Great summary from Kim Cameron of the NPR show on pretexting and privacy issues brought froth by HP spying scandal (originally from Craig Burton)…Pretexting is a problem that will be there as long as there is profit to be made by pretending to be somebody else. In real world communities, short of DNA profiling or a chip planted into each human being, there is not much that can done to eliminate it. And even then enterprising social engineers/pretexts will find a way to pretend to be somebody else.
As with all new technologies that facilitate communication, there is a price to be paid in terms of increase in pretexting. The advent of phones brought in a wave of new pretexting scams (Kevin Mitnick does a good job of documenting them in “The Art of Deception“) and the same is now true of Internet. So what is the solution? How do on-line communities handle rampant pretexting?
I do not believe there are any silver bullets to deal with this issue. Technologies like info-cards help in providing ease of use for managing identities (its a big problem) along with some good encryption mechanisms to make it harder for pretexters to steal identities. But anytime there is a fixed set of credentials (like name, SSN, Credit card etc.) that are used to establish identity, pretexters will be able to deploy clever techniques (albeit with a bit more difficulty) to collect these credentials. Another approach is to rely on more decentralized identity mechanism shared in a tight knit community. Establishing identity in such communities will not only require a user to have the right credentials but also have an understanding of all the old interactions including the shared context with the community members. This will not stop pretexters but will make their job a whole lot harder.