Tuesday, March 27, 2007

pen names and blogging

A blogger receives death threats. Those threats cause her to cancel speaking engagements and to barricade herself in her house. The incident is causing quite a stir across the blogosphere, with people leaping into the discussion on all sides.

First of all, s0 that there is no ambiguity, I think some--maybe even many--of the comments people posted about Kathy Sierra crossed the line. Two lines, in fact. The first was when they went from criticism to ad hominem attacks. That's the line that separates useful discussion from useless noise. The second was when they went from insults to threats and intimidation. That's the line that can, and ought to, put you in jail.

But one post that I thought raised some difficult issues is Brad Feld's, entitled Anonymous Bullies, in which he writes this:

Until recently I didn’t think much about the difference between an anonymous comment and one where the person identified themselves. I’ve been spending a lot of time recently thinking about reputation and trust, especially given the geometric growth in user-generated content.

Kathy’s story sealed it for me – reputation and trust are at a tipping point and are an issue that is going to have to be dealt with in 2007.
As someone who writes under a pen name ("pseudanonymously," in the security jargon), reputation is an issue that strikes home with me.

Pseudonyms serve a valuable function. I chose to write under a pen name for a number of reasons, including privacy considerations, the fact that this blog is an experiment, and that it allows my online persona to differ from my real life one. I agree that reputation is an important check on conduct within the blogosphere, so I use this name consistently.

There are some problems, though. Some of them technical. For example, if you look around the Internet, you'll see comments labeled "False Data" with a link back to this site. Because the software and protocols aren't there, though, there's no way to know whether or not it was me who posted those comments. However, this exact same problem would occur no matter what name I used. For example, if you saw a comment from someone named "Brad Feld" which didn't appear on the Feld Thoughts blog, it would be hard to be confident that the person who wrote it was, in fact, Brad Feld.

We can solve half this problem pretty easily. I could, for instance, put a copy of every comment on this blog. Then you could check the comment on someone else's blog against the copy on mine and be fairly confident I wrote it.

But the other half of the problem is harder: suppose I decided to take a swipe at someone but I wanted to be able to deny it. I might post a comment on their blog but not put a copy on my blog and then claim it was someone else who wrote the comment. There are ways of solving this part of the problem, too. For instance, your software, which shows you the comments, could automatically check each comment it shows you to see if a copy appears on the blog of whoever claimed to write it and mark a red X through any comment that doesn't have a copy on some blog somewhere. Then you might not trust the source of a comment that has a red X through it. (This isn't a complete design--there are ways to defeat it and ways to implement it more efficiently--but you get the idea of how it works.)

There is also software that claims to solve this problem, like the OpenID stuff LiveJournal uses, but it doesn't seem to be widely supported.

The idea here, and the problem we'll need to solve, is that, if you're going to rely on reputation, you need to have a way to be reasonably sure you're holding the proper person in (dis)repute.

No comments: