[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FRED] Anonymity and Integrity
Dr. Frederick B. Cohen writes:
> To clarify even further, I seem to recall a posting some months ago from
> an anonymous source declaring a new on-line for-sale forum called the
> Internet Security Newsletter (or some such thing). The anonymity of the
> poster in the context of asking for money and the fact that one of the
> people who was claimed to be on the board of editors was not, in fact, a
> participant, led to the question of who the person was.
The poster wasn't actually anonymous, but rather pseudonymous, in that case.
(The pseudonym was the name of the publication, as I recall.)
> It turned out
> that this person had a substantial history of putting forth falsehoods
> as well as other related things that might have been very helpful in
> evaluating the credence of his statements. It turned out that the
> newsletter was, at least in some sense and without making value
> judgements, legitimate; but the anonymity of the person making the posts
> made it harder to assure the integrity of the statements made, which
> exacerbated the assurance issue.
It seems to me that the integrity of the statements was rather easily verified
based on the merits of the statements themselves. In particular, one or two
participants in the forum denied the claims made that they were members of
the editorial board.
Granted, some people would have been more inclined to look askance at the
messages if they had known the author's True Name. But as the saying goes,
"past performance is not a guarantee of future results". You can choose to
doubt or believe a message because of the author's past reputation. But
reputation is not a reliable predictor of the integrity of future assertions.
It's a nice psychological crutch, but reliance on a "rational expectation" is
a long way from anything I would call "assurance" or "verification". It
doesn't prove anything. The only acceptable method of assurance I can see is
careful analysis of the propositions posited, and empirical verification of
the facts presented. Leaning on past reputation is accepting an odd form of
Proof by Authority.
As it happened I had never heard of the True Name of the sender, so the
knowledge wasn't useful to me.
> I understand that over time, reputations can be built up for pseudonyms
> (which are not necessarily anonyms) but then, with a pseudonym we might
> reasonably ask what the motive is for hiding the real identity.
[possible motives...]
> Without knowing the motive, how can we assess the statements?
By asking yourself if they seem to make sense, checking them against known
facts and beliefs, etc. The same methods, IMHO, that are mainly appropriate
to assess anyone's statements.
> In fact, how can we know that the original pseudonym still
> applies? Someone could kill you and take over your pseudonym, and even
> though we might hear of your death, the pseudonym might continue based
> on your reputation but with another actual source.
Of course, the is-a-person problem has been discussed at great length.
Digital signatures are as effective for pseudonyms as for anyone else.
The messages we've seen "from Alice de `nonymous" might all have come from
different senders. They exhibit a common tone and style, but that doesn't
assure us of anything. In a sense that makes them more inviting,
since there's always the chance that a third party is attempting a clever
parody or a sly bit of character assassination.
[...]
> It's an interesting concept that each statement should/could be taken on
> its own and evaluated independently of the rest of a person's life
> context, but in my experience, that has serious problems.
In my experience, that's about all I can usually do in network communication.
In principle I _could_ devote scads of time to background investigations of
my correspondents, for all except strongly anonymous and strongly
pseudonymous parties, but I don't find that approach realistic.
-Futplex <[email protected]>