Re: Changes to remailer@jpunix.com
-----BEGIN PGP SIGNED MESSAGE-----
Date: Wed, 16 Nov 1994 14:16:46 -0600 From: "John A. Perry" <perry@jpunix.com> Subject: Changes to remailer@jpunix.com
Well folks...
It happened again. Last night jpunix was used to post proprietary code to the net. I had to spend a couple of hours on the phone with the authors of the code, generating cancel messages, etc.. It seems that jpunix is a magnet for those that wish to abuse the remailers.
Since jpunix seems to attract problem users, I have installed some safeguards in the remailer that will hopefully add a level of difficulty to those that wish to abuse while remaining transparent to proper usage.
here are some other ideas to consider in addition to or instead of the 20k limit: * require encryption for incoming messages. * require that the sender, the receiver, or both be a known remailer address. at least one other remailer has to be involved. * impose a 20k limit on message unless they are received from a known remailer and sent to a known remailer. randy -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLstzsM1Uod4Abd1NAQGJUwQAnUB9CGdheNImzapwbtlfpWmnygrdpSva qioE5FM3U19knz+nwsEUYKE/xKAyC0G+jou0dmNy+W6NQ9QwCMslQ0YdR3hRxyMT DBiodSFu23H/6R+7PYUNscM9T2Lr/imkHLZZtxbcV7/IBzqlX9VdVFLd5/rWs4Fh Nk+BlhTwwjI= =srSt -----END PGP SIGNATURE-----
#<text/x-pgp -----BEGIN PGP SIGNED MESSAGE----- In message <199411171606.AA18990@xtropia> you write:
here are some other ideas to consider in addition to or instead of the 20k limit: * require encryption for incoming messages.
Good idea in theory but won't work in practice. The stats generated by the anonymous remailer show that less than 40% of the messages passing thru are encrypted. Most people would find being forced to encrypt a huge inconvenience. BTW everyone, when I say stats, I mean the primitive stats generated by the remailer and are available to anyone sending email to remailer@jpunix.com with the subject being remailer-stats. Don't start asking me if I get these stats by logging! I don't log.
* require that the sender, the receiver, or both be a known remailer address. at least one other remailer has to be involved.
You are talking about fortress remailers. This is currently under discussion. Stay tuned.
* impose a 20k limit on message unless they are received from a known remailer and sent to a known remailer.
Good in theory once again, but bad in practice. This would entice the abusers to jeopardize several remailers instead of just one. Every remailer that spam/proprietary-stuff goes through would be potentially at risk also. If remailers are going to be legally jeopardized, I would think the impact would be less if it were one instead of many. But, there is also safety in numbers. Hmm... John A. Perry - KG5RG - perry@jpunix.com WWW - http://jpunix.com PGP 2.62 key for perry@jpunix.com is on the keyservers. PGP-encrypted e-mail welcome! Finger kserver@jpunix.com for PGP keyserver help. Finger remailer@jpunix.com for remailer help. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Finger kserver@jpunix.com for PGP keyserver help. iQCVAwUBLsvawFOTpEThrthvAQGQQgP/RMC1DZXKPfGQzQd+3TQv8czp9AGRvuAq 8sTiJ+vt8XLrSumZ+2UUHSv/wJovA5pq64lC0U4EtrZY9t6rexnSmgDrBnLyn5VJ wZ/bi+0GQa7xxfcxJWgqf372n/RjNT3Kbpg6XhNF1dQtwpq3VMkKbHqfsvwDdR2h 65kzLPGd5VA= =P/Bk -----END PGP SIGNATURE----- #
-----BEGIN PGP SIGNED MESSAGE----- John Perry writes:
Anonymous writes:
* require encryption for incoming messages. Good idea in theory but won't work in practice. The stats generated by the anonymous remailer show that less than 40% of the messages passing thru are encrypted. Most people would find being forced to encrypt a huge inconvenience.
[Underdog's remailer-stats for the past 24 hours show just under 50% use of encryption.] I suspect, though, that there's a fairly effective process of self-selection in determining whether encryption is used. On the one hand, we have the folks planning the Quayle `96 campaign strategy, who demand maximal privacy w.r.t. the content of their messages, and are liable to face increased scrutiny by eavesdroppers in virtue of their address subdomains anyway. These people realize they're under the microscope, and should *ahem* take great precautions as a result. OTOH, there are high school students posting to asar about their abusive stepfathers. With very high probability, no-one operating packet sniffers really cares about the content of this traffic. In fact, since the messages ultimately appear in public, the only significant need is anonymity. I hate to say it, but these users inherit by default a fair amount of security through obscurity. The few people who might wish to identify them as the authors of these messages often aren't even aware that they should be looking, which is quite different from the situation in the previous case. The latter group probably doesn't bother with encryption much, but they probably don't really need it much from their POV. Obviously it would be beneficent from the anti-traffic analysis perspective were everyone to encrypt, but at present it requires far too much effort (relatively speaking) with too little personal gain for the latter group of users to bother. It's worth remembering that seamless integration of encryption with standard communication tools passively enlists the help of all the people who don't give a damn about using encryption, not just those who eagerly await improved interfaces.
If remailers are going to be legally jeopardized, I would think the impact would be less if it were one instead of many. But, there is also safety in numbers. Hmm...
I've been meaning to respond to your announcement of the latest abuse of jpunix, and this appears to be an ideal opportunity. You evince a degree of puzzlement about the reasons for the popularity of remailer@jpunix.com for "abuses" such as software copyright infringement. I can't help thinking that, if I were an aspiring member of the copyright violation squad *and* a dedicated cypherpunk, I would have paid close attention to the discussion of fortress remailers. I would have noted that you (among others) offered your remailer as a fortress remailer. To minimize the chances of crashing part of the remailer bramble, I might well deliberately pick a fortress remailer to release the sensitive material, reasoning that it's less likely to face foreclosure in the aftermath of the incident. If you build a bulletproof Popemobile for the pontiff, his chauffeur will enter the demolition derby in it in preference to nailing some steel sheets onto a weekend special from Avis. "Build it and they will come !" :} -L. Futplex McCarthy; use "Subject: remailer-help" for an autoreply PGP key by finger or server; "Better watch what you say, or they'll be calling you a radical...a liberal" --Supertramp "[CIA/KGB mole Aldrich Ames] took information in shopping bags out the front door" --miscellaneous Congressperson -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLsvylmf7YYibNzjpAQEltwP+PaXLVOnyPkt6cjbVj76UxBo1sgSPER8C 2+jmOr9l7FsduYJDceoyGPgRLEWp+zrSVchSFfegPkIe+lb0MnAaawtpNcbYxSRs dlqcOP1bC0FS9SFYoj0RygW1MJAdmyjh72NKvZdzRMmQITKVZ1RYAaPr/4pOHhG4 ZVFlMfMANmE= =Ic3H -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- In article <199411172235.QAA19976@jpunix.com>, "John A. Perry" <perry@jpunix.com> wrote:
In message <199411171606.AA18990@xtropia> you write:
here are some other ideas to consider in addition to or instead of the 20k limit: * impose a 20k limit on message unless they are received from a known remailer and sent to a known remailer.
Good in theory once again, but bad in practice. This would entice the abusers to jeopardize several remailers instead of just one. Every remailer that spam/proprietary-stuff goes through would be potentially at risk also. If remailers are going to be legally jeopardized, I would think the impact would be less if it were one instead of many. But, there is also safety in numbers. Hmm...
But (except for monitoring messages going into and out of the remailer, or operator logging) how is anyone to know which remailers were involved in a chain? Isn't this one of the things that chaining is supposed to prevent? A more accurate objection might be that if spam/proprietary data is chained through remailers, then EVERY remailer is at risk. BTW, I think your safeguards (which I am _not_ objecting to) only make it a little bit harder to use your remailer to post stolen code or whatever. Someone could easily break the posts up into pieces and chain them through your remailer, perhaps through different chains as well, e.g.:
:: Anon-Subject: RC5.ZIP [06/37] {Sources for RSADSI's proprietary cipher}
You could block multiple messages with the same or similar subject fields, but anyone chaining remailers intelligently would probably not use a single remailer as the final sending point -- unless they had it in for that remailer! Or are you going to block posts from remailers that forward spam to you? (A cure worse than the disease, IMHO). | In the other room I passed by Ellen Leverenz as Alan Bostick | someone asked her "Do you know any monopole abostick@netcom.com | jokes?" finger for PGP public key | "Sure," she said. "In fact, I know two of them." Key fingerprint: | -- Terry Carr, GILGAMESH 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLsvw/OVevBgtmhnpAQGstwL+JT8t6D13VsAE0fEy8LJK7CZ6E86qqEvi UIBh/f6qIxyMd4/QxBhSpdUUXEqLi9VdA8Vk2+ApFIoR3uDN97uRiGuVgIWUzZVR D05Q0XE5x6uSYdjM3u/Vz2UKJ7k205+a =AZK2 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- In message <co-okyczBG$R073yn@netcom.com> you write:
But (except for monitoring messages going into and out of the remailer, or operator logging) how is anyone to know which remailers were involved in a chain? Isn't this one of the things that chaining is supposed to prevent?
That is exactly what chaining is supposed to prevent.
A more accurate objection might be that if spam/proprietary data is chained through remailers, then EVERY remailer is at risk.
This is more correct than my previous statement. ALL remailers would be at risk.
BTW, I think your safeguards (which I am _not_ objecting to) only make it a little bit harder to use your remailer to post stolen code or whatever. Someone could easily break the posts up into pieces and chain them through your remailer, perhaps through different chains as well, e.g.:
I agree that it only makes it a little harder. I never meant it as a preventative and it never will be. But if the remailer is going to be used to send out large amounts of data, i.e. source code and spam, I wanted to increase the level of difficulty on the part of the individual committing the act.
Or are you going to block posts from remailers that forward spam to you? (A cure worse than the disease, IMHO).
I have no intention of blocking the other remailers. John A. Perry - KG5RG - perry@jpunix.com WWW - http://jpunix.com PGP 2.62 key for perry@jpunix.com is on the keyservers. PGP-encrypted e-mail welcome! Finger kserver@jpunix.com for PGP keyserver help. Finger remailer@jpunix.com for remailer help. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Finger kserver@jpunix.com for PGP keyserver help. iQCVAwUBLsyCVlOTpEThrthvAQGkJgP/QB/4Bi07Xyfc6xcU/Ua88XwUW7Gdx0BE n2rraXqV9qO5vx6HaGh9n0dLZXqh2J+ElAbBxKnNQ7bkh6KwnEGXkLLdKVitXrDI 073iZrvfcFSzKl9PC+p36qjwuGMFJadmP5piBpSQ1fQLY/rYUJzyrUME8277b2NM 4HxW0BBEjGY= =QZyL -----END PGP SIGNATURE-----
participants (4)
-
abostick@netcom.com -
John A. Perry -
L. McCarthy -
Random Factor