Tim has made some excellent points regarding the remailers. A couple of quick comments: I don't know if charging for messages can be made to work. Karl has a remailer which requires digital tokens. You can get them for free just by sending an email message. But I'll bet almost no one uses them. Why should they, when there are free ones? That is the big problem. The free ones undercut the pay-per-use remailers. Unless the pay remailers offer significantly more features and advantages to the users, they won't be used. Especially if we are talking about actually mailing physical cash to the remailer operators in order to receive tokens, this will be terribly inconvenient and will further raise the threshold barrier against for-pay remailers. So, the question is whether the value can be made large enough. Most of Tim's comments are focussed on the security of the remailers. For some applications this is important, particularly the more world- shaking ideas we have discussed. (And despite the skepticism I expressed last week about the degree to which cryptography can change the world, I do believe it can be a strong force for positive change.) If people are fighting for freedom against a powerful adversary, they will need the kind of security Tim is talking about. But how much remailer use falls into that category? Not much, right now. I frankly don't see improved security as a major problem that needs to be addressed in the short term. It's worth mentioning that despite the charges of hypocrisy in the Detweiler affair (we are supposedly violating our own principles of freedom and privacy) no one has proposed trying to violate remailer confidentiality to produce proof that Detweiler is behind the Squish posts. Even with our current network Detweiler has managed to achieve considerable privacy. The fundamental purpose of the remailer network is to defeat traffic analysis. We want to protect the privacy of WHO you communicate with as well as WHAT you say. I agree with most of what Tim says, but I feel that the biggest problems are with ease of use and social issues rather than security at the present time. In my opinion, what the remailer network needs is, first, standardization, as Tim has proposed. Secondly, it needs reliability and robustness. Third, it needs to be easier to do two-way messaging. Related to this, we need software that can take a message from a remailer and display it as coming from the sender, either as nym or truename. (Karl has a script which does this for elm or mh, I forget which.) Fourth, we need to find solutions to the political and social problems the remailers cause. Tim's idea of a global blocked-address database is a good start here. My picture of remailer use is a little different from what a lot of people may be thinking of. Just as we envision a world in which everyone uses good, strong encryption to protect the privacy of their electronic messages, I would like to see privacy protection with regard to patterns of communication. Who you communicate with tells a lot about you, in some ways as much as what you say does. In my ideal future, remailers and similar technologies are as ubiquitous as encryption, providing real protection of privacy. Hal