Identity Proofing on Twitter – problems and potential
All the web has been abuzz recently about Twitters launch of Verified Accounts (read Mashable’s post about it here). The goal of the program is to be able to show a badge on a Twitter account that communicates to readers the authenticity of the twitter stream. The reason for Twitter doing this is to avoid issues and lawsuits due to celebrity impersonators. This limited goal is reflected in the proofing mechanism they are relying on – Manual Verification (the equivalent of the age-old, well understood Know-Your-Customer mechanism of in-person verification).
TechCrunch blogged about Michael Arrington’s twitter account getting verified without appearing to be verified (no one contacted him). This Mashable post may explain how this happened:
…Twitter will look to see if an official channel of the person in question links to his or her Twitter account from a place like an official website.
This is a good model for verifying a channel – to look at a known official channel to see if it (officially) links to the channel being verified. However, it doesn’t scale beyond the celebrity use case, because the vast majority of users (like me) do not have anything that Twitter will recognize as an official channel. And Twitter will never have the manpower necessary to run an in-person verification program. But is there a clue buried in how Twitter is approaching this to how we could potentially do this at scale?
An emerging discussion in the identity space has been the topic of reputation as the basis of trust (which is what verified accounts are ultimately about). In the Twitter model, the reputation of the account is enhanced 100% because of it being cited on a well-known, officially recognized website. I recently read a Wired article about a new system for ranking/rating scientists based on number of citations as opposed to publications. Twitter has multiple (similar) variables that could potentially be used to calculate the reputation of a twitter account – number of followers, number of retweets, number/nature/participants of conversations (replies).
If these could be used to calculate the reputation of a twitter account, then you could get to the point where you could calculate the trustworthiness of an account. And then the whole “log in with your twitter account” feature that for now is only getting used in blog commenting systems could take on a much more significant role in the identity metasystem.