Don Melvin writes:
Given the goal of limiting remailer liability, what about having them be anonymous? Instead of send you a check, send an unidentified money order. This would even allow ownership to change on a frequent basis without the system owner knowing who the current operator is.
Absolutely -- anonymity of the remailer _account holder_ is a central part of the "guerrilla remailer" concept AFA I'm concerned. Tim keeps reminding us that the distinction between the machine owner/ISP admin and the remailer operator can be crucial, for legal reasons (i.e. the ECPA). I think it may also be useful to push this distinction down a level, separating the _account owner_ from the _remailer operator_. I get the feeling that in many cases the folks willing/able to fund remailers aren't the same folks who are willing/ able to operate remailers. Hence it seems natural to have a collaboration between a remailer sponsor (person or group providing money to pay for an account or dedicated hardware) and a remailer operator (person or group providing time & technical skill to install, maintain, and upgrade the remailer). Of course the sponsor and operator could be anonymous from each other, and I suppose even the members of each group need not know each others' identities. c2.org allows anonymous account creation over the net, which is handy. If you're feeling lucky, you could send cash in the mail instead of a money order.... IMHO the tricky part is maintaining anonymity of the _operator_ over time. In a reasonably general model, an operator will need to access a remailer account across the net repeatedly, to recover from system crashes, install new versions of remailer software, etc. The nature of a telnet session doesn't lend itself to reordering, latency, or cover traffic AFAI can see. Perhaps the technique of sending encrypted shell scripts to an account for execution (inquired about here recently) could do the work. Anon-HTTP combined with WWW forms and some not-so-safe-TCL might offer more palatable real-time responsiveness. I've experimented a little with a protocol for handling complaint mail, in which a cron job (or equivalent) running on the remailer account greps the received non-remailing mail for complaint keywords, then encrypts the result and chain-remails it to the operator (or posts it to some well-propagated newsgroup).
Thoughts? Comments? Offers to send cute girls?
Please cc: me on the latter. Thanks. ;} -L. Futplex McCarthy, seeking a summer job/internship -- private mail for info