I have to agree with Peter Honeyman that Marc Horowitz's proposal that remailers reveal message sources under certain conditions wouldn't work well. Remailer users will prefer remailers which won't do this. So reputations and such will tend to push things in the opposite direction. Also, I'd point out that the Pax remailer actually did maintain a database of anonymous addresses with the corresponding real addresses. So it already worked much as Marc suggested. You can actually send mail to someone who posts anonymously through Pax just as easily as you could send to someone who posted non-anonymously. So if you want to complain about some offensive posting or email to the person who did it, you still could with Pax. These features didn't stop Pax from getting shut down. Marc's suggestion that commercial users could run remailers without pressure from NSF sounds good in theory, but it's not clear how well it would work in practice. I don't think Cypherpunks could run such a remailer, even if Marc is right and it would cost $10 per Cypherpunks reader per month. I doubt that many people would be willing to make this charitable contribution for what would be a public good - a remailer that anyone could use. Even if it could be done, one remailer isn't enough. We need many remailers so that no one remailer can expose users. I think the best bet would be a commercial site which has a connection for other reasons, and which is willing to run a remailer on the side. I don't know what kinds of sites use these commercial connections. The commercial Internet access that I am aware of is through companies like Compuserve, Portal, Netcom, the WELL, and so on, and I think they all have to abide by the NSF acceptable use policies. At least, I had to agree to those on Portal and I think on Compuserve. What would be an example of a site with commercial Internet access which would be free of NSF pressure? One other point I'd make with regard to Marc's message is that if PGP itself is the problem, there's no reason the remailers can't use RIPEM. That's legal in the U.S., so the legality issue would not arise. This might be a good approach to take in broaching the subject with administrators. I haven't looked at RIPEM much but I'm sure the remailers could use it just as easily as PGP. Even non-encrypting remailers can provide basic anonymous posting and mail, if those would be more acceptable. A final point is that forwarding mail for another person can hardly be made illegal in general. If I receive a message from person A asking me to forward it on to person B, and I do so, this is clearly a legitimate email message that I choose to send. To try to disallow this would be to put intolerable restrictions on email content. So, if this is allowed, it seems to me that I should be able to write a program to do what I am allowed to do manually. If these remailers could be made widespread, with tens of thousands of people running them as a routine service, I think a crackdown would be much more difficult. I think we need to educate users about the value of privacy and anonymity in order to encourage more people to run remailing software. Can anyone suggest a newsgroup where these kinds of discussions would be appropriate? Hal Finney 74076.1041@compuserve.com