Why On-line Social Identity and Reputation is a Big Deal

We’re at a cusp of an era where the reputation of one’s on-line social identity is becoming as critical as one’s “real world” reputation. Control over social identity data is the prize for which privacy advocates, individual consumers and business are fighting.

Who Are You?

In a formal setting of the “real world,” we typically think of our identity as our name or perhaps a personal identifier such as the driver’s license number. In the on-line world, though, our identity is defined by our social network and how we interact with its participants.

We are whom we know and what we do with them. That’s our social identity on-line.

Credit Reputation vs. Social Reputation

Trade practices in the “real world” began with the barter system, but ran into limitations where Pearson A wanted an item from Person B, but Person B didn’t want anything of Person A’s. Cash took care of that stumbling blog, and allowed trade to flourish. The next challenge to commerce was cash flow: individuals or companies might not have enough cash to make a purchase today, but would have the cash tomorrow. The system of borrowing (e.g., trading on credit) took care of that limitation. The challenge with borrowing, from the lender’s perspective, is whom to trust? Credit rating bureaus appeared to keep track of persons’ and organizations’ credit worthiness.

The credit worthiness of a customer in the “real world,” often represented by individuals’ FICO scores, represents the person’s financial reputation.

In contrast, an on-line consumer’s reputation and “business-worthiness” is often measured in terms of the person’s social identity. Knowing the consumer’s social identity—his contact details, his on-line friends, his interests—allows companies to engage the person and “convert” him into a paying and hopefully loyal customer.

Individuals look up the social reputation of others all the time as well. You and I do it when we Google a person we just met to see what they wrote about himself and others. We may also look up the person’s profile on a social networking site, such as LinkedIn and Facebook to see if we share any friends and interests. The expectation is that it is hard, though of course not impossible, to create a fake reputation on social network that’s rich with social activities.

Social Identity Reputation Score

How do you know whether an email address of a person is accurate? Look it up in one of many social networks to see if the address is associated with an active profile. How do you know whether the profile is fake? Look at the number of the person’s social connections, the frequency with which the person interacted with others, the time during which the person has been active on-line and the richness of the person’s social networking activity. The more meaningful activities you observe, the more trustworthy is the person’s social identity.

The trustworthiness of the person’s on-line social identity can be measured. We can come up with a formula that accounts for the elements of the person’s social activities, such as those I listed above, and converts them into something we might call a social identity reputation score. Let’s even give it an acronym to make it official: Social Identity Reputation Score (SIRS).

SIRS is the FICO score of the on-line world, and it will be as crucial to the economy in the future as the FICO score is today.

My friend Slava Frid brought up the similarity between the concept of SIRS and Google’s PageRank during our conversation. Just like Google computes a coefficient of importance to elements of an HTML page, so too can we compute a number to measure the relative value (related to trust or importance) of a social identity.

Importance of the Email Address

The workflow for determining the person’s SIRS, which I outlined above, starts with the person’s email address, because the email address can be used to discover the person’s social networking activity.

Companies that aggregate social data, such as TowerData (formerly Rapleaf), will be becoming increasingly important. They will be increasingly valuable from a business perspective and increasingly scary from a privacy perspective. When describing how individuals are profiled on the web, Om Malik explained:

“Think of Rapleaf as the provider of the FICO score about an email address. That email address comes with Facebook ID, Flickr ID, Twitter account information and other social details. For a marketer, or even someone trying to hit you up for business, this is pretty relevant data, for it allows them to target a customer and connect them socially. In another scenario, you can buy an email list of a million addresses for $1000, check them against Rapleaf and end up with about 10,000 emails worth targeting. That’s a pretty good deal.”

Companies such as TowerData seems well-positioned to calculate people’s SIRS. Maybe the company already does it today.

Privacy and the Social Identity

People often feel comfortable some sharing details about themselves, such as the car they drive, their income and age range, and so on, as long as they maintain anonymity. The notion of anonymity is starting to change in the on-line world: your name and “physical world” details might be less important than your social identity.

People’s privacy considerations on line are starting to change beyond protecting the person’s “physical world” identity. Individuals recognize that they need to give up some information about themselves to establish a social identity. However, we want to control which aspects of our identity are available to which entities.

This granularity of social identity data sharing is the crux of privacy debates, and the reason we are concerned about issues such as Facebook data sharing and data aggregators such as TowerData.

As on-line social networks increase in importance for regular, “real world” interactions, so will the criticality of social identities. The battle is only still at its onset.

Update: If you found this note useful, take at the posting by Bindu Reddy, titled Why We Need PageRank for the Social Web, in which Bindu proposed the idea of engagement score as a way of measuring the “level of social engagement that a person can generate with a post on their [social media] stream.”


About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. In a previous role, he was responsible for security product management at NCR Corp. Lenny also trains incident response and digital forensics professionals at SANS Institute. He frequently speaks at industry events, writes articles and has co-authored books. Lenny has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more