BlackNet Investigations Needs More Detail (fwd)
On the Extropians list Tim May has reminded us in his trademark dramatic style about the ability of various unknown malevolent agents to accumulate dossiers based on posts to mailing lists, Usenet news, and contents of "privte" directories on public providers like Netcom, Delphi, etc. Since Stanton McClandish asked about the "NSA can bust PGP rumors" I'll forward my post to Extropians on that thread (slightly edited to elide quoted comment), since a similar concern had been expressed about the trustworthiness of encryption: I find it extremely improbable that the NSA or anybody else can break long RSA keys (eg, those in PGP) as long as the keys are secure (eg on the private machines of trustworthy people). Even if they could break the public keys or gain access to the secret keys, they're quite unlikely to spend TM cycles and engineer time on the outside possibility of gaining evidence for a relatively minor drug violation. Furthermore, there's so much such minor crypto traffic going around now that they would require other good information (eg traffic analysis) prior to attempting to break the codes, to discriminate the potentially important messages from the gigabytes of variously encoded trivia. On the other hand, the local gendarmes in net-heavy areas like Silicon Valley could easily hire a net-savvy investigator to monitor unscrambled groups like extropians, cypherpunks, etc. and even more trivially search back archives of Usenet, to track down networks of drug users, and the like. (For example, the apparent True Name who regularly posts a market report listing street drug prices around the world to alt.drugs!) In the future this will be even easier, and the archives will still be around. The main problem is that many net users aren't using PGP and other powerful privacy tools like anon remailers, because (a) they have "nothing to hide" from the millions of total strangers, many with violent intent, who read the net, (b) the tools are too inconvenient, and (c) lack of cultural development of pseudonymity (this is quite well developed on several BBS nets, though). These problems are being tackled on several fronts. I'm writing a user-freindly Windows GUI for PGP and anon remailers. There's also work going on to integreate PGP into traditional mailers (elm, Eudora, etc.) and the MIME standard. A culture of pseudonymity is starting to spread to the Internet (with glacial slowness, and driving control freaks like Dick Depew and L.Detweiler insane in the process). There's no reason you shouldn't be able to post about your LSD experiences and the like, but make sure you're protecting your privacy with the right tools, for goodness sake. Nick Szabo szabo@netcom.com
I find myself largely in agreement with Nick Szabo's assertions that too many people spread too much information about themselves over the Net. But I wonder about whether or not we will be doing anyone a service by making encryption and 'Nyms widespread in newsgroups. It's too long a topic to tackle all at once, so let me throw out a few opening thoughts. Case 1) technical postings of a research/white (in the sense of whitenet/ blacknet) nature. Here anonymity would be a hindrance. I post in large part to help my name be known in certain academic circles. In this case I would tend to wonder at people who posted anonymously and would (as was mentioned in this list) tend to discount their information. In research circles, name value means a lot. Case 2) technical postings of a black nature. Here anonymity is a big help, as you may have some question about the legality of what you are doing. But the question I have is: why post at all? What gain is there from publicizing this kind of information? Perhaps the gain is some assurance of safety from retaliation from parties who might feel themselves wronged by what you posted. In this case, anonymity wins. Case 3) non-technical postings (social, talk). Again I wonder what is the value of anonymity in this case. To have a social conversation is to build a community of like-minded people and to contact people whom you want to relate to in some way. Anonymity defeats this social building and relation process. A counter-response to this might be to say that we want to put privacy in, not anonymity. But again, I wonder about this. If I want my message to be read only by a certain list of people, why am I posting to a newsgroup instead of to a mailing list? There's no point in privatizing the substrate, since anyone can get a client that will decrypt at the far end. In sum, I guess I'm somewhat baffled at why one would want to use anonymity and/or privacy enhancement technology on one's news postings. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex@media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!"
participants (2)
-
Alan (Miburi-san) Wexelblat -
szabo@netcom.com