I remembered about is-a-person credentials after I posted. I had thought this idea came from Chaum but I didn't see it in his 1985 paper. I don't recall the details of this credentialling mechanism, so take what I say here with a grain of salt. I hope someone can post a cite. One point is, there is no need to associate these with states. Private corporations could easily issue is-a-person credentials. You show up and let them take your thumbprint (retina print, DNA scan, ...), and they give you the credential. They don't need to know your name, just that you don't already have a credential. (The different agencies would have to share a database as is done in many industries today.) Then, if L. Detweiler wants to accuse Eric and Jamie of being the same person, they can disprove it by exhibiting their different is-a-person credentials. (They might not "exhibit" them, they might use some kind of zero-knowledge proof to show they are different.) If anonymity and spoofing get to be too bad a problem, most people may refuse to have net.dealings with anyone who is not willing to show an is-a-person credential. Among your pseudonyms, only one can show it, otherwise they will be linked. This would force all but one of your pseudonyms into second-class citizenhood on the net. This may seem unfortunate, but as those who just got through flaming Detweiler remind us, if something like this is possible then just because you don't like it, that won't stop it from happening. It may be that in the future the net is not a very anonymous environment, just because the technology exists to catch spoofers. L. Detweiler may get his wish after all. Hal Finney hfinney@shell.portal.com