Design of a simple truly anonymous email system for all

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
In view of the tendency of certain governments to put the electronic
communication of common people under increasingly intensified
surveillance [1], it may be worthwhile IMHO to consider the possibility
of a relatively simple to be realized email system that provides truly
anonymous communication of (albeit fairly) limited capacity to
everybody. (The result of a recent discussion elsewhere was that e.g.
Yahoo's free email accounts and internet cafes in combination couldn't
achieve that goal, since certain genuine personal data are known to the
provider.) Lacking knowledge, I am sketching below a proposed
preliminary rough design, in the hope of eventually obtaining
improvements from critiques and comments of the experts.


(A) Someone (hereafter designated provider) in a democratic country with
     comparatively liberal policy with respect to IT surveillance has the
     resources and the right to run a server.

(B) Ordinary mails by post from the users to the provider are not

Mode of operation:

(a) Anyone can via an anonymous ordinary mail inform the provider a
     pseudonym and a corresponding password.

(b) The provider publishes on his webpage a list of the pseudonyms and
     the alloted serial numbers of the accounts.

(c) The user can have at anytime a limited number (say 10) of posts of
     limited length (say 25 lines of 80 bytes) sent via an input
     window in the webpage of the provider and stored in his account in
     a FIFO manner.

(d) Anyone is free to view the content of any account via the account
     serial number or the pseudonym of the sender.

Some discussions of my own:

(1) Concerning (B): A user from a highly non-democratic country may be
     able to let a friend living somewhere else to register for him.

(2) If the posts are well encrypted and with authentication (containing
     date and message serial number), even the provider couldn't do
     anything evil. For the worst case would be bogus posts, from which
     the communication partners would very soon learn of the defect. It
     is of course assumed that the password system is ok such that no
     outsider can post into a foreign account.

(3) Possible financial problems could be solved via free donations from
     sponsors or users (including banknotes sent via ordinary mail) or
     allowing some commercial stuffs in the webpage of the provider.

(4) An attack through large amounts of bogus registrations is unlikely,
     for that is not done electronically but via ordinary mails, which
     costs something. I am not sure that server capacity exhaustion
     absolutely couldn't occur eventually but surmise that's in any case
     sufficiently satisfactorily solvable, e.g. through an expiration
     data of the accounts, raising a small amount of registration fees
     or yearly fees (with banknotes sent via ordinary mail), etc.

(5) Of course a provider with goodwill is assumed. Hopefully there would
     also be more than one such providers for any user to choose from.

(6) Mirror sites at different geographical locations may be considered
     in order to somewhat enhance the availability of the service in
     unexpected adverse situations. Surely the system would fail to
     function under the attack of an opponent who is mighty enough to
     break even certain fundamental security components of the internet
     communication, in particular the digital signatures. (Nevertheless
     no secret will be lost, as long as the encryption done by the user
     is strong enough.)



Re: Design of a simple truly anonymous email system for all

Quoted text here. Click to load it

If I understand correctly, you are describing a Twitter-style microblog
that allows users to create accounts by postal mail and supports encrypted

(I assume you are aware of the newsgroup alt.anonymous.messages.)

Thor Kottelin /

Re: Design of a simple truly anonymous email system for all

Am 06.04.2012 13:05, schrieb Thor Kottelin:

Quoted text here. Click to load it

To be honest, I had missed that group till now, for I very seldom
look into alt-groups.

Note that in my proposal nobody can use the pseudonyms of others,
which is an essential practical advantage IMHO.

M. K. Shen

Re: Design of a simple truly anonymous email system for all


(7) The user should change his password at the first trial so as to
     ease the security measures to be taken by the provider.

(8) Of course all posts into an account should be done exclusively
     from an anonymous location, e.g. an internet cafe or a call shop.
     Reading of posts should also be done from an anonymous location
     so that no correlations could be done.

M. K. Shen

Site Timeline