if the problem is about keeping ourselves out of trouble re: statements or association with others on this list, I have some observations: first- if defeating traffic analysis is important, hiding message headers and using anonymizing services isn't going to help very much. the existing newsgroup system is trackable (even through anonymizing services). The scenario: someone watches mr. white. mr. white xmits a message to anonymizing service at 9:00pm. at 9:03pm the service routes message to newsgroup. unless the message is encrypted for the anonymizing service, decrypted (to reveal destination) by the anonymizing service, then delays delivery for a random amount of time (5 mintues to 5 hours) to the true destination, the message traffic or content could be pegged to a person. ...plus i don't fully trust anonymizing services because i haven't met the individuals running them, and i've not seen the technology to know there isn't a backdoor, etc. potential solution: need an anonymizing service with encrypted inputs and outputs, along with an encrypted gateway between the newsgroup and the anonymous service. perhaps several unrelated anonymizing services use the newsgroup's public key and only xmits traffic to the newsgroup service using that key...plus the key should change every week. and no one should be able to send messages directly to the newsgroup, even if the public key is known. of course all messages sent to an anonymizing service should be signed using the anonymizing service public key, and posters should not be allowed to post to the same anonymizing service more than 3-4 times before switching services. this can be done if we drop the notion of using a single nym for online messages. btw, would not use PGP for the sigs, either. we should be doing exactly what govts do...use proprietary algorithms which aren't published but are frequently changed. there is enough expertise on this list (i belive) to perform basic cryptanalysis on proposed algorithms, and if we change the system frequently enough it would cause cryptanalysts a tremendous headache -- becomes too expensive to manage if enough messages are encrypted over time. we don't need to create a new AES...just need to make sure there isn't ever enough traffic flow to crack one system before we switch methods/systems. (yep i'm one of those who actually think it's not so great to have publicly available algorithms...makes cryptanalysis much easier even when an algo. is theoretically unbreakable.) second- perhaps the lawyers in this group could provide a standard disclaimer which we could all attach to our sig....you know, something along the lines of 'this message is part of an ongoing satire...don't sue me or take me seriously...' is this possible?? i assume probably not, but it's worth investigating. third- isn't there something terribly anonymous about a huge mailing list like this? i mean if we all simply took care of ourselves and went to whatever lengths we needed to protect our own identities, why complicate the mailing list? if anyone is interested in exploring the first option above, i'd be willing to offer design suggestions or assist in coordinating a red team exercise against the system. let me know. phillip
-----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Brian Minder Sent: Wednesday, April 11, 2001 11:41 PM To: cypherpunks@minder.net Subject: Re: Cypherpunks, Feds, and Pudgyfaced Voyeurism
The "secret-admirers" list strips all headers (except the Subject:) from submissions and is gatewayed to/from alt.anonymous.messages. The list intro may be found below. If there was enough interest, it could be hooked up to the CDR instead, or made standalone.
Thanks,
-Brian
__________________________________________________________________________ I would like to announce the "secret-admirers" mail list.
The "secret-admirers" list is intended to function in a manner similar to the well-known Usenet newsgroup "alt.anonymous.messages". This newsgroup serves as a dead drop for communications in which the recipient wishes to remain unknown.
While access to a Usenet news server is unavailable in many environments, the ubiquity and flexibility of e-mail may be advantageous for the following reasons:
- Penetration: More people having access to (pseudo|ano)nymizing tools is generally a good thing. - Pool Size: Higher utilization of the message pool may frustrate traffic analysis. The list may be gateway back into alt.anonymous.messages or vice versa. CDR-like nodes for redistribution may be established to reduce load on individual nodes. - Filtering: E-mail filtering tools are widely available, allowing recipients to draw only pertinent messages from the pool by filtering on tokens which have been negotiated out-of-band or by the public key to which a message has been encrypted.
The mail list is unmoderated and accepts messages from any submitter. Submissions should be sent to "sa@minder.net".
TO SUBSCRIBE to the list, send a message with "subscribe secret-admirers" in the body to majordomo@minder.net. The more subscribers, the better, even if procmail just sends it to /dev/null.
TO UNSUBSCRIBE from the list, send a message with "unsubscribe secret-admirers" to majordomo@minder.net.
On Wed, 11 Apr 2001, Morlock Elloi wrote:
The best name (cypherpunks) seems to be taken. Hmm. I will have to consider. The naming of things is a ticklish business.
"cypherpunken"
__________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/