charlotteng@buffalo.edu=me?

Nowadays, it is very easy to sign up to any forums or websites using our emails. As pointed out by Donath (1996), our email@domain is the most basic Identification in the virtual world. Having the .edu affiliates me with a school or university and hence making my statements regarding education subjects more persuasive and convincing. Whatever posting I made with this email address, people would trust me as much as they trust University of Buffalo. Hence, this can be exploited very easily.

I haven’t really participated much in any forums, but if I do, there would be a certain pattern or lingo that I would use and these would be associated with me. My discussion contents, like the one in this blog would form the reputation for me.

With the current level of consumer market security, identity theft can occur easily. In emails, spammers can easily use my email address as the message headers and everyone would have thought that it was sent by me. There are a lot of possible malicious acts that can be done with this. For instance, if I am very lazy to do my group project, I can send out a hoax email using my prof.’s email to my groupmates saying that I have to participate in some competition and hope that they would help me out by not giving me too many works. They would never know that it is from me not the prof. This hasn’t happened in SIM-UB yet, but I have heard of one such case happened in one of Singapore’s university.

As defined by the USA Social Security Administration, “Identity theft occurs when a criminal uses another person's personal information to take on that person's identity. Identity theft is much more than misuse of a Social Security number-it can also include credit card and mail fraud” [Social Security online , 2006 ] The above case is certainly one potential example of identity theft. I could also use someone’s email address to post irrelevant or annoying messages on forums too. This act of trolling may destroy whatever reputation my victim has online.

Some of the possible solution, especially for email is to use digital signature. Every message we send or post shall have a certification sign. Receivers or readers shall then look at the certificate and its roots to ensure that it is a genuine certificate that has not been revoked and the sender is who he claims to be. Hackers, certainly would find ways to break the signature code and masquerade as the senders. Hence, strong encryption for the signature would be required.
To sum it up, our online reputation is generally shaped by our contents and track records. However, this can reputation that we built painstakingly can be gone in one night if someone masquerade as you and did everything that would tarnish your image. Hence, we have to be really careful with it. Lastly, the one sending email may not be the sender, and may not have his/her consent. Hence, don’t always assume that charlotteng@buffalo.edu is me. Look at the certificate.

REFERENCES:

Donath, Judith S. (1996). Identity and deception in the virtual community. MIT Media Lab. Retrieved February 22, 2007 from http://smg.media.mit.edu/people/Judith/Identity/IdentityDeception.html

Social Security online (2006),Identity theft in social security online. Retrived February 22, 2007 from
http://www.ssa.gov/pubs/idtheft.htm

Masum, H. & Zhang, Yi (2003). Manifesto for the reputation society. Retrieved February 22, 2007 from http://www.firstmonday.dk/issues/issue9_7/masum/