[Dave Birch] We've been talking about real names and real faces and such like for a while. But it looks like there's an even bigger problem lurking out there on the interweb frontier, and it's one that I've been interested in for a long time.
a study by Steven Gianvecchio at Mitre Corporation, a non-profit technology consultancy in Mclean, Virginia, found that up to 85 per cent of participants in Yahoo chatrooms were bots, as were 15 per cent of Twitter users (IEEE/ACM Transactions on Networking, vol 19, p 1557).
Never mind no-one knowing whether you are a dog or not, no-one knows whether you're even real or not. In fact, we might push a little harder and ask whether it even matters whether you are real or not! Actually, that does matter to a lot of people…
In a recent post on its company page, Limited Run—a New York company that offers website solutions to artists and musicians—claimed 80% of the clicks from its Facebook ads were from bots.
So it's not an academic question. Knowing whether you are dealing with a real person or not is of tremendous importance (in a way that knowing who you are dealing with is not) and we don't seem to have got much further than those stupid, annoying boxes where you have to type in some words that you can't really see properly. Perhaps we should adopt more direct methods.
Erwin Van Lun, founder of Chatbots.org, favours a more drastic approach. He says rather than creating tools to detect bots, it should be humans who have to prove their identities to use the internet.
Erwin is wrong in the general case — no-one should have to prove anything in order to use the Internet — but right in the particular case. It is entirely reasonable that I should be able, for example, to prevent someone registering for commenting on my blog unless they prove that they are human first (almost all of the registrations on my personal blog appear to be bots). But as I noted above, proving you are human is not the same thing as proving who you are, which is why I confidently predicted some time ago that…
Surely one of the most important attributes that OpenID could share is "is_a_real_person" or something similar.
Once again, this is emphatically not the same thing as saying that people should have to prove who they are to get online and we should not allow the perfectly reasonable need to keep bots out of some areas to send us down a dangerous path.
"Governments are responsible for citizens and issue them passports to travel the world. They should also say, 'We are responsible for your behaviour on the internet, so we will issue you an internet passport'," he says. "That's where it's heading."
Well, I hope that's not where it's heading as that would be a disaster. If you have to have a Syrian government internet passport to get on the web, I shouldn't imagine that that passport would remain valid for too long after you'd visited www.assadout.com or whatever. An internet passport should be something different: whereas a mundane passport is valuable because it proves who you are, an internet passport should be valuable precisely because it doesn't. Perhaps we should reset our mental model of passports for the online world. In the olden days, a passport was something that you got from the place you were going to, not the place you were coming from. It allowed a traveller to enter via a city gate ("porte").
In medieval Europe, such documents were issued to travellers by local authorities, and generally contained a list of towns and cities into which a document holder was permitted to pass. On the whole, documents were not required for travel to sea ports, which were considered open trading points, but documents were required to travel inland from sea ports.
So, in order to enter the city of Facebook, I should get a Facebook passport. Not a password, note, but a passport. Passwords are a disaster (I will blog more about this shortly). Passports are different because, in my strange world, passports must be based on tamper-resistant hardware and be capable of authenticating their carrier. In order to get a Facebook passport, all I should need to do is prove that I am over 13 and I can do that with a blinded certificate (making it impossible for Facebook to collude with anyone to uncover any of my personal details that I don't want to reveal) given to me by, say, my school. Perhaps other web sites will accept my Facebook passport, or maybe they will want me to get one of their passports. In order to get into my UK bank account I should have to have a UK financial services passport. If I want to play World of Warcraft, then I should get a World of Warcraft passport.
Now, having one passport seems easier. And so it is in the realm of mundane travel. You can imagine what a hassle it would be to have to have hundreds of passports for visiting different cities around the world. But in the virtual world this is nothing. My phone could easily store hundreds of passports. And, actually, I'm sure it will.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers