With the shutdown of PAX, if we are not going to roll over and let this type of site go away, what we need is a large new group of such sites. 20-50 or more anonymous remailer sites that each gets used randomly and occaisionally, with usernames that are not obvious such as "anon432", both in the U.S. and elsewhere in the world, are whats needed. the list of sites must remain fluid and unpredictable, and formats and conventions must also variate so that no one can get "a fix" on it. A person that wants to anonymously mail something can choose different sites each time, or perhaps there may be a subsystem that chooses this for them, WITHOUT the mail actually going there first, if a site is in charge of "ran- domizing" the traffic. I suggest using a truly covert approach of using non-account first names and other interesting words that are indistinguishable from regular usernames as anonymous temporary mailing names. This obviously is very tricky and would have to be worked out carefully, since it may, even in the future, conflict with an actual choice of a valid username for an anonymous site. But it can be done. and we need to spare the .sig at the bottom that advertises the anon service. that should be left to separate ads, not mixed in covert email itself. One of the things that has gotten to me is to do secret acts in overt ways, almost asking the Government to defy them! Secret things should be done secretly. Once, if in the future, cryptographic email is so common as to make this unnecessary, then we can relax it. But not completely. Secret should still always be DONE IN A SECRET WAY. I.e. using steganography and other covert procedures, fluid, nonfixed proce- dures, to ensure no disturbance with rerouted and/or encrypted email traffic. Yes this is security-by-obscurity, but it can work if it is just an adjunct to other strong methods such as good ciphers and procedures that use proper contingency planning. PAX, most likely, did no contingency planning for what happened to it. All things of this type need "what ifs" for every possible interference that can happen, not that all possibilities would be addressed. But they should all be looked at, if they can be thought of. Suppose the ante goes up and all this stuff becomes actively illegal. What then? If a large network is *already* in place, the risk is much lower than trying to do something after the fact. And it would be a more mature network of rerouting and encrypting sites, that have already learned from their mis- takes. we need --all--this-- to survive. otherwise it is all just a toy application of covert technology. norstar The Northern Lights, Troy NY | tnl dialins: +1 518 237-2163 @ 1200-2400 bps 8N1 $free ` | / ------------------------------------------------------- --- * --- Internet: norstar@tnl.com / | . Sysop of TNL Public Access UNIX |
I suggest using a dictionary to come up with "names" of anonymous users: aback abacus abalone abandon abase abash abate abater abbas ... You could pick them in random order, or sequentially.
Suppose the ante goes up and all this stuff becomes actively illegal. What then? If a large network is *already* in place, the risk is much lower than trying to do something after the fact. And it would be a more mature network
This technology is sufficiently cheap to replicate that it doesn't matter whether we set up a "covert" network before or after it becomes illegal (if ever). What matters is that we have experience at running such a network. Such experience is much easier to come by in the open -- since you can talk about it! While I applaud the efforts of some people to set up contingencies for "after we lose our liberties and need to actively oppose the government", please don't forget to actively oppose poor government policies *now*, before the loss of that liberty. In other words, there's plenty of work to be done today to *keep* this an open society. And it's much easier to keep one than to get one back. John Gilmore
participants (2)
-
Daniel Ray -
gnu