I spent some considerable time today thinking about the eternity server idea proposed, and implemented in alpha stage, by Adam Back. The main method used by governments around the world so far to attempt to censor information has been the use, or proposal of, proxy servers for whole countries or jurisdictions. This method has only thus far been used to censor www connections, and has been used to censor specific sites, hence the use of mirroring to circumvent government censorship. To give an overview of the eternity server idea for those who didn`t see the original post the idea was that a non existant virtual TLD .eternity would be used to access HTML posted to usenet. So to access a site that was at say bombmaking.terrorist.com/assasination/killing.html you would send your browser to: http://bombmaking.terrorist.com.eternity/assasination/killing.html The assumption being that the distributed nature of usenet would not allow censorship. The proxies idea however can be extended to censor usenet, usenet traffic, although pretty huge, is not yet too large to be grep`d for keywords (currently around 600mb of traffic a day passes through the newsgroups) before being proxied, so a government can run a server which first checks to ensure the usenet article is not encrypted (this can be done crudely by checking for occurances of common words or by checking the redundancy of the text by attempting to compress it) and if it is encrypted junks it, if it is plaintext, greps it for keywords like "assasination", "anarchy", "porn" etc... then kills the articles that have these words in them, the other articles the government does not want to censor are put on a main server like news.fourth-reich.de and access blocked to all the other news servers. I know this might seem an unlikely scenario but it is not really when we consider the wacky ideas we have seen from governments in recent years, a dictatorship like France or Germany might begin implementing this within a few years, although the German government has had it`s fingers burnt recently with the Radikal fiasco. What I was considering was the possibility of circumventing proxies altogether, this is not an easy question and I could not think of one single way to get access, of course one could use and ISP outside of the jurisdiction but this incurs internation call charges for dial up users, and the gubmint of fascist-regime-N can block telephone access to internet POPs outside of their country. The problem with attempting to prevent censorship of usenet is that we cannot mirror it like we can web sites, the web is too huge for a government to mirror the whole of the "acceptable" part of it, so mirroring sites faster than they can block them is effective, usenet is too small to protect in this way, it could be effectively mirrored and all other access killed. Of course while we can mirror sites to prevent censorship this is almost an academic question, rather than a practical one, however, it would be nice to see a more robust system which thwarted all attempts to censor without the need for human intervention by mirroring sites etc. I can see no way that a government can censor internal traffic within a country, because this need not pass through the proxy, so if we can get a copy of a document onto one server within a country all others can access it through a virtual URL. However, this is likely to incur the displeasure of the authorities in that country and have them knocking at the door of the owner of the server holding the document, so we would have to have a system for server anonymity. This is all getting very complicated ;-) Anyway, as I have said, I can give no insight here into what is a possible solution, I hope that this post might cause someone who does have the beginnings of an idea to think about it some more and maybe give us a really robust solution to preventing censorship of this kind. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"