Category Archives: identity

Feeding the Link Parasites is a Sin

Leave a reply

forest.jpg
Your invisible if your art doll site doesn’t have anybody linking to it!

I know! Let’s make some links! Hmm… blog comments?

We have a problem here. Blog comments are a platform for link parasites just as Microsoft Outlook as a platform for spammers.

That is a problem with the current architecture of the blogging universe.

By virtue of how search engines work web sites accumulate quality ratings from the incoming links they attract. Meanwhile they accumulate reputation by their content, and the out-bound links they create. That reputation gives weight to the links.

Designers should accept some responsibility for creating systems that nurture this. Their designs should help to create good links. At a minimum they should not encourage the creation of links by bad actors.

Good people making lots of good links is a public good. Delightfully it also benefits both the source and the destination of the link. It creates a tiny bit of reputation for the source and a tiny bit of quality rating for the destination.

What’s excellent about the blogging ecology is how it has helped to generate a huge increase in the number of the best kind of links. Links generated by good actors; links that raise the reputation of the source site and raise the quality ranking of the links destination.

Link parasites create links that aim to aid only one side of the link, and manufactured blog comment links tend to drag down the reputation of their hosting blog.

Hacking the search engines with manufactured links is nothing new. Political parities, activist groups, marketing firms, and artists all do it all the time both in the real and the virtual world.

Should one of these link hackers chooses to manufacture a thousand links from art doll blogs to my site, hence slandering my site as being a high quality art doll site, then there isn’t much I can do about that.

But I can complain to the art doll blog
owners, and in turn I can complain about the blog authoring tools that enabled it.

The blog comment mechanisms are a dish of agar for bad actors to manufacture bad links the same way that Microsoft’s mail programs. Just as Microsoft Outlook is a platform for mail virus the blog comment system is a platform for link parasites. That’s a sin!

The good news is that link parasites damage the reputation of the hosting site. Good news? Yes, because it creates an incentive to get the problem resolved. Bad links mislead the search engines. They make the comment pages almost impossible to assign a usable reputation to, and that bleds over to the rest of the site.

The site owner desires a means to protect his reputation and the search engine wants a hint how to treat the links it finds.

A simple solution is to mark the link using attributes in the link. “Please consider this link to be the responsibility of an unknown third party. Your’s sincerely: site owner”

A site authoring tool that fails to do this is doing a disservice both to the public good of the web and to the reputation of the site author. Bad tool!

It has long been a fantasy by hypertext geeks that links would have bundles of meta-data on them. Today you can annotate a link to indicate that following it will take you to the “next page” and most browsers have a keystroke equivalent that will follow that link. This is rarely used for the usual reasons a standard fails to get adopted, i.e. the chicken and egg problem. Chicken: why learn the next-page keystroke if nobody annotates their pages. Egg: why bother to annotate if nobody knows the keystroke.

It seems hopeful that both the search engine and the blog authoring tool have their incentives line up. If they both adopt the standard then the link parasites will have to find someplace else to play their games.

Additionally it appears that we have some hope that mechanism to help is already there, say by adding something like author=”unknown-3rd-party” to the links in comments.

I think it’s neat that while historically putting meta-data onto links hasn’t created much return on the investment in this situation the benefit flows right back to the site author. Now he can defend his reputation and the authoring tools gets to avoid being bad.

If this was a discussion at an international industrial standards body then we would call this annotation a ‘pedigree’ and we would want to use something like SAML to create the assertion. That starts to drag us into the whole identity rat hole, among others.

So while we wait for those guys to get back from their meetings maybe we could just start putting author=”unknown” into blog comment links. If a handful of the big blogging tools and one or two of the search engine leaders indicated that they would get with the program the problem would be solved.

This problem goes by many names in the real world: astroturf, whisper campaign, etc. and you can hire firms to dis-intermediate the bad acting for you. Of course for others it’s just called mobilizing your base.

So! Anybody who’s got this far I want to encourage you to link to this art doll site. It will accrue to your reputation, I’m sure!

identity

Leave a reply

sam.jpegLike many people in the web world I spend some portion of my time puzzling about identity. It seems to me there are a number of issues that are getting lost in the discussion.

For example: we spend a lot of time talking about single-sign-on, but sign-on does not exist in a vacuum. The parties (often quite a few) that adopt various roles in the sign on ritual are entangled in more durable relationships. We have lots of words for this. “Account” for example, but there are lots: marriage, profession, citizenship. The discussions on identity would be well served if people focused more on these relationships.

The discussion would be quite different if we the topic was single-relationship rather than single-sign-on.

In stark terms relationships are about roles. The language is rich in terms for blocking out these pairs: husband/wife, boss/employee, brother/sibling, friend/friend, client/server, buyer/seller. Much of the discussion about identity systems is about intermediating who will be allowed to adopt the rights and privileges of one of these given role. Most of the discussions of identity systems glosses over that both parties must be first class citizens in the discussion. For example that privacy is not just a concern of customers, but also a concern of firms.

The discussion would be quite different if we were discussing firm-privacy rather than customer-privacy.

While many relationships are colored by a dominate/subordinate dialectic modern relationships are significantly more respectful and so to speak peer to peer. The discussion would be quite different if we were focused on that trade-off.

It is traditional to point out that status is associated with the assumption of roles. People figure out who you are by what roles you occupy. All those role names: father, client, seller, sibling, employee are examples. So are all the various professionally certified roles like: Dr, PHD, high school grad, convicted felon. In traditional societies, almost by definition, labels are more highly durable than in modern society where you might be a car salesman one month and a high school teacher the next. American have a story we tell our selves about treating these labels lightly. Economists have a name for this, labor flexibity.

One way to improve our discussions of identity is to draw in the issues of how dynamic and pliable the roles are. That is, of course, deeply connected to issues of how sticky the business models are.

Assuming a role is rarely simple. You don’t get to lead unless others follow; in fact you can’t even follow if you can’t find somebody willing to lead. This creates plenty of ambiguity. One might say: “Yeah, let’s go out to lunch.” as a tentative ambiguous attempt to to capture, at least temporarily, the role of leader. Most relationships and most roles are extremely tentative, implicitly, and pliable. That flexible implicit nature creates freedom for the participants. A flexibility at a very small scale that is directly analogous to the American economy’s flexible labor pool on the large scale.

To me though the important thing about the nature of the flexibility is that the roles are always caught up in a fog of implicit vs explicit facts. If we tentatively allow somebody to adopt the role of leader for a period, and if we leave that implicit then that reduces assorted risks. The risk to him of being embarrassed when we tear down that role, for example. The risk to those who follow him: of the shame of disloyalty when we stop following. An highly implicit role assignment reduces the costs of backing it out when we will discover that he’s not effective. Overall the risk to the enclosing institution when it needs to flexibly re-balance who’s leading what where. Of course leaving implicit is likely to be less efficient than tightening up a clear hierarchy. Leaving things implicit is likely to have higher coordination costs.

Yet again, the discussion of identity systems would be different if it were framed in terms of how can we manage the balance between the implicit and the explicit in our many relationships. Remaining blind to how critical the implicit is in most relationships does huge damage to most discussions about the “identity problem”. Very few identity systems designs put any design effort toward this problem.

Few, if any of these relationships exist in a vacuum. For example my employee/employee relationship is a nest of Russian dolls with one relationship with my boss that has some implicit/explicit stuff going on, that nests inside one with my business, my firm, the legal institutions of various political states, and finally those of the culture. Russian dolls doesn’t begin to do it justice. There are overlapping sets: my profession, industry, local-economy, family traditions, … For example the role of self-employeed, entrepeuer, academic, politian, and many others tends to run in families. Presumably the craft knowledge and social capital get’s passed down.

That these standards or institutions intermediate all relationships and roles makes the whole system significantly richer. The identity standards movement is both focused only on the explicit, but also is naive in failing to grasp that it competes with and threats to displace these existing standards and institutions.

All in all it’s a messy problem and teasing out a solution will take time. It is becoming more common for people in the identity discussion to talk about data as a driver of value. That if we can achieve some standardization (i.e. overcome the social engineering problems outlined above) then we can capture some of the efficencies that letting data move about that is currently hard to get at.

For example I recently refinanced my home. This tedious task requires providing the lender with access to selected data from a dozen different roles I occupy: my citizenship/taxes, my wealth/bank, my income/employeer, etc. etc). In the fantasy world of the future, when the identity problem has been resolved, I will be able to do all that revealing with “the touch of a button”.

Hopefully the preceeding begins to help the reader see why the privacy problem is so subtle. When people talk about privacy they are talking about all the above. Privacy informs the single parties and the single relationship. My bank and I for example our private data. The relationship is not an open-book. I don’t tell my bank that I think their new branch office is lame. They don’t tell me that they think I’m a grade AA customer because my overdraft habits makes me highly profitable. Privacy also means that something about how data is allowed to flow, or leak, from one relationship to another. My bank tells a very selected amount of information to the governments I pay taxes too and to various associated industries (i.e. the credit rating firms).

More interesting, at least to me, is that privacy is also about the implicit/explicit nature of roles. That keeping information implicit is a form of privacy. That even when you make something explicit with a given relationship that keeping it private to that relationship is a key bit of privacy that allows it to be renegotiated over time. That privacy is intimately entangled with the flexiblity to adapt, and that flexiblity and locality helps to temper the loss of efficency that implicit suffers compaired to explicit.

To summarize there are a few aspects of the idenity problem that I think deserve a louder voice in the discussion:

  • relationships
  • roles
  • standards and institutions of various kinds of roles and relationships
  • the value the implicit vs explicit
  • flexiblity vs efficency of relationships
  • the different kinds of privacy
  • overlapping of institutional frames, vs their nesting hierarchy
  • the tension or competition between various institutions and standards

One single relationship? I doubt it.

Landlord of Blogdom

Leave a reply

Tim Oren’s blog is rising fast in my news reader, where I keep the blogs sorted in a rough rank order.

I highly recomend his recent essay No eBay of Blogs with which I largely agree.

But, on the otherhand… I think many people are missing out on how strong the synergies are between the client and the server in blogdom. That comments, trackbacks, identity, reputation, and moderating will all strengthen that entanglement. If that grows stronger it will be harder and harder to avoid a potent network effect emerging – one that appears to me to be much stronger to me than the document exchange network effect that makes the Microsoft Office so strong a monopoly. If you owned that, you’d get the hub, you’d be the eBay, you’d be the landlord. An embrace and extend strategy looks quite plausible here.

I don’t know if that’s any different an insight than saying the same thing about the client/server synergies around HTTP. Nobody grabbed that hub. Many tried though. The build out was so extremely fast, making hubs easier to grab since that reenforces the power-law. But the early winners were open, so at least the server side has managed to remain reasonably open. The client side remains in contest, but some poeple think the good fairy Ms. Open is starting to gain the upper hand there too.

One reason the landlord of HTTP was hard to grab is that powerlaws are more likely to emerge when new entrants lack the knowledge to make informed choices so they just pick the market leader. In the HTTP case folks installing servers tended to be highly knowledgable about the lock-in risk and hence valued open. I mention this because I don’t think that’s true about the majority of folks that will be adopting a blogging solution. If the client and server become one, as I suspect is likely, then that will further reenforce the emergance of a landlord of blogdom.

War in my Wallet

1 Reply

In my wallet right now there is a little war going on. Representatives of various armies are fighting it out. Let me introduce them.

I have two kinds of Government currencies.

There is a nice 10 thousand yen note in there left over from a trip to Japan I took almost a year ago. I was forced to use Japanese currency when in Japan. They don’t use credit cards or checks much – in fact you could always tell that a restaurant was going to be amazingly expensive if they displayed the ‘flag’ of visa/master-card on their threshold.

There is some US legal tender – “This note is legal tender for all debts, public
and private”. It says “In God we trust” while Japanese note has a picture of the emperor on it and I’ve no idea what it says.

I have some private currency.

There’s a gift certificate from a huge bookstore in a distant part of town. It’s worth $10.33 cents.

I have a gift card that came via a rebate from the purchase of a cell phone.

I have quite a few forms of plastic based currency.

There is a credit card provided by my company that I’m coerced into using when I travel. That let’s them capture a number of benefits. They get the discount points on the transactions. The card allows them to prevent me from shopping in certain venues. It lowers their book keeping costs.

There is a credit card from from a small bank in the Midwest. I’m convinced to use this card because I’m bribed with a 1% cash back program. It’s very complex. I have to accumulate points, and then once over a certain threshold I get 1% back. If I remember to request it. Of course I run the risk they will change the terms or go out of business before I get my money back. They already changed the terms once, I used to get 2% back.

There is a credit card co-marketed by a major credit card processing bank and Beans. I was convinced to get that because it came with 2% cash back. They changed that to half a percent after six months. I’d get rid of it but the news paper subscription is tied to it.

There is a bank card. I had to ask them to send me one that didn’t have a debit card tied to the bank card. I sometimes use this card to buy groceries. They let me have cash back.

Then I have a bunch of cards that let me do transactions at semi-private clubs. All the places I can say one way or another “put it on my account”.

I have my health insurance ‘club’ card.

I have the health insurance ‘club’ card of my previous employer, since showing it gets me certain discounts.

I have my library ‘club’ card. It’s interesting because it gets me into two library networks and a few hundred individual libraries. They have linked all those accounts together.

I have the card that denotes my membership in the car driving club, aka my driver’s license. I need that to be allowed to take cars onto the highways. These days it’s the only card that let’s me fly on commercial airplanes. The phone company also demanded it when I got a cell phone.

I have three cards for gaining access to my job. One gets me onto the landlord’s premises. One let’s me get into various properties around the country my employer does business in. One let’s me get into the garage at work.

I have a card that let’s me enter the building were my son goes on Saturday mornings.

Then there are my charity club memberships, but I don’t carry those; except my ACLU membership card.

My absolutely favorite club card is the one that let’s me enter the Library of Congress.

All these things are there to let me do transactions. All of these are forms of currency, currency substitutes, or representatives of account relationships.

Currency has lots of network effects. Transactions are simpler if the parties have a currency they both agree to accept. Transactions are simpler if each party doesn’t have to include a phase in where they negotiate the means of payment. For example merchants are required by the credit card companies not to offer a discount for cash, but most will if you can deal with somebody in authority. Transactions are cheaper if we all don’t have to run different balance sheets for each kind of currency and then try to reconcile them once a month.

All these are competing forms of money are all trying to balance out transaction costs, bookkeeping costs, relationship stability, loyalties, trust, etc. etc.

Some are just trying to get a share of that market so they can take a bit of each transaction.

I was fascinated to learn recently that the reason that checks are used in the US more than many other nations is because the cost of check clearing is (or at least was) paid for by the Federal Reserve.

For example when you buy something on a credit card the card companies charge the merchants a fee. 1.5 to 6%. The print out from my taxes reports that my Federal tax rate was 17% this year (which doesn’t include the social security), presumably part of that goes to overhead to run the currency, banking, and check-clearing operations.

Maybe someday the Fed will be able to deploy a plastic currency that competes with current plastic currency. That certainly would disrupt a lot of people’s apple carts. It certainly could create some very substantial efficiencies in the economy.

On the other hand, right now my wallet is getting pretty crowded. The Fed might create single card that enables hundreds or thousands of virtual cards to be packed into my wallet. That could enable all kinds of confusion!

Social Security Blocks

Leave a reply

I spend some amount of my time working on the problem of identity systems for the Internet. It is a complex problem with Citizens, and Firms, and Goverments, and Non-profits, and Criminals, and Platform vendors, and Incompetent people all messing about.

All those parties are attempting to find solutions in the face of very powerful forces. Forces making storage, computing, and communication rush toward vanishingly cheap. Forces that are dragging more an more info about your personal, employement, financial, travel, etc. etc. life out onto the web – in a rush to make things more efficent for you and the organizations you interact with.

Bad guys can do bad things with that data, and it’s getting easier and easier for them to search it out. Most systems protect the data by demanding that you provide a little info about yourself to prove to them your who you claim to be (or at least somebody who knows you well). For example they might ask for your birthday or your social security number, maybe your place of birth. It’s just random personal stuff and as privacy breaks down that stuff becomes easier for a bad guy to figure out.

For example the University of Texas had a web site which let you get access to your info by providing a little info – in this case your social security number. Well that was a mistake. A bad guy proceeded to try one number at a time. Searching the entire space of social security numbers? With 9 digits in the social security number that’s a billion tests – a pretty big number even today for trying one at a time over the web.

Lucky bad guy! Turns out the social security numbers handed out in one geographic region come from the same block of numbers. So he focused his attention on the Texas blocks.

A sad irony that “social security” is creating one of the more common ways to create insecurity for people’s identity.

This is a hard problem. It’s going to be very hard to fix!

Credit Criminals

Leave a reply

The recent news stories, reporting the arrest of some crooks who apparently stole the identities of tens of thousands of people, pull my cord. There are three aspects to this story I feel are not getting sufficiently reported.

First. The victims have no effect way to recover their lives.  Once your identity is stolen repairing it is nearly impossible. This is a horrific breakdown that is entirely the fault of the financial industry and it’s partners in state and federal goverments responsible for regulating the industry.

Second. Consider a principle of property law. A property owner need not take particular care to protect trespassers from injury on his property, but the so called “attractive nuisance doctrine” is the exception. If the property “invites” the trespasser by virtue of its attractive nature then the owner become libel. Children (and the stupid) are the part of the public the law is attempting to protect with this doctrine. This is why we put fences around swimming pools and why we don’t leave guns in the bed side table.  It would be a crime not to.

Most of the reports about this crime point the finger of blame at the crooks. I think if you: pour gasoline all over a room, leave matches on the table, and then let a few million people wander thru.  I find it very hard to argue that the idiot who lights the match for the resulting fire.

Third. $60.00 each. That’s all the crooks got when they sold each person’s identity. That’s it. That’s all your identity is worth in the open market.

The crime here was a failure to regulate this industry. A failure to work with the financial industry to keep a lid on this mess. A nearly total lack of effort to temper the misery it inflicts on innocent people.