Counterabuse: avoiding benefits to bad actors. about draft-ip-address-privacy HOT 9 CLOSED

Do you have any examples of (good) principles and guidelines in other areas that we can use as a framework for specifying them within this domain?

from draft-ip-address-privacy.

Private interactions are interactions where a user has a reasonable expectation of privacy, for example, a private communication between consenting adults. These merit strong privacy protections.

Public interactions are interactions where a user acts in full public view, for example, publishing an article in a newspaper. Individuals acting in public do not expect their actions to be private. However the public expects accountability for public safety when individuals act in public.

Systems that layer privacy onto public interactions create public safety risk while disrupting accountability. Such systems disrupt the incentive for socially responsible behavior, making them dangerous.

A library is an example of a system that has evolved to apply privacy and accountability. Users can consult library materials with a useful measure of anonymity and privacy. At the same time, the material in the library almost alway practices identity transparency of authors and publishers, and it is not okay for the contents of the library to be anonymously modified (e.g. updating the contents of a book), or slanted through censorship or other manipulation.

Another example is academic publishing. Consider how transparent identity in academic publishing supports the advancement of science. Would academic publishing work if it were anonymous?

from draft-ip-address-privacy.

#16 adds this issue's concept of public/private interactions, I see this as a useful distinction. I do want to push back a bit on the implication that anonymous authorship is "almost always" inconsistent with trustworthiness of content (I know, I am paraphrasing :) ).

Anonymous authorship:

• has historical precedent (e.g. the Federalist papers, https://en.wikipedia.org/wiki/The_New_York_Times_anonymous_publications (with varying success))
• is used in academia for peer-review based on merit instead of name recognition (although anonymous authorship in published proceedings seems relatively rare)

and pseudonyms are used to varying degrees across publications (e.g. pen names: https://www.acm.org/publications/policies/authorship). There are likely other examples, as well.

The important distinction in these examples is that the publisher is identifiable (and accountable) and they know an identity of the author - transitive trust is implied. Anonymous authorship combined with an anonymous publisher has a perception of being riskier due to an explicit lack of accountability of actions and content. Indeed, we've seen the consequences of pseudonymous identities on social media propagating and amplifying disinformation over the last decade.

However, we must be mindful about the chilling effect accountability can have (e.g. https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy#Users_in_need_of_protecting_their_identity) and we can't forget about designing solutions that empower people who are in vulnerable situations - while still mitigating bad behavior by bad actors.

from draft-ip-address-privacy.

from draft-ip-address-privacy.

While this is a super interesting topic I worry I may be taking us far
afield from IP privacy.

I am torn here. This topic is quite tangential to IP privacy, but the substance of this discussion (and others) has influenced my perspective, so at this point I believe it's beneficial. It may not directly produce text in the document, but at this point that's okay for me.

I saw mention of "publisher norms" which seems helpful. I didn't see the public/private distinction more explicitly. Am I missing something?

There is a high-level description of the interactions:
https://github.com/ShivanKaul/draft-ip-address-privacy/pull/16/files#diff-8f6fcc91c6df8713c00ee5ea3f9510daa48d470d3358dda0c08ca9896c8c1fcbR96

And there are two subsequent references to it:

1. https://github.com/ShivanKaul/draft-ip-address-privacy/pull/16/files#diff-8f6fcc91c6df8713c00ee5ea3f9510daa48d470d3358dda0c08ca9896c8c1fcbR217
2. https://github.com/ShivanKaul/draft-ip-address-privacy/pull/16/files#diff-8f6fcc91c6df8713c00ee5ea3f9510daa48d470d3358dda0c08ca9896c8c1fcbR245

#16 does not yet capture as much detail as we discussed in terms of the context in which these are applicable. This would be valuable, but I haven't found a good framing for it within the larger context of IP privacy.

Did I say "almost always"? That would have been a poor choice of words. It may be true regarding authorship but considering well circulated examples I would agree it is dubious considering readership. What I would assert concretely is that anonymous authorship is a useful tool for deception, especially when a reader is denied straightforward means to distinguish between anonymity and false identity. Honest anonymity should be differentiated from other deliberately deceptive scenarios.

Problems arise when anonymity is used to avoid accountability. Can we use
accountability as a principle?
[...]
Here's another possible way to look at it: In the interest of public
safety, it is problematic to systematically deny publisher liability
protections to the public. There should always be a publisher, and the
publisher should be accountable. If the platform is not the publisher, then
somebody else should accept the role of publisher. Transparency of author
and/or publisher is an ordinary way to achieve accountability, with the ACM
policy as an example.

Yes, I agree with this, and I agree with you that accountability is a fundamental attribute of public safety in society. However, while we are thinking about this, I want us to be cautious when describing solutions that could reduce someone's freedom of expression. I acknowledge there must be compromises.

Just as in physical world
publishing, anonymous authors may need to work with a transparent publisher
or author, who assumes a burden of accountability on behalf of the
anonymous author.

Yes, that is where I was going, too. However, that doesn't fit into the current social media model very well (although that is very much out of scope of this document). I want us to leave open avenues for anonymous authorship, at scale, with IP privacy while improving public safety and avoiding benefiting bad actors.

from draft-ip-address-privacy.

I don't think it is responsible to perpetuate systems that systematically enable abusive publishers to avoid accumulating reputation.

I also want to pull out this sentence. I believe this is getting at the underlying goal and it is well phrased, but we are coming at it from different perspectives. This is a challenging balancing act, but I believe finding that balance is an important objective, over all.

from draft-ip-address-privacy.

from draft-ip-address-privacy.

The current draft discusses replacement signals that would be needed to replace the use IP addresses, including the need to have signals for reputation. I think this captures the discussion here, but perhaps I'm missing something. Can we close this out?

from draft-ip-address-privacy.

Hearing no objections, we'll close this issue.

from draft-ip-address-privacy.