this post was submitted on 01 Apr 2024
95 points (99.0% liked)

Chat

7498 readers
6 users here now

Relaxed section for discussion and debate that doesn't fit anywhere else. Whether it's advice, how your week is going, a link that's at the back of your mind, or something like that, it can likely go here.


Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
95
submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 26 points 7 months ago* (last edited 7 months ago) (4 children)

Absolutely. My unsolicited advice is to proceed with caution. I was there, many years ago, when the Internet changed from University access to a flood of the public. It has become known as the 'Eternal September'.

From most person's experience, during that transition, we all knew each other in real life. There wasn't anonymity.

And, all of a sudden, there was anonymity. Thus, people could just say anything that they wanted without consequences.

Fast forward to now, and it's a complete shit show. Where do we turn?

[–] [email protected] 19 points 7 months ago

Interesting. People on Facebook happily spout insane and hateful stuff, with their whole everything on display

[–] [email protected] 12 points 7 months ago* (last edited 7 months ago) (2 children)

Only with anonymity will you hear the truth, so I don't think it's a downside. Google and others wants to end anonymity since then they make sure nobody will speak the truth under their real name.

Only people who has nothing socially challenging to say will talk under those circumstances.

It's like we have forgotten that social change starts by hearing uncomfortable things.

[–] [email protected] 6 points 7 months ago (1 children)

Anonymity enables you to speak the truth if you want, but it also enables you to lie whatever, if you want. No one can hold accountable an anonymous person if their lies produce something tragic.

While people speaking openly under their identity are more likely to speak the truth when they do it, as they have much more to lose if they're caught lying.

[–] [email protected] 7 points 7 months ago* (last edited 7 months ago) (1 children)

That depends very much on what they have to say.

You assume that people are more likely to speak the truth, but it depends very much how socially acceptable the truth is. People lie all the time because they know their real opinions wouldn't be accepted by others.

So what you get with real identifies are everyone falsely agreeing with eachother. Look at linkedin for example of what happens when people don't discuss their true opinions in front of their employers for example. You get lots of upvotes, cheering and general faked positivity and self promotion.

You will never see an employee being critical of his employer there, because of real names. If you go to glass door, you get the true opinions, because of no real names.

[–] [email protected] 6 points 7 months ago

@1984 That is because of the purpose of those networks. On more general purpose networks like Reddit it is not uncommon for people to simply take advantage of the anonymous system in order to farm karma by posting stuff that is simply not true.

And I'm saying this as a person who genuinely liked Reddit at first, because of the reasons you mentioned.

And it probably was like that before.

But things got a bit more complex. Even on LinkedIn and Facebook, while you should theoretically be public, many people are chosing not to. While on Reddit, you could clearly recognize some people, even public persons.

Even so, the issue is more complex than that of anonymity. It's more about motives and other things, and anonymity does not ipso facto bring the truth, no matter how socially acceptable is it.

I tend to view most of the stuff that is posted online nowadays as rather a personal opinion of the poster - which can be true, or not. You decide.

[–] [email protected] 3 points 7 months ago (1 children)

I think the problem is not anonymity, it is what you might call astroturfing or, to borrow the wikipedia term, sockpuppetry.

Pseudonymity and astroturfing are related to an extent - effective astroturfing means inflating ones own voice (and drowning out others) by interacting with lots of pseudonymous personas. It can also mean that when one pseudonymous identity of an astroturfer is identified and banned, they come back under other identities.

Astroturfing is about manipulating people's perception of the truth, drowning out the voices of the true majority to allow for the real people to be misled and exploited by a minority. It takes away agency to block people who are not engaging in good faith. It sucks the oxygen out of real social change.

That said, there are also legitimate reasons for pseudonymity. Never before today has there been an age where people are tracked so pervasively, where every word is so durably stored and difficult to erase. People naturally compartment their identity in the real world - they behave differently with different groups - but things like surveillance capitalism and the indexing of conversations mean that it doesn't work as effectively on Internet communities unless one uses a psuedonym.

I think zero-knowledge cryptography, coupled with government-issued digital identities, could provide a middle ground in the future that allows people to compartmentalise identities, while reducing astroturfing.

For example, imagine if I had a government issued ID number (call it x) that must never be shared with anyone except my government and me, but which will also never change even if the certificate is re-issued / renewed. And imagine I had a private key k that only I have access to (with a corresponding public key K), and cryptographic certificate C signed by the government linking K to x. Suppose I want to interact with a community that has a unique namespace identifier (e.g. a UUID) N_1. Then, using modern zero-knowledge cryptography (e.g. zk-SNARKs or zk-STARKs), I can generate a proof that for some y = H(x | N_1) (i.e. hashing, through a one-way hash, my government issued identifier with the community namespace), I know the value of a C signed by a particular government key, and the K included in the certificate, and a k that is the private key corresponding to K, and that I also have a signature D signed by K linking it to a new public key L. And since it is zero-knowledge, I can do all this without revealing the private inputs x, C, K, k or D - only the public inputs N_1, y, and L. What does that get us? It ties my new identity (backed by the public key L) to a y, and without convincing the government to change x for me, I can't change my y. However, if I also interact on a different community with namespace N_2, I would have a different y_2, and it wouldn't be possible to link my identities between the two communities (under this scheme, the government, who has access to the database of x values, would be able to link them, but ordinary people wouldn't - that is necessary if you want the government to be able to re-issue in the case of lost private keys unfortunately). Some people might have multiple IDs under different governments of course, but abuse would be limited - instead of having to ban one person a thousand times / having them have a thousand identities, they might have a few if they are citizens / residents of a few countries. In practice, communities might want to rotate their namespace IDs every few months to deal with leaked credentials and to allow people to have a clean break eventually (banning a few bad actors every few months is still a lot better than if they come back multiple times a day) - and some might allow any one of several namespaces to allow people to have multiple pseudonyms up to a maximum number. Governments might also rotate x values every year to minimise the privacy impact on people who have accidentally leaked their x values.

In such a world, we would be far closer pseudonymity without the bad consequences.

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

What if you do end up accidentally or negligently sharing this never-to-be shared identity? What if you're unlucky enough to live somewhere where the government is one of your principal adversaries, like a Palestinian in Israel or a gay person in any number of jurisdictions? And how would you prevent the proliferation of plain ol unsigned data?

[–] [email protected] 1 points 7 months ago

What if you do end up accidentally or negligently sharing this never-to-be shared identity?

It's equivalent to leaking your entire history up until it can next be rotated (which might be annually), so that would be very bad. Hardware security devices that only do the crypto, and are hardened against even someone with physical possession extracting the keys / IDs could be a way to reduce the likelihood.

What if you’re unlucky enough to live somewhere where the government is one of your principal adversaries, like a Palestinian in Israel or a gay person in any number of jurisdictions?

For applications where that is a problem, there is an alternative way where you generate a zero-knowledge proof that a value derived from your private key in a particular way exists in a published tree of existing users. Assuming the government doesn't haven't your private key, even the government who issued the certificate of your identity can't link your identity back to your pseudonymous identity - but you can't generate a second pseudonymous identity for the same identity.

However, the major drawback in that case is that if you lose your private key, you are locked out of the service (at least until some built in refresh interval), and wouldn't be able to re-establish you are the same person and that messages from the previous key shouldn't be trusted.

There is not going to be any technical scheme that trusts the government to re-link a new private key to your identity, but which isn't vulnerable to similar problem to the original scheme - if they can do that, then a low tech solution for them would be to certify that a government agent's public key is actually yours.

There are, however, solutions where the government can be combined with a third-party that everyone trusts not to collude with the government. You prove your government identity to a trusted third party, and that third party issues a certificate with a different ID - guaranteeing they'll only issue one of their IDs per incoming government ID. Then sites would need to trust that third-party instead.

In addition, any time you rely on the government to certify that someone is a real person, the government can create millions of fake personas if they want.

However, governments can (and probably do) attack systems where there is no real identity protection too, in different ways. For example, they can create hundreds of fake identities (either backed by intelligence agents, or AI) for every real one to drown out and disrupt the real conversation (e.g. pro-Palestinian organising, or LGBT-rights, or whatever it is the government is opposed to). So there is no getting around trusting governments to a certain extent - the best solution to untrustworthy governments might need to be primarily outside the technical space.

And how would you prevent the proliferation of plain ol unsigned data?

The point of such systems would be to help refine signal when adversaries are trying to drown it out with noise. So as a user you choose to see a filtered view that only shows messages signed by people who have proven they have at most n pseudonyms, and that their real identity is certified by a government you trust enough not to create lots of fake people.

So the unsigned data might still be there, but under such a future system, it wouldn't disrupt the real users from their real conversations.

[–] [email protected] 7 points 7 months ago (1 children)

I feel it's less about anonymity and more about being part of a tribe. When you identify as part of a tribe, anonymous or not, you're more likely to follow social conventions within that tribe. When the tribe grows and nobody recognises anyone any more, suddenly you're among strangers, tribal norms break down, and being an asshat is on the table for some. We saw the same thing happen recently with Reddit (anonymous) and Facebook (known).

[–] [email protected] 3 points 7 months ago

Facebook has recently gone anonymous, they're now letting people create additional accounts that "don't need to use your real name"... can't wait to see what 3 Billion anonymous users pushed together into a single place, can come up with.

[–] sarmale 3 points 7 months ago

I always kinda liked the idea of this kind of closed networks