I know this suggestion has been made before, probably by myself, but it seems the remailer programmers may be missing a good opportunity in not pursuing the inclusion of remailer code in the popular Gnutella cleints (e.g., LimeWire). They advertise they are looking for new "content communities." http://www.limewire.com/index.jsp/formgroup I don't see any reason why email can't be added as a new form of content.
Remailers are trickier than other P2P applications because of the problem of sending the mail out. If one of the P2P users gets "volunteered" to be the outgoing portal for some harrasing mail, he won't be running the client for long. However if the recipients are restricted to users of the P2P network then this is not a problem. An anonymous email application just for P2P users would be interesting. It could be part of a continuum of applications like anonymous chat with varying degrees of real-time delivery. KNet, knet.sourceforge.net, is a new project on P2P anonymous chat. If that works, then email could be done by adding some kind of queueing feature which would hold messages for delivery until the recipient connects to the P2P network. There wouldn't be many problems with complaints about abuse because everyone would be volunteering to receive anonymous mail/chat by virtue of using the network. Probably the biggest complaint people would have is untraceable spam. It's already a nuisance with other chat systems. If the anonymous comm system has per-user traffic limits or some other way of handling spam then it could be a good basis for no holds barred discussions and data exchange.
At 09:57 PM 9/3/2001 -0700, A. Melon wrote:
I know this suggestion has been made before, probably by myself, but it seems the remailer programmers may be missing a good opportunity in not pursuing the inclusion of remailer code in the popular Gnutella cleints (e.g., LimeWire). They advertise they are looking for new "content communities." http://www.limewire.com/index.jsp/formgroup I don't see any reason why email can't be added as a new form of content.
Remailers are trickier than other P2P applications because of the problem of sending the mail out. If one of the P2P users gets "volunteered" to be the outgoing portal for some harrasing mail, he won't be running the client for long.
I believe Ian Goldberg came up with a rather elegant solution: allow the the clients to only function as entry and middlemen remailers and use throwaway accounts at hotmail or similar fall guys as the exit points.
Probably the biggest complaint people would have is untraceable spam. It's already a nuisance with other chat systems. If the anonymous comm system has per-user traffic limits or some other way of handling spam then it could be a good basis for no holds barred discussions and data exchange.
Hashcash or a similar computation-based postage (e.g., the camram project, if it ever gets itself together) is probably a better solution to SPAM (untraceable or not). steve
On Mon, Sep 03, 2001 at 10:42:19PM -0700, Steve Schear wrote:
I believe Ian Goldberg came up with a rather elegant solution: allow the the clients to only function as entry and middlemen remailers and use throwaway accounts at hotmail or similar fall guys as the exit points.
Maybe, but it's vulnerable to a few things, I'd wager, if you're talking about writing a client that would log in to a web-based mail service and then send mail from within it: * Automated monitoring by Hotmail/Yahoo/Lycos Mail/etc. If an account usually sends 10 messages/day, look for spikes in traffic two standard deviations above the mean and temporarily block access to that account. Or require human intervention to re-enable that account. * Anti-spam monitoring, similar to the above. What a remailer (who logs into the service and and sends mail from within it, rather than forging the From: line) would do is what a lot of spammers would like to do too. * Contractual arrangements by the web-based mail operator that could, theoretically, make the remailer operator liable in some cases. Sorry to be such a downer today, but that doesn't seem like a wonderful solution -- at least after web-based mail services realize what you're doing and employ suitable technological/legal countermeasures. Perhaps an automated registration process might work,using a large number of accounts and automatically creating them as needed and discarding them when necessary. Though to escape (theoretical, in my hypothetical) legal liability, the initial setup and message-dumping would have to be done anonymously, raising the cost and hassle factor. -Declan
On Tue, Sep 04, 2001 at 01:21:16PM -0400, Declan McCullagh wrote:
On Mon, Sep 03, 2001 at 10:42:19PM -0700, Steve Schear wrote:
I believe Ian Goldberg came up with a rather elegant solution: allow the the clients to only function as entry and middlemen remailers and use throwaway accounts at hotmail or similar fall guys as the exit points.
Maybe, but it's vulnerable to a few things, I'd wager, if you're talking about writing a client that would log in to a web-based mail service and then send mail from within it:
* Automated monitoring by Hotmail/Yahoo/Lycos Mail/etc. If an account usually sends 10 messages/day, look for spikes in traffic two standard deviations above the mean and temporarily block access to that account. Or require human intervention to re-enable that account.
* Anti-spam monitoring, similar to the above. What a remailer (who logs into the service and and sends mail from within it, rather than forging the From: line) would do is what a lot of spammers would like to do too.
One could instead bounce the traffic through the same mail servers that spammers use. Judging from the spam I get, most of those are poorly-admined sites thast don't know that they're being used to forward spam. Of course this isn't very moral. Eric
On Tue, Sep 04, 2001 at 10:28:59AM -0700, Eric Murray wrote:
One could instead bounce the traffic through the same mail servers that spammers use. Judging from the spam I get, most of those are poorly-admined sites thast don't know that they're being used to forward spam.
True, that's a possibility. But as anti-spam technology improves and social pressure increases (maybe not tomorrow, but certainly over the next few years), those sites will be far less useful than they are today. Open relay owners will close 'em up and RBLish block lists (perhaps more carefully targeted) will become more useful. I'd say that relying on open relays as a long-term solution to act as the exit point from a remailer chain is a poor strategy. -Declan
participants (4)
-
A. Melon -
Declan McCullagh -
Eric Murray -
Steve Schear