Blizzard thought that forcing WoW members to use their real names would make them more accountable for their actions, says Farmer, Instead, players – many of them women – began to leave. Unlike Sophie, they did not wish to be identified by gender.
"A significant fraction of women who play games online present gender-neutral or male identifiers," says Farmer. "They want to participate, but their gender interferes with their experience. Attempting to remove pseudonyms was a disaster for that community."
Blizzard soon reached a similar conclusion. After a user revolt, the company reversed its real names policy in July 2010.
For whom the bells troll
While requiring "real names" may seem like a quick and easy fix for Web sites struggling with trolls and spammers, it ultimately does little to prevent bad behavior. A better solution would be a reputation management system that relies on the community to identify and banish abusive users, argues Farmer, who helped develop such a system for Yahoo Answers in 2007.
There are many ways a site can determine if a troll using the name "George Thomas" is also using "Thomas George" or "Georgina Thompson" – via IP addresses, cookies, browser fingerprinting, and so on, he adds. In this context, a "real" or legal identity is less important than a persistent one.
But aside from being complex and difficult to manage, reputation systems don't address the larger problem of how to make a pseudo identity portable across multiple locations, especially e-commerce sites that require verifiable payment information. While start-ups like OneID and UnboundID each allow a handful of individual clients to manage Web identities, there are no identity management services that work across the broad swath of the Internet.
In January 2011 the White House announced the National Strategy for Trusted Identities in Cyberspace (NSTIC), an attempt to create an infrastructure that lets Web sites verify identities without necessarily forcing people to reveal their legal names or personally identifying information.
"The government needs to force people to use their legal names in some transactions, particularly legal and financial," says Bob Blakley, plenary chair of NSTIC's Identity Ecosystems Steering Group. "Nobody wants to get dragged into court because they were mistaken for someone else. But there is no reason Amazon needs to know my real name in order for me to buy something. All they should care about is whether they get paid and that they show me products I might be interested in when I visit the home page."
So far, however, progress toward a solution has been steady but slow, Blakley admits.
"It's fair to say the real work of trying to bang out a picture of what a working system would look like is well under way," he says. "But it will be a while before it's done."
What's my name?
Even in a world where encrypted data is not safe from the clutches of the NSA, Blakley says pseudonymity still has a vital role to play.
"All personal names are pseudonyms," he says. "Even your social security number is a pseudonym. The problem isn't that people are leaving comments anonymously. The problem is that they're acting like trolls. And when you throw them off for acting like trolls, they just come back using a different name. If trolls had a genuinely persistent pseudonym, they wouldn't be able to do that."
Yet consumers who wish to protect their real-world identities today face a series of less-than-ideal choices: Avoid certain services, break the rules and risk banishment, or find technical workarounds, like Abine's MaskMe, which allows users to conceal identifying information and conduct transactions using pre-paid credit cards.
It seems the price of pseudonymity, like liberty, is eternal vigilance.
"You have all these companies trying extremely hard to unmask you," says Elsa. "To make pseudonymity work you have to be extremely dedicated to the idea of total separation. In your pseudo life you may never be able to use your real face. And in real life you'll have to become a boring version of who you really are."