Re: Digital Postage (fwd)
Forwarded message:
Date: Sun, 28 Sep 1997 21:03:59 -0400 From: Anonymous <anon@anon.efga.org> Subject: Re: Digital Postage (fwd)
Jim Choate wrote:
No, there is only one system which provides anonymity. It's called ecash. The other systems do not have the features we want.
Yes, but it does not have a clear market advantage. In fact the anonymity issue may actualy work against it.
We are not talking about an abstract "what will the market do" issue here. We are talking about how to get a working payment system up for remailers which gets us great service and provides privacy and security.
That is exactly what we are talking about, he who predicts what the market will do AND invests somebodies elses money will win big. That 'abstract' market motion is EXACTLY what the market will do in practice. In other words it's the service you will be buying because the people with the money think it will make them money off your willingness to spend your money. As I have said before, privacy and security are not issues in remailers. Being able to plausibly deny any involvement is, a subtle but important difference.
The rest of the world may or may not catch on to ecash, but if it's going to start, it will start with a small group. I think it should be this one.
It will not start with a small group. Anonymous remailers are big traffic - big buck operations in the long run. The price per message must be in the milli-cent range which means the traffic must be in the mega-message range to make money; simple multiplication.
Businesses use multiple forms of payment all the time, even in the United States where multiple currency use is legally discouraged.
It isn't a question of which currency you use - that is NOT the same as the economic system in place. Businesses may use dollars or dinars but at the end of the day they put them in a bank which at least at times follows international agreements on banking. This is why we can transfer money from one denomination to another.
When I go to a restaurant I can pay in cash or use a variety of credit cards. And credit cards cost the establishment a substantial amount of money and headache, too.
Yes, but that is not a different system. You are still taking money from your bank account (on loan from a bank if through a CC) and putting it in somebody elses bank account. The banks define our system of economics to a great degree. Banks don't like anonymous transactions so whatever system we put in place must buy the support of the traditional financial institutions at some point. How do you convince a bank that anonymous cash transactions are in their best interest?
I hope we are all assuming that The Enemy knows who is using remailers, at least at the moment.
If they do then the users aren't anonymous anymore and hence any 'security' or 'privacy' they may derive is one of delusion.
There's no hiding those telltale PGP messages sent to a certain short list of suspected remailer addresses. Some day we will have good steganography and it won't be possible to tell who is using a remailer, but this is not the best problem to solve right now.
Stego won't be any harder to detect than a PGP encrypted message.
Can do what? Anonymity cracking or create a payment system that allows for the intermediate parties to be paid but doesn't over-burden the user? The point is not to have the poor end user have to create a half- dozen payment arrangements to get chaining. It becomes a real hassle to do at that point.
No it doesn't. Watch carefully:
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp'; $remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek"; $remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash middle latent cut ek money25cents"; $remailer{"winsock"} = "<winsock@rigel.cyberpass.net> cpunk pgp pgponly hash cut ksub reord ?"; $remailer{'nym'} = '<config@nym.alias.net> newnym pgp'; $remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp pgponly hash latent cut ek"; $remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp'; $remailer{"reno"} = "<middleman@cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?"; $remailer{"cracker"} = "<remailer@anon.efga.org> cpunk mix remix pgp hash ksub esub latent cut ek money25cents reord post"; $remailer{'redneck'} = '<config@anon.efga.org> newnym pgp'; $remailer{"bureau42"} = "<remailer@bureau42.ml.org> cpunk mix pgp ksub hash latent cut ek"; $remailer{"neva"} = "<remailer@neva.org> cpunk pgp pgponly hash cut ksub ?"; $remailer{"lcs"} = "<mix@anon.lcs.mit.edu> mix money25cents"; $remailer{"medusa"} = "<medusa@weasel.owl.de> money25cents mix middle" $remailer{"McCain"} = "<mccain@notatla.demon.co.uk> mix middle"; $remailer{"valdeez"} = "<valdeez@juno.com> cpunk pgp pgponly hash ek"; $remailer{"arrid"} = "<arrid@juno.com> cpunk pgp pgponly money25cents hash ek"; $remailer{"hera"} = "<goddesshera@juno.com> cpunk pgp pgponly hash ek"; $remailer{"htuttle"} = "<h_tuttle@rigel.cyberpass.net> cpunk pgp hash latent cut post ek";
I guarantee that neither your mother or mine will look twice at that gobbeldy-gook. Hell, I won't use it because I have to create such files every damn time I have to send a message. Too much work, too much room for errors. When you can arrange to chain remailers without the user having to touch the above you will have a winner. KISS
See if you can figure out which remailers accept money and how much they accept. Now, in figuring that out, did you do anything that would reveal your identity? Do you think a simple program could handle the task?
Actualy, yes I did do something to reveal my identity. I have to pass that entire list of chaining along to the first remailer who passes it along to the second minus the first entry and so on. If I can grab a single remailer in that chain I can back track because that remailer knows where that list came from. To really make chaining secure neither the user or the individual operators should have a say in it.
You might be. I'm interested in smart people who want to protect their privacy.
Then they won't use remailers at all. A smart person is not going to trust any 3rd party channel they don't have total control over. A smart person is not going to get involved in a conflict in the first place. The situation is sort of like the comparison between reasonable and un-reasonable men. Progress is caused by the un-reasonable man. If the commercial remailer is ever going to arise (which I doubt) it will be one of 'regular joe's' as users and must be about as complicated as getting a coke from a machine (which is a long way off currently).
This is the silliest thing I think I have heard so far in this discussion.... ...And my experience is that prices move up and people expect them to.
Mind your manners.
I am, that doesn't mean I can't call a spade a spade. I didn't say anything about you personaly, deal with it.
Then look around. For the last few hundred years just about everything has been dropping in price.
Really? I suggest you look at newspapers from say the mid-60's and compare them to now. Very few things will be anywhere close to where it was then in price, and the vast majority will not be lower. Bread went up, water went up, electricity went up, etc.
And, in the computer and information industry in particular, prices drop like crazy all the time for decades, even when you adjust for inflation. Buy memory recently?
No, prices don't drop the machines that used to cost the current price aren't made anymore. Any entry level machine costs about $1,000 just like it did 10 years ago. The difference is that you get a lot more hardware and a new os. Again, a minor but important distinction. Yes, I have bought memory recently - 64M as a matter of fact. The memory has dropped in price because the new machines don't take it anymore or else the motherboards with the new many-megs-required OS's won't work on 8M anymore. Theres no mystery other than obsolescence at play. Try buying one of the new 4G DRAM's....
If you want to run a remailer and charge a fraction of a cent for each message, or for an account, or whatever, please be my guest.
I looked into it for several months about a year and a half ago. The result was the current economic, social, and legal environment simply aren't going to support such operations in the near future with anything like the indipendance that we would like. Hell, your the one offering $50 or somesuch for a commercial remailer. Take that $50 and set up your own site. Nothing like experience to teach a hard lesson. If you're right you should be making money in short order.
The key to anonyous remailers is not the cost per message but rather the amount of traffic to be carried. Anonymous remailers are beasts of mass markets measured in millions of recipients.
That is obviously untrue. Remailers are used by a small highly specialized market of perhaps a few hundred people. Some day, if we do good work, there will be millions of users.
While remailers may be, commercial remailers still don't exist and are a completely different beast than some philanthropic enterprise. If you don't get the millions up front you won't be getting anyone. The other aspect you seem to ignore consistently is not the cost to submit the original message but the cost to send that message to the world, the real cost I might add. The purpose of commercial remailers (and I suspect all remailers) is to reach a mass market. If your market can't reach millions for pennies nobody will use it because you can't give them what they want. Whether its drugs, sex information, or political views the central party must reach a large group to succeed.
Can you think of any mass market which started out as a mass market? I can't think of a single one.
Once the pioneers worked out the technology: Cable television, music videos, automobiles, air transport, bicycles, telephones.
But the system to post charges BETWEEN remailers must be pretty consistent to be acceptable.
Untrue. You just have to know what each remailer charges. That's about as hard as knowing what services it offers or that it exists.
Only if you feel obliged to arrange payment between the remailers yourself, which provides a link between remailers and you further eroding your expectation of anonymity. The point, which you miss, is that the chaining remailers should know nothing of the original user which your system fails to do.
That is the key and it has NOT been discussed too any great degree. That inter-remailer traffic must be anonymous also or else traffic analysis can back-track.
I may be misreading this, but you do realize ecash is anonymous, right? Nobody can tell who sent the money, just who received it.
ecash is anonymous but it is not an accepted standard between remailers, let along commercial ones. Furthermore, under your system I as a user must contact each remailer and arrange payment to some account. So we know not only who received it but who sent it as well, otherwise how does the remailer know to take your payment and apply it to your account and not mine?. If we further accept your premise that mallet knows who is using those remailers then we are completely devoid of anonymity.
Perhaps you are arguing that The Enemy would notice that you withdrew a bunch of coins and then make a guess that all those remailers making deposits three minutes later are depositing your coins? That is easily solved by generating the ASCII ecash certificates once a week or so and then pasting them into your messages when you send them.
I am arguing that under the current system the checks and balances are such that true anonymity can't be attained on a scale that is commercialy feasible.
It seems to me that the remailers need some sort of anonymous payment server that is put in place for some other reason, that way they don't have to deal with the justification issue.
What justification issue? Ecash is available right now. You don't have to justify it to anybody, just use it.
Really? How about explaining how I purchase a car or house anonymously with ecash? I can't. Also, you seem to have missed an important point. When we get a system where anon remailers can survive we will have created an anonymous money laundry, not something that a lot of people want or desire.
Hopefully, once the cypherpunks start using it regularly, it will begin to catch on with people peripheral to the group, and then with everyone.
If this were true it would have already happend. The thousand or so people on this list might be involved in the technology and its application, I doubt that we will have any say in its eventual success.
You are confusing one cost of doing business with the price the market will bear.
How?
You seem to think that because the cost of transporting mail is inexpensive, the price for protecting somebody's identity can't be high.
First, you don't know what I think - ask questions don't make assumptions (speaking of manners). Please keep your ad hominims at home. What I am saying is that because the cost of individual mail is low I as a commercial business trying to make a living off each of those emails can't expect a lot from them, therefore I need a lot of them.
What I am saying is that physical mail and the system developed for dealing with it went hand-in-hand. The design and advancement of the Internet technology is not driven by email or it's technology. That perhaps because of this difference perhaps we need to look at models other than the postage one. It in fact may be coloring our perception and a look at alternative models might help.
The only models that have been proposed so far require a lot of work and evangelism. Ecash doesn't require much work, and it will be easier to evangelize.
ecash is not what I am talking about here. Which by the way will take a lot of work to get people to use it as ubiquitously as needed by a commercial remailer. I am talking about the entire infrastructure that will be required to support commercial remailers. What will be required is not clear to anyone involved in the issues. I furthermore don't have any interest in religion (re evangalism) but rather in running a business and making money. I don't want to change your mind, I want you to spend your money with me (as an anon remailer operator) with the security that no matter what you submit it can't be traced back to you. Even your much vaunted ecash can't do that yet. ____________________________________________________________________ | | | The financial policy of the welfare state requires that there | | be no way for the owners of wealth to protect themselves. | | | | -Alan Greenspan- | | | | _____ The Armadillo Group | | ,::////;::-. Austin, Tx. USA | | /:'///// ``::>/|/ http:// www.ssz.com/ | | .', |||| `/( e\ | | -====~~mm-'`-```-mm --'- Jim Choate | | ravage@ssz.com | | 512-451-7087 | |____________________________________________________________________|
participants (1)
-
Jim Choate