Subject: Re: on anonymity, identity, reputation, and spoofing From: hfinney@shell.portal.com Comments: Ignore the comment above. Content-Length: 2979 X-Lines: 55
I do sympathize with L. Detweiler's concern about multiple identities. Human nature being what it is,
Considering that human nature allows for pathological behavior in some individuals, and that anonymity seemingly decreases the potential for being held acountable for pathological behavior, I think it follows that it would be unwise NOT to be concerned.
if a series of posts appears quickly taking one view, people who disagree may think, well, I guess I'm in the minority on this, I won't make a stink about it. That's just part of the herd instinct, which, IMO, we all share. The lesson is that it is even more important on the net not to be afraid to take unpopular stands. You may find that there are more people who agree with you than you thought.
You may also find that such gentile methodology as attempting to sway opinion or unfairly weight ones opinion in order to alter the flow of disscussion are the least you can expect. I bet that clever sociopaths will find ways to leverage anonymity schemes to accomplish mayhem of magnitude well beyond these sort of things. believe me, you don't want to find out by being subjected to such mayhem, and if it happens you will be much harder pressed to come up with ways to patch things than if you take time to try and deal with it now.
There are some possible technological solutions to some of the issues raised. Chaum, in his 1985 CACM paper, describes how "credentials" can be exchanged among various pseudonyms a person may have. A credential can basically be any statement by a 3rd party about a person. It could be a statement by a college that he had a certain degree. It could be a statement by a government that he had a driver's license. It could be a statement by a business that he was an agent for that business.
How about *credentials* that certify the capabilities or flag the potential dangers of a binary object. Aren't there schemes out there that hold promise for that sort of *trustworthiness* stamp of approval? Aren't such schemes prone to the potential of cliquish abuse?
The credential would be given to the person, then Chaum shows how it could be re-blinded and shown under other pseudonyms. The credential can be verified, but it can't be linked to the True Name or other pseudonyms of the holder.
what are you credentialing? that someone *should* know what they are talking about? even so it would not preclude being burned, psychopaths tend to be very clever?
We could think about using something like this for reputations. Take Nick's question about how a new pseudonym could get through the filters. Maybe the person posts under his real name for a while, then some respected person is willing to give him a "valued poster" credential. He can re-blind this credential and submit it with posts he starts to make under his pseudonym. People will know that the pseudonymous poster is at least potentially capable of making sense, and give his words some weight. But there will be no connection to his True Name.
why not just build your reputation as the psuedo right from the start?
(Of course, this could lead occasionally to a Dr. Jekyll who makes sensible and weighty posts under his own name, while under his Mr. Hyde pseudonym he rants and raves. But hopefully this would not happen too often.)
Oh, I don't know anybody who does that sort of thing! :-) do you ?
Other credentials could be related to some of the other points Detweiler raised, such as list membership > some number of months. The point would be that these credentials are voluntary, used to get past people's filters, and that they retain poster anonymity while giving readers useful information about the poster.
If all you'r talking about is mail-list or newsgroup membership, why not just have testing and stringent membership requirements?
It's ironic that L. Detweiler, who has played a major part in spreading awareness of Cypherpunks technology through his widely read Privacy and Anonymity FAQ, is suggesting that people should be limited in their use of this technology. Still, the concerns he raises are going to be shared by many people, and we should try to be ready with technological solutions that are consistent with privacy protection.
exactly. I don't think it's ironic, I will be disapointed if the cypher-head community doesn't pay attention to the disphoric aspects of the technology it wields. Would you like to be the Edward Teller of cypher ? I don't think so. I want privacy too, and I want as much free-wheeling as possible in the matrix. Personally I think that accountability is going to be required as the price for reasonably secure encryption, reasonably open access, and reasonably secure privacy of data. IMNSHO, it is unreasonable to expect an anarcho-libertarian outcome to these issues. If you can prove me wrong I will be thrilled. The other thing that I am a bit surprized about is the relatively tight focus in this group regarding text. It seems to me that multimedia extensions have an *unfolding of the lotus* like effect upon the issues involved. I also see very little regarding potential for breaking the mind machine link, or biologic interfaces? core technologies are important, but an eye on the future is just as important. LUX ./. owen