Tag Archive for 'identity'

Another scandal about data breaches shows the unrealised potential of the Internet as a network

The headlines today show a data breach of the Gawker media group.

Separately, I today received an email from a web service that I once signed up to but don’t use. The notice says my data has been compromised.

Deviant Art community breach

In this case, a partner of deviantART.COM had been shared information of users and it was compromised. Thankfully, I used one of my disposable email addresses so I will not be affected by the spammers. (I create unique email addresses for sites I don’t know or trust, so that I can shut them off if need be.)

But this once again raises the question: why did this happen? Or rather, how did we let this happen?

Delegated authentication and identity management
What was interesting about the Gawker incident was this comment that “if you logged in via Facebook Connect, in which case you’ll be safe.”

Why safe? For the simple reason that when you connect with Facebook Connect, your password details are not exchanged and used as a login. Instead, Facebook will authenticate you and notify the site of your identity. This is the basis of the OpenID innovation, and related to what I said nearly two years ago that it’s time to criminalise the password anti-pattern. You trust one company to store your identity, and you reuse your identity in other companies who provide value if they have access to your identity.

It’s scandals like this remind us for the need of data interoperability and building out the information value chain. I should be able to store certain data with certain companies; have certain companies access certains types of my data; and have the ability to control the usage of my data should I decide so. Gawker and deviantART don’t need my email: they need the ability to communicate with me. They are media companies wanting to market themselves, not technology companies that can innovate on how they protect my data. And they are especially not entitled for some things, like “sharing” data with a partner who I don’t know or can trust, and that subsequently puts me at risk.

Facebook connect is not perfect. But it’s a step in the right direction and we need to propel the thinking of OpenID and its cousin oAuth. That’s it, simple. (At least, until the next scandal.)

An invention that could transform online privacy and media

The University of Washington announced today of an invention that allows digital information to expire and “self-destruct”. After a set time period, electronic communications such as e-mail, Facebook posts, word documents, and chat messages would automatically be deleted and becoming irretrievable. Not even the sender will be able the retrieve them, and any copy of the message (like backup tapes) will also have the information unavilable.

GmailEncapsulated

Vanish is designed to give people control over the lifetime of personal data stored on the web or in the cloud. All copies of Vanish encrypted data — even archived or cached copies — will become permanently unreadable at a specific time, without any action on the part of a person, third party or centralised service.

As the New York Times notes, the technology of being able to destruct digital data is nothing new. However this particular implementation uses a novel way that combines a time limit and more uniquely, peer-to-peer file sharing that degrades a “key” over time. Its been made available as open source on the Mozilla Firefox browser. Details of the technical implementation can be found on the team’s press release, which includes a demo video.

FacebookEncapsulated

Implications
Advances like this could have a huge impact on the world, from controlling unauthorised assess to information to reinforcing content-creators copyright. Scenario’s where this technology could benefit

  • Content. As I’ve argued in the past, news derives its value from how quickly it can be accessed. However, legacy news items can also have value as an archive. By controlling the distribution of unique content like news, publishers have a way of controlling usage of their product – so that they can subsequently monetise the news if used for a different purpose (ie, companies researching the past for information as opposed to being informed by the latest news for day to day decision making)
  • Identity. Over at the DataPortability Project, we are in the finishing touches of creating our conceptial overview for a standard set of EULA and ToS that companies can adopt. This means, having companies respect your rights to your personal information in a standardised way – think how the Creative Commons has done for your content creations. An important conceptual decision we made, is that a person should have the right to delete their personal information and content – as true portability of your data is more than just reusing it in a different content. Technologies like this allow consumers to control their personal information, despite the fact they may not have possession, as their data resides in the cloud.
  • Security. Communications between people is so that we can inform each other in the ‘now’. This new world with the Internet capturing all of our conversations (such as chat logs and emails threads) is having us lose control of our privacy. The ability to have chat transcripts and email discussions automatically expire is a big step forward. Better still, if a company’s internal documents are leaked (as was the case with Twitter recently), it can rely on more avenues to limit damage beyond using the court system that would issue injunctions.

GoogleDocsEncapsulated

There’s a lot more work to be performed on technologies like this. Implementation issues aside, the inline encryption of the information doesn’t make this look sexy. But with a few user interface tweaks, it gives us a strong insight into real solutions for present day problems with the digital age. Even if we simply get companies like Facebook, Google, Microsoft ad Yahoo to agree on a common standard, it will transform the online world dramatically.

The artist formally known as liako

Yesterday I switched over my blog to a new domain name: previously Liako.Biz, it now resides as a sub-directory off a domain with my real name (http://eliasbizannes.com/blog). Further more, I renamed myself on the primary micro-blogging tool I use (Twitter) from @liako to @eliasbiz. For most, you wouldn’t see why that matters so much – but for those knee deep in social media, you’ll understand how much of a big deal it can be. In the course of my decision, I realised a few things, so I thought I’d share it here.

Your brand – it matters
I created Liako.Biz in 2005 to document my travels. Although I was partly doing it to explore blogging as a concept, I never realised that my future would be in technology. A year after my trip, I relaunched my blog with a focus on issues I came across in the information and technology sector. The name “Liako” – which is a nickname for “Elias” in Greece and used by my brother and an ex-girlfriend – extended across the web as my online identity. With all these sites I would sign up to, I didn’t think much of it. Turns out those sites now matter.

Due to my work in the DataPortability Project, the concept of online identity has always been on my mind, so perhaps I am a bit more involved in such thinking than most people and hence why I think it’s a bigger deal. More recently however, I noticed Chris Messina have to go through this thought process as he renamed his Twitter profile. Rebranding yourself is a big deal, that I can understand why Messina hasn’t got around to rebranding his blog. It sounds ridiculous doesn’t it – changing your name on a service is a big deal. The question I suppose is why is it so?

All these technology tools are enabling us to stay connected with other people. Twitter as a case in point: I was pulled into that two years ago after Marty Wells and Mick Liubinskas told me it was critical if you are involved in tech.

We are seeing now beyond the tech community but in our everyday life, our reputations grow and develop based on our online activities. As relationships form and develop through these online tools, an emotional connection is attached with the persona of the person they interact with. As soon as I announced a name change on Twitter, I immediately got a reaction from friends – it wasn’t just me, they literally felt like something had changed – validating the emotional connection people build with a brand.

Twitter _ @EliasBiz

Anyone that has a blog understands how hard it is to build up its credibility. You require hundreds of people to link to you, for your blog to even reach a credible level. So to create a new domain name, you effectively are throwing out all that brand value and starting again. It’s like throwing money away for no reason.

Why it matters
Chris Saad and Ben Metcalfe convinced me I needed to drop my liako brand and go with my real name. It’s just common sense to do that – as your profile in the industry grows, people need to know you by your real brand (your actual name), not some alias which in the flood of other aliases makes it even harder for people to remember and distinguish you.

Twitter as a case in point (again), to get value from the service, you should follow people you don’t already know -which is how I know the people pictured below. These people created their own brand which is fine, but it’s lost opportunity – as far as I am concerned, they are two separate people and unless I know them well I may not join the dots.

Twitter _ Home

Our online identities are no longer a play thing: they’re now an intrinsic dimension to our overall identity. Identity is a crucial thing that we need to protect: it can affect our emotional health due to the standing we have in a community – and it can also affect our financial security due to people compromising it. It permeates our life in more ways than one.

Working in the Internet industry, I’m more acutely aware of the importance of my online identity as it directly relates to my career. But our lives are slowly being transformed by the Internet, and even if you don’t have a career touching technology, your online identity is increasingly going to become an important part of you.

Privacy
From a personal branding point of view, it’s obvious why you consolidate your names. You don’t need to necessarily pick your real name, but you need to stick with one name that makes you unique. If you don’t have a unique name, it makes more sense to pick a nickname. However, our actual names are the only brands that matter. We are not companies selling products; we are people selling ourselves.

But something that is worth considering are the privacy implications of using your real name on everything. A Google search for me will now bring up my real time thoughts on Twitter, which sometimes are about other people – not something I want happening in real time. Using multiple names actually can be a good thing, as I don’t want some girl I meet in a nightclub to be able to instantly track me down online (which has already happened – jut because I meet someone doesn’t mean I want to be permanently connected with them!). Separately, I’ve recently had some people harass me (non-stop communicating via multiple channels that I wasn’t responding to) and stalk me (turning up somewhere uninvited), and it’s frustrating to not be able to control the communication from them as you are everywhere and cannot really hide from them.

So why did I do it
Although I’ve developed some goodwill on the Liako brand over the years, I am aware my real break into the industry hasn’t happened yet. So better to start fresh now – and do it right. My future is in the industry, and as painful as it has been to change over – getting it right now will pay off later. I’ve grown accustomed to Liako (my real world friends call me that now!), but using a nickname is exactly that. It disappoints the creative inside of me, but when we are talking about our identity – unless you’re an entertainer seeking attention – it’s worth being boring about that.

Postscript:

      people that subscribe to my blog via feed readers shouldn’t be affected;
      all my posts have been fully ported here so nothing has been lost;
      legacy links will get automatically redirected to the equivalent new URL

Phishing for fraud on Facebook

Wow – now that was interesting. I’ve received spam messages through Facebook, but never this before. A friend who I’ve barely spoken to since 2003 (we used to work together) sent me a Facebook IM and we had a long discussion. She apparently needed me to urgently send her $600 as she was held up at gun point and lost everything.

You can read the below. As an epilogue, I wrote the below message to her as well as posting it on her wall. The wall post was deleted within minutes and I was removed as a friend, which confirmed my suspicions.

I am an experienced traveler so could sympathise with the situation but was fully aware of how con men operate as I’ve been done over before – and I could easily see someone falling for it. I’m sharing the below because this is only going to be more common in our society, as people sign into things like Facebook at internet cafes and don’t log out properly. Use the below as a guide if you ever get into this situation.

Remember that nothing is that urgent that it requires you to send a bank transfer from your online banking facility right now. Only ever send money via Western Union, which costs $70 but it’s quick, secure and truly global. I would know as well – I was in Peru with not even enough money to pay for my accommodation that night and barely for lunch. Western Union can deliver money to post offices, pharmacy’s as well as banks in minutes – they are literally everywhere – and they only provide the money (up to $1000) if there is a passport to validate. It’s a much better way to help out someone in need, as it eliminates the potential for fraud.

———————————

Rhiannon,

We’ve been chatting on Facebook chat. You’ve got $800, so that means you are not in an immediate emergency of not having somewhere to eat, drink and sleep. So you’ve got a few days leeway, that’s good.

But it’s easy to hack a persons facebook account, and I won’t know if it is genuinely you until I speak to you on the phone.

I will help but other than calling family, you need to consider
– talking to the consular which has a 24 hour hotline. You won’t get money but they will help you
– calling your credit card company. They will issue you emergency cash and an emergency credit card.

I am not going to transfer money from my bank account and will only do it with Western Union – as they can confirm your identity with a passport. I am also not going to wire the money over until you’ve exausted the other options I’ve listed above as I’ve done it in the past before and it reduces scope for potential fraud and burden on other people.

I’m sorry if this is genuinely you reaching out, but I am advanced with my knowledge about internet security, and this could very typically be an example of some prick taking advantage of your account which you forgot to sign out from in an Internet cafe which quite frankly I am highly suspicious of because there is evidence to support that.

I am sending this message because you will get it through your e-mail account which is seperately secured. I am also posting on your wall so your other friends can see what we discussed. Hopefully you won’t delete it, because that will prove this is a phishing scam and I will monitor so as to inform Facebook what’s happening to prevent any fraud from happening.

———————————

8:38pm Rhiannon
Hi

8:38pm Elias
Hi!

8:39pm Rhiannon
I am stranded in london and i need your help

8:39pm Elias
ok, what can I do?

(and happy birthday :))

8:40pm Rhiannon
i was mugged at a gun point in Kentish town, it was a brutal experience, all cash i had on me were stolen and my credit card was collected too now i’m left with no money here. I need you to loan me some money to get a plane ticket

yea thanks

8:42pm Elias
How do I know this is Rhiannon?

It’s happened to me before and it sucks, so appreciate it if this is not a joke

8:43pm Rhiannon
what

Elias i would never you stranded in another country if you really needed my help

I am still in shock right now and i’ll apprecaite it if you can help me out

8:44pm Elias
call me on

or give me a number I can call you

8:45pm Elias
if you had a credit card, you are in luck because you can get emergency cash

8:45pm Rhiannon
i can’t make any calls right now

my phone was also stolen

8:46pm Elias
well give me a number to call you

8:46pm Rhiannon
I have been able to raise over $800 but i need $650 more to get the plane ticket back home,so please can you loan me some money till i get back home? i will pay you back as soon as i’m home..

8:47pm Elias
do you have your passport? and who is your credit card with?

8:50pm Rhiannon
yes i still have my passport but my creditcard was also stolen as well

8:50pm Elias
I understand that, but you can get $500 in emergency cash straight away and an amergecy card sent to you within 48 hours

8:50pm Rhiannon
I need you to loan me $650 to get the hell out of here

8:52pm Elias
ok, you are asking me to give you money despite me not speaking to you for over 4 years. but you are not answering any of my questions which could get you out of you situation without me having to give you money which I am not going to do because this is potentially someone that’s hacked into your account

8:53pm Rhiannon
wtf?

8:53pm Elias
who is your credit card with!

8:53pm Rhiannon
You work at Nick’s Seafood Restaurant from 2002 to 2003.

8:53pm Elias
what town are you in?

yes, my facebook profile says that

who was the manager at nicks?

8:55pm Rhiannon
i am in kentish town

9:11pm Elias
Rhiannon I want to help you, but need to speak on the phone. I can’t send money because it’s sunday night here, and I’m not confident about your identity right now. If you can find a number I will call you and see what I can do

9:14pm Rhiannon
Elias i don’t know what else you want me to tell you or how else you want me to prove myself to you

all i know is that if you were to be stranded in another country i wouldn’t even think of it twice before helping you out

Ofcourse you can have the money wired online .. you don’t have to fo to the bank

9:15pm Elias
Well I am still online talking to you, so clearly I’m not blowing you off. But I am not stupid either.

Find a phone, give me the number, and let’s chat

9:19pm Rhiannon
Hotel Manager’s # +447024019672

9:21pm Elias
the number is busy. I’ll keep trying

9:24pmRhiannon

ok

9:24pm Elias
what hotel? maybe i can call reception?

Facebook’s privacy is smart on technology but stupid in thought

I’ve had to neglect this blog because I have been insanely busy with work and my studies, and will continue to do so for the rest of the year. But I thought I’d post a quick observation I made today, that I found interesting. Even more interesting, because I rarely notice details!

Whenever Facebook notifies you of an e-mail – like for example when a friend messages you – it will actually show you their e-mail. An example is in the screen shot below, which would enable me to click ‘reply’ to their e-mail and it would go directly to their personal e-mail. (I’ve noticed however, that this will only occur if you have already added the person as a friend.)

direct e-mail

This raises some interesting issues regarding privacy. The first being, why the heck is Facebook allowing this? Am I going to reply to my friends asking them what did they say in the message?! Privacy is my right to determine when people can see information about me when I want to – and I don’t want my friends seeing my e-mail. I can think of an example when a friend collected my e-mail from my profile, and adding me to a forward list of chain e-mails. Unlike the postal system for snail mail, where people pay for sending me a message with a stamp, e-mail forces the user to pay when they receive a message through their time. Before I didn’t have a choice, but now with new ways of communicating, I can control what gets sent to me.

This actually is a bit deeper. I’ve seen fake profiles friend request me – I always deny people I don’t know, but I know that lots of my friends usually add people blindly (I remember asking a friend who a friend requester was when I noticed she was a mutual friend with him, to which he replied: “No idea, but she’s hot!”). This now just became a very easy way to obtain someones e-mail – certainly, not as easy as harvesting e-mails from a public facing website, but still another means. The concerns however is not spam but identity threats.

A crucial thing to understand about privacy, is the concept of identifiable data. Corporations can collect data about me until their heart is content and I wouldn’t mind- but only on the basis they can’t specifically identify me. An e-mail address is what I regard as identifiable information: the e-mail I use on various web services that hold different data about me, can be easily linked purely through my e-mail address.

I’ve previously said how social networking sites are a new type of communications, that are far better than e-mail. E-mail is one of the worlds most powerful technologies but also one of the most dangerous. Whilst most would think it is because of e-mail overload and spam, what I really mean is how a single e-mail address can do so much damage if used by someone trying to investigate you and your life.

As our digital world becomes more sophisticated (and scary), lets be clear of some things. People no longer need e-mail to contact you; they can instead contact your ‘identity’ which is far superior (I discussed this in the posting I linked to just above). However with this advancement, also comes the opportunity to regard what your e-mail address really is: a key piece of identifiable data that can link your multiple identity’s across the digital world into one mega profile.

You need to be persistently adaptable

Tim Bull has recently written an interesting discussion point on when is the right time to innovate. In a post titled “Steam engine time“, he asks:

If innovation is a process of the right idea, in the right place and at the right time, how do we judge what the right time is and measure what is going on around us to hit the right spot?

Some would say luck has something to do with it, although I believe that is the perception from an outsiders point of view. In my eyes, a core set of attributes are required for innovation.

Consider this quote from Calvin Coolidge, 30th president of USA:

Nothing in the world can take the place of Persistence. Talent will not; nothing is more common than unsuccessful men with talent. Genius will not; unrewarded genius is almost a proverb. Education will not; the world is full of educated derelicts. Persistence and determination alone are omnipotent. The slogan ‘Press On’ has solved and always will solve the problems of the human race.

I think Tim is wrong to ask when is the right time, because innovators understand their environment, adapt to it – and then push until they get there. Persistence and adaptability, in my eyes, are two crucial aspects needed in a person or even a country or company, for it to successfully move forward. However whilst persistence is key – you need determination to push forward despite the barriers you are going to encounter – adaptability is the real secret to successfully innovating.

A case-study: multiculturalism in a flat world
Although I was born and bred in Australia, I have been brought up under a very strong Greek influence. With an Australian-born father, and a fresh-off-the-boat Greek mother – I have lived a life straddled in two cultures. Going to an Anglo-Saxon school, yet at the same time doing Greek classes at 9am Saturday (but leaving early for my schools footy games) – I grew to resent Australia’s multiculturalism policy. Without going into too much detail because this will turn it into a political discussion and detract from the point I wish to make – I disliked the fact that Greeks in Australia refused to integrate into the local culture. The Australian government’s stance of officially supporting Multiculturalism, which does things like pay for that Saturday morning tuition, was to me a stupid policy.

Fast forward to 2005, when I visited the Balkans as part of my nine months traveling around Europe. Serbia’s story is one of the saddest stories in Europe. Walking around the city of Belgrade, interacting with its inhabitants, and just generally experiencing Serbia – you realise you have come across a hidden gem in Europe. Yet once you look at the statistics and talk to some of the educated, you understand otherwise: a basket case situation that has little hope.

Serbia, like a lot of other countries I discovered in my travels, have a cultural problem: they can’t let go of the past. Millions of people have died over differing interpretations of history. The Republic of Macedonia’s identity is entirely staked on the fact they are situated on the lands of Alexander the Great. Identity to the nation states of Europe, is in history. And challenges to that history, and their identity, has led to some stupid wars affecting millions of innocent lives.

So guess what? I now think multiculturalism is the best thing my country could ever do, for the simple fact we can never have a fixed identity – what it meant to be Australian 50 years ago looks very different from what it looks like now. In Europe, identity is based on ethnicity with a fixed identity tied to history, language and a religion. In Australia, our identity isn’t allowed to be based on a certain ethnicity, and forces us to find common ground on what really matters like our way of life. If it wasn’t for the policy of Multiculturalism, we would be turning into one of these static nation states within Europe who become fixed as a certain point of time. The Greeks are still mourning over the Turks capturing the Great City of Constantinople from them in 1453 (which is why Tuesday is the unlucky day of the week for them). Yet for the countries like Australia, who don’t have much of a history – they are not locked – and consequently look forward, rather than back. Multiculturalism is a crucial ingredient to our success, because with all that diversity, it means we are constantly evolving our culture to the times without any one group fixing it. And with a globalised word, Australia’s ability to adapt to circumstances will be a key competitive advantage we have over countries.

If you don’t agree with me, have a read of Thomas Friedman’s The World is Flat – a book a entrepreneur/intrapreneur suggested I read. This guy who told me about the book was a German from Argentina, working for an Indian company to set up the company’s presence in Turkey! He told me that after he read that book, he quit his job and got himself into his current role. He faced the facts, and adapted his career.

Adaptability as success
You’re probably wondering what I am trying to get at, but to tie it back to my point about adaptability, successfully innovators need to constantly adapt to their environment. What happens with people once they get an idea, is that they spend all their time trying to fit it into a world that once existed, only for the world to be a entirely new place. Successful innovators need to constantly evolve their ideas, to the changing circumstances.

In October last year, I made a proposal at my firm to implement a new technology. For the months leading up to that point, people had to some extent talked down my idea and some even flat out rejected it. October however had me find the right person to hear my idea. And yet if I look at what I originally had thought, and what it is now – it is almost a completely different thing. Because when I pitched my idea, I was asked “why” it works and “how” is it different from anything else. It was that ‘why’ question that had me spend countless hours researching and understanding – adapting – my idea to the scenario being presented to me. I successfully made my business case, because I was given the opportunity to reframe my idea and adapt it to the circumstrances I was presented. Had I not adapted my original idea and vision, I wouldn’t be doing what I am doing now.

Of course, I could have summed up the above by mentioning Charles Darwin’s theory of evolution. Survival of the fittest, right? Adapt to the Green forest like that Green lizard that looks like a leaf, and you’ll find some food (rather than being the food yourself). Adaptability in life is a key critical success factor; and with innovation, it is the hidden factor that on the outside and in retrospect by others, gets attributed as luck.

Update 20/6/07: Catching up on some reading, I just came across a great posting by Marc Andreessen, an internet pioneer, who talks about the four types of luck and which nicely complements my thoughts above.

Pricks

If you don’t have a valid e-mail, Facebook forces you to verify it, before it removes those annoying CAPTCHA boxes.It’s a pretty standard thing for websites to do this.

Now, it’s telling me, I have to verify my mobile phone number – even though I have been regularly using the service for eight months.

bastards

This is not about verifying my identity – it’s about forcing me to give up my personal information. Bastards.