[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Pseudonyms and Reputations
hal finney:
>Chaum's system is complicated and requires a centralized agency which
>gives out all endorsement certificates, as well as an agency which
>validates pseudonyms. His system does allow for optional restrictions
>on nyms which, for example, would allow only one nym to be used in any
>given online forum. A user would not be able to control two different
>nyms in that place, although he could have different nyms in other
>parts of cyberspace. There might be some situations in which this
>duplication could be harmful (such as certain kinds of online voting
>systems) and Chaum's method does allow this restriction.
these identification systems ultimately fall back on `real world'
identification systems such as birth certificates, social security
numbers etc. which all can be readily subverted by a determined
adversary. i wonder if in general, you `cpunks' feel that e.g.
voting systems that restict pseudonymity (i.e., multiple votes by
a single person) are `fair' or `judicious'.
>The social problems of determining when writers should receive
>endorsements, how much credence to give to endorsements from unknown
>endorsers, how to appropriately display endorsements, and how to easily
>validate and verify endorsements proffered by others, are harder to
>solve.
what, specifically, is problematic about these? does chaum just ignore
them? does he describe them in greater detail?
as for `endorsements for unknown endorsers', it seems to me the reputation
system you refer to is a sort of `reputation web' not unlike the pgp
`web of trust' model. a pseudonymous credential has as much weight as
the pseudonym originating the certification. i.e., if `a' signs `b's
pseudonym, that `edge' in the `reputation graph' has as much weight as
`a' has reputation. that is, it should not be possible to create a whole
bunch of new pseudonyms, have them all sign each other, and then increase
your reputation.
this brings up an interesting idea. future cyberspatial citizens may
develop an elaborate netiquette that describes how to maximize one's
advantage through the use of pseudonyms. all kinds of strategies will
ensue. is it better to have a few good pseudonyms, without diluting
reputation, or a whole bunch of pseudonyms but a bit more diluted
reputation?
one of the problems with a positive reputation system is that it would
workd for `d-type people' <g> whose reputation is primarily negative.
a whole lot of people would like to put a negative credential on `d'
so that they would limit his influence in all forums he visits, similar
to the way that one could globally encourage someone else through
`accreditation'. `d' would simply not propagate any negative signatures
to his pseudonyms.
could such a negative signature system be constructed? it seems possible
with a centralized `trusted' server, but this is not an ideal solution;
ideally one would like the system to be possible from the independent
interactions of people who trust only themselves. this of course is the
ideal cryptographic model, and the very best and finest algorithms
(e.g. rsa) conform to it.
the problem is similar to preventing double
spending in a cash system. how do you enforce that a person `spends'
a certain amount of information? there are no `laws of the conservation
of information' as their are of e.g. mass as with a paper currency. in
fact maybe the double-spending preventative techniques for cash systems
could be translated to get a negative reputation and prevent people from
not displaying credentials, even negative ones, they have accrued (just
in the way people are forced to reveal if they are `printing money', i.e.
spending spent money)
personally i like chaum's emphasis (or recognition) that forums exist
such that restricting pseudonymity in them is natural, fair,
and rational, i.e. a desirable design goal. it seems to me that even
beyond this, people should be able to construct forums where they demand
(or comply, or agree, or whatever) that identity be known, or that it
be totally ignored. given all this inquisitional witchhunting of my
`true identity' (whatever the !@#$%^&* that is), obviously this forum
is in the former category <g>
what do you think, cpunks, should you have the right to ignore people
regardless of the pseudonyms they use? again, i ask if it is possible
to construct a system that protects anonymity but at the same time allows
someone to filter all pseudonyms associated with another person. it seems
that we have reached an impasse -- these are two very useful design
criteria but they appear to be contradictory. on one hand we would like
to censor all the `d-type' pseudonyms, but on the other hand we would
want a `clean slate' for all of our own.
it seems to me that is the purpose of developing a moral code or etiquette
in cyberspace-- almost by definition that these codes apply
to people who agree that an individual is ultimately responsible for their
own actions, regardless of presence or lack of punishment, and agrees to
a set of guidelines because s/he believes it constitutes civil behavior,
not because `if i don't, i will get caught'. ideally we can develop moral
codes where our algorithms fail us. or maybe not <g>
pseudonymously yours,
--tmp