Anonymity is Not Enough

How do we know who’s who on the Internet? And why it may be the most important question we face.
The Escapist, February 28, 2006

Boston, the Harvard Faculty Club, a snowy morning in February. About 30 technologists, encryption experts, academics and corporate execs, plus a handful of journalists, sit facing each other around a long horseshoe arrangement of tables. The assembled luminaries include leading developers from IBM, Microsoft and Mozilla, not to mention former FCC commissioner Reed Hundt; Esther Dyson, the founding chair of ICANN; Marc Rotenburg, president of EPIC, the Electronic Privacy Information Center; and Doc Searls, editor of Linux Journal and an author of the Cluetrain Manifesto.

It’s cold outside, but the faculty club has laid out coffee and pastries for breakfast. It’s a good thing, too, since it’s going to be a long two days here, talking out the issues, approaches and possible solutions to the problem of how we create identities on the internet and, once created, how we keep them safe. Phishing, stalking, secure desktops, one-way hashes, World of Warcraft and the Department of Homeland Security will all come up over the next 48 hours. It’s pretty obvious nothing’s actually going to be solved in this room, but it’s an impressive collection of talent nonetheless. What does it have to do with the future of online games and virtual worlds? Quite possibly, everything.

One of the best things about the internet, in the minds of many people, is the anonymity it affords. For gamers, that anonymity comes into play nowhere more than in massively multiplayer online games and virtual worlds, where the disconnect between our physical and digital selves gives us a chance to take on new roles and experiment with different aspects of the combined persona that bridges the gap between the two realms.

But that anonymity can also be one of the internet’s great drawbacks. Freed from accountability for their actions, some players seek to experiment with the more annoying sides of their online identities, becoming in-game griefers or forum trolls. On a more serious level, some use the protection of the screen to pull off scams that can cost unsuspecting players real money, or to stalk other players online (and sometimes offline as well). And for those honest virtual businessmen out there, anonymity can sometimes make it difficult to build the kind of solid reputation of trust that any smart customer looks for.

Finding solutions to the problems of online anonymity will be important, especially as more and more people find ways to do things in online worlds that have a deep and real impact on their own and others’ offline lives. But retaining the advantages of an anonymous medium is important, as well. The question, then, is how to split the difference. How can I convince you I am who I say I am in a digital context, while at the same time protecting myself from prying eyes, and giving others the chance to maintain the cloak of anonymity some find so crucial to their online lives? Who am I, anyway?

No matter what kind of online existence you have, these issues should already be important to you. Even if all you do online is pay your bills, you want to know you’re not giving your credit card number to a phishing site, and you probably want to know the government isn’t harvesting data about what kind of purchases you’re making. If those purchases include buying World of Warcraft gold on eBay, though, you’ve got another problem. How do you know the guy with eBay handle WoWSalez0r really is the in-world character he claims to be? And, if you’ve got a more complex virtual business venture in mind, like one of the investment banks that spring up every so often in Second Life or EVE Online—ventures that can mean real money for both their executives and investors—how can you convince potential customers you can be trusted with their money? In the real world, you may be a person of high standing and accomplishment, but in the context of cyberspace, you’re just another toon.

As the things that happen in virtual worlds become more and more integrated with our offline lives, having a real identity in such places will become more and more important. The good news is some of the tools being discussed in the distributed conversation that landed at Harvard in early February may do a great deal to address these kinds of issues. Taken together, they could lead to a much broader range of available choices as to who we want to be in online worlds.

Perhaps surprisingly, two of the most interesting solutions are being developed by companies most of us think of as nameless, faceless behemoths of the technology industry: Microsoft and IBM. The “Identity Metasystem,” a project developed by an avuncular technologist named Kim Cameron at Microsoft, aims to bring a kind of “identity protocol” to the internet, not unlike the Internet Protocol (the IP in TCP/IP) that allows the various types of networks that make up the internet to talk to each other.

Under the Identity Metasystem, it won’t matter whether you’re paying a bill, signing on to a virtual world or buying gold on eBay: Any identity management application written to use the Metasystem’s open standards will be able to interact with them all. Your various identities (i.e., your username and password in various contexts, plus whatever other information you want to include) will be stored in a kind of secure online wallet. Microsoft’s InfoCard application, which should be available this year, uses the same metaphor to represent each identity as a graphical ID card. When you sign onto eBay, you simply choose your eBay identity card, and the InfoCard system – or whatever other application you prefer – first verifies the site is what it says it is (i.e., you’re not being phished), and then sends over the information. There’s no need for you to store your password in a company database, as you can simply point and click to sign on.

While the Identity Metasystem is a long way from becoming the internet standard for identity transactions, it is gaining traction among various development communities, and marks a big step for Microsoft toward a contribution to the metaverse that need not be tied to Microsoft products at all.

What IBM contributed to the Harvard meeting, though, is perhaps of more immediate interest to the denizens of virtual worlds. If you’ve ever met a World of Warcraft toon named Vlasic, chances are it was being played by a “Web Theorist” in IBM’s Emerging Technologies group named Andrew Donoho. Donoho is currently implementing what’s being called the Papillon system – which doesn’t want to know anything about your real-world identity at all.

Papillon will give users the power of “persistent anonymity.” Those of us who inhabit virtual worlds already enjoy this power, to a certain extent. In one sense, it’s nothing more than the identity of your avatar: Those who know the avatar Walker Spaight count on the fact that the same person (me) is behind him each time he appears in Second Life. What’s important, here, is merely that it’s the same person, not which particular person it is. Walker’s identity is persistent, but at the same time it’s anonymous in real-world terms.

The problem is, how can you know for sure? Passwords aren’t the most secure pieces of information in the world. Of course, not many people are too concerned about who’s at the controls of Walker Spaight. But if Walker were up to anything interesting – like selling Second Life currency on eBay, for example, or developing a project for someone in the virtual world – you’d at least want to know Walker was always Walker, and you’d probably want to know Walker was always me.

Papillon will allow users to make connections between their online identities that can verify both those claims. Rather than storing passwords or real-world identity information, Papillon will only store associations between identities in different contexts, encoded in such a way that the information is secure, even if it falls into the wrong hands. It seems a trivial thing on the surface, but the tools it makes possible could change how we think of our identities in online worlds. With Papillon, knowing eBay’s WoWSalez0r is really the World of Warcraft toon he says he is becomes a trivial matter of simply asking at a Papillon-enabled Web site. If WoWSalez0r has registered there, you have your answer. And if he hasn’t, you can make your own decision as to whether or not to do business with him, just as we do today.

And if connecting your online identity to your “real” self is important, you can do that, too. For many people, such connections already carry much weight. Just look at the number of people who reveal their identity in The Sims Online through the realsimsonline.com site. Even there, though, a screenshot and a claim that Toon X is Person Y is pretty slim evidence to go on. For many inhabitants of the virtual world, total anonymity is not enough. When tools like Papillon and the Identity Metasystem arrive later this year, we won’t have to settle for total anonymity anymore.

As the things we think of as “real” move further into the place we think of as “virtual,” it’s a good bet that more and more people will demand the kind of strong connections such systems will make possible. These kinds of things allow us to build stronger communities than are presently possible in cyberspace. The metaverse of virtual worlds is held back by a lack of trust, at the moment. But imagine a version of cyberspace in which all your online identities could be connected to each other in a secure, verifiable fashion, in whatever combination you choose. The kind of community found in a World of Warcraft guild is only the beginning. When you can travel from World of Warcraft to Second Life to EVE Online to ActiveWorlds to eBay and have your avatar in each of those contexts be you (if you so choose), that’s when the metaverse will really start cooking. I, for one, look forward to it. But then, who am I?