Hello !
I'm wondering if there's some blogging mechanism which would allow some sort of unique digital signature (PGP perhaps) to prevent personification, but which allows non traceable and fully anonymous author. Not looking for blockchain like stuff (apart from the layer Monero adds, blockchains are totally transparent, traceable and non anonymous). Not looking for bigotry, attacking people or anything like that.
The idea is to be able to share ideas, even corporate related, without being afraid of retaliations whether at work, corporations or governments. Expressing something at pubic might bring unexpected consequences, particularly if not aligned by the corporation one works on if that's the case, or might provoke AI, bots, or paid/unpaid people looking around, to include anyone in a particular list, without even warning the writer about it.
So I was looking if such thing is possible, and if it exists. Social networks of course wouldn't be an option, they're not anonymous, and at contrary can be used to cross-reference and trace people.
If such solution doesn't exist, I'm wondering if something based on gnuNet might get close, although gnuNet is not meant to make users anonymous. Or perhaps something based on i2p.
Of course the digital signature should be used exclusively for the blog posting, and can't be associated to any real email, host, or whatever...
Feedback on the blog posts should also be allowed to anonymous people with their own unique digital signatures. But this is harder, since depending on the technology, not sure if moderation would be allowed, or even if it would make sense, in which case, no blog feedback should be allowed, though no feedback is really a down side for blog posts. Maybe allowing just the original post to remove feedback. Some other down side, but that's unavoidable, is the lack of non on thread feedback, meaning giving feedback through email or any other medium, since if that was available would make the writer non anonymous...
If such thing is not available, and eventually based on something like gnuNet or i2p, most probably clients would be needed to write blogs but another one that would offer some sort of RSS/atom functionality for the blog to be accessible from current RSS/atom readers.
You mentioned PGP already, but this is exactly what that technology was designed for. You can sign the post with your private key, meaning anyone with the public key can verify its authenticity, and sites such as GitLab make use of this for signing code commits to prove it came from the author listed on the commit. A scaffolding utilizing PGP for blogging may already exist. You'd have to enter your PGP passphrase to seal the post. In fact, you may be able to take advantage of the exact mechanism GitLab and others are already using by publishing by way of a signed git commit, and displaying like a green lock or something on blog posts that are authenticated.
You rule out social networks, but why? Wouldn’t a fediverse microblogging (or full blogging) platform work fine for the purpose? Just pick an irrelevant username and a strong+unique password and only access your account through tor using any and all relevant best practices.
Given you want the continuity of the author preserved, I don’t see the functional difference between the posts being associated with an anonymous account and them all having your public key. Am I missing something?The issue with social networks is the account requirement. Even though decentralized, they still require servers with accounts. If you, to prevent not being able to access at some point included an email, and the server gets hacked, then there you go.
Perhaps is a mistake of mine, to think social networks are not anonymous enough. Maybe they are. But tracking mechanisms are so sophisticated now a days, than the need for an account make me think they won't ever be. That's why I excluded social networks. Perhaps it's the only option as of Today though.
I didn’t consider account recovery, that’s a good point. Personally I don’t usually bother with it for anything I want to be private - if I lose it I lose it lol.
It’s still not perfect, but some of the private email hosting providers like proton have email aliases, so you could use one for recovery without giving any info to hackers (assuming you trust the email provider). Definitely less secure than only a public key being exposed, but maybe an acceptable tradeoff for the convenience of an existing established solution?