Dr. Frederick B. Cohen writes:
To clarify even further, I seem to recall a posting some months ago from an anonymous source declaring a new on-line for-sale forum called the Internet Security Newsletter (or some such thing). The anonymity of the poster in the context of asking for money and the fact that one of the people who was claimed to be on the board of editors was not, in fact, a participant, led to the question of who the person was.
The poster wasn't actually anonymous, but rather pseudonymous, in that case. (The pseudonym was the name of the publication, as I recall.)
It turned out that this person had a substantial history of putting forth falsehoods as well as other related things that might have been very helpful in evaluating the credence of his statements. It turned out that the newsletter was, at least in some sense and without making value judgements, legitimate; but the anonymity of the person making the posts made it harder to assure the integrity of the statements made, which exacerbated the assurance issue.
It seems to me that the integrity of the statements was rather easily verified based on the merits of the statements themselves. In particular, one or two participants in the forum denied the claims made that they were members of the editorial board. Granted, some people would have been more inclined to look askance at the messages if they had known the author's True Name. But as the saying goes, "past performance is not a guarantee of future results". You can choose to doubt or believe a message because of the author's past reputation. But reputation is not a reliable predictor of the integrity of future assertions. It's a nice psychological crutch, but reliance on a "rational expectation" is a long way from anything I would call "assurance" or "verification". It doesn't prove anything. The only acceptable method of assurance I can see is careful analysis of the propositions posited, and empirical verification of the facts presented. Leaning on past reputation is accepting an odd form of Proof by Authority. As it happened I had never heard of the True Name of the sender, so the knowledge wasn't useful to me.
I understand that over time, reputations can be built up for pseudonyms (which are not necessarily anonyms) but then, with a pseudonym we might reasonably ask what the motive is for hiding the real identity. [possible motives...] Without knowing the motive, how can we assess the statements?
By asking yourself if they seem to make sense, checking them against known facts and beliefs, etc. The same methods, IMHO, that are mainly appropriate to assess anyone's statements.
In fact, how can we know that the original pseudonym still applies? Someone could kill you and take over your pseudonym, and even though we might hear of your death, the pseudonym might continue based on your reputation but with another actual source.
Of course, the is-a-person problem has been discussed at great length. Digital signatures are as effective for pseudonyms as for anyone else. The messages we've seen "from Alice de `nonymous" might all have come from different senders. They exhibit a common tone and style, but that doesn't assure us of anything. In a sense that makes them more inviting, since there's always the chance that a third party is attempting a clever parody or a sly bit of character assassination. [...]
It's an interesting concept that each statement should/could be taken on its own and evaluated independently of the rest of a person's life context, but in my experience, that has serious problems.
In my experience, that's about all I can usually do in network communication. In principle I _could_ devote scads of time to background investigations of my correspondents, for all except strongly anonymous and strongly pseudonymous parties, but I don't find that approach realistic. -Futplex <futplex@pseudonym.com>