Andy Dustman <andy@neptune.chem.uga.edu> wrote:
Maybe the next time Gary, Linda, or Paul send a remailer operator a complaint, the operator will know what to expect next.
I did get one complaint from Gary Burnore about stuff being sent directly to him. He wasn't a jerk about it, and I haven't heard a peep out of him since.
Jeff Burchell's systems, Mailmasher and Huge Cajones, seemed to bear the brunt of the wrath and attacks by Gary Burnore and his associates Billy McClatchie (aka "Wotan") and Belinda Bryan. Perhaps that's because they were most often utilized by one or more of his detractors in posting public criticism about the tactics of himself, his company, and his associates.
thing that's not so random is the high percentage of words that are related to DataBasix, such as "DataBasix", "Burnore", and "Wotan". I'm almost waiting for Gary Burnore to give the remailer and mail2news operators a "helpful" suggestion that they could curb most of this "abuse" by simply blocking any anonymous posts containing any of those three keywords. <g> Or perhaps he's done so and politely been turned down.
He's never asked us, at least. Although, when spam-baiting started hot and heavy this summer, another Databasix employee did suggest that his address should not appear in posts. I made it quite clear we don't check for specific names, words, or addresses, and that he was a legitimate topic of discussion. Never heard back after that, and this was several months ago.
IMO, that's a good policy. In fact, the best strategy seems to be to have a plan in place before starting a remailer so that when attacks and/or demands come in, the operator will have already decided what responses are appropriate and what aren't. To fail to do that is to leave one's system open to "designer abuse" where a certain kind of fabricated abuse implies a certain "cure", which is exactly why the abuser did it in the first place. For example, if someone comes along and starts spamming newsgroups, seemingly at random, and the common thread seems to be that each of the spams mentions Gary Burnore or DataBasix, the "obvious" solution would seem to be block all posts which include the keywords "Burnore" or "DataBasix". By doing that, you stop the abuse -- as well as effectively censoring any anonymous criticism of Gary Burnore and DataBasix. It's not hard to figure out the motives behind such actions.
Perhaps the next wave of attacks on remailers will not consist of attempts to shut them down altogether but to progressively cripple them by getting certain features disabled, one by one. This seems to have already started. The strategy seems to be to fabricate a form of "abuse", anonymously through remailers, for which the seemingly "logical" solution is to disable a certain feature. This has already proven successful with header pasting, for example. Now you can't post to Usenet and set the From: address to that of your own 'nym.
If you really want the post to have the From: address of your nym, send the post with your nym and not with the remailer as the last hop. The point of anonymous remailers is to be anonymous. If you want to use a psuedonym, use a nymserver.
If I remember correctly, the documentation for at least one of the nymservers suggested that posting through a remailer and pasting in the return address would be quicker and impose less burden on the server than having to process each outgoing message through the server.
If the "camel" can get his nose under the tent and convince operators to start filtering on the *CONTENT* of the Subject: line or body of usenet posts, the anti-privacy nuts will have scored a major victory. In fact, from reading Jeff Burchell's posts, it looks like Gary and his DataBasux-ers had initially convinced Jeff to do exactly that. But, in a symbolic victory for freedom of speech, he removed those filters for a week before he finally shut down Huge Cajones altogether.
Cracker does have a spam-bait mangler which is somewhat simpler than the scheme Jeff used. In a nutshell, if there are an inordinately large number of addresses (compared to other text), the addresses are mangled, i.e., president@whitehouse.gov becomes president <AT> whitehouse <DOT> gov. Still human-readable but useless for address harvesters. No posts get dropped or filtered out under this scheme, and no keywords or particular addresses are looked for.
I'm not sure that even that is a wise precedent to set. In itself it seems innocuous enough, but it could always lead to a demand, "Well, you already mangle e-mail addresses contained in the bodies of posts, so why not also alter the contents of posts in the following way..." Also, I hope that your mangler is smart enough to distinguish e-mail addresses from lists of Usenet message IDs, since a list of such references should be perfectly valid in the body of a post. The problem with destroying machine readability of e-mail addresses is that many newsreaders will turn an e-mail address into a hot link where one could simply click on it to send e-mail. If someone were to anonymously post a message in support of or in opposition to a certain piece of legislation, and include a list of the e-mail addresses of the Congress-critters on a certain committee considering that bill, such a scheme might defeat the purpose of the list. IMO, anything that makes posting via a remailer less functional than doing so non-anonymously is ultimately detrimental to the cause of privacy. BTW, is there any evidence to indicate that anyone is really harvesting e-mail addresses from the BODIES of Usenet posts? Gary Burnore posts his flames quite widely, so it's quite likely that any bulk e-mailing lists he's on is the result of his (non-mangled) e-mail address being in the From: line of his own posts. Perhaps the ultimate reality check is whether someone is seeking to impose a standard on remailers that's stricter than the one imposed on the phone company or the postal service. I can drop some coins in a pay phone and call anyone at any time. The functionality of a public phone is not restricted merely because the users are not identified. Similarly, I can drop a letter in a public mailbox without anyone verifying my identity. No return address is required. Or I can write in a return address and nobody will check whether it's "genuine" or "forged". It would be ludicrous, for example, for someone who had received a couple of crank phone calls from payphones to demand that the phone company either totally prevent this abuse from ever happening again or else remove all of its pay phones! And yet those are exactly the demands that anti-privacy zealots have made on remailers, and often they've succeeded. Should one's willingness to broadcast his/her name and e-mail address indiscriminately to a WORLDWIDE newsgroup be a prerequisite for one to express one's views? Is that not tantamount to saying that one cannot walk down the street without wearing a badge containing his name, address, and phone number for all to read? Or should one's name and e-mail address be considered his property to be divulged only if and when he chooses? -- Without censorship, things can get terribly confused in the public mind. -- General William Westmoreland