Hello directly from Jimbo at Wikipedia

Nick Mathewson nickm at freehaven.net
Wed Sep 28 02:03:30 PDT 2005


On Wed, Sep 28, 2005 at 02:45:35AM -0400, Jeffrey F. Bloss wrote:
 [...]
> Has anyone considered applying a HashCash type solution to this?

Hashcash is often considered, but commonly dismissed, because it
limits identities based on the wrong resource: computers.

If you haven't read the paper "'Proof-of-work' Proves Not To Work" by
Ben Laurie and Richard Clayton, I recommend it highly.  See
http://www.cl.cam.ac.uk/users/rnc1/proofwork.pdf .  It mostly
discusses why hashcash can't prevent spam, but the arguments would
seem to apply to wikipedia editing as well.

 [...]
> > On the other hand, if there were an authentication service that gave
> > you pseudonyms for Tor users who wanted pseudonyms, you could tell
> > which pseudonyms contributed well, and which were jerks, and which
> > were nonentities.
>
> The problem I see with this is that as the name implies, it's
> pseudo-anonymous.

Sorry, but you've stumbled a personal crusade of mine.

The word is pseudonymous, not pseudo-anonymous.  And the difference is
importatant.  "Pseudonymous" means "using false names," like calling
yourself Batman instead of Bruce Wayne.  "Anonymous" means "without a
name," like writing "The Joker will pay for his crimes" and not
signing it.  "Pseudo-anonymous" isn't a real word, but if it were, it
would mean "falsely anonymous", like the bank robber who disguised
himself by wearing a motorcycle helmet with his name written on the
back.{1}

>  Tor is an anonymous network by design. And there is a
> difference.

As one of the designers, I'd like to weigh in.  Tor provides
anonymity, but we've never opposed people who wanted to use an
anonymous system to bootstrap per-service or cross-service
pseudonymity.

We will never, of course, alter Tor to make people have pseudonyms.
But letting using pseudonyms is not against our overarching goals.

The overarching goals are privacy and usability.{2}

>   It's real time nature also compounds any additional partitioning
> problems a hard-keyed pseudonym setup brings with it.

I don't see any iterable (that is, awful) partitioning attacks here.
Assume a network where some users have pseudonyms and some don't.
Assume that pseudonyms are first obtained through a blinded{3}
process, so that an attacker can't tell which user has which
pseudonym.

Assume that the attacker is watching all authentication services
(since this is probably the best point for these attacks).  The
attacker could tell when users create new pseudonyms, and when
pseudonymous users are active.  From this info, the attacker could
rule out some users as possible owners of some pseudonyms, but that's
about it.  Correlation and intersection attacks are unlikely to work
unless the attacker is watching the user as well as the auth server,
and that's outside our threat model.

> Although, this too might fall under that "good enough" umbrella as
> long as the tor network were disjoined from the nym creation and key
> distribution process as much as possible. The nyms would have to be
> managed outside a tor egress point to maintain user's anonymity.

Right.

> I also question whether or not a system can be devised that makes
> nym creation expensive enough to thwart nefarious users from simply
> collection a lot of nyms. :(

Right.  I suspect that this is one of those social engineering
problems that we won't solve except by trying things out and seeing
whether they work.

{1} There are all other kinds of great terms in the field.  For
    example, "allonymous" is using a name belonging to someone else,
    like if the Joker writes a letter and signs it "Batman."  Oddly,
    there is no classical term for using one's given name.

{2} If you care about privacy and not usability, I recommend DC nets.
    If you care about usability and not privacy, I recommend turning
    Tor off.

{3} Again see http://en.wikipedia.org/wiki/Blind_signature

yrs,
--
Nick Mathewson



----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]





More information about the cypherpunks-legacy mailing list