At 8:37 AM -0700 8/3/01, Ray Dillinger wrote:
On Fri, 3 Aug 2001, Aimee Farr wrote:
Hiding or secrecy as a total strategy has historically been limited by the Rule Of Secrets/Least Safe Principle, and the equally-important "well, doesn't this look suspicious!" -- a rule of natural law and human disposition. Crypto is not a person, object and asset invisibility machine.
The real problem with hiding or secrecy as a total strategy is that there can be no community. Your lovely crypto-auction protocol is no damn good unless you can get a critical mass of people to participate in a marketplace, and rather useless unless those people can be anonymous.
Ebay may be a good thing, but can you imagine how useless it would be if it had to be kept secret from law-enforcement types? You'd pretty much have to keep it secret from the whole public, and then of course nobody would use it.
I've got a nice protocol for running a fully-encrypted mailing list stegoized in images on a web/FTP site, which would be totally invisible to non-participants - but such a list can't be announced publicly so of course nobody could find out about it and join it, without also letting the law know about it and join it.
I know I've passed on cites more than a couple of times to try to educate you about things you keep missing. You apparently don't bother to read what people suggest you read. Security through obscurity is what you are talking about above. It is NOT what many of us here are talking about. Read up on remailers, Blacknet approaches, Gnutella/Morpheus/Freenet approaches, Pipenet, and even Freedom (ZKS). Unlinkability has bandwidth costs. There are practical reasons why in a world of connectivity at DSL speeds some things (like large file-swapping) will not be practically unlinkable. But small files, such as text files, political tracts, digital cash, etc. is easily made unlinkable in a world of DSL-speed connections. Do the math. You say you have "a nice protocol for running a fully-encrypted mailing list stegoized in images," but in your time on this list I have not seen you contribute any interesting technical ideas. Distributing stegoized images to a list of recipients is so banal and hackneyed that it barely deserves comment: of COURSE it is just security through obscurity...what else could it be? (Dig up my article from 1989 on stegoizing in images to see a treatment of this point.) We knew in 1992 that running the CP list as an encrypted list or stegoized list was pointless, given the absence of unlinkability. You need to do some reading and some deeper thinking than you have so far done.
And the list goes on. Every time you try to get something used by more than a dozen people, it cannot be secret. What cannot be secret, you can't keep the law from knowing about. What you can't keep the law from knowing about, you can't keep the law from trying to regulate.
All well known.
And regulation of anything on the internet can happen, because EVERY IP address is in principle traceable. Oh, it may take a week or two -- they may have to slap your ISP with an order to preserve logs and wait for the next time something happens if you're on DHCP, or they may have to get the cooperation of one or more other governments if your login trail runs outside their jurisdiction -- but ultimately, it's traceable.
You apparently don't even understand how even simple remailer chains work. I could give examples, but this is well-trod ground. Look it up yourself. --Tim May -- Timothy C. May tcmay@got.net Corralitos, California Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns