Detweiler abuse again
I got a lot of complaints today about copies of Tim's old "Blacknet" posting being sent to inappropriate groups:
From paw@coos.dartmouth.edu Mon Feb 14 09:34:13 1994 Date: Mon, 14 Feb 1994 12:31:44 -0500 From: paw@coos.dartmouth.edu (Pat Wilson) To: hfinney@shell.portal.com, root@portal.com, postmaster@portal.com Subject: Re: Introduction to Blacknet Newsgroups: comp.sys.sun.admin References: <199402120837.AAA22008@jobe.shell.portal.com> Status: R
In comp.sys.sun.admin you write:
Introduction to BlackNet
[etc]
I believe that this is an illegal and unethical use of the Net for commercial purposes (to say nothing of bounds of decency). This posting lends credence to all sorts of (US) gov't paranoia. Please cease and desist immediately.
Non-anonymously,
-- Pat Wilson Maanger, Academic Unix Systems Group Dartmouth College paw@northstar.dartmouth.edu
From mcr@unison.com Mon Feb 14 10:11:51 1994 Date: Mon, 14 Feb 1994 10:11:22 -0800 To: hfinney@shell.portal.com From: mcr@unison.com (Michael Riehle) X-Sender: mcr@hal822.unison.com Subject: Introduction to Blacknet Status: R
This message appears to be from someone who is offering an illegal service and is certainly not welcome. I can't tell if this person is serious or if this is just a sick joke. It certainly isn't appropriate regardless.
Date: Mon, 14 Feb 1994 00:50:01 +0000 Reply-To: HP-3000 Systems Discussion <HP3000-L@UTCVM.UTC.EDU> Sender: HP-3000 Systems Discussion <HP3000-L@UTCVM.UTC.EDU> Comments: This message is NOT from the person listed in the From line. It is from an automated software remailing service operating at that address. Please report problem mail to <hfinney@shell.portal.com>. Comments: Warning -- original Sender: tag was NETNEWS@AUVM.AMERICAN.EDU From: nobody <nobody@SHELL.PORTAL.COM> Subject: Introduction to Blacknet To: Multiple recipients of list HP3000-L <HP3000-L@UTCVM.UTC.EDU>
Introduction to BlackNet
[...]
From kwthomas@nsslsun.nssl.uoknor.edu Mon Feb 14 12:38:27 1994 Date: Mon, 14 Feb 94 14:37:01 CST From: kwthomas@nsslsun.nssl.uoknor.edu (Kevin W. Thomas) To: hfinney@shell.portal.com Subject: Re: Introduction to Blacknet Newsgroups: comp.sys.sun.admin In-Reply-To: <199402120837.AAA22008@jobe.shell.portal.com> Organization: National Severe Storms Laboratory Cc: root@shell.portal.com, root@jobe.shell.portal.com Status: R
In article <199402120837.AAA22008@jobe.shell.portal.com> you write:
Introduction to BlackNet
BlackNet is currently building its information inventory. We are interested in information in the following areas, though any other juicy stuff is always welcome. "If you think it's valuable, offer it to us first."
- trade secrets, processes, production methods (esp. in semiconductors)
BlackNet can make anonymous deposits to the bank account of your choice, where local banking laws permit, can mail cash directly (you assume the risk of theft or seizure), or can credit you in "CryptoCredits," the internal currency of BlackNet (which you then might use to buy _other_ information and have it encrypted to your special public key and posted in public place).
This doesn't belong in "comp.sys.sun.admin", or any other Usenet group. It's postings like this that give Usenet a bad name.
Kevin W. Thomas National Severe Storms Laboratory Norman, Oklahoma
From lab@biostat.mc.duke.edu Mon Feb 14 14:05:15 1994 To: hfinney@shell.portal.com Subject: Re: Introduction to Blacknet In-reply-to: nobody@shell.portal.com's message of Mon, 14 Feb 1994 11:32:23 -0800 Date: Mon, 14 Feb 1994 17:04:09 -0500 From: "Lance A. Brown" <lab@biostat.mc.duke.edu> Status: R
What _IS_ this doing in misc.health.diabetes?
Thanks, Lance
nobody <nobody@shell.portal.com> writes:
Introduction to BlackNet
Your name has come to our attention. We have reason to believe you may be interested in the products and services our new organization, BlackNet, has to offer. [...]
From appel@cea.Berkeley.EDU Mon Feb 14 14:24:03 1994 To: hfinney@shell.portal.com, root@shell.portal.com Subject: Re: Introduction to Blacknet In-reply-to: nobody@shell.portal.com's message of Sat, 12 Feb 1994 03:49:18 -0800 Date: Mon, 14 Feb 1994 14:23:06 -0800 From: Shannon Appel <appel@cea.Berkeley.EDU> Status: R
Please be aware that your anonymous remailer is being abused. The following inappropriate post was recently sent to a rec.games.frp group. Please see that this type of thing does not happen again.
Shannon --
Introduction to BlackNet
[...]
I set up a log file for "blacknet" postings, and got this:
From hal@alumni.cco.caltech.edu Mon Feb 14 17:46:41 1994 Received: from nova.unix.portal.com (nova.unix.portal.com [156.151.1.101]) by jobe.shell.portal.com (8.6.4/8.6.4) with ESMTP id RAA11362 for <hfinney@shell.portal.com>; Mon, 14 Feb 1994 17:46:41 -0800 Received: from punisher.caltech.edu (punisher.cco.caltech.edu [131.215.48.151]) by nova.unix.portal.com (8.6.4/8.6.4-1.13) with ESMTP id RAA03081 for <hfinney@shell.portal.com>; Mon, 14 Feb 1994 17:46:41 -0800 Received: from alumni.cco.caltech.edu by punisher.caltech.edu with ESMTP (8.6.4/DEI:4.41) id RAA14916; Mon, 14 Feb 1994 17:45:46 -0800 Received: from localhost by alumni.cco.caltech.edu (8.6.4/DEI:4.41) id RAA23534; Mon, 14 Feb 1994 17:45:42 -0800 Received: from handel.cs.colostate.edu by alumni.cco.caltech.edu with SMTP (8.6.4/DEI:4.41) id RAA23522; Mon, 14 Feb 1994 17:45:34 -0800 Message-Id: <199402150145.RAA23522@alumni.cco.caltech.edu> Received: by handel.cs.colostate.edu (1.37.109.4/16.2) id AA28603; Mon, 14 Feb 94 18:45:32 -0700 Date: Mon, 14 Feb 94 18:45:32 -0700 From: lawrence detweiler <detweile@CS.ColoState.EDU> To: hfinney@shell.portal.com request-remailing-to: comp.sys.ti.explorer@news.cs.indiana.edu subject: Introduction to Blacknet
Introduction to BlackNet
Your name has come to our attention. We have reason to believe you may be interested in the products and services our new organization, BlackNet, has to offer. [...]
It seems Larry is sending this posting to lots of inappropriate groups using several different mail-to-news gateways. This is a good way to get remailers shut down, which may be his ultimate goal. I call upon remailer operators to block incoming messages from Detweiler's known aliases. Thos using the slocal-based "cypherpunks" remailer perl scripts can add the following lines near the front of their maildelivery files. # Filter Detweiler
From ld231782@longs.lance.colostate.edu file ? /dev/null From an12070@anon.penet.fi file ? /dev/null From detweile file ? /dev/null
Unless his access to the remailer network is blocked, he will be able to continue to abuse the system until it gets shut down. The alternative would be to block my remailer's access to all known mail-to-news gateways, but I am reluctant to take that step because of the loss of this ability for those who legitimately need it. If his abuse keeps up, though, that may be the only choice left. Hal Finney hfinney@shell.portal.com
I support Hal's proposal that as many remailer operators as possible attempt to filter Detweiler's postings. All it will take for Detweiler to get through is one who doesn't filter, and who supports encryption, but this will still make it harder for folks like Detweiler to abuse the system. Cryptographically speaking, in a sense, there is no such thing as "abuse." That is, we can't wring our hands and ask the "authorities" to "do something." That's the old way of looking at things. The new way is to use filters, to have postage paid mailers (someday), and to have users do filtering of their own. Filtering those who "abuse" the systems we have is just part of the "reputation system" we are pushing for. A few comments on Hal's posting:
I got a lot of complaints today about copies of Tim's old "Blacknet" posting being sent to inappropriate groups:
Needless to say, it wasn't me who posted this. Ironically, I've never posted it to Cypherpunks, either. I sent it out to several folks prior to a nanotech meeting, to make some points about the impossibility of bottling up the knowledge of how to do nanotechnology (someday), and apparently one of the recipients sent it through a remailer to Cypherpunks. From there, it went out to several other lists and newsgroups. Life in the age of cyberspace. ...much stuff deleted...
Received: from handel.cs.colostate.edu by alumni.cco.caltech.edu with SMTP (8.6.4/DEI:4.41) id RAA23522; Mon, 14 Feb 1994 17:45:34 -0800 Message-Id: <199402150145.RAA23522@alumni.cco.caltech.edu> Received: by handel.cs.colostate.edu (1.37.109.4/16.2) id AA28603; Mon, 14 Feb 94 18:45:32 -0700 Date: Mon, 14 Feb 94 18:45:32 -0700 From: lawrence detweiler <detweile@CS.ColoState.EDU> To: hfinney@shell.portal.com request-remailing-to: comp.sys.ti.explorer@news.cs.indiana.edu subject: Introduction to Blacknet ...
It seems Larry is sending this posting to lots of inappropriate groups using several different mail-to-news gateways. This is a good way to get remailers shut down, which may be his ultimate goal.
This certainly seems to be the case. Detweiler is apparently devoting his entire life to this sort of nonsense. He keeps escalating the level of attack.
I call upon remailer operators to block incoming messages from Detweiler's known aliases. Thos using the slocal-based "cypherpunks" remailer perl scripts can add the following lines near the front of their maildelivery files.
# Filter Detweiler
From ld231782@longs.lance.colostate.edu file ? /dev/null From an12070@anon.penet.fi file ? /dev/null From detweile file ? /dev/null
Unless his access to the remailer network is blocked, he will be able to continue to abuse the system until it gets shut down.
Yes, things are very serious. He'll probably change remailers and will likely pick other articles from Cypherpunks he thinks will do maximum damage, either in spreading views the recipients will be shocked by, or just in using the remailers to mailbomb them and thus increase the pressure to (somehow) shut the remailers down. Should we "tone down" our speculations and scenarios? Probably too late, anyway, as Detweiler already has dozens of controversial posts he can use...the "Secrets of Stealth" post comes to mind, as well as many of the calls to arms and proposals for digital money for tax evasion. In any case, I don't think we should let his abuses stifle our free discussion of ideas and plans. That would be conceding defeat and adopting a wimp's outlook. Best that we learn to deal with it in other ways. As serious as this is, we knew this kind of concerted attack on the remailer network was going to happen eventually. My condolences to Hal and the other operators for having to face this new threat. Maybe we can learn from it and emerge stronger. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available.
Uh, sorry to ask, but why is he still on cypherpunks if his abuse stems from knowledge gained on this list? ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> In the United States, they \/ Finger for PGP 2.3a Public Key <=> first came for us in Colorado... -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
Uh, sorry to ask, but why is he still on cypherpunks if his abuse stems from knowledge gained on this list?
____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu
First, the BlackNet piece dates from last fall, when Det was still on the list (he asked to be removed in November or thereabouts). Second, he may be subscribed under one of several aliases. I think not, though. Third, apparently someone is forwarding to him some or all of the posts. Probably just some, would be my guess. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available.
Tim,
I support Hal's proposal that as many remailer operators as possible attempt to filter Detweiler's postings. All it will take for Detweiler to get through is one who doesn't filter, and who supports encryption, but this will still make it harder for folks like Detweiler to abuse the system.
I disagree. While I can honestly say that I don't like most Detweiler posts, I feel that he is showing us the possibility of how remailers can (and are) being abused. I think censorship is the wrong answer. I think there needs to be some accountability, even if it is anonymous accountability. "How do we acount for something that's anonymous?" I hear you ask me. Well, I don't have the answer to that. Maybe our idea of anonymity is slightly in error. Maybe we need something like penet, where you actually get a return ID, to have some sort of anonymity. I don't know 100% for sure that Detweiler is an12070, although I do believe it is his address. Although I don't agree with his means, I do feel that once in a while Detweiler does post something useful. He does have something to say, although he has a real backwards way of saying it. (So backwards that he causes people to stop listening before he makes his point). But I feel censorship is *always* the wrong solution, unless it is done at the end-point. I.e., I can *choose* not to read posts from detweiler, or an12070, but that is my choice. I do not think anyone has the right to say to me that I *cannot* read his posts. It should be my perogative. Maybe we should change our systems to allow for anonymous accountability? Just a thought (or series thereof ;-) -derek
Derek Atkins writes:
I disagree. While I can honestly say that I don't like most Detweiler posts, I feel that he is showing us the possibility of how remailers can (and are) being abused. I think censorship is the wrong answer. I think there needs to be some accountability, even if it is anonymous accountability.
It's really not censorship for Hal or any other remailer operator to say _his_ machines, accounts, reputation, etc., will be used to mail death threats to whitehouse.gov, for example, or mailbombs to newsgroups and mailing lists. (I'll concede that I sometimes use the word "censorship" in this same sense Derek was using it, as in "Apple is censoring its employees." I suppose we need a word for this sense, the non-government censorship sense.) But semantics aside, "there ain't no such thing as a free lunch," and part of the evolutionary development of remailers and anonymous systems will include various "non-ideal" intermediate stages. Until we have digital postage, for example, the recipient of Detweiler's mailbombs has to pay for them. This is a contributing factor that points to the need to filter at the input to the remailer. (Note that this filtering is not happening at Detweiler's machine, or with armed goons going to his house to stop him, etc.) In Chaum's DC-Net, "disruption" is the problem he devotes most of his attention to. Not the basic idea, which is explicated in the first few pages of the paper ("The Dining Cryptographers Problem," Journal of Cryptology, Vol 1 No 1, 1988), but the implications of a malicious disruptor intent on shutting the DC-Net down. What we have in Detweiler is just the first instance of such a disruptor in our (limited) version of a DC-Net. With all due respect to my colleague Derek, with whom I agree in many ways, saying we don't believe in censorship is not an answer. Derek's further comments about some kind of receipt that comes back....I'll have to think about that further. My hunch is that that may break the total anonymity (that we strive for as a principle) and should be avoided. I'd recommend we all go back and look at the DC-Nets paper. This paper, by the way, was scanned in and OCRed by the "Information Liberation Front" (another one of Detweiler's faves) and is available, last time I checked, in the Cypherpunks archives at soda.berkeley.edu.
But I feel censorship is *always* the wrong solution, unless it is done at the end-point. I.e., I can *choose* not to read posts from detweiler, or an12070, but that is my choice. I do not think anyone has the right to say to me that I *cannot* read his posts. It should be my perogative. Maybe we should change our systems to allow for anonymous accountability?
Yes, but Hal has not obligation to accept messages from known disruptors, any more than you have an obligation to "never censor" people by keeping them out of your house. Long term, users will have to learn ot have "positive reputation" filters, or to hire their own screeners or moderators, but in the short term, Detweiler's mail bombing of dozens of lists with posts about Nazis, BlackNet, kiddie porn (I predict this next), and tax evasion will almost certainly result in most of all of the remailers being shut down by legal pressures. No simple solutions. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available.
Derek's further comments about some kind of receipt that comes back....I'll have to think about that further. My hunch is that that may break the total anonymity (that we strive for as a principle) and should be avoided. I'd recommend we all go back and look at the
I'm not sure that I really meant to have a receipt, more or a return-path. Maybe even a cryptographiccally secure return path. I think a question is: who are we protecting against? Are we protecting against the remailer operators? Or are we trying to protect from a third party? I think we should go back and re-examine our goals for anonymity.
Yes, but Hal has not obligation to accept messages from known disruptors, any more than you have an obligation to "never censor" people by keeping them out of your house.
To me, this is like NEARNet saying that they have no obligation to accept packets from a known disruptive user. No, I don't believe that that is the answer. Then again, I don't think that a remailer should run out of an account, but rather on a machine, but that's a different story. I consider a remailer a service, and as such, the service should be available to all comers. (With digital postage this paradigm makes much more sense). I do not think of it like a home. I also agree that positive reputation is important, but I think that is much more difficult to implement than a more secure anonymous system. To reiterate: I do think that something needs to be done, but I think we should analyze what we are trying to accomplish rather than rushing off and saying "just don't service this abusive customer". -derek
Derek Atkins <warlord@MIT.EDU> writes:
I'm not sure that I really meant to have a receipt, more or a return-path. Maybe even a cryptographiccally secure return path. I think a question is: who are we protecting against? Are we protecting against the remailer operators? Or are we trying to protect from a third party?
I think that we are trying to protect against 3rd parties. With the X-A-R-P:/X-A-S-P: scheme I posted, each remailer *could* log who it came from and who it was going to -- it's optional. But, (with the appropriate delays and padding to prevent traffic analysis), a third party would not be able to figure that out.
To me, this is like NEARNet saying that they have no obligation to accept packets from a known disruptive user. No, I don't believe that that is the answer. Then again, I don't think that a remailer should run out of an account, but rather on a machine, but that's a different story. I consider a remailer a service, and as such, the service should be available to all comers. (With digital postage this paradigm makes much more sense). I do not think of it like a home.
I would argue that you are correct. Anonymous remailing is a new service. It should have new servers that run on a well-known port (so that any user can start one up) and hacks could be put into most of the current mail agents to support using an anoymous remailer. We don't even have to follow RFC 822 in the format of our messages, though I think we should.
I also agree that positive reputation is important, but I think that is much more difficult to implement than a more secure anonymous system.
Yes. The easiest way to build a reputation is to assign some unique public/private key pair to each anonymous user and require all remailed messages to be signed. Then, you as a user can choose to ignore or read messages from that id. Additionally, it does allow for the server daemon to reject postings from "abusive" ids or simply not forward the posting, but rather a notice stating the ID and subject line of the message, making it available in a public place like anonymous ftp or gopherspace for those who *do* want to read it. The really nice thing about this is that it won't prevent people from having their anonymity, but it will cut down on the actual damage that abusers can do.
To reiterate: I do think that something needs to be done, but I think we should analyze what we are trying to accomplish rather than rushing off and saying "just don't service this abusive customer".
I agree. I think anonymous remailing should be as close to universal as possible. If there *is* a way to service everyone, I think we should do it. Resorting to non-service of "abusers" should be the last resort. Jon Boone | PSC Networking | boone@psc.edu | (412) 268-6959 | PGP Key # B75699 PGP Public Key fingerprint = 23 59 EC 91 47 A6 E3 92 9E A8 96 6A D9 27 C9 6C
I wrote:
It's really not censorship for Hal or any other remailer operator to say _his_ machines, accounts, reputation, etc., will be used to mail ^ not death threats to whitehouse.gov, for example, or mailbombs to newsgroups and mailing lists.
I meant of course "will not be used." This mental slip of leaving out a "not," especially when I mean it vehemently ("will NOT be used"), has happened to me several times on this list and on Extropians. Normally I don't correct minor spellung errurs, but in this case this could be misinterpreted with disastrous effects (by someone wishing to do so). Sorry for the bandwidth. --Tim May
-----BEGIN PGP SIGNED MESSAGE----- On Mon, 14 Feb 1994, Timothy C. May wrote:
Derek Atkins writes:
I disagree. While I can honestly say that I don't like most Detweiler posts, I feel that he is showing us the possibility of how remailers can (and are) being abused. I think censorship is the wrong answer. I think there needs to be some accountability, even if it is anonymous accountability.
It's really not censorship for Hal or any other remailer operator to say _his_ machines, accounts, reputation, etc., will be used to mail death threats to whitehouse.gov, for example, or mailbombs to newsgroups and mailing lists.
While it is not censorship as such, it rather seems against our stated goals as cypherpunks to advocate such filtering...not because of what it blocks from our own sites, but it _does_ affect those downstream. To give an example of why this is important, last July (June?) the University of Canterbury in Christchurch New Zealand began filtering all alt.sex.* newspostings from their site. Well this in itself was perhaps harmless, the topology of NZ's corner of the net is such that as a result _all_ net-sites in the entire of NZ's South Island lost these newsgroups. While I'm not saying that the University were outside of their rights, we must keep the wider issues in view at all times. Another key point is that we not let our own personal feelings interfere with our political actions. I'm sure most of us here were offended by the suggestions in the heat of the anonymity debate that all anonymous postings to newsgroups be killed...yet here are cypherpunks advocating the filtering of all Detweiler and Detweiler-seeming posts. Sure, the guy's a prick, but should we let him turn us into fascists? Jim Wise wisej@acf4.nyu.edu jaw7254@acfcluster.nyu.edu -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLWGRGTS8O1DgkhNpAQGr7AP7BLMG7DQa85fgqN2XKQalmxAZjjnsT+RT b+i1d3C+Lr8lYu4DAidXF1aIoCdpDoyQieEioKiWFe51GLPn8CxjlREZH0v3jmWe B6i1d0bXcvWEH/iZdo6RKW4L4FZ+ri4EsDBSHFk3Zj3IxAWmKYTGGKcqtN/mmFaJ h9rnWul2XxU= =47Ss -----END PGP SIGNATURE-----
Derek Atkins says:
I disagree. While I can honestly say that I don't like most Detweiler posts, I feel that he is showing us the possibility of how remailers can (and are) being abused.
One reasonable solution to abuse is to block the use of remailers by potential abusers. Julf does this with his system. Remember this is distinct from censorship -- you are not telling someone "you can't use any system", you are telling them "you can't use my hardware to do what you want; find someone else's hardware". Perry
participants (7)
-
Derek Atkins -
Hal -
Jon 'Iain' Boone -
Perry E. Metzger -
Robert A. Hayden -
tcmay@netcom.com -
wisej