[schoen]

I'm happy to see this article, and it reminds me of things that others have been talking about for some time (for example, the "Redecentralize" community).

I've participated in some file-sharing litigation which has made it very clear to me that decentralized P2P systems are not inherently more anonymous than other technologies. In fact, there's a cottage industry of P2P monitoring companies that participate as peers in the P2P networks and record detailed information about the IP addresses of peers that uploaded and downloaded particular files. There are often paradoxes where decentralization helps privacy and anonymity in some ways but harms it in others -- for example, if you run your own mail server instead of using Gmail, then you've prevented Google from knowing who communicates with whom, but allowed a network adversary to learn that information directly, where the network adversary might not know the messaging relationships if everyone on the network used Gmail.

I guess a related point is that information about who is doing what online exists somewhere by default, unless careful privacy engineering reduces the amount of information that's out there. Making the simplest kinds of architectural changes could just shift the location where the information exists, for example from Google or Yahoo or Amazon to dozens of random strangers, some of whom might be working for an adversary.

[api]

The only mechanism I'm aware of that truly allows anonymity over your own connection (or a connection that can be tied to you) is onion routing. On top of that, you must do it from a separate device or isolated VM to prevent hardware fingerprinting.

Anything less than that is like using snake oil crypto: it might make you feel good, but it's not really there.

[dredmorbius]

For email there are various mixmail systems I strongly suspect you're far more familiar with than me.

A recent talk (I don't recall the conference) on de-anonymising anonlymous online communications shows sharp limits to even this, though there is some workfactor required. Better than nothing.

[bsder]

> Anything less than that is like using snake oil crypto: it might make you feel good, but it's not really there.

While technically true, it doesn't help the situation.

Against the NSA, yeah, you have to be perfect. However, most adversaries are not the NSA.

Encryption on the wire stops random eavesdropping on you while someone else is a target. Having your mail store on a colocated box instead of Gmail/Hotmail/Yahoo means that someone has to get a warrant and physically access your machine rather than filling in an automated request and having it turned over.

It's a modification on the old joke: "Sure, if the tiger is after me, I have to outrun the tiger. But if the tiger is simply hungry, I just have to outrun you."

[phkahler]

>> The only mechanism I'm aware of that truly allows anonymity...

We have a need for both solid anonymity and zero anonymity. I think the first step is to be able to authenticate whom you are communicating with, and to reach them without a central authority. After that, you can choose to strip identifying information, or build a web of trust, or anything else. I think privacy can be built on top of an authenticated net, but the reverse is probably not possible. Today we have neither.

[frio]

For a long time, I've thought the phrase we want is "strong pseudonymity".

[schoen]

Onion routing is an anonymity mechanism for low-latency communications; there could be other mechanisms that are as good or better for some settings of high-latency communications.

https://en.wikipedia.org/wiki/Mix_network

[e12e]

Not that you are wrong, but essentially mixmaster routing of email is essentially oninon routing at the mail protocol level (as opposed to at the IP level).

I think it makes perfect sense to call it "onion routing of email" or something along those lines -- we generally do talk about "routing emails" (as in from email program to local smtp server, from local smtp server via an ISP smtp server, then lookup via DNS for MX record, on to the gateway smtp server, and so on to the final destination(s)).

[ed: Not to mention one thing probably stays the same: who runs the best, free onion routers/gateways and mixmaster servers? Intelligence agencies...

http://veps.hypertekst.net/misc/anon-remail/

]

[gritzko]

Back in 2008 I was studying P2P networks. I've made a BitTorrent crawler by duct taping v8 and libevent (there was no node.js at the time). It took about 5 minutes to scan a fresh Dexter swarm of about 100K peers. Then, I had all the IP addresses and plenty of metadata (download progress, software used, etc)