At 5:25 PM -0800 1/15/98, Adam Back wrote:

Ryan Lackey writes:

...

(Eternity-USENET is vulnerable to technical Denial of Service attacks with the current small number of indexing servers, even if it is protected from legal issues. I think illegal or extralegal attacks are as dangerous as the legal ones)

Public access servers aren't a good idea. Really people should be running local access servers only. The index is local, cache is local, and USENET is a distributed broadcast medium.

Seems close to ideal to me, the problem being as Tim points out: bandwidth limitations. The bandwidth limitation is debilitating; to overcome this we have to relax security, for example by using remailers rather than USENET for all but indexes of documents.

This was my point, and has been for years (though not in the context of "Eternity"). To wit, save the bandwidth for _pointers_, not raw data. To make this concrete, suppose Alice is in possession of a set of photographs of Bill Clinton engaged in sex with his mistresses (Paula Jones, Gennifer Flowers, Tammy Faye Baker, Margaret Thatcher, etc.). The file size is 5 MB. The pointer to this file is _much_ shorter, namely, a text description, and/or possibly a set of blurred thumbnails. And if the file is only occasionally requested (or purchased), it makes no sense to blast it to the Usenet frequently (*). (* And how frequent is frequent, even in Eternity Usenet? I argue there is little point in blasting such files on a weekly basis, say, as even that is *much too slow* for someone who really wants the file NOW. A "call and response" response system, to borrow a phrase from the blues, makes a lot more sense.) Additional dimensions or axes are: how many requestors? and how many suppliers?

One criticism I noticed several people raise was that USENET would be shut down as a way to kill eternity USENET when something controversial gets posted.

I have not argued this. Usenet is notoriously hard to "shut down." However, it is quite likely that newsgroups carrying vast amounts of "Eternity Usenet" stuff will overload the system and effectively force the newsgroup to not be carried by many sites (just as alt.binaries.pictures.* groups are already excluded from many newsfeeds, for both bandwith/storage and naughtiness reasons).

However it seems to me that the weakest point is the remailer network. It seems likely that it would be much easier for governments to shut down the remailer network than it would be to shut down USENET. There are only around 20 or so remailers, and they all have known IP addresses, operators, localities, etc. I expect the spooks could shut them down with less than 1 days notice if they wanted to.

Well, I have long argued for the need for thousands of remailers, esp. the "everyone a remailer" model. But, although I agree we need many more remailers, I think Adam overstates the ease with which remailers can be shut down, at least in the U.S. Although there are many "extralegal" atrocities committed in the U.S., as in all countries, consider some "protections" which exist in the U.S. (I am no expert on English common law, so will confine myself to the U.S., where at least I have some knowledge): 1. The First Amendment is incredibly powerful ammunition against a blanket shut down of "speakers" or "publishers." Vast amounts could be written on just this one point. Basically, if the U.S. Government was constitutionally unable to stop even the publication of the Pentagon Papers, how could Joe's Remailer be enjoined from passing along received messages? 2. Even a hypothetical law requiring senders to identify themselves, seen by some as an end to remailers, would be easily surmounted by interpreting remailers as "commenters." By this I mean the following: "Hey, Fred's Commenter Remailer, look at the weird message I just received: lke[i=39023pok=94pk[e=f 3r93ir=-039r=30r9p0ir-3r9i3=r0923= 1-903u-q938-398-9 etc. Any comments on what this means?" In other words, unless the right to _comment_ on a received letter or message is quashed, I can simply comment on such messages. (Of course, Fred's Commenter Remailer would do the same with the next in line.... I mention this not because I think it is likely, but to show the can of worms the government would open if it tried to "ban remailers." 3. Encrypted speech is speech. So long as speech is legal, encrypted speech is legal. Any law limiting encrypted speech is limiting speech (in an overbroad way, not the narrowly defined "shouting fire" cliches). So long as encrypted speech is legal, remailers will be legal. --Tim May

So, where would blacknet, and eternity USENET be after that?

How do we improve the resistance of the remailer network to well resourced attackers intent on dismantling it?

Adam

The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."

At 01:25 AM 1/16/98 GMT, Adam Back wrote:

How do we improve the resistance of the remailer network to well resourced attackers intent on dismantling it?

An obvious thing to try is to add some more remailers. 300 remailers would not be immune to simultaneous shutdown by the authorities, but it would make it more difficult. A dozen of so remailers makes shutdown fairly simple. A less obvious thing to try is to get the general windows users to start making use of remailers. If Eudora, Pegasus, and Outlook came nym ready out of the box, with the ease of use of a spell checker, then this would generate enough traffic to flood the remailer network and require hundreds of servers. This idea has it's own problems, but there is not much traffic on remailers. One of the busiest remailers in the world still has only about 3,000 messages per day. One spammer can send mail to more destinations in a weekend than the entire remailer network in a year. Threats to the remailer network come from a few basic places. 1. Traditional law enforcement 2. Unauthorized law enforcement 3. "friends" of message recipients or "friends" of the remailer 4. unreliability of the machines that form the network 5. Hacking attacks 6. Design 7. User incompetence Of the above, the most dangerous in my opinion is "friends". This is what shut Balls down. This is where Cracker gets the worst complaints. Seldom do I hear a complaint from a message recipient, more I hear from "I have a friend who got this message..." Traditional law enforcement is a quick call with a thank you I'm dropping this. While penet shut down after an investigation, he alluded to the fact that he was just tired of the hassles. Weasel did not shut down because of the law, but due to the desire to not expose his ISP to hassles. Traditional law enforcement takes so long to investigate, the keys could be canceled and replaced several times. In the US I don't think that law enforcement really cares enough to issue a warrant. Almost no warrants have ever been issued for remailers. Though I would not be surprised to find that intense extra-legal investigations were done on cases that involved situations such as Jim Bell's Assassination Politics. Cracker goes off line for a few hours every month. We basically never lose messages, but we can delay some. We have a downtime between 1.6% and 3% on the overall average. This is our remailer only. Compare this with the network - we only had 26 minutes of downtime in the last 365 days. Recently another remailer went down due to a hard drive problem - for a week or more. Software and hardware problems are significant issues for remailers. Another is incompatibilities in moving data from one mail host to another. Every once in awhile machines just become incompatible, often due to sendmail configurations designed to block spam or provide better security. As for hacking attacks, Cracker/EFGA has had some people censured by their ISP for stuff like spoofing us, mailbombing, and that good 'ole ping thing. To be honest, we've never been hurt by it anyway, but we do monitor for such things. A significant problem is in design. The remailer network is not designed to be robust or fault tolerant. There is no error notification to the user. If your message gets dropped along the way, there is no recovery system that gets it through another route. If you misspell your destination address, or other problem exists, you don't get notified of the event. Still for a group of volunteers running software that is patched almost every week, providing services for free - they don't do a bad job. -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key

-----BEGIN PGP SIGNED MESSAGE----- On Fri, 16 Jan 1998, Robert A. Costner wrote: [...]

The remailer network is not designed to be robust or fault tolerant. There is no error notification to the user. [...] How would this be implermented. If you are able to trace backwards so you know who to notify then you don't have anonminity.

- -- Please excuse my spelling as I suffer from agraphia see the url in my header. Never trust a country with more peaple then sheep. ex-net.scum and proud You Say To People "Throw Off Your Chains" And They Make New Chains For Themselves? --Terry Pratchett. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNMMPA6QK0ynCmdStAQG8qgP8ClMmPfeGkEJ9Fydfb5i3n1ARuKRV+nET cLIt9GfU9vlrashs+2Shx/c8bz67+rl0eOAdgNBbDlW8Fe1Qzb9EfRCn24f+ZL0K +7PyBc+2YTfWOTrmEGihNuLnKUtFUNRrjyC0+PHWDCTOZx+W9LzAxKsbw8TzPWAF zMG5ooTbM+E= =2cCi -----END PGP SIGNATURE-----