I don't want to go into whether this is a good idea or not. Nor philosophical discussions of what a "real name" is. I want to discuss how this would work practically.

Let's assume that a central website - like GitHub - decided to gather real names for contributors to critical software.

Let's also assume that every user has a passport, driving licence, or other suitable identification document.

How does a website:

1. Determine the authenticity of the document?
2. Match the user to the person represented on the document?

There are more questions - but those two will do to start with.

Document Authenticity

Let's take passports as an example. A website might be able to see the expiry date on a passport - but how can they spot whether a passport is a forgery?

The UK has a (pilot) service to allow businesses to check the validity of a passport. It's an API-based service which takes data from the presented passport and returns a simple yes/no to the passport's validity.

There are a couple of hundred different passports issued by a variety of countries and organisations. Does every passport have a simple way of checking validity?

The same is true of driving licences. The UK lets drivers share their licence information - but there are hundreds of different issuing organisations around the world. How do you integrate with all of them?

Even if we assume that there's a meta-service which connects to every single passport and licence database and can reliably give a website a reasonable assurance that the document is valid - that only solves half the problem.

Person Authenticity

How does a website know whether the person applying for an account is the same as the person on the document?

They can't accept a photo of the document. I've handed my ID over in a hundred dodgy bars and clubs around the world - I'm pretty sure plenty of people have a high-res scan of it.

Kids "borrow" their parents credit cards all the time for illicit Fortnite purchases. How can a website tell if the document has been briefly stolen from its owner?

Here are some things I've seen various services do:

• Ask for a photo of the user holding the document and a copy of today's paper.
• Take a selfie and compare it to the photo on the document.
• Get the user to record a short video of themselves reading the details off the document.

Those are all fairly intensive and rely on a service being able to accurately match a photo of a user to a photo on a document.

Even if we assume that we can correctly authenticate the majority of identity documents and match them to the user, that still doesn't solve the problem of verification.

Account Authenticity

What stops users from selling their accounts? Would a nefarious actor offer people a couple of quid to sign in to a website they've never heard of? High profile accounts get sold or stolen all the time.

Google suggests that Multi-Factor Authentication would also provide an enhanced level of trust. But that doesn't prevent someone acting maliciously, whether out of choice or if they're being coerced.

Users move county, ID documents get revoked, data leaks, and mistakes get made.

Sure, a policy like this would probably place a higher barrier to entry to a service - but that would only prevent casual misbehaviour. It would do nothing to stop determined actors. It also comes with some insurmountable implementation difficulties.

Even if you think that a real name policy would solve some of the problems Google identifies - and that everyone has ID which shows their name - how would it work in practice?

Bonus track:

I mean, not officially. There's nothing in the API documentation, and all my attempts to contact Twitter on this matter have been ignored. If you're getting abuse on Twitter you have to use the official Twitter clients to report people. No matter that 3rd party clients may be better at protecting your privacy, offering you a sanitised view of the people tweeting you, or enable you to block offensive words or phrases.

In Twitter's increasing war on the developers who helped build it, they simply won't allow unofficial clients to implement this basic functionality.

The nearest you can get to providing this service to users is to throw them out to the official mobile website, directly to the report page.

https://mobile.twitter.com/USER/STATUSID/report

e.g.

https://mobile.twitter.com/edent/status/363605088734298112/report

This, of course, ignores the fact that Twitter's mobile site may not work on the user's phone and may be blocked or monitored.

The problem of online abuse isn't unique to Twitter. They realise that the majority of their visitors come to watch - and only rarely interact. The big draws for these passive observers isn't their friends; it's "celebs". If those celebs get driven off by abuse, will the userbase migrate elsewhere?

Twitter could have harnessed the power of its 3rd party developers, it could have set up crowd sourced monitoring, it could have behaved like a good Internet citizen and worked with their community.

Instead they've done the bare minimum to appease the baying masses without trying to understand or fix their underlying problems. They've lost the trust of their 3rd party developers, lost the trust of those being abused, and will soon - I imagine - lose the trust of their star attractions.

Oh well. Fun while it lasted.