[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:




> Well, I don't agree that doubleblind is a great idea.

Neither do I. But many of the users of anon.penet.fi are
not very computer-and-email-literate, and they have been using other
services, providing double-blind. Unfortunate, but too late to change now...

What we can do is to provide better ways for those who *are* computer
literate enough to use extra headers etc.

> > Evidentally there is positive harm that can occur by automatically
> > anonymizing all messages which pass through a remailer.  ... For
> > anonymous posting and for mail to a non-anonymous address, it's more
> > reasonable to assume that anonymization is desired.  ... But when
> > sending a message to an anonymous address, it's not known whether the
> > sender wants to be anonymized or not.
> 
> I think it's imperative that the sender use X-Anon-To to be
> pseudonymous.  This is consistent with the principle of least
> astonishment.

But in this case I feel the principle of least astonishment is overruled
by the principle of least risk of accidental exposure.

> > Also, I have seen proposals that anonymous ID's should be made less
> > recognizable, so that instead of [email protected] we would have
> > [email protected].  In such a situation it might be tedious to
> > scrutinize every email address we send to (via replies, for example)
> > to make sure it isn't a remailer where you have an anonymous ID.
> 
> It would be a real boon to make pseudonyms less prominent -- this
> seems to have kicked over a hornet's nest on USENET (even though
> pseudonyms have been quietly in use for years).  But were this the
> case, scrutiny would be an understatement.

I think that hornet's nest needed to be kicked. But I am also
disappointed that not enough people defend the need for anonymity in
places like news.admin.policy.

I think pseudonyms *should* be prominent - as you have noticed, anon.penet.fi
adds an explicit warning at the end of every message.

> > All in all, I think some changes need to be made in how anonymous
> > addresses are used and implemented in order to provide reasonable
> > amounts of security.
> 
> I agree that more discussion is in order.  I'm especially concerned 
> about the broader issues regarding anonymity through remailers.

Agree 100%.

	Julf