Declan's comment on operating a physical remailer for suitably valuable cargo, plus some of Tim's recent comments about integration, made me think of the question in the subject line. So far I see at least three possible answers. 1) Make lots of money. 2) Spread awareness (that "funny feeling in the stomach" recently discussed) and save our fellow man. Make the world safe for privacy. 3) Ensure that cryptography and privacy-enhancing technologies have uses besides "Four Horsemen of the Infocalypse," so that they aren't banned. anything else? I think the physical remailer for only FedEx will fail 3. -David
David wrote:
Declan's comment on operating a physical remailer for suitably valuable cargo, plus some of Tim's recent comments about integration, made me think of the question in the subject line. So far I see at least three possible answers.
1) Make lots of money.
2) Spread awareness (that "funny feeling in the stomach" recently discussed) and save our fellow man. Make the world safe for privacy.
3) Ensure that cryptography and privacy-enhancing technologies have uses besides "Four Horsemen of the Infocalypse," so that they aren't banned.
anything else?
Yes, a corollary to 2) is that by saving our fellow man, we are saving ourselves as well. The elitist idea that it doesn't make any difference what happens to the little people is wrong-headed. Because the world is set up to make cars affordable for the little people, you and I can have personal automotive transportation at a fraction of the cost if we were to try and assemble them up in Galt's Gulch. If crypto gets wide-spread use by the little people, our use will be lost in the noise. S a n d y
On 21 Nov 2001, at 21:00, Sandy Sandfort wrote:
David wrote:
Declan's comment on operating a physical remailer for suitably valuable cargo, plus some of Tim's recent comments about integration, made me think of the question in the subject line. So far I see at least three possible answers.
1) Make lots of money.
2) Spread awareness (that "funny feeling in the stomach" recently discussed) and save our fellow man. Make the world safe for privacy.
3) Ensure that cryptography and privacy-enhancing technologies have uses besides "Four Horsemen of the Infocalypse," so that they aren't banned.
anything else?
Yes, a corollary to 2) is that by saving our fellow man, we are saving ourselves as well. The elitist idea that it doesn't make any difference what happens to the little people is wrong-headed. Because the world is set up to make cars affordable for the little people, you and I can have personal automotive transportation at a fraction of the cost if we were to try and assemble them up in Galt's Gulch. If crypto gets wide-spread use by the little people, our use will be lost in the noise.
S a n d y
I gave a little bit of thought about what an encrypted email client should look like for joe sixpack to use. Here's how the DEFAULT behavior would work: When you install the software, it generates a public-private key pair. It saves your private key right there on your hard disk unencrypted, no tricky passphrase to remember. It then uploads your private key to some central server. The software maintains a list of public keys, if you want to send mail to someone for whom you don't have a public key, it'll check the server for one. If you have a key for someone, it'll automatically encrypt. If you receive encrypted mail, it'll automatically decrypt (and save the decrypted mail on your hard drive). It'll have a little icon on a mail message indicating if it was encrypted, and there'll be an icon next to each name in the address book indicating if you have a key for that address, but for the most part it'll encrypt opportunistically and the user won't need to know or care if a message is encrypted or not. I'm sure I don't need to go into detail explaining what's wrong with this, but it should be obvious that every convenience violates an important security rule. And it pretty much has to be that way. You either have to remember a passphrase and key it in, or any fool who gets access to your computer can easily read your private key, and so on. Personally, I think it'd be better if the sixpackers used this kind of encryption than no encryption at all, if I thought that people wuld use this kind of email client I would write it, it shouldn't be too hard since I could probably steal most of the code. George
On Mon, Nov 26, 2001 at 05:12:38PM -0800, georgemw@speakeasy.net wrote:
I gave a little bit of thought about what an encrypted email client should look like for joe sixpack to use. Here's how the DEFAULT behavior would work:
When you install the software, it generates a public-private key pair. It saves your private key right there on your hard disk unencrypted, no tricky passphrase to remember. It then uploads your private key to some central server.
you meant uploads your public key to some central server.
The software maintains a list of public keys, if you want to send mail to someone for whom you don't have a public key, it'll check the server for one. If you have a key for someone, it'll automatically encrypt. If you receive encrypted mail, it'll automatically decrypt (and save the decrypted mail on your hard drive). It'll have a little icon on a mail message indicating if it was encrypted, and there'll be an icon next to each name in the address book indicating if you have a key for that address, but for the most part it'll encrypt opportunistically and the user won't need to know or care if a message is encrypted or not.
I think that the Joe Sixpacks who would care enough to install "secure" email would like to have some sort of feedback that it's working, i.e. they need to unlock the private key with a password. Of course they'll choose a lame one, but that's besides the point. There's two sub-species of Sixpack-- the one I describe, and those who don't know and don't care about secure email, which is who you're talking about. It's the the "early adopter" Sixpacks I'm thinking of. Once you get enough of them, then the someone will declare it an industry standard and all the Sixpacks will get it, whether they know it or not. I wrote something like what you're describing long ago, for a large workstation maker. Only this was a hack on sendmail to automagically encrypt/decrypt mail between offices in foreign countries whose security services were known to snoop on technology companies.
Personally, I think it'd be better if the sixpackers used this kind of encryption than no encryption at all, if I thought that people wuld use this kind of email client I would write it, it shouldn't be too hard since I could probably steal most of the code.
How about an add-on to MSIE or Netscape? Either one has a pile of crypto junk to call on. Making it work with S/MIME might be an easy way to do it. Eric
On Mon, 26 Nov 2001, Eric Murray wrote:
On Mon, Nov 26, 2001 at 05:12:38PM -0800, georgemw@speakeasy.net wrote:
I gave a little bit of thought about what an encrypted email client should look like for joe sixpack to use. Here's how the DEFAULT behavior would work:
When you install the software, it generates a public-private key pair. It saves your private key right there on your hard disk unencrypted, no tricky passphrase to remember. It then uploads your private key to some central server.
you meant uploads your public key to some central server.
Actually, this being Joe Sixpack, I believe "private key" was correct - gotta make sure he can "recover" it after he loses it ;-) -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
On Wednesday, November 21, 2001, at 08:51 PM, dmolnar wrote:
Declan's comment on operating a physical remailer for suitably valuable cargo, plus some of Tim's recent comments about integration, made me think of the question in the subject line. So far I see at least three possible answers.
1) Make lots of money.
2) Spread awareness (that "funny feeling in the stomach" recently discussed) and save our fellow man. Make the world safe for privacy.
3) Ensure that cryptography and privacy-enhancing technologies have uses besides "Four Horsemen of the Infocalypse," so that they aren't banned.
anything else?
I'll take the other side of the argument. Not because I have anything against Joe Sixpack using strong crypto, remailers, anonymous markets, markets for assassinating tyrants, data havens, and all the rest. But.... * Many have knocked themselves out trying to get the masses to encrypt all of their e-mail...guess what? Most people don't want to jump through hoops to send innocuous messages to their friends. Even more so, fewer of us want to be lectured at that we "should" be using crypto at all times. * The "sell to the masses" argument is largely why the focus of crypto has been spinning its wheels in issues of "integrating with common programs." Sounds great to do so, except that the fast rate of change of mailers and other programs means the established programs tend to "break" with distressing regularity...with not enough people around (and being paid) to fix the new incompatibilities. * Worst of all, the "how do we get Joe and Alice Sixpack to use PGP?" focus, and the similar focus for remailers and digital money such as it is, has shifted the efforts into the "millicent ghetto" part of the value of crypto vs. cost of crypto space I have discussed. Instead of looking at what makes Swiss banks worthwhile for people to fly to Geneva to deal with, we have schemes for people buying things they can buy with cash or with VISA cards just as efficiently. And instead of anoymizing child porn, we have schemes for anonymizing hits on Yahoo's Sports pages. No surprise that the customers who live in this millicent ghetto say "Huh?" Put bluntly, I don't see sophisticated money traders and offshore bankers beating the drum to get Joe Sixpack using Swiss banks. How the world might be _different_ or _better_ if crypto and remailer and ecash uses were very widespread is not the issue. The issue is that selling to such users is difficult for many logical reasons and that efforts are better spent developing the technologies and markets in such a way that maybe Joe Sixpack will someday follow. I am willing to admit that it is possible that Cypherpunk notions could be "driven from the bottom up." but I see no evidence for this. And I see much evidence that the technologies will be adopted by "those who care" (those who have something to hide, in common parlance). An interesting topic, to be sure. --Tim May "Ben Franklin warned us that those who would trade liberty for a little bit of temporary security deserve neither. This is the path we are now racing down, with American flags fluttering."-- Tim May, on events following 9/11/2001
On Wed, Nov 21, 2001 at 11:51:04PM -0500, dmolnar wrote: | Declan's comment on operating a physical remailer for suitably valuable | cargo, plus some of Tim's recent comments about integration, made me think | of the question in the subject line. So far I see at least three possible | answers. | | 1) Make lots of money. | | 2) Spread awareness (that "funny feeling in the stomach" recently | discussed) and save our fellow man. Make the world safe for privacy. | | 3) Ensure that cryptography and privacy-enhancing technologies have uses | besides "Four Horsemen of the Infocalypse," so that they aren't banned. | | anything else? Ensure that the anonymity set is large enough to make analysis hard. With small sets, you lose to simple correlation attacks. (For example, Alice sent messages to the MIX at these times; Bob got messages at these times. That Alice operates a node is scant protection, it simply means that some set of messages come out uncorrelated with input, and are thus correlated to one of the 40-odd remailer operators.) To Sandy's point about costs, yes, its nice for the stuff to be cheap to use, but Tim is right that people fly to Geneva to get privacy. (There's a recurring story that the Mass state police used to drive up to the cheaper New Hampshire state liquor store on the border to note plate numbers of people driving north to save on the rediculous direct and indirect taxes that Mass puts on booze, until such time as the NH state police arrested them for loitering. Do IRS agents loiter in certain airports? A large anonymity set is your friend, and is almost always necessary, but not sufficient.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Wednesday, November 21, 2001, at 08:51 PM, dmolnar wrote:
Declan's comment on operating a physical remailer for suitably valuable cargo, plus some of Tim's recent comments about integration, made me think of the question in the subject line. So far I see at least three possible answers.
1) Make lots of money.
Always a good reason if you can do it.
2) Spread awareness (that "funny feeling in the stomach" recently discussed) and save our fellow man. Make the world safe for privacy.
Maybe we should all take to wearing a safety pin on our shirts, and when people ask about it say "It's not a safety pin, it's a Crypto Awareness Ribbon", and when "they" say "but there's no ribbon there", say "Yes, there is, it's just that you can't see it...". (For the more literal minded among you, this is a joke).
3) Ensure that cryptography and privacy-enhancing technologies have uses besides "Four Horsemen of the Infocalypse," so that they aren't banned.
anything else?
4) Economy of scale. Software designed and written for 100000000 people is usually much cheaper than software designed and written for 10. 5) Cover traffic. If every stinking thing on the wire was encrypted (at least once), then an encrypted transmission garners no additional scrutiny. If only 1 out of 1 million transmissions are encrypted, then The Department Of They has a greater sususpion that you're saying something they want to hear. -- People who are willing to rely on the government to keep them safe are pretty much standing on Darwin's mat, pounding on the door, screaming, "Take me, take me!"--Cael in A.S.R. --
participants (8)
-
Adam Shostack -
dmolnar -
Eric Murray -
georgemw@speakeasy.net -
measl@mfn.org -
Petro -
Sandy Sandfort -
Tim May