Re: your mail Re: on anonymity, identity, reputation, and spoofing
Subject: Re: on anonymity, identity, reputation, and spoofing From: hfinney@shell.portal.com Comments: Ignore the comment above. Content-Length: 2979 X-Lines: 55
I do sympathize with L. Detweiler's concern about multiple identities. Human nature being what it is,
Considering that human nature allows for pathological behavior in some individuals, and that anonymity seemingly decreases the potential for being held acountable for pathological behavior, I think it follows that it would be unwise NOT to be concerned.
if a series of posts appears quickly taking one view, people who disagree may think, well, I guess I'm in the minority on this, I won't make a stink about it. That's just part of the herd instinct, which, IMO, we all share. The lesson is that it is even more important on the net not to be afraid to take unpopular stands. You may find that there are more people who agree with you than you thought.
You may also find that such gentile methodology as attempting to sway opinion or unfairly weight ones opinion in order to alter the flow of disscussion are the least you can expect. I bet that clever sociopaths will find ways to leverage anonymity schemes to accomplish mayhem of magnitude well beyond these sort of things. believe me, you don't want to find out by being subjected to such mayhem, and if it happens you will be much harder pressed to come up with ways to patch things than if you take time to try and deal with it now.
There are some possible technological solutions to some of the issues raised. Chaum, in his 1985 CACM paper, describes how "credentials" can be exchanged among various pseudonyms a person may have. A credential can basically be any statement by a 3rd party about a person. It could be a statement by a college that he had a certain degree. It could be a statement by a government that he had a driver's license. It could be a statement by a business that he was an agent for that business.
How about *credentials* that certify the capabilities or flag the potential dangers of a binary object. Aren't there schemes out there that hold promise for that sort of *trustworthiness* stamp of approval? Aren't such schemes prone to the potential of cliquish abuse?
The credential would be given to the person, then Chaum shows how it could be re-blinded and shown under other pseudonyms. The credential can be verified, but it can't be linked to the True Name or other pseudonyms of the holder.
what are you credentialing? that someone *should* know what they are talking about? even so it would not preclude being burned, psychopaths tend to be very clever?
We could think about using something like this for reputations. Take Nick's question about how a new pseudonym could get through the filters. Maybe the person posts under his real name for a while, then some respected person is willing to give him a "valued poster" credential. He can re-blind this credential and submit it with posts he starts to make under his pseudonym. People will know that the pseudonymous poster is at least potentially capable of making sense, and give his words some weight. But there will be no connection to his True Name.
why not just build your reputation as the psuedo right from the start?
(Of course, this could lead occasionally to a Dr. Jekyll who makes sensible and weighty posts under his own name, while under his Mr. Hyde pseudonym he rants and raves. But hopefully this would not happen too often.)
Oh, I don't know anybody who does that sort of thing! :-) do you ?
Other credentials could be related to some of the other points Detweiler raised, such as list membership > some number of months. The point would be that these credentials are voluntary, used to get past people's filters, and that they retain poster anonymity while giving readers useful information about the poster.
If all you'r talking about is mail-list or newsgroup membership, why not just have testing and stringent membership requirements?
It's ironic that L. Detweiler, who has played a major part in spreading awareness of Cypherpunks technology through his widely read Privacy and Anonymity FAQ, is suggesting that people should be limited in their use of this technology. Still, the concerns he raises are going to be shared by many people, and we should try to be ready with technological solutions that are consistent with privacy protection.
exactly. I don't think it's ironic, I will be disapointed if the cypher-head community doesn't pay attention to the disphoric aspects of the technology it wields. Would you like to be the Edward Teller of cypher ? I don't think so. I want privacy too, and I want as much free-wheeling as possible in the matrix. Personally I think that accountability is going to be required as the price for reasonably secure encryption, reasonably open access, and reasonably secure privacy of data. IMNSHO, it is unreasonable to expect an anarcho-libertarian outcome to these issues. If you can prove me wrong I will be thrilled. The other thing that I am a bit surprized about is the relatively tight focus in this group regarding text. It seems to me that multimedia extensions have an *unfolding of the lotus* like effect upon the issues involved. I also see very little regarding potential for breaking the mind machine link, or biologic interfaces? core technologies are important, but an eye on the future is just as important. LUX ./. owen
D. Owen Rowley () writes:
I want privacy too, and I want as much free-wheeling as possible in the matrix. Personally I think that accountability is going to be required as the price for reasonably secure encryption, reasonably open access, and reasonably secure privacy of data.
Why should it be? Reasonably secure encryption, reasonably open access, and reasonably secure privacy of data can all be implemented without accountability. (I refer you to Public Key cryptography, DC/Mix nets, and secret sharing) Perhaps in practice, the majority of people will refuse to participate in such a network but that does not stop crackers/pirates from using one. Crackers routinely dick each other over because of lack of accountability, but the trade off (getting free software/phone access) is better than (getting busted) Do you think I am accountable? If I didn't put my real name in my sig you'd never be able figure out who I really am. Not even gnu, who graciously allows me use of their machines, has my real address or phone. The annex port that I log in on is set up incorectly allowing me to telnet anywhere without needing to use my student account (and thus not linking rjc@ to my college where my really private info resides) rjc@ is simply my pseudonym. I could be Bill Clinton and you wouldn't know, so why worry about it? What keeps me in line in the reputation linked to rjc@ which I have spent a long time building up. Acting like an asshole and choosing a new account name would waste a lot energy that I put into posting these years. If you consider a BlackNet in terms of Interated Prisoner's Dilemma, it makes sense that the good guys will outnumber the bad with a minority of jerks (who can be controlled with intelligent filtering software)
IMNSHO, it is unreasonable to expect an anarcho-libertarian outcome to these issues. If you can prove me wrong I will be thrilled.
You made the assertion, the proof is up to you. -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc@gnu.ai.mit.edu | - Zetetic Commentaries --
D. Owen Rowley writes:
Personally I think that accountability is going to be required as the price for reasonably secure encryption, reasonably open access, and reasonably secure privacy of data. IMNSHO, it is unreasonable to expect an anarcho-libertarian outcome to these issues. If you can prove me wrong I will be thrilled.
By whom is accountability going to be required? How will it (or how can it) be implemented? What sort of mechanisms can be expected to reliably and universally evolve in the decentralized anarchic network we know today that will make "paying the price" a meaningful concept? I con't prove you wrong because I cannot understand what you predict.
It seems to me that multimedia extensions have an *unfolding of the lotus* like effect upon the issues involved.
Explain: is it because of the medium itself or because of the nature of information that'll be available with multimedia delivery systems?
I also see very little regarding potential for breaking the mind machine link, or biologic interfaces?
Uhhhh, OK. -- Mike McNally
Considering that human nature allows for pathological behavior in some individuals, and that anonymity seemingly decreases the potential for being held acountable for pathological behavior, I think it follows that it would be unwise NOT to be concerned. [...] You may also find that such gentile methodology as attempting to sway opinion or unfairly weight ones opinion in order to alter the flow of disscussion are the least you can expect. I bet that clever sociopaths will find ways to leverage anonymity schemes to accomplish mayhem of magnitude well beyond these sort of things. believe me, you don't want to find out by being subjected to such mayhem, and if it happens you will be much harder pressed to come up with ways to patch things than if you take time to try and deal with it now.
I think one thing this argument forgets is that we are not talking about a herd of poor sheep vicimized by the big bad wolves. This technology is available to EVERYONE. If you don't like being hassled by someone anonymously, then be anonymous yourself. Also, lets keep in mind that we are talking about email here. What are these sociopaths supposed to do? >Bonk!< you? Bug you to death with CTRL-Gs? What sort of "mayhem"? Clever pyramid scheme or credit card fraud scams? Oh horrors. Anyone idiotic enough to fall for ANY such scheme deserves what they get. Right now, I see the main real problem of anon mail to be spamming, and the main imaginary one (i.e. the main one people bring up when discussing anon vs no anon, but of which there are no example cases, just lots of what if'ing) to be liability for libel/slander. I can't really see this changing anytime soon. Perhaps in a world like that in _True_Names_, but we don't have that right now. By the time it becomes possible, all sorts of checks and balances will be in place (credentialling, digicash, proof of personhood, etc etc) that are only gleams in our eyes right now.
How about *credentials* that certify the capabilities or flag the potential dangers of a binary object. Aren't there schemes out there that hold promise for that sort of *trustworthiness* stamp of approval? Aren't such schemes prone to the potential of cliquish abuse?
Sounds very much like [True?] brand names too me, in practice. In fact I cannot see the viability of an "It's ok" credential if used by anyone other than a trusted author/company and from trusted reviewers/users.
what are you credentialing? that someone *should* know what they are talking about? even so it would not preclude being burned, psychopaths tend to be very clever?
This aversion to net.psychos seems very much like the fear of net.pedophiles that's been evidenced by a few journalists. Please point me to some psychopaths. Where are these folks. I have a strong suspicion that psychopaths are generally dysfunctional enough that they will not do well in a medium like this. And if there were a lot of them around, we'd already be seen decidedly psychopathic abuse of the net; instead we get immature spam, and other wastes of bandwidth but nothing particularly serious. I think we need to draw some distinctions between what is a possible threat or problem and was is a likely threat or problem.
(Of course, this could lead occasionally to a Dr. Jekyll who makes sensible and weighty posts under his own name, while under his Mr. Hyde pseudonym he rants and raves. But hopefully this would not happen too often.)
Oh, I don't know anybody who does that sort of thing! :-) do you ?
I certainly side with you on this one. I know quite a few people who do this, both on "the" net, and in BBS-based networks (as if there's much difference these days.)
Other credentials could be related to some of the other points Detweiler raised, such as list membership > some number of months. The point would be that these credentials are voluntary, used to get past people's filters, and that they retain poster anonymity while giving readers useful information about the poster.
I want privacy too, and I want as much free-wheeling as possible in the matrix. Personally I think that accountability is going to be required as the price for reasonably secure encryption, reasonably open access, and reasonably secure privacy of data.
What is "reasonably secure"? I can't think of any "reasonable" definition of that. Something secure from YOU, with your 386 or Mac, that is NOT secure from the US govt. is not reasonably secure to me. In fact it is woefully insecure, IMNERHO.
IMNSHO, it is unreasonable to expect an anarcho-libertarian outcome to these issues. If you can prove me wrong I will be thrilled.
Only time will tell. I think it'd be utterly silly to expect things to come out as any of us plan, 100%. That is no reason to not work toward whatever goals we have, as individuals, as "the Cypherpunks" or whatever.
I also see very little regarding potential for breaking the mind machine link, or biologic interfaces?
There are other lists and groups for that, particularly alt.cyber* -- -=> mech@eff.org <=- Stanton McCandlish Electronic Frontier Foundation Online Activist & SysOp "A nation that is afraid to let its people judge the truth and falsehood of ideas in an open market is a nation that is afraid of its people." -JFK NitV-DC BBS 202-232-2715, Fido 1:109/? IndraNet 369:111/1, 14.4V32b 16.8ZyX
participants (4)
-
m5@vail.tivoli.com -
owen@autodesk.com -
rjc@gnu.ai.mit.edu -
Stanton McCandlish