Re: Pricing Mojo, Integrating PGP, TAZ, and D.C. Cypherpunks
Declan McCullagh writes:
I don't mean to take issue with much of what Anonymous writes, but some of the examples mentioned can be taken care of adequately by existing payment systems.
Using Amazon's payment system (they have two types, voluntary and pay-for-content), a webmaster can charge as low as $1, I believe, for content, and Paypal is another option.
Naturally, they don't do micropayments, and they don't offer the type of anonymity that other systems do, but the early-cypherpunk-archive- editing project, for instance, wouldn't require anon payments in ha'pennies either.
On November 13, you wrote to anon poster Nomen Nescio:
(If you really wanted to do something that might be useful, you'd pick the more interesting threads from the dawn of the list, insert them into a good search utility, and make that available for searching and .tar.gz downloading.')
Supposing you and others were willing to pay Nomen a modest sum for this service, how could you do so using Paypal or Amazon, and allow him to retain his anonymity? An alternative solution is barter. Nomen could agree to search certain years of archives, or certain topics, in exchange for other people working on other parts of the project, for example. Information barter can be performed while retaining anonymity. Maybe systems to facilitate barter could be developed if anonymous cash remains out of reach.
On 21 Nov 2001, Anonymous wrote:
Supposing you and others were willing to pay Nomen a modest sum for this service, how could you do so using Paypal or Amazon, and allow him to retain his anonymity?
On the off chance that this isn't rhetorical, because at least one way of doing this seems straightforward... Some guy with a true name good enough to sign up for PayPal gets an account, publishes a public key, and acts as a human "cash remailer." Well, several people do, actually, and then we run a "payment MIX." Some anonymous poster brought up the idea about a year ago IIRC and attributed it to Ron Rivest. It sparked a short discussion which went into questions of whether such an operation might run afoul of money laundering laws and then sort of petered out. Or maybe I just stopped reading. To spell it out, Nomen offers to do the service and picks an incoming payment MIX plus a chain of MIXes. (N.B.: will use MIX to refer to a member of the chain). Publishes a "payment reply block" which has the incoming payment MIX PayPal address in clear, plus a block encrypted with the payment MIX's public key. The encrypted portion has the PayPal address of the next MIX in the chain, plus an encrypted portion for that next MIX. Eventually it decrypts to reveal Nomen's real PayPal account info. Assuming everyone plays along, the money flows down the chain and ends up in Nomen's PayPal account. I expect that's not such a great assumption when dealing with "real" money. You still have the BlackNet problem, though - Nomen1 and Nomen2 can both publish public payment blocks. Which one do you pay? In this particular case, though, you can address that (and the fair exchange problem) by doing what Stephen King did -- Nomen does a little bit of the work first for free, then continues iff enough people ante up for more. You use the payment block signed by the same key which signed the current work. Now that I think about it, you could probably take this down the route Eric Hughes suggested in his "Universal Piracy Network" presentation at DEF CON IV. That is, people pay Nomen and in return Nomen sends them the new work first; they get 0-day access to the warezzz. Hughes had something about "completion bonds" in his presentation as well, but I don't remember at all what the particulars were, just that there was a rough analogy to the movie industry. Anyone remember more details? I have half a mind to sign up for PayPal just to try this. (Assuming I won't be thrown in jail for money laundering, anyway). Anyone with me? Nomen? :) Although I feel compelled to point out that with only one MIX, it's not going to be particularly secure for Nomen. Not to mention with no provision for detecting MIXes who shave off the payment or eat it entirely, this might just be me trying to make a few quick $$$. Of course if this were large-scale, you could use reputations -- a MIX which eats the entire $$$ now loses out on the possibility of shaving small fractions of $$$ later. Also, with provision for detecting MIXes who give good payments, there's nothing to stop Nomen from alleging that I'm screwing him and ruining my reputation. As a potential MIX, that bothers me. So there are issues here.
An alternative solution is barter. Nomen could agree to search certain years of archives, or certain topics, in exchange for other people working on other parts of the project, for example. Information barter can be performed while retaining anonymity. Maybe systems to facilitate barter could be developed if anonymous cash remains out of reach.
right, like the barter a Nomen is trying to do with Marc right now...and which doesn't seem to be working too well so far. Although in that case it seems like the problem was just that this Nomen set up the terms of the barter without bothering to ask if the other party actually wanted to trade. That's like this guy at Coney Island I met a few months back. "You wanna throw a dart?? Here! Here! Free!" <throw two darts> "Now you owe me five dollar!" (I paid. Yes, I'm a wuss. I got a cute fan out of it. I'm never doing business like that at Coney Island ever again.) -David
Isn't this a description of Hawala? On Tue, 20 Nov 2001, dmolnar wrote:
On 21 Nov 2001, Anonymous wrote:
Supposing you and others were willing to pay Nomen a modest sum for this service, how could you do so using Paypal or Amazon, and allow him to retain his anonymity?
On the off chance that this isn't rhetorical, because at least one way of doing this seems straightforward...
Some guy with a true name good enough to sign up for PayPal gets an account, publishes a public key, and acts as a human "cash remailer." Well, several people do, actually, and then we run a "payment MIX." Some anonymous poster brought up the idea about a year ago IIRC and attributed it to Ron Rivest. It sparked a short discussion which went into questions of whether such an operation might run afoul of money laundering laws and then sort of petered out. Or maybe I just stopped reading.
To spell it out, Nomen offers to do the service and picks an incoming payment MIX plus a chain of MIXes. (N.B.: will use MIX to refer to a member of the chain). Publishes a "payment reply block" which has the incoming payment MIX PayPal address in clear, plus a block encrypted with the payment MIX's public key. The encrypted portion has the PayPal address of the next MIX in the chain, plus an encrypted portion for that next MIX. Eventually it decrypts to reveal Nomen's real PayPal account info. Assuming everyone plays along, the money flows down the chain and ends up in Nomen's PayPal account. I expect that's not such a great assumption when dealing with "real" money.
You still have the BlackNet problem, though - Nomen1 and Nomen2 can both publish public payment blocks. Which one do you pay? In this particular case, though, you can address that (and the fair exchange problem) by doing what Stephen King did -- Nomen does a little bit of the work first for free, then continues iff enough people ante up for more. You use the payment block signed by the same key which signed the current work.
Now that I think about it, you could probably take this down the route Eric Hughes suggested in his "Universal Piracy Network" presentation at DEF CON IV. That is, people pay Nomen and in return Nomen sends them the new work first; they get 0-day access to the warezzz. Hughes had something about "completion bonds" in his presentation as well, but I don't remember at all what the particulars were, just that there was a rough analogy to the movie industry. Anyone remember more details?
I have half a mind to sign up for PayPal just to try this. (Assuming I won't be thrown in jail for money laundering, anyway). Anyone with me?
Nomen? :)
Although I feel compelled to point out that with only one MIX, it's not going to be particularly secure for Nomen. Not to mention with no provision for detecting MIXes who shave off the payment or eat it entirely, this might just be me trying to make a few quick $$$. Of course if this were large-scale, you could use reputations -- a MIX which eats the entire $$$ now loses out on the possibility of shaving small fractions of $$$ later.
Also, with provision for detecting MIXes who give good payments, there's nothing to stop Nomen from alleging that I'm screwing him and ruining my reputation. As a potential MIX, that bothers me. So there are issues here.
An alternative solution is barter. Nomen could agree to search certain years of archives, or certain topics, in exchange for other people working on other parts of the project, for example. Information barter can be performed while retaining anonymity. Maybe systems to facilitate barter could be developed if anonymous cash remains out of reach.
right, like the barter a Nomen is trying to do with Marc right now...and which doesn't seem to be working too well so far. Although in that case it seems like the problem was just that this Nomen set up the terms of the barter without bothering to ask if the other party actually wanted to trade. That's like this guy at Coney Island I met a few months back.
"You wanna throw a dart?? Here! Here! Free!" <throw two darts> "Now you owe me five dollar!"
(I paid. Yes, I'm a wuss. I got a cute fan out of it. I'm never doing business like that at Coney Island ever again.)
-David
-- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
On Tue, 20 Nov 2001, dmolnar wrote:
Isn't this a description of Hawala?
Maybe. I regret I'm not familiar with Hawala. I'll go google it.
Gee, it's even in the cypherpunks archives. Sorry, everyone. Yes, as described sure sounds similar. The point of doing it over PayPal would just be to make it easy for people on this list to pay Nomen. Even though hawala works in the real world, I'm not so sure we could just start it and expect it to work here. One thing that came to mind while reading about it -- does it buy us anything in a MIX-net to separate control messages from payload messages? This came to mind because one of the descriptions of the hawala network seemed to imply that payment would come in from one source and then the name of the recipient would come in from another. The analogy in a MIX-net for e-mail would be having a message delivered to a MIX, and then later forwarding instructions for that message delivered by someone else. (said instructions identifying message by hash or something). Another way to look at this is putting delay in the hands of the client. Not clear to me that it helps; maybe make an adversary think a certain node is the final destination? I can't think of a MIX design off the top of my head which does this. Anyone else? something like this discussed way back when? -David
At 01:00 AM 11/21/2001 -0500, dmolnar wrote:
On Tue, 20 Nov 2001, dmolnar wrote:
Isn't this a description of Hawala?
Maybe. I regret I'm not familiar with Hawala. I'll go google it.
Gee, it's even in the cypherpunks archives. Sorry, everyone.
Yes, as described sure sounds similar. The point of doing it over PayPal would just be to make it easy for people on this list to pay Nomen. Even though hawala works in the real world, I'm not so sure we could just start it and expect it to work here.
PayPal is a poor choice due to fraud and repudiation issues. From a transactor's viewpoint one should only exchange harder for softer money http://www.google.com/search?q=cache:srzsJTHS-xE:www.coconutgold.com/mayscale.html+mayscale&hl=en However, eGold would be excellent: no repudiations. First you must identify and reach your potential customers. Does anyone know where I could get a relatively list of hushmail addresses?
One thing that came to mind while reading about it -- does it buy us anything in a MIX-net to separate control messages from payload messages? This came to mind because one of the descriptions of the hawala network seemed to imply that payment would come in from one source and then the name of the recipient would come in from another.
The analogy in a MIX-net for e-mail would be having a message delivered to a MIX, and then later forwarding instructions for that message delivered by someone else. (said instructions identifying message by hash or something). Another way to look at this is putting delay in the hands of the client. Not clear to me that it helps; maybe make an adversary think a certain node is the final destination? I can't think of a MIX design off the top of my head which does this. Anyone else? something like this discussed way back when?
Does using eGold change the MIX characteristics or feasibility? Possible downsides http://www.goldbankone.com/article.php?sid=77 steve
On Wed, Nov 21, 2001 at 02:57:23AM -0000, Anonymous wrote:
Supposing you and others were willing to pay Nomen a modest sum for this service, how could you do so using Paypal or Amazon, and allow him to retain his anonymity?
Ah, but I never said I'd pay for it -- I said it might be a better use Nomen's time than pointless flaming or somesuch. But going with your hypothetical, Nomen could find a trusted party with sufficient reputation capital and allow them to run the Amazon service for him/her in exchange for a small fee. Amazon requires a credit card number, billing address, and checking account number for a "merchant account." Heck, I'd do it, for a sufficient expected fee, assuming legal content, and I suspect other folks would too, for different definitions of "expected fee." How I would give a check or money order to Nomen is another problem. Perhaps he/she would like a copy of something I could download for a fee, encrypt, and send via a remailer or place in a Usenet newsgroup? Etc. I never claimed that Amazon/Paypal are sufficient for all cypherpunkly purposes; that is trivially untrue. But they may be sufficient for some tasks. -Declan
At 02:57 AM 11/21/2001 +0000, Anonymous wrote:
Supposing you and others were willing to pay Nomen a modest sum for this service, how could you do so using Paypal or Amazon, and allow him to retain his anonymity?
List members following this thread might find the old thread re "The DES Analytic Crack Project" (a representative message is available at http://www.inet-one.com/cypherpunks/dir.1998.09.14-1998.09.20/msg00075.html, and a project webpage at http://www.cyberspace.org/~enoch/crakfaq.html) of interest - it describes a Cypherpunk-initiated anonymous cryptanalytic research effort, funded by donors unaware of the researcher's "true name" or address. Perhaps the participant(s) or researcher(s) would be inclined to describe the procedures used to protect privacy and facilitate payment. -- Greg Broiles -- gbroiles@parrhesia.com -- PGP 0x26E4488c or 0x94245961 5000 dead in NYC? National tragedy. 1000 detained incommunicado without trial, expanded surveillance? National disgrace.
participants (6)
-
Anonymous -
Declan McCullagh -
dmolnar -
Greg Broiles -
measl@mfn.org -
Steve Schear