In view of the tendency of certain governments to put the electronic
communication of common people under increasingly intensified
surveillance , it may be worthwhile IMHO to consider the possibility
of a relatively simple to be realized email system that provides truly
anonymous communication of (albeit fairly) limited capacity to
everybody. (The result of a recent discussion elsewhere was that e.g.
Yahoo's free email accounts and internet cafes in combination couldn't
achieve that goal, since certain genuine personal data are known to the
provider.) Lacking knowledge, I am sketching below a proposed
preliminary rough design, in the hope of eventually obtaining
improvements from critiques and comments of the experts.
(A) Someone (hereafter designated provider) in a democratic country with
comparatively liberal policy with respect to IT surveillance has the
resources and the right to run a server.
(B) Ordinary mails by post from the users to the provider are not
Mode of operation:
(a) Anyone can via an anonymous ordinary mail inform the provider a
pseudonym and a corresponding password.
(b) The provider publishes on his webpage a list of the pseudonyms and
the alloted serial numbers of the accounts.
(c) The user can have at anytime a limited number (say 10) of posts of
limited length (say 25 lines of 80 bytes) sent via an input
window in the webpage of the provider and stored in his account in
a FIFO manner.
(d) Anyone is free to view the content of any account via the account
serial number or the pseudonym of the sender.
Some discussions of my own:
(1) Concerning (B): A user from a highly non-democratic country may be
able to let a friend living somewhere else to register for him.
(2) If the posts are well encrypted and with authentication (containing
date and message serial number), even the provider couldn't do
anything evil. For the worst case would be bogus posts, from which
the communication partners would very soon learn of the defect. It
is of course assumed that the password system is ok such that no
outsider can post into a foreign account.
(3) Possible financial problems could be solved via free donations from
sponsors or users (including banknotes sent via ordinary mail) or
allowing some commercial stuffs in the webpage of the provider.
(4) An attack through large amounts of bogus registrations is unlikely,
for that is not done electronically but via ordinary mails, which
costs something. I am not sure that server capacity exhaustion
absolutely couldn't occur eventually but surmise that's in any case
sufficiently satisfactorily solvable, e.g. through an expiration
data of the accounts, raising a small amount of registration fees
or yearly fees (with banknotes sent via ordinary mail), etc.
(5) Of course a provider with goodwill is assumed. Hopefully there would
also be more than one such providers for any user to choose from.
(6) Mirror sites at different geographical locations may be considered
in order to somewhat enhance the availability of the service in
unexpected adverse situations. Surely the system would fail to
function under the attack of an opponent who is mighty enough to
break even certain fundamental security components of the internet
communication, in particular the digital signatures. (Nevertheless
no secret will be lost, as long as the encryption done by the user
is strong enough.)