Comments on: Pretty Good Privacy, Pretty Bad Anonymity http://www.somethinkodd.com/oddthinking/2006/01/26/pretty-good-privacy-pretty-bad-anonymity/ A blog for odd things and odd thoughts. Wed, 10 Mar 2010 17:00:21 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Decloaking http://www.somethinkodd.com/oddthinking/2006/01/26/pretty-good-privacy-pretty-bad-anonymity/comment-page-1/#comment-14918 Decloaking Sun, 03 Sep 2006 09:47:51 +0000 http://www.somethinkodd.com/oddthinking/2006/01/26/pretty-good-privacy-pretty-bad-anonymity/#comment-14918 [...] The other reason for decloaking on girtby.net was that my identity had already leaked anyway. Yes, this post on OddThinking was written by me. Maintaining anonymity is hard. [...] [...] The other reason for decloaking on girtby.net was that my identity had already leaked anyway. Yes, this post on OddThinking was written by me. Maintaining anonymity is hard. [...]

]]> By: Sunny Kalsi http://www.somethinkodd.com/oddthinking/2006/01/26/pretty-good-privacy-pretty-bad-anonymity/comment-page-1/#comment-2819 Sunny Kalsi Mon, 30 Jan 2006 00:04:46 +0000 http://www.somethinkodd.com/oddthinking/2006/01/26/pretty-good-privacy-pretty-bad-anonymity/#comment-2819 It's interesting that you mention the inability of something that's supposed to verify your identity to anonymise you. I guess it's the implication of privacy that gives people the impression that what they do is secret, and hence nobody knows who they are. Even if you understand the technology, I think there's sometimes an underlying "feeling" of privacy which overlaps anonymity and secrecy. However, take two separate websites that work co-operatively. They both leave cookies on your machine (say, to track your buying habits). You could log in under two usernames and those two usernames would also be linked, merely from the act of logging in using the same web browser. This is similar to what you're talking about, except the information is not available to everyone. In any case, I'm thinking you could probably invalidate both keys (or really just the one) and claim that you were h4x0r3d. People could still see the invalidated key, but they'd probably (correctly) assume that they could no longer trust the identity, even if it contains both emails. It’s interesting that you mention the inability of something that’s supposed to verify your identity to anonymise you. I guess it’s the implication of privacy that gives people the impression that what they do is secret, and hence nobody knows who they are. Even if you understand the technology, I think there’s sometimes an underlying “feeling” of privacy which overlaps anonymity and secrecy.

However, take two separate websites that work co-operatively. They both leave cookies on your machine (say, to track your buying habits). You could log in under two usernames and those two usernames would also be linked, merely from the act of logging in using the same web browser. This is similar to what you’re talking about, except the information is not available to everyone.

In any case, I’m thinking you could probably invalidate both keys (or really just the one) and claim that you were h4×0r3d. People could still see the invalidated key, but they’d probably (correctly) assume that they could no longer trust the identity, even if it contains both emails.

]]>