Friday, October 05, 2007

Identity Verification = Trust ?

I took a brief hiatus from Second Life and blogging in general, and the next time I will follow blogger etiquette and post a "gone fishing" sign. It was kind of everyone who inquired politely about my well being, but when I got a worried email from my dad today saying in part ".. and there's no activity on the web. You OK?" I decided it was well past time to return. (And by the way, Dad - you've got mail.)

I had planned a detailed post about my experience with Burning Life, but as that event unfolded I lost most of my enthusiasm for it and all of what I wanted to say which was largely unfavorable. Instead, there have been a few things lingering in my head and they are more relevant as we approach the Virtual Worlds 2007 Conference and Expo. The first is Identity Verification and what it means. I know it's a relatively old topic in Second Life time, but it's weighed heavily on my mind since a recent interaction, so out it comes.

When Linden Lab first introduced the intent to deploy an identity verification system (IDV), I skimmed over it thinking it was akin to establishing a MPAA-like ratings system for content. If you have a rating system and intend to enforce it, you have to have some form of verification and that made sense. In fact, large portions of the initial Linden Lab reasoning in the first, second and third blog posts alluded to segmentation of and access to rated content.

I largely ignored the system and the beta trial as I have no need, desire or intent to explore the vastness of the Second Life Adult Content (defined as explicitly sexual or excessively violent). However, Robin Linden's blog post and a personal experience has made me rethink the true intent and extent of "verification".

Robin starts her post with an interesting statement:
Trust is the foundation of any community. And one cornerstone of trust is identity. You’ve got to know something about the person you are dealing with before you can trust them. Knowing who to trust in an online environment presents unique challenges. Traditionally Second Life users have based their trust on relationships built over time, and often on some basic verification such as ‘Payment Info on File’.
This is a subtle introduction to the underlying message, which is that the focus of the verification system to that of a "trust", not simply age identity.

The IDV system aims to deliver two things. First, for Residents, it gives them the chance to independently verify certain aspects of their identity (their name, age, location and sex for instance) if they choose to. This will help establish trust by removing a layer of anonymity for those they interact with. It’s much easier to trust someone who puts their name behind their words and actions.

The second benefit of the IDV system is to help land owners and content publishers be sure that minors do not get access to inappropriate material. ... ]

What is so interesting about these statements? It is an attempt to suggest that the institution of IDV will somehow introduce a new layer of "trust" into the community.

Anyone that has spent any reasonable amount of time participating in on line communities knows that trust has to be earned over time, it is not merely a factor of your name, age, sex, or location; it's about who you are and what you contribute in the context of the community. I would argue that if you start with a person's age, sex, location as a basis for trust you are more apt to be fooled or lulled into some false sense of security by a "verification" tag. Even worse, the methods by which Linden intends to execute this verification are weak, based on publicly available information and are fraught with opportunities to be scammed. If you want a good treatise on IDV and how it really translates to liability transfer and culpable deniability rather than trust, read Gwyn's post "I am who I am". I will summarize the key point: IDV does not assure your avatar is who you say you are, it merely indicates that the data you provide to Integrity matches data that is publicly available.

The impact of IDV hit me more directly in a recent group event. In the context of the group discussion, the leader suggested that it would be "of benefit" to the group if everyone introduced themselves, telling everyone what they do in Second Life and who they are and what they do in real life, over the voice system. It was the first time I'd seen such a request, and it was not a heavy handed "tell us or you're out", but it was presented in the context of the discussion as a perfectly reasonable request and expectation.

I shared my information, after which I was mildly amused that I was presented with five new friend requests. This was in balance with the sixth interaction which was a private IM from someone I had not met before. This person wanted me to restate my real name. I obliged and the reply was loosely "I don't trust people here and I fully endorse Linden's Identity Verification system. I need to know you are who you say you are. Here's my blog link, you can read it and friend me afterward if you think that is worthwhile." I wasn't sure how to respond, other than "Are you KIDDING me?" so thanks to me mum, I replied that I understood and have a nice day.

Of course I checked the individual's blog, which was actually a web site (when did every form of rendered html become a blog?) and from there I deduced that this was most likely this person's first online community experience. The trouble is, this person and many other "newbies" that read the Linden Lab posts on IDV believes that "verification" in the IDV acronym equates to trust and a new business utopia as described by Benjamin Duranske in this post . I can assure you, it does not.

Trust is critically important, but it is based on community interactions. If you are reading this, you are probably aware that for enterprise systems such as eBay and Amazon and even news and information sites, rating systems implemented to work within the community norms are successful. Ratings serve as their own form of verification. I don't know the eBay seller i_can_has_cheeseburger (fictional example) but they have executed 2,000 transactions over the last 12 months and have zero negative comments from buyers. Therefore, within the eBay community I *trust* them and will do business with them. Do I care about their age, sex, location?

Do the community norms of the Second Life population endorse anonymous third party systems even if they *promise* not to store any personally identifiable information? No, not so much. Second Lifers build trusted networks by participating in communities of practice (CoP). Without a generalized and publicly viewable rating system, an individual's contributions are locked within the confines of that CoP trusted network and cannot be exposed as an indicator of reputation and therefore implied trust.

In a short-sighted decision this spring, Linden Lab removed the rating system this year because "the ratings system has become less and less useful" when in fact it was merely poorly designed from both a technical architectural and a social architecture perspective. This decision to dump the rating system left the community without this critical tool. Linden suggested adopting other community systems - RatePoint, TrustNet, Ban Link, Sloog.org, Real Reputations, and SLicr - but not surprisingly, none have risen to the challenge because the community looks to Linden Lab to provide the basic tools to function as a community. Once the IDV system is in place, the community will have to keep looking.
Share Some Grace:

blog comments powered by Disqus