[PracticalSecurity] Anonymity - great technology but hardly used
R.A. Hettinga
rah at shipwright.com
Mon Oct 24 16:56:26 PDT 2005
--- begin forwarded text
Date: Mon, 24 Oct 2005 23:31:34 +0200
To: practicalsecurity at hbarel.com
From: Hagai Bar-El <info at hbarel.com>
Subject: [PracticalSecurity] Anonymity - great technology but hardly used
Sender: PracticalSecurity-bounces at hbarel.com
Hello,
I wrote a short essay about anonymity and pseudonymity being
technologies that are well advanced but seldom used.
Following are excerpts from the essay that can be found at:
http://www.hbarel.com/Blog/entry0006.html
In spite of our having the ability to establish anonymous surfing,
have untraceable digital cash tokens, and carry out anonymous
payments, we don't really use these abilities, at large. If you are
not in the security business you are not even likely to be aware of
these technical abilities.
If I may take a shot at guessing the reason for the gap between what
we know how to do and what we do, I would say it's due to the overall
lack of interest of the stakeholders. Fact probably is, most people
don't care that much about anonymity, and most of the ones who do,
are not security geeks who appreciate the technology and thus trust
it. So, we use what does not require mass adoption and do not use what does.
Anonymous browsing is easy, because it does not need an expensive
infrastructure that requires a viable business model behind it;
fortunately. A few anonymity supporters run TOR servers on their
already-existent machines, anonymity-aware users run TOR clients and
proxy their browsers through them, and the anonymity need is met. The
onion routing technology that TOR is based on is used; not too often,
but is used. The problem starts with systems that require a complex
infrastructure to run, such as anonymous payment systems.
As much as some of us don't like to admit it, most consumers do not
care about the credit card company compiling a profile of their money
spending habits. Furthermore, of the ones who do, most are not
security engineers and thus have no reason to trust anonymity schemes
they don't see or feel intuitively (as one feels when paying with
cash). The anonymous payment systems are left to be used primarily by
the security-savvy guys who care; they do not form a mass market.
I believe that for anonymity and pseudonymity technologies to survive
they have to be applied to applications that require them by design,
rather than to mass-market applications that can also do (cheaper)
without. If anonymity mechanisms are deployed just to fulfill the
wish of particular users then it may fail, because most users don't
have that wish strong enough to pay for fulfilling it. An example for
such an application (that requires anonymity by design) could be
E-Voting, which, unfortunately, suffers from other difficulties. I am
sure there are others, though.
Regards,
Hagai.
_______________________________________________
PracticalSecurity mailing list
PracticalSecurity at hbarel.com
http://hbarel.com/mailman/listinfo/practicalsecurity_hbarel.com
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
More information about the cypherpunks-legacy
mailing list