Friday, 21 December 2007

Does Blogger leave us vulnerable to impersonation?

I write this post in response to Peter's comments on other posts (see here and here) in which he is concerned that Blogger's policies may leave people vulnerable to impersonation. Rather than write a long comment, I think this subject deserves a post of its own, especially as I would like to know your opinions on this matter.

In his comments, Peter outlines his concerns that impersonators are so easily able to maliciously slander another person online by creating fictitious comments which link to an innocent blogger's profile, or indeed create an impostor blog pertaining to be written by someone else. Just a little research online uncovers the frightening truth behind this concern. But do Blogger's policies leave us open to the dangers of impersonation, or is this the nature of the Internet?






Online impersonation can come in many forms. Blogs such as Poorblogger and John Cow impersonate blogging celebrities in humorous parody, but on the other end of the scale impostor-driven blogs can be harmful, hurtful and may even result in criminal proceedings against an innocent person.

As Peter explains in his comments, bloggers in certain parts of the world can be easily detained, and possibly prosecuted for unsavory and salacious content discovered in their sites, whether this be in the form of a blog post or a comment left on their blog (as in the case of Natanial Tan). Impersonation could result in innocent bloggers and webmasters being unfairly detained for content they have not authored themselves.

Another case is that of the "Megan Had It Coming" blog, which impersonates Lori Drew, the woman involved in creating a fake MySpace profile of a 16-year-old boy created to start an Internet relationship with Megan Meier, the Missouri teen who hanged herself. Amidst the high profile court case regarding responsibility for Megan Meier's death, this impostor blog profiles the extent of cyber-bullying which can easily be generated online.

Are Blogger's policies flawed?

The "Megan Had It Coming" blog is hosted by Blogger, and while Blogger claim to take a strong stance against impersonation through users of their service, at the time of writing this post, that blog is still available to view.

Blogger says this about it's stance on impersonation for users of its services:

We do not allow impersonation of others through our services in a manner that is intended to or does mislead or confuse others.

However, when we look at the content policy for defamation, which is intrinsically linked to the malicious impersonation of another person, we read this:
The language of Section 230(c) of the Communications Decency Act fundamentally states that Internet services like Google.com, Blogger and many of Google’s other services are republishers and not the publisher of that content. Therefore, these sites are not held liable for any allegedly defamatory, offensive or harassing content published on the site.

So it seems that while Blogger claims not to tolerate impersonation, Blogger will only remove content hosted on its service "if the material has been found to be defamatory by a court, as evidenced by a court order". By then the damage would already have been done.

Furthermore, it is very easy to create a blog. Yes, I know we need to have or create a Google account in order to host a Blogger blog, but we do not need to verify our email address, nor do we receive conformation that a blog has been created. So it would be very easy for a malicious poster to set up a Google account and a Blogger blog using someone else's email address, username and identity!

Blogger's comment policy

One of the issues which concerns Peter is that Blogger allows visitors to leave their comment and URL without having to log in as proof of their identity. Of course, it is the publisher of a blog who decides whether or not to allow anonymous comments, though many do choose to do so in order to generate link love for their blog readers, but is the blog author also responsible for the comments left by their readers?

As you may have read in my previous post, I feel that my blog's visitors should be able to leave their URL along with their name when leaving a comment. However, I do understand Peter's concerns, and also that of others who believe such an open commenting system leaves a blog open to abuse from malicious internet surfers. Spam and abusive comments on my blog are rare, though if ever I suspect that my blogs comments are being abused, I reserve the right to delete the questionable comment.

Although I am glad that Blogger have decided to revive the system where commenters can leave their URL, I do still believe that Blogger's commenting system leaves much room for improvement. Other blog commenting systems, message boards and forums provide methods for visitors to "sign" their comments and leave their URLs, whilst still offering some degree of protection and affirmation against malicious impersonation, such as:

  • Logging of IP addresses for every comment made, which is usually made available to the administrator/author of the site, and could be used to look up the details of malicious authors

  • Author controlled exclusions for IP addresses or questionable content left in comments. This way, blog authors could exclude the comments of visitors who are known to be malicious, and control any content which could be published without having to manually approve each and every comment made.

Other blogging platforms allow the blog author such control over their sites by default, while Blogger seems to allow us very little control over the comments left on out sites, unless we choose to manually approve each comment (which for blogs with high traffic could be a long and tedious task).

Blogger may well implement the above policies in comments, but even if this is the case, the author of a blog does not have access to these details, nor are we able to have a greater degree of control over how such policies are implemented.

We need to protect our identity online!

The Internet is a very difficult place to police effectively. Different countries adopt different policies on cyber-crime and proving who is responsible can be a difficult task in itself.

Blogger's does allow more room for abuse than other blogging platforms due to the flaws in its policies regarding accounts and comment policies. Wordpress.com, for example, requires its bloggers to have a unique API key, and logs the IP address of any visitor who makes a comment, while self-hosted Wordpress blogs generally require the author to purchase a hosting package and domain name where the owner's personal details are held by ICANN: the domain name registration authority.

However, in my opinion no blogging platform, social community hub or forum is without its flaws. Even if Blogger were to create a closed and carefully monitored system for its members, online impersonation would still be possible on thousands of other sites.

In fact, I believe that there is no fail-safe way to protect our identities online. But we can take steps to help us protect ourselves against impersonation online.

Here are a few simple tips you could try to help guard yourself against abuse of your online identity:

  • Google your name and website regularly to find out what others are saying about you. Many people already do this for somewhat narcissistic reasons, but this also serves the pirpose of ensuring your name and blog's identity are not being used for malicious purposes.

  • Set up a newsfeed to receive updates when a new site or page referencing you is indexed by Google. This ensures you are always kept up to date about any issues which may concern you. You can easily set up such a newsfeed here and ensure updates are emailed to you daily.

  • Keep track of sites which link back to your blog. You can do such a search using Google, like this, which will give you a list of all websites that provide a link back to your blog. Also you may want to consider using Technorati and view your blog's profile regularly to see all links from blogs to your own site.

  • Consider creating a membership with QDOS. This is a new service, currently in Beta, which helps members to take control of their digital identity by logging all of their profiles, websites and online activity (eg: blogging, social networking) in one easily accessible place. Furthermore a QDOS score is calculated to determine how active and individual you are online. This service was originally created to help members protect their digital identity, thus ensuring duplicate profiles cannot be created. Membership is currently by invitation, though when you register your interest you will be among the first considered to use this new service. I have just begun to use this myself, and so cannot comment much about how useful a tool this may be, though so far I am hopeful for QDOS' success!

  • Report any malicious abuse of your identity. The first point of reference should be to the administrator/author if the site in question (if this is possible). Alternatively you could perform a WHOIS search to discover the details of the website owner or supplier, then use this information to present your complaint. You can report violations of the terms of service for a Blogger blog directly to Blogger using this form.


The Internet is a vast and somewhat uncontrollable place, though thankfully instances of impersonation are infrequent. I hope that this information has answered Peter's comments to the best of my knowledge, and will help others overcome any concerns regarding how their online identity can be used.

No comments:

Post a Comment