At 04:40 PM 8/7/01 -0700, Tim May wrote:
I disagree, slightly. The same old "improvements" are still not implemented. Notably, pay-for-use remailers.
Let me play devil's advocate here and say I'm not sure that the existence of PPU remailers would change much. First, the current state of remailers may be enough for many cypherpunks-interesting projects that do not quite reach the national-security-threat level. Second, it's not clear that even if the improvement existed, there would be sufficient market demand for the service to keep the operators interested in providing continued for-fee operation. (There's overhead involved in just setting up such a service that the activists currently running no-charge remailers don't have.) Other improvements such as better user interface may be necessary. Third, there already is a cousin of a pay-per-use remailer, albeit not with the same utility as mixmaster, in the form of ZKS' Freedom application. You'd think that if there were sufficient market demand, someone would try to set up such a PPU service. It hasn't happened yet. Explanations might include market inefficiencies in the communication of user preferences to prospective remailer ops, government regulation (spoilation alert!), lack of reasonable payment structure. Yet some form of PPU remailer could exist today: A remailer would find a cookie and an encrypted-to-PPU-public-key credit card in the body of the message it receives. It would then debit a credit card for, say, $3 and award a credit to that cookie for $2.95 (5 cent per email message charge). Next time another message appeared with that cookie, that same "account" would be debited five cents. The remailer would, unless it's the entry point in the chain, not be able to contact the "account" holder for a recharge, so a client application should handle the balance accounting. The honesty of the remailer could be verified and published via the usual reputational mechanisms. Though I admit I'd be a bit hesitant to give today's remailers my credit card number. The usual objection to such a system would be that the feds would impose pressure on the banking system (or credit card companies would do it themselves) and prevent remailer ops from securing merchant accounts. That may be true, but remailers at least today aren't seen as a serious threat. They could get away with it for a while. Besides, other payment mechanisms, while not quite Chaumian, would work. I presume a similar, and perhaps less complicated, system could be crafted using egold or paypal. Peter Wayner's already using paypal, per his post this week, to sell lightly-protected content. There's always the option of sending physical dollars or 7-11 money orders to open "accounts" with remailers too. Tim says that "interest in running remailers is waning" and says it's the lack of a Clipper threat. I'm not sure that interest, as a factual point, is actually waning. The remailer-ops mailing list has received 1730 messages since February. There seem to be over a dozen to a score of well-known remailers (perhaps many more lightly-advertised ones), which I recall is about where matters were five years ago. I do of course agree interest in cypherpunks is due in part to a lack of a big, nasty threat. Any political interest group picks up in activism when its enemies are in power or actively threatening them; NOW gains members when Ashcroft is in office; the NRA got a boost under Clinton. I did note in May 2000 -- and was the first reporter to do so -- that the Council of Europe treaty requires "websites and Internet providers to collect information about their users, a rule that would potentially limit anonymous remailers" (http://www.politechbot.com/p-01136.html). But that's theoretical since the COE is still a far-off threat and doesn't have the same urgency as a House committee voting to make it a felony to manufacture or distribute unescrowed crypto (this actually happened). Tim says "the heyday" of cypherpunks was during Clipper and Zimmermann. True. But much has changed since then. People have gone off to start companies; cypherpunkly ideas are no longer new; early cypherpunkish predictions turned out not to be true, at least not yet; there are other interesting areas such as Freenet and P2P to work on; crypto is more-or-less mainstream and certainly corporate; people have peeled off from cypherpunks to join other communities that don't have the same volume of traffic; more sub-par humans seem to infest the cypherpunks list than before; prosecutions of cypherpunks subscribers may have scared off others. Right now the "crypto activism" equivalent is over in the DMCA camp, trying to "Free Dmitry." -Declan