Reply to Decentralization and verification

In “Decentralization and verification”, Derek Kedziora said:

…Mastodon by its very nature as a decentralized service can’t verify accounts.

We’d still need some trusted third party to do offline verifications and host them in a centralized repository.

Let’s not sell Mastodon short here. The service you compare it to – Twitter – solves this problem… but only if you trust Twitter as an authority on the identity of people. Mastodon also solves the problem, but it puts the trust in a different place: domain names and account pages.

If you want to “verify” yourself on Mastodon, you can use a rel=”me” link from a page or domain you control. It looks like this:

Screenshot showing @dan@danq.me's Mastodon account as the verified owner of website DanQ.me.
The tick is green, not blue, but I can’t imagine anybody complains.

A great thing about this form of verification is you don’t have to trust my server (and you probably shouldn’t): you can check it for yourself to ensure that the listed website really does state that this is the official Mastodon account of “me”.

You can argue this just moves the problem further down the road – instead of trusting a corporation that have shown that they’re not above selling the rights to your identity you have to trust that a website is legitimate – and you’d be right. But in my case for example you can use years of history, archive.org, cross-links etc. to verify that the domain is “me”, and from that you can confirm the legitimacy of my Mastodon account. Anybody who can spoof multiple decades of my history and maintain that lie for a decade of indepdendent web archiving probably deserves to be able to pretend to be me!

There are lots of other distributed methods too: web-of-trust systems, signed keys, even SSL certificates would be a potential solution. Looking again at my profile, you’ll see that I list the fingerprint of my GPG key, which you can compare to ones in public directories (which are co-signed by other people). This way you’d know that if you sent an encrypted DM to my Mastodon inbox it could only be decrypted if I were legitimately me. Or I could post a message signed with that key to prove my identity, insofar as my web-of-trust meets your satisfaction.

If gov.uk’s page about 10 Downing Street had profile pages for cabinet members with rel=”me” links to their social profiles I’d be more-likely to trust the legitimacy of those social profiles than I would if they had a centralised verification such as a Twitter “blue tick”.

Fediverse identify verification isn’t as hard a problem to solve as Derek implies, and indeed it’s already partially-solved. Not having a single point of authority is less convenient, sure, but it also protects you from some of the more-insidious identity problems that systems like Twitter’s have.

Screenshot showing @dan@danq.me's Mastodon account as the verified owner of website DanQ.me.×

Pronouns in Three Rings

The Old Way

Prior to 2018, Three Rings had a relatively simple approach to how it would use pronouns when referring to volunteers.

If the volunteer’s gender was specified as a “masculine” gender (which particular options are available depends on the volunteer’s organisation, but might include “male”, “man”, “cis man”, and “trans man”), the system would use traditional masculine pronouns like “he”, “his”, “him” etc.

If the gender was specified as a “feminine” gender (e.g .”female”, “woman”, “cis women”, “trans woman”) the system would use traditional feminine pronouns like “she”, “hers”, “her” etc.

For any other answer, no specified answer, or an organisation that doesn’t track gender, we’d use singular “they” pronouns. Simple!

Three Rings' "Gender" drop-down, with "Female" selected.This selection was reflected throughout the system. Three Rings might say:

  • They have done 7 shifts by themselves.
  • She verified her email address was hers.
  • Would you like to sign him up to this shift?

Unfortunately, this approach didn’t reflect the diversity of personal pronouns nor how they’re applied. It didn’t support volunteer whose gender and pronouns are not conventionally-connected (“I am a woman and I use ‘them/they’ pronouns”), nor did it respect volunteers whose pronouns are not in one of these three sets (“I use ze/zir pronouns”)… a position it took me an embarrassingly long time to fully comprehend.

So we took a new approach:

The New Way

Three Rings' "Pronouns" drop-down, with "ze/zir/zir/zirs/zemself" selected.

From 2018 we allowed organisations to add a “Pronouns” property, allowing volunteers to select from 13 different pronoun sets. If they did so, we’d use it; failing that we’d continue to assume based on gender if it was available, or else use the singular “they”.

Flowchart showing how the pronouns used by Three Rings for a volunteer are contingent on what properties their org records, whether the volunteer has specified pronouns, failing that whether they've specified a gender, falling back to "singular they" pronouns.
The process has some further complexities to cover the fact that we say “they are” but “he is“, but this broadly covers it.

Let’s take a quick linguistics break

Three Rings‘ pronoun field always shows five personal pronouns, separated by slashes, because you can’t necessarily derive one from another. That’s one for each of five types:

  1. the subject, used when the person you’re talking about is primary argument to a verb (“he called”),
  2. object, for when the person you’re talking about is the secondary argument to a transitive verb (“he called her“),
  3. dependent possessive, for talking about a noun that belongs to a person (“this is their shift”),
  4. independent possessive, for talking about something that belongs to a person potentially would an explicit noun (“this is theirs“), and the
  5. reflexive (and intensive), two types which are generally the same in English, used mostly in Three Rings when a person is both the subject and indeirect of a  verb (“she signed herself up to a shift”).

Let’s see what those look like – here are the 13 pronoun sets supported by Three Rings at the time of writing:

Subject Object Possessive Reflexive/intensive
Dependent Independent
he him his himself
she her hers herself
they them their theirs themselves
e em eir eirs emself
ey eirself
hou hee hy hine hyself
hu hum hus humself
ne nem nir nirs nemself
per pers perself
thon thons thonself
ve ver vis verself
xe xem xyr xyrs xemself
ze zir zirs zemself

That’s all data-driven rather than hard-coded, by the way, so adding additional pronoun sets is very easy for our developers. In fact, it’s even possible for us to apply an additional “override” on an individual, case-by-case basis: all we need to do is specify the five requisite personal pronouns, separated by slashes, and Three Rings understands how to use them.

Writing code that respects pronouns

Behind the scenes, the developers use a (binary-gendered, for simplicity) convenience function to produce output, and the system corrects for the pronouns appropriate to the volunteer in question:

<%= @volunteer.his_her.capitalize %>
account has been created for
<%= @volunteer.him_her %>
so
<%= @volunteer.he_she %>
can now log in.

The code above will, dependent on the pronouns specified for the volunteer @volunteer, output something like:

  • His account has been created for him so he can now log in.
  • Her account has been created for her so she can now log in.
  • Their account has been created for them so they can now log in.
  • Eir account has been created for em so ey can now log in.
  • Etc.

We’ve got extended functions to automatically detect cases where the use of second person pronouns might be required (“Your account has been created for you so you can now log in.”) as well as to help us handle the fact that we say “they are” but “he/she/ey/ze/etc. is“.

It’s all pretty magical and “just works” from a developer’s perspective. I’m sure most of our volunteer developers don’t think about the impact of pronouns at all when they code; they just get on with it.

Is that a complete solution?

Does this go far enough? Possibly not. This week, one of our customers contacted us to ask:

Is there any way to give the option to input your own pronouns? I ask as some people go by she/them or he/them and this option is not included…

You can probably see what’s happened here: some organisations have taken our pronouns property – which exists primarily to teach the system itself how to talk about volunteers – and are using it to facilitate their volunteers telling one another what their pronouns are.

What’s the difference? Well:

When a human discloses that their pronouns are “she/they” to another human, they’re saying “You can refer to me using either traditional feminine pronouns (she/her/hers etc.) or the epicene singular ‘they’ (they/their/theirs etc.)”.

But if you told Three Rings your pronouns were “she/her/their/theirs/themselves”, it would end up using a mixture of the two, even in the same sentence! Consider:

  • She has done 7 shifts by themselves.
  • She verified her email address was theirs.

That’s some pretty clunky English right there! Mixing pronoun sets for the same person within a sentence is especially ugly, but even mixing them within the same page can cause confusion. We can’t trivially meet this customer’s request simply by adding new pronoun sets which mix things up a bit! We need to get smarter.

A Newer Way?

Ultimately, we’re probably going to need to differentiate between a more-rigid “what pronouns should Three Rings use when talking about you” and a more-flexible, perhaps optional “what pronouns should other humans use for you”? Alternatively, maybe we could allow people to select multiple pronoun sets to display but Three Rings would only use one of them (at least, one of them at a time!): “which of the following sets of pronouns do you use: select as many as apply”?

Even after this, there’ll always be more work to do.

For instance: I’ve met at least one person who uses no pronouns! By this, they actually mean they use no third-person personal pronouns (if they actually used no pronouns they wouldn’t say “I”, “me”, “my”, “mine” or “myself” and wouldn’t want others to say “you”, “your”, “yours” and “yourself” to them)! Semantics aside… for these people Three Rings should use the person’s name rather than a pronoun.

Maybe we can get there one day.

Three Rings' "Pronouns" drop-down, with "Dan/Dan/Dan/Dan's/Dan's self" selected.
Three Rings is already capable of supporting people who use no pronouns, but we don’t yet have a user interface to help them specify this! Maybe it’d look like this?

But so long as Three Rings continues to remain ahead of the curve in its respect for and understanding of pronoun use then I’ll be happy.

Our mission is to focus on volunteers and make volunteering easier. At the heart of that mission is treating volunteers with respect. Making sure our system embraces the diversity of the 65,000+ volunteers who use it by using pronouns correctly might be a small part of that, but it’s a part of it, and I for one am glad we make the effort.

Flowchart showing how the pronouns used by Three Rings for a volunteer are contingent on what properties their org records, whether the volunteer has specified pronouns, failing that whether they've specified a gender, falling back to "singular they" pronouns.× Three Rings' "Pronouns" drop-down, with "Dan/Dan/Dan/Dan's/Dan's self" selected.× Three Rings' "Gender" drop-down, with "Female" selected.× Three Rings' "Pronouns" drop-down, with "ze/zir/zir/zirs/zemself" selected.×

Hello, Facebook; Goodbye, Facebook

Well, that was a farce.

tl;dr: [skip to the end] I’m closing my Facebook account. I’ve got some suggestions at the bottom of this post about how you might like to keep in touch with me in future, if you previously liked to do so via Facebook.

The Backstory

A little over three weeks ago, I was banned from Facebook for having a fake name. This surprised me, because I was using my real name – it’s an unusual name, but it’s mine. I was interested to discover that Claire, who shares my name, hadn’t been similarly banned, so it seems that this wasn’t part of some “sweep” for people with one-letter names, but instead was probably the result of somebody (some stranger, I’d like to hope) clicking the “Report this as a fake name” link on my profile.

Perhaps somebody clicked their way through to this page, and claimed that I was not a "real person".

There are many, many things about this that are alarming, but the biggest is the “block first; ask questions later” attitude. I wasn’t once emailed to warn me that I would be banned. Hell: I wasn’t even emailed to tell me that I had been banned. It took until I tried to log in before I found out at all.

The Problem

I don’t make much use of Facebook, really. I cross-post my blog posts there, and I keep Pidgin signed in to Facebook Chat in case anybody’s looking for me. Oh, and I stalk people from my past, but that’s just about the only thing I do on it that everybody does on it. I don’t really wallpost, I avoid internal messages (replying to them, where possible, by email), and I certainly don’t play fucking FarmVille.

Once, one of my Facebook friends invited me to FarmVille. They're not my Facebook friend any more.

So what’s the problem? It’s not like I’d be missing anything if I barely use it anyway? The problem is that my account was still there, it’s just that I didn’t have access to it.

That meant that people still invited me to things and sent me messages. My friends are smart enough to know that I won’t see anything they write on their wall, but they assume that if they update the information of a party they’ve Facebook-invited me to that I’ll get it. For example, I was recently at a fabulous party at Gareth and Penny‘s which they organised mostly via Facebook. They’d be forgiven for assuming that when they sent a message to “the guests” – a list that included me – that I would get that message: but no – it fell silently away into Facebook’s black hole.

The Farce(book?)

Following this discovery, here’s how I spent the next three weeks:

  1. Facebook gave me a form to fill in when I tried to log in, explaining their “Real Names” policy and asking me to fill in my real name and explain “what I use Facebook for” (“Ignoring friends and stalking exes, same as everybody else,” I explained, “Why; what do YOU use Facebook for?”).
  2. It then asked me to scan and upload some government-issued photographic ID, which I did. It still wouldn’t let me log in, but it promised that somebody would look at my ID soon (and then destroy their copy) and re-enable my account.
  3. I periodically tried to log in over the next few days, without success: I was to wait, I was told.
  4. After about a week, I received an email from “Rachel” at Facebook, who explained the “Real Names” policy and asked me to provide my REAL name, and a scan of some photographic ID. I replied to explain that I’d already done this once, but complied with her request anyway.
  5. Another few days passed, and I still hadn’t heard anything, so I filled in the Contact Forms in the Help section of Facebook, asking to have my request processed by an actual human being. I provided by ID yet again.
  6. Another few days later, I received an email from “Aoife” at Facebook. It was pretty-much exactly the same as the earlier email from Rachel. I replied to explain that we’d been through this already. I supplied another pile of photo ID, and a few sarcastic comments.
A real person, with a real name, holding two examples of his real government-issued photographic ID. I wonder how long it would take a smart person to look at a scan of that ID and say, "Yeah, this person's real enough to be allowed to post pictures of cats on his wall, again."
  1. Another couple of days passed, so I dug up the postal addresses of Facebook’s HQ, and Mark Zuckerberg‘s new Palo Alto house (he’s tried to keep it secret, but the Internet is pretty good at this kind of detective work), and sent each of them a letter explaining my predicament.
  2. Yet more days passed, and we reached the third week of my ban. I replied to Rachel and Aoife, asking how long this was likely to take.
  3. Finally, a little over three weeks after the ban was first put in place, it was lifted. I received an email from Aoife:

Hi Dan,

Thanks for verifying your identity. Note that we permanently deleted your attached ID from our servers.

After investigating this further, it looks like we suspended your account by mistake. I’m so sorry for the inconvenience. You should now be able to log in. If you have any issues getting back into your account, please let me know.

Thanks,

Aoife
User Operations
Facebook

The Resolution

So now, I’m back on Facebook, and I’ve learned something: having a Facebook account that you can’t log in to is worse than not having a Facebook account at all. If I didn’t have one at all, at least people would know that they couldn’t contact me that way. In my situation, Facebook were effectively lying to my friends: telling them “Yeah, sure: we’ll pass on your message to Dan!” and then not doing so. It’s a little bit like digital identity theft, and it’s at least a little alarming.

I’ve learned something else, too: Facebook can’t be trusted to handle this kind of situation properly. Anybody could end up in my situation. Those of you with unusual (real) names, or unusual-looking pseudonyms, or who use fake names on Facebook (and I know that there are at least a dozen of you on my friends list)… or just those of you whose name looks a little bit off to a Facebook employee… you’re all at risk of this kind of lockout.

Me? I was a little pissed off, but it wasn’t the end of the world. But I know people who use Facebook’s “single sign-on” authentication systems to log in to other services. I know people who do some or all of their business through Facebook. Increasingly, I’ve seen people store their telephone or email address books primarily on Facebook. What do you do when you lose access to this and can’t get it back? When there’s nowhere to appeal?

And that’s how I came to my third lesson: I can’t rely on Facebook not to make this kind of fuck-up again. No explanation was given as to how their “mistake” was made, so I can’t trust that whatever human or automated system was at fault won’t just do the same damn dumb thing tomorrow to me or to somebody I know. And personally, I don’t like Facebook to seize control of my account and to pretend to be me. I come full circle to my first realisation – that it would be better not to have a Facebook account at all than to have one that I can’t access – and realise that because that’s liable to happen again at any time, that I shouldn’t have a Facebook account.

The Conclusion

So, I’m ditching Facebook.

Goodbye, Facebook.

None of this pansy “deactivation” shit, either – do you know what that actually does, by the way? It just hides your wall and stops new people from friending you: it still keeps all of your information, because it’s basically a scam to try to keep your data while making you think you’ve left. No, I’m talking about the real “permanent deletion” deal.

I’m going to hang around for a few days to make sure I’ve harvested everybody’s email addresses and pushing this post to my wall and whatnot, and then I’m gone.

If you’re among those folks who aren’t sure how to function outside of Facebook, but still want to keep in touch with me, here’s what you need to know:

  • I like email! Remember email? I’ve always preferred it to Facebook messages anyway – that’s why I always reply to you by email, where possible. My email address is pretty obvious – it’s my first name @ this domain name – but if that’s too hard for you, just fill in this form to get in touch with me. If you’re up for some security while you’re at it, why not encrypt your email to me.
  • I like instant messaging! I may not be on Facebook Messenger any more, but we can still chat! The best way to get me is on Google Talk, but there are plenty of other options too. Here’s how you do it. Or if you’re really lazy, just check at the top of my blog for the little green light and click “Chat to Dan”.
  • I like blogging! Want to know what’s going on in my life? I never updated my “wall” anyway except to link to blog posts – you might as well just come look at my blog! Too much like work? Follow my RSS feed and get updated when I post to my blog, or keep an eye on my Twitter, which usually gets links to my new blog posts almost as soon as they go up.
  • I like sharing! I’m not on Google Reader any more, but when I find fun things on the Internet that I enjoyed reading, I put them in this RSS feed. Subscribe and see what I’ve been looking at online, or just look at “Dan is Reading…” in the right-hand column of my blog.
  • And I’m not opposed to social networking! I’ve just reached the end of my patience with Facebook, that’s all. Look me up on Google+ and I’ll see you over there (They also have a “Real Names” policy, which is still a bit of a problem, but I’m sending them a pre-emptive “Don’t ban me, bro!” email now)!

Ironically, the only Facebook accounts I’ll have now are the once which do have fake names. Funny how they’re the ones that never seem to get banned.

× × × ×

I’m banned from Facebook for having an unusual name. Any suggestions welcome!

This self-post was originally posted to /r/self. See more things from Dan's Reddit account.

I have an unusual name: I’m pretty sure I’m the only person with my name in the world. It’s not the quirkiest name in the world – I have two names, the first one is pretty common, the second one is unusual but isn’t a swearword or “Elephanthead” or something, it’s all in the Latin alphabet, etc. – but it is a little strange.

Three weeks ago, Facebook blocked me from logging in. I wouldn’t have noticed except that my phone failed to log in to Facebook Chat, and told me that I needed to log in on facebook.com first. When I logged in, I was shown a form that stated that “Facebook is a community where people use their real names,” and that I had to “Supply my real name, as it appears on government-issued ID.” So I did.

Then it asked me to upload a photo of said ID, so I did.

After a week, Facebook emailed me to remind me of their real names policy and asked me to tell them my real name and to send them proof, as before. So I did so. This time I sent not only my driving license but also my passport.

Another week goes by, and they email me again with exactly the same text. I email back, asking if they actually read my last email at all. This time I provided photos of my passport, driving license, and carefully-censored pictures of my bank card, work ID, college ID, medical insurance card, etc.

Another few days go by, and they send me the exact same email again, asking for the same information yet again. I’ve tried to contact them by email and through their help system to ask how long this is going to take, and whether a human being is ever going to actually read my emails, but haven’t heard anything back.

I wouldn’t care, if I could at least delete my account: but I can’t, because I can’t log in to do so. They’re holding my data captive. My account still “looks” like it’s fine, so my friends try to contact me, invite me to things, etc., and I never hear about it. It’s a good job that I don’t use Facebook to log in to anything (that I’m aware of), or else I probably wouldn’t be able to use that too.

What do I do, Reddit? Is there some trick to actually getting Facebook to listen to you, or at least some way to delete your account without being permitted to log in to it?

tl;dr I’m banned from Facebook for using a fake name, but I’m not using a fake name. They’ve asked me to prove it, and I have (three weeks ago), but they just keep replying to ask me to prove it again.

Edit (screenshots): the screen I first saw when trying to log in after submitting their form, the screen I now see when trying to log in, and an example of an email I’ve received from them (I’ve got several of these, now, each signed off with a different name).

Polyamory as an Identity

Hang around on any polyamory-themed newsgroups, forums, or mailing lists, and – before long – you’ll see a reasonable number of topics like this:

  • My girlfriend just “came out” to me as polyamorous.
  • I don’t feel comfortable being tied down to one person. Am I poly?
  • My husband is seeing somebody who identifies as mono.

What do all of these topics have in common? In each case, they involve at least one person who defines themselves, or others, as being “polyamorous” or “monoamorous/monogamous”.

That’s a perfectly popular mindset – there are plenty of folks who claim that we’re all hard-wired for mono- or poly-, just like we are for our sexual orientation – but it’s not one that I can get my head around. For me, polyamory is not an identity. It’s not something I am, but something I do. The difference is important: I am not polyamorous (although I’m in a relationship that is), just as I was not monoamorous (when I was last in a relationship that was).

I’m not alone in this belief, although I’m perhaps in a minority. It’s evidently the case for many practitioners of polyamorous relationships that they are “poly”, just like they might be gay, straight, or bisexual (among other sexualities).

It’s Complicated. For you, perhaps.

We attach a great deal of significance to our personal identity: I suppose that’s one explanation for why people get so attached to the idea that they are something. It’s very easy to claim an identity based on your race, your sexual orientation, your religion, or your political affiliation. It’s clear from these examples that an identity does not have to be something genetic or biological, but can be the result of a choice. However, this still doesn’t “fix” things for me: it still doesn’t feel as though my relationship choices are part of me so much as they are part of my circumstances.

The difference, for me, is one of activity. One can have a sexual orientation without having sexual activity, can have a religious belief without engaging in a religious ceremony; can have a political stance without voting (although I know people who’d throw back at me a No true Scotsman argument about those last two). But I can’t fathom a way that one can “be” polyamorous without having a relationship!

I wonder if, perhaps, those people who identify as “being” polyamorous would claim that they could not possibly be happy if they were somehow confined to exactly one or fewer romantic relationships? That’s the only way that I can conceive that one could justify a polyamorous self-definition. Anything less would seem to be putting the cart before the horse: if it’s not essential to you, then how is it part of you?

And maybe there are some people would answer that question affirmatively; people for whom having a second (or third, or more) romantic relationship is critical to their happiness. In fact, I’m sure there are. Maybe these are the truly “polyamorous” people – the nonmonogamy equivalent of what in sexuality would be a Kinsey 6 (or 0: I haven’t yet decided which way this scale should go).

I can conceive of the existence of these people: I’ve probably even met some. They’re not so dissimilar to those “monogamous” people who are incapable of being happy when they’re single. I’ll admit that the society we live in is horribly biased towards couples, and that we’re culturally stunted in that we’re trained to think of those who are single as somehow “failing”, but I just can’t quite get my head around it. I’ve been perfectly happy at various points of being in intimate relationships with zero, one, or more partners, and I almost never go “out of my way” to seek out a potential mate.

Perhaps I’m the outlier: it certainly sounds like it, in the face of overwhelming evidence. But for me, that’s certainly the most comfortable choice to find happiness regardless of how my relationships happen to be laid out. And for that reason, polyamorous relationships are, when the occur, simply a rational choice for me – not some drive to “hoard” more lovers nor (as is commonly stated by some poly practitioners) a way to have your needs by more than a single person. To me, engaging in an open, polyamorous relationship – where possible – just makes logical sense, and for those capable of it, there seems no reason not to use that kind of relationship as a starting point. Everything else can be bolted on top.

But what would I know?

× × ×