1993-10-24 - Re: pseudospoofing survey

Header Data

From: rjc@gnu.ai.mit.edu
To: ld231782@longs.lance.colostate.edu (L. Detweiler)
Message Hash: 74bf0ac97dcf702ceef42c838bab6fd76af9840a8cd45244695a5b00bc7a3d5a
Message ID: <9310241008.AA26937@kropotkin.gnu.ai.mit.edu>
Reply To: <9310240835.AA08908@longs.lance.colostate.edu>
UTC Datetime: 1993-10-24 10:13:13 UTC
Raw Date: Sun, 24 Oct 93 03:13:13 PDT

Raw message

From: rjc@gnu.ai.mit.edu
Date: Sun, 24 Oct 93 03:13:13 PDT
To: ld231782@longs.lance.colostate.edu (L. Detweiler)
Subject: Re: pseudospoofing survey
In-Reply-To: <9310240835.AA08908@longs.lance.colostate.edu>
Message-ID: <9310241008.AA26937@kropotkin.gnu.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


L. Detweiler writes:
> 5. `pseudoanonymous' or `pseudospoofed' -- the message could either be
> someone's `true name' or an invented alias, but *no* characteristics of
> the message (including the message by the author) can discriminate
> exactly *which*. This is something like `identity camouflage'. It is a
> new category of identification that transcends (1) - (4) because it
> encompasses all of them.

  So don't give credit to any pseudoanonymous messages which aren't signed
by a trusted public key. It's as easy as that.
 
> * * *
> 
> Now, I've written a lot on `anonymity' and am a strong supporter and
> proponent of categories (2), (3), and (4), where the *receiver* of a
> message is *informed* and *aware* that it can be from *anyone*.

  All five categories can be spoofed easily. Even birth certificates.
If the hardest (true names) can be spoofed, what kind of person
would reason that (5) can't be from anyone?
 
> However, I believe extreme restrictions should be placed on the use of
> (5) in a civilized cyberspatial society (such as that which mailing
> lists and Usenet groups attempt to represent, IMHO). Contrary to all

   Who is going to place these restrictions? The FCC?

> Very serious abuses of (5) can lead to insideous deception and
> treachery, particularly in the interplay between public and private

  The same case can be made for free speech. Allowing hate speech
mongers the protection of free speech could lead to negative public
opinion about the first amendment. So what? With every technology there
comes the capability for both abuse and benefit. Live with it, and adapt.
Crypto gives people the ability to post anonymously, it also gives you a
more concrete way to authenticate (digital signatures, zero knowledge
proofs, etc) which are in many ways, better than hand written signature and
photo-id.
   
> Above all, I'm *extremely* disturbed and alarmed to perceive what
> appears to be a systematic propaganda and disinformation campaign on
> this list and elsewhere in obfuscating the *obvious* and
> *incontrovertable* distinction between (3) and (4) on one hand
> (`anonymous' and `pseudonymous') and (5) on the other
> (`pseudoanonymous' or `pseudospoofed'), ironically perhaps largely via
> abuse of the lack of protective mechanisms against it here.

   There is no campaign, you are paranoid.   There is no difference
between 3,4 and 5 except your imagination. In 1-4 I can just as easily
spoof. If someone is aware that 1-4 can be spoofed by anyone and they can't
extend their pea-brain to reason that (5) can also be spoofed then they
deserve the fate they get!

> In (3) and (4), the reciever *knows* that the message can be from
> *anyone*. In (5), the receiver does *not* know, and may even be
> *misled* into believing that a message is in categories (1) or (2) when
> it is in fact in fact `anonymous'. IMHO this is *very* dangerous.

   Caveat emptor. After they are pseudospoofed for the first time, they won't
be so trusting of net.con-men anymore and will demand better proof of
identification.

> This *camouflage* that various cypherpunks promote, apparently up to
> the highest levels of `leadership', is IMHO inherently subversive.
> Because no one here seems to be afraid of subversion and anarchy, and
> even embraces it, let me go further and say it is *destructive* not
> only to societies but to *any* social interaction, even interpersonal.
> IMHO It is not just a recipe for anarchy, it is a recipe for chaos and
> barbarianism, *particularly* when associated with personal mail
> (including mailing lists).

  Perhaps I'm just not that excitable, but I don't see what all the
fireworks are for. This already is the status quo. Mail fraud, con-jobs,
fake-ids, these already exist outside cyberspace. If anything, you should be
more distrusting of net.pseudonyms than the three-card monte dealer. 

> In fact, apparently not only are `some' cypherpunks in favor of `black'
> postings, they are in favor of *concealing* the very existence of the
> capability, so as to potentially manipulate and brainwash others in an
> undetected concerted conspiracy! I think I will define this as `evil blackness'. <g>

  Bogus. You just went off the deep-end. If you're so concerned about this
capability, why don't you go liberate the net.universe and tell them this
amazing fact: you can forge identities on the net. Postings, mail, accounts,
even whole domains.

-Ray

NEWSFLASH: Great Cypherpunk Conspiracy Revealed! A california based group
of cryptography fans conspire to cover up pseudoanonymous capabilities so
they can continue their reign of abuse, exploitation, psychological combat,
and the sapping of precious bodily fluids from net.novices.

p.s. all this reminds me of the great mud gender identity debates. Many
young males were extremely disturbed that the female MUD users they were
practicing cybersex with were actually other males. As a result, most
mud users are no longer as gullible. Evolution and natural selection at its
best.

p.p.s you will find that many of us aren't trying to cover pseudoanonymous
capability up -- It is just that _we don't care_ I certainly don't care, and
I don't think of myself of "the great protector of the ignorant" as you 
seem to do either. The facts are, short of demanding digital signatures or
passwords for posting to this list, there is nothing you can do to prevent
me from forging "From" lines, I could probably forge Received: lines too
if I had a well-positioned machine. One feature of my Extropian's list
software is that it only allows people who are on the list to post to it, and
a user can turn on a "password" feature that only allows his address to post
if a password is supplied.

-- Ray Cromwell        |    Engineering is the implementation of science;    --
-- EE/Math Student     |       politics is the implementation of faith.      --
-- rjc@gnu.ai.mit.edu  |                         - Zetetic Commentaries      --





Thread