Anonymous posting has been around as long as Usenet, in the form of forged messages.
This is an excellent point of rhetoric. Perhaps we should teach mail and news forgery as a technique to the defense of privacy? 1/2 :-)
I have been working through a few ideas for the design of a _distributed_ anonymous posting service,
[...] secret sharing might be used for remailer private keys.
I have convinced myself that some form of secret sharing will be necessary for a distributed system that is robust against single point failure. You don't want single point manipulability, either, if you can get it. There are two basic ways to proceed: hard nodes, difficult to take down, or soft nodes, easy to reconfigure around. Both approaches should be looked at. Hard nodes are more difficult politically; soft nodes are more difficult technically. A soft node necessity: a directory lookup service, distributed, sharing data. Merely specifying the first point of contact and alternate paths doesn't cut it. You don't want to have to retry a bounced message so many times. Who here knows enough about sendmail to consider the eventual feasibility of integrating pseudonym lookup into mail transfer? Eric