D. Owen Rowley wrote:
I think that the design of privacy systems needs to take these dark-side issues seriously and do their best to minimise the potential for abuse.
Yes, but it's more than just the privacy systems that need good designs; applications like mailers could benefit from (say) digitally signing every message and reporting the signature on a document rather than where it came from. At the risk of sounding like a broken record, I will quote some private email I sent to another indiviual concerned with these things (hopefully eveybody else who is going to post in about needing to minimize abuses and stuff will read this and find out such things are being worked on!)
I hope this is because people really feel like schmucks taking anonymous pot-shots :-) I mean, I wouldn't like to see anonymous remailers abused either.
As I mentioned, a more "satisfying" solution to me is to be using a positive reputation system along with a pay-per-remail anonymous remailer. The problem is infrastructure - there exist anonymous remailers, but right now positive reputations and pay-remailers aren't at the same level.
A good positive reputation system would require people to habitually sign their messages and posts, even if the key they used can't be traced (say, the username is a pseudonym). Plus, you'd need software (built in to the mail software you use would be best) that reports signatures instead of email address. This would allow you to see who sent the message (who signed it) rather than where it originated from.
A good pay-remailer would charge enough per letter so as to make everyone think before firing off a letter in haste.
-- Karl L. Barrus: klbarrus@owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories