May 07 2008

The Post wants to know who you are

Published by at 6:19 am under Blogging,Privacy

I’m mildly annoyed, but I find it hard to get too worked up over this issue: Jim Brady from wants to know who the people are who are leaving comments on his site. He wants to know who the real person is making comments, not so he can track them, but so that he can make them accountable for their comments. That’s a laudable goal, but does this guy really have any idea how the Internet works?

Mr. Brady laments the fact that people are as anonymous as they want to be on the Internet and that the people who comment on his site are leaving nasty, bitter, derisive comments. He wants to have some sort of tracking system where he can positively identify everyone who comments on his site and block the problem children. As he sees it, this sort of accountability is the only way to ‘raise the level of discourse’ on his site. As if accountability would somehow accomplish this goal. Does he understand human psychology any better than he understands the Internet?

This isn’t a privacy issue; without major changes to the Internet, Mr. Brady’s wish is never going to become a reality. There are too many built in safeguards and too much complexity on the Internet to make positive identification of his commenters a reality any time soon. The site has already experimented with blocking IP blocks and found that’s a good way to block large chunks of the Internet from his site. They’re experimenting with other technologies, but that’s not enough for him. I wonder if they’re looking at OpenID at all to solve his problems.

Online identity is a huge issue, one that’s not going to be solved because some editor wants track his commenters, even if it is the Washington Post. Mr. Brady has bigger problems though. First, he obviously doesn’t understand the Internet if he thinks there’s much possibility of reliably tracking users on the Internet. Anyone with even a modicum of computer knowledge could probably find a way around any tracking technology the Post puts in place. Even if they can’t, I’d be willing to bet there’d be a Firefox plugin or other application that gets around the technology. Oh, wait, we already have BugMeNot.

The second problem is that Mr. Brady is trying to solve a social issue with technology. This is the same trap we often fall into as security practitioners, trying to solve a people problem with more applications. And he’ll probably find out the same thing we keep finding over and over: technology fixes for people problems don’t work. People are going to find ways around the technology if it’s stopping them from doing what they want, period. If someone wants to be anonymous, they’ll find a way. We’ve found that with almost every technology that’s ever been used to secure a corporation. You put a block on a website, your users find a proxy. You try to keep users from installing software, they find a friend in IT to help them. They will find a way around technology if it gets between them and what they need/want to do. The technology is just a speed bump, and its an annoying one at that.

The real problem for is that it takes people engaged with their readers to deal with this problem. It requires having someone monitoring the comments, deleting inappropriate posts and replying to the ones that are appropriate. He’s not going to get his tracking mechanism any time soon and rather than lament the lack of accountability, he needs to understand the real problem and deal with it as a human issue. People have been commenting anonymously to newspapers for as long as they’ve existed. How many of the letters the Post gets on a weekly basis have no return address and no indication of who sent them? The difference between the real world and the virtual one is that the editor has to consciously pick which comments get printed in the paper. That same power exists in the virtual world, it just takes human interaction in the form of comment moderation. Funny to think that the more things change, the more they stay the same.

It’s pretty certain that is spending a fair amount of money on technologies to combat aggressive, insulting commenters on their site. They’re probably spending more on technologies and the people managing them then it would cost to hire one or more people to be responsible for moderating the comments. It’s easier to ask for the money to purchase a magic technology that will solve a problem than it is to ask for more people to get actively engaged. After all, technologies have a very clear cut reason for existing where as people have all these nasty issues that come with them, like personalities and mistakes. But if you want to solve a people problem, only people can deal with it.

By the way, does anyone really believe the Washington Post and other sites wouldn’t use all the identity information they collect for marketing if Jim Brady had his way? Me neither.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

4 responses so far

4 Responses to “The Post wants to know who you are”

  1. rybolovon 07 May 2008 at 8:17 am

    Hi Martin

    The Post have been spoiled brats for a long time because they have a one-way conversation with the power-brokers inside the Beltway. Yes, they take input from everybody, but when the paper comes out, it’s entirely what the Post wants to say and how they want to say it.

    Allowing people to comment on articles shifts the power away from the Post and to anybody who cares enough to say something. There are many people inside Washington who have something to say anonymously about their leadership, what the Post says about their leadership, the current state of world affairs, you name it.

  2. Benon 08 May 2008 at 5:11 am

    I find it particularly disappointing when Constitutionally-protected entities, such as this “journalistic” source (by way of the WaPo) gets upset when others exercise their Constitutional rights, such as to privacy. Boohoo – time for them to grow up and join the America that the Founding Fathers envisioned.

  3. Benon 08 May 2008 at 5:21 am

    I typed my last too fast – meant to point to “freedom of the press” as guaranteed by the First Amendment, and when I said privacy, meant by way of anonymous discourse.

  4. Martinon 08 May 2008 at 5:36 am


    Given the attitude of the current Executive Branch of the government, why should a paper like the WaPo care about the Constitution? I’m not sure I’d want to live in the America the founding fathers envisioned, but I’d be willing to go back to a pre-9/11 world where freedom and liberties were more important than securing us from some poorly defined threat called terrorism.

    I wrote a follow up to this post on a mailing list yesterday and I realized that one of the problems with this issue is that Mr. Brady is confusing one possible solution with the problem he’s trying to solve. His problem is that he wants to stop ‘flame wars’ and inflammatory postings; the solution that he has in mind is verification of identity. There are a number of other possible solutions, but this is the one he has in mind as THE solution to the problem. He’d probably be better off hiring someone to do nothing review comments, but that’s not the solution he wants to examine.

    And we in security never, ever confuse solutions and challenges, do we? :-)

%d bloggers like this: