[OLR] Exercise 2.4 Online Identity and my state of presence

The discovery and re-discovery of radical imagination in Aristotle and Kant, is now seen as essential to "both self and to the objects of experience" and "to imagine the self as other". In virtual reality systems, an avatar is described as a new state of presence. The avatar allows group members, such as you, to not only imagine, but to act "the self as other", in support of learning and teamwork processes.

1. Briefly explain, in your own words, what you think of the ideas and solutions presented in Reading A by Dick Hardt. During his 15 minute talk he mentionedphishing, pharming, privacy invasionand identity theft. Give an example to support your explanation of each of those activities.

Hardt's article raises the challenges of going online in a manner that allows you to protect your online identity whilst being able to be verifies by websites for being who you say you are. The challenge of achieving this can be backgrounded against the phenomena ofphishing, pharming, privacy invasionand identity theft. Unlike traditional responses where you rely on another company to authenticate you, Hardt's company proposes using a user-centric model which has the following advantages:

• The user is in the middle of a data transaction. This does not mean the user has to approve every transaction, but that the data always flows through the user’s identity agent. This does have user control and consent advantages that others point out, but I think more importantly, it provides huge scale advantages as the Identity Provider does not have to have any prior knowledge of the Service Provider. The network of sites can build up ad-hoc, just like SMTP servers do today.
• The user has a consistent user experience. That does not mean that all users have the same user experience, but that a specific user is using the same identity agent over and over for each identity transaction, similar to the interfaces we all see for saving and printing files regardless of the application. Currently each SP provides its own user interface which means the user is learning a new interface, sometime for onetime use (eg. site registration) By separating the identity component from the rest of the application, the user also has more certainty on who the SP is which helps resolve phishing. (Source)

User-centric identity is a response to these challenges:

Phishing is the criminallyfraudulent process of attempting to acquire sensitive information such as usernames, passwordsand credit card details by masquerading as a trustworthy entity in an electronic communication. (Source: Wikipedia). So for example the classic Bank email scam asking to update your details with the bank - and by doing so you end up going to a false site by following a link that looks like your bank's URL address but isn't (see Pharming).

Pharming (pronounced farming) is a hacker's attack aiming to redirect awebsite's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or byexploitation of avulnerability in DNS serversoftware. DNS servers arecomputers responsible for resolving Internet names into their real addresses — they are the "signposts" of the Internet. Compromised DNS servers are sometimes referred to as "poisoned". (Source: Wikipedia) Classic redirect that sees you being diverted from a genuine site to a fraudulent site.

Privacy Invasion The wrongful intrusion into a person's private activities by other individuals or by the government. (Source: answers.com) To my mind this raises the question of who can be trusted with your details and of you, the consumer, being able to understand the differences between trusted and untrusted forms of authentication. Moving away from third parties to do your authentication will arguably, leave less of a digital trail

Identity theft is a term used to refer to fraud that involves someone pretending to be someone else in order to steal money or get other benefits. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. (Source: Wikipedia). This cuts to the core of this course and Hardt's presentation - being able to go online and actually prove that you / your avatar is who you say you are. It would be bad enough to be engaged in an online debate with a bot, but just as bad to be debating with someone who isn't even who they say they are. User-centric digital identification could resolve that.