Re: The problem of playing politics with our constitutional rights
On 22 Sep 1997 02:32:12 -0500, Alan <alan@ctrl-alt-del.com> wrote:
Mail is another hole. Eudora now distributes PGP 5.0 with the latest version. (This version does not do RSA keys. You can get the plug in to do those keys from PGP inc.) This is helpful, but there are many other plug-ins that need to be written. Support for remailers is lacking. Windows based code for Mixmaster is also a needed thing. A good interface would help immensely. (Private Idaho was a big step in the right direction. Integrated with a remailer people already use would be another big step forward.)
Agreed. I think Remailer support could be a big opportunity. People may not understand/care-about encryption, digital signing, etc., but they definitely understand the need for anonymity. Question: If a free remailer plugin for eudora is released, can the remailers handle the increased load? Are there enough remailers? People will not tolerate more than a 24 hour delay for getting their messages delivers. What about spamming? Another Question: Since such a plugin uses (has the hooks for) encryption, would it be covered by ITAR? (i'm asking because I'm seriously considering making the eudora plugin) Anyway, the remailer 'network' needs to be strengthened. Right now, Raph's pinging service (or whatever private idaho uses) is the only way private idaho can tell which servers are up. Attack this point, and reliability when chaining remailers becomes uncertain. Imagine a TLA co-opting this service and altering the list to favor government friendly remailers. It also needs to be easier to set up a remailer. I'd like to see the software distributed in .deb and .rpm packages for Linux. Once set up, the remailer could automatically announce itself to the world (perhaps via a newsgroup post). The various listing services would pick up on this. The more automated it is, the better.
I am sure that people can think of all sorts of other ideas for needed apps. But to make them usable for the "general public", the apps will be needed to be written for Windows. (As much as I hate to think about it...)
Private idaho needs to be rewritten (in Java possibly) to be simpler to operate. There should be one button to press to send a message without messing with what type and which remailers to use; the program could choose these things randomly (ok, it's not the best thing to do, but at least it's easy to use). It also should be updated to use pgp 5.0 (not exclusively, of course). If possible, also add support for the Eternity Service. Stenography Plugin for mail/news readers. It's our one (and possibly only) defense against GAK. You can't decrypt what you can't see. (watch for Stenography to be classified as encryption and be similarly restricted.) Is there any support for signed web pages? Is this covered by SSL?
At 11:28 AM 9/22/97 GMT, phelix@vallnet.com wrote:
remailers handle the increased load? Are there enough remailers? People will not tolerate more than a 24 hour delay for getting their messages delivers. What about spamming?
Another Question: Since such a plugin uses (has the hooks for) encryption, would it be covered by ITAR? (i'm asking because I'm seriously considering making the eudora plugin)
The Eudora plugin should support remailer chaining and PGP encryption for personal messages, as well as give the user the opportunity to BE a remailing service.
Anyway, the remailer 'network' needs to be strengthened. Right now, Raph's pinging service (or whatever private idaho uses) is the only way private idaho can tell which servers are up. Attack this point, and reliability when chaining remailers becomes uncertain. Imagine a TLA co-opting this service and altering the list to favor government friendly remailers.
It also needs to be easier to set up a remailer. I'd like to see the software distributed in .deb and .rpm packages for Linux. Once set up, the remailer could automatically announce itself to the world (perhaps via a newsgroup post). The various listing services would pick up on this. The more automated it is, the better.
How about posting availability notices alt.remailer-availability.announce (create it if necessary) or alt.anonymous.messages?
I am sure that people can think of all sorts of other ideas for needed apps. But to make them usable for the "general public", the apps will be needed to be written for Windows. (As much as I hate to think about it...)
Private idaho needs to be rewritten (in Java possibly) to be simpler to operate. There should be one button to press to send a message without messing with what type and which remailers to use; the program could choose these things randomly (ok, it's not the best thing to do, but at least it's easy to use). It also should be updated to use pgp 5.0 (not exclusively, of course). If possible, also add support for the Eternity Service.
The remailer plugin should be able to: 1. Scan all available sources of remailer availability / reliability. 2. Allow the user to select a pool of trusted remailers. 3. Allow the user to select the number of remailers in the chain. 4. Randomly select remailers from the pool. 5. Encrypt / add headers to the outgoing message to match the selected remailers.
Stenography Plugin for mail/news readers. It's our one (and possibly only) defense against GAK. You can't decrypt what you can't see. (watch for Stenography to be classified as encryption and be similarly restricted.)
Look for AOL and other ISP's to automatically run a "noise reduction" filter (as in CoolEdit 96) on .wav / .jpg files if GAK becomes mandatory. CoolEdit's noise reduction filter is great for removing tape hiss and other constant background noise from sound files, (it can make a cheap tape deck sound like a cheap CD player) but it would obviously destroy any stegoed data. The noise reduction algorithm is very processor intensive--it takes my 586/133 about an hour to NR a 3 minute stereo 44 KHz recording, but I'm sure you could set up a "light" version of the filter that would destroy stego data without taking as long. Jonathan Wienke What part of "the right of the people to keep and bear Arms, shall not be infringed" is too hard to understand? (From 2nd Amendment, U.S. Constitution) PGP 2.6.2 RSA Key Fingerprint: 7484 2FB7 7588 ACD1 3A8F 778A 7407 2928 DSS/D-H Key Fingerprint: 3312 6597 8258 9A9E D9FA 4878 C245 D245 EAA7 0DCC Public keys available at pgpkeys.mit.edu. PGP encrypted e-mail preferred. Get your assault crypto before they ban it! US/Canadian Windows 95/NT or Mac users: Get Eudora Light + PGP 5.0 for free at http://www.eudora.com/eudoralight/ Get PGP 5.0 for free at http://bs.mit.edu:8001/pgp-form.html Non-US PGP 5.0 sources: http://www.ifi.uio.no/pgp/ http://www.heise.de/ct/pgpCA/download.shtml ftp://ftp.pca.dfn.de/pub/pgp/V5.0/ ftp://ftp.fu-berlin.de/pub/pc/win95/pgp ftp://ftp.fu-berlin.de/pub/mac/pgp http://www.shopmiami.com/utopia.hacktic.nl/pub/replay/pub/pgp/pgp50/win/ RSA export-o-matic: print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 11:28 AM 9/22/97 GMT, phelix@vallnet.com wrote:
On 22 Sep 1997 02:32:12 -0500, Alan <alan@ctrl-alt-del.com> wrote:
Mail is another hole. Eudora now distributes PGP 5.0 with the latest version. (This version does not do RSA keys. You can get the plug in to do those keys from PGP inc.) This is helpful, but there are many other plug-ins that need to be written. Support for remailers is lacking. Windows based code for Mixmaster is also a needed thing. A good interface would help immensely. (Private Idaho was a big step in the right direction. Integrated with a remailer people already use would be another big step forward.)
Agreed. I think Remailer support could be a big opportunity. People may not understand/care-about encryption, digital signing, etc., but they definitely understand the need for anonymity.
Give the people what they want.
Question: If a free remailer plugin for eudora is released, can the remailers handle the increased load? Are there enough remailers? People will not tolerate more than a 24 hour delay for getting their messages delivers. What about spamming?
Use hashcash, or even better, digital cash of your chosen currency. It costs 32 cents to mail a first class letter. Is it worth paying that to send an anonymous email through a chain of a dozen remailers using a Eudora plug-in, or a java applet? For some people it is, if it's made easy to do. If a thousand people used it each day, that would mean $320 every 24 hours, or $116,800 a year to be divided up amongst the 12 remailer operators. Similar possibilities exist for remailer pinging services and nymservers.
I am sure that people can think of all sorts of other ideas for needed apps. But to make them usable for the "general public", the apps will be needed to be written for Windows. (As much as I hate to think about it...)
Why not rewrite Windows? Call it Secured Windows (or S/Win). Features might include: - no swapfile, or at least one that is securely deleted each time the system is shut down - automatically overwrite __ times when deleting information from the hard drive - digital cash wallet app - S/WAN or SSH-type access to ISP - library of different encryption apps, including an easy way to quickly encrypt all sensitive files Initially S/Win would be useful for emerging ecommerce businesses, and also companies and individuals handling sensitive data (i.e., accountants, lawyers, etc.). As ecommerce begins to evolve, people doing high-value transactions (like buying stocks and other financial instruments) will want to know they aren't getting bogus stock ticker prices (a la IP-spoofing) so they don't unintentionally "sell the farm" at the wrong moment. Maybe it's a crazy idea to rewrite Windows, but seeing as so many people are familiar with it already, why not make it more useful/better/secure? When the majority of computer owners realize that their emoney transactions can be compromised on an unsecure platform like Windows, they will demand a "product" like S/Win. After all, what good is your personal Verisign certificate (a public key) -- not to mention SET -- if the corresponding signing/authentication (secret) key can be swiped off your computer by a malicious Active X control along with the keystroke sequence of your passphrase? -g "It sucks being a control freak during an information revolution."
participants (3)
-
gturk@concentric.net -
Jonathan Wienke -
phelix@vallnet.com