Information AboutPseudonymity |
| CATEGORIES ABOUT PSEUDONYMITY | |
| applications of cryptography | |
| pseudonyms | |
| anonymity | |
|
THE LINKABILITY CONTINUUM In computer networks, pseudonyms possess varying degrees of Anonymity , ranging from highly linkable ''public pseudonyms'' (the link between the pseudonym and a human being is public known or easy to discover), potentially linkable ''non-public pseudonyms'' (the link is known to system operators but is not publicly disclosed), and ''unlinkable pseudonyms'' (the link is not known to system operators and cannot be determined). A true Anonymous Remailer enables Internet users to establish unlinkable pseudonyms; those that employ non-public pseudonyms (such as the now-defunct Penet Remailer ) are called Pseudonymous Remailer s. The continuum of unlinkability can be seen, in part, on Wikipedia. Some registered users make little attempt to disguise their real identities (for example, by placing their real name on their user page). The pseudonym of unregistered users is their for a list of the conditions under which such a linkage would be attempted); this is not done unless there is a compelling reason (for example, vandalism or a law enforcement subpeona). It is possible, in theory, to create an unlinkable Wikipedia pseudonym by using an Open Proxy , a Web server that disguises the user's IP Address . However, most open proxy addresses are blocked indefinitely due to the their frequent use by vandals (see ). Even if it were possible to establish an unlinkable pseudonym on Wikipedia, there would be little point in doing so. Contributing to Wikipedia establishes a public record of a user's activity. Because a user's interest areas, writing style, and argumentative positions may establish an identifiable pattern, unlinkability could be assured only by making random, pointless edits throughout the site (which would, of course, amount to vandalism). System operators ( Sysops ) at sites offering pseudonymity, such as Wikipedia, are not likely to build unlinkability into their systems. If they did, they would be unable to obtain information about abusive users quickly enough to stop vandalism and other undesirable behaviors. Law enforcement personnel, fearing an avalanche of illegal behavior are equally unenthusiastic. Still, some users and privacy activists believe that Internet users deserve stronger pseudonymity so that they can protect themselves against identity theft, illegal government surveillance, stalking, and other unwelcome consequences of Internet use (including unintentional disclosures of their personal information, as discussed in the next section). Their views are supported by laws in some nations (such as Canada) that guarantee citizens a right to speak using a pseudonym. (This right does not, however, give citizens the right to demand publication of pseudonymous speech on equipment they do not own.) Debate about unlinkability is certain to remain heated. PSEUDONYMITY AND CONFIDENTIALITY Most Web sites that offer pseudonymity retain information about users. They should protect their users from unwanted disclosures of personal information; in other words, they should assure Confidentiality (the information is available only to those authorized to have access). But Web sites are notoriously susceptible to unauthorized intrusions into their non-public database systems. For example, in 2000, a Welsh teenager obtained information about more than 26,000 credit card accounts, including Bill Gates'. In 2003, VISA and MasterCard announced that intruders obtained information about 5.6 million credit cards. Sites that offer pseudonymity are also vulnerable to confidentiality breaches. In a study of a Web dating service and a Pseudonymous Remailer , Cambridge University researchers discovered that the systems used by these Web sites to protect user data could be easily compromised, even if the pseudonymous channel is protected by strong Encryption . Typically, the protected pseudonymous channel exists within a broader framework in which mutiple vulnerabilities exist. Pseudonym users should be in Mind that, given the current state of Web security engineering, their true names may be revealed at any time. PSEUDONYMITY AND ONLINE REPUTATIONS Pseudonymity is an important component of the Reputation systems found in online auction services (such as EBay ), discussion sites (such as Slashdot ), and collaborative knowledge development sites (such as Wikipedia ). A pseudonymous user who has acquired a favorable reputation gains the trust of other reputable users. When users believe that they will be rewarded by acquiring a favorable reputation, they are more likely to behave in accordance with the site's policies. If users can obtain new pseudonymous identities freely or at very low cost, reputation-based systems are vulnerable to . The social cost of cheaply discarded pseudonyms is that experienced users lose confidence in new users, and may subject new users to abuse until they establish a good reputation. System operators may need to remind experienced users that most newcomers are well-intentioned (see, e.g., ). Concerns have also been expressed about sock puppets exhausting the supply of easily remembered usernames. Proposals have been made to raise the costs of obtaining new identities (for example, by charging a small fee or requiring e-mail confirmation). Others point out that Wikipedia's success is attributable in large measure to its nearly non-existent initial participation costs. SEE ALSO
REFERENCES |
|
|