kickouts done the Cypherpunks way...
Hi, Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y, for his obnoxious letters to the mailing list. Mr. X, however, is concerned that Mr. Y would subscribe through some proxy address and would continue replying to messages to foobarpunks. It is assumed that the only person out of the whole universe, Mr. Y, cannot be trusted. The problem is that X does not know which of the subscribers is Mr. Y. The question is, is there a technical way to disable Mr. Y from reading the list, or detect which subscription address is a proxy for Y? If we assume that, at the moment when Y was kicked out, he was not subscribed through any other addresses, the solution becomes simple: for any new subscription request we require a letter of recommendation from some other subscriber. Since other subscribers are presumed to be trustworthy, their recommendations would be sufficient. It is actually being done in some of the mailing lists. The problem becomes more complex when Mr. Y is already presumed to have infiltrated the mailing list, possibly through several proxy addresses. Is there any way to detect/find which if the subscriber is Y? One of the simple-minded solutions is to _mutate_ mailing list messages so that all readers get slightly different copies of mailing list messages for each recipient. (Such mutations may include common misspellings, inserting spaces, etc) If the mailing list bot keeps track of what changes were made in messages to which individual, and if we assume that Mr. Y has to quote significant parts of messages he replies to, finally the variations in messages may be reconciled with variations in quoted parts. Mr. Y is not stupid, and may go as far as comparing letters, received through different proxy addresses, in order to detect "variations" and avoid quoting them. The question is, is there a strategy of making variations and detecting them in quotes to finally catch Mr. Y? - Igor.
The problem is that a nobody wanting to join the mailing list to learn the subject matter of the list probably will not know anyone to sponsor him.The second problem is that some isps go down occasionally and the mail bounces back to the list which results in a subscription stop. How than would one know to whom to go and ask for a recommendation. These are certainly things to consider . On Sun, 24 Nov 1996, Igor Chudov @ home wrote:
Date: Sun, 24 Nov 1996 19:34:09 -0600 (CST) From: "Igor Chudov @ home" <ichudov@algebra.com> To: cypherpunks@toad.com Subject: kickouts done the Cypherpunks way...
Hi,
Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y, for his obnoxious letters to the mailing list.
Mr. X, however, is concerned that Mr. Y would subscribe through some proxy address and would continue replying to messages to foobarpunks.
It is assumed that the only person out of the whole universe, Mr. Y, cannot be trusted. The problem is that X does not know which of the subscribers is Mr. Y.
The question is, is there a technical way to disable Mr. Y from reading the list, or detect which subscription address is a proxy for Y?
If we assume that, at the moment when Y was kicked out, he was not subscribed through any other addresses, the solution becomes simple: for any new subscription request we require a letter of recommendation from some other subscriber. Since other subscribers are presumed to be trustworthy, their recommendations would be sufficient. It is actually being done in some of the mailing lists.
The problem becomes more complex when Mr. Y is already presumed to have infiltrated the mailing list, possibly through several proxy addresses.
Is there any way to detect/find which if the subscriber is Y? One of the simple-minded solutions is to _mutate_ mailing list messages so that all readers get slightly different copies of mailing list messages for each recipient. (Such mutations may include common misspellings, inserting spaces, etc)
If the mailing list bot keeps track of what changes were made in messages to which individual, and if we assume that Mr. Y has to quote significant parts of messages he replies to, finally the variations in messages may be reconciled with variations in quoted parts.
Mr. Y is not stupid, and may go as far as comparing letters, received through different proxy addresses, in order to detect "variations" and avoid quoting them.
The question is, is there a strategy of making variations and detecting them in quotes to finally catch Mr. Y?
- Igor.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x No success can compensate for failure in the home. x x x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ichudov@algebra.com (Igor Chudov @ home) writes:
Hi,
Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y, for his obnoxious letters to the mailing list.
Mr. X, however, is concerned that Mr. Y would subscribe through some proxy address and would continue replying to messages to foobarpunks.
It is assumed that the only person out of the whole universe, Mr. Y, cannot be trusted. The problem is that X does not know which of the subscribers is Mr. Y.
The question is, is there a technical way to disable Mr. Y from reading the list, or detect which subscription address is a proxy for Y?
The answer is no. Plenty of sites gate mailing lists to local newsgroups, and allow open or relatively open NNTP access. It's also silly to assume every other person in the universe is trustworthy. If Mr. Y sends lots of obnoxious mail to a mailing list or news group, the proper thing to do is to put Mr. Y in your killfile and encourage others to do so. That way you don't get bothered by his annoying messages, and if enough people follow suit, people stop responding to Mr. Y's messages. This can be even be extended to cover anonymous posts using NoCeM-like systems. If you try to boot Mr. Y off the mailing list using technical means, several bad things will happen: First of all you will fail, which will give Mr. Y a great deal of satisfaction. Second of all, you will drive Mr. Y to start posting under different names, making him considerably harder to killfile. Third of all, you will double the traffic on the mailing list by starting flamewars about whether this failed booting attempt was ethical, legal, intelligent, homosexual, scatological, or just plain useless. Since at this point tons of people will be replying to threads, a killfile becomes even harder to manage. So don't look for convoluted technical solutions to Mr. Y's personality problems. Just use a little basic common sense. If you don't like the way someone behaves on a mailing list, just ignore the damn person. Anything else is just going to make matters worse, as recent history clearly demonstrates.
On Mon, 25 Nov 1996, lcs Mixmaster Remailer wrote:
ichudov@algebra.com (Igor Chudov @ home) writes:
Hi,
Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y, for his obnoxious letters to the mailing list.
Mr. X, however, is concerned that Mr. Y would subscribe through some proxy address and would continue replying to messages to foobarpunks.
It is assumed that the only person out of the whole universe, Mr. Y, cannot be trusted. The problem is that X does not know which of the subscribers is Mr. Y.
The question is, is there a technical way to disable Mr. Y from reading the list, or detect which subscription address is a proxy for Y?
The answer is no. Plenty of sites gate mailing lists to local newsgroups, and allow open or relatively open NNTP access. It's also silly to assume every other person in the universe is trustworthy.
Process of elimination. If the document that goes to a newsgroup is document #5, then you can concentrate on the path after #5. Which newsgroup is it? Easily determined by selectively seeding documents to different newsgroups. You get the idea. Message pools complicate the process, but are not impossible to deal with, particularly when output to the newsgroup can be controled, as it can here, either by killing the feed the the group, or to the party posting there. This all of course begs the question as to whether this is even a good idea, you address it below:
If Mr. Y sends lots of obnoxious mail to a mailing list or news group, the proper thing to do is to put Mr. Y in your killfile and encourage others to do so. That way you don't get bothered by his annoying messages, and if enough people follow suit, people stop responding to Mr. Y's messages. This can be even be extended to cover anonymous posts using NoCeM-like systems.
Agreed. But not because it is technically impossible.
If you try to boot Mr. Y off the mailing list using technical means, several bad things will happen: First of all you will fail, which will give Mr. Y a great deal of satisfaction. Second of all, you will drive Mr. Y to start posting under different names, making him considerably harder to killfile.
Not really. Simply continue to seed and watch new subscriptions to the list. That narrows down the leak quite well. Same thing as winding up agent nets that use dead-drops. Identigy one step at a time.
Third of all, you will double the traffic on the mailing list by starting flamewars about whether this failed booting attempt was ethical, legal, intelligent, homosexual, scatological, or just plain useless. Since at this point tons of people will be replying to threads, a killfile becomes even harder to manage.
Agreed.
So don't look for convoluted technical solutions to Mr. Y's personality problems. Just use a little basic common sense. If you don't like the way someone behaves on a mailing list, just ignore the damn person. Anything else is just going to make matters worse, as recent history clearly demonstrates.
Mostly agreed. -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland
On Sun, 24 Nov 1996, Igor Chudov @ home wrote:
The question is, is there a strategy of making variations and detecting them in quotes to finally catch Mr. Y?
It's not a new concept if thats what you mean. Has many names. "Canary trapping, imposed distribution attributation" and others. Generally either a single non-spelling error is introduced (generally with punctuation), or several errors are introduced in different patterns throughout the document. Word order is another common variation to use. At the most basic level, a script could easily introduce e.g., a semicolon in place of a comma once in a document, and in a different place for each document. The "phantom serial number" of a given document is obtained by counting the commas encountered before a semicolon is found. If a correlation between serial number and original recipiant is maintained, the first tier of the avenue by which the document is escaping is easily identified. Of course this method assumes that the documents are distributed onward without alteration or summarizing. More complicated variations can be introduced as is needed. (Paragraph/subject order, names of participants, etc.) Coderpunks might have a harder time. For obvious reasons technical writings are much more sensitive to even minor alterations.
- Igor.
-- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland
participants (4)
-
Black Unicorn -
ichudov@algebra.com -
lcs Mixmaster Remailer -
Moroni