TechnoSocial

Why is Google hiding their "real name" requirement from new users?

2011-09-23T14:59:58Z

[original Google+ post here]

Google has been adamant from day one that everyone must use their "real" name on Google+. They have suspended the accounts of people they personally invited to the service. They have forced their employees to use their legal names instead of the ones they are known by to their friends. They have suspended the same users multiple times because their names looked fake. They have done this continuously since Google+ was launched, and they have done it despite the fact that the suspension process has had bugs (which they have only mentioned in passing to the press) that have caused people to permanently lose access to data on other Google services. They continue to suspend accounts even though it means that Google users are losing access to services like Buzz, Reader, and Picasa that they had before they signed up for Google+.

In short, if you've signed up for Google+ with a pseudonym or odd name, you run a serious risk of ending up losing data and services.So why isn't Google telling new users not to use pseudonyms?

I'll walk you through the process in a moment, I've included all twenty one screen shots with captions. (Yes, it takes twenty one page views to sign up for a Google+ account from scratch! Seventeen if you skip the ToS and related pages.) I've excerpted the captions below.

This is where Google tells new users about their strict policy on names and the risks they face should their Google profile, rightly or wrongly, end up suspended. It is buried three pages deep, below the fold, behind a link on the words "full name", that is behind a twelve pixel high question mark on page eleven of the signup process.

I can't say I blame them. I mean, would you sign up for a social network that warned that your account might be suspended because someone didn't like your name, and that if it was, you'd have to upload a scan of your driver's license to get it back? I've used a lot of beta products before, but never one that put my non-beta services at danger as well. When the risk of lost data, services, and reputation (several people have had their profiles suspended at times which lost them business) is so great, shouldn't Google say something up front?

Here's what I had to do to find the hidden policy (click the image for a visual tour, or read the excerpted captions below).

Google+ Signup

1. First we click on the little "Create an account" link under the big "Sign In" button. I would have made it more obvious, but this isn't a post about esthetics (much).

2. Google starts by wanting our email address and a password. A country and birthday finish off the form. Down at the bottom we have links for the privacy policy and to accept the policy. We'll check the privacy policy first.

3. Not surprisingly, there's nothing in the privacy policy about the "real names" policy. On to accepting it.

4. Account creation is confirmed. We get some info about what applications we're getting and a Gmail upsell. Continue.

5. Now we're asked to send a verification mail so Google can verify that we are somewhat real. This is step one in the fight against spammers and throw-away anonymous accounts.

6. Verification mail sent, we go now to check our mailbox.

7. Here's the verification mail. We click on the verify link.

8. The account is now activated, we're asked if we want to add a mobile number in case we forget the password. Continue.

9. Step two in spam prevention, we're asked to confirm via a text message to our phone. Presumably Google frowns on people reusing the same mobile number for verification too often. We send ourselves the verification code.

10. We get a verification code on our phone and enter it here.

11. Finally, after eleven pages, we actually get to create our Google Profile for our Google+ account. This is the page where we enter our name. But wait, where is the warning that we must use our real name? Where is the warning that if we don't use our real name, we will lose the ability to fully use Picasa, +1, Buzz, Reader and possibly other services? Where's the stuff about having to send in our driver's license?

We'll check two things. First the privacy policy, then the tiny, tiny little question mark next to "Google profile". Finally we'll join.

12. This privacy policy actually does say something about names, but it's just about the fact that everyone in the world will be able to see our name and what we publicly post using it.

Now would be a good time to decide whether we really want to use our legal name on Google+.

What about that tiny little question mark?

13. The tiny question mark leads to a page which tells us what a profile is and how it's used. Still nothing about the name policy.

Except…note that "full name" is a link. It's a little less obvious in this image because I'd already visited it when I took the screen shot, but it's still pretty obscure.

So here's my question. How likely are you to click on a tiny question mark next to the words "Google profile"? Having done that, how likely are you to wonder what the phrase "full name" means, and click on that?

I was searching for this information, and it took me a while to find the link. Let's click on it.

14. Voilà! We finally found the "real name" guidelines. Note that they are not part of the Terms of Service, as some have claimed. Theyalso don't say that we must follow them, they simply say that it's "important". I don't know about you, but lots of sites tell me that entering all my personal information is important, and I'm sure it is…to them. Here is where Google say's we should use the name that our friends, family or co-workers call us. A thousand or so people online and off know me only by my pseudonym, so my reading of this is that I can use it on Google+. Except they it also says "Put nicknames or pseudonyms in the Other Names field". Unfortunately, that doesn't really make sense, given that a pseudonym is used instead of a legal name. Furthermore, it contradicts the previous instructions to use the name I'm known to by my friends. Confusing, no?

But what about the dangers of not following these recommendations? Where are they?

Ah, for that, we need to scroll down. They are hidden below the fold.

15. This is where we finally get warned about the danger of not doing whatever it is that Google wants us to do with our name.

But there's nothing here about the government photo IDs that Google has been requiring. Instead we are told that we might have to submit a trademark or DBA. What on earth do those have to do with telling Google our legal name?! All I can think is that wording was meant for business accounts. It makes no sense, and makes me even less likely to take Google's recommendations seriously. On top of that, Google says providing that information won't necessarily help.

Finally we are told that if we are suspended for violating an extremely contradictory policy, we will lose full use of some Google services including Buzz, Reader and Picasa. We are also told that we can get them back by making an approved name change. We aren't told that if we aren't willing to, or can't, change our name back, we will permanently lose the ability to fully use those services.

Okay, let's enter our name and continue. We've seen the meat of the issue, and it's not very enlightening, but we might as well walk through the rest of the process.

16. We're invited to add additional profile information.

17. We're invited to import our address book from other services.

18. We're told that we really ought to import our address book from other services.

19. We are invited to follow a bizarre assortment of celebrities. What demographic is Google targeting again?

20. We're warned that if we don't follow Paris Hilton, we'll get lonely. Someone please point me to the nearest monastery.

21. And on page twenty one, we finally have a Google+ account.

Until, of course, Google suspends us for violating their name policy.

P.S. Google, twenty one page views?!

Who is hurt by the Google+ "real names" policy? A summary.

2011-09-19T23:44:11Z

I think it's time to get back to basics. More and more of my friends are leaving or being forced out of Google+. Some refused to submit a driver's license just to prove that their legal name was real. Many cannot safely socialize under their real names. Some just value their privacy. Let's ask this basic question again. Who is harmed by Google's "real name" policy?

These are the people whose voices are being limited or eliminated by Google. These are the people whom Google thinks it's okay to remove from your social network in an attempt to make their identity service fractionally more "real". These are the people whom Google thinks that even if they can safely be here, it's okay if they can't talk publicly about the same things you and I take for granted.

These aren't abstract examples. These are real people, living in the United States and around the world. People who have been harassed, discriminated against, and stalked online and off. These are your friends, your co-workers, and your neighbors. You haven't heard about their problems for the simple reason that they'd rather not talk about them under their real names. Would you? You can read some of their personal stories at the site http://my.nameis.me/.

Most of these examples have been excerpted from "Who is Harmed by a "Real Names" policy (http://j.mp/pojGSo) and my post "On Pseudonymity, Privacy and Responsibility on Google+" (http://j.mp/pJC2PO) (please read that post before arguing about why pseudonyms are or are not a good idea on Google+).

If you read just one of these examples, make it the last one.
—————

Women who don't want to be harassed online. (Women face 25 times as much online harassment as men if they use feminine-sounding usernames).
Mothers or intending mothers, who may face additional hiring, pay and promotion discrimination.
Social workers, mental health workers, teachers, judges, lawyers, members of the military, journalists, academics, union activists, law enforcement, government employees, religious leaders, bank and financial industry employees, job hunters. (All are limited by not being able to talk publicly about some topics under their real names.
People who wish to talk publicly about things their employer disagrees with.
LGBT people living in regions with no anti-discrimination policies, or where homosexuality or transgender behavior is outlawed.
People who can't, or don't feel it's safe, to scan and upload their driver's license for a complete stranger.
Parents whose legal religion, philosophy, sexual relationships, or sexuality (LGBT, poly, BDSM…) could result in social services removing their children or taking away custody, visitation, or adoption rights.
Parents protecting their children from prior abusers.
Parents blogging about raising their kids.
People blogging about family members with disabilities.
People with disabilities who are forced to choose between disclosure (leading to increased abuse, social and employment social discrimination) or isolation.
Survivors of domestic abuse who don't want to make it easy for their abusers to find them.
People currently experiencing domestic abuse.
Survivors of harassment and stalking, and people currently experiencing harassment and stalking.
Victims of crime or private people associated with a newsworthy event (like the unusual death of a family member), who may be harassed for information by news media or the general public.
People who have had an attack on their real name where someone has mounted a smear campaign to trash their public identity.
Members of any non-majority religion (or with no religion), who may experience discrimination or persecution in the real world if they disclose their religious beliefs online.
People who are questioning their religious beliefs.
People whose names subject them to discrimination based on race, religion, cultural and/or socio-economic bias (for example, anyone named "Mohammed", who might fear harassment/discrimination as a Muslim).
People with relatives living under authoritarian governments.
Prominent people and their families who want to discuss things without their fame interfering.
Anyone in a marginalized group who might be "outed" in some way.
Political dissidents, such as those involved in the 2011 "Arab Spring" uprisings.
Those involved in highly contentious political activity, around issues such as abortion, civil rights, etc.
Anyone with political views (however mild) that may be unpopular or discriminated against.
Whistleblowers.
Anyone concerned about identity theft (how many genealogy "secret" questions do you get asked which could be answered with an online search)?
People seeking physical or mental health support.
People with or recovering from substance addiction (especially women).
People who wish to find out information about marginalized sexual practices (BDSM, Polyamory…).
Authors of erotic fiction (amateur or professional).
People who discuss current or past drug use.
Sex workers.

And last but not least…

You, the next time you want to publicly discuss something which might get you fired (your opinion on Palestine?), cause you to lose friends (your politics?), upset your parents or children (your sexuality?), or simply not look good showing up in the same Google search as your resume (your views on abortion?)…so you decide to remain silent instead.

and

You, because you will never hear the unique and important views that these people could bring to conversations on Google+.

—————

When you think about this, please keep in mind that Google has drastically changed the concept of what it means to be "public". In our day-to-day lives offline, we don't carry a sign that tells complete strangers our full name, where we live, and everything we have ever said in public over the past twenty years. Yet that is exactly what happens when you speak publicly online with your real name. In the face of this new definition of "public", the ability to speak anonymously (or in online cases, pseudonymously) has become far more important than it ever was before. Offline you can go to a bar, political event, or public meeting and just use your first name, knowing that your words are not likely to be distributed to hundreds of millions of people for eternity. You can't do that online, so if you want to publicly address anything controversial, or simply something that is inappropriate next to your resume and work-related postings, you need to do so under another name. It's not a great solution, and it's not completely secure nor safe, but then, neither is speaking out in that room. These are the choices we make every day when we speak publicly. These are the choices that a new breed of generalized social networks like Facebook and Google+ are trying to take away from us.

The forum for public discourse is no longer the town hall, or newspaper, or fliers on the street. It is here on the Internet, and it is happening in communities like this, hosted by private sector companies. Social networks like Google+ are the new public commons, and Google has a responsibility to ensure that important voices are not left out of these forums.

Google's motto is "Don't Be Evil". This is the company that stood up to China's privacy violations. This is the company that refused to require real names when South Korea tried to mandate them. This is the company that has repeatedly stated that pseudonyms are an important part of public discourse. It's time for Google to step up and ensure that Google+ adheres to the same moral code as the rest of the company.

Illustration by my daughter, Shadi Fotouhi (http://dotty323.deviantart.com/). Permission granted to use with attribution under the Creative Commons Attribution License http://creativecommons.org/licenses/by/3.0/

Original link to this post on Google+ at: http://j.mp/qpUEjy

Some thoughts on names and "privilege", a word I always used to hate

2011-08-16T18:23:27Z

Original post on Google+ at http://j.mp/o2ApQ3 if you're a Google+ member, I encourage you to join the comment discussion there.

This has been an enlightening week.

First of all, I now accept a phrase that always made me feel like someone had just jumped the shark in a conversation. I am a person of privilege. Not by choice, but by parentage, birthplace, and luck.

I accept this because I have seen far too many with my background who think that everyone else just naturally is able to obtain what they have obtained. They think if you really want it, you can get it. They don't see that those opportunities are open to very few, and that what came easily to them, came damned hard, or never, to others who tried just as hard or harder. And they also don't see that the liberty and freedom from persecution and abuse which they take for granted, simply don't exist for large groups of people in our society.

Secondly, as a privileged person, I absolutely have a moral obligation to stand up for those who aren't so lucky, who don't have my privileges, and who are ignored or persecuted in silence, because their voices are dismissed by too many like myself. I have a better chance of being listened to, and I can speak without losing what others would lose by being public.

This whole persona/pseudonym argument may seem like a tempest in a teapot, but the fact is, the forum for public discourse is no longer the town hall, or the newspaper, or fliers on the street. It is here on the internet, and it is happening in communities like this, hosted by private companies. Freedom of speech is not guaranteed in such places. As Lawrence Lessig once said, "the code is the law." The code that Google applies, the rules they set up now in the software, are going to influence our right to speak out in the future. It is imperative that we impress upon Google the importance of providing users with the same rights (and responsibilities) as exist in the society that nurtured Google and brought about its success.

I quote from the Electronic Frontier Foundation, an organization which very early on realized the importance of freedoms in the online world.

Anonymous communications have an important place in our political and social discourse. The Supreme Court has ruled repeatedly that the right to anonymous free speech is protected by the First Amendment. A much-cited 1995 Supreme Court ruling in McIntyre v. Ohio Elections Commission reads:

Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical, minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society.

How Google needs to fix "common name" enforcement

2011-08-16T17:58:17Z

Original post on Google+ here http://j.mp/nMkJZH

This post is not about pseudonyms.

It is about Google's enforcement of the following phrase, "it’s important to use your common name". If Google truly believes in that statement, this is what I believe they need to do:

Google can not continue with a policy that is so arbitrary that people's real names are rejected, and people's "known as" names are approved one time, and then rejected the next time they are challenged. Nobody wants to invest in a social network which may arbitrarily ban them at any moment. At the very least, the following needs to be done.

1. Once approved, a name needs to be permanently approved. Flag the account as valid. No double jeopardy. I can't think of a better way to alienate users than the knowledge that at any minute they could be ejected again.

2. Define "common name" in terms of online information. Yeah, good luck on that, but at least try. How many years? How many blog posts? How many twitter followers is worth a Linkedin profile with followers? Google can't make this arbitrary. I need to know when I sign up that my account is not going to get nuked. You can't expect people to devote significant effort to making posts and building their network if they know that they could be removed at any time. I have a domain using my ID, I have 40,000 tweets over three years with over a thousand followers. I have a blog. I have a paid Flickr account with 40+ followers. Is that enough? Can Google say with certainty? I certainly can't. When is Facebook a valid reference? As far as I can tell it's only used to see if a user's slight variations in western names are being used elsewhere, it's not enough if your name is Zaphod Beeblebrox. Google needs to define the rules and publish the definitions. (And if Google can't define it, they should stop claiming that they allow it.)

3. Define "commonly name" in terms of offline information. "Government issued ID" is not an indication of commonly known as. Google claims that the Google+ VP's common name is Vic, and that it's not a nickname. But the dictionary doesn't distinguish between a common name and a nickname, and Google has made no indication of how they distinguish. Furthermore, Google provides no indication of how a common name can be determined offline. What proof is sufficient? References? Once again, if Google can't do this, they should stop claiming that they allow it.

4. Address the international issue. China, Burma, Thailand, India. Google's rules fail there and in other places around the world (including the U.S.). Common names aren't documented online or off. Names change. People don't always have last names. Google needs to either admit that they aren't ready to allow people from those cultures, or get rid of the restriction, it's making them look like idiots. (I'm not trying to be insulting here, but ignoring these problems is really making Google look culturally insensitive.)

5. Answer the question of how Google is going to deal with profiles from hosted domains when they finally add support for profiles. Is Google really going to force existing paying customers to change their names before they sign on to Google+? If not, why do they get a free ride and nobody else does?

Why are these issues important?

Because by leaving them unanswered, Google looks inconsistent and two-faced. They are claiming to do one thing, but they are actually doing another. And if we can't take Google seriously about these issues, why on earth should we take them seriously when they say they might eventually support pseudonyms?

I'm just some middle aged white guy, why is name privacy so important to me?

2011-08-16T17:50:37Z

Original post on Google+ here: http://j.mp/qlY5jv

I'm just another middle-aged, reasonably well-off, American white guy.

So why do I believe so strongly in the importance of letting people control who sees their real name, when you don't?

I was thinking about that this morning, because I know that if you'd asked me this question three years ago, I would have been strongly pro-privacy, but I would not have been as passionate about it as I am now. What's changed?

The difference is that in the past three years, I've spent a lot of time socializing with people who are private about their birth names. I've met them on Twitter, and I've met them in person. I've even driven across the country to meet up with friends whose birth name I didn't know until I was camped out on their couch. As a result, I've heard things that you just don't hear when people have to use their birth names in public.

When you create a social networking site that requires real names, you create an artificial bubble. What you see is just the nice things in people's lives, you don't see what's really happening. But when people have control over who knows their name, they still talk about cute cats and the latest iPhone and what kind of wine they drank last night, but they also talk about other things. They talk about dealing with their parent's Alzheimer's. They talk about how their daughter was missing for three days and got drugged and raped and the police refused to follow up. They talk about how they just lost their job and they're worried that they'll end up on the street. They talk about how their boss will fire them if he finds out they're gay. They talk about how they were sexually abused as a kid. They talk about what it's like to live in a country where bloggers get thrown in prison. People don't dare talk about those things with their birth names; not when Google is indexing everything they say.

When you avoid or ban people who protect their birth names, you create an artificial world, one that doesn't reflect what's going on in the real world. When you surround yourself only with people who are using their birth names, you get the impression that everything is fine out there. That this is America, and people don't discriminate, people aren't ending up on the street through no fault of their own, people aren't getting stalked to their doorsteps because someone learned their name, and people aren't being judged by their sexual orientation. You're surrounded by people who seem to be just like you, because the conversation has been reduced to what's acceptable at the work watercooler.

The sad thing is, if you're dealing with something difficult in your life, that bubble also makes you think you're alone. You think you're the only one, because nobody else is talking about how they're going to pay for their parents nursing care, or how hard it is to juggle work and family.

Of course, maybe you don't want to hear about other people's problems on Google+. There's nothing wrong with that. I don't particularly want to hear what kind of wine Robert Scoble had last night, so I don't circle him. If you don't want to hear about how Jane S is dealing with her son smoking pot, then you don't have to circle her. But that doesn't mean that Jane S shouldn't have a right to join Google+ and comment on your post about the latest merger, or give her opinion on the riots in London, or talk to friends who do want to talk about raising kids. Just because she protects her privacy more than you, doesn't mean her opinion isn't valuable. Furthermore, having people with different backgrounds in a discussion makes for a far more educational and interesting conversation.

Google's name policy is intended to create the illusion that we are all at a fancy restaurant; they've explicitly used that metaphor. Unfortunately, in doing so they have denied access to a lot of interesting people; to teachers, lawyers, doctors, activists and government employees; people who aren't allowed to use their real name to express their real opinions. And they've driven away a lot of people with a very legitimate need for privacy; the abused, the victims, the stalked, the discriminated against. That wasn't Google's intent, but they believe that losing ten or more percent of the population is a legitimate cost in their goal to create the illusion of normalcy.

I think people who say "I'm more comfortable talking to people who use their real names" or "they should find another social network" don't realize just what a broad swath of the population is being eliminated by this policy. They don't realize, because they've never had an honest and open conversation with anyone affected by it. They don't know that their co-worker is gay, or that their favorite barista got raped last month, or that their son's teacher is an atheist. They don't know that the person they are banning may be a neighbor or even a friend. They also don't realize how important online social networks are to people who don't have the freedom to talk to their peers in any other environment. Social networks aren't a "game", they aren't something you do outside of your "real" life. Social networks are a real place where real people meet, make friends, share ideas, create business relationships, and even end up getting married. And all of those things happen even if they initially meet without sharing their birth names. "Jane S" is just as real a person as "Jane Smith", and perhaps even more so.

Google certainly has a right to create a fancy restaurant with an illusion that everyone is telling the truth about who they are. But it's just that, an illusion. Many of us looked at Google as the one internet company that understood the importance of privacy. They stood up to China and left the market when forced to censor. They've fought the hackers who have attempted to keep Google from providing secure email to dissidents around the world. We thought that if Google was going to create a social network, they would create one that mirrored the real world. One where people had control over who saw their birth names and who didn't. A social network that upheld the basic freedoms we expect in a democratic society. Instead, they just created a more authoritarian version of Facebook.

It doesn't have to be this way. You can hit that "Send Feedback" button and tell Google that you don't want them to discriminate. You can tell them that you're happy to hear the opinions of people who don't have the freedom and security to use their birth names. You can tell Google that you want to hear from people who come from different backgrounds than you. You can tell Google that you don't really mind if that guy with the fabulous photos is called "John" or "JujuBoy". You can tell Google that you want a social network where people are free to talk about all of their lives, not just the parts they don't want in the paper tomorrow or in twenty years. Or you can decide that what you really want is a an artificial bubble where everyone talks about technology and cat pictures.

Personally, I prefer reality.

———————————
For more details on who is hurt by Google's policy, read "Who is harmed by a real names policy" (http://j.mp/pojGSo) or my long post here: http://j.mp/pJC2PO (skip to "Who Needs a Pseudonym?"). If you have any other thoughts on why it's bad to let people control who sees their birth name, please read that post first, I probably discuss them.

For my thoughts on privilege, a word I always used to find personally insulting, read my post here: http://j.mp/o2ApQ3. What I refer to as "being in a bubble" has a lot to do with the concept.

For some excellent personal statements on the importance of name privacy, see http://my.nameis.me/

If you're wondering where I came up with "ten or more percent of the population", that's what I believe is a conservative estimate, based on the number of people on Facebook who don't use their real names. Those people are disproportionately minorities and women. Read researcher Danah Boyd's article _"“Real Names” Policies Are an Abuse of Power" at http://j.mp/ojrQ3g. I can't find the original reference to the percentage (can anyone give me a link?), but it was confirmed by my own check of a few Facebook groups I belong to.

Drawing by my daughter, Shadi Fotouhi. (Still too young to join Google+ :).

On Pseudonymity, Privacy and Responsibility on Google+

2011-07-28T00:45:51Z

[This was originally posted on Google+. You can view it there at https://plus.google.com/117903011098040166012/posts/asuDWWmaFcq and comment there if you have a Google+ account.]

Google has said that they plan to "address" the issue of pseudonymity in the near future. I hope that these thoughts and experiences may help inform that decision.

Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical, minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society.
———— 1995 Supreme Court ruling in McIntyre v. Ohio Elections Commission

This whole persona/pseudonym argument may seem like a tempest in a teapot, but the fact is, the forum for public discourse is no longer the town hall, or newspaper, or fliers on the street. It is here on the Internet, and it is happening in communities like this, hosted by private sector companies. Freedom of speech is not guaranteed in these places. As +Lawrence Lessig once said,"the code is the law." The code that Google applies, the rules they set up now in the software, are going to influence our right to speak out now and in the future. It is imperative that we impress upon Google the importance of providing users with the same rights (and responsibilities) as exist in the society that nurtured Google and brought about its success.

I'm going to try to summarize the discussion as I've seen it over the past few weeks. Since this is a long post (tl;dr), here's a description of what's coming so if you want, you can skip to the section that you're interested in.

First I'm going to address some red herrings; arguments that actually have no bearing on pseudonyms. I will explain why I think we should be having this discussion about a company's product. I'll explain, through painful personal disclosure, the experience of close friends, and other examples, why someone might want to use a pseudonym. Then I will address the arguments I have heard againstpseudonyms (and some of them are quite valid), and what some alternatives might be.

I apologize for the length of this post, I know it could be trimmed.

——————
The Red Herrings
——————

Anonymous speech on the Internet is a mess
This is absolutely true. Go to any site where people can create accounts just by entering a fake email address, and where there are no valuable relationships between users to maintain, and you'll find a mosh pit of spam and just plain garbage. Fortunately, nobody is asking for anonymous speech on Google+; we're asking for the ability to use pseudonyms—persistent names that aren't tied to our real life address, home and personal information. All the usual validation processes (SMS messages, voice activation on the phone, etc.) would apply to them. When people give examples of how pseudonyms create hostile environments, they are almost always referring to comment systems, not social networks like Facebook, Twitter, LiveJournal, or Google+. I'll address that difference below.
+Shava Nerad expressed this very well in a comment on G+:

People confuse two concepts: anonymity (no one knows who you are at all, no persistence over time, the most prolific author of all time is Anonymous) and pseudonymity (no one knows who you are, but there's a persistent identity over time like a pen name, think: Mark Twain, George Sand, Lewis Carroll, Thomas Pynchon, John Wayne, or Stalin). No one doubts who John Wayne was, but then again, no one reading Thomas Pynchon's books seriously doubts they are by the same author (well, maybe, but really...) even though no one but perhaps his editor has seen him (or her?).

If people use pseudonyms, I won't be able to track down a stalker
If you have a legal complaint, then Google will reply to a subpoena with all the information they have, which at least includes IP addresses and any linked accounts, and perhaps the number of the phone used during verification. The process of tracking a real "John Smith" to an originating computer is not going to be any different from tracking down "Demosthenes" to that same computer. Since Google isn't verifying every address, they have no more information about "John Smith" than they do about "Demosthenes".

I want a service where I know that everyone I talk to is using their real name
Then you need a paid service where every person is required to provide a credit card and/or government ID. So far as I know, no such service exists, nor does anyone have any plans to create one (well, actually I think the Chinese are creating one, but I wouldn't exactly hold that out as an example to follow). Google is only suspending accounts that have odd characters in their name, or which are reported by other users. They have given no indication that they wish to ask for a photo ID from every single one of their users, nor would such a process be viable in an international community. A similar argument is that we need to stop the "whack-a-mole" game, where someone who is tossed off the system immediately pops back on with a new account. That's great, and hopefully Google's authentication systems will help, as well as other algorithms, but banning pseudonyms won't do a thing for it.

This policy is necessary to stop spam.
See the previous item. With no ID requirement, spammers simply require an phone and a name that looks real. I'm sure Google will be using phone data, content filters, social graph analysis, and user complaints to help track down spammers, but allowing or disallowing pseudonyms has zero impact on the problem. Bad behavior is bad behavior, it doesn't matter if you do it with a real name or a fake one.

——————
Why Are We Having This Discussion?
——————

Google is a private sector company, obviously they can create a social network with just about any rules they want. However Google has stressed the importance of privacy, they have stressed that their company motto is "Don't be evil", and they have clearly created a product which has the potential to dominate online public discourse. The product is in beta, and they want feedback on it. I'm providing this feedback because I feel that Google+ has the potential to become the defacto "law" for online discourse, and I think that it is critical that the "law" reflect how democratic societies have always worked. Larry Page, during his earnings call, said, "Our goal with Google+ is to make sharing on the web like sharing in real life" (http://www.businessinsider.com/google-confirms-over-10-million-profiles-on-google-2011-7). As it currently stands, Google+ has policies which prevent it from reaching that goal.

——————
Who Needs a Pseudonym?
——————

I'm going to start with the personal. I'm going to say some things here that I really don't enjoy saying in public under my real name, but I'm going to say them because in the grand scheme of things, they are relatively minor. I have very good friends who would not be able to say some of these things. They might lose friends, neighbors, even custody of their children. I'm lucky, I'm established enough in my career, and confident enough of my family, that I can say some of the reasons why I have a pseudonym account as well as one under my real name. If by doing so, I help create protections for people who have much more serious reasons to protect their privacy, then the slight embarrassment to me is more than worth it. I apologize in advance, however, to my children, whom I really didn't want to hear about this. I'm sorry.

Iran
When the attempted revolution broke out in Iran, I had in-laws there, I had information about what was happening that I wanted to share online with people who were interested in the situation. I wanted to educate them about what was happening. But I couldn't do that under my real name, because the Iranian government was actively searching Twitter for posts about Iran, and they could easily have connected me to my wife and her relatives.

Marriage
My marriage was on the rocks. I was sleeping on the couch, drinking too much, and not focused on my consulting business. I initially talked about some of this online on Twitter, and started to meet people with similar problems who had advice and support, but then my children got Twitter accounts. Creating a separate account allowed me to talk about those issues without identifying and embarrassing my family; not to mention my consulting clients. Those conversations, under my pseudonym, were absolutely critical for my finding a new network of friends, hiring a personal assistant, finding housing, moving out of my home, getting new jobs, and in general, getting my feet back on the ground. I made real friends, many of whom I have met offline, and now know by their real names, under that account. It was critical for getting my life back together.

Teenagers
I have two teen girls. Sometimes (especially since my wife and I separated, and the kids are off at boarding school) I just want to talk to people about the issues that come up when you have teenagers. Publicly posting (with no names, of course, that's the point of a pseudonym) about issues online has generated a flood of support and similar stories. I regularly share the ups and downs of my parenting life with other people, and they with me. Do I know their names? No. Do I need to? No. Would I have found that support if I'd only posted to my closed circles? No.

Alzheimer's
My father has Alzheimer's. It's getting pretty bad, he's starting to get paranoid, my mother has to bathe him and help him go to the bathroom. She and my aunt care for him, and it's pretty tough, and when I go there to help, it's pretty hard on me. Fortunately I can talk about this publicly, about all the things that happen and all the stress it causes me. And when I do, I get support and discover that there are other people out there amongst my public correspondents who are also having these problems, and we offer each other suggestions and support. I don't do this under my real name because I really don't want to be putting private information about my father, my mother, my aunt and myself out on the Internet. So I do it under my pseudonym. And not surprisingly, most of the people who respond to me are doing so under their pseudonyms. Is Alzheimer's a topic we aren't supposed to talk about publicly on Google+? There are many many topics like this which are not in the slightest bit controversial, but which people would prefer to talk about without their boss, neighbors, or strangers connecting to their real name.

Now let me talk about a couple friends. (I've tweaked the specifics for obvious reasons.)

Too Well Known
He's a minor celebrity in his home state. His face is well-known on television. He's involved in the BDSM community online; he's a submissive. And sure, he talks to folks on the sites meant for that, but this isn't some hobby, this is his way of life, and you don't go to a fetish site to talk about raising your kids, how to deal with unemployment, or what people are doing about health care. He wants to be able to talk about those things openly online, with his friends from the community, and he can't do it under his real name, or even with his real face, and he can't even do it at the local get-together's in person, because he's too well known. It has to be online. It has to be pseudonymously.

Dating the Wrong Guy
Her boss is a total misanthrope, he hates blacks. He rails about them day in and day out. What he doesn't know is that she's living with her black boyfriend. She's been looking for a new job for months, but this is all she can find. Where can she go where she can talk publicly online with her friends and her boyfriend about politics, the latest tech toys, and her interests?

The following list of beautiful examples comes from +Shava Nerad. She describes perfectly the need of everyday people, just like us, to have a little privacy in a public forum.

The Lawyer
This is setting a precedent for the small town lawyer who wants to be able to keep their ability to blog about local politics, even though it might alienate their clients in their law practice.

The Teacher
It's about teachers who want to be able to go shred on the weekend, even if they teach middle school a couple towns over.

The Abuse Survivor
It's about a middle aged guy who wants to blog about surviving sexual family abuse as a kid, even though his abusers are still very much alive, living in the same town.

The Texas DA
It's about the DA in Texas who wants to use his pseudonym to discuss his anime collection and research gay resorts in the Bahamas.

Arab Spring
It's about the woman who wants to blog about how her husband and several of her cousins are activists in the Arab Spring movements in Syria, and how she and her mother and sister are getting by at home while they are away.

Narcotics Anonymous
It's about the guy who is trying to attend NA meetings online because he's too well known in his community on sight to be seen walking into a Narcotics Anonymous meeting, and wants an identity to be able to meet with his sponsor and friends in recovery online.

The Union Organizer
It's about the woman in the company town in upstate NY who is trying to organize a union without her kids getting hurt on the playground.

Here +Cory Albrecht provides a set of real-life examples of people talking about just the kinds of things I expect people to talk about on Google+, and how it ended their careers and/or lives.

The Rape Survivor
The rape survivor who wants to be able to talk about her experiences without letting people know who she really is to protect her privacy.http://mg.co.za/article/2011-02-07-anonymity-a-rape-survivors-right/

The Closeted Teen
The closeted gay teenage boy who wants to participate in the online gay community where he can find support and friendship without the homophobic bullies at his high school finding out and driving him to suicide. http://www.nowpublic.com/world/seth-walsh-13-yr-old-commits-suicide-after-bullying-video-2685728.html

The Atheist Teacher
The employee who just happens to be an atheist but would get fired from their job if their boss found out.http://mattcbr.wordpress.com/2009/02/06/teacher-fired-for-being-an-atheist/

The Wrong Political Party
Or fired for being Democrat when your boss is Republican http://www.missourinet.com/2011/04/19/former-city-prosecutor-says-he-was-fired-for-being-a-democrat/ or vice versa http://www.nbcdfw.com/news/politics/Dallas-Co-Prosecutor-Believes-He-Was-Fired-for-Being-a-Republican-107007433.html .

Finally, more from my personal friendships and other folks online.

LGBT
He's gay…he's bi…she used to be a guy…he used to be a girl…he's still in the closet and doesn't know anybody like him. They aren't looking for a forum to talk about their sexuality, there are plenty of those. They're looking for a forum where they can talk about all the stuff the rest of us take for granted; politics, technology, society, world news… They just want to do it as themselves, not as someone pretending to be someone they aren't.

The Abused Spouse
He comes home every night and searches online to see if she's posted anything, anything at all, under her name. She has no job, she has the kids to protect, he's threatened to hunt her down and kill her if she leaves. (If you want a better understanding of this issue, please read this http://pervocracy.blogspot.com/2011/07/why-does-she-stay-with-that-jerk.html)

The Stalked Science Blogger
In Science Blogger, Bug Girl's own words (http://membracid.wordpress.com/2011/07/24/why-google-hates-women/):

"I’m not going to choose to out myself just because some giant world-ruling corporation demands it. I have been Bug Girl online since at least 1997; as a blogger since 2005. I initially adopted a pseudonym because I had been the target of some white supremacist groups in the 90s, as well as experiencing stalking."

"I also only feel free to talk about my disability (I have epilepsy) and my status as a rape survivor under this pseudonym. I don’t want my students, my employer, or my mom to find out these secrets about me from Google."

"Facebook's Real Name policy is sexist, discriminatory, and stupid. Google's policy is worse, because Google had the advantage of having seen how bad Facebook's policy was, but they went ahead and implemented it anyway. "

The Everyday Activist
And finally there's the simple desire to not conflate your primary online activity with something secondary that might detract from it.+Lauren Weinstein talks about it in his excellent article "Google+, Privacy, and Balancing Identity" (http://lauren.vortex.com/archive/000882.html)

"Already in the almost three weeks that I've been using Google+, I've had the experience several times of refraining from commenting on threads where I could have imparted potentially useful information, because I did not feel comfortable drawing attention to myself publicly relative to the topics under discussion. Perhaps 99% of the time I have no problem with being fully identified in my public postings. But that remaining 1% is still a significant concern nonetheless. This sort of self-censorship regarding legitimate matters, where no fraud or other bad intent is involved, should be a red flag regarding the possibly stultifying effect that "true identity" can bring to some situations."

——————
What Are the Arguments Against Pseudonyms?
——————

I apologize in advance for quoting +Robert Scoble so much. I was going to take examples from a number of different sources, but Robert made many of the same arguments in one convenient set of comments, and I'd rather use remarks from a public figure than someone who just happened to speak up in a comment.

These are in no particular order.

People don't really need to hide
I hope the earlier set of examples has put this argument to rest, but in the end, this is no business of anybody except the person who wishes to have some privacy. This isn't about hiding. It's about privacy and control of the key that gives every stranger access to my doorstep; my name.

You only need a pseudonym if you're bad
Mark Zuckerberg is famous for having said, "Having two identities for yourself is an example of a lack of integrity.". (Okay, that's not theonly reason he's famous.) So speaks a man who has never had to work for someone else and never had children. He also said "The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly." (http://michaelzimmer.org/2010/05/14/facebooks-zuckerberg-having-two-identities-for-yourself-is-an-example-of-a-lack-of-integrity/)
It's pretty clear that Facebook is doing its best to make this true, it's not so clear that people want it to be true. But some people take this even further. For instance, +James Stallings II said in a comment on Google+,

"Also I think that if you are using a nym to hide behind, you are doing exactly that, hiding. If things are so bad for you that you have to hide, you should be spending less time on the Internet, and more time reflecting on why it is you need to hide in the first place. Are you keeping bad company? making promises you cant keep? have a problem saying no? These are not problems that are strictly the province of women; any more than women are the only ones threatened with physical violence or confronted with sexual harrassment due to how they look."

Unfortunately, that's not an uncommon attitude, it even has a name, "blame the victim." Some people believe that all your problems were brought on by yourself. I honestly don't know how someone can jump from their own personal success and security to claims that their parentage, birthplace, biology and personal experiences have relevance to a gay teen in the American South, a kinkster in the Midwest, or a Burmese refuge fleeing from government persecution, or even the alcoholic next door, but some people do.

A forum with pseudonyms lacks respectful discourse
There is an element of truth to this. Someone may in fact chose a pseudonym in order to troll and create havoc. Removing pseudonyms will probably reduce this. There are however, a couple of problems with the argument.

1. People troll under their "real" names too. So with or without pseudonyms, the service must provide mechanisms for dealing with abusers. Google+ does provide some of these already, you can block (really "mute") someone to not see their comments and prevent them from commenting on your posts. You can moderate your posts. These tools seem quiet sufficient to deal with the slight increase in jerks that will come with allowing pseudonyms. Over time, Google will need to provide additional tools; whether or not they allow pseudonyms.

2. Google is not providing a mechanism to prevent fake accounts. They are providing a mechanism to report fake accounts and validate them after the fact. So if someone signs on as John Williams, and starts flame fights in the comments, it's going to be a while before it occurs to anyone that it might be a fake account. You'll still need the moderation tools.

3. People who have persistent pseudonyms are noticeably different from the trollers. They have lots of friends, you can Google them, they have many online posts. Even on Twitter, in the land of 140 character tweets, it's pretty easy to glance at the follower list and tweet stream of someone and tell whether they are a spammer, a jerk, or an actual social person. It has nothing to do with name, and everything to do with behavior and content.

4. A person with a persistent pseudonym lives and dies on one thing; reputation. If they lose their reputation, they lose their voice. They won't get followers because of their job, or because they are famous, or because they worked on interesting projects. All they have is what they say. So in fact, they are more inclined to carry on a respectful conversation. Especially in a forum where being blocked is a mouse click away.

One common argument is to point at other services as an example of the failure of pseudonymity, but the comparisons are almost always apples and oranges. Examples include Techcrunch's comment forum prior to switching to Facebook, YouTube, Myspace, andany newspaper comment forum. These sites have zero to little verification for signup, it was trivial to put in a fake email address and start an account. They also provide no benefits to creating a social network of friends. Nor do they provide easy ways to block people. On the other hand, there are social networks, like Flickr, LiveJournal, Twitter, and others, which have a huge mix of pseudonymous and "real" names, and have civil discourse and a very active community. If they can have a vibrant user community with both "real" and pseudonymous accounts, why can't Google+?

I have a pseudonym I use on the Internet. It has a blog, a paid Flickr account, a YouTube account, over 1000 Twitter followers, over 40,000 tweets (that's about 1000 pages of writing). It has its own domain name, and three years worth of 50,000 Google references associated with it (twice as many as I have under this name). Why does that account, with it's obvious pseudonym, have less accountability than some guy named "John Smith" who lists no location, links to no other info, and shows no connections to any other people on the Internet? My persona lives and dies on reputation alone. "John Smith" gets a free ride because he can produce a driver's license to Google and continue being an anonymous asshole to everyone else. Does that really make sense?And if you grant my persona's right to exist here, then are we saying that Google+ is a network only for people who already established their connections somewhere else; the "old boys' club" of social networks? We don't ask people for their passport before we talk to them. As +Sai . asks, "Have you ever slept with someone without first asking to see their ID?" If we'll do that, why do would we require one to talk online?

Go somewhere else
My first response to this is simple. I go where my friends go, isn't that the point of a social network? People don't enjoy trying to fool Facebook or Google into thinking their pseudonym is real, but if that's where your friends and colleagues are, then you don't really have a choice. But also, I think this argument is tied to the mistaken belief that people who have privacy concerns can live half a life, going online with a pseudonym only for the one issue, and then pretending to be something they aren't the rest of the time. Who you are affects your opinion. Being gay or female is quite likely to impact your opinion about pseudonyms, does the fact that you need to be private about that, mean you aren't allowed to discuss the issue? Being gay, or transgendered, or kinky, or a communist, or a woman does not mean that you should go and discuss everything in a ghetto meant just for your kind. That's an incredibly elitist position to take. And yet, that's exactly what +Robert Scoble has said, which left me more than a little shocked.

"And there are plenty of forums and other places on the Internet that are great for discussing all those political and racist and other ideas. I'm not seeing anyone harmed if Google wants to go down a better discourse path by forcing real names and real identities. As far as being a woman and discussing rape or domestic violence, maybe Google+ isn't the place to discuss those things. Maybe someplace like Quora, where you CAN be anonymous, is a safer and better place to talk about those things."

(Quora allows selective anonymity, which a) assumes I'm only need to hide my identity some of the time, and b) has no persistent identity. It's also a question and answer site, not a general purpose social network.) Some people feel that Google+ can be a great place to discuss technology and business, but they don't want anything here that makes them feel uncomfortable, like "political and racist and other ideas". Perhaps I'm wrong, but I don't think Google intended to create another LinkedIn.

In response to the "go elsewhere" argument +Jillian C. York wrote a telling description of the Arab Spring protestors dilemma:

"What bothers me about your argument that they can "just go elsewhere" is that, in the case of Facebook, they really couldn't go elsewhere and be effective. Facebook was, and still is, where the network is, and if you want to be effective as an activist, you must target the existing network. And I imagine that, within a short time, Google+ will play that same role."

To sum up. People who value their privacy are not one-dimensional. They have lives, work, family and friends, and they like to talk about them some place where they don't have to give up their privacy. And if they have issues that they feel need to be brought to public attention, they can't do that in a single-purpose ghetto, they need to do it the same popular public forums as everyone else.

Use a real sounding name
This is the "Don't Ask, Don't Tell" model of pseudonymity. Don't make it clear that it's not your real name, and everything will be fine. Or in other words, "Lie." Some people actually think this is okay, what they object to is not pseudonyms, but names that don't look what (they consider) real names to look like.

+Jillian C. York gives a great example of how this fails for activists, but it applies to anyone who might possibly annoy anybody about anything…whether it's politics, sexuality, or talking too much about dogs.

"Look at Egypt: We know how important Facebook was to organizing, for those activists who chose to use it (this is not, everyone, an argument that the uprising couldn't have happened without Facebook, so let's not play that game). And yet, Wael Ghonim's page (you know, "We Are All Khaled Said, hundreds of thousands of fans) was removed from the site last fall because he'd been using a pseudonym on the site. The pseudonym looked like a real name, but because he had some enemies, they reported it, of course, having it taken down. And since he couldn't prove his identity with ID as Facebook requested, bam! Gone."

"This is one use case that I've seen dozens of times now. Activists, in authoritarian countries, getting booted from a site because their activism got them reported, and their name happened to be fake. Meanwhile, thousands of others get away with it because they don't have enemies. "

In real life, you use your real name
There is a difference between "using" your real name, and (like the ill-fated bank robber in England) having it tattooed on your forehead. In fact, in real life you get to choose when to use your name, and how much of it to use. Your stylist probably only knows your first name. Your co-workers might actually know you by your last name, although they could probably find your full name. And the girl behind the cash register at the 7-11? All she knows is that you like grape slurpees. In real life we do not give our real name to everyone we meet, let alone everyone who looks at us. The only person we have to give our real name to is law enforcement, and nobody is suggesting changing that here. Furthermore, there are social situations in real life where real names are not used at all. There are social clubs and societies where pseudonyms are standard procedure, and nobody uses their full name at an AA or similar meeting. When you write a letter to an advice column, you don't use your full name. When the founders of our country were writing what became The Federalist Papers, they certainly didn't use their real names. Philanthropists donating money often don't use their real names, and in fact the rich and famous often use pseudonyms to avoid attention; they can afford to be pseudonymous in real life, we only get that protection online.

There's another big difference. For most people (I'm an exception, my name is globally unique) telling someone your name in real life doesn't instantly link them to everything you've ever written. Sure, they can probably Google it, and they might find the right you, but it's still an effort. On a site like Google+, it's one click away. So Google's real name policy is nothing like real life; it is much, much less private.

Pseudonyms aren't real people
Some people seem honestly upset that they should have to use their real name to interact with someone who is using a pseudonym. Perhaps it's because I've been interacting with people online for so long (my first online girlfriend was in 1978), but I just don't see it. There is absolutely nothing more real about "Kee Hinckley" than "MYOTHERIDHERE". Both can be Googled. Both will tell you (mostly non-overlapping) things about my life. Both will let you see the conversations I've had. Both names have been used to buy Pro Flickr accounts. Both names belong to various associations on and off line. Both names have blogs. I use both names in social situations offline. A subpoena will trace both names back to my laptop computer where I sit typing this. The fact is, short of searching financial or government records, there is nothing to make "Kee Hinckley" any more real than my pseudonym. And as I discuss what I think of the latest iPhone rumors online, I completely fail to see why anyone should be interested in what my birth certificate or financial records say. People who don't like pseudonyms seem to not like them because they feel they are a lie of some sort. And if my pseudonym were "John Smith" then they'd be right, but it's not. I chose a name which was globally unique, because I wanted a clear, persistent, and obviously not-on-a-birth-certificate name. I'm not lying to you, I'm choosing not to tell you my birth name. You don't tell me your social security number when we meet, but that's not a lie. I'm just not going to give you the lookup key which can lead you to the name of my children, and the address of my house. Because when you come down to it, that's what a "real" name is online now—it's a key to everything about you that you'd really rather people didn't know.

This is why Zuckerberg is so wrong. We aren't moving away from dual identities. We're moving towards them. The global database of personal information is forcing us to adopt pseudonyms in order to maintain our privacy.

If you're really commonly known as that, why not just prove it?
This would be the "rich and famous" clause. 50 Cent and Lady Gaga get to have pseudonyms (do her close friends call her "Lady", or "Gaga"?), but you and I don't. Google says you can use a name if you're "commonly" known as that. Which means we get to watch the ludicrous sight of a Google employee posting on their LiveJournal begging friends to give affidavits saying that they have always called him "Ping". And what exactly does "commonly known" mean? I'm commonly known as "Kee" by some of my friends, but several thousand people on Twitter, not to mention everyone who reads my blog or photo posts, knows me by a different name. If this had happened 30 years ago, many of my friends knew me as "nazgul", both online and off; that's how I signed all my online correspondence. A Google search on my pseudonym turns up 50,000 results. On this name, it turns up 25,000. Does that mean "Kee" isn't my commonly known name? "The Bloggess" is well known online by that name, is that her common name? At what point does someone become famous enough to qualify for this policy? How do I find out if I do? Millions of people in this country go by names that aren't on their driver's license. Often it's a variation of their real name, but often it isn't. How do they prove that? Who determines when a nickname is real, and when it is fake? The VP in charge of Google+ doesn't use his real name on the service, I should think that should have made the issue fairly obvious. Does Google really want to spend that much time and money per user?

And then there's the cultural problem. In India and Thailand (and I'm sure other places), people go by nicknames, not birth names. Those names aren't on any birth certificate, and there is no way for them to prove they are accurate. We've already seen Google asking such people for proof of their name. Google states, "Use your full first and last name in a single language. If you use your full name, you'll help people find you online and connect with the right person." but that is patently false. I find myself repeatedly having to ask people if I know them by some other name, because they were forced to abandon their persistent online identity when they joined Google+.

Even outside of the issue of pseudonyms and multiple accounts, Google has created a very Western-centric model of what it means to have a name. Clearly they need to correct that, and I'm sure they will, but to me it is indicative of the fact that the people who designed this policy really had no experience with what it means to have and use a name, let alone what it means to be someone with a reason to fear having their name exposed. Google needs to seriously consult some sociologists and anthropologists if they want to play this game.

It's dangerous
A number of the examples I've given, as to why someone might want a pseudonym, involve personal danger. All of them at least involve potential embarrassment. This argument says that there's no way to be private on the Internet, and therefore you shouldn't share anything that you don't want anyone to know. They claim this is "security by obscurity". +Robert Scoble makes this argument in a comment,

"If you are Chinese and you want to avoid government action you should advise people to keep their opinions off of the Internet. Period."

You know, everyone wants to avoid government persecution, but some people think it's worth taking the risk. Telling them to go hide and suffer in silence is not helpful. And what people are calling "security by obscurity" is simple common sense, we tell every kid not to give out their name and address to strangers, why does that become bad advice when we are adults?

It's true, pseudonyms are not 100% safe, and Google could do a lot to help educate people on how to use them safely, but as an anonymous person wrote to +Violet Blue.

"Using a pseudonym is little enough in the way of protection, but at least it prevents all but the most determined retaliation. I wondered how many people would have been prevented by fear from takings stands on issues. How many would have been subject to retaliation ranging from loss of jobs to death had they been exposed by real name? I am sure there are some who would put themselves at risk regardless, and they have my admiration. But what about the risk to family members and friends who could also become targets?"

His crime? He once told a class how he was knocked unconscious, raped, and then ignored by police who said "they could not worry about every fag who had a tiff with his boyfriend." As a result of that public disclosure, another student in his class then stalked him forten years, driving him to attempt suicide. Do you think that man is going withdraw from public life on the Internet because of a stalker, or will he instead attempt to use a pseudonym, no matter how little security it provides?

A quick glance at Facebook should make it clear that you can say "don't used the Internet if you want to be private" all you want, but people will continue to share those things, even under their own names. The fact of the matter is, those that are using pseudonyms have, for the most part, actually realized the danger and taken some initial steps to address it. I'll be the first to admit that they most likely haven't taken enough; I've worked in the Internet security field for a number of years and I'm very aware of the issues involved. However, the argument that we should therefore not allow it, is ridiculous. In the first place, there is no way to not to allow it. Google has no intention of checking everyone's ID at the door. Secondly, people will use pseudonyms because it's the only way they can communicate with even a small amount of security. Arguing that we should ban pseudonyms because people won't use them safely is like arguing that you should ban sex education because otherwise kids will have sex; they are going to do it anyway, let's at least explain how to do it safely. Except in this case you're talking about protecting adults from themselves, not protecting kids. The right solution is not limiting choices, it's providing education.

The other issue with this argument is that it's black and white; it assumes that all risk is the same. The level of security I need to flirt with my friends without my kids seeing it is very different than the level I need to smuggle information out of Libya. But by banning one, you ban them all.

Privacy is like insurance and security; the more you have, the more it costs you in time, money, and inconvenience. There is no such thing as a secure computer, only a computer that is as secure as you are willing to make it. The same is true of privacy.

Pseudonymity fails when you meet someone offline
It's nice to see Robert admitting that you can actually meet someone who has a pseudonym, but this argument is bogus.

"the first time I met +Thomas Hawk he told me his real name (Andrew Peterson) and then the secret was out (someone else already spilled the beans before I did). So, can anyone really be anonymous online AND have real-life relationships with others they meet online? Of course not."

The fact that Thomas Hawk trusted Robert with his real name, and Robert outed him does not mean that you can't meet someone and not use your real name. I do it all the time, as do many other people I know. As with anything about privacy, you have to decide who you trust and how much. This doesn't change when you meet them. There was nothing keeping Thomas Hawk from saying, "Hi, by name is Thomas," or even, "Hi, I'm not going to tell you my name."

If you have something important to say, report it to the media, they know what they're doing
This is a corollary of "it's too dangerous". +Robert Scoble said:

"There are plenty of ways for anonymous whistle-blowers to get heard (I protect my sources, for instance) [that just after he admitted he was the second person to out a blogger's pseudonym] and plenty of ways for people to have their injustices heard…For instance, I carried about three terabytes of hard drives on my trip there and they never were looked at. I could have brought out a TON of info from people inside and posted that without ever threatening the source."

I commend Robert for offering to serve as a conduit for every person complaining about injustice in China although I'm not sure how they will contact him anonymously. But let's be serious, this is the height of egotism and elitism. There is far more injustice in this world than there are people to report it, and suggesting the oppressed should keep silent and "safe" unless they happen to know a reporter has got to be the most ridiculous piece of paternalism that I've heard in this entire discussion.

The oppressed don't have Internet access anyway
Yes, seriously, I have heard this argument from multiple sources. The claim is that oppressed people with Internet access are a myth.+Robert Scoble:

"heck, in most of the places where human rights are under attack Google is being blocked anyway and in most of those places IP addresses are being tracked, not names, whether fake or real, so your claim just doesn't ring true anyway"

I'm not sure how one reconciles this with Green Revolution and the Arab Spring. Robert also makes the same comment about some illegal immigrants he saw protesting on the street. He doesn't think they have access to the Internet either, so therefore we don't have to worry about allowing them on Google+. (Hint, "local library"). I know literally hundreds of people who are unfairly discriminated against, and would love to prove him wrong by responding to his comments on Google+…unfortunately they don't dare do so under their real names.

Pseudonyms make it worse for women
+Robert Scoble:

"It's interesting that the anonymity advocates never talk about the crap that allowing anonymity brings, particularly the anti-women comments."

Oddly, the majority of people I see arguing for pseudonyms are women, and the majority of people I see making comments like this are men. Actually, we are talking about the "crap" that anonymity can bring, however we are also considering the tradeoff. This was expressed quite eloquently by +Gretchen S. who said that she'd much rather have to block a few pseudonymous online harassers than give up her pseudonym and have one show up at the door of her house with a gun. That's not a hypothetical problem for women, I have a good friend who experienced the dangers of using her real name. She made the mistake of using her first name online, and it was a little too unique. Someone tracked her down, drove three hours to her home town, knocked on her door, and attempted to persuade her to have sex with him. She was lucky, she convinced him that she had a boyfriend sleeping inside, and he went away. People often argue that the courts can protect women from harassment—that's not much help after you've been raped.

Real names will stop harassment
+Robert Scoble:
"If everyone is forced to use their real names and real identities. You think people will still harass people if they are hit with a lawsuit? Or if their bosses get sent their emails?"

Yes, I do. In fact, I have proof that real identity doesn't stop harassment. Ask the next woman or ethnic minority you meet whether they get harassed in "real life". Yes? Apparently knowing who people are, isn't sufficient to stop them from abusing you. And law suit? Really? Even if the harassment is illegal, even if the police in your part of the country think it's worth investigating, who is going to fund the time it takes to go to court, let alone the warrants and subpoenas necessary to get the proof? Should my girlfriend file a lawsuit against the guy who pinched her on the subway? How about the one who sent her a c*ck shot in email? (Word obscured in case Google is still censoring posts.) It would be a wonderful world if everyone had a "Report me for bad driving" number under their name, but sadly, most people won't care, and more than a few will argue that all they were doing was "flirting", "having fun", "playing", and "where's your sense of humor?". Court cases are out of the question.

What's wrong with first name, last initial?
Every once in a while I'll sign up for a service, and with no warning they'll broadcast my name as "Kee H" because some idiot thought that was an "anonymous" combination that didn't even require asking me. It's not. Even if your name is "John S", the addition of a location or profession, or the name of one or two friends, is going to be enough to find you. I am in fact alarmed by the number of people who are not using pseudonyms because of Google's policy, and are instead using their real name with an initial for their account. Your social graph is like a fingerprint, and while by itself, only a computer might be able to correlate Facebook, Twitter and Google+ social graphs to find you, with the addition of your first name, it's just a matter of some repetitive Google searching. This policy by Google is endangering users, especially women. The same people who claim pseudonyms are dangerous, should seriously ask themselves about the danger of this common alternative. See also "Female-Name Chat Users Get 25 Times More Malicious Messages"http://www.physorg.com/news66401288.html

Being anonymous defeats the purpose of social networking
That argument is based on the assumption that all networking eventually translates into meeting people offline. First of all, that's not true. I have hundreds of people I've talked to that I've never met in person, and that's fine. And I've done tens of thousands of dollars worth of business online with people I've never met as well. It also assumes that you can't do business or interact using your pseudonym, and yet people use DBAs in business and social situations all the time. Finally, it assumes that you never tell people your real name. I tell people my real name when I meet them in person all the time. I don't care about them knowing the connection offline, I just don't want it to show up in search engines.

It's just a dress code
This is the analogy that Google has publicly used. It's a dress-up thing. +Robert Scoble echos it when he says,
"I'm having fun here because you and I are using real names"

It's just like dressing up to go to a nice restaurant! However, there is a huge difference between being required to wear a jacket, and being required to give everyone who views my profile a unique identifier which instantly links them to my house, my home, my children and (with a little digging) my financial information. The comparison is completely inappropriate, and it is an insult to every person who has ever been stalked, harassed, or abused in the offline world, let alone those who simply want to selectively impart information about ourselves, just like we do in real life. Your name is not a suit jacket. It is the key that places your resume next to your position on gay marriage, your technical papers next to your statements about legalizing marijuana, and your career history next to your medical problems. Wearing your suit jacket doesn't keep you from getting hired, using your real name can. If we must insist on the restaurant analogy, this policy is more like requiring people to show up in nothing but their underwear.

If you're being harassed, the only real solution is the legal system
I've seen this argument made several times. First of all, even if it were true in the United States, it isn't going to mean a thing in most of the world where harassment, especially against a woman, is considered the fault of the victim. This is an international network. But for a better answer, read what Sandra Curtis has to say.

"From working in the mental health field for 45 years, I have personally known over 10 women who are now DEAD.... because their husbands, ex-husbands, boyfriends, ex-boyfriends, fathers, brothers, spouses' ex-wifes'/girlfriends, generally deranged persons who decided they were attracted to them, etc etc etc..went after them and killed them DESPITE restraining orders. These stalkers did not care if they were put in jail, or killed themselves as a result.

A restraining order is one of the most meaningless pieces of paper I have ever seen in my life!

I have testified in court - BEGGED the judge; "the guy said he is going to kill her, and that he doesn't care what they do to him. If he can't have her, nobody will."
Judge says to the guy, "Stay away from her, court dismissed.". Next day, found the wife stuffed in septic tank.
I don't know how that judge, for one, lived with himself.
Then the guy gets released from state hospital 10 years later, because he was, of course, insane then (yeah, sure..) and now is sane (yeah, sure again..).
Guess who he comes after when he is released, folks ?????????
Please. I have moved 3 times, finally changed my name. I tell you again. You haven't been there? Your advice is usually meaningless. We are not dummies. We have done it all to try to stay safe.

Google's advertisers won't like pseudonyms
+Shava Nerad addresses this issue eloquently here: https://plus.google.com/u/0/101371184407256956306/posts/3dTbYXi4oER. In short, marketing is about focus, and the things I discuss under my pseudonym tend to have a different focus than those I discuss under my real name. This differences allows the advertiser to target me even better. This is no different than how an advertiser treats the same person differently when they order from home, than when they order from their office address.

——————
What Are the Alternatives to Pseudonyms?
——————

Use Google Circles
1. Circles are only useful if you already have a network of friends interested in an issue.

2. Circles provide no protection for your correspondents, who don't know who you put in the circle, and may not want anyone else to know their real name. Even if Google allowed you to attach a pseudonym to a circle, that doesn't help the people who want to use theirpseudonym to reply.

3. Circles provide no protection for talking about things with people whom you don't trust with your personal information.

4. Circles aren't public conversations. There are many many issues that work best with public discourse, Google Circles provides no help for this.

I actually feel that Circles are going to be a source of embarrassment to a large number of people. They are the "Reply All" of Google+. You don't know who is in a circle when you get a message, which means you don't know who you are responding to. You don't even know how many people are in the circle. So when you get a message from your best friend that says, "Good morning!" and you reply with "Hi! So, did you take him home from the bar last night?" someone is not going to be happy when you discover that the "Good morning!" was directed to everyone at work. Even if you check the list of the random 21 people, that may not be enough to tell you if this is "Joe's Friends" or "Everyone in Joe's circles". The opportunities for mistakes (and duplicity) are rife.

In short, Circles, especially large ones, not only don't provide real privacy for correspondents, they may result in exposing information you'd prefer kept private.

Multiple nickname fields
Google has recommend this, and said it will be supported for search (possibly when you type a +?). This is certainly nice for the people who regularly go by different names in the same circles, especially for nicknames. It obviously does nothing for people who have separate social circles under different names, or people who wish to decide who has access to their identiy.

Sign up under real name, but have Google show only the pseudonym
This has potential. In fact, if it had been suggested three weeks ago, I might have said yes. However I find I now have a large group of friends who no longer trust Google with this information. The damage this fiasco has done to Google's image on privacy cannot be underestimated. Barring that, this could work for many people, but it raises a couple questions.

1. What's the "real" name providing? All the arguments against pseudonyms have to do with people not being accountable to other people on forums. If only Google knows my "real" name, this doesn't solve that problem.

2. Is the real name going to be verified at signup, or any other time? If so, this really does nothing for the activist or anyone who feels particularly concerned about privacy. Many people have argued that Google shouldn't provide pseudonyms because it's just not safe. I've explained why that, while true, isn't going to stop people. But this only makes it less safe. If someone snoops on my connection, puts a keylogger on my computer, or obtains my password, they will be able to see my real name in my profile. A policy like this makes things more dangerous to the people who can least afford it.

3. In the end, if the hidden "real" name is required to be verified, then there are still many people, especially the most scared and vulnerable, who won't use the service.

Require that pseudonymous accounts are flagged as such
This of course assumes you have a way to tell. But obviously those of us with deliberate pseudonyms would have very little choice but to comply. The people with unusual names would be forced to verify their names and Google would have to white list them from the complaints. (I really don't envy Google their support costs as a result of this policy.) My concern about this is that it creates a second class of users. If Google doesn't provide a way to automatically block pseudonymic accounts, I'm sure someone will write a Chrome extension to do it. So a whole class of users, whose only sin is wishing to protect their privacy, will be joining in public conversation and wondering why nobody responds to them; go to the back of the bus. In real life, or on the net, people should be judged by their words and their actions. This solution robs us of that opportunity.

There is a way of flagging accounts which I do think is fine. That's allowing people to have verified accounts. Ones that attest that this person is in fact who they claim to be. Twitter does it, and it makes sense to do so here. Of course there's absolutely no reason I shouldn't be able to verify that I am in fact the person with a speudonym who has blogs and Flickr accounts and twitter accounts on the net; that's a useful feature.

——————
Finally
——————

Pseudonymous. Using a pseudonym has been one of the great benefits of the Internet, because it has enabled people to express themselves freely—they may be in physical danger, looking for help, or have a condition they don’t want people to know about. People in these circumstances may need a consistent identity, but one that is not linked to their offline self.

That quote is from Google's own policy blog. The question isn't whether Google gets it. The question is why on earth they thought that wasn't a useful feature of a social network.

Here lies the huge irony in this discussion. Persistent pseudonyms aren't ways to hide who you are. They provide a way to be who you are. You can finally talk about what you really believe; your real politics, your real problems, your real sexuality, your real family, your real self. Much of the support for "real names" comes from people who don't want to hear about controversy, but controversy is only a small part of the need for pseudonyms. For most of us, it's simply the desire to be able to talk openly about the things that matter to every one of us who uses the Internet. The desire to be judged—not by our birth, not by our sex, and not by who we work for—but by what we say.

Pseudonyms are not new to the computer age. Authors use them all the time. Our founding fathers used them. Anonymous and pseudonymous speech have been part of democratic society since its beginning. What is new is that more and more strangers, whom we have never seen and never spoken to, know our names. What is new is that a name, with just a few minor pieces of information (birthdate, friends names, employer, industry, town…) can in a few seconds provide thousands of personal details about who you are and where you live.

I have over 100 people in my circles on Google+ under my other account, many of them came over to Google+ from Twitter because I and a few others extolled its virtues. They all strongly believe in the criticality of being allowed to keep their identity intact and consistent across multiple services. They all strongly believe in being able to decide what they share and what they don't, and want to keep their personal life separate from the names known to their bosses, neighbors and family. Why aren't they having this discussion? Because they are either signed on to Google+ with real sounding accounts, or they are using their real names and don't dare speak out. Back on Twitter, easily half of my followers are using pseudonyms, and most of them are waiting to see how this all turns out. They'd love to have a better forum to discuss technology, politics, kids, family, sexuality and all the things everyone talks about on the Internet, but they don't want to risk being exposed by Google's policies and naiveté. That's why I'm speaking out. Because I can afford to, and they can't.

I leave you with this question. What if I had posted this under my pseudonym? Why should that have made a difference? I would have written the same words, but ironically, I could have added some more personal and perhaps persuasive arguments which I dare not make under this account. Because I was forced to post this under my real name, I had to weaken my arguments; I had to share less of myself. Have you ever met "Kee Hinckley"? Have you met me under my other name? Does it matter? There is nothing real on the Internet; all you know about me is my words. You can look me up on Google, and still all you will know is my words. One real person wrote this post. It could have been submitted under either name. But one of them is not allowed to. Does that really make sense?

Behind every pseudonym is a real person. Deny the pseudonym and you deny the person.

A few small set of references in addition to the links in the article:
+Sai .'s excellent post on the subject. https://plus.google.com/103112149634414554669/posts/WAu688n8JgZ
Who is harmed by a real names policy http://geekfeminism.wikia.com/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F
Firm digs up dirt on potential employees http://www.itp.net/mobile/585562-internet-firm-digs-up-dirt-on-potential-employees
All the recent posts by +Violet Blue
And thank you to all the numerous people who engaged me on both sides of this discussion and helped me edit and create this post. Regardless of our views, what we have in common is a passion about the future of Google+, and discourse on the internet.

Why did my email address get stolen and what are the risks?

2011-04-05T14:41:08Z

Recently Epsilon, a bulk email delivery service, notified its customers that their email email database had been compromised by hackers and the names and email addresses of hundreds of thousands, if not millions, of people had been stolen. This is by no means the first time this has happened (see my previous post on AWeber and iContact), but it is the biggest. Epsilon has over 2,500 customers (including most of the largest companies in the US (MSNBC has a partial list here) and sends 40 billion pieces of email each year.

Why is this happening, why do they have my email, what are the risks, and what can I do?

How does bulk email get sent?

First it helps to understand the ecosystem of email. All companies have a database of customers, and they send out both individual messages (e.g. purchase receipts) and bulk mail (e.g. notifications that your email address has been stolen). Sending large quantities of email is more work than you might imagine. The first problem is that as soon as you start sending lots of email, most ISPs block you as a spammer, so you have to get on their whitelist. You need software to manage subscriptions, unsubscribes, bounces (that can distinguish temporary problems from permanent ones), and you'd probably like to split your mail up according to the type of customer and the message you want to deliver, and you'd probably like to track response rates. You also need to deal with the ISP blocking that invariably occurs when a customer forgets that they gave you their email and reports you as a spammer. Finally, you need some way to design the email messages, and you need to test the message to make sure it won't get caught by any of the common spam filters. This has become a very specialized business, and most companies don't want to do it themselves, so they hire a firm that specializes in sending bulk email.

How much information does an email provider have about me?

At a minimum, they are going to have your email address and name. However they also need to fill in the other blanks in that "personalized" email message you get, so they might have some information about what products or services you use. They will also have information about which specific mailings you get from a particular company (e.g. "frequent customer"). And of course they know which of their customers sends you email. Of all the the information, that last one is probably the most valuable to the thief.

Why is my email getting stolen?

Sadly, the only unusual thing about the Epsilon theft is the fact that they reported it. AWeber and iContact have had their databases stolen at least twice (I am now getting spam sent to the email address I used when I reported the first breach to iContact). Neither company notified their clients, let alone client customers. Those thefts were discovered by people like myself, who use a different email address for every service we sign up for. They were then reported to the email provider clients, who then complained to the provider, who finally admitted that they had a problem. Epsilon, either through policy, or fear of their high-profile clients, apparently felt they were at a liability risk if they didn't notify their clients.

The fact that spammers might want their databases, and actively work to steal them, seems to have caught these companies off guard, and their security measures clearly aren't up to the task of defending against attacks. Part of the reason for this is a shift in the focus of spammers. Spam used to be a complete scatter-shot business of blasting ads to as many addresses as possible. Now that it has ties to crime organizations in eastern europe and other areas, it has become more focused. The serious money in spam now is in drugs, theft, and money laundering (those "earn money at home" messages are usually a combination of the latter two, using modern versions of techniques that grifters have used for a hundred years). The big money in theft is gaining access to your bank and credit card information, and the best way to do that is "phishing"; where they send you a message that purports to be from a bank or service you use, asking you for your credit card or other personal information that can be used to steal from you. Phishing generally takes a shotgun approach, sending millions of messages to millions of email addresses in the hope that one of them will actually use the service being impersonated, and fall for the scam. Stealing email addresses from an email service provider gives the spammer three things.

A clean database of valid email addresses, many of which weren't publicly available.
A list of what services those email addresses are subscribed to.
A set of email templates allowing them to exactly duplicate the email sent to those addresses.

We don't know that the thief stole the latter item, but doing so would make any phishing attempts much more likely to succeed.

What are the risks?

This is all speculation now, as we have no idea who the thief. If we are lucky, you're just going to get more spam than you used to. If we are unlucky, the combination of the addresses and the client list is going to result in a more sophisticated wave of phishing attacks which may be much harder to distinguish from real email messages.

What can I do about it?

You can't stop thefts like these (and still do business online). However you can do a lot to minimize the impact.

Use a different email address for each service you sign up for. This isn't as hard as you might think. Services exist that will give you a "throwaway" email address which forwards to you, and which you can easily block if it gets compromised. (Spamgourmet is a popular one.) If you use an email service like Gmail, you can put a "+" after the first part of your email address, and everything afterwards will get ignored. E.g. "example+companyidonttrust@gmail.com". If that address is stolen, you can just add a filter to mark it as spam. The latter technique of course only works as long as the spammers don't start cleaning "+foo" out of their databases, and some companies have poorly written email forms that complain that "+" isn't a valid character in an email address. (If you run across that, please complain to them.)
When you get email from a company you do business with, hover the mouse over any links to make sure they go to the address of the company and not somewhere else. Better yet, never click on the links in the email, go to your web browser and type in the company address directly.
Look for spellings and grammar errors. English is not the first language of most spammers; it shows.
Does this company really have this email address? (An advantage of always using "+companyname" in the address you give a company is that any mail "from" that company that isn't to that address must be a scam.)
Think. Is what they are asking me really plausible? Why would they need personal information from me if I already gave it to them?
Again, if in doubt, just go to your web browser and type in the company's address by hand. If you aren't sure, there's no need to click on the link. And if you do click on the link, check the browser's address line and make sure the address corresponds to the company you expect.

What is going to be done about these thefts?

Probably nothing. Even if the thief is caught (which is conceivable if it's someone independent who tries to sell the addresses on the underground forums used for such things), they aren't likely to get caught in time to stop the sale of the addresses. The countries where spammers are hosted tend to look the other way; bribes get paid, and the spammers take care not to spam their own country. Even with the combined legal firepower of most of the Fortune 10, I doubt we'll see this stopped. The best we can hope is that email service providers take notice and start doing a better job of protecting their databases.

Why is it cheaper to access the NYT online if you buy a paper subscription?

2011-04-04T14:19:29Z

The New York Times announced their new pricing model, and it's a doozy.

First of all, they essentially charge based on the size of your screen. Cheapest for a phone, more expensive for a tablet, yet again more for a full computer. There's some logic to that, I'm getting a better experience with a larger screen, I'm likely to read more, and put up with a higher charge. The one oddity is that on a smaller screen I'm likely to see fewer ads, so they are probably making less advertising dollars per view on small devices, but still, this seems like "what the market will bear" pricing. (Or at least, what they think the market will bear, but I'm not going to get into that, we'll all find out the answer soon enough.)

More interesting is the pricing of a full online pass (all of your devices) vs. the cost of having the paper delivered. Thanks to SixDeafTaxis for giving me a quick summary of the numbers.

NYT Weekday home delivery + all online pass = $3.10/wk = $161.20/yr.
All online pass alone = $35/month = $420/yr

The online version is two and a half times as expensive has having a very large roll of dead trees delivered to your doorstep every day.

Needless to say, it costs the New York Times a lot more to deliver the paper version, so why are they charging less?

The easy answer is "because online ad prices are too low compared to the print ads that subsidize delivery". Online advertising is a huge business, but online ads don't cost nearly as much as print ads, so the New York Times feels the need to make up the difference with fees. (An alternative model would be to stop printing the paper version, which would save a huge amount of money, and possibly make the paper supportable, but that's a huge leap, and they are understandably scared to make it. However if the online subscription model does prove to be viable, I wouldn't be surprised to see them do that in a few years.)

I said "easy answer", because I believe that subsidy is based on a false premise. It's not that online ad prices are too low, it's that print (and television) ads have always been overvalued. The distinction is important because it implies that eventually advertisers are going to figure this out, and refuse to pay as much for print and television advertisements, and the non-internet advertising market is going to dry up even faster than people expect.

For years advertisers have been at the mercy of a market in which success is nearly impossible to measure. You place the advertisements, you see some increase in traffic, but it's very difficult to tell how much of that traffic is due directly to the advertisement, or which advertisement. Internet ads, on the other hand, directly track the views, the clicks and even much of the conversion rate. "Mind-share" based on multiple impressions still remains amorphous, but at least you know how many people actually saw the page your ad was on, and perhaps even if the moused over it and likely looked at it. When you place an ad in the paper, you know how many people bought the paper, but that's it. You don't even know if they opened your page.

This level of detailed analysis available to online ads means that the market for online advertising is much more "efficient" in the economic sense. Ad prices will tend to zero in on what they are actually worth. This is even more true when you consider the ability to target ads based on information known about the reader (location, socio-economic status, previous page visits, etc.).

What does this mean to companies like the New York Times?

It means they need to bail from the print business as quickly as possible. Because the decline in print advertising is not going to be linear. The more comfortable advertisers become with online advertising, the more they are going to realize that they are being overcharged for traditional media buys. The market isn't going to just shrink, the prices paid are going to drop, and humans are really lousy at predicting exponential curves. Anyone left with expensive printing plants and delivery mechanisms to support is going to be caught flat-footed.

Senators Proposing a Mandatory Biometric National ID Card

2010-03-09T13:28:33Z

Image via Wikipedia

What Lauren says is a good enough start, I'll simply refer you to his blog post.

Lauren Weinstein's Blog: "Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card http://j.mp/bBzApT

Greetings. According to the Wall Street Journal, U.S. Senate immigration reform advocates Chuck Schumer and Lindsey Graham are proposing a mandatory biometric (e.g. fingerprint-based) National ID Card system, and are attempting to brush away privacy concerns as trivial and irrelevant.

WordPress Exploits — Update WordPress Regularly!

2010-02-04T02:24:12Z

Image via Wikipedia

I just had a number of friends get nailed with a WordPress exploit which redirected users from their blog to sites in China. Exploits like this have been around for ages, and the constant need to update WordPress is one reason I use MovableType, which creates static sites and is therefore much less susceptible to this sort of thing, but be that as it may. CHECK YOUR BLOG FOR UPDATES REGULARLY!

I don't know the actual mechanism by which the code was inserted into the blog, it's a small piece of Javascript inserted into the PHP header file for the site. The one person whose blog I looked at in detail was running 2.6.1, which has an exploit which allows people to create their own admin account, but it could have been any other number of issues. The current version of WordPress as of this writing is 2.9.1. UPDATE!

For what it's worth, here's the code.

That produces a function which it then runs over the second, more randomly obfuscated code.

That then results in:

That code sends your browser on a wild goose chase through several servers, each of which is inappropriately allowing the user to create a redirect to yet another site. Some of those servers are probably compromised, because in the hour I looked at one site, the same exploit code sent me to different sites in China. I would rate the odds very high that those sites may contain malware exploits against some web browsers, so if you aren't up-to-date with your browser patches, it's time to run your anti-virus software and cross your fingers.

Can you trust your bulk mail provider's security?

2010-02-01T22:41:18Z

Note: I heard back anonymously from a customer of iContact. Are they upset that all their customer's email addresses were stolen? Yes. But they aren't that worried about the impact, because they know that most of their customers will never realize that iContact or their company was the source of the leak. In other words, there is no incentive for bulk mail providers to improve security. An email address, particularly one associated with a particular set of services, is the means by which targeting spammers target phishing attacks. It's the key to password changes, bank accounts, and more. Why are the security standards for email any less than they are for credit cards?

Every time a web site asks me for an email address, I use a unique address that includes their domain name in it. This makes it very easy for me to track when a company either misbehaves, or their mailing list has been compromised. Of course, often the company sending me the mail is using a third-party email provider to deliver, and here's the dirty secret.

When your email provider's database gets broken into, and a spammer gets all of their customer emails? They don't necessarily tell you, the client. And they certainly don't bother telling the poor sucker whose email address was stolen.

Image via CrunchBase
Case #1—AWeber

Starting December 2009, I began receiving spam to the address I use for the help-a-reporter service. I filed a report with their existing bulk mail provider, but got no response. It turned out that HARO had only recently switched to this provider, the real culprit was their previous email provider. A discussion with Adam Shankman led him to research the issue and find out (from an article on the internet!), that his previous email provider had been compromised and all of HARO's email addresses had been fed to spammers. AWeber's subscriber list had been compromised, and they had told none of their customers until they started getting complaints.

Image via CrunchBase

Case #2—iContact

Today I noticed three identical spam messages to three different custom email addresses. They were for the morrisonsoftdesign.com, fontgear.net and myhappyplanet.com. I went back and found that a) it had been going on for at least a few weeks and b) all three companies do, or have used icontact.com to deliver their mail (morrisonsoftdesign.com switched providers at some point). So in other words. If you have an account with morrisonsoftdesign.com, fontgear.net or myhappyplanet.com, or any other company that uses iContact, your email address has almost certainly been fed to the spammers. But don't blame the company you subscribed with, the culprit is iContact. Other iContact customers include (according to their web site) Peach Running Co., West Race Cars, Pro Mom Couture and 58,654 other customers with 577,545 email addresses. Feel free to let them know what you think of their ineptitude.

It's unconscionable that these companies are not notifying their own clients of data breaches, let alone the end-users who end up getting spammed. If any of them have a presence in California, it is probably also illegal.

Dealing with Security Issues in Non-Latin Domain Names

2009-12-29T18:59:48Z

Lauren Weinstein recently posted the following to his NNSquad Mailing List.

Example of how "de-Latinized" domain names can be subverted

http://bit.ly/6YbTBR (Dean Collins' Blog)

Dean, the "fun" has only just begun. Some of us have been warning of
this consequence for ... well ... pretty much since day one of the
concept.

As the character of Margo Channing (Bette Davis) so accurately warned
in "All About Eve":

"Fasten your seatbelts, it's going to be a bumpy night!"

To say the least ...

--Lauren--
NNSquad Moderator

The article starts off discussing the trademark issues when someone registers an identical word in a different language, but then hits the more critical (and long-anticipated) issue that it is now possible to have the domain name.

раyраl.com

which, when pasted in your browser window looks like "paypal.com" but is actually cyrillic and goes to an entirely different site.

Here's my take on the situation (I've sent this to Lauren, it may or may not appear in the mailing list).

Things like the alternate character sets in раyраl.com are one reason why I depend on browser's and/or packages like http://agilewebsolutions.com/'s 1Password (Mac & iPhone, formerly 1Passwd for you Unix geeks) or http://supergenpass.com/ (bookmarklet-based, cross-browser) to remember passwords. They aren't fooled by what the URL looks like, they only enter the password if the site actually has the same domain. That said, depending on lack of feedback (the browser didn't enter the password automatically) is lousy security. I'm very surprised that the browsers makers weren't prepared to at least provide a character set indicator on the URL (we all knew this was coming) not that it would make a huge difference for the majority of users.

I've become convinced that there is no UI solution to phishing. Password entry (or a completely different authentication model) needs to be done outside of the browser, and the interaction between the browser and the web site needs to be under secured program control. The system is too complex, and the possible failure modes so varied, that the average user simply cannot be expected to tell a legitimate error from a forged one. The other day my mother cut up her credit card because an online store said it wasn't valid, so she assumed it had expired. Presumably she either entered a typo, or their back-end was down (it was a valid site). No UI in the world is going to help when the system is too complex for the user to understand.

Solutions like 1Password and SuperGenPass work 90% of the time, until the domain name changes, or the form field names change*; then you have to enter the info by hand. A secure certificate solution for filling out and remembering forms, per-site randomly generated passwords, and a protocol for passing the information back and forth might put a dent in the phishing market, but like spam and viruses--this isn't a solvable problem, it's an ongoing battle.

* And yes, obviously a software password repository creates single target to all of the user's information. But given that most people use the same password for all sites, and those sites are in their browser history, I don't see the security issue as significantly different from the current situation.

Seriously, how is Twitter going to help my company?

2008-10-15T03:24:57Z

I'm not a PR or social media consultant, so what does this do for me?

I know. We probably do not need yet another "why should I use Twitter" post. But, the topic keeps coming up, and there is no one definitive answer, so I thought I would give it another try.

This evening I was talking to Alan Ball about Twitter. We had first met at Hannah Burr's Productivity session at the MassTLC Innovation Unconference, and tonight we both happened to be at Dan Bricklin's TechTuesday get-together. He asked me about the value of Twitter to someone like him, because frankly: if you are not in the marketing or social media space, it is not really obvious how to use Twitter. If your business is communicating and selling yourself online, there is a clear benefit to being active on social networks of all kinds. Alan, however, is a freelance industrial designer (Alan Ball Industrial Design, Inc.). His customers are usually hardware engineers; they are not likely to be heavy Twitter users. So, why should Alan join Twitter, and more importantly, what should he do once he is there?

Twitter as a golf course.

Even getting people to understand Twitter can be an uphill climb, but Alan mentioned something that Laura Fitton (better known in social networking circles as @pistachio) had said at another session at MassTLC Innovation:

"Twitter is my golf course."

That particular analogy clicked with him. Twitter is a networking tool in the old sense of networking—a way to keep in touch with current and potential business partners in a social setting. (Laura expands on it somewhat here). That's a good way to look at it, but it doesn't change the fact that most of his clients aren't using Twitter—playing golf by yourself doesn't offer a lot of networking opportunities.

Twitter is about reputation.

In my mind, the primary value of Twitter to a business is as a way to build and enhance reputation.

The classic example of this is @comcastcares, a Twitter account backed by one person (Frank Eliason) who spends (as far as I can tell) most of his waking hours answering customer questions for Comcast. He has probably done more to improve Comcast's abysmal customer service reputation than anyone else in the company. He does it by being knowledgeable and transparent. You can watching his responses to customers, and he is very open about network problems, letting you know not only how long until a fix is ready, but why he knows. For example, on 2 October 2008, he tweeted a reply to a customer: "I am not loving your signals, running tests in neighborhood and looks like it could be isolated at your location. I recommend a tech." He also improves Comcast's reputation by being human; one of his tweets from 21 July 2008 reads, "I am home with my 6 month old today because she is sick. I ask our 2 year old if she wants to stay with Dad. She responds NO! GO TO SCHOOL." The human element is something that makes Twitter unique in what has increasingly become an impersonal world of customer support. It is a reminder that you are dealing with an actual human. People's questions are more polite, and more tolerant of any difficulties a service may be having. Companies would do well to not only follow Frank's example on Twitter, but to carry some of those lessons over to their traditional customer support systems.

This approach works for customer support, but there is more to reputation than talking to customers. Reputation is about building a following of people who believe you have something worthwhile to share. I believe this is where Twitter has the most to offer anyone who is not in the social media business.

How do you build a reputation?

One of the first companies I worked for out of school was Apollo Computer. A large portion of Apollo's architecture design and discussion took place on the R&D mailing list. As a new employee (with only one year in the industry plus a highly relevant degree in Anthropology), I was understandably nervous about my skills. I soon discovered the mailing list was completely agnostic as to age, education or background. People would post questions, suggestions, problems; others would respond. If you dove in with a nonsense response, you were ignored (or on occasion, flamed). Fundamentally, though, your reputation was based not on who you were, but how good your ideas were. Twitter provides the same environment, only with a scope which spans companies, countries, and time zones.

When you join Twitter, you generally start by following a few people you heard about online. You can also go to http://search.twitter.com/ to see if anyone is discussing topics you find interesting. As you watch posts from the people you follow, you see half of the conversation, so you begin following some of the people who seem to be carrying on interesting conversations with your contacts. Eventually, you jump into the conversations. The advantage Twitter has over a mailing list is two-fold. First, it scales better: because they are limited in size, many conversations can happen at the same time. Second, people can carry on semi-private conversations which followers can either ignore or contribute to (e.g. anyone following my timeline will quickly discover that my children are attending boarding school this year and that I regularly converse with my oldest about homework, sleep, caffeine, and any other pesky worries a parent has when their child is away).

It is these semi-private conversations that can enhance your reputation. You see someone talking about something. You think you have something useful to add, so you reply. Your correspondent can ignore you, block you (oops!), reply to your post, or decide (usually after looking at your Twitter timeline) that the reply was useful and not a fluke, and follow you. Congratulations! You just improved your reputation. Someone felt what you said had value, and wants to hear more.

Your peers are more important to your reputation than your customers.

Back to the question at hand. How does this help if your customers do not use Twitter? The answer is something that also came up at the MassTLC Innovation Unconference, although in a different context. A number of sessions focused on getting the attention (and hopefully, dollars) of venture companies. The issue is that VCs primarily invest in people, not ideas. They want to know the people they are investing in, but of course that is not always possible, so when they are interested in a presentation, they talk to others in the field and the community. They need to know if you are someone who is trusted and respected by your peers.

When it comes down to it, customers are not that different than VCs, especially when they are dealing small companies. Customers want to know if you have a good reputation. They will find out by searching online of course, but also by using their contacts to see if anyone knows you. Has someone they know on the other coast heard of you, and does that person think you have good ideas? What do people in your field think of you? This is where building an online reputation can make a big difference to your company and your career.

So, if Twitter is your golf course, the people with whom you want to play golf are not necessarily your customers (which is not to say you should not invite them if they do play golf). The people with whom you want to interact are your peers, because it is amongst your peers that you can best build your reputation. (And seriously, interacting with your peers is always good for creativity, whether or not you feel a need to network.) The good news is, if your peers are not on Twitter, you can certainly draw them in—because all these arguments work for them too.

Do not hit the golf course without practicing first.

Finding the proper balance of posting/replies, and social/work discussion is a skill, and it takes time. If you were going to network on the golf course, I trust you would go out and get a few lessons before you get together for a foursome. The same strategy works for Twitter. Your peers and customers are not online yet? Great! You get online and learn the ropes now. As your community grows, you will be the expert who has the necessary skills. You had to learn the right way to communicate by the telephone, and the right tone and frequency to use in email. Twitter is just another communication tool, but as with previous tools, it pays to hone your skills first. If you are in a hurry, talk to someone like Laura Fitton, the leading "golf pro" on Twitter.

About that "micro-blogging" thing.

I am not terribly fond of the term "micro-blogging". Yes, there is an aspect of Twitter that is similar to blogging, and certainly it can be used in that manner. Blogging, however, tends to consist of pronouncements-from-on-high without a lot of conversation. (This can change if you have an extremely popular blog that receives a high volume of comments, but face it, most people do not and never will.) Twitter is more about conversations, discussions, and (yes) arguments. Twitter can be used as a mini-blog, but demonstrating your skills in active conversation will enhance your reputation far more than just posting your opinions.

One final thought.

Do not be shy about sharing your expertise. For every person who benefits from your free advice, there are a dozen more who will remember that you are the go-to person when they need your services.

"I always tell people, your biggest problem in life is not going to be hiding your stuff so nobody steals it. It's going to be getting anybody to ever use it." — George Church

Kee Hinckley with help from Angeles Winesett

What are you doing for the International Day of Peace? September 21

2008-09-17T17:39:46Z

I don't think I need to say much here. September 21.

Background and Purpose - International Day of Peace

About International Day of Peace, September 21

The International Day of Peace ("Peace Day") provides an opportunity for individuals, organizations and nations to create practical acts of peace on a shared date. It was established by a United Nations resolution in 1981 to coincide with the opening of the General Assembly. The first Peace Day was celebrated in September 1982.

In 2002 the General Assembly officially declared September 21 as the permanent date for the International Day of Peace.

By creating the International Day of Peace, the UN devoted itself to worldwide peace and encouraged all of mankind to work in cooperation for this goal. During the discussion of the U.N. Resolution that established the International Day of Peace, it was suggested that:

"Peace Day should be devoted to commemorating and strengthening the ideals of peace both within and among all nations and peoples…This day will serve as a reminder to all peoples that our organization, with all its limitations, is a living instrument in the service of peace and should serve all of us here within the organization as a constantly pealing bell reminding us that our permanent commitment, above all interests or differences of any kind, is to peace."

Since its inception, Peace Day has marked our personal and planetary progress toward peace. It has grown to include millions of people in all parts of the world, and each year events are organized to commemorate and celebrate this day. Events range in scale from private gatherings to public concerts and forums where hundreds of thousands of people participate.

Anyone, anywhere can celebrate Peace Day. It can be as simple as lighting a candle at noon, or just sitting in silent meditation. Or it can involve getting your co-workers, organization, community or government engaged in a large event. The impact if millions of people in all parts of the world, coming together for one day of peace, is immense.

International Day of Peace is also a Day of Ceasefire – personal or political. Take this opportunity to make peace in your own relationships as well as impact the larger conflicts of our time. Imagine what a whole Day of Ceasefire would mean to humankind.

Police raids in Minneapolis -- What happened to checks and balances?

2008-08-31T17:48:18Z

Salon Article

Protesters here in Minneapolis have been targeted by a series of highly intimidating, sweeping police raids across the city, involving teams of 25-30 officers in riot gear, with semi-automatic weapons drawn, entering homes of those suspected of planning protests, handcuffing and forcing them to lay on the floor, while law enforcement officers searched the homes, seizing computers, journals, and political pamphlets. Last night, members of the St. Paul police department and the Ramsey County sheriff's department handcuffed, photographed and detained dozens of people meeting at a public venue to plan a demonstration, charging them with no crime other than "fire code violations," and early this morning, the Sheriff's department sent teams of officers into at least four Minneapolis area homes where suspected protesters were staying.

This isn't the first of these this week. It really bothers me that the police can arrest people, confiscate their goods, never press charges, and release them all later with no explanation and no consequences. This makes intimidation far too easy. The magic words "homeland security" keep getting invoked.

If the police now have a simple way to hold people without charges, then the people need a simple way to make the police suffer consequences when the power is misused.