In article <adfe19830002100425c1@[205.199.118.202]>, Timothy C. May <tcmay@got.net> wrote:
I must be missing something....:
Nope! That would be..er..my fault. :-)
I'm not following your "upload an article to the NNTP server." Don't most people use mail-to-News gateways to post anonymously? (If not, they should, of course.)
This way, the posting of an article has the anonymity provided by the chain of remailers used to reach the terminal site, the mail-to-News gateway.
You are quite right. I was mixing my criticisms. My mistake. A message pool provides only recipient anonymity, of course. For sender anonymity (e.g. posting to a message pool), chaining is the right way to go.
The posting is anonymous (within the usual limits we discuss here), and the reading is "pretty hard" to focus on, for several reasons:
1. Hard to gain access to local ISP without sending alerts out (it would be for my ISP, at least). This is admittedly not cryptographically interesting, but is a very real practical difficulty.
2. Many who browse alt.anonymous.messages probably "glance" at many of the oddly-named message pool messages. I know I do. Again, makes it a "needle in a haystack" to know which of several hundred folks who glanced at "ToBear" or "TheRealMessage"--assuming the NSA could ever identify these hundreds--is the real intended target.
3. And I recall that many have newsreaders which download _all_ messages in a newsgroup automatically. Again, this makes the pool of potential readers quite large and meaningless to try to track.
The use of public posting areas for message pools (what I called "Democracy Walls" several years back) seems to me have several compelling advantages over "reply-block" approaches.
Good points, all of them. I agree that public message pools seem to give far better security than reply-block approaches. (Although the two can be combined: set up a nym reply-block which just redirects traffic to alt.anonymous.messages; then the reply-block is not security-critical, but does allow folks to contact you by a simple email address.) Jim Bell brought up the really nifty point that someday soon we may be able to receive these message pools by satellite dish-- hurray for true broadcasting! That would provide most excellent security (unless `they' started requiring licenses, waiting periods, ... to own a dish-- unlikely). I can't wait. Another suggestion was to read alt.anonymous.messages by pointing the anonymizer at it. This doesn't stand up to my threat model at all. The anonymizer only provides you anonymity against a malicious server who is trying to collect marketing information-- it doesn't protect you against SIGINT folks eavesdropping on network links, performing traffic analysis, etc. to trace back your access. Now if we had pipe-net deployed :-), the idea might work...