22 comments

[ 2.7 ms ] story [ 44.0 ms ] thread
I wish society would just become more inclusive.
That's not the problem in so many cases. If you ever try to do anything remotely adversarial (investigative journalism, whistleblowers, for example), you'll find that the anonymity problem goes far beyond cultural inclusivity. That said, strong anonymity doesn't really solve everything since metadata/sentence structure is still damning.
I'm not offering a perfect solution. I just think it'd help.
Believe me, I completely agree. It's the number one problem I face on a daily basis and it fills me with stupid amounts of desperation that seems to only make matters worse. For me, 'fixing' the lack of inclusivity is the number one thing that should be worked on as a society if we ever want our future generations to live contently. The problem with talking about inclusivity is that in many ways it seems to be a symptom of a much larger set of problems. It's an enormous problem that won't fix itself and there are things that you can do to help, even with small contributions.

Find something to fix and, well - fix it. No matter how difficult or time consuming it is, it'll at least give you a perspective into where problems truly are. There are loads and loads of addressable problems which may not fix anything now, but it can set the foundation for ten years from now. Voting isn't your only course of action.

Finding ways to fix niggling class/social/economic issues is a great start and I highly recommend that you try. My personal project along these lines is to find invalidly created parking tickets in Chicago. The hope there is that it will reduce the stress of lower income communities and give them a bit more financial freedom to get out of bad situations.

If you want to talk about this more, I'd love to - hubblefisher at gee mail

We all emit information constantly by just existing. The only equilibrium is complete transparency. Which, if it was universal, would be a great outcome!
Not the dominant strategy, unfortunately.
(comment deleted)
>The only equilibrium is complete transparency. Which, if it was universal, would be a great outcome!

The problem with this is it also needs to be matched by universal processing power.

If the NSA released to you every financial transaction it had ever made, no matter how trivial, you'd be so completely swamped by information you'd never be able to store it, let alone process it.

Transparency doesn't do anything on it's own, it has to be backed by scrutiny.

> You can be very sure that the anonymous person you communicated with last week is the same anonymous person you are communicating with and potentially transacting with today.

> You can be very sure that your pattern of transactions will not reveal who you are.

How are these not mutually exclusive?

I can understand how the first one would work with a digital signature, but seems like you'll still need to trust the person you're transacting with to not reveal your history.

Mathematically you can do it with ring sigs. I have developed some related tech at mooti.co
If "You can be very sure that the anonymous person you communicated with last week is the same anonymous person you are communicating with and potentially transacting with today." that person DOESN'T have strong anonymity.

If "You can be very sure that any transaction you make cannot be disputed." then you DON'T have strong anonymity.

But it uses blockchains, and blockchains are magic. Distributed blockchains with VC funding, no less.
I could not find a non-paywalled definition of strong anonymity. The closest I got was the abstract for a paper by Kawai et al (2009) that claimed it would define the term, but failed to do so in the abstract.

I've also done a search for strong anonymity and deniability and I don't see anything that indicates there is a link. I wonder if there is a problem with definitions here. Can you give a link to what you think of as strong anonymity?

FWIW, I spent a minute with Google and found this (and hopefully copy and pasting this link has meaning).

https://books.google.com/books?id=JTKHDAAAQBAJ&pg=PA231&lpg=...

Interesting. Although you will note that in their definition, one of the parties (the bank) knows the identity of the customers. By tracing the transactions, they can deduce the identity. The original article specified pseudonymous transactions, so either the system is trivially strong privacy or (more reasonably) this definition is not really suited to this discussion.
I don't know if these considerations are that widely shared.

Personally I think of three lines of attack:

1. I own my data and should be able to sell my data. For all kind of reasons. Sometimes sharing data will protect my privacy! https://www.linkedin.com/pulse/evil-postman-anne-van-rossum?...

2. It should be possible to define laws that forbid to copy. I'm fine with sharing my data at a particular moment for a particular purpose. If that party would be forbidden to copy that data I have a chance that I actually can "have the right to be forgotten". Every time a person requires that data it would need to do another request. This is kind of the idea behind https://www.qiyfoundation.org/ (based on blockchain, but that's irrelevant here).

3. My ideal scenario is not having unencrypted data at all: homomorphic encryption, see https://en.wikipedia.org/wiki/Homomorphic_encryption.

I just copied your data by reading this comment, though.
Not storing data might be limited to substrates where it can actually be deleted indeed. :-) I'm not arguing for deleting memories. ;-)
How can I be strongly anonymous without having a personality. Isn't my personality a pattern that can be traced?
Anonymity is not privacy, privacy is the level of agency one has over their own information and it's dissemination.

Technically anonymity is antithetical to privacy these are two different concepts and I am really sick of them being mashed together.

Anonymity allows you to disclose information that cannot be attributed to you hence you as an individual has no agency over it, you can't anonymously share an intimate secret in private with some one since you are both anonymous.

Relying on anonymity is generally a poor tactic to control privacy because you and the ones you share information with have no visibility on what is going on.

You are also effectively racing against the ability of adversaries to be able to reveal your identity which isn't a fight you will be winning.

Privacy:

Alice shared [SECRET] with Bob; Eve can't read it;

Anonymity:*

Anon shared [SECRET] with Anon; Eve knows she didn't share or get anything, so Alice and Bob are talking, Bob doesn't know if he shared his secret with Alice; Alice doesn't know if she received the secret from Bob.

*If Bob and Alice shared identifying information prior to sharing a secret there is no anonymity between them, this is in the domain of privacy.

I think they mean anonymity from the ISP/phone maker/app. Merely exchanging certificates in some trusted manner first turns your anonymity example into the privacy one.

And cert management is probably 'just' a UX/education issue at this point

You need to be careful with that, because anonymity reduces privacy.

Let's get rid of Eve for a moment.

Say Alice has a secret that she loves tomatoes, she wants to share that secret with Bob.

She can go to Bob and whisper "I love tomatoes" in his ear, in this case Alice has high degree of privacy because she knows (or has very high confidence) she is talking to Bob, she can verify that they are alone and take additional precautions, in this case she also shares the least information possible needed to convey her secret to Bob, and is not forced to share any additional information.

Say Bob has a secret that he's scared of Flamingos, he wants to share this secret with Alice.

Alice is away on a trip so Bob and Alice use an anonymous messaging app.

Bob now effectively has less privacy because the level of privacy is directly tied to the confidence that Bob has that he is talking to Alice, Alice also has less confidence that she is talking to Bob. Bob can't know for sure he is sharing his information with Alice, and he doesn't know if the party that received that information would respect Bob's privacy, Alice doesn't know for sure the information came from Bob and she might not know she needs to keep that information a secret.

If Alice and Bob share additional information to prove their identity the level of privacy is also reduced both because they had to create additional identifiable (and hence private) information, and they were forced to share information beyond what is needed hence losing agency over what information they would like to share.

The 2nd thing many people confused or mix anonymity with is "deniability" (to an outside observer) or the fact that one cannot prove that 2 parties have exchanged information; in this case anonymity is again a problem since a system that is truly anonymous whilst providing deniability does not provides privacy, and a system that is not truly anonymous whilst providing some privacy does not provides deniability since it forces parties to exchange high confidence identifiable information in the process.

You can have a system that is (~)100% private and is (~)100% deniable for example you can have a network of nodes in which all nodes talk to one another at a constant rate the information is either fed from the node operator when they want to send a message or from a random source and all traffic is encrypted so your information is both private and deniable.

Another setup is some sort of random path routed network similar to TOR or any other onion/pass-the-package router in which when a node sends a message to another node that message would go through a random number of nodes and no node but the destined one would know if it's the final node or not, if nodes on this network are also authenticated and the messages are strongly signed this would both provide deniability and privacy.

Now likely there aren't non-theoretical solutions that are 100% of anything, but people really need to stop relying on anonymity for privacy, in the worse case you have no privacy because you don't know who you talking too, at the best case you have no-anonymity because you have to generate and send identifiable information which also reduces your privacy.