At 03:25 PM 11/7/96 -0500, you wrote:

Mark M. wrote:

...

With remailer abuse becoming more popular and remailers going down because of complaints, there seems to be some interest in remailer software that will block all email by default and will only pass along email that is explicitly unblocked.

I think this threatens serious security problems for the remailer network in two ways:

1. You'd create a list of people interested in anonymous information, which could potentially be obtained by police or other armed thugs.

However, those armed thugs would come up with a bunch of public keys with no names attached. These keys could be used to check that "person X's" e-mail was h[er,is] own but never know who was attached to that signature. Also, complaints could use that signature to close down the account, so that "person X" could no longer send. Of course, this would not prevent that individual from resubscribing, (what would, if you figure that out, apply it to Dr. Vulis), it would allow for the remailer to be used without the fear of the government confiscating the names of the individuals. The only thing I can think of that I don't have a solution for, note this is just what I've thought of, is the sting, where the government would take over the remailer and let it continue to operate, but logging the return posts. This could work simply for mailing lists, such as this one, where the sender could verify that the message got there in person, and receive h[er,is] responses straight from the same list. For private mail, the person would have to submit to being a part of a group of approximately 100 others, with all of the posts put in a newsgroup which would be downloaded in mass. Anyone watching for downloads would only see that the person was one of one-hundred who might have made that post. All of the posts could be encrypted with the key in plaintext for easy filtering. No need to attempt to decipher everyone's mail just to see what was for you. This would be akin to stopping by a bullitan board in a hospital to find out what the test results were. Anyone could see that you were there, but they wouldn't even know what type of test you were in for, be it a blood-sugar test, a chemical analysis, an X-ray or veneral-desease test. All they would be able to tell was that you're patient number was on that wall somewhere. Persons wanting more security could download the entire contents of several newsgroups straight to the screen while they were going to the fridge for a soda. Akin to visiting several bulletin boards to cover which post you were at. Granted, the second idea is less secure than the mailing list one, but could be made to work. In the hospital, you could send a friend in for the check, on the net, you could have a daemon remail the newsgroups for you and then self destruct. You could always keep a copy of the daemon on your hard drive, and use multiple telnet sites to do the job.