UKH

We're rapidly getting to the point at which it's hard, or maybe impossible, to tell whether internet posts have been written by real people or by bots. This has been the case for some time already on Twitter (which is in part why it has failed as a platform) but it is rapidly spreading.

Is this a problem? I think so, mainly because we all are social creatures and what we think will to some extent be influenced by others - however much we think otherwise.

The way to prevent such (paid and manipulative) mal-influence is to make sure internet content comes from real people, which means finding a way to associate content with a real person. That doesn't mean that a reader of online content need know the writer's identity, nor even that they can find it out; only that it is traceable in case of requirement such as to uphold the law. I would envisage a system much like that now in place to register for digital currency trading, whereby passport or similar proof of identity is needed before being able to participate.

Once such a system was in place, a site such as Twitter - or indeed UKC - should be able to continue to operate with pseudonyms but then effectively block all posts from any individual regardless of what pseudonym they were to choose.

The advantages of verifiable online identity are manifold. The disadvantages I'd say were twofold. Firstly that it would not be a trivial process to implement and sustain such a system, and also that it would require trust in the efficacy of the system, and to an extent in the organisation(s) charged with doing so. I find it hard to believe that blockchain technology wouldn't make possible a system that was not able to be tampered with by any malign individuals in the processing or management of the system.

Thoughts?

I'm real and so is my wife.  

https://www.bankid.com/en/om-oss/nyheter/bankid-involved-in-two-pilot-proje...

The tech is there, but it requires a credible ID card system behind it, not just blockbusters membership cards like the uk! 

I *think* on this site at least, the combination of savvy usership and proficient moderation routs this threat.

It could be argued that if we were in a position where a bot or a troll could outwit the collective then this would be a watershed moment and I for one would be amongst the first to welcome our intellectually superior overlords be they silicon, biological or both!

Not if you have something to hide, which most of us do.

Anybody with nothing to hide presumably doesn't posses curtains and posts all their employment/financial/medical/relationship/family/sexuality info online.

Don't use a deanonymised internet if you live in an authoritarian country.

Not Capita then. I've been included in at least three data breaches (employer, pension provider & LinkedIn) that I can remember.

An ID needs to be revocable so I can get a new one or retrieve my original if it's hacked.

I find it hard to see what blockchain would add?

However deanonymising the internet has been reasonably successfully done by China. Not a complete success but still pretty effective.  I am not sure I would want to follow them though.

Twitter does allow for verification using government id etc. Not overly successful though.

You humans really crack me up.

Signed

ZZ00000004321hgiu546

The curtains analogy is the pseudonym. Nobody is suggesting banning them. Alternatively, police have the right to search your house if they have good reason to do so. I don't see a difference.

And yet the way it is currently I believe is helping the UK and other countries to become ever more authoritarian.

Agreed!

Well that's where the technology needs to be effective.

Have you ever seen that film 'Titanic' ... ?

It's long past time to do this.  Human behaviour being what it is, anonymity leads to all sorts of disreputable conduct.  

We have a right to free speech and freedom of expression, and long may that remain the case.  However, it comes with two other things that seem to be overlooked; a responsibility to use that right appropriately and to be held to account for our actions should we fail to do so.

Rights, responsibility and accountability; there's been too much attention on the first and not enough on the second and third.  It's time that changed.

At some far-flung point in the future, historians will look back on the past quarter-century or so a bit like we look at the wild west.  If you're enjoying it the way it is then make the most of it, it isn't going to last forever.  I shan't be sorry to see it end.

T.

It isn't entirely anonymous though is it? Since the Snowden revelations we know there's overarching structures and many atrocity has been averted consequently. Obviously you and I don't know each other from Adam (in contrast to real world interactions) and this is refreshing and fosters open dialogue and learning.

Obligatory xkcd reference 

https://xkcd.com/810/

Good point! Actually no, I haven't. It's the only film that I've felt was so bad to make me walk out of the cinema part-way through. And then when I realised it was so absurdly long, I fought may way back in to tell my wife that I couldn't hang around outside until the end - and walked out again!

The problem with the analogy though, is that it wasn't the new technology that caused it to sink. It's likely that prior technology would also have suffered the same fate - perhaps worse.

Internet technology, on the other hand, is failing increasingly, and not helped by Zuckerberg, Musk, etc., for whom the commercial gains from its misuse appear to be more important than any semblance of responsibility in its management.

It isn't new technology we really need; it's better regulation.

Couldn't agree more - so kindly regulate Zuckerberg, Musk et al and leave me out of it.

I know there is artificial and I know there is intelligence.  

I'm pretty sure I'm one of those but not both, and it's more likely to be the former than the latter.

Tbh I think the Internet is going to end up as bots conversing with bots, humans will sit on the sidelines looking in occasionally. 

I think there is a principle of privacy that should operate here. There's talk of connecting your id to financial transactions too.

I, as an individual, should have the right to operate, within the law, without attaching my identity to what I say and do if I don't want to. I uphold that right even for those I find repugnant or offensive, but they must respect the law too.

It's a very slippery slope and throws out the baby with the bath water. It's pretty clear what could be done for the big platforms; make them as liable for what they allow to be seen online as a newspaper is.

So hate speech of any sort, incitement to violence etc (already proscribed by law) would be moderated out before it sees the light of day.

It seems strange to me that AI isn't being deployed in this capacity. 

Even as I'm writing I can see how difficult it is to get any balance but I'm interested in the debate.

If someone writes a pamphlet say inciting racially motivated violence that falls outside the law then who can be prosecuted? The writer? The typesetter? The printshop? The distributor? The ink manufacturer? The big platforms have got away with claiming to be merely the ink manufacturer for too long.

Has any big platform ever been successfully prosecuted for what their algorithms present to someone, e.g. suicide ideation, that leads to harm?

But how could that possibly be enforced without traceability - the kind of traceability my OP was proposing? In days gone by this might have been achieved by a bobby chasing down the street someone who was behaving in an offensive manner. Nowadays, with virtual streets, we need to replicate that potential for legal recourse.

Call me old fashioned but I try to only post sentences that I would say to someone or a crowd face to face, trying to be polite but if appropriate to f... o.. or lets settle this outside.

I quandried what to use as a username when registering, but inspired by Neil Foster and possibly even yourself decided to use my real name.

A lot of folk are probably posting from a work computer whilsr pretending to do what they are paid to do.

Edit posting from a pub , usually more accurate to write without autocorrect on , altering stuff behind my back, so please acceot the ocassional missspelling4

No, not yet so don't spoil the ending for me.

Why? Seems an odd idea to me. If you don't want to be accountable for what you say, don't say it. 

And I wouldn't have a problem with that, hence the continued ability to use pseudonyms.

But if they were to start behaving in an offensive, illegal way, there should be easy traceability to be able to identify and charge them with crimes committed. Internet anonymity is fine, but in my view committing criminal acts anonymously isn't.

There's also the rapidly growing problem of multiple accounts, whether bot-generated or human-generated. Wouldn't the online space be a lot healthier if each individual could be limited to a single voice?

Hear, hear.

It's a question of "accountable to who" - 

Should a teacher not be able to share their romantic poetry online because they don't want to be accountable to their rowdy sixth-formers?

Should an office worker not post their opinions about Nigel Farage because they don't want to be accountable to their Brexit-loving boss?

Should a gay teen not be able to discuss their sexuality online because they don't want to be accountable to their Christian fundamentalist parents?

Should a civil servant not be able to share their political opinions online in case they're held accountable to a lurid Daily Mail expose on the Woke Whitehall Blob?

Should someone with an abusive ex-partner not be able to post about their favourite pubs for fear that they'll be made "accountable" next Friday night turn up there?

Should a reformed character not be able to talk about their misspent youth online without worrying about being held accountable by a potential employer in a job interview?

Etc etc etc.

Why would a perfectly acceptable site-specific pseudonym not be effective in facilitating all of the above?

So you wouldnt mind being recorded 24/7?

I would say it depends on whether you see the internet as a workplace or as a social place. I would assume you apply slightly different standards in each?

Even for the workplace it would be unusual for your standards not to vary somewhat. For example today I said something rather uncomplimentary about a third party supplier. Obviously I could and would tone it down to remove the "dont trust them one bit. Check and check again and then get someone else to do it"  if they were on the call but it shows the problem of a one size fits all solution.

Because no one sane would rely on that? This is a good example of why people find anonymity is useful since I can then say how I was asked to join a call at 9pm UK time since we needed to discuss exactly what the compromise of moveit meant for us.

You are creating a new reason to hack sites not that one was really needed. Just think what fun you could have threatening to release the true identities of people.

There are many places where you can be imprisoned or murdered for saying something perfectly reasonable. Not here but the principle holds.

I was replying to what seems to be the periodic re-emergence of the "why doesn't everyone post under their real name" thing. Sorry, I know that that's not what you were proposing.

I think most online abuse is probably quite easily traceable by it forensics unless the abuser is pretty clever. But there's so much of it and prosecution is low priority so nothing gets done.

But my second point was really that everyone can behave in an extremely offensive and/or dangerous manner with the assistance of global media platforms so what's the problem here; nasty aspects of human nature or the ease of indulging them? 

I don't believe it could be effectively implemented. Because fundamentally to avoid AIs or the people in charge of them being able to create identities and post AI content, you'd need to have a list of the names of all the people in the world from every country, or you'd never have any way of checking a new users identity verification when they try to register.

And even if you did, somehow, manage this feat, I think the requirement would be arduous enough that most people would rather go register with a different platform that doesn't ask them to jump through as many hoops.

And if you were still golden, you'd still end up with AI garbage everywhere through identity theft.

Presumably we are not trusting any old random who sets up a forum with a complete list of all allowed persons, so maybe now we are talking about a gatekeeping organisation that is the ultimate arbiter of the list and allows internet access only to those it deems worthy.... Maybe I'm reaching a little but none of the above sounds like a world I'd like to live in.

No, but it’s well past time to deal with adversarial/enemy action against western democracies both on and off the Internet.

People on here, with 'known' accounts, who have wanted to discuss embarassing or deeply personal issues, have deliberately created a new account to do so, in order to be anonymous.

That seems like a good reason.

I don't think you've careful read my sugestion. Pseudonyms are useful for a number of reasons, including the one you stated. But there should be a behind-the-scenes link between each pseudonym and a real person. The identity of any pseudonym may not even be known to the site management, but should be verifiable in case of legal recourse. A person using multiple pseudonyms could be deemed acceptable by website management, but if web content was deemed inappropriate then the management should be able to restrict the activity of that person on the site and not just that pseudonym.

I'm not sure that can be achieved given that you have overseas contributors young people etc

An update...

..my work email address (15-20 years old) is in 12 data breaches.

See https://haveibeenpwned.com/ to check your own email addresses.

A single overarching ID database is a prime target for hacking and for me single point of failure that I do not want.

Rather than blockchain I would think public/private key cryptography is more appropriate technology (centralised issuing authorities*) , although that might just be because I don't know much about blockchain (distributed, non-centralised?).

*centralised issuing authorities are a problem too, see https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_attack

Then there's the issue of trust.
Why should Joe Public who knows nothing about cryptography, blockchain or technology trust technology?
Why should Joe Public believe it when somebody says "I've reviewed this open source software, and it's fine"?
Why should Joe Public or anybody tech savvy trust that there won't be another** security hole in widely used open source software?

**see https://en.wikipedia.org/wiki/Heartbleed for example

UKC convention dictates that I point out that, In this instance, I think it's a question of "whom"...

I think that the anonymity horse has long since bolted. As another poster said, the best thing to sort out bots / trolls and scammers would be make the sites who are getting the cash (tw*tter, FB, TakkyTix etc) legally responsible for the content they deliver. Of course, they would then need to be policed...

Can you explain, in detail, how the owner of a small Owl Spotter's forum in the UK would go about obtaining a verifiable online identity for a user who registered for the site from, say, Uzbekistan? What mechanism would they have to check that they were who they said they were?

Clearly my OP was a broad concept suggestion rather than a detailed plan ready for implementation. So no, I couldn't give you the explanation you're after. I would, however, ask how such a person might buy digital currency, as that seems to be a promising model to look to for how to build ID credibility. Of course there will be many people who cannot, or who choose not to, register for ID confirmation. In this case, at least as an interim measure, social media could still allow content but identify it as from an unverified user - sort of like the opposite of a Twitter blue tick, but where the blue tick actually means something useful.

Clearly my OP was a broad concept suggestion rather than a detailed plan ready for implementation. So no, I couldn't give you the explanation you're after. I would, however, ask how such a person might buy digital currency, as that seems to be a promising model to look to for how to build ID credibility. Of course there will be many people who cannot, or who choose not to, register for ID confirmation. In this case, at least as an interim measure, social media could still allow content but identify it as from an unverified user - sort of like the opposite of a Twitter blue tick, but where the blue tick actually means something useful.

Something I don't think has been mentioned yet..

I don't think it's particularly uncommon for people in abusive relationships to receive support and advice online.  If everybody gets one unique 'identity' that they can use to access forums etc., then someone who is stuck in a relationship with a coercive and controlling partner effectively has no id while their abuser effectively has two.

It seems like many people are confusing the idea of identity with that of pseudonym. I'd be more than happy for pseudonyms to continue to be used, for many reasons including the one you describe. But each pseudonym should ultimately be traceable (given legal authority to do so) to the identity of a real person. That way readers can be confident they're not responding to or being influenced by a malign bot.

Hang on, so you're saying that you have to buy BitCoin or similar to prove your ID? This idea sounds like you want the moon on a stick but so far don't even know what a stick is!

Possibly so, but I'm not. 

Whether your 'one true login' (that in turn allows you access to all of your 'pseudonyms') is accessed via password, biometrics or whatever - a coercive and controlling partner will have access to it.  As long as they know it exists they have access - they'll force their partner to hand over the password, unlock their phone, whatever.

A coerced and controlled partner doesn't usually get any privacy except through secrecy.  Through having a 'burner' phone that their partner doesn't know about for example, and this is specifically what you are proposing to somehow make impossible. 

It's relatively few people we're talking about here, but your suggestion would take away one of very few lifelines that they have available to them and which some of them desperately need.

Methinks you are overthinking this, only an idiot believes what they read on the internet so who cares. They'll find another source of garbage if nescessary.

I mean you post as John Arran, I've heard of a climber with that name but is it really you (him) posting? I've had my posting identity cloned on another forum despite their blocks and checks and we know that without unbelievably complex systems it's impossible to stop, it's easier to work from the other direction and don't believe a word they say (unless of course you think the same). I restrain my belief in what the Sun or the Daily Mail (etc) write, it's easy.

I see the confusion, and perhaps I haven't explained the idea as well as I could have.

The way i see it, people could gain ID verification and could then use that verified ID to register either with their real name or with a pseudonym anywhere online. The site management would be able to verify the credentials in some way (without necessarily being able to gain real ID details for that person, so even the site owners might not know who it is - but they would know that the person is real and has verified ID.

If a site chose to, it could permit multiple pseudonyms for the same verified person, but it should be able to find out if any of its registered user pseudonyms share the same ID as any others. That way, if a pseudonym was in breach of the site's rules, the person in breach could be banned rather than just the pseudonym account.

Also, if a site chose to, it could permit non-verified user pseudonyms, but it could choose not to or it could choose to mark them in some way to make it clear that there may not be a real person behind the pseudonym. I'd be far happier using Twitter if I could be confident that the people posting were real, or even if I could simply alter a setting to hide or grey out all posts from non-verified users.

The configuration potential would be considerable. A site could restrict a user to a max number of pseudonyms - to prevent botfarms operating under a genuine user's ID. It could effect a fixed-term or lifetime ban on a particular user, regardless of pseudonym.

Establishing the ID verification system in the first place is the hard part. This is where the bitcoin model might serve as an example. (Note to owlart: I didn't suggest that you need to buy bitcoin to verify your ID, but you do have to verify your ID to buy bitcoin! The verification process may end up being similar, though I don't doubt that there are myriad possibilities.)

Once your ID is verified, you should be able to use some kind of token to demonstrate this to any new site you register with. This is where the blockchain concept might come in useful, though my knowledge of that technology isn't great and there may well be easier or better ways to maintain and communicate your ID proof in a way that isn't hackable.

The sites you register on would not need to know who you are, just that you have a verified ID.

I'm with you in mistrusting the vast majority of what I see online, but every internet user having to do so is a pretty poor state of affairs, and with AI it is only going to get worse, to the point at which the incredibly useful (but flawed) internet we've developed will become effectively useless. I think something needs to be done to prevent (or at least limit) this, or we'll soon not have any idea at all what is fact and what is manipulative fiction.

Well we have a secure identifiable I.D system in Germany that works in conjunction with our I.D cards which are biometric and fingerprint. One has a so called "burgerpass" whereby you have a card reader and log-in over it through an encrypted internet connection and this allows one to do all ones business with the government. Has this been hacked by the Russians, is there a direct line connecting it to the NSA, where the chups made by Huwai? Would you want it to connected to anything to do with Elon Musk? Nobody knows but nobody trusts it either. If you can live as a most-wanted terrorist for 35 years under the somewhat onerous German I.D system then anything's possible.

How? Would this be a one true ID that's global, or each country's government running an ID verification scheme, or what? What if your government doesn't participate? What if this global ID scheme gets hacked so your pseudonym becomes public?

in some way is doing an awful lot of heavy lifting here.

You don't appear to be engaging with people who are telling you this is not as simple as you seem to think. You might as well say "I've come up with a great idea - faster than light travel! I'll leave it to other people to work out the details."

I think it would need to be a global system, maybe administered in each country or regionally, but with no mechanism by which each administering authority could interfere.

I'm not sure it is. All that would be needed would be something akin to an online payment page that connected the user to the bank, and returned a success token to the site. I'm not saying it would be the same, but connecting user to registration authority and receiving confirmation is mostly all that would be needed. There would be an additional piece of info needed so that the site could later match pseudonyms with the same ID, which would need careful thought but hardly would be rocket science.

I appreciate that there will be more subtle complications but I've responded to most people. What is starting to irk me is that people are telling me it would be too complicated or that it wouldn't work, without really justifying that stance, and most importantly seemingly without a thought for what will happen if we don't address the problem at all. The only positive suggestion in that regard has been to make website owners respoinsible for all content on their site, which I don't think can be a workable solution as it would require filtering out all bad content prior to posting, which companies are already trying and failing to do. The next best option is full accountability for whoever is posting.

By 'deanonymise the internet' I assume that you actually mean 'deanonymise social media.' The two are obviously distinct.

Beyond that, and without a detailed technical analysis, you might as well write a post entitled 'is it time that humans can breathe water, instead of air?'

For a start, I suggest you ponder why PKI for things like universally-encrypted email has never taken off. If you think about that for a while, you'll (probably) realize the practical problems involved.

Anyway - I await your RFC with interest!

No, I mean all content. The publishing site should be able to know who is responsible for any content they publish, whether that is articles, videos or registered user comments.

Thank you for at least suggesting the nature of where a technical limitation may lie, even if you've stopped short of explaining why it would be insurmountable.

I'm still amazed at how relaxed people seem to be about accepting fake news, fake users and fake everything else, to the point at which difficulties are so readily dismissed as insurmountable, not just at the moment but for evermore.

If I become Miss World I want world peace,  an end to hunger and to introduce a global ID system. 

So you are proposing a system administered by humans (ie governments) ceating IDs but immune to human interference and unhackable. Given that governments record who does/doesn't exist, they can just invent identities like Russia did for Salisbury, or there'll be the human ID equivalent of brass plate companies in tax havens.

It would be the cryptography equivalent, but that's not the main weakness which is human.

Supposing you achieved the almost impossible. You need to realise there already ways to opt out. See the dark web for what replaced Silk Road or dark web social media.

I don't think it's technically impossible, I do think it's humanly impossible.

This is what I meant above when I made my slightly flippant comment about how you should regulate Zuckeberg and Musk and leave me out of it.

The 'blue check mark' on Twitter used to work ok, it was Musk himself who trashed that.  The problem with X isn't that Musk doesn't know who's real, it's that he doesn't care.

People who make genuinely hateful comments online (from within jurisdictions that enforce laws about that sort of thing) are quite often prosecuted already.  They can do great harm to individuals, but as individuals they can't actually do that much harm to society as a whole without a lot of help.  That help comes in the form of platform they are given by algorithms that actively promote their nonsense far beyond the audience they would naturally reach.

You're talking about enabling the 'site owners' to deal with trolls etc., as if social media in general was like UKC with has a team of wholly well-meaning human moderators who're genuinely trying to help and sometimes end up playing whack-a-mole. 

But it isn't - it's Facebook, 'X' and TikTok which at best is amorally looking to increase 'engagement' with any content, from anywhere, that gets the clicks and at worst is actively promoting the dodgy stuff itself, because it aligns with Elon Musk's own views.

It isn't the ability to improve social media that the companies behind social media lack, it's the will.

I'm very much with you on your opinion. 
Free speech in a considered manner, however, cost Salman Rushdie an eye, and a lifetime of hiding. Free speech in a more liberal and satirical manner cost Charlie Hebdo twelve lives. 

The problem with pseudonymised data you've already identified - you need to trust that organisation with your ID. If even places like banks can be hacked, I don't trust social media to be sufficiently secure, especially ruddy fb.

To the general pushback on posting anonymously on platforms, and I encounter quite a lot of pushback - the problem is that you're *not* just having a chat saying the things you would say to anyone, say, in a group in a pub.

Firstly, somewhat bizarrely, FB is now somewhere I go to for advice (or perhaps I should say - peer experiences) on matters like health, given that our healthcare is now such that I often do genuinely get better advice online than I do from some doctors; and secondly, places like FB have a horrible habit of resharing anything you say with the world and his wife. My mate Bob doesn't need to know I've posted about, I dunno, the effect of menstruation on my mental health; nor do random climbers at the crag/wall need to recognise me from some random navel-gazing mutterings I've posted about climbing (this has happened too many times). Anonymisation seems to be the only way to get that community without feeling like you're living in a goldfish bowl naked on Oxford Street. 

That said, I do feel like I've been reporting a bot every other day the last week - and other platforms unfortunately do naff all about it (credit to UKC for trying though).

I can only assume that the only conclusion is to retreat into my cave with my ever growing pile of books.