Forwarded message:
From anon.penet.fi!daemon Fri May 13 18:40:07 1994 Date: Fri, 13 May 1994 18:33:08 -0400 From: daemon@anon.penet.fi (System Daemon) Message-Id: <9405132233.AA21224@anon.penet.fi> To: sinclai@ecf.toronto.edu Subject: Anonymous code name allocated.
You have sent a message using the anonymous contact service. You have been allocated the code name anXXXXX. You can be reached anonymously using the address anXXXX@anon.penet.fi.
If you want to use a nickname, please send a message to nick@anon.penet.fi, with a Subject: field containing your nickname.
For instructions, send a message to help@anon.penet.fi.
I didn't send mail to penet. I'm assuming someone on the list must have forged the post. I'm not amused. Anyone else get this, or did someone think I'm special?
Yes, I got the same message. I don't know what this is all about John K Clark johnkc@well.sf.ca.us On Sat, 14 May 1994, SINCLAIR DOUGLAS N wrote:
Forwarded message:
From anon.penet.fi!daemon Fri May 13 18:40:07 1994 Date: Fri, 13 May 1994 18:33:08 -0400 From: daemon@anon.penet.fi (System Daemon) Message-Id: <9405132233.AA21224@anon.penet.fi> To: sinclai@ecf.toronto.edu Subject: Anonymous code name allocated.
You have sent a message using the anonymous contact service. You have been allocated the code name anXXXXX. You can be reached anonymously using the address anXXXX@anon.penet.fi.
If you want to use a nickname, please send a message to nick@anon.penet.fi, with a Subject: field containing your nickname.
For instructions, send a message to help@anon.penet.fi.
I didn't send mail to penet. I'm assuming someone on the list must have forged the post. I'm not amused. Anyone else get this, or did someone think I'm special?
John Clark <johncla@freenet1.scri.fsu.edu> writes: Yes, I got the same message. I don't know what this is all about
I hate to be paranoid, but that seems to be my natural state these days. I'll take a guess: somebody wants to know the mapping between cypherpunk addresses and Finnish anonymous ID's, if any. If you have an anonymous ID registered on penet.fi and you don't have a password registed there, anyone can find your anonymous ID by forging mail from you to themselves via Finland; it will carefully anonymize you and report the message to them; presumably "This is the one I forged from John Clark." or "Test 94.217.johncla" or whatever. If you already had an anonymous account with no password, you wouldn't get notification... but you have one now. I don't know if there's an error msg if you try to send mail with the wrong password. I do have an anon ID (result of replying to some other anonymous poster) with no password, and haven't gotten that message lately. Jim Gillogly Trewesday, 23 Thrimidge S.R. 1994, 15:52
Aren't you allocated an anon ID# at penet if you reply to a person's posting somewhere back to the, in order to assure the double-blind system? ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
Paranoia is cryptography's occupational hazard. Recently there has been a small rash of complaints about unwanted assignment of penet pseudonyms. The first reported was simply a description, the most recent assumed that the assignment was the result of someone trying to find out mappings in the penet database. This clear illustration of paranoia setting in demonstrates the nature of the hazard. The effect of paranoia is self-delusion of the following form--that one's possible explanations are skewed toward malicious attacks, by individuals, that one has the technical knowledge to anticipate. This skewing creates an inefficient allocation of mental energy, it tends toward the personal, downplaying the possibility of technical error, and it begins to close off examination of technicalities not fully understood. Those who resist paranoia will become better at cryptography than those who do not, all other things being equal. Cryptography is about epistemology, that is, assurances of truth, and only secondarily about ontology, that is, what actually is true. The goal of cryptography is to create an accurate confidence that a system is private and secure. In order to create that confidence, the system must actually be secure, but security is not sufficient. There must be confidence that the way by which this security becomes to be believed is robust and immune to delusion. Paranoia creates delusion. As a direct and fundamental result, it makes one worse at cryptography. At the outside best, it makes one slower, as the misallocation of attention leads one down false trails. Who has the excess brainpower for that waste? Certainly not I. At the worst, paranoia makes one completely ineffective, not only in technical means but even more so in the social context in which cryptography is necessarily relevant. The problem with assignment of penet ID's was not due to any malicious intervention, but rather someone subscribing to the list with a penet address. Since the list doesn't alter the headers much at all, the originator of a list message is sending indirectly to penet, forwarded through toad. I've swapped the address so this shouldn't happen again. Eric
Things are much worse than we thought! Some tentacle has apparently INVADED the account of Eric Hughes, on HIS OWN MACHINE, and is attempting to RENDER US DEFENSELESS by undermining our paranoia. These %*#$%&^@# Cryptoanarchists are TORTURING MY SOUL.
Paranoia is cryptography's occupational hazard.
HA! I call it our ONLY INNOCULATION against the TRUE PARANOIDS (and the Giant Adenoids) who seek our destruction.
This clear illustration of paranoia setting in demonstrates the nature of the hazard. The effect of paranoia is self-delusion of the
(paranoia about paranoia deleted, to protect myself from it) Or, as my friend tmp would plagiarize^H^H^H^H^H put it:
Paranoia creates enlightenment. As a direct and fundamental result, it makes one more adept at cryptography. At the outside best, it makes one quicker, as the concentration of attention leads one down new trails. Who has the excess brainpower for that effort? Certainly I do. At its best, paranoia makes one much more effective, not only in technical means but even more so in the social context in which cryptography is necessarily relevant.
Ah, the SICKENING TRUTH finally come out! --name withheld because of paranoia -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
THE TRUTH COMES OUT! T.C. May is really LD! ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
C'punks, Tim's excellent parody of the "Horn-ed One" gave me an idea. Since Tim has such a good feel for his subject, perhaps he should create a "DRG" (Detweiler Rant Generator). Like the ever-popular jargon generators, it could be used to give our posts a certain je ne sais quoi. Our ordinary posts could be transformed into blank verse odes to ANGUISH, BETRAYAL and IMPOTENCE. (Sorry, I got carried away. Must be catching.) S a n d y P.S. It *was* a parody, wasn't it, Tim?
Eric Hughes wrote:
Paranoia is cryptography's occupational hazard.
Yes, that is indeed the nature of it since many of the protocols are designed to work admist mutually distrusting parties. A degree of suspicion/ paranoia is necessary - for example, digital cash. Another example, a non-suspicious person may be tricked into digitally signing anything (by getting them to sign a blinded document).
the possibility of technical error, and it begins to close off examination of technicalities not fully understood.
I understand this: I was allocated an anonymous id which I didn't intend to request. So maybe it was a technical error, maybe it was somebody trying to figure out my id... in either case the resulting id is useless Presumably, the person subscribing to the list received my message, with the From: field altered to the anonymous id. Since the message contained by name and email address, I don't care if the id was assigned by mistake.
There must be confidence that the way by which this security becomes to be believed is robust and immune to delusion.
Precisely: I beleive my assigned anonymous id to be worthless. I think I follow most of what you are saying; all the same, in this case, technical error or not, malicious person or not, the paranoia is justified. And beleive me, I haven't invested much time into figuring this out. -- Karl L. Barrus: klbarrus@owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories
Eric Hughes wrote:
Paranoia is cryptography's occupational hazard.
From the outside these two states of mind are difficult to distinguish. Both use crypto, both acknowledge the existence of
Yes, that is indeed the nature of it since many of the protocols are designed to work admist mutually distrusting parties. A degree of suspicion/ paranoia is necessary - for example, digital cash. Paranoia is not necessary for protocol analysis. While it is not totally ineffective, it is certainly much less useful than understanding the invariants of the protocol, for example. Proof is much more powerful than paranoia. Evaluating the risks of a situation, even the ones of low probability and large effect, is not paranoia. The person who considers that there might be people who want to listen it and uses cryptography because the cost of deployment is less than the perceived risk (and all risk is perceived risk) is not paranoid but prudent. The person who merely thinks there are people listening in and uses cryptography to defend against them is just paranoid. people who wish to harm other people. Yet the paranoid has identified with the victim. An indicator of paranoia is an unsupported claim about a state of affairs in which the speaker is a target. This is what happen with the penet id assignments; some people implicitly asserted the existence of malicious individuals. Those who merely brought up their _potential_ existence. The evidence for this distinction is speech-acts, not the most reliable indicator. Therefore my advice about paranoia is more directed to individuals pondering their own states of mind than to the examination of the behavior of others. Sometimes you may learn that another person actually is paranoid. You cannot, however, usually tell just from the use of cryptography whether or not a person is paranoid. To summarize my original claim in light of the foregoing, the paranoid does not do protocol analysis as well because of a misdirected focus on certain risks and not others. example, a non-suspicious person may be tricked into digitally signing anything (by getting them to sign a blinded document). And for this reason, keys used for blind-signing should not be the same as for email signing. But this is a different discussion. I think I follow most of what you are saying; all the same, in this case, technical error or not, malicious person or not, the paranoia is justified. To assert the possible existence of the malign is acknowledgement. To assert the possible existence of the malign in some current situation is suspicion. To assert the actual existence of the malign without good evidence is paranoia. I don't think you use the word "paranoia" as I do above, which I would term suspicion. Eric
participants (8)
-
hughes@ah.com -
Jim Gillogly -
John Clark -
Karl Lui Barrus -
Robert A. Hayden -
Sandy Sandfort -
SINCLAIR DOUGLAS N -
tcmay@netcom.com