-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are remailers an unsolveable paradox? We want to be able to provide the means for whistleblowers and others to communicate in a secure and anonymous fashion. Yet we need to make sure we're not abused too much since sooner or later laws will catch up with the remailers should abuse sky-rocket. Once upon a time all email servers were open relays. This was a friendly time and spam wasn't invented. As time changed the focus turned on securing the relaying procedures and has continued until this day. Yet as we know the flow of spam (most of it coming directly or indirectly from US) continued to increase, despite even existing legislation today. What are the possible solutions for the remailers? Make all remailers middleman only and adding the ability to opt-in for delivery outside the network? Having a network of middleman remailers and some nymservers that only delivers to other nymserver or opted-in servers will at least provide some means for people to communicate between themselves. It would in practise destroy the ability to contact anyone outside the network though, making the network an isolated place for a few. Using techniques like Hashcash should be more or less mandatory even today to make it harder to mailbomb or send large amounts spam? Why is it not? Regardless of what any hardcore cypherpunk or old-timers in the remailer community may think about any ideas imposing restrains on the useability of remailers something just have to be made about the abuse of the system. I also predict that the abuse will increase so time is ticking in a sense. Making sure we have robust remailing services in one shape or another and at the same time have some kind of at least indirect acceptance from legislators and also a low degree of spam flowing through are essential goals. The average naive and ignorant redneck will never ever understand the principal arguments for free speech that makes remailers useful. The average american do not think and analyze what is told to him. You will probably today find millions of americans who believe that Saddam and Al-Qaeda did business just because Bush and the administration lied about that initially, even though it's more or less confirmed today that those links were not there. The rednecks also vote however (to some extent) and that's why it will be a piece of cake to strike against the remailers if the politicians would like to. And they will, if and when serious abuse were to happen more often utilizing remailers. What would happen if it was found (or simply suspected or claimed) that some terror deed was planned using remailers? How long time would it take for us to see new laws being proposed? Not long. And don't forget that anyone (like Tom Ridge himself) could send bogues messages through the system trying to Since providing a true non-censoring remailing service and at the same time safeguard against spam and abuse are therotically incompatible I guess remailers are indeed a paradox waiting to be shut down sooner or later by politicians if we're not open to at least discuss some aspects of how these services are operated. Johnny Doelittle -----BEGIN PGP SIGNATURE----- Version: Tom Ridge Special v1.01 iQA/AwUBQTWdszVaKWz2Ji/mEQJlUwCfT/jWnw/p2ydTJTKMYKA5/hs+Dm8AoNoE r9bl2EtJ3CQpZPgfkSPfGBWB =B8dt -----END PGP SIGNATURE-----
Effective today, Lemuria will be going middlemen.
Sometime around the middle of the month, Lemuria will go away.
This is final.
The main reasons are that I've lost my faith in the usefulness of the remailer network. I have indications that the remailer network is being massively abused, on the scale where the legitimate mails are a tiny fraction that would be better served using other means.
There are two main reasons for my thoughts. One is I have looked at the bounces I receive, and compared their numbers to my statistics. According to that data, without having run a statistically significant analysis, the major traffic coming through Lemuria is Spam, with threats and harrassment a second. I realize that in the no-bounces, the fraction of legitimate mails will be higher, but even assuming a factor of 10, it is still a negligable part.
Second, I've the mail attached below yesterday. In case you can't read german, it is essentially spam advertising the mixmaster software and some book and/or software I haven't tested, might be a mixmaster client, might be a trojan. This is a sign for me that the anonymous remailer network is being used systematically for abuse, on a large scale. I don't want to be a part of that.
As mixmaster has no features whatsoever to prevent this crap, and the "encrypted only" switch doesn't do what it should do, and legitimate traffic is close to zero anyways, I'll be taking Lemuria down and leaving the remailer community.
It was an interesting time, and between frog, the SciTol fanatics (from both sides) and a couple really cool people, I've learned a lot about society that I'm not sure I really needed to know. :)
Nomen Nescio wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Are remailers an unsolveable paradox?
Yes. Adios, Lemuria. Hate to see you go, but I understand completely. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFS SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com
Remailers remain effective when you run your own as the first hop and accept no incoming remail. To be sure, if everyone did that no remailer would accept remails. Shhh.
What are the possible solutions for the remailers? Make all remailers middleman only and adding the ability to opt-in for
Open wireless access points. No one said you are entitled to mail anonymously from the comfort of your home/office. Stop whining. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
There are several different types of problem messages, and some are easier to avoid than others. - Spam - Harassing messages sent to remailer users - Harassing messages sent to mundanes to annoy the mundane - Harassing messages sent to mundanes to get the remailer in trouble - Harassing messages sent to third-parties (e.g. sending Bob slander about Alice.) - Forged messages - Usenet flamebait Two of the things I never built back when I was running a remailer could have helped this problem - Encrypted-sending only. Sure, you want to only accept encrypted messages to preserve privacy, but if you require outgoing messages to be encrypted, you not only protect privacy, you eliminate most of the spam, except for spam that's sent to people with easily-located public keys. Sadly, that's a small set of people, but it's also tougher for harvester programs, and it's a set of people less likely to buy from spammers. This also significantly reduces harassment potential. Most crypto users are more likely to understand remailers, or at least to read the "this is a remailer" headers. It's possible for harassers to work around this, if you're verifying encryption just by syntax, but it's a good start: ----- BEGIN PGP ENCRYPTED STUFF Alice - your mother was a hamster and your father smells of elderberries. And your hovercraft is full of eels. Bob ----- END PGP ENCRYPTED STUFF --- - Recipient permission for outbound remailers - have the remailer ask for permission before sending somebody mail, and optionally store addresses (or hashes of addresses) of people who want to accept remailed messages in the future (obviously including other remailers in that list.) So instead of sending the message directly, you send "Subject: You've received an anonymous message #1234567 You've received an anonymous message at (foo-remailer) It may be from someone you know, or may be a forgery or spam (explain remailers blah blah blah) If you'd like to pick up the message, reply to this message. If you don't want it, just ignore this message. If you'd like us to never bother you again, reply with Subject: BLOCK If you'd like to automatically receive all remailer messages in the future, reply with Subject: SUBSCRIBE (and/or provide web URL interfaces for these functions.) Even if the remailed mail is spam or harassment, it starts out with getting permission from the recipient and building a positive relationship and some understanding of what's going on. It also means that if somebody who doesn't care about remailers gets spam or harassing mail, they don't have to get it more than once. Bill Stewart bill.stewart@pobox.com
participants (5)
-
Bill Stewart -
John Young -
Morlock Elloi -
Nomen Nescio -
Roy M. Silvernail