1994-05-06 - Anonymous, nobody, lefty and Jimbo

Header Data

From: Black Unicorn <unicorn@access.digex.net>
To: nowhere@toad.com (Anonymous)
Message Hash: 542d2c365607ec4d517101bb803cd49a08e1ef54e4ed0336ef79b0efcaa908c0
Message ID: <199405062217.AA10329@access1.digex.net>
Reply To: <199405062102.QAA18073@bsu-cs.bsu.edu>
UTC Datetime: 1994-05-06 22:17:29 UTC
Raw Date: Fri, 6 May 94 15:17:29 PDT

Raw message

From: Black Unicorn <unicorn@access.digex.net>
Date: Fri, 6 May 94 15:17:29 PDT
To: nowhere@toad.com (Anonymous)
Subject: Anonymous, nobody, lefty and Jimbo
In-Reply-To: <199405062102.QAA18073@bsu-cs.bsu.edu>
Message-ID: <199405062217.AA10329@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> lefty@apple.com (Lefty) says,
> 
> lef> and then treats us to what he purports to be Mr. Nalbandian's phone
> lef> number
> lef> and address.
> ...
> lef> Whoever you are, nobody, you're a hypocrite and a coward.

Anonymous <nowhere@bsu-cs.toad.com> replies:

> Well, it wasn't me, but in any event I dispute this.  The use of anonymous
> remailers does not make one a coward, any more than the use of a pseudonym
> does (or is your given name "Lefty")?
> 
> As for the privacy aspect, I believe it may serve the interests of those
> who desire privacy to point out privacy lapses.  Not all the time, but
> sometimes you have to say, "the emperor has no clothes".
> 
> For example, would you object to this:
> 
> an4544@anon.penet.fi  = XXXX XXXXXXX <XXXXXXXX@XXXXXXXXXXXXX>
> an68863@anon.penet.fi = XXXX XXXXXXX <XXXXXXXX@XXXXXXXXXXXXX>
> an51751@anon.penet.fi = XXXX XXXXXXX <XXXXXXXX@XXXXXXXXXXXXX>

[My deletions in X's]

> The anonymous remailer is not so anonymous, is it?  Should I have kept
> the information to myself, or am I right to publicize it?
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.3a

[...]

> -----END PGP SIGNATURE-----
> 
> 

I took it upon myself to poke around a bit and this is what I came up with:

The phone number and address are indeed belonging to one Jim Nalbandian 
in Tempe, AZ.  They are listed, published, and publicly available.  I 
guess the bottom line question is when is privacy the burden of the 
user?  Is it Mr. Nalbandian's obligation to take steps for privacy?  How 
much at fault can "nobody" be at for publishing information that Mr. 
Nalbandian could have shielded for pennies?  (If indeed it is the same 
Jim Nalbandian)  Mr. N's signature held his state and city of residence.  
It is no great accomplishment for anyone to look up his published 
information.  Posting it to the net might have been "sleazy" in the eyes 
of some, but no worse than circumventing copyright laws with the "Information
Liberation Front."  In fact one could argue that "nobody"'s actions were above
this sort of criticism.  (I should note that I do not express any 
personal opinion on the ILF one way or the other).

Mr(s). Anonymous' actions are a separate matter.  Mr(s). Anonymous outed 
penet.fi accounts that were created with the express intent of shielding 
identity.  This to me is a more offensive issue.  Indeed Mr(s). Anonymous is 
(probably) correct when (s)he makes the point that the penet.fi remailer 
isn't very secure, but this point could have been made without the
ramifications of outing those who might not look on it too fondly.
I hope none of them are frequent alt.sexual.abuse.recovery users.  Mr(s).
Anonymous should probably consider exposing the method of compromise and the
specific compromise to the parties and ask them to come forward to the list to 
verify the security hole.  Taking it upon him(er)self to make that 
outing decision is more than obnoxious if it was done without consent.  
Even positing the addresses that were compromised wouldn't have been bad 
if they were not associated with actual addresses.

In short Mr(s). Anonymous, if security was your goal, you didn't have to hurt
people to accomplish it.  Stands to reason that your motivations lie 
elsewhere.

In short Lefty:  Privacy comes to those who seek it.  Crypto helps those 
who help themselves.  As for cowards, did you ever complain when anyone 
violated copyright law via an anonymous account?

In short nodody:  Be nice.  Call Mr. Nalbandian first next time, THEN out 
him.


Mr. Nalbandian got exactly what privacy he paid for:  None.

"nobody" saved us all the $0.75 a long distance information call costs.
Multiply that in the aggregate and you have some nice money.

Mr(s). Anonymous may have burdened the community with a net social cost.
Damaged reputations from the outing, damaged repute for remailers that might 
be so abused.

I think it worth noting that Mr. Nalbandian hasn't posted since "nobody"'s
letter.  A considerable social gain in my view.  Perhaps Mr. Nalbandian will 
take an interest in privacy now, another considerable social gain.


-uni- (Dark)





Thread