I thought you needed to de-correlate the anonymous data sets. Say that the database entries of a medical record are nym, age, location, type_of_disease. For e.g. Mickey, 43, Madison area, chance_for_don't_insure_him_disease. Now, it doesn't matter they may not find your actual name or address-they can correlate across databases to put up a red flag when someone matching the remaining fields except for the first one(nym)requests a health insurance policy. Note: The nym can be anything-in the above case it is just a nickname. Sarad. --- On Fri, 11/6/09, Shawn K. Quinn wrote:

...

I should have asked this years ago when there was more

...

this list (and I was using a different nym[1]) ... but years ago there was not such established proof of data correlation in "anonymized" data sets (netflix, "anonymized" medical data, etc.) [...] These actions are probably not robust. My

...

common profiles below the noise threshold that a

From: Shawn K. Quinn Subject: Re: managing and protecting nyms... To: "John Case" Cc: cypherpunks@al-qaeda.net Date: Friday, November 6, 2009, 6:45 AM On Thu, 2009-11-05 at 23:05 +0000, John Case wrote: traffic/users on thought is that it can lower my particular aggregator

...

might have.

What do _you_ do to sanitize/de-correlate your nyms ?

I don't. I only use a nym for things that need to appear to have been done by a third party, or for other reasons should not be traceable back to Shawn K. Quinn.

Someone who I am currently not on speaking terms with once "clarified" his/her position by stating her online and in-person personas were different; his/her online persona made it appear he/she was more approachable than he/she actually was. I simply don't play that game.

I do follow cypherpunk topics, I use PGP/GnuPG, Tor, Mixmaster, Freenet, GNUnet, etc. from time to time, but for the most part, I'm not nearly as paranoid as I used to be. For better or for worse. Hell, I quit channeling my Google queries through Tor some time ago (I still only accept session cookies from Google, and that's only to make the services work that require a Google account).

-- Shawn K. Quinn

On Fri, 6 Nov 2009, StealthMonger wrote:

...

- establishing a distinct user account, on a different provider, for each topic I discuss. For instance, this nym only discusses encryption/"yro"/tor subjects.

Are you suggesting that you're not using a nym server [3] for your nyms?!

What's your threat model again?

I don't use a nym-server. Usually. There are other ways to get comparable anonymity. Cardinal Richelieu: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." My threat model is an unknown future adversary with unpredictable motivations.

...

- Scrubbing my language of certain idiosyncratic phraseology or blatant aspects of "style" ... favored slang, etc. Perhaps even purposefully bad grammar in finer points of grammar that most people get wrong - so as to keep the "correct" forms from being identifiable.

A worthy but difficult thing to do.

I imagine it's like that weird random sand-walking the Fremen do. It becomes second nature after a while. Wait, was that nym-leakage ?

On Fri, 6 Nov 2009, StealthMonger wrote:

...

I don't use a nym-server. Usually. There are other ways to get comparable anonymity.

Please explain other ways to be practically untraceable.

Shell providing and VPS providing is a cut throat business. It might take a few contacts (with a throwaway yahoo email you create through Tor) but you _will_ find someone to take your money (in cash). Lifetime or multi-annual payments in advance usually do the trick. The previously mentioned Simon gift cards could fit into this, but why bother. Never touch the account, save through Tor. So it's the same model you use with a nym-server, but whereas all of your obfuscation is after your email account, all of this obfuscation is prior to the email account (through Tor). @ John Young:

Cypherpunks should be the last place to disclose a protection methodology except, perhaps, only perhaps, as a ploy to deceive.

Recall repeated warnings here to never disclose in a public forum an ultimate protection scheme. Spread copious FUD, hope it sticks. Could be that is what this thread is about.

I don't know that this even rises to the level of a "protection methodology" - it's more along the lines of "survey the current landscape and choose an available, and obvious route". As for robustness, either Tor is broken/vulnerable or it's not. @ Eugen Leitl:

...

My threat model is an unknown future adversary with unpredictable motivations.

Weird. I can think of many current adversaries with very simple motivations I can do very little to nothing about. This assymmetry will only grow further in future, since the concentration of smarter, more vulnerable hardware will only get larger, and the delta between my and their capabilities will only grow wider.

Sorry - I was obtuse there. What I meant was, in addition to the technical unknowns that grow over time, and the predictable and visible social pressures, there are also the acute unknowns - like french revolutions and bolsheviks and "year zero" folks. Those are the unknowns who could just as easily be after anyone that advocated net neutrality, or supported Tor or spoke on behalf of anonymity as they are after obvious bozos who blatantly threaten public figures. That's why _I_ keep a firewall between my real self and my nyms - year zero types don't need a good reason, they just need fuel, period.

My only protection is that I'm not doing anything which could draw their (not meaning flatfeet or gumshoes here) attention.

Of course. Goes without saying. But I think there is actually a lot less distance (in terms of danger) between assassination politics and "just talking about Tor". Or maybe the future revolutionary just fat-fingers the database query. Either way, your name comes up.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Case writes:

On Fri, 6 Nov 2009, StealthMonger wrote:

...

Please explain other ways to be practically untraceable.

[...]

Never touch the account, save through Tor. So it's the same model you use with a nym-server, but whereas all of your obfuscation is after your email account, all of this obfuscation is prior to the email account (through Tor).

Tor is not practically untraceable. The Tor documentation asserts: ... for low-latency systems like Tor, end-to-end traffic correlation attacks [8, 21, 31] allow an attacker who can observe both ends of a communication to correlate packet timing and volume, quickly linking the initiator to her destination. http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf Use of a nym server is practically untraceable because of the high random latency and mixing with other traffic provided by the anonymizing remailers through which a nym server is controlled. -- StealthMonger -- stealthmail: Scripts to hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net Finger for key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ http://mailcrypt.sourceforge.net/ iD8DBQFK9197DkU5rhlDCl4RAvjsAKCd/5ZeWkQcvkW0Mdd7mlrUa867cACgp0IO Lpg9t5oGP7n9AWm0v+VQd6g= =nNjJ -----END PGP SIGNATURE-----

Cypherpunks should be the last place to disclose a protection methodology except, perhaps, only perhaps, as a ploy to deceive. Recall repeated warnings here to never disclose in a public forum an ultimate protection scheme. Spread copious FUD, hope it sticks. Could be that is what this thread is about. It might be impossible to have anonymity and reputation outside your skull and even the brain has evolved its separate agenda to survive the body's fuck-ups. That is why mind was invented, to escape into corporeal nothingness. Can mind win over matter, hard to prove, but proof is a mind's ploy to assure victory, and triumphy serves as an intoxicating possibility. Consider like those drunk on moneygrubbing that wealth is what mind has invented to buy avoidance of pain and suffering by overloading that on the unwealthy condemned to servitude. The wealthy are condemned to try to hide their resources and insist on more privacy for them and less for others. Governments have learned that rewarding lesson: secrecy above all for it but not for the taxpayers. Yes, there are rewards for reporting to secretkeepers what is revealed here.

There have been several anonymous contributors here who have developed pretty good reputations by the quality of their contributions, technical, philosophical, literary, even occasionally, fair-minded wisdom. Some have been subsquently identified -- by self-revelation or by leaks -- others remain unknown. Fortunately their contributions endure (where are the archives these days, if any?). As established here over numerous years, reputations might well be more solid if contributors are not identified, instead contributions have to stand on their own and not be colored by personally-identified reputation -- the latter highly subject to spin and fabrication, not to say plagiarism, vanity, pride and braggardy. Anonymous reputation comes close to the saw that there is no limit to what you can accomplish if you don't fret getting credit for it. To be sure, it will be hard to avoid wanting credit, so deeply embedded is that aspiration in societies based on prizes and praise, egos and salaries. Some say the greatest cause of neuroticism and pathological behavior among spies is secrecy from the public about who has accomplished what. And the agencies' piddling certificates and stars on the wall are salt in the wounds of insufficient recognition. No wonder the murders, rapes, burglaries and other high crimes of secret operatives are TS, no, not those committed against enemies, those done in-house. FWIW, the spy agencies do not act on anonymous accusations against themselves, way too dangerous, but eagerly spread those against others. So, following the lead of the best and brightest criminals in the world, it is probably a good idea to have multiple personas, some anonymous, some not. Insist that others identify themselves, and rat on those who refuse. Thus, the increase in calls for Internet IDs.

We have pieces of the CP archives, but little before 1994. The pre-1994 wad used to be available online. TCM used it to write the bible. So it is in somebody's heap of disks which must never be discarded. We'll archive-offer the total collection if it can be assembled, despite the few insurgents gone legit hoping their errors will vanish forever. The collection should be in a stable public institution to counter the secret holdings. 1990s cpunk-who's shows hundreds of pseudonyms. Who who.

On Tue, Nov 10, 2009 at 09:51:24AM -0400, R.A. Hettinga wrote:

Ryan Lackey had the cypherpunks archives on venona.com for a while. Doesn't look like it's there now.

I expect if you ask nice he'll send you all of it on a DVD, John, since you have the most persistent archive of cypherpunkinalia out there.

I'll be more than happy to host a mirror. Planned to resurrect cryptome.at sometime anyway. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

John Case wrote:

I suspect there is a Zookos-Triangle-like constraint on having anonymity and reputation simultaneously. Which is to suggest that I think it is possible, but that there will be some kind of limiting or inconveniencing factor...

I don't think so. Anonymity means having no traceable connection to an identity. Reputation requires that a series of communications be traceable back to some unique entity. This is the classic Detweiler 'nymity' argument. Reputation not tied to a meatspace identity must be tied to a persistent pseudonym. Otherwise, no reputation capital accrues. Hey, it's great to relive the classics! :) -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT http://www.rant-central.com

Ted Smith wrote:

On Fri, 2009-11-06 at 15:59 -0500, Roy M. Silvernail wrote:

...

Hey, it's great to relive the classics! :)

And it's great to have a front-row seat to the replay, for us second-generation cypherpunks who never saw the original!

Second-generation? Man, do I feel old! Detweiler's rantings may not be fully accurate, but they do serve to outline the basic ideas of pseudonymity. They're worth a visit, if only for some historical perspective. http://sattlers.org/mickey/culture/humor/items/Geekish/theoryOfNymity.html As well, Tim May's Cyphernomicon has some good info about reputation capital. https://www.cypherpunks.to/faq/cyphernomicron/chapter15.html Cory Docterow calls reputation capital "Whuffie", and goes into some detail on how it might work (assuming a slightly sci-fi infrastructure in the bargain). http://en.wikipedia.org/wiki/Whuffie Even without Docterow's Whuffie meter, repcap exists today. There are quite a few nyms that I trust to be reputable, even though I've never met them in person and don't know their True Names. Welcome to the Other Plane. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT http://www.rant-central.com

Tyler, the truth is worse than that. The credit fraud system is an entrapment system for "we, the people" to believe what you just wrote are the reasonable limits of the universe of what is possible or lawful. http://www.rayservers.com/blog/generating-power-from-stupidity---the-harsh-t... What is to come is highly predictable. http://www.rayservers.com/blog/the-dow-gold-ratio---the-most-reliable-progno... Cheers, ---Venkat. On 11/29/09 13:02, Tyler Durden wrote:

Late reply I know. But as I like to repeat, in the credit card world there's little or no reference to meatspace per se. In the vast majority of card defaults no real-world collateral is taken: It's more often than not written off, but one's reputation is damaged for seven years. Commercial cards are the same, even more so: They are 'uncollateralized' short term loans.

As the population increases and physical world collateral goes to zero, seems to me the only thing many humans will "own" is their reputation: Their physical world assets will be uninteresting or negligible. Is this the same thing as anonymity?

Of course, many folks will have many reputations and will choose to burn one every now and then to cash in or take a big risk. But even now it's possible to detect when a reputation is about to blow and so any loans are quickly ramped down.

-TD

...

Date: Sat, 7 Nov 2009 08:36:40 -0500 From: roy@rant-central.com To: teddks@gmail.com CC: cypherpunks@al-qaeda.net Subject: Re: managing and protecting nyms...

Ted Smith wrote:

...

On Fri, 2009-11-06 at 15:59 -0500, Roy M. Silvernail wrote:

...

Hey, it's great to relive the classics! :) And it's great to have a front-row seat to the replay, for us second-generation cypherpunks who never saw the original! Second-generation? Man, do I feel old!

Detweiler's rantings may not be fully accurate, but they do serve to outline the basic ideas of pseudonymity. They're worth a visit, if only for some historical perspective.

http://sattlers.org/mickey/culture/humor/items/Geekish/theoryOfNymity.html

As well, Tim May's Cyphernomicon has some good info about reputation capital.

https://www.cypherpunks.to/faq/cyphernomicron/chapter15.html

Cory Docterow calls reputation capital "Whuffie", and goes into some detail on how it might work (assuming a slightly sci-fi infrastructure in the bargain).

http://en.wikipedia.org/wiki/Whuffie

Even without Docterow's Whuffie meter, repcap exists today. There are quite a few nyms that I trust to be reputable, even though I've never met them in person and don't know their True Names.

Welcome to the Other Plane. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT http://www.rant-central.com

_________________________________________________________________ Windows 7: It works the way you want. Learn more. http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLM... AGL:ON:WL:en-US:WWL_WIN_evergreen:112009v2

John Case wrote:

I suspect there is a Zookos-Triangle-like constraint on having anonymity and reputation simultaneously. Which is to suggest that I think it is possible, but that there will be some kind of limiting or inconveniencing factor...

A good Nym has a life of its own, and the reputation is attached to THAT life - almost impossible to transfer unless you are willing to compromise the Nym by linking it to somewhere else. No reason why the Nym-identity can't build a good reputation though, and I know of several that have done so.

Peer review is necessary to assure blunders are not overlooked. However, there has been no demonstration that peer review is all that is needed for the superior protection. This is not an argument for obscurity, only a caution that peer review is not necessary sufficient. Peers miss stuff too, as amply demonstrated by holes and bad implementation later discovered. Betting you life on peer review, or open disclosure is probably not very smart. Instead, expect some shrewd peer(s) to see something that will serve a private purpose by keeping quiet. Competiton, betrayal, disinfo, venality, play a role as well as search for truth through open discourse. Comsec is a swamp, quicksand, punji trap, and comsec experts are never trustworthy about each other or about systems. The open source methodology, call it snakeoil, works well for the inexpert to gain a limited education, but behind that stage the usual shit goes on. Keeping quiet about crypto cracks, holes, trojans, backdoors, is extremely rewarding. Concealing deep faults with shallow ones is SOP. Note that wide crypto use has become a stimulus to intercept, store forever (NSA policy), crack when possible and to continue trying to crack indefinitely (NSA policy), with successful deep cracks seldom revealed. "NSA policy" is that of deeply embedded contractors and researchers as well. Publicly-availalbe encryption and other currently usable comsec protection are satisfactory for ordinary communications but not for more than that if you are up to extraordinary renditions, say, making a bundle peddling natsec-grade counter-threat assurances. Yep, natsec-grade is what the telecoms and like critical infrastructure dealers claim they are providing. Nothing pays better.

Sarad:

The cost of breaking even bad crypto can be quite high. If you just take, for example, DES, and change all S boxes to different random values, then provide these values as pre-arranged secret key to the other party, and use them only with this single correspondent, and keep your algorithm secret, while using a single 1-character key "a" through "5" depending on the day of month, how long do you think it will take someone to break the cipher and how much would it cost? First they have to get enough text for correlation and differential attacks. Then they are starting with quite long 2K-bit S boxes that need to be inferred. It would take a brilliant analyst more then few days to break this. Few days of a brilliant analyst at Ft. Mead are very expensive, when you include all the overhead. Say $0.1-0.5M. Compare this cost to the cost of breaking a massively used crypto algorithm with a backdoor.

Isn't that the procedural equivalent though of saying "you should always keep your cryptographic algorithm secret and only disclose an algorithm as a ploy to deceive"?

On Mon, Nov 09, 2009 at 06:58:51PM +0000, John Case wrote:

All well and good, but who among us is running a straight "a.out" compilation of _only_ DES (or AES or whatever) such that our threat model is simply the validity of the pure algorithm ?

I sure am not. Whether it be SSH or SSL or duplicity or Tor, we're all using cryptosystems that most certainly receive far too much credit simply by virtue of being "open source".

Open source is only useful if _you_ open it - and maybe not even then. Youngs point is, what do you know about who is writing or reading or proofing it ?

Open source should indeed be a requirement - nobody here would argue against it. But it's never an assurance - especially not with a big project like OpenSSH and so on ...

When figuring out things, you'll typically take the path of least resistance. So you typically don't have to deal with breaking the cryptosystem. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

On Fri, Nov 06, 2009 at 06:51:36AM +0000, John Case wrote:

My threat model is an unknown future adversary with unpredictable motivations.

Weird. I can think of many current adversaries with very simple motivations I can do very little to nothing about. This assymmetry will only grow further in future, since the concentration of smarter, more vulnerable hardware will only get larger, and the delta between my and their capabilities will only grow wider. My only protection is that I'm not doing anything which could draw their (not meaning flatfeet or gumshoes here) attention.

I imagine it's like that weird random sand-walking the Fremen do. It becomes second nature after a while. Wait, was that nym-leakage ?

Here's hoping you'll never have to find out. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE