[freehaven-dev] question "anonymous communications == anonymous storage?"

[dmolnar@belegost.mit.edu]

Question:
Are anonymous communications channels equivalent to anonymous storage?

Motivation:

At various points during the project, we seemed unsure as to what exactly
the difference is between what Free Haven does, and what previous systems
like anonymous remailers do. On the surface, there are big differences. We
have a trust system, we worry about big big files, and we think our user
interface will always look more like ftp than like e-mail. 

On the other hand, we noticed that it seems that any publication system +
an ideal anonymous communication channel could give the same aspects of
anonymity that Free Haven does. When considering legal aspects, it wasn't
clear whether new issues were raised over those already seen with
remailers.

The question is important because an answer will have to isolate those
aspects of storage services, if there are any, which necessarily affect
anonymity. That will allow us and others to concentrate on those, and
then leave the rest of the storage service to somebody else.

Problems with the question to address :

* definitions will determine the argument
* what notion of "equivalence" do we mean?
* What's the scope of the answer? How will the answer affect 
the way we build the next anonymous storage service?

Where to go :

Rivest suggested for consideration a system in which everyone is
identified, but data stays around forever. I think that this does not
acheive the goals we had for Free Haven - but which goals, and why?

Can query-anonymity be provided with an anonymous channel alone?

Is the answer to the question technically "yes", but we can become more
efficient or provide more kinds of anonymity if we modify the storage
service?

This question seems to be blocking on better definitions of 
"communications channel" and "storage service."