[A quick meta-note upfront: I haven't been posting much lately, because I started a Real Nearly-Full-time Job a few weeks ago. I'm continuing both CommYou and Art of Conversation, but my time is now much more limited.]
My friends mindways recently posted a link to an interesting but not surprising article about the growth of fraud in social networks. The idea is quite simple: since Facebook verifies nothing but your email address, it is terribly easy to pretend to be someone else.
I’m not talking about fancy high-tech breaking of security here — it’s simply that, if I was to claim to be Bill Gates, how do you know that I’m not? (In practice, a quick search turns up a bunch of them.) More to the point, how do you know whether or not I’m your buddy Jim? If I have Jim’s picture, and a little of the right biographical information on my profile, I sure look like Jim. Do you vet your Facebook friends carefully, to see if they are who they say they are? Would you even really have a way to do so, short of calling Jim and asking if he friended you on Facebook yesterday?
This is all the flipside of the “pseudonymity” question that comes up from time to time. If you have a lot of persistent information online, that is all strongly linked together in a secure way, that counts as a fairly clear identity — perhaps not an identity linked back to the real world, but an identity. OTOH, if all you have is a bunch of information about a real world identity, but no secure relationship between that and the online one, you don’t really have anything meaningful. But most people are still used to thinking in terms of real names and faces, so the gut reaction is to believe the latter more than the former, even though it’s actually much easier to fake.
Curiously, I suspect that LiveJournal is actually less prone to this problem than Facebook is, precisely because it does not use your real name as your handle. (And many/most people don’t use their picture for their icon.) This preconditions people to be just a hair more suspicious: there isn’t the knee-jerk, “Oh, look — it’s Jim’s picture so it must be Jim.” And on LJ, Who You Are is mostly determined by What You Say. If you post a lot of things that only Jim would say, you’re probably Jim. But just asserting your identity and friending people is more likely to make them suspicious: there is more burden of proof.
At least, that’s my guess. I don’t know that anyone’s really studied the matter yet — it would be interesting to see what came out of such a study.
What do you think? Have you found yourself more apt to simply friend someone on Facebook than on LJ, because they have the right user name and photo? Do you think the rise of OpenID and other online-identity-linked mechanisms will gradually reduce this threat, by raising expectations of a deeper, richer and more consistent online profile?
