Following up on my last post, I just updated my Wikipedia user page with the following screed:
Name: Peter Saint-Andre
Homepage: saint-andre.com
Weblog: stpeter.im
Role: Executive Director of the XMPP Standards Foundation
Email: stpeter [at] jabber.org
JabberID: stpeter [at] jabber.org
Wikipedia does not support a concept of strong identity, so the foregoing information is a mere assertion as far as Wikipedia is concerned. In particular:
- I have no access to the META tags at this page, otherwise I would claim it using a microid generated and verified by ClaimID.
- I have no access to the complete HTML for this page, otherwise I would sign it using my X.509 certificate (SHA1 fingerprint CFFC A717 0EAC 8051 58C4 224F 3CD5 C970 E495 30ED) or my OpenPGP key (SHA1 fingerprint 4781 0AEC D13E 7B9D 5A35 CCE6 FB34 F553 7BBD 0573).
- Wikipedia does not support certificate login, so I cannot log in using my X.509 certificate (in fact Wikipedia does not even offer SSL encryption, so my password could be sniffed by a man in the middle!).
- Wikipedia could run its own Certification Authority and give higher status to users who provide the kind of information that CAs traditionally require in order to obtain a Class 2 certificate (e.g., government-issued photo IDs and notarized documents).
- Wikipedia could regularly ask users to verify the content on their own user pages, taking a digitally signed or encrypted email response with verification as approval.
Wikipedia could do any and all of these things. If they did, then Wikipedia could really know who is creating the content at Wikipedia. But it doesn't. So instead, we don't know who creates the content at Wikipedia, whether the people who run Wikipedia are who they claim to be, or whether Wikipedia has any reliability whatsoever.
Welcome to the Age of Essjay.
We'll see if the page gets defaced...