Re: Pseudonyms and Reputations
From: tmp@netcom.com
these identification systems ultimately fall back on `real world' identification systems such as birth certificates, social security numbers etc. which all can be readily subverted by a determined adversary.
I believe RSA requires a notarized statement, where you have presented the notaries with three forms of ID. I would imagine that notaries have some experience with false ID, but no doubt they can be fooled with sufficient effort. Still, for the kinds of applications we are talking about here (chatting on the net) this is probably adequate. For more security you could require a thumbprint which is compared with others on file.
what, specifically, is problematic about these? does chaum just ignore them? does he describe them in greater detail?
Chaum was writing more about financial relationships with creditors, businesses, etc. My translation of his ideas into the cyberspace author- ship arena was not something he discussed directly.
as for `endorsements for unknown endorsers', it seems to me the reputation system you refer to is a sort of `reputation web' not unlike the pgp `web of trust' model. a pseudonymous credential has as much weight as the pseudonym originating the certification. i.e., if `a' signs `b's pseudonym, that `edge' in the `reputation graph' has as much weight as `a' has reputation. that is, it should not be possible to create a whole bunch of new pseudonyms, have them all sign each other, and then increase your reputation.
In one way it is easier than with pgp. With pgp we are trying to guess whether a person is really who he says he is. This has all sorts of real- world implications, and as tmp points out these are hard to verify. With reputation systems what you really want to know is whether a person's endorsements are valuable. Over time you can basically decide this for yourself, by judging whether those authors recommended by a given person are ones which you consider good. Those endorsers whose opinions match your own would be the ones you pay the most attention to.
this brings up an interesting idea. future cyberspatial citizens may develop an elaborate netiquette that describes how to maximize one's advantage through the use of pseudonyms. all kinds of strategies will ensue. is it better to have a few good pseudonyms, without diluting reputation, or a whole bunch of pseudonyms but a bit more diluted reputation?
With Chaum's system it should not necessarily dilute your reputation to use a lot of pseudonyms. OTOH, you are right that informal reputations will not carry over, and in practice these will be important.
one of the problems with a positive reputation system is that it would workd for `d-type people' <g> whose reputation is primarily negative. a whole lot of people would like to put a negative credential on `d' so that they would limit his influence in all forums he visits, similar to the way that one could globally encourage someone else through `accreditation'. `d' would simply not propagate any negative signatures to his pseudonyms.
Negative endorsements, and negative credentials in general, are difficult to achieve. Chaum's paper has some discussion of these but it is hard to follow. The simple blinded signature model provides a pretty simple way to allow only one pseudonym per True Name in a given forum, if you assume there is some way to distinguish people in the real world. Suppose Cypherwonks wanted only one person per nym. And suppose there was an agency which was able to distinguish people, that is, it could tell when it had seen the same person twice. Now, Cypherwonks asks this agency to give a single blinded signature of a type (exponent) which is unique to that list, to anyone who wants it, but such that nobody gets more than one. To be accepted on the Cypherwonks list, then, somebody would have to show a signature of this particular type, different from everyone else's. Each person could only get one such token, which Chaum has called an is-a-person credential (again, this is a simplification of his idea, I think). Now tmp has what he wants, the ability for a list to have only one nym per person. And in such a situation, negative reputations are important, because you only get one chance and can't start over with a new nym.
could such a negative signature system be constructed? it seems possible with a centralized `trusted' server, but this is not an ideal solution; ideally one would like the system to be possible from the independent interactions of people who trust only themselves. this of course is the ideal cryptographic model, and the very best and finest algorithms (e.g. rsa) conform to it.
Well, you have to trust that the agency which is verifying uniqueness of identity doesn't cheat. But note that the agency does not get any great privacy-infringing power, as they don't have to know the True Names or identities of the people they are endorsing, and they don't know their pseudonyms (since those are blinded when they are signed).
the problem is similar to preventing double spending in a cash system. how do you enforce that a person `spends' a certain amount of information? there are no `laws of the conservation of information' as their are of e.g. mass as with a paper currency. in fact maybe the double-spending preventative techniques for cash systems could be translated to get a negative reputation and prevent people from not displaying credentials, even negative ones, they have accrued (just in the way people are forced to reveal if they are `printing money', i.e. spending spent money)
Chaum did, as I said, have some concept about revealing negative credentials, perhaps along the lines you are suggesting. As I followed his ideas (which wasn't very well), you would have to submit an "I'm not a jerk" credential with each posting, and the only way to get another such token would be to get back a response from your posting saying, "OK, you're still not a jerk." But if you posted some trash ("Death to BlackNet") then you wouldn't get back that "OK" token and you'd have lost your "not a jerk" token for good. This would work best in a situation where there was one nym per person, otherwise he could use his other nyms to endorse his worthless trash. (I posted a variation on this idea a couple of weeks ago as a way of handling anonymous remailer complaints without breaking the anonymity of the remailer user. A similar token-and-response system was used, also based closely on the blinded signature system in Magic Money.)
personally i like chaum's emphasis (or recognition) that forums exist such that restricting pseudonymity in them is natural, fair, and rational, i.e. a desirable design goal. it seems to me that even beyond this, people should be able to construct forums where they demand (or comply, or agree, or whatever) that identity be known, or that it be totally ignored. given all this inquisitional witchhunting of my `true identity' (whatever the !@#$%^&* that is), obviously this forum is in the former category <g>
Well, Larry, you have to realize that you caused us enormous hassle several months ago, so it's natural that people will be somewhat hostile. Other pseudonymous posters have not stirred nearly so much interest (with the possible exception of Xenon, who had some of your own tendencies to rant at length). However, in your new incarnation I find your postings much more interesting.
what do you think, cpunks, should you have the right to ignore people regardless of the pseudonyms they use? again, i ask if it is possible to construct a system that protects anonymity but at the same time allows someone to filter all pseudonyms associated with another person. it seems that we have reached an impasse -- these are two very useful design criteria but they appear to be contradictory. on one hand we would like to censor all the `d-type' pseudonyms, but on the other hand we would want a `clean slate' for all of our own.
Chaum has some discussion about how you can go to library A and borrow a book, proving that you have no overdue books at libraries B, C, D, ..., without compromising your anonymity. This sounds analogous to proving that you have no negative credentials from other cyberspace forums. Unfortunately, this is a part of his paper I need to read more times to understand. Hal
hal finney had very interesting comments about pseudonyms and reputations. one of the most important notes about the chaumian systems he indicates is that it would be possible to have forums where pseudonymity is limited (one pseudonym per user) but at the same time the anonymity of participants is protected. this seems like a reasonable compromise between the extreme on one hand, `no one should be accountable for anything in cyberspace' and on the other hand `people should be accountable for everything in cyberspace'. it does appear that in a completely unaccountable system, i.e. where pseudonyms are cheaply obtained and accrue bad reptation without any consequence, `cryptochaos' can ensue. it is quite possible to have the equivalent of `floodbots' to mailing lists, and i'm really quite astonished that the only solution that anyone has developed so far is completly untechnological and IMHO backward: yelling at a site administrator. in fact, it seems to me the mechanisms for social interaction are most rapidly evolving on IRC, where there are all kinds of sophisticated rules regarding operators who have control over channels, to boot out participants, `ban' them, and the way that people `ignore' each other, etc.-- isn't it rather remarkable that no widely distributed mailing list software has any of these very basic mechanisms? i was just on IRC and i don't know how many people have noticed that (forgive me if it has been pointed out before) but a very interesting early incarnation of a positive and negative reputation has already been implemented by somebody's `commbot' program. it functions as a database of reputations of IRC nyms. here are some of the rules (ugh, can't they come up with a less offensive term for negative reputation?) anyway, i will be very interested to watch the evolution of reputation systems on the internet. =CommBot= =CommBot= Levels are used to determine which users can make me do what. =CommBot= The most important use of the levels are: =CommBot= userlevel >= 50 : user will be made channel operator by me =CommBot= userlevel >= 100 : user may modify user/shit/prot lists =CommBot= userlevel >= 125 : The user may use certain "special" commands. =CommBot= userlevel >= 150 : user may use all my functions =CommBot= shitlevel >= 50 : user won't be opped, and cannot modify =CommBot= : the various list, regardless of the userlevel. =CommBot= : I also will not allow this user to be opped by =CommBot= : someone else =CommBot= shitlevel >= 100 : user will be kicked and banned when the =CommBot= : channel is joined =CommBot= protlevel == 100 : I will not massdeop or masskick these users. =CommBot= : if a user with level 100 is deopped, I will reop +him/her =CommBot= =CommBot= SEE ALSO: WHOAMI, WHOIS, NWHOIS, USERADD, =CommBot= SHITADD, PROTADD, getting_access =CommBot=
participants (2)
-
Hal -
tmp@netcom.com