Anonymous but verifiable identities

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Be nice to know that a signature means a certain person, even though that person desires to be anonymous and we respect that.

If the server code could get a chunk of data (say, the sender IP address) and hash it together with the sender email address (or pseudonym) it could create a reproducible but inherently meaningless hash value. The hash value would not have enough data in it to reconstruct the IP or whatever.

This value could be printed after the post, and readers could use the value to verify that the person XXX that posted a message was the same XXX who posted some previous message, etc. No need to maintain on a database of addresses, other than the thread itself. Just print and forget.

-- bw (home@puget.sound), June 23, 1999

Answers

how bout all us dialupers who get a different IP address with each log on?

Might be better to require that every poster have an email (hotmail, yahoo, what ever free service) and mail them a logon password. Then require a log on ....

This works at lots of other sites.

-- might (not@work.com), June 23, 1999.


bw... just ask Bill Gates. I understand he has all that information in a database. Maybe he would share. Where IS his island anyway?

-- Linda (lwmb@psln.com), June 23, 1999.

The assigned password approach is used on the Gold Forum at www.gold-eagle.com, and seems to work very well. The password is e-mailed to a real e-mail address that you provide when you register, but the e-mail address (and the password, obviously!) are kept confidential.

(Note to Andy: Now you've got me over there quite a bit! Great site!!)

-- Jack (jsprat@eld.net), June 23, 1999.

At least some of us post from multiple computers. Are you implying that some of you only have one computer and one internet connection? That's ok. In another few months, none of us may have internet connections...

-- Mad Monk (madmonk@hawaiian.net), June 23, 1999.

Yeah, I thought of that afterward. I'm an old mainframe geek, and this internet stuff is new to me.

How bout this: If I *choose* to sign a post, I include a line in the format [sign:xxxx] where xxxx is whatever I want to use. The forum parses for that, deletes it, hashes the xxxx that along with my pseudo-email or whatever, and posts the hash result. Works from anywhere.

The only way to forge someone else's is to know the hash and back calculate (computationally difficult) or trust to luck.

-- bw (home@puget.sound), June 24, 1999.



Moderation questions? read the FAQ