idcard-junkmail1

In this post, I’d like to talk about the digital and social identity proxies that we create so that we can interact online – and talk about the steps I will be taking over the next few weeks to clarify and separate my own online personas.

I was lucky enough to have early online access (e.g. email and Usenet) when at Purdue from 1985-1987, but could never have imagined how the Internet would grow to become such an integrated part of modern society.  Some things are just hard to foresee.

NOTE: Online identity is by no means a simple or narrow topic, and there are lots of issues and topics to be discussed.  On the agenda for future posts:  competing identity systems (e.g. Facebook Connect or Windows Live ID), credentials management (e.g. managing login/password for 85 websites), and how Cloud Computing amplifies the need for secure identity systems.

Personal vs Professional Identity

Email account(s) are ways that friends, co-worker and businesses can communicate with you.  If you think about email, I predict that most of you have at least two main accounts – one for personal emails and one for work emails.   I personally have about 10 of them that I use relatively frequently, though 8 of those are set up to simply forward to either my more frequently read personal and work accounts.

The email accounts serve as a proxy for us online. I have personal communications which I do not believe should be available to the IT staff at my work, and I also have sensitive work communications that should not be stored on personal machines or free email accounts. I am one person, but I have split my digital identity (at least for email) into two personas.

In face, I have several other roles or personas, in terms of email addresses:

  • Alumni of Purdue (@alumni.purdue.edu)
  • Alumni of USC (@alumni.usc.edu)
  • Registration account for websites (so when they abuse/sell the account info, it isn’t my personal or work one)
  • Administrator of my securityjones.com site 
  • … and more

Social Identity

Unfortunately, I have not been quite so forward thinking when it comes to establishing personas for interacting socially and professionally on the Internet.

I originally launched this blog 5 years ago, for example, as Jeff Jones Security Blog at the URL http://blogs.technet.com/security.  I initially had no readership and treated it very much as my personal blog with posts like:  A (Not Always Funny) History and Analysis of Web-Based Antivirus and Security Products, and  Web-based Security Deja-Vu: Microsoft OneCare Live, Symantec Genesis and McAfee Falcon.  Of course, I also mixed in work-related posts like, Windows Vista : Threat-driven Design combined with Security Quality Process.  However, as time went on, it became clear to me that I had to be aware that what I said on the blog would – regardless of caveats – be attributed to Microsoft.

Now, let’s switch gears and talk about Facebook.  I created my Facebook account in 2006, if I recall correctly, and basically ignored it for several years.  I still remember reading an article by a college student complaining that Facebook was for college students and how irritated she was that “old” people were creating accounts.  When my wife and a few friends discovered Facebook a few years later and even a few out of touch friends from high school, it was great to reconnect and share updates.  Naturally, when colleagues and co-workers sent me invites, I welcomed them as Facebook friends as well.  Now, I have several hundred Facebook friends and there are some folks on there that are a crazy mix of personal, professional, acquaintances, schoolmates, children of friends and others.

I would like to engage with my professional colleagues, but may not want to share details from my personal life with those same people.  Similarly, there are times I want to blog in my professional persona, but not in my role as a Microsoft spokesperson. 

Clarifying my Online Personas

In reality, I started the process of clarifying my online personas back in February when we announced Changes Coming to blogs.technet.com/security, renamed this blog and start a process of adding other security subject matter experts as contributors.  That will continue.  Here are some other steps that I’ll be taking over the next few months:

  • Blogs – distinguish company blog from personal/professional blog
    • Microsoft blog here at http://blogs.technet.com/security.  I will continue to write and contribute to this blog as part of my job at Microsoft.  We plan to increase the frequency of posts in the coming year and work to engage in 2-way dialogs on a variety of security and cybersecurity topics.
    • Personal blog at http://securityjones.com.  My new personal blog is live now and I’ve been posting to it for the past month or so on topics like my Kindle, Investing and my new Windows Phone.  I plan also to write about other topics of personal interest such as Poker, being a home IT admin, and analysis and guides on various things like options to reduce your Cable bill.
  • Twitter – distinguish company tweets from personal/professional tweets
    • Microsoft security twitter is http://twitter.com/msftsecurity.  This twitter handle will be paired with the Microsoft Security Blog and will similarly have multiple contributors highlighting interesting links and engaging on security topics.
    • Personal/professional twitter is http://twitter.com/securityjones.   I note that several industry colleagues like @beaker and @rmogull maintain an ongoing industry dialog with friends and peers and to do something similar, I need a handle that is uniquely my own and not the corporate one.
  • Facebook – This is a little different.  On Facebook, I am going to distinguish personal from professional/company.
    • Securityjones Facebook.  http://www.facebook.com/profile.php?id=100002420964260.  This FB account will be for colleagues, including Microsoft colleagues, within the security & privacy industry.  I will be transitioning colleagues from my personal FB account over to this account and will post content here that is related to my securityjones role/persona.
    • Personal Facebook.  I’m not going to post the profile here, but it is easy enough to find if you are a friend looking for me.  Over time, as I transition contacts to the other FB account, I will trim my friend list back to just personal friends and family.

No doubt that as I am pursuing this action, twitter or Facebook will make changes to provide much better identity management and perhaps even incorporate the concept of Personas and provide better options for content management.  Or, maybe not.  Either way, I will document my progress in implementing these change and blog an update

[This post was also published on http://securityjones.com/identity/digital-identity-clarifying-my-online-personas/]