-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: [Announce] HavenCo Sealand Remailer Online (remailer.havenco.com) Date: Sun Sep 16 07:02:13 UTC 2001 After over a year of having HavenCo's facilities on Sealand open for customers, I have decided to set up a remailer on a spare machine. In light of recent events in NYC and DC, and the near certainty of both future legal actions against individual liberty in the name of "security", and possible extra-legal/terrorist action against critical parts of the Internet infrastructure by various parties, it seems prudent to establish secure offshore services as soon as possible. Hopefully this remailer can be a small part of that. I'd also be happy to host a private operational list (i.e. remops minus several specific people) for remailer operators, as Len suggested a while ago. I plan to offer several interesting services from Sealand in the future: - a mail-to-news gateway (at least for interesting groups) - SSL web-to-remailer - nym services - possibly secure web-based email - possibly secure IMAP/POP3 over ssh/ssl - possibly "agents" which act on email messages, within certain sandbox environments (user-defined autoresponders, etc.) - secure mailing lists, archives of some security-based mailing lists (cypherpunks to the beginning, coderpunks, cryptography, remops, etc.) with full-text search These services are in addition to HavenCo's high security managed colocation, consulting, and software development. More information is available at http://www.havenco.com/ My primary concern is limiting the usability of these services for HavenCo AUP violations; specifically spam and spam-mailbox. A per-message charge or decrement would likely accomplish this, along with either payment or proof-of-work. My goal is to make all services for pay as soon as a suitable payment infrastructure is deployed. Donations to support the remailer may be made through http://www.e-gold.com/ account 191914 with "remailer" in the memo line. Config for remailer.havenco.com is: Celeron 533 256MB ECC RAM 2 x 30GB disk FreeBSD 4.4-STABLE Postfix snapshot-20010808 $remailer{"havenco"} = "<mix@remailer.havenco.com> cpunk mix pgp remix latent +hash cut test ek ekx esub inflt50 rhop20 reord post"; PGP Key: Type Bits/KeyID Date User ID pub 1024R/A222FA27 2001/09/16 HavenCo Sealand Anonymous Remailer <mix@remailer.havenco.com> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: N/A mQCNAzukFdcAAAEEAJ+gzhkBCvhyfKla6CvA06MS02M+9fjxoRWw69KkVm1i5+Nv Y8M1tgHI717byLM01tLEIhWzUtyCQM7UCwo4rkHkqSC1zdRlnK3HxdqR05lXSvjJ +u3i665qhvPXz+8waG0w5qi+Z/PfsUFLr8B3xW9uSkgiAOzN9a9GOROiIvonAAID tD1IYXZlbkNvIFNlYWxhbmQgQW5vbnltb3VzIFJlbWFpbGVyIDxtaXhAcmVtYWls ZXIuaGF2ZW5jby5jb20+iQCVAwUQO6QV169GOROiIvonAQG3wAP/Va+FOzZ5wTSj 2iWaSEc9fwv9myrJueUHYjnWCWKcOtK3Uj4sNCRt5cshvaT6qaeCW5JnMY7XRv/F tlNFQJpnGgfKMAFYXV0aRextvr9m2iqKgAZYBs2Xye1xLoz7zw2t1keCGvruLURB G1ncyMbSeF7wHODomspHDOkV93IoFRc= =LiQg - -----END PGP PUBLIC KEY BLOCK----- Type Bits/KeyID Date User ID pub 1024D/64A1975F 2001/09/16 HavenCo Sealand Anonymous Remailer <mix@remailer.havenco.com> sub 1024g/6B1E76FE 2001/09/16 - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: N/A mQGiBDukFr0RBAC/RMBEWyUmr8APcX5CkSyvkV9Lw/IUetxTFiMbvI0FfzMrxXLl AEB/vlvayQT69jnfxDs5QqaZ+AzdUTd+GvGDTIIXPH/YpiErpHj74NDUEYXIQMvP MyoKtIepjHJO72TP/3qr+hdbOy2GrlGCgIEHLZbUF6wgHRCX/5uqsnHHyQCg0hvJ 55qNioCrB358EahzW20745sD/jueQ1DKceA/sjJ3l9wrD/A6rKJRcT91nDEwotPY mIoMMD+AxdFptmsciMZ1lG8v7wzWUGWp4am9E1R1seIsRE4eJCMhT63XWRxMdU+w UU+aE/VXe3yMJ0xLNOubN/n4cua8TMfgkgDpqzXPXf0EHk5F8bgjWhprl60+jrcf pHoWA/wO02AN1YI9W9bhROrJcJLawFG3sUuox25gEvBuwj2sTaGYjCEwPWiqfnDi LO21ggl7XYpEOzwTGSovGwm0AnjX29Y2fVoYWa82dAdycW6kJBC2mn+D/YJ9Vezq 1Fp0hgfeophNwcyNpGn2jLIMB7pA2c1Asl/60trkDmgTYYPC+rQ9SGF2ZW5DbyBT ZWFsYW5kIEFub255bW91cyBSZW1haWxlciA8bWl4QHJlbWFpbGVyLmhhdmVuY28u Y29tPokASQQQEQIACQUCO6QWvQILAgAKCRBfYBtvZKGXX9gdAKCAfX/OGgSmVH/2 uUc4oEikyReQMwCguGD2PXMKqe2CJ5++suPCRdcIKAG5AQ0EO6QWvRAEAOY8AM+R r1tJOKujQX2vqB9577mzUiO3aNuaT5gf5P0QRPqouuEiDvH9vg5RcG+mKyc4j/C9 x3czV5Bvu3LjALeOI6Wh8HCnLnNAj9e+0Oq8X85Z+adwWixF101UVlpAsDAc3eKv QV8bb0ruZM8kn4xmxWYUPYUzHgVT3DuoQeDXAAMFBACgtK9bM+sNMuWXeEl8m1kd AvMFeDp2zibRVkP1C59b8G1tO6fYd+TE5iGPoxpNgjqVSfx0DKGgtVHjZaGtGlyQ KOPbj5dpB+dl4nUYN0fGufbAs2Q4qX1yxjnxqVDtDJ4OMltUKoon0F4uCkxnz364 QolM6n2iWrv2S6mND8H9UokAPwMFGDukFr1fYBtvZKGXXxECh9kAoIiRmWLD1sSu FHlgkW6YvS89RhgJAJ9Z1HCzERjwR1RO7A7JlG9zexvugw== =VU++ - -----END PGP PUBLIC KEY BLOCK----- Mixmaster key: havenco mix@remailer.havenco.com dcd835a6ecfc412ba8535949ff30be44 2.9beta23 CNm - -----Begin Mix Key----- dcd835a6ecfc412ba8535949ff30be44 258 AATCb0yiTHhLWzxAKbZPb2N7kI+PhjgVsY/vUFC5 xWQu3XkDnHjyLwKvZTZsdEwWmnZmgbp9NoBVGdXl m+0+M5V1hS4EP2YOd/YtMBUMriPbEZpZRZ8V7og+ qVArqXXyX5C3XbbR++yeMoCEjq+vmBpy6aOELoUq cvSxIBCoJU8+XwAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB - -----End Mix Key----- - -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE7pFF4B62+B9LgMB8RAvt9AJ9NP4C+MUAVfSVbWDEm3pHLwGLFjACgniyJ eOmNvq0SqDxoCmLENigWIBs= =ejVv -----END PGP SIGNATURE----- -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
At 07:17 AM 9/16/01 +0000, Ryan Lackey wrote:
My primary concern is limiting the usability of these services for HavenCo AUP violations; specifically spam and spam-mailbox. A per-message charge or decrement would likely accomplish this, along with either payment or proof-of-work.
You could use human- and not machine- readable text that the user has to enter ---many free-hosting sites do this to prevent bots. That won't prevent emailing spam to a list, but will prevent mass mailings.
Quoting David Honig <honig@sprynet.com>:
At 07:17 AM 9/16/01 +0000, Ryan Lackey wrote:
My primary concern is limiting the usability of these services for HavenCo AUP violations; specifically spam and spam-mailbox. A per-message charge or decrement would likely accomplish this, along with either payment or proof-of-work.
You could use human- and not machine- readable text that the user has to enter ---many free-hosting sites do this to prevent bots. That won't prevent emailing spam to a list, but will prevent mass mailings.
That's exactly what I meant by "proof of work". This topic has been discussed on p2p lists (mainly by the freenet people), as well as other places. Fundamentally, though, I don't like the idea of providing a service based on "burning" human or computer time; this is deoptimizing best-case performance in order to improve worst-case. And I *do* want automated programs to be able to use the remailer network, blacknet style. Other proof of work systems are entirely automated; such as adam back's hashcash. Already on the search engine sites which require "read these numbers" to enter a URL, there are other sites which advertise "all new codes, all the time". The only viable long-term solution I see for most of these things is charging per-transaction for messages. Remailers are exactly the kind of application where "postage" could first be applied. The problems seem twofold: 1) Remailer operators are exposed to new and additional legal threat if they accept payment for service (right?) 2) It's much easier to trace payment instruments than remailer messages. While a blinded cash system might only leak "this person is using the remailer payment system", and not provide linkability to given messages, it does complicate things substantially, and provides the potential for a lot of tracing. It would be an interesting experiment to simultaneously offer a "proof of human work" system, a "proof of computer work" system, and a pay per message system, both bulk and per-message, and see which is most popular. Given the existence of ~20 public free remailers, it seems unlikely people would use them, except perhaps if they had a good web-based UI, integration into common MUAs, etc. This would have the effect of monetizing cpu time and human-who-can-read-numbers time, which would be interesting. (sort of like the "get paid to surf the web" stuff). What would be really cool would be replacing "decipher these numbers" with some kind of task which produced actual value, but could be evaluated either by a machine or a horde of other humans; "prove this theorem", "sort these files", etc. I wonder if any other remailer operators be interested in such a system. It becomes more interesting as the cost of being a remailer increases, of course. -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
The only viable long-term solution I see for most of these things is charging per-transaction for messages. Remailers are exactly the kind of application where "postage" could first be applied. The problems seem twofold:
I agree. Until remailers start charging per message, they will never be "sustainable". Yes, they may hang around but they'll always be in a position where a) the operator pays costs of operations and b) the operator exposes himself to various risks and liabilities and c) the operator isn't getting compensated for a) and b), which makes the whole thing inherently unstable or unsustainable. Charging for service is the only way to go.
2) It's much easier to trace payment instruments than remailer messages. While a blinded cash system might only leak "this person is using the remailer payment system", and not provide linkability to given messages, it does complicate things substantially, and provides the potential for a lot of tracing.
Yes, there are no "sustainable" non-tracable remote payment systems in existence, and it's almost impossible for such a system to exist. Why? There are many reasons. One of the most obvious ones is that it would be so disruptive to the activities of so many very powerful institutions (tax collectors and law enforcement mainly) that they will shut it down, where ever it may be, as soon as it gets big enough to be on their radar. Staying small enough to be under the radar is also not a sustainable strategy. The more fundamental reason why an untracable payment system is unsustainable is that it will be used to pay for things which society (including all of us on the c'punks list probably) abhors, such as non-state-sanctioned murder-for-hire, and eventually the operator will be found and put out of business one way or another. Is there no hope for remailer operators? Probably not. Note that I'm not trying to claim that remailers are impossible; they are possible and they have existed for years. They will just always be little personal projects, which will come and go. The first time an operator faces serious jailtime for running a remailer, probably most or all of them will shut down. This time may be coming soon.
-- On 17 Sep 2001, at 7:54, Dr. Evil wrote:
Yes, there are no "sustainable" non-tracable remote payment systems in existence, and it's almost impossible for such a system to exist. Why? There are many reasons. One of the most obvious ones is that it would be so disruptive to the activities of so many very powerful institutions (tax collectors and law enforcement mainly) that they will shut it down, where ever it may be, as soon as it gets big enough to be on their radar. Staying small enough to be under the radar is also not a sustainable strategy
A sensible strategy is to set one up, stay small (micropayments) until the momentum starts building, then move to some place that still permits bearer bonds -- Antigua or Nauru. If they try to close you down in the micropayment stage, the judge, being unfamiliar with crypto anarchist theory, is likely to microfine you. The law is not concerned with trifles.
The more fundamental reason why an untracable payment system is unsustainable is that it will be used to pay for things which society (including all of us on the c'punks list probably) abhors, such as non-state-sanctioned murder-for-hire, and eventually the operator will be found and put out of business one way or another.
By this argument we should have abolished cash already. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG JFaP31zYOsi+UM+0wvKxy2yqIv9jQbGD7nvxEJog 4j+MeJE2wu3qTScZeQQkLBEBYFCVbWKXNMqDJamkE
I'm not sure if I buy that remailers are even going to have serious problems in the future. I see two approaches: 1) The aforementioned ecash-based system. We don't have a problem getting people to smuggle drugs, because people in the drug game get lots of money, women, cars, etc. I wonder how many drug dealers would do it just for "moral goodness" (actually, a lot of last-stage dealers do that, just buying for their friends and distributing, which obviously doesn't work for remailers; also, allegedly the LSD distribution chain is mostly profit-free for the whole thing...in general, though, drugs are a highly profitable industry). 2) A system which remails without the consent of the remailing; a worm or something which roams, infects, and as payload, will spontaneously form "cells" in a mix-net. Lots of ways to do this. Also, the mix-net itself can be used for passing the messages around. Using anonymous services like yahoo for this kind of thing is one form, but something which went a step beyond, and actually took over random machines on DSL, etc. to use as middleman remailers, would be taking this to another level. Additionally, I think a level of steganography is needed, both to protect the compromised nodes from detection and disinfection, and for general security. I generally agree with your assessment of the current "amateur" remailer network, modulo the fact that a lot of remailer operators have legal background, and would be content to actually fight protracted legal battles. I guess a lot of them would fold fairly quickly if it were actually unequivocally exposing themselves to serious criminal liability. I don't think we'll have to wait long for this kind of theorizing on anonymous communications and prosecution to no longer be merely academic. -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
-- On 17 Sep 2001, at 10:30, Ryan Lackey wrote:
I'm not sure if I buy that remailers are even going to have serious problems in the future. I see two approaches:
1) The aforementioned ecash-based system. We don't have a problem getting people to smuggle drugs, because people in the drug game get lots of money, women, cars, etc. I wonder how many drug dealers would do it just for "moral goodness" (actually, a lot of last-stage dealers do that, just buying for their friends and distributing, which obviously doesn't work for remailers;
Works fine for remailers. If you need to use a remailer, run one. You know that at least one remailer in the network is OK, guaranteeing that your messages will be really untraceable.
I don't think we'll have to wait long for this kind of theorizing on anonymous communications and prosecution to no longer be merely academic.
Closing down remailers right now would involve going off message. They might however go off message if the war is nearly won, or nearly lost. If the war is nearly lost, we can expect a claim that "we were stabbed in the back", followed by a focus on the internal enemy. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG bVRat5mEHVZsqG36x0si0fvps1elLGAhf9i2JTeT 4+akZKq1bBg9sR1kH3r9/fnKcYH+e0PCBg0UIIcAa
At 07:23 AM 9/17/01 +0000, Ryan Lackey wrote:
What would be really cool would be replacing "decipher these numbers" with some kind of task which produced actual value, but could be evaluated either by a machine or a horde of other humans; "prove this theorem", "sort these files", etc.
If you *required* injected messages to be PGP-encrypted, you have a hashcash-like cpu cost, plus you perform the 'human value' of increasing encrypted traffic and possibly increasing PGP's deployment. And AUP-legit botwriters can handle this. I suppose 'credits' from a distributed-computing project (fubar@home) would work, if you could work out how to reliably associate those people with your ephemeral ones. Or partner with a Process Tree (tm) -like commercial dist.comp. company. Also contributing hand-prepared pages for the Gutenberg project, or indexing some content, or evaluating other contributors' offerings for validity. Cheers,
At 07:23 AM 9/17/2001 +0000, Ryan Lackey wrote:
The only viable long-term solution I see for most of these things is charging per-transaction for messages. Remailers are exactly the kind of application where "postage" could first be applied. The problems seem twofold:
1) Remailer operators are exposed to new and additional legal threat if they accept payment for service (right?)
"New and additional" might be too strong, but one of the elements of contributory or vicarious copyright infringement is whether or not the defendant profited from the direct infringement - and changing remailing from an unpaid public service to an (apparently) for-profit business pretty much concedes that point to the plaintiff. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
On Monday, September 17, 2001, at 09:50 AM, Greg Broiles wrote:
At 07:23 AM 9/17/2001 +0000, Ryan Lackey wrote:
The only viable long-term solution I see for most of these things is charging per-transaction for messages. Remailers are exactly the kind of application where "postage" could first be applied. The problems seem twofold:
1) Remailer operators are exposed to new and additional legal threat if they accept payment for service (right?)
"New and additional" might be too strong, but one of the elements of contributory or vicarious copyright infringement is whether or not the defendant profited from the direct infringement - and changing remailing from an unpaid public service to an (apparently) for-profit business pretty much concedes that point to the plaintiff.
I'm not a lawyer, but why not look at "package delivery services" for some examples: -- Federal Express, UPS, Airborne Express, Emory International, DHL, etc. -- none of them are held liable for the contents of what they ship, whether illegal copies of software, pornography, etc. -- they may be required to cooperate in drug smuggling investigations, for example, but this is quite different from either requiring them to know the contents of what they ship or holding them liable for illegal materials shipped. (Maybe they applied for and got "common carrier" status. I don't know. But I also know that they are not "required to accept business from anyone," as some have claimed is one of the sine qua nons of C.C. status.) We can imagine a version of the remailer network that operates with FedEx overnight letters, with a diskette or CD-R in each envelope, from each "repackager" to the next. Would FedEx be liable for the contents? If not them, why would a person receiving a FedEx package and then processing the unreadable-to-him (encrypted) files? On a related note, has FedEx ever been faced criminal or civil charges for transporting material? (This is of special relevance because it seems the recent terrorists used FedEx overnight letters to communicate.) The requirement placed on Mailboxes, Etc. that some proof of a "true name" being offered would NOT affect this "FedEx remailer" system. (Because, of course, the act of mixing is happening _after_ messages are received and _before_ they are mailed again.) --Tim May
At 10:15 AM 9/17/2001 -0700, Tim May wrote:
On Monday, September 17, 2001, at 09:50 AM, Greg Broiles wrote:
At 07:23 AM 9/17/2001 +0000, Ryan Lackey wrote:
1) Remailer operators are exposed to new and additional legal threat if they accept payment for service (right?)
"New and additional" might be too strong, but one of the elements of contributory or vicarious copyright infringement is whether or not the defendant profited from the direct infringement - and changing remailing from an unpaid public service to an (apparently) for-profit business pretty much concedes that point to the plaintiff.
I'm not a lawyer, but why not look at "package delivery services" for some examples:
-- Federal Express, UPS, Airborne Express, Emory International, DHL, etc.
-- none of them are held liable for the contents of what they ship, whether illegal copies of software, pornography, etc.
This isn't an area where we need to start reasoning from analogies or first principles - there's already case law more or less directly on point - _RIAA v. Napster_ and _RTC v. Netcom_, both of which look back to _Fonovisa v. Cherry Auction_ 76 F.3d 259 (9th Cir. 1996), online at <http://www.law.cornell.edu/copyright/cases/76_F3d_259.htm> and discussed in the Napster context at <http://www.salon.com/tech/feature/2000/08/23/napster_fleamarket/>. The shippers could be held liable for the contents of the packages they carry if a plaintiff can establish that they knowingly materially contributed to the distribution or sale of infringing items. I suspect they avoid criminal liability by cooperating fully with law enforcement, so that even where they're technically guilty (or indictable) they have no realistic fear of prosecution; and that they avoid civil liability because domestic infringers will be attacked by IP holders directly, and foreign infringers will have their goods seized during Customs inspections, so Fedex et al never really get a chance to contribute to the infringement. -- Greg Broiles gbroiles@well.com "We have found and closed the thing you watch us with." -- New Delhi street kids
participants (6)
-
David Honig -
Dr. Evil -
Greg Broiles -
jamesd@echeque.com -
Ryan Lackey -
Tim May