- Registration without email or phone. While email addresses or phone numbers seem not to matter that much if you have to submit an ID, photo or video, they are elements which could be linked to the rest of your data, making the construction of a fake identity easier. Thus, a registration based, for example, on a public key/private key pair (like on the Nostr network), is a little bit less dangerous.
I agree with risk from registration with email addresses or phone numbers. Non-tech users usually use one or two email addresses for multiple platforms that destroy privacy and even anonymity..Theymos used to share his opinion on it and 1miau has an excellent thread on risks of KYC.
BTW, email is a big privacy issue in general. It's too expensive (mainly time-wise) to create new email addresses, but if you use the same one, it creates tons of links. Ideally, you should use one email per service. I've had two ideas in this area:
First, you could create a simple email forwarding service like this:
- Without registration (but maybe with a tiny fee via eg. Lightning), take a user's email address, generate a random key, and use the random key to encrypt the email address.
- Also encrypt the email address with a server secret.
- Give the user an email address of the form [email protected]
- When the service receives email at a forwarding address, it decrypts the email first using its server secret, and then using the provided decryption key. Then it forwards the email to the email address
- To destroy forwarding addresses, users could provide the service with both their forwarding address and target address, and the service could then send a confirmation email.
This would be convenient, and it'd fix the problem of services being able to connect users across multiple sites through email-address reuse. But it trusts the forwarder not to log the per-email decryption keys or give up the server secret key. Though if multiple services like this existed, you could chain emails through them to increase security.
My second idea is:
- The user would be using his own software (like eg. Thunderbird or perhaps prontonmail). From this software, the user could instantly create low-capacity throwaway accounts on the server. Each throwaway account could be (or behave similar to) a POP3 account with low capacity (eg. 50MB) and quick message expiration (eg. 60 days).
- The client software would use Tor and careful polling to download all of the messages on its throwaway accounts without leaking to the server info about which accounts are connected. To improve anonymity and efficiency, you could perhaps use PIR, or the server could publish hourly/daily bloom filters meant to match email addresses which received mail in the time period. The client software would collect all of the messages into a single inbox for the end-user. Since it polls frequently, the client wouldn't have to worry about the low limits on the individual throwaways.
- The server could anonymously require a small one-time for each throwaway account by using blinded bearer certificates.
With this, the server shouldn't ever be able to connect any of the accounts together. You could also send mail from the throwaways.
The main thing necessary for this second idea is a really smart email client meant to juggle many throwaways. You also need a cooperative server allowing quick account creation (like cock.li), ideally via an API.
First, you could create a simple email forwarding service like this:
- Without registration (but maybe with a tiny fee via eg. Lightning), take a user's email address, generate a random key, and use the random key to encrypt the email address.
- Also encrypt the email address with a server secret.
- Give the user an email address of the form [email protected]
- When the service receives email at a forwarding address, it decrypts the email first using its server secret, and then using the provided decryption key. Then it forwards the email to the email address
- To destroy forwarding addresses, users could provide the service with both their forwarding address and target address, and the service could then send a confirmation email.
This would be convenient, and it'd fix the problem of services being able to connect users across multiple sites through email-address reuse. But it trusts the forwarder not to log the per-email decryption keys or give up the server secret key. Though if multiple services like this existed, you could chain emails through them to increase security.
My second idea is:
- The user would be using his own software (like eg. Thunderbird or perhaps prontonmail). From this software, the user could instantly create low-capacity throwaway accounts on the server. Each throwaway account could be (or behave similar to) a POP3 account with low capacity (eg. 50MB) and quick message expiration (eg. 60 days).
- The client software would use Tor and careful polling to download all of the messages on its throwaway accounts without leaking to the server info about which accounts are connected. To improve anonymity and efficiency, you could perhaps use PIR, or the server could publish hourly/daily bloom filters meant to match email addresses which received mail in the time period. The client software would collect all of the messages into a single inbox for the end-user. Since it polls frequently, the client wouldn't have to worry about the low limits on the individual throwaways.
- The server could anonymously require a small one-time for each throwaway account by using blinded bearer certificates.
With this, the server shouldn't ever be able to connect any of the accounts together. You could also send mail from the throwaways.
The main thing necessary for this second idea is a really smart email client meant to juggle many throwaways. You also need a cooperative server allowing quick account creation (like cock.li), ideally via an API.
