Why certain sites don’t send newsletters to “anonymous” mail addresses?

I use an “anonymous” mail address (cock.li provider in my case). I have found that mainstream news sites in particular don’t send their newsletters to such an addresses. It looks like the domains blacklisted.

What is the reason? I can understand that they don’t want you writing comments from anonymous mail addresses, but passive reading of a newsletter is also prohibited?

Why this behavior? Why this behavior only with traditional mainstream news?

These newsletters usually have a lot of advertising and tracking, why they don’t wish to deliver them to “anonymous” addresses?

Anonymous (privacy-preserving) random walks for graphs

Quoting this paper – SmartWalk (https://dl.acm.org/doi/pdf/10.1145/2976749.2978319):

For graph privacy, strong link privacy relies on deep perturbation to the original graph, indicating a large random walk length. However, as the fixed random walk length increases, the perturbed graph gradually approaches to a random graph, incurring a significant loss of utility.

They propose a machine-learning based approach to determining the appropriate random walk length as a trade-off between utility and security/privacy. However, is there (at all) an anonymous or privacy-preserving method of conducting a random walk itself?

How can i create an isolated and anonymous OS inside my employer’s laptop?

My employer monitors every website I visit on company laptop, so i need to create an isolated OS and connect to a stealth VPN so the IT department won’t know which websites I visit and they even shouldn’t know I’m connected to VPN and use isolated OS.

My solution would be:

  • Qubes and Win 10 inside of it

  • A Stealth VPN Service like Nordvpn (which the network will not know im connected to vpn)

  • Maybe a usb for them to save & plug-play anytime

  • My mobile phone 4g internet or company’s wifi (?)

Note: No need for a complete anonymous systems like whonix, tails etc. I just need to browse web for my personal needs and save my personal docs. So Windows OS is required..

Which solution would be okay?

Practicality of Direct Anonymous Attestation

DAA (Direct Anonymous Attestation) is not the only scheme to achieve anonymous attestation. In general, these schemes allow an entity to stay anonymous throughout the attestation process. The concern here is not the attestation but key revocation. TPM/FIDO DAA scheme requires to keep a rogue list of compromised private keys to make revocation possible. But the assumption of compromised device will have its private key leaked publicly is naïve. In fact in many scenarios, a hacker may not reveal a compromised key. Such key can be used for attack such as denial of service attack etc… Since device identity is anonymous to service provider, there is no way for service provider to differentiate an attacker from genuine user.

What making it worse is having the private key stored/protected using hardware key store or HSM (Hardware Security Module). A hacker may have the knowledge to hack and extract the private key from a HSM using zero-day vulnerability. Since private key is designed not to output private key in plain. Therefore, even if a user acknowledge his device is compromised, but there is no way for him to inform the authority since it is not possible to extract the private key as a normal user.

Therefore, DAA sound like a wonderful technology but is not commercially viable?

Too many redirection after turning off Anonymous Authentication

I am running on-Prem Sharepoint 2013 and writing a web application that will access SharePoint lists using CSOM.

I am using Claims Authentication and have Anonymous Access allowed for the web app.

Here are the first few line of CSOM:

    Dim ouritems As ListItemCollection     Using cc As New ClientContext(siteURL)         Dim ourList As List = cc.Web.Lists.GetByTitle(listTitle)         cc.Load(ourList)         cc.ExecuteQuery() 

Everything is working just fine.

I now turn Anonymous Access off.

My ExecuteQuery (the first access to SharePoint in the application) now fails with an exception: Too many redirections were attempted.

Can anyone explain the connection between turning of Anonymous Access and the exception?

Can I use a cryptographic hash function to prove my authorship of an anonymous article?

From what I understand, hash functions are one-way functions. Let’s say that I want to publish an opinion article anonymously, but there is a possibility that I later want to prove that I was the one that wrote the article. Is it possible for me to simply put my identifying information, such as my name, birthday, and social security number, into a cryptographic hash function, and place that hash as my “pseudonym”? The question is the same question as Deniable proof of authorship, but I don’t understand the answer, and I’m not sure if the answer pertains to the use of a hash function.

If this works, are there any downsides? Are there common mistakes that people like me make? I don’t see a way to break this function other than to enter the identifying information of every single person in the world and see if it matches the pseudonym.

Also, what is a PGP? When I was searching my question on the internet, this term popped up quite often.

Please let me know if this is not the correct place to post this question.

Authentication Window on anonymous access SharePoint Server 2019 communication site

I want to make a communication site in my SharePoint Server 2019 available for anonymous access. I made all the changes necessary for classic sites

  • Allow anonymous in “Authentication Providers”
  • Add read-only anonymous policy (I also tried “no policy”)
  • Allowed anonymous access inside site collection

I can access the site and the site opens. Halfway through the site rendering I get an authentication window. Ignoring it in a modern browser loads the site without some parts. Ignoring in IE11 gets me an HTTP500.

Inspecting the IIS Logs I found some calls to the SharePoint API that provide me with HTTP401s:

POST /_api/SP.Utilities.SPSocialSwitch.IsFollowingFeatureEnabled/SP.Utilities.SPSocialSwitch.IsFollowingFeatureEnabled

GET /_api/Site/Site $ select=StatusBarLink,StatusBarText

POST /_api/sphome/GetAcronymsAndColors labels=[{Text:%20%22Testsystem%22}]

POST /_api/SP.Utilities.SPSocialSwitch.IsFollowingFeatureEnabled

GET /_api/Site $ select=StatusBarLink,StatusBarText

POST /_api/contextinfo

Those seem to prevent me from accessing the whole site with an anonymous user.

Can anyone point me in the right direction to navigate around this?

Access control to anonymous users

What is the formal name — and description — of the problem of giving users access to a resource exactly once each while not requiring them to identify themselves?

In other words, to have a system that is able to give away access tokens to users as long as they have never obtained any before.

Assuming that users are able to perform cryptographic functions, and can be assumed to have personal certificates signed by the system, but which they do not want to reveal to the system in order to gain access.

Is there such a model? Is there such a well-described problem?