Lots of "people" you interact with online are sockpuppets

Plenty of people who have multiple identities on every social networking service

"I hear his name bandied about a lot, but I don't know him. I don't know who Henson is. He seems to have his hand in a lot of things around here, but I don't particularly know what that means."

-- Kermit The Frog, the world's best known sockpuppet, on the topic of his creator, Jim Henson.

Puppetry is the art of animating an inanimate object and using it to tell a story. It originated, it is estimated, around 30,000 BC, and the art is still around, not only in shows like the Muppets, but in the guise of people and organizations creating fake online personas.

Maybe you are already using this technique. Have you ever lied about who you are online? Do you have multiple identities for social networks such as Facebook or Twitter that aren't explicitly tied to you? Do you have email addresses that you use to be anonymous even if it's just to stop getting spammed? These are all aspects of what are called "sockpuppets").

And if you do any of the above, you aren't alone. There are all sorts of people and organizations out there building their own fake personas for all sorts of reasons while scores of other organizations, both commercial and governmental, are trying to unravel whatever Web of personas everyone else has created.

But how big is this underverse of fakery? Well, by some estimates 29% of the world population is online, some 1.97 billion users ... which seems highly unlikely to me.

I don't buy those figures as tallying real people because in 2005, an estimated 80% of the global population of around 6.8 billion lived on less than $10 per day. It would seem unlikely that the remaining 1.36 billion users could all be online given that many of those people live in locations with poor or non-existent Internet service, have no access to a computer, and or are of an age where they don't grok things digital.

Even so, for the sake of argument, let's take that figure of 1.36 billion as the size of the actual Internet population. The difference between that and the estimate of 1.97 billion users would be something north of 600 million. But how to account for that difference? Easy; that's the sockpuppet population.

If you doubt that sockpuppets exist in those kinds of numbers just consider that there are plenty of people who have multiple identities on every social networking service they use and pretty much every company trying to use the Internet for sales and marketing establishes scores of identities.

On top of that there are government agencies from every country that are jumping online to try to figure out who's doing what, where, when, to whom and for how much. You don't find out that level of detail without lots of fingers in everyone else's pies, so sockpuppets become a powerful tool for exploring social networks.

A great example of how government organizations are using sockpuppets was uncovered recently when the hacking group Anonymous stole thousands of emails from the security firm HBGary.

If you haven't been following the saga of HBGary, here's a brief recap: HBGary's CEO announced a few weeks ago that he was going to expose the members of the Anonymous group. This turned out to be a really bad idea because HBGary's security was, shall we say, sub-par, and without much fuss, Anonymous members swooped in, defaced HBGary's Web site and stole all of their email.

The trove of emails turned out to be very revealing and showed that HBGary was guilty of offering to perform all sorts of unethical services to take down Wikileaks.

Moreover, along with those revelations was a message from US Central Command, a theater-level Unified Combatant Command unit of the U.S. armed forces with an attached Request for Proposal soliciting bids for sockpuppet management software!

From a Network World article:

"Anonymous is trying to figure out just what U.S. Central Command wants with software that can create and manage phony identities on social networks. Called Operation Metal Gear, the effort is aimed at shining light on software that has the potential to set up phony Facebook, Twitter and other social media accounts and could help operatives manage them so they seem like they were set up by real people, with the apparent object of influencing and gathering data about the actual real people they friend."

In short, the practice of using sockpuppets has moved from ad hoc, user ploys to hide or obfuscate personal goals, through to corporations using them to service marketing strategies, to becoming integral to government surveillance programs. Who you friend, what you say, who your friends are, and what you post could all become data points in commercial or government repositories that will log you, identify you, track you and, if you use your own sockpuppets, attempt to integrate your personas into one view of who and what you are.

So, the next time you engage with someone online who you don't really know, just consider that you could well be interacting with a sockpuppet and you'll have no idea whose hand is driving it.

The sockpuppet could belong to some guy in Ackron, Ohio, looking for a "good time," or to a marketing company out of New York trying to change your opinion about which brand of cola is best, or to some government spook from who-knows-where and who-knows-what-country collecting information on you and your friends for who-knows-what-purpose.

And if you're working through your own sockpuppets, can and will "they" find out? Will they be able to piece together your real identity?

What could the result of their data mining reveal? Will your real identity online just be bombarded with cola ads? Or will you find yourself, someday, sitting in a bare room being asked by large guys wearing suits about how you know "Vinnie" and what your political views are?

Gibbs is not a sockpuppet in Ventura, Calif. Show your hand to backspin@gibbs.com.

Read more about software in Network World's Software section.

Join the CSO newsletter!

Error: Please check your email address.

Tags unified communicationsInternet-based applications and servicesapplicationsNetworkingmilitarycollaborationgovernmentindustry verticalssocial mediainternetFacebooksecurityWeb 2.0software

More about FacebookRequest DSLS CentralWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Gibbs

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts