Nym use in the real world
With the coming Internet restrictions and growing use of the net by LEAs, it's become obvious to me that I shouldn't post messages with my real name. But I have some problems/questions about using a nym: 1. reputation. My nym will need to build it's own reputation, I know. But I currently get offers of work based on my reputation and posts. I would like this to continue. When it comes time to do the work and collect the pay, I need to tie my nym to me. Reasons: only the most adventurous firms would hire someone to do work without knowing their real name. I also need to have the proper forms (1099 etc) filed. I know that a lot of people on the list would say that I shouldn't file taxes, but I am (currently) willing to pay the price to stay out of jail. The other problem (tying the nym to RealName) for employers is more severe. A nym is only good when no one can tie it to your real name. If I have to tell everyone I do work for what my real name and nym is, soon enough people will be able to tie the two that the nym becomes nearly useless. 2. does it (a nym) really help? Police and governments are used to dealing with people who change their names, use fake names, etc. I get the impression that having multiple/fake names is considered by police to be evidence or at least indication of guilt. "If you're not guilty why're you hiding?". Using a nym would at least help with the problem of police or other parties searching through Dejanews/Altavista for my posts for incriminating evidence. But if my nym is investigated for some future crime (fuck Exon) and my nym isn't secure enough to protect my RealName, it will be a liability. Thoughts?
I'm glad this interesting conversation came up. I apologize for writing this anonymously, but I don't want to do anything to associate my nym with my conventional name. The very act of comparing the actions of the two entities would endanger my anonymity. I use a nym to talk publically about a certain topic that, while it is legal and not really that embarassing, I would rather not have associated with my conventional name. In particular, I don't want my thoughts on this topic to be archived by my conventional name. So I use a nym, and it basically works. I think a really determined person could break my nym even today, but I don't think anyone will ever be that determined and I'm not that worried about it. ericm@lne.com (Eric Murray) writes:
But I have some problems/questions about using a nym: 1. reputation.
Yes, each nym (and your conventional name, which in some ways is just another nym) has to have its own, independent reputation. I don't know any way around this. The whole point of a nym is so the actions of your nym don't affect the reputation of your conventional name. You could tell trusted people about the association between your nym and your conventional name, but you're compromising your nym in doing that. You have to develop a threat model - how seriously do you want to keep your anonymity?
2. does it (a nym) really help?
A perfectly secure one does, by definition - if no one can ever associate your nym with your conventional name, in particular if no one knows that you have a nym, then there is no problem. The question is, how close are we today to that perfection? Getting lots of mail from remailers currently looks supicious.
But if my nym is investigated for some future crime (fuck Exon) and my nym isn't secure enough to protect my RealName, it will be a liability.
Yes. One thing to remember is that a response block associates an email address with a public key for ever and all time. To be safer, you need to not let mail from the nym go back to a private email box. True anonymity is inconvenient.
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 26 Jan 1996, Eric Murray wrote:
With the coming Internet restrictions and growing use of the net by LEAs, it's become obvious to me that I shouldn't post messages with my real name. But I have some problems/questions about using a nym:
1. reputation. My nym will need to build it's own reputation, I know. But I currently get offers of work based on my reputation and posts. I would like this to continue. When it comes time to do the work and collect the pay, I need to tie my nym to me. Reasons: only the most adventurous firms would hire someone to do work without knowing their real name. I also need to have the proper forms (1099 etc) filed. I know that a lot of people on the list would say that I shouldn't file taxes, but I am (currently) willing to pay the price to stay out of jail.
Reputations are usefull for more than just getting a job. If a nym developes reputation, people may be more likely to trust (or not, depending on the kind of reputation the nym has earned) a post or e-mail sent from that nym than from someone who has no reputation.
The other problem (tying the nym to RealName) for employers is more severe. A nym is only good when no one can tie it to your real name. If I have to tell everyone I do work for what my real name and nym is, soon enough people will be able to tie the two that the nym becomes nearly useless.
It is possible to have more than one nym. You could use each nym to develop a different reputation. For instance, one nym could be very knowledgable in the field of cryptography, and another could be a really good golf player. There is no reason for anyone to know that these two nyms are used by the same person because most people on a newsgroup like rec.sports.golf probably couldn't care less about your interest in cryptography.
2. does it (a nym) really help? Police and governments are used to dealing with people who change their names, use fake names, etc. I get the impression that having multiple/fake names is considered by police to be evidence or at least indication of guilt. "If you're not guilty why're you hiding?".
Using a nym would at least help with the problem of police or other parties searching through Dejanews/Altavista for my posts for incriminating evidence. But if my nym is investigated for some future crime (fuck Exon) and my nym isn't secure enough to protect my RealName, it will be a liability.
Thoughts?
I do think that in any situation where both anonymity and reputation are desired, nyms are of great use. When you need reputation and not anonymity, True Names should be used. - -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xf9b22ba5 http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5 PGP: Because sometimes, a _Captain Midnight_ decoder ring simply isn't enough. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMQloG7Zc+sv5siulAQFrcQP/Tx5t/xGrDn6EOQkFArmBcw4SLrnpvxka VhQsKLPutXaisVqPAwLBnlaXzl/ic4yKfSoH/yTFqeta4WLSg4W3MJgw4+Ijv9JJ UQsjG/2D9mABLn4WCYeS1bHOLWShe2yOg22OSaYnXVpSZ49B0Gr29cA3BgiEPYNr noNSF370WQk= =vziR -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Eric Murray writes:
The other problem (tying the nym to RealName) for employers is more severe. A nym is only good when no one can tie it to your real name. If I have to tell everyone I do work for what my real name and nym is, soon enough people will be able to tie the two that the nym becomes nearly useless.
Maybe Lucky would be willing to share some wisdom from his experiences consulting for various companies. (I don't know how much his reputation as "Lucky Green" has come into play in securing those contracts, and of course perhaps he really is an Irishman whose parents (the Greens) named him "Lucky"....) The concept of transferable credentials is awkward because the actual properties described by the credentials often are not transferable from one object/entity to another. For example, a cauliflower could in principle have a credential certifying that it's a vegetable (according to someone), and transfer that veggie credential to a jackal, but the jackal is still not in fact a vegetable. I'm still not sure whether it makes sense to have "reputation capital" denominated in an actual currency that can be traded, for the above reason. We might use something like a nym-independent(*) credential statement signed by a certifier and encrypted to the subject of the credential. Pseudonyms and verinyms belonging to various persons/agents/etc. could freely swap around these "rep rupees" with potentially very confusing results. Since credentials need to be backed up by actual performance when it comes to a job, such a system might actually be acceptable. I could buy a lion taming credential with some e$, but everyone would realize that I wouldn't last long on the job if it didn't describe me fairly accurately. ;) Presumably a trustable-with-enormous-sums-of-cash credential would command quite a high price on the open market. I am ignoring here the significant gap between the passive reputation accrual when someone reads messages from a nym, and the active reputation building involved in handing out credentials. (*) Form letters are handy, but there's the usual tradeoff between the traceability and descriptiveness of the document. Futplex <futplex@pseudonym.com> "Despite all my rage I am still just a rat in a cage...." -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMQozKCnaAKQPVHDZAQE0cQf+N1AoRXYhdlFAVZfcE+MAav6DCyyH+b64 UzmKhUGPZnj24inJp0GQ1KVZK9orQ38xz2PFpwBPWbIb3yalcE+HGrQ4uhw5bIrD pSSrDIGmkbQAy7111Ath/rZwQD6Nrdzu1HO2Mw5k2BNsH5P3keLv1MqYNFg9idgC vq9KnJmifTIUhgXS5Qog1xA5ssMQ93akL8gYl+AoWaL9q2N3yqiPoBPYe9iq4qxy 1SpSe0fAO53HwSERizvMmIPWW9D7tonPIVUrZEeHPDSGzEHhS/B+V1jUtJo3Wzr0 Ny16ujZ3Ml7Dx0uyASjZuR2EORQu09pfQlu8Z79eehvsoDBKXq/ymQ== =ZY2q -----END PGP SIGNATURE-----
Futplex writes:
Eric Murray writes:
The other problem (tying the nym to RealName) for employers is more severe. A nym is only good when no one can tie it to your real name. If I have to tell everyone I do work for what my real name and nym is, soon enough people will be able to tie the two that the nym becomes nearly useless.
Maybe Lucky would be willing to share some wisdom from his experiences consulting for various companies. (I don't know how much his reputation as "Lucky Green" has come into play in securing those contracts, and of course perhaps he really is an Irishman whose parents (the Greens) named him "Lucky"....)
[..]
I'm still not sure whether it makes sense to have "reputation capital" denominated in an actual currency that can be traded, for the above reason. We might use something like a nym-independent(*) credential statement signed by a certifier and encrypted to the subject of the credential. Pseudonyms and verinyms belonging to various persons/agents/etc. could freely swap around these "rep rupees" with potentially very confusing results.
Since credentials need to be backed up by actual performance when it comes to a job, such a system might actually be acceptable. I could buy a lion taming credential with some e$, but everyone would realize that I wouldn't last long on the job if it didn't describe me fairly accurately. ;) Presumably a trustable-with-enormous-sums-of-cash credential would command quite a high price on the open market.
This is all well and good, but highly theoretical. It might happen someday, but right now reputations don't work that way. If I gave a reputation certificate to a prospective client they'd just look at it and say "huh?". Some groups do indeed deal well with nym's reputations. If Emmanuel Goldstein shows up at a hacker's convention, everyone knows who he is and what he's done. Alas, most regular businessmen don't want to deal with someone named "Agent Steal"[*], at least not to the point of signing checks to him. Perhaps a partial solution is to pick a nym that sounds like a real name, like "Tim May" or "Jeff Weinstein". There's still a problem of proving that I am the same "Tim Weinstein" that the prospective client has exchanged email with. But to be honest, they don't know if I'm the same "Eric Murray" they have been emailing either... *- to pick a random hacker's nym. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
participants (4)
-
Eric Murray -
futplex@pseudonym.com -
Mark M. -
nobody@REPLAY.COM