Remailer problem solution?
-----BEGIN PGP SIGNED MESSAGE----- At 01:56 PM 3/22/97 -0800, nobody@hidden.net wrote:
John Perry is shutting down because somebody is using his remailer to send unkind messages to the FBI. (BTW, probably the FBI is sending mean messages to the FBI.)
Perhaps it's their colleagues at another TLA. :)
Why would not one of these solutions work?
1. Accept and send PGP encrypted messages only.
This "works" in that it reduces the number of people subjected to messages they don't want to see, but it also makes it more difficult (or impossible) to use remailers for tasks like: sending info to crypto-illiterate reporters/politicians/whatever ("whistleblowing") sending messages to newsgroups and mailing lists which don't have a shared private key
2. Keep a list of addresses of people who do not wish to receive mail from the remailers.
This is done already, but the group of people who don't want to recieve mail from remailers but haven't signed up yet (because they don't know about remailers) is orders of magnitude bigger than people who've signed up. Mostly people get on the block list(s) because they've already been mailed things they didn't want to see; by the time they learn about blocking, it's too late. Also, it's difficult to apply this solution to many remailers - should all remailers block an address because one remailer operator claims to have received a request? Or should each operator act alone, which means that one anonymity-hostile end user must send multiple block requests? -----BEGIN PGP SIGNATURE----- Version: 4.5 iQEVAgUBMzS0cv37pMWUJFlhAQHf6wf+PXP/Q4C1YAAue2uqLtYJo7lIi3l2huQd dzsNIYt77tq9ThacUwyhymOD44S7kKYB95cU44NBnLnD4Unv16jH+9AU4PWeHrhJ lqWOhYI02lJEl3NLD4c5MR0FIRqcFj2jny2FNBpmMou/v8Mh/vJLQTcPrQP9p9Y9 4yOrbQuzafRzgrmcyLbaSzEgP+uljFP6LeP6RTfYCR4+R97xxr8veSuugYVcEX/o Z2w7w+OiMrUtFbE+kDFHJVm/wHW1w+WxDfM//BZUPLOqTI1v62CIzWoNn7dOCeX6 GN2yn8bk17YE2Nz15AIXiD55yt96cOK6L+WvktwNQXk3rcUfbLUUsw== =N7e1 -----END PGP SIGNATURE----- -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |
On Sat, 22 Mar 1997, Greg Broiles wrote: -> At 01:56 PM 3/22/97 -0800, nobody@hidden.net wrote: -> -> >Why would not one of these solutions work? -> > -> >1. Accept and send PGP encrypted messages only. -> -> This "works" in that it reduces the number of people subjected to messages -> they don't want to see, but it also makes it more difficult (or impossible) -> to use remailers for tasks like: -> -> sending info to crypto-illiterate reporters/politicians/whatever -> ("whistleblowing") -> sending messages to newsgroups and mailing lists which don't have a shared -> private key This is only a practical problem related to PGP's lack of popularity. The proposed solution will work in the long run, assuming PGP achieves great popularity. Thus, education of the public concerning PGP and remailers will help make this solution more effective. Of course, interim short term solutions should be sought as well. -> >2. Keep a list of addresses of people who do not wish to receive mail -> >from the remailers. -> -> This is done already, but the group of people who don't want to recieve mail -> from remailers but haven't signed up yet (because they don't know about -> remailers) is orders of magnitude bigger than people who've signed up. Mostly -> people get on the block list(s) because they've already been mailed things -> they didn't want to see; by the time they learn about blocking, it's too -> late. Information explaining blocking could be sent with each piece of mail from a remailer. Alternatively, to conserve bandwidth, a pointer to a web-page could be attached. -> Also, it's difficult to apply this solution to many remailers - should all -> remailers block an address because one remailer operator claims to have -> received a request? Or should each operator act alone, which means that one -> anonymity-hostile end user must send multiple block requests? A web page could be dedicated to propagating multiple block requests, in the manner of those extant sites which propogate new web-page information to search engines. This could also be made easy, intuitive, and mostly transparent to the end user. ............................................................................ . Sergey Goldgaber <sergey@el.net> System Administrator el Net . ............................................................................ . To him who does not know the world is on fire, I have nothing to say . . - Bertholt Brecht . ............................................................................
Sergey Goldgaber <sergey@el.net> writes:
-> >1. Accept and send PGP encrypted messages only. -> -> This "works" in that it reduces the number of people subjected to messages -> they don't want to see, but it also makes it more difficult (or impossible) -> to use remailers for tasks like: -> -> sending info to crypto-illiterate reporters/politicians/whatever -> ("whistleblowing") -> sending messages to newsgroups and mailing lists which don't have a shared -> private key
This is only a practical problem related to PGP's lack of popularity. The proposed solution will work in the long run, assuming PGP achieves great popularity. Thus, education of the public concerning PGP and remailers will help make this solution more effective.
Yeah, but if we get to the stage where most people with email addresses have PGP keys, sending messages encrytped with PGP won't reduce the number of people subjected to messages the don't want to see. A side benefit of using PGP, is that PGP encryption should add some overhead to the spammer -- he can probably encrypt less messages per second than he can spam down a T3 link. Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
On Sun, 23 Mar 1997, Adam Back wrote: -> Sergey Goldgaber <sergey@el.net> writes: -> > -> > This is only a practical problem related to PGP's lack of popularity. -> > The proposed solution will work in the long run, assuming PGP achieves -> > great popularity. Thus, education of the public concerning PGP and remailers -> > will help make this solution more effective. -> -> Yeah, but if we get to the stage where most people with email -> addresses have PGP keys, sending messages encrytped with PGP won't -> reduce the number of people subjected to messages the don't want to -> see. PGP's current lack of popularity does not prevent spammers from using it. -> A side benefit of using PGP, is that PGP encryption should add some -> overhead to the spammer -- he can probably encrypt less messages per -> second than he can spam down a T3 link. Exactly! A 400,000 address spam will take a non-trivial ammount of time to prepare (46 days, assuming 10secs/message) if every message must be encrypted with an individual's key. ............................................................................ . Sergey Goldgaber <sergey@el.net> System Administrator el Net . ............................................................................ . To him who does not know the world is on fire, I have nothing to say . . - Bertholt Brecht . ............................................................................
participants (3)
-
Adam Back -
Greg Broiles -
Sergey Goldgaber