For my very first entry something that has a nice intersection of my interests/passions: gaming and information security - identity management: Blizzards decision to introduce realid (a system that shows your real name when you post on battle.net forums as well as when you are playing a Blizzard Battle.net game such as World of Warcraft or the upcoming Starcraft 2). This is a major (for gamers and infosec people) change from what it used to be which was your handle or character name was displayed only.
Just like sex and humour everything is in the timing, I am not going to rant about the evils of realid because interestingly enough bowing to public / pundit opinions Blizzard has just announced that realid will be scrapped. As people know me would attest though, that is not going to stop me from having an opinion about it and I actually hope that it gets introduced in an improved form.
Kim Cameron who I respect immensely and who I have been a follower of for a while has an excellent post on the topic where he naturally ties it to his laws of identity. I really want to elaborate on my real life experiences implementing identity management systems in enterprises and how they comply with the laws identity but that's for another post.
I have always been a person that loved a debate and would like to think I can see the pro's and cons in most things (even killing baby kittens :). So I would like to say what I liked about this real-id proposal and what I didn't like about it. However I definitely don't sit on the fence on much so there is a thumbs up or thumbs down at the bottom.
- It had about a 30-40% probability of significantly reducing trolling and silly forum posts - achieving key project objective not bad.
- It is really handy to be able to know when your friend is online, regardless of the character they play and the game they play
- As far as I am aware you could still put/change a fake name
- From a Blizzard bottom line perspective definitely a way to leverage the massive, hugely loyal fan-base for additional monetization as a social network
- Choice, consent and opting in - turning this on without a public/forum discussion period, a pilot and trial period, not enlisting (or not enlisting the right/motivated) IDM experts to advise or not listening to them. Also not learning any lessons from companies that done this before and got the t-shirt e.g. Facebook. Basically this and probably many other factors, resulted in a draconian system which game users very little choice, options to opt-in/out and that violated privacy and identity principles and alienated their most valuable asset
- Potential for some very real and practical breeches of privacy and the exposure of a user identity in a context they did not approve or want e.g.:
- The ability for someone to search on all Battle.net posts for all posts by someone and then tie that to other identity identifiers that they have revealed with our without their knowledge / consent e.g. social networking sites such as Facebook / linked in or just Google which picks up things like honours and awards from schools, clubs, professional organizations
- The potential for an in game bully to follow a target across games and characters (already a risk to a degree without real-id)
- The ability for an employer, girlfriend/boyfriend etc to identify and link a person they know in another context (e.g. work, interview, date) to a Blizzard game profile and behaviour - some would see this as a good thing if you have nothing to hide, you behave properly and you are always "yourself" to everyone in every context. But I'm not so I have a issue with it.
- Overall: I am glad it was scrapped because it was not designed nor implemented in manner that respected their users nor complied with privacy and identity principles. However I would be disappointed if this is the last we hear of real-id, with the right requirements, design and implementation process Blizzard could achieve their monetary and gaming experience objectives while balancing the user impact.
Some simple suggestions which many people smarter than me have already made include:
- don't re-invent the wheel,
- align to the identity laws and privacy principles e.g. EU privacy directive,
- provide users options such as opt-in/out, delete all posts, which characters and games real-id applies to
- get user consent for use of their Blizzard identity in the contexts proposed - make this simple, transparent and easy to use and change
- Comments / contrary views / corrections welcome. If you got this far, thanks for reading.