H. Finney <hfinney@shell.portal.com>
After going to enormous efforts to create a network of anonymous remailers, we are hoist by our own petard, as our list receives strange, irrelevant, and argumentative posts through our own anonymous remailers. (Not all anonymous posts are like this, but there have been quite a few in the last few weeks which fall into these categories.)
I've been thinking about this a lot lately. I think a large part of the problem as you indicate is associated with reputation. How does one build up a reputation and identity in cyberspace in general? Part of the problem IMHO is that this list software & the internet in general is extremely vulnerable to a lot of different kinds of spoofing. People are very sensitive to the perception of a `consensus' -- they are deeply influenced by what they perceive to be the `majority opinion'. What if that `opinion' was not an accurate representation of reality? what if a few people were creating the illusion that some different kind of consensus existed? what if that `agenda' were actually something inherently wicked like lawlessness or anarchy? what if a conspiracy created the impression that some project or progress was underway when it really wasn't? or that some person was loudly favored or condemned by the `group'? this could be especially problematic if any kind of intimidation were happening `behind the scenes' in email. who would ever know? unless the dissatisfaction reached the list, how would we find out? another problem is that, at the same time being strongly influenced by a lot of flames, people just delete them out of sheer distaste and they may not be around later for inspection. what really is our assurance that all these email addresses actually exist and represent *unique* people? there really is very little currently. I think newsgroups are far less vulnerable to this kind of spoofing, but unfortunately mailing lists are *extremely* vulnerable. (Keep in mind, there are a whole set of other benefits and detriments in *other* categories which I'm not talking about here.) In the former we have thousands of subscribers all checking on each other's honesty. If a suspicious address or opinion pops up, there is some probability someone will notice, and cases of spoofing would probably be noise drowned out in the representative opinion. Also, distribution is centralized, so that `message blocking' is not very feasible. In the latter case, i.e. mailing lists such as this one, there is a much closer knit community that is geographically isolated. Individuals on the list are far more susceptible to spoofing. People are more likely to see *every* message including the `spoofed' ones. There are far fewer people to `check up' and those that are there may not have the technical expertise. What's worse, the list is not `distributed' in a certain sense. If someone wants to get out the message that `something wrong is going on' it could be censored because of the centralization of the distribution. This wouldn't work with Usenet because the distribution of the messages (e.g. NNTP servers) is generally cleaved from the people with strong self-interests in the traffic (e.g. people who post to group [x]). This cyberspace stuff can be a *very* powerful influence on many. It is an electronic community, and peer pressure is *extremely* powerful. Many people do not have an extremely strong internal `moral compass' and could be influenced by this kind of corrupt magnetism associated with a `conspiracy of spoofing'. Note that reputations are crucial in not only persuading us to listen attentively to those we respect, but to `tune out' the lunatics and criminals. * * * Spoofing Regarding the what also gets my vote as `strangest posting of the year' by `S. Boxx', Philippe D. Nave, Jr. <pdn@dwroll.dw.att.com> (based on my email, a loyal cypherpunk and fellow Denverite!) wrote:
[...] it seems that the point of the message is that there is a lot of smoke coming from people who use aliases or anonymous remailer services to post to the cypherpunks list. Does this posting contribute to that problem, or have I missed something? [...] What the hell ?!? I've either missed something significant (and would appreciate enlightenment) or this is a candidate for 'strangest post of the year'. If 'S. Boxx' really exists and is the author of this posting, I apologize- if not, then come out from behind your damn remailer and quit contributing to the problem. As for monitoring the list for traitors, go ahead- I post under my own name, and I don't give a shit what you do with the text. If I was concerned about lurkers building 'traitor files', I'd encrypt my messages and happily watch you choke on them.
I think I speak for many here in saying that I weigh anonymous postings very little, but don't consider the capability a serious problem. They have very significant purposes in e.g. `whistleblowing' `within the system' that I've always been attracted to. On the other hand, I think there is an implicit assumption by virtually everyone here that addresses on public posts and private email that are not specifically anonymous represent *unique* people. That is, if some people were taking advantage of the loose, free, and open atmosphere here to influence opinion or perception of reputations by posting messages under different presumably `real' identities (defined as anything that is not obviously tagged as anonymous), I and probably everyone else would feel very `upset' in the least and `violated' at the most. It would seem like a very serious breach of community trust, and might even have the effect of derailing positive contributions to the `cypherpunk cause' (whether algorithmic or political, the two chief schools of thought). I recall discussions of this related to the Extropians list, which specifically bars this practice. * * * List suggestions The fact that this `uniqueness of real identities' has always been something of an implicit assumption here bothers me. I think anything this delicate and important should be made formal and explicit. We should not simply assume that `everone is honest and no one would be depraved enough to do this.' I think the following guidelines are very reasonable, and might be part of a list charter agreed to by new members: 1) list members are allowed *one* anonymous identity if any. They are required to associate some name with all anonymous posts via that identity. 2) *no one* is allowed multiple `real' identities and in fact any violation of this is considered an extremely serious breach of netiquette & honesty. 3) completely anonymous posts from `outside' the list are allowed; if no pseudoidentity is given they are assumed to come from `outside'. and if anyone has been posting under multiple `real' identies, I think they owe it to everyone here to `come clean'. I don't see why anyone would go to the trouble but if someone was just unstable or obsessive enough to equate reputation with posting traffic, s/he might go off the deep end. The practice amounts to `spoofing' and any patriotic cypherpunk with some integrity ought to recognize that immediately and condemn it, technical capabilities regardless. I would equate this practice with `lying to one's colleagues'. spoofing is probably the #1 crime against cypherpunk ideology. * * * Reputations As for reputations, what can we do about this? I think that there are a lot of solutions to be experimented with in software. One of the best is just to have archives that are searchable by ID. But archives are very disk-consuming. I have some various other ideas that wouldn't require much beyond the current database maintenance of email addresses. Suppose that along with everyone's name, the following statistics were presented: 1) how long they have been on the list in days, 0 if none at all 2) how many postings they have posted here 3) maybe a posting/age ratio -- some people seem to be very sensitive or tune out people with a high one. 4) another idea: tracking the number of responses a given poster has, average, per original post, measured by `re: [x]' subject tracking. now, look what we get with all these. They are all simple to implement. They all can tremendously help us weigh the various opinions that are out there. They can set up a positive feedback system whereby `good' posters potentially really are quantitatively identified. Regarding (4), one way to `punish' a poster for irrelevant postings is to simply not respond, and they will not get any `credit' in this statistic. The problem with this is that from my experience, sometimes my most authoritative and finely-crafted postings generate the least response. But note the point of all these things: they don't necessarily require any digital signatures to implement. Authentication of postings `allowed' to the group really seems like a separate problem to me. Another simple idea is to have a voting system in response to postings. People's `credit' associated with their postings could be listed in headers too. This of course is far more ambitious, and the generally complex problem of authentication rears its ugly head. In addition to all this, I would like to see protocols that guarantee honesty on the part of the list maintainer. When databases like this are maintained, a little unilateral tweaking here and there can be extremely deleterious to community integrity, honesty, and reputations.