

Selected Papers in Anonymity - ShaneWilton
http://freehaven.net/anonbib/date.html#

======
e12e
While not directly related to Anonymity, I also strongly recommend Warren and
Brandeis: "The Right to Privacy" as reading on some arguments against the "...
if you have nothing to hide"-arguments:

[http://groups.csail.mit.edu/mac/classes/6.805/articles/priva...](http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html)

------
zkhalique
Anonymity itself is hard to maintain. There are generally two ways to do so:

1) Accounts can be obtained at a network which is KNOWN not to discover who
the owners are. These accounts can then be used to open other accounts at
other organizations and networks in a sort of graph, and eventually double
back on themselves once or twice.

2) For networks which do not allow anonymous accounts, nor allow the use of
other "anonymity-friendly" networks to authenticate with or create accounts,
one would have to use account hijacking. That is to say, use an existing
account belonging to an existing member. This should be done carefully, as the
member might have to face consequences for any actions you perform with their
account, if they are discovered. It is advisable to know whether the
organization has a provision for dropping proceedings against members whose
accounts have been found to be "hacked".

Of course, with all this, you would still have to make sure repeated
communication does not bear any fingerprints that could be used to identify
you. For instance: the language you use, the time of day you post, the
location you post from, the subject you post about, all those things must have
a sufficient number of possible candidates so as to make actually confronting
them in person (or e.g. tampering with their internet connection) infeasible
or unattractive.

I figure since this is Hacker News, it is a good place to post this analysis.

~~~
ShaneWilton
"Of course, with all this, you would still have to make sure repeated
communication does not bear any fingerprints that could be used to identify
you."

This is one area where things get really interesting. Here's one of my
favourite DEFCON talks, wherein Tom Ritter de-anonymizes users of an anonymous
message board, based on these sorts of fingerprinting techniques.

[https://www.youtube.com/watch?v=_Tj6c2Ikq_E](https://www.youtube.com/watch?v=_Tj6c2Ikq_E)

~~~
dhimes
That talk is riveting. Thanks for sharing.

------
kriro
This seems like an excellent list on first glance. Is there a similar
"practical advice" type of list.

Sadly, I tried to imagine I'd need to be as anonymous as possible and couldn't
even figure out how to get an untraceable email address (legally). My basic
thought was to use some public WLAN (hoping for no MiTM), ideally not close to
where I actually live and then use Tor to create a Hushmail account (as I
recall the EFF recommends it). Alas it seems that's already flawed since a
quick websearch suggests Hushmail cooperates with government agencies.

Admittedly I haven't spend a lot of time researching available options but I
think it's pretty hard to even get step 1 right. I can only imagine how hard
it must be for someone who isn't tech saavy at all.

~~~
dandelion_lover
Free Software Foundation recommends [0,1] [http://posteo.de](http://posteo.de)
email provider. They consider privacy as one of their advantages. You can even
send them money in an envelope (1 euro/month) without a return address and
they will accept the payment.

[0] [https://www.fsf.org/blogs/community/fsf-javascript-
guideline...](https://www.fsf.org/blogs/community/fsf-javascript-guidelines-
picked-up-by-posteo-webmail)

[1] [https://www.fsf.org/resources/webmail-
systems](https://www.fsf.org/resources/webmail-systems)

(dislaimer: I'm not affiliated with Posteo.de)

edit: added the second link; grammar

~~~
kriro
Thanks, this seems to be pretty much what I was looking for. The two
conceptual hurdles I ran into were. 1) If it requires payment there's a trail
2) Most other solutions usually require some sort of reference mail/postal
address or phone number.

This seems to solve both :)

------
vippy
The best:

Tor: The Second-Generation Onion Router

Untraceable electronic mail, return addresses, and digital pseudonyms

Location Diversity in Anonymity Networks

Basically, Roger Dingledine and David L. Chaum

~~~
ShaneWilton
Those are great. Other favourites from the list are:

1) The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval

2) Mixminion: Design of a Type III Anonymous Remailer Protocol

3) On the Economics of Anonymity

The third in particular is interesting, because it analyzes the social
roadblocks to deploying decentralized systems. Everyone knows that
decentralized systems are technically challenging, but very few people
consider the issue of actually incentivizing people to contribute to your
network once you get it working, until it's too late.

------
unabridged
Its kind of disheartening when the websites for Free Haven and Mixminion don't
even have HTTPS as an option.

~~~
dublinben
Mixminion is abandoned, so I wouldn't use it for anything other than research
purposes. You should be verifying signatures of important software like this
anyway, not relying on HTTPS to give you a trustworthy download.

------
ecesena
Thanks for sharing!

If interested in pseudonimity, an interesting keyword is "Direct Anonymous
Attestation" \-- the protocol was first invented in the context of the Trusted
Computing and generated a lot of interesting research.

------
0xFFC
I don't know you , But you made my day.I don't know how to thank you !

