Thought for the day:Faking it on the Web

Readily available e-mail accounts mean you can be anyone you like on the Internet. It's time to impose some reality, argues Colin...

Readily available e-mail accounts mean you can be anyone you like on the Internet. It's time to impose some reality, argues Colin Beveridge

Dr Jekyll and Mr Hyde had it easy - they only had each other to worry about. I have so many alter egos now that I need a database to keep track of them all.

But then I don't have to take a mysterious potion to transform myself into a new character. All I need is a Web browser and five minutes on the Internet to get another brand-new online identity. A quick visit to Hotmail, or to some other generous purveyor of instant Web credentials, and I am ready to unleash my new self on the unsuspecting masses.

By using the simple device of an unsubstantiated application for an e-mail account, I instantly become a credible virtual presence with absolute freedom to represent myself online as whoever, or whatever, I desire.

Armed with my adopted name and a new e-mail address, I can communicate, transact business and live a full online "life", just like a regular person. And I can repeat this exercise, over and over again - as many times as I choose, without anybody else being aware of what I am doing, or caring.

There are no safeguards at all to prevent me from creating whole communities of virtual personalities, each one cocooned from each other with complete anonymity, untraceability and, most importantly, unaccountability.

Of course, if I wish, I can easily make sure that nobody can connect any of my virtual personalities to any of my physical attributes, such as my real name or address - not even an IP address if I use an Internet café to manage my virtuality.

The only restriction when creating an untraceable Web identity is that I must be original in my choice of name - I cannot have exactly the same user name as another account holder. However, this is an extremely minor inconvenience when weighed against the potential advantages of total anonymity and protection from unwanted detection.

Is it any wonder then that so many people still distrust anything to do with the Internet, when it is so easy for users to hide behind false identities?

In my view, this unfettered access to online identity creation has become a very serious thorn in the side of the Internet - and an incredible source of succour for those people who wish to abuse or mislead others.

I haven't seen any formal analysis that links Web crime/misuse with unverified e-mail accounts, but I honestly believe that there would be far less scope for making mischief online if we applied a little common sense security to the anonymous e-mail account process.

The fundamental problem is that anyone can set up such an account in minutes, without providing the slightest evidence of their real identity, or their genuine contact details. But why should we allow this glaring security weakness to persist?

Why shouldn't we insist that every single e-mail address is directly attributable, or associated with a real person or business?

Services such as Hotmail should require their subscribers to provide a contact telephone number or a mailing address. These physical credentials should then be validated before the anonymised e-mail account is activated.

It's not a perfect solution - but we have to start somewhere if we are serious about improving the security and maturity of the World Wide Web.

What do you think?
Should e-mailers have to prove themselves? Tell us in an e-mail >> CW360.com reserves the right to edit and publish answers on the Web site. Please state if your answer is not for publication.

Colin Beveridge is an independent consultant and leading commentator on technology management issues. He can be contacted at colin@colin.beveridge.name

Read more on Operating systems software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close