Rent-a-crowd 2.0"Persona management": how automated fake profiles threaten the heart of online community

Share |
Robot hands on computer keyboard

There's a reason social media analysts and practitioners harp so much on authenticity: it's one of the underpinnings of the "social" in "social media".

Online community works because of our relationships with each other; those relationships can only happen when you feel as though you know the person you're dealing with. Not everything or even most things about the person, but something true... and something significant enough to let you build a certain level of trust. Discover the other person has misled you about who they are or about their motives, and trust dies.

That's why organizations take such a public beating when they engage in astroturfing, or sock-puppeting, or other forms of online deception (or a lack of transparency so egregious as to amount to the same thing). Sony, Wal-Mart, AT&T, Whole Foods and McDonalds—all large brands led by people who should know better—have all succumbed to the temptation to forge conversations that weren't happening organically.

Still, that temptation will probably always be there... as will agencies willing to help you indulge your ethical lapses. Some will even brag about it. They'll cloak their activities in dispassionate terminology, and kid themselves that they're being clever, but it comes down to lying.

One term for this kind of online deception is persona management. It's been around for a while, but came to light in a Daily Kos blog post after security firm HBGary Federal boasted about infiltrating Anonymous, the loosely affiliated group of online activists who recently gained prominence for their activities in support of WikiLeaks.

Members of Anonymous then released emails hacked from HBGary servers that detail a wide range of unethical practices. One of them is persona management: tying together a large number of fake social media accounts with content fed both manually and through RSS, and then managing them with software that helps you keep them distinct and internally consistent (so that Rose from Abbotsford doesn't accidentally post as Kumar from San Diego).

Here's one of the most chilling passages from that data dump:

In fact using hashtags and gaming some location-based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example. There are a variety of social media tricks we can use to add a level of realness to all fictitious personas.

In other words, that very-convincing LinkedIn invitation you received from someone who said they met you at a conference a few months ago may or may not be from a real person.

There's a huge difference of scale between, say, the Whole Foods CEO posting to Yahoo! message boards under an assumed name and creating an army of at-least-superficially-convincing online presences to be wielded at will against opposing organizations, ideas or individuals.

And there are countless reasons to be appalled by the idea. Shel Holtz, for example, points out the enormous reputational risk to a sockpuppeting organization if this kind of ploy is exposed; worse, "if this gets more common, your honest, transparent communication efforts will be just as suspect as those of the actual bad actors. It threatens to undermine the credibility of every organization participating in the social space."


But it isn't just organizational credibility that's on the line. "Persona management" doesn't create fake organizations; it aims to create convincing fake people. And when people know that some of the individuals they're dealing with online are fictitious, it raises the possibility that everyone else might be, too (at least, those they don't also know from the offline world).

If there's anything the Internet doesn't need, it's yet another reason to dismiss views and perspectives that differ from our own. You'll already find plenty of contentious conversations where antagonists question each others' motives and honesty; the HBGarys of the world are pouring gasoline on that fire.

At least now we know what they're up to. And perhaps there can be something good to come out of it. As the writer of that DailyKos blog post put it, "Maybe this whole thing will be liberating. Maybe people will develop stronger spines and not be so easily swayed by raving mobs."

Maybe. But we'll pay a heavy price in trust and social capital along the way.



Chris Keam says

February 28, 2011 - 9:13am

This is why I use my real name when I post. All one has to do is google me and it quickly becomes clear that I'm real and my comments come from a position of being reasonably informed about what I'm discussing. I also try to avoid commenting on topics for which I have no credibility, although I do succumb to sharing my 'opinion' once in a while.





Vanessa DiMauro says

February 28, 2011 - 9:30am

Excellent points and thanks for covering this topic.

Especially new online communities often face a chicken and egg problem whereby the need to show membership in order to please sponsors and also as a way to increase participation among the membership.. and fake people are, as you point out, very tempting.  But dangerous and doesn't pay off in the end as it erode credibility and trust in the information and people within the community.  Especially in customer communities, true identity of community members is essential as they are exchanging professional information about best practice or tips and tricks.  In order for the conversation to be meaningful, the context around the participants must be present.


Gary says

March 18, 2011 - 7:30am

Perhaps this is an opportunity for some wise and tech savvy good-guy to invent software that ferrets out fake personas and sock-puppets. I use sock-puppets myself in order to hide my real personal details when I communicate with people or organizations that I may not trust. It is so easy. But, there must be means available to unmask a sock-puppet. I had two different posts to a FaceBook page removed when there was no superficial indication that they were sent by the same person. I know that email contains a header that you can examine to find tracing information. But, this info is so hard to interpret. There should be software that decodes it. Then, another step or two and these "Persona Management" gimmicks can be undercut. How about software that compares email headers character by character and highlights only the differences or similarities. Then, it could go on to ivestigate suspicious activity more intensely. The CIA can enlist supercomputers like IBM's Wilson to analyze context sensitive content too. I'll bet they are already on top of this. Cyber War is a top priority with them, I know. They already have "Predator" which analyzes email from overseas for terrorist threats. My website is a means to verify my identity. Other means of ID should be developed that are cheap and easy for anyone to handle and install, like signature certification. My email persona is genuine, by the way. Gary

Anonymous says

October 28, 2012 - 5:20am
Well Gary ole boy, It has been over a year since you admitted using sockpuppets. You should be sorry to have a hand in helping to destroy the amazing Internet.

Social Signal on...

RSS feedTwitterFacebookGoogle+

Work Smarter with Evernote

Get more out of Evernote with Alexandra Samuel's great new ebook, the first in the Harvard Business Press Work Smarter with Social Media series!

Available on Amazon, iTunes and HBR.

Join Newsletter

Rob on Twitter