subject: on the CYPHERPUNKS, PSEUDOSPOOFING, and POISON newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy Recent extremely unpleasant personal experiences in cyberspace have given me, at the same time, deep scars and deep epiphanies. Following are some messages from the Cypherpunks mailing list generally on the subject of `pseudospoofing' -- the possibility that some people are posting or emailing under *different* `identities' from multiple sites, specifically with the intention of camouflage and deception. I have watched the development of anonymity on the internet with a high degree of personal interest, advocacy, and commitment. But this recent realization of the potentials and extent of `pseudospoofing' has deeply disturbed me. The most shocking realization is not just that it is technically feasible but is possibly *widespread* in certain quarters of the Internet. It alarms me that some are championing pseudospoofing (and what I have been calling `black' posts and email) as `liberating' and `refreshing' under the guise of `privacy' or `true/pure anonymity'. > I suspect the > result will be a more honest dialog, a more productive conversation > freed from posturing and, ironically, from the concealment of threatening > truth. I hope we will observe the resulting new forms of good and evil > with Zen patience and allow this quite interesting experiment to > continue. > It's interesting to see the different mental models that people hold > of the net. To me, this equation that one truename means one persona > is not realistic or reasonable. People spawn personas (-ae?) for > many reasons, including psychological exploration, sociological > experiments, sexual thrills, or just for practice at maintaining > personas. I know of several instances in which one person patted > himself on the back circularly, or took half a dozen sides in a > discussion -- and can surmise about others. This sort of thing may > well happen routinely, [...] > [...] the privacy technology `we' espouse can only promote > this. There is no way to maintain this one-to-one equation when > working with pseudonyms, when the human "dongle on the keyboard" is no > longer a viable identifier. I think the Usenet motto, "Live with it", > applies. > Perhaps "support" is better measured by how many people are motivated > enough to go to the effort to make multiple but individually unique, > reputable posts in favor of a proposition, rather than by > simple numerical polls that abstract away knowledge and > motivation, or by how many True Names position themselves > with I'm-on-your-side posts. The idea of `spawning identities' for `psychological exploration, sociological experiments or sexual thrills' repulses me. It sounds to me like advocation of perversions and multiple personality disorders. And much to my shock, horror and disgust it appears to be a major component of the Cypherpunk philosophy. (I even wonder if the mainstream media has been misled about the true cypherpunk agenda, and so far have not been comforted by anyone `real'.) And the idea that `support' for projects be measured by `how many people are motivated enough to go to the effort to make multiple but individually unique, reputable posts in favor of a proposition' is absolutely bizarre. I have been publicly and privately assaulted and ridiculed so thoroughly, searingly, and viciously in both public and private flames by so many apologists and moral relativists on this subject that it has encouraged a certain degree of personal paranoia. In fact, I cannot count a single strong supporter so far. The whole black affair has opened my eyes to the extraordinary potential for grotesque evils such as manipulation, treachery, conspiracies, and brainwashing possible by combining the openess of electronic forums and `pseudospoofing', particularly in private email. I think that anyone who subscribes to this public internet mailing list should be warned that it may be a bizarre `experiment' in pseudospoofing and brainwashing on unsuspecting or unwilling participants. I certainly would never have subscribed if `I knew then what I knew now'. Its deeply upsetting that I may have been trying to cultivate friendships with nothing but phantoms, parasites, and betrayers on the list and in my personal mail or that this has polluted my other online activities. The bizarre perversions found in my personal mail far surpass everything I have posted here, and have quite traumatized me -- something like virginity violated by a rapist. The evasive, blase, flippant, and cavalier attitude by top `leadership' in the group on the subject horrifies me. (One eminent contributor to the list even suggested to me in email that a secret `elite' list existed or was in the works, presumably free of this reprehensible toxic waste.) Many respondents have taken the position that prohibitions against `pseudospoofing' are equivalent to invasion of privacy and government oppression. One very prominent poster suggested, as an insult, that `state run registries of legal persons' were reminiscent of `key escrow' systems like Clipper! I find this quite ironic, given that such a system already exists, called `birth certificates'! Even more upsetting to me the possibility that this practice of pseudospoofing may be infecting and corrupting mail lists devoted to serious project development of Internet technologies. I fear the openess and freedom of these forums is being subtly and insideously poisoned by increasing pseudospoofing -- perhaps a systematic and concerted campaign. It seems to me that resolution of the issues of identification and authentication are absolutely crucial for future internet development, and that some minor sacrifices in current `freedoms' will be the profound investments required for a harmonious future atmosphere. I will have more to say in various forums on the subject in the future. This is an introduction and background. I hope that eminent Usenet contributors will address the multitudes of issues this raises. I have spent valuable reputation capital in pursuing this matter, and have made many new enemies over the past few weeks, and am sure I will be branded as the new premier cyberlunatic by many, but if I am branded a `paranoid ranter' by terrorists and criminals it will only upset me if they're not in jail. I believe this issue of identification has paramount importance to everyone currently involved in `cyberspace' and its future development, perhaps even the #1 issue that must be resolved for basic progress -- how much authentication and identification is to be required? Note1: see talk.politics.crypto for a `user survey' on the subject and possible future postings. Note2: these postings have been edited slightly. ===cut=here=== To: cypherpunks@toad.com Subject: on anonymity, identity, reputation, and spoofing Date: Mon, 18 Oct 93 00:05:56 -0600 From: "L. Detweiler" H. Finney >After going to enormous efforts to create a network of anonymous remailers, >we are hoist by our own petard, as our list receives strange, irrelevant, >and argumentative posts through our own anonymous remailers. (Not all >anonymous posts are like this, but there have been quite a few in the last >few weeks which fall into these categories.) I've been thinking about this a lot lately. I think a large part of the problem as you indicate is associated with reputation. How does one build up a reputation and identity in cyberspace in general? Part of the problem IMHO is that this list software & the internet in general is extremely vulnerable to a lot of different kinds of spoofing. People are very sensitive to the perception of a `consensus' -- they are deeply influenced by what they perceive to be the `majority opinion'. What if that `opinion' was not an accurate representation of reality? what if a few people were creating the illusion that some different kind of consensus existed? what if that `agenda' were actually something inherently wicked like lawlessness or anarchy? what if a conspiracy created the impression that some project or progress was underway when it really wasn't? or that some person was loudly favored or condemned by the `group'? this could be especially problematic if any kind of intimidation were happening `behind the scenes' in email. who would ever know? unless the dissatisfaction reached the list, how would we find out? another problem is that, at the same time being strongly influenced by a lot of flames, people just delete them out of sheer distaste and they may not be around later for inspection. what really is our assurance that all these email addresses actually exist and represent *unique* people? there really is very little currently. I think newsgroups are far less vulnerable to this kind of spoofing, but unfortunately mailing lists are *extremely* vulnerable. (Keep in mind, there are a whole set of other benefits and detriments in *other* categories which I'm not talking about here.) In the former we have thousands of subscribers all checking on each other's honesty. If a suspicious address or opinion pops up, there is some probability someone will notice, and cases of spoofing would probably be noise drowned out in the representative opinion. Also, distribution is centralized, so that `message blocking' is not very feasible. In the latter case, i.e. mailing lists such as this one, there is a much closer knit community that is geographically isolated. Individuals on the list are far more susceptible to spoofing. People are more likely to see *every* message including the `spoofed' ones. There are far fewer people to `check up' and those that are there may not have the technical expertise. What's worse, the list is not `distributed' in a certain sense. If someone wants to get out the message that `something wrong is going on' it could be censored because of the centralization of the distribution. This wouldn't work with Usenet because the distribution of the messages (e.g. NNTP servers) is generally cleaved from the people with strong self-interests in the traffic (e.g. people who post to group [x]). This cyberspace stuff can be a *very* powerful influence on many. It is an electronic community, and peer pressure is *extremely* powerful. Many people do not have an extremely strong internal `moral compass' and could be influenced by this kind of corrupt magnetism associated with a `conspiracy of spoofing'. Note that reputations are crucial in not only persuading us to listen attentively to those we respect, but to `tune out' the lunatics and criminals. * * * Spoofing Regarding the what also gets my vote as `strangest posting of the year' by `S. Boxx', Philippe D. Nave, Jr. (based on my email, a loyal cypherpunk and fellow Denverite!) wrote: >[...] it seems that the point of the message is that there is a lot >of smoke coming from people who use aliases or anonymous remailer >services to post to the cypherpunks list. Does this posting contribute >to that problem, or have I missed something? [...] >What the hell ?!? I've either missed something significant (and would >appreciate enlightenment) or this is a candidate for 'strangest post >of the year'. If 'S. Boxx' really exists and is the author of this >posting, I apologize- if not, then come out from behind your damn >remailer and quit contributing to the problem. As for monitoring the >list for traitors, go ahead- I post under my own name, and I don't >give a shit what you do with the text. If I was concerned about lurkers >building 'traitor files', I'd encrypt my messages and happily watch you >choke on them. I think I speak for many here in saying that I weigh anonymous postings very little, but don't consider the capability a serious problem. They have very significant purposes in e.g. `whistleblowing' `within the system' that I've always been attracted to. On the other hand, I think there is an implicit assumption by virtually everyone here that addresses on public posts and private email that are not specifically anonymous represent *unique* people. That is, if some people were taking advantage of the loose, free, and open atmosphere here to influence opinion or perception of reputations by posting messages under different presumably `real' identities (defined as anything that is not obviously tagged as anonymous), I and probably everyone else would feel very `upset' in the least and `violated' at the most. It would seem like a very serious breach of community trust, and might even have the effect of derailing positive contributions to the `cypherpunk cause' (whether algorithmic or political, the two chief schools of thought). I recall discussions of this related to the Extropians list, which specifically bars this practice. * * * List suggestions The fact that this `uniqueness of real identities' has always been something of an implicit assumption here bothers me. I think anything this delicate and important should be made formal and explicit. We should not simply assume that `everone is honest and no one would be depraved enough to do this.' I think the following guidelines are very reasonable, and might be part of a list charter agreed to by new members: 1) list members are allowed *one* anonymous identity if any. They are required to associate some name with all anonymous posts via that identity. 2) *no one* is allowed multiple `real' identities and in fact any violation of this is considered an extremely serious breach of netiquette & honesty. 3) completely anonymous posts from `outside' the list are allowed; if no pseudoidentity is given they are assumed to come from `outside'. and if anyone has been posting under multiple `real' identies, I think they owe it to everyone here to `come clean'. I don't see why anyone would go to the trouble but if someone was just unstable or obsessive enough to equate reputation with posting traffic, s/he might go off the deep end. The practice amounts to `spoofing' and any patriotic cypherpunk with some integrity ought to recognize that immediately and condemn it, technical capabilities regardless. I would equate this practice with `lying to one's colleagues'. spoofing is probably the #1 crime against cypherpunk ideology. * * * Reputations As for reputations, what can we do about this? I think that there are a lot of solutions to be experimented with in software. One of the best is just to have archives that are searchable by ID. But archives are very disk-consuming. I have some various other ideas that wouldn't require much beyond the current database maintenance of email addresses. Suppose that along with everyone's name, the following statistics were presented: 1) how long they have been on the list in days, 0 if none at all 2) how many postings they have posted here 3) maybe a posting/age ratio -- some people seem to be very sensitive or tune out people with a high one. 4) another idea: tracking the number of responses a given poster has, average, per original post, measured by `re: [x]' subject tracking. now, look what we get with all these. They are all simple to implement. They all can tremendously help us weigh the various opinions that are out there. They can set up a positive feedback system whereby `good' posters potentially really are quantitatively identified. Regarding (4), one way to `punish' a poster for irrelevant postings is to simply not respond, and they will not get any `credit' in this statistic. The problem with this is that from my experience, sometimes my most authoritative and finely-crafted postings generate the least response. But note the point of all these things: they don't necessarily require any digital signatures to implement. Authentication of postings `allowed' to the group really seems like a separate problem to me. Another simple idea is to have a voting system in response to postings. People's `credit' associated with their postings could be listed in headers too. This of course is far more ambitious, and the generally complex problem of authentication rears its ugly head. In addition to all this, I would like to see protocols that guarantee honesty on the part of the list maintainer. When databases like this are maintained, a little unilateral tweaking here and there can be extremely deleterious to community integrity, honesty, and reputations. Date: Sun, 17 Oct 93 23:58:08 -0700 From: hughes@ah.com (Eric Hughes) To: cypherpunks@toad.com Subject: Re: on anonymity, identity, reputation, and spoofing [...] That which can never be enforced should not be prohibited. The claim that a person should have only one pseudonym per forum indicates profound misunderstanding. If someone wants to have multiple cryptographically protected pseudonyms, they will be able to; that is one of the main goals of cypherpunks software. The situations you despise will occur. This is reality. Change your own psychology or change your own software. You will not be able to change the other person. Eric From: tcmay@netcom.com (Timothy C. May) Subject: Uniqueness and "is-a-person" credentials To: cypherpunks@toad.com Date: Mon, 18 Oct 93 10:17:35 PDT [...] I don't like the idea of state-run registries of "legal persons." Better to live with the occasional vagaries of digital pseuodonyms than to ban them. (And multiple identies can have many uses, some good, some not. Welcome to the future.) Since it may touch on our "cypherpunks agenda," I plan to read up on some of these proposals for "is-a-person" credentialling and see how they might relate to schemes for centralized key registration or escrow. Any suggestion besides the "Crypto" proceedings? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. Subject: Re: on anonymity, identity, reputation, and spoofing To: cypherpunks list Date: Mon, 18 Oct 93 3:44:35 PDT From: Eli Brandt > From: "L. Detweiler" > On the other hand, I think there is an implicit assumption by virtually > everyone here that addresses on public posts and private email that are > not specifically anonymous represent *unique* people. [...] > 1) list members are allowed *one* anonymous identity if any. They are > required to associate some name with all anonymous posts via that identity. > 2) *no one* is allowed multiple `real' identities and in fact any > violation of this is considered an extremely serious breach of netiquette & honesty. [...] > deep end. The practice amounts to `spoofing' and any patriotic > cypherpunk with some integrity ought to recognize that immediately and [...] > crime against cypherpunk ideology. [...] It's interesting to see the different mental models that people hold of the net. To me, this equation that one truename means one persona is not realistic or reasonable. People spawn personas (-ae?) for many reasons, including psychological exploration, sociological experiments, sexual thrills, or just for practice at maintaining personas. I know of several instances in which one person patted himself on the back circularly, or took half a dozen sides in a discussion -- and can surmise about others. This sort of thing may well happen routinely, particularly in the low-rent areas of Altnet, where participation is a kind of game. What's more, the privacy technology `we' espouse can only promote this. There is no way to maintain this one-to-one equation when working with pseudonyms, when the human "dongle on the keyboard" is no longer a viable identifier. I think the Usenet motto, "Live with it", applies. Eli ebrandt@jarthur.claremont.edu From: szabo@netcom.com (Nick Szabo) Subject: Re: on anonymity, identity, reputation, and spoofing To: jamie@netcom.com (Jamie Dinkelacker) Date: Mon, 18 Oct 93 3:29:08 PDT Cc: cypherpunks@toad.com [...] In my limited experience creating Internet pseudonyms, I've been quite distracted by the continual need to avoid leaving pointers to my True Name lying around -- excess mail to/from my True Name, shared files, common peculiarities (eg misspellings in written text), traceable logins, etc. The penet.fi site explicitly maintains a list of pointers to the original address. All kinds of security controls -- crypto, access, information, inference -- have to be continually on my mind when using pseudonymous accounts. The hazards are everywhere. With our current tools it's practically impossible to maintain an active pseudonym for a long period of time against a sufficiently determined opponent, and quite a hassle to maintain even a modicum of decent security. Pointers to info and/or tools to enable the establishment and maintenance of a net.nym, beyond the standard cypherpunks PGP/remailer fare with which I'm now familiar, greatly appreciated. Especially nice would be a list of commercial net providers that allow pseudonymous accounts. [...] I hope that we stick to experimenting with pure anonymity in many venues. I suggest we'll find out that purely anonymous posts are not so bad, overall. Some of the recent stuff has been weird or rude, but so have been a lot of True Name flames that have passed thru this list. We find True Name posts easier to deal with because it's what we're used to. Many are comforted by the thought that as a last resort, if a flame is just too evil, the poster can be tracked down and made to pay for his sins. The WELL was so threatened by the thought of anonymity that they required all pseudonyms to be traceable to the True Name, as an explicit policy right from the start of the system. Pure anonymity in all its manifestations is a strange, threatening, fascinating beast in our panoptic social-welfare world. Even those of us at the forefront of harnessing this monster shrink back in fear when it whinnies. [...] Pure anonymity provide voice for a wide variety of new kinds of expression that up until now have been suppressed. Some kinds are good (whistleblowing), some bad (slander). Most are good or bad depending on the situation (asking embarrassing newbie questions, expressing politically incorrect opinions, discussing illegal activities, etc.) I hope we continue experimenting with pure anonymity for a while longer, as well as experimenting with reputation-based pseudonymous systems. Some of what comes out might look very strange, something like tapping into previously concealed areas of our social psyche. I suspect the result will be a more honest dialog, a more productive conversation freed from posturing and, ironically, from the concealment of threatening truth. I hope we will observe the resulting new forms of good and evil with Zen patience and allow this quite interesting experiment to continue. Nick Szabo szabo@netcom.com To: cypherpunks@toad.com Subject: PSEUDOSPOOFING Date: Mon, 18 Oct 93 03:41:03 -0600 From: "L. Detweiler" I'm absolutely *horrified* and *nauseated* that eminent cypherpunk leader `ZZZ' has come out in total support of what I have been calling `spoofing' or using pseudo-real addresses to post to the list. (It isn't `really' spoofing in the exact sense because as I noted there has only been an *implicit assumption* by all of us here that opinions from unique addresses were themselves unique. so, lets call it) PSEUDOSPOOFING the activity of misleading people into thinking that an identity is unique when it really isn't! i.e. posting behind `real' addresses not specifically noted as anonymous! I consider pseudospoofing a *detestable* and *reprehensible* activity if it exists. Am I the only one who finds this absolutely *repulsive* and *abhorrent*? How long has this been going on? who has been doing it? am I the first to suspect it is happening? how many debates have been affected? how many people have been *harassed* or *intimidated* or *burned* to a *crisp* by pseudospoofers? is this going on in *private email* too? how many debates have been skewed? how many people here DON'T EXIST? Are the other founders T.C.May and J.Gilmore in favor of this too? how much have you guys been doing this? is this really part of the cypherpunk agenda? who here supports this, anyway? does this have anything to do with the bizarre conspiracy theories posts of `S.Boxx'?! is this why `everyone' is opposed to a newsgroup or other change in the `status quo'?! Is this why *I* get *flamed* so much? is this polluting other mailing lists?! E.H. >The claim that a person should have only one pseudonym per forum >indicates profound misunderstanding. If someone wants to have >multiple cryptographically protected pseudonyms, they will be able to; >that is one of the main goals of cypherpunks software. IMHO, this itself represents a `profound misunderstanding' under what actually constitutes an OPEN FORUM. If we are merely conducting some depraved experiment on the psychology of pseudonymity and pseudospoofing on unwilling participants, please say so! I for one never saw *that* announcement when I signed up! calling `pseudospoofing' `one of the `main goals' of cypherpunks software' sounds *criminal* to me. Or maybe I'm missing the point! I guess this is what anarchy really *is* all about! * * * speaking of OPEN FORUMS, `Jamie Dinkelacker' objects to my other proposals for reputation tracking statistics: >> >>1) how long they have been on the list in days, 0 if none at all >>2) how many postings they have posted here >>3) maybe a posting/age ratio -- some people seem to be very sensitive >>or tune out people with a high one. >>4) another idea: tracking the number of responses a given poster has, >>average, per original post, measured by `re: [x]' subject tracking. >> > >Each of these suggestions call for data that may contribute to identifying >individuals, tracking their behavior or providing information useful to >decypher some messages. This has a very NSA feel to it. A very ``NSA FEEL''?! all of these statistics could be generated by *anyone* who subscribes to the list! is this an OPEN FORUM or not?! How could *anyone* object to anything so innocuous? A *true* forum would be *representative*. For example, I already have the impression that no one here supports my suggestions whatsoever on list modifications & protocol from E.H.'s comments and jamie@netcom.com. Now, humor me, and take the hypothetical situation that these are the same person! how can this be a `forum' if an opinion is not *representative*? what if a single person just `ganged up' on someone they didn't like by overwhelming them with pseudospoofs? what if there was *truly* support for some project but a pseudospoofer ganged up on the proponents and clobbered them with flames? does this sound anything like what has happened on this list in the past? doesn't it throw every `conversation' on this list into spectacularly *grotesque* doubt? wouldn't that be a lot like intimidation at best and *extortion* at worst? would it look like a `clique'? what if this was happening *routinely*? what if people were being *influenced* by what they perceived was the *majority opinion* or the *views of their peers* that were really nothing but DECEPTION AND LIES? what if it was *thwarting progress*? I would consider this nothing but TREACHERY and HIGH TREASON. is all this really one of the `main goals' of the cypherpunk agenda? if so, SIGN ME OFF. Regardless of whether anyone believes in democracy (a `lot' of people here said they didn't a while ago, but now I have my doubts!) the idea of `one man one vote' is SACRED. it means in essence, one man shall not have UNFAIR INFLUENCE. anything less is just the `Golden Rule: He who Has the Most Gold Makes the Rules'. or, `you can be here as long as I always have more *power* than you do and you don't complain!' it is *anti egalitarian*. it is a recipe for anarchy, dischord and chaos. Or perhaps I'm MISSING THE POINT?! maybe that's what somebody *wants*. is *this* what the Cypherpunks really stand for? UNFAIR INFLUENCE. ABUSE OF POWER. MANIPULATION. DECEIT. TREACHERY. EXPLOITATION. SECRET CONSPIRACIES. Date: 18 Oct 93 14:18:10 EDT From: Sandy <72114.1712@CompuServe.COM> To: Subject: DETWEILER ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort@attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, Lance Detweiler finished his most recent rant thusly: . . . is *this* what the Cypherpunks really stand for? UNFAIR INFLUENCE. ABUSE OF POWER. MANIPULATION. DECEIT. TREACHERY. EXPLOITATION. SECRET CONSPIRACIES. Lance, stop frothing at the mouth and get a life. S a n d y (aka Tim May, Eric Hughes, Nick Szabo, Perry Metzger, Duncan Frissell, Mao Tse-tung, George Herbert Walker Bush and a cast of thousands) >>>>>> Please send e-mail to: ssandfort@attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 18 Oct 1993 11:55:46 -0800 To: cypherpunks@toad.com From: lefty@apple.com (Lefty) Subject: Re: PSEUDOSPOOFING >what if people were being *influenced* by what >they perceived was the *majority opinion* or the *views of their peers* >that were really nothing but DECEPTION AND LIES? what if it was >*thwarting progress*? I would consider this nothing but TREACHERY and >HIGH TREASON. is all this really one of the `main goals' of the >cypherpunk agenda? if so, SIGN ME OFF. Works for me. -- Lefty (lefty@apple.com) C:.M:.C:., D:.O:.D:. From: tcmay@netcom.com (Timothy C. May) Subject: Time for me to come clean... To: cypherpunks@toad.com Date: Mon, 18 Oct 93 12:46:40 PDT My experiment has gone far enough. One of you has claimed that the Net entity "tcmay" (Timothy C. May, putatively) is actually "jamie" (Jamie Dinkelacker, putatively). This person has at other times claimed that perhaps Eric Hughes and Jamie are the same person, and that the Net entity "tcmay" is the "lackey of Eric Hughes." It is all getting so confusing! Allow me to clarify. I entered this list under a variety of pseudonyms, with the intent of compiling information on all of you. I have been posting under the identities of Tim May (who has actually never existed....the man behind the mask on the cover of "Wired" was a hired actor, as were the stand-ins for the personnas of Eric Hughes and John Gilmore), Sandy Sandfort, Jamie Dinkelacker, and many others. I disavow any connection to the paranoid "S. Boxx," however. In fact, I think there are only five actual biological entities on the list. Makes for some good conspiracy theories for the paranoids. Finally, I also write under the nym de guerre of "Dorothy Denning." The real Dorothy Denning is too busy grading papers for her freshman crypto class to post, so I fill in. My real name should be apparent to you all. I knew if I used it, the other four of you would not take me seriously. But now the secret's out. David -- David Sternlight When the mouse laughs at the cat, there is a hole nearby.--Nigerian Proverb From: cman@IO.COM (Douglas Barnes) Subject: Re: PSEUDOSPOOFING (lions and tigers and bears, oh my!) To: ld231782@longs.lance.colostate.edu (L. Detweiler) Date: Mon, 18 Oct 1993 11:21:22 -40962758 (CDT) L. Det writes: > I for one > never saw *that* announcement when I signed up! calling > `pseudospoofing' `one of the `main goals' of cypherpunks software' > sounds *criminal* to me. Or maybe I'm missing the point! I guess this > is what anarchy really *is* all about! It was one of the main reasons *I* signed up... we were working on a TV show about cyberspace, and Paco Nathan explained public key encryption, digital money, and nyms with reputations in his inimitably cheerful and energetic fashion for our cameras. The part he was most excited about (a part that still fascinates me no end) is the possibility of spawning new identities that can acquire reputations, property, prestige, ignominity, whatever, without the need to appeal to a government bureaucracy for validation. Furthermore, the whole notion that there is some kind of implied contract when you join a free mailing list completely absurd, second only to your notion that we are all pushing for the same political agenda (or should be) because we put our names in the same hat at toad.com. It just ain't so, and no amount of wishing will make it so. And, to cap it all off, I have had more external validation of the physical existence of the key members of *this* data space than any other international data space I participate in; in addition to numerous pictures, I've met a number of the folks, who have, in turn, met a number of the folks... cypherpunks is one of the meetingest mailing lists I've ever seen or heard of. Doug PS: the show never got edited, because Steve and I decided to set up io.com. -- ---------------- /\ Douglas Barnes cman@illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From: szabo@netcom.com (Nick Szabo) Subject: SILLY FLAMES: pseudospoofing To: ld231782@longs.lance.colostate.edu (L. Detweiler) Date: Mon, 18 Oct 93 5:25:22 PDT Cc: cypherpunks@toad.com L. Detweiler -- shocked, simply shocked, at the realization that multiple pseudonyms are possible on the net -- explodes: > ....how can this be a `forum' if an opinion > is not *representative*? Perhaps there are differences between a forum and a voting booth? > what if a single person just `ganged up' on > someone they didn't like by overwhelming them with pseudospoofs? what > if there was *truly* support for some project but a pseudospoofer > ganged up on the proponents and clobbered them with flames? Perhaps "support" is better measured by how many people are motivated enough to go to the effort to make multiple but individually unique, reputable posts in favor of a proposition, rather than by simple numerical polls that abstract away knowledge and motivation, or by how many True Names position themselves with I'm-on-your-side posts. On cypherpunks' better days, "support" is measured by what kind of code gets written, not by who flames whom how often under how many names. Of course we all know that writing code does not constitute *true* support, since only Democracy is The One True Way. > doesn't > it throw every `conversation' on this list into spectacularly > *grotesque* doubt? Welcome to the Internet, Detweiler. Perhaps you might get together some physical meetings in Colorado, talk to more cypherpunks on the phone, look at the pictures in Wired magazine (perhaps also faked?), etc. if you are so concerned about being ganged up on by unknown numbers of strangers. (Is it better to be ganged up on by known numbers of strangers? Why of course, that's called Democracy). > the idea > of `one man one vote' is SACRED. Hallelujah! Praise the Lord & pass the card punch! Let's vote ourselves bigger paychecks & unlimited medical care. Let's take a vote on which cypherpunks tools we will implement. Those who vote with the minority get to do the programming work, those in the majority get to tell the minority what to write. I nominate L. Detweiler President of the Cypherpunks. All in favor say "aye" and bow down to His Holiness of the Veiled Booth! > it is > *anti egaltarian*. it is a recipe for anarchy God forbid! Quick, Detweiler, get out your garlic, raise up your cross and abjure these crypto-anarchists before we spread any further! Next thing you know we'll get some elitist, anti-democratic development like untraceable digital cash. Some people will accumulate more digicash than others, and Detweiler won't even know who they are. Horrors! Quick Detweiler, write your electronic leveling tax protocols before its too late. Better yet, get the majority to vote on making us evil crypto-anarchists -- only a small cypherpunk minority once our pseudonyms are unmasked, of course -- make us write them for you. After all, egalitarian software is a basic human right! > UNFAIR INFLUENCE. ABUSE > OF POWER. MANIPULATION. DECEIT. TREACHERY. EXPLOITATION. SECRET CONSPIRACIES. >... Isn't it just dreadful? Nick Szabo szabo@netcom.com Date: Mon, 18 Oct 93 08:02:16 CDT From: m5@vail.tivoli.com (Mike McNally) To: "L. Detweiler" Cc: cypherpunks@toad.com Subject: PSEUDOSPOOFING "L. Detweiler" writes: > I'm absolutely *horrified* and *nauseated* ... If digicash were a reality, I'd send you some with the proviso that you only spend it on clues. Repeat this chant until you attain enlightenment: Pseudospoofing cannot be prevented Pseudospoofing is a reality of online existance No amount of fear and loathing will make it go away If it weren't for fundamentally new concepts like the ability to pseudospoof (that's a lousy term, by the way), the net would not be the quantum change in human communication and human thought it is. > p.s. if anyone doesn't hear from me for awhile, assume I've been > `liquidated' and this isn't really an `open forum' ... No, I'll assume the ELF-2 running your pseudomind blew a fuse. -- Mike McNally To: cypherpunks@toad.com Subject: pseudospoofed out Date: Wed, 20 Oct 93 01:13:18 -0600 From: "L. Detweiler" Cypherpunks, I use the internet for a lot of serious activities, and it deeply troubles me to think that I have been vicitimized by pseudospoofers in areas outside of merely the cypherpunks list such as in the numerous FAQs I edit (a very time consuming endeavor) or in my other favorite mailing lists. I feel like my blood has been drained by parasites that suck my prose and passions. Since there is absolutely no support for any `True Names' here whatsoever, I volunteer to drop the subject. And of course I am just another blip on this list, so my ideas for its improvement mean nothing, and I will not *ever* make a proposition again here regarding the subject. however, A PERSONAL REQUEST I humbly request that ANYONE SENDING ME PERSONAL MAIL have the decency to do so under their `True Name' or `obviously anonymously' under the same identity. Do not deceive me for perverted sport. Do not try to build up trust merely so that you can betray it. Do not manipulate me simply because you have the capability or because I am a basically trusting person. This sentiment is equivalent to something like `if a woman doesn't carry a gun then it's OK to rape her' and it is one of the most alarming aspects of what I have seen promoted here and in the general `hacker' community. `nothing is wrong if you can get away with it.' I believe that there is no such thing as a `consequentless action'. Please, do not drag *me* into the gutter because you like to wallow there. If anyone has deceived me in manipulating me with multiple pseudonyms in my personal email, please inform me *now*. I believe this is the absolute least that *anyone* could ask on the internet. Another point to make is that Usenet & current mailing lists are far from the future models. I fundamentally believe that `true name' systems are entirely socially desirable and can be erected without invading privacy. Anyone who claims that `true names' and `privacy' are fundamentally incompatible is simply mistaken. Does `absolute privacy' mean that no one *ever* knows who *anyone* is? It seems to me the ability to differentiate identities or reject their input based on `true names' is a basic right of the listener. You do not have a right to bludgeon me with identical opinions from an unrepresentative arsenal of imaginary identities. I suspect some of the people advocating `absolute privacy' are themselves currently using powerful tools to detect pseudospoofing others do not possess. Is that the cypherpunk Utopian ideal? A place where you can manipulate people without them knowing it? let others drown in mud while you trample atop their backs? Also, please do not deceive the press. T.C. May has recently satirically suggested that some of the Wired pictures are of hired actors. I don't find this funny. If the `cypherpunks' are really something other than that which they claim, it will eventually and inevitably come back to haunt the `movement,' whatever it is (algorithms or ideology? I no longer care). History and society is far more shrewd than that. If pseudospoofing is really the #1 cypherpunk agenda, please make that clear. `We want to fool everyone with brainwashing techniques so they are at the mercy of our whim.' One of my attractions to cyberspace was the promise of making online friends, and I have made many over many months. But the idea that some psychopaths are sending me email just to leech my strong emotions and play with my passions, like a cat does a captured mouse, perhaps even with the support of a large and complex software `arsenal' designed specifically to promote camouflage and manipulation, perhaps on a very widespread scale involving multiple lists, I find reprehensible and inherently evil. Please, choose another lab rat victim. My whole `cyberspatial reality' has been cast into doubt. Who's real? Who's fake? I used to really look forward to reading and responding to my mail, but now I approach it with dread, horror, and nausea. I don't even know if who I am talking to on the phone is who they say they are anymore, or if I really have any true cyberspatial friendships, because of all the pseudospoofing in my mailbox. There are some among you who say `welcome to the real world'. Are you people saying that man's natural state is confusion, desperation, and paranoia? I am not opposed to `pseudonymity' and multiple reputations of course. But the strong sentiments on this list that I should be kept *guessing* I find abhorrent. What is most disturbing is the possibility of a single entity attempting to stick someone's psyche in a vice by systematic and concerted assaults from multiple supposedly `unique' identities in private email. This is like dealing with a tentacled octopus-monster. What could be more depraved? This is nothing but vicious interrogation and brainwashing. I'm simply in favor of truth in advertising, and I think this list has been misrepresented as a `forum' when it's nothing but a hotbed of pseudospoofing, possibly even aided by automatic software tools. Someone tell me, how long have I been arguing with AI programs anyway? Trully, I never would have subscribed if I had realized the `practice' of pseudospoofing was epidemic. I mean, I suspected there were isolated cases, but now it appears a large part of traffic is manufactured flames and froth. Does anyone have any idea how much time has been wasted wading or even arguing with opinions that were nothing but mirages? I'm deeply disillusioned. But of course, who cares? Certainly not the leadership or the followers. I'm not sure that some of the `identities' I've been dealing with over the past few months really have any basic morality. I suspect there are some demagogues that tout `privacy' while really subtly and insideously promoting dishonesty, sociopathism, treachery, and barbarianism. An example: I am on another mailing list where I posted a long article as a `gift' to the subscribers. I got some favorable comments, except from the moderator who said that `people are shocked at what you did.' I asked him. What people? What did they say? He backed down. But imagine that someone slandered me with a worthless pseudonym? and, in fact, even if they mailed *me* would I be able to tell that they didn't care about the reputation of that pseudonym? It seems to me that there is a basic idea of reputation and postings. To a degree, if you haven't earned a reputation in some subject, you should be disqualified from pontificating on it, irrelevant of your arsenal of pseudonyms. Filters based on reputations may help make this a reality. (I would personally like to ban my mailbox of all opinionated pseudonyms who have not read more than 2 of my posts.) I remember `ZZZ' once announcing to the list that J. Markoff had unsubscribed. Who's really in favor of privacy? Is everybody here really interested in `privacy' as an `offensive weapon'? `Privacy' as a way of evading taxes? `privacy' as a way of manipulating or betraying the gullible and trusting for perverted pleasure? `privacy' as destroying social order and promoting anarchy? Really, nevermind. please, don't send me any more blistering flames. These are rhetorical questions. In fact, this is a rhetorical essay. Date: Wed, 20 Oct 93 08:30:42 CDT From: m5@vail.tivoli.com (Mike McNally) To: cypherpunks@toad.com Subject: Re: pseudospoofed out "L. Detweiler" writes: > [ the funniest thing I've read on the net in years. ] Thank you, thank you, thank you *all* for making this possible. The hours of cleaning crud from my INBOX are *easily* worth this kind of entertainment. I am literally in tears, irritating my officemate with incessant laughter. Mr. Detweiler (if that really *is* your name), thank you especially. You write well, kinda, even if I utterly disagree with you. I think I'll print this out and paste it into my big unabridged next to "hyperbole". -- Mike McNally Date: Wed, 20 Oct 93 08:22:25 CDT From: m5@vail.tivoli.com (Mike McNally) To: cypherpunks@toad.com Subject: pseudospoofed out "L. Detweiler" writes: > I feel like my blood has been drained by > parasites that suck my prose and passions. I hereby claim this as a .signature for at least one of my identities. -- Mike McNally