>Eric quotes someone: >>At a minimum, I would use encryption techniques on *every* anonymous or >>pseudonymous message. I've seen postings using PGP and other public key >>schemes; that's a step in the right direction. Plaintext *cannot* be >>considered secure or confidential in today's network environment; no >>'alias server' or third-party email forwarding can provide the level of >>privacy/confidentiality you want. Eric responds: > What does PGP do for you? What you want to hide is the identity of the > sender - username, hostname, full name. The header isn't going to be > encrypted. PGP buys you nothing. Plus, I wouldn't entrust my safety to an > algorithm such as PGP or RSA. If the contents of a message cannot be determined to be controversial, what difference does it make if everyone knows who sent it? A plot to hijack an aircraft carrier could be freely discussed on a list for homemakers baking for state fair competitions. If only criminals, revolutionaries and terrorists were using encryption, major code breaking technology could be marshalled to intercept and read all encrypted traffic. On the other hand, if encryption became widespread--remember, it's just software that could be quite invisible to the user--then code breaking efforts would be used only when other reasons exist to suspect something illegal. Why couldn't a user wanting privacy encrypt his posts, send them by modem to a remote service offering anonymous posting, and post the encrypted traffic anonymously from there? If the owner of the anonymous posting service kept his records encrypted, how would anyone find out who the original author was? Years ago in one of the first issues of OMNI I read an article on the effect that computers would have on privacy. At the time it was commonplace to do a lot of handwringing about the supposed loss of privacy that would be effected by the new computer technology. The article was written by a couple of mathematicians who claimed that computers would make encryption so easy that codes could be generated that would be EFFECTIVELY unbreakable, not PERFECTLY unbreakable, but requiring so much CPU time to decode that no one would bother. I spent several years working as a locksmith. There are no locks or security systems that cannot be defeated. But there are many that make it easier to go elsewhere to break in. As locks and alarms become more sophisticated, so do thieves. But the reverse is also true. Wouldn't it be that way with encryption? It seems to me that with encryption, practical privacy can be achieved even though absolute privacy will remain forever beyond our reach. Eric is right, encryption would fail to solve the problem of the unencrypted header. On the other hand, if the message is encrypted, how does a snoop know whether it contains anything worth following up? He could ferret out a poster that is merely sending a Christmas letter to his mother. Why bother? -------- All my opinions are tentative pending further data. -------- -------------- John W. Redelfs, [log in to unmask] --------------