[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Identities vs. Accounts




Fellow cpunks,
	The schemes proposed by Detweiler et al. can only verify that
a real person OWNS an account, not who's USING it.  We can only track
a message as far as the computer or account from which it was sent.
There is simply no way to verify that the person who sent the message
is actually the owner of the account.  I've seen otherwise intelligent
and responsible people tape their passwords right onto the front of
their terminals.  We can concievably prevent the creation of
fraudulent accounts, but not the improper usage of valid ones!
	"WiReD" article aside, it's possible that Tim May, Eric
Hughes, and Nick Szabo are real people who have never HEARD of the
cypherpunks, and don't know that their accounts are being used to post
here.  Detweiler might be plotting to kill the wrong person entirely.
The Tentacles laugh heartily at that when it made the news.  It could
be Henry Kissenger and the Queen of England who are behind the whole
thing (as Mr. Larouche has suggested).  Why assume that ANYONE is
telling the truth?  Perhaps Detweiler itself is a creation of the
CONSPIRACY intended to throw us off the trail.
	Back to the real world: Personally, I let my wife send mail
from my account.  She simply dosen't use the computer enough to
warrant creating a new account.  As far as I know, she sends only to
her friends and parents.  She may, however, be posting in my name to
alt.sex.bestiality.  I've no way to know, and there is no possible way
for the people of that group to know because my account is valid and I
use it.  If they try to backtrack and arrest me because messages
apparently from me have advoated killing anyone who posts to the list,
I can convincingly deny any knowledge of it.
	More generally, what if I keep my computer on my desk at home
and somebody breaks in and steals it?  If, by chance, the person who
ends up with it knows anything about PGP, then my key is compromised.
If I'm on vacation when it happens then it may go undetected for
weeks.  Let's say that I send all of my mail from my Apple Newton, but
one day on the subway someone hits me on the head and takes it.  They
can then use the thing to send mail for probably two days before I can
get all of my accounts cancelled.  What if I don't use the thing much
and don't even realize that it's been stolen for two weeks?

THE POINT:
-------------------------------------------------------------------------
To find out more about the anon service, send mail to [email protected].
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to [email protected].