- BlogInfoSec.com - https://www.bloginfosec.com -

InfoSec R.I.P.

I recently had an experience that helped to confirm my skepticism about the accuracy of information on the Internet.

I happened to be surfing the Web to find out what an internationally-known InfoSec colleague has been up to lately. Imagine my shock when his Wikipedia page indicated that he had died in November 2014 in France. I quickly scoured the Web to find corroborating evidence about his demise, but found none. I then emailed him and was greatly relieved when he replied that he was “alive and kicking.” He immediately corrected the Wikipedia page.

Of course, this type of misrepresentation, whether intentional or accidental, is by no means new. In 1897 (according to the Oxford Academic website, which I trust is authentic and correct), Mark Twain once said that “The report of my death was an exaggeration.” This was in response to erroneous newspaper accounts of his demise that apparently confused him with his seriously ill cousin. In this case, it appears to have been an honest mistake.

However the Mark Twain incident does reconfirm reservations about websites, such as Wikipedia, accepting edits from any source, and the consequences of anonymity and pseudonymity. What sick mind would intentionally report that someone had died when it is not true, if that is indeed what occurred?

There are clearly situations in which anonymity and pseudonymity can be life-saving or might encourage good behavior (such as making charitable donations). The use of a pseudonym can also allow someone to publish a best-selling novel, say, and still maintain his or her privacy. But there are many occasions when anonymity and pseudonymity can be hurtful or worse. Clearly cyber-bullying would be greatly curtailed were the identities of the perpetrators known to everyone.

InfoSec professionals have the technical know-how to enable the anonymous, yet authentic and traceable, transmissions of messages, posts to websites, and the like. Everyone should be forced to use such methods. However, at the same time, we also need to assure those who want to remain anonymous for non-nefarious reasons to be able do so. And that’s the challenge.