Remailers-in-a-box
-----BEGIN PGP SIGNED MESSAGE----- Tim May wrote:
I am waiting for such services to be actually, formally, solidly announced, not just casual remarks that it might be possible. And of course the software should be "ready to wear," port-a-potty, so that the remailer account owner does nothing more than pay for the account.
In this model, who deals with mailbombs/spams/requests for address blocks? It is this sort of administrivia (plus the threat of liability) that makes running a remailer troublesome, not a lack of someone's $20/month. I think it's disingenuous to say that "X pays the bills for the network link; X purchased the hardware and keeps it running; the box is in X's house/office; X is the person who reads complaint mail and responds (or fails to); but because Y sends X $20/month, the remailer (and attendant liability for its mis/use) belongs to Y." I realize that there's a certain formal logic to it, but I don't think that anyone - not courts, and not the world-in-general - is going to pay attention to that formalism when it's clear that a machine essentially under the control of X is being used for 'antisocial' means. I'm seriously considering offering this sort of remailer-in-a-box thing, but there's a certain amount of hassle associated with running a remailer. It can be shifted to different parties, but it must be paid for one way or another. I guess it'd be possible to treat remailers as disposable - when one had pissed off enough people, it could be abandoned - but this lack of long-term reliability seems poor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyBjVX3YhjZY3fMNAQEI3QP/YdqBbhn5k4Q+NtD3zoJCG7qIfGaQqogH AFFmItuU46rFQHHSxPl+p4fNmX+32yEva04ORq28NWPKggXiXhwN+LQDshWomSU8 gXkysIPdGeogSDxP6+JxXatE81TpuCjOtbGH3KlmCNaRbB0685zBVB7Oj1O/D5it zqM9JuV8yAE= =EQY5 -----END PGP SIGNATURE-----
From: Greg Broiles <greg@ideath.goldenbear.com> In this model, who deals with mailbombs/spams/requests for address blocks? It is this sort of administrivia (plus the threat of liability) that makes running a remailer troublesome, not a lack of someone's $20/month. This point is right on. I think it's disingenuous to say that "X pays the bills for the network link; X purchased the hardware and keeps it running; the box is in X's house/office; X is the person who reads complaint mail and responds (or fails to); but because Y sends X $20/month, the remailer (and attendant liability for its mis/use) belongs to Y." The whole point of separation of operations and ownership is to actually separate them. If the computer/network service owner (X above) is participating in any _semantically meaningful_ way in the operation of the remailer service, then they too are part of the remailer service. If the computer/network service is responding to complaint mail, or even getting properly directed complaint mail, they are exposing themselves to participation in the remailing service. As with liability for content, the important issue here is the state of mind of the computer/network operator. If they know sufficiently many details about the nature of the remailer operation, the boundary of separation is breached. Unfortunately, the standard mechanism of complaint on the internet is the postmaster address. Complainants do not always follow the nice complaint instructions in the headers of email. A remailer run out of a shell account will have postmaster complaints addressed to the computer/network operator rather than the remailer operator. Therefore, a second postmaster address is required. A second postmaster address means another domain name. This new domain name can be either a subdomain or a brand new one. I don't think it will matter much, although a domain not related to the computer/network operator would further the separation. Now setting up new domain names, while pretty easy, requires the cooperation of DNS operators. Typically these connections have been informal and a low barrier to entry but only if you know somebody who does domain names. DNS operation is not yet a separate service to buy, but I suspect it will become so. In the meanwhile the offers of DNS provision by John and Strick are welcome. [...] I don't think that anyone - not courts, and not the world-in-general - is going to pay attention to that formalism when it's clear that a machine essentially under the control of X is being used for 'antisocial' means. As important as legal protections are, direct action against spammers attacks the machine infrastructure directly. A word to the wise computer/network provider. Eric
Now setting up new domain names, while pretty easy, requires the cooperation of DNS operators. Typically these connections have been informal and a low barrier to entry but only if you know somebody who does domain names. DNS operation is not yet a separate service to buy, but I suspect it will become so. In the meanwhile the offers of DNS provision by John and Strick are welcome.
I sell DNS service as well. See http://www.c2.org/services/DNS_MX.html -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer@c2.org
Greg Broiles wrote:
Tim May wrote:
I am waiting for such services to be actually, formally, solidly announced, not just casual remarks that it might be possible. And of course the software should be "ready to wear," port-a-potty, so that the remailer account owner does nothing more than pay for the account.
In this model, who deals with mailbombs/spams/requests for address blocks? It is this sort of administrivia (plus the threat of liability) that makes running a remailer troublesome, not a lack of someone's $20/month.
In this model the owner of the machine (who is not himself a remailer, only a seller of accounts) simply ignores all such issues of mailbombs, spams, request for address blocks. He has a form letter than says something like: "I am not the initiator of any mail bombs, spams, or illegal mail. I merely sell accounts, like private mail boxes. Some of the mail you are objecting to may have originated on my system, some may merely have passed through my system, just as mail passes through many systems from sender to receiver. If you have problems, talk to the sender, not to me. Under the ECPA I cannot even _look_ at the mail on my system, and even if it were legal, I would not."
I think it's disingenuous to say that "X pays the bills for the network link; X purchased the hardware and keeps it running; the box is in X's house/office; X is the person who reads complaint mail and responds (or fails to); but because Y sends X $20/month, the remailer (and attendant liability for its mis/use) belongs to Y." I realize that there's a certain formal logic to it, but I don't think that anyone - not courts, and not the world-in-general - is going to pay attention to that formalism when it's clear that a machine essentially under the control of X is being used for 'antisocial' means.
It likely buys a couple of years of protection, though. Currently the remailer sites = remailer accounts, so they have little or no protection. I don't think "disingenuous" as very apt description. For one thing, my proposal certainly doesn't make things any _worse_ for the true remailers. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay
-----BEGIN PGP SIGNED MESSAGE-----
I don't think "disingenuous" as very apt description. For one thing, my proposal certainly doesn't make things any _worse_ for the true remailers.
Sorry if I was unclear; I didn't mean that you were being disingenuous, just that the assignment of responsibility/culpability in at least some of the schemes being discussed looks suspect to me. I do think that this plan can create greater risk for the owners of machines which operate remailers - what if one of their customers decides not to block traffic to whitehouse.gov, or to alt.religion.copyright, or whatever? Neither the SPA nor the Secret Service has acted particularly cluefully with respect to seizing hardware or conducting unnanounced destructive "fishing" expeditions. As things stand today, I have some control (via my filter list) of the risks I'm willing to assume and not assume. If I let people with no real stake in the matter gamble with my machine based on their own choices about filtering, that looks like a loss to me. (Of course, the machine owner can always, via contract, set certain terms - e.g., addresses which must be filtered. This starts to look like active participation in the administration of the remailer, which makes the off-site operator structure seem less legitimate.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyCGan3YhjZY3fMNAQFpbwQAj/PSC5e2IxCpuxaLMXi/vX2DsJp6q8x0 LzKrI57AjujC07o7vHGHlhPZIgWC7hTgNxAy3wRNOqRDwb7FdX6GQfMM4aWmbU4U 1pypD5eipO3CgkaHm5VqpKnVdDmxFQ3r6tDY1qV8jV0ghnku9DpmHhQIr4C+U1Cx krBo2FThMRo= =qguX -----END PGP SIGNATURE-----
From: tcmay@netcom.com (Timothy C. May) In this model the owner of the machine (who is not himself a remailer, only a seller of accounts) simply ignores all such issues of mailbombs, spams, request for address blocks. [the form letter might include] "If you have problems, talk to the sender, not to me." In order to make such a discharge anywhere near believable, you'd have to provide a way for the complainant to get in touch with the sender. The sender in this case is the remailer operator. It would also be a standard courtesy to forward the misdirected mail. Currently the remailer sites = remailer accounts, so they have little or no protection. One of the services that RiaB might do well to offer is subdomaining. It's pretty easy to direct all subdomain mail, which includes postmaster mail, to a single email address. Eric
From: Greg Broiles <greg@ideath.goldenbear.com> Date: Fri, 20 Jan 1995 17:28:58 -0800 (PST) Tim May wrote: > I am waiting for such services to be actually, formally, solidly > announced, not just casual remarks that it might be possible. And of > course the software should be "ready to wear," port-a-potty, so that > the remailer account owner does nothing more than pay for the account. In this model, who deals with mailbombs/spams/requests for address blocks? With sameer's recently announced RIAB, it seems quite reasonable that Tim could follow the instructions that were sent out and when he gets to this one: 3) If you wish, you can setup a .forward file to point to mailfilters or to another account. then he could do this: % echo 'tcmay@netcom.com' > ~/.forward and then he would never have to log into c2 again. This is not quite at the level of what Tim explicitly stated: ``remailer account owner does nothing more than pay for the account.'', but it's about as close as one could hope for while addressing your concerns. Of course, Tim could adopt `hands off' administation by doing any of the following: - forwarding to /dev/null - using auto-bounce script - forwarding to tcmay@netcom.com, but ignoring all mail related to his remailer. It might be a good idea to check that sameer thinks this is ok. It's bound to piss people off more than remailers with a more interactive administrator. It basically says that mail bombs and spams are acceptable and requests are pointless. Rick
participants (5)
-
eric@remailer.net -
Greg Broiles -
Rick Busdiecker -
sameer -
tcmay@netcom.com