Roger, wilco. I can add at least some of these suggestions into 'igor'. On Thu, 12 Apr 2001, Phillip H. Zakas wrote:
if the problem is about keeping ourselves out of trouble re: statements or association with others on this list, I have some observations:
first- if defeating traffic analysis is important, hiding message headers and using anonymizing services isn't going to help very much. the existing newsgroup system is trackable (even through anonymizing services). The scenario: someone watches mr. white. mr. white xmits a message to anonymizing service at 9:00pm. at 9:03pm the service routes message to newsgroup. unless the message is encrypted for the anonymizing service, decrypted (to reveal destination) by the anonymizing service, then delays delivery for a random amount of time (5 mintues to 5 hours) to the true destination, the message traffic or content could be pegged to a person. ...plus i don't fully trust anonymizing services because i haven't met the individuals running them, and i've not seen the technology to know there isn't a backdoor, etc.
potential solution: need an anonymizing service with encrypted inputs and outputs, along with an encrypted gateway between the newsgroup and the anonymous service. perhaps several unrelated anonymizing services use the newsgroup's public key and only xmits traffic to the newsgroup service using that key...plus the key should change every week. and no one should be able to send messages directly to the newsgroup, even if the public key is known. of course all messages sent to an anonymizing service should be signed using the anonymizing service public key, and posters should not be allowed to post to the same anonymizing service more than 3-4 times before switching services. this can be done if we drop the notion of using a single nym for online messages. btw, would not use PGP for the sigs, either. we should be doing exactly what govts do...use proprietary algorithms which aren't published but are frequently changed. there is enough expertise on this list (i belive) to perform basic cryptanalysis on proposed algorithms, and if we change the system frequently enough it would cause cryptanalysts a tremendous headache -- becomes too expensive to manage if enough messages are encrypted over time. we don't need to create a new AES...just need to make sure there isn't ever enough traffic flow to crack one system before we switch methods/systems. (yep i'm one of those who actually think it's not so great to have publicly available algorithms...makes cryptanalysis much easier even when an algo. is theoretically unbreakable.)
second- perhaps the lawyers in this group could provide a standard disclaimer which we could all attach to our sig....you know, something along the lines of 'this message is part of an ongoing satire...don't sue me or take me seriously...' is this possible?? i assume probably not, but it's worth investigating.
third- isn't there something terribly anonymous about a huge mailing list like this? i mean if we all simply took care of ourselves and went to whatever lengths we needed to protect our own identities, why complicate the mailing list?
if anyone is interested in exploring the first option above, i'd be willing to offer design suggestions or assist in coordinating a red team exercise against the system. let me know.
____________________________________________________________________ The ultimate authority...resides in the people alone. James Madison The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------