punks: The following is an essay followed by a survey on pseudospoofing. If you are interested in participating in the survey please reply in email to me under your `true name' only. I will post a summary to the list if there is sufficient data and I'm convinced it isn't strewn with manufactured lies from phantom identities (please do not waste my precious time, pollute my mailbox, or disrupt this survey with any). * * * First, let's review. From my perspective a person can have cyberspatial identities in about 5 basic categories. Under these definitions an `identity' is what appears in the `from' line of a message or other very obvious identifying characteristics of the message, for example, a line at the beginning saying `This is [x], I couldn't post under my regular account but ...', a signature at the end of the message, etc. Under these definitions I'm leaving out the distinctions of `reply capability' associated with anonymous servers etc. 1. `True Name' -- for our purposes let this be defined as the name on your birth certificate, your legal identity. 2. `unique name' or `cyberspatial name' -- this would be a name you associate with all your activities in cyberspace in postings to mailing lists, email, etc. That is, I'm making a distinction about people possibly using the net always under a single pseudonym. 3. `obviously anonymous' -- identifying characteristics in the message (such as origination from an anonymous server, etc.) make it obvious that *anyone* could have posted it. Sometimes called `hit and run'. 4. `pseudonymous' -- a variation of (3) where arbitrary identification is used to build up a reputation under a presumed name, but characteristics of the message make clear that the identity is an *alias* for someone's *unique* identities under (1) or (2). The nicknames associated with the Helsingius server ID's would be an example. 5. `pseudoanonymous' or `pseudospoofed' -- the message could either be someone's `true name' or an invented alias, but *no* characteristics of the message (including the message by the author) can discriminate exactly *which*. This is something like `identity camouflage'. It is a new category of identification that transcends (1) - (4) because it encompasses all of them. * * * Now, I've written a lot on `anonymity' and am a strong supporter and proponent of categories (2), (3), and (4), where the *receiver* of a message is *informed* and *aware* that it can be from *anyone*. However, I believe extreme restrictions should be placed on the use of (5) in a civilized cyberspatial society (such as that which mailing lists and Usenet groups attempt to represent, IMHO). Contrary to all the flames on the list and in my mail box, I continue to believe that this is not incompatible with privacy -- in fact, I believe it *promotes* it. Very serious abuses of (5) can lead to insideous deception and treachery, particularly in the interplay between public and private messages, and I'm absolutely aghast to see the capability for (5) championed as `privacy' here and in my mailbox by many people (or phantoms, I'm in total confusion) I used to respect. But this is all another essay. Above all, I'm *extremely* disturbed and alarmed to perceive what appears to be a systematic propaganda and disinformation campaign on this list and elsewhere in obfuscating the *obvious* and *incontrovertable* distinction between (3) and (4) on one hand (`anonymous' and `pseudonymous') and (5) on the other (`pseudoanonymous' or `pseudospoofed'), ironically perhaps largely via abuse of the lack of protective mechanisms against it here. In (3) and (4), the reciever *knows* that the message can be from *anyone*. In (5), the receiver does *not* know, and may even be *misled* into believing that a message is in categories (1) or (2) when it is in fact in fact `anonymous'. IMHO this is *very* dangerous. To further emphasize this distinction, in some sense categories (1) - (2) are *attributable* to *unique* identities. When I see messages in categories (1) or (2) on a mailing list, in my mailbox, or in Usenet postings, FTP articles, whatever, I can attribute them to unique people by definition. We also might call (1) `accountable', and if an online account under (2) can be traced to a legal identity, it would be also. Categories (3) and (4) are *not* attributable to unique identities. A single person could post anonymously multiple times or pseudonymously under multiple identities. If a person has only one pseudonym, let's say that's `quasi- or semi- accountable'. But not only is (5) *not* attributable to *identities*, it is not `attributable' to any of the previous *categories*! Hence, let's call messages in the categories (1) - (2) `attributable', (3) - (4) `nonattributable', (1) - (4) `uncamouflaged', `white', `open' or `unsurreptitious', and (5) `nonattributable' and `camouflaged', `black', or `surreptitious'. (I leave it to subsequent debate to stabilize on the most descriptive and memorable terms.) This *camouflage* that various cypherpunks promote, apparently up to the highest levels of `leadership', is IMHO inherently subversive. Because no one here seems to be afraid of subversion and anarchy, and even embraces it, let me go further and say it is *destructive* not only to societies but to *any* social interaction, even interpersonal. IMHO It is not just a recipe for anarchy, it is a recipe for chaos and barbarianism, *particularly* when associated with personal mail (including mailing lists). This was all a topic of discussion many months ago, and I paid scant attention at the time because I didn't think it was the interest of the majority of cypherpunks, part of the agenda, generally feasible, or in widespread practice. Recent events suggest to me I am *utterly* mistaken on all counts. In fact, apparently not only are `some' cypherpunks in favor of `black' postings, they are in favor of *concealing* the very existence of the capability, so as to potentially manipulate and brainwash others in an undetected concerted conspiracy! I think I will define this as `evil blackness'. <g> Again, lots of specific examples, anecdotes, and horror stories are another essay. Perhaps some would like to expand on this point (please email me if you treat this in a comprehensive and thorough manner). For now, I just want to make the distinctions clear for the survey, which follows. The survey will help me determine the extent of `blackness' and `evil blackness'. Please try to be as complete as possible in your responses. I will read and be influenced by independent opinions in my mailbox, but again request that you use your True Name only in any correspondence with me. And anyone who flames that this survey is an invasion of privacy, get lost. Let anyone reply under their own free will. I will keep all responses strictly confidential. However, I would like to collect some opinions under true names I can quote later. Please put the key `N/A' (not for attribution) in front of any response you wish me to leave unattributed or in front of the entire message like `message N/A'. Also, I will try to start email conversations with anyone who is particularly knowledgable. * * * 1. What is your `true name'? 2. Do you have a unique online identity other than your true name? 3. How long have you been on the internet? 4. How many mailing lists are you on? 5. Are `black' / `camouflaged' identities feasible or possible on the internet today? If so, how in particular? Comment on public access and UUCP sites if possible. 6. To what extent do you think `camouflaged' identities exist on the internet currently? Where are they used? What mailing lists or newsgroups are particularly dense with `black' postings? Have you ever received any in email? 7. Have you ever posted under a `camouflaged' identity? if so, where? How often? 8. Are you aware of any potential `abuses' of `black' messages? Has it turned into a big problem anywhere? Do you have any horror stories? Are there any `cabals' or `silent conspiracies'? have any debates or projects been `poisoned' or `sabotaged'? 9. Are you neutral on the capability of `black'/`camouflaged' messages, or do you strongly promote/support or condemn it? Is it harmless or dangerous? 10. Is society aware of `black messages'? if not, what would `they' think in general? if so, what is the consensus on the practice? 11. Is it fundamentally technically impossible to prevent *widespread* black messages if there was an incentive or consensus to do so? Or is it feasible with technology? 12. What are internet policies in general on `black' messages? What should they be? Should they be restricted and prevented? allowed? Keep in mind the distinctions of posts to mailing lists, Usenet posts, and personal mail. 13. Please list any resources on this subject: email addresses of specialists, pointers to papers, etc.