Distributed trust and reputation management mechanisms are often proposed as a means of providing assurance in dynamic and open environments by enabling principals to building up knowledge of the entities with which they interact. However, there is a tension between the preservation of privacy (which would suggest a refusal to release information) and the controlled release of information that is necessary both in order to accomplish tasks and to provide a foundation for the assessment of trustworthiness. However, if reputation-based systems are to be used in assessing the risks of privacy violation, it is necessary both to discover when sensitive information has been released, and then to be able to evaluate the likelihood that each of the set of principals that knew that information was involved in its release. In this paper, we argue that statistical traceability can act as a basis for reaching a proper balance between privacy and trust. To enable this, we assume that interacting p...