the contents of
this message as originating from him. Neither GitHub nor Hacker News controls
that identity; they are simply conduits to convey the identity link. Of
course, you can still take this comment, strip the signature, and repost it,
thereby denying GitHub user cheald credit for the message.

    
    
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1
    

This is the same ReadWriteWeb writer who got his panties in a twist that
someone took parts of a story he wrote, pasted it on Google+ without
attribution, and then ranked higher in Google for the headline [1][2].

Despite the grandiose pontificating about how we should own our identities (a
sentiment I agree with, FWIW), I'm pretty sure that Jon's entire impetus
behind this idea is this snippet:

> Identity on the Internet should be embedded by the user like a fingerprint.
> It should be written into the digital material we make using hardware we
> have authorized...We want this because it would simplify problems of
> attribution and copyright on the Web. If we didn't sign something we
> created, it would default to the other ways we deal with unsigned content.
> But content that is signed would have an unmistakable origin.

Jon's butthurt that people can copy his bytes, post them somewhere else, and
he doesn't get credit for them. That's understandable - content creators
should be credited for their creations, after all - but what Jon's talking
about -whether he realizes it or not - is DRM for textual web content. Pardon
me while I laugh my ass off.

The problem is inherently unsolvable. Textual content as it works on the web
is literally impossible to protect from copying without attribution without
gutting and redesigning the entire internet from the ground up.

If you want to tell other people that something you wrote is indeed from you,
sign it with your private key and publish your public key for verification.
Create as many keys ("identity facets") as you want. Associate any given key
with any given online persona you want. Boom, problem solved with technology
that we've had for the last 36 years. Verification of identity is _not a
difficult problem_ anymore, chain-of-trust issues notwithstanding.

But it doesn't solve the problem that Jon wants solved, which is that I can
still take his content, strip the signature, and repost it, and nobody will be
able to recognize that that content is his. Just as in the Real World, I can
hear someone tell a joke, and then turn around and tell the joke over dinner
without attribution to the original author, I can copy a string of bytes on
the internet and republish them as my own without including a link back to the
author. That's simply the nature of information flow.

The problem is unsolvable, and down the path of trying to solve it lies DRM
madness. It's a Bad Idea, and it's a little dismaying that a technology writer
would even suggest it to begin with.

[1]
[http://www.readwriteweb.com/archives/google_is_going_to_mess...](http://www.readwriteweb.com/archives/google_is_going_to_mess_up_the_internet.php)

[2] <https://news.ycombinator.com/item?id=3424457>

    
    
        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v1.4.11 (GNU/Linux)
    
        iQEcBAEBAgAGBQJPNrVLAAoJENc6Nkx25axIAaAH/RbzNSqtqYQXeTtTdm2FDc2T
        sIXMOicqP1IL/Ge/FITiKZ4xEh3JhcFTCEApgqSwBCdPEUXxqR2ibM9v/K5T7Y3C
        N/3IgZnM0t7Sx5o5XEfrQVsuWsjZZo6gk3Ki/u8JliaZl670Ouo8a2NEMi+1hQVJ
        tnu2y+CUB4bQhSgg6hGoLdkfs+iC0/RBZwrb8LLac4/25I3nOXqLaZKBcUnoqwUR
        WOFy6+M56nQ4dHIpPflvdEn0J8RO//pE30iqeg9OHOo0L+WoYYHTI+uXrBidBEFI
        RzDYaTxSC2o4f4QkF778pMR4wwsuySrUHViheG/uwt2woh9n2obXaMc8iwyLRvA=
        =mL7+
    
        -----END PGP SIGNATURE-----

~~~
mjwalshe
Has he or R/W web not tried the Google author tags?

------
mjwalshe
Actually i think having online identity's being flexible is good thing what we
don't need is some 1984 enabling tech.

