分身馬甲帳號(Sockpuppets)是一個 反監控的軟件對策 / software measure of countersurveillance。在西蒂姆(Citum)中,分身馬甲帳號 的機制註定了 任何用戶都可以偽裝成其他用戶,就連用戶帳戶的暱稱也並非獨一無二性的!不論從哪個角度來看,沒人能確定哪個賬戶屬於誰的。西蒂姆(Citum)的「分身馬甲帳號」機制規定 一個用戶賬戶不可以與另一位用戶賬戶直接溝通,而只能通過西蒂姆(Citum)中的「分身馬甲帳號」間接溝通。所有用戶賬號都是「分身馬甲帳號」,而每個帳號都貌似是一個反監控的誘餌。一個賬戶在替持賬用戶通訊或僅僅只是在替其他用戶扮演「分身馬甲帳號」去通訊(替其他賬戶通過 無差別網樹多點傳送(IMTM)溝通),除了持賬用戶本人之外,任何其他人都無從推敲亦無法證明。
Sockpuppet is a software measures of countersurveillance. In Citium, sockpuppetry dictates that anyone can pretend to be someone else. The user account nickname is non-exclusive! No user knows for sure which account belongs to whom no matter from which perspective one looks. Sockpuppetry dictates that a user cannot communicate directly to another user but only indirectly through the sea of sockpuppet user accounts in Citium. All accounts are sockpuppets and everyone looks like an anti-surveillance decoy. An account can be communicating on behalf of the account holder or simply just sockpuppeting (communicating on behalf of other accounts by indiscriminate mesh-tree multicast (IMTM)). No one else can scrutinize or prove which account is communicating on behalf of whom except for the account holder him/herself.
再更進一步增強可推諉性,所有西蒂姆(Citum)節點上的數據生命週期都被限制了長度。舉例,身處在用戶移動節點上的消息摘要是默認在24小時後 自焚 的。當事人可以直接告訴脅迫者,系統早已按照公佈的時間表故意抹掉自己的信息,因此不能交出信息。
To further maximize deniability, all data have limited life expectancy on Citium nodes. For example, cryptographically split multiple parts of message digests sitting on users’ mobile nodes are set to self-destruct countdown of 24 hours. The parties can just tell the coercer that they deliberately erased their message according to a published schedule, and therefore cannot surrender them.