-----BEGIN PGP SIGNED MESSAGE----- (This is from Hal; I still can't post from Portal.) After going to enormous efforts to create a network of anonymous remailers, we are hoist by our own petard, as our list receives strange, irrelevant, and argumentative posts through our own anonymous remailers. (Not all anonymous posts are like this, but there have been quite a few in the last few weeks which fall into these categories.) This should challenge us to reconsider the value of anonymity and remailers. Are we working only to make the net safe for the immature and incoherent? I would say not, but these posts should remind us of how incomplete is the infrastructure needed for successful use of anonymity. A brief recap of the benefits of anonymous mail: presently, on the net, all mail is tagged with the sender and destination. This means that not only the recipient, but any net snoopers and sysops at systems through which the mail passes, may be able to know that person A is sending mail to person B. This kind of information can be used to build up dossiers of who talks to whom. Worse, as we move into an era of electronic commerce, more and more of our lives may begin to take place on the net. We may shop, find entertainment, do business, even work for a living across the network. This will open up even more opportunities for collecting data about how we live our lives. In my opinion, the best way to preserve our privacy is to make it impossible to collect this data. Anonymous remailers, and their cousins, IP bouncers (which perform an analogous function for telnet-type connections), can prevent the collection of this kind of information by hiding exactly who is communicating with whom. These services can serve as the basis for the other privacy-protecting technologies we've been discussing, such as digital cash. There's not much point in using digital cash to prevent tieing customers to vendors if monitoring the net will provide that information anyway. This isn't just a futuristic concern, either. Already today the government is taking steps which could, under some not-so-far-fetched extrapolations, get people on the list in trouble. Many people on this list have communicated with Phil Zimmermann, for example. What if email logs were used to track all those people down, and they became suspects in this criminal investigation that the government seems to be pursuing? It's not even impossible that the government could someday try to paint the cypherpunks themselves as a subversive organization. Think how much more difficult any such diabolical attack would be if people subscribed to the list via remailers, under digital pseudonyms. These days, with the shaky legal status of cryptography, we of all people should be able to see the benefits of anonymous communication. The problem is, then, how to gain the benefits of anonymity, while avoiding the abuses. One solution which we have long discussed is reputations and pseudonyms; another is making people pay to use remailers. The way reputations work is that people would digitally sign their anonymous postings. This way someone could post anonymously and build up a reputation by means of a series of postings signed under the same name. As time went on, they would no more want to damage the reputation of their pseudonym than they would want to damage their reputation under non-anonymous posting. To make this work, people need to be able to easily filter their mail on the basis of the pseudonym it came from, rather than the (irrelevant) anonymous remailer which sent it. Then they can choose to accept and read mail from anonymous posters who have built up a good reputation while ignoring that from those who have ruined their good (pseudo) name. Karl Barrus has done some experiments along these lines. He described some time back a system he had for working with the elm mail reader, one of the most common Unix-based mail agents. The software will display the true originator of PGP-signed posts (anonymous or not). This allows readers to apply the same standards to signed anonymous mail as to regular mail. It raises anonymous posters to the same level, and holds them to the same standards, as other posters. This software could allow anonymous posters to build up their reputations, encouraging more responsibility on their part. The other solution, pay-for-use remailers, has also been pioneered by Karl. His idea is to make the remailer a little harder to use by forcing the user to include some digital postage (based, I think, on what Tim May called "poor man's postage stamps"). This could help reduce the volume of anonymous mail and make it less likely that joke or trivial messages would be posted. (We could even consider applying Karl's approach to the list as a whole; people would have to apply ahead of time for posting tokens in order to post. This might force people to take a little more care and time in their postings.) I don't think Karl's efforts have been sufficiently appreciated here. He is quietly working to create the tools needed to allow anonymity to be a useful and important part of the net architecture rather than the annoying sideshow that it sometimes seems to be becoming. We need to support Karl, work to bring his innovations into other remailers and other mail agents, if we want to gain the benefits from what we have done so far. Hal Finney hfinney@shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLMFf3qgTA69YIUw3AQEp9QP/UyEvuQgM6GKiKdkZtHJw4/NhMwQDihrs 2D8weSeUQpKHPpxEnXiDEG6qswI0B4auq+hK3EDYIzccA6c6/+0Xa7SzESsujtjs VDRY7BNphAQ8ix6vd4Ti2vuk8sWa7IHasuAF+UytJrUXPaMbJgH1u/84M9HstA4t kNQ3venrgh4= =CFWw -----END PGP SIGNATURE-----