gpg for anonymous users - Alternative to the web of trust?

Johnicholas Hines johnicholas.hines at gmail.com
Tue Mar 26 18:36:07 CET 2013


The question is how to distinguish yourself from a nation-state's covert
agency purporting to be an individual interested in anonymity; you need to
do something that the agency would find difficult to do.

Getting your name and key into difficult-to-corrupt archives will start a
timer - eventually you can point to the archives as evidence that you are
not a newcomer. Even an agency would find it difficult to change history.

Spending money or effort forces a covert agency to also spend money or
effort to replicate your behavior. For example, if you sent someone a
bitcoin, they would have to spend some dollars to establish themselves as
comparably credible. Unfortunately, they have deep pockets. Effort might be
preferable to money, since leaves more ways that a covert agency might make
a mistake, behaving in some characteristic way (e.g. some sort of automatic
authorship attribution software might become available that revealed them
to be a team rather than an individual). Steady effort at releasing patches
over a decade might be moderately credible.

Johnicholas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130326/d7fd3919/attachment-0001.html>


More information about the Gnupg-users mailing list