-----BEGIN PGP SIGNED MESSAGE----- John Perry writes:
Anonymous writes:
* require encryption for incoming messages. Good idea in theory but won't work in practice. The stats generated by the anonymous remailer show that less than 40% of the messages passing thru are encrypted. Most people would find being forced to encrypt a huge inconvenience.
[Underdog's remailer-stats for the past 24 hours show just under 50% use of encryption.] I suspect, though, that there's a fairly effective process of self-selection in determining whether encryption is used. On the one hand, we have the folks planning the Quayle `96 campaign strategy, who demand maximal privacy w.r.t. the content of their messages, and are liable to face increased scrutiny by eavesdroppers in virtue of their address subdomains anyway. These people realize they're under the microscope, and should *ahem* take great precautions as a result. OTOH, there are high school students posting to asar about their abusive stepfathers. With very high probability, no-one operating packet sniffers really cares about the content of this traffic. In fact, since the messages ultimately appear in public, the only significant need is anonymity. I hate to say it, but these users inherit by default a fair amount of security through obscurity. The few people who might wish to identify them as the authors of these messages often aren't even aware that they should be looking, which is quite different from the situation in the previous case. The latter group probably doesn't bother with encryption much, but they probably don't really need it much from their POV. Obviously it would be beneficent from the anti-traffic analysis perspective were everyone to encrypt, but at present it requires far too much effort (relatively speaking) with too little personal gain for the latter group of users to bother. It's worth remembering that seamless integration of encryption with standard communication tools passively enlists the help of all the people who don't give a damn about using encryption, not just those who eagerly await improved interfaces.
If remailers are going to be legally jeopardized, I would think the impact would be less if it were one instead of many. But, there is also safety in numbers. Hmm...
I've been meaning to respond to your announcement of the latest abuse of jpunix, and this appears to be an ideal opportunity. You evince a degree of puzzlement about the reasons for the popularity of remailer@jpunix.com for "abuses" such as software copyright infringement. I can't help thinking that, if I were an aspiring member of the copyright violation squad *and* a dedicated cypherpunk, I would have paid close attention to the discussion of fortress remailers. I would have noted that you (among others) offered your remailer as a fortress remailer. To minimize the chances of crashing part of the remailer bramble, I might well deliberately pick a fortress remailer to release the sensitive material, reasoning that it's less likely to face foreclosure in the aftermath of the incident. If you build a bulletproof Popemobile for the pontiff, his chauffeur will enter the demolition derby in it in preference to nailing some steel sheets onto a weekend special from Avis. "Build it and they will come !" :} -L. Futplex McCarthy; use "Subject: remailer-help" for an autoreply PGP key by finger or server; "Better watch what you say, or they'll be calling you a radical...a liberal" --Supertramp "[CIA/KGB mole Aldrich Ames] took information in shopping bags out the front door" --miscellaneous Congressperson -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLsvylmf7YYibNzjpAQEltwP+PaXLVOnyPkt6cjbVj76UxBo1sgSPER8C 2+jmOr9l7FsduYJDceoyGPgRLEWp+zrSVchSFfegPkIe+lb0MnAaawtpNcbYxSRs dlqcOP1bC0FS9SFYoj0RygW1MJAdmyjh72NKvZdzRMmQITKVZ1RYAaPr/4pOHhG4 ZVFlMfMANmE= =Ic3H -----END PGP SIGNATURE-----