You might want to check out what Lance is doing with his dialup accounts. Anyone can pay him a few dollars a month (cash, money order is fine) and get an anonymous account. That account can be configured to reject unencrypted email (procmail) or use HTTPS only, or whatnot. I think this solution already exists. anonymizer.com. -Declan On Thu, Oct 26, 2000 at 11:59:51AM -0700, Ray Dillinger wrote:
Would there be a market for someone to create an encrypted-services provider? Would people do this?
Here is what I envision, at a cost of something like $10/month.
Email accounts that bounce anything not encrypted - either silently or with a message that says "this account accepts only encrypted mail." at the option of the account holder. These accounts are restricted in some way that makes them unattractive to spammers - probably they are able to send no more than 3 or 4 unencrypted emails a day, maybe they are unable to send *any* unencrypted email.
Web Hosting strictly via HTTPS. Standard accounts get four or eight kilobytes accessible by http (enough for a redirect), and 100 Megabytes or so of web space accessible by HTTPS.
Anonymous accounts. You send a message with a long random key and a few dozen choices for your login name, and a password to use (send via a remailer or whatever) and the provider publishes a webpage with listings mapping keys to login names to tell you what login name you've gotten. The provider holds the name for a couple of weeks. If during that time the provider recieves payment for an account by that name with a that password (say, by cash or bullion via mail or courier, or any of various ecash systems) then the provider creates an account with login, that balance and that password.
The provider also publishes a page of login names in use, so you can check to try to avoid collisions.
To renew your account, your payment must be sent with your login name and the original payment key.
If it can be done legally, the service provider would get a debit card for each account paid more than $200 in advance, and give the card number to the account holder. Then, whatever amount had been prepaid would be available for web purchases, etc. for web merchants with POS stuff. This is a sticking point, and could cause a lot of trouble if any missteps are made. In the worst case, 30% of this money would have to be paid to the IRS - to avoid charges of abetting tax evasion while maintaining client anonymity. (technically, this ought to make the money paid for the service tax deductible, but you could only claim it by revealing your True Name along with proof that you'd paid it -- so clients interested in real anonymity would have to bite the bullet and pay taxes on that money twice).
Nice anonymizing web proxy with whatever filters you like, returning whatever CGI information you want it to return. Cookie functioning is selectable by host (so you can, eg, deal with your bank via the proxy if you want). Web proxy is available only via https -- ie, the link between the proxy and the user is *required* to be encrypted.
Anonymous encrypted FTP. Two kinds -- one is FTP over SSL, the other is FTP where the file being downloaded is encrypted to start with. There are applications for both. Paying clients could put up a download directory; joe random could download stuff from it. No unencrypted FTP would be available.
NNTP over SSL. Not that what's in usenet news is secret, but there's no point in having your reading habits monitored.
The basic idea is, there's no point in having *any* unencrypted traffic on a server if you can help it. It ought to be the case that even if a 'carnivore' is installed, there is no unencrypted traffic for it to sniff.
I think this is, just barely, feasible. What say you all?
Bear