sysrqb
commented
3 years ago Do you have any examples of (good) principles and guidelines in other areas that we can use as a framework for specifying them within this domain?
Closed jbradleychen closed 1 year ago
sysrqb
commented
3 years ago Do you have any examples of (good) principles and guidelines in other areas that we can use as a framework for specifying them within this domain?
jbradleychen
commented
3 years ago Private interactions are interactions where a user has a reasonable expectation of privacy, for example, a private communication between consenting adults. These merit strong privacy protections.
Public interactions are interactions where a user acts in full public view, for example, publishing an article in a newspaper. Individuals acting in public do not expect their actions to be private. However the public expects accountability for public safety when individuals act in public.
Systems that layer privacy onto public interactions create public safety risk while disrupting accountability. Such systems disrupt the incentive for socially responsible behavior, making them dangerous.
A library is an example of a system that has evolved to apply privacy and accountability. Users can consult library materials with a useful measure of anonymity and privacy. At the same time, the material in the library almost alway practices identity transparency of authors and publishers, and it is not okay for the contents of the library to be anonymously modified (e.g. updating the contents of a book), or slanted through censorship or other manipulation.
Another example is academic publishing. Consider how transparent identity in academic publishing supports the advancement of science. Would academic publishing work if it were anonymous?
sysrqb
commented
2 years ago Anonymous authorship:
and pseudonyms are used to varying degrees across publications (e.g. pen names: https://www.acm.org/publications/policies/authorship). There are likely other examples, as well.
The important distinction in these examples is that the publisher is identifiable (and accountable) and they know an identity of the author - transitive trust is implied. Anonymous authorship combined with an anonymous publisher has a perception of being riskier due to an explicit lack of accountability of actions and content. Indeed, we've seen the consequences of pseudonymous identities on social media propagating and amplifying disinformation over the last decade.
However, we must be mindful about the chilling effect accountability can have (e.g. https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy#Users_in_need_of_protecting_their_identity) and we can't forget about designing solutions that empower people who are in vulnerable situations - while still mitigating bad behavior by bad actors.
jbradleychen
commented
2 years ago While this is a super interesting topic I worry I may be taking us far afield from IP privacy.
On Wed, Nov 3, 2021 at 3:08 PM Matthew Finkel @.***> wrote:
16 https://github.com/ShivanKaul/draft-ip-address-privacy/pull/16 adds
this issue's concept of public/private interactions, I see this as a useful distinction. I do want to push back a bit on the implication that anonymous authorship is "almost always" inconsistent with trustworthiness of content (I know, I am paraphrasing :) ).
I saw mention of "publisher norms" which seems helpful. I didn't see the public/private distinction more explicitly. Am I missing something?
Did I say "almost always"? That would have been a poor choice of words. It may be true regarding authorship but considering well circulated examples I would agree it is dubious considering readership. What I would assert concretely is that anonymous authorship is a useful tool for deception, especially when a reader is denied straightforward means to distinguish between anonymity and false identity. Honest anonymity should be differentiated from other deliberately deceptive scenarios.
Anonymous authorship:
- has historical precedent (e.g. the Federalist papers, https://en.wikipedia.org/wiki/The_New_York_Times_anonymous_publications (with varying success))
- is used in academia for peer-review based on merit instead of name recognition (although anonymous authorship in published proceedings seems relatively rare)
and pseudonyms are used to varying degrees across publications (e.g. pen names: https://www.acm.org/publications/policies/authorship). There are likely other examples, as well.
Yes, but the key detail for me from this policy is: "They agree to be held accountable for any issues relating to correctness or integrity of the work." Problems arise when anonymity is used to avoid accountability. Can we use accountability as a principle?
The important distinction in these examples is that the publisher is identifiable (and accountable) and they know an identity of the author - transitive trust is implied. Anonymous authorship combined with an anonymous publisher has a perception of being riskier due to an explicit lack of accountability of actions and content. Indeed, we've seen the consequences of pseudonymous identities on social media propagating and amplifying disinformation over the last decade.
Here's another possible way to look at it: In the interest of public safety, it is problematic to systematically deny publisher liability protections to the public. There should always be a publisher, and the publisher should be accountable. If the platform is not the publisher, then somebody else should accept the role of publisher. Transparency of author and/or publisher is an ordinary way to achieve accountability, with the ACM policy as an example.
However, we must be mindful about the chilling effect accountability can have (e.g. https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy#Users_in_need_of_protecting_their_identity) and we can't forget about designing solutions that empower people who are in vulnerable situations - while still mitigating bad behavior by bad actors.
The chilling effect of accountability is relevant but not an absolute. We must also be mindful of public safety. I don't think it is responsible to perpetuate systems that systematically enable abusive publishers to avoid accumulating reputation.
Online publishing provides tremendous benefits to anonymous authors, providing global reach while reducing marginal costs to near zero. That said, anonymous authors will always be less accountable than transparent authors/publishers, and so they are more of a public safety risk. It is problematic to try to systematically raise the stature of anonymous authors to that of transparent authors/publishers. Just as in physical world publishing, anonymous authors may need to work with a transparent publisher or author, who assumes a burden of accountability on behalf of the anonymous author.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ShivanKaul/draft-ip-address-privacy/issues/5#issuecomment-960207300, or unsubscribe https://github.com/notifications/unsubscribe-auth/AVG426SW4BL65HGS3PC2AXDUKGXHVANCNFSM5CIVHQDQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
sysrqb
commented
2 years ago While this is a super interesting topic I worry I may be taking us far afield from IP privacy.
I am torn here. This topic is quite tangential to IP privacy, but the substance of this discussion (and others) has influenced my perspective, so at this point I believe it's beneficial. It may not directly produce text in the document, but at this point that's okay for me.
I saw mention of "publisher norms" which seems helpful. I didn't see the public/private distinction more explicitly. Am I missing something?
There is a high-level description of the interactions: https://github.com/ShivanKaul/draft-ip-address-privacy/pull/16/files#diff-8f6fcc91c6df8713c00ee5ea3f9510daa48d470d3358dda0c08ca9896c8c1fcbR96
And there are two subsequent references to it:
Did I say "almost always"? That would have been a poor choice of words. It may be true regarding authorship but considering well circulated examples I would agree it is dubious considering readership. What I would assert concretely is that anonymous authorship is a useful tool for deception, especially when a reader is denied straightforward means to distinguish between anonymity and false identity. Honest anonymity should be differentiated from other deliberately deceptive scenarios.
Problems arise when anonymity is used to avoid accountability. Can we use accountability as a principle? [...] Here's another possible way to look at it: In the interest of public safety, it is problematic to systematically deny publisher liability protections to the public. There should always be a publisher, and the publisher should be accountable. If the platform is not the publisher, then somebody else should accept the role of publisher. Transparency of author and/or publisher is an ordinary way to achieve accountability, with the ACM policy as an example.
Yes, I agree with this, and I agree with you that accountability is a fundamental attribute of public safety in society. However, while we are thinking about this, I want us to be cautious when describing solutions that could reduce someone's freedom of expression. I acknowledge there must be compromises.
Just as in physical world publishing, anonymous authors may need to work with a transparent publisher or author, who assumes a burden of accountability on behalf of the anonymous author.
Yes, that is where I was going, too. However, that doesn't fit into the current social media model very well (although that is very much out of scope of this document). I want us to leave open avenues for anonymous authorship, at scale, with IP privacy while improving public safety and avoiding benefiting bad actors.
sysrqb
commented
2 years ago I don't think it is responsible to perpetuate systems that systematically enable abusive publishers to avoid accumulating reputation.
I also want to pull out this sentence. I believe this is getting at the underlying goal and it is well phrased, but we are coming at it from different perspectives. This is a challenging balancing act, but I believe finding that balance is an important objective, over all.
jbradleychen
commented
2 years ago Please feel to pull whatever is useful from our conversations.
I have been a bit busy and may have lost the thread here overall. If there is someplace where you are looking for input or feedback please let me know.
Brad
On Thu, Nov 4, 2021 at 9:02 AM Matthew Finkel @.***> wrote:
I don't think it is responsible to perpetuate systems that systematically enable abusive publishers to avoid accumulating reputation.
I also want to pull out this sentence. I believe this is getting at the underlying goal and it is well phrased, but we are coming at it from different perspectives. This is a challenging balancing act, but I believe finding that balance is an important objective, over all.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ShivanKaul/draft-ip-address-privacy/issues/5#issuecomment-961185586, or unsubscribe https://github.com/notifications/unsubscribe-auth/AVG426XSP44HW6FAA7ALTZ3UKKVA3ANCNFSM5CIVHQDQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
bslassey
commented
1 year ago The current draft discusses replacement signals that would be needed to replace the use IP addresses, including the need to have signals for reputation. I think this captures the discussion here, but perhaps I'm missing something. Can we close this out?
sysrqb
commented
1 year ago Hearing no objections, we'll close this issue.
Privacy providing technologies can support good ends (protecting the average user’s privacy) and bad (providing cover for criminal activity). What principles and guidelines can we establish to support good user privacy while not making it harder to manage abuse?