On Mon, 1 Jan 1996, Lucky Green wrote:
At 15:14 1/1/96, Mike McNally wrote:
Lucky Green writes:
But how many of them [ IP providers ] will be willing to forward certain newsgroups if doing so carries a mandatory 10 year prison term? Hint: count the number of narcotics dealers that advertize in your local yellow pages.
But an IP provider doesn't have to know that it's "forwarding" *any* newsgroups; all it has to know is that IP packets are moving between my PC and the outside world. It doesn't have any way of knowing what those packets contain and doesn't want to.
Some site in physical space has to host the nntpd, the ftpd, and the httpd. That site will be subject to search, seizure, and arrest and conviction of owner.
If you don't have a host, there won't be any packets to forward.
This is _exactly_ where the transnational nature of the Internet becomes successful, when combined with strong crypto. If the sites coming into your machine are encrypted, nobody outside of your system (perhaps only you) know that said newsgroups, websites, etc. are being hit. If the site they originate from is determined to be offshore, they can't stop the site. Probably. Subject, at least, to foreign cooperation or direct CIA/NSA involvement. The potential for traffic analysis is the danger here. If an "FBI International Data Laundering Expert" testifies in court that said data came from a site known to be frequented solely by so-and-sos, all the strong crypto in the world won't stop the average jury from convicting you. Carl Ellison (among others, I'm sure) has suggested various means of foiling traffic analysis among a group of trusted conspirators, using a token-ring-like routing scheme. I'm not completely convinced that it's robust enough, but a variation on it is probably adaptable. The point-to-point nature of the internet is also its achilles heel, as far as traffic analysis is concerned... the troubles faced by traditional cypherpunk remailers, the generalized problem of anonymous message distribution, and such are the current limits of consideration on the list (as far as I'm thinking right now... I may be wrong). However, the problem of, say, webservers collecting statistics on users, would be moot should it be possible for truly anonymous websurfing (I'm convinced that traditional http proxies have the same flaws as traditional cypherpunk remailers). More work needs to be done on untracable, yet at least modestly efficient, truly anonymous routing, even in a system where many of the participants, and perhaps even one of the endpoints, is or is willing to "cheat." Jon Lasser ------------------------------------------------------------------------------ Jon Lasser <jlasser@rwd.goucher.edu> (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key.