Recently, I wrote about forging mail and introduced the idea of honor in cyberspace:
I've been vaguely following the thread, which seems to be attempting to close a loophole in port 25. Assuming you succeeded, wouldn't a clever demon hacker simply find another way to forge messages? I have seen that any system a human can devise, another human can eventually break. This leads me to believe that eventually we will have to begin acting on our honor, and provide severe consequences for dishonorable behavior. I haven't finished working out what "honor" means in this social context.
to which Jim McCoy responded:
Like what? When identity is "weak" then honor has no meaning...
That sounded reasonable to me until Crim Tideson asked:
I've created a pseudonym and a PGP key pair for that pseudonym. ... I have no intention of revealing who "me" actually is. ... I want to make and keep a reputation....
So honor may after all have meaning in cyberspace, as some code of behavior that preserves one's "reputation". James A. Donald, whose thinking I tend to respect, points out that,
Ken Landaiche writes
I have seen that any system a human can devise, another human can eventually break.
False. Most cryptographic algorithms these days are secure.
I'm glad to take your word on this. But I still think that the cryptographic system can be broken: subversion, torture, and "truth serums" come to mind. If someone strong enough wants your secret badly enough, they can probably get it, as long as at least one keeper of the secret is alive. This argument relies on one's adversary having no scruples. Since, as I mentioned before, I have little knowledge of the mathematics of cryptography, but still share the cypherpunks' interest in liberty, I'm focusing my efforts on the social end of the solution. As I said:
This leads me to believe that eventually we will have to begin acting on our honor,
to which JAD responded:
Walking through a security hole on a computer is not necessarily dishonorable, though many dishonorable things can be done once you are through that hole.
What do you mean by "dishonorable"? Is walking through a security hole like walking through a stranger's insecure door? The latter is an invasion of privacy to me, something I would consider damaging to me and would label a "dishonorable" act.
and provide severe consequences for dishonorable behavior.
If "we" provide "sever consequences" then we are not relying on honor, but on coercion.
Consider reputation systems, kill files, and the famous "If no one reads your posts, you're dead." Death is a pretty severe consequence, and one that many people admit to imposing. For target practice, I suggest that at the most basic level, net entities will have "honor" or a good reputation who do the following: 1. Tell the truth. 2. Keep their agreements. 3. Do not injure their neighbors.
Ken Landaiche wrote:
So honor may after all have meaning in cyberspace, as some code of behavior that preserves one's "reputation".
What is important is a _persistent_ and _unforgeable_ identity, not a physical indentity. Persistence is needed to attach a history to, and an expectation of future behavior. Unforgeability for obvious reasons. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
Ken Landaiche writes: [...]
to which Jim McCoy responded:
Like what? When identity is "weak" then honor has no meaning...
That sounded reasonable to me until Crim Tideson asked:
I've created a pseudonym and a PGP key pair for that pseudonym. ... I have no intention of revealing who "me" actually is. ... I want to make and keep a reputation....
So honor may after all have meaning in cyberspace, as some code of behavior that preserves one's "reputation".
But if creating a new identity is as easy as creating a pseudonym and a PGP key pair then everyone could create several identities, one they use for "honorable" work and others that they use when attempting to hack in to AT&T or rob the digital bank...the lack of a link between the pseudonymns means that "dishonorable" pseudonyms are disposable and without a means for attaching a negative value to a reputation the reputation system as a whole has a major flaw. That is not to say that a system that provides for reputations with anonymity is impossible, but it is not possible given the tools that are currently available on the net. If you want to take a look at a system that would offer a workable base for a reputation system I would recomment that you start with some of the credential systems of Chaum, Evertse, and Damgard. This would provide a foundation of unique identities and a method for exchanging information linked to pseudonyms without giving up user privacy. jim
Jim McCoy wrote:
But if creating a new identity is as easy as creating a pseudonym and a PGP key pair then everyone could create several identities, one they use for "honorable" work and others that they use when attempting to hack in to AT&T or rob the digital bank...the lack of a link between the pseudonymns means that "dishonorable" pseudonyms are disposable and without a means for attaching a negative value to a reputation the reputation system as a whole has a major flaw.
Yes, "negative reputations" alone are not adequate, just as they aren't in real life. (A negative reputation system is one in which only negative movements are possible, only downgrades. It's like assuming everyone is honorable, even strangers, and lending them money.) Positive reputations are essential. And are common, even on the Net. I don't know about others, but I don't automatically given all newcomers the 'benefit of the doubt' and thus give them "maximal reputation," only to be downchecked later. Rather, newcomers start out, in my mental ledger book, at a "nonentity" or "neutral" level. Call it "zero" for simplicity. Stupid or wrong comments cause their "reputations" (to me, of course) to move into negative territory. Positive comments boost their reputation. (And this rep business is multidimensional, of course. For example, I might dislike someone's opinion, but still have a high regard for their "reputation for honesty commentary," or somesuch.) It does little good to create zillions of "new pseudonyms," as they are *not* automatically given a high reputation. Think of credit ratings. Would any of you lend money to brand new pseudonym, or a stranger in your town?
That is not to say that a system that provides for reputations with anonymity is impossible, but it is not possible given the tools that are currently available on the net. If you want to take a look at a system
But I've just given an example of how this already works. Take "Pr0duct Cypher" as an example. Good code, rapidly written. The result: a postive reputation system that produces (for many of us) a net positive reputation.
that would offer a workable base for a reputation system I would recomment that you start with some of the credential systems of Chaum, Evertse, and Damgard. This would provide a foundation of unique identities and a method for exchanging information linked to pseudonyms without giving up user privacy.
I certainly agree that better tools, including the credentials-without-identity sort of stuff, may help even more. I just disagree that we don't already have a workable positive rep system. Postive reps--not just negative reps--are how we learn of good restaurants, good crypto books (Schneier, for example), and on and on. Histories of repayment of past bills (aka "credit ratings") are a classic manifestation of this. (I don't plan to get into a metaphysical debate about whether TRW Credit is doing the rating, or prospective lenders are, etc. In simple terms, a modern credit rating report is a composite summary of how many loans were repaid, how many bankruptcies and the like occurred, etc. No guarantees of futrue performance, but some strong indications. A Bayesian model that the future is likely to look like the past.) So, postive reputation systems are needed...and they are already in common use. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
participants (3)
-
macorp!moonlight!ken@uu4.psi.com -
mccoy@io.com -
tcmay@netcom.com