Graham Toal <gtoal@an-teallach.com> writes:
I think it's time to try a new experiment in anonymous remailing. I think that all remailers should close down, then open up with new addresses and a single shared new policy... the new policy being that each individual remailer will do his best to 'out' all posters - complete disclosure, log files available, posts available, summaries show up via finger etc etc.
This is a pretty radical idea, but it is tempting. Like other remailer operators, I get tired of fielding complaints. I don't look at the messages when they go through, but incorrect ones end up in my mailbox, and I may see them by accident. So many are obscene, name-calling, etc., that it kind of makes you wonder after a while whether the service is worthwhile. Of course, I do tend to see the "dregs", users who are clueless about using the service. Hopefully the more capable users are doing something a little more worthwhile with it. Then there are the constant moral dilemmas. I got flamed pretty well for outing Detweiler on his "Death to Blacknet" spam. I try hard not to look at the messages, deleting bounced mail just from the headers, etc., but it gets to be a pain. In some ways Graham's suggestion to just say, screw you, I'm going to feel free to publicize everything that goes through my remailer, is tempting. Still, though, I think this would do more harm than good. I get about 20 to 40 messages a day through my remailer, and only 5 or 10 of those are encrypted. Switching to a policy that would require chaining and encrypt- ing to make it useful would make it a lot harder to use the remailer. If I have faith that the remailer is doing some good for someone, somewhere, then it would be bad to take that away from the people who are using it now. (I just did a complete search of the news spool directory here for postings from my remailer, and found only four, two of which were duplicates of a claim that cable companies can listen to what you are saying in your living room. I wonder what the traffic through my remailer is?) The other problem I see with Graham's idea is that I'm not sure the technology is there to provide good security in the face of this much information. Not many of the remailers add delay, and a lot of people don't like it when they do. In that case it may be easy to figure out what path even a chained encrypted message took. Even the delaying remailers, if they published message sizes, would usually reveal their in-to-out correspondance. So I think it is premature to do this. Until we have remailers which can support cryptographically strong message padding with standard message sizes, running on un-hackable systems with delays and batching to confuse the in-out relationships, it would be counter- productive to do what Graham suggests. Even once we have it, there is still the question of what the remailer network is for. I think news posting is responsible for a large fraction of the complaints. But does it also provide much of the utility of the technology? Do people use remailers for ordinary email, or just for broadcast-type messages? Unless we understand what the market is for the service it's hard to know what features to provide. In particular, if cleartext output is prevented, how much does that impair the usefulness of the network? My instinct is that it hurts a lot, although it would be nice for the operators since it would eliminate most sources of complaints. Hal