Considering Verified Accounts?

I’ve recently started seeing more accounts on the site for governmental agencies looking to track occurrences on public lands or across the US (which is great!). However, one specific comment caught my eye: a request to add an observation for a vulnerable species (Plestiodon reynoldsi) to a project run by the USFWS to track endangered species. The comment specifically mentions joining the project so that the admins can see coordinates. I was interested, so I took a look at the project, which seems to be relatively new (<3 months old). There wasn’t any contact info for an actual person on the account (the account name is just fws-sdm), and the account has little activity (no observations, only 3 IDs).

To be clear, I have no idea if this particular account/project is legit or not. (Though both the original poster and I left comments asking if they could verify that the account was indeed run by USFWS 3 days ago and have yet had no response). However, It struck me that it would be quite easy to make a project like this and “impersonate” an agency (would probably take <5 min to download a few logos and set up). I’ve certainly seen herp folks go to more trouble to find good places for rare species! I know of a few other accounts running similar projects, like the FNAI and the US Federally Threatened and Endangered Species project which seems to duplicate the intent of the project mentioned above. Interestingly this project is really well documented and is administered by an iNat curator with an extensive history on the site. So I have a lot of confidence that it is legit! (though someone could always be playing a reeeaaaallly long con, I guess).

All of that intro is to say, I was wondering if, given the potentially high stakes (location info for vulnerable species) and for opportunity for impersonation, has this ever been a documented issue on iNat? If so, have any solutions ever been considered? The one that immediately sprung to my mind was some kind of “verified” account (like on Twitter). In this case at least, I could join a project and share coordinates with high confidence. Anyways, I was interested in hearing others’ thoughts and experiences on this.

NB: I didn’t make this a feature request (though maybe it could be in the future if people think it is worthwhile). I more just wanted to raise the issue.

19 Likes

yeah it’s a good idea to consider something similar. If Natural Heritage Inventory is going to be more involved with iNat where they operate, maybe we can give their projects and ‘work accounts’ some sort of official verification so we know we are sharing with ‘real’ NHI and not an impersonator. Same goes for any other regional conservation groups throughout the world

8 Likes

Maybe just put something similar to the “curator” or “iNat staff” label that gets put on people’s profiles?

6 Likes

I looked at that comment and project you mentioned, and it does seem dubious. For one, in the project description it says to contact any of the project curators if there are questions, but when you look at the member list, there are no curators set, only one manager (fws-sdm) and one admin (fws-sdm). That’s really concerning to provide exact location information on such vulnerable species. I’d be tempted to contact the USFWS to see if they can verify this account/project.

1 Like

Definitely agree that this would be a good idea. NY Natural Heritage Program now has an account that has occasionally asked me among many others for plant coordinates, and it’s comforting to know that I know the person behind it and can provide that info (usually through an email external to the site) with confidence. 99% of the time, the convenience of that preexisting connection is not available.

2 Likes

I believe it’s a legit USFWS account although they could have been more transparent about who the point person is, what office of FWS, etc. I tried googling the SDM abbreviation within FWS and it looks like its Species Distribution Modeling and not the more common Structural Decision Making.

e.g., https://academic.oup.com/bioscience/article/69/7/544/5505326

I just wanted to briefly clarify that this is a legit USFWS account. @tiwane and I have been in correspondence with them. Impersonation is firm grounds for account suspension. I agree that in the future a way of validating user identity would help inspire community trust in circumstances like this.

7 Likes

To be fair, I think there is community trust there, the problem is just that it could be too easily exploited for nefarious purpose!

4 Likes

@carrieseltzer Thanks for the confirmation. Maybe I’ll DM them and suggest that they add some more detail to the account (and reference this forum post) which might help get greater participation in their project. Also, any thoughts on whether this issue of verified accounts is worth submitting as a feature request? It’s not really of major benefit to anyone who isn’t an agency wanting to be verified (so I doubt it would get many votes). I mean, I wouldn’t use one of my votes on it!

1 Like

Another possible benefit from having the verified account/project option is in heading off disputes regarding group accounts. There have been some group/aggregation accounts that have been contentious recently, and consequently there are a number of iNatters now that have a predisposition against them. Such accounts are acknowledged by staff to be in the grey area of acceptability, and having an indicator of official site acceptance could head off any disputes that would otherwise arise.

1 Like

Maybe you could default all new accounts and/or projects to obscured locations only until they verify the account and meet certain conditions. Such as having verifiable emails, admins and admin info, contact info etc.

2 Likes

I’ve been thinking about this too. You sometimes hear about people using this sort of technique to get their own manuscripts sent to them by journals for review, or the like.

I was trying to think about what would be most manageable from a technical perspective, since the burden of trying to verify and update everyone’s credentials is more than the iNaturalist staff can reasonably take on. The easiest way to do it might be by authenticating email addresses.

If you’re authenticated your email account (i.e., responded to a message from iNat to prove you have control over it–maybe we already do this, I don’t remember how the signup process works), you could opt to, in your profile: 1) hide your email address entirely 2) show the domain only (so you can prove that you work for an agency or institution, but not in what capacity) 3) show your full email address, so that people can look you up on the institution’s website and verify who’s linked to that email.

There are still opportunities for social engineering (i.e., the person exposing a “dartmouth.edu” email address turns out to be Archimedes Plutonium rather than a tenured professor), and you might ask accounts to re-authenticate at certain intervals, say annually, so people who leave their institution can’t claim affiliation indefinitely. Plus you’d have to be able to change the email on your account on changing affiliation.

Still, I think that would be a pretty good first cut at helping us make sure that the people we’re trusting online with our Secrets of Nature are the ones we know in real life.

2 Likes

I just received a request to add Spotted Owl sightings. Considering the status of FWS and the drive to log every inch of the forest, I will abstain from giving any data until the agency resumes its mandated direction of protecting wildlife and habitat. Good people are losing jobs to horrible industry hacks.

1 Like

Currently we aren’t validating email addresses at all, so many users have invalid email addresses. Lots of @gnail and @yhoo and .con and .rog typos. @cthawley I think this discussion is fine to keep in general for the time being rather than create a feature request for it.

1 Like

Maybe only let admins see coordinates if the project itself has been verified?