As a thought experiment – imagine you are in charge of a popular, world wide, “messaging” service – something like Twitter but don’t get distracted by a specific service name.
Now assume that your goal is to provide ordinary folks with tools to communicate in the purest form of “free speech.” Of course if you want to stay around as a “going concern” then you will also need to generate revenue along the way — maybe not “obscene profits” but at least enough to “break even.”
Step 1: Don’t recreate the wheel
In 2022, if you wanted to create a “messaging system” for your business/community then there are plenty of available options.
You could download the source code for Mastodon and setup your own private service if you wanted – but unless you have the required technical skills and have a VERY good reason (like a requirement for extreme privacy) that probably isn’t a good idea.
In 2022 you certainly wouldn’t bother to “develop your own” platform from scratch — yes, it is something that a group of motivated under grads could do, and they would certainly learn a lot along the way, but they would be “reinventing the wheel.”
Now if the goal is “education” then going through the “wheel invention” process might be worthwhile. HOWEVER , if the goal is NOT education and/or existing services will meet your “messaging requirements” – then reinventing the wheel is just a waste of time.
For a “new commercial startup” the big problem isn’t going to be “technology” – the problem will be getting noticed and then “scaling up.”
Step 2: integrity
Ok, so now assume that our hypothetical messaging service has attracted a sizable user base. How do we go about ensuring that the folks posing messages are who they say they are – i.e. how do we ensure “user integrity.”
In an ideal world, users/companies could sign up as who they are – and that would be sufficient. But in the real world where there are malicious actors with a “motivation to deceive” for whatever reason – then steps need to be taken make it harder for “malicious actors to practice maliciousness.”
The problem here is that it is expensive (time and money) to verify user information. Again, in a perfect world you could trust users to “not be malicious.” With a large network you would still have “naming conflicts” but if “good faith” is the norm, then those issues would be ACCIDENTAL not malicious.
Once again, in 2022 there are available options and “recreating the wheel” is not required.
This time the “prior art” comes in the form of the registered trademark and good ol’ domain name system (DNS).
Maybe we should take a step back and examine the limitations of “user identification.” Obviously you need some form of unique addressing for ANY network to function properly.
quick example: “cell phone numbers” – each phone has a unique address (or a card installed in the phone with a unique address) so that when you enter in a certain set of digits, your call will be connected to that cell phone.
Of course it is easy to “spoof the caller id” which simply illustrates our problem with malicious users again.
Ok, now the problem is that those “unique user names” probably aren’t particularly elegant — e.g. forcing users to use names like user_2001,7653 wouldn’t be popular.
If our hypothetical network is large enough then we have “real world” security/safety issues – so using personally identifiable information to login/post messages would be dangerous.
Yes, we want user integrity. No, we don’t want to force users to use system generated names. No, we don’t want to put people in harm’s way. Yes, the goal is still “free speech with integrity” AND we still don’t want to reinvent the “authentication wheel.”
Step 3: prior art
The 2022 “paradigm shift” on usernames is that they are better thought of as “brand names.”
The intentional practice of “brand management” has been a concern for the “big company” folks for a long time.
However, this expanding of the “brand management” concept does draw attention to another problem. This problem is simply that a “one size fits all” approach to user management isn’t going to work.
Just for fun – imagine that we decide to have three “levels” of registration:
- level 1 is the fastest, easiest, and cheapest – provide a unique email address and agree to the TOS and you are in
- level 2 is requires additional verification of user identity, so it is a little slower than level 1, and will cost the user a fee of some kind
- level 3 is for the traditional “big company enterprises” – they have a trademark, a registered domain name, and probably an existing brand ‘history.’ The slowest and most expensive, but then also the level with the most control over their brand name and ‘follower’ data
The additional cost for the “big company” probably won’t be a factor to the “big company” — assuming they are getting a direct line to their ‘followers’/’customers’
Yes, there should probably be a “non profit”/gov’ment registration as well – which could be low cost (free) as well as “slow”.
Anyone that remembers the early days of the “web” might remember the days when the domain choices were ‘.com’, ‘.edu’,’.net’, ‘.mil’, and ‘.org’ – with .com being for “commerce”, .edu for “education”, .net was originally supposed to be for “network infrastructure, .mil was for the military, and .org was for “non profit organizations.”
I think that originally .org was free of charge – but they had to prove that they were a non-profit. Obviously you needed to be a educational institution to get an edu domain, and the “military” for a .mil domain was exactly what it sounds like
Does it need to be pointed out that “.com” for commercial activity was why the “dot-com bubble/boom and bust” was called “dot-com”?
Meanwhile, back at the ranch ….
For individuals the concept was probably thought of as “personal integrity” – and hopefully that concept isn’t going away, i.e. we are just adding a thin veneer and calling it “personal branding.”
Working in our hypothetical company’s favor is the fact that “big company brand management” has included registering domain names for the last 25+ years.
Then add in that the modern media/intellectual property “prior art” consists of copyrights, trademarks, and patents. AND We (probably) already have a list of unacceptable words – e.g. assuming that profanity and racial slurs are not acceptable.
SO just add a registered trademarks and/or a domain name check to the registration process.
Prohibit anyone from level 1 or 2 from claiming a name that is on the “prohibited” list. Problem solved.
It should be pointed out that this “enhanced registration” process would NOT change anyone’s ability to post content. Level 2 and 3 are not any “better” than level 1 – just “authenticated” at a higher level.
If a “level 3 company” chooses not to use our service – their name is still protected. “Name squatting” should also be prohibited — e.g. if a level 3 company name is “tasty beverages, inc” then names like “T@sty beverages” or “aTasty Beverage” – a simple regular expression test would probably suffice.
The “level 3” registration could then have benefits like domain registration — i.e. “tasty beverages, inc” would be free create other “tasty beverage” names …
If you put together a comprehensive “registered trademark catalog” then you might have a viable product – the market is probably small (trademark lawyers?), but if you are creating a database for user registration purposes – selling access to that database wouldn’t be a big deal – but now I’m just rambling …