ANON: alt.sexual.abuse.recovery
Here is a snippet of conversation you might find interesting.... Julf Subject: passing through encryption To: postmaster@charcoal.com, postmaster@penet.fi Date: Thu, 5 Aug 93 5:27:23 EDT
From: "T. William Wells" <bill@twwells.com> X-Mailer: ELM [version 2.3 PL11] Message-Id: <9308050527.AA12334@twwells.com>
I just posted the following article. You may wish to consider the subject and post your own conclusions. If you post to asar, please set followups to asard so that the discussion doesn't bother the other folks on asar. Newsgroups: alt.sexual.abuse.recovery
From: anon-admin@twwells.com Subject: encryption through twwells.com Date: Thu, 5 Aug 1993 09:12:12 GMT Message-ID: <CBA48F.9Au@twwells.com> Sender: bill@twwells.com (T. William Wells) Followup-To: alt.sexual.abuse.recovery.d Organization: None, Mt. Laurel, NJ
I know this will make some people unhappy but I will not allow the passing of encrypted data through the twwells anonymous server. Responsible running of an APS requires the ability to audit what passes through and encryption defeats that. Some time in the future, I may consider how one may use encryption with my server; such a system will retain the possibility of decryption at the server. Followups have been directed to asar.d. -------------------------------------------------- Subject: Re: passing through encryption In-Reply-To: Your message of Thu, 5 Aug 93 5:27:23 EDT To: "T. William Wells" <bill@twwells.com> Date: Mon, 09 Aug 93 11:49:21 +0300
From: Johan Helsingius <julf@penet.fi>
I just posted the following article. You may wish to consider the subject and post your own conclusions. If you post to asar, please set followups to asard so that the discussion doesn't bother the other folks on asar.
Newsgroups: alt.sexual.abuse.recovery From: anon-admin@twwells.com Subject: encryption through twwells.com Organization: None, Mt. Laurel, NJ
I know this will make some people unhappy but I will not allow the passing of encrypted data through the twwells anonymous server. Responsible running of an APS requires the ability to audit what passes through and encryption defeats that.
I have to say I disagree strongly with your position. Responsible running of an anonymous service requires that the administrator *DOES* *NOT* audit what passes through. I feel that any anonymous service operator has no business looking at the contents of other people's messages, and any attempt at doing so is a gross violation of the trust of his/her users. Your statement seems to indicate that you find it morally acceptable to monitor the messages your users send using your server. How would you feel if US Mail would get into the habit of peeking at the letters you send "to ensure responsible running of the US Mail System"? Please respond by e-mail, as I don't read a.s.a.r. Julf (admin@anon.penet.fi) -------------------------------------------------- To: Johan Helsingius <julf@penet.fi> Date: Mon, 9 Aug 93 16:27:08 EDT
From: "T. William Wells" <bill@twwells.com> In-Reply-To: <9308091125.aa28990@penet.penet.FI>; from "Johan Helsingius" at Aug 9, 93 11:49 am X-Mailer: ELM [version 2.3 PL11] Message-Id: <9308091627.AA28573@twwells.com>
Johan Helsingius writes: : I have to say I disagree strongly with your position. Responsible : running of an anonymous service requires that the administrator *DOES* : *NOT* audit what passes through. I replied publicly (to reassure the people on asar); here's the substance of my reply: I want to address a possible misconception here. I do not read what goes through the server on any regular basis. I do so only when and to the extent my responsibilities to the service and its users require it. I believe that I, being the main server for and being a member of the asar community, have an obligation to try to prevent the use of the server as an aid in perping. It is my opinion that the simple fact that I *can* read whatever goes through the service, even if I never do, is the strongest defense we have against someone using the cloak of anonymity to further their perping. One thing I want to avoid here is a discussion of whether these views of mine are correct or not. The first is a moral judgement and so is completely outside the bounds of discussion in this forum. The second is a subjective judgement and is based on my observation that abuse thrives on secrecy; it, too, isn't likely up for discussion since I doubt anyone can offer more than opinion. : How would you : feel if US Mail would get into the habit of peeking at the letters you : send "to ensure responsible running of the US Mail System"? Well, analogies are always slippery, but let me change the analogy a little to illustrate. Let's speak of UPS (or whatever your parcel post is called). How would if feel if UPS would open my parcels? That depends. If they did it for gratuitous reasons, I'd pick another postal service. If, on the other hand, I was worried about terrorists posting bombs, I would thank them. ASAR is a different place than most on the net and there are a lot of people worried about bombs in their parcels. As far as I'm concerned, it's a matter of choice. Some people will worry and so be thankful that I have the policies I do; others will be upset and use the other services. -------------------------------------------------- To: alt.sexual.abuse.recovery,alt.sexual.abuse.recovery.d Subject: "T. William Wells": Re: passing through encryption Date: Tue, 10 Aug 93 20:37:30 +0300
From: Johan Helsingius <julf@penet.fi>
"T. William Wells" <bill@twwells.com> writes:
Johan Helsingius writes: : I have to say I disagree strongly with your position. Responsible : running of an anonymous service requires that the administrator *DOES* : *NOT* audit what passes through.
I replied publicly (to reassure the people on asar); here's the substance of my reply:
I want to address a possible misconception here. I do not read what goes through the server on any regular basis. I do so only when and to the extent my responsibilities to the service and its users require it.
And you decide when that is, right?
I believe that I, being the main server for and being a member of the asar community, have an obligation to try to prevent the use of the server as an aid in perping.
And *you*, in your infinite wisdom, will know what is perping and what is not? And who to watch and who not to?
One thing I want to avoid here is a discussion of whether these views of mine are correct or not. The first is a moral judgement and so is completely outside the bounds of discussion in this forum.
Why? Why should such a discussion be avoided at all costs? Why is moral judgement outside the bounds of discussion?
The second is a subjective judgement and is based on my observation that abuse thrives on secrecy; it, too, isn't likely up for discussion since I doubt anyone can offer more than opinion.
I would not use the word "secrecy". I would use the word "privacy". That's why users use your service! But you are saying they *don't* have a right to privacy!
: How would you : feel if US Mail would get into the habit of peeking at the letters you : send "to ensure responsible running of the US Mail System"?
Well, analogies are always slippery, but let me change the analogy a little to illustrate. Let's speak of UPS (or whatever your parcel post is called). How would if feel if UPS would open my parcels? That depends. If they did it for gratuitous reasons, I'd pick another postal service. If, on the other hand, I was worried about terrorists posting bombs, I would thank them.
If I'm worried about bombs, I might ask UPS or somebody else to check my parcels. But I don't want them to rummage through all my parcels on the pretense of looking for bombs, especially without asking me first.
ASAR is a different place than most on the net and there are a lot of people worried about bombs in their parcels. As far as I'm concerned, it's a matter of choice. Some people will worry and so be thankful that I have the policies I do; others will be upset and use the other services.
True. Some people might actually want you to pre-check their messages. Others might want to use other servers. Fair enough, as long as you *tell* your users that's what happening! Julf (admin@anon.penet.fi)
One question is how he will enforce his ban on encryption if he only rarely reads the messages passing through. He could probably write a shell script that looks for PGP headers, but these could be stripped off. He could probably look for ascii-encoded files with a flat character distribution, but these could be uuencoded or binhexed. Perhaps it's time to integrate one of the steganographic techniques into the remailers as a configuration option. By inflating the size of the messages it hides, that will increase the load through the machines that don't like encrypted messages, but that's life. Phil
participants (2)
-
Johan Helsingius
-
karn@qualcomm.com