From: craig@osh3.OSHA.GOV (Craig Nordin)
To: craig@uunet.UU.NET
Message Hash: 973bbca9f0db072d604f53c583896bbac3bf5141f64c6e33c16845c17bc576cb
Message ID: <9310251548.aa15879@osh3.OSHA.GOV>
Reply To: N/A
UTC Datetime: 1993-10-25 19:54:07 UTC
Raw Date: Mon, 25 Oct 93 12:54:07 PDT
From: craig@osh3.OSHA.GOV (Craig Nordin)
Date: Mon, 25 Oct 93 12:54:07 PDT
To: craig@uunet.UU.NET
Subject: on the CYPHERPUNKS, PSEUDOSPOOFING, and POISON
Message-ID: <9310251548.aa15879@osh3.OSHA.GOV>
MIME-Version: 1.0
Content-Type: text/plain
>Xref: osh3 news.admin.policy:7108 comp.org.eff.talk:15565 comp.admin.policy:3710
>Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy
>Path: osh3!uunet!meaddata!ddsw1!library.ucla.edu!agate!ames!purdue!yuma!ld231782
>From: ld231782@LANCE.ColoState.Edu (L. Detweiler)
>Subject: on the CYPHERPUNKS, PSEUDOSPOOFING, and POISON
>Sender: news@yuma.ACNS.ColoState.EDU (News Account)
>Message-ID: <Oct24.113641.53933@yuma.ACNS.ColoState.EDU>
>Date: Sun, 24 Oct 1993 11:36:41 GMT
>Nntp-Posting-Host: jenkins.lance.colostate.edu
>Organization: Colorado State University, Fort Collins, CO 80523
>Lines: 999
Recent extremely unpleasant personal experiences in cyberspace have given
me, at the same time, deep scars and deep epiphanies. Following are some
messages from the Cypherpunks mailing list generally on the subject of
`pseudospoofing' -- the possibility that some people are posting or
emailing under *different* `identities' from multiple sites, specifically
with the intention of camouflage and deception.
I have watched the development of anonymity on the internet with a high
degree of personal interest, advocacy, and commitment. But this recent
realization of the potentials and extent of `pseudospoofing' has deeply
disturbed me. The most shocking realization is not just that it is
technically feasible but is possibly *widespread* in certain quarters of the
Internet. It alarms me that some are championing pseudospoofing (and
what I have been calling `black' posts and email) as `liberating' and
`refreshing' under the guise of `privacy' or `true/pure anonymity'.
> I suspect the
> result will be a more honest dialog, a more productive conversation
> freed from posturing and, ironically, from the concealment of threatening
> truth. I hope we will observe the resulting new forms of good and evil
> with Zen patience and allow this quite interesting experiment to
> continue.
> It's interesting to see the different mental models that people hold
> of the net. To me, this equation that one truename means one persona
> is not realistic or reasonable. People spawn personas (-ae?) for
> many reasons, including psychological exploration, sociological
> experiments, sexual thrills, or just for practice at maintaining
> personas. I know of several instances in which one person patted
> himself on the back circularly, or took half a dozen sides in a
> discussion -- and can surmise about others. This sort of thing may
> well happen routinely, [...]
> [...] the privacy technology `we' espouse can only promote
> this. There is no way to maintain this one-to-one equation when
> working with pseudonyms, when the human "dongle on the keyboard" is no
> longer a viable identifier. I think the Usenet motto, "Live with it",
> applies.
> Perhaps "support" is better measured by how many people are motivated
> enough to go to the effort to make multiple but individually unique,
> reputable posts in favor of a proposition, rather than by
> simple numerical polls that abstract away knowledge and
> motivation, or by how many True Names position themselves
> with I'm-on-your-side posts.
The idea of `spawning identities' for `psychological exploration,
sociological experiments or sexual thrills' repulses me. It sounds to
me like advocation of perversions and multiple personality disorders.
And much to my shock, horror and disgust it appears to be a major
component of the Cypherpunk philosophy. (I even wonder if the
mainstream media has been misled about the true cypherpunk agenda,
and so far have not been comforted by anyone `real'.) And the idea
that `support' for projects be measured by `how many people are motivated
enough to go to the effort to make multiple but individually unique,
reputable posts in favor of a proposition' is absolutely bizarre.
I have been publicly and privately assaulted and ridiculed so thoroughly,
searingly, and viciously in both public and private flames by so many
apologists and moral relativists on this subject that it has encouraged
a certain degree of personal paranoia. In fact, I cannot count a single
strong supporter so far. The whole black affair has opened my eyes to the
extraordinary potential for grotesque evils such as manipulation,
treachery, conspiracies, and brainwashing possible by combining the
openess of electronic forums and `pseudospoofing', particularly in
private email.
I think that anyone who subscribes to this public internet mailing
list should be warned that it may be a bizarre `experiment' in
pseudospoofing and brainwashing on unsuspecting or unwilling
participants. I certainly would never have subscribed if `I knew then
what I knew now'. Its deeply upsetting that I may have been trying
to cultivate friendships with nothing but phantoms, parasites, and
betrayers on the list and in my personal mail or that this has
polluted my other online activities. The bizarre perversions
found in my personal mail far surpass everything I have posted
here, and have quite traumatized me -- something like virginity
violated by a rapist.
The evasive, blase, flippant, and cavalier attitude by top
`leadership' in the group on the subject horrifies me. (One eminent
contributor to the list even suggested to me in email that a
secret `elite' list existed or was in the works, presumably free
of this reprehensible toxic waste.) Many respondents have taken
the position that prohibitions against `pseudospoofing' are
equivalent to invasion of privacy and government oppression. One
very prominent poster suggested, as an insult, that `state run
registries of legal persons' were reminiscent of `key escrow'
systems like Clipper! I find this quite ironic, given that such
a system already exists, called `birth certificates'!
Even more upsetting to me the possibility that this practice of
pseudospoofing may be infecting and corrupting mail lists devoted
to serious project development of Internet technologies. I fear
the openess and freedom of these forums is being subtly and
insideously poisoned by increasing pseudospoofing -- perhaps a
systematic and concerted campaign. It seems to me that resolution
of the issues of identification and authentication are absolutely
crucial for future internet development, and that some minor
sacrifices in current `freedoms' will be the profound investments
required for a harmonious future atmosphere.
I will have more to say in various forums on the subject in the
future. This is an introduction and background. I hope that
eminent Usenet contributors will address the multitudes of issues this
raises. I have spent valuable reputation capital in pursuing this
matter, and have made many new enemies over the past few weeks, and
am sure I will be branded as the new premier cyberlunatic by many,
but if I am branded a `paranoid ranter' by terrorists and criminals
it will only upset me if they're not in jail. I believe this issue
of identification has paramount importance to everyone currently
involved in `cyberspace' and its future development, perhaps even
the #1 issue that must be resolved for basic progress -- how much
authentication and identification is to be required?
Note1: see talk.politics.crypto for a `user survey' on the subject
and possible future postings.
Note2: these postings have been edited slightly.
===cut=here===
To: cypherpunks@toad.com
Subject: on anonymity, identity, reputation, and spoofing
Date: Mon, 18 Oct 93 00:05:56 -0600
From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
H. Finney <hfinney@shell.portal.com>
>After going to enormous efforts to create a network of anonymous remailers,
>we are hoist by our own petard, as our list receives strange, irrelevant,
>and argumentative posts through our own anonymous remailers. (Not all
>anonymous posts are like this, but there have been quite a few in the last
>few weeks which fall into these categories.)
I've been thinking about this a lot lately. I think a large part of the
problem as you indicate is associated with reputation. How does one
build up a reputation and identity in cyberspace in general? Part of
the problem IMHO is that this list software & the internet in general
is extremely vulnerable to a lot of different kinds of spoofing.
People are very sensitive to the perception of a `consensus' -- they
are deeply influenced by what they perceive to be the `majority
opinion'. What if that `opinion' was not an accurate representation of
reality? what if a few people were creating the illusion that some
different kind of consensus existed? what if that `agenda' were
actually something inherently wicked like lawlessness or anarchy? what
if a conspiracy created the impression that some project or progress
was underway when it really wasn't? or that some person was loudly
favored or condemned by the `group'? this could be especially
problematic if any kind of intimidation were happening `behind the
scenes' in email. who would ever know? unless the dissatisfaction
reached the list, how would we find out? another problem is that, at
the same time being strongly influenced by a lot of flames, people just
delete them out of sheer distaste and they may not be around later for inspection.
what really is our assurance that all these email addresses actually
exist and represent *unique* people? there really is very little currently.
I think newsgroups are far less vulnerable to this kind of spoofing,
but unfortunately mailing lists are *extremely* vulnerable. (Keep in
mind, there are a whole set of other benefits and detriments in *other*
categories which I'm not talking about here.) In the former we have
thousands of subscribers all checking on each other's honesty. If a
suspicious address or opinion pops up, there is some probability
someone will notice, and cases of spoofing would probably be noise
drowned out in the representative opinion. Also, distribution is
centralized, so that `message blocking' is not very feasible.
In the latter case, i.e. mailing lists such as this one, there is a
much closer knit community that is geographically isolated. Individuals
on the list are far more susceptible to spoofing. People are more
likely to see *every* message including the `spoofed' ones. There are
far fewer people to `check up' and those that are there may not have
the technical expertise. What's worse, the list is not `distributed' in
a certain sense. If someone wants to get out the message that
`something wrong is going on' it could be censored because of the
centralization of the distribution. This wouldn't work with Usenet
because the distribution of the messages (e.g. NNTP servers) is
generally cleaved from the people with strong self-interests in the
traffic (e.g. people who post to group [x]).
This cyberspace stuff can be a *very* powerful influence on many. It is
an electronic community, and peer pressure is *extremely* powerful.
Many people do not have an extremely strong internal `moral compass'
and could be influenced by this kind of corrupt magnetism associated
with a `conspiracy of spoofing'. Note that reputations are crucial in
not only persuading us to listen attentively to those we respect, but
to `tune out' the lunatics and criminals.
* * *
Spoofing
Regarding the what also gets my vote as `strangest posting of the year'
by `S. Boxx', Philippe D. Nave, Jr. <pdn@dwroll.dw.att.com> (based on
my email, a loyal cypherpunk and fellow Denverite!) wrote:
>[...] it seems that the point of the message is that there is a lot
>of smoke coming from people who use aliases or anonymous remailer
>services to post to the cypherpunks list. Does this posting contribute
>to that problem, or have I missed something?
[...]
>What the hell ?!? I've either missed something significant (and would
>appreciate enlightenment) or this is a candidate for 'strangest post
>of the year'. If 'S. Boxx' really exists and is the author of this
>posting, I apologize- if not, then come out from behind your damn
>remailer and quit contributing to the problem. As for monitoring the
>list for traitors, go ahead- I post under my own name, and I don't
>give a shit what you do with the text. If I was concerned about lurkers
>building 'traitor files', I'd encrypt my messages and happily watch you
>choke on them.
I think I speak for many here in saying that I weigh anonymous postings
very little, but don't consider the capability a serious problem. They
have very significant purposes in e.g. `whistleblowing' `within the
system' that I've always been attracted to.
On the other hand, I think there is an implicit assumption by virtually
everyone here that addresses on public posts and private email that are
not specifically anonymous represent *unique* people. That is, if some
people were taking advantage of the loose, free, and open atmosphere
here to influence opinion or perception of reputations by posting
messages under different presumably `real' identities (defined as
anything that is not obviously tagged as anonymous), I and probably
everyone else would feel very `upset' in the least and `violated' at
the most. It would seem like a very serious breach of community trust,
and might even have the effect of derailing positive contributions to
the `cypherpunk cause' (whether algorithmic or political, the two chief
schools of thought). I recall discussions of this related to the
Extropians list, which specifically bars this practice.
* * *
List suggestions
The fact that this `uniqueness of real identities' has always been
something of an implicit assumption here bothers me. I think anything
this delicate and important should be made formal and explicit. We
should not simply assume that `everone is honest and no one would be
depraved enough to do this.' I think the following guidelines are very
reasonable, and might be part of a list charter agreed to by new members:
1) list members are allowed *one* anonymous identity if any. They are
required to associate some name with all anonymous posts via that identity.
2) *no one* is allowed multiple `real' identities and in fact any
violation of this is considered an extremely serious breach of netiquette & honesty.
3) completely anonymous posts from `outside' the list are allowed; if
no pseudoidentity is given they are assumed to come from `outside'.
and if anyone has been posting under multiple `real' identies, I think
they owe it to everyone here to `come clean'. I don't see why anyone
would go to the trouble but if someone was just unstable or obsessive
enough to equate reputation with posting traffic, s/he might go off the
deep end. The practice amounts to `spoofing' and any patriotic
cypherpunk with some integrity ought to recognize that immediately and
condemn it, technical capabilities regardless. I would equate this
practice with `lying to one's colleagues'. spoofing is probably the #1
crime against cypherpunk ideology.
* * *
Reputations
As for reputations, what can we do about this? I think that there are a
lot of solutions to be experimented with in software. One of the best
is just to have archives that are searchable by ID. But archives are
very disk-consuming. I have some various other ideas that wouldn't
require much beyond the current database maintenance of email
addresses. Suppose that along with everyone's name, the following
statistics were presented:
1) how long they have been on the list in days, 0 if none at all
2) how many postings they have posted here
3) maybe a posting/age ratio -- some people seem to be very sensitive
or tune out people with a high one.
4) another idea: tracking the number of responses a given poster has,
average, per original post, measured by `re: [x]' subject tracking.
now, look what we get with all these. They are all simple to implement.
They all can tremendously help us weigh the various opinions that are
out there. They can set up a positive feedback system whereby `good'
posters potentially really are quantitatively identified. Regarding
(4), one way to `punish' a poster for irrelevant postings is to simply
not respond, and they will not get any `credit' in this statistic. The
problem with this is that from my experience, sometimes my most
authoritative and finely-crafted postings generate the least response.
But note the point of all these things: they don't necessarily require
any digital signatures to implement. Authentication of postings
`allowed' to the group really seems like a separate problem to me.
Another simple idea is to have a voting system in response to postings.
People's `credit' associated with their postings could be listed in
headers too. This of course is far more ambitious, and the generally
complex problem of authentication rears its ugly head.
In addition to all this, I would like to see protocols that guarantee
honesty on the part of the list maintainer. When databases like this
are maintained, a little unilateral tweaking here and there can be
extremely deleterious to community integrity, honesty, and reputations.
Date: Sun, 17 Oct 93 23:58:08 -0700
From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Subject: Re: on anonymity, identity, reputation, and spoofing
[...]
That which can never be enforced should not be prohibited.
The claim that a person should have only one pseudonym per forum
indicates profound misunderstanding. If someone wants to have
multiple cryptographically protected pseudonyms, they will be able to;
that is one of the main goals of cypherpunks software.
The situations you despise will occur. This is reality. Change your
own psychology or change your own software. You will not be able to
change the other person.
Eric
From: tcmay@netcom.com (Timothy C. May)
Subject: Uniqueness and "is-a-person" credentials
To: cypherpunks@toad.com
Date: Mon, 18 Oct 93 10:17:35 PDT
[...]
I don't like the idea of state-run registries of "legal persons."
Better to live with the occasional vagaries of digital pseuodonyms
than to ban them.
(And multiple identies can have many uses, some good, some not.
Welcome to the future.)
Since it may touch on our "cypherpunks agenda," I plan to read up on
some of these proposals for "is-a-person" credentialling and see how
they might relate to schemes for centralized key registration or escrow.
Any suggestion besides the "Crypto" proceedings?
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
Note: I put time and money into writing this posting. I hope you enjoy it.
Subject: Re: on anonymity, identity, reputation, and spoofing
To: cypherpunks list <cypherpunks@toad.com>
Date: Mon, 18 Oct 93 3:44:35 PDT
From: Eli Brandt <ebrandt@jarthur.Claremont.EDU>
> From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
> On the other hand, I think there is an implicit assumption by virtually
> everyone here that addresses on public posts and private email that are
> not specifically anonymous represent *unique* people.
[...]
> 1) list members are allowed *one* anonymous identity if any. They are
> required to associate some name with all anonymous posts via that identity.
> 2) *no one* is allowed multiple `real' identities and in fact any
> violation of this is considered an extremely serious breach of netiquette & honesty.
[...]
> deep end. The practice amounts to `spoofing' and any patriotic
> cypherpunk with some integrity ought to recognize that immediately and
[...]
> crime against cypherpunk ideology.
[...]
It's interesting to see the different mental models that people hold
of the net. To me, this equation that one truename means one persona
is not realistic or reasonable. People spawn personas (-ae?) for
many reasons, including psychological exploration, sociological
experiments, sexual thrills, or just for practice at maintaining
personas. I know of several instances in which one person patted
himself on the back circularly, or took half a dozen sides in a
discussion -- and can surmise about others. This sort of thing may
well happen routinely, particularly in the low-rent areas of Altnet,
where participation is a kind of game.
What's more, the privacy technology `we' espouse can only promote
this. There is no way to maintain this one-to-one equation when
working with pseudonyms, when the human "dongle on the keyboard" is no
longer a viable identifier. I think the Usenet motto, "Live with it",
applies.
Eli ebrandt@jarthur.claremont.edu
From: szabo@netcom.com (Nick Szabo)
Subject: Re: on anonymity, identity, reputation, and spoofing
To: jamie@netcom.com (Jamie Dinkelacker)
Date: Mon, 18 Oct 93 3:29:08 PDT
Cc: cypherpunks@toad.com
[...]
In my limited experience creating Internet pseudonyms, I've been quite
distracted by the continual need to avoid leaving pointers to my
True Name lying around -- excess mail to/from my True Name, shared
files, common peculiarities (eg misspellings in written text), traceable
logins, etc. The penet.fi site explicitly maintains a list of pointers
to the original address. All kinds of security controls -- crypto, access,
information, inference -- have to be continually on my mind when using
pseudonymous accounts. The hazards are everywhere. With our current
tools it's practically impossible to maintain an active pseudonym for a
long period of time against a sufficiently determined opponent, and
quite a hassle to maintain even a modicum of decent security. Pointers
to info and/or tools to enable the establishment and maintenance of a
net.nym, beyond the standard cypherpunks PGP/remailer fare with which
I'm now familiar, greatly appreciated. Especially nice would be a list
of commercial net providers that allow pseudonymous accounts.
[...]
I hope that we stick to experimenting with pure anonymity
in many venues. I suggest we'll find out that purely anonymous
posts are not so bad, overall. Some of the recent stuff has been weird
or rude, but so have been a lot of True Name flames that have passed
thru this list. We find True Name posts easier to deal with
because it's what we're used to. Many are comforted by the thought
that as a last resort, if a flame is just too evil, the poster
can be tracked down and made to pay for his sins. The WELL
was so threatened by the thought of anonymity that they required
all pseudonyms to be traceable to the True Name, as an explicit
policy right from the start of the system. Pure anonymity in all
its manifestations is a strange, threatening, fascinating beast
in our panoptic social-welfare world. Even those of us at
the forefront of harnessing this monster shrink back in fear
when it whinnies.
[...]
Pure anonymity provide voice for a wide variety of new kinds
of expression that up until now have been suppressed.
Some kinds are good (whistleblowing), some bad
(slander). Most are good or bad depending on the
situation (asking embarrassing newbie questions, expressing politically
incorrect opinions, discussing illegal activities, etc.) I hope we
continue experimenting with pure anonymity for a while longer, as well
as experimenting with reputation-based pseudonymous systems. Some of
what comes out might look very strange, something like tapping into
previously concealed areas of our social psyche. I suspect the
result will be a more honest dialog, a more productive conversation
freed from posturing and, ironically, from the concealment of threatening
truth. I hope we will observe the resulting new forms of good and evil
with Zen patience and allow this quite interesting experiment to
continue.
Nick Szabo szabo@netcom.com
To: cypherpunks@toad.com
Subject: PSEUDOSPOOFING
Date: Mon, 18 Oct 93 03:41:03 -0600
From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
I'm absolutely *horrified* and *nauseated* that eminent cypherpunk
leader `ZZZ' has come out in total support of what I have been
calling `spoofing' or using pseudo-real addresses to post to the list.
(It isn't `really' spoofing in the exact sense because as I noted there
has only been an *implicit assumption* by all of us here that opinions
from unique addresses were themselves unique. so, lets call it)
PSEUDOSPOOFING
the activity of misleading people into thinking that an identity is
unique when it really isn't! i.e. posting behind `real' addresses not
specifically noted as anonymous!
I consider pseudospoofing a *detestable* and *reprehensible* activity
if it exists. Am I the only one who finds this absolutely *repulsive*
and *abhorrent*? How long has this been going on? who has been doing
it? am I the first to suspect it is happening? how many debates have
been affected? how many people have been *harassed* or *intimidated* or
*burned* to a *crisp* by pseudospoofers? is this going on in *private
email* too? how many debates have been skewed? how many people here
DON'T EXIST? Are the other founders T.C.May and J.Gilmore in favor of
this too? how much have you guys been doing this? is this really part
of the cypherpunk agenda? who here supports this, anyway? does this
have anything to do with the bizarre conspiracy theories posts of
`S.Boxx'?! is this why `everyone' is opposed to a newsgroup or other
change in the `status quo'?! Is this why *I* get *flamed* so much? is
this polluting other mailing lists?!
E.H.
>The claim that a person should have only one pseudonym per forum
>indicates profound misunderstanding. If someone wants to have
>multiple cryptographically protected pseudonyms, they will be able to;
>that is one of the main goals of cypherpunks software.
IMHO, this itself represents a `profound misunderstanding' under what
actually constitutes an OPEN FORUM. If we are merely conducting some
depraved experiment on the psychology of pseudonymity and
pseudospoofing on unwilling participants, please say so! I for one
never saw *that* announcement when I signed up! calling
`pseudospoofing' `one of the `main goals' of cypherpunks software'
sounds *criminal* to me. Or maybe I'm missing the point! I guess this
is what anarchy really *is* all about!
* * *
speaking of OPEN FORUMS, `Jamie Dinkelacker' <Jamie@netcom.com> objects
to my other proposals for reputation tracking statistics:
>>
>>1) how long they have been on the list in days, 0 if none at all
>>2) how many postings they have posted here
>>3) maybe a posting/age ratio -- some people seem to be very sensitive
>>or tune out people with a high one.
>>4) another idea: tracking the number of responses a given poster has,
>>average, per original post, measured by `re: [x]' subject tracking.
>>
>
>Each of these suggestions call for data that may contribute to identifying
>individuals, tracking their behavior or providing information useful to
>decypher some messages. This has a very NSA feel to it.
A very ``NSA FEEL''?! all of these statistics could be generated by
*anyone* who subscribes to the list! is this an OPEN FORUM or not?! How
could *anyone* object to anything so innocuous?
A *true* forum would be *representative*. For example, I already have
the impression that no one here supports my suggestions whatsoever on
list modifications & protocol from E.H.'s comments and
jamie@netcom.com. Now, humor me, and take the hypothetical situation
that these are the same person! how can this be a `forum' if an opinion
is not *representative*? what if a single person just `ganged up' on
someone they didn't like by overwhelming them with pseudospoofs? what
if there was *truly* support for some project but a pseudospoofer
ganged up on the proponents and clobbered them with flames? does this
sound anything like what has happened on this list in the past? doesn't
it throw every `conversation' on this list into spectacularly
*grotesque* doubt? wouldn't that be a lot like intimidation at best and
*extortion* at worst? would it look like a `clique'? what if this was
happening *routinely*? what if people were being *influenced* by what
they perceived was the *majority opinion* or the *views of their peers*
that were really nothing but DECEPTION AND LIES? what if it was
*thwarting progress*? I would consider this nothing but TREACHERY and
HIGH TREASON. is all this really one of the `main goals' of the
cypherpunk agenda? if so, SIGN ME OFF.
Regardless of whether anyone believes in democracy (a `lot' of people
here said they didn't a while ago, but now I have my doubts!) the idea
of `one man one vote' is SACRED. it means in essence, one man shall not
have UNFAIR INFLUENCE. anything less is just the `Golden Rule: He who
Has the Most Gold Makes the Rules'. or, `you can be here as long as I
always have more *power* than you do and you don't complain!' it is
*anti egalitarian*. it is a recipe for anarchy, dischord and chaos. Or
perhaps I'm MISSING THE POINT?! maybe that's what somebody *wants*. is
*this* what the Cypherpunks really stand for? UNFAIR INFLUENCE. ABUSE
OF POWER. MANIPULATION. DECEIT. TREACHERY. EXPLOITATION. SECRET CONSPIRACIES.
Date: 18 Oct 93 14:18:10 EDT
From: Sandy <72114.1712@CompuServe.COM>
To: <cypherpunks@toad.com>
Subject: DETWEILER
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SANDY SANDFORT Reply to: ssandfort@attmail.com
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Punksters,
Lance Detweiler finished his most recent rant thusly:
. . . is *this* what the Cypherpunks really stand for?
UNFAIR INFLUENCE. ABUSE OF POWER. MANIPULATION. DECEIT.
TREACHERY. EXPLOITATION. SECRET CONSPIRACIES.
Lance, stop frothing at the mouth and get a life.
S a n d y (aka Tim May, Eric Hughes, Nick Szabo, Perry Metzger,
Duncan Frissell, Mao Tse-tung, George Herbert Walker
Bush and a cast of thousands)
>>>>>> Please send e-mail to: ssandfort@attmail.com <<<<<<
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 18 Oct 1993 11:55:46 -0800
To: cypherpunks@toad.com
From: lefty@apple.com (Lefty)
Subject: Re: PSEUDOSPOOFING
>what if people were being *influenced* by what
>they perceived was the *majority opinion* or the *views of their peers*
>that were really nothing but DECEPTION AND LIES? what if it was
>*thwarting progress*? I would consider this nothing but TREACHERY and
>HIGH TREASON. is all this really one of the `main goals' of the
>cypherpunk agenda? if so, SIGN ME OFF.
Works for me.
--
Lefty (lefty@apple.com)
C:.M:.C:., D:.O:.D:.
From: tcmay@netcom.com (Timothy C. May)
Subject: Time for me to come clean...
To: cypherpunks@toad.com
Date: Mon, 18 Oct 93 12:46:40 PDT
My experiment has gone far enough.
One of you has claimed that the Net entity "tcmay" (Timothy C. May,
putatively) is actually "jamie" (Jamie Dinkelacker, putatively). This
person has at other times claimed that perhaps Eric Hughes and Jamie
are the same person, and that the Net entity "tcmay" is the "lackey of Eric
Hughes."
It is all getting so confusing!
Allow me to clarify.
I entered this list under a variety of pseudonyms, with the intent of
compiling information on all of you. I have been posting under the
identities of Tim May (who has actually never existed....the man
behind the mask on the cover of "Wired" was a hired actor, as were the
stand-ins for the personnas of Eric Hughes and John Gilmore), Sandy
Sandfort, Jamie Dinkelacker, and many others.
I disavow any connection to the paranoid "S. Boxx," however.
In fact, I think there are only five actual biological entities on
the list. Makes for some good conspiracy theories for the paranoids.
Finally, I also write under the nym de guerre of "Dorothy Denning."
The real Dorothy Denning is too busy grading papers for her freshman
crypto class to post, so I fill in.
My real name should be apparent to you all. I knew if I used it, the
other four of you would not take me seriously. But now the secret's
out.
David
--
David Sternlight When the mouse laughs at the cat,
there is a hole nearby.--Nigerian Proverb
From: cman@IO.COM (Douglas Barnes)
Subject: Re: PSEUDOSPOOFING (lions and tigers and bears, oh my!)
To: ld231782@longs.lance.colostate.edu (L. Detweiler)
Date: Mon, 18 Oct 1993 11:21:22 -40962758 (CDT)
L. Det writes:
> I for one
> never saw *that* announcement when I signed up! calling
> `pseudospoofing' `one of the `main goals' of cypherpunks software'
> sounds *criminal* to me. Or maybe I'm missing the point! I guess this
> is what anarchy really *is* all about!
It was one of the main reasons *I* signed up... we were working on
a TV show about cyberspace, and Paco Nathan explained public key
encryption, digital money, and nyms with reputations in his inimitably
cheerful and energetic fashion for our cameras.
The part he was most excited about (a part that still fascinates
me no end) is the possibility of spawning new identities that
can acquire reputations, property, prestige, ignominity, whatever,
without the need to appeal to a government bureaucracy for validation.
Furthermore, the whole notion that there is some kind of implied contract
when you join a free mailing list completely absurd, second only to your
notion that we are all pushing for the same political agenda (or should
be) because we put our names in the same hat at toad.com. It just ain't so,
and no amount of wishing will make it so.
And, to cap it all off, I have had more external validation of the
physical existence of the key members of *this* data space than any
other international data space I participate in; in addition to
numerous pictures, I've met a number of the folks, who have, in turn,
met a number of the folks... cypherpunks is one of the meetingest
mailing lists I've ever seen or heard of.
Doug
PS: the show never got edited, because Steve and I decided to set up
io.com.
--
---------------- /\
Douglas Barnes cman@illuminati.io.com / \
Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \
Illuminati Online metaverse.io.com 7777 /______\
From: szabo@netcom.com (Nick Szabo)
Subject: SILLY FLAMES: pseudospoofing
To: ld231782@longs.lance.colostate.edu (L. Detweiler)
Date: Mon, 18 Oct 93 5:25:22 PDT
Cc: cypherpunks@toad.com
L. Detweiler -- shocked, simply shocked, at the realization that
multiple pseudonyms are possible on the net -- explodes:
> ....how can this be a `forum' if an opinion
> is not *representative*?
Perhaps there are differences between a forum and a voting booth?
> what if a single person just `ganged up' on
> someone they didn't like by overwhelming them with pseudospoofs? what
> if there was *truly* support for some project but a pseudospoofer
> ganged up on the proponents and clobbered them with flames?
Perhaps "support" is better measured by how many people are motivated
enough to go to the effort to make multiple but individually unique,
reputable posts in favor of a proposition, rather than by
simple numerical polls that abstract away knowledge and
motivation, or by how many True Names position themselves
with I'm-on-your-side posts.
On cypherpunks' better days, "support" is measured by what kind
of code gets written, not by who flames whom how often under
how many names. Of course we all know that writing code
does not constitute *true* support, since only Democracy is
The One True Way.
> doesn't
> it throw every `conversation' on this list into spectacularly
> *grotesque* doubt?
Welcome to the Internet, Detweiler. Perhaps you might get
together some physical meetings in Colorado, talk to more cypherpunks
on the phone, look at the pictures in Wired magazine (perhaps also
faked?), etc. if you are so concerned about being ganged up on by
unknown numbers of strangers. (Is it better to be ganged up
on by known numbers of strangers? Why of course, that's called
Democracy).
> the idea
> of `one man one vote' is SACRED.
Hallelujah! Praise the Lord & pass the card punch! Let's
vote ourselves bigger paychecks & unlimited medical care.
Let's take a vote on which cypherpunks tools we will implement.
Those who vote with the minority get to do the programming
work, those in the majority get to tell the minority what to write.
I nominate L. Detweiler President of the Cypherpunks. All in favor
say "aye" and bow down to His Holiness of the Veiled Booth!
> it is
> *anti egaltarian*. it is a recipe for anarchy
God forbid! Quick, Detweiler, get out your garlic, raise
up your cross and abjure these crypto-anarchists
before we spread any further! Next thing you know
we'll get some elitist, anti-democratic development like
untraceable digital cash. Some people will accumulate
more digicash than others, and Detweiler won't even know
who they are. Horrors! Quick Detweiler,
write your electronic leveling tax protocols before
its too late. Better yet, get the majority to vote on
making us evil crypto-anarchists -- only a small cypherpunk
minority once our pseudonyms are unmasked, of course -- make
us write them for you. After all, egalitarian software
is a basic human right!
> UNFAIR INFLUENCE. ABUSE
> OF POWER. MANIPULATION. DECEIT. TREACHERY. EXPLOITATION. SECRET CONSPIRACIES.
>...
Isn't it just dreadful?
Nick Szabo szabo@netcom.com
Date: Mon, 18 Oct 93 08:02:16 CDT
From: m5@vail.tivoli.com (Mike McNally)
To: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Cc: cypherpunks@toad.com
Subject: PSEUDOSPOOFING
"L. Detweiler" writes:
> I'm absolutely *horrified* and *nauseated* ...
If digicash were a reality, I'd send you some with the proviso that
you only spend it on clues.
Repeat this chant until you attain enlightenment:
Pseudospoofing cannot be prevented
Pseudospoofing is a reality of online existance
No amount of fear and loathing will make it go away
If it weren't for fundamentally new concepts like the ability to
pseudospoof (that's a lousy term, by the way), the net would not be
the quantum change in human communication and human thought it is.
> p.s. if anyone doesn't hear from me for awhile, assume I've been
> `liquidated' and this isn't really an `open forum' ...
No, I'll assume the ELF-2 running your pseudomind blew a fuse.
--
Mike McNally
To: cypherpunks@toad.com
Subject: pseudospoofed out
Date: Wed, 20 Oct 93 01:13:18 -0600
From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Cypherpunks, I use the internet for a lot of serious activities, and it
deeply troubles me to think that I have been vicitimized by
pseudospoofers in areas outside of merely the cypherpunks list such as
in the numerous FAQs I edit (a very time consuming endeavor) or in my
other favorite mailing lists. I feel like my blood has been drained by
parasites that suck my prose and passions. Since there is absolutely no
support for any `True Names' here whatsoever, I volunteer to drop the
subject. And of course I am just another blip on this list, so my ideas
for its improvement mean nothing, and I will not *ever* make a
proposition again here regarding the subject. however,
A PERSONAL REQUEST
I humbly request that ANYONE SENDING ME PERSONAL MAIL have the decency
to do so under their `True Name' or `obviously anonymously' under the
same identity. Do not deceive me for perverted sport. Do not try to
build up trust merely so that you can betray it. Do not manipulate me
simply because you have the capability or because I am a basically
trusting person. This sentiment is equivalent to something like `if a
woman doesn't carry a gun then it's OK to rape her' and it is one of
the most alarming aspects of what I have seen promoted here and in the
general `hacker' community. `nothing is wrong if you can get away with
it.' I believe that there is no such thing as a `consequentless
action'. Please, do not drag *me* into the gutter because you like to wallow there.
If anyone has deceived me in manipulating me with multiple pseudonyms
in my personal email, please inform me *now*. I believe this is the
absolute least that *anyone* could ask on the internet.
Another point to make is that Usenet & current mailing lists are far
from the future models. I fundamentally believe that `true name'
systems are entirely socially desirable and can be erected without
invading privacy. Anyone who claims that `true names' and `privacy' are
fundamentally incompatible is simply mistaken. Does `absolute privacy'
mean that no one *ever* knows who *anyone* is?
It seems to me the ability to differentiate identities or reject their
input based on `true names' is a basic right of the listener. You do
not have a right to bludgeon me with identical opinions from an
unrepresentative arsenal of imaginary identities. I suspect some of the
people advocating `absolute privacy' are themselves currently using
powerful tools to detect pseudospoofing others do not possess. Is that
the cypherpunk Utopian ideal? A place where you can manipulate people
without them knowing it? let others drown in mud while you trample atop their backs?
Also, please do not deceive the press. T.C. May has recently
satirically suggested that some of the Wired pictures are of hired
actors. I don't find this funny. If the `cypherpunks' are really
something other than that which they claim, it will eventually and
inevitably come back to haunt the `movement,' whatever it is
(algorithms or ideology? I no longer care). History and society is far
more shrewd than that. If pseudospoofing is really the #1 cypherpunk
agenda, please make that clear. `We want to fool everyone with
brainwashing techniques so they are at the mercy of our whim.'
One of my attractions to cyberspace was the promise of making online
friends, and I have made many over many months. But the idea that some
psychopaths are sending me email just to leech my strong emotions and
play with my passions, like a cat does a captured mouse, perhaps even
with the support of a large and complex software `arsenal' designed
specifically to promote camouflage and manipulation, perhaps on a very
widespread scale involving multiple lists, I find reprehensible and
inherently evil. Please, choose another lab rat victim.
My whole `cyberspatial reality' has been cast into doubt. Who's real?
Who's fake? I used to really look forward to reading and responding to
my mail, but now I approach it with dread, horror, and nausea. I don't
even know if who I am talking to on the phone is who they say they are
anymore, or if I really have any true cyberspatial friendships, because
of all the pseudospoofing in my mailbox. There are some among you who
say `welcome to the real world'. Are you people saying that man's
natural state is confusion, desperation, and paranoia?
I am not opposed to `pseudonymity' and multiple reputations of course.
But the strong sentiments on this list that I should be kept *guessing*
I find abhorrent. What is most disturbing is the possibility of a
single entity attempting to stick someone's psyche in a vice by
systematic and concerted assaults from multiple supposedly `unique'
identities in private email. This is like dealing with a tentacled
octopus-monster. What could be more depraved? This is nothing but
vicious interrogation and brainwashing.
I'm simply in favor of truth in advertising, and I think this list has
been misrepresented as a `forum' when it's nothing but a hotbed of
pseudospoofing, possibly even aided by automatic software tools.
Someone tell me, how long have I been arguing with AI programs anyway?
Trully, I never would have subscribed if I had realized the `practice'
of pseudospoofing was epidemic. I mean, I suspected there were isolated
cases, but now it appears a large part of traffic is manufactured
flames and froth. Does anyone have any idea how much time has been
wasted wading or even arguing with opinions that were nothing but
mirages? I'm deeply disillusioned. But of course, who cares? Certainly
not the leadership or the followers.
I'm not sure that some of the `identities' I've been dealing with over
the past few months really have any basic morality. I suspect there are
some demagogues that tout `privacy' while really subtly and insideously
promoting dishonesty, sociopathism, treachery, and barbarianism.
An example: I am on another mailing list where I posted a long article
as a `gift' to the subscribers. I got some favorable comments, except
from the moderator who said that `people are shocked at what you did.'
I asked him. What people? What did they say? He backed down. But
imagine that someone slandered me with a worthless pseudonym? and, in
fact, even if they mailed *me* would I be able to tell that they didn't
care about the reputation of that pseudonym? It seems to me that there
is a basic idea of reputation and postings. To a degree, if you haven't
earned a reputation in some subject, you should be disqualified from
pontificating on it, irrelevant of your arsenal of pseudonyms. Filters
based on reputations may help make this a reality. (I would personally
like to ban my mailbox of all opinionated pseudonyms who have not read
more than 2 of my posts.)
I remember `ZZZ' once announcing to the list that J. Markoff had
unsubscribed. Who's really in favor of privacy? Is everybody here
really interested in `privacy' as an `offensive weapon'? `Privacy' as a
way of evading taxes? `privacy' as a way of manipulating or betraying
the gullible and trusting for perverted pleasure? `privacy' as
destroying social order and promoting anarchy? Really, nevermind.
please, don't send me any more blistering flames. These are rhetorical
questions. In fact, this is a rhetorical essay.
Date: Wed, 20 Oct 93 08:30:42 CDT
From: m5@vail.tivoli.com (Mike McNally)
To: cypherpunks@toad.com
Subject: Re: pseudospoofed out
"L. Detweiler" writes:
> [ the funniest thing I've read on the net in years. ]
Thank you, thank you, thank you *all* for making this possible. The
hours of cleaning crud from my INBOX are *easily* worth this kind of
entertainment. I am literally in tears, irritating my officemate with
incessant laughter.
Mr. Detweiler (if that really *is* your name), thank you especially.
You write well, kinda, even if I utterly disagree with you. I think
I'll print this out and paste it into my big unabridged next to
"hyperbole".
--
Mike McNally
Date: Wed, 20 Oct 93 08:22:25 CDT
From: m5@vail.tivoli.com (Mike McNally)
To: cypherpunks@toad.com
Subject: pseudospoofed out
"L. Detweiler" writes:
> I feel like my blood has been drained by
> parasites that suck my prose and passions.
I hereby claim this as a .signature for at least one of my
identities.
--
Mike McNally
--
ld231782@longs.LANCE.ColoState.EDU
Return to October 1993
Return to “craig@osh3.OSHA.GOV (Craig Nordin)”
1993-10-25 (Mon, 25 Oct 93 12:54:07 PDT) - on the CYPHERPUNKS, PSEUDOSPOOFING, and POISON - craig@osh3.OSHA.GOV (Craig Nordin)