From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Sun, 24 Oct 93 01:38:31 PDT
To: cypherpunks@toad.com
Subject: pseudospoofing survey
Message-ID: <9310240835.AA08908@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain


punks:

The following is an essay followed by a survey on pseudospoofing. If
you are interested in participating in the survey please reply in email
to me under your `true name' only. I will post a summary to the list if
there is sufficient data and I'm convinced it isn't strewn with
manufactured lies from phantom identities (please do not waste my
precious time, pollute my mailbox, or disrupt this survey with any).

* * *

First, let's review. From my perspective a person can have cyberspatial
identities in about 5 basic categories. Under these definitions an
`identity' is what appears in the `from' line of a message or other
very obvious identifying characteristics of the message, for example, a
line at the beginning saying `This is [x], I couldn't post under my
regular account but ...', a signature at the end of the message, etc.
Under these definitions I'm leaving out the distinctions of `reply
capability' associated with anonymous servers etc.

1. `True Name' -- for our purposes let this be defined as the name on
your birth certificate, your legal identity.

2. `unique name' or `cyberspatial name' -- this would be a name you
associate with all your activities in cyberspace in postings to mailing
lists, email, etc. That is, I'm making a distinction about people
possibly using the net always under a single pseudonym.

3. `obviously anonymous' -- identifying characteristics in the message
(such as origination from an anonymous server, etc.) make it obvious
that *anyone* could have posted it. Sometimes called `hit and run'.

4. `pseudonymous' -- a variation of (3) where arbitrary identification
is used to build up a reputation under a presumed name, but
characteristics of the message make clear that the identity is an
*alias* for someone's *unique* identities under (1) or (2). The
nicknames associated with the Helsingius server ID's would be an example.

5. `pseudoanonymous' or `pseudospoofed' -- the message could either be
someone's `true name' or an invented alias, but *no* characteristics of
the message (including the message by the author) can discriminate
exactly *which*. This is something like `identity camouflage'. It is a
new category of identification that transcends (1) - (4) because it
encompasses all of them.

* * *

Now, I've written a lot on `anonymity' and am a strong supporter and
proponent of categories (2), (3), and (4), where the *receiver* of a
message is *informed* and *aware* that it can be from *anyone*.

However, I believe extreme restrictions should be placed on the use of
(5) in a civilized cyberspatial society (such as that which mailing
lists and Usenet groups attempt to represent, IMHO). Contrary to all
the flames on the list and in my mail box, I continue to believe that
this is not incompatible with privacy -- in fact, I believe it *promotes* it.

Very serious abuses of (5) can lead to insideous deception and
treachery, particularly in the interplay between public and private
messages, and I'm absolutely aghast to see the capability for (5)
championed as `privacy' here and in my mailbox by many people (or
phantoms, I'm in total confusion) I used to respect. But this is all another essay.

Above all, I'm *extremely* disturbed and alarmed to perceive what
appears to be a systematic propaganda and disinformation campaign on
this list and elsewhere in obfuscating the *obvious* and
*incontrovertable* distinction between (3) and (4) on one hand
(`anonymous' and `pseudonymous') and (5) on the other
(`pseudoanonymous' or `pseudospoofed'), ironically perhaps largely via
abuse of the lack of protective mechanisms against it here.

In (3) and (4), the reciever *knows* that the message can be from
*anyone*. In (5), the receiver does *not* know, and may even be
*misled* into believing that a message is in categories (1) or (2) when
it is in fact in fact `anonymous'. IMHO this is *very* dangerous.

To further emphasize this distinction, in some sense categories (1) -
(2) are *attributable* to *unique* identities. When I see messages in
categories (1) or (2) on a mailing list, in my mailbox, or in Usenet
postings, FTP articles, whatever, I can attribute them to unique people
by definition. We also might call (1) `accountable', and if an online
account under (2) can be traced to a legal identity, it would be also.

Categories (3) and (4) are *not* attributable to unique identities. A
single person could post anonymously multiple times or pseudonymously
under multiple identities. If a person has only one pseudonym, let's
say that's `quasi- or semi- accountable'.

But not only is (5) *not* attributable to *identities*, it is not
`attributable' to any of the previous *categories*! Hence, let's call
messages in the categories (1) - (2) `attributable', (3) - (4)
`nonattributable', (1) - (4) `uncamouflaged', `white', `open' or
`unsurreptitious', and (5) `nonattributable' and `camouflaged',
`black', or `surreptitious'. (I leave it to subsequent debate to
stabilize on the most descriptive and memorable terms.)

This *camouflage* that various cypherpunks promote, apparently up to
the highest levels of `leadership', is IMHO inherently subversive.
Because no one here seems to be afraid of subversion and anarchy, and
even embraces it, let me go further and say it is *destructive* not
only to societies but to *any* social interaction, even interpersonal.
IMHO It is not just a recipe for anarchy, it is a recipe for chaos and
barbarianism, *particularly* when associated with personal mail
(including mailing lists).

This was all a topic of discussion many months ago, and I paid scant
attention at the time because I didn't think it was the interest of the
majority of cypherpunks, part of the agenda, generally feasible, or in
widespread practice. Recent events suggest to me I am *utterly*
mistaken on all counts.

In fact, apparently not only are `some' cypherpunks in favor of `black'
postings, they are in favor of *concealing* the very existence of the
capability, so as to potentially manipulate and brainwash others in an
undetected concerted conspiracy! I think I will define this as `evil blackness'. <g>

Again, lots of specific examples, anecdotes, and horror stories are
another essay. Perhaps some would like to expand on this point (please
email me if you treat this in a comprehensive and thorough manner). For
now, I just want to make the distinctions clear for the survey, which
follows. The survey will help me determine the extent of `blackness'
and `evil blackness'. 

Please try to be as complete as possible in your responses. I will read
and be influenced by independent opinions in my mailbox, but again
request that you use your True Name only in any correspondence with me.

And anyone who flames that this survey is an invasion of privacy, get
lost. Let anyone reply under their own free will. I will keep all
responses strictly confidential. However, I would like to collect some
opinions under true names I can quote later. Please put the key `N/A'
(not for attribution) in front of any response you wish me to leave
unattributed or in front of the entire message like `message N/A'.
Also, I will try to start email conversations with anyone who is
particularly knowledgable.

* * *

1. What is your `true name'?

2. Do you have a unique online identity other than your true name?

3. How long have you been on the internet?

4. How many mailing lists are you on?

5. Are `black' / `camouflaged' identities feasible or possible on the
internet today? If so, how in particular? Comment on public access and
UUCP sites if possible.

6. To what extent do you think `camouflaged' identities exist on the
internet currently? Where are they used? What mailing lists or
newsgroups are particularly dense with `black' postings? Have you ever
received any in email?

7. Have you ever posted under a `camouflaged' identity? if so, where? How often?

8. Are you aware of any potential `abuses' of `black' messages? Has it
turned into a big problem anywhere? Do you have any horror stories? Are
there any `cabals' or `silent conspiracies'? have any debates or
projects been `poisoned' or `sabotaged'?

9. Are you neutral on the capability of `black'/`camouflaged' messages,
or do you strongly promote/support or condemn it? Is it harmless or dangerous?

10. Is society aware of `black messages'? if not, what would `they'
think in general? if so, what is the consensus on the practice?

11. Is it fundamentally technically impossible to prevent *widespread*
black messages if there was an incentive or consensus to do so? Or is
it feasible with technology?

12. What are internet policies in general on `black' messages? What
should they be? Should they be restricted and prevented? allowed? Keep
in mind the distinctions of posts to mailing lists, Usenet posts, and personal mail.

13. Please list any resources on this subject: email addresses of
specialists, pointers to papers, etc.