May 07 2008
I’m mildly annoyed, but I find it hard to get too worked up over this issue: Jim Brady from WashingtonPost.com wants to know who the people are who are leaving comments on his site. He wants to know who the real person is making comments, not so he can track them, but so that he can make them accountable for their comments. That’s a laudable goal, but does this guy really have any idea how the Internet works?
Mr. Brady laments the fact that people are as anonymous as they want to be on the Internet and that the people who comment on his site are leaving nasty, bitter, derisive comments. He wants to have some sort of tracking system where he can positively identify everyone who comments on his site and block the problem children. As he sees it, this sort of accountability is the only way to ‘raise the level of discourse’ on his site. As if accountability would somehow accomplish this goal. Does he understand human psychology any better than he understands the Internet?
This isn’t a privacy issue; without major changes to the Internet, Mr. Brady’s wish is never going to become a reality. There are too many built in safeguards and too much complexity on the Internet to make positive identification of his commenters a reality any time soon. The WashingtonPost.com site has already experimented with blocking IP blocks and found that’s a good way to block large chunks of the Internet from his site. They’re experimenting with other technologies, but that’s not enough for him. I wonder if they’re looking at OpenID at all to solve his problems.
Online identity is a huge issue, one that’s not going to be solved because some editor wants track his commenters, even if it is the Washington Post. Mr. Brady has bigger problems though. First, he obviously doesn’t understand the Internet if he thinks there’s much possibility of reliably tracking users on the Internet. Anyone with even a modicum of computer knowledge could probably find a way around any tracking technology the Post puts in place. Even if they can’t, I’d be willing to bet there’d be a Firefox plugin or other application that gets around the technology. Oh, wait, we already have BugMeNot.
The second problem is that Mr. Brady is trying to solve a social issue with technology. This is the same trap we often fall into as security practitioners, trying to solve a people problem with more applications. And he’ll probably find out the same thing we keep finding over and over: technology fixes for people problems don’t work. People are going to find ways around the technology if it’s stopping them from doing what they want, period. If someone wants to be anonymous, they’ll find a way. We’ve found that with almost every technology that’s ever been used to secure a corporation. You put a block on a website, your users find a proxy. You try to keep users from installing software, they find a friend in IT to help them. They will find a way around technology if it gets between them and what they need/want to do. The technology is just a speed bump, and its an annoying one at that.
The real problem for WashingtonPost.com is that it takes people engaged with their readers to deal with this problem. It requires having someone monitoring the comments, deleting inappropriate posts and replying to the ones that are appropriate. He’s not going to get his tracking mechanism any time soon and rather than lament the lack of accountability, he needs to understand the real problem and deal with it as a human issue. People have been commenting anonymously to newspapers for as long as they’ve existed. How many of the letters the Post gets on a weekly basis have no return address and no indication of who sent them? The difference between the real world and the virtual one is that the editor has to consciously pick which comments get printed in the paper. That same power exists in the virtual world, it just takes human interaction in the form of comment moderation. Funny to think that the more things change, the more they stay the same.
It’s pretty certain that WashingtonPost.com is spending a fair amount of money on technologies to combat aggressive, insulting commenters on their site. They’re probably spending more on technologies and the people managing them then it would cost to hire one or more people to be responsible for moderating the comments. It’s easier to ask for the money to purchase a magic technology that will solve a problem than it is to ask for more people to get actively engaged. After all, technologies have a very clear cut reason for existing where as people have all these nasty issues that come with them, like personalities and mistakes. But if you want to solve a people problem, only people can deal with it.
By the way, does anyone really believe the Washington Post and other sites wouldn’t use all the identity information they collect for marketing if Jim Brady had his way? Me neither.