-----BEGIN PGP SIGNED MESSAGE----- I don't think the idea of a "virtual server" for anonymity will really accomplish much. Even if you somehow manage to spread the software over several machines, you still need to publicize the entry and exit points for remailing requests. If the net police determine to shut down the server, they can go after those machines which are publically known to be the places where the anonymous messages come from and shut them down. Sure, if you have a network of machines you might be able to bring another one online pretty quickly to replace this one which has been shut down. But then the net police can go after that one. And so on. You'd get the same effect just by having a bunch of conventional remailing servers, only announcing one of them publically, and then having each one come online only after the one before it got shut down. The hard part in either of these scenarios is collecting more people who will run anonymity servers. I don't see that doing tricky stuff with virtualizing the calculations helps you much. Similarly, trying to put a machine at an unknown site, or perhaps in a friendly country, won't necessarily help. If the machine itself is inaccessible, the net police will go after its feeds, the points at which it connects into the network. Look at what happened to Julf. His machine was safe, sitting in a back room of his house. They went after his net feeds instead. The real answer is to publically defend remailers. I argue for remailing servers on the basis of preventing traffic analysis. Most people accept that the use of encryption is justified for email in order to protect individual privacy. I claim that remailing servers extend this protection to include not only the content of a message, but its destination as well. The net does little today to keep the facts private about whom you communicate with. Remailers provide that confidentiality. If we had enough remailers that we could confidentally run a virtualized system, knowing that we could keep brining them online faster than they could be shut down, I'd argue that a better use of those resources would be to publically identify all of the remailers and let them all operate on their own. This would provide a united front to oppose the anti-privacy forces, giving political strength to our goals. Hal Finney 74076.1041@compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLAtoGqgTA69YIUw3AQGFeQQAsnAHwZpe+BRzhp9umLJzWJDFgcHYYYwu Bp5GJI2LmhQWB1pNluLxupW/ZZZqlO78HApOcU9jL/eFEhZakoAd4RJPVBjXpadm w1vkfSDQ6qXKnPyj28FM1sm3eSyfRu3evAd8+MfGNFOlCeyrYNfya6G3OBOcwpf1 bJFe7upKVVQ= =8apG -----END PGP SIGNATURE-----
I don't think the idea of a "virtual server" for anonymity will really accomplish much.
For just plain old reliability in the face of expected hardware and connectivity failure, it is reason enough. When one examines intended such failures, the analysis must be more subtle.
... you still need to publicize the entry and exit points
Yes. On any system at all, the portals that guard privacy are public. For whatever architecture you chose, you still need an actual email address that resolves down to some physical internet machine to gain access to that service.
If the net police determine to shut down the server
Shutting down service is all economics. It you must simultaneously shut down even two machines, that is a larger cost that shutting down one, since there must be coordination.
one online pretty quickly to replace this one which has been shut down. But then the net police can go after that one. And so on.
Cost, cost, cost. What is possible and what is fiscally available are two different things. Two machines might be in the realm of possibility, but where is the cutoff exactly?
You'd get the same effect just by having a bunch of conventional remailing servers, only announcing one of them publically, and then having each one come online only after the one before it got shut down.
No, there is a single and incredibly salient difference--communicating the change of address to all those who use the service. Right now, this changed information must either end up in people's head, or in their alias files, or in their scripts. Wherever it is, it would have to change. This effectively puts a fairly small upper bound on the user base for such a service, given the characterstic time it takes to communicate such changes. Plus, if you want pseudonymous return paths, then you have to make sure that data is transferred to a new system.
The hard part in either of these scenarios is collecting more people who will run anonymity servers.
The scenario I envision for virtualized databases is a business running such a network themselves or in partnership with other companies. Doing this all on netcom shell accounts just won't happen. The hard part here is trying to get someone to pay for the secure service.
If the machine itself is inaccessible, the net police will go after its feeds, the points at which it connects into the network.
If there is a single point of failure, that's a problem. This is a design criterion, not an overwhelming roadblock.
Look at what happened to Julf. His machine was safe, sitting in a back room of his house. They went after his net feeds instead.
One-point failure! The politics of the connecting network are crucial in the long run. I have a separate message about that.
The real answer is to publically defend remailers.
I see no reason why these two approaches are exclusive. Eric
The actual server entry point could be through a cypherpunks encrypted anonymous remailer block. that could totally conceal the entry oiint given the proper type of remailer... as to the service posting machine... one could maintain a net of open nntp servers by ones confederates, one could then "forge" the posting and give an anonymous remailer block corresponding to the anon id... concealment and high security? given message encryption remailers and a public key for the forging NNTP posting mechanism I dont see many issues coming from that what do the rest of you thinK ... course this scheme depends on a common set of features on anon remailers... i.e. message encryption... cheers kelly -- Parts of this .sig borrowed with permission from T.C.May. Perhaps it will indeed get me busted also. .......................................................................... Kelly Goen | Crypto Anarchy: encryption, digital money, kelly@netcom.com | anonymous networks, digital pseudonyms, zero Intelligence Systems | knowledge, reputations, information markets, Specialists Inc. | black markets, face banks, data havens, dark | tech, covert channels, shared secrets, | alt.whistleblowers, collapse of governments. Technical Monkeywrench | Public Key: PGP 2.2. | .......................................................................... PGP 2.2 Key available from PGP Keyservers on the Internet. pub 1024/1BA573 1992/09/09 kelly <kelly@netcom.com> Key fingerprint = EF 7A 38 99 22 84 E3 3B 90 2A DB 80 DC 65 DA 31 STOP THE WIRETAP CHIP(Clipper Chip)!!
Look at what happened to Julf. His machine was safe, sitting in a back room of his house. They went after his net feeds instead.
A quick update: Telecom Finland finally delivered. My uncontrolled, no-AUP IP connection via EUnet (Copenhagen-Amsterdam-Alternet) went operational yesterday. The new 486 box also arrived. Expected to go into 100% service this weekend! Julf
participants (4)
-
Eric Hughes -
Johan Helsingius -
nobody@eli-remailer -
Stop the Big Brother CHip