• United States




Can pseudonyms be friendly and authentic?

Jul 20, 20155 mins
FacebookSecuritySocial Networking Apps

There was quite a ruckus a month ago surrounding Facebook’s effort to crack down on pseudonyms, which affected a lot of performers, transgender people, Native Americans, Hawaiians and others with “alternate” or “unusual” names. Was this truly the end of Facebook’s Nymwars or is there more to this story?

After the noise died down, I was among the many who thought the rules had been relaxed so that it was a non-issue for anyone who was not using a pseudonym maliciously. But I recently learned that there are plenty of people who wish to remain under the radar that are still being affected by these stringent naming rules.

Anonymity vs. privacy

Most of us have seen or experienced the effects of online harassment, so the idea of forcing trolls out of anonymity makes a certain amount of sense. But what one person might call anonymity another might simply call privacy.

As a malware analyst, it was part of my daily work to arbitrate between software makers and end users as to whether a piece of software was legitimate, “potentially unwanted”, or malicious. The line between a legitimate administration tool and a hack tool was often vanishingly thin; sometimes we had to create thorough documentation for our legal department in case our decision was called into question. We very much wanted to protect the general population from harm; including both those people developing the software and those who found this software on their machines. This is a difficult balancing act, compounded by the unbelievable numbers of files we were asked to examine.

Having undergone this sort of decision thousands of times over the course of a decade, I understand what a difficult task this is both for the people making policy and those making specific verification decisions about users’ “authentic” names. Deciding when people are doing something to try to deceitfully hide their identities versus cautiously protecting their privacy is not an easy thing to do. And undoubtedly, there are mountains of submissions for decision-makers to sift through.

Keeping your personal life private

As you might imagine, there was a precipitating event that prompted me to look into this issue: A message popped up on my Facebook feed from the husband of a childhood friend saying that his wife’s account had been locked due to her use of an alias. My friend is a both a social worker and a domestic abuse survivor, and I knew that she chose to use an alias because the idea had been suggested to her by her employer.

This advice seems to be pretty common among social workers. Healthcare professionals also commonly use pseudonyms (in spite of advice to avoid social media altogether), so that they can use social media to keep up with family and friends without having the dilemma of having to field friend requests from patients. While creating a public page allows many people to maintain a separate professional persona, it is a one-way street that does not allow the full range of activity including commenting on other peoples’ pages.

The more Facebook sets itself up to be an indispensable part of modern life, the more often this scenario is likely to occur. It would seem absurd to tell doctors, nurses and social workers that they should not have a personal email address, and yet prohibitions against pseudonyms on Facebook create a near-equivalent restriction for many people. 

Protecting the innocent

It’s not just people who prefer to have their personal and professional lives separate that seek to protect their privacy by using alternate names. There are plenty of other situations in which it would be problematic or even dangerous to have a person’s legal name associated in any way with their Facebook page, including survivors of abuse, stalking, and harassment. Indeed, using an alternate moniker may even reduce the risk of these troubles for some people. 

Excluding survivors from social networks removes a safety net as well as a source of emotional connection and support. Asking them to reveal their real names makes the risk of using the site too great, especially when the verification process includes submitting identification that may reveal their home addresses. And nowhere in the amended ID verification rules does Facebook take account of this. (Not to mention, almost every one of the suggested documents contains way more personally identifiable information than I would recommend sending to a website!) 

If Facebook wishes to continue to integrate ever more tightly into everyone’s daily life, both as a social hub and as a third party authenticator, they will not only need to accommodate people in various parts of the world and in various cultures. They will also need to take into account that people with different jobs and different life-situations will require less exclusionary ways to interact with their site.


Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all this change can be difficult for even the most tech-savvy users, she enjoys explaining security issues in an approachable manner for companies and consumers alike. Over the years, Myers has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products. As a security researcher for ESET, she focuses on providing practical analysis and advice of security trends and events.

The opinions expressed in this blog are those of Lysa Myers and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.