[Cryptography] prism proof email, namespaces, and anonymity

Adam Back adam at cypherspace.org
Sun Sep 15 07:47:13 EDT 2013

On Fri, Sep 13, 2013 at 04:55:05PM -0400, John Kelsey wrote:
> The more I think about it, the more important it seems that any anonymous
> email like communications system *not* include people who don't want to be
> part of it, and have lots of defenses to prevent its anonymous
> communications from becoming a nightmare for its participants.

Well you could certainly allow people to opt-in to receiving anonymous
email, send them a notification mail saying an anonymous email is waiting
for them (and whatever warning that it could be a nastygram, as easily as
the next thing).

People have to bear in mind that email itself is not authenticated - SMTP
forgeries still work - but there are still a large number of newbies some of
whom have sufficiently thin skin to go ballistic when they realize they
received something anonymous and not internalized the implication of digital

At ZKS we had a pseudonymous email system.  Users had to pay for nyms (a
pack of 5 paid per year) so they wouldnt throw them away on nuisance pranks
too lightly.  They could be blocked if credible abuse complaint were

Another design permutation I was thinking could be rather interesting is
unobservable mail.  That is to say the participants know who they are
talking to (signed, non-pseudonymous) but passive observers do not.  It
seems to me that in that circumstance you have more design leverage to
increase the security margin using PIR like tricks than you can with
pseudonymous/anonymous - if the "contract" is that the system remains very
secure so long as both parties to a communication channel want it to remain
that way.

There were also a few protocols for to facilitate anonymous abuse resistant
emails - user gets some kind of anonymously refreshable egress capability
token.  If they abuse they are not identified but lose the capability.  eg

Finally there can be different types of costs for nyms and posts - creating
nyms or individual posts can cost real money (hard to retain pseudonymity),
bitcoin, or hashcash, as well lost reputation if a used nym is canceled.


More information about the cryptography mailing list