Quite an interesting incident happened this evening, which I feel compelled to share. A colleague of mine asked me, while I was at work yesterday, if we could connect on LinkedIn. I said that’d be fine, and sent him an invitation. This evening, he accepted it, but also noted that someone else had created a LinkedIn account using my name and face.
Now, it’s one thing to just scream bloody murder; after all, this kind of fraud is against LinkedIn’s Terms of Service, as the whole point of the service is to be a sort of digital resume. I did, of course, contact their Fraud team (thanks, Twitter!), and I’m sure they’ll have several enlightening things to say. Not that I need to be told who did this– I’m already well aware. (Some people in this world simply don’t know when they’ve lost– ah, the foibles of the feeble-minded.)
However, beyond just canceling the account, I wanted to see what-all they’d been up to. So I assumed control of the email account tied to the fraudulent LinkedIn profile. What I discovered was very interesting.
These… idiots (I hesitate to call them criminals, as while fraud is certainly a criminal activity, this level’s pretty pathetic) had attempted to clone my LinkedIn profile in full, and use it as a grounds to verify their other communications– that is, having made a LinkedIn connection with someone, they were then taking that person’s email address and attempting to use it to communicate with the person they’d just found. In essence, performing a simple reputation transaction, using the somewhat-validated LinkedIn account (that they’d fraudulently created) as their proof of reputation.
However, it didn’t work: not one single person took the bait. The reason why not is intriguing: every person who knows me knows I own ussjoin.com, and do my email from there. So when they got emails from random gmail accounts– it was obviously fake; the accounts didn’t have the reputation built up. Shown another way, while my LinkedIn account is visible on Mnikr, and has people’s investments in it, this other one had no investment, no belief. It only vouched for itself. Pretty easy to disregard it, then.
To me, this is validation for much that I believe. I think that reputation, as constructed by systems like Mnikr (I’m not so arrogant as to think that Mnikr itself will do this all on its own), is what lets us handle identity on the internet. There’s no need for silly things like http://www.honestyonline.com/ – they’re just a site taking your money for no reason. (I met their founder at TEDx Mid-Atlantic, and suffice it to say, we didn’t see eye to eye.) People– even those who’ve never met me in person, and whose conceptualization of my identity thus has no tie to my “real-world” identity– vouch for my digital identity, and give it credence to others. This means we don’t need the government issuing True identities for the Internet– we can get all those benefits without government lockdown, and with none of its (grave) downsides. In much the same vein, people like Mark Walsh who believe the Internet is doomed because of its lack of verified identity are proven wrong by this example: the system works, just as it is. Reputation provides trust, and thus filtering, exchanges, and expertise can come out just as they do in the real world: by word of mouth, even indirectly. With this reputation, we can get authentication quite quickly: my trusted USSJoin.com is also my OpenID credential, allowing me to log into both personal and professional sites. This is exactly what David Recordon told us to expect with OpenID, and he’s right.
So yep: today I realized that someone had attempted to steal my digital identity. And it didn’t work– not because I bought some inane product in a magazine, but because the system for reputation communication on the internet is, even in its infancy, pretty good.
If you’d like to connect to my real LinkedIn profile, it’s linked, as it has been for years, from the front page of http://ussjoin.com. I always welcome connections from entities I believe to be human. :-)