White Paper


   Reptile (SCDS)
   User Content License



An Annotated OpenPrivacy Bibliography

Net Anonymizers
Nym Providers
Smart Contracts
Trust Management
Related Crypto
Money & DSigs
Mobile Agents
Current 1-to-1
More links

Net Anonymizers

Securely anonymize net interaction (note: for near 100% security, a smart-card, dongle or floppy-disk and local client software - such as supplied by zero-knowledge - would be required.)
a service that allows you to surf the web without revealing any personal information
Crowds operates by grouping users into a large and geographically diverse group (crowd) that collectively issues requests on behalf of its members
iProxy: An Agent-Based Middleware
"designed to give Internet users the privacy that they deserve and to counter the attempts by certain organizations and groups to police the minds of people participating in a global community."
anonymity for content providers in the World Wide Web
Mixmaster Type II Remailers
Mixmaster is the next generation of remailers, using advanced techniques to make most methods of tracing remailed messages useless.
or do you want to use
Mixminion: A Type III Anonymous Remailer
a software suite that lets you send and receive very anonymous mail
Onion Routing
a research project of the U.S. Navy
born from the Lucent Personalized Web Assistant (LPWA)

Nym Providers

secure nyms from Zero-Knowledge
allows you to send and receive E-mail pseudonymously
a web based PGP encrypting NYM re-mailer for hire ($14).

Distributed, censorship-resistant publishing

Free Haven
a system for distributed data storage which is robust against attempts by powerful adversaries to find and destroy stored data (uses reputation mechanisms to enhance transaction efficiency)
a peer-to-peer network designed to allow the distribution of information over the Internet in an efficient manner, without fear of censorship.
A distributed file store is a shared virtual space into which you can put, and from which you can get, files. MNet creates a digital marketplace for the exchange of idle disk space, bandwidth, and CPU cycles.
OpenPrivacy ran a beta test
a Web publishing system that is highly resistant to censorship and provides publishers with a high degree of anonymity
OpenPrivacy ran a beta test

Smart Contracts and Negotiation

Smart Contracts
Nick Szabo's home page
The Idea of Smart Contracts
Contracts with Bearer [local copy]
Smart Contracts page by
OASIS cover pages:
Open Digital Rights Language (ODRL)
Extensible Rights Markup Language (XrML)
Digital Property Rights Language (DPRL)
Platform for Privacy Preferences (P3P)
References for P3P Implementations and Privacy Negotiation Services

Trust Management

Attack-resistant trust metrics for public key certification by Raph Levien and Alex Aiken
also: A Distributed Trust System (Advogate article thread from 19 March 2001)
Spontaneous Trust by Ben Houston, Brian Rowe and Kris Lyon (2000)
Supporting Trust in Virtual Communities by A. Abdul-Rahman and S. Hailes, Proceedings of HICSS 33, Maui, 2000.
also:A Distributed Trust Model (earlier work by the same authors)
Using the KeyNote Trust Management System by Matt Blaze
RFC 2704: The KeyNote Trust-Management System
Weaving a Web of Trust by Rohit Khare and Adam Rifkin

A Reputation System to Increase MIX-net Reliability by Roger Dingledine, Michael J. Freedman, David Hopwood, David Molnar, Preproceedings, Information Hiding Workshop, Mar 2001.
Crypto Anarchy and Virtual Communities by Tim May, 1994. Makes some interesting points re: "reputation capital"
OpenPrivacy - Enhancing the Internet with Reputations by Fen Labalme and Kevin Burton (2001)

Related Crypto Links

Capability Computation
A Capability combines Designation with Authority. -- Norm Hardy
OpenPrivacy uses capabilities as the foundation of its security architecture
a new suite of Internet protocols that perform the function of DNS, TCP, and UDP in a manner that's both untraceable and untappable.
IP Security Protocol (ipsec)
designed to flexibly support combinations of authentication, integrity, access control, and confidentiality
Linux FreeS/WAN
building an open-source implementation of IPsec for Linux
Netscape Security Services (NSS)
NSS for Java (JSS)
OpenBSD's crypto page
PGP International
The GNU Privacy Guard
A Simple Distributed Security Infrastructure (SDSI)
SPKI/SDSI Certificates
Common Data Security Architecture (CDSA) by Intel
CDSA sourceforge code repository
XML Security Suite for Java (IBM)
This is essentially an implementation of public standards. Please email and ask them to release this excellent enabling technology - otherwise, we (or someone else) will simple have to recreate it.

Electronic Money and Digital Signatures

Capability-based Financial Instruments
a cryptography neutral abstraction enabling smart contracts
Coins of the Realm
excellent comic describing direct payments and touching on micropayments and reputation mechanisms
Collusion in a Multi-party Communication Protocol for Anonymous Credit Cards
a novel scheme to implement an anonymous credit card that protects privacy while providing the security, record-keeping and charging mechanism of conventional credit cards
Digital coupons
A good idea, but the current implementation sells your privacy for a discount
Fair Blind Signatures
Blind Digital Signatures and Their Application
Financial Services, E-Commerce and the Web (MIT Sloan School)
eCommerce Research Forum

Mobile, Collaborative Agent Research & Technologies (see also - IBM's aglets site)
Building Agents Supporting Adaptive Retrieval (BASAR, 1995)
Collaborative Agent Technology System (CATS, University of Maryland, 1997)
a full-featured framework for development and management of network-efficient mobile agent applications for accessing information anytime, anywhere and on any device supporting Java
Foundation for Intelligent Physical Agents (FIPA)
Infospheres Project (Caltech)
Intelligent Software Agents (Carnegie Mellon)
MASIF (Mobile Agent System Interoperabilty Facility)
MIT Media Lab Software Agents Group
Mobile Code Bibliography
Security in Mobile Agents
Socially Intelligent Agents - "The Human in the Loop"

Current Business 1-1 Marketing Infomediaries

In general, these companies violate privacy by collecting, mining, sharing and selling personal data without express permission.
combines "a rich, stylish selection of focused editorial content, a powerful suite of personal management tools and an intelligent range of eCommerce opportunities"
Broadcatch is the grand daddy of infomediaries, tracing it's history back to Fen Labalme's 1981 MIT thesis NewsPeek. Broadcatch incorporates genetic algorithms and human aided learning to enable specialized and even intelligent infomediaries.
eBay's reputation mechanism is perhaps the first on-line example of reputation being applied to a particular individual in a community economy.
"See when you are being watched on the Net"
"Choose your level of privacy protection"
"Learn what you need. Sell what you know. Become an Ithority."
developing ferociously cool and socially responsible open source technologies which empower people to easily take control of and, if desired, profit from their personal information
MEconomy may be a first user of the OpenPrivacy Platform (OPP)
Net Perceptions
Collaborative filtering "recommender" engine
Open Ratings
performance ratings services to help purchasing professionals evaluate and monitor suppliers and complete transactions with confidence
separating users' actions from their identities and allowing them to store data in our servers, we provide privacy both for a single Web browsing session and across multiple sessions.
"When you build your Persona, you determine how it will negotiate all interactions with the web sites you visit. Once built, your Persona manages these negotiations automatically so you don't have to think about it. We like to think of Persona as your negotiator on the web."

Information Aggregators

The COntext INterchange (COIN) Project
Aggregator Research
Customer Privacy Exchange (CPEX) [closed: see OASIS cover page]
A proposal to facilitate online trade in customer data.
Members include many many already on the wall of shame: Andromedia, Digital Impact, DoubleClick, Engage, Harte-Hanks, net Genesis and others

Links to Other Resources pages (link resources from Fen Labalme)
Cryptography & Cypherpunk Resources
Cyber Rights
Privacy on the Internet
Critique of Net Worth
Crypto Bibliographies
Advances in Cryptology -- EUROCRYPT Bibliography
Advances in Cryptology -- ASIACRYPT Bibliography
Index of Cryptography Papers Available Online (Counterpane)
The Electronic Frontier Foundation (EFF)
"Anonymity/Pseudonymity" Archive
"Privacy, Security, Crypto, & Surveillance" Archive
An Infomediary Approach to the Privacy Problem by Fen Labalme and Jad Duwaik
Junkbusters links page
the Organization for the Advancement of Structured Information Standards, is a non-profit, international consortium that creates interoperable industry specifications based on public standards such as XML and SGML, as well as others that are related to structured information processing
A privacy policy clearinghouse
Privacy Rights Clearinghouse
see also their excellent links and legal resources
Ron Rivest's home page
The "R" of "RSA," he maintains an excellent set of cryptography links
"the pragmatic Web surfer's guide to Internet privacy"


Omnibus Lexicon Definition
An infomediary, or information intermediary, is a trusted person or Web-enabled organization that specializes in information and knowledge services for, about and on behalf of a virtual community. The infomediary facilitates and stimulates intelligent communication and interaction among the members of the virtual community. It administers and cultivates a proprietary knowledge asset that contains content and hyperlinks that are of specific interest to the community. In accordance with the privacy constraints that are mandated by the virtual community, the infomediary gathers, organizes and selectively releases information about the community and its members in order to fulfill the needs of the virtual community. The concept of virtual communities, and their significance to the marketplace, is examined in the book entitled Net Gain (Hagel and Armstrong, 1997); the infomediary concept is discussed on pages104-105.
Word Spy
Information + intermediary. A company that collects personal data from consumers, markets that data to businesses while maintaining consumer privacy, and offers consumers a percentage of the brokered deals.
"Tipping the balance of power in favor of consumers could create a new industry in the future: agents to negotiate complex consumer information deals. Companies called infomediaries might act as custodians and brokers of customer information, marketing it to businesses on consumers' behalf while protecting their privacy."

The Futurist, "Selling your privacy; new methods to collect customer information"
The Dawn of the Infomediary (Wired News)
An infomediary is a Web site that provides specialized information on behalf of producers of goods and services and their potential customers. The term is a composite of information and intermediary. The advent of the Web has made possible quick 24-hour access to information databases that previously were not available. Gathering these information aggregates and adding services to them is now the business of companies like the Thomas Register of Manufacturers that can bring a base of information from the print medium to the Web. Perhaps more importantly as infomediaries are Web sites that are gathering, organizing, and linking to the new information and services that is being added to the Web.

Infomediaries can be divided into those intended for consumers and those intended for businesses. Any consumer e-commerce site that provides information as well as an order form could be classed as an infomediary. However, the term is more frequently used to refer to sites that offer information for businesses about suppliers and other businesses. According to International Data Corporation, a leading market researcher, business-to-business sales are forecast to reach $330.6 billion worldwide by 2002. Infomediaries are expected to facilitate this business-to-business traffic. Many infomediary sites intended for businesses require users to register and log in in order to access information.

Opt-In / Opt Out
EuroCAUCE page on Opt-in vs. Opt Out
EuroCAUCE Opt-in Manifesto

  OpenPrivacy satisfies one of the requirements for Broadcatch systems
   and supports the Principles of the Identity Commons

Historical note: OpenPrivacy closed its virtual doors in May of 2002.
I wish this
site were
Drupal Strategy and Consulting