-----BEGIN PGP SIGNED MESSAGE----- Sorry if I'm being dense - will someone please E-mail me and tell me why outgoing-only (or incoming-address-unavailable) remailers are useful? Also, with respect to getting the addresses of working remailers from a newsgroup - it may not be a good idea to treat any address advertising itself as a remailer as a useful remailer. Remailer 'x' may well be run by a remailer-hater who publishes its traffic openly, archives it for sale to the highest bidder, is a front for the NSA, etc. I'm only inclined to trust remailers run by people I trust; or maybe those with keys signed by "C-punx Remailer Certifying Service". It's important to let the user have some degree of control over which remailers are used. (The newsgroup does seem like a nice way for remailers to indicate they're still active, though.) Are people really interested enough in more advanced measures to protect privacy that they're willing to pay for them? The digital-postage remailer stuff sounds interesting to me - but I have a hard time believing that people will pay (and go through extra hassle) to get the same functionality they already get with existing remailers. I've also considered setting up a privacy-friendly Internet site; I believe that Sameer Parekh has already done so. I don't remember seeing anyone but Sameer post from his site, however. I don't mention this to slam Sameer but to point out that perhaps people aren't interested enough in privacy to want to go to much extra trouble to get it. (Of course, everyone posting to the list now is already known as a list member - switching to a privacy site wouldn't add much.) I agree that it would be nice to have privacy-friendly Internet access available - I agree strongly enough that I'm willing to work towards providing it - but I'm reluctant to commit hundreds of dollars per month to set up a site that won't attract enough business to even be self-supporting. Would it be worth $5 or $10 per month to folks to have a mailbox they used via IMAP or POP, or $20 or so for a shell account on a box at the end of a 56K feed? (I don't see C-punks as a very big fraction of the customers of such a site, but I'm surprised that there doesn't seem to be more interest in practical privacy stuff.) -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLkChoH3YhjZY3fMNAQFVvQP/b2g8rgUaxWkdBR34DqMfR6T8bDZOhDmo gATzHduPlbFTWsz2BV6ME/XgHJAxJAT14kZx8vTEKy/y3PgR7tg4zz0pcj+shZWB BZlatH8EpZNffxO+yBF0B9Ur7HC7QrwixhVu7LjFmDwgKEnpRF/w54K8I0eXTfEh PpMXeFvVKkw= =T9pL -----END PGP SIGNATURE-----
Sorry if I'm being dense - will someone please E-mail me and tell me why outgoing-only (or incoming-address-unavailable) remailers are useful? The original intention of remailers is to allow people _who already know each other_ to do so without revealing that fact to the outside world. I would suggest that this use of remailers, rather than pseudonymity, it much easier to integrate into existing mail software, and would at this point be a good next step. But we don't even have encryption and signing well integrated yet, so I'm not too hopeful today. My criterion for a successful deployment is when the authors of a mailer distribute encryption, signing, and remailing support as a basic part of their packages. True pseudonymity further reduces risk of linking physical identity to online identity, but simply concealing communication patterns accomplishes a lot of that already. Eric
Eric Hughes wrote:
My criterion for a successful deployment is when the authors of a mailer distribute encryption, signing, and remailing support as a basic part of their packages.
Yes, but as my package stands, it will compile on most systems and anybody with a passing knowledge of sendmail.cf, aliases, or .forward files and knows the location of their mailer can install and run it. PGP has been through so many changes, I'm just waiting until I can find a version that I can (1) run for a while without becoming outdated, and (2) use on my system without having security risks all over the place. I will *not* customize my software to work with PGP. I will make it work with encryption, but I'm not going to make it do anything different for PGP than for any other mail-processing software. If anyone has the time and the inclination to monkey with the code, it's available via anonymous FTP from chaos.bsu.edu:/pub/development. It is named something like remailer-current.tar.gz. Remember, this is C code, I don't waste RAM and CPU cycles running PERL on my system (no offense intended to those who use it.) Chael -- Chael Hall, nowhere@chaos.bsu.edu
participants (3)
-
Chael Hall -
greg@ideath.goldenbear.com -
hughes@ah.com