Fake and Unreal Profiles: Serious threat for Orkut - Thoughts and Solutions

Written On: Oct 16 2007

Any useful new technology or any new invention is abused or used for evil purposes. We have seen this through out our history. After all, Orkut is no exception. Fake profiles and the profiles created by marketers to promote their products are few of the serious issues need to be addressed by Google if they want to scale Orkut and become number one in the social networking space.

Fake profiles are usually created to impersonate a real person. They are usually created by the people who know the personal details of a user and create a profile to impersonate him or her and there by causing all sorts of problems for the victim. In February 2007, the father of a South Delhi schoolgirl has approached the Cyber Cell of the Delhi Police’s Economic Offenses Wing complaining against a fake profile of his daughter posted on Orkut. Two men knocked at the girl’s door one day claiming she had invited them through Orkut for discreet intimate relationship. Though the cops can find out the prankster, the victim will suffer a lot socially and even at a personal level. This is a real threat.

Unreal profiles are usually created by real persons who try to act as someone who does not exist in the reality. One kind of these profiles are created by marketers and other people to promote their products and services on Orkut. There is no real harm except getting spam messages and scraps which can easily be avoided by enabling corresponding privacy options. But the real threat with unreal profiles comes into play when a profile is created by a real person to impersonate a non existing person. For example, creating a person’s profile who in the reality does not exist and trying to fool the people and exploit them as if the person actually exists in the reality. This kind of exploiting was very common when the Instant Messaging was introduced and it still continues to exist.

Lets see how Orkut can put some authentication processes in place to combat this serious threat. I have thought of a simple solution and I am sure Google might be trying to implement some kind of solution to tackle this problem.

My solution depends on the assumption that almost 60% to 70% of the real users of Orkut own a mobile a phone. I think thats quite true without doing a survey to find it out. Almost every college going student has a mobile in India these days.

Google should start confirming the users identity through unique mobile numbers. They will send you a secret code to the mobile number you specify, and you need to confirm your identity using that secret code on Orkut. Only one profile can be authenticated for each mobile number. So, if a user wants to create 5 authenticated fake/unreal profiles, he needs five different mobile phone numbers. And let me tell you, its not my invention, there are few social networking sites which require a mobile phone to authenticate yourself as a real user.

On every profile, Orkut should display whether the profile is authenticated using a mobile or not. If its not authenticated it does not mean that its a fake or unreal profile, but there are chances and it simply cautions the user of possible harm.

But what if the user does not have a mobile phone? Users may confirm their identity using the email ids provided by the colleges or universities in which they study. Actually a good option for the students who do not have a mobile phone. Google should maintain a database of colleges and universities to approve the identities of these people.

The above two solutions should solve the problem to a major extent. But Orkut cannot mandate the users to authenticate for the obvious reasons. The only way they can increase the participation of the users’ authentication process is by offering more functionalities to the users who have authenticated themselves. For example, for unauthenticated users:

  1. may not send scraps to anyone else except their friends
  2. will not be able to see full profile details of the users except their friends
  3. will not be able to create new communities more than a given limit like 2 or 3
  4. moderators and owners of the communities may enable an option where it restricts the unauthenticated users to participate in the community

Let us consider the case where a user is real but do not have the opportunity to authenticate himself using a mobile phone or an email id of a college/university. To address this problem we can introduce something called authentication index for each user. This has to be calculated from the number of authenticated friends a user has and we can even consider friends of friends here. I am not sure how to implement an algorithm for this, but I am sure Google engineers are very clever enough to device an algorithm and give an authentication index to each user.

In the profile of any user, Orkut has to clearly show the following details:

  1. how the user has authenticated him/herself, like mobile phone, email and etc..
  2. authentication index of the user
  3. count of the number of authenticated friends/total friends, for example ‘XYZ has a total of 110 authenticated friends out of 135 total’.

The above parameters will clearly help an average Orkut user when dealing with the new people.

When a user can not authenticate himself using the mobile or email id, Google should find out and keep a threshold value of the authentication index, and when the user reaches that value he will become an authenticated user automatically. This kind of authentication has to be implemented very carefully as there is a possibility to break it by creating fake or unreal authenticated profiles and using them to create more fake/unreal profiles, bypassing the real authentication by adding the existing fake/unreal profiles as friends to the newly created profiles.

Even after the solutions are in place, the pranksters may find their way. The simple ‘report abuse’ functionality for a profile is not enough and Google has to device some algorithms and use the authentication index of the reporting people to automatically delete a profile temporarily and mandating the person in question to authenticate himself using a mobile phone to reclaim access to his profile.

These are my random thoughts about fake profiles and unreal profiles. I hope you enjoyed reading it and I would love to hear what you think about the article and your thoughts and ideas about ths topic.

Posted in: My Thoughts, Security

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses

  1. 1 By Ashootosh on October 31, 2007 11:54 pm

    I think you are quite right… Cell phone verification is quite a good method…
    Even I am suffering from this fake profile thing… Any idea, how can I track the Criminal or where should I register my case… I stay in Chandigarh…

  2. 2 By Scott on February 14, 2008 8:01 pm

    The cell phone security authorization sounds like a good idea, but the problem is that not everyone has a cell phone. I’m not sure that there is a better way to keep fake profiles away. The answer is to be a little more invasive in the privacy of the the person registering accounts.

    Maybe if all of the big players in Social Networking would come together and propose that starting in 2009 that users need to use biometric devices to authenticate. I’ve been using a biometric device at home for over 5 years now, they’re inexpensive, and they are a godsend for logging into all of the online accounts that I use on a daily basis.

    No more passwords to remember, just place my finger on the device and it logs me in. Now I can make all of my passwords very long and secure without the fear of having to type it in every time. Now I know there are going to be those that are fearfull of having their fingerprints in some database somewhere on the net, but, it’s just my 2 cents worth.

  3. 3 By Ashsih on April 19, 2008 8:59 pm

    Cool!!!

  4. 4 By san on May 21, 2008 4:38 am

    I don’t agree with this. Today you can create thousands of email ids. We don’t tie one email id per one physical person.

    You can buy hundreds of SIM cards
    Similarly people can create hundreds of virtual profiles.

    Unless there is any monetary transaction involved, you don’t need physical identity of a person.

    IMO none of social websites (orkut, myspace, facebook) will ever implement such things because
    a. it is very difficult to achieve.

    b. All of them are looking for more and more users and increase their customer base to become leader in this space. :)

    Cheers!
    - San
    —-
    www.zestinfotech.com

  5. 5 By Yugandhar on June 11, 2008 12:51 pm

    That is a very interesting idea. This idea might be even more successful with facebook than orkut. Most of the facebook users are in US and having a phone in US requires proper identity and stuff, you can’t change the SIM card as easily as we do in India. I really liked your idea. Are you into network security?

Share your thoughts.

Your email is never published nor shared.

Required
Required

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Sponsors

About

Welcome to Orkut Apps Blog. This blog is started on 10-10-2007 to track the latest buzz about Orkut and Orkut Applications. Please see about page to know more about this blog.