While not directly related to Anonymity, I also strongly recommend Warren and Brandeis: "The Right to Privacy" as reading on some arguments against the "... if you have nothing to hide"-arguments:
Anonymity itself is hard to maintain. There are generally two ways to do so:
1) Accounts can be obtained at a network which is KNOWN not to discover who the owners are. These accounts can then be used to open other accounts at other organizations and networks in a sort of graph, and eventually double back on themselves once or twice.
2) For networks which do not allow anonymous accounts, nor allow the use of other "anonymity-friendly" networks to authenticate with or create accounts, one would have to use account hijacking. That is to say, use an existing account belonging to an existing member. This should be done carefully, as the member might have to face consequences for any actions you perform with their account, if they are discovered. It is advisable to know whether the organization has a provision for dropping proceedings against members whose accounts have been found to be "hacked".
Of course, with all this, you would still have to make sure repeated communication does not bear any fingerprints that could be used to identify you. For instance: the language you use, the time of day you post, the location you post from, the subject you post about, all those things must have a sufficient number of possible candidates so as to make actually confronting them in person (or e.g. tampering with their internet connection) infeasible or unattractive.
I figure since this is Hacker News, it is a good place to post this analysis.
"Of course, with all this, you would still have to make sure repeated communication does not bear any fingerprints that could be used to identify you."
This is one area where things get really interesting. Here's one of my favourite DEFCON talks, wherein Tom Ritter de-anonymizes users of an anonymous message board, based on these sorts of fingerprinting techniques.
This seems like an excellent list on first glance. Is there a similar "practical advice" type of list.
Sadly, I tried to imagine I'd need to be as anonymous as possible and couldn't even figure out how to get an untraceable email address (legally).
My basic thought was to use some public WLAN (hoping for no MiTM), ideally not close to where I actually live and then use Tor to create a Hushmail account (as I recall the EFF recommends it).
Alas it seems that's already flawed since a quick websearch suggests Hushmail cooperates with government agencies.
Admittedly I haven't spend a lot of time researching available options but I think it's pretty hard to even get step 1 right. I can only imagine how hard it must be for someone who isn't tech saavy at all.
Free Software Foundation recommends [0,1] http://posteo.de email provider. They consider privacy as one of their advantages. You can even send them money in an envelope (1 euro/month) without a return address and they will accept the payment.
Thanks, this seems to be pretty much what I was looking for. The two conceptual hurdles I ran into were.
1) If it requires payment there's a trail
2) Most other solutions usually require some sort of reference mail/postal address or phone number.
Those are great. Other favourites from the list are:
1) The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval
2) Mixminion: Design of a Type III Anonymous Remailer Protocol
3) On the Economics of Anonymity
The third in particular is interesting, because it analyzes the social roadblocks to deploying decentralized systems. Everyone knows that decentralized systems are technically challenging, but very few people consider the issue of actually incentivizing people to contribute to your network once you get it working, until it's too late.
Mixminion is abandoned, so I wouldn't use it for anything other than research purposes. You should be verifying signatures of important software like this anyway, not relying on HTTPS to give you a trustworthy download.
If interested in pseudonimity, an interesting keyword is "Direct Anonymous Attestation" -- the protocol was first invented in the context of the Trusted Computing and generated a lot of interesting research.
http://groups.csail.mit.edu/mac/classes/6.805/articles/priva...