July 27th, 2011
|02:42 pm - Musings on Where and How I Post|
I'm very glad that the DDOS against LJ now largely seems to be over. These attacks give me a lot of sympathy for the people running LJ, since from what I've heard there is at least some evidence that these attacks are associated with the Russian Government's unhappiness with the fact that some Russian dissidents make post they don't like on LJ. In any case, a few days before this started, I completely backed up my LJ on Dreamwidth, and while cross-posting from DW to LJ doesn't seem to work for me at the moment, I'm assuming that this is a remnant of the attacks, since LJ is also still a bit intermittent. In any case, I'm considering posting on DW and cross-posting on LJ once that's resolved.
I've also been using Google+ a good bit these days, and loving it. I haven't gotten around to purging my Facebook account, but I haven't used it for anything but political links for months, and I suspect I'll never use it again. I've moved to Google+, and will likely use it primarily for shorter post and for links. Search for me there as either John Snead or Heron61 – both work for finding me, but Heron61 only turns up one result. Please feel free to friend me there. I have various Circles and will be adding more.
As for the (IMHO completely justified) worries and anger about Google policy wrt names on Google +, much of this seems to have been resolved in a way that I agree with: here's the latest statement from Google about Google+ and pseudonyms, which includes such information as the fact that they never purge someone's entire Google account for violations of naming policy for Google+, they now contact people before doing that. Also, this post mentions the introduction of a new field in the profile – Other Names, which clearly is used, since as of yesterday I have seen the name of several people on my Circles change from their legal name to their more common net-handle.
Current Mood: busy
|Date:||July 28th, 2011 05:12 am (UTC)|| |
No, the DDOS is not over. Took me 15min to load this page.
No, that latest statement from Google doesn't say what you seem to think it does. Other Names is not new, and does not solve any problems; the people you see changing their names are not using a new feature, they're flipping elGoog the bird by deliberately violating the TOS and risking getting banned for their trouble. It is still not the case that you can legitimately use G+ without disclosing your "real name" to the general public. The bannings continue.
|Date:||July 28th, 2011 06:10 am (UTC)|| |
No, the DDOS is not over. Took me 15min to load this page.
I noticed this.
the people you see changing their names are not using a new feature, they're flipping elGoog the bird by deliberately violating the TOS and risking getting banned for their trouble. It is still not the case that you can legitimately use G+ without disclosing your "real name" to the general public.
This is actually not true. For an example, take a look at my Circles, look for "Mister Dog", and then click on his profile, which shows his real name right at the top. This is very far from perfect, but it is a start.
|Date:||July 29th, 2011 05:14 am (UTC)|| |
Ah! It is still the case that you cannot use G+ legitimately without disclosing your "real name", I observe the feature you yourself are using.
I'm... less than thrilled with how it's presenting. BTW, since you said, "take a look at my Circles", what I did was go to my own circles and search for you by name. And thinks to myself, "Well, that's odd. I'm quite certain I added him to a couple, and I know I've seen his posts in my stream. Why is it telling me it can't find anyone of that last name in my Circles?" So I searched all G+ and re-found you that way, again.
And discovered that because you're now heron61 in my Circles, I can't search for you under the name I added you under.
Oh, this is going to be hilarious. I added Bob Smith, and now when I look for him, he's disappeared, but there's this guy called MrGiggles and I have no idea who he is or how he got into my Circles.
In any event, share the fun: how did you get it to show up that way?
|Date:||July 29th, 2011 05:51 am (UTC)|| |
When editing your profile, go to "Other names" (which is different from nickname), and play around with "who can see this". Hmm, I had no idea I couldn't be searched for within circles under my legal name, thanks for the info.
I don't mind Google requiring a "real name" on a G+ account, but only if users can keep that to themselves and only display the handle they want. Ideally, the other names field would contain more than one option (although I can see limiting it to 2 or 3 options), and to make someone findable only via that handle (or handles) on whatever sections of G+ the user wants (including all of it). From my PoV, the introduction of other names is a fair start, but not a solution. However, it's existence is encouraging, since it sounds like they're listening.
|Date:||July 29th, 2011 05:55 pm (UTC)|| |
However, it's existence is encouraging, since it sounds like they're listening.
I believe you're mistaken about the causality here. That field existed when I signed up back in early July. It was not created in response to the subsequent uproar, and I don't know that its behavior was changed.
|Date:||July 29th, 2011 07:18 pm (UTC)|| |
When I signed up and filled out the profile I saw the nickname field, but I don't remember seeing the other name field or anything about how to display it. I also first saw people making use of it on Sunday. OTOH, I'm not certain it didn't exist before that.
|Date:||July 29th, 2011 06:04 pm (UTC)|| |
|(Link)|I don't mind Google requiring a "real name" on a G+ account, but only if users can keep that to themselves and only display the handle they want.
That meets many of my requirements, but fails one.
This is the organization that runs Buzz. As you may recall, the big privacy controversy with Buzz is when Google rolled out a new feature that revealed previously private data from one's gmail account to one's fellow GReader readers.
Data cannot accidentally be betrayed (whether by design flaw or raw technical bug) if it's never known in the first place. I would prefer not to have to trust Google not to accidentally (or accidentally-on-purpose) reveal my professional name in attachment to my pseudonyms, since they've already screwed something like this up really, really badly at least once. Worse, I've noticed a functional bug[*] with G+ which recapitulates a similar thinking error, which suggests they Still Don't Get It.
[* The original Buzz bug was based on the faulty premise "People You Exchanged Email With Are Trusted". The current G+ bug is "People You Exchanged Email With Are People You Might Want To Add To A G+ Circle", which is clearly much better. It is, however, no solace to all those people on my flist, who based on their rich correspondence history in their gmail accounts, every time they logged in to G+ were prompted to send an email invite to msmemory
, who died in January.]
|Date:||July 30th, 2011 07:10 am (UTC)|| |
google plus names
It seems to me that if google plus eventually reaches a compromise of "We need a real name, but you can show up publicly as whatever you choose," that there is a further step that basically satisfies your entirely reasonable lack of trust of google.
Basically, google plus isn't actually saying to everyone "we need to know your real name." Google plus didn't bother to check when you put Siderea as your real name, they didn't bother to check what I put as my real name (which is my legal name). Your (justified) concern is that they will decide that Siderea doesn't look like a real name (just as they decided that people in Hong Kong didn't really have Western first names). However, if they were to demand that you give them a real name, but you didn't have to make it public, you could give them the real name "Sally Thompson", put Siderea Tael as your display name, and be done with it. People would find you under Siderea Tael, and even if other people found you under "Sally Thompson," it would merely add a minor annoyance of having some followers who read your public posts thinking, "Hmm, maybe this isn't my coworker," for a while.
I don't actually know your legal name, so if it happens to be Sally Thompson, the above passage won't make much sense.
|Date:||July 30th, 2011 04:59 pm (UTC)|| |
Re: google plus names
Alas, no. (I really like "Tael"; where did it come from?)
Your solution boils down to, "Well, if they require a real name, then lie."
There are two problems with lying. (1) I'm Lawful Good. I'm really against lying. It's bad for you. Rots your integrity. (2) If I am in violation of their TOS, at any time, anyone I piss off -- which could be anyone who disagrees with me, anyone whom I turn down for sex, anyone who doesn't like my gender/race/profession/texteditor/etc -- they might attempt to reprise against me by reporting my account. Note! They don't have to know or even suspect that my "real name" is bogus, they could report me on spec, just to hassle me. And if they do that and if Google feels entitled to demand verification that the name is my real one, and it's not, I would be SOL.
I am asking to be allowed to use the service with a pseudonym. I want to be able to use the service with both privacy AND honesty. I want to come in the front door with a mask on; not slip through the service entrance or climb in a window.
|Date:||July 30th, 2011 06:40 pm (UTC)|| |
Re: google plus names
I really like "Tael"; where did it come from?
I was confusing you with Silvaer'ina Tael, whose discussion of this problem I read because heron61 shared it on G+.
The two problems you point out are indeed significant. The first puts G+ in the same category as Facebook, which also forbids pseudonyms (although it does only very weak enforcement). The second seems like something that google plus administrators are going to need to work out a solution to in any case, as people aren't going to stay with google plus if random griefers can force them to go through a name validation process (but it is true that people who weren't actually using their real name would be SOL, and that a policy that punished griefers for random harassment wouldn't protect you, as it would just take someone who knew that you weren't signed up under your real name to make your life miserable).
|Date:||July 30th, 2011 06:55 pm (UTC)|| |
Re: google plus names
The first puts G+ in the same category as Facebook, which also forbids pseudonyms (although it does only very weak enforcement).
Exactly. And is why I won't use Facebook.
Facebook, if you'll recall, original had a very different security/privacy model. It was an academic service for networking schools, intramurally. You had to have a .edu account to register, and you could only find and connect to people at the same .edu as your email address. Under that system, people got invested, blogged about their university social lives (from "I got a C- on that exam" to "I got wasted last night"). And then FB blew out the jambs, and anyone could join with any email address, and search the whole system by "real name". So suddenly your mother could now read your status updates from college. Brilliant.
FB seduced people into giving up private information -- in which I include "real" names -- and then slowly betrayed it. I'm told the old expression about slowly boiled frogs is an affront to amphibologists; apparently people are dumber than frogs.
The only differences between FB and G+ is that G+ didn't attempt to trick people into going along with it, and that, thanks to what FB pulled, we're wise to the crap G+ is currently pulling. Fool me, FB, shame on you; fool me, G+, shame on me.
|Date:||July 30th, 2011 07:34 pm (UTC)|| |
Re: google plus names
FB at least originally had a reason for being based around real names (being based around real-world relationships on college campuses). G+ is pretty clear on wanting real names for information mining for advertisers reasons. It didn't target itself at any sort of coherent face-to-face community where real names make some sense (although its aggressive policy enforcement and practice of defining real names as legal names doesn't make sense even in those contexts, as its harassment of people from Hong Kong for using their use names makes clear).
|Date:||July 30th, 2011 08:14 pm (UTC)|| |
That argument makes a lot of sense, but I can also see what looks to me (who is admittedly not all the knowledgeable about computer security) like a valid counter-argument, in that a "real names" policy (where the name can be kept secret from everyone except Google) is one way to help reduce the number of spammers and griefers using G+ to annoy everyone else, which benefits no one except the spammers and griefers.
OTOH, if there are other relatively easy and effective ways to prevent banned spammers and griefers from simply popping up under another pseudonym, then a "real names" policy is pretty much indefensible.
|Date:||July 31st, 2011 03:42 am (UTC)|| |
*Looks left* *looks right*I
am using a pseudonym. You
are using a pseudonym. Everybody else in this discussion
is using a pseudonym.
You noticing a lot of spammer and griefers in this discussion?
LJ ain't using a real name rule to prevent them. Further, while LJ's approaches aren't proof against hooligans, adding
a real name rule wouldn't
It turns out that even if there was great benefit to requiring real names (and I'll get to what limited benefit there is) you immediately run smack-dab into the authenticity problem: how does someone prove they are whom they say the are?
The authenticity problem online is... not exactly hard. We know how to do this. It's more-or-less a solved problem. No, the problem is that the solutions are expensive
. They all have horrible trade-offs, some in terms of money (SecureID worked great until last year or so, but are you really going to mail everyone on the planet a digital frob? And what will you do about theft?) or other
security holes (Sure, you can demand authenticating data, such as photos of government IDs or credit card numbers, but then you just upped your exposure from "losing people's diary entries" to "losing people's credit card numbers/photo IDs", and the law has some fierce things to say about the latter that it doesn't about the former) and none of them scale up well.
But it turns out that authentication is of only limited use, anyway. The problem isn't who someone is, it's how they behave. So, for instance, if you know who everyone is, and you know two of your users are Laurence Canter and Martha Siegel
, that fact in and of itself doesn't help you.
What substantially helps is the ability to prevent -- or substantially discourage -- the behavior you don't want.
|Date:||July 31st, 2011 08:27 am (UTC)|| |
You noticing a lot of spammer and griefers in this discussion?
I've actually been deleting a lot of spam lately from my lj, including from this thread :) Of course, I have anonymous comments set so they must be approved, so no one but me ever sees the spam. LJ has a problem with spam (both anonymous and from free accounts), and it looks to me like avoiding spam is one (of several) reasons Google has the policies it does for G+. OTOH, there are as you mention better ways to accomplish this.
Somebody made an awesome post a while back about the difference between anonymity and pseudonymity. Except they didn't use the word pseudonymity, they used another word that specifically conveyed handle permanence. I can't remember what it is now, so I can't find the article. Is this ringing a bell?
Basically, the gist of it was, use of long-running pseudonyms is more or less as effective at foiling spam and griefing as use of real names. People build reputations associated with a name, and reputability is what makes the honor system useful.
|Date:||July 31st, 2011 03:43 am (UTC)|| |
Here's a nifty example: both StackOverflow and LinkedIn have functionality limits on how new user accounts can interact with other users. When you sign up, you can't go around hassling other people without limit. You can only take a restricted number of actions. I'm not familiar with StackOverflow, but on LI, I know that if too many of your linkup requests are denied -- it's a small number -- you're not allowed to make more. You only get to initiate 5 PMs a month until you prove yourself. This defeats the wack-a-mole problem with hooligans.
LinkedIn is a particularly fascinating example because they are actually, honest to goodness, a service which is explicitly and substantially for a sub-species of spammer: headhunters. Pseudonym, schmoodonym: headhunters are people who are perfectly willing to behave appallingly under their real names. This is a population which is legendary for their water-like tendency to flow between cracks in the social contract. So even though LI uses professional names, they knew that wasn't going to help at all. LI had to put some enormous thought into how they could welcome that challenging population into their service, yet constrain their behavior enough that anyone else would be willing and able to stand being on the service with them. LI succeeded brilliantly, by restricting the behaviors that spammers want to engage in, and enabling the behaviors non-spammers want to engage in. And making it truly ecological, they then sold
access to the spammer-behaviors to spammers in a controlled way. Sure, they get to predate on the rest of us, but so mildly, we don't mind. They don't get to drive off the very users they want around, but they still, for a fee, get to contact people with jobs.
So what are "real names" on the back end good for? Police surveillance, maybe -- IFF those names are authenticated. If you have to enter a CC# to use a site, and then you do something Very Bad, and there's a criminal investigation, that CC# may lead to a culprit.
The question is then, "is the possibility that in the event of a criminal activity happening on the service, having some authenticated ID to give to the police, worth (1) restricting use of the service to the intersection of the sets of people who have CC#s
and people who are willing to trust you with them, and
(2) increasing the financial liability of the service in case of data breach, and
(3) increasing the risk of personal data exposure to your users?"
Some services say yes, especially those that are already part of consumer good retailers, such as Amazon. Amazon already needs to handle CCs and home addresses in a responsible manner; they've already assumed that liability, and their users have overwhelmingly assumed that risk.
Interestingly, the most common arguments in support of how using "real names" deters hooliganism are entirely predicated on the "real names" being required not in the back but the front of the service. They're all based on reputational effects that don't kick in if the service knows your legal name but other users only know your pseudonym.
|Date:||July 31st, 2011 03:52 am (UTC)|| |
One of the issues quietly in play here is that G+, in particular, wants a huge land-rush adoption. They want to do everything possible to facilitate people signing up and using the service. They used limited invites to slow things down only to support the hardware ramp-up.
The problem is that the best mechanisms for keeping out (problematic) sockpuppets is making it not so easy for anyone to start a new account and go back to making trouble. Putting in a few speed bumps. Making people earn increased trust with the service functionalities through demonstrated prosocial usage.
But these things slow growth, which makes for fewer "We got 100,000,000 users in the first month!" press releases.
|Date:||July 31st, 2011 08:35 am (UTC)|| |
I think this is one of the big issues and one I have a lot of sympathy with. Facebook is the giant - if Google wants to do anything that isn't merely a tiny flash in the pan, they need to make a fairly big splash, and that means growing very rapidly, at least at first, so they'll actually attract some notice and won't end up with a user base of half a million geeky android fans like myself, while being completely ignored by everyone else. Also, making a system at all difficult or annoying to use, especially for the sort of clueless &/or careless users that much of the population consists of is also clearly a bad idea.
So, what they need is something that will cut down on spam, sockpuppets, and sleaze w/o infringing on people's rights, while also making the service sufficiently easy and transparent that most people are willing to use it. Unfortunately, from everything I've read "sufficiently easy for most people to use" generally means ludicrously open to abuse.