It's usually a good idea to read for at least a month before leaping into the discussion, so as not to overreact.
I guess so. :)
I thought the whole grassroots crypto thing was about protecting privacy rights and individual liberty and all that. So what if someone wants to post a message to cypherpunks AND DOES NOT WANT ANYONE TO BE ABLE TO PROVE THEY WROTE THE MESSAGE.
Mechanisms for this already exist. For example, register a PGP key to a pseudonym, such as "Dr. Death".
An advantage of doing this is that even though no one really knows who "Dr. Death" is, you can sign messages certifying that yes, the person they know as "Dr. Death" wrote this message. Without this certification, anyone can claim to be "Dr. Death" at any given moment.
Hmmm. But even with a psuedonym like that, people can still claim you were Dr. Death, and Dr. Death will have posted enough stuff about enough things so the Dr. and you can be linked fairly certainly, isn't this right? There's a reason why one should prefer the telephone over mail for many matters. That is, no one can record your call (legally) and prove that you said a certain thing at a certain time, while they can keep your letter and prove you wrote a certain thing. Honestly, the chance of someone posting a fraudulent message under someone else's email address to the cypherpunks list is pretty slim, but that possibility (or the chance that they left their computer on and someone sent something, etc.) leaves you plausible deniability if you ever want it. If one has to sign all their posts with their pgp key, or conversely with a psuedonym generated for the purpose, to me, that's beginning a dangerous practice of using the technology to invade peoples' privacy instead of expand their privacy possibilities. People who want a psuedonym identity and who want their messages to be verified against a PGP signature can easily choose to do so, presently, and if you wanted to, you could append a notice to the end of an unsigned message: NOTE: The preceding message was not accompanied by a digital signature, and its authenticity may be suspect. But I guess I just don't see why people should have to sign their messages under some given key to contribute to the group. Unless you generated and registered a new key for every message you wanted to post, there would still be unforgeable evidence linking you or your psuedonym to a series of posts. And if there was a series of posts from your psuedonym, that increases the chances it could be linked to you. And besides that, you might want to post free and clear and sign your name to it, and forget the hiding behind a psuedonym stuff. Just you don't want to sign the message digitally. This seems like a perfectly valid choice that users should have the privacy rights and freedom to make. Tom