Monday, December 11, 2006

Attempts to consolidate my online identity brand

I've started to take an interest in this concept of a personal online identity brand lately. I first mentioned it a few posts ago here. It's interesting to me because:
  • It's fairly new.
  • It's a form of identity management, but with a very strong marketing focus.
  • It makes one look at identity from a non-technical perspective.
  • It elevates the concept of identity commonly mentioned amongst the technical community to something that the average Joe can identify with.
  • It further "rounds out" the concepts around our "digital identity".
  • One day, someone may offer you a job because of your online identity brand.
  • One day, you may be fired because of your online identity brand.
What got me thinking about this again today was a news story on titled "Send us a resume and URL". I'm starting to see this take effect on a more personal level hence heightening my interest.

I get unsolicited emails and phone calls from companies and recruiters asking about my interest in roles they have that they want me to consider. I usually have no idea how they get this information as I'm not applying for any jobs explicitly. Hence they must be doing it some other way. I've started to ask these people where they get my details and it is probably no surprise that a fair few are from personal referrals and people who know me or at least know of me (my day job gives me some level of a public profile in the technical community).

However, there seems to be an increase of people (not just locally, but overseas as well) who say they found my details via online social/business networking sites like and the like. It's no surprise that Internet savvy recruiters love business networking sites such as as it gives them a new channel and transparency into the masses out there that they would have never dreamed of gaining via traditional means. This trend will only continue as time passes and recruiters research new ways to gain a competitive advantage over their competition for talent.

If recruiters can gain access to potential candidates via publically available information, this obviously has implications with regards to prospective employers and people in general who may want to know something about you. I won't even begin to talk about the privacy implications here, but in most cases you give up a level of privacy if you choose to disclose information about yourself online. In these cases, it's simply your own fault. But what about the information you have no control over and things that have been posted about you without your knowledge? This is the reason we're starting to see an uprising of companies who claim they can "manage your online brand" and help you erase any negative information out there. My question to them is simply how do they expect to have the ability to erase anything about anyone on the public Internet where information you want to erase is more than likely not within your control? Are they really expecting that the site owners will remove the information if they ask nicely? Are they going to threaten legal action? How are they expecting to prove that the information is incorrect? Sites have every right (in most cases) to publish information they deem to be accurate - especially if we've clicked the "I agree to give up all ownership of any information I give you to allow you to publish it however you choose" button that is a pre-requisite to sign up to most sites out there. You know, the terms and conditions text box we NEVER read! Who's going to pick up the bill? The consumer? It's just a legal, potentially costly minefield. In other words, it's a very difficult thing to attempt to do without some form of standardisation.

Let's expand on this and look at identity theft. I'm not talking about the commonly known term you see in the news nowadays where someone steals your details to get access to your bank account or credit card details or whatever else is of value so they can commit fraud and cost someone (hopefully not you) a lot of money and in the process profit from it. I'm talking about stealing your online identity brand. What if someone claims to be you and signs up to all sorts of things all over the place under the guise of claiming to be you? They are never challenged. How can you get that back? Our online identity brands are much easier to steal than our bank account details. The losses we incur may not be financial (at least not directly) but what if we lose a job because of false information out there about ourselves? Can we call it financial loss then? It's certainly personally damaging one way or another.

Companies such as ClaimID are attempting to address some aspects of this issue by giving you a place to point people at for anything and everything you know about yourself online. It's essentially just a page of links that relate to you. Profiles, books, blogs, photos, comments, references to you in articles etc. The thing about ClaimID is that you have to find all the information about yourself, by yourself. No 3rd party is going to do it for you unless you pay them. e.g. InfoSearch media as mentioned in this press release. It's easy to link to information about yourself, meaning I can "claim" information about someone else to be mine. For example, in my case, there's a rather well known doctor who is an expert in nutrition and weight loss with the same name as me. I could simply just link to all the information about him and claim I'm this doctor. I have to give ClaimID some credit in attempting to get around this issue by using the concept of a verified link. The problem I have with the way they do it is that I need to have the authority to edit the web page I'm linking to because the way they do the verification is by searching for a specific unique "MicroID" that tags the page as yours...or at least tags it to be owned by your ClaimID identity/brand. Anyone see the biggest problem here? Well, I really only have control over a handful of pages out there. The other ones I have no say over. Meaning they can never be verified unless I manage to convince the site owner to embed the relevant MicroID into the site. In other words, the problem isn't really solved. Anyone can still say they are anyone else because it's difficult to have a properly verified link and people will simply ignore the "verified link" concept. I'm not trying to put ClaimID down in any way. In fact, I'm quite appreciative that they are at least trying to do something about it. I'm merely pointing out that this is not an easy problem - especially when your online identity brand is so easily stolen. Anyone who can turn on the computer and fire up a browser could do it.

One could argue that Google is the main source of our online identity brand. Most of the world uses it as the starting point for search. Most people have "Googled" themselves at some point. Most importantly, other people have also "Googled" you at some point in time (e.g. employers). How do we attempt to "control" our online identity brand in the more generic sense? Unless ClaimID becomes some sort of standard (I'm sure they'd be extremely happy if that happened) and they improve some of their processes (e.g. the verification step), we've got this potentially large (I won't say huge...yet) problem on the horizon that no one has started to look at solving properly yet. Or to put it another way, we've got a few companies out there trying to do something about this in isolation, but we know what happens when things get done in isolation don't we? They don't get solved...or they take a VERY LONG TIME to come to some sort of resolution because we end up with many different methods to do the same thing.

The point I'm trying to make is that in this case, it's our reputation at stake. One could argue that our reputation is worth more than anything financial. It's MUCH more difficult to recover from a damaged reputation than it is to recover from a financial loss.

I don't claim to have the answers, but I'll continue to ponder the issues and comment on them from time to time. I'm simply stating that this is on the horizon and will need to be looked at. Anyone want to put their hand up? You guys at Google labs reading this (ha! I can only hope) want to volunteer?


Terrell Russell said...

But Ian, you're forgetting the power of weak ties. If I have a claimID page, and I've verified a couple things there at the top - my blog, my website, my ma.gnolia links - and there are other 'unverified' links listed below....

You, as an observer, can reasonably assume those other links are legitimate as well - because you can know that whoever verified the first few, also actively listed the last few. The transitive property of ownership holds within the same account - yes?

So, you don't have to verify ALL your links - just a few to convince the reader you are who you say you are - and then the rest of the connections you make on your page can *almost* be taken at face value.

That is the value of using the MicroID. Small, independently verified claims - when aggregated - mean much more.

Otherwise, an excellent analysis of the space - and I agree - it's not something we can solve, but we can at least educate and help people understand why this matters.


Ian said...

Thanks for the comment Terrell.

Point taken and I agree that the weak ties do give a level of "believability" with regards to the fact that a person's claims are indeed reputable and true. This gives rise to the fact that the more verified links you have, the more reputable your claims about yourself are, which means I'm never 100% certain about someone's claims unless they have verified all their links. I'm only ever a certain percentage certain that they are who they claim they are (I'm rather skeptical though, so I suppose I'm a harder sell). It's all about risk I suppose and how much you're willing to accept. In some cases, a 70% certainty is enough. However, if some financial matters were involved, I'd have a serious problem if it wasn't at least at 90% (some would argue 100%, but even I realise getting 100% in the online world is near impossible).

Requiring a "root verification point" also means that if I want any sort of credibility, I'd better have a proper web presence where I have a level of control of my "primary" site or sites. Of course, this doesn't stop my from registering a bogus site, populating it with false information to make me look like I'm someone else and then embedding a MicroID in that page. I assume you have some level of conflict resolution process in such cases (I must admit I have not studied ClaimID in detail, so apologies for any ignorance on my part), but it depends on the rightful owner realising that someone's stolen their "online identity"...which brings us back to the problem of awareness. This area is fairly new and unfortunately, I don't think the general online population at large are even aware that these things are issues they need to worry about.

All this aside, I think we both agree this is not an easy issue to resolve. Kudos to yourself and Fred over at ClaimID for doing something about it.