[drdaeman]

> unable to prove your innocence

Here's the issue. Return presumption of innocence back and problem's solved.

Obviously, that's impossible in a real world.

> credentials for the anonymous party to use

That wouldn't be anonymous anymore. And there's no way to realistically force a single human to have only one credential - if one's banned they'll just generate a new one.

[devconsole]

It could be possible to enable someone you trust to use your infrustracture. You don't have to know who this person is. For example, this devconsole HN account that I'm using now is an anonymous HN account, meaning as long as Tor is secure, and I don't reveal myself through e.g. text analysis or timing correlations, it should be hard to figure out who I am. If I were to come to you and ask to use your infrastructure to help me maintain my anonymity, you may read my comment history and decide that you trust me not to do illegal things. Providing such a service would be extremely valuable, because if Tor is indeed not completely impervious, your extra layer of anonymity may be all that preserves one's privacy.

If an authority were to come to you and demand you cooperate in determining my identity, then there would be no way for you to oblige, except by providing them with a log of the VPN activity, or allowing them to set up a pen trap to log the VPN activity. At that point, the privacy is still as strong as the Tor network, so both Tor and this extra layer would have to fall in order to be unmasked.

(In practice, it's more complicated than that: your infrastructure would be a fixed endpoint, meaning that if it's compromised then an adversary would gain a log of your activity. That would provide an overall picture of what you're up to on the internet. Tor rotates endpoints, making it hard to piece together that info. So in practice a user should want your service to be something like a middleman between two different anonymity services. But that's outside the scope of this comment for now.)

This becomes a pretty attractive idea, because it's not necessarily a great idea to assume that Tor should be the world's one realistic defense. Since Snowden used Tor, you can be absolutely certain that various powers are going to take a keen interest in penetrating Tor. They may use dirty tricks to do it, such as joining the Tor project as an apparently-trustworthy developer.

Extra layers of defense such as the one outlined above may be worth pursuing.

[gknoy]

> It could be possible to enable someone you trust to use your infrustracture. You don't have to know who this person is.

Am I the only one to whom this sounds absolutely crazy? How can I trust you if I don't know who you are? (I mean the general you, not you personally, devconsole.)

Your comments could have been deliberately sanitized -- perhaps you have trolling accounts elsewhere that you are exceptionally good at keeping separate from this one, and spend time making this one look good. One could be posing as a mild-mannered Python developer here on HN, but be spending one's evenings being Super-Mallory the Malicious, trolling and trading illegal information.

I really want to be able to support things like mesh networks and Tor, but the very risk the GP noted (people will use your resources for Bad Things, and good luck defending from the feds) prevents me from being willing to do so. There's no way I would trust you or someone else that I don't personally know enough to use my resources, unless I were somehow able to keep meticulous logs which exonerate me from any activity they do. (And, I don't trust that such logs would even do that...)

Saying that you should be able to trust a stranger is like saying that you should be able to run a courier service for strangers where you have no idea whether they are transporting drugs or counterfeit money.

[drdaeman]

> Am I the only one to whom this sounds absolutely crazy? How can I trust you if I don't know who you are?

Well, cryptographers had invented a fancy thing called "ring signatures" that allows one to check whenever a signature belongs to someone in a group, but don't allow to determine who exactly that was. So, technically, it's well possible to remail anonymous (as far as belonging to a group does not break your anonymity) and be trusted at the same time.

But, unfortunately, I don't think F2F mesh networks would prosper anytime soon.

[iamwithnail]

While I don't disagree with you, at least in the UK, possession in a cache and in some circumstances, transmission of child abuse images is a strict liability offence, meaning intent doesn't come into it - I suspect it's the same in many jurisdictions. It's a ridiculous position, but it's still the reality for many.

[ensignavenger]

Are there any actual cases where someone was found guilty just for operating a computer/router/whatever that relayed information?

What is a piece of legislation says and what is actually "law" is often not the same, as the courts can interpret it however they want.

[iamwithnail]

There are a couple that stick in the back of my head, but I can't remember the names - I'll try and dig them out when I get home next week!