Nope.

I already checked out the project homepage a while back.

It's got an intentional LE backdoor built in to it.

Nine admins from 9 dif countries have to "agree" that you are bad, mean, evil and horrible and that your crap needs to be unlocked and then it can be.

He's watched too much LoTR.

It would be trivial for lots of orgs both gov and crim to spoof the nine.

I want to participate in forums about health and exercise, and give private health data to people for discussion without associating the data to my name.

None of the above agencies would give a toss. But let's say I am listed by the local authorities because I am a little involved in the local politics, which the NSA couldn't care less about. And the local authorities have full control of my ISP, but they have no control of the site in China or wherever I will log in to with HTTPS, while wrapping inside a tunnel to the health site. What can the local authorities do about it?

Possible, yes. Trivial, no.

To clarify: For crims possible.

For govs: trivial, eventually. They'll throw billions at it if need be. That's how the NSA cracked *all* Diffie–Hellman key exchanges of 1048 and below. And why they can now decrpyt on the fly ~75 percent of all encrypted traffic world wide.

Meh, I have no interest in anything that provides a back door. While I agree nefarious activities need to be kept in check, I am not willing to intentionally provide a back door in the systems or devices I manage. I've not heard of this Chaum guy and I don't plan on using PrivaTegrity. I'll stick to using standard encryption where I'm most concerned about protecting the contents and don't really care much about anything else.

Who are these "nine"? I've not met them. Why should they have a right to agree who hacks into my device? Are they going to be legally liable and responsible for damages and abuse? I wouldn't want to be one of the "nine". What if they agree a corporation is "evil"? Are they going to make proprietary information readily available as a result? There's too much that's ethically wrong with that article to be a serious consideration.

Why didn't you just give us this use case? This is trival to achieve best possible sec:

1) Quit worrying about your ISP. They are not out to get you. They comply with the gov as much as they have to to stay in biz. Trust me, they'd much rather pocket the imposed admin costs of complying.

2) Your local officials can't do anything unless you live some place like China. Even then I don't think they'd care in this case.

3) To help prevent identity theft: Get a subscription to a VPN service and only log in to the web site through the VPN. That way you have a secure proxy between you and the site and your IP never hits the web server's logs. After that it's up to you to see that the site never gets any info that can be associated to you. So, when you sign up don't use your real name / email, etc. And do the sign up through the VPN. And don't post any PII. And that includes editing it out of, if necessary, log dumps from medical devices.

At that point if any one cracks the web server they won't have a way of identifying you from info on that server. (Although complex, high-level statical analysis scenarios could possibly reveal your identity.)

Agree one million percent down the line.

BTW Chaum is a crypto pioneer from back in the day. Before reading that article I used to have a lot of respect for the guy. Now I think he's been smoking too much Jolly Green and veggin on LoTR for too long.

THE COUNCIL OF THE NINE> I BEQUEATH TO YOU CONTROL OF THE NET THUSLY!!! (Knights each council member w/ a flash drive.)

n/m.

The VPN's exit IP does appear in the server logs and that IP is associated with my name as a subscriber, and health forums are not clear from political discussions, even the subject of health itself evokes such discussions. Sooner or later someone might try and trace some members. Such as the FDA. Can't I have a VPN that doesn't know my name, and doesn't know my IP either?

The local authorities wouldn't know it's just a health site being visited. They'd think their listed target is up to something. And try to find out what. Wouldn't they get help from more capable entities? What might these be for a NATO member? Are there any countermeasures I can take?

Or all I can do is make myself look dangerous and attract even bigger adversaries?

And by the way, medical info theft also has applications other than identity theft.

I am borderline clinically paranoid. In today's world I think I can make a good case for that being justified.

You are full blown clinically paranoid my friend.

No answer will satisfy you. Therefore I am withdrawing from this thread.

A lot of the things that you are worried about are non-entities. Even when technically feasible it just doesn't happen for practical reasons; like it's not in the budget.

"They" do not have the level of control that you are afraid of yet. We are not at the ends of days yet.

They are not omniscient yet. Do I believe that level of control is coming? Yes. When? Given the current pace of development in tech, about 30-50 years. But a lot of what you are worried about is just currently not possible.

Hopefully you can breathe a little easier and sleep a little easier b/c it's not here yet.

Good night and good luck.

Not everyone has your detailed knowledge of what is practical or in the budget. And therefore we will either be too naive or too paranoid. There's nothing clinical about misjudgment in either direction. Clinical is for a psychiatrist to judge.