Cypherpunks: I tried to send this message to the cypherpunks in April 1998. I suspect that this, and many other messages that i sent, never reached the cypherpunks list. If any of you remember reading this, or have a copy of it in your archives, please let me know. Regards, Zooko ------- Forwarded Message Date: Wed, 1 Apr 1998 07:06:44 +0200 (MET DST) From: Zooko Journeyman <zooko@xs4all.nl> To: zooko@xs4all.nl Newsgroups: list.cypherpunks Subject: Why i am not truly pseudonymous yet (was: Re: keyword scanning and countering writing style analysis) References: <199803252037.UAA06168@server.eternity.org> Adam: I think that the state of the art on this is probably close to the boundaries of the science of machine learning. I recently saw a presentation by a researcher from Bell Labs. His machine learning system, which is being patented, had success rates better than competing systems (including better than a hand-scripted system!) at identifying into which categories a phone call or letter to AT&T fell: "Billing", "Subscription", "Complaint", "Delay", "Installation", etc. Presumably the NSA has similar systems with all of our favorite keywords. (Toto: insert funny jokes here.) Anyway, if _i_ were forced to bet on it, i would say that such systems are not yet good enough to reduce the cost of matching nyms to "insignificant", but that such systems probably _will_ be that good before too long (and our old articles will still be useful as data then...). Now the question about counter-measures, i don't know. (There is a trade-off between safety and expressiveness here. We could all buy a copy of AltaVista's translator software and language databases, and then run our missives through a couple of pidgin foreign languages before posting them. [Toto: insert funny joke about JYA here.]) <sigh> I think this issue is growing in importance. I currently use a very weak nym, which anyone with a little skill should be able to crack [Toto: bonus points if you _privately_ send e-mail to one of my eunymous accounts]. I'm starting to think that this is the worst of both worlds, as potentially malicious sorts are not significantly slowed down, while potentially beneficient people are kept a bit more distant from me and are thus less likely to be of use to me. (e.g., people who know me as Zooko wouldn't notice if "Anna Rosenbaum" (my real name) were to disappear one night, and vice versa.) By the way, the reason for my failure should be instructive: my nym is so crackable not because of any technical detail having to do with remailers or encryption-- it is that i foolishly posted articles containing both nyms in the distant past, and those articles are now a permanent part of the The Net instead of decaying and disappearing like articles from even earlier years did. Another issue for me is the onerous cost of starting a fresh nym. The benefits (true pseudonymity) are uncertain (the bad guys' techniques might crack my best effort using current technology (especially because of textual analysis as per the original topic of this message)), and the costs are that i lose the advantages of concentration of reputation into a single nym. (I've already observed this, a little, with my current set of weak nyms. Adding a strong one would only exaccerbate my woes.) A final problem i have with true pseudonymity is that i _like_ meeting people in Real Life, and not only to fight or fuck them. Okay, this has been long and rambling, but i hope useful to some of you. One more point before i go: There are two ideas of pseudonymity that i have considered. In one, you are truly the only person who knows that the nym maps to your body. This has obvious advantages, and obvious disadvantages. In the other (which is basically what "Zooko" is and was intended to be), there is a large, ill-defined group of people who also know of the mapping. This has its advantages too-- social advantages (which are very important!), but the disadvantage is that it is trivially cracked by a mole. [In fact, i think i recall that about the time "Zooko" appeared on the scene one "Adam Back" sent me e-mail saying, "Hey-- you write a lot like Anna Rosenbaum did... Are you her?".] [So if anyone wants to do me a favor, look about in your archives and dissociate "Zooko" with "Anna". Thanks! It might actually do me some good in the long run, although not, of course, against the likes of the NSA. Perhaps against others.] Regards, Zooko P.S. For an Nth reason that i don't have a strong pseudonym, i never bothered to learn how to use a remailer front-end. Now with Xemacs 20 and Mozilla out, i could probably handle it... P.P.S. Today i found the 3rd person, including myself, who has used the name "Zooko" on the net. .----, | mailto:zooko@xs4all.nl . / | http://www.xs4all.nl/~zooko/public.html . / | "Any technology which is distinguishable +____. | from magic is insufficiently advanced." ------- End of Forwarded Message