I was reading this post on jet lag cure at Lifehacker (a great site, by the way), when I saw this line: "What really helped was watching what I ate and drank before, during, and after the flight." My mind read this twice as: "What really helped was eating and drinking before, during, and after the flight."

Oh my.

. . .

Leedar asked a great question as a comment in my previous post.

How do we deal with internet spam?

Honestly, I've only given a short thought to this growing problem, so the answer I'm writing here is pretty vague, but should give you a rough idea of how I think it might be accomplished.

Ultimately the problem of spam comes down to the balance between anonymity and privacy versus identity authentication on the web. These two items are mutually exclusive ... so where you have give priority over to anonymity, you will have greater problems with spamming.

Quite honestly, I think the best solution is to have some sort of centralized, federated authority system. This is in, no way, a system to track the activities of individual users on the web; it's sole purpose would to give ONE central identity 'card' to each legitimate user on the web.

You would be required to provide some sort of solid government-issued identification to receive this identity ... and this identity would only be issued once. One identity per person.

When creating an account on Tabulas, for example, you could provide the username/password for your federated identity card, which would through a series of activities check back to a primary server to verify your identity. Tabulas might provide you an incentive to use this identity card during the registration process, although users can still register without the card (opt-in).

In essence, it's vaguely similar to OpenID, but a bit different by forcing a bit more of authentication and storing a bit more information about the user in one place.

Now, this really goes against what everyone believes the Internet is all about, but in reality, privacy on the internet is a joke.

To take advantage of any site on the web, what do you have to do? You have to register. Look at how many registrations you have floating around, with that information being sold to whoever? All this federated system would do is create ONE repository of basic information and provide an API for verification by third-party sites. Since this would not be a for-profit site, it would have to be set-up by either a non-profit organization (preferable) or run by the government (no thanks).

The reality of the matter is that there is no such thing on privacy on the web already, and since this would be an opt-in measure, it wouldn't have to bother anybody at all. Everyone on the Internet already has registered to at least one site - it would just be a matter of registering to the federated system and using that system as a springboard for registration elsewhere.

Amazon could do this already. They already are able to verify individual users; just provide a username/password API to check ... and we can link third-party sites to Amazon's log-in system.

Posted by roy on August 24, 2005 at 11:47 PM in Web Development | 8 Comments

Related Entries

Want to comment with Tabulas?. Please login.

Comment posted on August 26th, 2005 at 08:25 PM
huh?
Comment posted on August 25th, 2005 at 12:40 PM
kinda sounds like how s. korea requires you to enter your "national id" (i forget what the id is called...) to join certain websites.
Comment posted on August 25th, 2005 at 08:43 AM
I think it is a great idea Roy. But I'm also one of those guys who thinks a national ID card is a good idea. :-)
Comment posted on August 25th, 2005 at 01:12 AM
Really, this is a whole lot of trouble for just guarding against spammers. Surely there must be a less convoluted, less grandiose solution that could be practically implemented.

Whenever I get my Web site done I'm not allowing comments. :-]
Comment posted on August 25th, 2005 at 07:07 AM
It's not that much work. You would register for ONE more site that would require government-issued ID, then you woudl sign into Tabulas using that username/pw, click the "i'm in the federated identity verification blah", and then still write your comment.

I'm not sure how much more work that is compared to what you're already doing.
Comment posted on August 25th, 2005 at 03:34 PM
It is hard to fathom how this could be effort- or feasibility-comparable to 'what [I'm] already doing' (whatever that is).
Comment posted on August 25th, 2005 at 12:58 AM
But what about identity theft? Cracking into government servers isn't exactly unheard of.
Comment posted on August 25th, 2005 at 07:06 AM
Well, identity theft is a problem regardless of whatever solution you propose. There will always be identity theft, and there will always be a risk of identity theft. Do people not fly in airplanes because it may crash?