Difference between revisions of "Pseudonym"
From MgmtWiki
(→Context) |
(→Solutions) |
||
| (18 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
* Many web sites require users to have a persistent user name which is unique on their site to identify the user. | * Many web sites require users to have a persistent user name which is unique on their site to identify the user. | ||
* As a general rule [[Web Site]]s, and as a practical rule [[Identifier or Attribute Provider]]s require that the pseudonym be unique within their domain; thus the pseudonym@domain.tld will be a valid [[URI]]. | * As a general rule [[Web Site]]s, and as a practical rule [[Identifier or Attribute Provider]]s require that the pseudonym be unique within their domain; thus the pseudonym@domain.tld will be a valid [[URI]]. | ||
| − | * Some providers will reuse pseudonyms once a connection to a real user has been broken for some specified period of time. Email | + | * Some providers will reuse pseudonyms once a connection to a real user has been broken for some specified period of time. Email addresses, in particular, typically have this characteristic. |
| − | |||
==Problems== | ==Problems== | ||
| − | User may wish to | + | * [[User]]s may wish to have some name that is not associated with their real name when the web site requires a persistent user name or they may wish to have separate [[Persona]]s associated (e.g.) with their social self and their work self. |
| + | * In contexts where names are not validated (of low [[Assurance]]) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.<ref>Jack Nicas, ''Oprah, Is That You? Most Likely, It's Not''. 2018-07-08 New York Times page BU1</ref> | ||
| + | * While some users may think that separate [[Persona]]s cannot be correlated, research has shown that this goal will not be possible<ref>Gina Kolata, ''Can Data be Fully Anonymous? New Algorithms can still identify you'' New York Times (2019-07-24) p A8.</ref><ref>Luc Rocher, Julien M. Hendrickx, Yves-Alexandre de Montjoye, ''Estimating the success of re-identifications in incomplete datasets using generative model'' (2019-07-23) Nature Communications https://www.nature.com/articles/s41467-019-10933-3</ref> That reality does not prevent users from trying to use [[Pseudonym]]s to remain [[Anonymous]], but it will never work against a determined adversary. | ||
==Solutions== | ==Solutions== | ||
| − | * Users are often asked to use their email address as a local user name since the email address is known to be a [[URI]] and hence unique in the internet. | + | * Users are often asked to use their email address as a local user name since the email address is known to be a [[URI]] and hence unique in the internet, at least for a period of time. |
* When the user has an option, they often pick some sort of description name, such as a gamertag in a role playing game, which is tested for uniqueness within the relevant name domain. | * When the user has an option, they often pick some sort of description name, such as a gamertag in a role playing game, which is tested for uniqueness within the relevant name domain. | ||
* When a user needs to provide some sort of validated attribute for the duration of a session at a web site, a session ID might provide sufficient security to bind the verified attribute for the session duration. | * When a user needs to provide some sort of validated attribute for the duration of a session at a web site, a session ID might provide sufficient security to bind the verified attribute for the session duration. | ||
| + | * [https://connect2id.com/blog/openid-federation-ppid-policy OpenID Federation policies for Pairwise Pseudonymous Identifiers (PPID)] 2024-02-26 | ||
==References== | ==References== | ||
| − | + | <references /> | |
| − | + | ===Other Links=== | |
| + | * Synonyms for a [[Pseudonym]] include [[User Name]], display name, gamertag, nom de guerre, [[Subject ID]] (sub) or (on Facebook) Fake Name subject to arbitrary termination. | ||
| + | * Anonym is not used in the context of identity as it does not provide one. It may be used as the condition (Anonymous) of a user prior to accepting (1) a cookie, (2) a fixed IP address, (3) an HTTPS connection or (4) a request for an [[Identifier]]. | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
| + | [[Category:Identifier]] | ||
Latest revision as of 15:03, 1 March 2024
Full Title or Meme
A Pseudonym is a name used in place of a real name, but that is expected to have a continuing association with a real entity for an extended period of time.
Context
- Many web sites require users to have a persistent user name which is unique on their site to identify the user.
- As a general rule Web Sites, and as a practical rule Identifier or Attribute Providers require that the pseudonym be unique within their domain; thus the pseudonym@domain.tld will be a valid URI.
- Some providers will reuse pseudonyms once a connection to a real user has been broken for some specified period of time. Email addresses, in particular, typically have this characteristic.
Problems
- Users may wish to have some name that is not associated with their real name when the web site requires a persistent user name or they may wish to have separate Personas associated (e.g.) with their social self and their work self.
- In contexts where names are not validated (of low Assurance) the problem arises that trolls many adopt the name of some well-known person to be able to make statements that falsely appear to be from the real person.[1]
- While some users may think that separate Personas cannot be correlated, research has shown that this goal will not be possible[2][3] That reality does not prevent users from trying to use Pseudonyms to remain Anonymous, but it will never work against a determined adversary.
Solutions
- Users are often asked to use their email address as a local user name since the email address is known to be a URI and hence unique in the internet, at least for a period of time.
- When the user has an option, they often pick some sort of description name, such as a gamertag in a role playing game, which is tested for uniqueness within the relevant name domain.
- When a user needs to provide some sort of validated attribute for the duration of a session at a web site, a session ID might provide sufficient security to bind the verified attribute for the session duration.
- OpenID Federation policies for Pairwise Pseudonymous Identifiers (PPID) 2024-02-26
References
- ↑ Jack Nicas, Oprah, Is That You? Most Likely, It's Not. 2018-07-08 New York Times page BU1
- ↑ Gina Kolata, Can Data be Fully Anonymous? New Algorithms can still identify you New York Times (2019-07-24) p A8.
- ↑ Luc Rocher, Julien M. Hendrickx, Yves-Alexandre de Montjoye, Estimating the success of re-identifications in incomplete datasets using generative model (2019-07-23) Nature Communications https://www.nature.com/articles/s41467-019-10933-3
Other Links
- Synonyms for a Pseudonym include User Name, display name, gamertag, nom de guerre, Subject ID (sub) or (on Facebook) Fake Name subject to arbitrary termination.
- Anonym is not used in the context of identity as it does not provide one. It may be used as the condition (Anonymous) of a user prior to accepting (1) a cookie, (2) a fixed IP address, (3) an HTTPS connection or (4) a request for an Identifier.
