At 3:30 PM -0500 8/3/01, Aimee Farr wrote:
Tim May:
At 12:54 PM -0500 8/3/01, Aimee Farr wrote:
Bear wrote, quoting me:
I've got a nice protocol for running a fully-encrypted mailing list stegoized in images on a web/FTP site, which would be totally invisible to non-participants - but such a list can't be announced publicly so of course nobody could find out about it and join it, without also letting the law know about it and join it.
Interesting.
Banal, actually.
Maybe to you, Tim, but I was looking at it from a different perspective.
First, in regard to dissident group bulletproofing, so as to provide the greatest First Amendment associational protections. (I suspect some of you get your legal advice from the government.) And, also in regard to dissident group surveillance. This list has been affected by recent events, and "subjectively chilled." While it is not the first time for such things, the effects on group dynamics are of interest to me.
You need to learn about the severe limitations of "security through obscurity." An encrypted list, or a stegoized list, is not secure if it is open to various subscribers. Weakest link math, obviously. The crypto name is, as I said, "security through obscurity." Kirchoff's Principle by another name, essentially. (The only reason we have sometimes considered having an encrypted list is to a) weed out those unwilling to figure out how to do PGP, b) make PGP use more widespread. The notion of keeping the contents "secret" was not even debated seriously.) Sociobabble handwaving about "effects on group dynamics" doesn't change this. So you think that just throwing in some words about "value propositions" and "conversational economics" is the way to put forward a real idea or argument? Looks like bullshitting to me. Like the output of an Internet rant generator.
Second, I would like to see the conversational economic theories at work in a protected list.
Sociobabble. First, an encrypted or stegoized list would not be protected. See above. Second, it has nothing to do with "conversational economic theories" (?).
Third, many of your concepts were harbingers of a shift where people take costly evasive maneuvers to protect what is legal, and traditionally highly-valued speech and association (being critical of the government). Your ideas are being implemented, or examined, often by ordinary people with less spectacular motives and aims. So, the more "trodden," "banal," .....[insert Tim Mayism here]...something is to you, the more interesting it is to me.
You are blithering. I don't think you have the foggiest idea what is being talked about. And instead of learning, you just blither.
IP addresses have nothing to do with attacks on remailers and DC-Nets.
Okay.
Do some reading.
I read a lot, Tim. My practice areas don't come neatly packaged. I realize your frustration with me, and can only beg your understanding and tolerance, although I have low expectations in this regard.
You keep apologizing. Is this some kind of chick thang? Instead of "begging tolerance," do some very _basic_ reading. Once you grok what remailer networks are all about, you'll (maybe) have an epiphany that all the yammer about IP addresses defeating remailers is nonsense. And once you grok the idea of how sending encrypted mail out to list of N people, where N is 100 or more, and where subscription is lightly controlled, is pointless. (In fact, cell sizes as small as 3 are infiltrated, but this is an issue I don't have the desire to get into here.)
(Picking on me is about as sporty as shooting turtles in a stock tank.) I could never match the technical skillsets or understanding of this list, please forgive me for my sins. Yea, I know not what I do..... I am aware of my shortcomings, (!!!) and I do appreciate your taking the effort to try to help me with my conceptualization. You often do so, and I note your good intentions, even when they come with a few well-placed darts.
Stop fucking apologizing you stupid twit.
Start with Chaum's 1981 paper on untraceable e-mail, read at least the first 5 or 7 pages of his 1988 paper on dining cryptographers nets, and then move on to the other list-related sources.
Perhaps I can contribute in other areas, Tim. I will try to do better. I mean that sincerely.
Stop apologizing. Instead of blithering about "conversational economics" and "value propositions" and "I'm sorry," spend ONE FUCKING HOUR reading the most basic of all papers, a paper now 20 years old. I gave you the subject, year, and author. (Hint: It was Webbed as of a few months ago. I just checked: it still is. But rather than even expect you to find it, here it is: http://world.std.com/~franl/crypto/chaum-acm-1981.html) If this paper uses terminology too distant from later Cypherpunks technology, read any of the 1992-93 articles folks like Eric Hughes, Hal Finney, and myself wrote. Or read my Cyphernomicon entries on how remailers work. (I fully expect you to announce that you _do_ understand how they work. But clearly you don't, else you wouldn't have commented that biometric IP linking will be a problem. A _real_ legal issue, one we have discussed many times, is the constitutionality of a law requiring accountability for all forwarded messages. A law requiring all chunks of text to be traceable to a true name violates the usual 1st A protections, supported by the Supremes when they have struck down laws requiring handbills to have true names attached. Not to mention the anonymous authorship of the Federalist Papers. Not to mention many related issues. This is a more plausible attack on U.S.-based remailers than is something based on IP addresses. Left as an exercise for you.)
You are a the leader of a pack of prize jackasses that pick on cripples in here. *REAL* SUBVERSIVES have a gentlemanly demeanor (at least the decency of pretense).
Are you calling yourself a cripple? Not even I have called you a cripple. You've shown no willingness to learn the most basic of things. You can't add legal advice that is useful if you don't even understand the most basic of things we talk about. In fact, your legal advice is almost certainly misleading if you don't even understand how nested remailers work, and why IP addresses aren't included in remailed messages, and why the robustness and obfuscation of a network of N remailers each pooling-and-remailing M messages goes _roughly_ as N^M. Thus, a nested hop through 10 remailers around the world, each pooling 10 incoming messages (of the same size after padding), would give an attacker _roughly_ 10 billion paths to follow. I keep saying "roughly" because there are numerous things that cut this down, not the least of which is that there aren't likely to be even tens of thousands of messages per day flowing through the world's remailers until there are a lot more of them, etc. And so an attacker cannot see a diffusivity of 10^10. But he also certainly cannot easily say which exiting message maps to which entering message. And there are the methods we so often have discussed: route messages through some remailers multiple times, send dummy messages at intervals, use your own machine as a remailer, and so on. It doesn't take long to see that the diffusivity (untraceability) can be very large very quickly and cheaply. And, no, no biometric or IP information is attached! If you have not grokked the idea of anonymous remailers, how can you comment on legal issues facing them? As for your "torching" your work because I hurt your feelings, show some fucking backbone. If you are right, you don't need the moral support of others. --Tim May -- Timothy C. May tcmay@got.net Corralitos, California Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns