From dclunie at pax.tpa.com.au Mon Mar 1 00:32:52 1993 From: dclunie at pax.tpa.com.au (David Clunie) Date: Mon, 1 Mar 93 00:32:52 PST Subject: a few opinions, unasked Message-ID: <9303010733.AA14820@britt> > Who is John Galt? The man who said he would stop the motor of the world - and did. :) Where is John when you need him ? From shipley at merde.dis.org Mon Mar 1 01:14:34 1993 From: shipley at merde.dis.org (Peter &) Date: Mon, 1 Mar 93 01:14:34 PST Subject: Pgp with MH & MIME Message-ID: <9303010855.AA08526@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 4612 bytes Desc: not available URL: From julf at penet.FI Mon Mar 1 03:05:13 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 03:05:13 PST Subject: RISKS for alt.whistleblowers In-Reply-To: <9303010709.AA18343@anchor.ho.att.com> Message-ID: <9303011215.aa06268@penet.penet.FI> > If I were a professional who wanted to stop a group like this, and options > like court orders, violence, or confiscation weren't appropriate, > I'd consider a few approaches like the following: > - Flooding - it's really not hard, even with automatic protections - True. But at least the source of the trouble would be hard to hide. > - Crying wolf, and other disinformation Yes. This might be the hardest one, and the one I have been worrying about. > - Posting libel, slander, child pornography, calls for violence, bomb threats We will have to accept the fact that we are sitting ducks. It all depends on how strong support we have. > It's really not all that hard, if somebody's serious about it. > Crypto-anarchy is a good thing, but governments and other bad guys can > hide behind it just as effectively as anarchists can. True. And that's why we have to abide to the old banner "united we stand, divided we fall". We need to support each other, and have organisations such as EFF supporting our cause as well. In many ways our case (with whistleblowers) is very similar to organisations such as Amnesty International. Single groups and individuals are easy to silence, but a big enough, distributed enough and visible enough organization with good communications channels is much harder to shoot down. Hmm... Maybe we ought to get in touch with people like Amnesty and offer our services to them as well? Anyway, let me give you a hypotetical case. Let's say anon.penet.fi starts running alt.whistleblower, and some suitable US organisation decides to shut it down. They can do it by using international political pressure - something that would definitely be effective if it was something that was done silently by agreement between the Finnish and the US government agencies involved. But it would be impossible if the thing was exposed to international media. Similarily for cases of putting pressure to telephone/network companies, or trying to kill the server with stuff breaking local laws or something. Julf From julf at penet.FI Mon Mar 1 03:06:52 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 03:06:52 PST Subject: Infrastructure In-Reply-To: <9303010605.AA10013@alumni.cco.caltech.edu> Message-ID: <9303011220.aa06293@penet.penet.FI> > I'm not really sure what is happening with PGP specifically in terms > of MIME. I think there has been some work done with PEM integration. > There doesn't seem to be any reason why these programs can't integrate > nicely with MIME, and this Metamail package looks like it might be the > most cost-effective way of getting widespread encryption into use. Definitely. The work I am doing on integrating PGP into anon.penet.fi is based on metamail. Makes it really easy to add PEM etc. Julf From julf at penet.FI Mon Mar 1 03:27:25 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 03:27:25 PST Subject: Handling Abuses of Remailers In-Reply-To: <9303010536.AA10591@netcom.netcom.com> Message-ID: <9303011229.aa06385@penet.penet.FI> > * To handle _abusive volumes_ through remailers, charge for remailing. > Short term, this may be a problem, but this is the long term market > solution. > > * To handle _abusive messages_ through remailers, ignore them. "Sticks and > stones" and all that. Put positive reputation filters in place. Accept > e-mail only through those you know or have reason to trust. > > As Sandy Sandfort so cogently put it, punish the perps, not the words of > the perps. This is the basis of our society, and a good basis, too. All this is very well for a cypherpunks-type remailer, used by a small number of experienced users. But it doesn't apply very well to anonymous posting/mailing services for a large number of "simple" users (services like anon.penet.fi), nor to alt.whistleblower. Do we need to split up the list to handle the rather diferent threads? Julf From julf at penet.FI Mon Mar 1 03:29:49 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 03:29:49 PST Subject: header field indicating an anonymous address In-Reply-To: <9303010202.AA17864@soda.berkeley.edu> Message-ID: <9303011241.aa07850@penet.penet.FI> > I suggest "Anon-Sender:". There's already a "Sender:" field in > RFC-822, indicating who sent the message, as separate from who wrote > the message. The "Anon-Sender:" field should contain an email address > for the maintainer of the remailer. Anon.penet.fi has supported the Sender: field from the start. This has forced me to use an automatic script that send a message like this: (it gets to handle 20-30 messages/day) I don't think this was intended for me (anon at penet.fi, the anon server administrator, also working under names "daemon" and "julf"). I suppose you wanted to send it to an@anon.penet.fi, but accidentally replied to the envelope "Sender:" address instead of the "From:" orginator address... Julf From julf at penet.FI Mon Mar 1 03:57:24 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 03:57:24 PST Subject: dispatches from the front lines of anonymity In-Reply-To: <9303010139.AA15551@anchor.ho.att.com> Message-ID: <9303011245.aa09219@penet.penet.FI> > A clean way to avoid the problem of encrypted replies cluttering up the > newsgroup is to also create alt.whistleblower.followup or a.w.crypt, > with similar non-assignment of ids, so readers can easily skip over > the crypted private replies. Good idea! Will implement! > I *would* recommend the following policies - > - accept email in PGP, RIPEM, and also unencrypted MIME, X.400, and vanilla > formats- not everybody who wants to blow a whistle has the right-shaped > whistle handy. Yes. Julf From julf at penet.FI Mon Mar 1 03:59:16 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 03:59:16 PST Subject: Future of anonymity (short-term vs. long-term) In-Reply-To: <9303010042.AA07783@toad.com> Message-ID: <9303011309.aa09356@penet.penet.FI> > I disagree that it is necessary for a remailer operator to reveal the sender > of a piece of mail under any circumstances, and I will not trust a remailer > which does not IMMEDIATELY THROW AWAY the correspondence between input and > output addresses. I agree with your disagreement but disagree with your conclusion (huh?). IMHO a remailer operator should *NEVER* reveal any identities, but I also believe very strongly that especially if you provide a way to post news articles, there has to be a way to send replies to the original sender. Thus a remailer must maintain mapping info. Julf From julf at penet.FI Mon Mar 1 03:59:23 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 03:59:23 PST Subject: dispatches from the front lines of anonymity In-Reply-To: <9302281806.AA13608@soda.berkeley.edu> Message-ID: <9303011312.aa09448@penet.penet.FI> > Actually, I was thinking that whistleblower at anon.penet.fi would _be_ > the moderator. Then you just post directly. All the messages would > come from that address, and no id's would be assigned. Since all > messages are from "whistleblower", replies to a poster go right back > out to the list, also anonymized. Well, this was my original idea as well, but the ensuing discussion confused me. > It's actually a much simpler system than is currently implemented, > since id's arenit involved at all. Exactly. And it's already implemented. I just have to enable it. But it doesn't support PGP/MIME yet. > PGP 2.1 contains the cleartext-signature feature, and the periodic > posting to the list should mention this. This allows a real pseudonym > to develop, just like we want. Agree. But this requires us to really actively distribute PGP 2.1. Julf From julf at penet.FI Mon Mar 1 04:25:40 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 04:25:40 PST Subject: anon.penet.fi hacking In-Reply-To: Message-ID: <9303011321.aa09556@penet.penet.FI> > I would be cautious about a random "From:" line. I think penet will > probably reject input that at least has does not have a valid (but not > necessarily truthful) return address. I have no way to check the validity of an address, unless it's syntactically illegal. > For a while, Miron Cuperman's wimsey remailer was generating a bogus > >From address, something like "yeltsy at kremlin.vax.ru". I tried > chaining this to penet to post to newsgroups, but my anonymous > messages never appeared in the newsgroups. This was because, > I think, penet sends a confirmation back to the sender. Since > "kremlin.vax" is not in penet's net tables, this would cause > the confirmation send to fail; my hypothesis is that this also > causes the newsgroup post at penet to fail. No, the posting must have failed fort some other reason. The problem is that you never know why, as the error messages don't reach you... > Wimsey could also establish its own penet password and automatically > insert it whenever it detected a "to" address ending in penet.fi. This could be one solution. But what do you do with bounces due to some user error? > I'd like to point out that so far the wimsey remailer is the only > useful remailer from my point of view because it's the only one > which allows me to delete the automatic sig. This is because it > only forwards encrypted text and discards any appended unencrypted > text. This will be solved using MIME. The .sig killer used at anon.penet.fi is a pain in the rear... Julf From julf at penet.FI Mon Mar 1 04:25:47 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 04:25:47 PST Subject: anon user on cypherpunks list In-Reply-To: <9303010023.AA07585@toad.com> Message-ID: <9303011328.aa09601@penet.penet.FI> > > For every reason you might want a pseudonym in the first place, you > > might also want a "pseudonym from your pseudonym," especially if you > > use it a lot. > > A specific example: I am presently running a survey of drug prices, > and suggested that respondents might wish to reply through penet. > Unfortunately, I realized that I could not respond to these messages > without blowing my penet pseudonym. Fortunately, I had never > actually used it, so I could safely "blow it". At present, if I > need another penet pseudonym, I guess I'll create it through mail > games. But IWBNI there were a built-in way to do this -- > particularly for those who aren't able to hack mailers, who are the > ones who really need a service such a penet in the first place. Agree. And I *think* I have come up with a way to handle it "safely". Will do a test implementation RSN. Julf From julf at penet.FI Mon Mar 1 04:25:51 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 04:25:51 PST Subject: anon user on cypherpunks list In-Reply-To: <9302281755.AA13087@soda.berkeley.edu> Message-ID: <9303011333.aa10348@penet.penet.FI> > I would suggest bouncing mail to "an" style addresses unless a > pseudonym has been declared; the bounce message would, of course, > contain instructions on how to obtain a pseudonym or use the "na" > form. This only works if the From: lines of postings show the "na" form, but this breaks the "historical" expectations of current users. > Therefore, I would suggest that a second version of the pseudonymous > system at penet do away with automatic generation and support multiple > pseudonyms. I might even try to do it in the current version. I might have worked out a way that doesn't break too much of the current functionality. Julf From dclunie at pax.tpa.com.au Mon Mar 1 05:40:27 1993 From: dclunie at pax.tpa.com.au (David Clunie) Date: Mon, 1 Mar 93 05:40:27 PST Subject: Mail server for PGP sources Message-ID: <9303011339.AA15227@britt> I gather some people have had trouble obtaining sources for PGP. I have accumulated those I can and they are available from my mail server. If you can get these somewhere closer then great, but if desperate feel free to get them from here (as long as the load doesn't get out of hand I will keep it going). The address is "mail-server at pax.tpa.com.au". Help is available by sending in the message body: send help end An index of PGP files is available by sending in the message body: index pgp end And results in something like the following ... Date Size Index: pgp ---------- ------ ---------------------------- 1992/12/25 216K security/pgp/macpgp2.0.sit.hqx 1992/12/25 160K security/pgp/msiguide.zip 1992/12/25 33K security/pgp/ngclon11.zip 1992/12/25 168K security/pgp/pgp-ng.zip 1992/09/13 184K security/pgp/pgp20.zip 1992/09/13 376K security/pgp/pgp20src.zip 1992/12/25 536K security/pgp/pgp21.tar.Z 1992/12/25 192K security/pgp/pgp21.zip 1992/12/25 656K security/pgp/pgp21ami.lha 1992/12/25 240K security/pgp/pgp21os2.zip 1992/12/25 440K security/pgp/pgp21src.zip 1992/12/25 224K security/pgp/pgp21_next.tar.Z 1992/12/25 256K security/pgp/pgp21_sparc.tar.Z 1992/09/13 464K security/pgp/unix_pgp20.tar.Z Probably pgp21.tar.Z or pgp21.zip are what you want for unix or pcdos respectively. If anyone has a more recent mac version I will put that up too. david From pfarrell at gmuvax2.gmu.edu Mon Mar 1 05:42:48 1993 From: pfarrell at gmuvax2.gmu.edu (Pat Farrell) Date: Mon, 1 Mar 93 05:42:48 PST Subject: CFP Costs Too Much! Message-ID: <31288.pfarrell@gmuvax2.gmu.edu> In Message Sun, 28 Feb 93 15:44:21 -0800, tcmay at netcom.com (Timothy C. May) writes: >.... I would also dearly like to attend CFP, but I also would dearly love to attend CFP again. I went to last year's session on a student subsidy and loved it. It changed the direction of my academic study. I don't understand where CFP's organizers are coming from. I applied for a student tuition subsidy for this year, and heard nothing. I submitted a request for a "birds-of-a-feather" session to talk about key registration, and got Dorothy Denning, TC May, and Mike Godwin to tentatively agree to participate. I've heard nothing. It is much too late to get cheap airfare to SF, so I'm not going. I'm a student. I can't afford the $2000 that attending CFP will cost, including airfare, hotel, meals, conference fee, etc. I admit to having a part time job, which supports my wife, daughter, mortgage, and pays tuition and buys books. It sure doesn't pay well enough to afford CFP93. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA PGP Public key availble via finger #include From hughes at soda.berkeley.edu Mon Mar 1 08:07:18 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 1 Mar 93 08:07:18 PST Subject: anon.penet.fi hacking In-Reply-To: <9303010721.aa25945@penet.penet.FI> Message-ID: <9303011604.AA11556@soda.berkeley.edu> >> Body-Termination-Regex: ^--$ Julf writes: >Ok... Now.. Show me the regex that strips anything starting with '--', >such as '-----------------------------', except a PGP boundary line... OK. It's a mess. The backslash means line continuance. Remember that concatenation binds higher that alternation (|). ^--...([^B]|B[^E]|BE[^G]|BEG[^I]|BEGI[^N]|BEGIN[^ ]|BEGIN [^P]|BEGIN P[^G]\ |BEGIN PG[^P]) Eric From tony at morgan.demon.co.uk Mon Mar 1 08:33:53 1993 From: tony at morgan.demon.co.uk (Tony Kidson) Date: Mon, 1 Mar 93 08:33:53 PST Subject: more ideas on anonymity Message-ID: <2900@morgan.demon.co.uk> In message <9302282156.AA25135 at SOS> you write: > Date: Sat, 27 Feb 93 23:59:30 GMT > From: Tony Kidson > > I see. So you don't believe in libel or slander laws. It's people believing and acting on the words that actually causes the damage. I believe that you must judge the reputation of the subject and issuer of any statement before you make up your mind to act on a statement. It is only possible to widely disseminate a libel if you have control of the means of dissemination. That, is not free speech. Where is the opportunity for contrary assertion by the person libelled? > And NBC was perfectly justified in faking an explosion in a GM truck to > show it was unsafe, and broadcast it on prime-time TV. And it didn't do > anybody any harm at all. Uh huh. Faking the explosion, was neither here or there. Did they deny GM the right of denial. Could they be sued by the people that they misled? I do believe in their right to say anything they like. They have a reputation to protect. How much reputation has an anonymous source? Are you going to believe an anonymous tip off until you have investigated it? If so bigger fool you. Tony +-----------------+-------------------------------+--------------------------+ | Tony Kidson | PGP 2.1 Key by request | Voice +44 81 466 5127 | | Morgan Towers, | | E-Mail | | Morgan Road, | This Space | tony at morgan.demon.co.uk | | Bromley, | to Rent | tny at cix.compulink.co.uk | | England BR1 3QE |Honda ST1100 ==*== DoD# 0801 | 100024.301 at compuserve.com| +-----------------+-------------------------------+----------------------------+ From julf at penet.FI Mon Mar 1 08:48:11 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 08:48:11 PST Subject: anon.penet.fi hacking In-Reply-To: <9303011604.AA11556@soda.berkeley.edu> Message-ID: <9303011752.aa19512@penet.penet.FI> > >Ok... Now.. Show me the regex that strips anything starting with '--', > >such as '-----------------------------', except a PGP boundary line... > > OK. It's a mess. The backslash means line continuance. Remember that > concatenation binds higher that alternation (|). > > ^--...([^B]|B[^E]|BE[^G]|BEG[^I]|BEGI[^N]|BEGIN[^ ]|BEGIN [^P]|BEGIN P[^G]\ > |BEGIN PG[^P]) Hats off to you, Eric! Much better than I could do! But... It still doesn't strip off something starting with only "--" on a line by itself... Julf From jthomas at mango.mitre.org Mon Mar 1 09:25:01 1993 From: jthomas at mango.mitre.org (Joe Thomas) Date: Mon, 1 Mar 93 09:25:01 PST Subject: A novel (?) return address idea Message-ID: <9303011721.AA02070@mango> It seems clear now that the default behavior of the anon.penet.fi remailer (generating only one anonymous ID per user, and anonymizing all messages to other anon users with that ID) is inadequate. At the same time, Julf argues persuasively that users have come to expect that their replies to anonymous Usenet articles will be anonymized. The current na/an address workaround is okay, but I think we could do better. Here's my scheme: When a user first mails to or through a penet-style remailer, the remailer software will automatically allocate an ID for the sender's return address, as usual. _But_, it will keep this number secret, in an internal database. Let's consider this ID to be a binary number. The remailer appends to this ID number some "salt" bits (random bits, perhaps with some time-stamp info to guarantee that the same salt bits are never applied twice, if the RNG is weak). This collection of bits is then encrypted with a secret key only the remailer knows (note: this should _not_ be the secret half of a public/private key pair, for reasons that should become clear). The encrypted bit string is converted by a uuencode/armourtext process that produces characters that will be legal for an e-mail address. This is then used for a return address. When someone wants to reply to an anonymous message or post, the remailer decrypts the address, ignores the "salt" bits, looks up the anonymous ID in its database, and sends it on to the desired recipient. The advantage of this scheme is that no two messages will have the same return address, and no information about the sender can be gleaned from the return address; yet the remailer can allow replies to every message without keeping any more records than it does under the current version. A couple disadvantages could be running out of bits for the return address, and adding more encryption work for the remailer. You'd definitely have to own the machine, and implement some, er, different mailing software, since you'd have to accept mail for users with any random name whatsoever. And, of course, this method is only useful for penet-style remailers, not cypherpunk/mixnet remailers which should not remember anything about messages that pass through. What do you all think about this for a "Mark II" anon.penet.fi? Joe From 74076.1041 at CompuServe.COM Mon Mar 1 09:34:08 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Mon, 1 Mar 93 09:34:08 PST Subject: anon.penet.fi hacking Message-ID: <930301171036_74076.1041_DHJ55-1@CompuServe.COM> Eric shows a complicated regular expression, but I don't think it will match just --, because this line provides nothing to match the "." and "[^B]", etc. I think the real point is that Eric's idea allows the user to customize the regular expression to match the particular signature line used by his system. If the line is just --, he can use Eric's simple example. If it's something else, another line can be used to look for the match. Since it's not hard for users to find out how their signatures look it should not be hard to set up a pattern that will strip them. Hal From hughes at soda.berkeley.edu Mon Mar 1 09:45:32 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 1 Mar 93 09:45:32 PST Subject: anon.penet.fi hacking In-Reply-To: <9303011752.aa19512@penet.penet.FI> Message-ID: <9303011742.AA15188@soda.berkeley.edu> Julf challenged: >Ok... Now.. Show me the regex that strips anything starting with '--', >such as '-----------------------------', except a PGP boundary line... I posted something which didn't quite work, as Julf says: >But... It still >doesn't strip off something starting with only "--" on a line by itself... ^--(|.|..|...(|[^B]|B[^E]|BE[^G]|BEG[^I]|BEGI[^N]|BEGIN[^ ]|BEGIN [^P]\ |BEGIN P[^G]|BEGIN PG[^P])) Some implementations don't support empty alternation, so that could be changed with the ? syntax, since (|a) and (a?) are the same. That should do it. Eric From nowhere at bsu-cs.bsu.edu Mon Mar 1 10:16:58 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Mon, 1 Mar 93 10:16:58 PST Subject: anon.penet.fi confusion Message-ID: <9303011813.AA12208@bsu-cs.bsu.edu> I thought that someone would bring it up, but since no one has, I guess I will. Isn't is very easy to accidentally type na1234 or an1234 when intending the other? It's just a matter of transposing two characters. This could result in a user signing a message that is sent with the anonymous ID or accidentally sending the actual address when thinking it was anonymous. Since a password can be assigned, the prior could be eliminated, but the latter is still possible. I commend Johan for his work and appreciate the new service, regardless of how it may sound. Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU, CHALL at CLSV.Charon.BSU.Edu (317) 285-3648 after 5 pm EST From julf at penet.FI Mon Mar 1 10:23:03 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 10:23:03 PST Subject: anon.penet.fi hacking In-Reply-To: <9303011742.AA15188@soda.berkeley.edu> Message-ID: <9303011914.aa20158@penet.penet.FI> > ^--(|.|..|...(|[^B]|B[^E]|BE[^G]|BEG[^I]|BEGI[^N]|BEGIN[^ ]|BEGIN [^P]\ > |BEGIN P[^G]|BEGIN PG[^P])) > > Some implementations don't support empty alternation, so that could be > changed with the ? syntax, since (|a) and (a?) are the same. Uh... Eric? Would it be ok to use it as a shocker example on the basic UNIX courses I do? Julf From julf at penet.FI Mon Mar 1 10:58:50 1993 From: julf at penet.FI (Johan Helsingius) Date: Mon, 1 Mar 93 10:58:50 PST Subject: A novel (?) return address idea In-Reply-To: <9303011721.AA02070@mango> Message-ID: <9303011947.aa20452@penet.penet.FI> > The current na/an address workaround is okay, but I think we could do > better. Definitely agree! > Here's my scheme: > When someone wants to reply to an anonymous message or post, the > remailer decrypts the address, ignores the "salt" bits, looks up the > anonymous ID in its database, and sends it on to the desired > recipient. > A couple disadvantages could be running out of bits for the return > address, Lemmesee... Monocase, and can't use much more than letters, digits and some special signs. Could be feasible, but we would get some rather weird addresses... > and adding more encryption work for the remailer. This could be a problem. Anon.penet.fi is currently a feeble 25 Mhz 386, and I have already ordered the replacement, a 60 Mhz 486 to handle the load problems. > You'd > definitely have to own the machine, and implement some, er, different > mailing software, since you'd have to accept mail for users with any > random name whatsoever. Anon.penet.fi already does this. As long as we have something to pattern match for (to separate alt.sex.bestiality at anon.penet.fi from xy656b-akw at anon.penet.fi). > What do you all think about this for a "Mark II" anon.penet.fi? Have to sleep on it (it's 8:30pm here in finland), but it sounds feasible to me... Julf From ssandfort at attmail.com Mon Mar 1 11:34:03 1993 From: ssandfort at attmail.com (ssandfort at attmail.com) Date: Mon, 1 Mar 93 11:34:03 PST Subject: Piercing anonymity and censorship Message-ID: <9303011933.AA00711@toad.com> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Theodore Ts'o wrote: ". . . I don't like censorship in any form. But disclosing who sent a particular piece of anonymous mail is not the same as censorship." How about FORCING a third-party to make such a disclosure? It seems Ted would ask or force remailers to be the nets' policemen. If remailers are required to compromise the anonymity of their service, the "chilling" effect on speech IS censorship. ". . . there are people who believe . . . that libel and slander laws shouldn't exist. But it's not fair to call that a mainstream position. And it is unreasonable to assume that as an axiom." I never claimed that such a position was "mainstream" nor assumed it was an "axiom." I don't think I've seen ANY "ad populum" arguments (other than Ted's) on Cypherpunks, we tend to think for ourselves. ". . . *MOST PEOPLE* also don't believe that the right to privacy is absolute. It certainly isn't explicitly listed in the *U.S. CONSTITUTION"*. (Emphasis added.SS) Our desire for privacy is not the result of a *popularity contest* nor is it an argument from *authority*. Rather, it is derived from the logical requirements of freedom. "But in order to punish the perpetrators, it is first necessary to *identify* the perpetrators......" RE-READ my post, Ted. S a n d y ssandfort at attmail.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From fen at genmagic.genmagic.com Mon Mar 1 11:37:02 1993 From: fen at genmagic.genmagic.com (Fen Labalme) Date: Mon, 1 Mar 93 11:37:02 PST Subject: CFP Costs Too Much! Message-ID: <9303011935.AA22448@> > In my opinion, $405 is way too much to pay for this conference. One note on the other side of the coin: Email announcements of the conference began in December of '92, including the complete pricing schedule: > Registration Fees are: > If mailed by: 7 February 8 March on site > Conference Fees: $300 $355 $405 > Tutorial Fees: $135 $165 $195 > Conference & Tutorial $435 $520 $600 Note that there was over a month's time to get registered at $300, and the price of registration is currently $355, *not* $405. Now I have to pay the $355 out of my own pocket (as Magic decided not to pay my way) and I understand the pain you feel with having to shell out such big bucks. But, for one reason or another, I believe that CFP has not done incredibly well financially, and they've got to cover their ass. One way to do that is by encouraging early registration, which smooths the planning process. So get your registration in now! > Registration is limited to 550 participants, so register early and save! > > By Mail: By Fax: > (with Check or Credit Card) (with Credit Card only) > CFP'93 Registration Send Registration Form > 2210 Sixth Street (510) 845-3946 > Berkeley, CA 94710 Available 24 hours > > By Phone: By E-Mail: > (with Credit Card only) (with Credit Card only) > (510) 845-1350 cfp93 at well.sf.a.us > 10 am to 5 pm Pacific Time On the other hand, Glenn Tenney has done a remarkable job in keeping the price of Hackers down... Fen From pmetzger at shearson.com Mon Mar 1 11:44:50 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Mon, 1 Mar 93 11:44:50 PST Subject: more ideas on anonymity Message-ID: <9303011827.AA15335@maggie.shearson.com> > From: Theodore Ts'o > I see. So you don't believe in libel or slander laws. > > And NBC was perfectly justified in faking an explosion in a GM truck to > show it was unsafe, and broadcast it on prime-time TV. And it didn't do > anybody any harm at all. Uh huh. > > Try again..... I believe that Theodore is confusing the notion of tort and the notion of crime. Slander and Libel are torts, that is, they are civil matters. Prior restraint of speech is brought up in the context of CRIMINAL acts. As an example, obviously, if I promise you that what I am about to tell you is the true formula for a drug who's design I am selling you and I lie, I am liable under our contract. Also similarly, it is possible under various legal arguments to consider slander to be a tort. However, it is something different if the government claims that my saying "all green people should be killed" is a crime. Now, on the issue of slander, the notion of anonymity is largely unimportant. If I had walked into the middle of the street and ranted for an hour saying that GM trucks are unsafe, that would be largely ignored, as most anonymous denunciations likely are. The issue is if a non-anonymous individual or entity with credibility, like NBC, says something that is false. Perry From hughes at soda.berkeley.edu Mon Mar 1 12:01:37 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 1 Mar 93 12:01:37 PST Subject: more ideas on anonymity In-Reply-To: <2900@morgan.demon.co.uk> Message-ID: <9303011958.AA24443@soda.berkeley.edu> >I do believe in their right to say anything they >like. They have a reputation to protect. How much reputation has >an anonymous source? Are you going to believe an anonymous tip >off until you have investigated it? If so bigger fool you. "How much reputation has an anonymous source?" I think this might be key to solving the "anonymous libel" problem. Simply declare "anonymous libel" an oxymoron! We might argue that otherwise libelous statements, when made anonymously, carry a presumption of falsity, for otherwise the speaker would be willing to speak truthfully in his or her own person. Or, in other words, "Coward! He must be lying!" Could some of the folks with LEXIS or WESTLAW access check and see if there is any case law where the social status of the speaker is brought into question? Perhaps Tony Kidson could tell us some of the effects of libel law in the UK. The US law, which grew out of British law, seems to have gone in the direction of reducing the power of a libel complaint, while British law has done the opposite. I can't speak for the UK, but those who live there could. In California, a very promising decision occurred last week: the first test of the anti-SLAPP law (Strategic Lawsuit Against Public Participation). The law is to prevent lawsuits designed to drain the resources of those exercising their First Amendment rights. It requires the plaintiff to show that they will probably win (I don't know what the wording of the actual test is). Defendants are entitled to recover attorney's fees and court costs. The suit was basically as follows. One comic book company published a Lensman comic. The heir to the Lensman rights stated in print that this company had not received permission. The comic book company sued the heir and the publisher of her words, claiming libel. The case was immediately dismissed based on the new anti-SLAPP law. The law is designed to protect First Amendment rights, but it looks like it will also have the salutatory effect of reducing libel claims generally. Eric From tytso at Athena.MIT.EDU Mon Mar 1 12:19:20 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Mon, 1 Mar 93 12:19:20 PST Subject: more ideas on anonymity In-Reply-To: <9303011827.AA15335@maggie.shearson.com> Message-ID: <9303012016.AA26328@SOS> Date: Mon, 1 Mar 93 13:27:24 EST From: pmetzger at shearson.com (Perry E. Metzger) Now, on the issue of slander, the notion of anonymity is largely unimportant. If I had walked into the middle of the street and ranted for an hour saying that GM trucks are unsafe, that would be largely ignored, as most anonymous denunciations likely are. The issue is if a non-anonymous individual or entity with credibility, like NBC, says something that is false. I don't know about that. It is certainly true that non-anonymous individual or entity with credibility, like NBC, can do the most amount of damage when they slander someone. But what about someone who sends 20 different mail messages, each through a different remailer path so they have different reply addresses, all of them detailing some similar (but false) story about how some GM truck went up in flames aftering being hit lightly by a Geo Metro? Or suppose someone sends 20 messages (all different) about how Perry Metzger stiffed him/her out of some amount of digital cash? I'd suspect you could do some real damage that way. Not as much, perhaps, as something like a faked demonstration tape broadcast on prime-time evening news, but damange nevertheless. - Ted From pmetzger at shearson.com Mon Mar 1 14:06:12 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Mon, 1 Mar 93 14:06:12 PST Subject: Future of anonymity (short-term vs. long-term) Message-ID: <9303011908.AA16594@maggie.shearson.com> > From: Theodore Ts'o > > Since John Gilmore, the maintainer of the Cypherpunks mailing list, is > one of the absolute free speach advocates --- let me ask a question > directly at you: What would you do if sometime next week, someone > decided to flood the Cypherpunks mailing list with a large amount of > trash postings, routed through different combinations of remailers? Let > us assume that the trash is generated by grabbing varying snippets from > USENET articles, so that current AI technology is not able to > distinguish a true Cypherpunks submission from the flooded trash > postings. What would you do? Now let's also suppose someone does the > same thing to all of the GNU newsgroups. What would you do then? > I know what I would do: I'd rig the list so it only took PGP signed messages, and then only from official subscribers. They could be anonymous, but they'd have to be operating under "known" pseudonyms. This is a "closed" list -- the Extropians list in principle works under much the same mechanism, only without PGP. This being in place, people who had not joined could not flood the list, and anyone flooding the list could be cut off. Note that just because one is in favor of free speech does not mean that one would necessarily permit arbitrary disruptions in one's living room, and being the list "owner" I think John would be much within his rights to stop non-communicative disruptive "noise" postings. > (Sorry for sounding so cynical, but after being a News admin at MIT for > a long time, and dealing with a lot of people suffering from severe > cases of freshmanitis, I have a less than optimistic view about human > nature.) I think that instead you should have a less than optimistic view of the quality of our current netnews software. The problem you list can be fixed with public key cryptography and some intelligent changes. For instance, there is an easy fix to the "idiots posting newgroups" messages that I heard Nat Howard propose years ago -- use public key signatures on newgroup messages, and each news administrator picks other administrators he trusts in the same sort of "web of trust" notion that PGP has. If the newgroup/delgroup message was posted by someone you trust you take it, otherwise you reject it. Given that, you are practically done. As another example, its easy to assure that moderated newsgroups are run just by the moderator -- he public key signs instead of posting with the "Authorized" header. Easy as pi. Perry From pmetzger at shearson.com Mon Mar 1 14:27:15 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Mon, 1 Mar 93 14:27:15 PST Subject: anonymity + untraceable digital money = potential problems Message-ID: <9303012153.AA22065@maggie.shearson.com> > From: ALAN DORN HETZEL JR > > Dear Group, > > I believe that I see a potential serious problem with they onset of > truly unbreakable anonymous communication combined with untraceable > digital cash. > > The problem is that crimes such as blackmail and extortion would become > absolutely impossible to defend against. Kidnapping for ransome would > get a LOT easier. I see serious problems with allowing people to take drugs. They can get addicted to them. Lets ban medicines. I see serious problems with allowing people to own guns -- they might commit crimes with them. I see serious problems with allowing people to speak freely -- they might blaspheme, or tell lies. Mr Hetzel, I'm an anarchist. I have very little "faith" in human beings, which means I don't trust big complicated structures run on the assumption that human beings are inherently trustworthy -- like governments, for example. I prefer systems that decentralize power and make it possible for people to operate without the necessity to trust each other. Yes, digital cash makes kidnapping easier. So, for that matter, do telephones and cash itself -- had money never been invented, anonymous kidnapping would have never been possible. However, the alternative to permitting market structures to take care of problems in a competitive way is to allow central structures in which we are asked to trust in the benificence of government officials. I'm not the trusting type. If history has had any lesson, it is that governments degenerate and are taken over by evil men, over and over and over. The structures needed to stop digital cash, anonymous postings, and the like would be so draconian as to assure that should a dictator ever wish to sieze power the structures needed to do so would be waiting for him. I'd prefer a system in which he would have to build them from scratch, even if it means one or two people can be blackmailed once in a while. Utopia isn't possible. I'd prefer, therefore, to settle for the best we can do. > > I could send you an anonymous note threating to poison your dog, kill > your wife, burn down your house, whatever..., ... unless you pay me > $$$ in untraceable digital cash. What can you do? Today, I could send you an anonymous note threatening to poison your dog if you don't leave $5000 in the poorbox at the corner church. What can you do right now? Easy. Watch your dog. The police have a myriad of techniques at their disposal. Their jobs have never been easy, but they have to cope with anonymous messages and untraceable cash thefts right now. To eliminate the capacity to use digital cash means to require monitoring of all speech and ban most international traffic, to prohibit strong cryptography and require key registration. Even then I'm not convinced that it would work because people would still try to avoid these restrictions. All technologies are fraught with dangers. All of them. The knife you use to slice your bread can be used to kill your wife. Shall we dispense with knives? Shall we pretend that we can unlearn what we know? A bright 10 year old with a computer can produce a cypher machine. Shall we lobotomize all ten year olds and destroy all the computers? You CANT put some djinni back in the bottle after you've rubbed the first time. We can't stop people from knowing things. At least the well meaning fools who advocate gun control have the fact that good machine shops aren't in practically every home on their side -- telephones, modems and computers are becoming ubiquitous, however, and they are all capable of aiding and abbetting in the criminal techniques you mention. Welcome to the world. Perry Metzger From nihilis at mindvox.phantom.com Mon Mar 1 14:34:46 1993 From: nihilis at mindvox.phantom.com (Joel Boutros) Date: Mon, 1 Mar 93 14:34:46 PST Subject: UNSUBSCRIBE Message-ID: UNSUBSCRIBE Love the list, just don't logon and 120 new posts is just too many, especially when I have to tell it apart from stuff straight to me... (maybe if I can get a 14400 dialup to telnet through) |:- nihilis at phantom.com -:| |:- Joel Boutros -:| From pmetzger at shearson.com Mon Mar 1 15:21:51 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Mon, 1 Mar 93 15:21:51 PST Subject: more ideas on anonymity Message-ID: <9303012228.AA23306@maggie.shearson.com> > From: Theodore Ts'o > > Date: Mon, 1 Mar 93 13:27:24 EST > From: pmetzger at shearson.com (Perry E. Metzger) > > Now, on the issue of slander, the notion of anonymity > is largely unimportant. If I had walked into the middle of the street and > ranted for an hour saying that GM trucks are unsafe, that would be largely > ignored, as most anonymous denunciations likely are. The issue is if a > non-anonymous individual or entity with credibility, like NBC, says > something that is false. > > I don't know about that. It is certainly true that non-anonymous > individual or entity with credibility, like NBC, can do the most amount > of damage when they slander someone. > > But what about someone who sends 20 different mail messages, each > through a different remailer path so they have different reply > addresses, all of them detailing some similar (but false) story about > how some GM truck went up in flames aftering being hit lightly by a Geo > Metro? Or suppose someone sends 20 messages (all different) about how > Perry Metzger stiffed him/her out of some amount of digital cash? I'd > suspect you could do some real damage that way. Not as much, perhaps, > as something like a faked demonstration tape broadcast on prime-time > evening news, but damange nevertheless. I doubt it. As people get more and more used to the capacity to do such things, its likely that such anonymous accounts will be more and more untrusted. Perry From fen at genmagic.genmagic.com Mon Mar 1 15:28:40 1993 From: fen at genmagic.genmagic.com (Fen Labalme) Date: Mon, 1 Mar 93 15:28:40 PST Subject: more ideas on anonymity Message-ID: <9303012327.AA23552@> > From: Theodore Ts'o > > Or suppose someone sends 20 messages (all different) about how > ---- ------ stiffed him/her out of some amount of digital cash? I'd > suspect you could do some real damage that way. In response to this, let me first quote Eric Hughes: > "How much reputation has an anonymous source?" I believe that this is the true question being asked. I believe that in the not-so-far-off future there will be an immense quantity of anonymous traffic on the nets, and I will set my filters to ignore the large percentage of it (though perhaps I may want to see notes with my name in them, or perhaps not). This doesn't mean I won't see *any* anonymous messages, as my positive reputation system will work to counter-balance the effect of the filter, and allow messages from anonymous sources that are connected to me via a "line of trust", that is, through a set of anonymous keys and signatures that prove to me that the source of the information is from someone that I trust, or that they trust, or... Further, pseudonymous posters may gain quite a bit of respect. As was earlier pointed out on this list, most posters to net news are today pseudonymous, for I know not if their real name is what their From: line states, but I learn to recognize and differentiate names (pseudonyms) bearing good info from those that know not what they say or those that just flame. It is from this last set of anonymous publishers that we may have the problem being discussed. For example, "NBC" may as well be an anonymous pseudonym, but we (well, a lot of the general public, anyway) have decided to place a fair amount of trust into them. This problem stems from people being too ready to abdicate their responsibility from having to think critically about the world around them, and the information they receive. In other words, the big problem, as we all know, is one of education. Just say "know"! Fen From mccoy at ccwf.cc.utexas.edu Mon Mar 1 16:06:22 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 1 Mar 93 16:06:22 PST Subject: ideas on an encrypted BSD filesystem (LONG, technical) Message-ID: <9303020004.AA01774@tramp.cc.utexas.edu> Greetings: I have been working on a few ideas I have to make a BSD system (like a 386BSD system on a nice fast PC) into a secure base system for a BBS that is somewhat "raid-proof". The basic plan is the encrypt the filesystem and use public key encryption to separate the system administrator from the information contained within the system and make it harder to do blanket searches of computer systems such as those I have seen happen in this area. Here is a basic outline of what I plan on doing, any comments would be appreciated. jim mccoy at ccwf.cc.utexas.edu ------------- 1. Purpose: To create a system that offers subscribers/users a greater level of privacy and security than offered in most BBS/unix systems. The basic goal is to make a system somewhat "raid-proof". Users have the ability to make thier files encrypted is such a manner that even the system administrator is unable to access/view the files. Through such a system I hope to create a sort of userspace that can allow an administrator to detach themselves from the actual content of the files in the system in a sort of "common-carrier" or "bookseller" philosophy that will offer both the admin and the user more protection from over-zealous law enforcement agents and unauthorized intruders. If the users so choose, they can create files that even the admin cannot access without modifying the system to spoof out keys during transmission. The system is designed to be very difficult (if not impossible) for external forces to gain access to information contained therein simply through possession of the physical hardware of the system. Essentially, I want to separate the information content of the system from the hardware (disk drives) of the system by creating a wall using public key encryption. Access to files can be controlled by the users to whom those files belong. 2. Some general conventions (mostly for lack of ASCII subscripting...): X_p = X's public key X_r = X's private key X_p(X_r) = X's private key encrypted with X's public key X_p(X_r1,X_r2...) = Private keys X_r1, X_r2, etc encrypted with pubkey X_p K = one-time key used for encrypting a file X_p(K) = File key K encrypted using X's public key In most cases, S_r and S_r are user for the system keys, U_r and U_p for user keys and G_r and G_p for public group keys. 3. Implementation: This system will be based upon BSD (386BSD specifically, because the source is there...) with the hopes of providing a set of low-level privacy and security options that others can use to provide secure BBS and general-access unix systems. The system is in not invulnerable to external attack and access of user's files without thier consent (known weaknesses are listed after implementation details), but it tries to make the system as "raid-proof" as possible. This privacy/security is implemented though the use of an encrypted filesystem and built-in support for management of the keys used for this encryption through public key encryption. 3.1 The filesystem In general, the system will encrypt the users' files using DES or IDEA using a one-time random key. This key will be encrypted with the user public key and stored with the file. When the file is accessed the key is decrypted from the private-key stored in memory and the file key is found and the file decrypted. Not all files are encrypted; whether or not a file is encrypted depends on its permissions. If a file is world-readable then it is not encrypted, if it does not have any r, w, or x permissions for world then the file is encrypted and the one-time key used for the encryption is stored in the inode structure. This structure contains space for holding both a "users" and a "group" entry for the encryption key K. At this point the DES v IDEA choice depends on whether or not there is any chip out there to do IDEA in hardware. If not, I will probably use DES (double or triple DES maybe...) because I can snag a card to do it and offload this burden from the basic system. 3.2 Groups The concept of "group" is also changed. Basically, I can't see any real benefit from the current implementation of groups in BSD, so I am going to dump it all and rebuild something in the holes left behind. The basic goal of these "groups" is to implement something more like access control lists than the standard Berkeley groups. At the moment, I am thinking of implementing two types of groups: public and personal. 3.2.1 ACLs A personal group is actually an ACL for a particular file. This group appears in a ls -g as "user-acl" (i.e. user "jdoe" sees the file's group as "jdoe-acl"). The default acl for files contains only the user as a member, but for each file they can add or remove people from the acl. This is implemented by creating a default user-acl entry in the group file and creating an entry for the user in the systems private acl list. When a user modifies the acl for a file a reference to the file is added to the private acl list and entries foe each user or public group added to the list are made in the following fashion: fileref:gid or uid:rwx:(S_p(U_p(K))):gid or uid:rwx:(S_p(U_p(K))... This holds the user id or group id, thier permissions, and the file key wrapped in the particular user's public key (the user added to the acl, not the owner of the file) and this is wrapped with the system public key. 3.2.2 Public groups The other type of group are the public groups, which are somewhat similar to the BSD groups, but differ in how they are created and how user's are added. Anyone can create a new public group. This facility is implemented with an application that simply asks the user for a unique name for the new group. When created the person creating the group is added to that group. >From that point on, the membership of groups is controlled by the group members. When someone wants to enlist another person in a group, they sponsor the user, and the other members of the group are sent a message indicating the person who would be joining and the sponsor (groupnames are automatically made to be mail aliases for all group members as well). Each member of the group has the power to "blackball" a prospective member by returning a mail message to the group server with a no vote. Otherwise, when all members return yes votes, or a specified time period has elasped, the person is added to the group. The membership of groups is knowledge that is limited to the members of the group and the system. Groupnames and membership is not public knowledge, and unless you are a member of a group, a ls -g of a file with a particular group set to it will return only the number (group-name->gid mapping is not publicly accessible). The group listing is kept wrapped in the system public key, and each group is assigned it's own unique public/private keypair. The actual users do not know this key, it is held for them by the system, but they can change thier effective gid if they are a member of a group through a user command. The groupfile help by the system holds groups in the format: groupname:gid:G_p:U1_p(G_r):U2_p(G_r):... When a new member is "sponsored" the system uses the U_r of the sponsoring member to pull out the group private key from this file and puts the U_p(G_r) of the member they are sponsoring in a file similar to the group file, but holding "probationary members". Both the group file and the holding file for sponsored users are wrapped with the system public key. 3.3 System calls and access to privacy additions All of the addtions mentioned here are run through the kernel. User-level processes have no access to these facilities otther than through a few functions that will be added. Specifically, access to the additional entries in the inode holding the file key K and to the public and private keys held in memory will only be available to the kernel. The regular system calls that access this sort of information (stat, for example) will return what they normally return under BSD. Whether or not the data blocks they may access are encrypted or not is determined by the kernel and the keys assigned to a particular user process. There will be a few additional system calls and functions to allow people to change the group of thier process, perhaps to change the private/public key running with thier process, and some new user programs to manipulate the new additions will be created. For the most part, I am trying to make the applications and user processes run on top of this system as transparently as possible. 3.4 General notes These are just some notes about the system that I am lumping together under the category of "general". They include known weaknesses and general notes on the bahavior and operation of such as system. 3.4.1 User interface to operations The only significant difference a user will notice (other than the bizarre permissions stuff for acls and groups) is a slight modification to the login sequence. The user will enter thier login and password as always, and they will then be prompted for their private key wrapped in the systems public key. If successful they will have full access to thier files. If not they will still be able to login, but will not have a valid keypair assigned to them and will be unable to access files they have on the system that were encrypted. I ahve not decided yet if the system will broadcast it's public key to the user before asking for S_p(U_r) or if I should assume they know it and then let it croak if they are wrong or it has changed (allowing them to move around in a limited fashion with a process without a keypair and find the new key). I believe that the second option is somewhat better at defeating some spoofing methods, but I am not really sure... It should be noted that the public/private keypair that I have been talking about as belonging to specific users should not be a keypair they distribute. The key is only for access and encryption of files on the system and user's would be reminded often to use a completely different keypair for email, etc. 3.4.2 Known weaknesses Snooping on the line: There is nothing to prevent someone from tapping the line between the system and the user. All such communications are in cleartext and by tapping the line in such a way someone can get around the privacy safeguards installed in the system (they can see the decrypted text come down the wire to the user and don't need to get to the hardware). It would be really nice if I could do this whole thing encrypted using public key encryption, but I really don't feel like writing the necessary code for client programs so that non-technoid users could access the system. Compromising the system private key: Through perhaps the threat of violence or other nasty force, someone might be able to get the system private key out of the sysadmin. I have considered adding in a booby-trap of some sort, whereby the sysadmin could perhaps transpose a predetermined sequence from the private key and invoke a "slash and burn" on the system. The system private key may also be unknowingly compromised if it is not guarded carefully by the admin. This is particularly dangerous because it allows someone to essentially crack the entire system over time without anyone knowing. By having access to the system private key, the intruder/snooper can concievably snag private keys as they come in and decrypt user files, or even change the system keys and hold everything hostage... A few others that I am too tired to write down right now: This is basically designed to make it hard for someone to scan every user's files just by grabbing the physical hardware. Down here in the land where Steve Jackson Games had something like this happen to its BBS I want to make it difficult for the intruder. Not impossible, but force them to deal with each individual user as more than just another directory to search through and perhaps force them to be specific about what they want/are looking for if they have proper authority...or maybe make it so that the sysadmin could honestly say "Sorry, but even _I_ can't look at that file..." 3.4.3 System public and private key It may seem that I am wrapping a lot of stuff in the system public key when it is not necessarily needed. This is because I hope to set things up so that most, if not all, system files are not encrypted. The system protects those files or bits of information that might need a little bit more security through wrapping the piece in the system public key. The system private key is entered at the console at boot time (therefore it must always be booted by hand), the private key entered is tucked away in memory and is _never_ stored on disk (not even to swap space). The system private key seems to be the most important thing to hide, because if the system private key is discovered, it is possible to run the system in a spoof-mode or to gain access to a lot of things just through possesion of the hardware. If an improper private key is entered at boot up time things will fail fast because the system will be unable to properly access most user files and the system will also be unable to attach valid user private keys to thier processes because it will not be able to decrypt the S_p(U_r) packages users send at login. Another reason for sneaking in S_p as a wrapper for things is that it makes it much more difficult for someone with possesion of the hardware to substitute in a new public/private keypair for the system. They could put it in, but the files and group lists wrapped with the old key would still be inaccessible. The method for legitimately changing the system's public and private keys will require the admin having both the public and private keys for the system. This means that if an admin loses the system's private key the users are screwed, so the admin really needs to make sure this is not lost. Making a couple of copies on paper and storing them somewhere might not be a bad idea (I know someone who made a stencil of his asciified PGP private key and spray-painted it on a couple of walls of abandoned buldings around town. It fits in with the other graffiti, is much less fragile than a floppy disk, and only he knows what the graffiti means... :) ---------- This is my basic outline, I welcome any comments or ideas people have on beefing this up or problems in it that I may have overlooked. jim -all comm to and from system is encrypted using idea with the session key file system: -all files compressed and encrypted with IDEA or DES (DES if I can find a nice hardware implementation [the need for speed...] and otherwise IDEA in preference to DES) -when a file is read it is pulled up into an area of memory only the system can access and decrypted? From shipley at tfs.COM Mon Mar 1 16:27:32 1993 From: shipley at tfs.COM (Peter Shipley) Date: Mon, 1 Mar 93 16:27:32 PST Subject: ideas on an encrypted BSD filesystem (LONG, technical) In-Reply-To: <9303020004.AA01774@tramp.cc.utexas.edu> Message-ID: <9303020025.AA25924@edev0.TFS> >Greetings: > >I have been working on a few ideas I have to make a BSD system (like a >386BSD system on a nice fast PC) into a secure base system for a BBS that >is somewhat "raid-proof". The basic plan is the encrypt the filesystem and >use public key encryption to separate the system administrator from the >information contained within the system and make it harder to do blanket >searches of computer systems such as those I have seen happen in this area. >Here is a basic outline of what I plan on doing, any comments would be >appreciated. > my office mate and I were talking along simular lines, but for DOS. we were thinking of setting up disk/partition encryption software that works like the product "stacker" or "double disk". but instead of just compressing we encrypt. When the system boots it will ask for a password phrase, it you do not provide on the disk will not me accessable (it will just appear to be a unformated partition). Thus when you are raided and they power down your system, they will loose access to the date. From elee9sf at Menudo.UH.EDU Mon Mar 1 16:30:44 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Mon, 1 Mar 93 16:30:44 PST Subject: she's at it again :-) Message-ID: <199303020029.AA27124@Menudo.UH.EDU> Cypherpunks, (My apologies if this is already widely known; I haven't seen any mention of it on this list) In the March 1993 IEEE Spectrum magazine on pp. 16-17, Dorothy Denning again floats her support for digital telephony bill in an article entitled "Wiretapping and cryptography". I quote her: "Although government regulation of cryptography may be somewhat cumbersome and subject to evasion, we should give it full consideration. Regulated encryption would undoubtedly provide far greater security and privacy than no encryption at all, the current state of affairs for most personal and corporate communications." Regulated encryption!? This topic was discussed quite thoroughly in sci.crypt in response to Tim May's post. And the topic is still kicking... The article is very interesting, containing many oxymorons: "On the contrary, implementation of an intercept capability together with appropriate security measures is more likely to lead to telecommunication systems that are "smarter," more secure, and of commercial interest to other countries." "while often labeled as "anti-privacy," wiretapping actually serves to protect the privacy of law-abiding citizens and the business interests of corporations" /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From tytso at Athena.MIT.EDU Mon Mar 1 16:39:05 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Mon, 1 Mar 93 16:39:05 PST Subject: Future of anonymity (short-term vs. long-term) In-Reply-To: <9303011908.AA16594@maggie.shearson.com> Message-ID: <9303020037.AA26459@SOS> Date: Mon, 1 Mar 93 14:08:14 EST From: pmetzger at shearson.com (Perry E. Metzger) I think that instead you should have a less than optimistic view of the quality of our current netnews software. The problem you list can be fixed with public key cryptography and some intelligent changes. As another example, its easy to assure that moderated newsgroups are run just by the moderator -- he public key signs instead of posting with the "Authorized" header. Easy as pi. And you have an over optimistic view about how fast new netnews software could be developed and deployed. Also, keep in mind that netnews is run by lots of real sites, who have real assets which could be reached if sued by RSA. There doesn't seem to be a lot of realism in these discussions, which is really bothering me. Oh, well.... - Ted From tytso at Athena.MIT.EDU Mon Mar 1 16:42:36 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Mon, 1 Mar 93 16:42:36 PST Subject: more ideas on anonymity In-Reply-To: <9303012327.AA23552@> Message-ID: <9303020041.AA26464@SOS> Date: Mon, 1 Mar 1993 15:29:12 -0800 From: fen at genmagic.genmagic.com (Fen Labalme) I believe that this is the true question being asked. I believe that in the not-so-far-off future there will be an immense quantity of anonymous traffic on the nets, and I will set my filters to ignore the large percentage of it (though perhaps I may want to see notes with my name in them, or perhaps not). Well, unless and until this mythical "positive reputation filter" is developped, many people may deal with this by just not allowing anonymous traffic to be posted to Usenet (at least not via their site), and by simply not allowing anonymous traffic on their mailing lists. But that would be the free-market solution that everyone favors, I suppose. - Ted From wcs at anchor.ho.att.com Mon Mar 1 16:45:37 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Mon, 1 Mar 93 16:45:37 PST Subject: anonymity + untraceable digital money = potential problems Message-ID: <9303020045.AA07711@anchor.ho.att.com> > > From: ALAN DORN HETZEL JR > > Dear Group, > > I believe that I see a potential serious problem with they onset of > > truly unbreakable anonymous communication combined with untraceable > > digital cash. > > The problem is that crimes such as blackmail and extortion would become > > absolutely impossible to defend against. Kidnapping for ransome would > > get a LOT easier. Yes, some criminals would find blackmail, extortion, and kidnapping easier. But others would find it harder. Just think about who's most likely to demand half your salary and threaten you with violence if you don't pay, or take your house and not give it back unless you tell them the name they want, or throw you in a locked room and not let you out until you pay ransom? That's right! It's the *government*! I may not be as much of an anarchist as Perry, or maybe just more trusting :-), but I'd still feel a lot more secure if the government didn't know how much money I make and where to get it if they feel like taking it, and couldn't read my mail and accuse me of corresponding with known ANARCHISTS AND DRUG USERS AND FOREIGN NATIONALS AND MUNITIONS DEALERS (obviously I must be conspiring with them since I didn't turn them in) and quite frankly I'd like to be able to discuss different medicinal and recreational products with people without having to worry that they'll knock on my door one night and tear my house apart looking for things that aren't there, or things that were legal when I bought them but aren't now, and I'd like to be able to discuss interesting software without them coming and stealing my wife's home business laptop and laser printer because they couldn't find the disk drive on my VT-100 clone. I'm not paranoid, but I have friends who are :-), and I'd like to be able to talk to them on the phone without us worrying about wiretappers. And I have friends of friends who come from other countries, and maybe their papers aren't in order, and they don't want to go back to places where the governments are less concerned about human rights than our benevolent Immigration and Naturalization Service, or maybe they just like it here. And the lack of anonymous communication hasn't stopped the Mafia from burning down restaurants here in New Jersey or up in Rochester; it just means they've got to invest some of their profits in bribing cops. My friend's brother didn't get an anonymous postal-mail message, he got a visit from two big ugly guys he didn't know who told him how much protection would cost. On the other hand, my reading of Chaum's digicash paper makes it look like marked digicash may be possible, if the original account-holder wants to reveal the numbers and can trace the connection from the recipient's bank back to their bank, so kidnappers will still need money-launderers, though money-laundering will be easier. (Blackmailers still can get revenge by revealing their secrets, but at least you'll be able to be anonymous when you do some of the stupid things you could get blackmailed for :-) Bill Stewart, wcs at anchor.att.com From tcmay at netcom.com Mon Mar 1 17:39:11 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 1 Mar 93 17:39:11 PST Subject: Future of anonymity (short-term vs. long-term) Message-ID: <9303020137.AA19657@netcom.netcom.com> Ted Ts'o comments ruefully: >There doesn't seem to be a lot of realism in these discussions, which is >really bothering me. Oh, well.... > > - Ted There are certainly differing agendas and differing time horizons, as others have also noted (especially Marc Ringuette's analysis of time scales). Some are writing code to be put into their programs _tonight_, while others take a longer view. Some on this list operate real remailers, even world-famous remailers. The day to day discussion of mail protocols, PERL scripts, headers, REGEX stuff, and actual code submitted to the list is certainly pretty strong evidence that folks are deeply immersed in realism. Your own concerns about anonmity have also been well-received, I think, even if many of us disagree with you in some areas. Speaking for myself, I agree that some limits on anonymous posting may develop--this doesn't mean _we_ should put the limits in! (Granted, some of those operating remailers need to think about these issues. Johan Helsingius, for example, has done a very impressive job of balancing needs and threats and is considering how to deal with various kinds of abuses. Many on this list are contributing ideas. You can't get much more real than this.) Bugs, flaws, problems, cruftiness, and other defects exist. So what? That's the main point of trying to actually deploy these systems--to expose weaknesses, to try new approaches, to come out with "Mark II" versions of systems, and to have concrete examples to point to. As far a realism goes, the folks in this group have built real anonymous mailing systems, have been deeply involved in the PGP development (not me, certainly, but look at the PGP docs and you'll see some names from this list), and are working on many aspects of the evolution of digital privacy. As one who has been interested in this area since 1987, I think the progress in the last year or so has been nothing short of amazing. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From hughes at soda.berkeley.edu Mon Mar 1 17:47:45 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 1 Mar 93 17:47:45 PST Subject: Future of anonymity (short-term vs. long-term) In-Reply-To: <9303020037.AA26459@SOS> Message-ID: <9303020144.AA01018@soda.berkeley.edu> Re: authenticated news software >Also, keep in mind that netnews is run >by lots of real sites, who have real assets which could be reached if >sued by RSA. Why is there a presumption that any such authenticated news software would be used without license? RSADSI is not trying to sit on their patents, but to make money from them. >There doesn't seem to be a lot of realism in these discussions, which is >really bothering me. What you believe to be real and what I believe to be real may be different. To claim that another is being unrealistic is to mask what is foremost a difference in belief. What assumptions here do you disagree with? If you are explicit, perhaps we can forge an agreement. Eric From hughes at soda.berkeley.edu Mon Mar 1 18:41:36 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 1 Mar 93 18:41:36 PST Subject: cryptographic activism Message-ID: <9303020238.AA15164@soda.berkeley.edu> Dave Deltorto, in a message to the list last week, was all fired up to start some real political activism in this country. More power to him. May I suggest publicly, though, Dave, that you broaden your focus? The US really does work pretty well. For example, Fourth Amendment protections agains search and seizure, while eroding in some ways, are still basically intact. I do not claim that the US does not have problems, just that the nature of governmental violence against its own citizenry is much lower here than in other countries. Therefore I suggest that we extend an international hand of cryptographic aid. I suggest that we start with Singapore. Singapore is highly industrialized has a good telecommunications base. So good, in fact, that it supports their national payment and identity card system. Purchases really are tracked and data is filtered to look for unusual behavior. The subway and the toll booths all take the payment card. Singapore is, in many ways, the crypto-anarchist's worst nightmare. I do not know if the government there has cryptography restrictions, but I'm sure they will soon, if only as reaction. So now is the time for all of you folks to start writing your steganographic (information-disguising) applications! They are actually useful here. I would suggest that interested parties listen in on soc.culture.singapore for a while, and then carefully broach the subject about deploying secure communications. This is about as real-world as it gets, folks. The need for cryptography as a tool against oppression is real. In the US and Europe we deploy it to prevent oppression in the future, and we must be grateful that is the future we speak about. Nevertheless, others are not so fortunate. It behooves us to consider them. Singapore is not the only place in the world this is useful; it is only my first suggestion. Eric From swc at uc1.ucsu.edu Mon Mar 1 20:35:00 1993 From: swc at uc1.ucsu.edu (Stuart W. Card) Date: Mon, 1 Mar 93 20:35:00 PST Subject: Yanek Martinson Message-ID: <9303020446.AA04562@uc1.ucsu.edu> I tried to respond directly to Yanek Martinson directly without success. Could someone please directly e-mail me a good address for him? Thanks. -- Stu Card From swc at uc1.ucsu.edu Mon Mar 1 20:44:52 1993 From: swc at uc1.ucsu.edu (Stuart W. Card) Date: Mon, 1 Mar 93 20:44:52 PST Subject: volume Message-ID: <9303020405.AA04367@uc1.ucsu.edu> I know better than to send an unsubscribe message to the whole list, but... I really like this stuff. I intend fully to set up my own remailer Real Soon Now :-) Unfortunately, the rigors of grad study + running a struggling business don't permit me to keep up with all the reading. So, thanks all, I'll be back this summer. -- Stuart W. Card From mccoy at ccwf.cc.utexas.edu Mon Mar 1 20:51:30 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 1 Mar 93 20:51:30 PST Subject: more ideas on anonymity In-Reply-To: <9303011827.AA15335@maggie.shearson.com> Message-ID: <9303020450.AA04260@tramp.cc.utexas.edu> Perry Metzger writes: > > > From: Theodore Ts'o > > > I see. So you don't believe in libel or slander laws. > > > > And NBC was perfectly justified in faking an explosion in a GM truck to > > show it was unsafe, and broadcast it on prime-time TV. And it didn't do > > anybody any harm at all. Uh huh. > > > > Try again..... > > I believe that Theodore is confusing the notion of tort and the notion of > crime. > [disctinction between crimes and torts wrt slander and libel...] > > The issue is if a > non-anonymous individual or entity with credibility, like NBC, says something > that is false. > Remember the intent as well. It is not enough that one utters false statements, one must also intend to do damage with those statements (the "malice aforethoght" part). If I honestly thought that GM trucks were firebombs waiting to happen and told someone else I am not being libelous, but if I were to publish a statement that I knew was untrue (or one in which I was negligent in my research, but I am not sure about this...) then I might have a date in court in the near future... Either way, these actions are civil one, not criminal. The U.S. government is extremely limited in it's ability to use prior restraint to prevent publication of something (although there are many ways around the existing protections, as many on this list will undoubtably attest to.) jim From tony at morgan.demon.co.uk Mon Mar 1 20:52:37 1993 From: tony at morgan.demon.co.uk (Tony Kidson) Date: Mon, 1 Mar 93 20:52:37 PST Subject: anonymity + untraceable digital money = potential problems Message-ID: <2958@morgan.demon.co.uk> In message <9303012153.AA22065 at maggie.shearson.com> you write: > Shall we > lobotomize all ten year olds and destroy all the computers? This is perhaps the first sensible suggestion that this group has come up with. Tony +-----------------+-------------------------------+--------------------------+ | Tony Kidson | PGP 2.1 Key by request | Voice +44 81 466 5127 | | Morgan Towers, | | E-Mail | | Morgan Road, | This Space | tony at morgan.demon.co.uk | | Bromley, | to Rent | tny at cix.compulink.co.uk | | England BR1 3QE |Honda ST1100 ==*== DoD# 0801 | 100024.301 at compuserve.com| +-----------------+-------------------------------+----------------------------+ From tony at morgan.demon.co.uk Mon Mar 1 20:54:06 1993 From: tony at morgan.demon.co.uk (Tony Kidson) Date: Mon, 1 Mar 93 20:54:06 PST Subject: Libel UK Message-ID: <2957@morgan.demon.co.uk> In message <9303011958.AA24443 at soda.berkeley.edu> you write: > Perhaps Tony Kidson could tell us some of the effects of libel law in > the UK. The US law, which grew out of British law, seems to have gone > in the direction of reducing the power of a libel complaint, while > British law has done the opposite. I can't speak for the UK, but > those who live there could. In the UK, We don't have a first amendment :-( The law has developed in such a way that anybody with funds available can silence criticism by issuing a writ. There is much more protection for public figures. for example Robert Maxwell, proprietor of Mirror Group Newspapers (& Pergammon Press amongst others) robbed his companies blind. Everybody knew that he was a crook, but nobody could say so because he had the financial clout to silence everybody who said so with libel writs. The UK needs anonymous posting far more than the US does. Regards Tony Kidson +-----------------+-------------------------------+--------------------------+ | Tony Kidson | PGP 2.1 Key by request | Voice +44 81 466 5127 | | Morgan Towers, | | E-Mail | | Morgan Road, | This Space | tony at morgan.demon.co.uk | | Bromley, | to Rent | tny at cix.compulink.co.uk | | England BR1 3QE |Honda ST1100 ==*== DoD# 0801 | 100024.301 at compuserve.com| +-----------------+-------------------------------+----------------------------+ From tytso at Athena.MIT.EDU Mon Mar 1 20:54:18 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Mon, 1 Mar 93 20:54:18 PST Subject: Future of anonymity (short-term vs. long-term) In-Reply-To: <9303020144.AA01018@soda.berkeley.edu> Message-ID: <9303020248.AA26533@SOS> Date: Mon, 1 Mar 93 17:44:23 -0800 From: Eric Hughes >There doesn't seem to be a lot of realism in these discussions, which is >really bothering me. What you believe to be real and what I believe to be real may be different. To claim that another is being unrealistic is to mask what is foremost a difference in belief. What assumptions here do you disagree with? If you are explicit, perhaps we can forge an agreement. Well, let's see.... the most recent assumption I disagreed with was the claim that we could implement full-fledged postive reputation filters, complete with the use of RSA, and deploy it on the Usenet in some sort of time-frame less than ten years out --- and even that is doubtful. Look at how many sites are running B News, long after C news has been out. Anonymous remailers are here *today*. Then there's assumption that anonymous ID's would automatically have no weight --- they may have very little weight, but even today, they probably have some weight. I could probably construct some sort of NSA conspiracy theory, and have it posted so it looked like it came from 20 different pseudonyms, and it probably would be believed by a lot of people. Fundamentally, however, there's the basic assumption that anarchy per se is good; which is a basic philosophical belief which I just plain disagree with. I have strong Libertarian leanings, although I don't necessarily believe in the Libertarian party --- however, complete and total anarchy goes far beyond what I believe is a reasonable or realistic way to run a society; that's basically a "might makes right" form of government. In cyberspace, most of the people on this list would probably be listed among the mighty: we understand computers, and cryptography, and how to use them, "much better than the average bear". So it is not surprising that there are many on this list who think crypto anarchy is a good thing; however, I am not convinced that this would be a terribly just or better society than what we have now --- the only difference which class of people would be in power. In any case, a basic assumption which seems to permeate the arguments made by various people on this list is that anarchy is good. Perhaps I am running away from an argument, but in my experience, it is rare that an argument with a religious fanatic bears any fruit, and it seems that there are people who such militant anarchists that futher discussion doesn't seem to have much of a point. How does that saying go? "Don't bother trying to teach a pig to sing. It just frustrates you, and annoys the pig." - Ted From newsham at wiliki.eng.hawaii.edu Mon Mar 1 21:00:15 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 1 Mar 93 21:00:15 PST Subject: tapping Message-ID: <9303020333.AA04345@relay1.UU.NET> [forwarded from elsewhere] > > [From Data Communications, January 1993] > > INVENTION CUTS CABLING TIES > > An inventor working from a garden shed in the U.K. has come up with a device > that enables PCs and other LAN equipment to send and receive data through > the plastic outer jacket of copper LAN cabling-- without piercing the > cabling. Called the Watsonlinc Cable Coupling Transformer, the device > allows users to attach LAN equipment at any point in a network without going > through time-consuming and costly cable attachment procedures. The > Watsonlinc, which must be placed directly next to a cable's outer jacket, > uses a proprietary technique to reduce noise interference while picking up > and transmitting data signals. Watsonlinc-equipped network interface cards > (NICs) will appear in the next 12 months, according to inventor Mike Watson > (Walton-on-Thames, U.K.), who says the device's production cost of about $5 > per unit will not significantly increase NIC sticker prices. The Watsonlinc > works with both shielded and unshielded twisted-pair copper cabling, is > small enough to fit on laptop PC internal adapters, and is capable of > handling all common LAN speeds, Watson says. The internationally patented > invention works just as well with voice signals. Predictably, it already > has been licensed for use in telephone surveillance equipment. > > From tytso at Athena.MIT.EDU Mon Mar 1 21:21:58 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Mon, 1 Mar 93 21:21:58 PST Subject: more ideas on anonymity In-Reply-To: <9303020450.AA04260@tramp.cc.utexas.edu> Message-ID: <9303020520.AA26631@SOS> From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 1 Mar 1993 22:50:03 -0600 (CST) > The issue is if a > non-anonymous individual or entity with credibility, like NBC, says something > that is false. > Either way, these actions are civil one, not criminal. The U.S. government is extremely limited in it's ability to use prior restraint to prevent publication of something (although there are many ways around the existing protections, as many on this list will undoubtably attest to.) You are all missing my point. I am well aware that libel and slander are civil actions; not criminal ones. However, they *all* *hinge* *on* *having* *someone* *to* *sue*. Today, it is generally not possible to be anonymous while broadcasting your views to a large number of people. The closest you can get to that is at a rally, and even then, since you are phyiscally present, there is some link between what you say and your identity; hence, there is a certain amount of personal responsibility in what you say publically. Anonymous remailers completely removes this check on undisciplined free speech; it is now possible to spout GIF images, rantings that Elvis is alive, the fact that Jim McCoy didn't beat his wife today --- all without any personal risk on the part of the broadcaster. While, this may be a feature in some cases, in other cases it is most definitely a BUG. If you ignore this, you are only burying your head in the sand. - Ted From wcs at anchor.ho.att.com Mon Mar 1 22:10:11 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Mon, 1 Mar 93 22:10:11 PST Subject: A novel (?) return address idea Message-ID: <9303020609.AA10483@anchor.ho.att.com> Joe Thomas's proposal for anonymous return addresses is nice: return_addr = printable_encoding( encrypt( K, (salt, userid) ) ) userid = substring( n, decrypt( K, print_to_binary( return_addr ) ) ) where userid is the remailer's pointer to the real email address / pubkey, K is a secret key in the remailer, and salt is different for each message. (printable encoding may need to be monocase for some mailers.) If you used DES encryption, you could do 32 bits of UID and 32 bits of salt, you can turn the 64 bits of cyphertext into 13 printable characters using an obvious 5bit encoding; a good choice for a mailer is to prepend an x x<13_char_encoding> ( e.g. xabcdefghijklm ) and not have any real UIDs starting with x, so your mail delivery program can easily tell what to hand to the remailer-reply process and what to deliver more normally. Aside from being nice round numbers, this lets you support 4 billion users with 4 billion messages each, but is this really the right balance? Many users, like x<13rand>@remailer.foo.com, will only send a few messages, while a few others, like mailer-daemon at crypto.bank.com, will send lots. Should we perhaps use a Class A - Class B - Class C approach like IP addresses, with the bits broken up 16/48 - 32/32 - 48/16 or maybe 24/40 - 32/32 - 56/8? Unlike IP, of course, these address spaces are local only, and the user probably shouldn't know the userid number - the class is really just advisory. X-Anon-Request-New-UserID: C X-Anon-Request-User-Class: C could be used to request a new / reused userid of class C. Ideas for the extra-secure implementations: - it might be interesting to use a separate internal secret key to store the mapping from (real-email, userid) -> email-publickey. Hiding the mapping from real-email <-> userid is tougher. - if you really want longer userid+salts much bigger than this, you've got to handle email names noticably longer than 16 characters, or play games with hashing to reduce the size of the email name. The main motivation would be to use encryption other than DES, such as a public-key system with blocks longer than 64 bits, but hashing increases the amount of information you have to store, and the annoyance of deciding how to age it, avoid overload, etc. Bill Stewart # Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030 From tribble at xanadu.com Tue Mar 2 00:58:40 1993 From: tribble at xanadu.com (E. Dean Tribble) Date: Tue, 2 Mar 93 00:58:40 PST Subject: Piercing anonymitiy and censorship In-Reply-To: <9303010319.AA25260@SOS> Message-ID: <9303011845.AA22881@memexis.xanadu.com> Perhaps there are people who believe Free Speech should be so much of an absolute that you should be allowed to scream at the top of their lungs at 5am in the morning in a residential area, and that libel and slander laws shouldn't exist. But it's not fair to call that a mainstream I would like to separate the issues of hollering anything at 4am in residential areas from things like libel and slander. Disturbing people with your volume independent of its content is like blasting white noise at damaging volume levels. The remedies for it have nothing to do with speech, they have to do with disturbing the peace; your sound is crossing onto my property at intolerable levels. dean From tribble at xanadu.com Tue Mar 2 00:58:41 1993 From: tribble at xanadu.com (E. Dean Tribble) Date: Tue, 2 Mar 93 00:58:41 PST Subject: anon.penet.fi hacking The next revision of the remailer will have something like In-Reply-To: <9303010111.AA12729@soda.berkeley.edu> Message-ID: <9303012158.AA23036@memexis.xanadu.com> Body-Termination-Regex: The first character in the body that matches the regex, and every BTW I think this is just the right thing. Excellent idea! dean From tribble at xanadu.com Tue Mar 2 00:58:46 1993 From: tribble at xanadu.com (E. Dean Tribble) Date: Tue, 2 Mar 93 00:58:46 PST Subject: anon.penet.fi hacking In-Reply-To: <9303010111.AA12729@soda.berkeley.edu> Message-ID: <9303012157.AA23027@memexis.xanadu.com> Body-Termination-Regex: ^--$ I hate my sample header field name. Please, someone think up a better one. Alternatives: Sig-Pattern Sig-Regex End-Pattern dean From jb at paris7.jussieu.fr Tue Mar 2 01:26:46 1993 From: jb at paris7.jussieu.fr (jb at paris7.jussieu.fr) Date: Tue, 2 Mar 93 01:26:46 PST Subject: TIME magazine article about cyberpunks Message-ID: <00968e6d.50110011.20804@paris7.jussieu.fr> Hi there, I've just read an article about the cyberpunks (cypherpunks??) in Time's n#9 issue. I feel it tells very well where it started it why and by who. Cheers, jb From pmetzger at shearson.com Tue Mar 2 02:46:22 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Tue, 2 Mar 93 02:46:22 PST Subject: she's at it again :-) Message-ID: <9303020309.AA04736@maggie.shearson.com> > From: Karl Barrus > The article is very interesting, containing many oxymorons: > > "On the contrary, implementation of an intercept capability together > with appropriate security measures is more likely to lead to > telecommunication systems that are "smarter," more secure, and of > commercial interest to other countries." > > "while often labeled as "anti-privacy," wiretapping actually serves to > protect the privacy of law-abiding citizens and the business > interests of corporations" Ugh. File under "Abeit Macht Frei" along with slogans like "Freedom is Slavery". Perry From root at rmsdell.ftl.fl.us Tue Mar 2 03:30:19 1993 From: root at rmsdell.ftl.fl.us (Yanek Martinson) Date: Tue, 2 Mar 93 03:30:19 PST Subject: Yanek Martinson Message-ID: > I tried to respond directly to Yanek Martinson > directly without success. ^ I'm yanek at novavax.nova.edu (note, no l). -- Yanek Martinson yanek at novavax.nova.edu From 72147.3504 at CompuServe.COM Tue Mar 2 06:33:38 1993 From: 72147.3504 at CompuServe.COM (Tiia Roth-Biester) Date: Tue, 2 Mar 93 06:33:38 PST Subject: Dining Crypto -- An Introduction Message-ID: <930302142453_72147.3504_EHC51-1@CompuServe.COM> (Jim McCoy) >There is no way you can get around taxation if you intend on using this >system in real life. Your system is much like that of a drug dealer, he >gets all this money, but has no where to spend it until it has been >laundered. So in other words the earnings of the international banks located "offshore" and lending $trillions in the "Eurodollar" (now world financial) markets have been taxed for the last 30 years? Their balance sheets don't reflect these taxes. The new technology will let everyone "expatriate" themselves either actually or virtually. If, today, I am traveling in the South of France and writing the Great American Novel, I have no French tax liability and am not violating work permit laws even though I am working and may be earning $millions. (If I am or have been an American within the previous 10 years I would have US tax liability of course.) On the nets I can do a host of jobs while wandering around the world. In most countries I would have no income tax liability. Taxing me (or net entities created by me) would be even more difficult in a practical sense. >They will get you at the banks or wherever you go to spend your >money. The "War on Drugs" has really caused this kind of banking service >to dry up, Digital cash will be able to buy lots of goodies (entertainment, communication, non-physical services, and physical services once the VR interface improves sufficiently). Dumped into an account that is otherwise unconnected to you it can be accessed via smart cards, debit cards, and ATMs from anywhere in the world. It is still not that difficult to obtain a bank account somewhere in the world in a nome de guerre. >The appetite of the taxation-beast will not diminish, and everyone will >just end up having higher taxes on the physical elements of daily life >that can't be stuffed on the wire. Sounds like this is going to be a >world of info-elite tax dodgers...the public will love you... Actually the poor evade more taxes (as a portion of income) than the rich these days. The appetite of the beast has not stopped the forex markets from tripling in size since 1986 (quite a bit untaxed). Legally, services sold "internationally" are not subject to tax and there is no entity capable of levying such a tax. The nets exist in an "international" realm. As time goes on the percentage of gross world product that is non physical is bound to grow (the non-physical bits have been growing steadily for years). Once future Madonnas determine that they can double their take home pay by renouncing their American citizenship (either actually or virtually) and selling their voices and images via the nets things will change. If the coercive sector has to increase the taxes again and again on an ever smaller portion of gross world product, it will starve to death. >The unbundling of the physical and non-physical aspects are nice, but how >many non-physical aspects of a service are there? If your VR interface is good enough most services can be delivered non physically. Nonphysical services include: writing (anything), entertainment, law, much of medicine, all of management, telecoms, advertising and marketing, all of financial services. Once automation develops much of manufacturing will be non physical as you purchase "custom" goods made on the spot from downloaded patterns. Authority can be a delicate thing. On November 9th 1989 you would have been shot crossing the Berlin Wall without permission on November 11th 1989 you could cross at will. Many of your supposed restraints only apply to US citizens in any case. British citizens living "overseas" have no UK tax liability and this is true of the citizens of most countries. Everyone is "overseas" on the nets. Even though US expatriates have continuing liabilities, 60% of them are tax nonfilers according to an IRS study of tax compliance. Shattering geographical bounds shatters legal ones as well even in this day and age. Duncan Frissell From pfarrell at gmuvax2.gmu.edu Tue Mar 2 06:34:14 1993 From: pfarrell at gmuvax2.gmu.edu (Pat Farrell) Date: Tue, 2 Mar 93 06:34:14 PST Subject: she's at it again :-) Message-ID: <34377.pfarrell@gmuvax2.gmu.edu> In Message Mon, 1 Mar 1993 18:29:29 -0600, Karl Barrus writes: > In the March 1993 IEEE Spectrum magazine on pp. 16-17, Dorothy >Denning again floats her support for digital telephony bill in an >article entitled "Wiretapping and cryptography". See also the March 1993 Communications of the ACM. Altho there is little new on the topic for most folks on this list. Sigh. Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA PGP Public key availble via finger #include From tytso at Athena.MIT.EDU Tue Mar 2 06:40:17 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Tue, 2 Mar 93 06:40:17 PST Subject: Piercing anonymitiy and censorship In-Reply-To: <9303011845.AA22881@memexis.xanadu.com> Message-ID: <9303021439.AA02074@SOS> Date: Mon, 1 Mar 93 10:45:32 PST From: memexis!tribble at uunet.UU.NET (E. Dean Tribble) I would like to separate the issues of hollering anything at 4am in residential areas from things like libel and slander. Disturbing people with your volume independent of its content is like blasting white noise at damaging volume levels. The remedies for it have nothing to do with speech, they have to do with disturbing the peace; your sound is crossing onto my property at intolerable levels. And again, I repeat..... with anonymous remailers, you no longer have a way to enforce said grounds of disturbing the peace ---- unless you do things like approach the finnish authorities and ask that penet be disconnected from the network for disturbing the peace of various Usenet groups..... - Ted From pfarrell at gmuvax2.gmu.edu Tue Mar 2 06:53:08 1993 From: pfarrell at gmuvax2.gmu.edu (Pat Farrell) Date: Tue, 2 Mar 93 06:53:08 PST Subject: she's at it again :-) Message-ID: <35501.pfarrell@gmuvax2.gmu.edu> In Message Mon, 1 Mar 1993 18:29:29 -0600, Karl Barrus writes: > In the March 1993 IEEE Spectrum magazine on pp. 16-17, Dorothy >Denning again floats her support for digital telephony bill in an >article entitled "Wiretapping and cryptography". See also the March 1993 Communications of the ACM. Altho there is little new on the topic for most folks on this list. Sigh. Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA PGP Public key availble via finger #include From mab at vax135.att.com Tue Mar 2 07:30:09 1993 From: mab at vax135.att.com (mab at vax135.att.com) Date: Tue, 2 Mar 93 07:30:09 PST Subject: ideas on an encrypted BSD filesystem (LONG, technical) In-Reply-To: <9303020004.AA01774@tramp.cc.utexas.edu> Message-ID: <9303021525.AA16574@vax135.UUCP> I've built something that has a similar flavor; it was presented at the works-in-progress session at the January '93 USENIX conference. A full paper (and hopefully the released software) will be forthcoming ("any day now"). Here's the abstract that was at USENIX: .TL A Cryptographic File System .AU Matt Blaze .AI AT&T Bell Laboratories Holmdel, NJ 07733 mab at research.att.com January 14, 1993 .PP As computing systems (especially distributed ones) grow in size, issues of data security and privacy become increasingly complex. Cryptographic techniques can help ensure that data are not read by unauthorized persons, but most encryption software requires either that special purpose application software be used or that the user manually encipher and decipher files as needed. .PP The Cryptographic File System (CFS) makes it easier to take advantage, in a secure manner, of file system services (storage, backup, etc.) on potentially insecure servers and networks. .PP CFS provides a transparent Unix file system interface to directory hierarchies which are automatically DES encrypted with user-specified keys. Users "attach" an encrypted directory by providing a key, the name of a directory where the encrypted files are to be stored, and the name of a cryptographic "mount point" to be created under /crypt. Directories under /crypt are accessible with all standard system calls and tools to the users who created them. The underlying encrypted files (with encrypted names) can reside on any accessible file system (including remote file systems such as NFS); routine system administration tasks, such as file backup and restore, can be performed on the encrypted directories in the ordinary manner without knowledge of the key. When run on a client workstation, CFS ensures that cleartext is never stored on a disk or transmitted over a network. CFS uses a standard portable NFS client interface and has has been implemented for a variety of Unix platforms. From ncselxsi!drzaphod at ncselxsi.netcom.com Tue Mar 2 07:47:50 1993 From: ncselxsi!drzaphod at ncselxsi.netcom.com (DrZaphod) Date: Tue, 2 Mar 93 07:47:50 PST Subject: Future of anonymity (short-term vs. long-term) Message-ID: <6341.drzaphod@ncselxsi> In Message Mon, 1 Mar 93 21:48:39 -0500, Theodore Ts'o writes: > Well, let's see.... the most recent assumption I disagreed with was the > claim that we could implement full-fledged postive reputation filters, > complete with the use of RSA, and deploy it on the Usenet in some sort > of time-frame less than ten years out So this doesn't seem possible to you, does it? 10 years to me seems more than enough time to design the code and implement it in key places like USENET and mailing lists. 10 years AGO we were happy to have the tiny 5 1/4" floppy disk as opposed to the 8". Now we have flopptical and WORM.. Perhaps the world of mainframes moves slower than the rest of the world.. but that doesn't matter because in 10 years the many PCs will be on the internet with ISDN with plenty of free cycles to maintain [or consult] a database of positive reputations. > Fundamentally, however, there's the basic assumption that anarchy per se > is good; ... however, complete and total anarchy goes far beyond what I > believe is a reasonable or realistic way to run a society It's not a way to RUN a society... it just happens. > that's basically a "might makes right" form of government. Isn't that what we have now? If the DEA busted down your door could you defend yourself? If NSA wants to waste more of your money do they ask you? Because we have rules I think people are misled into thinking it's fair. Society will ALWAYS be a "might makes right" way of life.. the "might" is not necissarily physical power but it's still might. TTFN. DrZaphod [AC/DC] / [DnA][HP] [drzaphod at ncselxsi.uucp] Technicolorized From jthomas at mango.mitre.org Tue Mar 2 08:06:38 1993 From: jthomas at mango.mitre.org (Joe Thomas) Date: Tue, 2 Mar 93 08:06:38 PST Subject: A novel (?) return address idea Message-ID: <9303021603.AA09007@mango> wcs at anchor.ho.att.com (Bill_Stewart(HOY002)1305) write: > > Joe Thomas's proposal for anonymous return addresses is > nice: Thanks :^). [Nice summary deleted] > If you used DES encryption, you could do 32 bits of UID and > 32 bits of salt, you can turn the 64 bits of cyphertext into > 13 printable characters using an obvious 5bit encoding; > a good choice for a mailer is to prepend an x > x<13_char_encoding> ( e.g. xabcdefghijklm ) and not > have any real UIDs starting with x, so your mail delivery > program can easily tell what to hand to the > remailer-reply process and what to deliver more > normally. Yeah, I was thinking around 5 bits per character, and you have to pattern-match something. Could be "an-" or "x" or whatever... > Aside from being nice round numbers, this lets you > support 4 billion users with 4 billion messages each, but > is this really the right balance? Seems about right to me. If there's demand for a different mix, you can always add that later (with a different prefix to clue the software into how to interpret). Meanwhile this version could be implemented quickly, and would offer a good deal of security. As to what to use for the salt... If you don't expect users to send more than one message per second (at least, if they do, they won't mind both of them having the same return address) you can just use a straight timestamp -- Unix gives you 32 bits worth for free (as sec. since 1 Jan 1970). This guarantees you won't have loops from a PRNG. The time won't ever be reset to a past value. [other stuff deleted] I don't really think we need to do any encryption of the ID to address database, since only the remailer software should be using it. And while adding more salt bits might be nice (random bits increase strength against known plaintext attacks -- a danger since you know the approximate time, and that your ID will be the same in each message you send), I don't see how hashing could be useful, since it is one-way by definition. The remailer needs to both create and resolve return addresses. Is the source for the anon.penet.fi remailer available? I might have a crack at implementing this... Joe From 72147.3504 at CompuServe.COM Tue Mar 2 08:08:35 1993 From: 72147.3504 at CompuServe.COM (Tiia Roth-Biester) Date: Tue, 2 Mar 93 08:08:35 PST Subject: more ideas on anonymity Message-ID: <930302160011_72147.3504_EHC32-1@CompuServe.COM> (George A. Gleason) >1) Anything involving physical violence, threats of violence, incitement to >violence. (this includes acts such as rape, pedophelia etc., Don't forget that this also includes government. I for one would favor banning the advocacy of government from the nets. Serve them right . Interesting that most people support murder, robbery, and slavery when practiced in the name of the State but might shirk from supporting rape in the service of the State. Sounds inconsistent to me. Duncan Frissell From mccoy at ccwf.cc.utexas.edu Tue Mar 2 08:34:19 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Tue, 2 Mar 93 08:34:19 PST Subject: more ideas on anonymity In-Reply-To: <930302160011_72147.3504_EHC32-1@CompuServe.COM> Message-ID: <9303021632.AA07790@tramp.cc.utexas.edu> Tiia Roth-Biester <72147.3504 at CompuServe.COM> writes: > > (George A. Gleason) > > >1) Anything involving physical violence, threats of violence, incitement to > >violence. (this includes acts such as rape, pedophelia etc., > > Don't forget that this also includes government. I for one would favor > banning the advocacy of government from the nets. Serve them right . > Interesting that most people support murder, robbery, and slavery when > practiced in the name of the State but might shirk from supporting rape > in the service of the State. Sounds inconsistent to me. Not really. Since its foundation, the cornerstone of government is that it maintains the only legitimate monopoly on the use of violence. Like it or not, this is how it works and most of the sheep/citizens are quite happy to maintain this system. It is kind of ironic that you would propose to ban the advocacy of government on the nets considering the fact that without governement the nets would not be here in the first place. Sounds inconsistent to me... jim From mimir at u.washington.edu Tue Mar 2 08:53:19 1993 From: mimir at u.washington.edu (Al Billings) Date: Tue, 2 Mar 93 08:53:19 PST Subject: TIME magazine article about cyberpunks In-Reply-To: <00968e6d.50110011.20804@paris7.jussieu.fr> Message-ID: On Tue, 2 Mar 1993 jb at paris7.jussieu.fr wrote: > I've just read an article about the cyberpunks (cypherpunks??) in > Time's n#9 issue. I feel it tells very well where it started it > why and by who. Actually, it is a rather typically badly written piece on the so-called "cyberpunks" and attempts to throw in the buzz words. It is factually inaccurate in places and the EFF is seeking a retraction for what was said about it in the article (the author passed 's problem when they asked for a retraction). From tcmay at netcom.com Tue Mar 2 10:36:25 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Mar 93 10:36:25 PST Subject: anon.penet.fi hacking Message-ID: <9303021834.AA12367@netcom.netcom.com> > Body-Termination-Regex: ^--$ > > I hate my sample header field name. Please, someone think up a better > one. > >Alternatives: > >Sig-Pattern >Sig-Regex >End-Pattern > >dean In honor of Dorothy Denning's latest posting, how about: Sig-Heil The Feds will probably like this. -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From tcmay at netcom.com Tue Mar 2 10:36:30 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Mar 93 10:36:30 PST Subject: Textual Analysis Message-ID: <9303021834.AA12381@netcom.netcom.com> "Tiia Roth-Biester" writes: >(Jim McCoy) > >>There is no way you can get around taxation if you intend on using this >>system in real life. Your system is much like that of a drug dealer, he >>gets all this money, but has no where to spend it until it has been >>laundered. > >So in other words the earnings of the international banks located "offshore" >and lending $trillions in the "Eurodollar" (now world financial) markets >have been taxed for the last 30 years? Their balance sheets don't reflect >these taxes. This reveals a minor and probably obvious weakness of pseudonyms--writing styles. As I was reading this post from apparent newcomer "Tiia Roth-Biester," and wondering at how a woman (I think Tiia is a woman's name) got interested in this list, I said to myself: "Wait a minute, this sounds exactly like Duncan Frissell!" Sure enough, Duncan wrote it. Imagine what can be done with word and phrase frequency analysis, with examination of punctuation styles (e.g., some people use _this_ for emphasis while others use *this*), and so on. Entropy measures, etc. Someday this may be important. -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From gnu Tue Mar 2 10:38:20 1993 From: gnu (John Gilmore) Date: Tue, 2 Mar 93 10:38:20 PST Subject: A novel (?) return address idea In-Reply-To: <9303021603.AA09007@mango> Message-ID: <9303021838.AA29102@toad.com> There seems to me to be a serious problem with the "novel return address" idea. The information that ties together multiple anonymous messages from the same person is out in the world, encrypted by a single key in a conventional cipher. If that single key is compromised, everyone's identity is exposed. (Or, at least, the correlation among all messages sent by that individual, even if their legal or email name is not revealed). Furthermore, breaking the key will be possible by sending test-probes and doing exhaustive search. E.g. if you add 128 bits of salt, someone can send five or ten messages to themself through the remailer, and accumulate ten encrypted addresses that are known to be for the same sender. When decrypted, these keys will have maybe a 16- or 32-bit "return address ID" and 128 bits of salt. The attacker can then search the key space for keys that include large numbers of identical bits when decrypting those ten keys. This search is easily amenable to parallelization, fast hardware also exists to do it, and it may be possible to find improved algorithms to use the knowledge of identical plaintext bits to speed up the search process. The idea also suffers from the dossier problem -- all the information about return addresses will exist in a single place (at the remailer site) where it's tempting for a government (or other adversary of privacy) to try for it. Keep thinking, folks! We aren't there yet... John From mjr at netcom.com Tue Mar 2 11:22:43 1993 From: mjr at netcom.com (Matthew Rapaport) Date: Tue, 2 Mar 93 11:22:43 PST Subject: anon.penet.fi hacking Message-ID: <9303021921.AA12649@netcom2.netcom.com> >> Body-Termination-Regex: ^--$ > >Ok... Now.. Show me the regex that strips anything starting with '--', >such as '-----------------------------', except a PGP boundary line... > > Julf Ok... How about: Body-Termination-Regex: ^--$ Body-Termination-Exclude-Regex: ^-----BEGIN PGP [ A-Z]*-----$ Body-Termination-Exclude-Regex: ^-----END PGP [ A-Z]*-----$ Just EXPLICITLY exclude anything you don't want stripped... (Don't know if I got my regular expression just right, but I think you get the idea) At some point (maybe already) the average header collection will exceed the average message in size... Talk about overhead... :-) matthew rapaport Philosopher/Programmer At Large KD6KVH mjr at netcom.com 70371.255 at compuserve.com From jthomas at mango.mitre.org Tue Mar 2 11:59:50 1993 From: jthomas at mango.mitre.org (Joe Thomas) Date: Tue, 2 Mar 93 11:59:50 PST Subject: A novel (?) return address idea Message-ID: <9303021956.AA11428@mango> From: gnu at toad.com (John Gilmore): >There seems to me to be a serious problem with the "novel return >address" idea. The information that ties together multiple >anonymous messages from the same person is out in the world, >encrypted by a single key in a conventional cipher. [attack methods deleted] >The idea also suffers from the dossier problem -- all the >information about return addresses will exist in a single place (at >the remailer site) where it's tempting for a government (or other >adversary of privacy) to try for it. >Keep thinking, folks! We aren't there yet... Quite true. I guess I never really made it clear that I don't believe this return address method is very secure, just better than the current version available through anon.penet.fi. Certainly it's no reason to abandon the work on SASE's for cypherpunk remailers. My idea was just to make it difficult to associate different messages from the same anon user, while keeping anon.penet.fi's current framework. Now all messages from the same user bear the same return address (e.g. an1234). If you reveal your identity in one anonymized message, all of your past messages can be easily linked with you. Under the new scheme, associating two messages from the same sender would require breaking the remailer's cipher. Yes, it's possible, but it's not trivial. It's also possible to limit the damage done when a single key is compromised. Change keys periodically (weekly? daily?) and include a few bits at the front of the return address that will let the remailer know which key to decrypt the rest with. The dossier problem is a real one, of course. If Julf or his machine is compromised, all the aliases could be revealed. But that's true now, as well. Joe From marc at MIT.EDU Tue Mar 2 12:57:14 1993 From: marc at MIT.EDU (Marc Horowitz) Date: Tue, 2 Mar 93 12:57:14 PST Subject: anarchism (was: Re: Dining Crypto -- An Introduction) In-Reply-To: <930302142453_72147.3504_EHC51-1@CompuServe.COM> Message-ID: <9303022055.AA24072@tla.MIT.EDU> >> If the coercive sector has to increase the taxes again and again on an >> ever smaller portion of gross world product, it will starve to death. Do all you anarchists out there really think that society can hold itself together, in any form, without government? I believe that government today has its hands in way to many places. I believe in downsizing government, but not in eliminating it. I believe in the free market, but I also believe that the free market can be abused, and that controls need to be in place to prevent that. (Those of you who don't believe me, look at the railroad industry in the end of the 19th century.) I believe in protecting our freedoms in whatever ways possible, but there are times when wiretaps and other such actions *are* the most expidient ways to investigate criminals. These views are inconsistent, I think. I will probably decide that absolute privacy through crypto is the most reasonable solution. But I'm still trying to think of compromises. IMHO, things like alt.whisteblowers, with airtight anonymity, will do far more to insure our rights than simply protecting our own privacy, since the former is active, and the latter is passive. Now that I'm in free-association mode, Perhaps a.w should be a heirarchy: a.w.search-and-seizure a.w.foia a.w.corrupt-politicians That's only what I thought of off the top of my head. If the New York Times or some publication of similar stature were to pick up the "best of" of all the different categories, research them, and publish them if they turn out to be true, this would have the result of making government far less corrupt, which would make me far more comfortable than just knowing the corrupt ones couldn't read my data. After all, even with perfect crypto (yeah, I know, can't be done), my *body* is still vulnerable, and they will still have guns and prisons. In the worst case, they don't *need* an excuse. After all, the real problem today is not that they might see what I say in private, but that they might decide they don't like it, and do something about it. If drugs, and prostitution, and all those non-PC things were legalized, the security of information would matter a lot less. I guess what I'm saying is that crypto is an imperfect solution to a real problem, and that while it lets us go on with our lives the way we think we should be able to, solving the real problem would be a lot better. This is not to say that I don't think crypto privacy doesn't have its place: a.w, abuse hotlines, etc. are all excellect examples. But instead of merely hiding from the system, perhaps we should also keep an eye to changing it. Whew. Marc From pmetzger at shearson.com Tue Mar 2 12:58:54 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Tue, 2 Mar 93 12:58:54 PST Subject: Piercing anonymitiy and censorship Message-ID: <9303021915.AA10138@maggie.shearson.com> > From: Theodore Ts'o > > Date: Mon, 1 Mar 93 10:45:32 PST > From: memexis!tribble at uunet.UU.NET (E. Dean Tribble) > > I would like to separate the issues of hollering anything at 4am in > residential areas from things like libel and slander. Disturbing > people with your volume independent of its content is like blasting > white noise at damaging volume levels. The remedies for it have > nothing to do with speech, they have to do with disturbing the peace; > your sound is crossing onto my property at intolerable levels. > > And again, I repeat..... with anonymous remailers, you no longer have a > way to enforce said grounds of disturbing the peace ---- unless you do > things like approach the finnish authorities and ask that penet be > disconnected from the network for disturbing the peace of various Usenet > groups..... Of course there are ways -- and they need not be so drastic. You could, for instance, simply prevent non-subscribers from posting to your list, and use public key to verify identities. This would allow you to swiftly stop abuse. I've already noted this twice. You've claimed this is impractical, but the tools to do this, AND WITHOUT PATENT PROBLEMS, already exist and would be cheap to implement. Perry From pmetzger at shearson.com Tue Mar 2 12:59:20 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Tue, 2 Mar 93 12:59:20 PST Subject: Future of anonymity (short-term vs. long-term) Message-ID: <9303021551.AA03777@maggie.shearson.com> > From: Theodore Ts'o > > From: Eric Hughes > > >There doesn't seem to be a lot of realism in these discussions, which is > >really bothering me. > > What you believe to be real and what I believe to be real may be > different. To claim that another is being unrealistic is to mask > what is foremost a difference in belief. > > What assumptions here do you disagree with? If you are explicit, > perhaps we can forge an agreement. > > Well, let's see.... the most recent assumption I disagreed with was the > claim that we could implement full-fledged postive reputation filters, > complete with the use of RSA, and deploy it on the Usenet in some sort > of time-frame less than ten years out --- and even that is doubtful. Oh, come ON. This is insane, Ted, and you know it. Project Athena didn't take ten years. RSAREF is out there -- someone could build a version of news that used public key for verifying moderation on newsgroups and control messages within a month if they felt like it -- and working part time, too. As for the rest, well, it shouldn't be too hard. For unmoderated lists, keep sets of users you want to read the messages of and verify signatures if forgery starts becoming a problem. Crude but it would work. > Look at how many sites are running B News, long after C news has been > out. Anonymous remailers are here *today*. Well, the folks running B News and C News will have to live without the public key extensions, and it will be their fault. The people with the public key extensions will have the benefits. Is it your argument that because some men are fools all must suffer, Ted? Lets say that tommorrow someone made available, for free, pills that cured all disease. Are we to say "no, thats bad, some idiots won't take them?" > Then there's assumption that anonymous ID's would automatically have no > weight --- they may have very little weight, but even today, they > probably have some weight. I could probably construct some sort of NSA > conspiracy theory, and have it posted so it looked like it came from 20 > different pseudonyms, and it probably would be believed by a lot of > people. Yeah, well, so what? Right now people post such things non-anonymously, or could forge such postings. People put out infinte supplies of garbage. I'd argue that the average church causes more damage than all the anonymous posters on Usenet ever could and those are perfectly legal. You aren't arguing for non-anonymity. You are arguing that free speech is bad. Well, fine. See if you can stop it, Ted -- the rest of us aren't playing along with that game. Given that you have no choice but to accept reality, why not quit bitching and just work on fixing the problem? The Extropians list works on a closed subscription system today, folks. Its crude -- no public keys involved, subscription checking done very ad hoc -- but it works. People ARE out there fixing these problems. If someone really thinks anonymity is going to be a problem, they can fix it, and it won't take ten years -- a couple of months of evenings would likely allow for overkill. > Fundamentally, however, there's the basic assumption that anarchy per se > is good; which is a basic philosophical belief which I just plain > disagree with. That isn't even an issue here, Ted. Anonymity exists whether we want it or not -- its like asking if gravity is a good idea. The anarchy issue is not part of this. Even you would have to recognise that its impossible even with a society as closed as the Soviet Union to stop anonymity, let alone in a society as free as ours. The choices are to live with it and find ways to cope or to try for draconian measures. One is practical -- the other is impractical and harmful in and of itself. Perry From fen at genmagic.genmagic.com Tue Mar 2 13:35:42 1993 From: fen at genmagic.genmagic.com (Fen Labalme) Date: Tue, 2 Mar 93 13:35:42 PST Subject: Piercing anonymitiy and censorship Message-ID: <9303022134.AA27063@> > Date: Mon, 1 Mar 93 10:45:32 PST > From: memexis!tribble at uunet.UU.NET (E. Dean Tribble) > > I would like to separate the issues of hollering anything at 4am in > residential areas from things like libel and slander. Disturbing > people with your volume independent of its content is like blasting > white noise at damaging volume levels. The remedies for it have > nothing to do with speech, they have to do with disturbing the peace; > your sound is crossing onto my property at intolerable levels. > > And again, I repeat..... with anonymous remailers, you no longer have a > way to enforce said grounds of disturbing the peace ---- unless you do > things like approach the finnish authorities and ask that penet be > disconnected from the network for disturbing the peace of various Usenet > groups..... > > - Ted Don't most news readers have "kill files" (sometimes known as "bozo filters")? I definately prefer decentralized solutions. Anyone mandating what I can and cannot read is slime (synonomous with censor), imo. I want to make that choice myself, thank you very nice. Fen From tytso at Athena.MIT.EDU Tue Mar 2 13:41:18 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Tue, 2 Mar 93 13:41:18 PST Subject: Piercing anonymitiy and censorship In-Reply-To: <9303021915.AA10138@maggie.shearson.com> Message-ID: <9303022139.AA02344@SOS> Date: Tue, 2 Mar 93 14:15:15 EST From: pmetzger at shearson.com (Perry E. Metzger) Of course there are ways -- and they need not be so drastic. You could, for instance, simply prevent non-subscribers from posting to your list, and use public key to verify identities. This would allow you to swiftly stop abuse. I've already noted this twice. You've claimed this is impractical, but the tools to do this, AND WITHOUT PATENT PROBLEMS, already exist and would be cheap to implement. If they are so cheap to implement them, could someone please implement them FOR THE USENET GROUPS? (Where you don't have a concept of subscribers or non-subscribers?) I here lots of *talk* of how easy it is to do this, or how easy it is to do that. If it's so easy, why doesn't someone prove it to the rest of us by actually doing it. I hate to bring the Real World down upon you guys, but talk is cheap; code sometimes isn't. - Ted From raob at mullian.ee.mu.OZ.AU Tue Mar 2 13:45:58 1993 From: raob at mullian.ee.mu.OZ.AU (raob at mullian.ee.mu.OZ.AU) Date: Tue, 2 Mar 93 13:45:58 PST Subject: tapping Message-ID: <9303022144.22401@mullian.ee.mu.OZ.AU> [forwarded from elsewhere] > > [From Data Communications, January 1993] > > INVENTION CUTS CABLING TIES > > An inventor working from a garden shed in the U.K. has come up with a device > that enables PCs and other LAN equipment to send and receive data through > the plastic outer jacket of copper LAN cabling-- without piercing the > cabling. Called the Watsonlinc Cable Coupling Transformer, the device > allows users to attach LAN equipment at any point in a network without going > through time-consuming and costly cable attachment procedures. The > Watsonlinc, which must be placed directly next to a cable's outer jacket, > uses a proprietary technique to reduce noise interference while picking up > and transmitting data signals. Watsonlinc-equipped network interface cards > (NICs) will appear in the next 12 months, according to inventor Mike Watson > (Walton-on-Thames, U.K.), who says the device's production cost of about $5 > per unit will not significantly increase NIC sticker prices. The Watsonlinc > works with both shielded and unshielded twisted-pair copper cabling, is > small enough to fit on laptop PC internal adapters, and is capable of > handling all common LAN speeds, Watson says. The internationally patented > invention works just as well with voice signals. Predictably, it already > has been licensed for use in telephone surveillance equipment. > > ------- End of Forwarded Message From tytso at Athena.MIT.EDU Tue Mar 2 13:49:11 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Tue, 2 Mar 93 13:49:11 PST Subject: Piercing anonymitiy and censorship In-Reply-To: <9303022134.AA27063@> Message-ID: <9303022147.AA02357@SOS> Date: Tue, 2 Mar 1993 13:36:13 -0800 From: fen at genmagic.genmagic.com (Fen Labalme) Don't most news readers have "kill files" (sometimes known as "bozo filters")? I definately prefer decentralized solutions. Anyone mandating what I can and cannot read is slime (synonomous with censor), imo. I want to make that choice myself, thank you very nice. I suppose that a kill file of something like ".*@remailer.site" for each of the remailers would filter out all of the anonymous kill files. It still would slow down everyone news reader's, though. And as a news admin, if someone anonymous user abuses USENET by sending large GIF's to a newsgroup, this filling up my news spool, I (and each individual news admin) can make the individual choice to mail each offending anonymous news posting to the postmaster at remailer.site. Is that what you meant by a decentralized solution? :-) - Ted From phiber at eff.org Tue Mar 2 13:56:43 1993 From: phiber at eff.org (Phiber Optik) Date: Tue, 2 Mar 93 13:56:43 PST Subject: tapping In-Reply-To: <9303020333.AA04345@relay1.UU.NET> Message-ID: <199303022155.AA04077@eff.org> > > > [forwarded from elsewhere] > > > > [From Data Communications, January 1993] > > > > INVENTION CUTS CABLING TIES > > > > An inventor working from a garden shed in the U.K. has come up with a device > > that enables PCs and other LAN equipment to send and receive data through > > the plastic outer jacket of copper LAN cabling-- without piercing the > > cabling. Called the Watsonlinc Cable Coupling Transformer, the device > > allows users to attach LAN equipment at any point in a network without going > > through time-consuming and costly cable attachment procedures. The > > Watsonlinc, which must be placed directly next to a cable's outer jacket, > > uses a proprietary technique to reduce noise interference while picking up > > and transmitting data signals. Watsonlinc-equipped network interface cards > > (NICs) will appear in the next 12 months, according to inventor Mike Watson > > (Walton-on-Thames, U.K.), who says the device's production cost of about $5 > > per unit will not significantly increase NIC sticker prices. The Watsonlinc > > works with both shielded and unshielded twisted-pair copper cabling, is > > small enough to fit on laptop PC internal adapters, and is capable of > > handling all common LAN speeds, Watson says. The internationally patented > > invention works just as well with voice signals. Predictably, it already > > has been licensed for use in telephone surveillance equipment. > > > > > > Mike Watson rediscovers inductance, and the inductive tap. Film at 11. From tytso at Athena.MIT.EDU Tue Mar 2 13:58:53 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Tue, 2 Mar 93 13:58:53 PST Subject: Future of anonymity (short-term vs. long-term) In-Reply-To: <9303021551.AA03777@maggie.shearson.com> Message-ID: <9303022157.AA02360@SOS> Date: Tue, 2 Mar 93 10:51:31 EST From: pmetzger at shearson.com (Perry E. Metzger) You aren't arguing for non-anonymity. You are arguing that free speech is bad. No, I am not argueing for non-anonymity. Please stop defending your position by putting misrepresentations in my mouth. Believe me, I understand why anonymity has its features. I am just pointing out some of its bad sides, which you seem to refuse to accept even exist. If the only way you can defend your position is by ranting and raving and calling me a censorship-loving Nazi, then perhaps we should just end this discussion right here. - Ted From TSMWG at acad1.alaska.edu Tue Mar 2 14:12:12 1993 From: TSMWG at acad1.alaska.edu (The Ministry of Silly Walks) Date: Tue, 2 Mar 93 14:12:12 PST Subject: No Subject Message-ID: <01GVC13HVSR890NADM@mr.alaska.edu> UNSUBSCRIBE From TSMWG at acad1.alaska.edu Tue Mar 2 14:13:16 1993 From: TSMWG at acad1.alaska.edu (The Ministry of Silly Walks) Date: Tue, 2 Mar 93 14:13:16 PST Subject: No Subject Message-ID: <01GVC14UBOGK90NADM@mr.alaska.edu> Enjoyed this mailing list enormously, but am unable to keep up with the quantity of mail! Please unsubscribe me. Thanx =-=MwG=-= From sasha at ra.cs.umb.edu Tue Mar 2 14:53:31 1993 From: sasha at ra.cs.umb.edu (Alexander Chislenko) Date: Tue, 2 Mar 93 14:53:31 PST Subject: Textual analysis Message-ID: <199303022252.AA14712@ra.cs.umb.edu> Tim May writes: >Imagine what can be done with word and phrase frequency analysis, with >examination of punctuation styles (e.g., some people use _this_ for >emphasis while others use *this*), and so on. Entropy measures, etc. I know for sure that Soviet KGB did a lot of work in graphology and kept samples of print of every typewriter there was in the country. It might be easy to write a program that would randomly modify spacing, indentations, punctuation styles, spelling, replace words with random synonyms, reorder words in phrases, etc. It can eliminate most of the clues, excluding the concepts. You will have to compromise between the accuracy of the message and its privacy protection, but it is still something... Alexander Chislenko From thug at phantom.com Tue Mar 2 15:52:27 1993 From: thug at phantom.com (Murdering Thug) Date: Tue, 2 Mar 93 15:52:27 PST Subject: tapping In-Reply-To: <199303022155.AA04077@eff.org> Message-ID: Phiber Optik writes: > > > > > > > [forwarded from elsewhere] > > > > > > [From Data Communications, January 1993] > > > > > > INVENTION CUTS CABLING TIES [stuff deleted] > > > > > > works with both shielded and unshielded twisted-pair copper cabling, is > > > small enough to fit on laptop PC internal adapters, and is capable of > > > handling all common LAN speeds, Watson says. The internationally patented > > > invention works just as well with voice signals. Predictably, it already > > > has been licensed for use in telephone surveillance equipment. > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > > > > > > Mike Watson rediscovers inductance, and the inductive tap. > Film at 11. And patents it! Gee, I wonder if I patent the RF transmittion, and start charging licensing fees like Watson does with inductance. Hell, some guy has a patent on using XOR in making inverse cursors on CRTs. Thug From thug at phantom.com Tue Mar 2 15:56:52 1993 From: thug at phantom.com (Murdering Thug) Date: Tue, 2 Mar 93 15:56:52 PST Subject: Textual analysis In-Reply-To: <199303022252.AA14712@ra.cs.umb.edu> Message-ID: Tim May writes: >Imagine what can be done with word and phrase frequency analysis, with >examination of punctuation styles (e.g., some people use _this_ for >emphasis while others use *this*), and so on. Entropy measures, etc. I believe that such programs already exist. They are used to identify unknown authors of famous documents. I believe some of Shakespeare's work was under close scrutiny a number of years ago, as were the Fedaralist papers. There was an article in Byte about three or four years ago all about this kind of technology. Thug From hughes at soda.berkeley.edu Tue Mar 2 15:57:42 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 2 Mar 93 15:57:42 PST Subject: tapping In-Reply-To: <199303022155.AA04077@eff.org> Message-ID: <9303022354.AA27572@soda.berkeley.edu> >> > uses a proprietary technique to reduce noise interference while picking up >> > and transmitting data signals. >> > works with both shielded and unshielded twisted-pair copper cabling, is >> > small enough to fit on laptop PC internal adapters, Phiber writes: >Mike Watson rediscovers inductance, and the inductive tap. >Film at 11. Don't be so dismissive. There is something interesting going on here, even if it's not very complex. This thing works with _shielded_ pair. With twisted pair to begin with, you largely attenuate the inductive signal. (A very short lesson in physics: Current generates magnetic fields. Opposite travelling currents generate cancelling fields. Fields do not completely cancel because the wires are not in exactly the same place.) Shielding a twisted pair further attenuates a signal. It sounds to me like it's an inductive tap with some sort of phase locking built into it. By the mentioning networks, it indicates to me a digital signal. I doubt this thing would tap a POTS line carrying voice. Eric From deltorto at aol.com Tue Mar 2 16:15:04 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Tue, 2 Mar 93 16:15:04 PST Subject: 976-OVERDOSE Message-ID: <9303021655.tn55494@aol.com> Fellow Cypherpunks, I know that some of you have lives, jobs and studies and you probably, like me, are ofttimes overwhelmed by the sheer voluime of mail on this list. I have a simple proposal to solve th is problem: break the current list into topic areas. These would include: anon/pseudo_cpunks Anoymity/Pseudonymity remailers_cpunks Remailer Technology dining_cpunks DC Nets random-cpunks Random Generators digimoney_cpunks Digital Banking pgp_cpunks PGP App/Current Info <- new vers info/var. plat's ziplips_cpunks Crypto-Censorship fweee_cpunks Whistleblowers (The "Keith Peterson Area"?) physmtgs_cpunks Physical Meetings/Conferences <- CFP, events... and several more that I've forgotten, I'm sure... We should clearly state the general thread of each topic. People could subscribe to as many as they want to and thus dramatically reduce the amount of mail they get on topics about which they have little or no interest. I'm learning a lot from the list, but the sheer volume of the postings is becoming pretty unmanageable. We seem to have a range of subspecies developing, so it make sense to cater to them seperately. I hope we can remedy this situation before many more people have to unsubscribe. Most newcomers from Mondo articles, etc. should probably be subscribed to the list first, then maybe we could periodically post synopses of what's available on the other topics and let them wander in more deliberately. I hope everyone appreciates that my approach is geared toward bringing in more quality participation and not a flurry of curiousity-cats who dash in and out and post UNSUBSCRIBE mail to the whole list (thus gumming things up even further). What do you Punks think? I hope to see a comment or two about this from people, I think it's an issue whose time has come. "An ounce of prevention os worth a pound of cure" as they say. dave "verbum sat spaienti est" del torto From wcs at anchor.ho.att.com Tue Mar 2 16:17:34 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Tue, 2 Mar 93 16:17:34 PST Subject: A novel (?) return address idea Message-ID: <9303030015.AA23087@anchor.ho.att.com> John Gilmore writes: > There seems to me to be a serious problem with the "novel return > address" idea. The information that ties together multiple anonymous > messages from the same person is out in the world, encrypted by a > single key in a conventional cipher. I'm not sure there IS a good answer for anonymous news-posting with replies. For email, you can create a use-once-then-delete anonymous reply address, which hangs around until a reply happens or garbage-collection hits, but this isn't practical for news or multiple-recipient email - you need to keep an alias around for multiple replies to use. You can assign a new reply address for each posting, which is in some sense more secure, but it means that there are now many copies of the poster's email address and public-key (though multiple public keys may be a win.) But if the remailer site gets compromised, these are about as risky as multiple messages cryptically pointing to one copy of the address. (Unless the mapping from anon-reply-id to real-id is cryptographically protected.) (These comments also apply to the dossier problem below.) If the key-compromise issues you bring up below can be fixed, then this method is more secure than the one-anon-address-per-user for all postings method that seems to currently be in use, and if users can get a new return-address-id on request, and delete old return-address-ids on request (features you really need anyway), it's basically equivalent. > Furthermore, breaking the key will be possible by sending test-probes > and doing exhaustive search. E.g. if you add 128 bits of salt, > someone can send five or ten messages to themself through the > remailer, and accumulate ten encrypted addresses that are known to be > for the same sender. When decrypted, these keys will have maybe a 16- > or 32-bit "return address ID" and 128 bits of salt. The attacker can > then search the key space for keys that include large numbers of > identical bits when decrypting those ten keys. This search is easily Hmm. So it's not good enough to just lump 32 bits of address-id and 32 bits of salt together, because a key-search over 56-bit keys will trigger on the ones that get the same first 32 bits for multiple cyphertexts. What if you use triple-DES instead of single-DES as the cypher, which increases the key search space to at least 112 bits? This is presumably big enough, especially since the return-address-id doesn't directly give you the address, though that can be easier to crack. > The idea also suffers from the dossier problem -- all the information > about return addresses will exist in a single place (at the remailer > site) where it's tempting for a government (or other adversary of > privacy) to try for it. Deleting old addresses and getting new ones helps. Joe's suggestion of changing the keys also helps: including a few bits in the crypted address that are essentially another salt to let you pick the crypt key, but of course this means you need to keep ALL the older keys loaded in the system (or at least the last N), either stored (bad) or typed in (also bad.) I suppose you'd at least store them crypted. If you periodically dispose of the oldest ones, then you've limited the amount of time the correspondence is exposed, which is a good thing, but you've also made it impossible to reply to really old messages. (I guess a certain fraction of the postings will be requests for the poster of to repost something?) Also, this kind of remailer/reposter may still be chained - there's no need for the return address to be a _real_ return address. Bill Stewart From 0005533039 at mcimail.com Tue Mar 2 16:25:13 1993 From: 0005533039 at mcimail.com (Giuseppe Cimmino) Date: Tue, 2 Mar 93 16:25:13 PST Subject: PGP distribution Message-ID: <23930302233832/0005533039ND1EM@mcimail.com> OK, a short note. I'm willing to round up some old 3 1/2" 720K floppies and time on a disk duplicator to facilitate PGP distribution at Interop here in DC next week. To be specific: If someone wants to organize the distribution, I'll help in the production. -Giuseppe From hughes at soda.berkeley.edu Tue Mar 2 16:32:46 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 2 Mar 93 16:32:46 PST Subject: Poor Man's Time Release Crypto Message-ID: <9303030029.AA01349@soda.berkeley.edu> An obvious but very important point about any time release protocol can be observed in the following one: 1. Publish some non-random encrypted data. 2. Wait. Computational increases will eventually make cracking the code feasible. Your secret will be revealed, but you just don't know when! Technological progress puts an upper bound on the amount of time a secret can remain secret. Likewise, Diffie-Hellman is forward secure, but only until taking discrete logs in the chosen ring is feasible. Eric From 72147.3504 at CompuServe.COM Tue Mar 2 17:03:56 1993 From: 72147.3504 at CompuServe.COM (Tiia Roth-Biester) Date: Tue, 2 Mar 93 17:03:56 PST Subject: more ideas on anonymity Message-ID: <930302214903_72147.3504_EHC47-1@CompuServe.COM> >However, is it illegal to use false ID in order to conduct perfectly legal >transactions in order to preserve privacy/anonymity? How about it, any of >you guys associated with the CPSR, EFF, or ACLU, can you answer this one? >Murdering Thug Lexus research elided... >(Matthew J Miszewski) At Common Law, you could call youself anything you wanted as long as there was no intent to defraud. Generally you can still do this today. Matthew-In the case you dug up what sort of identity documents were used? Obviously, forging government ID documents is a separate crime. If you are signing something "under penlty of perjury" or "with a warranty of truthfullness" the person you are dealing with may be able to throw the agreement (whatever it is) out. There is also the possibility of legal action. You can cross the language out before signing (we are always free to negotiate) and hope that the bored clerk you are dealing with doesn't notice or if you are using forms that can be obtained in advance in blank you can remove the offending language and replace it with nondescript language using DTP technology. Avoid using government ID and substitute "soft ID" such as employment ID or school ID. Since anyone in America is free to form a "company" or a school ID can also be issued. Obtain a secured VISA card or a VISA debit card in a nome de guerre. This is pretty good ID. If the financial institution is overseas, you may not have to provide proof of identity. In this country (or Canada) bank accounts -- including secured credit card accounts -- can still be obtained in a nome de guerre if you work at it. If you aren't engaging in other illegal activity, prosecutions for using an alternate identity are rare. Duncan Frissell From tcmay at netcom.com Tue Mar 2 17:09:10 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Mar 93 17:09:10 PST Subject: 976-OVERDOSE In-Reply-To: <9303021655.tn55494@aol.com> Message-ID: <9303030107.AA11675@netcom3.netcom.com> Dave, I suspect others will tell you what I'm telling you: we considered breaking up the list a while back, and concluded we should not. Some reasons: - much more work for list maintainers. What _you_ save by not having to hit the delete key as often will be more than made up for by Eric Hughes having to do a lot more work (and he refuses) - having as many sublists as you suggest would be way too much...we even decided that a simple split into "technical" and "political" was not warranted, at least not back then. (Perhaps this can be reconsidered, thought the extra list maintenance work is still an issue.) - many will post their messages to more than one group, to make sure it gets to the appropriate people - topics bounce around, anyway, so some groups would have no traffic (and folks would send messages like: "Hey, how come it's so quiet on cypherpunks.music?") - people would miss key debates and key developments because they didn't think some group was important. (And if and when they decided something was important, they'd probably then ask others to forward them relevant material.) - the solution is for people to quickly delete message topics they don't want to see. Off-line newsreaders like Eudora (for the Mac) are quite useful. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From root at rmsdell.ftl.fl.us Tue Mar 2 17:52:18 1993 From: root at rmsdell.ftl.fl.us (Yanek Martinson) Date: Tue, 2 Mar 93 17:52:18 PST Subject: META: prefixes for easy filtering Message-ID: > is problem: break the current list into topic areas. A similar situation occurred a while ago on the Extropians list. Many people were complaining about excess volume, people were unsubscribing, and there was talk of splitting the list into many sublists. There are some problems with sublists. Many people would subscribe to all the lists, or many of them. List management chores ((un)subscriptions, bounces, address changes, etc) would increase. Many messages would get "cross-posted" to several or all lists, and thus would appear many times in everyone's mail box, thus even increasing the number of messages to sift through. There are other problems, which I will not mention now. I proposed a simple solution which is in use now, and has greatly increased the quality of the list, makes it easy for everyone to only read the messages they want, and does not require deployment of any new software. The actual volume has not decreased, probably it even increased. But the information flow is so much more manageable. The solution is the use of prefixes in Subject: lines. When you post, prefix your Subject: line with a short "tag" such as "ANON:", "DCNET:", "PGP:", "DCASH:", or others. For example, you would see subjects like PGP: new version available ANON: an new idea for anonymous replies etcetera. When reading your mail, just have your mailer sort the mail by Subject: line (if your mailer can't do that, get a new mailer), and all messages about PGP will come together, all messages about anonymous remailers will be in one area, etc. Then it's easy to delete them all without reading, to save them to a file for future reference, or to read them if that is a topic you are interested in. The beauty of this system is it's anarchistic nature. There is no need for people to maintain an official list of prefixes, or to vote on new ones (as is done with newsgroups), or to ask someone to create one (as would be necessary for mailing sublists). There's no need for the group as a whole to agree on anything. Just start using them. Try to find a logical prefix for each message that matches its subject area. Most likely people posting on the same topic will choose same or similar prefix. After some initial fluctuation, different prefixes for the same topic will converge to one that will become customary for that topic. New prefixes will pop up every once in a while, and the ones not used will fade from the group memory. This is a flexible, dynamic system. As a starting point I will make up a prefix for each of the sublists you proposed (if you don't like my prefix, use a different one!): ANON: anon/pseudo_cpunks Anoymity/Pseudonymity REMAIL: remailers_cpunks Remailer Technology DCNET: dining_cpunks DC Nets RANDOM: random-cpunks Random Generators DCASH: digimoney_cpunks Digital Banking PGP: pgp_cpunks PGP App/Current Info FLAME:-) ziplips_cpunks Crypto-Censorship WHISTLE: fweee_cpunks Whistleblowers (The "Keith Peterson Area"?) MEET: physmtgs_cpunks Physical Meetings/Conferences Here are some more: META: discussions on the list about the list itself, such as this post, or the post I am replying to which suggested splitting the list. Complaints about high volume, messages saying something does or does not belong on the list, etc, would use this prefix. ANNOUNCE: important messages that everyone may be interested in. FRIV: for jokes, parodies, other frivolous posts. If a post fits in more than one subject area, the main prefix should be put first, for sorting purposes. The other prefix(es) would follow, separated by slashes. For example "PGP/ANNOUNCE: new version available" or "RANDOM/FRIV: why not just flip coins?". This is in no way mandatory, it's just a convention that developed on Extropians, and it may be advantageous to use it, to ease further processing. Some other ideas: You can use procmail, elm filter, slocal, or any other mail processing tool to handle messages with different prefixes. For example if you are a very busy person, or are reading your mail over a low-speed link, you may want to save all REMAIL/ANNOUNCE messages in a "remailers" file, delete all FRIV, META, and FLAME messages, and for each other prefix, save the message to an appropriate folder for reading later. If you were not interested in discussion, but wanted to keep up on what's going on, you would have the filter delete all the messages from the mailin list that do not have an ANNOUNCE: prefix. Or, if you have enough time and/or are using a high-speed connection, you may just sort all the messages by Subject: thereby lumping all the messages on a subject together. Then you can decide which you are going to read first, which ones you want to delete, etc. If this idea takes off, and most people will start using prefixes, further evolution of the concept is possible. For example a group of extropians are developing some software on the list host machine that will let people customise their subscription, for example choosing not to receive messages with a certain prefix, not to receive messages that don't have a prefix, or choosing to receive only some selected prefixes, plus any new prefixes that come to use. All this is sometime in the future. Right now, let's start by just prefixing each subject line with an appropriate prefix. -- Yanek Martinson yanek at novavax.nova.edu From kwaldman at tanstaafl.extropy1.sai.com Tue Mar 2 18:11:18 1993 From: kwaldman at tanstaafl.extropy1.sai.com (Karl M Waldman) Date: Tue, 2 Mar 93 18:11:18 PST Subject: anarchism (was: Re: Dining Crypto -- An Introduction) (fwd) Message-ID: <2b9406fd@tanstaafl.extropy1.sai.com> > (Those of you who don't believe me, look at the railroad industry in > the end of the 19th century.) No free market here, government gave them the land for the railroad for free or very low cost. > That's only what I thought of off the top of my head. If the New York > Times or some publication of similar stature were to pick up the "best Or maybe NBC could pick the best ones :-) > Marc The basic trouble with government is, no matter what the quality of ideas they have, they tend to put a gun to your head. "For your best interest of course" Voluntarily yours, Karl Waldman From pmetzger at shearson.com Tue Mar 2 19:41:35 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Tue, 2 Mar 93 19:41:35 PST Subject: Future of anonymity (short-term vs. long-term) Message-ID: <9303030107.AA21716@maggie.shearson.com> > From: Theodore Ts'o > > Date: Tue, 2 Mar 93 10:51:31 EST > From: pmetzger at shearson.com (Perry E. Metzger) > > You aren't arguing for non-anonymity. You are arguing that free > speech is bad. > > No, I am not argueing for non-anonymity. Please stop defending your > position by putting misrepresentations in my mouth. > > Believe me, I understand why anonymity has its features. I am just > pointing out some of its bad sides, which you seem to refuse to accept > even exist. Of course I accept that they exist. However, I believe the benefits outweigh the problems, and in any case it matters little what we think since we cannot reasonably stop such systems from arising. > If the only way you can defend your position is by ranting and raving > and calling me a censorship-loving Nazi, then perhaps we should just end > this discussion right here. I don't believe I called you a Nazi. I also believe you took my quote out of context. Perry From pmetzger at shearson.com Tue Mar 2 19:46:10 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Tue, 2 Mar 93 19:46:10 PST Subject: Piercing anonymitiy and censorship Message-ID: <9303030105.AA21682@maggie.shearson.com> > From: Theodore Ts'o > > Date: Tue, 2 Mar 93 14:15:15 EST > From: pmetzger at shearson.com (Perry E. Metzger) > > Of course there are ways -- and they need not be so drastic. You could, > for instance, simply prevent non-subscribers from posting to your list, > and use public key to verify identities. This would allow you to swiftly > stop abuse. I've already noted this twice. You've claimed this is impractical, > but the tools to do this, AND WITHOUT PATENT PROBLEMS, already exist and > would be cheap to implement. > > If they are so cheap to implement them, could someone please implement > them FOR THE USENET GROUPS? (Where you don't have a concept of > subscribers or non-subscribers?) I don't have time Ted, I have really busy schedule. But, this is the thumbnail of what you want. 1. Build a decent tool to handle the public key sigs on news format message files and tell you if the file sender corresponds with the signature -- a variant on RIPEM (more like a half hour hack) should be able to do this. 2. Change the shell scripts handling incoming control messages inside the news software to check signatures against a trusted list. 3. Set some scripts handling incoming moderated newsgroups that check the signature against a trusted list. 4. Build a tool that checks that incoming signed messages correspond with signatures stored in the signature database for the site, and somehow flag non-authenticated or otherwise bogus signed messages. Add a header line to give out this info so rn and other newsreaders can nuke non-authenticated messages or what have you. Sounds like this begins to give you a large fraction of what you want without changing too much, and I bet its a few days of hacking. Its primitive, but it seems like the right thing for a start and you can take it from there. I specify keeping signatures on your news server and checking them there to keep users from needing special new newsreaders and to keep them from needing to run the signature code over and over again; presumably they can trust their sysadmin and if they cant they can get new tools so they don't have to. > I here lots of *talk* of how easy it is to do this, or how easy it is to > do that. If it's so easy, why doesn't someone prove it to the rest of > us by actually doing it. I hate to bring the Real World down upon you > guys, but talk is cheap; code sometimes isn't. As I've said, I don't have time myself, but the above is really easy for someone with a good knowledge of C News, RIPEM and the like. The hardest part is handling a key database and doing key management since RIPEM has no such provisions, but you can likely fix that. Then there is the issue of getting RSA to permit your hacks to RIPEM to get out, which I suspect they would. Okay, maybe not a few days, but certainly not much of a challenge here and you have the start of the system we were talking about. Among other things, it fixes forged control messages (presumably you would leave cancel messages alone, but it could let you authenticate newgroup and delgroups, which is a big problem), forged moderated messages, and give you the start of what you would need to start ignoring unsigned messages or messages from users you don't like on newsgroups. The stuff for non-moderated newsgroups would be primitive, but it would be a start and would let users have the option of deciding what they want to do with non-authenticated messages. Perry From ncselxsi!drzaphod at ncselxsi.netcom.com Tue Mar 2 19:47:32 1993 From: ncselxsi!drzaphod at ncselxsi.netcom.com (DrZaphod) Date: Tue, 2 Mar 93 19:47:32 PST Subject: You Aren't [I'm Not] Message-ID: <47610.drzaphod@ncselxsi> > Date: Tue, 2 Mar 93 10:51:31 EST > From: pmetzger at shearson.com (Perry E. Metzger) > > **You aren't arguing for non-anonymity.** You are arguing that free > speech is bad. > > In Message Tue, 2 Mar 93 16:57:22 -0500, > Theodore Ts'o writes: > >**No, I am not argueing for non-anonymity.** Please stop defending your >position by putting misrepresentations in my mouth. Aren't these the same thing? TTFN! [Waiting for reply: "That's the same thing!"] DrZaphod [AC/DC] / [DnA][HP] [drzaphod at ncselxsi.uucp] Technicolorized From root at rmsdell.ftl.fl.us Tue Mar 2 19:49:14 1993 From: root at rmsdell.ftl.fl.us (Yanek Martinson) Date: Tue, 2 Mar 93 19:49:14 PST Subject: ANON: Textual analysis Message-ID: > This reveals a minor and probably obvious weakness of pseudonyms--writing > styles. We probably need "rephrasing remailers" which do some rudimentary grammar parsing on input text, and randomly substitute equivalent constructs such as switching active/passive voice, synonyms, changing the word order where it is insignificant, joining/splitting sentences, etc. Anyone here have any experience in NLP (natural language processing), specifically parsing english? A possible start would be to look at "grammar checker" programs that check for various grammatical mistakes/misusages and suggest improvements. Another starting point is language translation software. After your text has been translated automatically to spanish -> french -> german -> english, not much of the orignal style will remain. Hopefully, enough meaning will be preserved to allow understanding. Are there any public domain programs that do one of the above? One constraint on these is that the message must be present in clear text, so that it must be the last remailer in the chain. > examination of punctuation styles (e.g., some people use _this_ for > emphasis while others use *this*) This could be alleviated by using a standard markup format, such as MIME RichText, or the simpler markup convention recently proposed on the mime list. -- Yanek Martinson yanek at novavax.nova.edu From tytso at Athena.MIT.EDU Tue Mar 2 19:59:15 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Tue, 2 Mar 93 19:59:15 PST Subject: Piercing anonymitiy and censorship In-Reply-To: <9303030105.AA21682@maggie.shearson.com> Message-ID: <9303030357.AA14312@SOS> The problem with trying to put RSA signed keys into Usenet is that it is simply not that simple. People aren't going to adopt the software overnight; it will take literally years before they adopt the software. In an earlier message, you said: Well, the folks running B News and C News will have to live without the public key extensions, and it will be their fault. The people with the public key extensions will have the benefits. That's just not true, and your proposed solution demonstrates that nicely. Until the majority of the poeple are posting signed messages, it is not useful to tell your newsreader to nuke all non-signed messages, as you suggested in your proposed solution --- you'd just be throwing out the signal with the noise...... Until nearly everyone on Usenet starts using the public key extension, we *all* will not have the benefits. There will be no way to distinguish the good (but unsigned messages) from the remailer abusers' unsigned (or untrusted) messages. - Ted From tytso at Athena.MIT.EDU Tue Mar 2 20:04:57 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Tue, 2 Mar 93 20:04:57 PST Subject: You Aren't [I'm Not] In-Reply-To: <47610.drzaphod@ncselxsi> Message-ID: <9303030403.AA14595@SOS> Date: Tue, 2 Mar 93 13:13:25 CST From: "DrZaphod" Sender: ncselxsi!drzaphod at ncselxsi.netcom.com > In Message Tue, 2 Mar 93 16:57:22 -0500, > Theodore Ts'o writes: > >**No, I am not argueing for non-anonymity.** Please stop defending your >position by putting misrepresentations in my mouth. Aren't these the same thing? TTFN! Sorry; typo on my part. What I meant to say was "No, I am not arguing that free speach is bad." Mr. Metzger was putting words in my mouth when claimed that I was saying that. Anonymity and free speach are *NOT* the same thing. As I posited in an earlier message, which no one has yet to comment on, those two concepts are not the same thing. Sorry for the typo; in my outrage that he would stoop to such depths to make his point, and what I meant to say and what I actually typed weren't the same thing. - Ted From sasha at ra.cs.umb.edu Tue Mar 2 20:33:25 1993 From: sasha at ra.cs.umb.edu (Alexander Chislenko) Date: Tue, 2 Mar 93 20:33:25 PST Subject: Mailing request. Message-ID: <199303030432.AA26783@ra.cs.umb.edu> Could somebody send me today's mail? I lost it :( Thanks. Alex. From 74076.1041 at CompuServe.COM Tue Mar 2 23:01:06 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 2 Mar 93 23:01:06 PST Subject: REMAIL: Usage stats. Message-ID: <930303065109_74076.1041_DHJ45-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- I got mail from a remailer operator asking how he could keep some information about how much his remailer was being used without keeping logs of the messages. This seemed like a good feature so I have added it to my maildelivery file. This is how it looks now: # # field pattern action/ string # result (quote included spaces) # Request-Remailing-To "" pipe R "date >> LOG.REMAIL" Request-Remailing-To "" pipe A remail.pl Anon-To "" pipe R "date >> LOG.REMAIL" Anon-To "" pipe A remail.pl Encrypted PGP pipe R "date >> LOG.ENCRYPTED" Encrypted PGP pipe A pgpmail.pl * "" pipe ? recurse.pl The lines which say "date >> LOG.XXX" will append one line to the LOG.* file each time a remailing or decryption is done. That line will tell when it is done. No other information is kept to allow reconstruction of who sent the message or what it was. You can use "wc" to count how many lines are in the files, archive and/or delete them periodically, or do whatever you like. A couple of notes: When you have more than one line that matches a particular field/pattern (defined in the first two columns), use the letter R for the result code for the first ones, and A for the last. Also, be SURE you put quotes around the command string if it is more than one word. Otherwise ALL of your mail will DISAPPEAR! (I need to do a little work on the slocal.pl script to make it more robust about this. :-) If you're using slocal rather than slocal.pl this should still work. Hal Finney -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK5Qqe6gTA69YIUw3AQEYiAQArkTzGy4b2oFetX/AOzXjZ9Wpv8zlthCa rDs54X0mhw2fqe1zRt8VNw4X66qNwV1niyBMJV37IQsiCJVKXYI1ey3bRD5xNKGx FSZogubeoxIJFvKcVnLTe0l6bsRZpzSPRaePslXZsxb0t3ysDKKnzX0GJe0Zg8k0 +4d1mh8q5qQ= =+Bo3 -----END PGP SIGNATURE----- From ebrandt at jarthur.Claremont.EDU Tue Mar 2 23:40:45 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Tue, 2 Mar 93 23:40:45 PST Subject: anon.penet.fi hacking In-Reply-To: <930301171036_74076.1041_DHJ55-1@CompuServe.COM> Message-ID: <9303030740.AA11601@toad.com> > Eric shows a complicated regular expression, but I don't think it > will match just --, because this line provides nothing to match the > "." and "[^B]", etc. Instead of these ballooning regexps, how about just using Chael Hall's standardized "end of body" marker? Even if some people had to add it manually to each message, well, that's not a big deal. But I suspect that the people who have sigs being added by BBS software are going to have trouble adding strange header lines, even if they have the regexp expertise to construct them. Anyone who does control their sig, but doesn't want to take the trouble to include it only some of the time, can just add the marker. People might even be able to convince BBS sysops to add it to their autosigs. Or if this just looks too cluttered, maybe the sig-clipper header could just be "Signature-Lines:" -- clip that many, or none by default, and you're done. > Hal PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From ebrandt at jarthur.Claremont.EDU Tue Mar 2 23:51:12 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Tue, 2 Mar 93 23:51:12 PST Subject: Future of anonymity (short-term vs. long-term) In-Reply-To: <9303020248.AA26533@SOS> Message-ID: <9303030751.AA11924@toad.com> > Fundamentally, however, there's the basic assumption that anarchy per se > is good; which is a basic philosophical belief which I just plain > disagree with. It's not an assumption, to begin with; I was not born an "anarchist". Nor is it a philosophical belief, in my case; it's a sociological conclusion. And I only claim that it's what I want, not that it's "good" for you -- that depends, for example, on whether you couldn't be happy except as an IRS employee. I'm not quite sure what you intend by your later comments on "religious fanatics", but any clarification or random flamage would best be done off-list. > - Ted PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From ebrandt at jarthur.Claremont.EDU Wed Mar 3 00:14:38 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Wed, 3 Mar 93 00:14:38 PST Subject: more ideas on anonymity In-Reply-To: <9303020520.AA26631@SOS> Message-ID: <9303030814.AA12447@toad.com> > Today, it is generally not possible to be anonymous while > broadcasting your views to a large number of people. To do this for free, no. But you can send direct mail anonymously, although you can't get cheap bulk rates. > While, this may be a feature in some cases, in other cases it is > most definitely a BUG. True. Perhaps we should look at the problems of universal anonymity in contexts where they can already be observed -- like cellulose mail. It would be possible to implement a "postage" analog without a backed crypto currency. Each remailer could issue usage tickets, good for a certain flow per month. Issue them to individuals, and let them circulate. There are obvious problems; for one, transactions would be on a good-will basis, except in the case of trades to consolidate a block with a single remailer. This would produce allocation problems. In this mileau, a net.loser might be able to panhandle a truckload of tickets. On the up side, it's a good cover for getting currency up and running. With real postage, I think the problem would be negligible. I can imagine a custom developing that mail from nyms not on the "pass" list would have to include a certain fee just to make into the mailbox. A motivation pre-filter for just mail, at least. If mail transmission is flat-fee, such a system seems quite likely. > - Ted PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From arcticus!Xenon Wed Mar 3 00:28:10 1993 From: arcticus!Xenon (Christopher Eric Hanson) Date: Wed, 3 Mar 93 00:28:10 PST Subject: Handling Abuses of Remailers In-Reply-To: Message-ID: <9303020542.AA0061q@arcticus.UUCP> In article tcmay at netcom.com (Timothy C. May) writes: > * To handle _abusive volumes_ through remailers, charge for remailing. > Short term, this may be a problem, but this is the long term market > solution. Quick but relevant question: Assuming a commercial anonymous remailer were set up tomorrow, with (don't ask me how this would be done, it's hypothetical...) provable anonymity -- what should it charge per message, or per kilobyte of message? > -Tim May > tcmay at netcom.com | anonymous networks, digital pseudonyms, zero Chris - Xenon -- Xenon%arcticus at burner.com = Chris Hanson | Lord Xenon | Kelson Haldane I work, but you don't know who I work for, and I'm not on their machine(s). "There is no Truth. There is only Perception. To Perceive is to Exist." - Xen Home (303)745-0108|Work (303)696-8973|Flames (976)DEV-NULL|PGP2.1 key by req. From julf at penet.FI Wed Mar 3 00:34:30 1993 From: julf at penet.FI (Johan Helsingius) Date: Wed, 3 Mar 93 00:34:30 PST Subject: ANON: Re: anon.penet.fi hacking In-Reply-To: <9303030740.AA11601@toad.com> Message-ID: <9303030922.aa22669@penet.penet.FI> > Instead of these ballooning regexps, how about just using Chael > Hall's standardized "end of body" marker? Even if some people had > to add it manually to each message, well, that's not a big deal. > But I suspect that the people who have sigs being added by BBS > software are going to have trouble adding strange header lines, even > if they have the regexp expertise to construct them. Didn't we go through this at least twice already. Yes, your suggestion is perfectly OK for a "pure" cypherpunks remailer with sophisticated users. It is *NOT* OK for something like the typical anon.penet.fi user from alt.sexual.abuse.recovery or alt.transgendered. And at least anon.penet.fi allows for using the special header lines as part of the message body, to compensate for braindamaged mail systems. But some users might not even be *aware* that their systems add sigs - yes, I've come across a lot of those.... Julf From fergp at sytex.com Wed Mar 3 01:13:37 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 3 Mar 93 01:13:37 PST Subject: Let's look at this .... Message-ID: <6HNTZB1w165w@sytex.com> Okay, cypherpunks - I've watched enough "unsubscribe me" requests drop in, now I figure (that's a Virginia word, BTW) that since I'm silently digesting most of this nonsense, I can at least crop a few pennies in the mill from time to time. I've managed to irk several of you with the virus encryption post (a bona fide topic, for those of you who snicker); then with the "Why Anon (especially when there are twelve step programs) ?", but the federal deficit is peanuts to popcorn compared to the bandwidth wasted here. Lest I begin to resemble some cypher-drop-out (never happen), let's re-examine what we are now discussing: o Problems (solved yet?) with penet.fi o Arguments and innuendo regarding: _ digital cash _ digital anarchy (Gee, thanks, Tim.) _ digital bad-mouthing The one topic that _does_ interest me is the nonsensical fodder stemming from a post regarding the (actual?) governmental consideration to license keys. That just drops my carrier. This is probably the one reason why I tolerate the wasted bandwidth here -- there are many powerful souls amongst you (us) who can keep this bullshit from happening. On a serious note, I have been a programmer-slash-analyst from the card-punch days of not_so_old. My assembly programming began in the bowels of a IBM 360; somehow that weeded it's way into the desktop arena. Damned odd. Now I just put networks together. Much like tinker toys. My (long-winded) question is this: What are cypherpunk priorities? (NO, no, please do not cite the norms. I've heard 'em.) Where are we going with anon mailers? Are they going to serve us or cause us unlimited problems? (From a political point of view?) I stand _strongly_ behind private communications, and behind the right to privately encrypt. Personally, I do not think that it can be taken away from us. Thoughts? Cheers. Paul Ferguson | Network Integration Consultant | "All of life's answers are Alexandria, Virginia USA | on TV." fergp at sytex.com (Internet) | -- Homer Simpson sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP public encryption key available upon request. From tcmay at netcom.com Wed Mar 3 01:16:53 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 3 Mar 93 01:16:53 PST Subject: Handling Abuses of Remailers Message-ID: <9303030915.AA21640@netcom.netcom.com> >In article tcmay at netcom.com (Timothy C. >May) writes: >> * To handle _abusive volumes_ through remailers, charge for remailing. >> Short term, this may be a problem, but this is the long term market >> solution. > > Quick but relevant question: Assuming a commercial anonymous remailer >were set up tomorrow, with (don't ask me how this would be done, it's >hypothetical...) provable anonymity -- what should it charge per message, >or per kilobyte of message? > >> -Tim May >> tcmay at netcom.com | anonymous networks, digital pseudonyms, zero > >Chris - Xenon I don't know. That's for the market to decide. This is not a glib answer. There is no "real" price for any service or commodity, only a complicated emergent market price that typically evolves and changes. An anonymous remailer (the "Mom and Pop" remailer I like to cite) may initially charge some price and find it is being undercut by others, or others are not matching its price. Prices will change, evolve. It is, however, that remailing prices will be much below a few pennies per 1 KB message, nor much above $2.00. I often use the crude estimate of $0.50 per remailing, suggesting that a 5-hop mailing will then cost about $2.50. (But once the infrastructure for remailer hops is in place, then even a single hop is basically enough--this may sound paradoxical, but think about it.) -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From tribble at xanadu.com Wed Mar 3 01:29:30 1993 From: tribble at xanadu.com (E. Dean Tribble) Date: Wed, 3 Mar 93 01:29:30 PST Subject: Future of anonymity (short-term vs. long-term) In-Reply-To: <9303020248.AA26533@SOS> Message-ID: <9303022349.AA26712@memexis.xanadu.com> >There doesn't seem to be a lot of realism in these discussions, which is >really bothering me. People often mistake being a wet blanket and finding lots of objections to thing with 'being realistic'. Is that what you are doing? Otherwise, given how much work I see people doing to both spread the ideas and to build tools, I can't imagine to what you are referring. People are building and deploying remailers, integrating crypto stuff into mail programs, testing anonymity, writing publilcations on teh subject, successfully suing government organizations for privacy violations, working towards positive reputation systems, etc. Pretty damn good for people's spare time. And certainly plenty 'realistic'. Discussion of visions and long term goals might qualify, but the grandiose visions we indulge in drive the day-to-day improvements we make on the technology and ideas about privacy that are available. What assumptions here do you disagree with? If you are explicit, perhaps we can forge an agreement. Well, let's see.... the most recent assumption I disagreed with was the claim that we could implement full-fledged postive reputation filters, complete with the use of RSA, and deploy it on the Usenet in some sort of time-frame less than ten years out --- and even that is doubtful. Look at how many sites are running B News, long after C news has been out. Anonymous remailers are here *today*. I must have missed that message. I looks like a munging together of lots of separate things that are in the works, and that will integrate in some reasonable way. As I put together my thoughts for an answer here, I realized that my summary of what's going on would better fit in a separate message. I'll send that later. conspiracy theory, and have it posted so it looked like it came from 20 different pseudonyms, and it probably would be believed by a lot of It would only be believed by people who tend to believe in that stuff. The people that read home.ec.cooking will just look at a message like that strangely and wonder what it has to do with cooking. There aren't many forums in which such a message is even appropriate. In the ones that are, I suspect acceptance would be slow for a sudden flurry of anonymous postings :-) Most of hte people who would believe that kind of thing easily simply aren't on the net. Fundamentally, however, there's the basic assumption that anarchy I don't even think Tim May believes that :-) I think the basic assumption is that government rstriction of freedom and privacy is *bad*. There's almost certainly more agreement with that. I certainly can't htink of time when it was good... necessarily believe in the Libertarian party --- however, complete and total anarchy goes far beyond what I believe is a reasonable or realistic way to run a society; that's basically a "might makes right" Anarchy is just a bad word because it brings to mind the image of utter lawlessness and destruction. I certainly want all the things typically (badly) supplied by the government: health care, police, fire, national defense, etc., I just don't think that we need the gov't to provide them. Any anarchy that I advocate has to support at least the level of society we have now, and I certainly believe that to be possible. there are people who such militant anarchists that futher discussion Labelling someone with a name, then insisting that it belongs to them is hardly a useful style of argument. How does that saying go? "Don't bother trying to teach a pig to sing. It just frustrates you, and annoys the pig." This is just righteousness that is intended to put people down. It just prompts flaming and doesn't contribute to the discussion. Finally, I would note that people are actively pursuing crypto stuff for a variety of reasons. I can disgree about philosophy and still productively cooperate with people. We contribute to each other's goals. What are your goals with respect to this stuff, and *what are you doing* to pursue them? You want more realism: what are *your* plans? Objecting to someone else's is easy. Doing something is hard (that's why I support other people doing something even if I don't quite agree with them). dean From tribble at xanadu.com Wed Mar 3 01:29:32 1993 From: tribble at xanadu.com (E. Dean Tribble) Date: Wed, 3 Mar 93 01:29:32 PST Subject: implementing positive reputation systems Message-ID: <9303022249.AA26686@memexis.xanadu.com> The scheme I always think of when envisioning positive reputation systems is that I get the feed of everything I might be interested in, then sort and filter using whatever cleverness I desire. Occasionally (perhaps regularly) I exchange message with various people so that we can update our transitive reputation information. Eric Hughes and the recent discussion about volume problems got me thinking about how to implement positive reputations at server sites. I want a system in which the semantics are similar to the ideal scenario above, but lower overhead in bandwidth and in processing power for the receiver. I suspect that the mailing list server would provide filtering, and the receiver would provide sorting. This will let us create mailing lists with anonymous participants without letting them overwhelm the list. It controls volume, etc. Hmmmm.... Anyone with ideas, please send them to me (or the list) and I'll collect them and post them. dean From tribble at xanadu.com Wed Mar 3 01:31:20 1993 From: tribble at xanadu.com (E. Dean Tribble) Date: Wed, 3 Mar 93 01:31:20 PST Subject: more ideas on anonymity In-Reply-To: <9303011958.AA24443@soda.berkeley.edu> Message-ID: <9303021951.AA26424@memexis.xanadu.com> "How much reputation has an anonymous source?" I think this might be key to solving the "anonymous libel" problem. Simply declare "anonymous libel" an oxymoron! We might argue that otherwise libelous statements, when made anonymously, carry a presumption of falsity, for otherwise the speaker would be willing to speak truthfully in his or her own person. Or, in other words, "Coward! He must be lying!" The perspective you propose is an easy way of orienting people towards positive reputations. If people consider an unestablished anonymous source as similar to a drunk on the street staggerring up to them, then sources start out with little positive reputation. For some things, anonymity is sufficiently valuable that its use doesn't discredit the source: crime tip-offs, inside corruption revealing, etc. In many of those cases, however, the source would need to establish their validity, which ties them back into the positive reputation game: an insider could reveal information that proves their inside knowledge, an informer could establish a long-term anonymous reputation, etc. In the case of the informer, police might still respond to random tips, but not with the same alacrity (yeah right) with which they respond to tips from established informers. dean From tribble at xanadu.com Wed Mar 3 01:31:28 1993 From: tribble at xanadu.com (E. Dean Tribble) Date: Wed, 3 Mar 93 01:31:28 PST Subject: Future of anonymity (short-term vs. long-term) In-Reply-To: <9303011309.aa09356@penet.penet.FI> Message-ID: <9303022222.AA26658@memexis.xanadu.com> IMHO a remailer operator should *NEVER* reveal any identities, but I also believe very strongly that especially if you provide a way to post news articles, there has to be a way to send replies to the original sender. Thus a remailer must maintain mapping info. I like this. Does it make sense (and has it already been talked about?) to preserve the return information only for a limited time? dean From tim at atri.curtin.edu.au Wed Mar 3 04:01:29 1993 From: tim at atri.curtin.edu.au (Tim Moors) Date: Wed, 3 Mar 93 04:01:29 PST Subject: ANON: Revealing identities Message-ID: <9303031201.AA13190@atri.curtin.edu.au> I sent the following to Julf earlier, and he encouraged me to post it to news.admin.policy and the cypherpunks list. He mentioned that "the mapping thing has been discussed recently". Feel free to tear it to shreds, but remember that it is only a rough idea at present: don't tell me I forgot to cross the 'l's (oops 't's). ---- 8< Cut Here 8< ---- From jthomas at mango.mitre.org Wed Mar 3 06:43:02 1993 From: jthomas at mango.mitre.org (Joe Thomas) Date: Wed, 3 Mar 93 06:43:02 PST Subject: ANON: Textual analysis Message-ID: <9303031439.AA22164@mango> > > This reveals a minor and probably obvious weakness of pseudonyms--writing > > styles. >We probably need "rephrasing remailers" which do some rudimentary >grammar parsing on input text, and randomly substitute equivalent >constructs such as switching active/passive voice, synonyms, changing >the word order where it is insignificant, joining/splitting sentences, >etc. Anyone here have any experience in NLP (natural language processing), >specifically parsing english? ... >Another starting point is language translation software. After your text >has been translated automatically to spanish -> french -> german -> english, >not much of the orignal style will remain. Hopefully, enough meaning >will be preserved to allow understanding. This whole problem looks to me to be AI-complete. I mean, I can't understand the manual from my Roland synth without a whole lot of head-scratching, and that was translated by a human! I don't think you're going to see a computer program giving intelligible rephrasing any time soon. The burden of disguising writing style may continue to fall on the author, but if everyone has the tools to statistically analyze their own messages before they send them, they'll at least see what they need to change around before sending. [I, for example, might decide to use sentences with fewer than three clauses...] Joe From jcoryell at nwu.edu Wed Mar 3 07:47:20 1993 From: jcoryell at nwu.edu (John Coryell.) Date: Wed, 3 Mar 93 07:47:20 PST Subject: Just came back.. (fwd) Message-ID: <9303031545.AA04169@casbah.acns.nwu.edu> Newsgroups: alt.cyberspace From: andyc at rock.concert.net (Richard A Ciordia -- Personal Account) Subject: Just came back.. Message-ID: <1993Feb24.042117.12675 at rock.concert.net> Organization: CONCERT-CONNECT -- Public Access UNIX Date: Wed, 24 Feb 1993 04:21:17 GMT Lines: 6 Just came back from a VR Lecture, hosted by one of the Directors at Autodesk. There are some new VR releases comming out that is Wicked.. Lower cost too. Anyhow... It was way cool.. 3d-Studio, for those who havent used, grab a copy it's a blast.. Easy to make, rend, animate.. Hasta.. Andy From jthomas at mango.mitre.org Wed Mar 3 07:48:15 1993 From: jthomas at mango.mitre.org (Joe Thomas) Date: Wed, 3 Mar 93 07:48:15 PST Subject: Future of anonymity (short-term vs. long-term) Message-ID: <9303031544.AA25573@mango> > IMHO a remailer operator should *NEVER* reveal any identities, but I > also believe very strongly that especially if you provide a way to post > news articles, there has to be a way to send replies to the original > sender. Thus a remailer must maintain mapping info. >I like this. Does it make sense (and has it already been talked >about?) to preserve the return information only for a limited time? It could make sense. It would make _practical_ sense in a scheme like the one I proposed (then amended thanks to John Gilmore's comments) in which the remailer encrypts the return addresses with a key that is regularly changed. Just forget the old keys after a certain amount of time. (BTW, forget I ever said anything about using timestamps as salt. The amount of known-plaintext per message is huge if you do that. Any PRNG would be better. I must have left my brain at home yesterday...) Joe From pmetzger at shearson.com Wed Mar 3 07:58:07 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Wed, 3 Mar 93 07:58:07 PST Subject: You Aren't [I'm Not] Message-ID: <9303031508.AA26458@maggie.shearson.com> > From: Theodore Ts'o > > Sorry; typo on my part. What I meant to say was "No, I am not arguing > that free speach is bad." Mr. Metzger was putting words in my mouth > when claimed that I was saying that. > > Anonymity and free speach are *NOT* the same thing. As I posited in an > earlier message, which no one has yet to comment on, those two concepts > are not the same thing. Yes they are, Ted. They are mathematically equivalent. If I can say anything, I can say it in code. If I can say anything, I can repeat what someone else said in code, possibly transforming it. Ta Da, remailers. To stop remailers, you will need to stop free speech. Please at least admit this much. It might be unpleasant, but in a society with no prior restraints on speech it is likely not possible to stop cryptographic systems to assure anonymity. Perry From tony at morgan.demon.co.uk Wed Mar 3 08:09:56 1993 From: tony at morgan.demon.co.uk (Tony Kidson) Date: Wed, 3 Mar 93 08:09:56 PST Subject: META: Support for prefixes Message-ID: <3098@morgan.demon.co.uk> In message you write: > > is problem: break the current list into topic areas. > > A similar situation occurred a while ago on the Extropians list. Many > people were complaining about excess volume, people were > unsubscribing, and there was talk of splitting the list into many > sublists. There are some problems with sublists. Many people would > subscribe to all the lists, or many of them. List management chores > ((un)subscriptions, bounces, address changes, etc) would increase. > Many messages would get "cross-posted" to several or all lists, and > thus would appear many times in everyone's mail box, thus even > increasing the number of messages to sift through. There are other > problems, which I will not mention now. > > I proposed a simple solution which is in use now, and has greatly > increased the quality of the list, makes it easy for everyone to only > read the messages they want, and does not require deployment of any > new software. The actual volume has not decreased, probably it even > increased. But the information flow is so much more manageable. > > The solution is the use of prefixes in Subject: lines. When you post, > prefix your Subject: line with a short "tag" such as "ANON:", > "DCNET:", "PGP:", "DCASH:", or others. For example, you would see > subjects like > > PGP: new version available > ANON: an new idea for anonymous replies > > etcetera. When reading your mail, just have your mailer sort the mail > by Subject: line (if your mailer can't do that, get a new mailer), and > all messages about PGP will come together, all messages about > anonymous remailers will be in one area, etc. Then it's easy to > delete them all without reading, to save them to a file for future > reference, or to read them if that is a topic you are interested in. > > The beauty of this system is it's anarchistic nature. There is no > need for people to maintain an official list of prefixes, or to vote > on new ones (as is done with newsgroups), or to ask someone to create > one (as would be necessary for mailing sublists). There's no need for > the group as a whole to agree on anything. Just start using them. > Try to find a logical prefix for each message that matches its subject > area. > > Most likely people posting on the same topic will choose same or similar > prefix. After some initial fluctuation, different prefixes for the same > topic will converge to one that will become customary for that topic. > > New prefixes will pop up every once in a while, and the ones not used > will fade from the group memory. This is a flexible, dynamic system. > > As a starting point I will make up a prefix for each of the sublists > you proposed (if you don't like my prefix, use a different one!): > > ANON: anon/pseudo_cpunks Anoymity/Pseudonymity > REMAIL: remailers_cpunks Remailer Technology > DCNET: dining_cpunks DC Nets > RANDOM: random-cpunks Random Generators > DCASH: digimoney_cpunks Digital Banking > PGP: pgp_cpunks PGP App/Current Info > FLAME:-) ziplips_cpunks Crypto-Censorship > WHISTLE: fweee_cpunks Whistleblowers (The "Keith Peterson Area"?) > MEET: physmtgs_cpunks Physical Meetings/Conferences > > Here are some more: META: discussions on the list about the list > itself, such as this post, or the post I am replying to which suggested > splitting the list. Complaints about high volume, messages saying something > does or does not belong on the list, etc, would use this prefix. > > ANNOUNCE: important messages that everyone may be interested in. > > FRIV: for jokes, parodies, other frivolous posts. > > If a post fits in more than one subject area, the main prefix should > be put first, for sorting purposes. The other prefix(es) would follow, > separated by slashes. For example "PGP/ANNOUNCE: new version available" > or "RANDOM/FRIV: why not just flip coins?". This is in no way mandatory, > it's just a convention that developed on Extropians, and it may be > advantageous to use it, to ease further processing. > > Some other ideas: > > You can use procmail, elm filter, slocal, or any other mail processing > tool to handle messages with different prefixes. > > For example if you are a very busy person, or are reading your mail > over a low-speed link, you may want to save all REMAIL/ANNOUNCE > messages in a "remailers" file, delete all FRIV, META, and FLAME > messages, and for each other prefix, save the message to an > appropriate folder for reading later. > > If you were not interested in discussion, but wanted to keep up > on what's going on, you would have the filter delete all the messages > from the mailin list that do not have an ANNOUNCE: prefix. > > Or, if you have enough time and/or are using a high-speed connection, > you may just sort all the messages by Subject: thereby lumping all the > messages on a subject together. Then you can decide which you are going > to read first, which ones you want to delete, etc. > > If this idea takes off, and most people will start using prefixes, further > evolution of the concept is possible. For example a group of extropians > are developing some software on the list host machine that will let people > customise their subscription, for example choosing not to receive messages > with a certain prefix, not to receive messages that don't have a prefix, > or choosing to receive only some selected prefixes, plus any new prefixes > that come to use. > > All this is sometime in the future. Right now, let's start by just > prefixing each subject line with an appropriate prefix. > > -- > Yanek Martinson > yanek at novavax.nova.edu > I fully support this call for prefixes by subject class. Tony +-----------------+-------------------------------+--------------------------+ | Tony Kidson | ** PGP 2.1 Key by request ** | Voice +44 81 466 5127 | | Morgan Towers, | The Cat has had to move now | E-Mail(in order) | | Morgan Road, | as I've had to take the top | tony at morgan.demon.co.uk | | Bromley, | off of the machine. | tny at cix.compulink.co.uk | | England BR1 3QE |Honda ST1100 -=<*>=- DoD# 0801 | 100024.301 at compuserve.com| +-----------------+-------------------------------+--------------------------+ From babani at cs.Buffalo.EDU Wed Mar 3 08:49:19 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Wed, 3 Mar 93 08:49:19 PST Subject: ANON: Textual analysis In-Reply-To: Message-ID: <9303031648.AA17469@armstrong.cs.Buffalo.EDU> Yanek Martinson stated in the last message: >From cypherpunks-request at toad.com Tue Mar 2 23:06:23 1993 >Subject: ANON: Textual analysis >Reply-To: yanek at novavax.nova.edu >> This reveals a minor and probably obvious weakness of pseudonyms--writing >> styles. > >We probably need "rephrasing remailers" which do some rudimentary >grammar parsing on input text, and randomly substitute equivalent >constructs such as switching active/passive voice, synonyms, changing >the word order where it is insignificant, joining/splitting sentences, That is insane... remailers are not the place where this kind of work should be taking place. If anything the user should run his document that (s)he wants stripped of grammer clues with software designed for that purpose on on his/her own machine. This way, the user can see immediate results. They don't have to wait anywhere from 1 minute to a few days to see the results of the "rephrasing remailer". -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From hughes at soda.berkeley.edu Wed Mar 3 09:01:49 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 3 Mar 93 09:01:49 PST Subject: more ideas on anonymity In-Reply-To: <9303021951.AA26424@memexis.xanadu.com> Message-ID: <9303031658.AA14314@soda.berkeley.edu> >For some things, anonymity is sufficiently valuable that its use >doesn't discredit the source: crime tip-offs, inside corruption >revealing, etc. In many of those cases, however, the source would >need to establish their validity, "Externally verifiable" is the key phrase here. An anonymous allegation that Bush and Barb do unspeakable things their bedroom is much harder to verify than the location of Jimmy Hoffa's bones. The weekly posting for alt.whistleblower will contain an exhortation to include such information as can be verified without requiring the accused party to admit to something. Eric From tytso at Athena.MIT.EDU Wed Mar 3 09:43:12 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Wed, 3 Mar 93 09:43:12 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303031508.AA26458@maggie.shearson.com> Message-ID: <9303031741.AA19535@SOS> Perry: You are right that because of the right free speach, it is impossible to prohibit remailers. However, while I don't believe in prior restraint; but I do believe in personal responsibility. It is certainly true that it is possible to construct a remailer service, using cryptography, such that it would be impossible to trace it back to the original sender. This class of remailer would generally not provide a return address mapping feature, since if the remailer can generate a return path, it can be revealed. There are ways to make it more difficult to reveal, but they still don't make it impossible. So Julf's remailer doesn't fall into this category, but ones where the input and output mappings are destroyed immediately do. So in this model, how can you provide personal responsibility? Well, I would argue that the buck should stop at the remailer site. They are the closest link to the chain of liability, and they have intentionally performed measures which make it impossible find the next link in the chain of liability. So, let the liability rest with the remailer site! Now, I'm not a lawyer, and as far as I know, this legal theory hasn't been tested in a court. So only time will tell what happens when these remailers hit the real world. As far as remailers like Julf's are concerned, I very much like the idea which Tim Moors suggested --- which is to have some method which the identity between the input and output address could be revealed. This provides general anonymity, but one that can be breached when someone has abused that anonymity, as convicted by a jury of their peers. Perhaps the way this could be reflected into the "real world" legal system is that remailers which do keep a mapping between input and output addresses, and which are willing to reveal them under appropriate circumstances, would be exempt from being held liable for what comes out of their remailer. Perhaps these are not the right sets of tools to be used to provide some sort of controls over remailers so that the negative effects of these remailers can be controlled. But it is our responsibility to consider them, and not just pretend they don't exist. I hope we don't have the attitude of "Vonce the rockets go up, who cares vere they come down? That's not my department....." - Ted From hughes at soda.berkeley.edu Wed Mar 3 09:50:26 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 3 Mar 93 09:50:26 PST Subject: implementing positive reputation systems In-Reply-To: <9303022249.AA26686@memexis.xanadu.com> Message-ID: <9303031747.AA17054@soda.berkeley.edu> Dean writes: [emphasis added] >The scheme I always think of when envisioning positive reputation >systems is that I get the feed of __everything I might be interested__ in, >then sort and filter using whatever cleverness I desire. Marc Ringuette's observation about the distinction between content and volume is relevant here. The existence of high-volume noise sources (and let us not call this abuse, merely an undesirable consequence of the more desirable anonymity) means that you may not be able to get everything you might be interested in. Dean suggests filtering at the server. This just pushes the same problems with volume onto the server, which does have some benefit. I too would like to see suggestions. One of the basic problems with the model for internet news and mail transport is the presumption that the receiving side will generally accept everything it is handed. Rejections of transmission are treated as exceptions and not as primary elements of the protocols. In addition, the protocols do not provide, in advance of full transmission, a way for a receiver to determine whether to receive based on message size, receiver, or signature. The two protocols I am specifically referring to are NNTP (RFC-977) and SMTP (RFC-821). (For those of you not in the know about RFC's, that's where all the internet standards are. ftp to nic.ddn.mil in directory /rfc.) SMTP says who the sender is, but doesn't tell you the length of the message or anything else about it. NNTP allows you to receive the header and the body separately, an improvement, but the header can still be arbitrarily long. Each of these protocols, at minimum, should allow the receiver to look at the length of the message before it receives to see if it will accept that message. Likewise, sending other characteristics of a message prior to transmission of the whole would be desirable. Short messages might take less time to transmit than to negotiate, so providing length seems to be the first extension. It seems that you could implement length notification and rejection by only changing some of the informational messages, meaning that changes to the basic protocol and the drastic reworkings of software required could be alleviated. Flooding attacks seem important to prevent, and I think that the underlying protocols should enable this to the extent they can. The second-most useful thing to add to the server are those functions which require examination of the entire message body. I am foremost thinking of the hash function on top of which a signature is generated. Signature checking seems like a proper function for a server as a common resource. This is a separate subject. Eric From ghabrech at ultrix.ramapo.edu Wed Mar 3 09:53:58 1993 From: ghabrech at ultrix.ramapo.edu (Phil_Osfy) Date: Wed, 3 Mar 93 09:53:58 PST Subject: Unsubscribe Message-ID: <9303031756.AA28930@ultrix.ramapo.edu> Please unsubscribe me. I am involved in a few other email groups and my load is way too high. I may resubscribe again, but for now can't handle it. Thanx George ghabrech at ultrix.ramapo.edu From hughes at soda.berkeley.edu Wed Mar 3 10:05:26 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 3 Mar 93 10:05:26 PST Subject: Handling Abuses of Remailers In-Reply-To: <9303030915.AA21640@netcom.netcom.com> Message-ID: <9303031802.AA18266@soda.berkeley.edu> Re: remailer price schedules Tim writes: >I don't know. That's for the market to decide. >This is not a glib answer. While it is not glib, it is also not very useful for planning. As a general rule of thumb, market minima are set by costs, and market maxima are sent by alternatives. Alternatives in this case are alternate transport means, such as fax and snail mail, alternate carriers undertaken pseudonymously, e.g. attmail with a fake id, or free experimental services subsidized by academia and which don't work quite right. Costs are easier to calculate. Cost of a net connection, hardware, staff (i.e. your own) time, and financial transactions (i.e. Visa fees). Make a reasonable assumption that each message takes a certain amount of time to be processed on a certain class of machine (or measure it!), call some vendors (i.e. alternet). My guess on all this is that you could make an awful lot of money at a dime a hop for a less-than-10K message. Sell hops only in packages of a hundred, in order to reduce your finance charges. Eric From cel at citi.umich.edu Wed Mar 3 10:07:19 1993 From: cel at citi.umich.edu (Chuck Lever) Date: Wed, 3 Mar 93 10:07:19 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303031508.AA26458@maggie.shearson.com> Message-ID: <9303031807.AA21650@toad.com> < > From: Theodore Ts'o < > < > Sorry; typo on my part. What I meant to say was "No, I am not arguing < > that free speach is bad." Mr. Metzger was putting words in my mouth < > when claimed that I was saying that. < > < > Anonymity and free speach are *NOT* the same thing. As I posited in an < > earlier message, which no one has yet to comment on, those two concepts < > are not the same thing. < < Yes they are, Ted. They are mathematically equivalent. If I can say < anything, I can say it in code. If I can say anything, I can repeat what < someone else said in code, possibly transforming it. Ta Da, remailers. < < To stop remailers, you will need to stop free speech. Please at least < admit this much. It might be unpleasant, but in a society with no < prior restraints on speech it is likely not possible to stop cryptographic < systems to assure anonymity. let me say that some of this discussion has certainly been mind- bending, and i appreciate having taken part. i would like to add my 2 pfennigs worth. anonymity and free speech are different in precisely this way: that we are free to say what we want doesn't mean we aren't also accountable for what we may say. when we can speak freely *and* anonymously, then we are no longer accountable for what we say. anonymous free speech is a *stronger* form of free speech; this is what i think perry is arguing. however, this stronger form of freedom means individuals are no longer accountable for their words or behavior; this, i believe, is ted's concern. i can see that some members of this list are interested in providing an environment where these fundamentally social issues are solved technically. however, this seems to be an issue which cries out for a social solution, with perhaps a technical implementation. they may be looking to (over)simplify these social issues so that they are *easily* solved technically, and this is where they might be going astray. in our society, for example, there are strong cultural restrictions on what we can say. these are not mandated by law. these are the rules of the game when it comes to existing in a particular culture. an instance of such rules might be "politeness vs. rudeness." accountability can have positive or negative affects. it seems to me that the usefulness of anonymous free speech hinges on whether the speaker should or should not be held accountable for her/his words. i can't find an easy technical way of making possible free speech which is beneficial, but limiting non-beneficial free speech. there may be, however, ways of structuring or socially incorporating anonymous free speech such that the benefial uses are encouraged, and the maleficient uses are reduced. but i feel strongly that the approach will have to be socially, not technically based. i don't think digital cash is a really equitable way of accomplishing this. as soon as economics are involved, individuals will be sucked into classes of "haves" and "have-nots". while markets are good, the effects on individuals can be horrendous, as serious as censorship. are we trying for meritocracy, or for rule based on who has the most dough? accountability is critical to those who can't protect themselves from the government or from other members of society. these are precisely the people who would be burned by such an economic system. this *is* what the media is for, right? From kelly at netcom.com Wed Mar 3 10:18:37 1993 From: kelly at netcom.com (Kelly Goen) Date: Wed, 3 Mar 93 10:18:37 PST Subject: Wasted BAndwidth Message-ID: <9303031817.AA05176@netcom.netcom.com> Forwarded message: > You are right that because of the right free speach, it is > impossible to prohibit remailers. However, while I don't believe in > prior restraint; but I do believe in personal responsibility. It is > certainly true that it is possible to construct a remailer service, > using cryptography, such that it would be impossible to trace it back to > the original sender. This class of remailer would generally not provide Well Ted I am not here to make ad-hominen attacks AND... there are a number of issues raised... Personal responsibility is a choice accepted by the person exercising THEIR right of free speech... it is important to remember that it is #1 and foremost a CHOICE... you CANT force an attitude of personal responsibility > So in this model, how can you provide personal responsibility? Well, I > would argue that the buck should stop at the remailer site. They are > the closest link to the chain of liability, and they have intentionally > performed measures which make it impossible find the next link in the > chain of liability. So, let the liability rest with the remailer site! > Now, I'm not a lawyer, and as far as I know, this legal theory hasn't > been tested in a court. So only time will tell what happens when these > remailers hit the real world. > > As far as remailers like Julf's are concerned, I very much like the idea > which Tim Moors suggested --- which is to have some method which the > identity between the input and output address could be revealed. This > provides general anonymity, but one that can be breached when someone > has abused that anonymity, as convicted by a jury of their peers. > Perhaps the way this could be reflected into the "real world" legal > system is that remailers which do keep a mapping between input and > output addresses, and which are willing to reveal them under appropriate > circumstances, would be exempt from being held liable for what comes out > of their remailer. > > Perhaps these are not the right sets of tools to be used to provide some > sort of controls over remailers so that the negative effects of these > remailers can be controlled. But it is our responsibility to consider > them, and not just pretend they don't exist. I hope we don't have the > attitude of "Vonce the rockets go up, who cares vere they come down? > That's not my department....." > > - Ted > Ted , you seem more concerned with how you and the particular cabal who agrees with you are going to control how others use their machines and software to ensure THEIR right of choice... Sorry but the attitudes you personally espouse just dont wash in the real world...Liability law is civil LAW... in most cases there are NO treaties between countries for laws such as libel... Anonymity will flourish... and in the VERY near future... it wont be dependent on the good-will of a sysadm or a government... there simply WONT be the means to control spread of anonymity tools Your viewpoint brings to mind an OLD saying "Those who would trade a little freedom for security deserve neither" and I apologize if I have misquoted here...I am afraid the scam of social control and responsibilty that you and others such as government practice and espouse is about over... "may you have an Interesting life" cheers kelly p.s. Atlas is shrugging -- From KL62%MARISTB at VM.MARIST.EDU Wed Mar 3 10:23:40 1993 From: KL62%MARISTB at VM.MARIST.EDU (Ryan, Edmund J) Date: Wed, 3 Mar 93 10:23:40 PST Subject: No Subject Message-ID: <03MAR93.14444011.0177.MUSIC@MARISTB> Greetings, Please unsubscribe me. I'd appreciate it if cypherpunks had a digest. It would be easier to handle the mail volume. Virtually, Ed ------------------------------------------------------------------------ - Edmund J. Ryan Major: Computer Information Systems - - KL62 at MARISTB Minor: Computer Science/Business - - Marist College --Cypherpunk--------Extropian------- - - Poughkeepsie, NY --Libertarian-------Voluntarist----- - - - - "Replace taxpayers with shareholders, - - regulators with customers: privatize!" - ------------------------------------------------------------------------ From hughes at soda.berkeley.edu Wed Mar 3 10:40:24 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 3 Mar 93 10:40:24 PST Subject: Let's look at this .... In-Reply-To: <6HNTZB1w165w@sytex.com> Message-ID: <9303031837.AA21712@soda.berkeley.edu> Paul Ferguson asks: "What are cypherpunk priorities?" Here's my list, in order: Technical track: 1. More remailer usage. You can't start rearranging the order of incoming and outgoing messages until you have messages to reorder. Right now routing is still hard, even using a script. Thus priority 1 implies number 2: 2. Outgoing rewriting systems integrated into mailers. Until one can say To: cypherpunks in their mailer and have this turned into a double-hop, fully encrypted message on the way out, I don't think you'll see a huge amount of traffic. 3. Mixing remailers. Until mailers mix, they are extremely vulnerable to network monitoring. Mixing is rearranging the order of incoming and outgoing messages, with a known lower bound on the number of messages it could have been rearranged with. Mixing also requires message size quantization, since reordering is only significant among messages of identical length. Note that this requires a significant volume of traffic per remailer. While this is a high priority, its implementation is not imminent. 4. Positive reputations. The very simplest reputation is a signature claiming identity. Deployment of signature-based communication fora is the first step. Political track: 1. Understand the nature of anonymity now and in the future. We are trying to improve the world, not just change it. It is therefore necessary that we try to the limits our ability to understand the effects of the social changes. 2. Making our arguments public. Once we have convinced ourselves, we have to convince others. This means public participation in conferences such as CFP, in the editorial pages of newspapers, in the IETF meetings, in Usenet newsgroups, and, if necessary, in courts. And a word of advice: Arguments are more effective the fewer shared assumptions between the parties there are. In particular, while you can convice another libertarian with a libertarian argument, you can't convince a socialist with one. Nevertheless, both libertarians and socialists desire open societies and personal privacy. We must base our arguments on deep shared culture if they are going to succeed. 3. Going international. There do and will exist national restrictions on various and different aspects of privacy goals. One can go around many of these restrictions by going around the nation involved. Knowledge is extremely difficult to contain, so let us make more of it, everywhere in the world! 4. Fighting restrictions on cryptography. In the US, that means getting actively engaged in fighting key registration ideas. This means preemptively writing your elected leaders _in advance_ of a specific issue. It also means writing about export restrictions in cryptography. In France, that means raising public awareness on cryptography restrictions and the eventual effects that will have on the open society there. In all countries, it requires vigilance. 5. Increasing awareness of privacy issues. Most think they have nothing to hide. Most also hate it when they get extremely detailed junk mail about their own lives. Teach the defense of privacy. Eric From 74076.1041 at CompuServe.COM Wed Mar 3 10:45:08 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Wed, 3 Mar 93 10:45:08 PST Subject: REMAIL: Juries... Message-ID: <930303173253_74076.1041_DHJ77-1@CompuServe.COM> Tim Moors offers an interesting suggestion that a jury should be used to decide when a remailer operator should pierce the anonymity of an especially egregious poster. But I could see a way this could fail. If a post really is terrible, one might expect the poster to have taken some extra precautions. What if Tim's jury starts up, deliberates, argues, goes back and forth, and finally decides that the real email address of the poster should be revealed. When this is done, it may well turn out that the original email address was forged, or was another remailer which doesn't keep logs! This would mean that no replies to the message would have worked, but if the posting was harmful enough the poster might have been willing to give up the capability to receive private replies (he can always read followup postings on the newsgroup). In a case like this, all the effort on the part of the jury would have been wasted. We should also realize that, in a sufficiently bad case, there may well have been law enforcement involvement, anyway. If the harm is "real world" (not just something net folk would object to) then the jury activity may be superfluous, as court orders could have been used to force the remailer to reveal his mappings. I wonder, though, if Tim's jury could be married with Marc Horowitz's idea to have remailer operators support anonymous posting only from "approved" pseudonyms. Marc's idea was that people would literally buy approval of given digital pseudonyms (e.g. public keys). This approval would be granted by the operator(s) themselves, or buy some other agencies, and would be shown by a public log of signed pseudonymous public keys. Each message through the remailer would have to be digitally signed by one of these approved keys. (The approval process would be _completely anonymous_, that is, there would be _no_ correspondence between real identities and approved pseudonyms.) Then, if someone posted abusive messages, their approval could be cancelled. Their digital pseudonym (e.g. public key) would be removed from the list of approved "nyms" (I like Eli's shorthand). This way they could not post any more, at least unless they were willing to spend more of their hard-earned money to buy approval of another nym. This way we get the parallels to the postal service. If the approval agencies donated their earnings then this would not represent commercialization so it could even be done today. (Another thought along these lines would be to use Karl Barrus' digital bank to buy approval. I'm not sure this would work, but it's worth considering.) One weakness of Marc's proposal was what criteria would be used to yank approval of nyms. A person might be reluctant to pay real money for an approval certificate if he knew that it could be removed just because some blowhard complained about one of his postings. And remailer operators would be constantly forced to make judgement calls (as I gather Julf is today). Perhaps Tim's juries could serve this purpose. People would get their approval certificate removed only upon a jury's recommendation. The jury could even be specified in advance, composed of respected but fair members of the net community. If people had this kind of assurance that their posting privileges would be lost only under a fair system like this, they would be more willing to pay for an anonymous posting certificate. Hal Finney From marc at GZA.COM Wed Mar 3 11:14:10 1993 From: marc at GZA.COM (Marc Horowitz) Date: Wed, 3 Mar 93 11:14:10 PST Subject: Wasted BAndwidth In-Reply-To: <9303031817.AA05176@netcom.netcom.com> Message-ID: <9303031909.AA11228@dun-dun-noodles.aktis.com> (I'm also marc at mit.edu. This is my work account. Anyway....) I think Ted is merely trying to be realistic. Let me put it this way: You tell something embarrasing, but true, about Big Organization With Lots Of Money And Guns (BOWLOMAG). They're not going to *care* that the last remailer on the chain (who will, presumably, be identifiable) wasn't responsible for the message which was sent. They're just going to invade the building the remailing host is in, kill everyone in the room, and destroy the machine, and all the machines around it. If they don't know which is the remailer, they'll just blow up the whole block. They don't care. They're BOWLOMAG. After this happens a few times, remailer operators are going to think twice about passing anything which goes through their site. They don't want to be BOWLOMAG's next victim. And this is exactly what BOWLOMAG wants. Control by fear. Is this a likely scenario? Probably not. But in today's society, the very organizations you are rightly trying to protect yourself against are the ones with all the Money and Guns. And they could care less that it's mathematically impossible for you to monitor messages. They merely want it to stop. Will they blow up buildings? Not likely. But I'm sure for every Steve Jackson Games we hear about, there are other instances we don't. And the Secret Service is a much easier target than the CIA. >> Personal responsibility is a choice accepted by the person exercising >> THEIR right of free speech... it is important to remember that it is >> #1 and foremost a CHOICE... you CANT force an attitude of personal >> responsibility You can't force and attitude of personal responsibility, it is true. But you can still make people be responsible for their actions. Even if you don't think libel or slander is wrong, if I know who you are, and I can prove it, I can still sue you. As long as people are slinging quotes around: Liberty means responsibility. That is why most men dread it. - George Bernard Shaw, Liberty The sole end for which mankind are warranted, individually or collectively, in interfering with the liberty of action of any of their number, is self-protection. - John Stuart Mill, On Liberty, ch.1 People who want complete anonymity, without any way to make people answer for they actions, seem to want liberty without the responsibility. And, they would remove my ability to protect myself, by hiding the identity of my attacker. Is this what we want? Pseudonymity has its place in a free society, but there *must* be bounds on it. The recent idea of digital juries is a good one. (Maybe it's not new; I like it anyway.) This is better than trusting the government. I do not advocate censorship. I advocate responsibility. Marc From fen at genmagic.genmagic.com Wed Mar 3 11:20:06 1993 From: fen at genmagic.genmagic.com (Fen Labalme) Date: Wed, 3 Mar 93 11:20:06 PST Subject: Handling Abuses of Remailers Message-ID: <9303031918.AA00242@> > Re: remailer price schedules > > My guess on all this is that you could make an awful lot of money at a > dime a hop for a less-than-10K message. Sell hops only in packages > of a hundred, in order to reduce your finance charges. Geeez, Eric! I'd think a penny a hop would be a pretty high price... And given that most messages go through two hops, then you'd really be giving your 2 cents worth! Note that there can be about 50 cypherpunks messages a day -- if each went through 2 hops at $0.10 / hop, as you proposed, that would be $10 / day in revenues for the remailers. Seems like a lot to me. I would support the idea if I felt that the system would quiet the flame wars, but I think rather it would simply quiet the poor... Fen From fen at genmagic.genmagic.com Wed Mar 3 11:24:03 1993 From: fen at genmagic.genmagic.com (Fen Labalme) Date: Wed, 3 Mar 93 11:24:03 PST Subject: Let's look at this .... Message-ID: <9303031922.AA00249@> fergp at sytex.com (Paul Ferguson) writes: > The one topic that _does_ interest me is the nonsensical fodder > stemming from a post regarding the (actual?) governmental > consideration to license keys. That just drops my carrier. > This is probably the one reason why I tolerate the wasted bandwidth > here -- there are many powerful souls amongst you (us) who can keep this > bullshit from happening. Me too. It's not the only topic of interest to me, but one that I feel strongly about. Is there any suggested action that we can take? Fen From hughes at soda.berkeley.edu Wed Mar 3 11:42:43 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 3 Mar 93 11:42:43 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303031741.AA19535@SOS> Message-ID: <9303031939.AA26579@soda.berkeley.edu> Ted writes: >[...] but I do believe in personal responsibility. I do not think this is an entirely forthright self-assessment. >It is certainly true that it is possible to construct a remailer >service, using cryptography, such that it would be impossible to >trace it back to the original sender. Let me call that strong anonymity. Let me also call the possibility for revealment weak anonymity. >So in this model, how can you provide personal responsibility? Well, I >would argue that the buck should stop at the remailer site. They are >the closest link to the chain of liability, and they have intentionally >performed measures which make it impossible find the next link in the >chain of liability. So, let the liability rest with the remailer site! I interpret you to mean that it is not personal responsibility for speech that you want, but the existence of someone to sue. The placement of liability on the remailer does not directly affect what the anonymous sender is going to say. The assignment of liability has, foremostly, legal consequences. The way I see that it will increase personal responsibility for speech is to make the legal climate (in the U.S., at least) impossible for strong anonymity. By eliminating strong anonymity, you can ensure that their anonymity is only conditionally revealed. Now, you haven't directly stated that you think that strong anonymity shouldn't exist. If this is what you think, plase say so directly. You can then make whatever argument you wish to support this position, but I, for one, would like to argue against clearly stated positions. >Now, I'm not a lawyer, and as far as I know, this legal theory hasn't >been tested in a court. So only time will tell what happens when these >remailers hit the real world. No, not only time will tell. This seems like an important enough point to legislate into existence before a court test. And for those with objections to making legislation, remember that the issue will be resolved publicly by law, but by lawyers in the courts. How about something like the following: "Speech made anonymously will carry a presumption of falsity in all consideration of tort resulting from said speech." >Perhaps these are not the right sets of tools to be used to provide some >sort of controls over remailers so that the negative effects of these >remailers can be controlled. One can eliminate the negative effects by eliminating the positive ones as well. I do believe strong anonymity to be one of these benefits. Eric From hughes at soda.berkeley.edu Wed Mar 3 11:51:22 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 3 Mar 93 11:51:22 PST Subject: Let's look at this .... In-Reply-To: <9303031922.AA00249@> Message-ID: <9303031948.AA27241@soda.berkeley.edu> Re: key registration >Me too. It's not the only topic of interest to me, but one that I feel >strongly about. Is there any suggested action that we can take? We have received word on the list about publications in both IEEE Spectrum and Communications of the ACM of Dorothy Denning's key registration proposals. What can we do? Flood their mailboxes with thoughful outrage. Eric From tcmay at netcom.com Wed Mar 3 11:52:34 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 3 Mar 93 11:52:34 PST Subject: REPS: Filters Against Unwanted Messages Message-ID: <9303031950.AA18115@netcom.netcom.com> Attached below is a message wherein the author advertises in his .sig this item: "(anon. postings not read)" Simple, but it gets the point across. Expect to see more such declarations. In my off-line newsreader, Eudora, (which ironically is also the subject of the message attached below--must be a plot), it's easy enough to mark all the stuff from some anonymous site for deletion. Such "filters" are a basic kind of positive reputation system and are in use in many places. Some on this list have asked for this kind of filtering to be incorporated (somehow) into NetNews readers. Maybe this will come someday, but for now the best approach is to simply not read anonymous postings, if that's important to you. I want to also describe an important use of filters: Publishers almost never accept unsolicited material. Manuscripts "thrown over the transom," as the saying goes, are returned _unopened_ or sometimes just thrown away. And the publishers are careful to publicize this fact. Why? Mainly to head off charges that they or one of their writers "stole" an idea. Merely by opening the manuscript's envelope, they are exposing themselves, potentially, to lawsuits from would-be authors who claim to see elements of their ideas in someone else's "Movie of the Week" or Great American Novel. So publishers and editors scrupulously refuse to look at unsolicited manuscripts. (I have heard, anecdotally, that the onset of electronic submissions is causing them great distress. Without the option of "returned unopened," what are they to do? Various cryptographic solutions suggest themselves...this could be a small niche market for some cypherentrepreneur to fill, and could also be a way to get some P-K and reputation-filtering software out in the world.) Some forms of crypto-extortion can be handled the same way. (I described this approach to Dean Tribble a while back.) Simply advertise widely--like in your .sig--that you do not read messages unless they come from known sources. Would-be extortionists ("Deposit 10 kilocrypts in this account or I will do X") come to realize that they cannot easily contact their victim. To be sure, other channels exist (anonymous postal mail, phone calls, routing through other sources, etc.), but the lack of a direct channel makes the initial threat harder to issue. It's a kind of crypto speed bump. This approach, "I don't listen to extortion threats," is akin to "We don't negotiate with hostage takers." Far from perfect, but still a "damping" force. -Tim Here's the posting I cited earlier: >Newsgroups: netcom.general >Path: netcom.com!pfeiffer >From: pfeiffer at netcom.com (Kevin Pfeiffer) >Subject: Re: EUDORA for DOS? >Message-ID: <1993Mar3.171249.26738 at netcom.com> >Organization: Pfeiffer Design Assoc. >X-Newsreader: TIN [version 1.1 PL8] >References: <1993Mar3.062411.9712 at netcom.com> >Date: Wed, 3 Mar 1993 17:12:49 GMT > > You might look into pceudora... Can't speak for it, but Eudora (Mac) >seems well-designed. No matter what seems to break my connections (me, the >phone company, etc.) Eudora (and unix) leaves my mail intact at Netcom. >Knock on wood. >-- > * Kevin Pfeiffer (anon. postings not read) * >-- From tcmay at netcom.com Wed Mar 3 12:22:27 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 3 Mar 93 12:22:27 PST Subject: Handling Abuses of Remailers Message-ID: <9303032020.AA21829@netcom.netcom.com> (Sorry, Cypherpunks, for the ">" in this message--I made the classic mistake of sending this message only to Fen, hence this forwarded form. I'll try to watch this in the future!) >Fen Labalme believes Eric's "penny a hop" is still too expensive, especially >for "the poor": > >>Geeez, Eric! I'd think a penny a hop would be a pretty high price... And >>given that most messages go through two hops, then you'd really be giving >>your 2 cents worth! >> >>Note that there can be about 50 cypherpunks messages a day -- if each went >>through 2 hops at $0.10 / hop, as you proposed, that would be $10 / day in >>revenues for the remailers. Seems like a lot to me. >> >>I would support the idea if I felt that the system would quiet the flame >>wars, but I think rather it would simply quiet the poor... >> >>Fen > >You don't have to support the idea, Fen, you just have to open your own >remailing node! If you think you can do it more cheaply--perhaps subsidizing >the costs from your other income, or perhaps just doing it as charity--you are >completely free to do so. > >The "liquidity" of remailer hops (with the "Mark V" software that handles the >grunge automatically) will be quite interesting to see. Some will go for >minimum cost (one cheap hop), others will route messages through dozens of >hops. > >Services will arise which "rate" the quality of remailers, in terms of >pricing, security, latency, message sizes accepted, past experiences, etc. > >Bandwidths are increasing so rapidly and computer hardware is getting so >cheap, that I doubt even the poorest of the poor, in the U.S. at least, will >be unable to send these kinds of messages. The costs of transmission are just >so trivial compared to other costs that even poor people routinely pay. > >(Whether the poor and downtrodden will _want_ to participate in this Brave New >World is another matter. My guess is they will.) > >-Tim From babani at cs.Buffalo.EDU Wed Mar 3 13:04:40 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Wed, 3 Mar 93 13:04:40 PST Subject: ANON: My remailer Message-ID: <9303032103.AA26981@armstrong.cs.Buffalo.EDU> Due to circumstances beyond my control, I have had to take down the remailer that is running in my account. (read: If I put it back up again... my account will be taken away.) I only got a brief message from the system administrator stating "Running anonymous remailers is against University policy." Thus, since my account is more important (considering I need it for projects and the like...) than a remailer, I have taken it down. I'd appreciate it if you spread the word. -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From eknipp at lobo.rmhs.colorado.edu Wed Mar 3 13:11:46 1993 From: eknipp at lobo.rmhs.colorado.edu (Ethan Knipp) Date: Wed, 3 Mar 93 13:11:46 PST Subject: PGP: Help! Message-ID: <9303032107.AA17969@lobo.rmhs.colorado.edu> Not to be stupid, but could somebody email me a plainspeak (Ok, I know some UNIX- I'm not *that* outta it) msg on what exactly pgp is, how to use it, and a copy of it. Thanx -- T'han The Unbeliever | "Fear is the mind killer."- Dune eknipp at lobo.rmhs.colorado.edu | Nobody believes what I say. | Laugh when life sucks. It helps. Future Autopian | From tytso at Athena.MIT.EDU Wed Mar 3 13:28:39 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Wed, 3 Mar 93 13:28:39 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303031939.AA26579@soda.berkeley.edu> Message-ID: <9303032127.AA19605@SOS> Date: Wed, 3 Mar 93 11:39:32 -0800 From: Eric Hughes >So in this model, how can you provide personal responsibility? Well, I >would argue that the buck should stop at the remailer site. They are >the closest link to the chain of liability, and they have intentionally >performed measures which make it impossible find the next link in the >chain of liability. So, let the liability rest with the remailer site! I interpret you to mean that it is not personal responsibility for speech that you want, but the existence of someone to sue. Sorry for not being clear; I was merely speculating on how the Real World might react to the presense of remailers. I actually think this might be a reasonable response, and perhaps even a likely one. Let's cast this into a physical world example. Suppose someone has developed a system which will allow someone to broadcast, over a bullhorn, at 150db, in your neighborhood. Suppose further that said system will allow anybody to broadcast over that source, at either free or at 10 cents a minute, in such a way that it is impossible to track down the source. Now suppose that this bullhorn (which is located on private property) starts spewing announcements and other people exercising their right of free speach, at all hours of the day and night. Now, then, let us explore the this example. In this example, is it reasonable to presume that it is each individual houseowner's responsibility to put up soundproofing, to protect themselves from unwanted noise? If so, why? Why not? And if the people of the neighborhood decided to get together and sue someone, who would be the likeliest target? Does this example apply to the remailer issue? Well, their are certainly examples that go both ways. For example, if you receive junk mail, you just throw it out. On the other hand, if you receive crank calls, you are entitled to call your phone company, and they will make an attempt track down the crank caller and turn over his identity to the police, with the charge of harassment. Now, you haven't directly stated that you think that strong anonymity shouldn't exist. If this is what you think, plase say so directly. You can then make whatever argument you wish to support this position, but I, for one, would like to argue against clearly stated positions. Whether or not it "shouldn't exist" is somewhat irrelevant, don't you think? If people really want to put them up, they're going to exist. In retrospect, it was a mistake for me to point out that it might be a bad idea to make that sort of services available, since I doubt any of the anonymity salwarts have been listening to me anyway. (It sometimes certainly as seemed like no one has really be listening to me, as some of the accusations of my being a censorship lover and being associated with some evil cabal (tm) seem to attest.) Some of my less than thoughtful outbursts were caused by my exasperation at how people were obviously not listening, and who were responding by name-calling and arguments that were completely beside the point. I apologize for those outbursts. In any case, I don't believe the benefits of strong anonymity are worth the negative consequences, and that most of the benfits of strong anonymity are also provided by weak anonymity. Hopefully, if strong anonymity does have the bad effects I fear, there will be ways for our society to correct for them --- for example, holding the administrators of the remailers liable for the damage caused by the remailers. This may not be the case, given things like international boundaries. But it is probably unproductive to argue about whether or not this will or will not happen. Time alone will tell. "Speech made anonymously will carry a presumption of falsity in all consideration of tort resulting from said speech." One can pass legislation proclaiming this to be the case; legislation has been passed declaring PI to be 3. The question is whether or not this is a really a true statement the way the human mind works in general. While tort law often seems to bear little or no resemblence to the outside world, it is supposed to based on the real world. This is why when someone is suing someone else for Libel, English Common Law states that you have meet three standards: (a) the statements must be false, (b) the speaker must have know the statements were false, and spoke them with malicious intent, and (c) real damages were incurred. (And that is what the plaintiff is sueing to recover for.) If what you say is true, that human beings have a presumption against believing statements made anonymously, then test (c) will fail automatically; no real damage would have occurred. In this case, the legislation is simply not needed. On the other hand, if it is true that people will believe statements made anonymously, and so real damage can be done as a result, then the person who has been wronged should have every right to obtain compensation for those damages. That's what the tort system is all about. - Ted From dclunie at pax.tpa.com.au Wed Mar 3 13:56:04 1993 From: dclunie at pax.tpa.com.au (David Clunie) Date: Wed, 3 Mar 93 13:56:04 PST Subject: ANON: My remailer Message-ID: <9303032153.AA17736@britt> > I only got a brief message from the system administrator stating > "Running anonymous remailers is against University policy." What they probably mean is it is against their system administrator's policy ! I would be very surprised if the governing body of the university had a policy regarding this ! Not that you are in a position to argue of course. david From nowhere at bsu-cs.bsu.edu Wed Mar 3 14:29:42 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Wed, 3 Mar 93 14:29:42 PST Subject: ANON: My remailer In-Reply-To: <9303032153.AA17736@britt> Message-ID: <9303032218.AA03614@bsu-cs.bsu.edu> >What they probably mean is it is against their system administrator's >policy ! I would be very surprised if the governing body of the >university had a policy regarding this ! > >Not that you are in a position to argue of course. > >david Uhg... This is not a good sign. My remailer is running on a university computer system as well. I have been trying to get a SLIP connection for the past few months for my 386BSD system so that I can take part of the load off of their system and provide anonymity on my local hardware. The sysadmin don't know about my remailer and I am trying to keep them from finding out. Right now, my mail volume is so high that those messages are cloaked by the rest of my incoming and outgoing mail. Plus, it isn't used that much. I have approval for my mail servers, because we worked out a modification to slow down my program so it wouldn't flood the system with sendmail processes. Unfortunately, I don't have approval for the remailer, but at the same time, there has been no mention of it. In the login banner, it says, "This system will be monitored for unethical and malicious behavior." That sort of leaves it up to them to decide whether or not to shut down the remailer and they can just give a quick "it's not ethical" reason. Luckily, they like me. :) In the long run, I am working on a solution, but money is tight. Otherwise, I would have a T-1 coming directly into my house and all would be fine; well at least better. Enough rambling--I'm sorry to see a remailer demise and hope that mine will not fall under the unethical clause here. If I find a solution, you will be the first to know. Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU, CHALL at CLSV.Charon.BSU.Edu (317) 285-3648 after 5 pm EST From julf at penet.FI Wed Mar 3 14:52:32 1993 From: julf at penet.FI (Johan Helsingius) Date: Wed, 3 Mar 93 14:52:32 PST Subject: ANON: Re: Handling Abuses of Remailers In-Reply-To: <9303031918.AA00242@> Message-ID: <9303032301.aa28689@penet.penet.FI> > Note that there can be about 50 cypherpunks messages a day -- if each went > through 2 hops at $0.10 / hop, as you proposed, that would be $10 / day in > revenues for the remailers. Seems like a lot to me. Uh... If anon.penet.fi charged $0.10 / message for the 3000 messages a day it's curently handling that would give me $9,000/month - no problem upgrading the hardware! ;-) But... > I would support the idea if I felt that the system would quiet the flame > wars, but I think rather it would simply quiet the poor... *Quiet* the flame wars? I can already hear them scream "and he is even getting *money* from terrorizing the net!!" ;-) I think anon.penet.fi will have to remain a for-free, public service... Julf From root at rmsdell.ftl.fl.us Wed Mar 3 14:54:23 1993 From: root at rmsdell.ftl.fl.us (Yanek Martinson) Date: Wed, 3 Mar 93 14:54:23 PST Subject: ANON: un-filterable pseudonyms Message-ID: > In my off-line newsreader, Eudora, (which ironically is also the subject of > the message attached below--must be a plot), it's easy enough to mark all > the stuff from some anonymous site for deletion. This is only possible if there are few, well known, anonymous sites, and/or if all anonymous aliases look similar, such as an1234. How do you know if KSDF32 at KMUVAX is an anonymous address, or a real user login? I also expect to see pseudonyms that look like real names. I don't think it would be too hard to pick a random first and last name from a list of real names, and create a From: line like jsmith at someplace.edu (John Smith) which will look just like a regular address. Even the remailers that don't create reply-able aliases could generate random real-looking From: lines, just to make the posts look non-anonymous. The only possible solution would be to ignore all messages not from addresses you trust. This is basically the "don't talk to strangers" policy. -- Yanek Martinson yanek at novavax.nova.edu From elee9sf at Menudo.UH.EDU Wed Mar 3 15:16:15 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Wed, 3 Mar 93 15:16:15 PST Subject: REMAIL: updated list Message-ID: <199303032314.AA24899@Menudo.UH.EDU> (I intend to send this message to the list about once a month, or when "emergencies" arise) -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: The list of cypherpunk remailers known to me: 1: hh at pmantis.berkeley.edu 2: hh at cicada.berkeley.edu 3: hh at soda.berkeley.edu 4: nowhere at bsu-cs.bsu.edu 5: ebrandt at jarthur.claremont.edu 6: hal at alumni.caltech.edu 7: remailer at rebma.mn.org 8: elee7h5 at rosebud.ee.uh.edu 9: phantom at mead.u.washington.edu 10: hfinney at shell.portal.com 11: remail at extropia.wimsey.com NOTES: #1-5 no encryption of remailing headers #6-11 support encryption of remailing headers #2 requires remailing request to appear in header #11 requires text to be encrypted along with remailing request #7,#11 introduce larger than average delay ============================================================ Q2: How do I use the cypherpunk remailers? A2: Instructions and helper scripts are available via anonymous ftp at soda.berkeley.edu (128.32.149.19) in the pub/cypherpunks directory. hal's.instructions instructions on how to use the remailers scripts.tar.Z various Unix scripts to assist remailer use anonmail.arj various MSDOS batch files to assist remailer use /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK5U6XoOA7OpLWtYzAQEuJgQAx3qgMv9ZTG0LXWuaUgfT+27NB9gQAFga 8f3L4Ew41JlaIqXAUqo8JUra9NjE9Xrgg5DFN31j1pTiGZOdCUc0qzq+R8Tvw8iC ujWvWKkoVExrPQqyArh+DSDeJdfykopL2I0W7NF0Z66Y13h89aNF1NN6H2W3Pf+I naWmJL6Oxd8= =S3XH -----END PGP SIGNATURE----- From elee9sf at Menudo.UH.EDU Wed Mar 3 15:37:49 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Wed, 3 Mar 93 15:37:49 PST Subject: SOCIETY: crypto impact Message-ID: <199303032336.AA26450@Menudo.UH.EDU> Like any new technology, selling crypto to the public will be difficult at first. I'll bet the telephone, something so vital to today's society it is difficult to imagine functioning without it, was tough to get going. PROPONENT: "Just imagine the service and convenience!" OPPONENT: "What services and conveniences? I visit the people I want to talk to and conduct my business withing 5 miles of home." At the time there were no neat services or conveniences. Buying into new technology will cause resistance, since people are not going to miss what they do not have. However, I think some crypto technology will be easier to sell than others. It should be easy to convince people of the need for good encryption, the kind that can protect you or your company's financial information, mail, ideas, etc. Also, digital signatures and authentication techniques should face little resistance. Now, anonymous remailers and other privacy methods will be a little harder :-) (witness the debate over anonymous speech occuring right now!) On a related note, it is amazing how much information about you exists. Did anyone else watch a PBS documentary about this (sorry, I can't remember the name of it)? In the report, a writer researched how direct mail marketing departments seek out infomation - from going to the county court house and obtaining property and deed information, to using census information to classify your living habits, professional organizations you belong to, catalogs for mailing lists of various interests, etc. Some supermarkets were even testing a system in which your purchases (scanned by the bar code reader) are saved and indexed by your credit card or check! Banks could then sell this extremely valuable information to direct mail houses. /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From hughes at soda.berkeley.edu Wed Mar 3 16:05:11 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 3 Mar 93 16:05:11 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303032127.AA19605@SOS> Message-ID: <9303040002.AA25892@soda.berkeley.edu> I thank Ted for such a clear reply. He writes: >Sorry for not being clear; I was merely speculating on how the Real >World might react to the presense of remailers. I actually think this >might be a reasonable response, and perhaps even a likely one. This was the other interpretation I came up with, yet it did not seem as likely to me as the one I assumed. Excuse me if I ever implied you were a freedom-hating, Dorothy-Denning-loving crypto-fascist. ;-) Yes, there are plenty of large organizations who sue at the drop of a hat. Yes, it is likely that remailer operators would get sued. I do think, however, there are legislative and judicial defenses. >Let's cast this into a physical world example. [anonymous bullhorn example deleted] The place that this example breaks down is that silence is a commons, and a communications network is not. Society finds it profitable to break up control of land into ownerships. It is not, on the other hand, profitable to do so with airspace as a sound-carrying medium, because the cost of shielding, in addition to being expensive, looks awful. Thus sound has remained a commons wherein all maintain an interest equal to their proximity. A communications network, however, is an artifact, _i.e._ an object created by design and technology. As such it has no status as commons unless the owners agree to grant it such. One might argue that the aggregate actions of backbone sites create such a commons. Granted, but the fact remains that the transmission of data in a particular way or in a particular form or structure is not fundamental to the medium. Like any other artifact, it can be changed. Furthermore, the analogy of shouting at the neighbors does not accurately reflect the facts of reception. The sound from a loudspeaker cannot be silenced except with great expenditure and loss of sightline. The speech of an anonymous posting source can be easily silenced with filter. There is a salient difference in effort here. The loudspeaker example is that of an additive medium; all sounds come over the same channel. A telecommunications network, however, is on the other end of the spectrum; every message comes in separately. The electronic medium is the most separable there is. Filtering is not possible for the loudspeaker; it is easy for the messages. And again, no one requires a carrier to carry anonymous messages. Practically speaking, you might easily end up with a situation like the alt.* hierarchy, where only certain subnets agree to exchange anonymous traffic. I suspect this is inevitable in the short term. >On the other hand, if you receive crank >calls, you are entitled to call your phone company, and they will make >an attempt track down the crank caller and turn over his identity to the >police, with the charge of harassment. But the phone company is not held liable when the call was made from a pay phone. >Whether or not it "shouldn't exist" is somewhat irrelevant, don't you >think? If people really want to put them up, they're going to exist. I don't think it is irrelevant. If we allow each person unlimited personal freedom, that freedom include the freedom not to cooperate with those one disagrees with. Since the power of groups is larger than the power of individuals, there is no such thing as unlimited personal action. To wit: "You may do what you like, but I don't have to help, and I may actively hinder you." >In any case, I don't believe the benefits of strong anonymity are worth >the negative consequences, and that most of the benfits of strong >anonymity are also provided by weak anonymity. Here is where we differ. I do believe that strong anonymity is desirable. I believe that weak anonymity is undesirable for the same reason that I believe key registration is undesirable. (That said, I think weak anonymity is not nearly as dangerous as key registration.) The similarity is this: that an action performed in expectation of one setting (privacy or anonymity) is later found to have been performed in another. [re: legislative protections of anonymous speech.] >One can pass legislation proclaiming this to be the case; legislation >has been passed declaring PI to be 3. The question is whether or not >this is a really a true statement the way the human mind works in >general. A law which states that from now on that pi will be three does not change the actual ratio of the circumference to the diameter. A law which says that certain facts of a situation are to be considered in a certain way in a court of law does, in fact, change the way those facts are considered. If someone makes a claim and it is rejected because of protecting legislation, then even if the person was offended, the law still says there is no redress. If you declared that claims of offense are to be disallowed, then they are disallowed, regardless of whatever perceived or even actual harm there is. Can such legislation could be passed? There's the rub. We can certainly work for it. >While tort law often seems to bear little or no resemblence to >the outside world, it is supposed to based on the real world. It is meant to describe society's reaction to the facts of the real world, not to describe the facts themselves. >On the other hand, if it is true that people will believe statements >made anonymously, and so real damage can be done as a result, then the >person who has been wronged should have every right to obtain >compensation for those damages. Any such legislation would not claim that people did or did not believe them. It would state that regardless of whether they did or not, that as a matter of public policy it would not matter. Your statement begs the question of whether anonymous speech can cause "real damage." I will leave this to another discussion. Eric From hughes at soda.berkeley.edu Wed Mar 3 16:22:08 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 3 Mar 93 16:22:08 PST Subject: SOCIETY: crypto impact In-Reply-To: <199303032336.AA26450@Menudo.UH.EDU> Message-ID: <9303040018.AA28660@soda.berkeley.edu> >Like any new technology, selling crypto to the public will be >difficult at first. I'll bet the telephone, something so vital to >today's society it is difficult to imagine functioning without it, was >tough to get going. For an interesting look at this, see _When Old Technologies Were New_; I've forgotten the author. It's about electrification and the telephone. And remember, just because there's opposition, it could still be a bad idea! :-) Let's not get too self-congratulatory here. >On a related note, it is amazing how much information about you >exists. [...] Some supermarkets were even testing a >system in which your purchases (scanned by the bar code reader) are >saved and indexed by your credit card or check! It really is unsettling. There is, in fact, a speculative market in personal information. Some of these companies doing supermarket systems had the collection systems developed, and then went looking for customers. Eric From sasha at ra.cs.umb.edu Wed Mar 3 16:48:27 1993 From: sasha at ra.cs.umb.edu (Alexander Chislenko) Date: Wed, 3 Mar 93 16:48:27 PST Subject: META/PERSONAL: Thanks for mailing. Message-ID: <199303040047.AA05134@ra.cs.umb.edu> I am grateful to both people who sent me the mail I lost; I don't think I have a right to disclose their identity ;-) but I am grateful to them anyway, as well as to all those who might want to send it to me later - please don't - too bad I'll never know your names... Thanks anyway! BTW, I missed the point when people started using prefixes in message titles; was there an 'official' suggestion for it? Alex. From wcs at anchor.ho.att.com Wed Mar 3 18:04:54 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Wed, 3 Mar 93 18:04:54 PST Subject: PGP: informal faq for eknipp Message-ID: <9303040204.AA12596@anchor.ho.att.com> Eknipp asked for an overview of PGP; my reply to him bounced, but it's of enough possible general use that I'm inflicting it on the list. It's rough and rambling, but believe it if you need it...., and please send me any corrections if there are offensive errors. The details of corporate relationships regarding PKP and RSA are especially haphazard. Thanks; Bill -- "He wouldn't have wanted that _thing_ walking around with his name on it" ------ well, here's a rough overview and definitions, ignore the parts you know already. You can get a proper faq by ftp from rsa.com, in the directory pub/faq. Cryptography = writing stuff only authorized people can read. Real crypto depends on algorithms that are secure as long as the Bad Guys don't know the keys, even if they know everything else. Most of the interesting stuff depends on mathematical processes that take exponential amounts of time, so a 56-bit key would take 2**56 attempts to guess - you can't guess it a bit at a time in 56 steps. Factoring large numbers is believed to take roughly expontential time. M = plaintext message Cyphertext C = E(k, M), E = encryption function, k = key. Plaintext M = D(k, C) ITAR - International Traffic In Armaments Regulations - the US has a bunch of laws about exporting munitions, and crypto hardware and software count as munitions - algorithms are OK, but our Benevolent Govt KNOWS that foreigners aren't bright enough to turn algorithms into code. Lots of flamewars discuss exactly the boundaries, and the laws are contradictory about which bureaucrats are really in control, but nobody's wanted to get thrown in jail for arms dealing badly enough to force a court case .... Appears to apply to importing crypto also, though that hasn't been something anybody's made a big deal about. Other countries besides the US may have major restrictions as well. Alice and Bob - the people sending messages to each other. Eve may be eavesdropping, and Charlie may be around also, Secret-Key Cryptosystem, also called Symmetric-key or private-key - the same key k is used for E and D, or at least a closely related key that's easy to derive if you know the other one. DES = Data Encryption Standard = IBM/NSA-designed secret-key system, very widely used, keys 56 bits long which may be a bit short, some people worry there may be an trapdoor put there by NSA, but if I told you I'd have to kill you :-) Banks use it, for instance. IDEA - a Swiss-written secret-key system, maybe more secure than DES, newer anyway. Patented in Switz but not US, easy licensing. Public-Key CryptoSystem - Encryption key ke and Decryption key kd are related, but in a way that you can't determine kd knowing only ke. ke is called the public key and kd the private key - you can publish ke where everyone can see it and encrypt stuff to mail to you, you can decrypt with private key kd. (If you want to reply, you've got to get their public key.) Public-key algorithms are pretty slow, so generally people use create a random secret key, encrypt their message with a secret-key algorithm like DES, and encrypt the secret key with the recipient's public key; recipient decrypts the secret key with his private key, then uses it to decrypt the message. Digital Signatures - if you can do public-key crypto, then you can do the reverse as well to sign a message - you *decrypt* the message with your private key, and the recipient encrypts it with your public key - if it restores the original message, she knows it's good and knows that *you* sent it, because only you have your private key. For speed, you normally make a "hash" checksum of the message, and sign the hash instead of the whole thing. Some public-key algorithms can only be used for encryption, some only for signatures, some for both but you need different keys. MD-4 and MD-5 - Message Digest hashing algorithms from (?) Rivest, which are thought to be unforgeable, unlike the CRC checksums used by many programs which are easily forged. RSA - A public-key algorithm developed by Rivest, Shamir, and Adelman. It's the only well-known public-key algorithm that does everything everybody wants, including signatures and public-key, that's secure enough that you can't crack it as long as you use reasonably long keys. Unfortunately, it's patented in the US, by Public Key Partners, a company R, S, A, and friends started that owns most of the interesting patents related to public-key. On the other hand, to avoid having the NSA classify their patent right when they applied (the NSA can do that), they published the algorithm before applying, which means that it's public-knowledge in most of the world and you can't patent it there, even in places that do allow algorithm patents. Their claims about what techniques their patents cover are *very* broad; if you want to do anything public-key related in the US, you've got to deal with them or carry a BIG lawyer, and so far everybody's chosen to deal with them rather than risk a long expensive difficult court case, or else chosen to ignore or infringe their patent but not sell their products for cash, and hoped to get away with it. RSAREF - an RSA implementation from PKP, which you may use free for personal non-commercial use as long as you agree to follow a set of rules that are much less restrictive than they used to be; you can't export it outside the US and Canada, and can't change the interface without their permission, and a few other terms. Better implementations of RSA's algorithms have been done, but you can use this one free, with their permission. Or you can pay them money and get support for incorporating their techniques into your products. Key certification - Public Keys are usually long - RSA keys are often 1024 bytes. Public keys crypto is only secure if you can be SURE you have the public key for the person you're trying to send a message to, like Bob, and that Eve hasn't handed you HER public key instead - she could be intercepting all your mail to Bob, decrypting it, and re-encrypting with Bob's key. So you need to find a secure way to transmit public keys, where "secure" means it can't be forged without you knowing about it (though anybody can read them.) Publishing in the New York Times classified ads is one approach, as is any other broadcast method you can be SURE everyone gets correctly. Another method is to use digital signatures - somebody you trust, whose public key you can be sure you know accurately, gets Bob's public key from Bob, and signs it with their public-key. Since not everybody knows somebody who knows Bob, the problem can be handled by a chain or hierarchy of key certifications - Charlie signs Bob's, Dave signs Charlie's ... and You know Xerxes yourself. Or George Bush signs all the general's keys, the generals all sign the keys for the colonels under them, the colonels sign for the majors under them, .... and you can check some sergeant's key because it's got a certificate from his lieutenant on up to Bush, and Bush's key is in the Phone Book. PGP - Phil's Pretty Good Privacy program - a nice packaging of this technology that can be used easily to prepare secure email. The original version used RSA and a choice of DES or a home-brew secret-crypto system; the current version uses RSA and IDEA. For certification, the method is non-hierarchical - you have a "keyring" containing public keys you know, maybe with certificates, and you can sign the ones *you* trust and give your signed keyring to your friends. Hierarchies imply the potential for control; this is cooperative anarchy, and there's no chain of people you HAVE to obey to exchange keys. When PGP version 1 first came out, RSA yelled at Phil Zimmerman, the author, and told him he was risking patent infringement lawsuits and such if he didn't cease and desist, so he's no longer distributing it. But some of those SNEAKY FOREIGNERS *somehow* got a copy, and so ongoing development of PGP is taking place outside the US, unhindered by patent problems. Version 2.1 is out, 2.2 real soon. Parts of PGP are probably not covered by PKP's patents, and parts are clearly not covered by ITAR, but some parts are a problem. RIPEM - Mark Riordan's public-key email system, which uses RSAREF to do RSA, so it's legally kosher but not exportable, and is related to the internet Privacy Enhanced Mail stuff that was being developed for a while. Still real new, but probably Pretty Good also; I seem to remember its key certification was more hierarchical. ---- More PGP info - PGP was originally written for a DOS environment (there are problems trusting any system you don't totally control, and it's tough to say you totally control a multi-user system), but it's been ported to lots of things by now, including UNIX and some early Mac ports (work is in progress to make the Mac port feel like Mac-stuff rather than Unix-stuff.) You can get the source, compile it, play with it, and do anything you want that doesn't infringe PKP's patent, so remember not to use it to exchange keys with anyone or send them mail unless you've got a licensing agreement..... Once it's compiled, type pgp -h to get help, and/or read the documentation. Where to get things: The fun place to shop is nic.funet.fi, by anonymous ftp, but if you telnet to an archie server like archie.rutgers.edu (login as archie) you can ask it wher to find anything. Using a US site would be potentially better legally, and also cuts down on the bandwidth used between here and Finland.... Bill Stewart From shipley at merde.dis.org Wed Mar 3 18:13:48 1993 From: shipley at merde.dis.org (Peter &) Date: Wed, 3 Mar 93 18:13:48 PST Subject: a /etc/magic for the unix file command Message-ID: <9303040209.AA02043@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 782 bytes Desc: not available URL: From babani at cs.Buffalo.EDU Wed Mar 3 18:15:47 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Wed, 3 Mar 93 18:15:47 PST Subject: ANON: anon policy of UB Message-ID: <9303040214.AA09381@armstrong.cs.Buffalo.EDU> Here is a copy of the policy that my system administrator was refering to: From: gerland at ubvmsb.cc.buffalo.edu (James R. Gerland) Subject: UCS Computing Usage Policy. Date: 16 May 90 19:56:27 GMT CONDITIONS OF USE OF THE COMPUTING CENTER FACILITIES Academic Computing Services University Computing Services State University of New York at Buffalo March 4, 1988 The use of University at Buffalo academic computer systems by members of the university community is authorized by Academic Computing, University Computing Services. All classes of users (students, faculty, and staff members) have equal privileges and equal access to the Computing Center's facilities, and all have the responsibility to use the Computing Center's services in an effective, efficient, ethical, and legal manner. Every computer account issued by University at Buffalo is the responsibility of the person in whose name it is issued. As a result, acquiring an account in another person's name, or using an account without the explicit permission of the owner and the full knowledge of Academic Computing will be considered to be theft of services, and will be dealt with according to the "Student Rules and Regulations" and/or Chapter 514 of the New York State Penal Law. It is mandatory that the owner of an account be careful to keep the account secure by keeping the password secret, changing the password often, and reporting to Academic Computing when anyone else is using the account without permission. Authorized Use As a condition for use of the Academic Computing systems, all users are expected: (1) To respect the privacy of others. For example, users shall not intentionally seek information on, obtain copies of, or modify files or passwords belonging to others. (2) To respect the integrity of the University at Buffalo computing systems. For example, users shall not intentionally develop or use programs that harass other users, infiltrate a computing system, or damage or alter the software components of a computing system. (3) To not develop programs or use any mechanisms to alter or avoid accounting for the use of computing services or to employ means by which the facilities and systems are used anonymously or by means of an alias. For example, users shall not send messages or mail, or print files which do not show the username of the user using the system or which exhibit a username other than that of the sender. (4) To respect the legal protection provided by copyright and licenses held by the Computing Center. For example, users shall not make copies of a licensed computer program to avoid paying additional license fees. (5) To use the accounts only for University related purposes. For example, users shall not authorize individuals who are not associated with the University to use an account nor use the academic computers for non-university related work, without prior arrangements with Academic Computing. Violation of these conditions, i.e., unauthorized use of another person's account, tampering with other users' files or passwords, or harassment of other users is certainly unethical and possibly a criminal offense. Whenever Academic Computing becomes aware of a possible violation of these conditions, Academic Computing will initiate an investigation. In order to prevent further unauthorized activity, Academic Computing may suspend the authorization of computing services to the individual. Confirmation of unauthorized use of the facilities may result in the closing of accounts permanently, billing for computer time used for non-university endeavors, disciplinary action, and/or legal action. Responsible use Users are expected to use computing resources in a responsible and efficient manner consistent with the instructional, research, and administrative goals of the University. Users are expected to refrain from engaging in deliberately wasteful practices such as printing large amounts of unnecessary listings, performing endless unnecessary computations, or unnecessarily holding public terminals, tape drives, dial- up phone lines for long periods of time when others are waiting for these resources. In addition, the playing of games or using networks for purely recreational purposes when others are waiting for terminals represents irresponsible use of the equipment. Academic Computing prefers not to act as a disciplinary agency or to engage in policing activities. However, in cases of unauthorized or irresponsible behavior, Academic Computing does reserve the right to take remedial action, commencing with an investigation of the possible abuse. Users, when requested, are expected to cooperate in such investigations. -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From honey at citi.umich.edu Wed Mar 3 18:24:15 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Wed, 3 Mar 93 18:24:15 PST Subject: You Aren't [I'm Not] Message-ID: <9303040224.AA01178@toad.com> Date: Wed, 3 Mar 93 12:41:48 -0500 From: Theodore Ts'o Subject: Re: You Aren't [I'm Not] ... I don't believe in prior restraint; but I do believe in personal responsibility ... ... in this model, how can you provide personal responsibility? ted, when you say you favor personal responsibility, do you mean "i am in favor of people acting responsibly," which i take to be the sense of the first quote, or do you mean "i want there to be a way to hold people responsible for their actions," which i take to be the meaning of the second? (i favor the former, but am undecided about the latter. not that anyone asked ...) peter ps: pardon my wild excerpting; i hope it doesn't obscure. From babani at cs.Buffalo.EDU Wed Mar 3 18:27:29 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Wed, 3 Mar 93 18:27:29 PST Subject: ANON: My remailer In-Reply-To: <9303032218.AA03614@bsu-cs.bsu.edu> Message-ID: <9303040226.AA10720@armstrong.cs.Buffalo.EDU> Chael Hall stated in the last message: >From cypherpunks-request at toad.com Wed Mar 3 17:44:33 1993 >From: nowhere at bsu-cs.bsu.edu (Chael Hall) >To: dclunie at pax.tpa.com.au (David Clunie) >>What they probably mean is it is against their system administrator's >>policy ! I would be very surprised if the governing body of the >>university had a policy regarding this ! > Uhg... This is not a good sign. My remailer is running on a >university computer system as well. I have been trying to get a SLIP I know that the remailer I was running wasn't the biggest kept secret, however, I made sure not to mention it to too many local people. I wonder if my sysadmin found out thru mail-logs or thru a pgp key server or somebody told him or what? I guess I'll never find out. > Enough rambling--I'm sorry to see a remailer demise and hope >that mine will not fall under the unethical clause here. If I find Chael, it might be wise to check out exactly what your "university's" policy concerning this is... before it's too late! -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From trump at pluto.ee.cua.edu Wed Mar 3 18:51:18 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Wed, 3 Mar 93 18:51:18 PST Subject: what is all o f this talk Message-ID: <9303040251.AA06498@pluto.ee.cua.edu> well i dislike this argument of anon remailers etc being bad or what not because people can threten or what not wiht it... this argument is pretty bogus since i could do the same thing from an inactive hacked account... but thats my haypenny also what is the true to life name of Unix's passwd encryption program of scheem ??? Louis From i6t4 at jupiter.sun.csd.unb.ca Wed Mar 3 18:58:53 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Wed, 3 Mar 93 18:58:53 PST Subject: a /etc/magic for the unix file command In-Reply-To: <9303040209.AA02043@merde.dis.org> Message-ID: Just a note... to save people some time... The fields for those additions to the magic file must be seperated by TABs.... --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger On Wed, 3 Mar 1993, Peter & wrote: > # pgp hacks > 0 short 0x9900 pgp key public ring > 0 short 0x9501 pgp key security ring > 0 string -----BEGIN\040PGP pgp armored data > >15 string PUBLIC\040KEY\040BLOCK- public key blocK > >15 string MESSAGE- message > >15 string SIGNED\040MESSAGE- signed message > >15 string PGP\040SIGNATURE- signature > # From i6t4 at jupiter.sun.csd.unb.ca Wed Mar 3 19:40:36 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Wed, 3 Mar 93 19:40:36 PST Subject: A anon remailer addressing suggestion In-Reply-To: <9302281755.AA13087@soda.berkeley.edu> Message-ID: I 'm way behind on my cypherpunks mail.. I just hope this hasn't been recently discussed... How about implimenting an anonymous remailer where the return address is some sort of hash to the original id... maybe based on time or count of messages from that id, or something... Thus, two messages sent from the same person would have "differnt" return addresses... and you would never really keep an anonymous id... it would be constantly changing... but you could always be reached, even at your "previous" addresses... This would beg for some sort of pseudonym option, in case you wanted a stream of your messages to appear to come from the same person (granted with diff addresses). This could even be taken one step further, to include a small portion of your original message in any replies... but thats probably bit too much... :-) crude example: From: anonabcdefghijklmnopqrstuvwxyz0123456789 at remailer.anon Subject: An idea ^^^^ Some weird has to return address From: anonabcdefghijkl0123456789zyxwtsrqponm at remailer.anon Subject: A second idea ^^^^ A new hash for a new mail message Am I just blowing hot air... or is this a worthwhile idea? --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger From tytso at Athena.MIT.EDU Wed Mar 3 20:28:12 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Wed, 3 Mar 93 20:28:12 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303040002.AA25892@soda.berkeley.edu> Message-ID: <9303040426.AA24707@SOS> Date: Wed, 3 Mar 93 16:02:00 -0800 From: Eric Hughes A communications network, however, is an artifact, _i.e._ an object created by design and technology. As such it has no status as commons unless the owners agree to grant it such. One might argue that the aggregate actions of backbone sites create such a commons. Granted, but the fact remains that the transmission of data in a particular way or in a particular form or structure is not fundamental to the medium. Like any other artifact, it can be changed. True, like any other artifact, it can be changed. But then again, someone could try to change the status of sound as a "commons" as well. Perhaps the real problem is that there are a large number of people who are currently using mailing lists and Usenet newsgroups with the expectation that there are currently existing controls on the signal-to-noise levels and protection against mail bombs, which are being enforced by simple standards of personal (or at worse, site) accountability. So in affect, the common usage of these colections of sites has created a "commons" which you are proposing to take away. As an artifact, certainly that can be changed; and you are proposing that we change them. But then, who should bear the cost of this change? To bring this back to the house/anonymous bull horn analogy, that would be like deciding cease considering sound (or rather lack of sound) a commons, and expecting each home owner, who up until now enjoyed the relative peace and quiet of their neighborhood, to pay the cost of losing their sightlines, and needing to put up expensive shielding. Maybe there are good, sound, policy reasons for making this change. But out of fairness, one would think that the agents of change should be prepared to bear some of cost of that change. Without that, the homeowners will not be bought into such a change, and you can hardly blame them for resisting. Wouldn't you, in similar situations? And again, no one requires a carrier to carry anonymous messages. Practically speaking, you might easily end up with a situation like the alt.* hierarchy, where only certain subnets agree to exchange anonymous traffic. I suspect this is inevitable in the short term. Well, this really can only happen if a carrier can easily distinguish anonymous messages from non-anonymous messages. Out of fairness, I would argue for putting in a standard header which clearly labels a message as being anonymous, so that carriers can have the choice of whether or not they want to carry that message. Given the earlier discussion of doing filtering at the server level, this seems to fit right in. >On the other hand, if you receive crank >calls, you are entitled to call your phone company, and they will make >an attempt track down the crank caller and turn over his identity to the >police, with the charge of harassment. But the phone company is not held liable when the call was made from a pay phone. True; but the phone company is a common carrier. The networks today aren't. This could be changed by legislation, and that's something I would support, for networks. However, I doubt that such legislation would actually extend as far as protecting hosts on a network, such as remailer sites. It might happen, but it would definitely be a much harder sell. >On the other hand, if it is true that people will believe statements >made anonymously, and so real damage can be done as a result, then the >person who has been wronged should have every right to obtain >compensation for those damages. Your statement begs the question of whether anonymous speech can cause "real damage." I will leave this to another discussion. You misunderstand my argument. My argument is that if anonymous speech doesn't cause "real damage", then your proposed legislation isn't necessary, since real damage is a requirement for a successful libel action. On the other hand, if it does cause "real damage", then your proposed legislation would prevent someone who had been damaged from obtaining redress. So I would argue that such legislation would be bad public policy. - Ted From dclunie at pax.tpa.com.au Wed Mar 3 20:56:53 1993 From: dclunie at pax.tpa.com.au (David Clunie) Date: Wed, 3 Mar 93 20:56:53 PST Subject: ANON: My remailer Message-ID: <9303040454.AA18059@britt> > I know that the remailer I was running wasn't the biggest kept secret, > however, I made sure not to mention it to too many local people. I > wonder if my sysadmin found out thru mail-logs or thru a pgp key > server or somebody told him or what? I guess I'll never find out. Why not just ask him/her ? And while you are at it, you could ask them why they developed such a policy. Though you are obviously obliged to respect it, there is no harm in asking them what their rationale is ... it would be nice to know whether the policy was adopted on purely theoretical grounds or whether they were responding to a specific pattern of misuse. I also noticed that the policy you posted made no reference to the privacy of plaintext email, or its lack thereof. david From deltorto at aol.com Thu Mar 4 03:27:38 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Thu, 4 Mar 93 03:27:38 PST Subject: FWEE!: Whistleblower progress update Message-ID: <9303040630.tn06635@aol.com> Gang, First off, since I have just now been able to process some of the couple hundred msgs in my box, I'd like to respond to a good idea... >>From: yanek at novavax.nova.edu >> >> [good stuff removed] >> >>The solution is the use of prefixes in Subject: lines. When you post, >>prefix your Subject: line with a short "tag" such as "ANON:", >>"DCNET:", "PGP:", "DCASH:", or others. Excellent idea, Yanek, I like the elegance of it very much. However, I prefer to label all my Whistleblower posts with "FWEEE:" rather than the mundane "WHISTLE:" and besides, it's shorter. :-) Other than that, I like your suggestions,e and here are my (short) ones (marked with "-"): ANON: Anoymity/Pseudonymity -MIX: Remailer Technology DCNET: DC Nets RANDOM: Random Generators DCASH: Digital Banking PGP: PGP App/Current Info FLAME: Crypto-Censorship -FWEE!: Whistleblowers (T he "Keith Peterson Area"?) -MTGS: Physical Meetings/Conferences -------------- OK, now Whistleblowers --------------- Secondly, I suppose that everyone has by now heard about Bill Clinton's 800 numbers for government waste whistleblowers and anyone else to call. A great idea, and I applaud him for it (it'll keep Al Gore out of trouble for a while), but it's "kid stuff" compared to the picture I have in my mind for our Whistleblowers anonymous remailer system. Eventually, I would like to see anon msgs (some encrypted) alerting specific investigators about assassinations, military cost overruns, govt sex scandals, private sector insider trading and all sorts of other nefarious goings-on. This is gonna be GREAT! We're gonna "rock the world" of the rats out there. Over the next few weeks, I will post some plans like the one below for all of you to comment on. Among these will be a phased roadmap which will hopefully diagram for all Cypherpunks what needs to be done to get a true anon remailer up and running and populate it with juicy tidbits. Make no mistake, this is no small job: it will require a team effort. Prepare to be called on for small jobs, and feel free to refuse if the work is out of your league of if you haven't enough time. It'll get done: the People are counting on us. For now, we are in Phase 1: planning, design & data acquisition. Data Acq'n: I am now working on a database which will eventually cover all of Congress, the Executive, the Judiciary and the Pentagon. As noted before, this db will list email addresses wherever possible. Many Congresspeople do not currently have email, so we may even assist our elected officials in the process of getting looped in. We will send out our initial offers to some highly placed people to visit the Whistleblowers list and sign on, get a key and start paying attention. Phase 2 will be to spec out the remail and produce a preliminary set of instructions to be sent out with the invitation to participate. Phase 3 will be the initial remailer implementation and testing. Phase 4 will involve getting a few press and activist people to log on and get used to PGP and the whole idea. I expect by then that we may already have some whistles being blown. Later Phases will be discussed as I think of them, this is a rough preliminary sketch intended for comment. FYI: several Congressperson's offices have drooled audibly over the prospect and may contribute resources or assistance to our effort. I tend to think we should do this ourselves to avoid any sort of indebtedness to any official entity. In addition, a local SF TV news service has expressed real interest in getting a copy of PGP (DOS), so I will soon post a request for someone to supply that to a certain address (stay tuned). Again, I want to stress the importance of a central repository of all PGP versions for distribution for non-profit purposes such as being able to sign on to this list. The importance of ensuring that the software at this site is not compromised in any way is crucial, just to state the obvious. More later. Hope to see people at CFP and the Modern Times bookstore gig on Sunday. dave|evad PS: In future, I will be receiving mail from the Cypherpunks list at . any personal msgs can still be sent to me at . -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1e mQCNAitfCt4AAAEEANk+zWV0Z1tnxsJm25BAvH2NI68RbNOaumDofJgVUL9BePQI HNNbOdu4gAmhcEXMvFVwu3vju4nh9qnzz7lYpw5Yh6TcgVI+vb9OsljfAR+ibhDN j5ParKfwZ+mexOCAfrgdt1z71XLY588qxs70ha6u76dvxUsdw6HBOF9KrwDlAAUT tCJEYXZpZCBEZWwgVG9ydG8gPGRlbHRvcnRvQGFvbC5jb20+ =YGwT -----END PGP PUBLIC KEY BLOCK----- From avalon at coombs.anu.edu.au Thu Mar 4 04:21:01 1993 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Thu, 4 Mar 93 04:21:01 PST Subject: Diffie-hellman Message-ID: <9303041219.AA28412@coombs.anu.edu.au> Does anyone know of any 'sample code' that can be ftp'd from around the place or anything which uses it ? From tytso at Athena.MIT.EDU Thu Mar 4 05:56:13 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Thu, 4 Mar 93 05:56:13 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303040224.AA01178@toad.com> Message-ID: <9303041354.AA25816@SOS> From: Peter Honeyman Date: Wed, 3 Mar 93 21:22:27 EST ... I don't believe in prior restraint; but I do believe in personal responsibility ... ... in this model, how can you provide personal responsibility? ted, when you say you favor personal responsibility, do you mean "i am in favor of people acting responsibly," which i take to be the sense of the first quote, or do you mean "i want there to be a way to hold people responsible for their actions," which i take to be the meaning of the second? Yes, I mean the second interpretation; what generally tends to happen is that without the second, generally the first deteriorates over time. And "holding somone responsible for their actions" doesn't necessarilly mean throwing someone in jail, or sueing them for lots of money --- it can be as simple as their knowing that what they say can be traced back to them, and their own personal credibility is on the line. (As opposed to some pseudonym's credibility, which can always be discarded and a new one requested.) - Ted From honey at citi.umich.edu Thu Mar 4 06:51:18 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Thu, 4 Mar 93 06:51:18 PST Subject: You Aren't [I'm Not] Message-ID: <9303041451.AA15191@toad.com> Date: Thu, 4 Mar 93 08:54:56 -0500 From: Theodore Ts'o And "holding somone responsible for their actions" doesn't necessarilly mean throwing someone in jail, or sueing them for lots of money --- it can be as simple as their knowing that what they say can be traced back to them, and their own personal credibility is on the line. ted, do you think today's nets offer this assurance? i certainly do not. peter From pbreton at cs.umb.edu Thu Mar 4 06:54:30 1993 From: pbreton at cs.umb.edu (Peter Breton) Date: Thu, 4 Mar 93 06:54:30 PST Subject: SOCIETY: crypto impact In-Reply-To: <199303032336.AA26450@Menudo.UH.EDU> Message-ID: > On a related note, it is amazing how much information about you > exists. Did anyone else watch a PBS documentary about this (sorry, I > can't remember the name of it)? In the report, a writer researched > how direct mail marketing departments seek out infomation - from going > to the county court house and obtaining property and deed information, > to using census information to classify your living habits, > professional organizations you belong to, catalogs for mailing lists > of various interests, etc. Some supermarkets were even testing a > system in which your purchases (scanned by the bar code reader) are > saved and indexed by your credit card or check! Banks could then sell > this extremely valuable information to direct mail houses. Check out the books "Privacy for Sale" and "The Naked Consumer" for thorough treatments of this topic. Or read the *.privacy groups for a while.... Peter From tytso at Athena.MIT.EDU Thu Mar 4 07:40:37 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Thu, 4 Mar 93 07:40:37 PST Subject: Encrypted voice protocol? Message-ID: <9303041539.AA25836@SOS> People may find this very interesting..... the Pro Audio Spectrum 16 soundboard can play and record sound at the same time; as far as I know, this is the only commercially available board on the market that will do this. (Commercially available is important, because it means that people would be able to purchase said board cheaply, or perhaps alreadydy have.) So for roughly $200 US, and a little software, it should be possible to put together something that would do encrypted voice communications over the network. Is there any interest in developing some sort of standard protocol and software to do encrypted, compressed voice communications over TCP/IP? I can think some obvious design constraints right away; it should be device independent, which means it needs to be able to support multiple sampling rates, and negotiate sampling rates, in case one side as a limited range of sampling rates to choose from. It should support both multiple private and public key encryption algorithms, as well as multiple choicese of compression technologies. We'd probably want to have a core set of algorithms that everyone would be expected to support, for the sake of interoperability, and allow for people to experment with more powerful encryption/compression techniquese. And finally, for obvious reasons, at least one implementation should be developed in a non-COCOM country. :-) Is this something that people would be interested in working on? - Ted ------- Forwarded Message From: "Linux Activists" To: "Linux-Activists" Reply-To: "Linux-Activists" X-Note1: Remember to put 'X-Mn-Key: SOUND' to your mail body or header Subject: Linux-Activists - SOUND Channel digest. 93-2-4-3:1 X-Mn-Key: SOUND Sender: owner-linux-activists at joker.cs.hut.fi Date: Thu, 4 Mar 1993 08:25:39 +0200 From: hsavolai at cs.Helsinki.FI (Hannu Savolainen) Subject: Preliminary GUS driver available Date: Thu, 4 Mar 1993 02:29:29 +0200 Hi folks, There is a very early testing version of the GUS (Gravis Ultrasound) driver available at klingon.epas.utoronto.ca (the GUS archive site) in directory pub/pc/ultrasound/submit. This version contains a simple API which makes it possible to write applications for GUS under Linux. Since there is no such applications yet, this is just a hacker's release. *** This is just a pre pre pre alpha version. I will release an official version after a couple of months. The official and supported version is 1.0 which you propably have already *** Additionally this version contains some changes for SB and PAS users. It is for example possible to record and play at the same time with PAS16 (there is a new devicefile (/dev/dsp1 (minor 19)), whic is connected to the SB DSP emulator of PAS. ...... ------- End Forwarded Message From tytso at Athena.MIT.EDU Thu Mar 4 07:57:30 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Thu, 4 Mar 93 07:57:30 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303041451.AA15191@toad.com> Message-ID: <9303041556.AA25853@SOS> From: Peter Honeyman Date: Thu, 4 Mar 93 09:49:10 EST Date: Thu, 4 Mar 93 08:54:56 -0500 From: Theodore Ts'o And "holding somone responsible for their actions" doesn't necessarilly mean throwing someone in jail, or sueing them for lots of money --- it can be as simple as their knowing that what they say can be traced back to them, and their own personal credibility is on the line. ted, do you think today's nets offer this assurance? i certainly do not. Not completely, no. But to a certain extent, yes. It is generally much more difficult to get a new account on a (same or differemt) computer system, then it is to get a new pseudonym assigned to you by a remailer, or to generate a new public/private key pair. So if you drag your email identity through the mud, you are damaging yourself. If today's nets did not have this characteristic, why are people building remailers in the first place?!? The answer, of course, is that they do have this effect. And, of course, if someone is truely abusive --- or perhaps isn't being intentially malicious, but by accident started a mail loop of some kind, perhaps involving a buggy vacation program --- you can always send mail to the postmaster of his/her site. There are definitely controls on undesireable behavior (whether intentional or non-intentional) which get lost when you move to a remailer based system. - Ted From honey at citi.umich.edu Thu Mar 4 08:05:18 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Thu, 4 Mar 93 08:05:18 PST Subject: You Aren't [I'm Not] Message-ID: <9303041605.AA16665@toad.com> ted, i think that with just a little of the right technical stuff, it is very easy to establish a nym in today's nets. e.g., if you buy a cheap unix box, it comes with uucp, so you can hook up to one of many anonymous uucp sites. that's easy. i know of several slip/ppp endpoints that aren't password protected. more every day, in fact. that's easy. perhaps it's this easy with fido. the point of remailers is to enable this technology to the technologically challenged. (as well as to explore the technical and social space that nyms define.) peter From tytso at Athena.MIT.EDU Thu Mar 4 10:26:19 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Thu, 4 Mar 93 10:26:19 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303041605.AA16665@toad.com> Message-ID: <9303041824.AA26578@SOS> From: Peter Honeyman Date: Thu, 4 Mar 93 11:03:53 EST ted, i think that with just a little of the right technical stuff, it is very easy to establish a nym in today's nets. e.g., if you buy a cheap unix box, it comes with uucp, so you can hook up to one of many anonymous uucp sites. that's easy. Buying a unix box and finding a UUCP connection is still a lot more effort than getting a new anonymous remailer pseudomnym. It certainly costs a lot more money! And if you continuously mailbomb someone, the victim still has the (somewhat tenuous) recourse of asking the upstream uucp site to cut off the miscreant. There are controls to reduce how much someone can abuse the network. i know of several slip/ppp endpoints that aren't password protected. more every day, in fact. that's easy. And if those endpoints were abused, the owners of said endpoints would probably clamp down and protect them. (If they're used too much, they'd probably clamp down anyway, since presumably they didn't pay good money for those resources to give them away free to anyone who can dail up to them.) There are controls to reduce how much someone can abuse the network. You seem to be proposing that all such controls be removed. - Ted From honey at citi.umich.edu Thu Mar 4 10:44:15 1993 From: honey at citi.umich.edu (peter honeyman) Date: Thu, 4 Mar 93 10:44:15 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303041824.AA26578@SOS> Message-ID: <9303041844.AA19612@toad.com> > Date: Thu, 4 Mar 93 13:24:58 -0500 > From: Theodore Ts'o > > There are controls to reduce how much someone can abuse the network. they are no more stringent than those employed by remailer operators. > You seem to be proposing that all such controls be removed. you are reading me wrong. peter From babani at cs.Buffalo.EDU Thu Mar 4 10:55:51 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Thu, 4 Mar 93 10:55:51 PST Subject: PGP: removed from UB Message-ID: <9303041854.AA04739@armstrong.cs.Buffalo.EDU> This message came to me immidatly after I requested the sysadmin here at UB to upgrade to PGP to version 2.1 Do I need to explain this? ---------Begin Included Message----- Organization: University at Buffalo Date: Tue, 2 Mar 1993 00:20:53 GMT Path: acsu.buffalo.edu!ub!pjg From: ACSU Staff Subject: UNIX Change Notice -- pgp removed Product: pgp Version: 2 Systems: UCS public suns Change: removed Contact: pjg at acsu.buffalo.edu Effective: 2-March-93 Notes: given the questionable legal status of the PGP software it has been removed from UCS supported areas. people interested in authentication/privacy should use ripem. -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From nobody at rosebud.ee.uh.edu Thu Mar 4 11:09:55 1993 From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu) Date: Thu, 4 Mar 93 11:09:55 PST Subject: FLAME: Defending unpopular views Message-ID: <9303041909.AA20077@toad.com> >From John Stuart Mill, On Liberty, 1859: [I]f any opinion is compelled to silence, that opinion may, for aught we can certainly know, be true. To deny this is to assume our own infalliabilty .... [T]hough the silenced opinion be an error, it may, and very commonly does, contain a portion of truth; and since the general or prevailing opinion on any subject is rarely or never the whole truth, it is only by the collision of adverse opinions that the remainder of the truth has any chance of being supplied .... [E]ven if the received opinion be not only true, but the whole truth; unless it is suffered to be, and actually is, vigorously and earnestly contested, it will, by most of those who receive it, be held in the manner of a prejudice, with little comprehension [of] or feeling [for] its rational grounds. From eichin at cygnus.com Thu Mar 4 11:11:40 1993 From: eichin at cygnus.com (Mark Eichin) Date: Thu, 4 Mar 93 11:11:40 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303041824.AA26578@SOS> Message-ID: <9303041910.AA28103@cygnus.com> > i know of several slip/ppp endpoints that aren't password protected. more > every day, in fact. >probably clamp down anyway, since presumably they didn't pay good money >for those resources to give them away free to anyone who can dail up to I was wondering about that -- I kind of assumed that Peter meant "real" endpoints that were unprotected because they provided service that way. For example, UUNET has (had?) a 1-900-GETSRCS (or something like that) UUCP dialin, the phone company mediated money handling, uunet didn't care who you were -- but as far as I know it would only allow file transfer. Are there any slip/ppp/uucp+rmail points that are "open" that aren't likely to dry up if they get widely announced? If so, please announce them! _Mark_ From honey at citi.umich.edu Thu Mar 4 11:20:21 1993 From: honey at citi.umich.edu (peter honeyman) Date: Thu, 4 Mar 93 11:20:21 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303041910.AA28103@cygnus.com> Message-ID: <9303041920.AA20297@toad.com> > Are there any slip/ppp/uucp+rmail points that are "open" that > aren't likely to dry up if they get widely announced? If so, please > announce them! no can do -- in fact, i regret opening my mouth in the first place. (i should have used a nym!) peter From nowhere at bsu-cs.bsu.edu Thu Mar 4 12:05:00 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Thu, 4 Mar 93 12:05:00 PST Subject: ANON/ANNOUNCE: Sysadmin Policies at Universities (and high schools) In-Reply-To: <9303041854.AA04739@armstrong.cs.Buffalo.EDU> Message-ID: <9303042001.AA11479@bsu-cs.bsu.edu> > >This message came to me immidatly after I requested the sysadmin here >at UB to upgrade to PGP to version 2.1 Do I need to explain this? > > Notes: given the questionable legal status of the PGP software > it has been removed from UCS supported areas. people > interested in authentication/privacy should use ripem. It sounds like someone needs to take a stand against the UCS policies at Buffalo or else they are going to go farther and farther... Trust me, that is happening on this campus too. I used to go to high school here on the other end of campus. It was a new HS when I started (first graduating class) so they had a lot to learn. I walked in, found the manager of the LAN and other sundry computer duties, and told him, "I would like to help you out in any way I can. I would suggest enlisting my help, because you don't want me on the other side." I thought it was kinda cute with the right balance of cockiness... Well, he didn't enlist my help... He gave up coordination of the LAN after a lot of student troubles and the next guy was a real tyrant. If it weren't for the work of five "lab supervisors" (i.e. student assistants to the sysadmin) the system would have fallen last year. I was one of the five and we worked very hard to keep the students' interests in mind while steering policy to an open and simple system. Now that we are gone, they made the policy more restrictive step by step. A student presumably got access to the sysadmin's account and changed all of the Novell stuff around so that the students were sysadmin but the sysadmin couldn't get into the network at all. (oops) Now they have gone to a closed lab policy: each person has to run his/her student ID through a scanner, gets assigned a computer, and is watched like prey. Any files that have "questionable" content or are named "unsuitably" are deleted and the student loses his/her account for a few days. They are suspending kids for a week just because they bypass the program that lets the sysadmin view their screen. Granted, this LAN is owned and operated by the school, but they would not set a policy even when we proposed one to them that was in their favor (at the time). So, the policy changes from day to day and the students, being the oppressed, get the short end of the stick. I have taken myself out of the situation as much as I can... Strangely, I now work for the university's LAN support group, but they know better than to assign me to jobs dealing with the HS. The students have no voice there--I realize that minors do not have freedom of speech, but grievances should be heard and policy should be decided in an unbiased way. I disagree with some of what the students are doing, but I abhor the policy (or lack thereof) of dealing with "crimes" by the students. If you want to let Buffalo take a turn for the worse as far as policy goes, then don't say anything about their decisions. I would NONviolently oppose whatever you think is not right. The questions I have for you are: how do you get an account on their system? If every student is given one (like our VMS system at BSU) then they will likely not take it away if you fight for your rights. If you have to request the account and they disable them as soon as you no longer "need" them, you should be careful about which channels you use... I would have friends complain for you. :) Do it anonymously through a remailer... No matter what, if you are passive, you'll lose. Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From nowhere at bsu-cs.bsu.edu Thu Mar 4 14:14:13 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Thu, 4 Mar 93 14:14:13 PST Subject: ANNOUNCE/ANON: Posting in alt.cyberpunk Message-ID: <9303042210.AA22524@bsu-cs.bsu.edu> For those who do not read alt.cyberpunk, I found an interesting article that I think is applicable to cypherpunks. Chael Hall --- Begin forwarded message Newsgroups: alt.cyberpunk Subject: internet and security Message-ID: From: strake at coos.dartmouth.edu (strake) Date: 3 Mar 93 02:18:51 GMT a request to all you folks out there. I am thinking of doing a research type paper on the internet and security. More to the point, I'm interested in how the internet users themselves view security. If internet and security strike some cord in you, please send me some email about your babblings. My goal is to get a general impression about how the people who use the net feel about the security measures that exist or may soon exist and whether or not they are a help or a hindrance to the net and its use. For the rest of you on a more specific note, here are some questions that hopefully will get your creative juices flowing. Do you think the internet is secure? What types of security measures would you like to see put in place? In an ideal world, how would security work? What would be protected? What kinds of measures would you need to gain access to the information? Should the DES be the standard for encryption? Do you think access should be restricted? (period, should all information just b e free?) Do you like people who make anonymous postings? Should a human have _any_ part of the anonymous servers? What do you think of Hackers? Do you like them? Are the a benefit? What do you think of the NSA, FBI, CIA, and everything else government related? If you knew how to hack into your bank account and change the amount of money yo u had, would you? If you have an answer to one (or all or anything in the middle) of these questions please email me back with your answer. Help me pass my classes and graduate. *grin* -- strake at dartmouth.edu its not pop, its not coke, its not soda. where I'm from its a 'soedaher' From nowhere at bsu-cs.bsu.edu Thu Mar 4 14:41:08 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Thu, 4 Mar 93 14:41:08 PST Subject: ANNOUNCE/ANON: Posting in alt.cyberpunk In-Reply-To: <9303042210.AA22524@bsu-cs.bsu.edu> Message-ID: <9303042237.AA24507@bsu-cs.bsu.edu> FYI, my personal responses: >Do you think the internet is secure? Nope... There are lots of "security holes" discussed in alt.hackers and related places. >What types of security measures would you like to see put in place? I don't think much security is necessary... If you must have some, let's make sure terrorists can't bomb the computer systems between me and the outside world so that my Internet work can get done. :) >In an ideal world, how would security work? What would be protected? >What kinds of measures would you need to gain access to the information? Well, I think each user should have a "public" area and a "private" area. Public stuff can be seen by anyone wandering by. That could be the casual observer using anonymous FTP or NFS mount or someone local to your system. Private stuff should be kept away from the sysadmin's eyes as well... There is no good way to do this, of course. I would like either of the following scenarios: sysadmin has a laissez-faire attitude to my files and how I use the system or sysadmin can't see or control either of the above. >Should the DES be the standard for encryption? No. >Do you think access should be restricted? (period, should all information just b >e free?) What I want protected should be protected and what I want available should be available. Right now, I have difficulty making what I have available to others. At the same time, I don't have enough quota to do any kind of work (my account is full with PGP 2.1, the remailer, and my mail. >Do you like people who make anonymous postings? On an individual basis, I like some and dislike some. >Should a human have _any_ part of the anonymous servers? Yes, the human should be there to answer questions and reboot the server when it hangs. :) >What do you think of Hackers? Do you like them? Are the a benefit? I like them and I think that much of the work that has been done for the good of the community has been done by hackers. I think it is important to be able to finger a soft drink machine at a university in another state. :) I vigorously agree that they are beneficial. >What do you think of the NSA, FBI, CIA, and everything else government related? Well, if that isn't a way to lump it all together... The government of the U.S. and the U.K. and Australia to some extent from what I have seen seem to believe that they need to have a hand in the control of computers, information, and computer communications of information. I think the should have access and possibly provide access for the poor, but they should not control any of the above. >If you knew how to hack into your bank account and change the amount of money yo >u had, would you? Is it traceable? ;) No, I wouldn't. I work for a modest sum and I spend that money as I see fit. I live comfortably on what I make, so I do not ask for more. When I find that it is too little, I will ask for more, but stealing is not necessary because I will be happy no matter how much I have (as long as I have computer access 24 hours a day). Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From honey at citi.umich.edu Thu Mar 4 18:29:16 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Thu, 4 Mar 93 18:29:16 PST Subject: ANON/ANNOUNCE: Sysadmin Policies at Universities (and high schools) Message-ID: <9303050229.AA01270@toad.com> don't overreact -- they are withdrawing support of pgp (i'm surprised they offered it in the first place), but are they prohibiting users from building and using pgp? now *that* would be an outrage. are they? peter From ghabrech at ultrix.ramapo.edu Thu Mar 4 18:58:31 1993 From: ghabrech at ultrix.ramapo.edu (Phil_Osfy) Date: Thu, 4 Mar 93 18:58:31 PST Subject: unsubscribe Message-ID: <9303050301.AA21415@ultrix.ramapo.edu> PLEASE UNSUBSCRIBE ME!!!! ghabrech at ultrix.ramapo.deu errr..... edu From elee9sf at Menudo.UH.EDU Thu Mar 4 20:17:41 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Thu, 4 Mar 93 20:17:41 PST Subject: CASH/REMAIL: combination Message-ID: <199303050416.AA01513@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- Cypherpunks, Some people have made excellent suggestions regarding digital cash and anonymous remailers. I'm going to try to obtain another account from a friend in order to implement a remailer which accepts digital cash. (However, this will probably wait until I am able to upgrade the bank to PERL) Maybe future for "profit" anonymous services will work similarly, thus helping to cut down on remailer abuse since abusers must be willing to "pay" for the service. I don't think I can work in usenet posting as well (technical reasons not philosophical ones!) but the whole thing should be an interesting experiment anyway. The remailer will work like the others, except valid cash must be included or the remailer will not forward the message. For ease, a number of bills will be generated upon request, which will then be deposited as used. As a side effect, bank accounts will be incremented as well (too bad real banks don't work like this) so customers may "withdraw" more bills to use for remailing messages. Since the bank won't mail back confirmation of deposits (messages may be coming from other remailers, etc.) and it would be nice to have a way for you to see if your cash was accepted and your message forwarded, I think I'll have the bank accounts copied into the .plan file so you can finger the account, check your account number and balance, and determine whether or not the remail was successful. Of course, the full account number will not be displayed - perhaps the MD5 hash of an account number or whatever will be put in the file, along with the account balance. I'll also provide a command to obtain the .plan file via email, for those without finger. Actually, for the purposes of this experiment, it might be best to not use the new site in a chain. At least until the single hop mode works well! Nathan Estey suggested to me that traffic analysis could be made more difficult if messages under a certain length were padded, and message over the length were split and remailed a piece at a time. This will help, although I think it would be easier for the sender to include padding in the message itself (thus identical messages plus random padding will encrypt differently). Plus, the message may be multiply encrypted and thus padding cannot be added "inside." Maybe future mail software will automatically pad in addition to encrypt :-) I may implement a delay feature, which would help foil traffic analysis. Comments? /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK5bTsoOA7OpLWtYzAQEYMQP/WGUGNFiA9ftV7N8JRe01zLooa5b1hTaG Fh5eYiQflf9S1ttv0DCvZXo+6/yUVWLmPZHqG04xsnZXc6Z1SFw9C0zd3oP/kM9h 2IMrbrqF8ICNA8hSoDV97U2Rf+r0qpUVtSzgoOsuxw+4EVEkgjflNA9v8YJcL+Sv ZQR/6po1lU8= =QdR1 -----END PGP SIGNATURE----- From aa996 at freenet.carleton.ca Thu Mar 4 22:22:44 1993 From: aa996 at freenet.carleton.ca (Francoys Crepeau) Date: Thu, 4 Mar 93 22:22:44 PST Subject: Please unsubscribe me Message-ID: <9303050621.AA01770@freenet.carleton.ca> Please unsubscribe me. Much as I find the subject quite interesting, I cannot at present devote enough time to read all of the information that comes up. I hope to be able to re-subscribe at a later date. With great regrets... -- --------------------------------------------------------------- | Francoys Crepeau, Ottawa, Canada (613) 565-7198 (VOICE) | | aa996 at freenet.carleton.ca (613) 733-7191 (FAX) | --------------------------------------------------------------- From tribble at memex.com Fri Mar 5 00:45:36 1993 From: tribble at memex.com (E. Dean Tribble) Date: Fri, 5 Mar 93 00:45:36 PST Subject: ANON: My remailer In-Reply-To: <9303032218.AA03614@bsu-cs.bsu.edu> Message-ID: <9303041907.AA03744@memexis.memex.com> Enough rambling--I'm sorry to see a remailer demise and hope that mine will not fall under the unethical clause here. If I find a solution, you will be the first to know. This is not intended as pressure. Coudln't you argue with their conclusion that it is unethical? If they were to make such a claim, it would certainly be a good opportunity to push them on the issue of free speech. dean From tribble at memex.com Fri Mar 5 00:45:39 1993 From: tribble at memex.com (E. Dean Tribble) Date: Fri, 5 Mar 93 00:45:39 PST Subject: Handling Abuses of Remailers In-Reply-To: <9303031918.AA00242@> Message-ID: <9303041853.AA03723@memexis.memex.com> I would support the idea if I felt that the system would quiet the flame wars, but I think rather it would simply quiet the poor... Not at all. It would merely prevent them from using those particular anonymous remailers. Still a problem, but much less of one. dean From tribble at memex.com Fri Mar 5 00:45:42 1993 From: tribble at memex.com (E. Dean Tribble) Date: Fri, 5 Mar 93 00:45:42 PST Subject: ANON: Textual analysis In-Reply-To: <9303031648.AA17469@armstrong.cs.Buffalo.EDU> Message-ID: <9303041831.AA03710@memexis.memex.com> >We probably need "rephrasing remailers" which do some rudimentary That is insane... remailers are not the place where this kind of work should be taking place. If anything the user should run his document Hardly insane. If the rephrasing software were available for Connection Machines and nothing else, then one would very much want a remailing server that would rewrite phrases for you. It'd be wonderful if it worked on Joe Schmoe's 286 box, but it's pretty unlikely. Until it does, using such capabilities built into remailers would be an improvement over the current situation. Note that I'm not making any claims that the technology is possible any time soon. dean From gnu Fri Mar 5 00:51:03 1993 From: gnu (John Gilmore) Date: Fri, 5 Mar 93 00:51:03 PST Subject: more ideas on anonymity In-Reply-To: <9303031658.AA14314@soda.berkeley.edu> Message-ID: <9303050850.AA08447@toad.com> I heard today that the Federal Public Health Service has been trying to eliminate anonymous AIDS testing, but it's unlikely to disappear, at least in San Francisco. (The PHS claims to want peoples' identities so PHS can tell their sex partners that they're at risk. Though I haven't figured out how PHS plans to find out who's having sex with who.) It occurred to me that truly anonymous postings to online discussions about AIDS would allow people who have AIDS to discuss the changes it puts them through, without letting them be discriminated against by having their identities revealed. A video I saw about AIDS testing mentioned that if you get a positive result, you should be careful about who you tell, because there are still many unenlightened employers, landlords, insurance companies, etc. John From strat at intercon.com Fri Mar 5 00:53:21 1993 From: strat at intercon.com (Bob Stratton) Date: Fri, 5 Mar 93 00:53:21 PST Subject: Encrypted voice protocol? Message-ID: <9303050351.AA59962@horton.intercon.com> > Date: Thu, 4 Mar 93 10:39:20 -0500 > From: Theodore Ts'o > Subject: Encrypted voice protocol? > > > So for roughly $200 US, and a little software, it should be possible to > put together something that would do encrypted voice communications > over the network. Is there any interest in developing some sort of > standard protocol and software to do encrypted, compressed voice > communications over TCP/IP? > I don't know how many of you are at sites on the MBONE, or multicast backbone. There are already a few pieces of code out there for experimentation with transmission of audio and video information, in a variety of forms/encoding, and probably the most widely used tool, "vat - the Visual Audio Tool", already has provisions for carrying on encrypted audio teleconferences via IP. In fact, it's as simple as typing a key into a field, and the tool will DES en/decrypt the conference. --Strat, budding multicast weenie From fergp at sytex.com Fri Mar 5 01:13:40 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 5 Mar 93 01:13:40 PST Subject: Privacy awareness (Was: Cypherpunks priorities) Message-ID: Eric Hughes writes - EH> 4. Fighting restrictions on cryptography. In the US, that means EH> getting actively engaged in fighting key registration ideas. This EH> means preemptively writing your elected leaders _in advance_ of a EH> specific issue. It also means writing about export restrictions in EH> cryptography. In France, that means raising public awareness on EH> cryptography restrictions and the eventual effects that will have on EH> the open society there. In all countries, it requires vigilance. Amen, brother. EH> 5. Increasing awareness of privacy issues. Most think they have EH> nothing to hide. Most also hate it when they get extremely detailed EH> junk mail about their own lives. Teach the defense of privacy. This is perhaps the most difficult feat to accomplish. Education and "awareness" are both strictly accomplished on a somewhat voluntary basis. For those who can absorb the importance and criticality of digital privacy, however, it's an eye-opener. A lot of folks have no idea how some of the proposed "legislation" would affect them personally. Cheers. Paul Ferguson | Network Integration Consultant | "All of life's answers are Alexandria, Virginia USA | on TV." fergp at sytex.com (Internet) | -- Homer Simpson sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP public encryption key available upon request. From babani at cs.Buffalo.EDU Fri Mar 5 07:57:09 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Fri, 5 Mar 93 07:57:09 PST Subject: ANON: Sysadmin Policies at Universities (and HS) In-Reply-To: <9303050229.AA01270@toad.com> Message-ID: <9303051556.AA19327@armstrong.cs.Buffalo.EDU> Peter Honeyman stated in the last message: >From cypherpunks-request at toad.com Thu Mar 4 23:20:49 1993 >From: Peter Honeyman >To: cypherpunks at toad.com >Subject: Re: ANON/ANNOUNCE: Sysadmin Policies at Universities (and high scho > >don't overreact -- they are withdrawing support of pgp (i'm surprised >they offered it in the first place), but are they prohibiting users >from building and using pgp? now *that* would be an outrage. No, not yet anyway. I've announced it in the local school newsgroups that I have pgp available in my directories (with world readable and executable permisions). But my original intent was to get pgp working in a system directory so that I wouldn't have to spare my own quota (what little I have of it). PGP eats up space! I'm begining to wonder if someday they'll say something like, "Stop using PGP or we'll close your account." That's when I'll seriously have to consider transferring. -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From babani at cs.Buffalo.EDU Fri Mar 5 08:35:43 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Fri, 5 Mar 93 08:35:43 PST Subject: ANON: Sysadmin Policies at Universities (and HS) In-Reply-To: <9303042001.AA11479@bsu-cs.bsu.edu> Message-ID: <9303051634.AA21842@armstrong.cs.Buffalo.EDU> Chael Hall stated in the last message: >From nowhere at bsu-cs.bsu.edu Thu Mar 4 15:03:59 1993 >Subject: ANON/ANNOUNCE: Sysadmin Policies at Universities (and high schools) >To: babani at cs.Buffalo.EDU (Rusty Babani) >>This message came to me immidatly after I requested the sysadmin here >>at UB to upgrade to PGP to version 2.1 Do I need to explain this? >> >> Notes: given the questionable legal status of the PGP software >> it has been removed from UCS supported areas. people >> interested in authentication/privacy should use ripem. > It sounds like someone needs to take a stand against the UCS policies >at Buffalo or else they are going to go farther and farther... Trust me, >that is happening on this campus too. I used to go to high school here [nice story about sudents and privacy deleted] > If you want to let Buffalo take a turn for the worse as far as >policy goes, then don't say anything about their decisions. I would ... >I have for you are: how do you get an account on their system? If They haven't changed their policy since 1988. That was when it was created and that is the same policy I had to sign to get an account one and a half years ago. VAX accounts and unix accounts on the time-share hosts are pretty much given to anyone who asks for one. Both these systems are very slow due to the high load in the daytime. Unix accounts on the special CS machines are only given to those who can prove they are in a CS related major. (I have all three types of accounts.) >NONviolently oppose whatever you think is not right. The questions I was doing this by running the remailer... However, they caught up with me. >I would have friends complain for you. :) Do it anonymously >through a remailer... No matter what, if you are passive, you'll lose. They seem to stand behind their policies and have even given me reasons as to why the policies are such. Here is the responce I got as to WHY I CANT RUN A REMAILER IN MY ACCOUNT... -------Begin Quote------- It has always been our policy that your accounts may only be used by you. Without such a policy, illegal and untracable actions may take place and these in turn put the University at serious legal risk. By installing such a mailer you are giving limited use of your account to the entire world. --------End Quote-------- Then he went on to say something to the effect of having an account is not a right but a privilage, etc. I think complaining would only hurt me right now. Even if I complain "Anonymously" I think they would be able to figure out who was behind the complaints. If I mailed a message form my account to them, they could easily trace it back to me if they wanted to... I would have to find another account on a machine not connected directly to UB to complain from. Of course, I would have to go the encrypted my messages to the anonymous remailers... all the way, and make it at MINIMUM a double hop message. It's possible. But is it worth the work especially since they seem pretty content with the policy the way it is? -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From babani at cs.Buffalo.EDU Fri Mar 5 08:47:40 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Fri, 5 Mar 93 08:47:40 PST Subject: ANON: Textual analysis In-Reply-To: <9303041831.AA03710@memexis.memex.com> Message-ID: <9303051646.AA22313@armstrong.cs.Buffalo.EDU> E. Dean Tribble stated in the last message: >From memexis!tribble at uunet.uu.net Fri Mar 5 03:44:47 1993 >Date: Thu, 4 Mar 93 10:31:17 PST >From: memexis!tribble at uunet.uu.net (E. Dean Tribble) >To: uunet!cs.Buffalo.EDU!babani at uunet.uu.net >Subject: ANON: Textual analysis > > >We probably need "rephrasing remailers" which do some rudimentary > > That is insane... remailers are not the place where this kind of work > should be taking place. If anything the user should run his document > >Hardly insane. If the rephrasing software were available for >Connection Machines and nothing else, then one would very much want a >remailing server that would rewrite phrases for you. It'd be >wonderful if it worked on Joe Schmoe's 286 box, but it's pretty >unlikely. I was under the impression that such software could be developed for Joe Schmoe's 286 box or even Joe Schmoe's 386 box or (if Joe is rich) his 486 box. The power of these computers shouldn't be underestimated. The first step is to develop the programs. Are there any programs redily available for testing and/or analysis on any type of platform? -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From Eric.Fogleman at analog.com Fri Mar 5 09:03:31 1993 From: Eric.Fogleman at analog.com (Eric Fogleman) Date: Fri, 5 Mar 93 09:03:31 PST Subject: ANNOUNCE: Boston-area cypherpunks meeting? Message-ID: <9303051658.AA25665@ack.adstest.analog.com> Is there any interest in a meeting of Boston-area cypherpunks? (I've seen at least two mit.edus out there...) I'd be interested in meeting some of you in person, exchanging keys, etc. Eric Fogleman From hughes at soda.berkeley.edu Fri Mar 5 09:49:13 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 5 Mar 93 09:49:13 PST Subject: Privacy awareness (Was: Cypherpunks priorities) In-Reply-To: Message-ID: <9303051746.AA13510@soda.berkeley.edu> I wrote: >EH> 5. Increasing awareness of privacy issues. Most think they have >EH> nothing to hide. Most also hate it when they get extremely detailed >EH> junk mail about their own lives. Teach the defense of privacy. Paul replies: > This is perhaps the most difficult feat to accomplish. I agree. I think junk mail may be one of the best examples from which to extrapolate for the general public. It becomes really clear exactly that they do know something, because it says so right on the letter. It's usually easier to get people thinking about their own lives than abstract privacy issues. Eric From robichau at lambda.msfc.nasa.gov Fri Mar 5 10:39:05 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Fri, 5 Mar 93 10:39:05 PST Subject: ANNOUNCE: Huntsville/Atlanta-area cypherpunks meeting? Message-ID: <9303051837.AA01339@lambda.msfc.nasa.gov.msfc.nasa.gov> To echo Eric Fogleman's request for a Boston-area meeting, I'd like to know if there's any local interest in a southeast-US meeting. I'd like to hear from anyone within the quadrilateral with vertices at New Orleans, Atlanta, Huntsville, and Pensacola. As was mentioned, there are some preemptive actions we 'punks should be taking; many of them depend on coordinated action between people in the same geographic region. [And, of course, any other 'punk who happens to be in or near Huntsville is welcome to contact me.] -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. Mission Software Development Div. | I'm not white- I'm Euro-American. New Technology, Inc. | RIPEM key on request. From tcmay at netcom.com Fri Mar 5 10:43:32 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 5 Mar 93 10:43:32 PST Subject: Encrypted voice protocol? Message-ID: <9303051842.AA27887@netcom.netcom.com> Bob Stratton writes: >I don't know how many of you are at sites on the MBONE, or multicast >backbone. There are already a few pieces of code out there for >experimentation with transmission of audio and video information, in a >variety of forms/encoding, and probably the most widely used tool, "vat - the >Visual Audio Tool", already has provisions for carrying on encrypted audio >teleconferences via IP. In fact, it's as simple as typing a key into a field, >and the tool will DES en/decrypt the conference. > >--Strat, budding multicast weenie I just read in the local paper about "Internet Radio," which sounds like some kind of transmission of compressed audio, if I have the details right. This could be interesting. The "Crypto Home Companion Show"? Anybody know anything about this? (The originator comes from Alexandria, Virginia, so perhaps Strat and our other D.C. area folks have heard more about this.) -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From ghabrech at ultrix.ramapo.edu Fri Mar 5 10:59:12 1993 From: ghabrech at ultrix.ramapo.edu (Phil_Osfy) Date: Fri, 5 Mar 93 10:59:12 PST Subject: Unsubscribe me!!!! Message-ID: <9303051901.AA01141@ultrix.ramapo.edu> Come on guys, I asked a couple of times already, UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! UNSUBSCRIBE ME!!! Got the point? Thanx, ghabrech at ultrix.ramapo.edu From jordan at imsi.com Fri Mar 5 11:28:57 1993 From: jordan at imsi.com (Jordan Hayes) Date: Fri, 5 Mar 93 11:28:57 PST Subject: ANON: Sysadmin Policies at Universities (and HS) Message-ID: <9303051904.AA25221@IMSI.COM> From babani at cs.buffalo.edu Fri Mar 5 13:56:06 1993 Here is the responce I got as to WHY I CANT RUN A REMAILER IN MY ACCOUNT... Why do you continue to think it's "your" account? If you want to have such a thing to call "your account" you're welcome to plunk down some $$$, buy a machine, get yerself a network link, and remail to your heart's content. If I were another CS student at UB, I would be bummed if the scarce (by your account, and by most others at universities) cycles I needed to get my homework done were being given away to folks all over the world via a remailer. That's all those machines need is more sendmail processes running :-) /jordan From wcs at anchor.ho.att.com Fri Mar 5 11:55:09 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Fri, 5 Mar 93 11:55:09 PST Subject: Encrypted voice protocol? Message-ID: <9303051954.AA22260@anchor.ho.att.com> (Carl - this is a reply to a cypherpunks mailing list mention of your program. Way to go, and good luck!) Internet Talk Radio also made the Front Page of the New York Times 3/4/93. The picture of Carl Malamud showed him in his office, with a computer near the front with "Internet Talk Radio" running on it, and a poster on the back wall saying "Freedom of the Press belongs to those who own one", put out by some computer company or other. Story by John Markoff, of course. It's basically going to be a half-hour audio segment, with interviews ("Geek of the Week") plus miscellaneous news and stories, kind of in the style of All Things Considered. Folks with high-end systems will be able to listen in real-time; folks with lower-end will need to download slowly and listen later. Size is about 15 MB, data rate 64 kb/s, estimated 2400-baud time 14 hours. I'm surprised he's not doing better compression than that, but (speculation) this may be broadcast-quality audio with ADPCM rather than telephone-quality 3kHz audio uncompressed? The broadcast will be split up into segments, so you can get pieces without downloading the whole thing. Initially it's audio-only but may add some multi-media stuff, especially for navigation through the sound files. GIFs of the guest would be an obvious extension.... Some good interviews with Nicholas Negroponte of MIT Media Lab and Paul Saffo of Institute for the Future. No mention of encryption, MIME, pricing, retransmission policy, etc. Some nice commentary on the relationship between this and the broadcast industry. Computer fu. Gratuitous NREN fu. No blood but a little Gore. Joe Bob says "Check it out!" Bill Stewart wcs at anchor.att.com From dmandl at shearson.com Fri Mar 5 12:05:59 1993 From: dmandl at shearson.com (David Mandl) Date: Fri, 5 Mar 93 12:05:59 PST Subject: Encrypted voice protocol? Message-ID: <9303051935.AA18846@tardis.shearson.com> > I just read in the local paper about "Internet Radio," which sounds like > some kind of transmission of compressed audio, if I have the details right. > > This could be interesting. The "Crypto Home Companion Show"? > > Anybody know anything about this? (The originator comes from Alexandria, > Virginia, so perhaps Strat and our other D.C. area folks have heard more > about this.) > > -Tim Yup, big article in the New York Times yesterday (front page!), and a smaller article in today's New York Newsday. Anyone out there have the time to post either of them to the group??? BTW, a friend and I are just wrapping up a big anthology on radio (the new issue of Semiotext(e), if anyone's interested). I would have loved to get this stuff in there, but alas, we just missed... --Dave. From Eric.Fogleman at analog.com Fri Mar 5 12:22:43 1993 From: Eric.Fogleman at analog.com (Eric Fogleman) Date: Fri, 5 Mar 93 12:22:43 PST Subject: ANON: Sysadmin policies at universities Message-ID: <9303052014.AA26191@ack.adstest.analog.com> Jordan Hayes responds to Rusty Babani: > From babani at cs.buffalo.edu Fri Mar 5 13:56:06 1993 > > Here is the responce I got as to WHY I CANT RUN A REMAILER IN > MY ACCOUNT... > > Why do you continue to think it's "your" account? > > If you want to have such a thing to call "your account" you're welcome > to plunk down some $$$, buy a machine, get yerself a network link, and > remail to your heart's content... I have to agree with Jordan on this. In a truly free society, you have the right to use your property as you see fit. And so does the university. Your right to free speech doesn't mean you have the right to someone else's soapbox. Eric Fogleman From root at rmsdell.ftl.fl.us Fri Mar 5 12:29:31 1993 From: root at rmsdell.ftl.fl.us (Yanek Martinson) Date: Fri, 5 Mar 93 12:29:31 PST Subject: MISC: Internet Talk Radio Message-ID: This is not really relevant to the topics of this list, but... > From: tcmay at netcom.com (Timothy C. May) > > I just read in the local paper about "Internet Radio," which sounds like > some kind of transmission of compressed audio, if I have the details right. > Anybody know anything about this? What they are going to do is produce talk radio programs in professional audio studios, and then instead of broadcasting on the air, they will convert it all to a large (estimated about 15MB) sound file, which is then widely distributed using ftp, and played by anyone who wants, on their workstation (or a PC with a sound card). I have an article on it, if you want me to send it to you, let me know. -- Yanek Martinson yanek at novavax.nova.edu From hughes at soda.berkeley.edu Fri Mar 5 12:44:36 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 5 Mar 93 12:44:36 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303040426.AA24707@SOS> Message-ID: <9303052041.AA05452@soda.berkeley.edu> >Perhaps the real problem is that there are a large number of people who >are currently using mailing lists and Usenet newsgroups with the >expectation that there are currently existing controls on the >signal-to-noise levels Existing controls on the signal-to-noise ratio? However such postulated controls might function in practice, they don't function well enough to make Usenet useful to as many people as its bandwidth is capable of. I don't read Usenet any more. I can't find enough useful information in a short enough period of time. I have _no_ expectations about any controls of content on Usenet. Ted postulates that standards of accountability provide a control over the signal-to-noise level. I grant that. It does prevent the very worst excesses from occurring. It does provide an upper bound on noise in discussion groups. Yet this upper bound is ineffectual. Let us take the widely used analogy of Usenet as a sewer. Reading Usenet is like wading chest high through the muck. But am I reassured that there is an overflow valve so that it never gets past my chin? Hardly at all. I won't drown, to be sure; what a _slight_ comfort. (For those of you who want a much more graphic depiction of walking through sewers, read the relevant chapters in _Les Miserables_.) >and protection against mail bombs, I had thought that we had pretty clearly established that attacks on a system of content and of volume were of different natures. Lack of robustness in mail software makes a mailbomb possible, not lack of accountability. >As an artifact, certainly that can be changed; and you are proposing >that we change them. But then, who should bear the cost of this change? The structures need to be changed for much better reasons than to prevent anonymous attacks. I infer from your arguments that you think that our current communications fora, newsgroups and mailing lists, are not fundamentally broken. I do think they are fundamentally broken. (This doesn't mean that they are completely non-functional.) I think they are fundamentally broken because they do not facilitate human communication as they were intended. They did when they were small, I grant, but they did not scale well. They even continue to work when small and focused, but very few things with wide interest or large import remain small. We already have most of the features of anonymity and pseudonymity already online, in the system that already exist. I've made this point before; I'll make again now. I have never met most of the people I've conversed with online. I expect that I will never meet most of them. The personal responsibility that comes with personal contact is mostly not present online. The negative feedback loops that are normally present in face-to-face conversation are not present online, and it shows. One of the greatest lacks in online life is the lack of restraint. How many people online do you know who continue to rant about their own positions without engaging in dialectic with another? How many do you know who, even given FAQ's, continue to ask newbie questions? How many do you know who jump to answer with the conventional net-foolishness about whatever issue is at hand. (For a concrete example, consider patent legalities.) Lack of restraint causes far more problems that lack of accountability. We have most all of the disadvantages of pseudonymity, but hardly any of the advantages. Our correspondents are able to be determined readily by anyone with the ability to monitor (and that's quite a few people). We therefore cannot conduct our affairs online with the same amount of privacy we can create in the physical world. There is no assurance, when exposing the corruption of a powerful figure, that one's identity cannot be determined and punitive actions taken. Those who have some sort of taint imputed them by certain sections of society do not out of fear speak freely. The virtues of technically secure anonymity outweigh the negative effects. You can flame impersonally as much as you want right now, and there is no recourse. Yet you cannot keep private from your own sysadmin the identities of those with whom you communicate. Anonymity in communciations is fundamentally consistent with an open society dedicated to free speech. >To bring this back to the house/anonymous bull horn analogy, that would >be like deciding cease considering sound (or rather lack of sound) a >commons, and expecting each home owner, who up until now enjoyed the >relative peace and quiet of their neighborhood, to pay the cost of >losing their sightlines, and needing to put up expensive shielding. I will not press the point further than the following. Whereas we cannot change the physics of wave propagation in air, we can change where the cables are laid. >Maybe there are good, sound, policy reasons for making this change. But >out of fairness, one would think that the agents of change should be >prepared to bear some of cost of that change. Were there silence before in the neighborhood, I would agree. > And again, no one requires a carrier to carry anonymous messages. > Practically speaking, you might easily end up with a situation like > the alt.* hierarchy, where only certain subnets agree to exchange > anonymous traffic. I suspect this is inevitable in the short term. >Well, this really can only happen if a carrier can easily distinguish >anonymous messages from non-anonymous messages. The simple expedient of a standard header line has already been agreed upon. Re: crank calls > But the phone company is not held liable when the call was made from a > pay phone. >True; but the phone company is a common carrier. The networks today >aren't. This could be changed by legislation, and that's something I >would support, for networks. I think that networks will be common carriers, for the same reasons that phone companies became such: that having a common carrier is consistent with freedom of speech in an open society. >However, I doubt that such legislation >would actually extend as far as protecting hosts on a network, such as >remailer sites. You can't protect the network unless you *do* protect individual sites. The network as a whole is not a legal entity, only the companies and individuals that run them are. I have left off a reply of the libel issue for such a time after I have read up a little on the subject. Eric From hughes at soda.berkeley.edu Fri Mar 5 12:57:42 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 5 Mar 93 12:57:42 PST Subject: ANON: Sysadmin policies at universities In-Reply-To: <9303052014.AA26191@ack.adstest.analog.com> Message-ID: <9303052054.AA07423@soda.berkeley.edu> >In a truly free society, you have >the right to use your property as you see fit. And so does the university. Let us remember that in this case the university is a state university, which does not sove the problem, of course, but which does change it in some significant ways. Eric From 76630.3577 at CompuServe.COM Fri Mar 5 13:13:21 1993 From: 76630.3577 at CompuServe.COM (Duncan Frissell) Date: Fri, 5 Mar 93 13:13:21 PST Subject: UCS Computing Usage Policy. Message-ID: <930305201226_76630.3577_EHL17-2@CompuServe.COM> >Here is a copy of the policy that my system administrator was referring to: > >From: gerland at ubvmsb.cc.buffalo.edu (James R. Gerland) >Subject: UCS Computing Usage Policy. So call the ACLU and see if they are interested. Buffalo is a State Uni and subject to the 1st Amendment. Sounds like they are censoring messages based on content (or lack of content in the case of anonymity. Could the University Post office refuse to accept or deliver anonymous letters? It is unlikely that a government could force a publisher to reveal the identity of an anonymous author. There are cases in point in which people wanted NAACP membership lists where the orders were overturned on the basis of freedom of association and speech. Likewise anti-mask ordinances in some cities. As long as your remailer wasn't causing volume problems, regulation would fall outside the "time, place, and manner" restrictions. Maybe the Electronic Frontier Foundation would be interested as well. Duncan Frissell From 76630.3577 at CompuServe.COM Fri Mar 5 13:13:32 1993 From: 76630.3577 at CompuServe.COM (Duncan Frissell) Date: Fri, 5 Mar 93 13:13:32 PST Subject: Wasted BAndwidth Message-ID: <930305201210_76630.3577_EHL17-1@CompuServe.COM> >They're not going to *care* that the last remailer on the chain (who >will, presumably, be identifiable) wasn't responsible for the message >which was sent. They're just going to invade the building the >remailing host is in, kill everyone in the room, and destroy the >machine, and all the machines around it. If they don't know which is >the remailer, they'll just blow up the whole block. They don't care > >I do not advocate censorship. I advocate responsibility. > > Marc In another couple of years, the "remailers" will not be *in* buildings but running as distributed processes on machines from Anchorage to Wellington. Hard to raid. You will be able to set up your own communications server located "somewhere on the nets" to handle message forwarding to you. Hard to raid a billion "processes". This over romatization of government power and violence is peculiar to writers of technothrillers and certain libertarians. You know who you are. Government is good at point force. It can bomb and raid fairly effectively. This ability to put a mass of organized muscle in the field was decisive in earlier technological eras. If you are fighting peasants bound to the soil or undisciplined barbarians, a Roman Square could prevail. Government is less able to apply force on a widespread basis. It depends on the respect, fear, or acquiescence of its subjects. If those weaken or disappear governments weaken or disappear. Markets apply "force" (incentives) across a wide front. They do not require fear or acquiescence to survive. They are self-enforcing. Even commies know trade. As we become stronger as individuals (I just spent a week's pay to buy more computing power (hardware) than existed on earth in 1955) we have less fear of (others) government and greater capabilities for self- government. The "anarchy" debates are beside the point. If the market is engaged in breaking down hierarchies, the government monopoly cannot stand either. King Canute cannot order back the sea. Radical restructuring (peristroika) is on the march. Strong individuals cannot avoid replacing "others government" with self government. Others government is only stable when a monopoly institution can maintain control over information and force. Information and force are becoming widely spread. We are seeing the collapse of the coercion metaphor at least in its wholesale form. When people and markets turn away from the state, it disappears. If its monopoly is broken, we will be in the realm of competing legal systems. Duncan Frissell From tytso at Athena.MIT.EDU Fri Mar 5 13:27:31 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 5 Mar 93 13:27:31 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303052041.AA05452@soda.berkeley.edu> Message-ID: <9303052126.AA02211@SOS> Date: Fri, 5 Mar 93 12:41:24 -0800 From: Eric Hughes Existing controls on the signal-to-noise ratio? Yet this upper bound is ineffectual. Let us take the widely used analogy of Usenet as a sewer. Reading Usenet is like wading chest high through the muck. But am I reassured that there is an overflow valve so that it never gets past my chin? Hardly at all. I won't drown, to be sure; what a _slight_ comfort. Touche'. Granted, the signal-to-noise ratio on Usenet varies widely. However, some groups still are able to function quite well, although perhaps not as well as they could in an ideal world. Just because they aren't working perfectly isn't an excuse to break them completely, or at least until this mythical positive reputation technology is implemented, debugged, and deployed on the all over Usenet. As far as the sewer analogy goes, what you are trying to do is to remove the overflow valve *now*, while not providing the drain to actually drain out all of the muck. While there has been some prototype designs which have been thrown about, I have yet to hear a coherent, realistic plan for how it could be installed on all or most of the Usenet servers and readers *today*. I had thought that we had pretty clearly established that attacks on a system of content and of volume were of different natures. Lack of robustness in mail software makes a mailbomb possible, not lack of accountability. However, this mail software is deployed all over the world, and is not going to change anytime soon. And again, I have yet to see a coherent and realistic protocol that will be able to screen out mailbombs while leaving "only the good stuff" on the SMTP layer --- let alone an implementation of the same. >Maybe there are good, sound, policy reasons for making this change. But >out of fairness, one would think that the agents of change should be >prepared to bear some of cost of that change. Were there silence before in the neighborhood, I would agree. There may not have been silence, but nevertheless, if the agents of change are going to increase the average sound level by 50db, it is unreasonable to assume that the people who will suffer from this noise increase, and who will have to go out of their way to implement soundproofing, etc. are going to sit back passively and let you screw them. You can't protect the network unless you *do* protect individual sites. The network as a whole is not a legal entity, only the companies and individuals that run them are. Sure you can; you can protect regional and national networks such as NEARnet, by making them common carriers. I think that would be a fine idea! However, that does not mean that people who connect to that network should then be also protected. In the same way, just because Nynex is a common carrier, it doesn't and shouldn't mean that anyone who uses Nynex to place a call is similarily protected from legal liability. If you cause someone damage by your speech, and you maliciously did so knowing that your speech was false, the person you harmed should be able to recover damages from you, whether it is done over the phone or done over a TCP/IP network. - Ted From babani at cs.Buffalo.EDU Fri Mar 5 13:32:19 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Fri, 5 Mar 93 13:32:19 PST Subject: ANON: Sysadmin Policies at Universities (and HS) In-Reply-To: <9303051904.AA25221@IMSI.COM> Message-ID: <9303052131.AA06942@armstrong.cs.Buffalo.EDU> Jordan Hayes stated in the last message: >From cypherpunks-request at toad.com Fri Mar 5 14:48:05 1993 >Date: Fri, 5 Mar 93 14:04:19 EST >From: jordan at imsi.com (Jordan Hayes) >Subject: Re: ANON: Sysadmin Policies at Universities (and HS) > > From babani at cs.buffalo.edu Fri Mar 5 13:56:06 1993 > > Here is the responce I got as to WHY I CANT RUN A REMAILER IN > MY ACCOUNT... > >Why do you continue to think it's "your" account? [argues that I should get my own network link and then run a remailer on "my" machine] >That's all those machines need is more sendmail processes running :-) Well, "the" account has "my" name stamped all over it. With a few resstrictions... I have full use of the account. But that's not proof. Here's proof... quoting from UB's own computing policy ... (which I am now THOUROULY familiar with! :-> ) >acquiring an account in another person's name, or using an account without >the explicit permission of the owner and the full knowledge of Academic ^^^^^ ... > It is mandatory that the owner of an account be careful to keep the ^^^^^ >account secure by keeping the password secret, changing the password ... Even the policy seems to agree that someone is an "owner" of a given account. It doesn't mention that ACS (Academic Computing Services) is the "owner" of the account. Need I say more? -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From warlord at MIT.EDU Fri Mar 5 13:35:29 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 5 Mar 93 13:35:29 PST Subject: ANNOUNCE: Boston-area cypherpunks meeting? In-Reply-To: <9303051658.AA25665@ack.adstest.analog.com> Message-ID: <9303052134.AA00846@toxicwaste.MEDIA.MIT.EDU> I was speaking to some people here about that not that long ago. I'm not sure how many of the Boston Cypherpunks there are out there. Eric -- do you have a place in mind to meet? If not, I could probably arrange a room on campus. How many people would be interested in this? (Send mail to me instead of the cypherpunks list, to cut down on the traffic.) Also, when would be a good date to hold it? -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH From babani at cs.Buffalo.EDU Fri Mar 5 14:03:28 1993 From: babani at cs.Buffalo.EDU (Rusty Babani) Date: Fri, 5 Mar 93 14:03:28 PST Subject: Revocation of key... Message-ID: <9303052202.AA08479@armstrong.cs.Buffalo.EDU> Well, since the remailer won't be running in "my" account at UB anymore... I've issued a compromise certificate for the key to the remailer: Anonymous Remailer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAitx/vQAAAEEAOUPjAfSeFmMsq7eWN47LzOwdSXmXoArMJOcBZ0bB3NRR3Nc BF7ZIIbY5m/b/rBn6+IimthV/aa39hKOSPPnFZn7kxIAUwoolMmxUUPJRzcRcTDK bsgLMCPfDuE8MWj0R960oaAFEE+yCCoDNiyPl6goN3XluVeie+ehVSuMvgdRAAUR iQCVAgUgK5fLK+ehVSuMvgdRAQF7KQP/exSgzXs4GWB39ZwIGCuGvqlIeTaDOmSc Uru9F8LNO8ytz2BCxdQA3N5Aj9AzNL3U5Fhbum/ZhP0MmfrYqT3S+BjEvMNdFpTp 7K8ApRgx3upqcd6I4mhAgUjlygl4dHJl/b8kdblO7unzRq38vSxyiIOXLwlY33lF 9H/n3fWKlTi0KkFub255bW91cyBSZW1haWxlciA8YmFiYW5pQGNzLmJ1ZmZhbG8u ZWR1Pg== =S9lO -----END PGP PUBLIC KEY BLOCK----- -- +==== Internet: babani at cs.buffalo.edu ===+======== Amateur-Radio: N2LYC ======+ ! Bitnet: V078LNGT at ubvms.BITNET | UUCP: rutgers!ub!babani ! ! Alternate: an173 at cleveland.freenet.edu | Plsure dpnds on the othrs prmison. ! +== PGP key available. (If you don't know what a PGP key is... find out!) ==+ From rustman at netcom.com Fri Mar 5 14:06:35 1993 From: rustman at netcom.com (Rusty Hodge) Date: Fri, 5 Mar 93 14:06:35 PST Subject: MISC: Internet Talk Radio In-Reply-To: Message-ID: <9303052205.AA23397@netcom2.netcom.com> > This is not really relevant to the topics of this list, but... > > From: tcmay at netcom.com (Timothy C. May) > > I just read in the local paper about "Internet Radio," which sounds like > > some kind of transmission of compressed audio, if I have the details right. > > Anybody know anything about this? > What they are going to do is produce talk radio programs in professional > audio studios, and then instead of broadcasting on the air, they will > convert it all to a large (estimated about 15MB) sound file, which is > then widely distributed using ftp, and played by anyone who wants, > on their workstation (or a PC with a sound card). Is that related to Internet TV, where professionally produced television shows are converted to digital video (a la Quicktime), and then the 200mb file is ftp'ed to the world? :-> -- From kelly at netcom.com Fri Mar 5 14:50:43 1993 From: kelly at netcom.com (Kelly Goen) Date: Fri, 5 Mar 93 14:50:43 PST Subject: ANON POLICY: was I`m not Message-ID: <9303052249.AA26423@netcom.netcom.com> Forwarded message: > From cypherpunks-request at toad.com Fri Mar 5 13:38:47 1993 > Date: Fri, 5 Mar 93 16:26:11 -0500 > From: Theodore Ts'o > Message-Id: <9303052126.AA02211 at SOS> > To: Eric Hughes > Cc: cypherpunks at toad.com > In-Reply-To: Eric Hughes's message of Fri, 5 Mar 93 12:41:24 -0800, > <9303052041.AA05452 at soda.berkeley.edu> > Address: 1 Amherst St., Cambridge, MA 02139 > Phone: (617) 253-8091 > > Date: Fri, 5 Mar 93 12:41:24 -0800 > From: Eric Hughes > > Existing controls on the signal-to-noise ratio? > > Yet this upper bound is ineffectual. Let us take the widely used > companies and individuals that run them are. > > Sure you can; you can protect regional and national networks such as MUCH deleted > If you cause someone damage by your speech, and you maliciously did so > knowing that your speech was false, the person you harmed should be able > to recover damages from you, whether it is done over the phone or done > over a TCP/IP network. > > - Ted > > Fortunately... Libel is a totally ineffectual law for attempting to impose the kinds of censorship that Ted seems to be espousing. Libel and slander laws are OFTEN used by the powers that be (governmental, corporate etc) to silence the oppostion in matters of human rights, ecology etc... just because a charge of libel or slander has been made doesnt mean that the charges are just or proper... often it is merely an attempt to silence the opposition... The world of cyberspace crossing without form international boundaries for now is a shield against censorship due to the complex legalities involved... remailers in seperate countries careful chosen offer complete protection against Ted and his loyal opposition. (your cabal ted... :) BTW: for me... control=censorship,interdiction etc... cheers kelly -- From tytso at Athena.MIT.EDU Fri Mar 5 15:21:48 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 5 Mar 93 15:21:48 PST Subject: Encrypted voice protocol? In-Reply-To: <9303050351.AA59962@horton.intercon.com> Message-ID: <9303052320.AA02319@SOS> Date: Fri, 5 Mar 1993 03:51:59 -0500 From: Bob Stratton I don't know how many of you are at sites on the MBONE, or multicast backbone. There are already a few pieces of code out there for experimentation with transmission of audio and video information, in a variety of forms/encoding, and probably the most widely used tool, "vat - the Visual Audio Tool", already has provisions for carrying on encrypted audio teleconferences via IP. In fact, it's as simple as typing a key into a field, and the tool will DES en/decrypt the conference. That's a good start! Now all we need something which is a bit more general in its selection of the asymmetric encryption algorithm, and something which does public key for authentication and protection of the assymetric session key. - Ted From tytso at Athena.MIT.EDU Fri Mar 5 15:37:17 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 5 Mar 93 15:37:17 PST Subject: ANON POLICY: was I`m not In-Reply-To: <9303052249.AA26423@netcom.netcom.com> Message-ID: <9303052335.AA02332@SOS> From: kelly at netcom.com (Kelly Goen) Date: Fri, 5 Mar 93 14:49:20 PST Fortunately... Libel is a totally ineffectual law for attempting to impose the kinds of censorship that Ted seems to be espousing. Libel and slander laws are OFTEN used by the powers that be (governmental, corporate etc) to silence the oppostion in matters of human rights, ecology etc... There's a good reason for that. The reason why Libel exists is not to impose censorship! The powers that be may *abuse* libel and slander laws in attempt to silence The Opposition, but the mere potential for abuse isn't grounds to say that those laws shouldn't exist. If you do make that argument, then by the same token, *remailers* shouldn't exist because of their potential for abuse. :-) - Ted From kelly at netcom.com Fri Mar 5 16:03:33 1993 From: kelly at netcom.com (Kelly Goen) Date: Fri, 5 Mar 93 16:03:33 PST Subject: VOICE PRIVACY: Internet av phones Message-ID: <9303060002.AA04236@netcom.netcom.com> Forwarded message: > From cypherpunks-request at toad.com Fri Mar 5 15:32:07 1993 > Date: Fri, 5 Mar 93 18:20:30 -0500 > From: Theodore Ts'o > Message-Id: <9303052320.AA02319 at SOS> > To: Bob Stratton > Cc: cypherpunks at toad.com > In-Reply-To: Bob Stratton's message of Fri, 5 Mar 1993 03:51:59 -0500, > <9303050351.AA59962 at horton.intercon.com> > Subject: Re: Encrypted voice protocol? > Address: 1 Amherst St., Cambridge, MA 02139 > Phone: (617) 253-8091 > > Date: Fri, 5 Mar 1993 03:51:59 -0500 > From: Bob Stratton > > I don't know how many of you are at sites on the MBONE, or multicast > backbone. There are already a few pieces of code out there for > experimentation with transmission of audio and video information, in a > variety of forms/encoding, and probably the most widely used tool, > "vat - the Visual Audio Tool", already has provisions for carrying > on encrypted audio teleconferences via IP. In fact, it's as simple > as typing a key into a field, and the tool will DES en/decrypt the > conference. > > That's a good start! Now all we need something which is a bit more > general in its selection of the asymmetric encryption algorithm, and > something which does public key for authentication and protection of the > assymetric session key. > > - Ted > would suggest a diffie-hellman key exchange protocol to ensure non-recovery of the session key... BTW at least your hearts in the right place Ted... cheers kelly -- From shipley at merde.dis.org Fri Mar 5 16:17:48 1993 From: shipley at merde.dis.org (Peter &) Date: Fri, 5 Mar 93 16:17:48 PST Subject: yet another remailer Message-ID: <9303060015.AA07939@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 978 bytes Desc: not available URL: From jcoryell%nwu.edu at UICVM.UIC.EDU Fri Mar 5 16:17:56 1993 From: jcoryell%nwu.edu at UICVM.UIC.EDU (John Coryell.) Date: Fri, 5 Mar 93 16:17:56 PST Subject: Encrypted voice protocol? In-Reply-To: <9303051842.AA27887@netcom.netcom.com> Message-ID: <9303060017.AA26284@toad.com> >I just read in the local paper about "Internet Radio," which sounds like >some kind of transmission of compressed audio, if I have the details right. > >This could be interesting. The "Crypto Home Companion Show"? > >Anybody know anything about this? (The originator comes from Alexandria, >Virginia, so perhaps Strat and our other D.C. area folks have heard more >about this.) > >-Tim Wasn't this the subject of that article in the NYT the other day? John Coryell. From ld231782 at longs.lance.colostate.edu Fri Mar 5 17:33:02 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Fri, 5 Mar 93 17:33:02 PST Subject: USENET: musings on a new MUSENET In-Reply-To: <9303052041.AA05452@soda.berkeley.edu> Message-ID: <9303060131.AA02315@longs.lance.colostate.edu> Interesting the conversation about accountability and free speech has turned toward discussing the weaknesses in Usenet. I've been thinking about Usenet software a lot, and think there are some fundamental methods that could vastly improve the dreary and oft-discussed-lamented-cursed signal-to-noise ratio. I would propose these ideas in some newsgroup devoted to the topic but these tend to be frequented by fuddy duddies with too much at stake in the current system and completely unimaginative and uninnovative, and interested in yucky stuff like strengthening authentication (in stark contrast to the sheer brilliance in our club). (For an existence proof, look at the brouhaha on anonymity in news.admin.policy.) Now, I think we should get a thread started on the ultimate news posting software system. Let's recall the totally ad hoc nature of the original Usenet, which just sort of *emerged* because people started writing and running software for it. I fully believe this could happen with `our' system, esp. if the systems are "workable" and very attractive, and *effective*. I propose to call it MUSENET, because it's what I'm musing on at the moment. Above I called authentication mechanisms `yucky', and I still believe that they should be avoided, or at least I want to be able to peruse groups with no posting restrictions. But the authentication technique really does improve signal-to-noise ratios. That is because, no matter what anybody tells you, it is really only used for holding users accountable for their posts, to the degree of complaining to their sysadmins. I submit that high-signal-to-noise and total freedom of posting (e.g. anonymity) are mostly mutually exclusive objectives, but unfortunately each equally preferrable. So, here's the idea. Let USENET continue to ferment in relative `peaceful anarchy', with total freedom in posting. Lets start MUSENET with significant registration mechanisms. Just having an internet account wouldn't cut it. Some groups might be invitation only, others you might fill out an application/background form and current members vote on you, or whatever. The system should allow as much flexibility across groups as possible. Wouldn't it be great if every new user had to pass a multiple choice test on the group's FAQ? (sort of like getting a poster's license!) Or that the faq was archived along with group postings? Wouldn't it be great to peruse lists of members, their backgrounds or ``electronic resumes'', and their interests? This all should be possible. (Imagine reading a neat post and reading about the accomplishments of the person behind it, where they work, etc.) Now, imagine that every group also has an associated 'metagroup' for discussions about the group itself, whether it should be split, posters that are abusing it and the actions against them, etc. *built into the software* would be mechanisms for "complaining" about a post. If a user gets too many complaints, depending on the group charter, he might be automatically expelled or suspended. I proposed earlier the idea of a bank account that people can credit or debit based on your postings, and membership dependent on nonbankruptcy! There could be "trials" and "proceedings" against the accused in the meta-group. Also, mechanisms for tracking article use would be great. People could vote on articles they *liked* also. Each group would automatically have an associated "supergroup" where the best articles are percolated up, not by posting, but by positive vote mechanisms. It would be a great honor to make it into certain of these groups. In fact, there might be a net-wide "super hall of fame" (or even a "hall of shame"). I'd also like to see a lot of tracking about when articles are saved, how long they are being read, that kind of thing--propagated back to the poster! Can you imagine what kind of effect that would have on quality? (er, maybe I mean `could'...) There is a tremendous amount of analysis of articles that is going on *completely behind the scenes* right now, totally separated from the articles themselves. Lets get that beautiful data into cyberspace! Group charters should be very specific about the mechanisms involved in the particular group, and what kind of speech will be tolerated, and how abuses will be dealt with. There should be some way for a group to approve their "official faq", or more than one of such. Maybe it would appear first as a regular article, and make it into FAQhood if there are enough positive votes. I also like the idea of "free-lance moderators" or "free-lance editors". The newservers would not only propagate articles but meta-articles built by these free-lance editors of their favorite articles, perhaps in a single group but ideally globally. These editors would be able to create very customized portfolios of their favorite articles, even with their own comments on the stuff, and anyone can read the portfolios instead of the raw unfiltered stuff. I think anyone should be able to become a free-lance moderator. I think many people will. There should be some way to keep around outstanding articles. I.e., if they get enough votes, they are archived on some machine (ideally, the site they originated from or whatever) and they can be referenced in future articles. I think there ought to be a new "pseudonymous FTP" where anybody with an internet account could set up a part of their directory for archiving their favorite articles, made available to other newsreaders, possibly on the local news server. (My luddite administrators can seem to deal with anonymous FTP.) Holy cow, I haven't even gotten to all the cryptography features. Traffic should be encrypted. Everybody has public and private keys with verification. No free posting--if an article is transmitted, it means that it really was written by someone, by strength of their password secrecy. Hashing on articles to ensure they're untampered, etc. I think people should get away from the point of view that any restrictions on posting are anti-free-speech. I see a lot of news admins pretend that they don't want more control, and that any such suggestion is an insult to their unimpeachible ethical standards. There is a lot of hypocrisy going on right now. Lets make control legitimate, something *everyone* can exercise. More control is not censorship. It is the means toward improving s/n drastically. Anonymity should be built into the software for the appropriate groups. *no* tracking (e.g. storing machine routing paths) should be appended to the articles that are posted anonymously. In fact, the new server should act like our lovely remailers in this regard (cloaking/rerouting mechanisms, etc.) OK, I have to mention hypertext too. What if articles could incorporate GIF pictures or postscript files? Audio sound? have push-button pointers to other articles and files and FTP sites? yowza! Please don't misconstrue any of this. I don't advocate getting rid of completely free posting areas, forcing everyone to be validated, etc. In fact, I think these systems should always be there, and that they *will* always be frequented even after much better systems with better s/n will come along (there may also be a "creep" of outstanding freely-posted articles into the selective groups by people who vouch for them by posting them, and take the consequences for failures of judgement, as determined by voting response). Whaddya say, cypherpunks? want to be in on the next communication revolution? Want to mold the onslaught of cyberspace the way you like it, according to your distinct and prophetic vision? All we have to do is put a little prototype code together... From nobody at rosebud.ee.uh.edu Fri Mar 5 18:21:34 1993 From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu) Date: Fri, 5 Mar 93 18:21:34 PST Subject: CASH/REMAIL: combination Message-ID: <9303060221.AA29007@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Karl Barrus posted some ideas for running a remailer which requires payments in the form of digital cash. I have some comments. > The remailer will work like the others, except valid cash must be > included or the remailer will not forward the message. For ease, a > number of bills will be generated upon request, which will then be > deposited as used. As a side effect, bank accounts will be > incremented as well (too bad real banks don't work like this) so > customers may "withdraw" more bills to use for remailing messages. If I follow this, Karl will allow users to request digital-cash bills from the bank, then require them to send one of those along with each remailed message. The bank then puts the bills back into the user's account(!) leaving him with as much "money" as he started with. This may be OK for an exercise to get the code working, but to really have any effect the remailer should not give the money back to the user as soon as he "spends" it. This makes the whole thing rather pointless. I had an idea which would be a variant of this: make the users send you a postal-mail letter to authorize issuing another batch of digital "stamps". The letter could include an email address to send the stamps to. Maybe you could send 5 stamps per letter. This would force the user to pay 29 cents each time he wanted a set of stamps. Unfortunately, he's not paying the remailer operator, but rather the U.S. government. But it would still limit the ability of people to swamp the net with large numbers of messages. (With this system, I would not anticipate that people would have "accounts", but rather that Karl would just send out the digital stamps and let people hold it, and use them as they mailed letters.) > Nathan Estey suggested to me that traffic analysis could be made more > difficult if messages under a certain length were padded, and message > over the length were split and remailed a piece at a time. This will > help, although I think it would be easier for the sender to include > padding in the message itself (thus identical messages plus random > padding will encrypt differently). Plus, the message may be multiply > encrypted and thus padding cannot be added "inside." Maybe future > mail software will automatically pad in addition to encrypt :-) Remailers might require standard-sized messages for their operation, or refuse to pass messages larger than some limit. This, in conjunction with requiring per-message postage, should eliminate the possibilities of "volume abuse" which so worried Ted Ts'o. ("Content abuse" is much less of an issue given the free-speech traditions on the net.) As it turns out, PGP compresses, then encrypts messages (usually): C = Encrypt (KEY, Compress(M)). The decryption phase is then: M = Decompress (Decrypt (KEY, C)); Now, as it turns out, the decompression is self-terminating. That means that you can add some junk to the message after the compression phase but before the encryption phase, and it will be automatically ignored by the decompresser: C = Encrypt (KEY, Pad (Compress(M), N)) M = Decompress (Decrypt (KEY, C)); (This represents padding the message with N bytes after compression, then encrypting it.) I had a patch for an earlier version of PGP which would always pad to 1K byte boundaries using random bytes. It was kind of annoying to use because it made small messages quite a bit bigger. But I think what would be very nice would be a utility to encrypt a message which produced one or more constant-sized files as output. Then you would want a corresponding program to decrypt which would put the files together and strip the padding. This way, all files sent to the remailer would be exactly the same size, and it could then act as a "Mix", as Eric described, holding a bunch of files in a batch, shuffling them, then sending them out. Hal 74076.1041 at compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK5gIPagTA69YIUw3AQFJrAQAqmgsGvipCPl3i1A78/FGensfPRK5qgfR HszULK+eggNKMJkRLc3Ed4IuSBHXOZHKJeYV7TT1li2pmwYU8a4WMMY6Eyj5tKlL Q/s7NRtI5ZqSvHI3K/5tiTA6N0CR8syOjaHLeoHHqtwVbUbEC3jZV+yTzEgZ35Dm yyrxwPghpPE= =5BwY -----END PGP SIGNATURE----- From nowhere at bsu-cs.bsu.edu Fri Mar 5 20:13:20 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Fri, 5 Mar 93 20:13:20 PST Subject: No Subject Message-ID: <9303060409.AA14753@bsu-cs.bsu.edu> Dewdz, Stuff for the whistleblowers group. This looks like some good shit. Way cool--Pentagon gettin' zapped! F-117A Nighthawk ("Stealth") Program--Summary Construction The primary RAM and infrared-reflecting material used on the F-117A Nighthawk, also known as the Stealth Fighter, is Dow Chemical's Fibaloy (Lockheed Memorandum TK-523). Fibaloy is used for structural airframe parts in the F-117A and for skin panels, spars, ribs, and 1ongerons. Only 10 percent of the airframe's structural weight is from metal. Reinforced carbon fiber, developed by the Air Force Materials Laboratory at Wright Patterson AFB in Dayton, Ohio, is another important RAM used on the F-117A. This material not only absorbs radar energy, but dissipates it as well and helps reduce the F-117A's infrared signature. It is used primarily for high-temperature areas like outer skin panels near the engines, and wing and vertical-fin leading edges. The F-117A's unique shape is one factor that contributes to RCS reduction. Edges are rounded, and skins are made of Fibaloy in a secret and difficult manufacturing process. These skins are built in multiple layers that are filled with bubbles and tiny fibers oriented in a specific alignment, spacing, and density for maximum RCS reduction. This process is the most secret element of stealth technology. Parts are formed using super-plastics and are joined with strong adhesives. Kevlar 49 and Silag are used in key crossbar struts. Internal structural architecture of the F-117A has an even greater effect on RCS reduction. A design called cut-diamond, which employs several thousand flat surfaces, is used on the F-117A. Each of the small, flat surfaces is angled so it does not share a common radar reflective angle with any other small, flat surface. When a radar beam strikes the F-117A, only one or two of the flat surfaces reflects the incoming radar energy, while the adjacent surfaces present too high an incident angle to reflect the radar energy back to the radar receiver. The cut-diamond structure is covered by a layer of Fibaloy and Retinyl Schiff base salt materials that is able to absorb 98.7 percent of all radiated energy. Like the SR-71, internal plastic radar -absorbing triangular inserts are fitted to the F-117A's vertical-fin and wing leading edges. Iron ball RAM (supplied by TDK Magnetics, cf. Import Waivers) is applied to external surfaces and to some internal metal parts. All gear doors and access panels are specially shaped and tightly fitted to maintain the airframe's low RCS. To enhance its low visual signature, the F-117A employs both active and passive background-masking camouflage techniques that enable it to change color to match the background. Two camouflage colors are used: flat-black for night missions, and dull gray for day missions. The active camouflage technique is "background-clutter signal to aircraft RCS matching." This technique makes use of the F-117's extensive ECM/ESM suite and does not require any changes to the aircraft's structure. With this technique, an F-117A flying at low level protects itself from look-down interceptor radars by matching its overall RCS (as detected from above) with that of the terrain below. This ability makes the F-117A show up as ground clutter on the interceptor's radar, provided the F-117A's RCS precisely matches that of the terrain below it, and the hostile radars would simply reject the clutter and the F-117A masked in the clutter, and never detect the F-117A. ECM/ESM equipment is housed in smart skins, or portions of the F-117A's airframe that incorporate microcircuitry, thus avoiding the need to install antennae or sensors that might have a high RCS on the outside of the airframe. This feature has the combined benefit of saving space on the inside of the airframe and permitting the airframe to be lighter and smaller. Reconnaissance/weapons systems include a forward-looking laser radar used for both terrain-following navigation (TERCOM) and for attacking targets. A forward-looking infrared (FLIR) system is installed, as well as a low light level TV and a head-up display. Its weapons suite includes the optically guided AGM-65 missile and the AGM-45 Shrike antiradiation missile. The AGM-88A high-speed antiradiation missile (HARM) is also included. An advanced gun system developed by Hughes called the in-weather survivable gun system/covert is installed, and all weapons are carried internally. Another weapon that is planned for deployment in FY 93 is the AGM-I36A Tacit Rainbow antiradiation drone missile. This weapon can loiter after release and protect the F-117A from hostile radar tracking by detecting and destroying hostile radars. The Tacit Rainbow is small enough that four can be carried internally by the F-117A. In one recent test of the F-117A's weapon aiming and guidance system, a 500-lb bomb was dropped from altitude of 10,000 feet, and the bomb scored, going right into the top of its target, a 55-gallon drum. Results are similar to the Gulf War experience. Lear Siegler has developed a quadruple redundant electronic fly-by-wire system for the F-117A that eliminates the need for control cables, thus saving weight and simplifying construction. The pilot controls the F-117A with a side-stick controller mounted on the right side of the cockpit. The F-117A pilot sits on an ACES ejection seat. The pilot's canopy has flat surfaces, and should be coated with an optically transparent RAM to prevent radar reflection from the pilot or cockpit equipment. Landing gear is designed for rough-field operations, and each gear leg has a single wheel. Infrared signature is reduced by mixing fan-bypass air and air from cooling baffles with exhaust gases. Mixing of air with exhaust also has the benefit of reducing the acoustic signature. Because infrared homing missiles track aircraft by the heat of their exhaust nozzles, not the heat of the exhaust gas, the nozzles are made of materials that keep the infrared signature low. Cooling baffles and special coatings also help reduce the infrared signature from hot engine-exhaust nozzles. Newer infrared homing missiles with all-aspect launch angles can track only the exhaust plume, but the work done to cool exhaust nozzles and cool exhaust gases on the F-117A (and other stealth aircraft) makes infrared lock-on by these kinds of missiles highly unlikely. Two modified nonafterburning 12,500-1b General Electric F404-HB turbofan engines power the F-117A. Two-dimensional thrust-vectoring exhaust nozzles, which can vector thrust in various vertical and horizontal positions, are installed; however, the nozzles are only two-dimensional in shape, with no vectoring capability. Material around the engine bays is a matrix sandwich of polymers and pyramidic noise-absorbing structures. The sound-proofing is so effective that the F-117A makes only a medium-level (53 dB) humming noise at a distance of 100 feet, and on takeoff a slight whine (61 dB) is heard. The F-117A uses a Benson-designed Rotorduct system that provides additional cold thrust from the engines. The Rotorduct system is connected to the forward and aft sections of the engines. During night operations, the F-117A flies lights out, with no navigation, strobe, or position lights of any kind. F-117As are equipped for all-weather operations without any outside assistance. All guidance systems are passive, except for the laser radar, but that gives no signals that could be detected. Guidance systems include a ring-laser gyro based inertial navigation system and global positioning system receiver, both of which are passive navigation systems. Performance Although the F-117A can fly at supersonic speeds (Mach 1.73), most of its flying is done below the speed of sound close to the ground to take advantage of terrain-masking of hostile radar installations. High-speed flight at low levels also protects the F-117A from infrared-guided weapons or infrared detection systems. At higher altitudes, the F-117A would be exposed to such systems for longer periods of time, while at low levels, the F-117A is not over one area long enough for weapons systems to lock on. Even if the weapons could lock on briefly, the F-117A flies so quickly that it would be long gone before the weapon could shoot it down. Operating at high speeds and low levels makes the F-117A somewhat unstable due to its large wing/fuselage planform. USAF cites this as one reason, among others, for one or two of the four operational crashes. The F-117A uses small ride-control vanes similar to those on the nose of the B-I bomber. These are known as impedance-loaded flow-control vanes, and they alleviate the often bumpy ride encountered during low-level and high-speed flight. Supersonic flight in the F-117A is inefficient because of the materials from which it is built. Some of the materials, while excellent at reducing detectability signatures, have a rough finish that add to the F-117A's parasite drag. F-117A Operational Basing An F-117A unit is permanently based at Tonopah Base (Area 30, also known as Sandia Strip and Mellon Strip) in the northwest corner of the highly secret Nellis Test Range about 170 miles from Las Vegas, in Nevada. Tonopah Base has 72 hangars and was refurbished in 1979 by the U.S. Air Force. (It hadn't been used since World War II.) The unit is known as Team One--Furtim Vigilans (covert vigilantes), and there are 95 F-117As based there. (The term literally means "vigilant by stealth" or "stealthily vigilant" in Latin.) The full-service F-117A wing gained initial operational capability in 1983 at Tonopah Base. There are F-117A temporary-duty (TDY) detachments at Elmendorf AFB and Shemya AFB in Alaska, Kadena Air Base in Japan, and in the United Kingdom. The F-117A also has been active in the Middle East and in Latin America, used in the Gulf War and in covert drug trafficking survellance operations. The U.S. Air Force uses the F-117A in various roles and has integrated F-117A operations with those of the rapid-deployment forces and with the new special operations command. Two of the F-117A's known missions are covert reconnaissance and covert surgical strikes on preselected targets. In operational tests, this effective stealth aircraft has flown within 17 miles of actual Soviet-manned radar stations without being detected, and Soviet-manned Iraqi radar stations detected fewer than 3 of the F-117As in 753 different sorties over Iraq. F-117A Nighthawk Specifications Length 56.43 ft Height 15.72 ft Wingspan 40.20 ft Empty weight 19,674 lb Maximum takeoff weight 34,120 lb Cruise speed Mach 0.93 Maximum speed Mach 1.12 at 36,000 ft Powerplant two 12,700 lb GE F404-HB nonafterburning turbofans highly modified. Composites used in engine construction Combat radius 498 miles From julf at penet.FI Fri Mar 5 21:57:29 1993 From: julf at penet.FI (Johan Helsingius) Date: Fri, 5 Mar 93 21:57:29 PST Subject: ANNOUNCE: Boston-area cypherpunks meeting? In-Reply-To: <9303051658.AA25665@ack.adstest.analog.com> Message-ID: <9303052007.aa26857@penet.penet.FI> > Is there any interest in a meeting of Boston-area cypherpunks? (I've > seen at least two mit.edus out there...) I'd be interested in meeting > some of you in person, exchanging keys, etc. Uh... It just so happens that I will be in Boston from April 7th to 18th... Julf From crunch at netcom.com Sat Mar 6 01:44:36 1993 From: crunch at netcom.com (John Draper) Date: Sat, 6 Mar 93 01:44:36 PST Subject: Internet radio Message-ID: <9303060943.AA04654@netcom2.netcom.com> Re: Internet radio.... I can see (or actually hear it now) - Stay tuned for the super duper Cypherspace hot hit 100, coming up after these messages... And about 15 minutes of BS about the right hair spray to buy... JD From edgar at spectrx.Saigon.COM Sat Mar 6 04:24:28 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Sat, 6 Mar 93 04:24:28 PST Subject: Kill lines Message-ID: I agree with Eli Brandt that Chael Hall's simple implementation of a standard "kill" line is preferable to the complicated "Regexp" specification. I could manage it, but I agree with Eli that many could not. Eli offers an alternative of Signature-Lines: Assuming that this can be inserted in the body of the message with the :: convention as well as among the headers, this is acceptable, but is still more complicated than the "kill line". The proper number for "signature-lines" will have to be found by trial and error, by sending messages to oneself. One caveat here. Any remailer which implements "signature-lines" will have to -remove- that line from the header (or change to zero) when it removes the of signature lines from the end of the body. Otherwise, a chain of "signature-lines" remailers would -each- see the "signature-lines" header and would -each- remove lines from the end of the message body. -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca From sdun at isma.demon.co.uk Sat Mar 6 05:55:34 1993 From: sdun at isma.demon.co.uk (Stephen Dunne (+44) 71-538-5656) Date: Sat, 6 Mar 93 05:55:34 PST Subject: ANON: Sysadmin Policies at Universities (and HS) Message-ID: <9303062148.AA0035@isma.demon.co.uk> >If you want to have such a thing to call "your account" you're welcome >to plunk down some $$$, buy a machine, get yerself a network link, and >remail to your heart's content. If I were another CS student at UB, I >would be bummed if the scarce (by your account, and by most others at >universities) cycles I needed to get my homework done were being given >away to folks all over the world via a remailer. Hmmm.. Unless you guys in the states get third level education for free you've *already* plunked down some $$$ as course fees. I would assume that a portion of the fees for an IT related course would be applied to purchase/upkeep of the relevant kit. IMHO the attitude of educational establishments which can border on the paranoid whenever they come across usage of "their" systems which isn't typical is very similar to the classic model of the commercial DP gruppenfuhrer... Both can be regarded as empire-builders.. Stephen From judic at sunnyside.com Sat Mar 6 09:16:38 1993 From: judic at sunnyside.com (Judi Clark) Date: Sat, 6 Mar 93 09:16:38 PST Subject: One last time Re: CFP Costs Too Much! (long) Message-ID: <199303061715.AA25795@snyside.sunnyside.com> Hi Tim I wanted to take a minute to respond to your note about the cost of CFP'93. There are several things that you a) don't know, and/or b) aren't taking into account. Altho' my writing style is somewhat cut-throat (why I am not a writer), this is not a re-flame, but rather an informational piece. As such, if you are still interested, I can discuss the conference costs in more detail at a future date (like sometime after the conference?). >Dave Deltorto is one of several people I know, including myself, who don't >like the prices of the upcoming Computers, Freedom, and Privacy Conference: > >>.... I would also dearly like to attend CFP, but >>I haven't yet found a way to do it without money (anyone who knows a way I >>can volunteer my way in and help out please say so - I'll sweep up after, >>anything...). Dave found a way to attend. He is a volunteer for the conference, and as such, gets in free. There are over 20 such volunteers this year. FYI, volunteers impact the costs of the conference in two ways: 1) They help to keep staffing costs out of the budget 2) They aren't guaranteed lunches/banquets so as not to increase food costs. Given that many paid registrants don't show up for one meal or another, volunteers help "take up the slack" with the extra meals. :-) optional info: In addition, volunteers help to round out the attendance. As volunteer coordinator, I have sought to fill as many volunteer positions with women and minorities as possible. Dave, as a hacker, is one such minority. (I'm sure this method of choosing volunteers will vary with future confs.) >In my opinion, $405 is way too much to pay for this conference. Science >Fiction conventions routinely get the use of major hotels at a far lower >per head price (from $40-$125 is typical). The BayCon convention takes over >most of the public facilities in San Jose's Red Lion Inn (several >ballrooms, many smaller rooms, and most of the public lobby areas), has >about 500 attendees (same as CFP), and charges less than $100 for 4 days >(and one-day memberships are typically around $30). And the "Hackers >Conference" has kept its cost down to around $300, which includes two >nights lodging and all meals (very sumptuous meals, too). Conventions typically don't have 80 speakers, nor formal banquet functions. Meals are certainly a BIG part of our costs. Speaker meals are part of costs. Admittedly, if we were offering "a place to show things", we would be partly subsidized by booth space costs and other commercial ventures; our costs would be less. CFP has traditionally ruled that commercial booths are NOT a part of the program, and have declined offers to "buy" space on our floor. You mention that Hacker's keeps costs down to $300 for two nights. While we don't include the cost of the night's lodging for a number of reasons, we do include meals. Further, Hacker's attendees all pay equally. CFP has 80 speakers which, while they do not receive pay for their part, do receive all meals. Part of the cost in attending reflects what you're coming to hear, in the settings that we have arranged (single-track sessions, banquet speakers, etc.) >Granted, CFP puts out a nice transcript of the talks--credit them $20 for >that. Thanks for credit for the transcripts, but the $20 isn't ours. The proceedings need to be transcribed word for word from the conference, edited, and made camera-ready before IEEE or ACM (or whoever publishes it) get the $20 each. optional info: IEEE published the first conference, and has not yet made back the cost of printing their small run. Those transcripts are now online. What do you think their chances are now of making their costs back? The transcripts also need to be re-edited/indexed for free online public distribution. Noone has offered to do any of this for free yet... >Granted, a couple of meals are thrown in--credit them another $30 or so. You haven't talked with hotels lately. Continental breakfasts typically cost $5 per person, lunches are another $15 per person, and dinners $20. Add an 18% service charge and 8.25% tax to that, and multiply by 3 days... >What's left is still too much. Yes, a "register early" discount >exists/existed, but inasmuch as there's a nonzero risk someone can't attend >(and hence loses what they paid, or some fraction of it), counting such >discounts is not really kosher. You're missing the point of the early registration. You apparently didn't take into account that we printed brochures and paid for mailings to some 40,000 people plus thousands more in press. While two of us worked for several months with no pay, we did incur many expenses. We bear the costs of bringing this conference to you until we are reimbursed. As Jim Warren will tell you, this is no small change. The first conference, with 400+ attendees, made $1000 in "profit", and was donated to CPSR, conf sponsors. >There are several possible reasons for the high fees: > >1. Price insensitivity. Wrong. We have a history of what this conference costs, and do all that we can to keep costs down. For example, the conference chairman doesn't get paid. As Organizing Coordinator, I might or might not, depending on the conference outcome. While the cost of this conference is minimal to a few of the attendees, it is obviously a big factor to many. That's why we received over 100 requests for scholarships this year, and why we were able to find separate funding for 40 full registrations (twice as many as last year!). We would like to have gotten more... >2. "Everyone else is doing it." This is irrelevant. We are not doing anything because "Everyone else is doing it." Rather, we are trying to do things that everyone else is NOT doing. >3. Subsidies of journalists. Journalists are admitted free, but must pay for meals themselves. Tim, I'm sorry to hear you won't be there for whatever reason. Phiber's right, lots of the good stuff happens throughout the whole place. And thanks, Fen, we try. (Hacker's is a different world. Would it be that we could do some things more informally...) I look forward to a fun, informative and project-generating conference. judi From composer at Beyond.Dreams.ORG Sat Mar 6 11:59:34 1993 From: composer at Beyond.Dreams.ORG (Jeff Kellem) Date: Sat, 6 Mar 93 11:59:34 PST Subject: ANNOUNCE: Boston-area cypherpunks meeting? In-Reply-To: <9303051658.AA25665@ack.adstest.analog.com> Message-ID: <9303061958.AA05570@Beyond.Dreams.ORG> On the cypherpunks mailing list, Eric Fogelman wrote... > Is there any interest in a meeting of Boston-area cypherpunks? (I've > seen at least two mit.edus out there...) I'd be interested in meeting > some of you in person, exchanging keys, etc. Sure thing. Perhaps those of us from the Boston area that'll be at CFP-3 should get together while we're there next week to plan something in Boston. A sort of pre-meeting.. ;-) See you in SF at CFP-3... -jeff Jeff Kellem Internet: composer at Beyond.Dreams.ORG From collins at socrates.umd.edu Sat Mar 6 14:47:05 1993 From: collins at socrates.umd.edu (Jim C) Date: Sat, 6 Mar 93 14:47:05 PST Subject: No Subject Message-ID: <9303062247.AA21226@toad.com> subscribe me! From MJMISKI at macc.wisc.edu Sat Mar 6 20:05:15 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sat, 6 Mar 93 20:05:15 PST Subject: ACT NOW! Message-ID: <23030622022987@vms2.macc.wisc.edu> Dear Cypherpunks- The talk on this list is incredible. Having grown up during the dawn of personal telecommunications, (I remember a 110 baud modem and running to get the phone in he cups in time), it amazes me how far we have come. Compared to the first BBSs, the level of discourse ha also advanced. Well, now that we have all matured (no offense to my first mentors) the time has come to combine our social concerns and our knowledge of technology. Now is the time for empowerment and action. I know many of you have been discussing (flaming) about anarchy. I understand that movement but I believe we are ready to act on a different level. Most of us hold strong personal and political beliefs. I think it is time for us to come together (as much as is possible) and distribute and activate our ideas. Cryptography (finally got to the point) will play an intimate part in any real technical revolution. I am _far_ from an expert (finally unzipped PGP2.1). And so, I need to enlist the great minds present on or reading this list. I speak in general terms so as not to offend some. I know some feel that power need not be redistributed and I respectfully have kept things vague (did you see that graceful sidestep of the inevitable *flame*). I also kept this brief so as not to disturb the S/N ratio any more. So, very briefly, I assert: Information, technology and control of both _is_ power. *Anonymous* telecommunications has the potential to be the greatest equalizer in history. Bringing this power to as many as possible will forever change the discourse of power in this country (and the world). This is intimately involved with political and economic theory, but can be accomplished without fatally altering the existing models of these theories. We, with the knowledge, have the power to change everything we see. But, we must act. We must organize. And we must start _now_. Please send me private email so as not to burden the Cypherpunks list or increase the noise. I will listen to all (and fully expect certain folks). BTW, I am not a socialist, communist, liberal, conservative, fascist, et al. I do not believe in simple change, but actual progress. I believe in progression not politics. I believe the private sector is an untapped resource for furthering social justice. I am a Law Student with a deep sense of social urgency. (Not your typical lawyer-to-be). I await _ALL_ responses. Thanx, mjmiski at macc.wisc.edu Matthew J. Miszewski From wk01847 at worldlink.com Sun Mar 7 00:39:51 1993 From: wk01847 at worldlink.com (Michael) Date: Sun, 7 Mar 93 00:39:51 PST Subject: F-117A Nighthawk pseudo"revelation". Message-ID: <9303070838.AA00566@worldlink.worldlink.com> Re: The F117A message left to cypherpunks by an anonymous fellow on Fri 4/5. What a bunch of bull! Consider the following reasons which are obvious to any intelligent and technologically savvy reader: "employs active and passive techniques to change color" Logical baloney. What is a "passive way to change color"? "Passive" means to do nothing, yet changing color is an obviously "active act". Sounds like $100 words that mean absolutely nothing if one things about what he is reading, rather than swallowing it whole. "When flying low, it adjusts its radar cross section to a high flying interceptor aiming radar downwards at it, so as to match its own radar reflectance to that of the ground". Logical baloney again. How can that plane know the radar cross section (the reflectance) of the terrain below it unless it is itself aiming a radar at the ground? But if it did aim a radar itself, it would stand out like a sore thumb to ground based receivers, so it couldn't logially do so. "ECM/ESM circuitsd are mounted on the skin to avoid the need for antennas". Technical baloney! A radio fequency receiver or transmitter needs a means to couple to the outside world; this means is called antenna. You just cannot wish the function of an antenna away; basic physics (of which the writer of the nonsense I am responding to is ignorant) requires a physical capture area for an antenna. And on and on and on... And besides, lets consider the motivation of the writer of the message which ostensibly "unvovered" the information he broadcast to the world. (Never mind that it was nonsense, as per above. Since internet is worldwide, is that fellow telling us that he, in his infinite wisdom, decided that what is presented as classified info should be released? Why? And, assuming that his information was correct which it isn't as per above, does he say that ALL classified information should be released by anybody that has it, or is he saying that he himself is blessd ed by the almighty to have this super judgement to unilaterally declassify things? Or is he telling us (assuming that his info is correct, which it isn't as per above) that he is knowingly guilty of treason for disclosing classified info and, as a logical corollary, that he wants to harm this country? Oh, well, the world never had a shortage of snake oil salesmen nor of irresponsible and treasonous fools. From internaut at aol.com Sun Mar 7 06:48:34 1993 From: internaut at aol.com (internaut at aol.com) Date: Sun, 7 Mar 93 06:48:34 PST Subject: FWEE!: Premature Ejaculation Message-ID: <9303070949.tn25905@aol.com> >>nowhere at bsu-cs.bsu.edu >> >>Way cool--Pentagon gettin' zapped! >> >>F-117A Nighthawk ("Stealth") Program--Summary Uh-huh... OK. Easy now, Lads... Let's not "jump the gun." It is with a strange mixture of giddy delight and dire trepidation that I 'pen' this note to you all. I read "nowhere's" posting with no small amount of interest and yet I have a BIG PROBLEM with it, so I thought I would post this tiny reminder to everyone about "what the hell are we fighting for" (anyone else around here remember singing along with Country Joe and MEANING it? ...1-2-3) before any more such postings occur. If you answer "don't ask me, I don't give a damn," I worry about you (...5-6-7). Some thoughts: 1. The Whistleblower system currently under construction (in more ways than one) is of extremely high value both to us as digital pioneers and ultimately to the People of this country and by extension of the world. It promises to open up 'doors' that would otherwise stay very tightly shut. This is no small thing. 2. The WB system should be directed toward uncovering structural ABUSES by persons or companies entrusted with the interests and/or funds of the People. Remember, this whole gig is supposed to be "of, by and for the People." We're just here to remind the trustees not to cook the books like George Herbert Fucking Walker Bush did. Infact he can be considered as one of our most interesting subjects, whatever flat little Texas rock he might be hiding under right now. We haven't forgotten you George, we're just getting our digital posse rounded up. Except there's someone among us who's wearing his/her gun belt a little too tight already, to wit: 3. The purpose of such a system is NOT to cater to the puerile (look it up, it comes from the Latin for 'childish' and yes, I indulge in it often enough to understand) impulses of people who'd like to anger the Dark Side just for the sake of thumbing their noses at Authority, but to truly cut the Dark Side to the bone - to expose their Darkest Secrets and leave them bleeding ink all over the front pages. I recently paraphrased the Bible (and probably every other religious tome since recorded Herstory began) in conversation with two of my favorite Cypherpunks and I now see the value of sharing this tidbit with all of you: "That which is whispered of in closets, shall be shouted from the rooftops for all to hear." ...I propose this as a suitable motto for the Whistleblowers and possibly even the Cypherpunks - at least those with an ironic bent. (Btw, would the more Bible-literate among us please feel free to cite chapter & verse, so I can find where I read this and quote it more accurately in the future.) 4. Posting information of the kind in "nowhere's" transmission (though admittedly fascinating) will only serve to ALERT and STRENGTHEN the position and attack capabilities of those who would defeat the WB system BEFORE it truly gets off the ground. Post data like this NOW and you provide ammunition to sharpshooters who need an excuse to terminate us with extreme prejudice. Compare the value of information of the sort in "nowhere's" posting (which I might add can probably be found by the more astute among us in certain lesser-known defense industry publications) with an anonymous posting by someone taking a very BIG chance with his/her life by proclaiming the complete and utter lack of integrity of persons charged with the maintenance of Democracy or persons charged with the maintenance of the Safety and Security of the People. I ask you, fellow Patriots: what would you rather read? Would the expose' of a high-ranking member of the Military-Industrial Complex be of greater value to you than the specs on the composition of a plastic wing's leading-edge? Let us not forget who arranges for the development of such weapons - those who loose the Dogs of War, not the Dogs themselves should be our Enemy. Another hypothetical example: would you like to know what the US Government knows about _who_ shot John Fitzgerald Kennedy and _why_? Keep posting information on expensive black budget D-Fens items and see if we ever find out. I don't particularly want some haircut sliding in my front door with a warrant just because I'm on this list - and don't think I'm overreacting (because I am). FLAME. A wise man chooses his weapon carefully and does not shoot his bolt before the target is well in sight. In the teachings of ancient strategists, one can find many sage postings on when to keep one's powder dry, when to retreat for strategic/tactical advantage and when to just plain shut the fuck up so no one knows you're hiding there with your pointy stick. "Verbum sat sapienti est." In Latin (remember how far those Roman strategists got!) this means "wise up or someone with much fancier toys will come and take your cereal box and you'll be left with no whistle to blow. I get off on reading about Inspector Gadget's Flying Doomsday Jets as much as the next technoweenie, but I also have an idea of what's really important here. As a person who threw bricks at riot police in the '60's, I have an indelible impression of what it is that Freedom of Speech is all about and I don't want to risk a potentially incredible source of Freedom of Speech all for a few nuts and bolts descriptions of some weapons systems that some very dangerous mofos will do just about anything to keep under wraps. Remember, no system of anonymity or encryption is _completely_ secure: give the wrong entity a good reason to focus its highbeams on us now, and you jeapordize our whole mission. One might even say that a valid attack strategy for someone who wants to take us down is to float such postings NOW so that serious, formal complaints could be substantiated in the not-too-distant future. dave "are you experienced?" del torto, aka d2t From internaut at aol.com Sun Mar 7 06:48:34 1993 From: internaut at aol.com (internaut at aol.com) Date: Sun, 7 Mar 93 06:48:34 PST Subject: MEETING: CFP>$! Message-ID: <9303070949.tn25907@aol.com> Gang, Since Tim May took the pardonable liberty of putting virtual words in my mouth about my opinion of the costs of CFP, I just thought that I would "reply" by publicly posting my thanks to Judi Clark for her explanation of what goes into a CFP conference. I have been both educated and humbled by her communication. Thank you, Judi. Firstly, I have to say that my initial reservation (all puns intended) about CFP's cost was motivated PURELY my current lack of cash. Naturally, I would have preferred to have returned a conference fee reimbursement slip to some FatCat with a stouter wallet than my own, but alas, I currently have no such overly-resourced feline to fall back on. Secondly, although I surely did mutter about how much it costs and Tim was perfectly within the bounds of reason to infer some reticence on my part, I did manage to do something constructive about it by volunteering to help out with a good cause. Judi was generous to mention my fairly insignificant contribution, especially compared to the vast amount of work that she and her cohorts have put in, but given any opportunity, I would have been, and still am, willing to do what I can to ensure that the whole thing goes smoothly. With every bite of every free meal I can weasel out of this deal, I will be thanking her for the favor she is doing to my pathetic cash-flow situation. BTW, Judi, should I be caught stuffing dinner rolls up my sleeves, I trust you'll keep the Sheriff from cuffing me too tightly. Thirdly, for philosophical and intellectual reasons, I am _really_ excited to be able to attend, even as a janitor/hacker, and will do my best to feed back information and impressions to everyone on the list who doesn't have the opportunity to attend. In case someone has not been paying attention, my philosophy involves dirtying my hands when something shows value to me and to others. Anonymous remailers in support of Whistleblowers; conferences that support the Mission; visiting dignitaries who need a ride to the airport ("May I carry your briefcase Ms. Denning?"), whatever... Finally, to be fair, I do NOT want to imply that Tim is whining. CFP _IS_ very expensive for us mortals and there are a lot of people who _should_ be attending instead of me but simply can't afford it. Tim probably has a full-time job (unlike yours truly) and no time for volunteerism so I won't for a nsec lean out of my glass house and suggest that he's alone in his opinions because I basically agree that everything should be free. In fact, Tim's contributions to this list dwarf mine to the point where I should be thanking him just for enlightening me with his opinions. Thanks, Tim. David "Steal This Email" Del Torto ^ ^ ^ = DDT ... d2t From mccoy at ccwf.cc.utexas.edu Sun Mar 7 15:04:03 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Sun, 7 Mar 93 15:04:03 PST Subject: Pgp 2.2 is out Message-ID: <9303072247.AA05804@tramp.cc.utexas.edu> Well, since no one else seems to have mentioned it and it seems somewhat important to the general purpose of this list, I thought I would make sure poeple knew that PGP 2.2 is not out and available at ftp sites. Here are the sites listed in the announcement in alt.security.pgp: nic.funet.fi:pub/msdos/incoming garbo.uwasa.fi:pc/incoming src.doc.ic.ac.uk:tmp/pgp I snagged mine from src.doc.ic.ac.uk, so I know it is at least at that site... jim From ncselxsi!drzaphod at ncselxsi.netcom.com Sun Mar 7 15:05:31 1993 From: ncselxsi!drzaphod at ncselxsi.netcom.com (DrZaphod) Date: Sun, 7 Mar 93 15:05:31 PST Subject: Fw: Law and Disorder on the Electronic Frontier Message-ID: <18782.drzaphod@ncselxsi> -- Thought Cypherpunks would benefit from this.. Odd that we didn't get it first. -- ------------------------------ From: netcom!mcg at netcomsv.netcom.com (Tiamat the Chaos-Ocean) Sat, 6 Mar 93 23:05:03 -0800 To: sfraves at soda.berkeley.edu (SFRaves) Subject: Law and Disorder on the Electronic Frontier I thought this might be of interest to a few of us SFRavers, given the recent threads on privacy, virtual culture and the law, etc. This is taking place TOMORROW (Sunday), and I'd say there's an 80% chance I'll be there -- I'd encourage as much SFR participation as possible. ------------ QUOTED FLYER FOLLOWS ------------ Jacking In: A Monthly Series on Cyberspace Literacy presents: Law and Disorder on the Electronic Frontier Computer and telecommunications technologies hold great promise for individuals and society. Increased access to information can enhance commerce, political participation, community development, and public health and education. But, between activities of questionable legality and the countermeasures taken by private parties and law enforcement officials, these technologies are raising fundamental questions about privacy, property, and our freedoms of speech and assembly. Join us for an evening of provocative presentations by: BRUCE STERLING, author, journalist, editor MIKE GODWIN, Electronic Frontier Foundation JOHN DRAPER, a.k.a. Cap'n Crunch, reformed cracker MITCH RATCLIFFE, cofounder This!Group BRUCE KOBALL, Chair, Third Conference on Computers, Freedom, and Privacy Sunday, March 7, 7 pm $3 - $5 sliding scale Modern Times Bookstore 888 Valencia (19th/20th) ==> a few doors down from Zanzibar San Francisco, CA 94110 (415) 282-9246 ----____----____--__--__--__--__-_-_-_-_-_-__--__--__--__--____----____---- MykL G Look to the future! mcg at netcom.com ____----____----__--__--__--__--_-_-_-_-_-_--__--__--__--__----____----____ DrZaphod [AC/DC] / [DnA][HP] [drzaphod at ncselxsi.uucp] Technicolorized From hughes at soda.berkeley.edu Sun Mar 7 15:09:42 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sun, 7 Mar 93 15:09:42 PST Subject: pgp 2.2 Message-ID: <9303072302.AA21043@soda.berkeley.edu> PGP version 2.2 has just been released. Copies may be obtained from the cypherpunks archive site via anonymous ftp. soda.berkeley.edu:pub/cypherpunks/pgp There is a .tar.Z file and two .zip files. Enjoy. Eric From crys at cave.tcp.COM Sun Mar 7 15:52:26 1993 From: crys at cave.tcp.COM (Crys Rides) Date: Sun, 7 Mar 93 15:52:26 PST Subject: Pgp 2.2 is out In-Reply-To: <9303072247.AA05804@tramp.cc.utexas.edu> Message-ID: <9303072350.AA03348@ucunix.san.uc.edu> -----BEGIN PGP SIGNED MESSAGE----- >>>>> On Sun, 7 Mar 1993 16:47:48 -0600 (CST), mccoy at ccwf.cc.utexas.edu (Jim McCoy) said: Jim> Content-Type: text Jim> Content-Length: 450 *grumblegrumble* Are these MIME headers, or what? I'll have to hack this citer to handle them. Jim> Well, since no one else seems to have mentioned it and it seems somewhat Jim> important to the general purpose of this list, I thought I would make sure Jim> poeple knew that PGP 2.2 is not out and available at ftp sites. Here are Jim> the sites listed in the announcement in alt.security.pgp: Jim> nic.funet.fi:pub/msdos/incoming The files on this one were zero-length nulls at the time of my checking. Jim> garbo.uwasa.fi:pc/incoming The directory was empty, and the files weren't elsewhere on the system to an admitedly cursory scan. Jim> src.doc.ic.ac.uk:tmp/pgp Jim> I snagged mine from src.doc.ic.ac.uk, so I know it is at least at that Jim> site... And that was where I got mine, the only site I was able to actually find them. Jim> jim CrysRides -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK5qJ6JSqD+bQ7So3AQEQNwQAobkQfUtpAvg9YF0nnpgRsSkYqFpK9y7v WrXg7IWhjZHrjHtA6qXq72KDfHknR0b74PJMXH1bA/1n9eytgm9SqFxC/kAM98FR 4VBBH7EOOLDQ6Q8Hxd+o8/+vVyYS/wLmNCVhmrqwA4ImqaTSjaBj7CmQw2PzWQ6d tkLB7eyrSl8= =kRLu -----END PGP SIGNATURE----- From sneal at muskwa.ucs.ualberta.ca Sun Mar 7 16:32:55 1993 From: sneal at muskwa.ucs.ualberta.ca (Steve Neal) Date: Sun, 7 Mar 93 16:32:55 PST Subject: Mailer weirdness Message-ID: <9303080031.AA19392@muskwa.ucs.ualberta.ca> [Disclaimer: this may very well be a dumb newbie-type thing] The last two messages posted to the list by David Del Torto popped up in my mailer with a long list of "Apparently To" fields, thus identifying a bunch of list members. This is something of a breach of privacy for anyone who didn't want to be known as a cypherpunk. Beggin' your pardon if this strikes you as an amazingly lame thing to bring up; I'm relatively new to mailing lists and Internet, and my eyes film over after relatively short exposure to the RFCs, so I ain't read all the relevant ones yet. -- Steve From strat at intercon.com Sun Mar 7 16:48:05 1993 From: strat at intercon.com (Bob Stratton) Date: Sun, 7 Mar 93 16:48:05 PST Subject: Mailer weirdness In-Reply-To: <9303080031.AA19392@muskwa.ucs.ualberta.ca> Message-ID: <9303080046.AA08567@intercon.com> -----BEGIN PGP SIGNED MESSAGE----- I don't think it's lame to bring up stuff like inadvertent disclosures of information via mail headers. My first suspicion was (and still is) that someone BCCed the people in the Apparently-To: headers, or CCed them, and the list exploder tried to do the right thing. Then again, I was in that list in the copy I received, but I haven't gotten two copies yet, so I may be all wet. - --Strat -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK5qXZtpAw4w47a4DAQEmNwQAq2vJKmD6vWbVbPIkYO2HwyeWJMO7BNGK hnwiRotk/d5rLesxF5aPo7FJ/QXA5cC5kA4hzsIO8WnFNLCvkuj048v3Ey1Mqsbm DbmBhMdq/5Vo2R1UCRG2qRYqQ0qauvCwYddaFtkUEw79AEliRPS4C3k6ier/n4ml wgMwcmSfydI= =tQ0N -----END PGP SIGNATURE----- From Doug.Brightwell at Corp.Sun.COM Mon Mar 8 10:20:24 1993 From: Doug.Brightwell at Corp.Sun.COM (Doug Brightwell) Date: Mon, 8 Mar 93 10:20:24 PST Subject: Pgp 2.2 is out Message-ID: <9303081818.AA07274@media.Corp.Sun.COM> FYI, I tried src.doc.ic.ac.uk:tmp/pgp and the directory was empty. Doug From shipley at merde.dis.org Mon Mar 8 11:59:47 1993 From: shipley at merde.dis.org (Peter &) Date: Mon, 8 Mar 93 11:59:47 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303041910.AA28103@cygnus.com> Message-ID: <9303081847.AA13966@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 1079 bytes Desc: not available URL: From fergp at sytex.com Mon Mar 8 14:15:05 1993 From: fergp at sytex.com (Paul Ferguson) Date: Mon, 8 Mar 93 14:15:05 PST Subject: PGP v2.2 Message-ID: Would someone be so kind as to post the filename(s), directories and FTP locations for PGP v2.2? All references that I have read so far have been vague or incomplete. Muchas gracias. Paul Ferguson | Network Integration Consultant | "All of life's answers are Alexandria, Virginia USA | on TV." fergp at sytex.com (Internet) | -- Homer Simpson sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP public encryption key available upon request. From strat at intercon.com Mon Mar 8 14:15:17 1993 From: strat at intercon.com (Bob Stratton) Date: Mon, 8 Mar 93 14:15:17 PST Subject: Encrypted voice protocol? Message-ID: <9303081648.AA50608@horton.intercon.com> > Date: Fri, 5 Mar 93 14:35:15 EST > From: dmandl at shearson.com (David Mandl) > Subject: Re: Encrypted voice protocol? > > Yup, big article in the New York Times yesterday (front page!), and a > smaller article in today's New York Newsday. Anyone out there have the > time to post either of them to the group??? Also, if any of you who'll be at either CFP or the Saturday meeting have it, I'd love a xerox. --Strat From jim at tadpole.com Mon Mar 8 14:15:59 1993 From: jim at tadpole.com (Jim Thompson) Date: Mon, 8 Mar 93 14:15:59 PST Subject: Pgp 2.2 is out Message-ID: <9303082117.AA01927@tadpole.tadpole.com> > From cypherpunks-request at toad.com Sun Mar 7 18:01:28 1993 > Date: 07 Mar 1993 18:50:27 -0500 > From: Crys Rides > Subject: Pgp 2.2 is out > Sender: Crys Rides > Jim> garbo.uwasa.fi:pc/incoming > The directory was empty, and the files weren't elsewhere on the system > to an admitedly cursory scan. Hmm, look in fileutil/pgp22.zip Heck, its even in ftp.uu.net:/tmp/pgp22.tar.Z,/tmp/pgp22.zip,/tmp/pgp22src.zip now. Jim From approach!douglas at approach.com Mon Mar 8 14:16:03 1993 From: approach!douglas at approach.com (Doug Mason - MIS Czar) Date: Mon, 8 Mar 93 14:16:03 PST Subject: PGP 2.2 is hard to find...! Message-ID: The _ONLY_ place that I have been able to find PGP 2.2 is on soda.berkeley.edu, thanks to Eric. Ever other place that has been advertised seems to be empty for whatever reasons. Apparently it was at some of these locations previously, as others say that this is where their copy came from, but it is only on Soda as of this morning (Monday). --Doug --- Douglas Mason douglas at approach.com Network Administration CompuServe: 76646,3367 Approach Software Corporation +01 415.306.7890 From pcw at access.digex.com Mon Mar 8 14:43:15 1993 From: pcw at access.digex.com (Peter Wayner) Date: Mon, 8 Mar 93 14:43:15 PST Subject: Clinton/Gore and Commerace vs. State... Message-ID: <199303082241.AA15461@access.digex.com> I seem to remember that Clinton and Gore indicated that they would move regulation of the encryption technology from the State Dept to the Commerace Dept when they were elected. Now, things are more on hold. Can anyone bring me up-to-date on the whole story? -Peter From internaut at aol.com Mon Mar 8 15:04:06 1993 From: internaut at aol.com (internaut at aol.com) Date: Mon, 8 Mar 93 15:04:06 PST Subject: LISTBIZ: Mailer weirdness Message-ID: <9303081804.tn03793@aol.com> >>From: sneal at muskwa.ucs.ualberta.ca >>Subj: Mailer weirdness >> >>The last two messages posted to the list by David Del Torto >>popped up in my mailer with a long list of "Apparently To" >>fields, thus identifying a bunch of list members. This is >>something of a breach of privacy for anyone who didn't want to >>be known as a cypherpunk. >> >>Beggin' your pardon if this strikes you as an amazingly lame >>thing to bring up; I'm relatively new to mailing lists and >>Internet, and my eyes film over after relatively short exposure >>to the RFCs, so I ain't read all the relevant ones yet. >> >> -- Stev ! ******* ! No, Steve, you're NOT crazy and YES this was a completely unintentional thing. I did nothing out of the ordinary - I only addressed my mail to the list (as usual). Furthermore, my subject field was replaced with "Unknown subject" - which was expressly NOT the subject of my original posting. Who's tinkering? ...Please STOP. I don't want my mail or anyone else's to trigger any more of these listings. I'm wondering out loud if this anomaly could indicate some subrosa official investigation of our list - perhaps someone Not Silly at All has been in to take a look and needs these lists of members? Hmmmm. dave del torto aka d2t From internaut at aol.com Mon Mar 8 15:04:36 1993 From: internaut at aol.com (internaut at aol.com) Date: Mon, 8 Mar 93 15:04:36 PST Subject: LISTBIZ: metaprefixes update Message-ID: <9303081805.tn03802@aol.com> Hi everybody! A REMINDER: In the interest of making the LARGE volume of Cypherpunks list mail a bit easier to parse visually, we have taken to adding metaprefixes to our subject fields. Although this is optional, you may find that many of us ignore your postings if you don't use some sort of mechanism to help us know what you're posting about. Several people are automating their mail readers to put your postings in "boxes" that they want to follow, so please pick up on this habit - thanks! :) Some sample metaprefixes: ANON: Anoymity/Pseudonymity CENSOR: Cryptography & Censorship DCASH: Digital Money, Digital Banking DCNET: Dining Cryptographer Nets FWEE!: Whistleblower Project LISTBIZ: General Cypherpunk list business MTGS: Physical Meetings/Conferences (e.g. CFP, etc.) OPIN: Personal Opinions PGP: PGP App/Current Availability on FTP, etc. RANDOM: Random Generators REMAIL: Remailer technology, Problem reports (this is probably not a complete listing, but it's MOST of 'em) Collect 'em all! Trade 'em with your friends! Feel free to create your own if the topic of your mail does not fall into one of these logical cubbyholes. d2t From phantom at u.washington.edu Mon Mar 8 15:16:27 1993 From: phantom at u.washington.edu (The Phantom) Date: Mon, 8 Mar 93 15:16:27 PST Subject: PGP 2.2 is also available at Message-ID: ftp.u.washington.edu: /pub/user-supported/cypherpunks This should be a stable site. Matt Thomlinson University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From ronin at pinetree.org Mon Mar 8 16:01:59 1993 From: ronin at pinetree.org (Douglas Sinclair) Date: Mon, 8 Mar 93 16:01:59 PST Subject: Need telnet access Message-ID: <5ca5ZB1w165w@pinetree.org> Hi there. This is Doug - I'm subscribed to the list as dsinclai at acs.ucalgary.ca. Unfortuantely, though my account is in Calgary, I'm flesh in Ottawa. I also just lost my telnet access as a local switch upped its security. Is anyone out there in a position to lend a fellow cypherpunk a hand and get me a telnet account in Ottawa? It would be much appreciated. Please reply to this account. Thanks. --- "In the instant of putting Gunhead through the Schonbrunn's locked-and-armed Benedict Canyon gate, Rydell had experienced a fleeting awareness of something very high, very pure, and quite clinically _empty_;" -- William Gibson, _Virtual Light_, yet to be released. From markh at wimsey.bc.ca Mon Mar 8 16:36:08 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Mon, 8 Mar 93 16:36:08 PST Subject: PGP 2.2 is hard to find...! Message-ID: <9303081627.ZM29189@wimsey.com> -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: PGP 2.2 is hard to find...! Also wimsey.bc.ca ~ftp/pub/crypto/PGP/2.2 Mark -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK5vkLPfE/ap/JEqpAQEpgAP9FRomKPPC57dyxQhkSh3BXLWxvw+hKtJL KpkeulGmxK7XTEBvn7P0D+6CwQ3DGTi2zUUr4rN2+0LRo5uEf+fl9OR+JrNSeoy3 ydh59dlhmJAwZepCJVSQP4PsYuoKo6TyGeK5GWWzVIqQDM22QrZI9vdHe76zNi8X t2uqk0MWsqs= =sv9a -----END PGP SIGNATURE----- From deltorto at aol.com Mon Mar 8 18:27:20 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 8 Mar 93 18:27:20 PST Subject: PGP: MacPGP v2.2 is GO! Message-ID: <9303082128.tn05369@aol.com> Gang, Thanks to the efforts of Phil Zimmerman, Zbigniew "Zig" Fiedorowicz and the pgp.dev group, there is a new Macintosh PGP v2.2 (MacPGP) available to the public FOR EDUCATIONAL PURPOSES ONLY. The version number is v2.2 b91. This is the nicest version I have seen yet, replete with sexy interface features (well, sorta, anyway), well-organized menus and stable operation FOR EDUCATIONAL PURPOSES ONLY. I will demo it to anyone who wants to see it at the CFP 93 conference. Contact me about getting it for your Mac FOR EDUCATIONAL PURPOSES ONLY. The best way to do this is mail me at and give me your CompuServe, AppleLink or America Online address so I can send it to you intact (& compressed) FOR EDUCATIONAL PURPOSES ONLY. Please indicate: -1- Your favorite compression scheme. Compactor Pro StuffIt DiskDoubler (my fave) I can also send it as a self-expanding archive. -2- If this is a _new_ installation, in which case I'll include some docs and the randseed.bin and config.txt files along with the app. -3- Clearly that you intend to use it FOR EDUCATIONAL PURPOSES ONLY. d2t From fen at genmagic.genmagic.com Mon Mar 8 18:52:19 1993 From: fen at genmagic.genmagic.com (Fen Labalme) Date: Mon, 8 Mar 93 18:52:19 PST Subject: Fwd: cyberspace, congressional hearings Message-ID: <9303090251.AA15257@> > Date: Mon, 8 Mar 1993 17:51:38 -0800 > From: Bruce Smith > Subject: cyberspace, congressional hearings The following is quoted/paraphrased from a column by Brian Robinson on page 26 of the 1 March 93 Electronic Engineering Times. By passing it on I imply no specific attitude of my own. I don't know the date of the hearings, but if someone finds out if/when it will be viewable on C-Span, I'd like to know. Feel free to pass the following info to individuals, mailing lists, or newsgroups. --- The House Telecommunications Subcommittee, chaired by Edward Markey (D-Mass), will soon be holding hearings on the relationship of future communications technologies to modern culture. In particular, it will be looking at the not-so-far-off universe of cyberspace. Some of the issues the panel will be considering are (in Markey's own words): + Are the fundamental values of our society so universal and enduring that they will not be threatened by the advent of new technologies or any new subcultures such technologies produce? + Will cyberspace instead become some lawless place, where the Constitution is cracked open by fiber fissures created when trying to convert a 200-year-old parchment document into a binary world of 0s and 1s? Can it continue to be a "living, breathing document"? + Will cyberspace develop its own distinct laws? Will it develop "digital vigilantes" to patrol and police the electronic bulletin boards and electronic highways? From hughes at soda.berkeley.edu Mon Mar 8 19:20:10 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 8 Mar 93 19:20:10 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303052126.AA02211@SOS> Message-ID: <9303090316.AA17160@soda.berkeley.edu> Last night I spoke with Mike Godwin of the EFF about the issue of anonymous libel. Mike is not on the list, and I've copied him on this message. Mike knows more about electronic speech issues than pretty much anyone else. Here is my remembrance about what he said: 1. Anonymous libel exists. Just because the speech is anonymous does not mean it can't be libellous. If libellous speech is made, and you can infer the identity of the speaker, you can sue. 2. An anonymous remailer is not liable. In order to be liable for the libellous speech, the operator of the remailer would have to have prior knowledge that the speech was libellous. Since the operation of the remailer is fully automated, prior knowledge is impossible. Those two points are my summary of Mike's opinion. For further clarifications, please post to the list and to Mike. Left out of this message is any consideration on the _realpolitik_ of anonymous remailers: whether others will carry such traffic. I'd like to not fill Mike's inbox with clutter. Eric From internaut at aol.com Mon Mar 8 23:31:56 1993 From: internaut at aol.com (internaut at aol.com) Date: Mon, 8 Mar 93 23:31:56 PST Subject: VOICE: Encrypted V. protocol Message-ID: <9303090232.tn07525@aol.com> Druids, >>From: strat at intercon.com >>Subj: Re: Encrypted voice protocol? >>To: Internaut >> >>> Date: Fri, 5 Mar 93 14:35:15 EST >>> From: dmandl at shearson.com (David Mandl) >>> Subject: Re: Encrypted voice protocol? >>> >>> Yup, big article in the New York Times yesterday (front page!), and a >>> smaller article in today's New York Newsday. Anyone out there have the >>> time to post either of them to the group??? Speaking of which, if ANYONE knows the name, telephone and email address of the guy who wrote the Article for the NYT - PLEASE send it to me, (along with the text if any) - I want to have him/her on file for the Whistleblower Project (aka "WB!"). >>Also, if any of you who'll be at either CFP or the Saturday meeting have it, >>I'd love a xerox Me too! Bring several copies and we'll pay you for the Xeroxing. d2t From pfarrell at gmuvax2.gmu.edu Tue Mar 9 05:35:25 1993 From: pfarrell at gmuvax2.gmu.edu (Pat Farrell) Date: Tue, 9 Mar 93 05:35:25 PST Subject: zip version for pgp2.2? Message-ID: <9303091335.AA21039@gmuvax2.gmu.edu> I just downloaded pgp22.zip from soda, and pkunzip complains about every file having a bad checksum. I'm still using pkunzip 1.1, and I know that pgp20 had problems with some versions of pkunzip. Do I need to get pkunzip 2.04g? Thanks Pat From dlr at world.std.com Tue Mar 9 06:05:56 1993 From: dlr at world.std.com (David L Racette) Date: Tue, 9 Mar 93 06:05:56 PST Subject: zip version for pgp2.2? In-Reply-To: <9303091335.AA21039@gmuvax2.gmu.edu> Message-ID: On Tue, 9 Mar 1993, Pat Farrell wrote: > I just downloaded pgp22.zip from soda, and pkunzip complains about every > file having a bad checksum. I'm still using pkunzip 1.1, and I know > that pgp20 had problems with some versions of pkunzip. Do I need > to get pkunzip 2.04g? > Thanks > Pat I dnloaded pgp22.zip from soda and used pkunzip 2.04g to decompress it without a hitch. Looks like it might be your version of pkzip. Of course if you didn't use binary for the ftp that would mess it up also. Dave From pfarrell at gmuvax2.gmu.edu Tue Mar 9 07:19:21 1993 From: pfarrell at gmuvax2.gmu.edu (Pat Farrell) Date: Tue, 9 Mar 93 07:19:21 PST Subject: zip version for pgp2.2? Message-ID: <9303091518.AA24407@gmuvax2.gmu.edu> I'll try it again, but I was sure I used binary :-) Pat From 76630.3577 at CompuServe.COM Tue Mar 9 10:28:43 1993 From: 76630.3577 at CompuServe.COM (Duncan Frissell) Date: Tue, 9 Mar 93 10:28:43 PST Subject: PGP: zip version for pgp2.2? Message-ID: <930309181806_76630.3577_EHL2-1@CompuServe.COM> Even PGP2.1 wouldn't unzip with PKUNZIP 1.x. I had to use PKUNZIP 2.4. I assume PGP22.ZIP is the same. Duncan Frissell From jla at gnu.ai.mit.edu Tue Mar 9 10:41:01 1993 From: jla at gnu.ai.mit.edu (Joseph Arceneaux) Date: Tue, 9 Mar 93 10:41:01 PST Subject: Fwd: cyberspace, congressional hearings In-Reply-To: <9303090251.AA15257@> Message-ID: <9303091839.AA04773@geech.gnu.ai.mit.edu> These hearings look interesting, but it looks to me that the tide is against solutions which are helpful to society. I recently saw that the American Library Association is opposed to putting the Library of Congress online. They feel that publishers will retaliate by refusing to allow new books to enter the library system. I think it is time to come up with a different paradigm for our society than "intellectual property". On Monday March 15 at 10AM KQED's Forumn will have a panel discussion of "the NREN proposal" and related issues. Panelists will include EFF representatives, members of Al Gore's staff, and folks from Silicon Valley. Joe From larsons at triton.unm.edu Tue Mar 9 13:27:27 1993 From: larsons at triton.unm.edu (shawn mic ael larsonneiolaings) Date: Tue, 9 Mar 93 13:27:27 PST Subject: SUBSCRIBE Message-ID: <9303092126.AA13932@triton.unm.edu> SUBSCRIBE From i6t4 at jupiter.sun.csd.unb.ca Tue Mar 9 14:04:46 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Tue, 9 Mar 93 14:04:46 PST Subject: Questions about PGP 2.2 compilation messages Message-ID: Sorry for the large size of this post, but I want to make sure I'm not the only one who has seen this... This is a log of my compilation of PGP 2.2 on a Sun4... There are some warnings that don't look that serious, by should there be any warnings at all? (I'd prefer the docs mentioned them if they're supposed to be there... but I didn't see any mention in any of the docs...) --- Log Starts --- jupiter [/tmp/i6t4/pgp/pgp22/src] {i6t4.50}% make sun4cc cd unproto && make `cpp' is up to date. make all CC=cc LD=cc OBJS_EXT=sparc.o \ CFLAGS="-Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32" cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c pgp.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c crypto.c "crypto.c", line 910: warning: & before array or function: ignored cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c keymgmt.c "keymgmt.c", line 471: warning: statement not reached "keymgmt.c", line 478: warning: statement not reached "keymgmt.c", line 490: warning: statement not reached "keymgmt.c", line 497: warning: statement not reached "keymgmt.c", line 508: warning: statement not reached "keymgmt.c", line 516: warning: statement not reached "keymgmt.c", line 519: warning: statement not reached "keymgmt.c", line 524: warning: statement not reached "keymgmt.c", line 529: warning: statement not reached "keymgmt.c", line 534: warning: statement not reached "keymgmt.c", line 538: warning: statement not reached "keymgmt.c", line 587: warning: statement not reached cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c fileio.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c mdfile.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c more.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c armor.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c mpilib.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c mpiio.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c genprime.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c rsagen.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c random.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c idea.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c passwd.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c md5.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c system.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c language.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c getopt.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c keyadd.c "keyadd.c", line 760: warning: statement not reached cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c config.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c keymaint.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c charset.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c zbits.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c zdeflate.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c zfile_io.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c zglobals.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c zinflate.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c zip.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c zipup.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c ztrees.c cc -Qpath unproto -O -DUNIX -DHIGHFIRST -DIDEA32 -target sun4 -c zunzip.c as -sparc -o sparc.o sparc.s cc -o pgp pgp.o crypto.o keymgmt.o fileio.o mdfile.o more.o armor.o mpilib.o mp iio.o genprime.o rsagen.o random.o idea.o passwd.o md5.o system.o language.o g etopt.o keyadd.o config.o keymaint.o charset.o zbits.o zdeflate.o zfile_io.o zg lobals.o zinflate.o zip.o zipup.o ztrees.o zunzip.o sparc.o --- Log Ends --- Anyone care to comment? --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger From dclunie at pax.tpa.com.au Tue Mar 9 14:27:31 1993 From: dclunie at pax.tpa.com.au (David Clunie) Date: Tue, 9 Mar 93 14:27:31 PST Subject: PGP: zip version for pgp2.2? Message-ID: <9303092222.AA02495@britt> > Even PGP2.1 wouldn't unzip with PKUNZIP 1.x. I had to use PKUNZIP 2.4. > I assume PGP22.ZIP is the same. I would not make this assumption ... I will try it when the zip files have finished ftp'ing across and let you know. david From warlord at Athena.MIT.EDU Tue Mar 9 14:54:07 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Tue, 9 Mar 93 14:54:07 PST Subject: Questions about PGP 2.2 compilation messages In-Reply-To: Message-ID: <9303092252.AA05397@milquetoast.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- I looked at the lines where those errors were: It appears to be a #define for SKIP_RETURN. I'm not sure what its about, but I would suggest doing one of two things: 1) Test the heck out of your binary. Make sure it works for all cases that you find important. In particular, see where those particular places in the code are, and see if it is doing the right thing, or 2) Get gcc 2.3.2 (or greater) and compile with that... I use that, and I don't get the errors.. Its possible that unproto is doing something funky, or perhaps its something the compiler is doing with code that says: do { [do somethine here } while(0); I'm not sure, exactly. Sun compiler bugs are not unheard of. ;-) - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK50fkjh0K1zBsGrxAQFTlALDBWJ/yZBRTQoRkI7uc0jo7DF1e/J8DfIB N7Q9SmdpLTcyFClOoluNZeqJQQpGGyp0I+VgegcX9Ls3PDkXh8/0wfpexa46p6Ex AAZARjYdyDgZSR8nPv+0YYk= =zCC0 -----END PGP SIGNATURE----- From mimir at u.washington.edu Tue Mar 9 17:28:12 1993 From: mimir at u.washington.edu (Al Billings) Date: Tue, 9 Mar 93 17:28:12 PST Subject: PGP: zip version for pgp2.2? In-Reply-To: <930309181806_76630.3577_EHL2-1@CompuServe.COM> Message-ID: On 9 Mar 1993, Duncan Frissell wrote: > Even PGP2.1 wouldn't unzip with PKUNZIP 1.x. I had to use PKUNZIP 2.4. > I assume PGP22.ZIP is the same. That's strange. I only have version 1.1 of Pkunzip and I have never had a problem with unzipping PGP and I just unzipped the 2.2 package. From Eric.Fogleman at analog.com Tue Mar 9 17:32:26 1993 From: Eric.Fogleman at analog.com (Eric Fogleman) Date: Tue, 9 Mar 93 17:32:26 PST Subject: Questions about PGP 2.2 compilation messages Message-ID: <9303100125.AA10660@ack.adstest.analog.com> Nickey, I recently compiled _pgp2.1_ on my sun4 and had a similar problem... I got a binary that seemed to work, but I got a list of warnings. In my case, the program actually had a bug in it; it was trying to compare an unsigned character variable (8 bits) for maximum path length to 256 (nine bits) as defined in the source code. I asked around on the list and I got the same sort of responses you did... I ended up redefining and changing the compare statement to make the compiler happy and still get the intended code... So, pgp may not be entirely bug free... The sun4 compiler may be more conscientious about flagging things. I'd suggest looking through the source to see if there's something simple. In my case, it was. Let me know how you fare; I'll be going through the same thing shortly... Eric Fogleman From kelly at netcom.com Wed Mar 10 00:57:52 1993 From: kelly at netcom.com (Kelly Goen) Date: Wed, 10 Mar 93 00:57:52 PST Subject: NSA TApping Message-ID: <9303100856.AA10642@netcom.netcom.com> Xref: netcom.com sci.crypt:12315 alt.privacy:6117 Path: netcom.com!netcomsv!decwrl!waikato.ac.nz!aukuni.ac.nz!cs18.cs.aukuni.ac.nz!pgut1 Newsgroups: sci.crypt,alt.privacy Subject: NSA tapping of UK communications Message-ID: <1993Mar8.104302.10737 at cs.aukuni.ac.nz> From: pgut1 at cs.aukuni.ac.nz (PeterClaus Gutmann ) Date: Mon, 8 Mar 1993 10:43:02 GMT Organization: Computer Science Dept. University of Auckland Lines: 26 The following appeared in the NZ Herald on March 4th - I thought it might be of interest to sci.crypt and alt.privacy readers. It backs up claims made in places like "The Puzzle Palace": " A former MI6 officer told the Daily Express that US agents tapped royal calls on behalf of the GCHQ spy centre. Mr James Rusbridger told the paper two top-secret listening stations - operated by the NSA - illegally tap large numbers of private conversations from their bases in Cornwall and Yorkshire. 'By getting the Americans to do it, the British Government is able to say truthfully, though misleadingly, that GCHQ does not tap domestic telephone calls', Mr Rusbridger said. 'The reason the Government is resisting an official investigation into the tapping of royal conversations is that it would be forced to admit publicly that these American owned and controlled listening stations exist on UK soil'. Incidentally, NZ has it's own NSA-controlled listening stations, the largest being at Tangimoana on the South Island. Peter. -- pgut1 at cs.aukuni.ac.nz||p_gutmann at cs.aukuni.ac.nz||gutmann_p at kosmos.wcc.govt.nz peterg at kcbbs.gen.nz||peter at nacjack.gen.nz||peter at phlarnschlorpht.nacjack.gen.nz (In order of preference - one of 'em's bound to work) -- C++ will do for C what Algol 68 did for Algol -- From richard_mezirka at askinc.ask.com Wed Mar 10 09:41:50 1993 From: richard_mezirka at askinc.ask.com (Richard Mezirka) Date: Wed, 10 Mar 93 09:41:50 PST Subject: March 1993 Communications of ACM Denning on Encryption Message-ID: <9303101739.AA22396@askinc.ask.COM> I've just read with considerable distress the Dorothy Denning article in my March 1993, Communications of the ACM and all the follow up discussions supporting or refuting her positions. I can not in any way support the further erosion of the rights I believe I have to personal privacy and protection from the abuses of government. I'm contacting the EFF as a concerned member and the ACM Risk forum... are there more actions we can and should take? Professor Denning does not convince me of the benevolence of the government nor the necessity for private enterprise to foster government programs (such as building in wire tap support or reducing the effort of government agencies to invade private messages or interactions amongst citizens). A precidential extension might have the auto makers building in governors into all vehicles such that they can't exceed the national speed limit to support traffic law enforcement (the crooks couldn't have faster cars than the cops). I'd suggest cypherpunks get and read the article if they haven't already done so (it covers both wire tap and , as a not too subtle tag on, encryption availability). I'd also suggest we direct our responses to those who can derail this or similar legislation with the EFF and ACM as two likely candidates and congress folks as additional ones. My personal professional dilemma is how can I raise consciousness of the quiet majority who will not immediately be impacted... like my retired parents who fear computers like the flu and still have a strong belief that the government protects their rights rather than restricts them. Their response to Steve Jackson's tiff with the treasury department and law enforcement was along the lines that if he had nothing to hide the government wouldn't have bothered him. Still watching quietly, worried, and now letting others know... Rich From robichau at lambda.msfc.nasa.gov Wed Mar 10 11:41:33 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Wed, 10 Mar 93 11:41:33 PST Subject: FWEE!: F-117A post considered harmful Message-ID: <9303091453.AA11794@lambda.msfc.nasa.gov.msfc.nasa.gov> [ disclaimer: I don't work on classified projects anymore. My experience as an aircraft mechanic is with helicopters. I read a lot. ] I believe that the recent anonymous "whistle" purporting to reveal information about the F-117A aircraft: a) didn't reveal any "real" information, and in fact contained several factual errors. For example, the Tacit Rainbow program has been cancelled for some time. Flight characteristics of the F-117A are very similar to the A-7, which is markedly subsonic. b) created the appearance of distributing classified information. Whistleblowing on fraud/waste/abuse is one thing. Disclosing classified information, however- especially when it's not relevant to revealing fraud, waste, or abuse- is probably not a good way to keep the whisteblower group safe from the Three-Letter Gang. c) created the appearance that the whistleblowers group is for posting anything too "sensitive" for normal, attributed posting. I didn't think it was; from reading this list, I thought it was for blowing the whistle- not blowing smoke. Perhaps a charter for alt.whistleblowers was posted, and I missed it. If not, I submit that we should try to develop one. Regards, -Paul -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. Mission Software Development Div. | I'm not white- I'm Euro-American. New Technology, Inc. | RIPEM key on request. From derek at cs.wisc.edu Wed Mar 10 12:04:10 1993 From: derek at cs.wisc.edu (Derek Zahn) Date: Wed, 10 Mar 93 12:04:10 PST Subject: Hidden encrypted messages Message-ID: <9303102002.AA24037@lynx.cs.wisc.edu> If true encryption is ever outlawed in the U.S., I wonder if it's possible to have an encryption technique that preserves plausible deniability. That is, if seemingly innocuous messages could contain encrypted messages (for example, first-letter-of-words strung together). In such a case, I'd think that it would be difficult to prove that said message contained a hidden message unless the decryption key was available (the embedded encrypted message wouldn't look suspicious, even if an onlooker knew where to look). Is this a common idea in cryptographic circles? derek From jthomas at mango.mitre.org Wed Mar 10 12:14:43 1993 From: jthomas at mango.mitre.org (Joe Thomas) Date: Wed, 10 Mar 93 12:14:43 PST Subject: FWEE!: Re: F-117A post considered harmful Message-ID: <9303102010.AA00726@mango> Hmm... I thought that was the point. When I read the F-117A message, I thought the poster was trying to point out that a "whistleblower"-type newsgroup could be abused by people trying to leak classified information (not that that should be news to anyone). I didn't take the information in it any more seriously than I took DeadBeat's request that I send him my e-mail address through anon.penet.fi, so he could describe a security hole there. Am I the only one who got that impression? Joe From fergp at sytex.com Wed Mar 10 12:34:18 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 10 Mar 93 12:34:18 PST Subject: Steve Jackson Games - Legal issues resolved? Message-ID: This text was extracted from RISKS DIGEST 14.39 - 8<------- Cut Here ----------------------- Date: Tue, 9 Mar 93 10:25:35 -0500 From: Eric Haines Subject: Steve Jackson Games/Secret Service wrapup [Eric Haines, erich at eye.com, sent me a Houston Chronicle article by Joe Abernathy, a sometime contributor to RISKS, which Eric found in the electronic mail magazine "Desperado" ("no, it's not a magazine about hacking"). "There can be justice in the world, after all..." EH. I cannot include the long copyrighted article here, but have excerpted from the beginning, as follows. It's a good article. Alas, no date. But Joe may still be available at Joe.Abernathy at houston.chron.com if you want to dig up the whole thing. Also, see RISKS-9.95,96;10.01,ff. for the earlier history. PGN] Steve Jackson Games/Secret Service wrapup By JOE ABERNATHY Copyright 1993, Houston Chronicle [no date given] AUSTIN -- An electronic civil rights case against the Secret Service closed Thursday with a clear statement by federal District Judge Sam Sparks that the Service failed to conduct a proper investigation in a notorious computer crime crackdown, and went too far in retaining custody of seized equipment. The judge's formal findings in the complex case, which will likely set new legal precedents, won't be returned until later. [...] The judge's rebuke apparently convinced the Department of Justice to close its defense after calling only ... one of the several government witnesses on hand. "The Secret Service didn't do a good job in this case. We know no investigation took place. Nobody ever gave any concern as to whether (legal) statutes were involved. We know there was damage," Sparks said in weighing damages. The lawsuit, brought by Steve Jackson Games of Austin, said that the seizure of three computers violated the Privacy Protection Act, which provides First Amendment protections against seizing a publisher's works in progress. The lawsuit further said that since one of the computers was being used to run a bulletin board system containing private electronic mail, the seizure violated the Electronic Communications Privacy Act in regards to the 388 callers of the Illuminati BBS. The testimony described by Joe was rather strange. Agents testified that there was no criminal connection, they were not even trained in the Privacy Protection Act, and it took them only an hour to discover the true nature of the situation. The Electronic Frontier Foundation spent over $200,000 bringing this case to trial. The legal ramifications are considerable. Perhaps someone from EFF will contribute an analysis to RISKS, although many EFFers (and I) are at Computers, Freedom, and Privacy 93 this week. Don't hold your breath, but perhaps we need to wait for the judge? PGN 8<------- Cut Here ----------------------- Cheers. Paul Ferguson | Network Integration Consultant | "All of life's answers are Alexandria, Virginia USA | on TV." fergp at sytex.com (Internet) | -- Homer Simpson sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP public encryption key available upon request. From John.Nieder at f33.n125.z1.FIDONET.ORG Wed Mar 10 13:01:23 1993 From: John.Nieder at f33.n125.z1.FIDONET.ORG (John Nieder) Date: Wed, 10 Mar 93 13:01:23 PST Subject: zip version for pgp2.2? Message-ID: <5296.2B9E5101@fidogate.FIDONET.ORG> * Reply to msg originally in Cypherpunks BK> I just downloaded pgp22.zip from soda, and pkunzip complains about BK> every file having a bad checksum. I'm still using pkunzip 1.1, and I BK> know that pgp20 had problems with some versions of pkunzip. Do I need BK> to get pkunzip 2.04g? The problem I found was that the file was not only compressed with the 2.04? PKZip, but that the -d option had been invoked to preserve a very silly \DOC subdirectory for the documentation. The result was that PGP22.ZIP could not be unZIPped with _either_ version's simple PKUNZIP command, but required the 2.04 version with the -d switch in the command line. I finally got the file unZIPped, but rezipped it as a simple .ZIPfile - without the ridiculous subdirectory - with v 1.10, which will unpack with either version. It's this package that I'm passing along. Hope this helps. JN ... When the going gets tough, the smart get lost. --- Blue Wave/Opus v2.12 [NR]-- John Nieder - via FidoNet node 1:125/555 UUCP - ...!uunet!hoptoad!kumr!fidogate!33!John.Nieder INTERNET - John.Nieder at f33.n125.z1.FIDONET.ORG From mdiehl at triton.unm.edu Wed Mar 10 13:13:58 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 10 Mar 93 13:13:58 PST Subject: March 1993 Communications of ACM Denning on Encryption In-Reply-To: <9303101739.AA22396@askinc.ask.COM> Message-ID: <9303102112.AA29509@triton.unm.edu> > I've just read with considerable distress the Dorothy Denning article in > my March 1993, Communications of the ACM and all the follow up > discussions supporting or refuting her positions. I can not in any way > support the further erosion of the rights I believe I have to personal > privacy and protection from the abuses of government. I'm contacting > the EFF as a concerned member and the ACM Risk forum... are there > more actions we can and should take? > > I'd suggest cypherpunks get and read the article if they haven't already > done so (it covers both wire tap and , as a not too subtle tag on, But don't buy the articles. Get them at the library. No point in giving them your money and your opinions! ;^) > encryption availability). I'd also suggest we direct our responses to > those who can derail this or similar legislation with the EFF and ACM > as two likely candidates and congress folks as additional ones. Next time someone tells me to get in touch with someone to complain to and doesn't give me their address, I'LL SCREEM! Not a flame, just a (subtle) suggestion. ;^) We need to publish the addresses of various people, so that those people can get a "proper" understanding of our fears/outrage. Just my $.02. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From mdiehl at triton.unm.edu Wed Mar 10 13:18:46 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 10 Mar 93 13:18:46 PST Subject: FWEE!: F-117A post considered harmful In-Reply-To: <9303091453.AA11794@lambda.msfc.nasa.gov.msfc.nasa.gov> Message-ID: <9303102117.AA00331@triton.unm.edu> Lets assume that the poster was a "good-guy," as opposed to just a prankster. Then he has pointed out a serious flaw in the WB system. He has demonstrated the ability for a person to obtain (bonefied) classified information and broadcast it worldwide, with out any fear of being caught or censored. I support anonymity, but I wonder about how it will be "regulated" to keep this from happening for real. Comments? +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From corwin at Cayman.COM Wed Mar 10 15:03:31 1993 From: corwin at Cayman.COM (Lord Among Panthers) Date: Wed, 10 Mar 93 15:03:31 PST Subject: Hidden encrypted messages In-Reply-To: <9303102002.AA24037@lynx.cs.wisc.edu> Message-ID: <9303102302.AA23528@cuba.Cayman.COM> There is an even simpler solution. Encrypt your message as you normally would, and what do you end up with? A bunch of seemingly random bits. Wrap a little header around it claiming it is data from a Johnson-Noise measurement experiment, or some such thing. To increase plausibility, you can build yourself a Johnson Noise measurement aparatus (all you need is a high-sensativity voltmeter and a resistor). corwin From mdiehl at triton.unm.edu Wed Mar 10 15:30:31 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 10 Mar 93 15:30:31 PST Subject: Hidden encrypted messages In-Reply-To: <9303102302.AA23528@cuba.Cayman.COM> Message-ID: <9303102329.AA14202@triton.unm.edu> > There is an even simpler solution. Encrypt your message as you > normally would, and what do you end up with? A bunch of seemingly > random bits. Wrap a little header around it claiming it is data from > a Johnson-Noise measurement experiment, or some such thing. To > increase plausibility, you can build yourself a Johnson Noise > measurement aparatus (all you need is a high-sensativity voltmeter and > a resistor). Or, how about making it look like a uuencoded binary. The filename could stand for the subject of the letter. If you don't specify the platform or purpose of the file, it would be hard to find out that it wasn't really uuencoded data. Thoughts? +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From warlord at MIT.EDU Wed Mar 10 15:47:22 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 10 Mar 93 15:47:22 PST Subject: MEET: San Diego Trip in my future Message-ID: <9303102346.AA15180@deathtongue.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- Hi. I am going to be in the San Diego area for the weekend of March 20th. I don't know where I'm going to be staying, and I don't know the San Diego area at all. (I do know that I will be near the beach ;-) However I'd like to meet people, if they have time to get together. If you have time and want to meet some time that weekend, please send me a piece of mail and let me know. OBTW -- what are the good 2m and 70cm repeaters out there? ;-) - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK559fDh0K1zBsGrxAQFCeQLFGYxSChJPELdBQoutkMYa55OuxJP3e9wW PTEsrn6U1sC5p6SnyC7Al9mb38vBtmoSLnT88udMwgsbE0dJ0P//lRm4MZUVJINn 83yy3ouSyKLSk/pq2YN6Bcg= =6M90 -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Wed Mar 10 16:06:35 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Wed, 10 Mar 93 16:06:35 PST Subject: CRYPT: Dingaling Denning & random # generators In-Reply-To: <9303102302.AA23528@cuba.Cayman.COM> Message-ID: <9303110005.AA03709@longs.lance.colostate.edu> I don't think we need to be too concerned about D. Denning's proposals (the D. stands for Dingaling, in case you're wondering). Has she addressed `adequately' the issue of giving false keys to the archiving authority in her article? (If such a thing is even possible.) The whole idea sounds so unbelievably unrealistic and bizarre I can't believe anyone with a significant intelligence or reputation on the line would propose it (but then again, academics can make a living on outdoing each other in their unrealistic and bizarre proposals). I don't really see how this idea of wiretappable encrypted communications could be carried out, unless there are some kind of centralized encryption servers run by the government (I'm ashamed to even say such a thing), and make "private" encryption illegal. This smacks of such blatant totalitarianism I can't imagine anyone in the U.S. seriously considering it (except, of course, perhaps law enforcement types or NSA operatives). Considering how much copiers were regulated in the Soviet Union, I can't say that it'd be impossible to regulate every single of the 100's of millions of PC's in the world or in a country to pull this off, but there's no end to the strange effects brewed from isolated, idealistic bureacrats (and no limit to the severity of threats to freedom...) As I posted once to sci.crypt: encrypted communication is virtually interchangeable with and indistinguishable from communication itself. How does someone `know' that you are encrypting a message? Even straight ASCII messages can contain encrypted messages. (In fact, it would be interesting to write an application that will take any message and encode it like this.) Can you imagine the Meaning Police showing up on your doorstep demanding to know what your last message REALLY MEANS, and smirking malevolently when you insist that it's just a love note to your girlfriend? Unless a really severe cold front hits Hell, I think we're safe on this one. The thing we DO need to be VERY AFRAID OF, and LOBBY VEHEMENTLY AGAINST, is bizarre laws that are vague and can be twisted to whatever means police desire, and put the burden of proof and recovery on possibly innocent victims, such as the without-due-process property-confiscating drug laws we have now. (I suppose one possibility is requiring `carriers' -- phone companies, telegraph services, etc.--to provide keys for messages they encrypt. But what is the strength of nonlocal encryption? Would anybody use this? I guess there are a lot of unsophisticated people who want somebody else to do their encryption for 'em, but boy, not I...) To do something like have completely tappable communications, we'd need half the country to monitor the other half, to make sure nothing out of context is going on. Only problem with this is, who monitors the monitors? (The cypherpunks?) (I suppose I shouldn't be so flippant, because Nazi Germany was one example of a state with a comprehensive populace-monitoring apparatus...) No, I don't buy that paranoid plop about how it would be "trivial" to set up filters that "detect" encryption, or that this is happening on a widespread scale by the NSA in the U.S. This is an absolutely absurd claim. These mechanisms could be just as trivially defeated (although a-priori knowledge of their function may be required). People who think encryption is different from communication think that symbols are different than letters. Speaking as a programmer, good luck explaining it to a computer. I just think Mrs. Denning is well-intentioned but completely out of touch with reality on this one (hm, what's a nice academic PC term for this? cluefully challenged?) Is *anybody* taking her seriously? Maybe we should start an email campaign to SEND HER CLUES. Maybe a Cease and Desist court order? Maybe we could get the police to do a search on her house for all her cryptography keys (hehe, anonymous tip that she keeps an encrypted database of illegal activities? sorry, don't take me seriously). - - - From: corwin at Cayman.COM (Lord Among Panthers) >Encrypt your message as you >normally would, and what do you end up with? A bunch of seemingly >random bits. Wrap a little header around it claiming it is data from >a Johnson-Noise measurement experiment, or some such thing. To >increase plausibility, you can build yourself a Johnson Noise >measurement aparatus (all you need is a high-sensativity voltmeter and >a resistor). *= <- light bulb going off -- hm, could something like that be used as a hardware random number generator? From tcmay at netcom.com Wed Mar 10 17:08:44 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Mar 93 17:08:44 PST Subject: F-117A Nighthawk post--Conclusions of Experiment Message-ID: <9303110107.AA05111@netcom.netcom.com> J. Michael Diehl guesses the truth: >Lets assume that the poster was a "good-guy," as opposed to just a prankster. > >Then he has pointed out a serious flaw in the WB system. He has demonstrated >the ability for a person to obtain (bonefied) classified information and >broadcast it worldwide, with out any fear of being caught or censored. I >support anonymity, but I wonder about how it will be "regulated" to keep this >from happening for real. > >Comments? Well, I _hope_ I am a good guy, at least by the standards of this list. I posted the F-117A "revelations" about the Stealth fighter, through a series of 6 or 7 remailers (which I first tested, as I like to do, by pinging them all) in order to examine the reactions of the list to what "whistleblowing" acts are very likely to look like. The reactions have been interesting. Some of you got angry, some even practically foamed at the mouth, calling me a "treasonous fool." Fair enough, as I hoped to see this kind of range of opinions. Some points: 1. Nothing in the posting, as some of you observed, was controversial or classified. I took an article from the book, "Stealth Technology: The Art of Black Magic," J. Jones, Aero Books, 1989, and scanned it and OCRed it. A few "probably"s and "could be"s were deleted, and minor other changes were made (e.g., I converted approximate numbers to precise--though of course wrong--numbers). The speculations about supersonic capability were in the original--I can't say how plausible they are. Likewise, the stuff about "changing color" was also in the original (I was trained as physicist--would I make something like that up?). 2. Ironically, the "Discovery Channel" ran an hour-long program, "Nighthawk: Secrets of the Stealth," which was many times more revealing than my post. "Aviation Week and Space Technology," also known as "Aviation Leak and Spy Technology," has also carried far more detailed information over the years. 3. As both Joe Thomas and J. Michael Diehl pointed out, I was "testing" the nascent "whistleblower" system. I decided it would be interesting to guage the reaction of the list to what might at first glance look like classified information being posted--something we can surely expect to see if the "whistleblower" group really gets going. (That, and deliberate misinformation to discredit the group, flames to drown out the actual whistleblowing, illegal or grossly offensive material to try to get the group taken off the Net, etc.) If you folks really want to set such a thing up, better be prepared for all kinds of weird stuff. Of course, the posting of "classified" documents--ersatz though this one may have been (in the sense of not being classified!)--can happen even without the "whistleblower" connotations...any anonymous remailer will work, naturally. But a whistleblower list (which I support, by the way) is going to attract all kinds of strange postings, once publicity is gotten (as it must, else what's the point?). 4. On the appropriateness of defense information as "whistleblower" material, consider these facts: The most serious cases of whistleblowing in the last few years have been on *defense* issues--coast over-runs, weapons systems that failed to work or were unsafe, bribes to DoD or company officials, and so on. This is the fodder for "60 Minutes" and "20/20," who've all run pieces on defective weapons systems, the Bradley Fighting Vehicle, the Apache Helicopter, the "DIVAD" gun, and so on. (Would my article have been any less offensive to some of the censorious among you if I'd fabricated stuff about the Nighthawk not meeting design goals, not being safe to fly, costing too much, etc.? I suspect not.) 5. In most cases, the DoD has tried to limit the scrutiny on such systems by invoking "national security" as a cloak. This, even though the Soviets already had the info--generally far in advance and in much greater detail. The invocation of national security has generally resulted in Americans being ignorant of malfeasance and chicanery. The whole idea of the whistleblowing list is to allow anonymous, untraceable postings of controversial material like this! Much of what is posted will by necessity contain material that someone thinks should not be released to the public. Q.E.D. (or haven't folks thought this one out?). (So if you whistleblower advocates out there are going to get cold feet when seemingly sensitive materials is sent out, you'd better just quit right now!) 6. Paul Robichaux and Dave Deltorto have opined that posts like this should *not* be posted (and tell me how they'll ever be stopped in the real world?), as they invite the attention of the NSA and other TLAs (Three Letter Acronyms). This seems overly paranoid for even this list, given the megabytes of solid info published by Av Leak and other technical mags. If some defense stuff is going to get us shut down, we'd better stop now. (Actually, the problems with the whistleblower's list or group are sufficiently clear that I'd recommend that nobody be _formally_ affiliated with it. If it just "appears," somehow, probably in the alt heierchy, then people can post to it through anonymous remailers.) 7. Speaking of which, a whistleblowers group will likely face attack on several fronts, depending on whose ox is gored. There may in fact be deliberate postings of truly classified material just to cause the group to be shut down (or to cause Internet sites not to carry it, etc.). Some child porn posted anonymously may get nearly any group pulled. Ditto for Holocause revisionism, racist jokes, extortion demands, etc. Consider my little experiment a very benign little "innoculation," a hint of what to expect. 8. Again, I feel we should all be _using_ anonymous remailers to test, or probe, these various ideas we have. Better that we try out a few ideas related to "whistleblowing" in the safety of our own group before launching it out into the world. Of course, now that I've exposed myself as the originator, this may make you all skeptical of posts from "Anonymous" or "Nobody." And you _should_ be skeptical! That's an important part of the whole process. And don't assume everything from "Anonymous" is from me! Cheers, -"Anonymous" aka, Tim May, Cypherpunk, Crypto Anarchist, and Gadfly -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From tony at morgan.demon.co.uk Wed Mar 10 18:46:05 1993 From: tony at morgan.demon.co.uk (Tony Kidson) Date: Wed, 10 Mar 93 18:46:05 PST Subject: FWEE!: F-117A post considered harmful Message-ID: <3369@morgan.demon.co.uk> In message <9303091453.AA11794 at lambda.msfc.nasa.gov.msfc.nasa.gov> you write: > [ disclaimer: I don't work on classified projects anymore. My experience > as an aircraft mechanic is with helicopters. I read a lot. ] > > I believe that the recent anonymous "whistle" purporting to reveal > information about the F-117A aircraft: > thing. Disclosing classified information, however- > especially when it's not relevant to revealing fraud, > waste, or abuse- is probably not a good way to keep > the whisteblower group safe from the Three-Letter Gang. > Perhaps that was the idea??? Tony +-----------------+-------------------------------+--------------------------+ | Tony Kidson | ** PGP 2.1 Key by request ** | Voice +44 81 466 5127 | | Morgan Towers, | The Cat has had to move now | E-Mail(in order) | | Morgan Road, | as I've had to take the top | tony at morgan.demon.co.uk | | Bromley, | off of the machine. | tny at cix.compulink.co.uk | | England BR1 3QE |Honda ST1100 -=<*>=- DoD# 0801 | 100024.301 at compuserve.com| +-----------------+-------------------------------+--------------------------+ From mdiehl at triton.unm.edu Wed Mar 10 19:06:19 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 10 Mar 93 19:06:19 PST Subject: F-117A Nighthawk post--Conclusions of Experiment In-Reply-To: <9303110107.AA05111@netcom.netcom.com> Message-ID: <9303110304.AA11055@triton.unm.edu> > J. Michael Diehl guesses the truth: > > >Lets assume that the poster was a "good-guy," as opposed to just a prankster. > > > >Then he has pointed out a serious flaw in the WB system. He has demonstrated Oh how I like to be told I'm right! Wish it happened more often. ;^) > >the ability for a person to obtain (bonefied) classified information and > >broadcast it worldwide, with out any fear of being caught or censored. I > >support anonymity, but I wonder about how it will be "regulated" to keep this > >from happening for real. > > > >Comments? > > Well, I _hope_ I am a good guy, at least by the standards of this list. > > The reactions have been interesting. Some of you got angry, some even > practically foamed at the mouth, calling me a "treasonous fool." Fair > enough, as I hoped to see this kind of range of opinions. Reminder: "Treasonous fools" started the Revolutionary War. > 1. Nothing in the posting, as some of you observed, was controversial or > classified. I took an article from the book, "Stealth Technology: The Art Well, I didn't read it completely, but printed it instead, thinking it might be juicy. Can you say Gotcha? ;^) > 6. Paul Robichaux and Dave Deltorto have opined that posts like this should > *not* be posted (and tell me how they'll ever be stopped in the real > world?), as they invite the attention of the NSA and other TLAs (Three > Letter Acronyms). This seems overly paranoid for even this list, given the No it is not. I assume that the TLA's read EVERYTHING I post. How's that for paranoia? > > (Actually, the problems with the whistleblower's list or group are > sufficiently clear that I'd recommend that nobody be _formally_ affiliated > with it. If it just "appears," somehow, probably in the alt heierchy, then > people can post to it through anonymous remailers.) Good point, but please read my closing comments. > > 7. Speaking of which, a whistleblowers group will likely face attack on > several fronts, depending on whose ox is gored. There may in fact be > deliberate postings of truly classified material just to cause the group to > be shut down (or to cause Internet sites not to carry it, etc.). Some child > porn posted anonymously may get nearly any group pulled. Ditto for > Holocause revisionism, racist jokes, extortion demands, etc. Consider my > little experiment a very benign little "innoculation," a hint of what to > expect. Perhapse by a TLA? > Once anonymous remailers become widely used, they will become "powerfull." When they become "too" powerfull, they will be under attack. The eventual goal being to shut them down on an individual basis. I don't see them being attacked as a whole. The attack will be to simply shut them down. Well, perhapse an attack might be to discredit them...as a whole, but I digress. What we need is a protocol that would notify the rest of the net/world when a remailer is shut down. What if the bbs in opperation Sundevil was expected to send a message every day to other sites around the world. When the bbs was shut down, that message wouldn't be sent and every one would know what happened? I don't have time to go on, but does anyone have any comments? +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From internaut at aol.com Wed Mar 10 21:31:31 1993 From: internaut at aol.com (internaut at aol.com) Date: Wed, 10 Mar 93 21:31:31 PST Subject: FWEE!: Markoff/NYT/VoiceCrypt Message-ID: <9303110032.tn17218@aol.com> Thanks to everyone who sent John Markoff's name, email address and/or past life animal. I'll let all of you know what transpires when I buzz him about the VoiceCrypt article and get some info for the Whistleblower Project. BTW, Pretty amazing day at CFP today (especially the session on Censorship on the 'net): watch this cyberspace for details next week... Not-Entirely-Unrelated note: to all of you who have asked for a FTP-able version of MacPGP, I will provide that this Sunday (the life of a CFP volunteer!). Hope you can all keep your pants on until then. :) It's worth the wait. dave "It's not the voting that makes Democracy, it's the counting." - T. Stoppard From sasha at ra.cs.umb.edu Wed Mar 10 22:38:11 1993 From: sasha at ra.cs.umb.edu (Alexander Chislenko) Date: Wed, 10 Mar 93 22:38:11 PST Subject: Hidden encrypted messages Message-ID: <199303110636.AA09866@ra.cs.umb.edu> What about encoding a message by chnging spacing between the words? It is surely not the most compact method, but one might be able to transmit a pretty long message hidden in the text of "Alice in Wonderland" that would still be neatly formatted and *word-to-word* indistinguishable from the original. Alex. From ghoast at gnu.ai.mit.edu Wed Mar 10 23:14:55 1993 From: ghoast at gnu.ai.mit.edu (ghoast at gnu.ai.mit.edu) Date: Wed, 10 Mar 93 23:14:55 PST Subject: Hidden encrypted messages Message-ID: <9303110713.AA14022@hal.gnu.ai.mit.edu> > > What about encoding a message by chnging spacing between the words? > It is surely not the most compact method, but one might be able to transmit > a pretty long message hidden in the text of "Alice in Wonderland" that > would still be neatly formatted and *word-to-word* indistinguishable from > the original. > > Alex. > Of course, if someone knew what they were looking for, it "would be trivial" to set up some sort of filter to find this type of message (in this case, one with a great number of spaces). This assumes unnoticability due to lack of knowledge, which is the current thought process being applied to computer security. It's a very falible one, as many companies have found. If you assume whatever kind of filter you may be dealing with will be a program (and not a person) looking for a certain frequency of special characters, or just a range in which >90% of your characters fall (like do you use many more alphanumerics than *&&*^%$#'s?) then you could just have every fifth letter in your _Alice_ transmission be a character of your encrypted message.. On the other hand, in dealing with that kind of program, I'm sure you could write some program that would represent non-alphanumerics with a recognizable code of alphanumerics which wouldn't be normally generated by the encryptor (and failing that, just convert the entire piece to hex or something..). Hmm, in writing this it seems to me that hiding a encrypted file in a way that would evade anything drempt up to distiguish it from text is a lot more difficult than just calling it something else: "Umm, yeah Mr. NSA, that was a sound file of the pgp sound format! ..right." (or that noise suggestion too) ghoast at gnu.ai.mit.edu (Devin Jones) From nobody at pmantis.berkeley.edu Thu Mar 11 01:16:28 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Thu, 11 Mar 93 01:16:28 PST Subject: PGP Tutorial Gone. Message-ID: <9303110917.AA12013@pmantis.berkeley.edu> soda.berkeley.edu is supposed to have several files reguarding pgp. The problem is that this site is refusing connections. Could we get an alternative site? From jb at paris7.jussieu.fr Thu Mar 11 05:17:35 1993 From: jb at paris7.jussieu.fr (jb at paris7.jussieu.fr) Date: Thu, 11 Mar 93 05:17:35 PST Subject: University Policies Message-ID: <0096959f.9201c152.25188@paris7.jussieu.fr> Hi, Following the thread about some Universities policy about using computing services I'd like to ask if you can send me YOUR Uni policy about the above matter. I'd like to make somekindda compilation of them and put it on our ftp server (smup7.jussieu.fr). Cheers, jb From derek at cs.wisc.edu Thu Mar 11 07:02:43 1993 From: derek at cs.wisc.edu (Derek Zahn) Date: Thu, 11 Mar 93 07:02:43 PST Subject: Hidden encrypted messages In-Reply-To: <9303110713.AA14022@hal.gnu.ai.mit.edu> Message-ID: <9303111501.AA26622@lynx.cs.wisc.edu> Devin Jones responds to Alex: > Hmm, in writing this it seems to me that hiding a encrypted file in a way that > would evade anything drempt up to distiguish it from text is a lot more > difficult than just calling it something else: "Umm, yeah Mr. NSA, that was > a sound file of the pgp sound format! ..right." Alex's (good) idea about using creative spacing to hide an encrypted message is similar to that what I'd originally proposed (and of course it has to be hiding an *encrypted* message!). I've gotten a number of responses of the form "Why not just claim that an encrypted message is data?", but my original point was Plausible Deniability. That is, I was postulating an environment in which Big Brother has outlawed cryptography. Now, confronted with a confiscated message, the sender has to defend himself from the Inquisition. Can't just claim it's a sound file; the Inquisitor will want it played. The question I'm trying to answer is how to produce on demand a causal explanation of data (which actually contains an encrypted message) that satisfies an investigator and doesn't reveal the encrypted message. Some simple scheme like, "Uh, it's the result of my new random number generation algorithm" isn't likely to be *satisfying* and is certain to produce the response, "OK, let's see the algorithm." derek don't bother running sophisticated analyses of the above message (oops, I suppose that's a suspicious thing to say) From thug at phantom.com Thu Mar 11 07:36:39 1993 From: thug at phantom.com (Murdering Thug) Date: Thu, 11 Mar 93 07:36:39 PST Subject: Hiding Encrypted Messages Message-ID: I think it would be quite easy to hide encrypted text in music/sound or graphics files. In order to do it with sampled music/sound: 1. Use a SoundBlaster-type card to sample a given amount of music from a radio/tape/cd/whatever using 8-bit samples at some low sampling rate like 11,000 samples/second. This would give you a lot of music for the space used. 2. Then take an encrypted PGP file and dispurse it bit-by-bit into the LSB (least-significant-bit) of each sample. This wouldn't distort the sound sample to any extent noticable by the human ear. Thus each byte of PGP file would be dispursed into 8 bytes of sound file. Thus if you wanted to send a 20k PGP file, you would have to put it into a 160k music file. If you're ever forced to explain what that file contains (unlikely, since you can always take the Fifth Ammendment) you can just play it on your computer and have the NSA/SS/FBI/Whatever listen to James Brown go "Hyeeeah... I feel good!" +---------------+ +-------------------------------------------------+ | ***** ___\!/_ * * * * | Murdering Thug | * __/_ /|\ * * * * * | | * / \ * * * * * | thug at phantom.com | * | | * * * * | | * \____/ * * * * | | ***** * * * | +---------------+ +-------------------------------------------------+ From shipley at tfs.COM Thu Mar 11 08:48:40 1993 From: shipley at tfs.COM (Peter Shipley) Date: Thu, 11 Mar 93 08:48:40 PST Subject: PGP Tutorial Gone. In-Reply-To: <9303110917.AA12013@pmantis.berkeley.edu> Message-ID: <9303111647.AA23903@edev0.TFS> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 515 bytes Desc: not available URL: From uri at watson.ibm.com Thu Mar 11 09:27:06 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Thu, 11 Mar 93 09:27:06 PST Subject: Hidden encrypted messages In-Reply-To: <9303111501.AA26622@lynx.cs.wisc.edu> Message-ID: <9303111725.AA20493@buoy.watson.ibm.com> Derek Zahn says: > ....................I've gotten a number of responses > of the form "Why not just claim that an encrypted message is data?", > but my original point was Plausible Deniability. That is, I was > postulating an environment in which Big Brother has outlawed cryptography. > Now, confronted with a confiscated message, the sender has to defend > himself from the Inquisition. Can't just claim it's a sound file; > the Inquisitor will want it played. The question I'm trying to answer > is how to produce on demand a causal explanation of data (which actually > contains an encrypted message) that satisfies an investigator and > doesn't reveal the encrypted message. Some simple scheme like, "Uh, > it's the result of my new random number generation algorithm" isn't > likely to be *satisfying* and is certain to produce the response, > "OK, let's see the algorithm." Yes, a very valid point. But it seems to me, that Random Data claim is the best, with the highest chances to keep one out of trouble (if anything can :-). The algorithm? Oh, sorry, but it's a HARDWARE random data generator! And if it's truly good random gen, there are no patterns to track... One can use it to create huge one-time pads, BTW... "Salt" some of the encrypted (or plaintext :-) messages with those... The only thing to be concerned of - the cipher [to be claimed a random data] shouldn't be crackable, and SHOULDN'T have any patterns! Or they could present an evidence, that the data isn't a product of your random gen... -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- >From cypherpunks-request Thu Mar 11 12:44:24 1993 From uri at watson.ibm.com Thu Mar 11 09:33:35 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Thu, 11 Mar 93 09:33:35 PST Subject: Hiding Encrypted Messages In-Reply-To: Message-ID: <9303111731.AA20272@buoy.watson.ibm.com> Murdering Thug says: > I think it would be quite easy to hide encrypted text in music/sound or > graphics files. > 1. Use a SoundBlaster-type card to sample a given amount of music from a > radio/tape/cd/whatever using 8-bit samples at some low sampling rate > like 11,000 samples/second. This would give you a lot of music for the > space used. > 2. Then take an encrypted PGP file and dispurse it bit-by-bit into the > LSB (least-significant-bit) of each sample. This wouldn't distort the > sound sample to any extent noticable by the human ear. Thus each byte > of PGP file would be dispursed into 8 bytes of sound file. Thus if > you wanted to send a 20k PGP file, you would have to put it into a > 160k music file. > If you're ever forced to explain what that file contains (unlikely, since > you can always take the Fifth Ammendment) you can just play it on your > computer and have the NSA/SS/FBI/Whatever listen to James Brown go > "Hyeeeah... I feel good!" a) This method has essentially the same complexity, as one-time pad, but without it's strength. b) If it's played and recognized - one can trace your source (a CD, a tape of radio broadcast, whatever) and do a comparison. Then the file containing of all the LSBs is cryptanalyzed... I might be wrong IF those nice LSBs are too hard to track... But then again, you're facing the need to communicate that one-time pad... > +---------------+ +-------------------------------------------------+ > | ***** ___\!/_ * * * * | > Murdering Thug | * __/_ /|\ * * * * * | > | * / \ * * * * * | > thug at phantom.com | * | | * * * * | > | * \____/ * * * * | > | ***** * * * | > +---------------+ +-------------------------------------------------+ Oh yes, and I'm sure LOTS of people would join! (:-) -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- From Eric.Fogleman at analog.com Thu Mar 11 10:10:59 1993 From: Eric.Fogleman at analog.com (Eric Fogleman) Date: Thu, 11 Mar 93 10:10:59 PST Subject: Hiding Encrypted Messages Message-ID: <9303111807.AA16545@ack.adstest.analog.com> > > 2. Then take an encrypted PGP file and dispurse it bit-by-bit into the > > LSB (least-significant-bit) of each sample. This wouldn't distort the > > sound sample to any extent noticable by the human ear. Thus each byte > > of PGP file would be dispursed into 8 bytes of sound file. Thus if > > you wanted to send a 20k PGP file, you would have to put it into a > > 160k music file. > > If you're ever forced to explain what that file contains (unlikely, since > > you can always take the Fifth Ammendment) you can just play it on your > > computer and have the NSA/SS/FBI/Whatever listen to James Brown go > > "Hyeeeah... I feel good!" > > a) This method has essentially the same complexity, as one-time pad, > but without it's strength. > Insert pgp-encrypted (not plaintext) into the sound file... It's then no weaker that pgp. > b) If it's played and recognized - one can trace your source (a CD, a > tape of radio broadcast, whatever) and do a comparison. Then the > file containing of all the LSBs is cryptanalyzed... Use a "windows sound system" board and record yourself talking -- No "reference source"... The codec on that board has better than two bits of noise per 16 bit word through the ADC channel... Nice idea, thug! =================================================================== Eric Fogleman eric.fogleman at analog.com Analog Devices Semiconductor Voice: (617) 937-2275 804 Woburn Street Fax: (617) 937-2024 Wilmington, MA 01887-3462 =================================================================== From uri at watson.ibm.com Thu Mar 11 10:17:48 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Thu, 11 Mar 93 10:17:48 PST Subject: Hiding Encrypted Messages In-Reply-To: <9303111807.AA16545@ack.adstest.analog.com> Message-ID: <9303111815.AA20695@buoy.watson.ibm.com> Eric Fogleman writes: > > a) This method has essentially the same complexity, as one-time pad, > > but without it's strength. > Insert pgp-encrypted (not plaintext) into the sound file... It's then > no weaker that pgp. Please... I said: "It's as cumbersome, as one-time pad, but without one-time pad security." Yes, it can be made as secure as PGP, but it's still less safe, than one-time pad. > Use a "windows sound system" board and record yourself talking -- > No "reference source"... The codec on that board has better than > two bits of noise per 16 bit word through the ADC channel... Then you're creating a sort-of one-time pad, which you now must convey securely to your correspondent. And this system is still much less safe, than one-time pad, because of some possible regularities in the lower bits (now I admit I know very little of what such a recording would look like, so in fact it MIGHT be as safe as "real" one-time pad). Regards, Uri. ------------ From MJMISKI at macc.wisc.edu Thu Mar 11 10:20:38 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 11 Mar 93 10:20:38 PST Subject: CYPHER: Plain encypher Message-ID: <23031112170179@vms2.macc.wisc.edu> In response to all those interested in disguising messages in complicated graphics/sound/random # generators/etc I believe this would unnecessarily defeat the purpose. TLA types become suspicious when they see random pgp type data transmissions flying across their screens. When they get one of these monsters, they of course attempt to decrypt it (assuming its from someone they wish to monitor (All of us?). They also become suspicious when incredibly long plain text transmissions are broadcast. It seems desireable to have a mode of encryption that will encrypt my message and then package it in a short (relatively) plain text message. The NSA/CIA/FBI wont bother trying to decrypt messages that are the equivalent of 'My slide show of my trip to Florida". And even if they were to suspect, or by some miracle decrypt it, you have your Plausible Deniability. Make the message generator sufficiently general that all final messages are plausible real messages. Only those expecting a message that is encrypted in plain text will know they have one. They would have the key to decrypt it. And no one would be the wiser. Matt mjmiski at macc.wisc.edu From tcmay at netcom.com Thu Mar 11 11:04:58 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Mar 93 11:04:58 PST Subject: Hiding Encrypted Messages Message-ID: <9303111903.AA13537@netcom.netcom.com> Uri writes about Thug's LSB method: > >a) This method has essentially the same complexity, as one-time pad, > but without it's strength. > >b) If it's played and recognized - one can trace your source (a CD, a > tape of radio broadcast, whatever) and do a comparison. Then the > file containing of all the LSBs is cryptanalyzed... > >I might be wrong IF those nice LSBs are too hard to track... But then >again, you're facing the need to communicate that one-time pad... I've written several pieces for sci.crypt and for the Cypherpunks list about encrypting messages in the LSBs of music--I doubt I was the first, though my first posting on this was in 1988. (A posting on this is included at the end of this message.) Uri's points: a) The idea is to _hide_ the existence of the message, a la steganography. A Digital Audio Tape carried across a border is a whole less obvious than a one time pad of numbers. b) A nearly essential aspect, one I've emphasized repeatedly, is to _not_ use a digital copy of a CD, but rather to use an _analog_ dub. The noise floor (cables, imperfections in the DACs and ADCs, analog circuits) will be well above the LSB, making the message bits virtually indistinguishable from noise. Sophisticate spectral analysis, and entropy analysis, may reveal the message bits to be other than noise, but this will be quite difficult (and some masssaging of the bits will help make their statistics match that of noise). c) Yes, the method is that of the one-time pad. In fact, it's a way to _transport_ one-time pads. Here's one of my postings on this subject: From: tcmay at netcom.com (Timothy C. May) Subject: Messages in the Least Significant Bits To: cypherpunks at toad.com Date: Tue, 27 Oct 92 19:03:19 PST Cc: tcmay at netcom.com (Timothy C. May) Cypherpunks, Here's a message I just posted to another mailing list. It has rather strict policies against cross-posting, so I've edited out the headers and the initial chunk of text I quoted. That should make me kosher. (This topic also came up in some e-mail with George Gleason.) Forwarded message: >From tcmay Tue Oct 27 18:43:34 1992 xxxx is exactly right on this. Several years ago I posted to sci.crypt my "novel" idea for packing bits into the essentially inaudible "least significant bits" (LSBs) of digital recordings, such as DATs and CDs. Ditto for the LSBs in an 8-bit image or 24-bit color image. I've since seen this idea reinvented _several_ times on sci.crypt and elsewhere...and I'm willing to bet I wasn't the first, either (so I don't claim any credit). A 2-hour DAT contains about 10 Gbits (2 hours x 3600 sec/hr x 2 channels x 16 bits/sample x 44K samples/sec), or about 1.2 Gbytes. A CD contains about half this, i.e., about 700 Mbytes. The LSB of a DAT is 1/16th of the 1.2 Gbytes, or 80 Mbytes. This is a _lot_ of storage! A home-recorded DAT--and I use a Sony D-3 DAT Walkman to make tapes--has so much noise down at the LSB level--noise from the A/D and D/A converters, noise from the microphones (if any), etc.--that the bits are essentially random at this level. (This is a subtle, but important, point: a factory recorded DAT or CD will have predetermined bits at all levels, i.e., the authorities could in principle spot any modifications. But home-recorded, or dubbed, DATs will of course not be subject to this kind of analysis.) Some care might be taken to ensure that the statistical properties of the signal bits resemble what would be expected with "noise" bits, but this will be a minor hurdle. Adobe Photoshop can be used to easily place message bits in the "noise" that dominates things down at the LSB level. The resulting GIF can then be posted to UseNet or e-mailed. Ditto for sound samples, using the ideas I just described (but typically requiring sound sampling boards, etc.). I've done some experiments along these lines. This doesn't mean our problems are solved, of course. Exchanging tapes is cumbersome and vulnerable to stings. But it does help to point out the utter futility of trying to stop the flow of bits. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement. From covin at cs.uchicago.edu Thu Mar 11 11:22:47 1993 From: covin at cs.uchicago.edu (covin at cs.uchicago.edu) Date: Thu, 11 Mar 93 11:22:47 PST Subject: Hiding Encrypted Messages Message-ID: <9303111921.AA11361@tartarus.uchicago.edu> >Please... I said: "It's as cumbersome, as one-time pad, but >without one-time pad security." Yes, it can be made as >secure as PGP, but it's still less safe, than >one-time pad. I thought the point of hiding the message in a sound or picture file was to *hide* it, not to gain additional encryption. Any encryption you want to do on the message is a separate issue. Hiding the bits is just supposed to keep anyone from *trying* to decrypt it in the first place, and/or to allow you to claim if the message is intercepted that you weren't *really* sending encrypted messages. I suspect that if someone manages to decrypt the message, you just flat-out lose on the "plausible deniability" question. At least, if the message is fairly long, coherent, grammatical, etc. It's just too unlikely that a long coherent message will be hidden in any regular way in an otherwise random sequence of bits. A little statistical analysis might allow some happy government cryptographers to tell you exactly *how* unlikely it is that they'd find a message in your data by chance... As another way to muddy the waters, you might try making the original plaintext a bit muddled, ungrammatical, semi-incoherent, rife with misspellings, etc... :) -David ure that are ahead of the mainstream, oriented towards the near-future. This includes all realms of what is commonly called "new edge", "technoculture", or "cyberculture" -- a mishmash of postmodernism, psychedelics, hacking, raves, cyberspace, industrial music, cyberpunk fiction and realities, etc., that are proving to be important constructs in the evolution of world culture. The file continues to grow and morph, and the initial response to it prompted me to begin the FutureCulture E-List. Those who share an interest in the topics discussed in the file can participate in in-depth or light-hearted discussions via the FutureCulture E-list, which has proven to be an interesting and unique addition to the vastness of cyberspace. Readers and participants in FutureCulture have included at one time or another a wide variety of sociologists and anthropoligists, authors and writers, hackers, scientists, students, and prominent "cyber-" oriented figures. For a long time, I have dismissed print media in wake of the interaction I saw occuring via e-media, such as the FutureCulture list, and I would be one of those to shun society's love affair with paper in wake of advancing computer and networking technologies. Yet through a seemingly unending discussion regarding the scope of the popular phrase "information wants to be free", I have found my love affair with e-media to in fact be quite out of date. That may seem contradictory to some, yet if we are truly to arrive at an infoculture of global real-time interaction via cyberspace, we must first look at the world in which we currently inhabit. We live in a world where paper and television are the informational messangers of choice to the masses. Thus, in an attempt to further propagate information to as wide an audience as possible, I have begun [the] Infinite Edge zine. The zine will be printed in black & white and 8 1/2 x 11", using Macintoshes and laserprinters. Below follows a basic text outline of what [the] Infinite Edge will look like sans graphics and design, of course. I am looking for submissions and assistance with this project from all angles: fiction writers, essayists, ranters, graphic designers, artists, poets, etc. Submissions are welcome in any form, in any style, in any tone, though that is not a guarantee that everything I receive will be printed. I am looking for submisison as soon as possible, but feel free to send them in whenever you like. For first issue, send them in by the end of March. Due to lack of available resources, I am unable as of yet to reward monetarily those who contribute to [the] Infinite Edge. I have little money, and my primary interest is producing the highest-quality zine possible, containg an immense spectrum of information. If you would like to contribute to [the] Infinite Edge in any way, shape, or form, please send all queries, submissions, tips, words of wisdom, etc., to me on the Internet at: ahawks at nyx.cs.du.edu If you do not have Internet access, please send mail to: Andy Hawks 4290 South Mobile Cir. #D Aurora, CO 80013 USA By the way, I am looking at offering [the] Infinite Edge at a cost of $3 per issue. The first issue is not completed yet, but if you are anxious, please contact me via email or snail mail. Groovy. [the] Infinite Edge ___________________ Focusing on the Edges of Culture, examining the Fringes of Reason and the Reasons of Fringe, the Here and Now and Soon-to-Be, via unstrcutured Tones that Ebb and Flow from In-Form Information to Formless Rants of Altered States. [the] Infinite Edge is Divided into the following sections: GENESYS Notes from the Editor, Leters from those that Grep and/or Grok the Infinite Edge. 32-BIT Soundbytes of the World, Unite and Take Over. Blurbs pertaining to interesting news and products, quotes, technology, factoids, etc. MODERN Cultural Commentary - Realizing, Focusing, and Morphing the PostModern World. Rants, Essays, Theses, Observations, Predictions, Analyses, Streams and Rivers of Consciousness. -SUB The Depths of the Underground Subcultures. Rants, Essays, Theses, Observations, Predicions, Analyses, and Information. E+ The Virtual World. News, Notes, Notables and Quotables, Rants, Essays, Theses, Observations, Predictions, Analyses, Communication, Teknologies. VILLAGE VIEWS Interviews (I-Views) and E-Views with those who Surf, Ride, Make and Break the Edges of Culture. STREAMZ Fiction on The Edge: Transreal, Hyperreal, SlipStream, Cyberpunk, Post-Cyberpunk, [insert_any_word_here], etc. MEDI8 Reviewing, Analyzing, and Commentary regarding Popular and Underground Media: Books, Magazines, Zines, E-Zines, E-Books, Hypertext, Music, Film, Video, Television, Software, etc. MOBIUS One Last Informational Fix, Closing Words, Late-Crashing News, etc. If you would like to contribute to [the] Infinite Edge in any way, shape, or form, please send all queries, submissions, tips, words of wisdom, etc., to me on the Internet at: ahawks at nyx.cs.du.edu If you do not have Internet access, please send mail to: Andy Hawks 4290 South Mobile Cir. #D Aurora, CO 80013 USA From phantom at u.washington.edu Thu Mar 11 11:57:02 1993 From: phantom at u.washington.edu (The Phantom) Date: Thu, 11 Mar 93 11:57:02 PST Subject: HIDE: embedding msgs into snd & graphics Message-ID: writes uri at watson.ibm.com: ---- Yes, a very valid point. But it seems to me, that Random Data claim is the best, with the highest chances to keep one out of trouble (if anything can :-). The algorithm? Oh, sorry, but it's a HARDWARE random data generator! And if it's truly good random gen, there are no patterns to track... One can use it to create huge one-time pads, BTW... "Salt" some of the encrypted (or plaintext :-) messages with those... ---- Yes? Hardware? Well, then, where is the piece of hardware you used, then? It seems this falls to the Big Brother 'where is the algorithm' test even harder, as it is a physical piece of equipment. It seems to me that if I were an agent and I were looking for transmissions from an individual and I saw him sending out 10 copies of the `Rocky & Bullwinkle Show' intro per week, I'd look into those, even though they seem normal enough. When I checksummed them and they didn't match, I'd be more than suspicious: I'd start stripping the lower bits off. If I knew that the suspect used PGP and RIPEM, I'd most certainly try and push the output through them, if they weren't plainly recognizable. Seems to me that the best thing to hide pgp in would be a low-quality host-medium (lots of noise!) that changes frequently, so the checksumming cannot occur against the same message. The low quality could also be attained by pushing more of your message into the host; maybe alternating between the 8th bit and another bit. In any case, I don't think that the host should be a stable one (frequently used) or one that can be easily compared to the original. Matt Matt Thomlinson University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From phantom at u.washington.edu Thu Mar 11 12:42:28 1993 From: phantom at u.washington.edu (The Phantom) Date: Thu, 11 Mar 93 12:42:28 PST Subject: HIDE: embedding msgs into snd & graphics Message-ID: tcmay's comments on the use of DAT tapes to 'dub off' other recordings as the host-medium and to apply the signal to the low-end significant bits works out something I brought up earlier: checking the copy against the original. The idea of using a DAT tape as a mode of transport, however, doesn't appeal that greatly to me. To send a message, I have to pull out one of my prevoiusly recorded DAT host-tapes, then record over the 5th song with my mix of host/message pair, then fed-ex it (or hand-deliver it) to my target. If I take this signal and push it across internet, I no longer have the passive-looking DAT tape in my DAT music collection. Instead, I have a 900k sound file that I push across the net. Since the net is usually not used to push the latest Michael Jackson tune, it might raise a flag. Tim's comments are valid and definitely help solve problems on the physical level: now how about cyberspace? mt Matt Thomlinson University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From tcmay at netcom.com Thu Mar 11 13:23:51 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Mar 93 13:23:51 PST Subject: HIDE: embedding msgs into snd & graphics Message-ID: <9303112122.AA00150@netcom.netcom.com> Matt Thomlinson writes: >The idea of using a DAT tape as a mode of transport, however, doesn't >appeal that greatly to me. To send a message, I have to pull out one of my >prevoiusly recorded DAT host-tapes, then record over the 5th song with my >mix of host/message pair, then fed-ex it (or hand-deliver it) to my >target. If I take this signal and push it across internet, I no longer >have the passive-looking DAT tape in my DAT music collection. Instead, I >have a 900k sound file that I push across the net. Since the net is >usually not used to push the latest Michael Jackson tune, it might raise a >flag. > >Tim's comments are valid and definitely help solve problems on the >physical level: now how about cyberspace? Granted, a DAT can carry more data in the LSBs--about 80 MB, about the length of 10 Bibles--than one really needs. The GIF option I mentioned allows a widely disseminated image file to contain about 32 KB in just the LSBs of a 512 x 512 x 8-bit gray scale image. A color image could easily hold three times more (LSBs in each color channel). And some GIFs are much larger than 512 on a side. So, a fairly long message could be inserted into the "noise floor" bits of a scanned or frame-grabbed image, or of a piece of "original art" and then posted worldwide in one of the GIF groups. Who knows what evil messages are even now being sent in GIFs of Cindy Crawford and Claudia Schiffer? Use your imagination and you'll see there are several other easy ways to hide messages. (Again, we're talking steganography--check the "Glossary" in the soda.berkeley.edu archives if this is new to you.) -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From mdiehl at triton.unm.edu Thu Mar 11 13:24:44 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Thu, 11 Mar 93 13:24:44 PST Subject: Hidden encrypted messages In-Reply-To: <9303111501.AA26622@lynx.cs.wisc.edu> Message-ID: <9303112121.AA28347@triton.unm.edu> > Alex's (good) idea about using creative spacing to hide an encrypted message > is similar to that what I'd originally proposed (and of course it has to > be hiding an *encrypted* message!). I've gotten a number of responses > of the form "Why not just claim that an encrypted message is data?", > but my original point was Plausible Deniability. That is, I was > postulating an environment in which Big Brother has outlawed cryptography. > Now, confronted with a confiscated message, the sender has to defend > himself from the Inquisition. Can't just claim it's a sound file; > the Inquisitor will want it played. The question I'm trying to answer So I say, "Damn! CRC Error! Must be a bad disk. Well, no point in keeping THIS sitting around." > is how to produce on demand a causal explanation of data (which actually > contains an encrypted message) that satisfies an investigator and > doesn't reveal the encrypted message. Some simple scheme like, "Uh, I understand what you want. Wish I understood how to do it. ;^) > it's the result of my new random number generation algorithm" isn't > likely to be *satisfying* and is certain to produce the response, > "OK, let's see the algorithm." +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From mbrennan at netcom.com Thu Mar 11 13:54:41 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Thu, 11 Mar 93 13:54:41 PST Subject: cypherpunks-request mail is ignored Message-ID: <9303112153.AA03254@netcom.netcom.com> I hate to mail administrative requests to the whole group, but I had previously sent my request to cypherpunks-request to no avail. Is that not the correct address? Maybe the reason you all keep seeing unsubscribe requests mailed to the entire group is because such requests sent to cypherpunks-request are being ignored. Anyway, someone PLEASE unsubscribe me from this list. I would like to subscribe to cypherpunks-announce only. I can't handle this volume of mail. Thanks. ------------------------------------------------------------------------------ Michael Brennan Internet: mbrennan at netcom.com Applelink: M.BRENNAN Compuserve: 76206,2462 From uri at watson.ibm.com Thu Mar 11 14:18:16 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Thu, 11 Mar 93 14:18:16 PST Subject: Hidden encrypted messages In-Reply-To: <9303111501.AA26622@lynx.cs.wisc.edu> Message-ID: <9303112216.AA15346@buoy.watson.ibm.com> > So I say, "Damn! CRC Error! Must be a bad disk. Well, no point in keeping > THIS sitting around." Yeah, but remember, in the world we're heading to, presumption of innocence is worth even less, than President's word! Then it will be *your* responsibility to satisfy the Inquisitor, or he might not let you out from his building, where you were invited to explain yourself and your messages. (:-) (:-( > > is how to produce on demand a causal explanation of data (which actually > > contains an encrypted message) that satisfies an investigator and > > doesn't reveal the encrypted message. Some simple scheme like, "Uh, > > it's the result of my new random number generation algorithm" isn't > > likely to be *satisfying* and is certain to produce the response, > > "OK, let's see the algorithm." And the response to this will be: "Sure, here it is, this nice hardware implementation. You may have it, if you wish!" (:-) It's fool-proof, but still the Big Brother might dislike your desire to play with those bad random generators, and decide, that you better be kept in KZ-camp... Probably creating a GIF/TIFF/whatever file yourself, with normal consumer-grade equipment (noise-prone :-) and substituting it's LSB (or whatever certainly lies BELOW the noise floor) with bits of the message, does sound like the best choice today. Advantages: 1) Doesn't look suspicious, no more, than "traditional" sending photos of your house, family, yourself... 2) Has enough of bandwidth to communicate reasonably large personal messages (though a binary og PGP might not fit into a "normal" GIF file :-). 3) Requires only widely available consumer appliances (Camcoder, digitizer, .....). 4) The image doesn't have to be known to your correspondent in advance (a big one!). Disadvantages: 1) Somebody has to do it, to write code, to buy a Camcoder (:-). 2) May lead to outlawing of ALL the image and sound transmission via electronic media, if Big Brother gets really annoyed (:-). [Don't laugh, you! Look at the latest Scanner Bill! :-] Regards, Uri. ------------ From stuk at microsoft.com Thu Mar 11 15:18:49 1993 From: stuk at microsoft.com (Stu Klingman) Date: Thu, 11 Mar 93 15:18:49 PST Subject: FW: Hiding Encrypted Messages Message-ID: <9303112315.AA12701@netmail.microsoft.com> FWD'd from a secure redirector, Raf sez: Someone wrote: > b) If it's played and recognized - one can trace your source (a CD, a > tape of radio broadcast, whatever) and do a comparison. Then the > file containing of all the LSBs is cryptanalyzed... Actually, this is not really a problem. The odds of being able to resample, even using the same source and come up with the same byte string is infinitesmal. You've got chaos theory on your side here with massive "Sensitive Dependence on Initial Conditions." The exact byte string you got depends on: 1) volume 2) sampling device used 3) playback fidelity of your reproduction 4) the exact microsecond you clicked "record" (cause you'll be hitting different points in the same wave form) Just make sure to an application like Shredder or Flamefile to permanently erase your initial sample, and nobody should be able to tell. (unless they are aware of the trick beforehand) Rafial From tcmay at netcom.com Thu Mar 11 15:20:45 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Mar 93 15:20:45 PST Subject: Hidden encrypted messages Message-ID: <9303112319.AA12884@netcom.netcom.com> Uri writes: >Probably creating a GIF/TIFF/whatever file yourself, >with normal consumer-grade equipment (noise-prone :-) >and substituting it's LSB (or whatever certainly lies >BELOW the noise floor) with bits of the message, does >sound like the best choice today. ..stuff elided... >Disadvantages: > 1) Somebody has to do it, to write code, to > buy a Camcoder (:-). I have a couple of camcorders, a video digitizer for my Mac, a scanner (1-bit only--bought as a bundle with TypeReader, a wonderful OCR program), etc. Equipment isn't the problem, per se, it's the lack of standards (e.g., so what if *I* put a message into a GIF with Adobe Photoshop--others have to be able to extract it). We won't be seeing digitized images as carriers of secret messages in wide use anytime soon. In this sense, I agree with Uri's point. > 2) May lead to outlawing of ALL the image and > sound transmission via electronic media, > if Big Brother gets really annoyed (:-). Doubtful--too widespread. JPEG, MPEG, and a zillion other image standards are spreading. Big Brother can't ban images, GIFs, JPEG stuff, QuickTime movies, etc., without shutting down the economy. And digitized voice works just as well for the LSB method, albeit with a different software approach. Modem-based voice handling systems are already widespread, and the "Internet Talk Radio" concept discussed here last week indicates the feasibility of sending packetized audio. Such a mail system is already available for the NeXT, I gather. -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From ghabrech at ultrix.ramapo.edu Thu Mar 11 15:42:48 1993 From: ghabrech at ultrix.ramapo.edu (George A. Habrecht) Date: Thu, 11 Mar 93 15:42:48 PST Subject: No Subject Message-ID: <9303111959.AA03378@ultrix.ramapo.edu> Hello? I have asked several times and am starting to get pissed off!!!! So do as follows!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Get the message?!? Thanx ghabrech at ultrix.ramapo.edu From 74076.1041 at CompuServe.COM Thu Mar 11 17:43:30 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 11 Mar 93 17:43:30 PST Subject: HIDE: embedding msgs into snd & graphics Message-ID: <930312013441_74076.1041_DHJ25-1@CompuServe.COM> Tim mentions that Adobe Photoshop can be used to overlay messages into the low-order bits of a graphics image. Photoshop is expensive, so I'm wondering whether it would be worthwhile for me to write a simple, free utility just for this purpose. I would have it take a GIF file and a binary file to be embedded, and produce an output GIF with the low order bit of each byte changed to be the next bit of the embedded binary file. For output, it would do the opposite - produce a binary file determined solely by the low-order bits of the GIF file. I played with GIF a few years ago and wrote a viewer, so I have some familiarity with that format. It doesn't sound too hard to write a program like this. One concern is whether such a program would be redundant, whether widely available tools already exist to perform the same function. Perhaps there are PD image-processing tools that could be adapted. If anybody knows of any please let me know. For this kind of program to be useful, you'd want to use PGP in its long-discussed "stealth mode". This would be a mode in which PGP would produce output that was basically indistinguishable from random data. Presently PGP puts out some header fields which can be used to recognize that a file is a PGP file. Stealth mode would suppress this information. PGP would not be able to automatically choose which key to use to decrypt such a file, but since most people have only one secret key this would not be a big problem. The PGP developer's group has been talking about this for a long time (over a year) but nobody has cared enough to do anything about it. Maybe it should be done. Hal Finney 74076.1041 at compuserve.com From digex at access.digex.com Thu Mar 11 18:25:01 1993 From: digex at access.digex.com (Doug Humphrey) Date: Thu, 11 Mar 93 18:25:01 PST Subject: [CRYPT: Dingaling Denning & random # generators] Message-ID: <199303120223.AA11719@access.digex.com> >As I posted once to sci.crypt: encrypted communication is virtually >interchangeable with and indistinguishable from communication itself. >How does someone `know' that you are encrypting a message? This is not strictly true. While someone might not be able to tell that you are engaged in the act of encrypting a message, the transmission of encrypted communications is often detectable. Spread spectrum transmissions often look like an increase in the noise floor of certain communications channels, prompting systems to think that there are malfunctions, and to dispatch someone to take a look at the facility. If they throw a spectrum analyser on it, it doesn't look like valid data in most cases, just noise. With voice communications it is easy to recognize the patterns that speech generates, and they look very different from the randomness that simple crypto produces. Unless one uses a post-crypto wave shaper to simulate the amplitude changes that speech produces, it is simple to build a circut that can make a pretty accurate evaluation of voice/data/crypto going by it. Nothing more difficult in 1993 than was the first 2600 hz detector circut when it was put into widespread production use in the phone network. In fact, given that modern switches are already digitizing the signals, a little DSP hardware should make quick work of the first cut, narrowing down which lines should receive harder evaluation to see if people are trying to protect their privacy. >To do something like have completely tappable communications, we'd need >half the country to monitor the other half, to make sure nothing out of >context is going on. You under estimate some technologies ;-) >Only problem with this is, who monitors the monitors? Who watches the watchmen? >No, I don't buy that paranoid plop about how it would be "trivial" to >set up filters that "detect" encryption, or that this is happening on a >widespread scale by the NSA in the U.S. This is an absolutely absurd >claim. It would not be trivial. On the other hand, an order allowing the modification of the entire telephone network to allow the FBI to have "most-favored-wiretapper" status is also non-trivial, and some are trying to make it happen. >These mechanisms could be just as trivially defeated (although >a-priori knowledge of their function may be required). People who >think encryption is different from communication think that symbols are >different than letters. Speaking as a programmer, good luck explaining >it to a computer. Maybe you over-estimate technology here. We are not talking about breaking crypto here, just detecting it. By its nature it changes the overall composition of the data. Randem data still looks random, it is true, but a phone call represents a certain context, and within that context there is an expected behaviour pattern (or ten or twenty behaviours, but it makes no difference). Within the context, it can be easy to see the change that crypto brings, unless there are active means taken against it. Doug From Marc.Ringuette at GS80.SP.CS.CMU.EDU Thu Mar 11 18:48:39 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Thu, 11 Mar 93 18:48:39 PST Subject: spread spectrum; secret sharing Message-ID: <9303120248.AA09181@toad.com> I'd like to find a brief tutorial on spread spectrum communications. I'd also like to become familiar with a decent secret sharing protocol (say, to share a secret among N people so that any K of them can obtain the secret but no K-1 of them can). Anyone have anything to offer me? -- Marc Ringuette (mnr at cs.cmu.edu) From thug at phantom.com Thu Mar 11 18:59:00 1993 From: thug at phantom.com (Murdering Thug) Date: Thu, 11 Mar 93 18:59:00 PST Subject: [CRYPT: Dingaling Denning & random # generators] In-Reply-To: <199303120223.AA11719@access.digex.com> Message-ID: Doug Humphrey writes: > > >As I posted once to sci.crypt: encrypted communication is virtually > >interchangeable with and indistinguishable from communication itself. > >How does someone `know' that you are encrypting a message? > > This is not strictly true. While someone might not be able to tell > that you are engaged in the act of encrypting a message, the > transmission of encrypted communications is often detectable. > Spread spectrum transmissions often look like an increase in the > noise floor of certain communications channels, prompting systems > to think that there are malfunctions, and to dispatch someone to > take a look at the facility. If they throw a spectrum analyser > on it, it doesn't look like valid data in most cases, just noise. > > With voice communications it is easy to recognize the patterns > that speech generates, and they look very different from the > randomness that simple crypto produces. Unless one uses a > post-crypto wave shaper to simulate the amplitude changes that > speech produces, it is simple to build a circut that can make a > pretty accurate evaluation of voice/data/crypto going by it. > Nothing more difficult in 1993 than was the first 2600 hz > detector circut when it was put into widespread production use > in the phone network. In fact, given that modern switches are > already digitizing the signals, a little DSP hardware should > make quick work of the first cut, narrowing down which lines > should receive harder evaluation to see if people are trying to > protect their privacy. Why not send your PGP encoded files using V.27 or whatever the 9600 baud fax transmittion modulation is? By the year 2000, there will be around 40 million fax machines in the U.S. Assuming the FBI/NSA/ASPCA can tell apart voice from fax by scanning all the phone trunks in the U.S. with high speed parallel computers, it wouldn't help them if there are around 100 million fax transmissions taking place each day. No way in hell are they going to pick up your signal from the other 99,999,999 fax transmissions taking place that day, and then spend the rest of their lives trying to crack your PGP message. The same can be said about modems. If Prodigy, America Online, and Compuserve keep up their newbie recruitment pace, about 50% of the homes in the U.S. will have modems by the year 2000. And don't tell me they can build computers that can distinguish between a PGP file transmission and some hormone crazed 15 year old dork downloading the latest GIF of Cindy Crawford or a ZIPed ware. I've looked at hexdumps of GIFs and ZIPs and for all practical purposes they look about as random as PGP data. If the NSA can build a parellel computer that scans all the trunks in the U.S. simultaneously AND can tell the difference between PGP streams and ZIP/GIF file data streams, then I just might as well go and shoot myself right now. Thug From blojo at sting.Berkeley.EDU Thu Mar 11 18:59:47 1993 From: blojo at sting.Berkeley.EDU (Jon Blow) Date: Thu, 11 Mar 93 18:59:47 PST Subject: HIDE: embedding msgs into snd & graphics Message-ID: <9303120259.AA03718@sting.Berkeley.EDU> > I would have it take a GIF file and a > binary file to be embedded, and produce an output GIF with the low order > bit of each byte changed to be the next bit of the embedded binary file. I've been thinking about writing this too, but, alas, I have been too busy. If you write this program, I would encourage you to support encoding/decoding in more than just GIF files. My main reasoning behind this is something like: if there is one piece of software that is commonly used to hide data in noise bits, and it only supports one format, then things in that one format are automatically suspect-- it's almost as bad as not hiding the data. I'd encourage you to support JPEG and sunaudio formats (though the info density one could store in each of these is probably a lot lower than what you could pack into a GIF), as well as some less-used formats like tiff and rast. Hmm... and if you can figure out how to pack a useful amount of data into an XPM, I'll be really impressed. I don't know if you actually know GIF format (I don't) but I know that you'd have to do some reasonably intelligent churning of the data. For one, it's just not going to be as easy as dropping a noise bit from each n-byte set; GIF format is fairly compressed as I understand. Also, if you're not careful, you'll end up with a picture that chokes displays after encoding that worked fine before encoding. (Many machines have 8-plane displays, which means a 256-color colormap. If you mess with the noise bits on a GIF that has 200 colors, you're going to come up with one that has 400 colors. Many display programs (like xv) will compress the colormap when they see this; the X server will also slide colors together when you allocate things and the map is full. BUT, such high-colormap-size gifs would basically have "I AM A CONTAINER FOR ENCRYPTED DATA" tattooed on the backs of their necks. -J From Marc.Ringuette at GS80.SP.CS.CMU.EDU Thu Mar 11 19:05:22 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Thu, 11 Mar 93 19:05:22 PST Subject: Tagging data to detect thieves Message-ID: <9303120305.AA09556@toad.com> I've done some further thinking on the text tagging problem, spurred by a question on sci.crypt about tagging pictures (under the subject line "Permanent signatures for pictures"). Here's a summary. ---- Let's say Dow Jones wants to sell newswire subscriptions to individuals, but someone is anonymously forwarding their articles to a newsgroup. Can they succeed in tagging the text to detect the thief? The idea is to make some small twiddle to each subscriber's copy of the text, so that the stolen copy can be matched with some subscriber and their subscription cancelled. Short answer: the thieves win. At first, I thought the answer was the opposite. ---- There are two issues which must be addressed in order to show that the tagger wins: 1. The taggee must not be able to "smooth away" all of the tag bits. 2. The taggee must not be able to cross-correlate multiple copies of the data in question in order to produce a "clean" version. Regarding issue #1, the basic techique is to alter a few features of your data which are important enough that your opponent can't afford to randomize ALL such bits. In the case of text, small changes in word choice are a good candidate. Two criteria are: A. The changes must be "important" enough that the thief can't smooth them all away. B. The changes shouldn't be "important" enough that the newswire becomes worthless! The tagger has an advantage in this case, though. He can change, say, 1 in 1000 of these "important, non-smoothable-away" candidate bits. If the thief wants to cancel them out and only has a single copy of the picture, he must somehow canonicalize _all_ of the candidate tag bits, or some very large proportion of them. So if your tagging process does a little bit of "damage" to your data, like in the map-maker case of adding an extra small street here and there, then the opponent must either try to detect exactly where your damage is, or must make wholesale changes to the data (such as removing all small roads altogether). The thief, in trying to cover up your damage, must make a thousand times as much damage. Choose your damage level appropriately so that your level of damage isn't too much but the thief's is. ---- Issue #2, thieves cross-correlating between multiple copies of the data, is a bit more subtle. Here's the scenario: Dow Jones has 10,000 customers, 64 of whom are in a conspiracy to steal and re-sell the newswire. Dow Jones tries various tagging strategies, altering whitespace and word choice individually for each subscriber. The thieves try to cross-correlate between their copies of the text in order to "cancel out" the tags from the copy which they wish to re-sell. Can Dow Jones detect the thieves and cancel their subscriptions? In the discussion below, when Dow Jones "twiddles a bit" of their newswire, they do so by substituting a word's synonym at a chosen location, using a separate (possibly biased) coin flip for each subscriber. Here are the strategies I've considered. Dow Jones strategy: twiddle some bits with probability 0.5. If the thieves use majority vote, each thief will have a reasonably high correlation with the output bits. (In fact, the probability of a match will exceed 50% by approximately the chance of a tie vote among the thieves, which is about 0.8/sqrt(n) where n is the number of thieves. This computation is a bit hairy.) Thief countermeasure: reliably detect which bits are being twiddled (by cross-checking between, say, 64 different subscriptions) and flip a fair coin to determine the output. There's a chance of only 2 in 2^64 that the thieves fail to detect the twiddle. Dow Jones strategy: twiddle some bits with low probability (e.g. p=0.01). Reasonably often, the bit values will be the same for all thieves. If the thieves use the flip-a-coin strategy, we can determine which tag bits they've failed to detect, and identify them that way. Thief countermeasure: use a majority vote. Dow Jones strategy: hybrid of the two. Thief countermeasure: hybrid of the two. Flip a coin if the vote is fairly even, go with the majority if the vote is uneven. For example, get 64 subscriptions, go with the majority vote if fewer than 16 dissenters, flip a fair coin otherwise. This last strategy for the thieves is the one I can't beat. Theoretical help, anyone? -- Marc Ringuette (mnr at cs.cmu.edu) From mbrennan at netcom.com Thu Mar 11 19:56:21 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Thu, 11 Mar 93 19:56:21 PST Subject: CYPHERPUNKS=EMAIL HARASSEMENT? Message-ID: <9303120354.AA14008@netcom.netcom.com> Hopefully my subject line got someone's attention. I just received a 3K file in my mailbox from George A. Habrecht with lines repeating over and over "Please unsusbcribe me!!!" Perhaps many of you simply deleted it without even noticing what the mail said. But you should all take note that the cypherpunks list is starting to piss off a lot of people who would be supportive of what you are doing if not for the huge volumes of unwanted mail. Loading up peoples mailboxes with unwanted mail is IRRESPONSIBLE! Is this what cypherpunks wants to become known for on the net? It's really very simple: if someone send an unsubscribe request, it should be honored. There's no excuse for ignoring such requests. Clearly someone is asleep at the wheel here and the situation needs to be rectified. The cypherpunks list is increasingly running the risk of some vengeful retaliation from a pissed off individual frustrated at having their "unsubscribe" requests repeatedly ignored. Is this what the cypherpunks want? I'm not saying that Mr. Habrecht would do such a thing. I'm simply saying that it is a real possibility that someone may be tempted to do such a thing, and it could be easily avoided if whoever is supposed to be overseeing this list would get their act together! I was annoyed at getting that 3K file in my mailbox, but I am completely sympathetic to his frustration. I am saddened by seeing cypherpunks so insensitive to this frustration and oblivious to the anger that some people are starting to feel toward this list. Do you not care that cypherpunks is developing a tarnished reputation because of this? Don't any of you cypherpunks think that maybe sending huge volumes of unwanted mail to people is innappropriate? Don't you think that maybe someone should get their act together and rectify this situation?!!! My esteem for this group is dropping lower and lower with each passing day that I see my and others' "unsusbscribe" requests being ignored. It truly saddens me because i think that the mission of this group is a worthy one, but it is becoming tarnished by this maling list fiasco. I think it's very sad. P.S. If someone DOES finally get their act together on this, I'll like to subscribe to cypherpunk-announce only. From miller_su at swam1.enet.dec.com Thu Mar 11 20:28:13 1993 From: miller_su at swam1.enet.dec.com (New World Fnorder) Date: Thu, 11 Mar 93 20:28:13 PST Subject: UNSUBSCRIBE Message-ID: <9303120425.AA24535@enet-gw.pa.dec.com> I, too, am finding it impossible to get off this list. I hope the list admistrator can get his server fixed and take me off the list soon. I don't want to be reduced to bombing the list with massive unsubscribes! From mbrennan at netcom.com Thu Mar 11 21:12:21 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Thu, 11 Mar 93 21:12:21 PST Subject: CYPHERPUNKS=EMAIL HARASSEMENT? Message-ID: <9303120510.AA20163@netcom.netcom.com> >I sent a letter to the person you talked about, from what I have read >you should send your request to the same address that was used to join >the list. > with the subject being what ever it is >you want done to your name in ref. with the list. > > Dan :) > > I myself was not impressed with his stupid little note. You are very wrong! As a matter of fact, I have sent unsubscribe requests to cypherpunks-request and those requests have been ignored! That's why I sent this last message of mine to the whole list. I'd be willing to bet that the individual who sent the 3K file had also attempted initially to send his request to cypherpunks-request and had his request ignored. In fact, it's quite possible that MANY of the people who have sent their "unsubscribe" requests to the whole list have done so because initial requests sent to cypherpunks-request were ignored! Brushing this matter aside as a non-issue and pretending there is no problem will not make the problem go away! UNSUBSCRIBE REQUESTS SENT TO CYPHERPUNKS-REQUEST ARE BEING IGNORED!!! Certainly you cypherpunks can understand the disaster you are inviting upon yourselves if you continue to piss people off with huge volumes of unwanted mail. I repeat: UNSUBSCRIBE REQUESTS SENT TO CYPHERPUNKS-REQUEST ARE BEING IGNORED!!! Have some consideration, folks, and fix the damn problem!!!! ----- Michael Brennan - mbrennan at netcom.com From ghabrech at ultrix.ramapo.edu Thu Mar 11 21:30:20 1993 From: ghabrech at ultrix.ramapo.edu (George A. Habrecht) Date: Thu, 11 Mar 93 21:30:20 PST Subject: UNSUBSCRIBE ME!!!!! Message-ID: <9303120533.AA14817@ultrix.ramapo.edu> DAMN!!!!! UNSUBSCRIBE ME ALREADY!!!!! GHABRECH at ULTRIX.RAMAPO.EDU ghabrech at ultrix.ramapo.edu From tcmay at netcom.com Thu Mar 11 21:42:33 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Mar 93 21:42:33 PST Subject: HABRECHT=EMAIL HARASSEMENT Message-ID: <9303120541.AA23327@netcom.netcom.com> <> Michael Brennan writes: >Hopefully my subject line got someone's attention. >I just received a 3K file in my mailbox from George A. Habrecht with >lines repeating over and over "Please unsusbcribe me!!!" Perhaps many >of you simply deleted it without even noticing what the mail said. But you >should all take note that the cypherpunks list is starting to piss off > a lot of people who would be supportive of what you are doing if not >for the huge volumes of unwanted mail. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ (My mail reader said nearly 80 kilobyes...perhaps your figure was in _lines_?) I don't know what the delay has been in unsubscribing people. As always, send requests to the list maintenance address, "cypherpunks-request at toad.com". The list manager, Eric Hughes (hughes at soda.berkelely.edu), has been away at the CFP conference this week...perhaps this is part of the delay. In any case, the 80 KB (according to my mail reader, Eudora) file was sent by George Habrecht, and was not "caused" by Eric Hughes, nor was it caused by "the cypherpunks list." So lighten up on this point, will ya? >Loading up peoples mailboxes with unwanted mail is IRRESPONSIBLE! >Is this what cypherpunks wants to become known for on the net? It's really >Don't any of you cypherpunks think that maybe sending huge volumes of >unwanted mail to people is innappropriate? Don't you think that maybe >someone should get their act together and rectify this situation?!!! Huh? Like I said, it was Mr. Habrecht who sent the "huge volumes of unwanted mail" and not the Cypherpunks list (unless you're advocating that someone screen postings for content and length?). So if you're angry at getting an 80 K file, be angry at Habrecht. His frustration at having to wait some extra time to get off the list is no excuse for mail-bombing a couple of hundred people! The average Cypherpunks message is about 3 KB, or about 4% of Habrecht's message. With about 25 Cypherpunks messages a day (I'm guessing), Habrecht equalled the average list volume in his angry action. If there are 200 subscribers, then he caused roughly "200 list-days" of mail to go out to readers...all because he couldn't get off the list exactly when he gave the order! As for the average mail volume...well, it is fairly light compared to some other mailing lists. And it is not the list manager who determines the volume, it is of course the list members. The list software simply "reflects" incoming messages to the distribution list...if people write a lot, a lot goes out. Q.E.D. As Sinbad O'Connor would put it: "Know the real enemy." -Tim May P.S. What I did was to _reply_ to Mr. Habrecht, explaining the situation. I attached my reply to a *quoted copy* of his message AND MAILED IT BACK TO HIM! (Actually, my mailer splits incoming messages into 24 KB pieces, so I only mailed one of these back to him....he got off lucky. If several more people do this, he'll think twice about mail-bambing a list again.) -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From tytso at Athena.MIT.EDU Thu Mar 11 21:55:35 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Thu, 11 Mar 93 21:55:35 PST Subject: [CRYPT: Dingaling Denning & random # generators] In-Reply-To: Message-ID: <9303120554.AA28908@SOS> From: thug at phantom.com (Murdering Thug) Date: Thu, 11 Mar 93 21:49:43 EST And don't tell me they can build computers that can distinguish between a PGP file transmission and some hormone crazed 15 year old dork downloading the latest GIF of Cindy Crawford or a ZIPed ware. I've looked at hexdumps of GIFs and ZIPs and for all practical purposes they look about as random as PGP data. If the NSA can build a parellel computer that scans all the trunks in the U.S. simultaneously AND can tell the difference between PGP streams and ZIP/GIF file data streams, then I just might as well go and shoot myself right now. Er.... you might want to get your gun out..... the middle of hexdumps of GIF's and ZIP's and PGP files may look the same, but the file headers are quite distinguishing. If you want to hide encrypted data, each person needs to find their own way of doing it ---- if everyone hides it in the low bits of a GIF file, it would be very simple for the NSA to scan GIF files to see if the low bits looked like the header of a PGP file..... - Ted From ghabrech at ultrix.ramapo.edu Thu Mar 11 22:05:13 1993 From: ghabrech at ultrix.ramapo.edu (George A. Habrecht) Date: Thu, 11 Mar 93 22:05:13 PST Subject: HABRECHT=EMAIL HARASSEMENT Message-ID: <9303120608.AA15248@ultrix.ramapo.edu> A pesk, me? Ha! The only reason I did it was because I asked a month ago, politely, to be taken off and every day I still have a ton of junk messages in my mailbox. The other person (Name cut off in reply) was right. I'm sick and tired of reading some news about bullshit. I mean it seems that some people have been writing in whenever they have to take a crap. Some of the articles are excellent, some ok, but when you have to weed through 20-30-even 40 messages to get one or two good ones it's just not worth it. Therefore I wish to be taken off. If, in a while, things get straightened up I may resubscribe but for now, I don't have the time. George (The E-mail harrasser) Habrecht ghabrech at ultrix.ramapo.edu (for those who wish to mail my mailbox.... I'll nuke it anyway :) ). From Marc.Ringuette at GS80.SP.CS.CMU.EDU Thu Mar 11 22:05:33 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Thu, 11 Mar 93 22:05:33 PST Subject: Cypherpunks know they're cool Message-ID: <9303120605.AA13446@toad.com> Hey, man, we're the cypherpunks. We're too hip to worry about a trivial little mail bomb. But if we did get upset...well, who do you think has the bigger arsenal of dirty tricks, him or us? Heh. Marc p.s. I'm being interviewed by a campus radio show, regarding cypherpunk-related stuff. I'd welcome any suggestions on topics to bring up, or ammunition to add to my pro-privacy and pro-anonymity arguments. Send them directly to me and I'll summarize to the list. From elee9sf at Menudo.UH.EDU Thu Mar 11 22:17:22 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Thu, 11 Mar 93 22:17:22 PST Subject: CASH/BANK: combo Message-ID: <199303120616.AA20557@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- Hal saw through my laziness attempt: I thought it would be "easiest" for a cash accepting remailer to increment an account (marking bills as spent) and have users request more bills from the bank rather that filter requests through me. However, this does lead to a perpetually full bank account... But actually, a full service bank isn't required (although maybe that would be nice) - all that's really needed is for the remailer software to compare the included digicash versus a spent cash list and a valid cash list. The banking portion need only be one command for me to use: one that deposits newly created cash into the valid cash list. When a letter arrives, the digicash is checked, added to the spent cash list, and re-routed. For privacy, requests for digicash could come to me via anonymous remailers, along with the appropriate header to allow me to respond. This would render logs relating digicash and user useless, since I wouldn't know who is requesting digicash bills. On the other hand, somebody could store up several digicash bills by routing their request through the various remailers. But I'll accept that risk, hoping that nobody on this list would prepare a email attack (except for the unfortunate folks who can't seem to unsubscribe :-) JUST KIDDING!!) /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK6Ap24OA7OpLWtYzAQHZQAQAo2ofd6lPBx/7XMR3Jr+7G2atMzevNcj3 Wtdrjr1GQJ+15z9duu3vh3yyV4j0rswyJlqp3eJZPCcb1NgEeKVZ1pP54YjDRwL2 UOKcHD55g+SIckIYVE+VFo4s2Ha8CKgtRgHmRV6+MJgiheBBOaOQxjFqRMpru3pO fE9mYRkNUII= =NyB0 -----END PGP SIGNATURE----- From shipley at merde.dis.org Thu Mar 11 22:17:57 1993 From: shipley at merde.dis.org (Peter &) Date: Thu, 11 Mar 93 22:17:57 PST Subject: HIDE: embedding msgs into snd & graphics In-Reply-To: <9303112122.AA00150@netcom.netcom.com> Message-ID: <9303120608.AA28356@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 1051 bytes Desc: not available URL: From markh at wimsey.bc.ca Thu Mar 11 23:18:36 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Thu, 11 Mar 93 23:18:36 PST Subject: CYPHERPUNKS=EMAIL HARASSEMENT? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: CYPHERPUNKS=EMAIL HARASSEMENT? On Mar 11, 21:16, Michael Brennan wrote: } Subject: Re: CYPHERPUNKS=EMAIL HARASSEMENT? } } Brushing this matter aside as a non-issue and pretending there is no } problem will not make the problem go away! UNSUBSCRIBE REQUESTS SENT TO } CYPHERPUNKS-REQUEST ARE BEING IGNORED!!! Well, sending a 3000 line file to hundreds of people, wasn't the correct response to the situation. But, to add something constructive, why don't we use majordomo to handle list additions and delections automatically? Mark - -- Mark Henderson mch at squirrel.wimsey.bc.ca markh at wimsey.bc.ca -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK6A2sPfE/ap/JEqpAQEK6AQAqejFaX3122HwrkLibTYr/rEGEoL6qpSv sSn2oVxoOJXc+R52P8RCZzfp/X0O5tp92tUf4sAL2YKIlb72W2y9rXZ9TXMxpmxi AgRqqpts1uoKAfUMBaM9Lr0QJ2V7fnMRjOJiu2mU/bSbC4Tzr15reKjmhkQDDZXo FoybTVchSEw= =3DYZ -----END PGP SIGNATURE----- From ebrandt at jarthur.Claremont.EDU Thu Mar 11 23:38:53 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Thu, 11 Mar 93 23:38:53 PST Subject: HIDE: embedding msgs into snd & graphics In-Reply-To: <9303120259.AA03718@sting.Berkeley.EDU> Message-ID: <9303120738.AA15498@toad.com> > I don't know if you actually know GIF format (I don't) but I know that you'd > have to do some reasonably intelligent churning of the data. For one, it's > just not going to be as easy as dropping a noise bit from each n-byte set; > GIF format is fairly compressed as I understand. What you'd want to do is uncompress the byte stream, twiddle the low bits, and LZW it back up. Well, that's easy enough. The problem is that GIFs are colormapped, and the map need have no coherence between entries 8 and 9. Even optimally arranged (a non-trivial task; looks like the salesman travels colorspace...), that low bit is probably going to be significant enough to munge things visibly. What you'd have to do is remap the file to 128 colors, duplicate them in the colormap, and encode your message in the choice of identical entries. Unfortunately, most images look bad enough mapped to 256 colors, and will degrade further in 128. Though I suppose nobody really wants to look at the image anyway... Your compression is also going to die. This may provide a quick way to scan for this technique, and finding a redundant colormap is a dead giveaway of either secrecy or stupidity. You could fix that by tweaking twin colors slightly, adding a bit of visible noise. I think color images, as opposed to mapped, would be the way to go for steganography. More room, and nobody expects them to compress. > -J PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From 74076.1041 at CompuServe.COM Thu Mar 11 23:56:36 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 11 Mar 93 23:56:36 PST Subject: Tagging data to detect thieves Message-ID: <930312075211_74076.1041_DHJ35-1@CompuServe.COM> Mark Ringuette asks about schemes to detect which copies of some proprietary information were used to resell the data. I recall reading a paper on this in the proceedings of one of the crypto conferences within the past several years. Unfortunately, I don't have a more accurate reference handy. The authors referred to this problem as "digital fingerprinting" (i.e. adding a "fingerprint" to each copy of a document). As I recall, the idea was to twiddle bits in such a way that any subset of copies up to a specified size would have a certain number of identically twiddled bits. The thiefs who cross-correlate 64 (or however many) copies will not know about the bit twiddles which were common to all 64 copies. Their output will still contain those common bit-twiddles, and this information allows the thiefs to be caught. The paper shows a formula for the number of possible bit-twiddle-places and the number of bit-twiddles per copy needed, as a function of how many copies you are defending against the bad guys getting. It was basically just a combinatorial/counting argument. I do seem to recall that if the bad guys could get a lot of copies the number of bits needed grew exponentially. I don't know whether defeating an attack with 64 copies was practical using this scheme. Mark also asked about secret sharing. The classic secret sharing paper is "How to Share a Secret"; I think it was by Shamir, in an old CACM from the 70's. As I recall, he proposed encoding the data as a K-1 degree polynomial in some modulus field. Give each person a point on the polynomial. K points are required to recover the polynomial. I don't recall how the encoding of the data as a polynomial was to be done, but the author showed that K-1 points gives you no information about it. Hal 74076.1041 at compuserve.com From 74076.1041 at CompuServe.COM Thu Mar 11 23:56:58 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 11 Mar 93 23:56:58 PST Subject: CYPHERPUNKS=EMAIL HARASSEMENT? Message-ID: <930312075344_74076.1041_DHJ35-2@CompuServe.COM> So how many days, exactly, have people waited for response from cypherpunks-request before giving up and posting to the list? Just one or two, or are we talking weeks here? Hal From mbrennan at netcom.com Fri Mar 12 00:02:41 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Fri, 12 Mar 93 00:02:41 PST Subject: Cypherpricks think they're cool Message-ID: <9303120801.AA05719@netcom.netcom.com> >Date: Fri, 12 Mar 1993 01:01-EST >From: Marc.Ringuette at GS80.SP.CS.CMU.EDU >To: cypherpunks at toad.com >Subject: Cypherpunks know they're cool > >Hey, man, we're the cypherpunks. We're too hip to worry about a >trivial little mail bomb. But if we did get upset...well, who >do you think has the bigger arsenal of dirty tricks, him or us? >Date: Thu, 11 Mar 93 21:41:04 -0800 >To: cypherpunks at toad.com >From: tcmay at netcom.com (Timothy C. May) >Subject: HABRECHT=EMAIL HARASSEMENT > >P.S. What I did was to _reply_ to Mr. Habrecht, explaining the situation. I >attached my reply to a *quoted copy* of his message AND MAILED IT BACK TO >HIM! (Actually, my mailer splits incoming messages into 24 KB pieces, so I >only mailed one of these back to him....he got off lucky. If several more >people do this, he'll think twice about mail-bambing a list again.) What arrogant little pricks you are, Mr. Ringuette and Mr. May! So is this what cypherpunks is really all about: "dirty tricks", "mail bombs", endless harassment of people on the net who simply wish to be left alone? I had originally thought that cypherpunks had higher objectives in mind than that, but evidently at least some of you simply fancy yourselves as some sort of cyber-terrorists (although you're really no better than petty vandals). I've seen many of you raise issues about responsibility on the net. Is proving that you have a "bigger arsenal of dirty tricks" you're idea of responsibility? And do you really think that cypherpunks could survive such a war? You yourselves have admitted that you have many enemies in your quest for net privacy and anonymity. Do you foolishly believe that they won't seize upon this irresponsible behavior on your part and use it to prove their point? You will only succeed in bringing about precisely what you claim to oppose: oppressive controls on the internet to stop petty vandals like yourself. I would hope that there are some among you that have some scrap of sanity left, and realize that there is nothing to be gained from bringing a needless war down upon yourselves. Wise up! >From tcmay: >I don't know what the delay has been in unsubscribing people. As always, >send requests to the list maintenance address, >"cypherpunks-request at toad.com". The list manager, Eric Hughes >(hughes at soda.berkelely.edu), has been away at the CFP conference this >week...perhaps this is part of the delay. I sent one request to cypherpunks-request about three weeks ago, and a second about a week ago. Was Eric Hughes at the CFP conference then? And you may have noticed that a third person has now stepped forward and expressed frustration over being in the same predicament. Do you still want to pretend there is no problem? What will it take for you to realize there is: the third person, the fourth, fixth, sixth? I'll say it again: Wise up! I've been very patient over this, but I'm disgusted at your arrogant promises of "dirty tricks" and "mail bombs" against those who simply want to unsubscribe from the list! What phenomenal assholes you are!!! ----- Michael Brennan - mbrennan at netcom.com From dclunie at pax.tpa.com.au Fri Mar 12 00:14:09 1993 From: dclunie at pax.tpa.com.au (David Clunie) Date: Fri, 12 Mar 93 00:14:09 PST Subject: Unacceptable behaviour by ghabrech Message-ID: <9303120811.AA05897@britt> >From one of the very popular mailing lists I received the following posting by one of your users. While I can understand his frustration at having difficulties unsubscribing from a relatively high volume list, or his ignorance at not being aware that such requests should be directed to the "x-request" alias not the "x" list, this is no excuse for such a long and unpleasant post that has consumed considerable expensive bandwidth for no good reason ... I am surprised you tolerate students with such a childish attitude on your system and they do no credit to your institution's reputation. This is an abridged version of George A. Habrecht's 3264 line post ! > From cypherpunks-request at toad.com Fri Mar 12 16:48:53 1993 Date: Thu, 11 Mar 1993 14:59:21 -0500 From: ghabrech at ultrix.ramapo.edu (George A. Habrecht) To: cypherpunks at toad.com Content-Length: 74877 Hello? I have asked several times and am starting to get pissed off!!!! So do as follows!!!!! Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! ... ... Unsubscribe me!!!!!!!! Unsubscribe me!!!!!!!! Get the message?!? Thanx ghabrech at ultrix.ramapo.edu From blojo at sting.Berkeley.EDU Fri Mar 12 00:53:27 1993 From: blojo at sting.Berkeley.EDU (Jon Blow) Date: Fri, 12 Mar 93 00:53:27 PST Subject: HIDE: embedding msgs into snd & graphics Message-ID: <9303120852.AA03893@sting.Berkeley.EDU> > I think color images, as opposed to mapped, would be the way to go > for steganography. More room, and nobody expects them to compress. Yeah; but even if we're talking full 24-bit images, we're going to have problems. Once 24-bit displays become standard, I really doubt that there will be many images stored in a non-lossy format. And once you try to hide data in a lossy encoding scheme, you run into a lot (though not all) of the problems you have with colormaps. It would be a lot easier to hide data in an image if one had a control-image (the original) as well as the altered-image (the one holding the message), but this defeats half the niftiness of trying to do things this way. > Eli ebrandt at jarthur.claremont.edu -J. From mbrennan at netcom.com Fri Mar 12 01:20:44 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Fri, 12 Mar 93 01:20:44 PST Subject: Unacceptable slander by dclunie Message-ID: <9303120919.AA11896@netcom.netcom.com> >Date: Fri, 12 Mar 93 17:41:03 CST >From: dclunie at pax.tpa.com.au (David Clunie) >To: Postmaster at ultrix.ramapo.edu >Subject: Unacceptable behaviour by ghabrech >Cc: root at ultrix.ramapo.edu, ghabrech at ultrix.ramapo.edu, cypherpunks at toad.com > >>From one of the very popular mailing lists I received the following posting >by one of your users. While I can understand his frustration at having >difficulties unsubscribing from a relatively high volume list, or his >ignorance at not being aware that such requests should be directed to the >"x-request" alias not the "x" list, this is no excuse for such a long and >unpleasant post that has consumed considerable expensive bandwidth for no >good reason ... I am surprised you tolerate students with such a childish >attitude on your system and they do no credit to your institution's >reputation. [ abridged quote from metioned user's posting deleted...] Think about this scenario for a moment: dclunie sends mail to the system adiministrator of an institution complaining of the mail sent by a particular user. The system administrator confronts the user, who then explains the situation. He explains that he has sent numerous requests to be unsubscribed from the list, but they continue to send large volumes of mail. Out of frustration, he sends an 80K file to the list hoping it will get someone's attention. The mail continues, and several members of the list makes threats of "dirty tricks" and "mail bombs" against him. Now one of the "cypherpunks" is sending libelous mail to the system administrator. The system administrator now understands the situation; an educational institution on the net is made aware of a rapidly developing campaign of harrassment and vandalism by the cypherpunks. So what happens now? Are the cypherpunks winning? Are you people blind to what you are doing? What fools!!! What upsets me the most about all of this is that I am truly an advocate of net freedom, privacy, and anonymity. But the cypherpunks is setting itself up for a big fall and they threaten to tarnish the whole movement toward net freedom and privacy with their petty, puerile, and vandalous behavior! ----- Michael Brennan - mbrennan at netcom.com From pcw at access.digex.com Fri Mar 12 04:46:24 1993 From: pcw at access.digex.com (Peter Wayner) Date: Fri, 12 Mar 93 04:46:24 PST Subject: Secret messages in images... Message-ID: <199303121244.AA17859@access.digex.com> I wrote a quick little version to stick bits in the LSB of a file. It runs in the Macintosh as an added feature to a popular program, NIH Image. (The source code and frequent revision are published at the major ftp sites.) It is very easy to add a function to handle this process because all of the file i/o and format decoding are already present. If anyone would like a copy, they're welcome to write to me. I'll send them instructions and a short file. Alas, it only handles 8 bit images. Also, you can also request Mimic function code for hiding messages in text with a grammar. -Peter Wayner (pcw at access.digex.com) From sdun at isma.demon.co.uk Fri Mar 12 05:02:00 1993 From: sdun at isma.demon.co.uk (Stephen Dunne (+44) 71-538-5656) Date: Fri, 12 Mar 93 05:02:00 PST Subject: Unacceptable slander by dclunie Message-ID: <9303122054.AA0036@isma.demon.co.uk> Forgive me if I appear slow over this but I don't see any problem with Davids response.. Mailbombing a mailing list like cypherpunks with 80K of dross is not acceptable behaviour (whether it was through ignorance or malice) and in those circumstances contacting the site postmaster seems a reasonable thing to do. I do agree with another post who suggested that the admin side of the list does need to be tightened up so that future incidents like this do not occur. However we are in danger of blowing this up out of all proportion. Stephen -- +--------------------------------------------------------------------------+ |Stephen Dunne DoD#767 sdun at isma.demon.co.uk | |International Securities Market Association I speak for me,thats all| |Voice (+44) 71-538-5656 Fax (+44) 71-538-4902 PGP key available| |We are not affiliated to any other Demon.Co.Uk site. | +--------------------------------------------------------------------------+ ----------------------------- Note follows ----------------------------- Message-Id: <9303120919.AA11896 at netcom.netcom.com> Date: Fri, 12 Mar 1993 01:24:48 -0800 To: cypherpunks at toad.com From: Michael Brennan Subject: Unacceptable slander by dclunie >Date: Fri, 12 Mar 93 17:41:03 CST >From: dclunie at pax.tpa.com.au (David Clunie) >To: Postmaster at ultrix.ramapo.edu >Subject: Unacceptable behaviour by ghabrech >Cc: root at ultrix.ramapo.edu, ghabrech at ultrix.ramapo.edu, cypherpunks at toad.com > >>From one of the very popular mailing lists I received the following posting [shortened even more] Think about this scenario for a moment: dclunie sends mail to the system adiministrator of an institution complaining of the mail sent by a particular user. The system administrator confronts the user, who then explains the situation. He explains that he has sent numerous requests to be unsubscribed from the list, but they continue to send large volumes of mail. Out of frustration, he sends an 80K file to the list hoping it will get someone's attention. The mail continues, and several members of the list makes threats of "dirty tricks" and "mail bombs" against him. Now one of the "cypherpunks" is sending libelous mail to the system administrator. The system administrator now understands the situation; an educational institution on the net is made aware of a rapidly developing campaign of harrassment and vandalism by the cypherpunks. So what happens now? Are the cypherpunks winning? Are you people blind to what you are doing? What fools!!! ----- Michael Brennan - mbrennan at netcom.com From elee9sf at Menudo.UH.EDU Fri Mar 12 06:40:44 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Fri, 12 Mar 93 06:40:44 PST Subject: REMAIL: help with utter.dis.org Message-ID: <199303121439.AA16993@Menudo.UH.EDU> Cypherpunks, I'm having trouble using the new remailer at utter.dis.org. I've sent several test messages, but have received none back. Recently, I tried to email to the person running the remailer (shipley at merde.dis.org?), but my mail bounced: [stuff deleted here and there] >Return-Path: MAILER-DAEMON at soda.berkeley.edu >From: Mail Delivery Subsystem >Subject: Returned mail: Host unknown > ----- Transcript of session follows ----- >550 merde.dis.org.tcplocal... 550 Host unknown >550 ... Host unknown: Inappropriate ioctl for device >From: Karl Barrus >To: shipley at merde.dis.org I'd like to include this new remailer in the scripts, but would first like to verify that it works... So Peter: I'd like to help work out any problems, but I can't reach you at shipley at merde.dis.org (unless this is related to soda's disk crash?) /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From matt at oc.com Fri Mar 12 07:39:47 1993 From: matt at oc.com (Matthew Lyle) Date: Fri, 12 Mar 93 07:39:47 PST Subject: Unacceptable slander by dclunie Message-ID: <199303121534.AA08509@ra.oc.com> At 1:24 AM 3/12/93 -0800, Michael Brennan wrote: >> [ Mail from David Clunie to ramapo.edu systems admin deleted ] > > [ abridged quote from metioned user's posting deleted...] > >Think about this scenario for a moment: dclunie sends mail to the system >adiministrator of an institution complaining of the mail sent by a >particular user. The system administrator confronts the user, who then >explains the situation. He explains that he has sent numerous requests to >be unsubscribed from the list, but they continue to send large volumes of >mail. Out of frustration, he sends an 80K file to the list hoping it will >get someone's attention. The mail continues, and several members of the >list makes threats of "dirty tricks" and "mail bombs" against him. Now one >of the "cypherpunks" is sending libelous mail to the system administrator. >The system administrator now understands the situation; an educational >institution on the net is made aware of a rapidly developing campaign of >harrassment and vandalism by the cypherpunks. So what happens now? Are the >cypherpunks winning? Libelous mail?? Hardly. It is not appropriate for someone to post a 3600 line "junk" file to a mailing list. UNDER ANY CIRCUMSTANCES! (Think about those sites that are paying hard cash for e-mail transfers!) It is reasonable for such actions to be reported to the administrator of a system. So far as getting off the cypherpunks list, there are a number of other things to try if cypherpunks-request isn't working. Send mail to root at toad.com. Send mail to the administrative contact listed in the WHOIS database for toad.com (John Gilmore, in this case). Talk to your local systems administrator and ask his assistance. What ghabrech did is something I would expect from an immature freshman. (who knows... maybe he is one) >Are you people blind to what you are doing? What fools!!! Retaliatory strikes aren't right either, of course. -- Matthew Lyle (214) 888-0474 OpenConnect Systems matt at oc.com Dallas, TX "...and once you have tasted flight, you will walk the earth with your eyes turned skyward, for there you have been, and there you long to return..." From mbrennan at netcom.com Fri Mar 12 08:42:09 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Fri, 12 Mar 93 08:42:09 PST Subject: Unacceptable slander by dclunie Message-ID: <9303121640.AA12159@netcom.netcom.com> >Date: Fri, 12 Mar 1993 09:34:53 -0600 >To: cypherpunks at toad.com, mbrennan at netcom.com (Michael Brennan) >From: matt at oc.com (Matthew Lyle) >X-Sender: matt at ra.oc.com >Subject: Re: Unacceptable slander by dclunie > >It is not appropriate for someone to post a 3600 line "junk" file to a >mailing list. UNDER ANY CIRCUMSTANCES! (Think about those sites that are >paying hard cash for e-mail transfers!) It is reasonable for such actions >to be reported to the administrator of a system. I don't agree it was appropriate to notify the administrator. This could all have been handled far more elegantly considering the circumstances. >So far as getting off the cypherpunks list, there are a number of other things >to try if cypherpunks-request isn't working. Send mail to root at toad.com. >Send mail to the administrative contact listed in the WHOIS database for >toad.com (John Gilmore, in this case). Talk to your local systems >administrator and ask his assistance. What ghabrech did is something I >would expect from an immature freshman. (who knows... maybe he is one) Thank you for this information. I will attempt these courses of action. Perhaps if someone had attempted to offer helpful information from the outset, this problem never would have reached this level. Instead certain individuals chose to post arrogant promises of "retribution" against others, rather than trying to be constructive in this. >Retaliatory strikes aren't right either, of course. I agree wholeheartedly, and I am glad this discourse now finally seems to be moving onto a level-headed and constructive level. I appeal to all of the cypherpunks to keep it this way! Let's figure what's going wrong here and resolve the situation instead of playing one-upmanship with mail bombs and threats of "dirty tricks". ----- Michael Brennan - mbrennan at netcom.com From uri at watson.ibm.com Fri Mar 12 09:19:52 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Fri, 12 Mar 93 09:19:52 PST Subject: FW: Hiding Encrypted Messages In-Reply-To: <9303112315.AA12701@netmail.microsoft.com> Message-ID: <9303121718.AA15444@buoy.watson.ibm.com> -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 2001,MIC-CLEAR Originator-Name: uri at watson.ibm.com Originator-Key-Asymmetric: MIGcMAoGBFUIAQECAgQAA4GNADCBiQKBgQC8G6+5wJDTbII6rK3nx6/XSWIE79FW 1UnBUJx1lAEbay5o7larnOTWbVicXRfkd8cJxl4FAQ3z/O4vhNvqMqkfGPt48F1t O82PD1NstJ3zuMqCCSfTk/Lo3KNh2zz8oGQG8XOfK+UnGcqWhgZ2froBc4yNFlyK To0gYp7xKqpcLQIDAQAB MIC-Info: RSA-MD5,RSA, rwr1sC6NxFTeD2RQkn1d3a9DD72bfS6RX6KvRfCERRGxlNsIbqkSciSNmHxTJPRH /SuFRODhd9eqhyO5a4KORoAIse/QJjgpWDY/gcUx8WmaPBLTUyImVmBUHeaWlBG6 8zwHpOLrZHlX3j//9bpITl+0N90K9Nn4j2DFRxHQAV8= Stu Klingman writes: > Someone wrote: > > b) If it's played and recognized - one can trace your source (a CD, a > > tape of radio broadcast, whatever) and do a comparison. Then the > > file containing of all the LSBs is cryptanalyzed... > > Actually, this is not really a problem. The odds of being able to > resample, even using the same source and come up with the same byte > string is infinitesmal. Remember - the goal is to HIDE the fact, that there's a message! If, having CDs and DAT tapes widely available, somebody sends a home-brew digitized copy of it, won't it look somewhat suspicious for KGB? And if/when they throw you in a nice small cell, you can explain your innocence to the walls at infinitum (:-). > You've got chaos theory on your side here > with massive "Sensitive Dependence on Initial Conditions." You're certainly right. But still see above. > Just make sure to an application like Shredder or Flamefile to > permanently erase your initial sample, and nobody should be able > to tell. (unless they are aware of the trick beforehand) Do you mean, THEY don't monitor this forum? (:-) Regards, Uri. - ------------ -----END PRIVACY-ENHANCED MESSAGE----- From uri at watson.ibm.com Fri Mar 12 09:57:43 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Fri, 12 Mar 93 09:57:43 PST Subject: Cypherpricks think they're cool [FLAME] In-Reply-To: <9303120801.AA05719@netcom.netcom.com> Message-ID: <9303121756.AA17375@buoy.watson.ibm.com> #FLAME ON Michael Brennan writes: > >Hey, man, we're the cypherpunks. We're too hip to worry about a > >trivial little mail bomb. But if we did get upset...well, who > >do you think has the bigger arsenal of dirty tricks, him or us? > > What arrogant little pricks you are, Mr. Ringuette and Mr. May! So is this > what cypherpunks is really all about: "dirty tricks", "mail bombs", endless > harassment of people on the net who simply wish to be left alone?......... > > I've seen many of you raise issues about responsibility on the net. Is > proving that you have a "bigger arsenal of dirty tricks" you're idea of > responsibility? And do you really think that cypherpunks could survive such > a war? You yourselves have admitted that you have many enemies in your > quest for net privacy and anonymity. Do you foolishly believe that they > won't seize upon this irresponsible behavior on your part and use it to > prove their point? You will only succeed in bringing about precisely what > you claim to oppose: oppressive controls on the internet to stop petty > vandals like yourself. I symphatize for poor Mr. Habrecht being unable to get off this list. Does it mean, that he, in his frustration bombing my mailbox, is "justified"? Hey, it's not me, who signed himon to this list, it's not me, who can throw him out! So why did he choose to shoot from the hip at innocent bystanders? By the same logic, if one feels he was treated unjustly anywhere - just make a bomb and blow up the highest building in your area with the largest amount of people in it. What a real responsible bastard can do such things... And who's talking about responsibility?! An "e-mail terrorist"? Ha! Can cypherpunks survive the "war"? With who? Lighten up! Spitting saliva and terms like "petty vandals"? Well, well... Who was that idiot, who vandalized my mailbox with his stupid 3K lines of excrements? That's what true "vandalism" is, in my eyes... Oh, and if you aren't satisfied with how car service in your city works - get a gun and hunt their passengers... What a man... And the last - who the hell needs that privacy? Is it something valuable for cypherpunks only, something you don't really need for yourself? Just joined this list out of kindness to help those poor kids? > I would hope that there are some among you that have some scrap of sanity > left, and realize that there is nothing to be gained from bringing a > needless war down upon yourselves. Wise up! Yeah. Always nice to have a peace defender... > I sent one request to cypherpunks-request about three weeks ago, and a > second about a week ago. Was Eric Hughes at the CFP conference then? And > you may have noticed that a third person has now stepped forward and > expressed frustration over being in the same predicament. Do you still want > to pretend there is no problem? What will it take for you to realize there > is: the third person, the fourth, fixth, sixth? I'll say it again: Wise up! Well, list manager, are you there? Ain't this pure truth? And as Mark pointed out, can it be managed AUTOMATICALLY? Somebody out there, please? > I've been very patient over this, but I'm disgusted at your arrogant > promises of "dirty tricks" and "mail bombs" against those who simply > want to unsubscribe from the list! Oh no! Seeing a terrorist attack, we should seek a reason for that poor person to act this way, to justify his doings, and to change our behaviour, because obviously, a person with grievance isn't responsible, or liable for his actions - we are! Thus we shouldn't threaten a "mail-bomber" with response in kind, oh no! Give me my wish, or ye all will suffer the consequenses! > What phenomenal assholes you are!!! Sounds like you were looking at the mirror too much recently (:-). Uri. ------------ From uri at watson.ibm.com Fri Mar 12 10:03:07 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Fri, 12 Mar 93 10:03:07 PST Subject: Unacceptable slander by dclunie [FLAME] In-Reply-To: <9303120919.AA11896@netcom.netcom.com> Message-ID: <9303121801.AA18929@buoy.watson.ibm.com> #FLAME ON Michael Brennan writes: > Are you people blind to what you are doing? What fools!!! OK, so you ass*** tell me what I'm doing. And don't forget to explain, why am I subjected to all this crap about some ass***ish subscription, and why my mailbox should receive junk mail from some irresponsible participants? [Don't tell me, that I've joined the club - since I have a grievance with your silly rambling here, by your logic I'm not liable for this, you are...] Uri. ------------ From shipley at merde.dis.org Fri Mar 12 10:03:48 1993 From: shipley at merde.dis.org (Peter &) Date: Fri, 12 Mar 93 10:03:48 PST Subject: REMAIL: help with utter.dis.org In-Reply-To: <199303121439.AA16993@Menudo.UH.EDU> Message-ID: <9303121800.AA00711@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 1348 bytes Desc: not available URL: From lefty at apple.com Fri Mar 12 10:15:42 1993 From: lefty at apple.com (Lefty) Date: Fri, 12 Mar 93 10:15:42 PST Subject: UNSUBSCRIBE ME!!!!! Message-ID: <9303121814.AA28760@apple.com> >DAMN!!!!! UNSUBSCRIBE ME ALREADY!!!!! >GHABRECH at ULTRIX.RAMAPO.EDU >ghabrech at ultrix.ramapo.edu You know, if you went down to the local expressway and lay down along one of the broken white lines and worked on perfecting your impression of a median strip, your problems would soon stop bothering you. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From lefty at apple.com Fri Mar 12 10:29:49 1993 From: lefty at apple.com (Lefty) Date: Fri, 12 Mar 93 10:29:49 PST Subject: HABRECHT=EMAIL HARASSEMENT Message-ID: <9303121828.AA01892@apple.com> George "I don't give a shit who I inconvenience" Habrecht writes: >If, in a while, things get straightened up I may resubscribe but for now, I >don't have the time. I would hope that, if you _do_ ask to be added to the list in the future, the list admin would put you on the "Periodic BSD UNIX Kernal Binaries" list instead. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From tytso at Athena.MIT.EDU Fri Mar 12 10:39:17 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 12 Mar 93 10:39:17 PST Subject: Cypherpricks think they're cool [FLAME] In-Reply-To: <9303121756.AA17375@buoy.watson.ibm.com> Message-ID: <9303121837.AA00315@SOS> Date: Fri, 12 Mar 1993 12:56:02 -0500 From: uri at watson.ibm.com #FLAME ON [ Rest of flame deleted.] What I don't understand is, why are people complaining? We're just seeing people exercise their sacred right to free speech..... all over this mailing list. After all, isn't this what you were working towards? So now that this group is getting a taste of free speech, why do we see people sending mail to system administrators, asking that certain people be censured for sending messages to this mailing list? Not too long ago, people were saying that censuring people for their speech, even after the fact, was tantamount to censorship! It seems just a little hypocritical to me, given the strong and sprited defense of anonymous remailers just a week or two ago..... - Ted From tcmay at netcom.com Fri Mar 12 10:48:15 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Mar 93 10:48:15 PST Subject: An Appeal to Calm Message-ID: <9303121846.AA00432@netcom.netcom.com> Folks, Tempers have flared. Angry words have been sent out to the list. We've all been mail-bombed by an angry member of the list (who wants off--NOW!). I guess this is our first real flame war--now we're a real mailing list! But let's not let the current controversy confuse our very real mission, nor hide the progress we've seen so far (remailers, spread of PGP, experiments with digital cash, etc.). If we let the list self-destruct through a few unfortunate incidents, all hope is lost. * The "unsubscribe" problem will hopefully soon be fixed. Maybe an automatic handler (like "majordomo," someone suggested) can be installed. * Mailing lists like this one characteristically have wildy fluctuating traffic levels. No messages for a couple of days (leading to "Is the list broken?" queries) and then 50 messages in a single day (leading to "Enough already! I can't take the volume." messages). Remember, it is the list membership that is generating the volume, not the list management (such as it is). * Some have said the "cypherpricks" list is generating all noise and no signal. Many of us would disagree. Actual code is being written, deployed, and experimented with. One bunch is helping with PGP, another is writing and deploying remailer programs, another is pursuing steganography (hiding messages). Pretty impressive. Especially for a new mailing list. * And relatively little flaming is going on. The closest we've come to a real act of malice was the mail bombing of the list by a disgruntled member--I won't go into that further. * There are serious issues involving the uses and abuses of these various tools and capabilities. Anonymous postings carry obvious concerns. So does untraceable electronic mail, with the potential for extortion threats and even fully-secure markets for assassinations and other crimes. Some of these issues have been discussed on the list. No doubt some see these debates as "noise." Well, a mailing list cannot of course only cater to one particular set of needs. * If we don't discuss these kinds of issues on this list, who will? The FBI and NSA undoubtedly. So why not we the people? I hope things can calm down a bit. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From mbrennan at netcom.com Fri Mar 12 11:02:56 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Fri, 12 Mar 93 11:02:56 PST Subject: Unacceptable slander by dclunie [FLAME] In-Reply-To: <9303121801.AA18929@buoy.watson.ibm.com> Message-ID: <9303121901.AA02158@netcom.netcom.com> > Michael Brennan writes: > > Are you people blind to what you are doing? What fools!!! > > OK, so you ass*** tell me what I'm doing. You are flaming. Get a clue. >And don't > forget to explain, why am I subjected to all this > crap about some ass***ish subscription, and why > my mailbox should receive junk mail from some > irresponsible participants? You shouldn't have to receive junk mail from anyone. And neither should anyone else! Why are you so special that you shouldn't have to get junk mail but others should? If the cypherpunks list simply honored unsubscribe requests, then no one here would be getting unwanted junk mail. It's really that simple. My postings were intended as an appeal for sanity and responsibility on the part of the cypherpunks, but you seem intent on dragging this whole affair down to new depths. I have simply tried to call attention to the fact that there is a problem with cypherpunks-request and that unsubscribe requests are being ignored. For my own part, I've made several such requests over the course of about a month. Your arrogant, puerile rantings contribute nothing constructive to the situation. I am glad that other cypherpunks are not sinking to the petty-minded depths that Uri has chosen to sink to. (And to those that I may have insulted in a previous posting, I apologize, but I would hope that you now realize that promises of "retaliation" against those who just want to unsubscribe was innappropriate.) Let's please all try for some civility and sanity and just try to get the problem resolved! From mbrennan at netcom.com Fri Mar 12 11:10:03 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Fri, 12 Mar 93 11:10:03 PST Subject: UNSUBSCRIBE ME!!!!! In-Reply-To: <9303121814.AA28760@apple.com> Message-ID: <9303121908.AA03134@netcom.netcom.com> > > >DAMN!!!!! UNSUBSCRIBE ME ALREADY!!!!! > >GHABRECH at ULTRIX.RAMAPO.EDU > >ghabrech at ultrix.ramapo.edu > > You know, if you went down to the local expressway and lay down along one > of the broken white lines and worked on perfecting your impression of a > median strip, your problems would soon stop bothering you. > > -- > Lefty (lefty at apple.com) > C:.M:.C:., D:.O:.D:. Please explain to me, lefty, why you insist on flaming someone who simply wants to unsubscribe from the list. This is truly beyond comprehension. I had thought for a moment that the cypherpunks were rising above petty, arrogant slanders, but evidently I was wrong. Clearly uri and lefty wish to drag this whole affair down to new depths. And why? Just to prove to everyone that you can insert your head up your ass further than anyone can imagine? You are truly pathetic. From bmullane at ultrix.ramapo.edu Fri Mar 12 11:19:27 1993 From: bmullane at ultrix.ramapo.edu (James Bond-007) Date: Fri, 12 Mar 93 11:19:27 PST Subject: No Subject Message-ID: <9303121922.AA23237@ultrix.ramapo.edu> -----BEGIN PGP SIGNED MESSAGE----- Date: Fri, 12 Mar 1993 12:56:02 -0500 From: uri at watson.ibm.com #FLAME ON [ Rest of flame deleted.] What I don't understand is, why are people complaining? We're just seeing people exercise their sacred right to free speech..... all over this mailing list. After all, isn't this what you were working towards? So now that this group is getting a taste of free speech, why do we see people sending mail to system administrators, asking that certain people be censured for sending messages to this mailing list? Not too long ago, people were saying that censuring people for their speech, even after the fact, was tantamount to censorship! It seems just a little hypocritical to me, given the strong and sprited defense of anonymous remailers just a week or two ago..... - Ted Ted, don't you realize that people only believe in things as long as it is convinient(sp) or nonoffensive to them? Maybe the admins will yell at me for being on this list now that they got mail from the net.nazis concerning ghabrech's action. maybe they will find out what the file pgp is in my acct and force me to delete it... later, Brian -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK6DittvH71LYWYb3AQHzYAQAgzC5znnv0gsOO+NiUDN+hwHOVYOdvwhc 0yTkigSx/FaS1YuHy2Wntlh0NbLJ59n6ZyyVOHhiE0cWwksXsQ4jwfU0KulUa5cF nR06UDLqrhFtkRS2HcA99vPbXlbGFeVCV+02pVbc1NDSmvMTMpAvFrwlRQuQEfBW WFZrOl1NCfU= =2yTO -----END PGP SIGNATURE----- From mbrennan at netcom.com Fri Mar 12 11:19:52 1993 From: mbrennan at netcom.com (Michael Brennan) Date: Fri, 12 Mar 93 11:19:52 PST Subject: An Appeal to Calm In-Reply-To: <9303121846.AA00432@netcom.netcom.com> Message-ID: <9303121918.AA04403@netcom.netcom.com> > Folks, > > Tempers have flared. Angry words have been sent out to the list. We've all > been mail-bombed by an angry member of the list (who wants off--NOW!). [...] > I hope things can calm down a bit. > > -Tim May I would hope things would calm down a bit, as well. Sending a massive mail bomb to the list may have been innappropriate, but so is continuing to send unwanted mail to a user who has made repeated unsubscribe requests. Why are some of you insisting on waging a flame war?!! What do you intend to gain from such puerility? I am encouraged that at least some voices of reason are now emerging amidst all of this, and I would hope that the cypherpunks would try to understand the frustation of those who have their unsubscribe requests ignored and continue to receive unwanted mail. From lefty at apple.com Fri Mar 12 11:40:25 1993 From: lefty at apple.com (Lefty) Date: Fri, 12 Mar 93 11:40:25 PST Subject: [FLAME] (Was Re: UNSUBSCRIBE ME!!!!!) Message-ID: <9303121939.AA11758@apple.com> >Please explain to me, lefty, why you insist on flaming someone who simply >wants to unsubscribe from the list. Mr. Brennan, I wouldn't ever flame anyone who simply wanted to unsubscribe from this list. I _would_, however, certainly flame a fool with a room-temperature IQ who feels that the best way of dealing with his _own_ _personal_ problem unsubscribing from the list is to send 80,000 bytes of garbage to over two hundred people who couldn't do anything about his problem even if they wanted to. People who may, in fact, be paying good money to receive electronic mail and who didn't have any particular need for 3,600 copies of the words "Unsubscribe me!!!!" >This is truly beyond comprehension. Given the apparent level of your comprehension, I'm not in the least surprised. I imagine this sort of thing must happen to you frequently, say, whenever you're faced with a situation more complicated that deciding whether you want fries with your Big Mac. >I had thought for a moment that the cypherpunks were rising above petty, >>arrogant slanders, but evidently I was wrong. I suggest you look up the word "slander" in the dictionary. Get one of the big kids to help you with it, if necessary, and if you can find one who won't beat you up on sight. It doesn't mean what you apparently believe it does. >Clearly uri and lefty wish to drag this whole affair down to new depths. And >why? Just to prove to everyone that you can insert your head up your ass >>further than anyone can imagine? > >You are truly pathetic. Gosh, Mr. Brennan, those are pretty strong words for a fellow who cries "slander" at the apparent drop of a hat. If you keep this sort of thing up, you're liable to convince me that you're not only an idiot but a hypocrite as well. Somebody's got his head up his ass here, but I suspect it's not me, Chucko. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From i6t4 at jupiter.sun.csd.unb.ca Fri Mar 12 12:08:42 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Fri, 12 Mar 93 12:08:42 PST Subject: University Policies In-Reply-To: <0096959f.9201c152.25188@paris7.jussieu.fr> Message-ID: Well... This is available from our site via anonymous FTP... so I suppose there are no copyright problems by sending it to you... enjoy... OBTW, the title lines are my addition... and the file is normally printed (on the sheet they give you with your initial password) in small print, and so the file is formatted to about 132 columns... Univeristy of New Brunswick Computing Policies (UNB, Fredericton, New Brunswick, Canada) ---------------------------------------------- POLICIES 5. Improper use of Computing Services may result in withdrawal of access privileges or other The computing and communication systems at the penalties. The following (but not limited to University of New Brunswick are intended to be the following) may be considered improper: used in a manner that is supportive of the Univer- sity's objectives. All constituents of the � Frivolous use of any workstation, computer University are able to apply to use the univer- or network. sity's computing facilities. When that privilege � Inspection of data or functions which are is granted (e.g., when an account is issued), it neither allotted to the inspector, nor is granted with the understanding that the use of specified as public. the computing system will correspond to the � Inspection of data which have to do with purpose(s) stated in the request. utilization, authorization or security. � Modification of data which are not specif- At the University of New Brunswick Computing Ser- ically assigned to or created by the modi- vices Department, internal customers (students, fier. faculty and staff) are not personally billed for � Use of another's account. use but are held personally responsible for use � Interference with other persons accessing made of their accounts. Certain practices are the systems, networks or equipment. considered a misuse of university property. Exam- � Destruction of data or property which is ples of such misuse are the use of any part of the not owned by the destroyer. computing system for personal or corporate profit, � Attempting to gain access to another's re- or to provide free resources to unauthorized per- sources, programs, or data. sons. � Use of another's programs or data without their permission. The following policies govern the use of the � Sending obscene or vulgar messages. University of New Brunswick Computing Services � Abusive or destructive use of hardware or Department facilities: public software. � Use of the facilities for personal or 1. No person or persons shall use the facilities corporate gain without an external ac- of the University Computing Services Depart- count. Examples of such use include pro- ment without due authorization by Computing ducing invitations, posters, personal Services. correspondence, etc., and the sale of com- puter programs or results developed under 2. Every allocation of computing resources is an internal account. made on the understanding that it is to be used only for the purpose for which it was re- 6. Customers are expected to: quested and only by the person or persons by whom or on whose behalf the request was made. a. Be responsible for the use of their com- Use shall not be made of computing resources puter accounts. They should make appro- allocated to another person or group unless priate use of system provided security such use has been specifically authorized by features and take precautions against oth- Computing Services. ers obtaining access to their computing resources. 3. No person or persons shall by any wilful or deliberate act jeopardize the integrity of b. Refrain from engaging in deliberately computing equipment, networks, programs, or wasteful practices such as: other stored information. � unnecessary holding of workstations or 4. Persons authorized to use computing and commu- telecommunications lines; nication resources shall be expected to treat � producing unnecessarily large printer as privileged, any information not provided or listings; generated personally which may become avail- � performing unnecessary computations; able to them through their use of these re- � creating and retaining unnecessarily sources; they shall not copy, modify, large files; disseminate, or use any part of such infor- � unnecessary holding of peripheral mation without permission of the appropriate equipment. person or body. c. Utilize efficient and effective techniques for program execution. --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger On Thu, 11 Mar 1993 jb at paris7.jussieu.fr wrote: > Hi, > > Following the thread about some Universities policy about using > computing services I'd like to ask if you can send me YOUR > Uni policy about the above matter. I'd like to make somekindda > compilation of them and put it on our ftp server (smup7.jussieu.fr). > > Cheers, > jb From elee9sf at Menudo.UH.EDU Fri Mar 12 12:20:04 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Fri, 12 Mar 93 12:20:04 PST Subject: MISC: steganography & pics Message-ID: <199303122018.AA14921@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- Cypherpunks, I too have played around with graphics formats, specifically the TIFF format. It's a large and complicated format, but it does leave room for customization. I just mention this because I'm more familiar with TIFF than the GIF format. Skipping over 99% of the details: the TIFF format has a header (magic numbers and stuff), tags and corresponding information fields, and picture data - real terminology exists, like image file directories and so forth, but I'll skip that. The TIFF format allows you to specify quite a bit of info: information fields such as time of creation, author name, comments, host system; picture information such as rows, columns, whether the minimum value corresponds to black or white; color models: RGB, CMY, CMYK, greyscale; compression model: none, LZW, JPEG; alpha values, and many other fields. Finally, the picture data is stored, non-sequentially if desired (that is, row 1, then row 137, the row 54, etc.) TIFF is extendible by simply defining new tags. Because the TIFF format is so all encompassing, few software packages can read and write the entire thing - that is, valid TIFFs may be created that may not be recognized by other software. Sam Lieffler (sp?) at sgi has written a comprehensive TIFF manipulation package available via anonymous ftp which helps to overcome this problem. Anyway, for steganography purposes, we wouldn't want to define a "crypto" tag obviously! Maybe we could adapt one of the other fields, like host computer or whatever, so that the signal that a TIFFs contains hidden information is that one of the fields has a certain value, to be arranged in advance or whatever. A 256x256 image contains 65536 pixels, each of which could contribute 1 bit to a message, which comes to 8192 bytes (say each pixel is 8 bit and not 24 or something fancy like that), more than enough for a message. This sounds like fun - I imagine in a few weeks there will be a message to the list to retrieve the recently posted image from alt.binaries.pictures.misc and read the hidden message! /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK6DvpoOA7OpLWtYzAQG1PgP/bI+s4p6kcMkHcv2iR+iJJV9TK32zicos fNOqufuPZvWepfxbEqhsY70RBQAZjuqEhKcjP54yFr7wuDbroFhbfIBMQQLn1znj v5dcaM7GrykNMhR9andfskRG6k72dxlmyBhQRcR3pbhwpPZLdw141yS4VPzHnez7 VgQ9Z+Gsb9s= =qGIH -----END PGP SIGNATURE----- From lefty at apple.com Fri Mar 12 13:01:33 1993 From: lefty at apple.com (Lefty) Date: Fri, 12 Mar 93 13:01:33 PST Subject: Returned mail: User unknown Message-ID: <9303122100.AA23230@apple.com> Apparently, Mr. Habrecht's problems have been solved. > ----- Transcript of session follows ----- >>>> RCPT To: ><<< 550 ... Addressee unknown >550 ... User unknown -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From Marc.Ringuette at GS80.SP.CS.CMU.EDU Fri Mar 12 13:05:54 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Fri, 12 Mar 93 13:05:54 PST Subject: Cypherpunks know they're cool Message-ID: <9303122105.AA06413@toad.com> Ted Ts'o writes, > What I don't understand is, why are people complaining? We're just > seeing people exercise their sacred right to free speech..... all over > this mailing list. After all, isn't this what you were working towards? Heh. I agree with Ted. Try taking the same advice we'd give someone who received a offensive anonymous note: quit your bitching & moaning, you losers! Yeah, yeah, I know, volume attacks are of a different kind than offensive content. But my own belief is, if our software is broken, we shouldn't blame the doofus who comes along and tickles it. If we end up having a problem of volume harrassment, we should expect to have to PROTECT OURSELVES with some half decent mailing list software. For instance, something that accepts mail only from subscribers or that shunts large messages (or excessive number of messages from a single person) to the moderator for review. The fact that we have stupid software is our own fault. To me, this has the same feel to it as the current flap about anonymous newsgroup postings. The right answer, in my opinion, is to use news distribution software which can filter out anonymous postings (and, in order to enable that, and prior to the availability of "real person" cryptographic certificates, to ask that all remailers provide a special header line). What these solutions have in common is that we ask people to protect themselves, rather than requiring everyone else to adhere to their notions of good behavior. Which brings to mind the potential problem that 99% of everybody may choose to participate exclusively in "real person only" groups. Any hints at a solution to that one? How about if we try to convince people to participate in "pay as you go" groups using digital postage? That would solve many of the problems, in a way that is less offensive to the freedom-loving among us. -- Marc Ringuette (mnr at cs.cmu.edu) From bill at anubis.network.com Fri Mar 12 15:19:35 1993 From: bill at anubis.network.com (Bill O'Hanlon) Date: Fri, 12 Mar 93 15:19:35 PST Subject: Unacceptable slander by dclunie [FLAME] Message-ID: <9303122317.AA11464@anubis.network.com> -----BEGIN PGP SIGNED MESSAGE----- [ a bunch of bickering deleted concerning who was wrong to have lost their temper first. ] Folks, this is the cypherpunks list. I have three observations to make. 1. Joining it is voluntary. 2. It generates a tremendous amount of traffic. 3. Many people on it can write filters and such. It's a technical list. Why do I mention three obvious points? Here's my personal situation. I suspect it is similar to many here. I read many mail lists. The traffic on them is large, and the unsubscribe messages are numerous. Being a pro-code kind of person, rather than complain frequently about people being stupid with unsubscribe requests, I filtered 'em. So, I've never seen the unsubscribe requests. Anything with unsubscribe in the subject gets filtered. I've never seen any of you complain about a problem with the list. Suddenly, some genius craps in my mail file. My problem was with said genius, so I replied to him. End of problem, right? Wrong. Someone with a chip on his shoulder makes a federal case about it and starts name calling. It's really ironic that Tim May gets blasted as a petty vandal for mailing George back a third of George's post. I'm not in any position to be able to help with a problem with the subscription list. When it comes down to a choice between writing a quick filter to make sure I don't see mail that irritates me or complaining, I write a filter. When it comes down to passively accepting "punishment" from someone who voluntarily joined the list, wants to quit the list due to traffic, and then hypocritically worsens the situation by doubling the traffic for a day singlehandedly, I refuse. If this list was for beginning computer users and children, I'd be much more patient. I didn't want George's mail, so I gave it back to him. - -- Bill O'Hanlon Network Systems Corporation bill at network.com -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK6EZ+uUL0gzXlqP9AQGZYAP9G9f/WukRsNPZG4F5MrlVB+gUINW0L2pJ qbYgvbIOReNXckNrDtm/soToE+tMVcRbj3r0fv3VW14fveQssIJE02fpiTxJ/LAZ +pIuOEzYV/tUubm5F5ZeunAt5tnsfCofvqisWVan4tJr8mpL4sx+0z9dTM6xsZcb mLSkZPrDImk= =hpCC -----END PGP SIGNATURE----- From pmetzger at snark.shearson.com Fri Mar 12 15:30:45 1993 From: pmetzger at snark.shearson.com (Perry E. Metzger) Date: Fri, 12 Mar 93 15:30:45 PST Subject: CYPHERPUNKS=EMAIL HARASSEMENT? Message-ID: <9303121900.AA17618@snark.shearson.com> > From: mbrennan at netcom.com (Michael Brennan) > > You are very wrong! As a matter of fact, I have sent unsubscribe requests > to cypherpunks-request and those requests have been ignored! That's why I > sent this last message of mine to the whole list. I'd be willing to bet > that the individual who sent the 3K file had also attempted initially to > send his request to cypherpunks-request and had his request ignored. In > fact, it's quite possible that MANY of the people who have sent their > "unsubscribe" requests to the whole list have done so because initial > requests sent to cypherpunks-request were ignored! > > Brushing this matter aside as a non-issue and pretending there is no > problem will not make the problem go away! UNSUBSCRIBE REQUESTS SENT TO > CYPHERPUNKS-REQUEST ARE BEING IGNORED!!! You are a whining child, Mr. Brennan. How long have these messages been ignored? Months? Years? I suspect a matter of days. Well, I'm sorry to tell you this, but you aren't paying anyone to maintain this list, and people don't do it full time. Its not a job. Prehaps the moderator went on vacation. Prehaps he has no time for a week. Have you actually waited a reasonable amount of time, which I would define as no less than a week and likely no less than two? I've run mailing lists. Its lots of long and hard work, and sometimes you go on vacation, and when you do lots of whining fools start getting pissed off that you aren't a robot that provides them with instant gratification. Sorry, but no one owes you instant service. You didn't pay for a subscription you know. This is a volunteer effort, and that means that you accept whenever you sign on to any mailing list the possibility that, horror of horrors, people might not process your requests every fifteen minutes. It would not be anything like a big deal to delete the mail for a few more days. Instead, you involve all of us in something that we cannot change. What makes you think that if the moderator is not reading the -request alias that he will read the list itself? In conclusion, get a grip. When the guy behind the counter at the 7-11 is a little slow, do you just take the food you bought without paying? No? Then what in hell are you doing posting obnoxious mail to hundreds of people when you know very well it violates all network custom? Perry Metzger From pmetzger at snark.shearson.com Fri Mar 12 15:42:54 1993 From: pmetzger at snark.shearson.com (Perry E. Metzger) Date: Fri, 12 Mar 93 15:42:54 PST Subject: UNSUBSCRIBE ME!!!!! Message-ID: <9303122126.AA17863@snark.shearson.com> > From: mbrennan at netcom.com (Michael Brennan) > > > > > >DAMN!!!!! UNSUBSCRIBE ME ALREADY!!!!! > > >GHABRECH at ULTRIX.RAMAPO.EDU > > >ghabrech at ultrix.ramapo.edu > > > > You know, if you went down to the local expressway and lay down along one > > of the broken white lines and worked on perfecting your impression of a > > median strip, your problems would soon stop bothering you. > > > > -- > > Lefty (lefty at apple.com) > > Please explain to me, lefty, why you insist on flaming someone who simply > wants to unsubscribe from the list. Because, you pathetic asshole, he didn't just want to subscribe to the list; he sent out a goddamn 80k garbage message to everyone. That you cannot see the difference between these two demonstrates a substantial deficit in your capacity for mentation. Perry From deltorto at aol.com Fri Mar 12 16:10:51 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Fri, 12 Mar 93 16:10:51 PST Subject: FWEE! premature testing Message-ID: <9303121624.tn02614@aol.com> Dewds, Just a thought on Tim May's anonymous baptism by Stealth-fire of the WB! project: Tim: though I appreciate your enthusiasm, could you *please* wait until there is something in place to actually _test_ before you test it? I know you really wanted to post that nifty F-117A thing you OCR'd _somewhere_ but that was not particularly helpful. It's not like I'm unaware of this issue. Remember, we're still in Phase One (design & data collection) now. Help with the design and data collection before you go off on your own and try to show where the holes are or have some fun with it. Later on, you can be very helpful if you want to play the Devil's Online Advocate. [Also, could you please spell my name correctly for the NSA's records? It's David Del Torto (not Deltorto). I promise not to spell your name "TiM aye" so they can come and get you too.] Someone suggested a set of WB guidelines should be posted. I began this process, and will continue next week after CFP. I ask your patience while I educate myself. CFP News: I had a *very* interesting/enlightening discussion with Nicholas Johnson, the former head of the FCC (under Johnson) last night about the WB! project - he loves the idea and is willing to help out "somehow." Also, Ralph Nader's organization is interested in what we're up to. Jim Settle (FBI Computer Crime Squad) is also surprisingly supportive of the idea. Also, believe it or not, a fellow from the CIA likes the idea and posits that, if done "correctly," the system can 'perhaps be somewhat protected' from posting by pranksters/attackers with bogus revelations - it might require someone to preview postings (I would like to DE-nominate myself and suggest that MAYBE a small review group be set up - let's discuss this, tell me what you think is a good idea). I believe that the implementation of a simple WB Key system can assist in this as well (refer to an earlier posting of mine). Of course, this would require widespread dissemination of encryption software for anyone needing that option. Dorothy Denning is there: does anyone have a question for her? A statement? I can post her email address after tonight if y'all like. More Later, Gotta Run... dave (Del Torto) From tytso at Athena.MIT.EDU Fri Mar 12 18:01:22 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 12 Mar 93 18:01:22 PST Subject: Cypherpunks know they're cool In-Reply-To: <9303122105.AA06413@toad.com> Message-ID: <9303130159.AA01968@SOS> Date: Fri, 12 Mar 1993 15:07-EST From: Marc.Ringuette at GS80.SP.CS.CMU.EDU What these solutions have in common is that we ask people to protect themselves, rather than requiring everyone else to adhere to their notions of good behavior. Hmm..... how is this alike, and how is this different, from a hardliner NRA saying, "We should ask people to protect themselves by wearing bulletproof vests, instead of trying to ban guns"? Which brings to mind the potential problem that 99% of everybody may choose to participate exclusively in "real person only" groups. Any hints at a solution to that one? How about if we try to convince people to participate in "pay as you go" groups using digital postage? That would solve many of the problems, in a way that is less offensive to the freedom-loving among us. Carrying the above metaphor further, is it really a problem if 99% of everybody chooses to live in firefight-free zones, so that they don't have to wear bullet-proof vests? And is saying that, "O.K, we'll make people pay for bullets" really going to help? It just restricts the people who can fire bullets (or write large amounts of anonymous postings) to those who have lots o' cash. As long as we are really being freedom-loving, there's nothing we can do (or should _want_ to do) to get people to attend groups that allow anonymous posters, if they only want to travel in "real person only" circles. If they've made a choice not to want to read anonymous postings (perhaps by installing a filter which deletes all anonymous postings unread), how is this a "problem"? - Ted From Marc.Ringuette at GS80.SP.CS.CMU.EDU Fri Mar 12 18:24:54 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Fri, 12 Mar 93 18:24:54 PST Subject: Cypherpunks know they're cool Message-ID: <9303130224.AA15122@toad.com> > Hmm..... how is this alike, and how is this different, from a hardliner > NRA saying, "We should ask people to protect themselves by wearing > bulletproof vests, instead of trying to ban guns"? Ted, please don't be a bonehead on purpose. I bet you can see the difference between some bits coming down a wire and a bullet coming at you at 1000 feet per second. It has to do with the level of threat and the feasibility of protecting yourself. > As long as we are really being freedom-loving, there's nothing we can do > (or should _want_ to do) to get people to attend groups that allow > anonymous posters, if they only want to travel in "real person only" > circles. Not true at all! Just because I like freedom doesn't mean I shouldn't try to convince people to act in a way that is more freedom-loving. -- Marc Ringuette (mnr at cs.cmu.edu) From mimir at u.washington.edu Fri Mar 12 18:50:24 1993 From: mimir at u.washington.edu (Al Billings) Date: Fri, 12 Mar 93 18:50:24 PST Subject: An Appeal to Calm In-Reply-To: <9303121918.AA04403@netcom.netcom.com> Message-ID: On Fri, 12 Mar 1993, Michael Brennan wrote: > > Folks, > > > > Tempers have flared. Angry words have been sent out to the list. We've all > > been mail-bombed by an angry member of the list (who wants off--NOW!). > > [...] > > > I hope things can calm down a bit. > > > > -Tim May > > I would hope things would calm down a bit, as well. Sending a massive mail bomb > to the list may have been innappropriate, but so is continuing to send unwanted > mail to a user who has made repeated unsubscribe requests. Why are some of you > insisting on waging a flame war?!! What do you intend to gain from such > puerility? > > I am encouraged that at least some voices of reason are now emerging amidst all > of this, and I would hope that the cypherpunks would try to understand the > frustation of those who have their unsubscribe requests ignored and continue > to receive unwanted mail. You are a fucking prick. There is nothing ANY of us can do to get you off the list. IF you want off, you'll have to wait. Meanwhile, why don't you quit posting to the list since you want off so fucking bad? From ebrandt at jarthur.Claremont.EDU Fri Mar 12 21:06:58 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 12 Mar 93 21:06:58 PST Subject: HIDE: embedding msgs into snd & graphics In-Reply-To: <9303120852.AA03893@sting.Berkeley.EDU> Message-ID: <9303130506.AA18442@toad.com> > And once you try to hide data in a lossy encoding scheme, you run > into a lot (though not all) of the problems you have with colormaps. I think it's even worse... with unlossy compression, you can frob the uncompressed bits and just lose compression. With lossy, you can't do that, because your message will be smeared away. And frobbing the compressed stream will produce ghastly artifacts. But not all images will be lossily compressed. I find that JPEG, for example, usually introduces too much gunk to be useful. Certainly, sending an LZW TIFF should be above suspicion for quite some time. > It would be a lot easier to hide data in an image if one had a control-image > (the original) as well as the altered-image (the one holding the message), > but this defeats half the niftiness of trying to do things this way. Yeah, this is just a cheesy OTP. Not much point, really. I've been thinking about the GIF case; the "optimize for colormap cyclic continuity" technique looks like it will produce better images than the "crunch to 128 colors". Since I have to write some annealing code for a neural-net trainer, maybe I'll repackage it for colormap optimization and see what the results look like. If you wanted minimum visible crud, you could start with a true-color pic, find the colormap, order it, and dither down -- rather than adding white noise to pre-existing dithering. You know, I think I've been taking the graphics-weenie approach to this. Who cares how the image looks? Who cares if it's even an image? Just take your damned PGP file, ^=0xff it, and rename it "hotbabe.gif". uuencode and mail. The NSA is not going to be viewing every picture you send, I hope. This fails on "plausible deniability", I guess. > -J. Eli ebrandt at jarthur.claremont.edu From sommerfeld at orchard.medford.ma.us Fri Mar 12 21:33:18 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Fri, 12 Mar 93 21:33:18 PST Subject: CYPHER: Plain encypher In-Reply-To: <23031112170179@vms2.macc.wisc.edu> Message-ID: <9303130448.AA00298@orchard.medford.ma.us> For a good time, read the sections from "The Codebreakers" regarding what kind of lengths war-time censors went through to foil steganography. In this day & age, rearranging the spacing of messages "just for the heck of it" would be a rather obvious equivalent to what they did back then (BITNET does things like this today just out of sheer perversity). So would scrambling the low-order bits of a sound file. - Bill From tytso at Athena.MIT.EDU Fri Mar 12 22:13:25 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 12 Mar 93 22:13:25 PST Subject: Cypherpunks know they're cool In-Reply-To: <9303130224.AA15122@toad.com> Message-ID: <9303130612.AA07820@SOS> Date: Fri, 12 Mar 1993 21:18-EST From: Marc.Ringuette at GS80.SP.CS.CMU.EDU > Hmm..... how is this alike, and how is this different, from a hardliner > NRA saying, "We should ask people to protect themselves by wearing > bulletproof vests, instead of trying to ban guns"? Ted, please don't be a bonehead on purpose. I bet you can see the difference between some bits coming down a wire and a bullet coming at you at 1000 feet per second. It has to do with the level of threat and the feasibility of protecting yourself. I'm not being a bonehead; this is a serious question! I was drawing an analogy; of course bits and bullets are different! What is the same is the philosophy of "the initiator can do know wrong"; i"it's always the receivers' problems." I am merely pointing out that your philosophy of: >What these solutions have in common is that we ask people to protect >themselves, rather than requiring everyone else to adhere to their >notions of good behavior. is dangerously close, if not identical to "if the victim gets hurts it his/her fault (for not protecting him/her-self)". This logic obviously does not work for rape; whether or not someone protects herself, there are standards of conduct which say that rape is still a bad thing. The question is whether or not there are similar standards of conduct for cyberspace --- "community standards" or not. - Ted From 74076.1041 at CompuServe.COM Fri Mar 12 22:56:34 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Fri, 12 Mar 93 22:56:34 PST Subject: HIDE: embeddin msgs into snd & graphics Message-ID: <930313065252_74076.1041_DHJ21-2@CompuServe.COM> The considerations that Eli mentioned make it clear that embedding data in the low bits of an image is not as trivial as it sounds, with commonly-used image formats. In the case of GIF, Eli points out that you may have a 256 entry color table, with each pixel indexing into that table. Flipping the low bit of a pixel may lead to a completely different color. What you could do is to renumber the color table so that, to the extent possible, every even-numbered color has some odd-numbered color that is similar (close in color space), and vice versa. Then rather than just altering the low-order bit of each pixel, you'd change the color of that pixel to be the nearest color of opposite even-odd-ness. For the decode step, though, you could still just check the low-order bit of the (uncompressed) image. That renumbering step sounds like the tricky part. I think Eli is right, too, that lossy compression is pretty much out of the question for this application. It would be too easy to lose the message that is encoded in the low-order bits. Images that would be good candidates for this would be natural, scanned-in pictures. Hand-drawn artworks and most computer-generated images would not have enough natural randomness to allow the message to be slipped in unnoticeably. Fortunately, nudes would fall into the useful category, and they make up a large fraction of the images people exchange. Hal 74076.1041 at compuserve.com From pfarrell at cs.gmu.edu Mon Mar 15 18:27:10 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Mon, 15 Mar 93 18:27:10 PST Subject: alternate US site for pgp22 Message-ID: <51920.pfarrell@cs.gmu.edu> Hi, Can someone point me to another US FTP site with PGP22. I've downloaded it a couple of times from soda.berkeley.edu, and can't get it unzipped. I've tried all known combinarions of binary, non-binary, etc. The file, once it reaches my PC is 209409 but pkunzip 204g says it is broken. If I use pkzipfix, I can get some of the files, docs, keyserver, etc. but it always fails with a CRC error on or after exploding LANGUAGE.TXT One piece of tech info: I have to FTP to a SUN server, and then use Kermit to bring the file to my PC. This has worked many times for many other files, but there could be some user error in here. Thanks Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA PGP Public key availble via finger #include From Seth.Morris at lambada.oit.unc.edu Mon Mar 15 18:27:18 1993 From: Seth.Morris at lambada.oit.unc.edu (Seth Morris) Date: Mon, 15 Mar 93 18:27:18 PST Subject: HIDE (Fnord): Targa-24/YUV/D-xxx and headers Message-ID: <9303132047.AA05640@lambada.oit.unc.edu> W.r.t. the steganography issue and image files (although I think sound files are probably more useful), Targa-24 images are RGB bytes (triples for each pixel, bottom-left to top-right), and seem appropriate for hiding a msg. They are also widely supported for conversion and function as a nice "device independant" image format (The Stone Soup Group's PicLab does a good job on them, IMHO). Does anyone know anything about YUV format? Also, DYUV or some other delta compressed format seems good. If a pixel changes by one more or one less than it "should" the image simply looks like a mediocre scan. Hmmm..... FLI is a delta format... is it appropriate? So... can someone whip up a utility to strip the PGP header and then perfoem some simple filtering (^= with some magic numbers, perhaps, or with some function of the preceeding bytes? Can this eventually help recover a better image, if that could ever be important? I don't think so) and tack on a valid Targa or other header (or correct any headers on images we've slid into). I just started a new job and am swamped, or I'd have written first and posted later ;-) . Seth morris From upham at cs.ubc.ca Mon Mar 15 18:27:23 1993 From: upham at cs.ubc.ca (Derek Upham) Date: Mon, 15 Mar 93 18:27:23 PST Subject: HIDE: embeddin msgs into snd & graphics Message-ID: <199303140130.AA08704@grolsch.cs.ubc.ca> > I think Eli is right, too, that lossy compression is pretty much out of the > question for this application. It would be too easy to lose the message > that is encoded in the low-order bits. Uh, unless the JPEG FAQ sheet has seriously mislead me, lossy compression would be excellent for this sort of steganography. In the standard JPEG encoding procedure, an image is broken into square blocks of pixels, eight per side. These blocks are run through a 2-D discrete cosine transform, producing a set of cosine waves that are equivalent to the original blocks (within small errors). If the original image was smooth (a natural image, for example), the low- frequency waves will contain all the information necessary for reproducing the block; the high-frequency waves will contain nothing but faint noise. So the JPEG encoder _dumps_ the high-frequency cosine waves. That's how the format gets a lot of its compression. This is where steganography comes in. Take these empty wave slots and stick your data in them. For example, if the wave magnitudes are stored as four-byte integers, store one byte of data in the lowest- order byte in the slot (or go down to four, two, or even one bit per integer, if necessary; floating-point would be wonderful, here). As long as the hidden data representation looks like very tiny values to the JPEG decoder, the data should be completely unnoticeable on display---but the steganographic decoder will know where to look for it and what to do with it. Anyone have honest-to-god practical experience with JPEG/JFIF to assess the feasibility of this technique? Derek Derek Lynn Upham University of British Columbia upham at cs.ubc.ca Computer Science Department ============================================================================= "Ha! Your Leaping Tiger Kung Fu is no match for my Frightened Piglet Style!" From digex at access Mon Mar 15 18:27:29 1993 From: digex at access (Doug Humphrey) Date: Mon, 15 Mar 93 18:27:29 PST Subject: [detecting interesting lines to look at] Message-ID: <199303140418.AA28175@access> > And don't tell me they can > build computers that can distinguish between a PGP file transmission > and some > hormone crazed 15 year old dork downloading the latest GIF of Cindy Crawford > or a ZIPed ware. I've looked at hexdumps of GIFs and ZIPs and for all > practical purposes they look about as random as PGP data. If the NSA > can build a parellel computer that scans all the trunks in the U.S. > simultaneously AND can tell the difference between PGP streams and ZIP/GIF > file data streams, then I just might as well go and shoot myself right > now. > >Er.... you might want to get your gun out..... the middle of hexdumps of >GIF's and ZIP's and PGP files may look the same, but the file headers >are quite distinguishing. If you want to hide encrypted data, each >person needs to find their own way of doing it ---- if everyone hides it >in the low bits of a GIF file, it would be very simple for the NSA to >scan GIF files to see if the low bits looked like the header of a PGP >file..... To some extent, this discussion is ignoring the importance of "context". Yes, if you have to do detailed searches of the data traveling down a million lines, you are likely to fail. That is why you don't do it. What you DO is look for things that look out of the ordinary, things that alone would look fine, but within a given context would look wrong, and then search those exception cases in more detail. Example, someone comes up with a way that voice looks just like fax from the data spectrum standpoint. Great, no way that anyone can scan the line and figure out, in the few seconds that they are scanning, that what they are seeing is really voice. So, you attack it by looking at connection records, and looking for what looks like fax machines from the data standpoint, but seems to have a usage record (times of day, duration of calls, time between retrys, etc) of telephones. Remember, even though the technology has changed, the end users of it have not, and the end users are the ones that you are looking for, the ones who are setting up the usage records. So, they now have a catagory of "fax machines that behave like fax machines" and "fax machines that behave like phones". Wonder which ones they will use the Special Equipment on, eh? Same goes for PGP vs. GIFS. The guy moving 4k long GIFS is the guy moving the PGP stuff that looks like GIFS. It doesn't nail all of the possible uses, but this is all a game of the odds anyway, and in the long run the usage patterns, the more meta data, can give people good clues to work with. From mimir at u.washington.edu Mon Mar 15 18:27:34 1993 From: mimir at u.washington.edu (Al Billings) Date: Mon, 15 Mar 93 18:27:34 PST Subject: warning to "sci" anonymous posters Message-ID: <9303140519.AA07710@stein.u.washington.edu> This is another message on the Cancel Message Generator issue in news.admin.policy. In article Richard Depew As I promised yesterday, I emailed each recent anonomous poster >in the "sci" hierarchy a note explaining what may happen this >weekend. > >Dick >=-=-=-=-=-=-=-=-= >Dear anonymous poster, > > You may not be aware of the discussion in news.admin.policy >concerning the propriety of posting anonymously to newsgroups which >have not invited such postings. As someone who has posted anonymously >to the "sci" hierarchy recently, you should read it. > > I am writing to inform you that if Julf, admin at anon.penet.fi, >does not soon block anonymous postings to the "sci" hierarchy, then >I will activate an "Automated Retroactive Minimal Moderation" script >that will cancel postings to this hierarchy from his server. This is >intended to restore the pre-Julf status quo, at least temporarily, >over the weekend. > > Rest assured that there is nothing personal in this. I have not >read your postings, and I have no reason to believe that they were out >of line in any way other than being anonymous. I have nothing against >anonymous postings to groups that have decided to accept such >postings, nor do I object to any newsgroup deciding to do this. I >*do* object to Julf's permitting his server to post to newsgroups >without any effort to determine whether the readers of those newsgroups >want to permit anonymous postings. > > You have several possible courses of action if you wish to post >to the "sci" hierarchy while the "Automated Retroactive Minimal >Moderation" is in effect: > >*1 convince Julf to accept the "Petersen Proposal" for default > settings for different hierarchies. I promise to turn off the > ARMM script as soon as I hear that he will do this (or anything > reasonably responsive). > >*2 convince the readers of the newsgroup to which you want to post > that anonymous postings should be accepted in that newsgroup. > I can think of several valid reasons that may prompt such a desire, > but the decision should be made by the readers of the newsgroup, not > imposed by a single person such as Julf, or me. I promise to > abide by whatever decision the newsgroup makes. This does not > need to be a formal vote. A straw vote with a clear majority will > suffice. > >*3 have a friend post for you, use a different anonymous server, > or, if all else fails, post under your own name. People used to > do this, you know. :-) > > If none of these suit you, then simply be patient, and wait until >Monday. I intend to run ARMM, if I run it at all, for less than 48 >hours... this time. This is merely intended to be a demonstration >that an effective enforcement mechanism for blocking postings from a >particular site can work. > > I apologize in advance for any inconvenience this may cause you. >My argument is with Julf and is about the default setting for entire >hierarchies; it is not with you or your particular postings. > >Sincerely, >Dick Depew >=-=-=-=-=-=-=-=-= >-- >Richard E. Depew, Munroe Falls, OH red at redpoll.neoucom.edu >"Leap years are a pain; the earth should be stabilised." - Geoff Collyer > and Mark Moraes in getabsdate.3 From mimir at u.washington.edu Mon Mar 15 18:27:38 1993 From: mimir at u.washington.edu (Al Billings) Date: Mon, 15 Mar 93 18:27:38 PST Subject: Threat of restoring the status quo In-Reply-To: Message-ID: <9303140515.AA07333@stein.u.washington.edu> Forwarded from news.admin.policy where this individual is threatning to set up a cancel message generating script to kill all posts from Julf's Anon Service. In article Richard Depew Hi David, > > I hope you don't mind my changing the title of this thread... I >didn't care for the one you were using: >Re: Threat of mass cancellings was Re: Anonymity is NOT the issue > > Tisk, tisk... you make it sound as if masses of postings are >threatened. Have you *looked* for anonymous postings in the "sci" >hierarchy? There are really very few. Only two, for Friday: ><1993Mar12.010241.2849 at fuug.fi> ><1993Mar12.061727.9451 at fuug.fi> > > The best time to put out a fire is while it is still small. :-) > >In article <1nq1f2INNfed at flash.pax.tpa.com.au> dclunie at pax.tpa.com.au writes: >[...] > >>I presume that cancel messages can be cancelled ... though I haven't >>experimented with this yet, but it looks like I might have to. In fact I >>think I will probably just turn off response to cancel messages totally if >>you go ahead with this scheme, and I encourage other news administrators >>to do the same ... they were a bad kludge in the first place and still are. >>It seems to me they are rarely used for other than controversial purposes >>like you are proposing (I don't like other people's postings so I won't let >>anyone else read them). > > That (disabling cancel messages) would be unfortunate. They have >many legitimate uses. Cancelling inappropriate postings is one of >these legitimate uses. Controversial, sure, but my reason for >activating the Automated Retroactive Minimal Moderation script, if >Julf remains unwilling to accept any compromise, is simply to >demonstrate that the status quo with regards to anonymous postings from >a particular site *can* be effectively enforced. As I have said many >times before, I do *not* object to anonymous postings in newsgroups >that invite them. However, I think it *is* important to demonstrate >that USENET *does* have a defense against a self-styled cyberpunk >who refuses to cooperate with the rest of the net. Whether USENET can >find the *will* to oppose him remains an open question. I simply >intend a brief demonstration of one defense mechanism. > >>I really think you are getting carried away with a non-issue here, and >>inflamming the situation is going to make you extremely unpopular, and >>undoubtedly start a "cancelling war" at the very least. > > The issue of an irresponsible system administrator trying to >impose his anonymous server on readers of thousands of newsgroups is >not a trivial one. My proposal to restore the status quo in a >hierarchy that has protested anonymous postings may not make me >popular with anonymous posters, but I haven't seen a single message >claiming that any sci newsgroup has invited anonymous postings. If >there is to be a "cancelling war", it will be very brief. If I >activate the ARMM script, it will only be for the weekend. > >>No-one has appointed you as the moderator of all the non-alt groups >>retrospectively or otherwise, and no-one is likely to appoint anyone else >>in such a position either. > > You are right, no one has appointed me to the post of >minimal-moderator. It is a volunteer position with, I assure you, >miserable fringe benefits. I will gladly relinquish the position when >the opportunity arises. :-) > >[...] >>> There shouldn't be much controversy over this, but there will be >>> anyhow. :-) >> >>There should be and there will be ... you are way out of line here Richard, >>regardless of how many smileys you tack on the end of your message. > > No. It is Julf who is way out of line here... and has been for >four months, now. He has finally met someone who has gotten fed up >with his silly game, and is willing to call his bluff. > >>I hope you are prepared to take responsibility for what is going to happen >>to your institution's news and mail servers if you go ahead with this plan. > > I hope you didn't mean that the way it reads... as a threat. I >thought you were more responsible than that. Perhaps I am wrong. You >*have* been one of Julf's strongest supporters in this newsgroup, >urging him to ignore the advice of the experienced news administrators >in this group. To date, this has been an argument between, if not >friends, then at least respected opponents. Most of us have the best >interests of the net in mind, agree that anonymous postings have their >place, and agree that cooperative anarchy is a wonderful experiment. >You may not like my "Automated Retroactive Minimal Moderation" script, >but you must at least admit that it is simply an automated version of >moderation - a well-accepted practice in newsgroups that want to keep >an acceptable signal/noise ratio. You may protest that I have >bypassed the usual mechanisms for establishing moderation, and you >would be right. I have brused some USENET traditions while trying to >protect others. However, threats against the integrity of internet >sites are a far more serious matter. I sent a long note to the >system administrators of my feed site, explaining my proposal and >pointing out some of the threats that might affect them. We then >had a long talk. They were, as you might expect, less than thrilled >at my rash proposal, which received a decidedly mixed reception. They >were even less thrilled at the prospect of being the recipient of >denial-of service attacks. They will take any such attacks seriously, >indeed. > >[...] >>I am sure you don't want to become Usenet's next "J Palmer" in terms of >>reputation. (This is reference is becoming a bit like the "who is John Galt ?") > > Glad to see you haven't lost your sense of humor. :-) > >Regards, >Dick >-- >Richard E. Depew, Munroe Falls, OH red at redpoll.neoucom.edu >"Leap years are a pain; the earth should be stabilised." - Geoff Collyer > and Mark Moraes in getabsdate.3 From Marc.Ringuette at GS80.SP.CS.CMU.EDU Mon Mar 15 18:27:43 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Mon, 15 Mar 93 18:27:43 PST Subject: Community standards for email anonymity Message-ID: <9303141011.AA05636@cygnus.com> Good point, Ted, what we're after is some "community standards" for cyberspace, and what I'm suggesting is the fairly libertarian standard that goes like this: Prefer technological solutions and self-protection solutions over rule-making, where they are feasible. This is based on the notion that the more rules there are, the more people will call for the "net police" to enforce them. If we can encourage community standards which emphasize a prudent level of self-protection, then we'll be able to make do with fewer rules and a less intrusive level of policing. Some more specific versions of this: Self-protection Protection via rules --------------- -------------------- "Don't read the newsgroup Forbid all newsgroups which a if it offends you" reasonable person would find offensive. Allow anonymous posting Use software to Forbid all in all newsgroups; use allow anonymity in anonymous posting. information filters. some groups only. Handle volume bombs by Track down volume bombs using digital postage and and disconnect the offender. information filters. Trace harrassing notes to Tell people to just ignore or filter the source. out harrassing material. I guess it's a matter of preference. I wonder if it's asking too much to achieve general agreement among us cypherpunks? -- Marc Ringuette (mnr at cs.cmu.edu) From edgar at spectrx.Saigon.COM Mon Mar 15 18:27:48 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Mon, 15 Mar 93 18:27:48 PST Subject: PGP: PGP & WAFFLE?? Message-ID: The SYSOP of this system posted the following enquiry to me: I've heard that there is a program to allow pgp stuff online with waffle; if you know of such a thing, please point me towards it. I'd like to be able to secure this site for people who want it. I haven't heard of any such program, but if you have, please reply by E-mail to edgar at spectrx.saigon.com (Edgar W. Swank) -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca From shipley at tfs.COM Mon Mar 15 18:27:54 1993 From: shipley at tfs.COM (Peter shipley) Date: Mon, 15 Mar 93 18:27:54 PST Subject: soda.berkeley.edu Message-ID: <9303150746.AA10775@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 348 bytes Desc: not available URL: From wixer!pacoid at cactus.org Mon Mar 15 18:28:45 1993 From: wixer!pacoid at cactus.org (Paco Xander Nathan) Date: Mon, 15 Mar 93 18:28:45 PST Subject: We have a verdict. (fwd) Message-ID: <9303150755.AA27651@wixer> For Lists That Care About Computer Privacy: In case you didn't catch this elsewheres.. I've been covering the SJG vs. SS trial for certain magazines. Hopefully you'll be able to read soon an in-depth, first hand account of the fiasco our paid officials attempted to conduct during the SS trial. The bueno news is that individuals and small companies can actually sue the US Fed govt for privacy violations, and win. Judge Sparks didn't give a whole lot of airplay to the *damages* sustained, but this is an important step forward. The flood gates are opened.. pxn. ---- Forwarded message: > From cs.utexas.edu!tic.com!sjackson at cactus.org Sun Mar 14 16:25:06 1993 > Date: Sun, 14 Mar 93 15:05:19 -0600 > From: tic.com!sjackson at cactus.org (Steve Jackson) > Message-Id: <9303142105.AA17568 at aahsa.tic.com> > To: ... > Subject: We have a verdict. > > We won. > > Pete Kennedy, our attorney at George, Donaldson & Ford, called me > with the news about 3:30 today. Apparently the decision came in late > Friday while Pete was at the CFP. > > The judge ruled for us on both the PPA and ECPA, though he says that > taking the computer out the door was not an "interception." (I have not > read the decision yet, so no quotes here.) > > He awarded damages of $1,000 per plaintiff under the ECPA. > > Under the PPA, he awarded SJ Games $42,259 for lost profits in 1990, and > out of pocket costs of $8,781. > > Our attorneys are also entitled to submit a request for their costs. > > No word on appeal yet. > > Look for a more complete and coherent account after we all read > the decision. > > Please copy this announcement to all electronic and other media. > > Thanks for your support through all this! From gnu at cygnus.com Mon Mar 15 18:29:01 1993 From: gnu at cygnus.com (gnu at cygnus.com) Date: Mon, 15 Mar 93 18:29:01 PST Subject: crypto poem Message-ID: <9303151811.AA15886@cygnus.com> To: rms at ai.mit.edu Subject: crypto poem From: pgut1 at cs.aukuni.ac.nz Date: Sun, 14 Mar 93 15:17:29 -0800 Subject: And now for something completely different... PGP or not PGP (from Hamlet Act III Scene I) -------------- PGP or not PGP - that is the question Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous patents, Or to take arms against a sea of lawyers, And by encrypting end them? To crypt, to sign No more; and by a program to say we end The patents and the export restrictions That RSA is heir to - 'tis a consummation. Devoutly to be wish'd. To crypt, to sign. To crypt - perchance to pem-code: aye, there's the rub! For in that test of wills what lawyers may come When we have shuffled off this PGP business, Must give us pause. There's the respect that makes calamity of such legal restrictions. For who would bear the whips and scorns of Leavenworth Th'patent systems wrong, the export laws worse, The pangs of despis'd lawyers, the NSA's delay, The insolence of Sternlight, and the spurns That patient usage of PGP takes When he himself might his quietus make with PEM? Who would this program bear, To grunt and sweat under a weary system, But that the dread of something after PEM The undiscover'd country, from whose bourne No cryptographer returns -- puzzles the will, And makes us rather bear those ills we have Than fly to others that we know not of? Thus conscience does make cowards of us all, And thus the native hue of resolution Is sicklied o'er with the pale cast of thought, And enterprises of great pith and moment With this regard their currents turn awry And lose the name of action. - Apologies to Bill Shakespeare From tytso at Athena.MIT.EDU Mon Mar 15 20:32:03 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Mon, 15 Mar 93 20:32:03 PST Subject: Community standards for email anonymity In-Reply-To: <9303141011.AA05636@cygnus.com> Message-ID: <9303160430.AA10106@SOS> Date: Sun, 14 Mar 1993 03:27-EST From: Marc.Ringuette at GS80.SP.CS.CMU.EDU Self-protection Protection via rules --------------- -------------------- Allow anonymous posting Use software to Forbid all in all newsgroups; use allow anonymity in anonymous posting. information filters. some groups only. Handle volume bombs by Track down volume bombs using digital postage and and disconnect the offender. information filters. There's only one problem.... information filters and digital postage are not widely available right now, and will probably not be widely used for a long time. And while digital postage sounds nice, as long as once remailer site doesn't require digital postage, twits will still be able to perform volume bombs. So until the majority of the people reading USENET have the means of self-protection, is it unreasonable to that people get protected via some set of rules? You say that what you suggesting is a "Libertarian standard"; yet even the most rabid Libertarians believe in having rules against murder, and violence, instead of claiming that everyone must train themselves in martial arts so they can defend themselves..... - Ted From Al.Whaley at sunnyside.com Mon Mar 15 21:33:28 1993 From: Al.Whaley at sunnyside.com (Al Whaley) Date: Mon, 15 Mar 93 21:33:28 PST Subject: volunteers and standards Message-ID: <199303160532.AA19680@snyside.sunnyside.com> I apologize for sending this broadly for it will not apply to most of you who work with and understand the meaning of standards... If a person sticks his/her neck out to let you volunteer for a desirable event, and you don't hold up your end of the bargain, you can expect your own treatment back in the future. Anyone wanting to receive a scholarship or volunteer for the Computers, Freedom and Privacy '94 conference should please contact George Trubow at g.trubow at compmail.com He'll also have a WELL account soon. I suggest that he's not facile with email yet, so you're welcome to copy me with your notes and I'll also make sure he gets them for now. Despite controversy about its cost, it will continue to cost about the same amount next year as this year, with the probable exception of adding student rates (yes, you'll have to be full time at some school/university/college). Thanks. judi -- Al Whaley al at sunnyside.com +1-415 322-5411(Tel), -6481 (Fax) Sunnyside Computing, Inc., PO Box 299, Palo Alto, CA 94302 From dlr at world.std.com Tue Mar 16 04:28:28 1993 From: dlr at world.std.com (David L Racette) Date: Tue, 16 Mar 93 04:28:28 PST Subject: alternate US site for pgp22 In-Reply-To: <51920.pfarrell@cs.gmu.edu> Message-ID: On Sat, 13 Mar 1993, Pat Farrell wrote: > Can someone point me to another US FTP site with PGP22. I've downloaded > it a couple of times from soda.berkeley.edu, and can't get it unzipped. > I've tried all known combinarions of binary, non-binary, etc. > The file, once it reaches my PC is 209409 but pkunzip 204g says it is > broken. If I use pkzipfix, I can get some of the files, docs, keyserver, > etc. but it always fails with a CRC error on or after > exploding LANGUAGE.TXT > > One piece of tech info: I have to FTP to a SUN server, and then > use Kermit to bring the file to my PC. This has worked many times for > many other files, but there could be some user error in here. > I had no problems with the version at soda using pkunzip v204g. Worked the first time. Dave From ORNTS188 at ksuvxb.kent.edu Tue Mar 16 06:44:46 1993 From: ORNTS188 at ksuvxb.kent.edu (ORNTS188 at ksuvxb.kent.edu) Date: Tue, 16 Mar 93 06:44:46 PST Subject: PGP 2.2 Message-ID: <01GVRJAXTNGI0002O4@ksuvxb.kent.edu> Hello, from reading some of the postings, I gather that there is another list that deals more with just PGP. If so could someone send the address to me. Thanks..... Dan :) From an5877 at anon.penet.fi Tue Mar 16 09:11:23 1993 From: an5877 at anon.penet.fi (deadbeat) Date: Tue, 16 Mar 93 09:11:23 PST Subject: news.admin.policy: A Report From the Front Message-ID: <9303161607.AA25953@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- The good guys are beginning to prevail in the news.admin.policy battle over pseudonymous postings, aided in no small part by the opposition, one of whom began unilaterally cancelling articles by nyms. This tactical blunder produced a firestorm of protest and brought in fresh voices eager to speak out on the side of privacy and freedom of expression. We need to continue to weigh in on the side of pseudonymous postings. Perhaps the most constructive approach is to do so pseudonymously! DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBFAgUBK6X6HPFZTpBW/B35AQFOJgF9Fk/bNUE1cgl2vKJgFJCWg+1KDIqyeVtS ferduPOhXxNrdwyHWvx4vm+vIWKvdVEO =QHmk -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind system, any replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. *IMPORTANT server security update*, mail to update at anon.penet.fi for details. From hughes Tue Mar 16 09:32:07 1993 From: hughes (Eric Hughes) Date: Tue, 16 Mar 93 09:32:07 PST Subject: the recent mailing list flames Message-ID: <9303161732.AA07066@toad.com> A word from your list maintainer. Some people have no patience. I was at CFP for three days last week, soda has crashed twice (and is still down as of this writing), I've had house guests. I just this morning finished all the pending list requests. (All the deletions I did yesterday.) One of the two loud complainers, mbrennan at netcom.com, had actually doubled subscribed himself to the list. I had already removed him once, so I thought; I had moved him over to the -announce list. Since we don't believe in security by obscurity here, the following will generate a mail bomb for the next time _you_ want to be an asshole: yes "UNSUBSCRIBE ME\!\!\!" | head -30000 The program 'yes' (be repetitively affirmative) goes into an infinite loop printing its argument. When the pipe buffer fills up, the kernal blocks the 'yes' process and invokes 'head', which partially empties the buffer; 'yes' refills it. This goes on until 'head' has seen enough lines and terminates and closes the pipe. Closing the pipe then causes 'yes' to terminate. So even though 'yes' is nominally an infinite loop, when bound to a pipe and to a program which accepts a bounded number of lines, it stops being an infinite loop. I consider this clever. Enjoy, but do not deploy this one. Eric From hughes Tue Mar 16 09:34:20 1993 From: hughes (Eric Hughes) Date: Tue, 16 Mar 93 09:34:20 PST Subject: news.admin.policy: A Report From the Front In-Reply-To: <9303161607.AA25953@anon.penet.fi> Message-ID: <9303161734.AA07151@toad.com> As far as this automatic cancelling business goes, what can be automatically cancelled can also be automatically regenerated. Who here has been in such a news war and has software already written? Eric From warlord at MIT.EDU Tue Mar 16 09:56:33 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 16 Mar 93 09:56:33 PST Subject: news.admin.policy: A Report From the Front In-Reply-To: <9303161734.AA07151@toad.com> Message-ID: <9303161755.AA14876@deathtongue.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- > As far as this automatic cancelling business goes, what can be > automatically cancelled can also be automatically regenerated. > > Who here has been in such a news war and has software already written? > > Eric While I agree with you in spirit, I think this would be a bad move. We don't want to get into a news war. We want people to listen to us. The best was to sway people to our side, especially when there are others who are pissing people off, is to keep a calm head and stature. The more that that other person pisses off the news admins, the more they will be willing to listen to our side. If we rush head-long and get into an all-out news war, then those same admins might not listen to us as intently as they would if we stay cool and calm. Please, no news wars. It can only hurt our cause! - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK6YUZTh0K1zBsGrxAQEvIgLFEQM+XkIlgkZWFPz25Ic3wRYKOMPYTDF5 6rVn1zOYppNZ/37BHBFzEvIGWI8X4wX+mBgzIxzi/NmNKlUrm1/EMPzI0OyZPqOS yoQClw/n1D1XDw7Ofxnr17M= =DBN5 -----END PGP SIGNATURE----- From jordan at imsi.com Tue Mar 16 16:23:36 1993 From: jordan at imsi.com (Jordan Hayes) Date: Tue, 16 Mar 93 16:23:36 PST Subject: news.admin.policy: A Report From the Front Message-ID: <9303162033.AA23984@IMSI.COM> >>> Who here has been in such a news war ... I was involved in a slightly different news war a few years ago. I was being harrassed by a particularly prolific news poster (at one point he represented nearly 9% of the total USENET weekly volume), and it turned out that I was running a site that had an NNTP feed to his site. I talked with the admin there, found out their fan-out plan, and made sure that anything I got from them got fanned out as soon as possible. Except I would modify the message in subtle ways, like change the attribution line from something like From: john at somesite.net (John Q. Public) to From: john at somesite.net (Wimpy Math Grad Student) Anyway, I was able to make my version of his postings "the" version by hitting all the other sites his site fanned out to first. It was fun for a while until he found out and tried to mail bomb me. Fortunately, I was around when it started, and put a reflector in to send his bombs back automatically piece by piece. His machine was a lowly VAX 750 running some backwater rev of 4.3 alpha-alpha, and sendmail promptly sent the load to 40 and crashed the machine. His PhD advisor was not amused. /jordan From hibbert at memex.com Wed Mar 17 01:03:39 1993 From: hibbert at memex.com (Chris Hibbert) Date: Wed, 17 Mar 93 01:03:39 PST Subject: [cleaned-up] University Policies In-Reply-To: Message-ID: <9303162224.AA18391@entropy.memex.com> POLICIES The computing and communication systems at the University of New Brunswick are intended to be used in a manner that is supportive of the University's objectives. All constituents of the University are able to apply to use the university's computing facilities. When that privilege is granted (e.g., when an account is issued), it is granted with the understanding that the use of the computing system will correspond to the purpose(s) stated in the request. At the University of New Brunswick Computing Services Department, internal customers (students, faculty and staff) are not personally billed for use but are held personally responsible for use made of their accounts. Certain practices are considered a misuse of university property. Examples of such misuse are the use of any part of the computing system for personal or corporate profit, or to provide free resources to unauthorized persons. The following policies govern the use of the University of New Brunswick Computing Services Department facilities: 1. No person or persons shall use the facilities of the University Computing Services Department without due authorization by Computing Services. 2. Every allocation of computing resources is made on the understanding that it is to be used only for the purpose for which it was requested and only by the person or persons by whom or on whose behalf the request was made. Use shall not be made of computing resources allocated to another person or group unless such use has been specifically authorized by Computing Services. 3. No person or persons shall by any wilful or deliberate act jeopardize the integrity of computing equipment, networks, programs, or other stored information. 4. Persons authorized to use computing and communication resources shall be expected to treat as privileged, any information not provided or generated personally which may become available to them through their use of these resources; they shall not copy, modify, disseminate, or use any part of such information without permission of the appropriate person or body. 5. Improper use of Computing Services may result in withdrawal of access privileges or other penalties. The following (but not limited to the following) may be considered improper: * Frivolous use of any workstation, computer or network. * Inspection of data or functions which are neither allotted to the inspector, nor specified as public. * Inspection of data which have to do with utilization, authorization or security. * Modification of data which are not specifically assigned to or created by the modifier. * Use of another's account. * Interference with other persons accessing the systems, networks or equipment. * Destruction of data or property which is not owned by the destroyer. * Attempting to gain access to another's resources, programs, or data. * Use of another's programs or data without their permission. * Sending obscene or vulgar messages. * Abusive or destructive use of hardware or public software. * Use of the facilities for personal or corporate gain without an external account. Examples of such use include producing invitations, posters, personal correspondence, etc., and the sale of computer programs or results developed under an internal account. 6. Customers are expected to: a. Be responsible for the use of their computer accounts. They should make appropriate use of system provided security features and take precautions against others obtaining access to their computing resources. b. Refrain from engaging in deliberately wasteful practices such as: * unnecessary holding of workstations or telecommunications lines; * producing unnecessarily large printer listings; * performing unnecessary computations; * creating and retaining unnecessarily large files; * unnecessary holding of peripheral equipment. c. Utilize efficient and effective techniques for program execution. From robichau at lambda.msfc.nasa.gov Wed Mar 17 07:39:23 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Wed, 17 Mar 93 07:39:23 PST Subject: PGP: Mac PGP 2.2 available at UMich ftp Message-ID: <9303171537.AA28125@lambda.msfc.nasa.gov.msfc.nasa.gov> v2.2 of PGP for the Macintosh is available for anonymous FTP at the University of Michigan archives (mac.archive.umich.edu or 141.211.32.2) in /mac/util/encryption. Enjoy and deploy, -Paul -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. Mission Software Development Div. | I'm not white- I'm Euro-American. New Technology, Inc. | RIPEM key on request. From hughes at soda.berkeley.edu Wed Mar 17 09:13:15 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 17 Mar 93 09:13:15 PST Subject: CYPHERPUNKS=EMAIL HARASSEMENT? In-Reply-To: <930312075344_74076.1041_DHJ35-2@CompuServe.COM> Message-ID: <9303171709.AA06397@soda.berkeley.edu> >So how many days, exactly, have people waited for response from >cypherpunks-request before giving up and posting to the list? Just >one or two, or are we talking weeks here? Most of the unsubscribe message that have gone out over the list in the last month are the _first_ messages sent out by people. Therefore, let me repeat this. To unsubscribe from the list, send mail to cypherpunks-request at toad.com A human, namely me, Eric Hughes, will read your mail and take appropriate response. Do not expect immediate answers; I am not a program. If you send to the whole list asking to be removed, I will send you a piece of junk mail (with the above info in it) and ignore your request. I don't do maintenance for the list on the same account as I read mail. Thanks you all. Eric From hughes at soda.berkeley.edu Wed Mar 17 09:39:05 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 17 Mar 93 09:39:05 PST Subject: The new welcome message, for your general information Message-ID: <9303171735.AA08132@soda.berkeley.edu> I've changed the welcome message for the list to update it with the ftp site, and other changes. I would like everyone to take a glance at this. I've written down some of the mailing list policies that have been _de facto_. Please reply to me if you have any questions. Eric ----------------------------------------------------------------------------- You have been added to the cypherpunks mailing list. The cypherpunks list is a forum for discussing personal defenses for privacy in the digital domain. It is a high volume mailing list. If you want to be added or removed from the list, send mail to cypherpunks-request at toad.com There is no automated list processing software; a human (me, Eric Hughes) will read your message and take the appropriate action. If you get two of these welcome messages, it likely means you've double subscribed and will have trouble getting off the list. Send mail to the above address and tell me if this happens. Do not expect instant turnaround. Remember, a human is looking at your requests, not a program. I try to do list maintenance every other day or so, but sometimes the delays are longer. Do not mail to the whole list asking to be removed. You'll just get the members of the list thinking you're a newbie and you'll get a note from me telling you to send mail the the -request address. If your mail bounces repeatedly, you will be removed from the list. Nothing personal, but I have to look at all the bounce messages. There is no digest version available. There is an announcements list which is moderated and has low volume. Announcements for physical cypherpunks meetings, new software and important developments will be posted there. Mail to cypherpunks-announce-request at toad.com if you want to be added or removed to the announce list. All announcements also go out to the full cypherpunks list, so there is no need to subscribe to both. There is an ftp site for cypherpunks. It is soda.berkeley.edu:pub/cypherpunks This site contains code, information, rants, and other miscellany. There is a glossary there that all new members should download and read. Also recommended for all users are Hal Finney's instructions on how to use the anonymous remailer system; the remailer sources are there for the perl-literate. Enjoy and deploy. Eric ----------------------------------------------------------------------------- Cypherpunks assume privacy is a good thing and wish there were more of it. Cypherpunks acknowledge that those who want privacy must create it for themselves and not expect governments, corporations, or other large, faceless organizations to grant them privacy out of beneficence. Cypherpunks know that people have been creating their own privacy for centuries with whispers, envelopes, closed doors, and couriers. Cypherpunks do not seek to prevent other people from speaking about their experiences or their opinions. The most important means to the defense of privacy is encryption. To encrypt is to indicate the desire for privacy. But to encrypt with weak cryptography is to indicate not too much desire for privacy. Cypherpunks hope that all people desiring privacy will learn how best to defend it. Cypherpunks are therefore devoted to cryptography. Cypherpunks wish to learn about it, to teach it, to implement it, and to make more of it. Cypherpunks know that cryptographic protocols make social structures. Cypherpunks know how to attack a system and how to defend it. Cypherpunks know just how hard it is to make good cryptosystems. Cypherpunks love to practice. They love to play with public key cryptography. They love to play with anonymous and pseudonymous mail forwarding and delivery. They love to play with DC-nets. They love to play with secure communications of all kinds. Cypherpunks write code. They know that someone has to write code to defend privacy, and since it's their privacy, they're going to write it. Cypherpunks publish their code so that their fellow cypherpunks may practice and play with it. Cypherpunks realize that security is not built in a day and are patient with incremental progress. Cypherpunks don't care if you don't like the software they write. Cypherpunks know that software can't be destroyed. Cypherpunks know that a widely dispersed system can't be shut down. Cypherpunks will make the networks safe for privacy. From hughes at soda.berkeley.edu Wed Mar 17 11:49:09 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 17 Mar 93 11:49:09 PST Subject: HUMOR: Manifesto anyone? Message-ID: <9303171945.AA17870@soda.berkeley.edu> I got the following message in my inbox today: >I saw news of your "A Cypherpunk's Manifesto" on AppleLink today. Is there a >chance you can e-mail me a copy (un-encrypted please)??? Hmm. The thought of sending out encrypted manifestos... I suppose we could proselyte the NSA. This one sounds like prime list member material, no? Eric From hughes at soda.berkeley.edu Wed Mar 17 11:54:59 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 17 Mar 93 11:54:59 PST Subject: RANTS: A Cypherpunk's Manifesto Message-ID: <9303171951.AA18216@soda.berkeley.edu> I've been meaning to write up a longer version of the welcome message text for some time now. I took the opportunity to do so before the Computers, Freedom, and Privacy Conference. I made up 300 paper copies of this for distribution on the literature table. All but a couple dozen remained at the end of three days. So then, this is my _real_ manifesto. I took all the good lines out of the previous version and added more. I hope you enjoy it. It's available on the ftp site in the rants/ directory. Eric ----------------------------------------------------------------------------- A Cypherpunk's Manifesto by Eric Hughes Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world. If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to. Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must _always_ reveal myself. Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy. Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature. We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor. We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do. We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money. Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down. Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible. For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals. The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace. Onward. Eric Hughes 9 March 1993 From hughes at soda.berkeley.edu Wed Mar 17 12:03:13 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 17 Mar 93 12:03:13 PST Subject: ADMIN: ftp site Message-ID: <9303171959.AA18710@soda.berkeley.edu> I've cleaned up the ftp site a bit, set read permissions on one file (oops), added a README, and generally made things more easy to use. The site, for those of you who do not yet know, is soda.berkeley.edu:pub/cypherpunks Here's a short intro: README an orientation primer crypto.ftp.sites/ a place for external pointers misc/ read, "I don't know where else this goes" pgp/ PGP 2.2 distribution, DOS, Unix, Mac rants/ for all those pesky manifestos that pop up remailer/ remailer code and instructions and tools welcome.message the welcome message to the list The site is yours to use. If there is something you'd like to see on the ftp site, let me know. If you have contributions, let me know. Eric From hughes at soda.berkeley.edu Wed Mar 17 13:04:40 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 17 Mar 93 13:04:40 PST Subject: pgp2.2 in cypherpunks Message-ID: <9303172100.AA23522@soda.berkeley.edu> I obtained another copy of pgp22.zip for the cypherpunks archive site. The previous one was the same length, but had some difference buried in the middle. The new one seems fine. All those who had trouble might want to download it again. I also put up another copy of pgp22src.zip, since it left and I don't know where it went. Eric From root at rmsdell.ftl.fl.us Wed Mar 17 17:03:02 1993 From: root at rmsdell.ftl.fl.us (Yanek Martinson) Date: Wed, 17 Mar 93 17:03:02 PST Subject: GOV: DMS PreMSP Message-ID: Forwarded message: > Date: Wed, 17 Mar 1993 15:10:53 -0500 > To: Markowitz at DOCKMASTER.NCSC.MIL > From: shirley at mitre.org (Robert W. Shirey) > Cc: pem-dev at TIS.COM > > In a previous message, I said: "Just as soon as I know for sure that > information on this subject [DMS PreMSP] is publicly releasable, I will > forward it or references to this list." Here are pointers to the > currently available public info. > > A Request For Information (RFI) was issued by the Air Force Standard > Systems Center, Gunter AFB,Al, on December 1992. (See "Commerce Business > Daily" for 17 December 1992.) This RFP concerns X.400 products for use > in the Defense Message System. In brief, DOD needs hundreds of thousands > (of units) of secure UAs over the next several years. > > In the RFI, there is publicly released information concerning Preliminary > Message Security Protocol (PMSP, or sometimes, PreMSP), which is to be > used for unclassified by sensitive information. PMSP is something that > exists. Do not expect it to interoperate with PEM. > > Saying "Pre" MSP implies there is a "real" MSP to come later. There is. > It comes from NSA's Secure Data Network System Program. SDNS and MSP > information is available from NIST, and decriptions are found in the > proceedings of the National Computer Security Conference and other major > security conferences in the last few years. (Perhaps someone will chime > in again with the NIST references, etc.) > > DMS security developments, including PMSP, will be addressed further by > an NSA representative at the AFCEA [Armed Forces Communications and > Electronics Association] DMS Symposium on 8 April. > > Regards, -Rob- > > Robert W. Shirey, The MITRE Corporation, Mail Stop Z202 > 7525 Colshire Dr., McLean, Virginia 22102-3481 USA > shirey at mitre.org * tel 703-883-7210 * fax 703-883-1397 > > --------------------------------------------------------------------------- > The following statement on MSP was released previously: > > Defense Information Systems Agency > Defense Network Systems Organization > > In reply Refer To: DISM 12 November 1991 > > MEMORANDUM FOR DEFENSE MESSAGE SYSTEM (DMS) MILITARY COMMUNICATIONS > ELECTRONICS BOARD (MCEB) COORDINATOR > > SUBJECT: Rationale for the Secure Data Network System (SDNS) Message > Security Protocol (MSP) for the DMS > > > 1. As a result of the Allied Message Handling (AMH) International Subject > Matter Experts (ISME) working group meeting held in March 1991, certain > actions regarding message security were tasked to the U.S. representatives. > These tasks include two information papers which address the U.S. intentions > to use MSP to provide required message security services. > > 2. The first of these papers, which addresses the rationale and near-term > interoperability issues for the use of MSP, is enclosed. We are forwarding > this paper to you, as the DMS MCEB Coordinator, for dissemination to the AMH > ISME membership. > > 3. This paper has also been forwarded to the Chairman, Data Communications > Protocol Standards (DCPS) Technical Management Panel (DTMP) for use in > resolving an Interoperability Resolution Process (IRP) issue regarding the DoD > position on the use of MSP. Both the AMH ISME and DTMP processes will be > worked as parallel efforts. > > 4. My point of contact for this effort is CPT(P) Wayne C. Deloria, DISA/DISMB, > (703)285-5232, DSN 346-5232. He can be reached through electronic mail at > DELORIAW at IMO-UVAX.DCA.MIL. Please do not hesitate to contact him with any > question regarding this matter. > > > Enclosure a/s THOMAS W. CLARKE, Chief > DMS Coordination Division > > cc: DMS Coordinators > > > 22 October 1991 > > THE DEFENSE MESSAGE SYSTEM (DMS) > MESSAGE SECURITY PROTOCOL AND ALLIED INTEROPERABILITY > > > 1. Introduction > > The Defense Message System (DMS) Program has adopted Message Security > Protocol (MSP) as the target security protection mechanism for all DMS > organizational and individual message traffic. MSP was developed under the > auspices of the Secure Data Network System (SDNS) Program concurrent with > international development of the CCITT X.400 1988 Recommendation. SDNS MSP > and 1988 X.400 offer a similar set of security services. However, the two > approaches diverge in certain areas, due to differing priorities and > requirements, and the operational environment of the U.S. Department of > Defense (DoD). The purpose of this paper is to define the principal points of > departure, provide rationale for U.S. use of MSP, and to provide a framework > for agreement on near term messaging interoperability. > > 2. Rationale for Use of MSP > > While the security services provided by MSP are similar to the 1988 X.400 > Recommendation, the divergence in their implementation introduces > incompatibilities between the two strategies. Following is U.S. rationale for > use of MSP. > > 2.1 High Level of Assurance: DMS provides secure automated store-and- > forward message service to meet the operational requirements of the U.S. DoD. > The DMS conveys information ranging from unclassified to the most sensitive > classifications and compartments, requiring very high levels of assurance > throughout the system. While few, if any, individual User Agents (UAs) will > handle this entire range, many will handle more than one, and therefore > require a high degree of trust. MSP provides high assurance in the areas of > implementation strategy, access control, content security, and use of > commercially available products and services. > > 2.1.1 Implementation Strategy. To achieve a high level of assurance, > MSP was designed to provide separation of message security from message > processing, and to facilitate a certifiable and accreditable implementation. > By implementing the MSP security services in a separate protocol sub-layer, a > multi-level secure (MLS) architecture can follow conventional approaches in > the design of certifiable systems. The MSP approach depends upon creating a > small nucleus of "trusted" software, implemented as an adjunct to the UA, that > interacts with multiple, single-level instantiations of more complex software, > e.g., text editors and communications protocols. Further, placing the > security services at the end system (originator/recipient) is consistent with > the principle of "least privilege", which requires security processes in a > system to grant only the most restrictive set of privileges necessary to > perform authorized tasks. > > 1 > > > 22 October 1991 > > 2.1.2 Access Control. The approach to access control adopted by MSP > places access control decisions in a separate process within the originator > and recipient UAs, providing a higher level of assurance for this service. > This high level of assurance is supported by detailed security design analyses > performed on various MSP prototype implementations. > > 2.1.2.1 MSP access control decisions are made as part of message > preparation and release, and as part of the processing of a received message. > End system (UA) responsibility for access control is a cornerstone of the MSP > security architecture. The access control decision relies on authorization > information contained in multiple certificates. These certificates provide > extended resolution for access control decisions and are further protected by > cryptography at the UA. Consequently, no access control message security > requirements are levied on the Message Transfer Agents (MTAs). > > 2.1.2.2 In contrast, 1988 X.400 access control decisions and > enforcement are vested in the Message Transfer System (MTS) and are exercised > independently by the MTAs at each end of the message transfer. This requires > that every subscriber uniformly trust all of the MTAs to enforce access > control for the subscriber community. A message originator has no independent > means of determining the access rights of a possible recipient, nor the means > to determine the level of trust of the MTAs that make access control > decisions. He must rely on the correct operation of the MTAs. > > 2.1.3 Content Security. MSP provides content security and integrity > services with the implementation of independent cryptographic algorithms and > key management system at the UA. Encapsulation of message content with > appropriate security parameters (e.g., algorithm identification and signature > information) into a MSP content prior to submitting it to the MTS, ensures > writer-to-reader control for all security services. This is true regardless > of the message transfer system employed. Since only the originator and > recipient may access the information, content security is preserved, and the > means for message confidentiality, integrity, authentication, and non- > repudiation with proof of origin is maintained. > > 2.1.4 Commercial Products/Services. A primary objective of the DMS > Program is to employ commercially available products and services wherever > possible, to minimize or eliminate the need for specialized systems. It is > also assumed that such products and services will undoubtedly be "untrusted" > from the security perspective. The use of MSP allows the DMS to deploy over > any reliable and heterogeneous MTS and still provide the same level of message > security and system assurance. The MSP design and implementation strategy, > coupled with the incorporated access control and content security mechanisms, > is consistent with this objective. While the 1988 X.400 Recommendation offers > similar services, its employment by DMS would require use of "trusted" MTAs, a > prospect that is not only cost prohibitive by lacking in deployment > flexibility. > > 2 > > > 22 October 1991 > > 2.2 Key Management Support. MSP was designed to be independent of > cryptographic algorithms and key management schemes. Although 1988 X.400 > maintains independence of the cryptographic algorithms used, it does employ a > specific key management scheme as defined in CCITT Recommendation X.509. The > protocol mechanisms that realized this key management scheme are incompatible > with MSP key management. > > 2.2.1 A solution consistent with the MSP concept might be implemented > within the X.400 syntax, but would represent a semantic inconsistency. Within > X.400, no syntax exists to exchange multiple certificates and other per- > message security data. > > 2.2.2 Even if a certifiable architecture using MSP-like key management > schemes could be developed to be consistent with 1988 X.400, it would likely > represent a substantial departure from COTS products. > > 2.3 Performance. Like MSP, the 1988 X.400 Recommendation defines both > per-message and per-recipient security data items. However, the allocation of > security relevant data, especially the signature and receipt information, is > different in X.400 and in MSP. 1988 X.400 requires one signature per > recipient while MSP requires one per message. The major performance > implications of this difference are the higher number of signature generation > operations required by 1988 X.400, and the higher volume of additional data > carried in each 1988 X.400 message. > > 3. Allied Interoperability. > > 3.1 Suggestions from the Allied Message Handling International Subject > Matter Experts Working Group (AMH ISME WG) recommend that the U.S. incorporate > MSP mechanisms with the 1988 X.400 framework. In reviewing this, technical > difficulties surface as previously discussed, and present a resultant product > which is semantically non-conformant with the 1988 X.400 Recommendation. This > suggestion is unacceptable from a security protection standpoint, and is cost > prohibitive. > > 3.2 The differences in the MSP and 1988 X.400 security protection > strategies as described in the rationale serve to illustrate an allied message > interoperability issue. It is evident that the U.S. will continue to pursue > implementation of MSP while U.S. allies, including NATO, appear poised to > pursue implementations of the 1988 X.400 Recommendation. When the U.S. begins > deployment of X.400/MSP components in the 1996 and beyond time frame, a MSP > gateway will be required to facilitate interoperability between users who have > implemented X.400 with MSP and users who have not. A Gateway will be required > to perform protocol mappings between MSP and X.400-based systems, and to > provide the required cryptographic and key management conversion services for > the systems employed. This Gateway will facilitate U.S. transition to MSP, as > well as provide interoperability with allied users during the international > transition to X.400. > > 3 > > > 22 October 1991 > > 4. Conclusions. > > 4.1 Based on the rational provided above, the U.S. concludes that use of > MSP is superior to 1988 X.400 security protection in terms of assurance, key > management, performance, deployment flexibility, and cost. > > 4.2 As indicated above, allied interoperability will require an MSP > Gateway. The AMH ISME WG is an excellent forum to collect requirements for > this Gateway to ensure its timely development and deployment, and > effectiveness in providing near term allied interoperability. Long term > interoperability is being analyzed and will be the subject of a 15 February > 1992 U.S. submission to the AMH ISME WG. > > 4 > > ----------------------------------------------------------------------- > The Privacy and Security Research Group (PSRG) (i.e., that part of the > Internet Research Task Force that invented PEM and tossed it over the > fence into the Internet Engineering Task Force for final standardization > and deployment) received inqiries about the position of the U.S. > Federal Government on the use of Privacy-Enhanced Mail (PEM) (see RFCs > 1421, 1422, 1423, and 1424). The PSRG issued a statement which is now > outdated but was along the following lines: > > The PSRG does not speak for the U.S. Federal Government or for any other > government. It can, however, arrange some referrals for those seeking > Government information. > > Like all bodies operating under the cognizance of the Internet > Activities Board (IAB), the PSRG is an independent committee of > professionals with a technical interest in the health and evolution > of the Internet system (see RFC 1160). When the PSRG was designing > and developing PEM, and when the IAB approved and encouraged PEM > implementation, there was discussion of existing U.S. and other government > policies and policy trends. No agreements were reached with any agency > or official. Some PSRG members are aware of talks that have taken place > within the U.S. Government about PEM, but the PSRG is not aware of any > publicly-announced policies that have been directed specifically at PEM. > > For further information, the PSRG suggests that questions be directed > to the following PSRG members, who will either answer the question > or provide a referral to responsible officials: > > For questions regarding the U.S. Government generally: > > Miles Smid smid at st1.ncsl.nist.gov > National Institute for Standards and Technology > Building 225, Room A216 > Gaithersburg, Maryland 20899 > > For questions regarding the U.S Department of Defense in general, and > the Defense Message System in particular: > > Rob Shirey shirey at mitre.org > The MITRE Corporation, Mail Stop Z269 > 7525 Colshire Drive, McLean, VA 22102-3481 > > For other questions, send to pem-dev at tis.com and hope for the best! > > > > > -- Yanek Martinson yanek at novavax.nova.edu From nowhere at bsu-cs.bsu.edu Wed Mar 17 17:15:32 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Wed, 17 Mar 93 17:15:32 PST Subject: the recent mailing list flames Message-ID: <9303180111.AA02926@bsu-cs.bsu.edu> >One of the two loud complainers, mbrennan at netcom.com, had actually >doubled subscribed himself to the list. I had already removed him >once, so I thought; I had moved him over to the -announce list. Well, I sent a personal message to mbrennan at netcom.com about the posting he made where he criticized "Mr. May and Mr. Ringuette" for their misunderstanding. :) He misinterpreted my meaning of "you are in my kill list, but the others aren't." I meant that my .maildelivery destroys mail from him, but not from anyone else. *sigh* He wrote my sysadmin about it and said that it came from my remailer and all hell broke loose on my end. My boss's boss took me into his office and we discussed it... He just said, "Someone was harrassing a guy at AT&T (of all places) through your remailer." I tracked down the message, "talk"ed to mbrennan about it and he agreed to write a message of apology to my sysadmin saying he misunderstood the "threat." *sigh* What an avoidable mess if he hadn't been so touchy! Now they are investigating my remailer. My response was, "Oh, it's just a play-thing for me and a few friends." They think I should be responsible for what goes through it. Hahahaha... Right. I only see messages that don't go through for one reason or another (bounces and errors in "::" use). Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU, chall at ref.tfs.com (317) 285-3648 after 5 pm EST From MJMISKI at macc.wisc.edu Wed Mar 17 20:18:04 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Wed, 17 Mar 93 20:18:04 PST Subject: White House Message-ID: <23031722144365@vms2.macc.wisc.edu> Cypherpunks, MCI announced a new email address for access to the White House. However, This time they make no pretense that it will be read electronicly. From what I could glean from RISKS (I was in quite a hurry), the messages will be sent through the regular USPS. This appears to be a way to increase profits for MCI and Internet messages may very well bounce. Anyway, I know that the cypherpunks are trying to access the handles of power in this country and gain some respect at the same time. I also watched the last thread about what form our communication should take. Well, here's another chance. 0005895485 at mcimail.com - White House Matt mjmiski at macc.wisc.edu From collins at socrates.umd.edu Thu Mar 18 06:42:37 1993 From: collins at socrates.umd.edu (Jim C) Date: Thu, 18 Mar 93 06:42:37 PST Subject: Cypher: Subject naming proposal In-Reply-To: <9303120305.AA09556@toad.com> Message-ID: <9303181442.AA19725@toad.com> Can I suggest that any messages posted to cypherpunks start with "Cypher:" in the subject line? The mail from this list is getting mixed in with all my other mail, cause my newsreader (elm) can't sort on "To:" fields. Does anyone else have this problem? Does this idea seem reasonable? JIm C. From nowhere at bsu-cs.bsu.edu Thu Mar 18 07:43:44 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Thu, 18 Mar 93 07:43:44 PST Subject: Cypher: Subject naming proposal In-Reply-To: <9303181442.AA19725@toad.com> Message-ID: <9303181539.AA29429@bsu-cs.bsu.edu> >Can I suggest that any messages posted to cypherpunks start with "Cypher:" >in the subject line? The mail from this list is getting mixed in with all >my other mail, cause my newsreader (elm) can't sort on "To:" fields. > Does anyone else have this problem? Does this idea seem reasonable? >JIm C. I use the following .forward file to make slocal "sort" my mail based upon the contents of the .maildelivery file below. -- $HOME/.forward -- | /usr/lib/mh/slocal -user nowhere You should use something like the following .maildelivery file to tell slocal where to put the messages. -- $HOME/.maildelivery -- # # field "pattern" action "command" # To "cypherpunks at toad.com" file ? Mail/cypherpunks This will file messages directed to cypherpunks to a file in your Elm mail directory, but leave all other messages untouched. You have to then choose the folder "=cypherpunks" to read those messages. NOTE: You need to change the path of slocal to the appropriate path for your system. You can find it with the whereis -b command or the find utility. Am I forgetting anything? Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From derek at cs.wisc.edu Thu Mar 18 08:27:46 1993 From: derek at cs.wisc.edu (Derek Zahn) Date: Thu, 18 Mar 93 08:27:46 PST Subject: Cypher: Subject naming proposal In-Reply-To: <9303181442.AA19725@toad.com> Message-ID: <9303181626.AA16870@lynx.cs.wisc.edu> > Can I suggest that any messages posted to cypherpunks start with "Cypher:" > in the subject line? The mail from this list is getting mixed in with all > my other mail, cause my newsreader (elm) can't sort on "To:" fields. > Does anyone else have this problem? Does this idea seem reasonable? > JIm C. There's a program called "filter" (which I think is part of the elm distribution) that I use to automatically route messages from different mailing lists to separate folders, which can then be read at leisure. Very handy! derek From huntting at glarp.com Thu Mar 18 09:07:29 1993 From: huntting at glarp.com (Brad Huntting) Date: Thu, 18 Mar 93 09:07:29 PST Subject: Cypher: Subject naming proposal In-Reply-To: <9303181442.AA19725@toad.com> Message-ID: <199303181705.AA03002@misc.glarp.com> > The mail from this list is getting mixed in with all my other mail, > cause my newsreader (elm) can't sort on "To:" fields. Perhaps you should get a better mail reader (e.g. MH). From root at rmsdell.ftl.fl.us Thu Mar 18 10:07:01 1993 From: root at rmsdell.ftl.fl.us (Yanek Martinson) Date: Thu, 18 Mar 93 10:07:01 PST Subject: HASH: cryptanalysis of MD5? (fwd) Message-ID: Forwarded message: > Newsgroups: sci.crypt > From: schneier at chinet.chi.il.us (Bruce Schneier) > Subject: Successful Cryptanalysis of MD5 > Message-ID: > Organization: Chinet - Public Access UNIX > Date: Thu, 18 Mar 1993 04:06:39 GMT > > This is from Bart Preneel's Ph.D. thesis, "Analysis and Design of > Cryptographic Hash Functions," Jan 1993, p. 191. It is about the > cryptanalysis of MD5: > > B. den Boer noted that an approximate relation exists between > any four consecutive additive constants. Moreover, together > with A. Bosselaers he developed an attack that produces > pseudo-collisions, more specifically they can construct two > chaining variables (that only differ in the most significant > bit of every word) and a single message block that yield the > same hashcode. The attack takes a few minutes on a PC. This > means that one of the design principles behind MD4 (and MD5), > namely to design a collision resistant function is not satisfied. > > I have not seen the actual paper yet, which will be presented at > Eurocrypt. Both PEM and PGP rely on MD5 for a secure one-way hash > function. This is troublesome, to say the least. > > Bruce > > ************************************************************************** > * Bruce Schneier > * Counterpane Systems For a good prime, call 391581 * 2^216193 - 1 > * schneier at chinet.chi.il.us > ************************************************************************** > > -- Yanek Martinson yanek at novavax.nova.edu From markh at wimsey.bc.ca Thu Mar 18 10:57:49 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Thu, 18 Mar 93 10:57:49 PST Subject: Cypher: Subject naming proposal In-Reply-To: <199303181705.AA03002@misc.glarp.com> Message-ID: <9303181023.ZM11582@wimsey.bc.ca> On Mar 18, 12:05, Brad Huntting wrote: > Subject: Re: Cypher: Subject naming proposal > > > The mail from this list is getting mixed in with all my other mail, > > cause my newsreader (elm) can't sort on "To:" fields. > > Perhaps you should get a better mail reader (e.g. MH). >-- End of excerpt from Brad Huntting mush will also allow filtering based on more or less whatever you want (e.g. To: fields). Mark -- Mark Henderson markh at wimsey.bc.ca From ebrandt at jarthur.Claremont.EDU Thu Mar 18 14:24:39 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Thu, 18 Mar 93 14:24:39 PST Subject: a steganographic test Message-ID: <9303182224.AA05626@toad.com> Taking the easy way out, I tried a steganographic encoding in a GIF by mapping down to 128 colors, duplicating them, and frobbing the low bits of the image. This worked surprisingly well. The resulting image showed little degradation, and was smaller than the original -- the information thrown out when mapping down to 128 was not fully replaced, as the "hidden" file did not fill the GIF. Rather than screw with GIF and Heckbert code for this throwaway, I did the {en,de}giffing and palette manipulation by hand with the PC program PICLAB. It supports scripts, which would automate the process, except for the palette duplication, which a sed script could do. The bit bashing code is appended, though it's pretty trivial stuff. Anyway, I ended up with the canonical Earth-seen-from-space, 320x200x8, with an embedded DOS-format text file chosen for verisimilitude. I can ship it by e-mail to anyone who wants it, though there's not really a whole lot you can *do* with the thing. ("Hey. Wow. There really is a file in the low bits.") PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu the guts of ensteg.c: /* * We smear the hidef stream MSB-first into the low bits of the picf stream. * This code is not optimal, but hey, it's short. */ int picbyte, hidebyte, mask=0; long count=0; while (EOF!=(picbyte=getc(picf))) { if (!mask) { mask = 0x80; if (EOF==(hidebyte=getc(hidef))) hidebyte=0; // pad with nulls } putc(picbyte&0xfe | ((hidebyte&mask)/mask), outf); mask/=2; } and of desteg.c: /* * Pull the picf bits out, and put them together, MSB-LSB order. */ int picbyte, hidebyte=0, bit=7; while (EOF!=(picbyte=getc(picf))) { if (bit<0) { putc(hidebyte, hidef); hidebyte=0; bit=7; } hidebyte |= (picbyte%2)< Message-ID: <9303182329.AA21721@ucunix.san.uc.edu> -----BEGIN PGP SIGNED MESSAGE----- >>>>> On Thu, 18 Mar 93 10:39:46 EST, nowhere at bsu-cs.bsu.edu (Chael Hall) said: >Can I suggest that any messages posted to cypherpunks start with "Cypher:" >in the subject line? The mail from this list is getting mixed in with all >my other mail, cause my newsreader (elm) can't sort on "To:" fields. > Does anyone else have this problem? Does this idea seem reasonable? >JIm C. Hall> I use the following .forward file to make slocal "sort" my mail based Hall> upon the contents of the .maildelivery file below. [snip] Hall> NOTE: You need to change the path of slocal to the appropriate Hall> path for your system. You can find it with the whereis -b command or Hall> the find utility. Am I forgetting anything? Erm, only that this apparently appears to pretty much _require_ switching mailreaders to MH. A more transparent solution can be achieved with the 'procmail' package, available from any comp.sources.misc archive. This package allows rule-based filtering on message content, size, and other factors, and can be installed workably with most mailreaders to my knowledge, without requiring much effort. Hall> Chael Hall Hall> -- Hall> Chael Hall Hall> nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU Hall> (317) 285-3648 after 5 pm EST Crys Rides -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK6kEyJSqD+bQ7So3AQH/fwQAuRsviaD3uoG8VFU6nM2IDz+Nllbc5+KO o3wCYGg7S15skdCjz+p7s97hAJlQ+IKtAdMia0Hya6W4cDOUHJGTlXeMmSXlEKlu 2W9kZN8bAR6D4TkuW0RqMFAzCW0U+87VajKO28IZLSEFGo1KPbFYlVP2eXsi/mPj UND/fuivjzU= =5b+o -----END PGP SIGNATURE----- From nowhere at bsu-cs.bsu.edu Thu Mar 18 18:02:02 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Thu, 18 Mar 93 18:02:02 PST Subject: Cypher: Subject naming proposal In-Reply-To: <9303182329.AA21721@ucunix.san.uc.edu> Message-ID: <9303190157.AA14620@bsu-cs.bsu.edu> >Erm, only that this apparently appears to pretty much _require_ switching >mailreaders to MH. A more transparent solution can be achieved with the >'procmail' package, available from any comp.sources.misc archive. This >package allows rule-based filtering on message content, size, and other >factors, and can be installed workably with most mailreaders to my >knowledge, without requiring much effort. I don't know what you mean... The incoming mail ends up in /var/spool/mail (on my system) whether or not you use it. I use ELM as my mailreader and everything works fine. He did say that he is using ELM. To me, this is less effort than FTPing 'procmail.' >Crys Rides Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From karn at qualcomm.com Thu Mar 18 18:35:46 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 18 Mar 93 18:35:46 PST Subject: Cypher: Subject naming proposal Message-ID: <9303190233.AA19703@servo> Several years ago I wrote a UNIX utility that splits my incoming mail (directly from the spool) into files based on the To: and Cc: fields. I can specify the various mailing lists to which I subscribe in the shell script, with all others going to a file named "other". This way I can give higher priority to the mail that names me specifically as a recipient, and put off the mailing lists for later. And I can use any conventional mailer (like Mail) to read the split files. Phil From mnemonic at eff.org Thu Mar 18 19:16:33 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 18 Mar 93 19:16:33 PST Subject: You Aren't [I'm Not] In-Reply-To: <9303090316.AA17160@soda.berkeley.edu> Message-ID: <199303190313.AA15580@eff.org> Eric Hughes writes: > Last night I spoke with Mike Godwin of the EFF about the issue of > anonymous libel. Mike is not on the list, and I've copied him on this > message. Mike knows more about electronic speech issues than pretty > much anyone else. Here is my remembrance about what he said: > > 2. An anonymous remailer is not liable. In order to be liable for the > libellous speech, the operator of the remailer would have to have > prior knowledge that the speech was libellous. Since the operation of > the remailer is fully automated, prior knowledge is impossible. I'd modify that second point slightly--specifically, I'd say that an anonymous remailer *probably* is not liable. There's never been a case of this sort, but current American libel law suggests that the remailer would not be liable. --Mike From sasha at cs.umb.edu Thu Mar 18 23:43:35 1993 From: sasha at cs.umb.edu (Alexander Chislenko) Date: Thu, 18 Mar 93 23:43:35 PST Subject: POLI/TECH/SURVEY: Feds and computers. Message-ID: <199303190742.AA10986@ra.cs.umb.edu> There were two interesting articles today in the Marketplace section of the Wall Street Journal. I advise you to read them, and will give only brief references here: 1. "White House lets you turn on your PC, tune into politics" - Some stuff on White House and its email addresses, email in general, etc. Some of it informative, some stupid, some babble. One remarkable piece: "... the backward White House computer system doesn't receive the electronic messages directly, and the mail isn't answered electronically. Instead, the e-mail messages are delivered to White House on disk, where they are printed out and answered by low-level workers through regular paper mail." Ain't that amazing?! 2. To the right from the big central material on the crucially important subject of bacon sales, there starts an article "Ruling gives privacy a high-tech edge" - about the Jackson Games BBS case. While it might not offer conceptual breaktrhoughs to anybody on this list, it is (IMO) a very informative and sympathetic material; it describes the history of the case, recent rulings, their implications, etc. It is very nice that this is offered to a large audience. - Well worth reading. ------------------------------------------------------------------------------ | Alexander Chislenko | sasha at cs.umb.edu | Cambridge, MA | (617) 864-3382 | ------------------------------------------------------------------------------ From R.Tait at bnr.co.uk Fri Mar 19 03:45:39 1993 From: R.Tait at bnr.co.uk (R.Tait at bnr.co.uk) Date: Fri, 19 Mar 93 03:45:39 PST Subject: CYPHER: Problems with pgp2.2 ELM scripts? Message-ID: <199303181729.20139@bnsgs200.bnr.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hi all, Has anyone apart from me experienced problems with Vesselin's perl scripts for ELM that came bundled with pgp2.2? I'm running ELM 2.4 pl21, on a Sparc IPX, and basically, sometimes morepgp works, and sometimes it doesn't. mailpgp is proving fine. Now, I'm no perl wiz, so I can't really dive in and fix it, nor am I asking for someone to fix it (unless they want to), but it would be nice to know that it's just not my utter ineptitude... ;=) - -- Rick M. Tait Bell Northern Research (Europe) Tel: +44-81-945-3352, Fax: +44-81-945-3352 Network Management Systems New Southgate, London. UK email: ricktait at bnr.co.uk || gomez at cix.compulink.co.uk || ricktait at bnr.ca -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK6ixmdIfJtINuGaBAQGjWgP/R67RPs45OJLD65ZqtJVKOLpYrwaLQ8cT GOo9Ek9P2flywLt30U+h6/6JOmNCI9UhzeDUKpvnymk4OyReHnayDvtVqjM9c4AL dj+xez2wjFHgxvpOfaAVNGvLlYj5BiVu+D5S3w9laxczT0MvSDTfFhwJFEP+VWxE NbkeIjN4FrI= =/qoI -----END PGP SIGNATURE----- From collins at socrates.umd.edu Fri Mar 19 07:05:22 1993 From: collins at socrates.umd.edu (Jim C) Date: Fri, 19 Mar 93 07:05:22 PST Subject: Cypher:Subject naming- SUMMARY Message-ID: <9303191505.AA01177@toad.com> Ok, here's a summary of replies regarding sorting of mail by To: fields, or more in general, grouping all list mail together by mailing list. Thanx to all who responded. As you can see, there are a variety of ways to approach this problem. All of these replys were posted to Cypherpunks already, so re-posting is kosher. I've cut out the extra header stuff and the PGP signatures, and edited the messages for brevity. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From: nowhere at bsu-cs.bsu.edu (Chael Hall) Subject: Re: Cypher: Subject naming proposal To: collins at socrates.umd.edu (Jim C) Cc: cypherpunks at toad.com >Can I suggest that any messages posted to cypherpunks start with "Cypher:" >in the subject line? The mail from this list is getting mixed in with all >my other mail, cause my newsreader (elm) can't sort on "To:" fields. > Does anyone else have this problem? Does this idea seem reasonable? >JIm C. I use the following .forward file to make slocal "sort" my mail based upon the contents of the .maildelivery file below. -- $HOME/.forward -- | /usr/lib/mh/slocal -user nowhere You should use something like the following .maildelivery file to tell slocal where to put the messages. -- $HOME/.maildelivery -- # # field "pattern" action "command" # To "cypherpunks at toad.com" file ? Mail/cypherpunks This will file messages directed to cypherpunks to a file in your Elm mail directory, but leave all other messages untouched. You have to then choose the folder "=cypherpunks" to read those messages. NOTE: You need to change the path of slocal to the appropriate path for your system. You can find it with the whereis -b command or the find utility. Am I forgetting anything? Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From: Crys Rides Subject: Re: Cypher: Subject naming proposal >>>>> On Thu, 18 Mar 93 10:39:46 EST, nowhere at bsu-cs.bsu.edu (Chael Hall) said: Hall> I use the following .forward file to make slocal "sort" my mail based Hall> upon the contents of the .maildelivery file below. [snip] Hall> NOTE: You need to change the path of slocal to the appropriate Hall> path for your system. You can find it with the whereis -b command or Hall> the find utility. Am I forgetting anything? Erm, only that this apparently appears to pretty much _require_ switching mailreaders to MH. A more transparent solution can be achieved with the 'procmail' package, available from any comp.sources.misc archive. This package allows rule-based filtering on message content, size, and other factors, and can be installed workably with most mailreaders to my knowledge, without requiring much effort. Crys Rides >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >From wimsey.bc.ca!markh at wimsey.com Thu Mar 18 13:: Cypher: Subject naming propos al There's a program called "filter" (which I think is part of the elm distribution) that I use to automatically route messages from different mailing lists to separate folders, which can then be read at leisure. Very handy! derek >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> To: Brad Huntting , Jim C Subject: Re: Cypher: Subject naming proposal Cc: cypherpunks at toad.com mush will also allow filtering based on more or less whatever you want (e.g. To: fields). Mark -- Mark Henderson markh at wimsey.bc.ca From a2 at well.sf.ca.us Fri Mar 19 08:47:05 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Fri, 19 Mar 93 08:47:05 PST Subject: Anonymity in the real world Message-ID: <199303191643.AA15623@well.sf.ca.us> Re: Anonymity in the real world John Gilmore writes: >The person who wrote this stuff hasn't thought it through. Any of these >things can and do happen right now over the telephone (anonymously) >and through postal mail (anonymously). Somehow, society has not fallen >into anarchy because anyone can drop a letter in a mailbox. Why not? > >(pause here and actually think about it...) A lot of the stuff that appears on this list appears to come from people glassey-eyed hypnotized by the "power" of the internet, as if society had suddenly started behaving differently because we now type over our telephones. Actually, this is an abuse of a technology, since it's much quicker, and accurate, to talk over a telephone -- greater bandwidth, for those who insist on describing people in mechanical terms. If all our desks were in the same large room, each in its own little cubical, and we communicated by writing on pieces of paper and magically passing them around, the effect would be much the same as the internet -- except that the internet saves about a forest per gigabyte. For those who insist the difference is that the internet is "free", let them remember that each person has either purchased or is paying rent for their desk, but some of the rent is in the form of labor, etc. In this large room there are many people I have never meet, but who still send me pieces of paper. The pieces of paper have names on them, but since I have never meet the person who sends me a particular piece of paper, the names mean nothing; the sender is Anonymous to _me_, though I hope they have some friends. If I get enough pieces of paper from the same person, I eventually come to recognize the name, and form some expectations of what they have written on the piece of paper; then the person is a Pseudonym to _me_, since I still have not yet met that individual. This does not seem to be a lot to argue over. Suppose I now receive a piece of paper that says "Your doom is coming! You have been using my pieces of paper to blow your nose on! I cannot let this insult go unpunished: You will die at midnight!" I could think: well, it's just a piece of paper, there's no particular reason to be afraid of it. I could think: it's a large room, and this sender will have trouble finding me, so my doom will never arrive. I could think: as with most of the people in the room, this sender has never meet me, so my doom will not be able to recognize me. But what do think is: I will arrange to have a policeman at my desk at midnight, since it is still the real world. This is my experience of the internet. ************************************** bandwidth expander: :-) starts here ************************************** Now I will tell a fable about the old use of the telephone. Once upon a time, in a kingdom by the sea, the phone company (TPC) wanted to sell the peasants' phone numbers to anybody the peasants would call. It was an easy way to make gold. TPC said over and over again that peasants really enjoy doing this. However, the peasants didn't want to join in the fun, and insisted on having an option of deciding when TPC could sell the phone numbers -- a cypherpunk might say the peasants wanted to retain control of their anonymity. TPC saw that most of the peasants wouldn't release their phone numbers, and so there wouldn't be enough gold in it, and decided not to offer this wonderful service, and the peasants lived anonymously ever after... ...for about three days until the all the people in the kingdom, suddenly drunk on the newfound anonymity, completely overloaded and destroyed the phone system, by all lifting their phones at once, to place bomb threats. -a2. From mdiehl at triton.unm.edu Fri Mar 19 13:38:18 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Fri, 19 Mar 93 13:38:18 PST Subject: CYPHER: Problems with pgp2.2 ELM scripts? In-Reply-To: <199303181729.20139@bnsgs200.bnr.co.uk> Message-ID: <9303192136.AA11513@triton.unm.edu> > Hi all, > Has anyone apart from me experienced problems with Vesselin's perl > scripts for ELM that came bundled with pgp2.2? I'm running ELM 2.4 pl21, > on a Sparc IPX, and basically, sometimes morepgp works, and sometimes > it doesn't. mailpgp is proving fine. I am too. When I try to read my mail w/ elm, I get a (long!) pause then the message: Bad flag -S And the program bugs out. > Now, I'm no perl wiz, so I can't really dive in and fix it, nor am I > asking for someone to fix it (unless they want to), but it would be nice > to know that it's just not my utter ineptitude... ;=) Then we're both inept. ;^) +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From mdiehl at triton.unm.edu Fri Mar 19 14:11:10 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Fri, 19 Mar 93 14:11:10 PST Subject: We need a FAQ. Message-ID: <9303192209.AA13248@triton.unm.edu> I'd like to find out about remailers, reposters, and keyservers. All of this has been posted before, I know. We need to consolidate this into a FAQ for easier access. I'd almost do it myself if I still had the info on hand. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From phantom at u.washington.edu Fri Mar 19 14:44:31 1993 From: phantom at u.washington.edu (The Phantom) Date: Fri, 19 Mar 93 14:44:31 PST Subject: HIDE: embedded msgs in grphics & snd Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Recently George Gleason and myself have exchanged email concerning the embedding of messages into broadcast medium. We discussed options that would confound the traffic analysis performed upon the host medium. We came up with a few ideas that may be interesting to the list. George pointed out what I pointed out earlier - sending the latest Michael Jackson tune over the net might raise eyebrows as well as copyright violations. Being from the 'grunge town' of Seattle, it was discussed that perhaps it would be possible to send a copy of some 'unknown' band over the net without harm. In fact, perhaps this is a good place to start: the underground music scene. gg - "This week on Music By Wire, a new song by the Subversives, recorded at Pretty Good Productions. . ." This distribution channel has advantages over DAT -- no delay and the possibility of a large audience if there was a steady flow of musical traffic. Next, discussion turned to the integration of modem carrier tones as samples in music (rap). If this new twist caught on, the artist could encode messages (in plaintext, or later ciphertext) into the song, including the key on the record insert. What does this do for us? By using ciphertext "... as an artistic product, ..[we] thereby gain another layer of 1st Amendment protection." Free speech. Lastly and perhaps most interesting: I suggested that by using one of these garage bands, we might be able to distribute our own messages on CD. By getting ahold of a local bands' master before they take it to get a record pressed, we could digitize it ourselves, encode our messages (the kama sutra, a message of goodwill, the songs' lyrics, whatever the band wants, too!) into the LSBs and then give it back to the band to press CDs (put the key on the front cover if you like). The band could be told that not only were they certain to sell ~100 CDs (@ $12-$14 each = $1,300 -- no small sum for a garage band) just to cypherpunk members, but they would also be "the first band in history to digitally encode messages into their music... etc." I don't think the ~100 CDs is an understatement, either. How many cypherpunks do we have nowadays? I would be willing to shell over $15 for a (basically) small-capacity encrypted CD ROM disk, even though I personally don't have a player. gg and myself are both rather interested in this last idea -- tweaking with a bands' CD before it gets pressed. Does it sound promising to anyone else? matt -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK6oMPWSGfFo1zsA5AQEW0AQAqUNNUqdgNyyN2WPGSRx4RCy4umV985CL eHc6TnEsuVDO1InA8nsB4UVh96a3TG/jhSG3xVsGWYt/z5uJbTyqeHtkPWEiLz+j BgR5/mKmeAi0rvFDaIQS1JcoB9gBb3+EFnvOT4RpTtsw+pN5Fry+0PQpQi9zKXbZ pRCGtHKdiiE= =UvO3 -----END PGP SIGNATURE----- Matt Thomlinson University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From mccoy at ccwf.cc.utexas.edu Fri Mar 19 17:04:26 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Fri, 19 Mar 93 17:04:26 PST Subject: HIDE: embedded msgs in grphics & snd In-Reply-To: Message-ID: <9303200102.AA14124@tramp.cc.utexas.edu> The Phantom writes: > > Lastly and perhaps most interesting: I suggested that by using one of > these garage bands, we might be able to distribute our own messages > on CD. By getting ahold of a local bands' master before they take it > to get a record pressed, we could digitize it ourselves, encode our > messages (the kama sutra, a message of goodwill, the songs' lyrics, > whatever the band wants, too!) into the LSBs and then give it back to > the band to press CDs (put the key on the front cover if you like). [...] > I would be willing to shell over > $15 for a (basically) small-capacity encrypted CD ROM disk, even > though I personally don't have a player. A nice idea, but functionally impossible with today's technology. The firmware of CD-Rom players does not allow them to read the digital data of an audio CD and output it in digital, the output must be analog. The only exception to this that I know of is the SGI CD-rom. This restriction against digital output from audio CDs was put in after the music publishing industry made a big issue over pirating music, etc... I am not sure what mods have been done to the firmware of the SGI CD rom players, but the people on alt.cd-rom say it can read the digital data from audio-cds. Without this capacity you are not going to be able to stick the message in the CD as easily as you would be able to with a cd-rom player that could read digital... jim From jg at uruk.genmagic.com Fri Mar 19 19:43:16 1993 From: jg at uruk.genmagic.com (John Giannandrea) Date: Fri, 19 Mar 93 19:43:16 PST Subject: HIDE: embedded msgs in grphics & snd In-Reply-To: <9303200102.AA14124@tramp.cc.utexas.edu> Message-ID: <9303200341.AA01604@uruk.genmagic.com> Jim McCoy writes: > The firmware of CD-Rom players does not allow them to read the digital data of > an audio CD and output it in digital, the output must be analog. The only > exception to this that I know of is the SGI CD-rom. This drive is the Toshiba TXM3301. Although the firmware was specially commissioned by SGI I believe that the drive is available from Toshiba America directly. From mdiehl at triton.unm.edu Fri Mar 19 20:36:50 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Fri, 19 Mar 93 20:36:50 PST Subject: HIDE: embedded msgs in grphics & snd In-Reply-To: Message-ID: <9303200435.AA26847@triton.unm.edu> > George pointed out what I pointed out earlier - sending the latest > Michael Jackson tune over the net might raise eyebrows as well as > copyright violations. Being from the 'grunge town' of Seattle, it was Besides, Michael Jackson sucks! ;^) > discussed that perhaps it would be possible to send a copy of some > 'unknown' band over the net without harm. In fact, perhaps this is a > good place to start: the underground music scene. I assume you mean with their permission. Think of it, you tell a band that you want to distribute one of their demo's around the world. I think they'd buy it. And I don't think they'd care that you embedded a message in it, either. And a lot of cypherpunks like underground music. Works for all of us. I like this idea and think it could work. > gg - "This week on Music By Wire, a new song by the Subversives, > recorded at Pretty Good Productions. . ." I love it! Pretty Good Productions... That's the best. ;^) > Next, discussion turned to the integration of modem carrier tones as > samples in music (rap). If this new twist caught on, the artist could > encode messages (in plaintext, or later ciphertext) into the song, I don't know, will a modem weed out all of the noise to get to the carrier tones that we embedded in the crap...er...I mean rap music. ;^) > including the key on the record insert. What does this do for us? By > using ciphertext "... as an artistic product, ..[we] thereby gain > another layer of 1st Amendment protection." Free speech. Nice! > > Lastly and perhaps most interesting: I suggested that by using one of > these garage bands, we might be able to distribute our own messages > on CD. By getting ahold of a local bands' master before they take it > to get a record pressed, we could digitize it ourselves, encode our > messages (the kama sutra, a message of goodwill, the songs' lyrics, > whatever the band wants, too!) into the LSBs and then give it back to > the band to press CDs (put the key on the front cover if you like). I wonder if a PC will read the data that comprises a CD data-set. My consern is about directory structure etc. > The band could be told that not only were they certain to sell ~100 > CDs (@ $12-$14 each = $1,300 -- no small sum for a garage band) just > to cypherpunk members, but they would also be "the first band in > history to digitally encode messages into their music... etc." Kind of a new twist on backward subliminal messages, eh? ;^) > I don't think the ~100 CDs is an understatement, either. How many > cypherpunks do we have nowadays? I would be willing to shell over > $15 for a (basically) small-capacity encrypted CD ROM disk, even > though I personally don't have a player. We could distribute the needed source code on an underground basis. We could distribute whole software packages piggy-backing on a garage band's demo! Bitchen! > > gg and myself are both rather interested in this last idea -- > tweaking with a bands' CD before it gets pressed. Does it > sound promising to anyone else? Most definately! +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From mdiehl at triton.unm.edu Fri Mar 19 20:43:21 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Fri, 19 Mar 93 20:43:21 PST Subject: We need a FAQ. Message-ID: <9303200441.AA27024@triton.unm.edu> I'd like to have information on anon. remailers, news posters an key servers. I know this has been posted here before, but I lost it all and think that this stuff should be kept together for convenience. I'd almost do it myself if someone would mail me the info. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From a2 at well.sf.ca.us Fri Mar 19 21:43:13 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Fri, 19 Mar 93 21:43:13 PST Subject: Future Copy Message-ID: <199303200539.AA18329@well.sf.ca.us> Somehow, I think some of the readers of this list will find this interesting, I don't know why. Popular Science: April 1993 "Color Copiers Countering Counterfeiters An unfortunate result of advances in color copiers is that it is now easier to counterfeit currency. To make it more difficult, Cannon has developed two defenses. One is a currency-recognition technology similar to that used in vending machines. But Canon has enhanced the technology to recognize a bill regardless of its orientation of it it's among a clutter of material. In a demonstration, a Canon official tried to copy a Japanese bill. The copier sounded an alarm and spit out a piece of paper with a blackened rectangle where the image should have been. "Once a bill is recognized, we could do anything -- have the machine stop, sound an alarm, or, it it's connected to a phone line, call the police,' the official says. The copier will recognize as many currencies as possible. A second feature traces counterfeiters of official documents. Each copier embeds a code into the copied image, which is impossible to see. A special scanner extracts the code and a computer program then furnishes the copier's serial number, allowing identification of the registered purchaser of the machine. With the new anti-counterfeiting technology, Canon can also include a two-sided copying feature previously omitted from its color copiers." Of course, the second to the last paragraph is most interesting, along these lines: a. how are they doing that? b. is this preserved on a second, third, etc. generation copy? c. it is likely that computer scanning and OCR defeats this. c. anybody posting to whistleblowers should be aware of these new machines, and learn how to identify them, and their products. -a2. From gg at well.sf.ca.us Sat Mar 20 02:28:13 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sat, 20 Mar 93 02:28:13 PST Subject: HIDE: embedded msgs in grphics & snd Message-ID: <199303201024.AA09757@well.sf.ca.us> Re. cyphertext and music: I've been professionally involved in the recording/production scene and could arrange something. There are plenty of damn good bands in the Bay Area who might volunteer for this kind of thing; I can think of a couple of candidates right away. Also a great local studio, Polymorph Productions, which would be amenable to this. All we need to get going is for someone to cover the actual cost of studio time, which is only $30/hour. Now the only hitch right now is my own schedule being really really busy, but I could get a free weekend, or hook up some local cypherpunx with the bands and the studio, and see where it goes. Basically I get the idea that if this worked, the record would get a lot of interest including from a wider audience than cypherpunx, and that translates into attention on the band as such, and that translates into paying back the original production investment with interest. So, anyone interested...? -gg at well.sf.ca.us. From tcmay at netcom.com Sat Mar 20 10:37:46 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 20 Mar 93 10:37:46 PST Subject: HIDE: embedded msgs in grphics & snd Message-ID: <9303201836.AA18301@netcom.netcom.com> George Gleason writes: >Re. cyphertext and music: I've been professionally involved in the >recording/production scene and could arrange something. There are plenty of >damn good bands in the Bay Area who might volunteer for this kind of thing; >I can think of a couple of candidates right away. Also a great local >studio, Polymorph Productions, which would be amenable to this. All we need >to get going is for someone to cover the actual cost of studio time, which >is only $30/hour. Now the only hitch right now is my own schedule being I'm all for exploring hiding messages in the LSBs of images and audio (having written on this since 1988, and several times on this list), but I don't understand the idea of putting messages in widely distributed, publicly-advertised commercial or semi-commercial CDs: - if lots of people know about it--presumably the goal here--then why hide the message? (Granted, it'll make some people say "Like, wow! Like, messages, man!"...or whatever the current vernacular version would be.) - how would the key be distributed as widely? - clearly this is not a practical way to steganographically send messages. So, what exactly is the point of this exercise? -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From mdiehl at triton.unm.edu Sat Mar 20 14:45:23 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sat, 20 Mar 93 14:45:23 PST Subject: Problems with pgp elm scripts. Message-ID: <9303202243.AA21880@triton.unm.edu> I finally got my mailer script to work. I deleted the -S parameter to less in the perl script. But now, it seems that it can't sign my mail unless i'm in another directory but my home. It complains that it can't find a key in secring.pgp for user 'me'. me is an alias that I use for myself, but even if I send mail to mdiehl at triton, it still tries to find a key for 'me'. What gives? +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From uri at watson.ibm.com Sat Mar 20 16:37:39 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Sat, 20 Mar 93 16:37:39 PST Subject: HIDE: embedded msgs in grphics & snd In-Reply-To: <199303201024.AA09757@well.sf.ca.us> Message-ID: <9303210036.AA21784@buoy.watson.ibm.com> George A. Gleason says: > Re. cyphertext and music: I've been professionally involved in the > recording/production scene and could arrange something. There are plenty of > damn good bands in the Bay Area who might volunteer for this kind of thing; > I can think of a couple of candidates right away. Maybe I'm missing something, but why bother with recording professional and semi-professional music, when you can just as easily record your OWN voice and send a digitized voice message (as an e-mail enhancement)? In order to prevent smart censorship (i.e. altering LSBs under you) one must design sort of crypto-CRC, or like... -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- From alrub at pro-sol.cts.com Sat Mar 20 19:06:21 1993 From: alrub at pro-sol.cts.com (Al Rubottom) Date: Sat, 20 Mar 93 19:06:21 PST Subject: yr mailing list Message-ID: Dear friends: Please add my name to your mailing list. U.S. snail mail address; Al E. Rubottom 5352 Via Carancho San Diego, CA 92111 internet address: alrub at pro-sol.cts.com Thanking you in advance for your attnetin, I remain Appreciateively yours, Alrub ProLine: alrub at pro-sol Internet: alrub at pro-sol.cts.com UUCP: crash!pro-sol!alrub From jthomas at access.digex.com Sun Mar 21 09:06:16 1993 From: jthomas at access.digex.com (Joe Thomas) Date: Sun, 21 Mar 93 09:06:16 PST Subject: Looking for key-signers in DC Message-ID: I finally got my act together, and got PGP running on my pseudo-Mac (actually an Atari with an emulator, but that's another story). Is anyone around DC and available to sign it before I send it to the servers, etc.? Thanks, Joe From zane at genesis.mcs.com Sun Mar 21 13:59:01 1993 From: zane at genesis.mcs.com (Sameer Parekh) Date: Sun, 21 Mar 93 13:59:01 PST Subject: HIDE: embedded msgs in grphics & snd In-Reply-To: <199303201024.AA09757@well.sf.ca.us> Message-ID: In message <199303201024.AA09757 at well.sf.ca.us>, George A. Gleason writes: > I get the idea that if this worked, the record would get a lot of interest > including from a wider audience than cypherpunx, and that translates into > attention on the band as such, and that translates into paying back the > original production investment with interest. So, anyone interested...? > For exactly this reason, I don't think that this is a very good idea. The discussion here started as a search for a way to make encrypted data not look like encrypted data. (Once it becomes illegal). If encoding in LSBs becomes a famous technique, then once data encryption becomes illegal searching the LSBs will become standard procedure for that data cops. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From mdiehl at triton.unm.edu Sun Mar 21 18:39:05 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 21 Mar 93 18:39:05 PST Subject: HIDE: embedded msgs in grphics & snd In-Reply-To: Message-ID: <9303220237.AA02600@triton.unm.edu> > > In message <199303201024.AA09757 at well.sf.ca.us>, George A. Gleason writes: > > I get the idea that if this worked, the record would get a lot of interest > > including from a wider audience than cypherpunx, and that translates into > > attention on the band as such, and that translates into paying back the > > original production investment with interest. So, anyone interested...? > > > For exactly this reason, I don't think that this is a very good > idea. The discussion here started as a search for a way to make > encrypted data not look like encrypted data. (Once it becomes illegal). > If encoding in LSBs becomes a famous technique, then once data > encryption becomes illegal searching the LSBs will become standard > procedure for that data cops. At which time we simply abandon this media. But think of it. Don't you think a record company would be interested in a new record-selling gimmic? And they have enough money.....er...I mean clout, ya that's it, to protect their new- found gimmic. Just my (last) $.02, Thanx for listening. ;^) +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From djwright at blackfoot.ucs.indiana.edu Sun Mar 21 21:00:36 1993 From: djwright at blackfoot.ucs.indiana.edu (djwright) Date: Sun, 21 Mar 93 21:00:36 PST Subject: Idea Message-ID: <9303220500.AA03848@toad.com> Although the material is interesting, my mailbox is getting flooded.. perhaps the mail should be compiled into a newsletter or 'zine format and mailed monthly. Phrack magazine is sent with an automated mailer.. If you want more information.. send requests to root at stormking.com. Please seriously consider this, the bulk of mail vs. my time to deal with the volume of little messages is limited, and it is much better if it's a monthly o r weekly newsletter which I can download and browse at my leisure. It really is not much work to have a program dump all the mail into a file, then another program send out the file monthly. From i6t4 at jupiter.sun.csd.unb.ca Sun Mar 21 21:44:58 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Sun, 21 Mar 93 21:44:58 PST Subject: META: Support for prefixes In-Reply-To: <3098@morgan.demon.co.uk> Message-ID: {I realize I'm a mere two weeks behind in my mail... please ignore me if I'm way out of date on this...} I agree that this is a great idea... and looking ahead into the mail I am behind in, it looks like it is being done... I'd also like to be able to tell which mail list t he mail was from... I'd like it if the remailed mail from the list had CYPH: prepended to the front of all the subjects... On another note.... Tony... Please don't requote a large post, just to add a one line reply... It wastes a lot of bandwidth... I hope that no mailers still exist that do not allow you to edit the text that it includes from an original message when doing a reply... 5 minutes of editing for one person saves hundreds of people from wasting their time skipping a redundant post... --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger On Wed, 3 Mar 1993, Tony Kidson wrote: > > [ a convincing but long repost deleted ] ... > > Yanek Martinson > > yanek at novavax.nova.edu > I fully support this call for prefixes by subject class. > | Tony Kidson | ** PGP 2.1 Key by request ** | Voice +44 81 466 5127 | From julf at penet.FI Sun Mar 21 22:22:53 1993 From: julf at penet.FI (Johan Helsingius) Date: Sun, 21 Mar 93 22:22:53 PST Subject: Idea In-Reply-To: <9303220500.AA03848@toad.com> Message-ID: <9303220715.aa23117@penet.penet.FI> > Although the material is interesting, my mailbox is getting flooded.. > perhaps the mail should be compiled into a newsletter or 'zine format > and mailed monthly. I have no problems keeping up with the cypherpunks messages (they form such a small procentage of my mail anyway), and a good mail reader definitely helps. But if the messages got digested into huge batches, I would definitely stop reading them. Julf From crunch at netcom.com Sun Mar 21 22:42:31 1993 From: crunch at netcom.com (John Draper) Date: Sun, 21 Mar 93 22:42:31 PST Subject: Double messages Message-ID: <9303220641.AA00445@netcom2.netcom.com> I'm getting double messages from people. Is there something wrong with the mailing list? JD From mdiehl at triton.unm.edu Sun Mar 21 23:12:40 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 21 Mar 93 23:12:40 PST Subject: Idea In-Reply-To: <9303220715.aa23117@penet.penet.FI> Message-ID: <9303220711.AA12900@triton.unm.edu> > > > > Although the material is interesting, my mailbox is getting flooded.. > > perhaps the mail should be compiled into a newsletter or 'zine format > > and mailed monthly. > > I have no problems keeping up with the cypherpunks messages (they form > such a small procentage of my mail anyway), and a good mail reader > definitely helps. But if the messages got digested into huge batches, I > would definitely stop reading them. Me to! I might venture into the table of contents. If nothing seemed interesting there, (and there might be good stuff) I'd simpy hit 'd'. Don't digest them! Thanx. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From gg at well.sf.ca.us Mon Mar 22 04:19:59 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Mon, 22 Mar 93 04:19:59 PST Subject: HIDE: embedded msgs in grphics & snd Message-ID: <199303221218.AA23483@well.sf.ca.us> "once data encryption becomes illegal, searching for LSBs will become standard procedure for datacops." Aha, but if we can establish artistic protection for cyphertext, that will be one more brick in the wall that keeps the censors out. The point is to prevent it becoming illegal in the first place. Now so far we have one great strategy: making crypto ubiquitous, so there is no way to get the horses back into the barn. I think we can benefit from additional strategies, such as expanding into all the various areas of constitutional protection that might be available. -gg From mccoy at ccwf.cc.utexas.edu Mon Mar 22 08:19:08 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 22 Mar 93 08:19:08 PST Subject: Idea In-Reply-To: <9303220711.AA12900@triton.unm.edu> Message-ID: <9303221617.AA13744@tramp.cc.utexas.edu> > > > > > Although the material is interesting, my mailbox is getting flooded.. > > > perhaps the mail should be compiled into a newsletter or 'zine format > > > and mailed monthly. > > > > I have no problems keeping up with the cypherpunks messages (they form > > such a small procentage of my mail anyway), and a good mail reader > > definitely helps. But if the messages got digested into huge batches, I > > would definitely stop reading them. > > Me to! I might venture into the table of contents. If nothing seemed > interesting there, (and there might be good stuff) I'd simpy hit 'd'. Don't > digest them! Thanx. Perhaps it might make sense to digest them and offer the digest (perhaps weekly or even a daily digest) as an alternative mirror of the regular list. The cypherpunks messages make a small percentage of my mail too, but when I get a one or two hundred messages a day it is hard for me to keep track of ongoing discussions in this list and I have a tendency to nuke the messages outright if the subject doesn't interest me. Redirecting the messages to a seperate folder doesn't help much either because I sometimes don't have the time to check the folder more than once a day and then when I do check it I spend more time thinking about how to trim the many messages than anything else... It is kind of ironic that a list which deals with the dispersal and protection of information only offers a single, inefficient, method for accessing that information. Offering a daily or weekly digest of messages would be agood thing, IMHO. In addition to making the list accessible to people who have real jobs or better things to do with thier time during the day [ :-) ] it would also offer an easy method for archival of messages on the list (e.g. just store the daily or weekly logs somewhere for ftp...) jim From a2 at well.sf.ca.us Mon Mar 22 14:57:05 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Mon, 22 Mar 93 14:57:05 PST Subject: Idea Message-ID: <199303222255.AA22533@well.sf.ca.us> >>> preceeding postings not copied to increase the brevity of this message \ I like that last one too, but who will bell the cat? -a2. From fnerd at smds.com Mon Mar 22 15:20:11 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 22 Mar 93 15:20:11 PST Subject: Encrypted computing questions Message-ID: <9303222315.AB22500@smds.com> Timothy Newsham asks a lot of questions about my "crypto goal" of encrypted computing. Rather than answer his questions one at a time, I'll try to clarify what I meant. Also, below I ask about a related crypto goal of "trans-cryption." The idea is that you have a program and maybe some initial state information. The program accepts data in some encrypted form. It does the equivalent of decrypting it and processing it. EXCEPT... o It never turns any part of it into plaintext (unless the output is plaintext, in which case it only shows up after the computing is done). o It's impossible by analyzing the code or watching it run to figure out what it did, or which bits went where. o In particular, you can't figure out the decrypting key by analyzing the program or watching it run. o If there's state information left over, it has to be in some encrypted form. Working backward from these goals, I figure that the program is somehow combined with its private key when it is turned into a crypto-program. How do you convince users that this is what you've done, that your program is actually a crypto program that never reveals its private key or plaintext of its inputs--that it doesn't just decrypt and then process the plaintext--and that you've thrown away the private key used to make it? When it runs, it has to process all its data in encrypted form! What sort of encryption could this be? The data has to be shuffled all around continuously, and it would seem you'd have to have lots of "if" statements to make sure it behaved very differently with small input changes, so that no one could tell what any input bit affected. If the program were an interpreter for a general-purpose language, you could send it encrypted programs to run. A related idea is trans-cryption. Is it possible to do the equivalent of two RSA encryption steps (e.g., decrypt with one key, then encrypt with another), without storing information that would let you deduce either of the keys or the data between the two steps? -fnerd fnerd at smds.com (FutureNerd Steve Witham) From mccoy at ccwf.cc.utexas.edu Mon Mar 22 15:52:28 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 22 Mar 93 15:52:28 PST Subject: Idea In-Reply-To: <199303222255.AA22533@well.sf.ca.us> Message-ID: <9303222350.AA19244@tramp.cc.utexas.edu> > > >>> preceeding postings not copied to increase the brevity of this message > \ > I like that last one too, but who will bell the cat? It has already been done. Find the majordomo package (i found several sites with it via archie) and run this. It will automagically digestify and will also handle the subscribe/unsubscribe stuff. It is close to being a listserv for unix, but lacks the archive retrieval via mail functions. jim From hh at soda.berkeley.edu Tue Mar 23 00:08:52 1993 From: hh at soda.berkeley.edu (Eric Hollander) Date: Tue, 23 Mar 93 00:08:52 PST Subject: another remailer goes on line Message-ID: <9303230804.AA14414@soda.berkeley.edu> Three remailers was not enough for me. I set up a fourth: 00x at uclink.berkeley.edu. It uses Hal's scripts, and will soon be running pgp (I already have pgp comiled for it). I'll post keys as soon as they are available. e From karn at unix.ka9q.ampr.org Tue Mar 23 02:46:23 1993 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Tue, 23 Mar 93 02:46:23 PST Subject: your note on sci.crypt Message-ID: <9303231045.AA01021@unix.ka9q.ampr.org> Dr. Denning: Although you are correct that many of the responses to your proposal contained personal attacks (in which people called you naive, etc), you seem to believe that this invalidates the fundamental underlying point they were making. This is not so. This fundamental point can be summarized as follows: The US government has repeatedly shown by its past conduct that it simply cannot be trusted to obey its own laws regarding spying on private citizens, particularly those who are organized in lawful, peaceful opposition to government policies. And history has shown that it can take many years for unlawful monitoring to become public, if indeed they ever do (consider the current story I just sent you about the Army spying on Dr. Martin Luther King). In other words, the government has frequently ignored its own laws, because it knows it can do so with impunity. No credible case can be made that the problem has been "fixed" since the now-publicized abuses of the 1960s and 1970s, i.e., that new safeguards have somehow rendered the government incapable of violating the privacy rights of its citizens. Privacy violations may or may not still be occurring; we have no way to know. But I suspect it depends far more on the people in power than on any post-Watergate "safeguards" against the abuse of that power. The private use of strong cryptography provides, for the very first time, a truly effective safeguard against this sort of government abuse. And that's why it must continue to be free and unregulated. I should credit you for doing us all a very important service by raising this issue. Nothing could have lit a bigger fire under those of us who strongly believe in a citizens' right to use cryptography than your proposals to ban or regulate it. There are many of us out here who share this belief *and* have the technical skills to turn it into practice. And I promise you that we will fight for this belief to the bitter end, if necessary. Phil Karn From jthomas at coconut.mitre.org Tue Mar 23 09:09:00 1993 From: jthomas at coconut.mitre.org (Joe Thomas) Date: Tue, 23 Mar 93 09:09:00 PST Subject: REMAIL: Anon.penet.fi no more Message-ID: <9303231705.AA05316@coconut> You probably have seen this already, but it's certainly of relevance to cypherpunks: > Newsgroups: comp.org.eff.talk,news.admin.policy,alt.privacy,alt.sexual.abuse.reco very,alt.support,alt.transgendered,soc.motss > Path: linus.mitre.org!linus!agate!howland.reston.ans.net!usc!elroy.jpl.nasa .gov!decwrl!uunet!mcsun!fuug!penet!julf > From: julf at penet.fi (Ze Julf) > Subject: Anon.penet.fi no more > Organization: No! > Date: Tue, 23 Mar 1993 15:03:59 GMT > Message-ID: <1993Mar23.150359.16883 at penet.fi> > Lines: 54 > > The anonymous service at anon.penet.fi has been closed down. Postings to > netnews and mail to arbitrary addresses has been blocked. To enable users > who know each other only by their anon ID's to arrange alternate > communication paths, mail to anonymous users will still be supported for > two weeks. After this period all database entries will be deleted. > > Due to the lawsuit-intensive climate in the US, many anonymous services have > been short-lived. By setting up anon.penet.fi in Finland, I hoped to create > a more stable service. Anon.penet.fi managed to stay in operation for almost > five months. The service was protected from most of the usual problems that > had forced other services to shut down. But there are always going to be > ways to stop something as controversial as an anon service. In this case, a > very well-known and extremely highly regarded net personality managed to > contact exactly the right people to create a situation where it is > politically impossible for me to continue running the service. > > But of course this political situation is mainly caused by the abuse of the > network that a very small minority of anon users engaged in. This small > group of immature and thoughtless individuals (mainly users from US > universities) caused much aggravation and negative feelings towards the > service. This is especially unfortunate considering these people really are > a minuscule minority of anon users. The latest statistics from the service > show 18203 registered users, 3500 messages per day on the average, and > postings to 576 newsgroups. Of these users, I have received complaints > involving postings from 57 anonymous users, and, of these, been forced to > block only 8 users who continued their abuse despite a warning from me. > > In retrospect I realize that I have been guilty to keeping a far too low > profile on the network, prefering to deal with the abuse cases privately > instead of making strong public statements. Unfortunately I realized this > only a couple of days before being forced to shut down the service, but the > results of a single posting to alt.binaries.pictures.erotica.d gave very > positive results. I take full blaim for my failure to realize the > psychological effects of a strongly stated, publicly visible display of > policy with regards to the abuse cases. For this I have to apologize to the > whole net community. > > On the other hand I am deeply concerned by the fact that the strongest > opposition to the service didn't come from users but from network > administrators. I don't think sysadmins have a god-given mandate to > dictate what's good for the users and what's not. A lot of users have > contacted me to thank me for the service, describing situations where > anonymity has been crucial, but I could never have imagined in my wildest > dreams. At the same time quite a few network administrators have made > comments like "I can't imagine any valid use for anonymity on the net" and > "The only use for anonymity is to harrass and terrorize the net". > > Nevertheless, I really want to apologize both to all the users on the > network who have suffered from the abusive misuse of the server, and to all > the users who have come to rely on the service. Again, I take full > responsibility for what has happened. > > Julf > Very sad, rather scary. Sorry to hear this, Julf. Joe From hughes at soda.berkeley.edu Tue Mar 23 10:40:07 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 23 Mar 93 10:40:07 PST Subject: FWEE! premature testing In-Reply-To: <9303121624.tn02614@aol.com> Message-ID: <9303231835.AA14090@soda.berkeley.edu> Dave Del Torto writes regarding Tim May's whistleblower test: >I know you >really wanted to post that nifty F-117A thing you OCR'd _somewhere_ but that >was not particularly helpful. I think it was extremely helpful. Especially when we are in a design phase, it is good to know just how strong a reaction there will be to some of these posts. It benefits us to have had the experience, not just an awareness of the problem. >Someone suggested a set of WB guidelines should be posted. Any guidelines must remain completely neutral about content of postings. A whistleblowers group is for expressing outrage. The things you are outraged about will be necessarily different from what others are outraged about. It is certain that one act of outrage will itself be outrageous to another. We have seen this already with Tim's post. A whistleblowers newsgroup must remain value-neutral with respect to all values except the freedom to speak. When all agree in advance that freedom of speech is a good thing, then we avoid problems when specific speech is to one party's disadvantage. Value neutrality must be taught; it will not come automatically. This, and the ability to teach the defense of privacy, are in the long run much more valuable than any one specific whistleblowing. >Nicholas Johnson, the former head of the FCC (under Johnson) >Ralph Nader's organization >Jim Settle (FBI Computer Crime Squad) >a fellow from the CIA [his name's Ross Stapleton] Dave mentions all these people are in favor of whistleblowing. The place where they can help the most is by affixing their signature to a document that defends the whistleblowers group in advance of "problems" with it. If we can gather enough signatures from a wide enough spectrum of the political process, the publication of the document alone will be worth press coverage. It might also be worthwhile to take out a few big ads in major newspapers and print a position paper. [Re: comments from Ross Stapleton] >done "correctly," the system can 'perhaps be somewhat protected' from posting >by pranksters/attackers with bogus revelations - it might require someone to >preview postings There's no need to preview anything. Let people say whatever they want. Then, should the CIA wish to confirm something, they can issue a statement with a digital signature attached to it, referencing the post in question. Review and verification is a valid concern; pre-review is not. Eric From 76630.3577 at CompuServe.COM Tue Mar 23 12:08:48 1993 From: 76630.3577 at CompuServe.COM (Duncan Frissell) Date: Tue, 23 Mar 93 12:08:48 PST Subject: HIDE: embedded msgs in grphics & snd Message-ID: <930323195931_76630.3577_EHL41-1@CompuServe.COM> >>>For exactly this reason, I don't think that this is a very good >>>idea. The discussion here started as a search for a way to make >>>encrypted data not look like encrypted data. (Once it becomes illegal). I tell you three times, I tell you three times, I tell you three times... The Feds are *not* going to outlaw encryption. They believe in encryption. They even have official bodies designed to encourage encryption. They are not even going to outlaw encryption they can't break. They are internally split on the issue. By the time they got around to actually *doing* anything, we will have been online with a fully encrypted communications system for years. They can't move fast enough. They lack the overall control of the networks to implement such a proposal. There would be First Amendment challenges. In order for such regulation to be enacted, there would have to be a collective appreciation of the risk that encryption poses to the world's States (it risks their destruction but we won't tell them that). This is too much of a high order abstraction for a collective decision making process to handle. We've had powerful encryption techniques for a while in any case. One-time pads are more than 100 years old, aren't they. "Publication" in the international realm is not subject to local laws in any case. International publications routinely carry ads for goods or services that would be illegal to sell in the individual countries reached. Sometimes a country like Singapore will censor a publication like the Asian Wall Street Journal. Ridiculous since it can be read online. Outlawing encryption is a form of censorship and censorship will prove increasingly difficult as time goes on. If they can't keep crack cocaine out of Sing Sing, how can they keep PGP out of my computer (or computers under my control somewhere in the world). The enforcement problems are staggering. What about sentencing. What is the social damage involved in my sending my wife a 2.5K encrypted file. Pretty petty offense. Even if encryption was generally outlawed, anyone involved a privileged communication (spouses, attorney-client, physician-patient, priest-penitent, etc.) could continue to use the technology since assuring privacy is one of the technical requirements of exercising such a privilege. Say, what if I as an attorney operate an anonymous remailer. I know that privilege probably wouldn't attach because I wasn't a party to the communications but it would make for some entertaining litigation. No one has yet answered my legal question of several months ago. If you have an unbroken coded message, how does the prosecutor prove beyond a reasonable doubt and to a moral certainty that it is a coded message. Even if it has identifying headers and footers, that say "PGP 2.2" you can claim that you just put them on to random noise for fun in order to tweak the noses of the authorities. Duncan Frissell From fergp at sytex.com Tue Mar 23 12:26:44 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 23 Mar 93 12:26:44 PST Subject: Legal Net Monthly Newsletter Message-ID: Opinion, editorial and news worthy submissions are currently being (sought and) accepted for a new start-up electronic news journal. This monthly compilation will be called 'The Legal Net Monthly Newsletter' and will focus on the legal and ethical aspects of computer networking. Legal Net Monthly will be a non-biased, open forum electronic newsletter keeping in step with the networking environment of the '90's and will be availble by E-Mail subscription. Legal Net Monthly is aiming to release it's first issue on May 1st, 1993. Articles on the following topics are especially welcome: o Defining "Criminal Mischief" on the Nets o Authoring/Distributing Computer Viruses: Legal Implications o Legislative news around the world Send all sumissions, subscription requests and correspondence to: fergp at sytex.com Paul Ferguson | "Sincerity is fine, but it's no Network Integration Consultant | excuse for stupidity." Centreville, Virginia USA | -- Anonymous fergp at sytex.com (Internet) | sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP 2.2 public encryption key available upon request. From hughes at soda.berkeley.edu Tue Mar 23 12:32:42 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 23 Mar 93 12:32:42 PST Subject: Idea In-Reply-To: <9303221617.AA13744@tramp.cc.utexas.edu> Message-ID: <9303232028.AA20325@soda.berkeley.edu> Jim writes: >It is kind of ironic that a list which deals with the dispersal and >protection of information only offers a single, inefficient, method for >accessing that information. My main goal for cypherpunks is to get people to defend their own privacy, rather than relying on someone else to provide it for them. There were several different methods recently mentioned that allow people to take control of their own email flow. I would suggest that all those who would rather have another way of accessing the list do so on their own computers. In addition to all the methods for handling mail mentioned before, the remailer source code includes a rewrite of slocal in perl done by Hal Finney. Available from soda.berkeley.edu:pub/cypherpunks/remailer. Eric From 74076.1041 at CompuServe.COM Tue Mar 23 13:14:19 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 23 Mar 93 13:14:19 PST Subject: REMAIL: Anon.penet.fi no Message-ID: <930323210434_74076.1041_DHJ74-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- > The anonymous service at anon.penet.fi has been closed down. > But of course this political situation is mainly caused by the abuse of the > network that a very small minority of anon users engaged in. This small > group of immature and thoughtless individuals (mainly users from US > universities) caused much aggravation and negative feelings towards the > service. This is especially unfortunate considering these people really are > a minuscule minority of anon users. The latest statistics from the service > show 18203 registered users, 3500 messages per day on the average, and > postings to 576 newsgroups. Of these users, I have received complaints > involving postings from 57 anonymous users, and, of these, been forced to > block only 8 users who continued their abuse despite a warning from me. This is truly tragic. Julf has endured weeks of attacks and now The Powers That Be have managed to shut down this widely used service. In the debates we've had here about anonymous posting, we have distinguished two problems: volume abuse and content abuse. Volume abuse is the use of the remailers to send "mail bombs", excessivelly large or numerous messages to an individual designed to fill his mailbox, or to similarly bombard newsgroups with large numbers of messages. Most of us have agreed that this is a legitimate problem, and various mechanisms have been discussed to address this. Content abuse is more problematical; it basically refers to someone posting a message whose contents someone else objects to. The traditions of freedom of speech and freedom of the press in the U.S. make it difficult to argue in favor of restrictions based on message content. Despite this, I have the impression that most of the objectionable messages Johan refers to actually were objected to based on their content. It's not that people were bombarding newsgroups with excessive numbers of messages, it's that they were posting things that (some) people didn't want them to post. It would be useful if Johan, after he has a chance to rest up a bit from the recent political battles, could take the time to summarize information about "abusive" posts. To what extent are the problems due to message contents, versus size or frequency, for example? Are there any patterns that can be gleaned about what material people most object to? In particular, it would be interesting to know whether there was material posted which was arguably illegal versus just in bad taste (in someone's opinion). This kind of information would be useful for the next time someone is willing to brave the net censors and start another anonymous posting service. Hal -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK69QWKgTA69YIUw3AQHl7gP9H4iOSInpXNnpC8UGlrUlIXyQAX5m5ude 5Gn8tK9qgo0QRpwCMyVnYf3W+5Zpr5GVZJ53TrArODwpqW49mfFg2NmAX3npq9jo Bx9Etmhj2M0krJZ0WAF3TBTx/cmfrStBJA1+dpjeacjuGhAD7b8518TFqFRlGbRB sIlEd6laEgA= =FH2l -----END PGP SIGNATURE----- From pmetzger at snark.shearson.com Tue Mar 23 14:55:05 1993 From: pmetzger at snark.shearson.com (Perry E. Metzger) Date: Tue, 23 Mar 93 14:55:05 PST Subject: REMAIL: Anon.penet.fi no In-Reply-To: <930323210434_74076.1041_DHJ74-1@CompuServe.COM> Message-ID: <9303232205.AA07849@snark.shearson.com> Hal says: > > This is truly tragic. Julf has endured weeks of attacks and now The > Powers That Be have managed to shut down this widely used service. [...] > Despite this, I have the impression that most of the objectionable messages > Johan refers to actually were objected to based on their content. It's > not that people were bombarding newsgroups with excessive numbers of messages , > it's that they were posting things that (some) people didn't want them to > post. Interesting, isn't it, that Ted Tso's nightmare about horrible libelous or volume-bomb postings didn't come true, but my nightmare about censorship seems to have. They've succeeded this time, but I doubt that they will next time... Perry From julf at penet.FI Tue Mar 23 17:17:21 1993 From: julf at penet.FI (Johan Helsingius) Date: Tue, 23 Mar 93 17:17:21 PST Subject: anon.penet.fi bites the dust Message-ID: <9303232122.aa19890@penet.penet.FI> Today I posted the attached message to various newsgroups. I still plan to continue mail service, and my work on the alt.whistleblowers project. Julf ----------- The anonymous posting service at anon.penet.fi has been closed down. Postings to netnews and mail to arbitrary addresses has been blocked. Mail to anonymous users will still be supported, so anon.penet.fi can be used as an anonymous P.O.Box service. Due to the lawsuit-intensive climate in the US, many anonymous services have been short-lived. By setting up anon.penet.fi in Finland, I hoped to create a more stable service. Anon.penet.fi managed to stay in operation for almost five months. The service was protected from most of the usual problems that had forced other services to shut down. But there are always going to be ways to stop something as controversial as an anon service. In this case, a very well-known and extremely highly regarded net personality managed to contact exactly the right people to create a situation where it is politically impossible for me to continue running the service. But of course this political situation is mainly caused by the abuse of the network that a very small minority of anon users engaged in. This small group of immature and thoughtless individuals (mainly users from US universities) caused much aggravation and negative feelings towards the service. This is especially unfortunate considering these people really are a minuscule minority of anon users. The latest statistics from the service show 18203 registered users, 3500 messages per day on the average, and postings to 576 newsgroups. Of these users, I have received complaints involving postings from 57 anonymous users, and, of these, been forced to block only 8 users who continued their abuse despite a warning from me. In retrospect I realize that I have been guilty to keeping a far too low profile on the network, prefering to deal with the abuse cases privately instead of making strong public statements. Unfortunately I realized this only a couple of days before being forced to shut down the service, but the results of a single posting to alt.binaries.pictures.erotica.d gave very positive results. I take full blaim for my failure to realize the psychological effects of a strongly stated, publicly visible display of policy with regards to the abuse cases. For this I have to apologize to the whole net community. On the other hand I am deeply concerned by the fact that the strongest opposition to the service didn't come from users but from network administrators. I don't think sysadmins have a god-given mandate to dictate what's good for the users and what's not. A lot of users have contacted me to thank me for the service, describing situations where anonymity has been crucial, but I could never have imagined in my wildest dreams. At the same time quite a few network administrators have made comments like "I can't imagine any valid use for anonymity on the net" and "The only use for anonymity is to harrass and terrorize the net". Nevertheless, I really want to apologize both to all the users on the network who have suffered from the abusive misuse of the server, and to all the users who have come to rely on the service. Again, I take full responsibility for what has happened. Julf From dmandl at shearson.com Tue Mar 23 19:31:27 1993 From: dmandl at shearson.com (David Mandl) Date: Tue, 23 Mar 93 19:31:27 PST Subject: Call for Submissions: Autonomedia Message-ID: <9303240019.AA22037@tardis.shearson.com> Please feel free to distribute the following to anyone you think might be interested. Thanks. -------------------------------------------------------------------- CALL FOR CONTRIBUTIONS Dear Friends, Autonomedia is preparing an anthology of essays and possible visual material for a book (and electronic media) on the issues surrounding communications, intellectual property, work, and new information technologies. We anticipate a publication date at the end of this year. Among the many topics we hope to address: The anti-copyright movement State information-control mechanisms "Plunderphonics" and sound sampling Immediatism Plagiarism Cypherpunk and crypto anarchy Hacking and cracking The politics of "academic freedom" Virtual prisons and digital leashes Class struggle on the high-tech front Phone sex and computer porn Obsolescent media and "product" The politics of mail art and free radio Future tech Network TV, cable, and narrowcasting Laws and borders, globalism Aesthetics of appropriation after post-modernism Electronic banking, digital cash, the end of "money" Visual imaging and electronic pictography Virtual reality and electronic spectacularity Data piracy: computer viruses, high tech luddism, etc. Anonymity and digital identities Genetics as commercial medium Primitivism and the anti-technology movement The legacy and future of phone phreaking Body politics, angelic capital, mormons in space Robots and computerized industrial production Media ecology and media diets Surveillance and popular defense "Information economy" Cybergnosis This list is meant to be suggestive, not exhaustive. Query us with your suggestions as soon as possible. We hope to make contact with all possible contributors by the start of summer, with a final deadline of October 1, 1993, for submissions. Wherever feasible, please send submissions on computer disk (ASCII or any word processing format in any platform) as well as by paper copy. We appreciate any help you may be able to offer in this endeavor. AUTONOMEDIA COLLECTIVE P.O. Box 568 Williamsburg Station Brooklyn, NY 11211-0568 USA email: jafhc at cunyvm.cuny.edu or dmandl at shearson.com Fax: 718-387-6471 -------------------------------------------------------------------- From ssandfort at attmail.com Tue Mar 23 21:08:24 1993 From: ssandfort at attmail.com (ssandfort at attmail.com) Date: Tue, 23 Mar 93 21:08:24 PST Subject: anon.penet.fi bites the dust Message-ID: <9303240508.AA10264@toad.com> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Johan Helsingius (Julf) writes: ". . . a very well-known and extremely highly regarded net personality managed to contact exactly the right people to create a situation where it is politically impossible for me to continue running the service." Excuse me. Why aren't the names of the "net personality" and "exactly the right people" given in this post? Did they request anonymity? Of course, you wouldn't want to get them mad. They might punish you by . . . by, oh, I don't know . . . maybe shutting down your anonymous remailers? Couldn't have that, could we? S a n d y ssandfort at attmail.com "A slave is one who waits for someone else to free him." -- Rosellen Brown -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From internaut at aol.com Wed Mar 24 01:17:51 1993 From: internaut at aol.com (internaut at aol.com) Date: Wed, 24 Mar 93 01:17:51 PST Subject: FREE: warning to "sci" anonymous posters Message-ID: <9303240415.tn73502@aol.com> Sir, I find the contents of your warning message (appended below) to be an outrageous affront to the right of Freedom of Speech granted to all Americans in the Constitution. In fact, if you take a moment to think globally, your proposals are detrimental to the future freedom of all Citizens of the World. I think that you *yourself* should be warned that there are many of us watching your actions with great interest - and some of us have very long memories when such repressive actions are considered. particularly vexing is the idea that ANY anonymous mail might be censored - this might edit out EXACTLY the voices of criticism that make out Nation and our Internet great. Any newsgroup that can't accept the fundamental right anonymous posting should have the option of IGNORING them, but not removing them. People who want to censor speech in such a knee-jerk way have no place in public with other free people. If the reasoned opinion of any upstanding Citizen of the Internet or the US has any effect on your actions, I strongly urge you to stop this practice (if you have begun using it) and to never, ever begin it (if you have not yet). Someday you may want to vote in a US election. You'll probably want to cast a secret ballot, won't you? This is only one small example of the fundamental role of anonymity in our great Democracy. We don't need this brand of "enforcement" example on the Internet, and we don't need berobed Ku Klux Klan members lynching people to remind minorities to "behave." Erode these freedoms, and you may one day be unable to cast a ballot without being photographed and fingerprinted - it wouldn't be a very satisfactory way to run a Democracy, would it? You might scoff at my example, but one can build a mountain from many pebbles, and your action is a large chunk of stone in the mountain of Thought Bondage. I prefer to believe that you are a well-educated, thoughtful person who can see the Orwellian Thought Control inherent in this idea. i refer to imagine that you will not only reconsider such actions and vow to never follow those censorial urges, but also actively persuade others of such restrictive opinions to reconsider and stop their actions. A good Golden Rule to follow is: "Don't limit anyone's Freedom of Speech or you might be next one to be silenced!" Do the Right Thing! dave > As I promised yesterday, I emailed each recent anonomous poster >in the "sci" hierarchy a note explaining what may happen this >weekend. > >Dick >=-=-=-=-=-=-=-=-= >Dear anonymous poster, > > You may not be aware of the discussion in news.admin.policy >concerning the propriety of posting anonymously to newsgroups which >have not invited such postings. As someone who has posted anonymously >to the "sci" hierarchy recently, you should read it. > > I am writing to inform you that if Julf, admin at anon.penet.fi, >does not soon block anonymous postings to the "sci" hierarchy, then >I will activate an "Automated Retroactive Minimal Moderation" script >that will cancel postings to this hierarchy from his server. This is >intended to restore the pre-Julf status quo, at least temporarily, >over the weekend. > > Rest assured that there is nothing personal in this. I have not >read your postings, and I have no reason to believe that they were out >of line in any way other than being anonymous. I have nothing against >anonymous postings to groups that have decided to accept such >postings, nor do I object to any newsgroup deciding to do this. I >*do* object to Julf's permitting his server to post to newsgroups >without any effort to determine whether the readers of those newsgroups >want to permit anonymous postings. > > You have several possible courses of action if you wish to post >to the "sci" hierarchy while the "Automated Retroactive Minimal >Moderation" is in effect: > >*1 convince Julf to accept the "Petersen Proposal" for default > settings for different hierarchies. I promise to turn off the > ARMM script as soon as I hear that he will do this (or anything > reasonably responsive). > >*2 convince the readers of the newsgroup to which you want to post > that anonymous postings should be accepted in that newsgroup. > I can think of several valid reasons that may prompt such a desire, > but the decision should be made by the readers of the newsgroup, not > imposed by a single person such as Julf, or me. I promise to > abide by whatever decision the newsgroup makes. This does not > need to be a formal vote. A straw vote with a clear majority will > suffice. > >*3 have a friend post for you, use a different anonymous server, > or, if all else fails, post under your own name. People used to > do this, you know. :-) > > If none of these suit you, then simply be patient, and wait until >Monday. I intend to run ARMM, if I run it at all, for less than 48 >hours... this time. This is merely intended to be a demonstration >that an effective enforcement mechanism for blocking postings from a >particular site can work. > > I apologize in advance for any inconvenience this may cause you. >My argument is with Julf and is about the default setting for entire >hierarchies; it is not with you or your particular postings. From tcmay at netcom.com Wed Mar 24 15:14:22 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 24 Mar 93 15:14:22 PST Subject: Many Important Items in the News Message-ID: <9303242312.AA07079@netcom.netcom.com> I urge all Cypherpunks to keep up with what's happening in several newsgroups: * alt.security.pgp and sci.crypt, for the latest in availability of PGP, MacPGP, etc. Also, a debate over Dorothy Denning's ideas on key registration and restrictions on crypto. (And for entertainment, David Sternlight and our own Perry Metzger are duking it out. Sternlight caused MacPGP to be pulled off the announced archive sites.) * news.admin.policy, for the latest on Julf's shutdown of his anonymous server, and for discussion of proposed successors. The whole shutdown is an important topic--perhaps someday Julf will be able to tell the whole story. Mention of the "Cypherpunks remailers" has been made in several places....this may be a good time to a) prepare for a wave of new users, b) be sure the code is solid and ready, and c) advertise the existence of the remailers and which one are up, which ones require PGP, etc. And given that our systems are "even more anonymous" that Julf's was, the abuses seen with his system will have to be faced on our systems. The alleged abuses of Julf's system: supposedly a picture of a burn victim was posted to one of the erotica groups (tacky in the extreme, but hardly illegal or a threat), instructions on how to poison cats (also tacky but not ipso facto criminal), etc. (I don't know what the culminating case was, nor will I speculate.) As we've talked about before, some folks may try to shut us down by deliberately posting extremely controversial material. There was also a major flamewar over the weekend when one Richard DePew decided to initiate his "ARMM" ("Automated Retroactive Minimal Moderation") program, which sent out "CANCEL" notices for anonymous messages posted to certain groups. Very controversial, and a sign of things to come. (The connection, if any, with Julf's shutdown remains unclear. Certainly the whole issue of anonymous postings reached a head this past weekend. Sternlight's threats about PGP may have been involved as well. Julf?) (Cypherpunks remailers may want to change the "Nobody" and "Anonymous" tags to names that are less screenable, less susceptible to censorship by ARMM-type programs. Using a rotating list of fictional or historical names may be an approach, but I'm sure we can think of many ways to bypass ARMM-type cancellers.) These are certainly interesting times. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From karn at qualcomm.com Wed Mar 24 18:57:35 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 24 Mar 93 18:57:35 PST Subject: Many Important Items in the News Message-ID: <9303250255.AA11589@servo> >(Cypherpunks remailers may want to change the "Nobody" and "Anonymous" tags >to names that are less screenable, less susceptible to censorship by >ARMM-type programs. Using a rotating list of fictional or historical names >may be an approach, but I'm sure we can think of many ways to bypass >ARMM-type cancellers.) I'm not sure I like this idea. In my own discussions with people on this issue, I've found that "filterability" (for lack of a better term) overcomes *many* (if not all) of the standard objections to anonymous email. I see email anonymity as directly analogous to Caller-ID in the telephone network. Historically, telephony and email have taken competely opposite tacks on the caller privacy issue: telephone calls have always been anonymous while the Internet has effectively had "Caller ID" with no blocking. Caller ID changes the former assumption, while the anonymous remailer changes the latter. A consensus seems to be emerging on Caller ID: it's a good thing, *provided* there's a way to block it. In other words, the calling and called parties must agree on whether or not the caller will identify himself. If they don't agree, the call won't go through. Because the Caller ID messages explicitly state when the caller's number is blocked (as opposed to simply being unavailable for other reasons), it would be straightforward to build a call filter box that would disable your ringer and return an error message to any caller that invokes caller ID blocking. ("I'm sorry, the number you have reached will not accept anonymous calls. If you wish to reach this party, please unblock caller ID and try your call again.") I think this approach strikes an eminently reasonable balance between the privacy interests of the two parties. Personally, I would not use such a box unless I was actually having problems with anonymous crank calls. But a single woman living alone might well feel differently. The important thing is to let each individual make that decision for him/herself, not to impose one policy on the entire world. I think this is also exactly the right solution for email. The policy for the Internet should be that anonymous email is perfectly okay as long as it is clearly labeled as such. Then anyone who doesn't want to receive it can automatically remove it from their incoming mail without ever having to set eyes on it. This allows anonymous email to flourish wherever the recipients consent to receiving it, while it could not be used (for very long, anyway) to harass a nonconsenting recipient. More elaborate filters could be constructed that would accept anonymous email only when it had been signed by certain specific RSA keys. This would let consenting parties communicate by means of pseudonyms, without having to open themselves up to anonymous harassment from the entire net. What do you think? Phil From tcmay at netcom.com Wed Mar 24 21:24:49 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 24 Mar 93 21:24:49 PST Subject: Many Important Items in the News Message-ID: <9303250523.AA15039@netcom.netcom.com> Phil Karn comments on my proposal: >>(Cypherpunks remailers may want to change the "Nobody" and "Anonymous" tags >>to names that are less screenable, less susceptible to censorship by >>ARMM-type programs. Using a rotating list of fictional or historical names >>may be an approach, but I'm sure we can think of many ways to bypass >>ARMM-type cancellers.) > >I'm not sure I like this idea. In my own discussions with people on >this issue, I've found that "filterability" (for lack of a better >term) overcomes *many* (if not all) of the standard objections to >anonymous email. A very good point. I was thinking more about the "ARMM"-style attacks and not so much about the normal filters people might write to keep from seeing anonymous posts. So, anything we do to make it hard for a determined attacker (writing ARMM-style filters), makes it even harder for casual users. I guess the solution is to discourage global, ARMM-style filters (and perhaps even look again, as a community, at digital sigs for postings, so that only the author can cancel them). -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From honey at citi.umich.edu Wed Mar 24 22:06:35 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Wed, 24 Mar 93 22:06:35 PST Subject: Many Important Items in the News Message-ID: <9303250606.AA17600@toad.com> digital signatures for cancellation might allow "uncancellable" messages, which has some attraction in the current climate. (armm, macpgp muscled off of archives, the loss of pax and now penet.) peter From mccoy at ccwf.cc.utexas.edu Wed Mar 24 23:26:25 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 24 Mar 93 23:26:25 PST Subject: A New Usenet... Message-ID: <9303250724.AA25473@tigger.cc.utexas.edu> The automatic cancellation/censorship was the straw that broke this camel's back. I have had it with what I perceive as limitations in Usenet based upon artifacts of a design that did not understand just how fast and large it would become. The time has come to rebuild that system. No one else is going to do it if we don't, and no one will take into consideration the distinct nature of privacy and expression in this medium as much as the sort of people who are on this list. The time has come for a revolution. I will take up the sword of my C compiler and the shield of perl scripts alone if necessary, but I hope to find the cadre of network visionaries and inspired hackers that are willing to help shape the next generation of the Usenet. Usenet is suffering from growing pains. If you want to help shape it then send me mail (I will set up an actual mailing list in the next day or two, once I do so I will let people know.) Even if you are not particularly interested in working on this project, I am looking for a nice snappy name (marketing, marketing, marketing.... :) and would love to hear suggestions. Enough of the grand speeches though, here are a few things that I think that need to be a part of the next usenet: Multi-level news hierarchies: -Some are read-write, like the current usenet. In these groups, identity has no real meaning (it is so trivial to fake postings now that I could not believe the indignation peopel seemed to feel about anonymous postings) and it functions much like the current usenet with only a few modifications (no cancel messages and a few other hacks to get people up to speed with the realities of modern communication) -Read-only groups, similar to existing moderated groups, but moderation is authenticated using cryptographic techniques. -Read-mostly groups, in these groups thre exist moderators and a small group of people who are given the ability to post messages. Those who are given posting ability is determined by others in the group or some other agreed upon method. This is mostly for technical and scientific groups where the purpose is to maintain a very high signal-noise ratio. The function of the moderators is to provide minimal guidance regarding topics and to provide an editorial gateway through which people who are not members of the group could post questions or comments. MIME and crypto authetication built into messages. -only the poster or moderator (if there is one) could cancel a message -people are identified only by thier key and not by any particular email address. the news server itself can serve as a gateway to get messages to people who post an article (and can include the basics of the anonymous remailers to preserve poster anonymity if desired Any other idea out there? Let me know. The only limitation I can see at the moment on the scope of ideas is that it needs to be backward compatible with the existing system; this makes it much easier to implement and have a wide ranging audience from day one. Comments? jim From portwatson at firefly.rain.com Thu Mar 25 03:02:30 1993 From: portwatson at firefly.rain.com (Port Watson Ltd) Date: Thu, 25 Mar 93 03:02:30 PST Subject: Tropical Libertaria Message-ID: An Island in the Net... Dear Freedom Lover, Do you yearn for freedom now? Do you ever daydream...plotting your daring escape from the faceless bureaucrats and their idiotic edicts? Imagine, for a moment, your picture of "utopia"...a place where you are free to be you...with friends and neighbors who share your views on liberty, individualism, free thought and free enterprise. A place where the sun sets and rises on a locale of mutual acceptance and intellectual emancipation... A place where your personal lifestyle is your business... Your very own private tropical paradise where freedom flows gently through the palms like a tradewind breeze... Safe, secure, crime-free...yet fun and exciting... A place which has existed only in our hearts and minds... ...until now: We invite you to visit Port Watson where the quality of life is our first concern... Located on Clove Cay, Exuma, Bahamas, Port Watson is being created as an intentional community of Free-thinkers, Artists, Writers, Cybernauts, Philosophers, Computer Professionals, Free- Market Leaders, and other Interesting Individuals in the midst of a true tropical island paradise surrounded by the best sailing, fishing, and diving waters in the world! Conspicuous by their absence are Cops, Jails, Tax Collectors, and Bureaucrats. Your neighbors will be adventuresome free-thinkers who understand freedom and personal responsibility... Free-spirited intellectuals who share your vision of a libertarian intentional community... People like YOU. Picture yourself on a hammock between twin palms gently swaying in the tradewinds' breeze beside a quiet lagoon as sailboats glide gracefully by. The water is light green, deep blue and every imaginable hue in between, yet clear as glass down to the sand dollars, starfish and colorful shells below... Or, if you seek the more active lifestyle, water sports abound in the calm, clear seas surrounding Port Watson. The diving is rated among the best in The Bahamas, which is to say the best in the world, and yachtsmen the world over revere the waters for their unsurpassed clarity and beauty and uninhabited white beaches. Famous for its abundant fishing, being rich in Blue Marlin, Bonefish, Tuna, Amberjack and Grouper, Port Watson is a true Deep Sea Fisherman's dream. Make your next car a boat! Whether you plan to become a year-around resident, or decide to build a vacation home, Port Watson is exclusive, private, quiet...for the discerning few who know the value of ocean front property... Port Watson at Clove Cay is a rare real estate opportunity that you can visit, build your dream home on, vacation at, or live forever with those you love. In fact, the friendly new free-market government of The Bahamas is encouraging your emigration... If you're an interesting person, chances are you fall under the Group 4 Specialist Category, which means that you qualify for permanent residence without giving up your U.S. citizenship...all the benefits of Bahamian citizenship with all the comforts of home. The Bahamas - the perfect NO-TAX haven... No personal or corporate income tax, no sales tax, no capital gains tax, no withholding tax, no business tax, no estate tax, no gift tax, no inheritance tax, no death duties, no employment taxes, no probate fees, (and, in the case of Port Watson, a generous exemption from property tax.) Individuals, corporations (including nonresident-controlled Bahamian corporations), partnerships, trusts, and estates can all enjoy this immunity! And, there's more... ...The Bahama's model bank secrecy laws are the envy of the world...and the scourge of greedy bureaucrats. The Bahamian secrecy laws are imposed on all Bank and Trust Companies, their directors, officers, and employees, attorneys, and auditors. The Bahamas is not a party to any tax or fiscal information-sharing agreements (i.e., tax treaties) with any other country. Neither the IRS, Revenue Canada, British Inland Revenue, nor any other foreign principality or power can obtain information about a bank account you may have in The Bahamas...Once you open an account in The Bahamas, you are the only one who has the privilege to access it! Freedom isn't free, but we've made it as low cost as possible. Lots start at $20,000 at 10% down/10 years....owner financing is available! All land sales and transfers are being handled by Graham Thompson & Co., Sassoon House, Nassau, Bahamas. We have investigated the cost of materials and local labor, and can recommend several styles of homes and building materials. Using state-of-the-art building techniques and materials, your home could be on-site and up in a matter of weeks. If you wish, we can arrange the rental of your vacation home for you. Homes in the area currently rent from $150 to $300 per night. If you elect to rent out your vacation home through us, full-time caretakers are available to maintain your home and grounds during your absence for a small fee, contingent upon rental. With an eye toward our goal of reasonable self-sufficiency, co-ops are being encouraged to meet such needs as energy, food, communications, etc., to ensure that Port Watsonians enjoy the comforts of gracious high-tech living. Even co-op housing options are available as a cost-saving alternative for the budget minded, and our planned state-of-the-art satellite communications facility will make telecommuting a comfortable reality for our residents. We've caught the attention and encouragement of such notables as Peter Lamborn Wilson, author and editor of Semiotext(e), Robert Anton Wilson, author of Prometheus Rising, et. al., and Dr. Mary Ruwart, author of "Healing Our World: The Other Piece of the Puzzle," and Andre Marrou's first choice as Vice Presidential running mate. As Dr. Ruwart expressed to us: "A libertarian community, ESPECIALLY IN THE BAHAMAS, is a GREAT idea!" You see, Port Watson is an Idea Whose Time Has Come. For itinerary and more information contact Kevin Bloom, of Port Watson Ltd, 303-442-6256 (11 AM to 6 PM Mountain Time) or portwatson at firefly.rain.com or 74640.606 at compuserve.com... VISIT PORT WATSON, the intentional community at Clove Cay, Exuma, Bahamas...AND LET THE ADVENTURE BEGIN! Your Visit May Be Tax Deductible! This offer of freedom void where prohibited by law or similar inanity. Sincerely Yours, Benjamin Hamilton Power, Secretary-Treasurer Port Watson, Ltd. portwatson at firefly.rain.com -more- Addendum: Having read this far, you have a pretty good idea of what we're doing at Port Watson, and whether Port Watson sounds like the place you've been looking for. We, of Port Watson, know that freedom is precious and essential to personal growth and prosperity, and this philosophy is central to our community. We also know that freedom doesn't just "happen." It must be created... Indeed, we're turning dream into reality, and we're inviting you to join us! Those of us who launched this project are totally committed to its success, and will be living at Port Watson permanently. We beckon you to join us in this exciting adventure. Our model of tolerance, personal liberty and intellectual freedom will be the paradigm of the consummate intentional community...the very idea of such an environment is attracting "just the right people," and we'd like you to be among them. In addition to having a social atmosphere conducive to creativity and free trade, we are also developing an economic environment which will help ensure the project's success. A system of voluntary cooperatives is being encouraged to take care of such needs as food, energy, communications, waste-management, consumer goods and other staples, electronics, toys, education, banking and investments, and so forth. Your participation in any or all of these co-ops is, of course, completely voluntary. Please inquire. One unique option being offered for those with an eye toward budget is that of Alternative Co-op Housing. If you're not familiar with Co-op housing, it works like this: Each family unit (or individual) owns its own dwelling. This can be either an unattached cottage or a condo style arrangement. Centrally located is a larger building which holds a large kitchen, dining hall, and living/entertaining area. Cooking duties are shared by Co-op members on a rotational basis ...depending on the size of your Co- op, your kitchen shift could occur as infrequently as once a month...this alone makes Co-op housing extremely attractive. Members of the Co-op housing group can also arrange for child-care and home schooling options with other members. Co-op housing members are able to pool their resources to create mega-workshops, computer LAN systems, or whatever they desire. Co-housing offers a genuine feeling of community at an affordable price, and is a logical arrangement for those of you who may be coming on board as a group. It is very popular in Denmark, and has enjoyed some success in communities in the United States. If you prefer conventional housing, many different styles and materials are obtainable locally, and labor is available in George Town on nearby Great Exuma. If you're looking for that special location to build a vacation or retirement home, rest assured that Port Watson is the place for you. Vacation homes rent for $150 to $300 per night in this part of the world, and with the proper listing and promotion many of those homes stay quite "busy." Your rental profits could be deposited in your Bahamian bank account, if you so desire. Our planned state-of-the-art satellite communications facility will provide for the transmission of voice/video/data, making telecommuting a viable option for many residents of Port Watson, especially writers and individuals involved in the development of software products. Most Port Watsonians are computer professionals who have decided to break free from the bumper-to-bumper chain-gang choosing, instead, the tranquility of a beach-front paradise as their office. If you're an entrepreneur, many excellent opportunities exist in the form of tourist concessions such as diving, boating, windsurfing, fishing, food service, tavern, etc., in what is basically virgin territory. Remember, your Bahamian bank account is your business. Please inquire. We are eager to hear from you, and will gladly answer any questions you may have. The prospects are exciting, paradise awaits, and the time to embark is now... Our initial group will consist of fifty people, but in order to meet our contractual obligations, we must have those fifty people confirmed within the next sixty days.....so call now. Those addresses, again, are: Kevin Bloom Voice 303-442-6256 (11 AM to 6 PM Mountain Time) CompuServe 74640,606 CompuServe via Internet: 74640.606 at compuserve.com or Internet: portwatson at firefly.rain.com Some oft-asked questions: Q: Are you starting your own country? A: No, we are creating an intentional community on a beautiful privately owned island. Q: Where is Clove Cay? A: Clove Cay is an island in the Brigantine Chain of The Bahamas, which parallels the Exuma Chain. It is a 15 minute boat ride from Barreterre Island, which is connected by bridge to the northern tip of Great Exuma. George Town is 45 minutes away by car. Q: How do I get there? A: Several airlines, including American Eagle (800-433-7300) and Airway International (305-526-3852) have daily flights to George Town from Miami or Ft. Lauderdale. Bahamasair (800-327-8080) flies to George Town daily from Nassau. Hire a car from George Town north to Barreterre at the tip of Great Exuma (about 45 minutes) and onward by boat to Port Watson on Clove Cay (15-20 minutes.) A representative of Port Watson is living on the island to host visitors. Your stay will be quite enjoyable. Call Kevin Bloom at 303-442-6256 to make arrangements for your visit. Q: Must I give up my U.S. citizenship to live at Port Watson? A: No. U.S. citizens are allowed to stay for up to three months almost automatically, and renewing is usually very easy. Professional skills are in demand in The Bahamas and can get you Group Four Specialist classification which qualifies you for Permanent Residence status. Entrepreneurs investing in new businesses can also obtain permanent residence quite easily. Q: Do I need a passport or visa to visit Port Watson? A: U.S. citizens do not need a passport or visa to enter The Bahamas. You will need two pieces of identification to re-enter the United States, such as a valid driver's license and a voter registration stub. Q: Will we be under Bahamian jurisdiction? A: Yes, but don't panic. The Bahamian government does not pester privately owned islands. One of the most popular resorts, Abaco, boasts of no police and no jails. There is very little crime in the Out-islands and, because there are so few taxes, the government has little reason to meddle in private affairs. The rule of thumb is that the further away you get from the central government in Nassau, the less interference you receive. The recently elected government of The Bahamas leans very strongly toward free-market principles and is dedicating itself to removing much of the bureaucracy and restrictions put in place by the former Pindling administration. Frankly speaking, the Bahamians like our project and want us there. Taken together, all of these factors should lead to an environment markedly freer of government interference than is currently the case in the U.S. or much of the rest of the world. Q: Are there homes already on the island? A: There is one home and several out-buildings, all of which are currently in use. Q: Is Port Watson, Ltd., acting as developer? A: Port Watson, Ltd., is not a developer, per se, and is only subdividing the island and making the lots available to interested persons. Each property owner is responsible for developing his or her own property, including providing water, waste disposal, power, phone service, and so forth. We are encouraging buyers to form cooperatives to fill such needs, and are facilitating the formation of such co-ops; participation by each property owner is strictly voluntary. Q: How long will it take for me to build my home? A: With today's materials and techniques, your home could be up in a few weeks. Q: What about firearms? A: Unfortunately, The Bahamas has gone the way of other Commonwealth nations on that one...better leave them at home. However, shotgun permits may be obtained. We have Bahamian attorneys to help in such matters. Q: Are medical facilities available? A: Yes. The George Town Medical Clinic has two nurses and one resident physician less than an hour away. Also, the Bahamian government keeps aircraft on standby for Out-island emergencies. Q: What about drinking water? A: Water catchment systems are the norm in the region, and are generally found to be quite adequate. Also, you may wish to consider joining or forming a desalination co-op. Port Watson, Ltd., retains underground water rights to the island. Q: What about energy? A: Most homes in the Out-islands rely on small generators for their electrical, and bottled gas for cooking. Wind and solar sources are also becoming popular. You, and your neighbors, may wish to form an energy co-op utilizing a larger, quieter, more efficient diesel generator shared among several homes. Q: What about waste management? A: We are encouraging the use of chemically assisted composting toilets and other forms of recycling. Your participation in a waste management and recycling co-op is strongly encouraged. Q: How do I go about joining or forming a co-op? A: Just let us know. We will put you in touch with other Port Watsonians who share the same interests. Q: What about currency? A: U.S. currency is accepted everywhere, with a value of one to one. Change is often given using both U.S. and the colorful Bahamian currency. Q: Where can I do my banking? A: Both Barclay's Bank and the Bank of Nova Scotia have George Town branches. Q: The C.I.A. is directing microwaves at my brain in an attempt to drive me insane, forcing me to wear a tin-foil lined bicycle helmet at all times, even while sleeping. Will my situation improve if I move to Port Watson? A: No. Q: What about my plastic? A: The larger resort towns, such as Nassau and Freeport, accept all major U.S., British, and continental credit cards, as do most hotels in the Out-islands. Many shops, however, do not, so it's a good idea to bring along travellers checks, just to be sure. Q: How can I support myself on an island? Are any employment opportunities available? A: Port Watson offers many opportunities for entrepreneurs in the form of tourist concessions and support services, as well as a planned telecommuting infrastructure ideal for computer specialists, writers, and other information-age professionals. As Port Watson grows, so will many other opportunities. Q: Are there any restrictions on what I can do with my property? A: Property owners are free to do as they wish with their property, but may not take anything from or discharge anything onto neighboring properties without the appropriate owners' permission. On Clove Cay, property boundaries are clearly defined to prevent any "tragedies of the commons." Buildings of greater than two stories are discouraged. Let's all be aware of how our actions are affecting our neighbors' sunlight, wind, views, etc. Of course, a group of property owners is free to place voluntary contractual restrictions on the use of their own properties, if they so desire. NOTE: Take a look at our beautiful island! Digitized photographs of Clove Cay are available on the Internet via anonymous ftp from onion.rain.com (147.28.0.161) in the directory /pub/portwatson. From internaut at aol.com Thu Mar 25 04:50:36 1993 From: internaut at aol.com (internaut at aol.com) Date: Thu, 25 Mar 93 04:50:36 PST Subject: ANON: Anon.penet.fi no more Message-ID: <9303250649.tn83751@aol.com> >>> The anonymous service at anon.penet.fi has been closed down. This is a dark day indeed. The forces of Repression are upon us yet again. OK, where do we set up the next one? I guess the solution here is to have a floating set of difficult-to-detect anon remailers and switch between them regularly. Someday, when I can afford the hardware, I vow to provide this service and not be harrassed into shutting down. Toward this end, it would be great if Julf could post a list of the sys admin's who were instrumental in shutting down penet.fi. I think all of us should be made aware of their presence for future reference. And now, Upward! dave From ncselxsi!drzaphod at ncselxsi.netcom.com Thu Mar 25 07:41:33 1993 From: ncselxsi!drzaphod at ncselxsi.netcom.com (DrZaphod) Date: Thu, 25 Mar 93 07:41:33 PST Subject: Many Important Items in the News Message-ID: <5659.drzaphod@ncselxsi> I think we need to gear our remailers more towards pseudonymous communication. I agree with Phil Karn when he says mailer filters will eventually be capable [and widespread] as to filter by RSA public-key so as to only need one anonymous acct... But for now I believe we need to open up more pseudonymous remailers such as penet, with an anonymous option. There may be legal trouble upon action of this suggestion, and all the better to bring attention to our cause.. assuming we can get enough people to start this type of remailer. (Phil Karn) writes: >More elaborate filters could be constructed that would accept >anonymous email only when it had been signed by certain specific RSA >keys. This would let consenting parties communicate by means of >pseudonyms, without having to open themselves up to anonymous >harassment from the entire net. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod at ncselxsi.uucp]# [MindPolice Censored This Bit] - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From david at staff.udc.upenn.edu Thu Mar 25 07:50:58 1993 From: david at staff.udc.upenn.edu (R. David Murray) Date: Thu, 25 Mar 93 07:50:58 PST Subject: Many Important Items in the News Message-ID: <9303251547.AA23456@staff.udc.upenn.edu> Phil Karn suggests that the ability for potential recipients to block anonymous mail is important. I agree. If you don't mind a few comments from someone who has been lurking until now . . . If, as Tim May says, the cyphperpunks anonymous remailers have been mentioned more widely, it may be time for the cypherpunks to 'go public'. I suspect, from the traffic on news.admin.policy (which I just read a bunch of) that things would have been less acrimonious if Julf had chosen to respond to admin complaints and been seen to be clearly working toward a mutually acceptible solution. I understand (I think) why he chose not to, but if news.admin.policy starts talking about cypherpunk remailers, then, based on what we learned from Julf's experience (thanks Julf, and sorry it turned out the way it did, and happy it wasn't worse) I don't think we can afford to remain silent. I suspect that even if Julf had been participating in that discussion he still would have been shut down, but it might have taken longer, and people might (/might/) understand his/our position better. I suggest we be proactive about 'anonymous call blocking', and prepare information sheets and code to make it easy for people who choose to do so to block anonymous mail/postings, and at the appropriate time publish these widely. Perhaps a member with an effective writing style (Tim?) could prepare a 'position paper' explaining our position. Of course, talk of Anarchy would be a little much, so the problem would be what to include . . . An argument that might appeal to the control freaks is that anonymous remailers are inevitable, and it would be better to codify it and provide mechanisms for 'anonymous message blocking' than to have to deal with it anew each time someone new starts up an anonymous service. The biggest problem I see is that a number of Julf's supporters pointed to the fact that penet anonymous users could be sent email, just like a regular net id, and had a sysadmin who could block them for bad behaviour, just like a regular net id. Cypherpunk remailers do away with that, and that could be a hard sell. The danger of asking news.admin.policy in on a standardization discussion is that they could decide this level of 'accountability' was required and get really nasty about anything else. I hope others have some better ideas about how to prepare for what comes next. The one clear thing is that we have a lot to learn from Julf's experience. Anyone interested in the future of anonymity on the net who has not read through some of the postings on news.admin.policy should do so. -- david david at staff.udc.upenn.edu From marc at GZA.COM Thu Mar 25 08:20:41 1993 From: marc at GZA.COM (Marc Horowitz) Date: Thu, 25 Mar 93 08:20:41 PST Subject: Many Important Items in the News In-Reply-To: <9303250606.AA17600@toad.com> Message-ID: <9303251618.AA01313@dun-dun-noodles.aktis.com> >> digital signatures for cancellation might allow "uncancellable" >> messages, which has some attraction in the current climate. What's uncancellable? If someone starts abusing things with "uncancellable" messages, then the USENET backbone gets together and stops passing these "uncancellable" messages from site to site. The messages will die very quickly, I assure you. If you change the names/message ids/whatever, then *all* such messages will end up getting nuked. Our protection here is that the backbone sites have proven in the past to be very strong supporters of speech. If that changes, we have worse problems. >> (armm, USENET would fall apart without the ability to cancel messages. >> macpgp muscled off of archives Huh? I don't care how many and whose signatures you put on something. When the guy who owns the disk wants it to go away, it will. >> the loss of pax and now penet.) Same as above. When the network provider decides to remove the connection for whatever reason, it's gone. I'm all in favor of technological solutions when appropriate. And I think that the use of ARMM on sci.* when there was no substantial reason was irresponsible and wrong. However, I don't think problems like volume abuse can be solved by purely technical means. When some bonehead starts putting megabytes of noise on sci.crypt, I want to be able to cancel his messages. Don't give me lines about user filtering; The best user agent in the world isn't going to make my net connection any bigger. I don't have the net bandwidth at my site to suck over megabytes of trash in order to ignore it until it expires. Marc From honey at citi.umich.edu Thu Mar 25 08:56:27 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Thu, 25 Mar 93 08:56:27 PST Subject: Many Important Items in the News Message-ID: <9303251656.AA00930@toad.com> marc, if article cancellation is made cryptographically secure, there is the possibility that articles can be made uncancellable. of course, if there is some wild card that allows the backbone cabal to cancel articles remotely and after the fact, then i suspect usenet will remain vulnerable to forged cancellation messages. but maybe not. i see your point about backbone admins refusing to traffic in certain kinds of messages, but as a veteran of usenet from before it was even called usenet, i assure you that other admins would quickly fill in the gaps in connectivity. this has happened many times. i don't agree, btw, that we can rely on the backbone admins to be very strong supporters of speech, nor should we. as for "the guy with the disk" wanting macpgp to go away, that's not what happened here. everyone i've talked to that has a direct role in the decision agrees that there is a valid research and education function served by distributing macpgp. ah well, sometimes the dragon wins. and regarding the network providers decision to pull penet's plug, i believe this decision was based principally on the opinion of ... how did julf put it? ... oh yes, "a very well-known and extremely highly regarded net personality" (i doubt that i would regard him as a strong supporter of free speech, btw). i suspect that when we get to the bottom of this, we'll discover that many people's interests were being represented without their knowledge, assent, or agreement. regarding your comments about net abuse and megabytes of trash, i agree that we need to brainstorm and find ways to address these problems. i am optimistic that technical solutions hold a lot of promise; it's just a matter of discovering them. let's put our shoulder to the wheel! peter From jb at paris7.jussieu.fr Thu Mar 25 09:01:37 1993 From: jb at paris7.jussieu.fr (jb at paris7.jussieu.fr) Date: Thu, 25 Mar 93 09:01:37 PST Subject: ARMM? Message-ID: <0096a0bf.8fb237b2.4300@paris7.jussieu.fr> Hi, What's ARMM or whatever it's called? Thanx, jb From jthomas at access.digex.com Thu Mar 25 09:19:42 1993 From: jthomas at access.digex.com (Joe Thomas) Date: Thu, 25 Mar 93 09:19:42 PST Subject: Distributed anonymous posting (was Re: Many Important Items...) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Tim May writes: > Phil Karn comments on my proposal: > > >>(Cypherpunks remailers may want to change the "Nobody" and "Anonymous" tags > >>to names that are less screenable, less susceptible to censorship by > >>ARMM-type programs... > >I'm not sure I like this idea. In my own discussions with people on > >this issue, I've found that "filterability" (for lack of a better > >term) overcomes *many* (if not all) of the standard objections to > >anonymous email. > A very good point. I was thinking more about the "ARMM"-style attacks and > not so much about the normal filters people might write to keep from seeing > anonymous posts. We may be getting ahead of ourselves here. Because of design decisions in the cypherpunk remailers, I think they'd be a poor infrastructure for anonymous Usenet posting. Anonymous posting has been around as long as Usenet, in the form of forged messages. The most important service Julf's remailer provided was a _return_path_ for replies, something cypherpunk remailers take deliberate steps to destroy. If one of the cypherpunk remailers suddenly decided to implement anonymous Usenet posting as-is, I think ARMM II would be the least of its problems. I have been working through a few ideas for the design of a _distributed_ anonymous posting service, in which the loss of one machine would not destroy all return addresses at that machine, nor compromise the return- path database. A handful of penet-style servers who share their return- address databases (kept updated through an encrypted e-mail protocol, perhaps) act as a Usenet "front-end" for posting. But their databases contain encrypted SASE paths through several cypherpunk remailers, instead of normal return addresses. Messages posted through any of the front ends could be sent to the same user-name at any of the other front-end machines, since they keep the same databases. In order to assure that SASE return path is robust, despite an environment in which remailers may be shut down at any time, secret sharing might be used for remailer private keys. When a remailer went down, a quorum of the remaining remailer operators would nominate a site to replace it, and send the "pieces" of the lost remailer's secret key to the replacement site's administrator. The remaining remailers would adjust their "routing tables" so mail whose next hop should be to the lost remailer is sent to its replacement instead. The best part is that all of this would be transparent to the Usenet user, who would just see a penet-style return address, along with a note in the automatically appended signature that said that "if mail to an1234 at foo.com bounces, just try an1234 at bar.uk or baz.fi," or whatever. No doubt there are some problems with this scheme (traffic analysis attacks on the SASE paths if the front-end database is compromised, etc.) that need to be addresssed, but I offer it as a preliminary idea for a replacement service whose stability would not be subject to the whims of any one site or network connection. > I guess the solution is to discourage global, ARMM-style filters (and > perhaps even look again, as a community, at digital sigs for postings, so that only the author can cancel them). Agreed. This could even be implemented into today's news structure. Old servers would continue to blindly heed all cancel messages, while the new software would verify PEM-style signatures, possibly as a header field. And if a cabal of prudish newsadmins wanted to let each other cancel those offensive anonymous articles at their sites, they could simply tell their software to accept cancels signed by cabal-members' keys. I don't see how anyone could oppose this. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7Hk7Iwu6QoBw6rbAQF5owQAlfXjo8G+cKiSVEbfIBAXIAsmTJkBLcAH OhCzyXZXyCKeH5J8yB9cgTgpCsxQCdBgQLsW2aqvyWaVgMX4rXvjx6vqYbm4BW5p 9OQ6YhLI17zArrqPPsyzbYYHwUXXY2vYEWAmFXNhYBv9r4vbbT3IqPJgCTKltShA 5ho53DEkIRA= =6q8R -----END PGP SIGNATURE----- -- Joe Thomas PGP key available by request or by finger. PGP key fingerprint: 1E E1 B8 6E 49 67 C4 19 8B F1 E4 9D F0 6D 68 4B From edgar at spectrx.Saigon.COM Thu Mar 25 09:44:17 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Thu, 25 Mar 93 09:44:17 PST Subject: REMAIL: Whence Remailers? Message-ID: With the unfortunate recent forced demise of the penet.fi remailer, The Cypherpunks remailers now seem to be the only holdouts. So where do we go from here? Is anyone feeling intimidated yet? Chael Hall has implemented an "--ignore--" kill line in his remailer, which I have verified works. I wish you other remailer operators (except Miron Cuperman) would adopt that hack into your own remailers. You also might help Chael integrate PGP into his remailer; he says he's having problems. Another feature I've asked for is ability to post to newsgroups through the remailers. With the demise of penet.fi, this becomes more urgent. I've been told that one can post anonymously by using Cypherpunks remailers in conjunction with a non-anonymous e-mail server newsgroup poster like ucbvax.berkeley.edu. The instructions I've received say to Send to, e.g., sci-crypt at ucbvax.berkeley.edu to post to sci.crypt. But what about newsgroups which contain dashes in the name, such as "rec.video.cable-tv"; how does one encode the ucbvax address for those. Anyone who knows, please post or send e-mail. But adding code to the current remailers to post instead of mail by using say, :: Request-Reposting-To: [newsgroup] should be pretty easy, shouldn't it?? -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca From 74076.1041 at CompuServe.COM Thu Mar 25 10:19:34 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 25 Mar 93 10:19:34 PST Subject: Many Important Items in the News Message-ID: <930325181131_74076.1041_FHD33-1@CompuServe.COM> Responding to Phil Karn's proposal that anonymous mail should be clearly marked as such: The only thing I object to in this is that it implicitly gives up one of the strongest arguments in favor of anonymity/pseudonymity, which is that there is already no way to verify identities on the net. In Phil's analogy with Caller ID, where the net is said to already be a "Caller ID" environment, the thing to realize is that the "ID's" are not necessarily accurate. To a large extent, identity on the net is an illusion. Pseudonymous remailers like Julf's should be seen as a natural extension of net culture. This situation is only going to become more extreme as the net continues to move beyond its original, relatively controlled, community of large universities and government research labs, to include the general public. As more and more "Free Net", Public Access, and BBS systems become part of the internet, there is either going to have to be a massive and universal crackdown on identity verification, which I think is unlikely, or else there is going to have to be acceptance that net identity doesn't necessarily correspond to real names. (I myself have had email-capable accounts in three names besides my own on various systems.) Granted, this argument did not persuade the facist forces which forced the shutdown of Julf's remailer, but that doesn't invalidate it. Julf's remailer was not shut down due to reasoned disagreement and a consensus that it was wrong; rather, its shutdown was (as far as is known so far) a demonstration of raw power by some person or small group. Responding to Marc Horowitz's point about problems with the idea of uncancellable messages: Marc raises the issue of volume abuse. I think it's important to note that, as far as I know, the Penet postings which people complained about where NOT examples of volume abuse. The objections to these messages were based on their contents. (In some cases, people objected to some messages not because of their contents or their volume, but simply because they were "anonymous"!) I realize that Marc was addressing the issue of uncancellable messages in general, not specifically with regard to anonymous messages. I am not an expert on news software but reading the debate on this issue in news.admin.policy it appears that the current system is far too lax in allowing cancel messages. It appears to be very easy to cancel postings made by someone else. This led to De Pew and his cancel daemon, which itself led to counter-threats for cancel daemons to be activated against De Pew and other posters from his site. All this points to design flaws in the cancel mechanism. I do think that it would be appropriate to put more restrictions on cancel messages, and digital signatures could play a part in this. Perhaps Marc's concern about payment for volume abuse could be dealt with by some limitations on large postings. I don't really know how Marc (or anyone) distinguishes between a 100K byte junk file in sci.crypt and a 100K byte file in alt.graphics.misc which he might find equally uninteresting and for which he has to pay equally. Maybe he's only reading sci.crypt? In that case perhaps a solution would be for the news transfer software to be enhanced to allow some filtering. Hal 74076.1041 at compuserve.com P.S. Edgar asks about the mail-to-news gateway at ucbvax.berkeley.edu. Recently I saw postings indicating that this gateway had shut down. If anyone has information on mail-to-news gateways please post it here. From ggoebel at sun1.ruf.uni-freiburg.de Thu Mar 25 10:24:46 1993 From: ggoebel at sun1.ruf.uni-freiburg.de (Garrett Goebel) Date: Thu, 25 Mar 93 10:24:46 PST Subject: Add Me to the List Message-ID: <9303251823.AA19435@sun1.ruf.uni-freiburg.de> I have tried many a time, to send mail asking to subscribe to cypherpunks-request at toad.com I have never received any list mail. I think I have been added to the announce list... but I would greatly appreciate it if someone would add me on to the main list. thanks, -- C. Garrett Goebel From karn at qualcomm.com Thu Mar 25 13:51:17 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 25 Mar 93 13:51:17 PST Subject: Many Important Items in the News Message-ID: <9303252149.AA17207@servo> I agree. It's time to take mail anonymity into the mainstream. There are plenty of legitimate reasons for anonymity, as the Caller ID debate shows. I think an enlightened approach that eschews a single, network-wide policy on the acceptability of anonymous messages in favor of leaving it up to the individual email recipient is something that we could sell to the Internet as a whole. We shouldn't have to treat this as a confrontational either-or issue when there's a third way out that balances everybody's interests. Phil From david at staff.udc.upenn.edu Thu Mar 25 14:58:57 1993 From: david at staff.udc.upenn.edu (R. David Murray) Date: Thu, 25 Mar 93 14:58:57 PST Subject: Many Important Items in the News In-Reply-To: <9303252149.AA17207@servo> Message-ID: <9303252255.AA08705@staff.udc.upenn.edu> Phil Karn writes: > I think an enlightened approach that eschews a single, network-wide > policy on the acceptability of anonymous messages in favor of leaving > it up to the individual email recipient is something that we could > sell to the Internet as a whole. You know, what we might to do is figure out a first cut position, and then set up a mock debate. Have some members 'role-play' vociforous opponents of nyms. That way we might be able to work out in advance good counter arguments for the nastiest objections any of us can think of. I'm sure the /real/ ojectors will come up with stuff we don't, but at least it would give us a leg up. I think I'd recommend setting this up as a formal 'game', with all participants adopting nyms to keep the argumentation distinct from normal discourse. Even if it was done on a separate mailing list. See, another good use for nyms . -- david david at staff.udc.upenn.edu From ajay at holonet.net Thu Mar 25 17:35:18 1993 From: ajay at holonet.net (A.J. Janschewitz) Date: Thu, 25 Mar 93 17:35:18 PST Subject: New key Message-ID: <9303260129.AA17624@holonet.net> Mess-DOS struck again. My PGP directory got scrunged, so any servers and individuals who may have added my PGP public key that I posted last month have it wrong. My error. Sorry about that. My *new* key, which can be easily identified as the proper one by noting that my moribund psilink account is not on it, is available via fingering me ajay at holonet.net. Listfolks please note and remove my old key. Again, sorry. ==a.j.== -- Persons attempting to find a motive in this narrative will be prosecuted; persons attempting to find a moral in it will be banished; persons attempting to find a plot in it will be shot. -Mark Twain, used w/o permission by ajay at holonet.net From a2 at well.sf.ca.us Thu Mar 25 18:41:52 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Thu, 25 Mar 93 18:41:52 PST Subject: FREE: warning to "sci" anonymous posters Message-ID: <199303260240.AA10751@well.sf.ca.us> Dear internaut at aol.com, I note that the quoted posting, threatening use of an "Automated Retroactive Minimal Moderation" to "restore the pre-Julf status quo" is anonymous. I assume you know the identity of this poster...how delicate of you to conceal it. -a2. From a2 at well.sf.ca.us Thu Mar 25 19:01:42 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Thu, 25 Mar 93 19:01:42 PST Subject: Many Important Items in the News Message-ID: <199303260259.AA16986@well.sf.ca.us> "Consenting adults" should be able to do whatever they want -- your comments go to obtaining consent for anonymity. Since on my good days I try to act like an adult, I support the truth in labeling of anonymous postings as anonymous postings. -a2. From Marc.Ringuette at GS80.SP.CS.CMU.EDU Thu Mar 25 20:14:24 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Thu, 25 Mar 93 20:14:24 PST Subject: REMAIL: cypherpunks strategy Message-ID: <9303260414.AA12167@toad.com> We must address a strategy question before it jumps on us. Do we want to be yet another "this remailer exists, let's stomp on it" whipping boy, or will another tactic be more effective? I have the following suggestion. Do not announce our cypherpunks remailers right away. This is not the right time. Instead, announce that we intend, at a later date, to install remailers which are "friendly" in the sense that they use a special header line, but which will be not be able to be shut down. [ My suggestion for how to do this: encourage thousands of users who support anonymity to run the software, and make it easy for them to do so. Then, thousands of users must be kicked out in order to prevent remailers being available! ] But, here's the important part, DELAY RELEASE until after a waiting period. The delayed release is intended to allow concerned network sites and individuals to install filters for these messages, and to allow users the time to discuss this (and, for instance, to voice their objections to catch-all anonymity filters at the news-relay level). It also prevents our opponents from achieving a sense of "something must be done" urgency. My goal is to push a particular policy -- remailers which add a header line and end-user filtering based on that header line -- as an interim solution until more sophisticated techniques come into use. Discussion is also welcomed on exactly what kind of setup we should be trying to encourage. This is my current cut at it. -- Marc Ringuette (mnr at cs.cmu.edu) From karn at qualcomm.com Thu Mar 25 21:02:14 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 25 Mar 93 21:02:14 PST Subject: Many Important Items in the News Message-ID: <9303260500.AA17758@servo> Absolutely -- "Consenting adults" is the key phrase here. I think we should stress it in everything we do as cypherpunks. This profound concept once made it as far as an important Supreme Court majority decision. But that was a long time ago. Look how far downhill we've gone since then. Phil From XXCLARK at indst.indstate.edu Thu Mar 25 21:49:21 1993 From: XXCLARK at indst.indstate.edu (XXCLARK at indst.indstate.edu) Date: Thu, 25 Mar 93 21:49:21 PST Subject: No Subject Message-ID: <9303260549.AA12784@toad.com> Subscribe Ernest Clark From honey at citi.umich.edu Thu Mar 25 21:49:26 1993 From: honey at citi.umich.edu (peter honeyman) Date: Thu, 25 Mar 93 21:49:26 PST Subject: Many Important Items in the News Message-ID: <9303260549.AA12789@toad.com> this seems to have fizzled out somewhere along the line. ------- Forwarded Message Date: Thu, 25 Mar 93 11:54:30 EST From: Peter Honeyman Subject: Re: Many Important Items in the News To: cypherpunks at toad.com marc, if article cancellation is made cryptographically secure, there is the possibility that articles can be made uncancellable. of course, if there is some wild card that allows the backbone cabal to cancel articles remotely and after the fact, then i suspect usenet will remain vulnerable to forged cancellation messages. but maybe not. i see your point about backbone admins refusing to traffic in certain kinds of messages, but as a veteran of usenet from before it was even called usenet, i assure you that other admins would quickly fill in the gaps in connectivity. this has happened many times. i don't agree, btw, that we can rely on the backbone admins to be very strong supporters of speech, nor should we. as for "the guy with the disk" wanting macpgp to go away, that's not what happened here. everyone i've talked to that has a direct role in the decision agrees that there is a valid research and education function served by distributing macpgp. ah well, sometimes the dragon wins. and regarding the network providers decision to pull penet's plug, i believe this decision was based principally on the opinion of ... how did julf put it? ... oh yes, "a very well-known and extremely highly regarded net personality" (i doubt that i would regard him as a strong supporter of free speech, btw). i suspect that when we get to the bottom of this, we'll discover that many people's interests were being represented without their knowledge, assent, or agreement. regarding your comments about net abuse and megabytes of trash, i agree that we need to brainstorm and find ways to address these problems. i am optimistic that technical solutions hold a lot of promise; it's just a matter of discovering them. let's put our shoulder to the wheel! peter ------- End of Forwarded Message From sdw at sdwsys.lig.net Thu Mar 25 21:50:14 1993 From: sdw at sdwsys.lig.net (Stephen D. Williams) Date: Thu, 25 Mar 93 21:50:14 PST Subject: A New Usenet... In-Reply-To: <9303250724.AA25473@tigger.cc.utexas.edu> Message-ID: <9303260547.AA17449@sdwsys.lig.net> Beware: I couldn't think of any alternatives after this lex-meme flooded my mind.... It's fairly contrived, but not as bad as the coff / robotussin pair from GNU bintools... I'm interested in discussing, reviewing, and writing parts of the proposed new netnews system extensions/rewrites. I've been modifying the current system anyway, so why not? (I have already added compressed/archived news storage to INN and Tin for my Local Internet Gateway (LIG) project/company/turn-key system.) Now, about a name: the first thing that popped into my mind is: PANTO (need I point this out? [MIME] Hey, one good name deserves another...) What's it stand for? hmmm.. Protected, Anonymous News Transaction Operation or Operator Protected Ambiguity Net Transaction Option Protected, Authenticated News Trans. Option Oligarchy (hmmm. got to look that one up) (Begins with O, syn. for: system, server, standard, service, interconnect, format) A PantoMime system is therefore one that supports News, Mail, with Mime, PGP/PEM/whatever, etc. capabilities. I always view News, Mail, and IRC as three legs of a triad of speed/bandwidth/audience tradeoffs so I'd like to have a cute extension to cover realtime interactive also. sdw From hughes at soda.berkeley.edu Thu Mar 25 23:11:23 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 25 Mar 93 23:11:23 PST Subject: ANON: Anon.penet.fi no more In-Reply-To: <9303250649.tn83751@aol.com> Message-ID: <9303260707.AA22600@soda.berkeley.edu> >Someday, when I can afford the hardware, I vow to provide this service and >not be harrassed into shutting down. They won't harrass you, they'll harrass your connectivity provider. To this end, it would be beneficial to collect connectivity policies in the face of complaints from the major service providers. Alternet, for starters, and all the others I'm not really familiar with. I learned a couple of weeks ago that Sprint is now offering IP connectivity direct. I would guess that Sprint has a good track record from being in the long distance business for not telling their customers to go away because someone they are talking to doesn't like what they are saying. To wit: who can I buy IP from who will not disconnect me unless I don't pay? Eric From hughes at soda.berkeley.edu Thu Mar 25 23:15:24 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 25 Mar 93 23:15:24 PST Subject: Many Important Items in the News In-Reply-To: <9303251618.AA01313@dun-dun-noodles.aktis.com> Message-ID: <9303260711.AA22802@soda.berkeley.edu> >USENET would fall apart without the ability to cancel messages. Potential imminent death of the Usenet predicted! Usenet has survived lots worse than anonymous flamers. Eric From clark at metal.psu.edu Thu Mar 25 23:22:36 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Thu, 25 Mar 93 23:22:36 PST Subject: A New Usenet... Message-ID: <9303260717.AA27522@metal.psu.edu> a possible idea is simply a modification of what ringuette suggested; while i am all for anonymous posting, i believe that they should be marked as such (or at least marked with some sort of alias so that one knows which anonymous poster is which--for example, my actual name is Robert Clark, but my user name on this system is Clark Reynard-- not because I am here illegally, but because the sysadmin of this site (a personal friend) is unable to give me an account here for political reasons). irt the idea of a new usenet, i doubt that a 'new' USEnet is possible; it is so firmly entrenched, by 'tradition' et cetera, that it is very likely that what will exist is merely an improvement and expansion of the existing usenet; however, i believe that alternative means of reading usenet should exist; i have found, since rejoining usenet after a three-year absence, that the signal-to-noise ratio has increased greatly (and who hasn't noticed that?). what is necessary, given the constant increase in broadcast, is a correspondingly great increase in 'broadcatch,' that is, the ability to find the information that you actually wish to have (one man's signal is another man's--or person's-- noise). thus, rather than have kill files, having scanning programs capable of filtering out particular TYPES of data, rather than the poster him- or her-self, will be of far more use than excluding a usenet poster who may very well post a greatly useful file amidst a welter of useless files. thus, some sort of syntax/subject/type of data file scanner (which requires asi--my acronym for artificial semi-intelligence) is necessary to make the usenet actually new, and not merely IMPROVED-- usenet improves constantly. if anyone wishes to comment regarding this, rather than clutter the list with more articles like this, send them to me, either here, or to rclark at nyx.cs.du.edu, and i will summarize and post. fc From hughes at soda.berkeley.edu Thu Mar 25 23:30:20 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 25 Mar 93 23:30:20 PST Subject: Distributed anonymous posting (was Re: Many Important Items...) In-Reply-To: Message-ID: <9303260725.AA23290@soda.berkeley.edu> >Anonymous posting has been around as long as >Usenet, in the form of forged messages. This is an excellent point of rhetoric. Perhaps we should teach mail and news forgery as a technique to the defense of privacy? 1/2 :-) >I have been working through a few ideas for the design of a >_distributed_ anonymous posting service, >[...] secret sharing might be used for remailer private keys. I have convinced myself that some form of secret sharing will be necessary for a distributed system that is robust against single point failure. You don't want single point manipulability, either, if you can get it. There are two basic ways to proceed: hard nodes, difficult to take down, or soft nodes, easy to reconfigure around. Both approaches should be looked at. Hard nodes are more difficult politically; soft nodes are more difficult technically. A soft node necessity: a directory lookup service, distributed, sharing data. Merely specifying the first point of contact and alternate paths doesn't cut it. You don't want to have to retry a bounced message so many times. Who here knows enough about sendmail to consider the eventual feasibility of integrating pseudonym lookup into mail transfer? Eric From hughes at soda.berkeley.edu Thu Mar 25 23:37:02 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 25 Mar 93 23:37:02 PST Subject: Many Important Items in the News In-Reply-To: <9303252149.AA17207@servo> Message-ID: <9303260732.AA23550@soda.berkeley.edu> >I think an enlightened approach that eschews a single, network-wide >policy on the acceptability of anonymous messages in favor of leaving >it up to the individual email recipient is something that we could >sell to the Internet as a whole. It would help if there existed some filter software that automatically installed itself in a user's .forward and filter out anonymous posts (and nothing else). Such a tool should be written in nothing more than shell scripts and grep, for the absolute widest in portability. (Not even perl, which, believe it or not, is not yet universally available.) Were such a utility posted to alt.sources, and if all a user had to do was ftp it from an archive, unpack it, and run it once, we would be in a much better position politically, (even if the utility received very little use). It is difficult to install mail filters. Our argument for user filtering would be much stronger if installation were simple. A similar argument holds for anonymous posting filters in a global KILL file. Eric From clark at metal.psu.edu Thu Mar 25 23:38:26 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Thu, 25 Mar 93 23:38:26 PST Subject: To be a bit more clear Message-ID: <9303260733.AA28484@metal.psu.edu> Since, after all, the difficulties of broadcasting either anonymously or under one's actual name are not really pronounced; given Ringuette's idea of multiple remailing sites, perhaps several thousand, only a few dozen sites would be necessary to serve as remailers to the larger numbers of anonymous sites; this makes it difficult to trace (unfortunately far from impossible); since each post of a person would seemingly originate from a different site, and in additionit would arrive at that different site from a different point of origin (since NNTP would not begin logging path until after it travelled from site to site via email). Now, to avoid the (inevitable) possibility that one or many of the reposters would have been killed (or simply gone down due to incompetence) each of the actual addresses would have a list of possible sites to attempt to post the message from; the essential fact here is that there is no real way to guarantee this so-called 'minimal moderation.' the possible ways of circumventing it, either by telnetting to different nntp ports manually and simply coming from different sites, or by setting up a number of anonymous remailers to actual anonymous posting sites (none of them having a full list of possible hosts, to avoid a single person from knowing all of them, makes it essentially impossible to track someone determined to post anonymously; people have tried for literally YEARS to avoid anonymous messages. they ain't done it yet, thank god. a lot of people with useful information do not wish to reveal their names, and this is their right. of course, it will be abused as well, as it always has, but this is simply something to be tolerated or ignored. the backbone doesn't have to carry these messages, and if it doesn't wish to, another 'backbone' will arise that will. fc From hughes at soda.berkeley.edu Thu Mar 25 23:55:59 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 25 Mar 93 23:55:59 PST Subject: REMAIL: cypherpunks strategy In-Reply-To: <9303260414.AA12167@toad.com> Message-ID: <9303260751.AA24316@soda.berkeley.edu> >Instead, announce that we intend, >at a later date, to install remailers which are "friendly" in the sense that >they use a special header line, but which will be not be able to be shut down. An excellent tactic, I think. >[ My suggestion for how to do this: encourage thousands of users who >support anonymity to run the software, and make it easy for them to >do so. Then, thousands of users must be kicked out in order to prevent >remailers being available! ] Automatic installation is key. (Just as it is for anonymity filtering!) I have some comments on automatic installation. In all cases, make sure the shell can execute the filter before changing the .forward file in any way. Case 1. The .forward file doesn't exist. Easy. Just write a new forward file pointing to the software, "| remailer". The remailer must know how to deliver mail in this case. Case 2. The .forward file already points to a filter. The implementations of .forward that I have seen accept multiple pipe commands. Therefore if the .forward previously said "| ", rewrite to "| remailer | ". When the remailer handles a message, it won't pass any output along the pipe. Thus for remailed messages, the filter is never invoked. Thus the remailer looks transparent. Case 3. The .forward file points to a name. Rewrite the .forward as "| remailer | mail ". Someone who knows more about writing portable shell scripts between Sys V and BSD should tackle this one. If we can get auto-installation to work, we'd lower one of the larger hurdles there is right now. >But, here's the important part, DELAY RELEASE until after a waiting period. Not to mention, it gives us time to design and write the code. This looks like a good use of vaporware as a political tool. :-) Eric From hughes at soda.berkeley.edu Fri Mar 26 00:00:42 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 26 Mar 93 00:00:42 PST Subject: Many Important Items in the News In-Reply-To: <9303260549.AA12789@toad.com> Message-ID: <9303260756.AA24450@soda.berkeley.edu> >marc, if article cancellation is made cryptographically secure, there >is the possibility that articles can be made uncancellable. of course, >if there is some wild card that allows the backbone cabal to cancel >articles remotely and after the fact, then i suspect usenet will remain >vulnerable to forged cancellation messages. but maybe not. What you are describing here is an alternate method of cancellation, not a forgery of the main way of cancelling. Of course, if they really want such an alternate method of cancelling, let's write it for them, so that it also uses signatures to check authenticity. >i see your point about backbone admins refusing to traffic in certain >kinds of messages, but as a veteran of usenet from before it was even >called usenet, i assure you that other admins would quickly fill in the >gaps in connectivity. this has happened many times. All the more reason to allow the backbone admins the power to not pass anonymous articles. It won't work, they'll feel like they're in control, and everyone wins. Eric From tribble at memex.com Fri Mar 26 00:38:23 1993 From: tribble at memex.com (E. Dean Tribble) Date: Fri, 26 Mar 93 00:38:23 PST Subject: anon.penet.fi bites the dust In-Reply-To: <9303232122.aa19890@penet.penet.FI> Message-ID: <9303252216.AA03597@memexis.memex.com> ways to stop something as controversial as an anon service. In this case, a very well-known and extremely highly regarded net personality managed to contact exactly the right people to create a situation where it is politically impossible for me to continue running the service. I would really like to know who the person is or why I can't be told. Did they put pressure on you to keep it quiet? Did they hold a gun to your head? a minuscule minority of anon users. The latest statistics from the service show 18203 registered users, 3500 messages per day on the average, and This is impressive. In retrospect I realize that I have been guilty to keeping a far too low profile on the network, prefering to deal with the abuse cases privately ...I apologize to the whole net community. Let me rephrase: You took a long step towards providing true privacy on the net and it worked so well that people wanted to stop you. You've shut down, but come out of it with lots of experience with running such a service, lots of good publicity (and some bad stuff), lots of new uses to which people put that sort of anonymity to, and some really good ideas for how to make these systems succeed politically (the being very visible thing). Though the outcome isn't optimal, it sure sounds like an impressive success to me. Congratulations. Now I hope you will follow up this experiment with a write-up to document the things you learned (positive and negative), and your recommendations on how to do the next one. dean PS and if you can't tell us about the politics of the shutdown, I'm sure there's someone else in the know that can publish it anonymously so you won't have to :-) From gnu Fri Mar 26 00:52:02 1993 From: gnu (John Gilmore) Date: Fri, 26 Mar 93 00:52:02 PST Subject: there ain't no usenet "backbone" In-Reply-To: <9303260835.AA25644@soda.berkeley.edu> Message-ID: <9303260851.AA15506@toad.com> "Backbone" actually used to mean something, in the days when most of the news moved cross-country and to Europe over dialed telephone calls. It meant that those sites that made the calls were paying big bucks and were hard to replace. At one point when the "backbone" wouldn't carry a newsgroup on drugs, Brian Reid, Gordon Moffett and I created a nationwide "alt backbone" that carried the alt newsgroups (including alt.drugs, the first). The alt backbone was needed for more than a year, til the creation of alt.sex and its subsequent popularity caused a large proportion of the net to pass alt groups around. Nowadays when hundreds of sites on each coast have leased T1 lines that all connect to each other (it's called the Internet), it's not a big deal. Any such site can manage a full news feed to any other such site. These sites can manage ten full news feeds if they want high redundancy or fanout. Even people with 56K leased lines (like toad.com) have no trouble with multiple redundant feeds to get around censorship. There is a single site `backbone' now -- uunet -- which has a stated policy of passing all traffic. (Why not? They get paid by the minute.) It's still important for the thousands of UUCP sites, especially those that are in the boonies, far from local Internet nodes. The idea of the backbone needs to die. Let's solve the real problems and skip the strawmen. John Gilmore gnu at toad.com -- gnu at cygnus.com -- gnu at eff.org I agree it is a very good document, and I envy it - the country I live in doesn't have such a constitution. I just wish you guys would _use_ it. Your assertion about "the freest country" fails because you don't - it would perhaps be true if the system would work according to the constitution. But it does no good to have such a document just rotting away locked up somewhere, after even banning the material it's printed on. //Jyrki Kuoppala, jkp at cs.HUT.FI From gnu Fri Mar 26 01:11:43 1993 From: gnu (John Gilmore) Date: Fri, 26 Mar 93 01:11:43 PST Subject: REMAIL: cypherpunks strategy In-Reply-To: <9303260414.AA12167@toad.com> Message-ID: <9303260911.AA15667@toad.com> > We must address a strategy question before it jumps on us. Do we want to be > yet another "this remailer exists, let's stomp on it" whipping boy, or will > another tactic be more effective? It depends on the location and setup of the remailer(s). > [ My suggestion for how to do this: encourage thousands of users who > support anonymity to run the software, and make it easy for them to > do so. Then, thousands of users must be kicked out in order to prevent > remailers being available! ] Thousands of users are not enough. If individual users are doing it, they are too subject to pressure from their system managers. We don't have software capable of rerouting among a thousand remailers, 100 of which get their accounts canceled daily, 100 new ones added each day. We aren't likely to get it soon, either. To permanently restore at least last month's level of service, we need a couple of dedicated, firewalled, buttressed sites. You want a few geographically separated people who own their own systems (or who own or run the company that owns them), who have solid network links (possibly redundant), and who are fully committed to the idea -- as committed as funet.fi to persist past the vilification and harassment and threats. And those people need backup from the rest of us -- legal help if they need or want it, money to pay the networking bill if things get tight, loans of backup equipment during failures under load, system administration when folks try to break in and trash their machines, software creation and maintenance, advocacy, policy work, advice, and a bunch of shoulders to cry on and warm words of encouragement. Three to five people providing such setups, in collaboration, would wedge a steel-toed boot so firmly in the door that it couldn't be slammed by any dyspeptic "net god". Are we up to this job? If not, let's scale back what we're trying to do. I'd rather succeed at raising consciousness on the issue for a later try, than try now to set up such a beachhead and fail at it. John From greg at ideath.goldenbear.com Fri Mar 26 01:56:02 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Fri, 26 Mar 93 01:56:02 PST Subject: Anonymity, accountability, and control Message-ID: <26H11B1w164w@ideath.goldenbear.com> With respect to recent discussion about anonymous posts/mail, and the wishes of some to avoid passing anonymous traffic .. I guess I've really got to wonder just how difficult people think it is to get onto the net, anyway. I've got my net access becuase I pay UUNET roughly $50/month for it - and I get my own domain name, with as many hosts (and as many users on those hosts) as I care to set up. I set up 'fake' accounts on a regular basis - not becuase I'm trying to trick anyone, per se, but becuase it's the easiest way I know of to tweak the flow & storage of mail on disparate subjects & topics. I can post a message and say "Please E-mail to me, and I'll summarize with a post", and do so easily - I just set up a special account that I'd like replies to go to, and then I post from that account. (Usually, just to be polite, I'll use the same 'real name', but multiple account names - 'gb at goldenbear.com' vs 'greg at goldenbear.com' vs 'gbroiles at goldenbear.com', and so forth.) Then, a few days/weeks later, it's no big deal to concatenate the replies in those different mailboxes into different summary messages for posting. This seems like the sort of thing everyone ought to be able to do - such that you could request (or command) that replies to a message be directed into a particular E-mail folder owned by your account. What all of this brings home to me is how easily I could just create an entirely fictitious 'person', and use it for posting & mailing - it'd be totally anonymous, provide me with easy way to receive replies & carry on conversations .. *and* nobody would even know they were talking to a real person via a fake name. I don't do this because it seems impolite to converse with people under false pretenses; if I wanted or needed to post/mail anonymously, I'd probably use a redirector (if I could find one) because it seems more polite to be clear about my desire for discretion & privacy. Apparently, however, some of the powers that be would rather see folks like me using fake but real-sounding names when we want privacy, instead of being clear about what's going on. I think that's a shame, because it seems like lying. The Internet has already had to deal with the fact that it's not possible to trust a user simply because they're root on their local machine - it may well be that 'root' (as in my case) is just some guy with a '386 who likes to play on the net. There is, I think, still some expectation that user names are what they appear - if you see a post from "cjones at leviathan.com (Chris Jones)" there's some expectation that there really is a human being out there named "Chris Jones", who's probably got a job and a desk and a boss, or at least some form of accountability. It's this slippery notion of 'accountability' that is perhaps at the root of this 'anonymity' problem - the idea that there's gonna be some hell to pay if somebody writes to 'postmaster at leviathan.com', and complains about Chris Jones. The fact is, you can mail to 'postmaster at goldenbear.com' and whine all you like, it's just another alias for the same damn person (me). I think there are going to be more & more people like me in the future - I *am* my boss, the postmaster, and the sysadmin - and if people don't like what I do or say on the net, that's just too damn bad. This illusion of accountability and control can't last much longer .. can it? As I see it, these "net gods" who don't like anonymity have two choices - anonymity they can detect, or anonymity they can't. I'd much prefer to be polite and straightforward about things, and post clearly marked anonymous posts/mail when that's what I want to do - but if that traffic is going to be suppressed, I'll resort to more clandestine anonymous transmissions. The days when it was possible to make any assumptions at all about human to "real name" to net address correspondences and mappings have passed, if they ever existed at all. I think about my E-mail address(es) as ways to direct the flow of mail such that it's convenient for me; I know other people do this too. My E-mail address isn't a license plate, it's a file folder. -- Mail to pgpserv at goldenbear.com, subject="Greg Broiles" for PGP public key. Greg Broiles greg at goldenbear.com Golden Bear Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From mdiehl at triton.unm.edu Fri Mar 26 02:40:10 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Fri, 26 Mar 93 02:40:10 PST Subject: help with pgp 2.2 Message-ID: <9303261017.AA04830@triton.unm.edu> Hi all, I'm having problems with pgp 2.2. I am trying to add someone's key to my ring. I get e-mail from them, save it to a file and xfer it to my home system. Then I type pgp -ka to add the new stuff to my keyring. I've even edited the file to just include the pgp stuff. What am I doing wrong? Thanx in advance. P +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From julf at penet.FI Fri Mar 26 03:39:41 1993 From: julf at penet.FI (Johan Helsingius) Date: Fri, 26 Mar 93 03:39:41 PST Subject: REMAIL: cypherpunks strategy In-Reply-To: <9303260911.AA15667@toad.com> Message-ID: <9303261213.aa24686@penet.penet.FI> > Thousands of users are not enough. If individual users are doing it, > they are too subject to pressure from their system managers. We don't > have software capable of rerouting among a thousand remailers, 100 of which > get their accounts canceled daily, 100 new ones added each day. We > aren't likely to get it soon, either. Agree 100%. > To permanently restore at least last month's level of service, we need > a couple of dedicated, firewalled, buttressed sites. You want a few > geographically separated people who own their own systems (or who own > or run the company that owns them), who have solid network links > (possibly redundant), and who are fully committed to the idea -- as > committed as funet.fi to persist past the vilification and harassment > and threats. Uh... I'm not so sure FUNET (the Finnish University NETwork) would agree with you ;-) But the truly overwhelming response in support of anon.penet.fi (I still get flooded by notes of sympathy and support) on the net seems actually to make a difference, as does effort of prominent personalities (especially Peter Honeyman) to contact the Finnish autorithies. After talking to them today, I might actually risk putting up the service again. But I feel that to ensure that this is the last time the net.demigods try to close down a server like this we should do our best to address their concerns. This way, everybody saves face, and we might get a lot of brownie points. So what I would like to suggest is that I announce that anon.penet.fi mark II goes on the air - let's say April 15th, with slightly changed policies and with all the technical improvements we've been discussing. And meanwhile I set up an adress for receiving sugestions on improvements (both technical and political), and encourage newsgroups to do polls on allowing or disallowing anonymity in that particular group. But before doing anything, I really would like to get comments, views and ideas from all of you! > And those people need backup from the rest of us -- legal help if they > need or want it, money to pay the networking bill if things get tight, > loans of backup equipment during failures under load, system > administration when folks try to break in and trash their machines, > software creation and maintenance, advocacy, policy work, advice, Couldn't agree more. If I go for anon.penet.fi Mk. II, I really want to replace the current mess of shell and awk scripts with something more efficient (linear search of a 0.5 meg database isn't very speedy...), and I really would like to have code to check that the incoming SMTP message actually comes from and existing site, and so on - so there is a lot of coding to be done that I really could use some help on! > a bunch of shoulders to cry on and warm words of encouragement. Yes! I don't know how to express how important the support has been! You really have to be a stubborn, crazy bastard to do anything like this, but the hate mail still wears you down if you don't get a kind word of encouragement every now and then. I really have to thank all of you for your support! > Three to five people providing such setups, in collaboration, would > wedge a steel-toed boot so firmly in the door that it couldn't be > slammed by any dyspeptic "net god". Well, looking at the way the discussion is going all over the net, I think we might be almost there already! Julf From ee92jks at brunel.ac.uk Fri Mar 26 04:11:54 1993 From: ee92jks at brunel.ac.uk (Jonathan K Saville) Date: Fri, 26 Mar 93 04:11:54 PST Subject: help with PGP 2.2 Message-ID: <9519.9303261210@monge.brunel.ac.uk> Michael Diehl writes: >I'm having problems with pgp 2.2. I am trying to add someone's key to my ring. >I get e-mail from them, save it to a file and xfer it to my home system. Then >I type pgp -ka to add the new stuff to my keyring. I've even edited >the file to just include the pgp stuff. What am I doing wrong? I had the same problem - I believe it is to do with a new flag PGP 2.2 sets in your public keyring (see documentation). I solved the problem by executing 'pgp -kc' which checks the contents of your keyring. After that PGP worked fine, although to be honest I'm not sure why. Hope this helps. Jon -- ------------------------ ------------------------------------- | Jon Saville | Who alive can say, 'Thou art no | | ee92jks at brunel.ac.uk | Poet, may'st not tell thy dreams?' | ------------------------ ----------- Keats, 1819 ----------- PGP 2.2 public key available upon request or by finger From grady at public.btr.com Fri Mar 26 06:18:43 1993 From: grady at public.btr.com (Grady Ward grady@btr.com) Date: Fri, 26 Mar 93 06:18:43 PST Subject: TEMPEST in a teapot Message-ID: <9303261417.AA04493@public.btr.com.BTR.COM> TEMPEST in a teapot A note discussing the prevention of electromagnetic eavesdropping of personal computers. Grady Ward public key verification by PK server, finger, or by request Version 1.0 22 March 93 TEMPEST is the code name for technology related to limiting unwanted electromagnetic emissions from data processing and related equipment. Its goal is to limit an opponent's capability to collect information about the internal data flow of computer equipment. Most information concerning TEMPEST specifications is classified by the United States Government and is not available for use by its citizens. The reason why TEMPEST technology is particularly important for computers and other data processing equipment is the kinds of signals components in a computer use to talk to each other ("square waves") and their clock speeds (measured in megahertz) produce a particularly rich set of unintentional signals in a wide portion of the electromagnetic spectrum. Because the spurious emissions occupy so wide a portion of that spectrum, technologies used to block one portion of the spectrum (as pulling the shades closed on a window to stop the visible light portion) are not necessarily effective in another portion. Unintentional emissions from a computer system can be captured and processed to reveal information about the target systems from simple levels of activity to even remotely copying keystrokes or capturing monitor information. It is speculated that poorly protected systems can be effectively monitored up to the order of one kilometer from the target equipment. This note will examine some practical aspects of reducing the susceptibility of your personal computer equipment to remote monitoring using easily-installed, widely available after-market components. I One way of looking at TEMPEST from the lay person's point-of-view is that it is virtually identical to the problem of preventing electromagnetic interference ("EMI") by your computer system to others' radios, televisions, or other consumer electronics. That is, preventing the emission of wide-band radio "hash" from your computers, cabling, and peripherals both prevents interference to you and your neighbors television set and limits the useful signal available to a person surreptitiously monitoring. Viewing the problem in this light, there are quite a few useful documents available form the government and elsewhere attacking this problem and providing a wealth of practical solutions and resources. Very useful for the lay person are: Radio Frequency Interference: How to Find It and Fix It. Ed Hare, KA1CV and Robert Schetgen, KU7G, editors The American Radio Relay League, Newington , CT ISBN 0-87259-375-4 (c) 1991, second printing 1992 Federal Communications Commission Interference Handbook (1991) FCC Consumers Assistance Branch Gettysburg, PA 17326 717-337-1212 and MIL-STD-188-124B in preparation (includes information on military shielding of tactical communications systems) Superintendent of Documents US Government Printing Office Washington, DC 20402 202-783-3238 Information on shielding a particular piece of consumer electronic equipment may be available from the: Electronic Industries Association (EIA) 2001 Pennsylvania Ave NW Washington, DC 20006 Preventing unintended electromagnetic emissions is a relative term. It is not feasible to reduce to zero all unintended emissions. My personal goal, for example, might be to reduce the amount and quality of spurious emission until the monitoring van a kilometer away would have to be in my front yard before it could effectively eavesdrop on my computer. Apartment dwellers with unknown neighbors only inches away (through a wall) might want to even more carefully adopt as many of the following suggestions as possible since signal available for detection decreases as approximately the inverse square of the distance from the monitoring equipment to your computer. II Start with computer equipment that meets modern standards for emission. In the United States, the "quietest" standard for computers and peripherals is known as the "class B" level. (Class A level is a less stringent standard for computers to be use in a business environment.). You want to verify that all computers and peripherals you use meet the class B standard which permits only one-tenth the power of spurious emissions than the class A standard. If you already own computer equipment with an FCC ID, you can find out which standard applies. Contact the FCC Consumers Assistance Branch at 1-717-337-1212 for details in accessing their database. Once you own good equipment, follow the manufacturer's recommendations for preserving the shielding integrity of the system. Don't operated the system with the cover off and keep "slot covers" in the back of the computer in place. III Use only shielded cable for all system interconnections. A shielded cable surrounds the core of control wires with a metal braid or foil to keep signals confined to that core. In the late seventies it was common to use unshielded cable such as "ribbon" cable to connect the computer with, say, a diskette drive. Unshielded cable acts just like an antenna for signals generated by your computer and peripherals. Most computer manufacturer supply shielded cable for use with their computers in order to meet FCC standards. Cables bought from third-parties are an unknown and should be avoided (unless you are willing to take one apart to see for yourself!) Try to avoid a "rat's nest" of wire and cabling behind your equipment and by keeping all cables as short as possible. You want to reduced the length of unintended antennas and to more easily predict the likely paths of electric and magnetic coupling from cable to cable so that it can be more effectively filtered. IV Block radiation from the power cord(s) into the house wiring. Most computers have an EMI filter built into their body where the AC line cord enters the power supply. This filter is generally insufficient to prevent substantial re-radiation of EMI voltages back into the power wiring of your house and neighborhood. To reduce the power retransmitted down the AC power cords of your equipment, plug them in to special EMI filters that are in turn plugged into the wall socket. I use a model 475-3 overvoltage and EMI filter manufactured by Industrial Communication Engineers, Ltd. P.O. Box 18495 Indianapolis, IN 46218-0495 1-800-ICE-COMM ask for their package of free information sheets (AC and other filters mentioned in this note are available from a wide variety of sources including, for example, Radio Shack. I am enthusiastic about ICE because of the "over-designed" quality of their equipment. Standard disclaimers apply.) This particular filter from ICE is specified to reduce retransmission of EMI by a factor of at least 1000 in its high-frequency design range. Although ideally every computer component using an AC line cord ought to be filtered, it is especially important for the monitor and computer CPU to be filtered in this manner as the most useful information available to opponents is believed to come from these sources. V Block retransmitted information from entering your fax/modem or telephone line. Telephone line is generally very poorly shielded. EMI from your computer can be retransmitted directly into the phone line through your modem or can be unintentionally picked up by the magnetic portion of the EMI spectrum through magnetic induction from power supplies or the yoke of your cathode ray tube "CRT" monitor. To prevent direct retransmission, EMI filters are specifically designed for modular telephone jacks to mount at the telephone or modem, and for mounting directly at the service entrance to the house. Sources of well-designed telephone-line filter products include ICE (address above) and K-COM Box 82 Randolph, OH 44265 216-325-2110 Your phone company or telephone manufacturer may be able to supply you with free modular filters, although the design frequencies of these filters may not be high enough to be effective through much of the EMI spectrum of interest. Keep telephone lines away from power supplies of computers or peripherals and the rear of CRTs: the magnetic field often associated with those device can inductively transfer to unshielded lines just as if the telephone line were directly electrically connected to them. Since this kind of coupling decreases rapidly with distance, this kind of magnetic induction can be virtually eliminated by keeping as much distance (several feet or more) as possible between the power supply/monitor yoke and cabling. VI Use ferrite toroids and split beads to prevent EMI from escaping on the surface of your cables. Ferrites are magnetic materials that, for certain ranges of EMI frequencies, attenuate the EMI by causing it to spend itself in heat in the material rather than continuing down the cable. They can be applied without cutting the cable by snapping together a "split bead" form over a thick cable such as a power cord or by threading thinner cable such as telephone several times around the donut-shaped ferrite form. Every cable leaving your monitor, computer, mouse, keyboard, and other computer peripherals should have at least one ferrite core attentuator. Don't forget the telephone lines from your fax, modem, telephone or the unshielded DC power cord to your modem. Ferrites are applied as close to the EMI emitting device as possible so as to afford the least amount of cable that can act as an antenna for the EMI. Good sources for ferrite split beads and toroids include Amidon Associates, Inc. P.O. Box 956 Torrance, CA 90508 310-763-5770 (ask for their free information sheet) Palomar Engineers P.O. Box 462222 Escondido, CA 92046 619-747-3343 (ask for their free RFI information sheet) and Radio Shack. VII Other practical remedies. Other remedies that are somewhat more difficult to correctly apply include providing a good EMI "ground" shield for your computer equipment and other more intrusive filters such as bypass capacitor filters. You probably ought not to think about adding bypass capacitors unless you are familiar with electronic circuits and digital design. While quite effective, added improperly to the motherboard or cabling of a computer they can "smooth out" the square wave digital waveform -- perhaps to the extent that signals are interpreted erroneously causing mysterious "crashes" of your system. In other cases, bypass capacitors can cause unwanted parasitic oscillation on the transistorized output drivers of certain circuits which could damage or destroy those circuits in the computer or peripherals. Also, unlike ferrite toroids, adding capacitors requires actually physically splicing them in or soldering them into circuits. This opens up the possibility of electric shock, damage to other electronic components or voiding the warranty on the computer equipment. A good EMI ground is difficult to achieve. Unlike an electrical safety ground, such as the third wire in a three-wire AC power system, the EMI ground must operate effectively over a much wider part of the EMI spectrum. This effectiveness is related to a quality known as electrical impedance. You desire to reduce the impedance to as low a value as possible over the entire range of EMI frequencies. Unlike the AC safety ground, important factors in achieving low impedance include having as short a lead from the equipment to a good EMI earth ground as possible (must be just a few feet); the gauge of the connecting lead (the best EMI ground lead is not wire but woven grounding "strap" or wide copper flashing sheets; and the physical coupling of the EMI into the actual earth ground. An 8 ft. copper-plated ground may be fine for AC safety ground, but may present appreciable impedance resistance to an EMI voltage. Much better would be to connect a network of six to eight copper pipes arranged in a six-foot diameter circle driven in a foot or two into the ground, electrically bonded together with heavy ground strap and connected to the equipment to be grounded via a short (at most, several feet), heavy (at least 3/4-1" wide) ground strap. If you can achieve a good EMI ground, then further shielding possibilities open up for you such as surrounding your monitor and computer equipment in a wire-screen Faraday cage. You want to use mesh rather than solid sheet because you must preserve the free flow of cooling air to your equipment. Buy aluminum (not nylon) screen netting at your local hardware store. This netting typically comes in rolls 36" wide by several feet long. Completely surround your equipment you want to reduce the EMI being careful to make good electrical bonds between the different panels of netting and your good earth ground. I use stainless steel nuts, bolts, and lock washers along with special non-oxidizing electrical paste (available from Electrical contractors supply houses or from ICE) to secure my ground strapping to my net "cages". A good Faraday cage will add several orders of magnitude of EMI attenuation to your system. VIII Checking the effectiveness of your work. It is easy to get a general feeling about the effectiveness of your EMI shielding work with an ordinary portable AM radio. Bring it very close to the body of your computer and its cables in turn. Ideally, you should not hear an increased level of static. If you do hear relatively more at one cable than at another, apply more ferrite split beads or obtain better shielded cable for this component. The practice of determining what kind of operating system code is executing by listening to a nearby AM radio is definitely obsolete for an well-shielded EMI-proof system! To get an idea of the power and scope of your magnetic field emissions, an ordinary compass is quite sensitive in detecting fields. Bring a compass within a few inches of the back of your monitor and see whether it is deflected. Notice that the amount of deflection decreases rapidly with distance. You want to keep cables away from magnetic sources about as far as required not to see an appreciable deflection on the compass. VIIII Summary If you start with good, shielded equipment that has passed the FCC level B emission standard then you are off to a great start. You may even be able to do even better with stock OEM equipment by specifying "low-emission" monitors that have recently come on the market in response to consumer fears of extremely low frequency ("ELF") and other electromagnetic radiation. Consistently use shielded cables, apply filtering and ferrite toroids to all cabling entering or leaving your computer equipment. Finally, consider a good EMI ground and Faraday cages. Beyond this there are even more effective means of confining the electrical and magnetic components of your system through the use of copper foil adhesive tapes, conductive paint sprays, "mu metal" and other less common components. Copyright (c) 1993 by Grady Ward. All Rights Reserved. Permission is granted for free electronic distribution. From honey at citi.umich.edu Fri Mar 26 06:57:29 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Fri, 26 Mar 93 06:57:29 PST Subject: Many Important Items in the News Message-ID: <9303261457.AA19460@toad.com> > All the more reason to allow the backbone admins the power to not pass > anonymous articles. It won't work, they'll feel like they're in > control, and everyone wins. more likely it won't work so they will use underhanded means to accomplish their vile ends. as in the instant case. peter From elee9sf at Menudo.UH.EDU Fri Mar 26 07:19:43 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Fri, 26 Mar 93 07:19:43 PST Subject: REMAIL: list of remailers 3/26/93 Message-ID: <199303261518.AA10961@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: 1: hh at pmantis.berkeley.edu 2: hh at cicada.berkeley.edu 3: hh at soda.berkeley.edu 4: nowhere at bsu-cs.bsu.edu 5: ebrandt at jarthur.claremont.edu 6: hal at alumni.caltech.edu 7: remailer at rebma.mn.org 8: elee7h5 at rosebud.ee.uh.edu 9: phantom at mead.u.washington.edu 10: hfinney at shell.portal.com 11: remailer at utter.dis.org 12: 00x at uclink.berkeley.edu 13: remail at extropia.wimsey.com NOTES: #1-#5 remail only, no encryption of headers #6-#12 support encrypted headers #13 special - header and message must be encrypted together #7,#13 introduce larger than average delay #11 CANNOT CONFIRM OPERATION YET! TEST BEFORE ATTEMPTING TO USE. * #12 public key not yet released ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks directory at soda.berkeley.edu (128.32.149.19). Instructions on how to use the remailers are in the remailer directory, along with some unix scripts and dos batch files. Mail to me (elee9sf at menudo.uh.edu) for further help and/or questions. ====================================================================== * Here are a few lines of a bounced message from utter.dis.org: 554 utter.dis.org!remailer... Never heard of host utter in domain dis . org 554 hoptoad!Menudo.UH.EDU!elee9sf... Possible alias loop 554 No valid recipients -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7MebIOA7OpLWtYzAQEgAQQAgDHr/0QFixBrtGLc6gN2uK93hTD2j/M9 3BwOPKWXt5DKr6gnioCuyDjTs/Ng7pFGo8AYV8lJmv9DcG5BkpXB5fHl9VRRD55Y 1As9fXSX6l1Qnq9mYgvQ4igcrzA737JvG2Dc5x8uJV+6GnA5v7A4QtCQAHG7TRlv +k0JwClg0B0= =KtpQ -----END PGP SIGNATURE----- From rubin at citi.umich.edu Fri Mar 26 07:30:29 1993 From: rubin at citi.umich.edu (rubin at citi.umich.edu) Date: Fri, 26 Mar 93 07:30:29 PST Subject: Remailers Message-ID: <9303261530.AA19663@toad.com> I contacted Eric Hughes, and he suggested that my question was of general enough interest to share with the group. Here is my question followed by Eric's response: ---------- Hi, You pointed me in the direction of hal's remailer at soda.berkeley.edu:pub/cypherpunks and I have the code now. However, since I'm not that familiar with perl, I'm having trouble figuring out exactly how it works. Do you know if anyone has written a technical description of how the remailer works? I would like to build a remailer too, and I wanted to try and understand how Hal's remailer works first. Also, do you know if there is code available for any other remailers in shell script or C? Thanks a lot, Avi Rubin ----------- Chael Hall wrote a remailer in C. He should be willing to share his code. Ask on the list. The question you asked me about understanding the remailer operation is of general enough interest that you ought to just ask the list at large. In specific, I don't know of any such theory of operation. Eric From tytso at Athena.MIT.EDU Fri Mar 26 08:45:18 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 26 Mar 93 08:45:18 PST Subject: Anonymity, accountability, and control In-Reply-To: <26H11B1w164w@ideath.goldenbear.com> Message-ID: <9303261643.AA04023@SOS> From: greg at ideath.goldenbear.com (Greg Broiles) Date: Fri, 26 Mar 93 01:14:00 PST I've got my net access becuase I pay UUNET roughly $50/month for it - and I get my own domain name, with as many hosts (and as many users on those hosts) as I care to set up...... It's this slippery notion of 'accountability' that is perhaps at the root of this 'anonymity' problem - the idea that there's gonna be some hell to pay if somebody writes to 'postmaster at leviathan.com', and complains about Chris Jones. The fact is, you can mail to 'postmaster at goldenbear.com' and whine all you like, it's just another alias for the same damn person (me). I think there are going to be more & more people like me in the future - I *am* my boss, the postmaster, and the sysadmin - and if people don't like what I do or say on the net, that's just too damn bad. Well, there is still *some* accountability --- if you do something really wretched, and someone complains to UUNET, won't UUNET at least tell that person who is paying for that link, and if you do something really egregious, and UUNET gets enough complaints, will UUNET shut you down? I suspect that it would take something really serious to cause UUNET to shut you down --- for example, if you started sending child porn, which might enable the Feds to seize *UUNET*'s computers --- but there is still some limited amount of accountability, and potential retribution if you do something which enough people considers is wrong. If we lived in a world where it was easy to filter out anonymous {mail, news}, and the anonymous poster had to *pay* for each octet of {mail, news} that he/she posted, then I suspect that a lot of objections to Anonymous mail and news would die down. Many people have said this repeatedly, and I agree with them. Unfortunately, we do not live in such a world now, and pretending that we are in such a world (by answering people's complaints with promises of vaporware) is just going to make enemies. But by working towards such a world, so that people can get all of the benefits of anonymity without forcing *other* people to pay the costs of anonymity --- that is certainly something which should be applauded. - Ted From julf at penet.FI Fri Mar 26 09:00:00 1993 From: julf at penet.FI (Johan Helsingius) Date: Fri, 26 Mar 93 09:00:00 PST Subject: there ain't no usenet "backbone" In-Reply-To: <9303260851.AA15506@toad.com> Message-ID: <9303261218.aa24726@penet.penet.FI> > There is a single site `backbone' now -- uunet -- which has a stated > policy of passing all traffic. (Why not? They get paid by the minute.) > It's still important for the thousands of UUCP sites, especially those > that are in the boonies, far from local Internet nodes. You have to remember that there are still not too many redundant connections between US and Europe, Australia and Japan. To some extent we ase still dependent on singular connection points (uunet/AlterNet/CIX etc.). Julf From mccoy at ccwf.cc.utexas.edu Fri Mar 26 09:05:51 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Fri, 26 Mar 93 09:05:51 PST Subject: A New Usenet... In-Reply-To: <9303260717.AA27522@metal.psu.edu> Message-ID: <9303261704.AA06403@tramp.cc.utexas.edu> > From: Clark Reynard [...] > > irt the idea of a new usenet, i doubt that a 'new' USEnet is possible; > it is so firmly entrenched, by 'tradition' et cetera, that it is very > likely that what will exist is merely an improvement and expansion of > the existing usenet; This was what I was thinking about. Something that would sit on top of the existing usenet and provide different levels of service and information. I realize that it would be next to impossible to replace the usenet as a whole, what I am thinking about is extended services and newsgroups that exist in parallel with the current usenet paradigm. For example, a "new usenet" server could sit on prot 119, and when it gets a connection it can work like a normal usenet server if no special information is given to it or it can take articles for the authenticated service if additional commands or flags are given. To the regular user it would just appear as a new hierarchy (newusenet.sci.crypt, etc). If the person connecting wanted to post articles to the new groups it would require them to use commands or a client that extends the commands available in the current RFC. > [s/n ratio has increased, but we just need smarter readers...] thus, > rather than have kill files, having scanning programs > capable of filtering out particular TYPES of data, rather than the poster > him- or her-self, will be of far more use than excluding a usenet poster > who may very well post a greatly useful file amidst a welter of > useless files. thus, some sort of syntax/subject/type of data file > scanner (which requires asi--my acronym for artificial semi-intelligence) > is necessary to make the usenet actually new, and not merely IMPROVED-- > usenet improves constantly. As someone who has spent the past several years working in an AI lab, let me tell you that this is a very, very difficult task. The easiest method is to do something like user-supplied tags, which is what is happening now with the overview package and increased usage of the References line. Don't expect the "tell me what is in this group that would interest me" newsreaders to appear any time this decade and don't expect them to be free... It is still much easier for a person to do this kind of filtering and the current structure of usenet is designed for this. The newsgroup naming scheme allows readers to select groups based upon thier interests (topic/name of the group) and moderation in groups allows filtering. The problem that I see now is that there are some unmoderated groups that are too popular for thier own good. Take comp.org.eff.talk for example. I would love to stay current on this group, but there is so much noise (mostly in people repeating the same thing in 5 different subject lines...) that I will often skip it if I don't have the time. What would be nice would be for a group to exist that selects articles and threads from that group and puts them in some group like comp.org.eff.talk.best-of... Eh, either way I will start coding.... jim From trump at pluto.ee.cua.edu Fri Mar 26 09:37:49 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Fri, 26 Mar 93 09:37:49 PST Subject: hmm Message-ID: <9303261736.AA20017@pluto.ee.cua.edu> well one thing i really haven't seen in this whole anon. remailer bid is what are the treats to individuals and how often would these threats be eminent or really occur and does the bad really out weigh the good? i will go into it futher someother time but just food for thought... Clovis From mccoy at ccwf.cc.utexas.edu Fri Mar 26 09:56:16 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Fri, 26 Mar 93 09:56:16 PST Subject: Anonymity, accountability, and control In-Reply-To: <9303261643.AA04023@SOS> Message-ID: <9303261754.AA06965@tramp.cc.utexas.edu> > From: Theodore Ts'o > > From: greg at ideath.goldenbear.com (Greg Broiles) > Date: Fri, 26 Mar 93 01:14:00 PST > > I've got my net access becuase I pay UUNET roughly $50/month for > it - and I get my own domain name, with as many hosts (and as many users > on those hosts) as I care to set up...... > [...] and if people don't like what I do or > say on the net, that's just too damn bad. > > Well, there is still *some* accountability --- if you do something > really wretched, and someone complains to UUNET, won't UUNET at least > tell that person who is paying for that link, and if you do something > really egregious, and UUNET gets enough complaints, will UUNET shut you > down? I believe that UUNET has applied for and received common carrier status, in which case they are not responsible for thier traffic and cannot make any judgement calls regarding the traffic coming from a particular site. It is kind of like the phone company; they may not approve of the 976-BABE numbers, but as long as those operations do not break the law there is nothing the phone company can do about them no matter how many complaints they may receive. jim From lefty at apple.com Fri Mar 26 10:40:35 1993 From: lefty at apple.com (Lefty) Date: Fri, 26 Mar 93 10:40:35 PST Subject: ANON: Shutdown of Anon.penet.fi Message-ID: <9303261838.AA25842@apple.com> I have been told that Clayton Cramer, the bete noire of alt.sex.bondage, is the "net.personality" responsible for the shutdown of anon.penet.fi. I do not know this to be a fact. Funny, I never thought of him as being particularly "highly regarded". -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jet at nas.nasa.gov Fri Mar 26 10:59:23 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Fri, 26 Mar 93 10:59:23 PST Subject: new usenet In-Reply-To: <9303260711.AA22802@soda.berkeley.edu> Message-ID: <9303261857.AA28431@boxer.nas.nasa.gov> I thought the whole point of alt.* was for sites that didn't mind carrying a truly anarchic hierarchy... (We're losing alt.* here at Ames, it appears, along with soc. and talk.) From rustman at netcom.com Fri Mar 26 11:10:21 1993 From: rustman at netcom.com (Rusty Hodge) Date: Fri, 26 Mar 93 11:10:21 PST Subject: To Digest or Not To Digest Message-ID: <9303261908.AA06218@netcom2.netcom.com> I think the optimum solution is to provide it both ways, in digest form as well as the way it is now. Digesting it would also help provide a standard way to archive the list. We really need archives of this available, "official" archives that we know contain all the messages. While many readers are keeping archives, they aren't standardized. --Rusty -- From pcw at access.digex.com Fri Mar 26 11:11:04 1993 From: pcw at access.digex.com (Peter Wayner) Date: Fri, 26 Mar 93 11:11:04 PST Subject: Anonymous Corollary... Message-ID: <199303261908.AA26423@access.digex.com> The debate about the advantages of anonymity reminds me of the debate over Hillary's Health Care Committee which is a nameless group of individuals who have all signed a secrecy pledge. Many are not part of the government and can't be held accountable or even fired. The Wall Street Journal was able to get the list of the people involved and published it along with a reminiscence of the good old days when studying who was in power in the Kremlin involved watching the cars to see who was coming and going and meeting in the baths at the same time. There never was any dependable list of who was in power at the Kremlin back then. Now, in response to the WSJ's coup de fax, the Clintonians say that they'll release the list as soon as it has been prepared. The point: the government has a relentless desire to document and assign accountability for everything. It's bred in their bones. Even the President can avoid it. -Peter From lefty at apple.com Fri Mar 26 11:27:02 1993 From: lefty at apple.com (Lefty) Date: Fri, 26 Mar 93 11:27:02 PST Subject: ANON: Shutdown of Anon.penet.fi Message-ID: <9303261858.AA26930@internal.apple.com> I have been told that Clayton Cramer, the bete noire of alt.sex.bondage, is the "net.personality" responsible for the shutdown of anon.penet.fi. I do not know this to be a fact. Funny, I never thought of him as being particularly "highly regarded". -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From eggo at student.umass.edu Fri Mar 26 11:36:17 1993 From: eggo at student.umass.edu (Round Waffle) Date: Fri, 26 Mar 93 11:36:17 PST Subject: PGP: Elm patch question Message-ID: <9303261934.AA29696@titan.ucs.umass.edu> I heard some discussion on here a while back regarding problems getting the Elm Perl scripts included in 2.2 to work correctly. I too have had this problem, and have very limited knowledge of Perl. Did anyone ever get something working smoothly? I've munged around with the script in every way I feel safe doing, and somewhere along the lines, it's still choking. +- eggo at titan.ucs.umass.edu --><-- Eat Some Paste -+ +- Yorn desh born, der ritt de gitt der gue, -+ +- Orn desh, dee born desh, de umn bork! bork! bork! -+ +----------------- The Durex Blender Corporation -----------------+ From shipley at gateway Fri Mar 26 11:54:04 1993 From: shipley at gateway (Peter Shipley) Date: Fri, 26 Mar 93 11:54:04 PST Subject: new usenet In-Reply-To: <9303261857.AA28431@boxer.nas.nasa.gov> Message-ID: <9303261951.AA00899@edev0.TFS> > >I thought the whole point of alt.* was for sites that didn't mind >carrying a truly anarchic hierarchy... > >(We're losing alt.* here at Ames, it appears, along with soc. and >talk.) if you are needing a site to readnews from I can enable your system to read news from my site (tfs.com) -Pete From grady at netcom.com Fri Mar 26 12:44:21 1993 From: grady at netcom.com (Grady Ward) Date: Fri, 26 Mar 93 12:44:21 PST Subject: Mac app: trash helper 1/1 Message-ID: <9303262042.AA28028@netcom.netcom.com> Enclosed is a small Macintosh application that writes over the unallocated space on the current volume with a long-period stream RNG seeded with the system clock. Similar in speed and function to the "erase empty space" option in the Norton Utilities, it is for Mac users who would prefer to have happy nonsense rather than boring zeros on their unallocated blocks. In cpt.hqx format. It is cypherpunkware: if you like it, secretly give it to a someone else. (This file must be converted with BinHex 4.0) :&&4bBA0S)%KPE("PFL!a,M!ZBh"d!&""3e4$8%08!3!!!(A&!!!!!&@F!3(p"J! !G*@!4 at GRGhKiHAPUL)U*LSQ*Q'PkLhKjLBKhHBQ+QSU*HSKhHBQ)D(Q+H(ThLBQ +QjZBD)L)CiLCH(GUH)LDHBYmLRLDQ)L+UCUBLTUEUjbVUjTkQTUUH+bDR(QDQUU DLjZDLBZDUTUVQjZ*LTZEQCZEQBUDQCQDQjUDLjZ,QBL)GQ8J!!%N49GRH*QCUUZ UZVbmZ`[G!-!0!0!!d!!!$3!!!!T!*%9Q9&ChGiD)KiL&L(LBH)L*D)L)L)L)Q)L *QAQBHCQ*HTLCQSLCQBQBL*Q)QALCQCQDLCQDQDLDUDUCUUUDUS3L!6r$m8)F)"* 'JPlVYC2p1HrUPpKmZABi'Gq6e(1!Mc[aG6IkhDl+A-f0j2f0r,k@[XCH[[TrD5! jY,LidqLd6J3(BKZDKaBEVYFKplaT2q`%8hq2Y#"9,%2f(b'SIr6mTa),(AZ#25f ,SPRh4,TA"+GVR4,1Z#3Xqb!3#+MYJ)eBSmZq`p&C3Li2)Xmdi%DG`)lT`)mTS4r 9*F#2*D%E(kM3LIil3MDmGS4YUK`)bMJ4A1"'UF#2fY#0[Nh!MFZ"$L%EILZ"(V1 "(*D%GR61"&Zi%E*`)[(!M&D%I3F6$k$K4p$F1"(LZ"(S1"(-D%B'GF#,e`)r+d) h2R0#2Se,J4SA!Ka-)GJ"%MJmL,*1"(JY#+4*3"%RZfK&,E1"(BZ"(DZ"(kQK%)! 45F(N8rHY#+LUD%-'*,J45Z"&-"#Pi33R!!4%P3!L3R`!455QK&+N)!LQiE3M(+A "(#3LR#Mm,3L5R-))F%+A2Y#+C,JJMdR!MN0#+G5`!48G`i%Gmi%+6K"(VY#)3qM i"0"QEI9BhT62Djh+DAhXEdYc$S-'%8FGKMlIm8AiE!P)K!#ZaVV1A9A'rRC#CY2 Kl8%2$Ra@%,IKEA,A'rcG9-`)T$$$M9d*m@,fea[lj&(H2#Lrj0a[jPl3d-bpMq# CJ3`QS`KbrKB4@&8$%GK9@&9Em+(PY8$8IcKA"0$#J$%N3VeXe"qU"3X)@%+bUih M+HZ`LHd)lEF`%%cdZQiS15iH&[*G2FlfUhU$0TlP9ZdM9hhV%Dp,03RaiZleEA2 H'pVYSEMITc%L3qL,p6f4%J!PhiSVr9lr6qpP14MF5hl#hfrEE6 at l1p*@EI9I$Q* RYCI2jU[KQ0,lh`i9GH`cGTr,iI6cNciFaR-'%V#K(i'F`F+9K5im4"%*FIIJ3(8 H'%%!BqdK!+1mR`cPR(hEKY`%%"Gh$#kA([Q%dZ2YR"M#F'-&JK#2!BNd)pXiLdp a*VaJK#2CAm[1 at NH`BMdZ1DiURAJTUh&!e,&JK(F1'@RF4+Bi-D0a3V0a-V*ab'I F462#r@,LICY`dVR%%8KL'*EMRXX&Q8FF&NR(*5R$5UF4#SF8L5iiSNHSic9%SmT TT4j,83SmKUQ8IGcPT4pYU`8IADjLMafS"4p0UQ8I3DlbMjc9!Sm9a&2,F36bK"2 *F36KY8bMic9-Sq+iLRL1)*Ljc"P`Xj9%D5&R#94'NPT,"T*GRC`SiBZJd$#6[(# 40%"0&0&CJ`0&,X`d'LB-GY2P"X0!#dUMJU#e%CjL)*RND$2-0%cb'0N`JP84S"3 *9%D!3b94kpa8"T!!85&%D3"i84T'&!dM#JD4J`0)a#%dL4JD4LMCpLUCja"KTQ) X0-a9KTQ&c'Q$iDCJaPR&ZbM(#$8-3`DKJ49-43DCNM`dc%%Jf3DJ08KLJQU#kKb 8JP!DK*&3peUK8"V%U9!DaK-0BR-8"V%j#J0BP#S$@-+"V'$!eLG43mT+*3'Z8Te !DjJXaVJZ'ZB-$A-4BDiK6K8%eaH58"VL"X+!e`TZ&38k@&,LS$C-'%f8!`Bf3-* XX+'kS$C-3KMC!`Te-+%9!E4L-B-q)9BE34EG8%fQ&,h9!E4L6-R5"!E4J3Te%Qd d0"X'*%0J"'&36B*3P1TK#0DGNSd`""UQ)mQU52$9-)P1FP-'XBJ6*dJS'XB8*V% [M'X$"6T)S6@*+XSaI&1SP)'XB,+G41U8kLND6A*aLDiAc''Z3aM*VK&XENjbcaN eJT at -0BNLa[E5qBbDS9$''U5SBbDSAM'69))mi*%d`Pf-0-a![+DTf-TeKI-C6V# IBc'S%%'SB%$8-8iDL9*P3aKU#l&KM*U*-,2'Be%UcaQB(3%*U%8*U%%$8"aCih! &%'NP)N'N!L'-0*+NL'$5#+ at H-X$K)S0-`df`D$4-0%d5,"SQ+!0%(PRM%kc%%'Q BJQVRfBE$5-5*0)N+C1S#"1S`fdB5*TN+$6-FdQQ5&*TND*TN)*TN)$6-43DCL9$ 6-3c,-H*P!%64*E"SQ)N0%`L64))64)BC1K+XqD0%N5jSd54,QQ"dR'FhN!#F*c8 dL(PJH#JFdDC)Yc8db#"TP*0c4TQ'a1JNQjSe5NLj[PL#$6+6lQM6-&"TQ'LDC'M 'Q%-'QB8$6443Nmh`%j6QTT)T-1DQN3XB(A0'J!Z(0'JB%-R)NbHD6N4)X8j%3)- R)!JD3b-C20'N$#6c4T!!5+(08j543R+$L6c918JJDKK4XTmN5j6N**KTQ)-Tc%N bR-5$$8-A"PL!'"U&VGmdDKJ36T-9BDaLE at 3LJe$%b68)8'SB@*U%-+Fj+&Q'5#+ Fa*%6Q-8)X4-#%eL'"V',J0Ba)KV'"#Da*dQX!MQ$@+6$Q$@-#&BQ$MQFK1SjJeL 86Q$@*b(-'X5,Fa0BLiDa,Tc"V%j$Q*V%-+GB1HB0Cc&1NL3DaL#$@-0%eL*2&6N 1B08a!KUV-&qB6S5+J#"V,1S#E[`N8jL$"V'%JeNK"#Da&JePUPZ'XBDEi0"U*#$ "U,9%Je$#403K!DKJ`04DSS'SA5XjM-$)'"UV0%!e6&3'UB8$9'&I$Q$9-83DTK3 09DS3'UBR!e6#JDTL-,!m4!0F`S6A)S8kb3!DjL`$A--#GCLF$B-'$+1jJeM*!"V '+B0Ba4"V'1-'XB%$@-+#@$PM8+46PM8-#"U%N!"bc!k5`FY6V"TbaUNLR,'U5`F XDT1BjBe556PV!m4!08`B'U6U1 at 4!BK#Dj&#L!KJDjL%$A-+#GT13!1 at SJ)B9LL4 )KbaX+L4#SjH*2U"EP1e)N9(,'b"D(,@"p!%"XUK"!f6"JE)4 at SjDRH5$+Gj((E# #$C9#$"XJNKbdf50"XQ))0Na-Va8J1 at aX"!KX')N0J%d1 at 0Ja"P1dLjPLB',J0"V '%JeJ53jDX8*)Q4#$40BM3DaLK$@-+"V'##RD5!$@-56--Gi08aB&BQ5($A-Fi0F `B9LK&`ec(!$A-N-8l5+'4'N3j3f55lPFV1 at I+'Z5CFTQ8T)U180FM6P+)JJR+'Z 5KFT6X)B'Z8Jh+'ZB%+GK&!ebGPbPBZ4Kj5Nmj3eM"BDa+Pb['"3DKLI-DJ+Ne%Z %MP-bN!#SKbLGL5JJDSMM)j6,&!)$956,"j5X85kL4bZl%-'QNS-lLI)!lI-64C4 %X-"TQ'!dc#3DCL)-jlJ)$6!a$P+a3L"M8!303`B at MmN!'SBU!e!J%18QS5iA$%d 'U%QNFSDTJ308&dMP$9-#%e53!'9La)X08a"P1XK!DTJKA#',+13S03aFQC4`%*U %S3e$(**U%PJe$&U'SB-$8-G%03Pbq&C5!8I#XT!!%3q%DaJ`aV!3'X5kI#0BP%q (emjCr#03N!"2Kp05QI#Te"'[K'Q5TI#0-Nbq&0-K!R86T[K8kL4VKKS6S-&"U') mQS5#BTXiD52qB$4aqm!hmirj!0Kaqk!hYarp!0cdIZ!06ara!ESBrE!E%MpS"Y[ (l)$Hc(l!$G&(ki$I%MrJ!fGMpB"Yr(qm"[U4mF"[m)r9!EbBr8!EkdIr)$8Br6B 5Im!0i-IT!0pU2d3'r2(k!$IKMrh!Eqq2cl@[Mrf!V#Mmi"[rmIlJ'rdMi`$Ha(j S$9dI&!E04rkJ0NSr-!ETSrp!'U)ef"[GMrc!EL4rY!DbMrB!hP4q8!fXMr@!f8M r8!haBrdJ0YBr*!EkXIq3!!fSMiM*%[)!E"MiB$HA(qJ"ZNMmGLFIiJ0r'2aJ'h8 Iq!$IBMi3$CL2ml!ca3'm52m`$5SrbJ0UBrb!0bBr%C+Tq-"Vf2``'USr#!DTM8[ eM('!hJ4d3'i8G!"[&MaQ5$Fd"[rBqB!hF4mX"ZaMj3$Eb2i@*"m!$Gh(rk!fRMj )$F at 2r`"Y$(ll#6rX"[pBq49Ghrjk'3jblK$[DlaN&6iG(C`NlQ(CcCG2l'&I`k2 G9&3ZdeqAHh[[)FLh`#G`%%Udpf,J at T`)Z$h)h-+dr&#'%$''q`afFY)CDHl)Phm 1Lh93k0Hi$8M0drXE`'X1I$SX,C3!V%F#-9"$K9k4ZEE[AddqPQ`THCEH$#SR8dq 3!!CldqNaI"KPVZ&*iXZpK+R`P5USjN-k&*L@&I$*(EilV0`RfH,[0A[lb4JfBJf m[UDI%(AL#H at GTlh`f2a2bcm at HkP!k+9A`jqf`Td)[&qG[q$YjGPmVdY(I9QAm,G 9aZHI$hiLAfDbbbqArdkrmH%90*qFdI`lDACF[j9AipCAr$2m,G(GXTQ*e`XGDeP PVqmlQhB8B%ZbU,hU[dK*YRd5G$@@9$if3P-*-%9+5Ge,,%PL9VDmpLV[!)1kRh[ KRbqPK$MllRX+I*3NJkeXjPQ#!pji)FHB#98iilmV,Xc$1pKAJ0MlIKCUaUFM$@9 253dd)J'R3N!0rc#N!E-`NJ0cN!#P!DpK6!0cd+F"[pS9!$98-F!e4#T!EQ`ai$6 i93$IEKcJ$FU&@!f3!)Fk*8*0PI+F#1'a3-3"2!GFi5`G02K at 8rYEVq'*I`b(66k M-8rYGVl("r(K%MQ*i at kcPTm1)`NN[C*92C*i$#6`((4BSfeG,m(iF4"(4A[`q"# 5eJQ3!"UY#fFZ"3YP#5P%QNVR&m''5PfFU8Qmb&M2Ki8Aa0df!(MEfpipKCGeaHf jEVi+IFed(&k*92D`Ub6aq$cc#i$"F12`4"Xp+BJ`-$fQ$(JFIJMmXr+k9`BU1U% Xjl`jm(TlAKXUJHpm2!*[Z3q6I2Xr#Z`LE6J!*Bfr#T0)['-JVifbHaBm at R`m"1- Rb[0iGK8!Pd0K92JKmE32`452,HK+ at i*HiiD1#(aUCq5,[(S5XA",mVKSi)C6M2b 4E"iY%MI1VpP2`SN2&&Qb9E"E1"1TXjH`bA`jZAA`bfaK)b&8Yh1PeaMcFA#XHSU +DhjS)9F,+,LaHG&k%A["G8I$A9Yl!mK9K5f'2*-+iIP+!M0L at DGACPV+%JbNf%A P2UlD-aabH,)@&8cb[-01Fpa0)p`m3mH3!#F([,3m2dU-h6UB)@UckN[DXML3!+K AXMd*BVSNaN1-pSK"A-*XjP)!c&2KVTGRdGa)`jB[@Vm%$VhiDi%1rC*0Lc,b4L! *Kfr#b04 at kArIhLEl0b-@XcFJU49[N!!'H)"K8+VGedB65-8"ZrNH),*+PdpaK9m +bPPaF6'N3Q at I$B$@YRaX,`plHpUp1m`"61[I&-%8a+b9i at kk1dIC9!Bm"`BIPA- KH09bYm#4LD[Y`'m"ra3ZiDpUERCp*0X3%cEAK3PJ)3bNeDPSQj-Pfc!*,cmI8Z0 r0NK9)R`dr[CEPI$*AS!hKbTdc23"#%cfSCr-%%$cq9 at Ppf%UE)bRTIQm[AF`,S4 mPr"G9"G8-,T-V+q&PJ`j6``hFZA,kATdB4q at FQbp,f8$6*%f%S1-Y,dpa[Xj-CM K2kX02p@'VBV(AFSNb9*Kc$BLl#I%V%#&V at 9J`Qk#A6HaKG(id2'eY[89%qALlcA CKBH'[k&$&C6FBD+AD&q0+PjkSU#r#T[BhA4i at 8U*G0FlbI0#lKL#5MfL)SXqJi% hLX'T30Hi$@9G'T9G#9N1RQmM`SZJh8hM[4*apb[Gp6RZ at iY[`[MqB81TJ-q#!5F A`Br,AY%SNrM`1bAhhh(Y!VULQhJq'99!0&KE(KcrR,(S[khSl5,Z-aQiCMfIUER ,qCfZBTrBlA"brPq*A9'BT[BlA!LhcJ9dIE9e3,CC5mh&[KfQELlMf0e at Cl+9('m 5SU,RG0&Pc4VV`)YmBh$%F!cZ(!cZ'11kiFGij8 at K&f,pN!#(L$1$e2l'kihEbl5 XGPB3Kp5AD5m*6q2j5Tr502k4Tr502k4TqL08[mm,&hZZ13aNlR)Ma99qqN9IP9m aLkXT&qq8-fAC5ZX-cJjb4r2kY*MCR"kkPpARk6PCR"rbUZjqj5FR-i2LBrarNdR )c1$QVlT1lT2Gc1$r9XZIN8RYjR"mR at fhLdRVjR"r(1h&I5FI-i2ar4Zrd8RTjR" e2UGEdG*k'C`Ip2pkEkp*jfC`H&aHRTD6LjR"c(LIGqr5HAQF'kr(pHaT2+c1$qh KF6kP*j1C`ImImIIbe*`mcJf2j)ridRMCR"d[Krkr4T2&c1$kRq(HrTT2%c1$`I' m'kT-A-i2bI3kMN8RJCR"Xr9amkNa-cJqMjrAHR5GrQF(`I0l'fT-2-i1K[ISIm8 RfXcJkECkAjP*hQC`H,0bI`dRGjR"r"GeZYT1"QF(j9*q2L8RFCR"Yj2dY65El-i 2qr1FEhU6YXcJiG6kf"5B at C`FRHIkp95B1C`GEf8IlU6!c1$bYGi1cT0YQF(Il([ Bk5IQF(iN at 2kqN[-cJcUEU2fdQbc1$(c[Bck6BCR"he4ehXdNh-i18r0TIS8RAjR "[XAk(lk69jR"q$mpEr65DR-i1kmI*rk8PaQF(,qPp+pT02QF(CImrMj9*-c1$rh jhV at Y*SmcJlcph'mkNXmcJirrMeHLT,,-i1$kImrc8QIc1$l(qhMmj5Cl-i2GFEZ IlU5ac1$9IPjr2dQEc1$rAiA5H$59fC`I at mAFC+Nc'C`Il2d at hDdN[-i0,$VFM5C E-i0r6hHlT-TQF(rUVkI48Q5c1$pV(8h"T*@C`C'dq[8dP9QF(EpMphl9)0KlZ[p qYT*1C`IlYKa- at NKQF(qRe2"k#33!cISplfmJJ"q6Lrkp,))!F6rH2m%JJ"eriqa Nb#!(5H*ehG5#!(KriiqZN!"!$p2#kMaj"!$V+ at YX*"!#XNC2mmJJ"rKMp,55#!( PeAd2l*!!3!ZGPkh6b#!(p&paX133!mDGp,+b#!(qHYr(h%JJ"T0RirD5#!(5h[F rcN%!-5lpAV*"!$eC[mrmT"!#dNlLE))!G25 at h`5#!(rqTjr6b#!(SFjdRT5#!%c `qRkZ33!dAj+ErQ33!qrih at hFJJ"j[q&hrh))!DMeIIZC"!$2qKa2*N%!2ZHEpIF b#!(RqIphfj!!3!Qi[Frl5#!(2IQmIUC"!$ZI(rRbj"!$PrRp at qN%!,[rQfmZ33! PHPZ1ZN%!2TrZk6Mb#!&(cZIl133![HbT[DN%!2MAR6r2N!"!$#f0hrR))!I$VZY rUN%!0R6F5M))!G$&lqbN%!0l8IGidJJ"b1Gq[Sj"!$rj6pli8JJ"8`m(-b#!(em G(rI))!H[9rkiq33!h(BpGL5#!(1E6XG$))!GhX1SlD33!rKVmIN*"!$DqRNrT5# !%RrLYq,))!IhmEk(rq33!pcrE5r+N!"!$EH&a[Xb#!&*qAeUU33!qcqMmIjC"!$ qALr5Pb#!($i9jq+)J"qEr(VqSL)!9rLFjZSL!(c[ar,jk)J"q[rI%m5)J"LmA[+ b)J"dISrXlb)J"f(UFZVL)!HCVIAqh%3!r21ml(4%!*GpZraa%!1YfAj2k)L!(l+ UA[)L!(Miq9+L)!CQ4DIKL)!A&,mqbL)!ImmjJrXL)!IKUG2V)L!(68R3Ha%3!dF R1E@)J"k8haH,%3!r&Gll54%!-pHqMM4%!1TfImHaL)!IZmrNmf)J"hrQq6Y)L!( br3rXrhL)!@hUrHY)L!(RIi at 2V4%!2Zq0$E4%!0"q6j[Q4%!2QH(VGA%3!j[RDIB a%!1irGJrq4%!2LqPR00%3!ehr23HV%3!a[cll"L)!G[irLqj%3!b(j[ih%4!$Bi [SrUL)!Iqmlj2 at a%!1eU16j%4!$Ri[[Iea%!,bQrXrP%3!prA3YiL!'lf0Mk%4!$ ,AQYed4!$XZbqEbBL!(XkrViSL!(eYKHIfa%!+MDI,cN4!$k2BmjrK%3!rI9pjP) L!(f-GLGc%3!jdhiSL!'"6rXlk)J"lILqGdd4!$lIk2Aqp%3!T[brNbm4!$jrKE[ kF4!$qIqdV04%!1mid[aSL!%Ar(ckD)J"fITfR!L)!IPRCcjF#!(NDhS2rd#!'Vf @Rq*!J"BAf$[B%!2#armFa!J"qUUp(`i%!0C5lkSJ3!VT(Lpl!J"i[q2hZGJ3!re iApRrf"!$9IMmRim#!(4H*bIb3)!ISiZYbF#!(PIlr0`S%!2QqT!!d%#!&Ek0Mi% #!(rlcIPr1J3!p2cqFreJ3!kVeH[fm#!'Gp#mrK!J"i(MFZcJ3!rir`rCjm#!&Vi IHAN#!(b2bBR-J3!qp8rNl+"!$MFjZk%#!(9bI1dX#!&P5H[jX#!(IAIclq"!$rD EDH[!J"TpR+l#"!$U,fAj8#!(eDMR2rB%!1Cc[bpI!J"VkDmp'"!$*4GIU)%!2UE (pRZ`)!80Gbpa!J"X1ba1(!J"NEc[09!J"p,pflrA!J"bI1r*mf"!$DImq[re!J" PI5mlrj!!)!GYipTkN!!J"rjqIjmb"!$XF at Alm#!(3IQPE#"!$JISk$kd#!(YH,R +H"!$Fq&Jri`)!BlmZRk5"!$qhMHM[S%!12rYr(SB%!1dp2aHrJ3!Urq0pRB%!1p f(pRhB%!2ikrlhb)%!*rBmRI`)!8qdmRid#!(rh(I0i8#!([9HYcDaF2S8pMpKGC +Y`Umk,dfA+bf3Tr#L0!k,f,1XTq2ZXaC(K8MmRG5qQK$mKUE5kDkhKV2HK,Tp2l f8iI0j#ad2TQRpMPMSdFa-pV,Q1M4VY0le'DD-H at Mc)$Fr(@J0mD2qKQm6Q'Gr2i i$C'1XCiFHL!ERBjB$9FHAChQHKChQHJCi"mX!e0(ci$5BmU!dL2i`$44XriQ2YV q4R,5-l1B'B+p"FH"2P!0YTmX"TkrMf0H8FlQXER`IMCqa-L%DmSjmZBeqa*YG4V eARm!aXp9mZ%E2f*Xi4XrV(#K'H8PI,f0ceCaVeCR#P'[+5HI+0H8NqV8Dq$jN`a VbNRYJMAUc1TI(A#m8M0iR(XhLFLcH*jpQm6*C[%e60iR*-hLFXcH*c$0iR0XhLF mcH*XQEa0+cH*jaQm6m9Qm6d$0iRqL2rq!fFMm%"[N4rL!EjFIJ-P#rr-PJr#!f6 Mi,1)I%!DYMr!!eI(pm"ZRMqmcAMlm"[MarGC`BpmcaSrF!EU)m0N[hff2Fld"XK (rH!f9Mqd!eC(rFcK(qbcLprqJ0S)qmBqMqd"XG(pKM9If-J4hE2*EpF"ZMMlS"Z PMqX!hbSq!F9HrBfRFXk)Ie at F-IF!0,MlGR&Ap4PP(kB$Cq2I!0PfA0FXbjVmGPc AT at A0HMCFecM,QZHCFek*PcAj,,QYDbjVBXZDp)bjVB-ZDbfA0FfbjVR at A0FbbjV d$,Q[6XZDel,QZBCFek&PcATQA0DjPc@*Pc at UMmpM2+j[P at A0kCPcIR@A0kGPcIi c,Qp)bj[MfA0mJbj[NfE'Z1CFhb6,Qp+bj[9XZEmqbj[)CFhNarT*-&FejjPc at TC FeP-ZDmj(`rPT6U)$5)mB"T-I-!DSMj3$&Td"TFI*!DcMpm"X+0F3HI*5qRRll!T r+hNZQpR#,303E#pLF4XRLfHfKRZRKb,EYI*Y,Z5H0mfE6I(Gl)rkY`GfdmIIJ`U Te62jhJEZZKr$Z*XQZTIiGa,Nh*`GdFaBep'YA"V4laH5%U`5IBXd%EQ'f2$RDHp (P*9MF3cF26hXr,(%(8I'r(00m+E6!4kl8Sm6Hh[RlR,EE2[ZACprdA3ff8+aI6c q(ECk%,[+*0$AjY"!+kXXC81T&1qPi5i3`Np"K*P at V3rBQF4E`CG,Fl[mZl[B4RF 0K+QAY([,IK3bPa[bq4j9'SIEX(ai-cfSXqIJ[8DEhSm)9#9Q1VeIEbl+'0#($lV q at qVX)$)Fl`q(h9r8r`a0ehEJepHrUI@`f"b(2VqlKEVl3'8R)$5rU[iBPGK6p&` qkADcB5)Bq[lH&ZZl"Eki9#dD[YaDZlADK0N[#1e[FTB-YK4hMlV"bV#U&D!C[EI L`E#U((9km6V1rH"dMa'#RMT$Q#"fBfpSGhT%VYDdklEp4QXPQmfGMZPp[I9P0q2 #Vl,RGefXRc-,p'mPdrmGpi at lPdUi`@M4I)4Y'NiJ(+Eepp at 8U'ZQDDEXipGpi45 +ilJa#1#-JBrHKLPpCa*1XHNNrJ**AITVYjTrHPFH0PG[GMUU9qka[h2hmTHrZVl r,Nhm5$[j at 1`aki-D`@8T*I'cSSI%9*b,pma)M at PA"m&Q3!qZqj9[Ri%YerFrT$2 L2D'IAVEf2'5kldA at RIKGCIa'qb#XA`NMiQ&Nr)D*2JJ5[2!jJ9`rrZ6iErqGI at b H%r+SamNb"'H'p+ZBR at LKSSq8YpA6Hh)PbmKr$IAr1jM)@YV-YI at l'rLiRDpVK'1 "bCHDK*B0!3m(+k,I%P"MKBhCbTFQrNqYiZEK,bhKEb[Viq9jQmXDHC`rB`Xedbq 9U at f[Jd5Y2qSSI8a3@*Lf&@%k-5'M$lPe)d at bfBNq&fZEN!$iMPTre*If-U9r#38 cqaG6X&XhAamR1D-G95jLQm,YDk4,VimDjm'2'r+!K at -V"d%AVH,Q1'$(*!M#A#A (jbPEha+fFep5ZBbmESeG8TB,6q-L at H+A'VTQPpZ'&0N9ccK9C6CHANe$B*kLHKe Ar8A!dhr85abT0!S+M`U#S+Xk#S+U+#S+LS+JU439"8ZJU#T9"8&5U#S+Nd#JS0P 39Cd&3988&39&39"8LJU#TG"8&5k#S+P8&39*S&"3E+JUcS+JUSS+JU+JU#T&"8& 5+#S+Pd&39+S+JU63+#Jf9"9R39"9439"89"1!LS+JU439"8ZJU#T9"8&5D"38'b S+Xk#S+U+#S+U+#S+LS+JU439"8ZJU#T9"8&5D"38'bS+Xk(!B$-S-S+Jb+JU$*& "P"P"8'5U#S-Nd#J`0LJ`"Yk`fhM$EGX0ZfBEI5BEGU`fh6$E#!DjSV1+Yk+H"T+ +H"ee&2!YU)m#2pY%H"(qUL2!MiP&2!YD)m#2dU+cLZ`SM`)r2SM`)q04(J4qC4( J4qT46`094CrUG&2!cG&2!c&&Ca at ISTi&G4(J4iP%H"(hp%H"(Kd8m#A4(J4q,46 `,+L2!Mm5LRJBY%H"(i&%H"(ie&2!ce&2!fY&2![U+H"Gd8m$qZLRJGP46`2qU)m #2fU)m#2q&&2!ep%H"(cD+H"p'L2!Mq'L2!MrmSM`)rjd8m#1LRJI3STi(cD+H"m bLRJG946`2R88m$684i%Il+)m#2p0&2!mLLXibdSM`)r4STi(p9%H"(rY4(J4qE4 (J4rk84i%Ir0&2!kbLRJG,4qLXk5MZ9TE8IrLd!U1#XlbMr@&A"SlJ"[[8Hd!ElP (!@H&4qJ"Rjk2CV68SlF$2b8GX!hK8GU!hiU0q!hq0(jkdq+-pCU&'q at Ca4[9R!8 GSXibMH,-SSpN&Ae+2BJ0[+1c!EYD1b8++0f"RfD-jCl9(BJCpLMX!'lUMV`'lQM VJ'lfMV9R5-k,Pr4eJ$AY(X!'R8IkJ'h&(Veb$dIk3UpbMe`$Hc4qF!hV8G@$'ZS pD"R-SkS$0c4k`$2JSkN"[ISh3$Hp4Z3'SdIQJpfG'i!DI4e!$AP'h!EB8IQ!0J8 G1!fbSp@&AYdEB"[ASkB"Z24Q!a0Sk8$194dJ'B0(UJ-j0(4J0b+28J0lY'e!E'S fJ2EDMCJ0F8G%[Fl4d)$D1MmX"YA4XJ'Q8HS#VbU1J!EbD2bJ'iG(2UUe4q5"RS8 HR!cVk2b!-mkMRJ'iY(TJ'mZMR3'p1MdS2DQMBUVC4X&cM+0HUZ9(1, at -SjYA6P( T!Uhe(0!0fe(SeGG8DkeVk*DUMlbLV9@@SPUU2Zk*DUMi&%Y94pa4,98IfU+Y9C+ LV9A689DUX++Y9CQLV9A889DUk5L at USrre%Y94rJSPUU2lY(+,AHSmm"Rq&(*JCS U2a3-r04b3$IMSj%"[rp()!0qLMm4DmP'8YAkMcUeFU0 at YA+McLe2+08Y@bMM`Ul HM8J0[D11!Ek9'S at X94T`-rZSdbk#e'P!cqfM*!Ekp'N!EIdC!$IESa,9ZS`A2JS ,PAVk#j9kfJZ9I38&bVjUJFUmIiD"bVarIS(+[(he"FUpC319H2K8&bVk'JFUmIj D"bVaq(319H2`D"bVaq23A+[dp$N!0mqJV, at dS+beXD#XYGT39PVCd#be(r'J@@S rBS&PU2pp"@@YE3,,8I,S+bermS&PU2rfJ@@Srqk"CDMrP3,,8G#JV, at hS+bem5J V,A18&CDTD#XYI'S+beMU"CDMqR3,,8HlS&PU2G8'@@U"CDMrqd&CDk#J@@Srl+" CDMqY3,,8IeD"CDMr[S+bem at JV,9e39PV88&CDdY"@@[kD#XYGA3,,8IqG!XY4rV S&PU2r+JV,A8d#be(ra39PV at 82dJCr[3,,NIlU"CFMreS&Pb2eD#XZGE3iDMmbf4 BXYNE9PXMjV,C(5XYNC!!CE)[f at b*l,C&`bf4+CE)kCPXM)XYNCePXMjl,C(a'@b ,TPXLhCE)cE,C&mbf4maPXM12GXLpCE)['@b01bf49-YN@$,C(1XYN9l,C'dCE)j aPXM8-YND4PXM--YNAE,C(9-YNId-YN8c,C%jPXMB-YND0PXL5bf4Q@@b+GPXLYC E)f,,C&+bf4TBe(lVQ at bXqbf9r@bf9mjPXVj6,C at 9CE+h$,C@!bf9UieLIC504qk L0BRh2aV%qd%Da2ZdM@*pmD04qrTM8IVD04qVSe(lXSe(l64XMp'4q1XB4q2m4)r 3f8DMp-M)r(@!8IZNM)r'cX4q0V)Mp$CaNIMCf8IZVM)r4rYM)r4iNC(k2rU-Mp( qb-Mp(`Bf4qM8I[FM8I[EM)r4q9'SrEk-Mp(rqM8IZhM8I[`aU2hmBe(lkFC(k2r 1-Mp(qU-Mp(hmC(k2fSb2dIkBb2dIhSe(lH4XMp'SrH['4qMmQ04qlD-Mp(q#04q hXDMppq04qpL04qhFC(k2pFC(k2L4NISm1-Mp(r#-Mp(j%C(k2lNDMpfXDMpkdE) r4NISq('SrB8C(k2lXDMpp+04qlk04qrI'SrEU-Mp(rP'Sr at XDMp,M8IYI'Sr at ND Mpd8C(il'K(k'ZM)r3QaXMp(mNfVP(cimC(`l24(`h0L2N!$@aNI$DZ8I1TM)q4q P'4mMm at -Mj(cBb2NISaNI)rcaU2RfBe(cQ4U2R+ at kY(k#hk)qm at r4(rJYqL2qjEp %I#@r4(be[d4rr9[d4rm-hk1`C[d at 60qMk,0qMqTQr4mYQr4d,0qMFXhk-'04qkq -MmGbKNISb2ah1L2ahl#2d2rNC(ih*P(l at 4NISr2M)r4q*'4qMq'-Mp(rY'4qMr* 'SrIBM8I[JM8IZ6'4qMmk04qlZ-Mp(qD0NISe(lmXDMprl'SrIf4NISrpib2aQD% IM,D)r'8!4q+*L2ac6&(lZU+Mplp&4qj&%MmBNLMp`+*(iVj+2hek,)r89(lrZLS rI at SNISrh852aR(%IM-d)r'@d4q-S!Mm86+2hFd9(lhU+MplY%Mm at 2P(lZ+*(ijK LMp[k+Mpi0&NIU+Mpp at L4qMreSNIM2S)r'FF4q-c3MmCE4(ibJ&(l[D+Mp4SU2f0 4)r'-`SrIDSNIM%Q8I[Yd9(lak+Mp3SXMp4)r4qV48IY948IXp48I[S89(lV++Mp mLLYeM*d9ZXGR4 at kaYU+MpUD+h@-P48I[Nd52aL6,GDkHLYeVEd9ZYI&SXMp4iEG K)"18!R*!6N!*lS#Hf!RVJ*alq)Y+HR2N!Ck$10VcQFEA&CaYH at cMDmTR'ej,R'e `eZfCbC3[,MI!02cQRSEE1 at e$!`$G at PhY$!ZI"SB%U9-`TR$c4h6Sq(TIHS(JHSA R9Hh#S,i at pS6pY86DU9PN4,XKh1mm6HA[)(1e%[ih$hGhQ!XRbV(C3QB6bfCDHp3 iFUa1dZ'PI#E at 2h*+,f5"&YK5YXe5[#hSR&j0UCA2S1iHpm,,INm[AHqiRQq3!1C `4)"Y23RQm*fhjHf,8fHAI+PpATKH-aTjXU9N at SeNqlbQpZHhZHir*rRV[G9VLKS hfYTlCcBrP,X69ah4jp-5Hq*Idj,2LXpBrJ-PYa'5fpqam1(2T3'qe2T!'laJNrX qX"26BqG)0jc%'iV%'mYMmr+Br2b at 2ciE(jq-ir2a5h2`$UrmS#-0GBI5qp(J'kA [ZU!5ERmRjZjKP0lfG40VCAa%k9Ek0CdmVaH*KAFSh1V1akH(fIBXjA6`mAGC*cK &mqjqQb32b6XUFShBmBi8HfR5Cp3Z'eVHR&+Z'IYTe4FlZIc[$hHDKEEX)ZGQbE' PZMKGM`-Rb)36Fj6i,MI6kI&hPl62XB12KilLDH'bh2UAZ at qCl8fcYI`@r#cRU5p CTr9N8e[`%*!!)Ej"dq+hfkfpEE1Bh3cT0[`XcBfhiZEDcMHkq2VZNXqEDf'FjYV `F[,fR0YEAC3aCm,#$GpLUp#I"L5kcAhecXGEX'lREU$9[Z25$CCL$-0-Pi$66I" TeYrXpYX at GJ`0[aBdQlUNMN[DBdQhi'Vhl$k4`H5e2ZS-)c'Vjm9K#rKB4#HGHkR A9B'cfc*NI!1*E+DEqA0[6cHCf2`f!f,DkAjfrX,,4kI8DA4 at A)e["`kh at 5mIGf0 MR-DXQF2GBd+AjGR(LJG,QF1AGCfZK662)ceG#4-iRGGV`0eIb,IKCh[`Lm1`Vim @CY1ET,E*AFQA96DDdrPcHZPe&J98,#"a'H*SV+%A"pbfVir%Zi3pNUc9mIMh0R- iE"lae``C20Cc"e29D[8arP5S6paZ0D'Q&LCHZeNZUe(mi93FGreQr4GSUq2K5p6 B('4(q at hiAb*1Kbph89 at PMiXk%1eH%3%8EIKCl*k(,cZakcIJP4RaD*b4cj(V!YU 8r#Zf82YG,Ham+(J5p6Bed,+C`e9ADB#"!Y,f80$B5K#TBD5fM9[`ZQj)(C!!8[5 6$Jj at ecQ0Q$dP98cpGK6fr#cHVeHrRa(RD`Sm0V'A at Yl2BkbdfV'-SmbCl9)[TKc ,A5fZN!#"fB(1GkN-X-I`IM%Sf`X-IEm+TdGYKA'rZpceQrX-HPUd9G$`",1B*jD TIQ+9c(YbP@#fKGFSpZ1aQP3HBcaah6A)A964S$Uh3jG1#YY,Ge,A"G*pJF&(0+5 &$bV+&M6,kldIF6M2V0FCSpMDlHlkhChZ`[[S-FTm"hj%j6i2REr4 at 9[mIJkE4Cc 'VKb'NX-H*em("J*9m'*[Cj`-iQq24PM!4p3'Z9LGZX%CUk$bZ9!r)b2P61(R8ZR NFE#!kMaE3(,1'8X+VJm88U&(hNTAFDcUGPVEflf1TkUjf1[E+e45M&kH9*1EDeS LMiTdq'AK`HUkLpK8ieFqKL*$$kALU&i2B*4Sm'%Zkk8#)@c2 at GdkI0Em+-P#UmU NNQE+%VJec&8q"+T`0CGE(EDRBi'f8MHN[VdUmUVd+am5S+[AL+H48QZ$#edVCM* @H9DI43i-LfbphNf+0Q1$TV'RZE243Re!- at Xh*2Z,%SR"Y3-dY9TB5Ela6d+lk2h fTmNcZYRZ0MU0[YVcChVE[b-V22m5,0GB18kje*J at VAZ5bYI3`b5`N!#V)NBXiA$ C%+-,IKFj8[[)KbRe)JkV,PBk`Tbm8VEUcl,0e9R#6He[&Xl(U)8e[c3IUMlRC+' 8KPYcMTYAZDQE8lN[%0c9cC'jb&M6RNkCjZHieQPf,m)SUcbj+hA65lT8lX2Sl(1 FhLBZdj[$[G8"A$*QJ3QH4A`lhG9fpq9Y1Ea)5EE`)8dkSPdrh1Kk1C!!TTmR&hY h9blb&0KjGd8X+HXZUcC`d-[j[&rPcH*B9&KQaEZ&m6XeHY1*4QQ6i-r1,ZGCT0R HAJm5efmkGXEpk@#'8GZS,&I+3VI0#+`JYaX+`L(QHD!RqpEUHSl+%[Qm3"UcQm0 5R4XP1lXUlhQaffa+I&rYG0HZeIhqdH+jb4L[K9UEi$28Ii6jrG1[l0CF$MYEVqb IG1f-C9+ADI$Sl1(M!*qVRbZ9cI*YGTcI(Ra,&45!I98#1X$5kfa)QkF1VJ@,3ZR A0YR1E`Te-!hMAGBj-G`bCl-)-Y2EKqf`Pf%[45`5m-PiUd, at f*!!mDlb!1F0k(1 5$P5F`k4cI(Qh$p85-(5KaR%5H'del4,p6%5H*GhcL*4FhajHTV*KIY5mAC`V,ZQ BkVaRA5Eh at D1q6Shb4CQ!4f#V((fdmM2+A!jR8[8Q)*P*R%-8b+X-36T*YC!!PjF #0AFi6U(Er at G6VEcAfqhfQSRA'YZpLB2ERl(j63'CfNF(r5Q)e962)i'kPkNX2C5 Cj!Jf3XSA at NE'c$k0S4 at h'KT[pIdcCXqTd8*Rkml6IjITc&2hHkZ45QQdX8E0H'B #Rec!`r@'P2aF,4 at 040G$,'aU0G-iD$UbRifkcYMP*U65k,dl%hF[8q2XSGKHC4A U8cpFcp*rP@&-r9@&5$06FAHh[F1+8UN((Mpe1FqTV0(Ikhk$N!!YB(!jKR-5JVf Ba[2eG6qkXp$1qKN1!qlT&+PF1ZSc at DBkKJSj29A`b$#kV4FXKl08fKJc%DUZ$mB a#UV%lLabl1Da)cY2h9RSBY&6Y3!I0P2)r8b3!!UX6YY#)3)CNjR$ZF*92VIK at 2* jkmK&#Q!D4#R!DNK85XPjZ49Ki45Ri'Xd-(kSCMm6YRYB&)&`k$2cQlGNJ at N[VlE +lI606m$lPC@&)$imb(KUN4B9d2$%ir8f"K at Zffbf0aIQ(9-f&ib+hS62Djh+'%C k'*YNBC`UN!"$VK at 2YZ8a[$@E*(ppbq1m2V0q$Q,EDbG#+jkcIm(ZmrPf#AHX%V1 AG&2+8UH4NV#$80$S)*cJ46EE,YbJ)XKAAAbl`l!RU!0SBr6XXh!11P+JKI-!4QH GKCq0e9p)XUAF46B3p,45H$hKPQBpQJJB-9Ka+lVF6DbaFMQQD2%hVJ9EBRe'+9N NT82Xk'[Mp-2ZeX'CpJEBL(V$i!Hea5!TlSHNr#hBhXP'hQ%KR(CMdFFak+TQ2!r J`SGbrC4KddY0CBD08b['dZd+)!1`EE at AF)lpJe9f0,Fp9`Vf2e,iqRNfS at G%#fb Ph4@#%1RCCKPE#fC"eh$-q,eJ at V@$PIRbHL`Z4523a0U3!%14(`fhd&aIl1pffXI ,pJ+-Xq-C3p,V0qmJeAm+fbmja3Urf3%SYQB9hDVqhEchE[+NbLrJ4AH at jLPC,&b 1[,Af at b9Y[*Z6!M)J49bXpJ3aHQ`)AFNbp+PDmZ,[0TlNq#TB0qUhEkc at AQcefef erVpSa')rG9k9PDq(1VBFqG[m6d+l@'H9RVZ[@E4Em+Np5`UQbf52fpBCT4HEAT2 j`U[b993a*[3XQ8QbZ$iM`Hi-rSF[E8phNc at UUVZ8K)eUUUhi&Y$9lqGh`09l%8q !46XfCU`L%,+bK9D51-3k82Qh0Y5cS4i%cp8ZQ at Gj+[*X)qaCHFHJfmikVXpMHlE 6hem1&6KZ8BfP3br-bAC3N56)-jfp1H1pj"eC$04Hr$h%#4GM&fF at NLpq,hd#-"Z q%NU*X)KdKM*9+cd1$Qp$Pl'R1De#,a"%+F4$`(Y%-K#ZKRSGG#mLlk'"$!%!kFU 5"j`IPQ1K1eHr%1`@1SjA"r'"Nrjfri1B2pHj@,pZlU@#fA"EVQN9[`UA3A#-VC! !Fa3YTMBR"rS",2UPK)lCL)CX9j`Jd92LG3CY%)XSh6ST*E#+TVl)9b2c2!K)XE+ +($[)9GhQUURK5AHB!D[ZqKRdQ,U5kH+C(1lcjfrQEh48r"d)[Rj8I3mXaf+T*K8 h1KJG!U-eH)3r+U[`2&ZY)KI`cX,EGDVKk0R at 9)$CZ"J38Qm6J)I8F$V)4$"C+C) a1a+[%p6(+R*2@&9K-F4M0,1Nkr3jHEF5`-Q(5)ipR at -F&a-+kh9h9bGd"R,RCdQ `l'EQa3"c(@m14C`LQF2Rl2'cXpG861pDp+BTC#5lQA"5-0%l#E6dqUBU'Mf1Zfp fb'V)BFPC-b,XjV)q5N%*&25&8j0[`ZJmTP+L%2fUSG at kaY45`apKCB8-+&KCI4S r4SiRU$&FR&A9il"6P'#YpUAF'ijbVMI9RS9RS+[9LE9QZXah@*2 at U-"hUSZ-*LT QF24R1X!USD&BQ!h*',Y3ehX6eecR'#f2)4Br%pP5C,,da2E'f&k9R$JrRPkb`PB Rc9-*#Ua26QeC$E&"$(Y%!ip%-[4CPr-XBI9ePTX1afqefh8lHrfYmb[K(b*m$Dj j'(Bh0Qc$Lm%k4$YHV5hPpVYEHI-[Y[Y65EFUcC3,Z9e2mXE%PqM,p%kr9R(c'!h ++I`lC))1%E9#k5[bphH9UNJl*pT)'5UGD6lF9KS0P((`plSS5kG3%8!Sb!@LLCU cG!&(CXf818e#$,mA2mj@*q&L6CSaP-bR8GI[fDA6MUY(ID at r[[S2Q!3lV-BRh8Q fLVi9+5$%d!N'6G01Z[VlD2KSZb3hAFbTRKC4R9BEVZ0-VRBl8eHAkD)cM'EJ9Md fXd9h+N"+M%ilZBeh5PNdppVpEHGC2f'YffaZEZpGjkc%%r2r)QJ9UbXC9+bQ*ka Je'%"Mqi"6ilU$I6 at GFa!(P0U at 3XC5H+BeFX,SM!6PII0Pc1[+DbTq,'DM9jYbF6 F)')H%e`#GS*PpVJqJ`Dl4Na5#[41HGKblMiQ$#1%S$1rH``'%pVJec4K`-%q6F+ a`Qk0NE'i"b[(ifFTE+6JB[`@jA"VLlfbM%ip%"X2JkX"Zr!CGaL5mTM'6TI at Q[f fcl0efR)GjMMah%61dTLEA1GNI)lN#2FM%qHT#NP#V4I&ic,d4$A+a2a at fA+e@GX E+4$KpNmV40[+-XESNI)bp-a at 21Fee$9)+ehJY34cYrFRJhPPPl'Q*D2X5E1'kZj %hVf%(*i-h3Q9)b9i,PMRF(C@@AZledHlh at AHZCH)H"$$RC96p%S46S at K"rPq[44 -6VrQESG&6SFF$V&k-XNm4bCY)@h"f4ISC"p#PbK4Q-*afcZD1qkNkQCI'p6HE2A pNpDU5mNY3R4Bc1K8ZLPEE6'X9hXQDi"ZqB[iXE06UYler)3hfjK0VPcd&U3#k5r $qI86GTN(h%YGY$KjZGklcb$83mYmk!NkVI#bmP2QVGQS(0-4`Ea at DKB8YK5VBL- bVcfA6aD)A6NX1N-aVT&KJF%b0-6iMUjG*CifD6MTm1L0KK"3%IU4NcAdPc2)m2r p#U[DZak5&A`0P#Ae&RcH*0UfRh!)()3'`mQAUHSf5kKM)"F+I$-fC0KUDVCI2Q3 XLcAlpVe8[8k%FjGD at CqNjQ9,aGkYAMS,HbJFdE8bkELi992arLe%fqTY$6A at PQb G"6'F&TElM,Xa#iC&dQd"d,RHrY-r6`0hpbXVCKibTd[Um2B0k!5k$A&i%ZcV,V- DQac6T4KelR3Jq2,e24G at DC@Tr[1LGDk at E@(4-r85REbAU at 5T6H"e6YN$TF,+69S 50k29pjmf8cadITE,%[`#QITrZ'bX-iJ3"!@9pSP`CS,-[Q[LrIYq&NF`)N5ZG-5 53m&hM#Z$!5bh(MpYZdBbi0YVjpr`ZLbPH at A&0eAG at 036MA2J`UXRa66bhYYKDlh TG8ml+(EV1peQdf1demrY(Dk at AEfl05DlQKcj*YC$q"j&CS"jKYZ at 2CE!b[U5pl" lb[09#A#TKSeQ[FAkki'P*&A8rHE`R8q!&Qf*2"QF1ZTZm`RJFdX#6M*CL at b9+mD (1($G#+Q(UDNHYKH-H[#G-QIUVkDkh[C`QP26LrAPfFrR- at 9GQfaG(Ue[[GQIUcQ N--bQi'pVSAAE1R3pSU-056T#p at aXe0f49DbcDK54MD%f$JCVYSc6HQITi at p[I8c 92k4eI#rLQVfSf0MUj%cKjXr2"JC"a`cd(1*&T"MUCeP,#5XT"1 at +qK[U8Cc(45H ,L%@V01QD)A1&pE%K9+l8 at RY1ULk%2Iffk%CU6FU2dheh100U,Lq[h0rc'HX#Cbm FCS*CG+FX$5lTM9dK)e)Y at -cL''@FccX5%JCDVP8r@`ZmlG3,c6KbB3aeh at J-BE% 98K5+QB$3B3FaSe$KMh+XA#[-&+QCS*D5lUeS)6UJlC&*M@*Qp1AM6EXcJEUl3e) "VTc-BN6XfcSG&-blV at diV(SiBT+-9&QQ@,ZTe8cNdXCXQe*'M4L!Ch"qh4jMLlq i5bb$Sp at l01DHa8YYBf8S9"Z&GGcQUJi89V#LBeFR#,4X0XNq&'04B8'ij9-NqLb DddKjhT[,Tl)(2!jhH6c6-90iGj8*a6Eb!F&@2Aik-GpFi99K3KrmJ at fr(EJP(YN +ha9%LR%9#q%2!XVj"Ym3qZk4S at hd6GdDlbEc[8HjQQphBaB-Nmh82F6M$[[D[IY l`$Uq*C*c2)0G%[%eQ5CFJ8kmUmChX-Br9GedRa$6fUqqG`)Ke962U9ep-KhLpIc -2ThE`[ZVf2DD1qqJlNe-[3,,k-FFE1F0QP58VGCqCC2A3[13!%Hkp"DNVr&NFQ[ 1**jHXI6@@9GAQaf,lG at aG0)krKl2TYNXB,(m(A(58TZ"UFrKANQee-fQmI8hNM2 lf`aqLbA"el4KjeD[UkcUElDE5q[9cDVi at p[TqLU$F8U#QehEZTaAA&M6Q2KNZbX Q9U1RHke&59TXK$)'P"&(4QjDacDiCXlQc3q'U!KRGqbIJ'8"428&m at lTJ'jkG9, +B at UXKKHZ3e$UNc*Ukf!`SSbLb"NIIjHp(4d86QI8C#M1INHckAV1[e&[aHieQUY 1Te1Qe&[FA1SkPkpRcMJ-&q9qAT!!+4pHN!!H,p*&qUKIU[JAN!#TIq,G4h$LhC! !CmmPNU2j at LBqkd,5!8#+l at -dJQ8LQ(AT2R$&TYKH-cIJZCQe2YU2F(CYcYR4CL! IZHEZ6cRC0[Q'cF-j)ZLi1QVZYCdB0!Gcb3i%5A!LQ!Mj3%Bj`)A[Dq8cpI+N$U9 "ddXd-#NBBp#6%BV"'0CDdeV6V6dUr@@a0Ge+R+`BYc%CU$eq9cbRGH5-')k9LUd @5qbLf$1$3Y[YhdMFa0Zf,E#R*1%Yc8iB[&Y6AH9!bNF at 4,iJKLq'R%dDIKbfJ1f dr9`MbkqlKcTrI-f0lYh2U%B`&2P-f6*&9kQa1ad#Uc8f*f49QTC0REPQq4kE2Ja #4jckq$9Y$l-M%NF*GU#GPCQ"EPq&9q5FT&PEbfD8'lkm[VT''b6L at I(+R2e%jA" dLkB`%IPXMXq51eXDIqNlEdMF#48`N9qpT&+KP*!!Ae8+i"V'hiAlr1$#jYq&ap' "&YEm,rVh!),hMh*!%(6!TTJ%ChV0qP3(DF3k0%*$2A3ch$0faNiUP0XCmF99aIY KPSHA$P4&qKl1fEJC'#4LNb'0EIE-2ElkeSQpmcRXNr'(CaI'K#6$&m'2'[UZI*9 pPcMG[UHl'Tfr8IT&6ep8rD+RVfEX9&-dYHJLPjkhmZHlSlC&A2T@*-Zc9MA$)m- A"JJP`Km!BIl--0F[&K$fCp-M+UmaTNBBRR)HbI)Ca6H(mj!!Ck$lBD"b+5eb2$S 2YY`cKce1a"YmcFSlSYf9A"rcVGBD+Rp'E%m%%lZAPq,[-e$dQ5*5qVPdZ(Q1Xhq Km at 4,d'A!kQ`maEG9GP at jL$@SJfRCU"2cU-1bF#3Im2R1bCM$H60bFr(X3)Uq65R C`IphF54h$+UHZYq&6qJ1SV2(fQ0AAH at EhhZ2l`B5J5VAIrBrIljKY,qJ-qYpDMk lFRE4hbU1,"ieYlX(V$L9ipB at A@kDhdDr$6%bilM(hHUVVV3jZ%R[G5HIkQqdH`i d,#$8cpI!hYrN'rPT+lUrb(&h at Hcq2r$jeRRqe#!jjdcpA!hM"cXrP at BD8r&e)%5 E'QiSJ3&8ck``$T3l'rH9UU2XV%ZADZKqhlR3jbC4p`bX1iE9qMe6DYPKAdIFRaP d&rMADbA9&l&#,B&lP9BQeVG1leI+E*VEbAA@@f)B)([mA"N at CJJI!Eb4eUQGFcM CR at 3qdGEll9(f at G#c`lE`D2XkVb*&SC+rNG$%B,ACblfMl-ZikA"M2pC%i12bQ+` "V2!CLC&SpQGP$03a,6q8-e@!K at I02DXBdMcrGLl3plJk4!`Qh[F%dGQ)S"N#HMM qSi),rBKH[8`lMIPDBHJaeP9`I(&Q`hFbcSB23jd6Jjhlk(,-idUKAdKaS9&[`0@ UBha at C(%S#T*XIBI"kd"Zri*K!0r2#S#khiAV9R3`@PN)**Pe8hSCq19)E(ELhi8 AQ%c9-,0lQ(PhD4LjV&(dQc*I-e[CE&QriQ(Hk0(HDmcL3[(R&XCARDAH3!Ejeh9 -iZ+B"ZFR9A6q0#,S&liXP0Y35[@$&Z`BN!$J`[*4AcTE[Ni at IY9(#"&"K0*F*T0 VA`b6Z6e,eLFYEmAYpCT00Tp6e9bh&$Fa&)@ZPC`HECZqX689K)KkM)c9Kf&ZZi1 lXX[9D5%4ilMk5HRBRPddN!#61-0aDjf*YE%biSF0ZA&h"9FZYEfHaY,cBZDb$b3 LedUa%UGRVJZkM4G*#mi2jTZUH[ZSFbM'c$0%!5D2BD'&YT6NJK0kHA9AFNIarSc 'UcMepaUBSBmE$blerJL%2e0%-2,ciRQEXTm1T[,lD[AJrHP at 9KkYXfmd6mhPhH8 VG1*Bb"8FcS4CQ`)RHS"'5*P**@D)B%bdP6,F(N[%NqTV06XErDE1pChDe1)Gfc) j4ICkfcp4rjGddcD8-YLAT5%bXkSa+,*JXU"f8R9("b$!l+!GN`1X@"f6!l*!GjE !l*!!(C!!R-qF("rVB*C!%T3K9``1P60T&a1$rfARAJ%A-jMBLVkF$!ariHSXmDX "E`H"Y-C"N[$eqjLGq!&(NF(jqT-3UjdTQ38PplB-'3S3%kFje'#Fm62kRIhKiqP 8#LlX[aP8U+B'*013!'aMdVCkAJ4 at 0K85m#4q'A85pCpEKq&M3KYSA#0T$$EX#8, 1Bf at -4k5jM4F0AkNkTRdM#$3PdeMq$C'%pmGh(#X,,4h1UZH$maflmX,,5DLhe2" qCeQrG%Z$F@@A-SJIXjH2,A-dK$l*@ZH,X,DFhdN`(m2JYX+ihml*p4TFDZH&6,P (96DK[d`[2'!5TRe58b(KkYU4CJ3,eZ$dYEeS%Hh`HQ2PaY1ElVJ4b(!MNZ"(+33 c#Hq3!*02q&D5LaUdeD-jM9V8Xi2b at 2LbbVM+"8l0U4+lV9!UlPU!9fS%C-QJ'bZ kY09Ge#CklN6iL at ES5D6bU,0QlYh2hZdelXfFMd)(rD(XL6J*2RUP!XkTj5Li,Pd PDl1lYGEX1U[lpHXYjFiUPXp-iX01cN-CSL(j'F%e!T+iX'9mM$fF$+Ch6 at qSZL- AJfaelXm4Ie+Y4F2heqXGI[39CSFieRmUdAeJDKfrFcVY9XpMp"U*Z)NmeZPbd*& T#4D`2qSFe+Zri-h1jHAPq"D(ZL5DF21j*pb,$D4IjHl$+)QHDcMcd,06l8p8lcq ZGAfQakl)$HQPm[@4d at p062jFG0+VVLfTE[3'-Gf"aID%6Jb81,`,V#EYr6T&cT( lb$9&jSDE[E1ENPd)'$e5Kl3f8LclfcYY,H5&I2(kcE&k56+[MP(T"UfbK0U"2UP C"PYT#e"T#e"T,b4C'VKSUEJkpQ(4NMePFp1UI&dXkQmBk-"IJBrJpDcrI[CI(E6 &rZcEibSk%pILhBLU8CJLZI,dZ0Z`&M12BYhk[5J at iV,-A+5*IAF4+keprIAPjUY EHEIBQTfh`G3Ci1RQ3a3h,IK"FEjh)F,"RfJBr+V$3lE*UE,439l4`IR)8RbQG3S N+cfEK+ at GTh@$$R0&&`H[@+-LK$`+Fk#L-Zr5$-PQb$,ia&d%Jh"kpRXJCNpGdqP dZMi30elQHH6++4"["FhNdbThmQmQ@@D&!TD[3SJS`CUKRZSU92Fb6!$U1'jlM1U H[F9T)5PimMrTQG$$kck8MADfrC*dhU2,jJBQiHV at RpEcj88CKPhGSZ9"j9+Z,5k kQddr8kI6GATp4U,KjbRCcC3a)9$RlBG9UG4Tp'qa)jqKP91@*K8 at ej!![2kMqE( 8BlI at DEDk1dI2dm@0YPL5!Yb9)kUQCBfPV"d[XV2NRIBcppN,'bT)q(T9pi)Slk6 SE,%qfAm&2Pc&FT[*X31qjT2#p9IGjQ0ibB6ZGCUEr at cl6XpEXlc@kjE1UQ!&F@) -jpFUTB-bdRMR"GdIcCY1EM!*4"k("lFb1ZL)P'UJXaT[6JVVfLjHk-b%ZXfZaG[ K(G2#ddpcUA[6`YDkk+VdRl at T02DQlekdm0eM3TFrK1DELdr$6FNrCCTZ8cQQj6[ ddh1iFdh(D$TI at f[i"E,F",B"0*B(JdLr$IaiYTGeqVhjP5'+94[6%JXGAU$Cbc" aF at i#@`#D5hiA!V&PM+Ve5AXcF3UE'bSr&i2l,IEmrSpEYYE,fCJVE2 at hQch'YAF )PcL8EBl$SRHaaEILSEBXNEa1bkR8D2UM)3PiNYMXTr at ErJpfbY&hpMPmA at 6TTTM DkXfP$ZM6%UXjeCjF$SrI1`VmrK+Na-h#I#ZXjZD#l[Pj!TGa,cP$EH`[-Y*QF1[ JHElR+kcp(pG[hD',N6EaJ%[H+jPLIpKapejEUlI at DcUCpjYpUlKT*E)Q,CGpHpV 9EF(lM&UQ2ZY at I5[6Dj+CG"SqkS8b9"UR at fpZj&[hD4LpicLKB6AaI6f'f[VrDkc @D6XbS0B&56K8QmeHSYpZIU"A3b!(DR9kLabmcKSXE$E)jmfL'HD#hr&&a,E#EjN )[+PNQ8[`5r!LY[&T-RGjZrLiJ%6Xa,`+6*eA!qCFDAjNl+)--kb6GeD#M$HNfe` BY%*Q%[d!SB&f5q8G2e2+adUI6br4qEj8H0BqLK)HGfYC[VEH6U[jaKY81eX$dqF jd1Vhj)T*Ra9Z&EH$"HcJ`HTIiU(DJGNQ"f5!lH&qaM6iNM`XeBkR&MR+'$Lh&h9 @&NGEPC4PPUprDIbSB0B%&CXi54[',edJ at 8-0df!k3B(c`1TU(D[BG8d0jEEblcG F,&0,hb`b6GN69paEGh1j!,Eak&Xfk,*`9Eq+KZAqA"28PQ*#AGkQIJIFk(T*P$l 4QM-cCSGU5%1%4hQ*HjKfG, at 8mZ,LBac-V2KX"V at cif&Qca"82YG6rjXSG9b0P#I 5jKNX&bHqUpiTk)[3R`8NKqK(P0r3MHkbje,c*U1UFHAcKM3-65V4&ffa`%2[@4K 3lV6Hh$Z*Y6EGfFlE8fr!qGh#&2#m[Bqm6GBGfEm&$$k)[k)9GYq+M[&[i81kV,L hqY0Ue&CXr89VFEpj[rA1TkTL4bl#%QX+6eK)c%2*mLADjL+CDq6`jPRa1(jeT-Y E at emhL5kM-CHhfi553X+Bd1KPa2S3XR`3QHe6(9[l'4Sb4B"Yd%'@YYfK$r$H)3d rU`Q[KGRi*-VDeRCETi at YR-XlZ6KH4RS6, at aT%%9NK#NfXc$"a+K at aAm-$RI1lAc F,MEV&qPXC2!qPFaI0mZ2N!!M'@YpZR(AH3PfGVDC#90Nb[EK&mhpNI-YC9[Ypj2 cZ[fZf@"%`NbapI,22%[@3P5Z(+LkhpXI+V+LAMZk`VU,)ES,YIRCl5kXeN[VCR& p6'R`Yr05j6M3mPhd*1R"5hmef[NYm!H9h-kSY2j4i4-*h)m,Z6kJ'`90NqY[,RH ciZ([,[i*G2qqBSD-jXQBeCBUGVaEhDl1leQ`R(YeV0CN-[BjHfLZj2i0*0NIGdP I[K1Vk&9 at Ac-N)QdPI'YNi5V!DQZj2If8f9Kf8fUD(IIXTXM[V+T1VVPl-Tj1G9k XeNV,bpC1NiF*XM[iD(#Yr0HK+)%SRd*9!*9$k%UN%UPp#@3",))5,pVc*HS*[+Z '3k8[HSC-b--U!R2fZ*!!bf(#X+5fGa)C6jGQ9Y'l0e6Em9TX'&4$+BF319+(06[ lILr0mLE)Z2)HN at U)5`Q2'B)49G&mf'B*9-f)eAfd3SdLE)`k4)dKkXa)9e[f&Be )NV'+EFQ+r+YE)9DU4SDX%Y+p2PBGHrXF(VkBRM$M$U,DcRC*Tpe+1[HK89KpjX2 R"$-QiJ&@f4!3$c"!$fH-G%e!-F&"1j at DcVpqr[*Xaf'@`mHf5ariiT+BYH*1'4- a8(f2Qbe98-SiN!"N(k+8dJ`dqDV8LK+Bb44p%9A$+-+-fa#+r$dBA5N6A!61`Dl l*6C(hmNp`XTTp4hdfE*Re(hjVj-&hf1#M()5qjVLQe*V0mUF&CK#(DKLDHAB8qF *IScYh'QpjFq'A+QNIfG#YHUUXI"MpC1fPPcMjHPKNUq[MmTjYQEfBCa at Ue'RCLm EcjD3!'qd)C94rP!DSMlbeVim0L,Eaa&VcjHXI+6fpQD2UY2e5k(&VrrK*d@"8iT jl0[DrJqGU,Am$R)-A5("S5m[Up4f9Fcb`4GNIij4amh+SQX-r8q)r"4f06SM,+Y 4$*Y4DMX1PiG6LPlKJ92LBI4r1e%q&MRkR&GpXPK+i0(8kM4D`[T%3CTZ0!)aCA@ TZIMV05i1'UH9Vm5APlZXPfFZiXFTR9bUC2`l2AC#I#kY,ZQPC6cH(0q#9+ZE08h TDI*aEE!NGcf9CBf81"ph5([LXSIEr"T2aq9GbLY*V,(,f'1`q!PN&@&J"k+XQ6D DNb12N43!k9keRG at GVUeKYCdm"4fA2"kE"MSRJ`VS4`aehDfeG#S[CB+4PRj*9Bp -Yh!$-I at GMQ!-N3N6FYDl0KP)#`X,!Y*"DQ!LN!$N2-CkUcm*%9KHe-V2a@&cCj' cK6X3bVU-r#6MkblTXLN8U+V!d8FMZGFd1adV2b1KY1C(r6RE+%R&PpEq`a2,6TV 5&6ECq4pEXXTN-r&c4`I1e84U&9)[(Tj(C30p,TX#4+1CKJ8R`E64LG9BI at 9VGQ$ KM&1l!UGA$++Pe1c(5l+'HKNqqTjf9k,C3kk&Md@$e9cTZVKPTm328h6E+'6K9N1 0a,da8`e'KmEh1fYr0fdLAV0&)X+MmAmGY#hjNI*8U5`IV at li2[$c$kD@(2@'$*+ TT,Kc$Bk!kSK*lCJGh+$T8+J%31`N(C3NCB(Ak$TFQ6K-$YJJl05A$M9)1cXQ6[Q "da"dfPb65V3)1i80efXP"fE3G`aiV"cS8(H8k15N(F9d1N@'2ASZA28VCM!UKpc 5IQmUldPEV&58Y#q'RdjS'e(&+5fVKh[$V04Keq*3[iC"G%"JeGbTHSkRi*99kdb E)c[UUB"8N!$eI)0!cLY3CGBKKP8HcMV[+(AJU1bK$LEBRAKMTh3lDNmR2il56FQ c+dZ!1VSD14RiBf1dQl"MTm#TkjA5eaSqUdQLNF($PjFeRVDU`)imGFhG9SXrMVR JpjEB&60ZmRVB4F at fXlZSkAKiiqBN-9Sir*j9k,(m([1PaSl0K0p5ZXjHR`qM3S1 XURMV'ZUP(D3*4[SQ8TLRkjJGf-N--dD#'9lh'KRE6Q4GhB6)C$4B-G#'8YE#(2b bHbSh8*2'Y-le%Sr8+9)KXSAKVGlL(F(8+i825Kkm,''M2fkPS%1B"M4qCMY'f9) 9,MZk,&'GBjr(D1GQ,ma9,q,@`KljALbB+A+GK1U,DdZepR2XPie0$MY6&m`6&Z` 0Eea5ZVkrI6HceYa,Z$(5VS8i*@1K`TZ`)Y98-`!dU%X"XP$,%FXS9rT-fceYC,Z +LZK63TE[25lM$ddf[eXTk%JF`lDEPZP9dKPF1P0$)bMQ)YiT+49(J1UJ1cUPmIk JjTr9bN(N)*m#8Dc,T!a*$&fb'(mA$b4qY'6%-XlIEr1e'LXZ2$Jm+APjaIr4fFh -9PRVI,Q at QGKeQSPkE$k1`q*`IlHPpA(A)'CUaLQ at QYm05'@qhTkqi[pRHlD at X`U `Xa4Udc$TNViehd13!2LC!c$Th+q[j8[(A9QSY3M[UCRa`MP&G`93``THAVm*CXa *ilQcH8c0QmfrJATReZbU5#R1h8*`pM,fL[dXaPl at l-+MeMqPULaX[r2 at Z03IA,! NHK at D`SFbYCV,AjZ4Z)4 at YRSF+XY6$qiArDSLGaGUKQ,Y9[H3!%C0Z,j,U(-JV*' 3!&5X2R,IQIppr#&,bSXr$(1Cc93XjU[VaT4QV#RRf,IJT*m[dIeVQ at 6FV2jhKlc id*q1aFPH5CrbCXLIBqENTG2GEhfqjYYjVj0Y[Ehe$[&1FJ at mefc[GPXF"[Bq1SJ cTfC9GU$S,f(p"B+)@4dE#U+P at 6X*GK,d8YRqEILLi8V0`TC*a+LDC#lkF#ZGZkS "UQld2p-,[36DjRmI9jHPBqrb0K%m3"RX`lX0ZKQf0UGJ3Pb0S*[L`if&@lU9NPX 3&fed-[#D1(QUTCHRklI5kKRH1B[(EDcApQhRR4ieK6XaHXB"+)V9YSF[9DArceQ EEf32S44QF2pqqcTlr*RNGVK5iM(BCT2Eblf1fRl0[bq1hNEbLlI3Z93PLT!!GS5 U%rkrYkXUZ0[E!r-!b#Z&4h&VRJ81XK!r&4ZdXYjULh6deQZeZ`Z&U6ZlV at PrPb[ Jc3LfjK9EZ"0pVkB9L%2!Re',ZpI)h&4,TG9KAq0a-,045k at k`Xh$eqjQb,RHqYh -lQ"&[GT8bkIf,1fr(#%l*@&+[lNK[#X"9(UZV4#0JKkZ0d*"%Y`)c2!K$+H"#6m DmK5`2KT+b4hFZZ22Bd+kbGP'5X4&HUSeq at F$,1%GfI6#CY19S"dR[6cND2S&Tp@ fACc`HEcDDfm[,lA[AF8jeece8U5JZ'm[+fdj4c'+ALlllR3ed`hC'ZZp[+H0$V[ MB*MV4(le3Kk%ZQDjDl0`6PAlC4Q&AMT"YSCVNf4,TUk'UlDA6DV#b%RZSEQ,q(r raZf[T&G66i[iiL5D`(Y5kHXU"jABeN*CR#CU,dX+A5Z*eNTm@,[@3'f9G6DVYYc %8q[*YQL at U5JCRZ#-&0USAmAlq#N3$lI6FK,UZ,Zkl#VV- at lV#8653TEVHh[Z'i4 K9P0l&TAE at 9""%Y`)c2!0BP1F2TP,UQA0'E+(dpBb5VjQafMcp3'lqe35I15eBCY AGX5d&J-h-S3lj+0 at kIqhbKkQ4HRk)+Dr6T((kC9`-6p+YL&F33V3#&GKZBG#KVH UXp1b at 6mD(cHH`BBk%5iR&mSTYPcee#6chC%9+93XY"J#kVJZlPqEbpKN+hZ(4ES ZhK#E9efT9Z$mhRDli+hZklYhRd#lDGIl&F'QRrR5'2P,1[BE)%TIde$iQdVmaM[ #NHY8l'YBkb6+p'kh at BLp[kPefUmhb",VYGKbC#,1GQb%2E$Q+fK[0TXGTVjrD,V ),URIc-d#SBL at 4fQJX*($aSSX`GFE#lA-9(V91`NbZ(GET"&M`qXG4lKbq'J4)pQ -[)Y')p`fCIaJV05$Dl&R!dXVbSYXT1aPUaA at qPHM1aJJ0PrAke%$VPRXBHPBV*L 12VIXPe&eK0(,cBhVP4*D`'(PqXhqKm at 4,Gh52UkbkY0CSpMHE(EE&blB,h*R'%B *Q0,m at 49+AbZ0ED@AXKfMQAK(EEECl6BQ9P5j(a)X+&)hYkkEqA,k'E9+pCLeHVh rSBd-RqIqA,bZapjjm(pCVlcBkfpfib,BRr(U'*6r+,[R2&(8C[18I*d1FSm3eAc ehhmRL at Gh9Q!2+R`k-jQj5,r#`DP&'qMD+AkpPq3feRj0TGe(bX''`K+QjTPrIJ6 U4KCNMm1ra4HjEB5`[pT8I+-!F*+Ej4S'L%H!E81TDLRh1Kk-8+GR at Ka5rf'[+`V 3b6$Ae#X+b6QpcpJA'48RKSN'ZkJb96QFcDB#*-$A94"a3D&QUZM3i6YRFE`#a+c faf%6fV!E43KN1NdP(bHSdY(L'"Rj,DbZqeNip9ZZfjjFAVmhe*YZBfHZ11Ef,C, $80qN5ACjlNkCl!8p#(Ak[IQ$@mN1p+f`YA[l`35I)k5cSq5iD9!D94l9b%VCA#A SF4AB69qPdlcialbGVlbqfVI at ZmZrpbA9-lTp+S%G#)TdJLNK-%chNqJNdZcEImm JeqC3Dp0bYIe`iE91+)'%iPFVM%GQfV*M$r$AMP*aJSZP&farai5b`,LJ9VM+pB1 5f1mM(e()LlGTlbG12-lXQiL*qlI4,jbipC%VKYFm3bAl'+rYI$`Tdaa&+SX!r8* %T0b9mC at pAa*)-FibYc6ff%D1V1Dl&9hmIKMRQ23-*0$NcKP+leR%FbEL18`MQIk $5aaXhjEf10lJ9ker&iE)'(#DiMd1q*M*Bm3mbX2X6c`NXTfC$bE3#T'fNH*ZTeB b36,9JZ(KUQC+2)691&'M+LK)*E3ZkPN"XB[i33C)jT'#@UZZlYZlfQ3ICd3R4JE YjG6%Yie`km"f9KkG%[!I+lD2hfilFkmfV+8lj"+Y)G9iVRHp[dI9US!a#0'l5FG R-&`KAESPdUZ!+0EGhH59U4eQ5m2#[Qd`2GeHrYYlI9PJIbZpda[@aGkT-,ZTHT* Rdf at qeQ!kUEhmfA&%b$MdT(Ki9hA[98,Y5D*iKfZF,2jZPRDVrlFJ5j5Cc&BjZJ2 0Hj0mjGm-FmZEkR09f%rkFTP&6BHA(rSAqfeqb1Q-q6b%R99hSIAP3A34e6clZph H5+lH[,SMID`G"YHd[@mh9AkPKP+idI9cG4!XPEE[AfpYff[YRp3mi9%DaN2'8Ba 9-Z6 at 8UjV+q3EdbPkphRQ9X+CCeViqk[JcR!efjK00'G9cENp3FU8Y&&69Bfb98D ihph6A1pmEHkiZhVaZ8rpVaYl1TTFN!!VZM*45FEJ$0jR#43q1GBcrKqiFZJXP,T Z,ZlV#D69NRZM46QpF8KT*SXihHp[IFEac8PPdaPIdpI!Q3 at LMMaAYap[Zr9*DRl 2`5l0IT4f'VhrfLpd&-T[9&mQrI*VZ6(afhN(d,rClCm[NQrlL)jVK+NNRGHLT4X T,TlqT&HqTIf2&LbQ%i(EJ`)0ALjLlpDjlLfb9hQ$+eeXfUZFP2h#ejlA)cF`c9a 5$IYYP**kmd`'R`5R5,A)bmHpeX0Tf at ff1d-5Ya8)1CF+p'2-pQ at Xm'UVE1`cR-p 4L#I8QE6QHX`+l8#[2D&DEqA-pBGpP*XR+Bd0DP-ZrJZFNb*f at Pip6r'YLh"3ffd RhZY-djkTJ,Xdedc9pa-fR,ceK9+ at JTkGLbZ0R1AT(Q"*, at b@CcEeK06eDUHVV5R 1NA86pELlfpU#5VVH"ZTZ5RfMJGmN$UB#,(JET-mMlGlDq$jP3c3XU'(ACR`cPR( S8mkE85a$P0XT[QcGCY8e2k-AH6[A59GlfphX[9m'23XdRDjpljlkkclbqH,la"5 TDF[a$2AkGY1Dr)@6XSVf5`+U5Q8iZp-3D5bRYN#3!%Te(C5IBfUAhI2h$0#Yk[f QIah8h*Nck%#,Dem'2VJ%e9VHakPq&b1mDCCeh at GEKAGGmdqZ[@B9f9@$T'kQj#k Ea3+e3&DUEqS#Y@"@VQq-"AA!9edh`jqD(A9ZV25@[+cR0P(M4k5mUY(i-HNG1(C *TZRRf)@9!-GH$(AXP+dNhSDb[MdR'h8Z,f2TmE#ifmRf2GB at FY)p)rD9a)"Hddr j4cqrfXp'YILbVZ6Z)j[A1P3TdUGNh91c9FXfPa2ZRh%*Z9V+9pNU1Q5rdP(Q%Q9 bdF-Z,6hH9!E,AG0mirmqENrPR%$(FMN,NFJ5f03SU*FR16)q`-r2el at 8"4(SG9E J*E1hY'3P60e-mM0aAF+EFb9Tlp9GRIIkcGAF*2*B)BklK5qpmhGAIAX$XH"fmZY eGp1!N!#,%305)3K*r8'N[qN#UAQ!Kd)#9R at S1l-'+J#XY0K5k5I8LHEkENjp3`) UhAr6j5%,EGl551Qkqf(#AdTp-91Qp#q`JL5m-G)3,C!!H6Tq`aGi6 at E-CM1fhJa cVbV(II!RI%!Jq$$8hG5#R+3T0U`3eGfT)ZBK!`L0AiHmZkLrRJ-h"J3jM&iK6 at R mZE9bdZ'%5NGa at c*q2rhiHFkZ1eQjJTU6L'Qq9EDAHaiA2@*mTRJTZ%V#8bGji,@ [!lF%1a%ikkle8qq&SV"f'3"VXER#aGhI at ZD3!&EZES%*D2#c8,VGcDm2ZaZkkA6 -U0DZlbE!M+AFRjZ&1b!V%YMM"DZEQ%&@fl[+DA5k2#,ckPi!G*U*X*2J!a)h&06 H#(P5f85dpZ2i1Tpk1pV23V23cTrUl-VE"!6!V+ at jh@fb2LEUqTN&'qLcm4im"kf arC,X,VUfcAiPL[B+P8jYFa5(U at 6QjTpTC1EQh+3hF!4Dcp0Lj%kQrNclGJ4ieYN 6TfmqZjL5F at Yci-GV,Y*@&EEZG6-NXUe*i`@XjAM3Vmje8G[0P2BTrGGH$(ELP at p p*YXM1pN[XX#khYj)dHpFVKGUUk!5DiI&VT6YGLrVi6[894MV0piA[4klBmB3,![ T-rT"5-im,TrA-l#r9!YXAJYT4a8f&*U95X6MTaY(mf[X"9&KC&peei)Ced30R at N GaM1C*rMK(0(k5%Pd5jI[qTKB&-VlKmA#XNhAEFCb3TiZ8q6LpYIHK at hXGUh%iiU Q5Y6%mK)mTraT'k66'NX+9raNV*pf5d,lXPC[dC+Mll at 5Sqi56GKE5QDiKrmUG8- eJFE#Ra at fl[DK-XIrkUXK5ZZ5PG2KaGeIh(Ki9j6EM)6B8,p-)&Qp[UBJidUNcl% kkr2[N!#)lF2T-3b6EEZqIH%eI5QqA%#'!aQ(qd)[21Db8ADNSdRF8dfQ*[T'iLI q9-Vr)q(Zlic1(q+PPG5TD&,"1V'[kViH,[GA[lkQVUHE)ZZf,#hEAY34XkDC(Gm LI3a4G,fQi3$AP4QT*GN3a[XCU6pN%*X+2BG"T"E+Yfq1k$C4aap`R!5mIFi5JJC SR#G(Ud[V&Hf$Q*68kmdGXSC3q`mNbYL[jGEZmpiTa at Xh"I$bjlG(bIaY$4#b(54 aq(ZpSjSJ,Z(aaQ0`APb4DEDSXI@"0fb`*MjehXIE(p3k'E,C&Ti)5N&(pKfCcr$ 'QNCY6N,3H9HB$,C`-YLUCf#AiIaEFE#&kYq+U(,A[HhiZp*F[8iZqkr#VSGiA83 N4XVAH9!M96XPiTLrALJjT1"f`XPYA!8`8TN+#p53!&Y#`Xf8h-2[3aid*Fq at 1J1 ej20`bhiA)lfihj*)a!VlM6HRBBC98lL8MX+a`ib(!AV2$M*VR(0(%*-3,VlMIZ9 (Z)r9-,'IBZ*JHPm,UpLB at c*#Z-9%)3lKrhPKAMc,#rRlk[5(r[,#cljPKHq[4(+ IqPDrRhE&DCImAMj)9VKefZIa)8`FGN+rRFXN+ecq*#RhPkrRQ(e,e$rfTCUa9MH P*X,kIIQJmGlM+4GiF'ai1*PmFNeK$+k+bKMq$reElFpTfqL`i462DqMbY0c)Zr* &j0dh5VcYEmcqhcL4[*(dBABKU*QfU#3dqC&IFDKDr,4#`j`%[,8QCe6I9bp'hfq &MYCSl68fQQYp0U5lS0j55H'USQHeP)GQG0I)C6-4,I1R9'YXkb&h at 6C('Y*&V$N 6UE at f1B,jRfEEph%VSXKk&efdlQAAdTh[cIfkIeBC34D9YlhAhfdRhqafZeeRd,k r[$Xf%QZ8l'e2'a6AHH!DPZjB$5EZTe[XeX0EkhNG6ElH9P2hi5"'K&[YcimCGp" fLD&B9-FJ1X[l`A!NQAL)&dUYX[9KP,ZUl'YU-+&2qrI5XT0b`)CMXDY"L"'#P4Q )Df%HfmLeiZ&qlKrZqYGGV1j8hb4&+Zrf*alDhEE&eF0Y#@FVPCV,ZZcZ1*!!5NZ kM)F5k`KdQ8V)H[p1lTUcLA at kRFb4C`T*XM)F4Rq&FA#UHZkUje&VeQNdR9A)aG0 8GXEB`bH5K#Nr'[p'N31JEAj at GXlcBbfqa+A1eZc[0[Il(R*9U`@eprX44E#qRl' pHKZ$4TGpCpa6EhYjXlhXRL#GIT0EYGY,kUpeprfNrEE1q[3,ZpRHl'AfI5er6G, ,PjhTCHMf1[Pr+XHFkQqRpTIl1lf at fPef[k1Ad[b[P at -[5hqYf(D5qYeYrX+qA,Y ,bmPh+)0V,ZGMYGMIpRXGKAbYKTVhEE'r[GEH1VjVGGIAqfPjc15qT[VqrfmrE5p VXE[DE%rJhChX[5(RRdqc&1XjF1NIbF[40HhffPPT6EGT+e0TYPDHfd[EAdYHLbA VEfAIE$B5jkXrl'r5)2e)YZ)meJGK,[VqAVh&4e`+GN'FLYMMjRR`Lb-8+6iXJHY 5C'eK)T0efHV(cbUH12iF(@kh at iriQFKdKq-9MdZGkE2I)kIj1Iq9D@[8k2UY*P( JMVGGVpKXCdVN5*&MJ at 1Vq-d`de[T)@pTEeeMBf24bU9JTMUAiPeVHcf-[BAf[fl *%pEYCFV)e(@AZffHf[0MX)9'hG#UA5ikTUU[)8R18Xr at hHaPp$6I-[Vh at kqqKcN 1FJk'5EVClMB`Lq9+jf4dYM#4dZG!62!*RiA at krSV[k0CGEE at lECkr@G6IATk9Y[ VpYIAjk1AS,Z'bGE@$ri9 at G*&G6*H1MMSBS#H,ZT"*&3mD(ape8E$BpRS0H(YpHE '$i'2BC)Tp*GI1ZL516)b%M+b+b4QXM)c[8kLh3R)ND"AJ-8LNcZJb-Lf#M8JY5b ,Q4edMA51a12q,T[XK"cY*pRGGVcS0bSij&6)U8#1K$l"h25+R([DHj9LaAZh[,b '139YGYX0RHbZHUA!bqfqfJk'E'r[j8-,rA#pEGA-LQ`[li5*-P!J#C@%MR3)jeA @FAJl5Ip!Zd-GKaBM[qP0h3l#bd330"QGV%qc89cS9h5j8l-I1hl"$3GB"%q'L1l 2$hh"5eRaK*8YhdhVDGeZ[ejIAZl6TSa,qGQpkPB2p0lM-'QFk6Qd2bNT8q-ah9r J at 0Em+4IVl4-mYHKXDq&AFfHI`QrHTFbXjF-$B-rZJ,Z8)PhPHChpVU3ZAQ[NcUE S`B-%)l1,&Bj$2HJVdYllIYXG6'mCZ3hq6,M[#TF#I'@*l1B5*((Ib%S6R(IQcQC R-2V0N!!epD[KDkQf-c'lb4AiN!#jh+rY5Pd$$jp5&EYceJ06+NU$qBT6mTY)BFD ja0Y`pTYEcj($e-jTCMN at 5I2B@G2dHN2EDCDj+dkV%T+`r#U5I[X-+DA6(J[@jr` fplIGZH!C[M0T-S+a9'hfeA-Nm9b61BJ%)FCU[3p0aAQCN!$$aQfLjd9hR5`P625 QC*+BcdbYi'qlI5U(Pe%8h-[(Z5$-Fe5Bc"EC6ifG9Pb!d,bYXeZKXN1dlLLDX86 Ukc6cj-[d9AXFr1q*q8qPAH6YETm6UNlaL513!&XT`frRhZpRIDrE&J*XKMH"'ff P$l%k521c&MR+(f*R$h at 0$*61(A`ZYlEIAfNQANCSU(!q[iq%q5 at 8QJR`C*Ck!59 m[D81mPj(f0p at 3pMIFAGDEN9%,E8RJ[i6fl)dXkkcBCGqN!$NC2KK0U,E8hH82T! !j*L'8lSjj[$m,bpKklp466Y at cLq0#%A!(CCbKhK9)j5P12&bf at c+*1T"Q%LF9jP iica""0-P6E5,J82XG*-%F539A!herNPX at eZ%crf(+T(e0BC'fQe&`BI,ekpHS`8 G6-#)4a6b5-,T,1KhPYq+KKR%2T!!3l$Pl+'@2U$hNqb`f52DELQU#1LIX`#Kikl UdpZ&F1Hmik3D+YT4ldpLIQ-kJ1dSrK!cL1"Rj3-r+Z)NqeI-FqeFN8,Z9j!!f2# (,Gbll#IUkcChZc6JpYVGF4bGZS$KeH0GQiA at m25,8U(A0mc9lpHLqmpm4$!Zc5e KDkIhSF0XmhEk`X5E(6DMUX$CXi99a)lNlKF+Q5GdFlc04*2UkYU8#,!#13CpKk@ f!f)`'lPJ0i$!E[Q!hNX"[`X"[%ka!hhf"RGX"[U!0F!*Uf"hfJ'Z@"Af3'di#B) C6`)X3%X`%bcJ3Kc*!*+&+k+lRcEhFj+Ef1jUjXlFjDEVYcm5Ef'jTT[A!TUYcPj YcZC8fhh-LEEER(6G*ZC-feh0,0d1jUTZJ#6T`NcS%9qjbXh0ER*cDhFmj0V0cd% hS3XbZjjkEN`Fb!J&AZHKQe)18`%50cNMf(ZFBIdpCY0E2e&d9qAC-Y#4QApUR)+ 4BQe-cpDPkSReCAmqZR'peQh$5qF0M"'LEjpHApKQ&dh0'H[K1p9QPr1Z2ZmP,k[ $k+[Kiqm0MAUjG0KbjH2QfFZQqjd*f0mEV0rSI&N5lE at -qHZD#kV,bCP5)TBGAKj HZd[Sqp(M9ZNrh!DE)YFYqEbpGc(f[#YrV0CGhppp$5'HIUAe-`P'P#M94$ll5T( 8I++4hfLQppSU$9+VjAFSTiC4#46``2#m[AHjAf9QDN4d,Dmr0ZQX-HUMe[`'hl& i9(SrE4GiAPkre&JE#h-$YG6,L,Ppa,4p$KVhMdmhSE+R[**6-U*'pr3 at i,A562e #*+9lH+q5Bi*Nl at qeMeB9FP#TekhDSjDDKpUT at jKQk8iHC4l*DUINfIqqX&,`ERH qY[*mA$hPhkjH0 at BA@HPj"k4YT3lNf2Dk%LXTH*K6ULI5+p at QQrV$l2KIZ)[4(@p b+&2ci`RG*16MZjPdZN`[)f8*%fjB,8XlTd,GZ#8q4LlZG+F4D8a&2IQjY#&YFAH BBFA&K5Q$CR6DGb6$k*,j$l,R`69[92kimIYXKaYGRGQMXpBcP282iGP9XGNUjeX p1Upeee4H``Fb0'+BpZbTZhZ!@bE1Xb+a4lq`TCHRYbqXFq#r(Dm$GhqYfCMB'80 MXe&b)FipmXXT[bCZj0YNMY"TRXQcpUbR!V!Q`KGbVV#ZmS!R6Z$ff1Z at GF@'m@) `rE,%d1AGbaJLccT%"#ffhSU3!(3jM#a$&UkD-plZPCi&ejqDI#mC6C22Qhp6 at 6Y VT,4lQ1h%cfZG6LQIH(F3G5LaCIfGBIh1c[Ld3%jJ-CSfrrY at YI(hl2acqrIdR%2 @ceqrZkJpCG8!NVS-'%8IhTY@"%J#+B#+52ldZbK#9!HY6(#IKcDEjBL8H(2P!PN 1XhiMRe*m-ZRIF63jHE+I3Pq(3jFFKA*!U83+U*9U@%l+2SNm2FmA0+9liQThp9T BrpM&5l9'%56,Xhd9F,2jHGVRm*aThi6K)*8##6Xk5lBp5l""Z!FpbfeNlSFjJkR UYAUBp`q`j&)e*QhD'5,S+-b5EbKfRS!4jJlE$Mi`$Gp(jc%XmDrKPiJdV$05hQT hphd0MC!!ZPl(ajf5IGd%3LfG5S5%j3TTUAjT)e")IYd1AZhfNkm28lqfdYfBm9M 6jU(e'3)q9T5kiU,EGhFPD at ai`B3mHI9rFV1MQ3U*f6IBqh&8*T!!KhT at LU*GadS Zd*!!d-XI'K%P-PT60P+b-c#ZE1C`rZG#ELG4 at I0-@#TD8 at f*#TRC9"Q(mGqU1%3 'Q9CXi9,U$%9R8`SR1UB'G%6H3TZXhqLViqqRaD+&r!S`r&&PG6[hDIdZPCrD2)M ecDjdlDkKQSUqFmkedV81ZVLfZ,hVZXhl3l4&fB+PaL6kQC)pS,'b(-DQl'dHL*a 5,#ZK6238HQq,1Y$M*%UF2,kPKKKr(FUr5*q1HDQ4%,Dp5h8eGcdQ+TR,b&8X14i TLdBM`JbK925d1A+ChSRrZk844I%A'qXFl""(Qq!H%'5P`HNZT@*FbH45!A1aeTd P(a,*p31 at c$iPNq3mP-*!+K)K2k!mNEr+VHYSFZrqUBRGGDh at AHZIJbqdF[STd1b PUG5&0Hj6Li9Me&46 at r0!l+`qqAH2KJ*`SH at cT4+rBp-a"T8Z9Ge*IS)%UCY9Ja6 FKJdNfV`C%fTHLMa*p)I2ZV4F8K*-k6Dk at E@[MN0%V#%SBCH1PmGiINQI[(03p2K ,`R`d3T-f6$,)&,kbD0A0`)jBZ*eS'LPB&@Ga)$q*T98H)%ZTS(e5Ub9fqdQ at 6H@ 4P*PTQkhVQQ-T-(c"UQE52b99+[iQ6pGpECFk"P at mkhKL25h3jjA+1Q0819a#dFl SkI80#Cm`8&`%08EAhcbPN6f1[`N%E-+l0PDD5469kaj8XeR)4[$Ki[bQqJXLaq( !FCq(!AFTkF!,8HqFV'-+[6IBU%k9Ec'Qh$K"lEmN%6##aF)15r*")B32%`8Q%)B ESK9(jSP6XkL&fma8Ze6U,'b+i9aI`cX+SrqFVM0P3q)YQBP1r&&llPTKSaMTYX` fPF1k1C4Cck6Kh',D12%jbEA[A2Lam[XRHI%M$SJ1,c*S98,X[0b$XT!!Ga3YVfM phjEAY(aq64EHJXlGQ1c',cB+kfCfGM(1GJBN#I,UaKFId1lG9AG-0e9TZ+l#AD` )!,VP&,jm3*VI'pY*qCFA8YRcGNfmZhk+hV,Iii(CUhPJl8'IMcBXP9fQZ1jM,ZT HQPkLAe[l'G`r1)IrVYqL!I(a59TEdP[XIS3YccQXLVU$&C4**T at ZZkd'9[P3ZLa FcI6Y0Um3U6MlKEfYeXGYYjl"DQZ,mm)Ef3bIQlFX`r05j6,HXDQh9E$ClD6ePlX ,k(A1TG5G5GpV9L@,bY3kNJ"F&`[B`*+"5GMVEp,[NKdDFkNAdPmcmVj09#eKS)Y A&h&[,dHM%1P3TejXri`i%+%12*NDMUd(e%*N1HLU0pPEVCl5HFI1Q[CqhfeKU0[ YJ(PpEXa5rS)Rcm-T$5aI0hfDHFF("Y*k-HT2BIYcJEcBGkq[12,2r+cM12G'pa# m1ePbGpNV at r[YZM8mV2DAfhPklY+q[Vd3l5(E3hKemDQXZ1ZkkdPh at Re+N!#UA&K RiH9&d at qPh0pGT'lRElADjZATpD+IHL8hqYPeX[jKb&l*&[H#ZIKKjfqb9e2f1[f CjM06XYEHpPY4,(%PP`l`TkH9[UDZZY0U1Yk-JE93VSC+(f)T0[d5NFKS$Q`- at rl "G"qbl)j8`XS at 82Che6e5k8PI,l!k`V*-kJ2kl$N"V#(2XC,SBZ1#`m0jjIi3jk1 1,cBT8Al`CadT$h24Fk#QALicSP6aI+KMqKqF5*l6ERSY[pZHK1pPr)kA1pAX9jl V`mqprQ&,6Xcd",emI-f1d[VrY*DZEbpQR5Ad[DVdqG"EVddAUPQPl4T)5f*%%l6 RhpKlBAdXQGjcUGEHVe5Y$UYl$KUmdi(l(!eqa28$dfGcCk#jH[f at Y[pEVeaS5rS E2EE+ at bNNrG3K#'$f5F3P[Z($G60CGrY(ZJH+Da"96ECq5-kqfpkTBUNU-b2C24b !N!#'HkEjQh[0YXp))jXEr1 at Rd0EIPd#rQQ[,HS(CEDl-Tc&526G5bU45i at NZHUd M!N&UHdZ,M6S0Ajj9-Ud04+X+l#"1L!4#&UJ4`B3T%9eic9!Mip2pDNj&AjYAJjE TFlPXrcRN9HLMMSf0*j&0RqFXD[SHPUl,,q4&bMe"mH"QlEVYDerq4k12N!"-MMC F"%M5"(3K#J#2D25kSRXXiHG&YVHXC6fed+41Bd%2M3dm0I*T2RE(DUp1e3)E)%* &[I)IULT9R)[Lll,-V5$hEflf1ePklBcMFQCqRQc[E[4)Te82mSE+,R*0-2feqa9 JPpR[p4&"5S8R5epMBm%ZiqQPhDr4Uc[GMYMq&+m"1F)2R,"I5pMIkdqDE2M[,fX r at km`@Kfd2m2a'rS!NM34IbrCNXHS"CD48`UqTe'MkSV2ELIZ0`Ib4$d[Q at YTFJ4 l2c1UYqX(5HrDDHje-*%9CSp0UG1"'Nkh6 at k[NZakQh"#+,XlV8h*JaaGcGDEVZU "$l,B)4H(DfqMdi%H1b"m)[fXK"#,cqcA[dK&kbH6A+GJ9h,3N!#`[U at 4#PVSGVP N&dN1FVSEl+),N`b0G$qlLS,TBFq"IZS,TSI(VSIF`%&dm-eA3rr-0m+11A$a,CA M&[,MMN`m4IaSk'6@"R4-$1jB'9L$2bFi`-q1`-qFkB5iINqHkB5iIPrXH'(jrFH b6G2C*pjl*1Bk5CL(jIi2!cmb[V@'!'G!m3MmfI3BUiX)H,Yi[jIV0UST93i8f,q APC4SCi[dR(4JArJm#rq(JAl,+YM$LpCc+2QDhChY2GDR4p6Tp0DdS%DE88peD at r 9!G6rd at Rb0-H,ZQde[UHUYp95h9TSqUe3!!$qFHEP!!(V9(*KFfJJ5'9XF'9b)'p `C at jc)'&c)'*TCb"K)'CTE'8JBA-JDA3JBf&Z)'pZ)(4SC5"MGA*bC at jd)(C[E(9 YC5`JGh*TG'PZCb"K)(0dFQ9KE5"[CL"`Ff9eC'mYFQ&ZC'pY)'*jG'9c)'&c)'P d)'G[CA-Z)&GSC at iJDA3JBf&Z*h3JCAKdC at jN)(4SC5"QD at aP)'&ZH5"QGA*dD'9 b)'Pd)'0XEh0PFb"KEQ3JC'9XCA4PFb"dD'8JCQPXC5i0Ch*KC(P!EQ9dBfpY,Q0 [E5!JF'XJGQPK)(0PFRCPFL"[FL"bCA&eCA0d,K"8FQ&cD#")C at a`CA)J-5i`!3! !!!K"8&"-2cmr2k at m"0 at Rf*l6!3$kq at KP!!)!!,hR!!!!!!!!G)d!!!!!8"X!!!: From nowhere at bsu-cs.bsu.edu Fri Mar 26 12:50:46 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Fri, 26 Mar 93 12:50:46 PST Subject: REMAIL: send-mail.c (alpha version) In-Reply-To: <9303261530.AA19663@toad.com> Message-ID: <9303262052.AA15182@bsu-cs.bsu.edu> >I would like to build a remailer too, and I wanted to try and >understand how Hal's remailer works first. Also, do you know if >there is code available for any other remailers in shell script >or C? > >Thanks a lot, >Avi Rubin > > ----------- > >Chael Hall wrote a remailer in C. He should be willing to share his >code. Ask on the list. > >Eric The code that is included here was not intended for release yet. There are several bugs and oversights. I have been going through a complete redesign of Send-Mail (SM), but haven't coded any of it yet. What is here is the old source patched to do most of what I want it to do. You can see that there is support for a file processor and indeed PGP works okay with it, but I don't *like* the way they work together, so I do not recommend using the processor feature. In the redesigned version, the remailer operator can setup as many file processors as he/she wants. A file can be processes several times before it gets sent. Most of the important stuff that would differ can be set in the .send-mailrc file (which should be in the user's home directory, it can be linked to another place) or is defined at the beginning. Let me know what you think; I am open to suggestions. Chael Hall begin 600 send-mail.tar.Z M'YV0<\JX(=.B39 at T;%X 6,BPH<.'$"-*G$BQ8D48-&#<@ %C(<<8-T)ZY AC MQHV1)%-R! "CQ at R7,5RZG,$R1LP9-@" J&&QI\^?0(-"!$&4:$< ;M[<05-& M3AFA#\_4*3.'#M2K#$'$T-D1!-:O8,.*'5LQX,""!Q,V";.FC!F$3\G*!1N# MHXV5+&& %)F7HTF4*E_2;"DXIHP;+FO&>"F#Z]S'D"&:#$FY &/.FC<&!(-BD<5,&Q!LX=-*\<3,'A)DWJV_@&G'!]&/?& M at D *)" :16XX![P/3A%'_N-P489S>EPH!QM&&<&"&$46 <=H^'6F at H%[A<@ M6 at 2^\=^- [+APA@*@";DD$06:219/*;U at E-AD-%&&2Z0\<881V)6%PQW'?41 M98#]U5=*,.8I49P at 9/%& M'2#<@=!]<,CQAAAAB)$?"&B$84=K=$PX1J-NG %I=W"$P1T(D0+(QI1AW(?" M:B"X<)L<=X0A!QDIL#B0 IT&V",(H[I1:I((R3%&"BX0Y2>@8S1GVVKH<5=& MBNJ!4,<-:L:R\*8K+;W5 at J"" :U)<)XMG*71FUDI.'4 M&)'*D8<+"B0!HZ#VC<8D'9>VAFYK(O3GPL$@2"$0N9=JRNF$(5^((QL'-X=> M'G^>X!2+]O%7!AV]@I#$BC0#VNBCKJY7Z*$CME&;=7%,5=5TNQP50HT2893&^-EG$?$M?OI^?]^.>O__YXXIJ0_S_BWU6NE*61[.4D7_*2 M2EJBIHX0!B8UD($-9+ 5O8!$!C2QDP"%-)G*6&:#0*E35T!(PLXD9S4BJ@,9 M6L.#JC3L#2Y @P].Z(84KM!<$,L#'* D0QK:D(71FL,+8O.D&,XP.2O\5FO$ M4(8SK(8I32*<"'2@ RZX at 61\RB((7J "$ BAB:MQ0[-8)3& M9M6&*&U\HQ)7]A;YD2$& W-*TZA"AQ8XI4?-:D&D=""";O'QE*CDHQ^A@#6# M2 P$GTR+%(]WL$JR 3U9C.0(DAA'2J;!DC(8&!Y:T)S9B%)'6-RC'Z5'FH&H M:CVQA$MN1$#+85F23[KD)70N9,:F8%($5DQF*K?815:FP97K<=D;S-"";J*1 M#FIT%C;=N$LX;G,@[@SF%*MXQ7$299EE:"89G at D"=;+3G0""YQB+DDU[MF8- M at WH.R%K0 at C2<(2E.H6 at X5=E%*B at 21F$P \=RH[#:2'0\M;$H1MO&4'IJLS6Z M&I at +_*T%2$'6Z6ASB 'D5.<-(]UI:S1UWDFQ])1JA8[EGC"$(DR!5\>RF%(C0A"$E@ E$BO-^L^C$,$&-1;-8AQJJI"L!:8]PX^=$(UJD*;L889#J(%01V")73V.C&/1!W M-(V2PY7C--#S;B$&=^G"#HI\7")H*@Q0EC*1R1S).*7QQS!J\I"WS%#6+'+, M9"Z*'YGPG96!P,XPZC*:H\R&J;@F-TZH0MT4VX<=A"C+=":*@$E URAW*8PVSRU3"!A=?#BMTCV<2 at AH#2P=*8UO1WNSB%.K#:U8,\ MM:6TVF8M1DI=98"UF(OLQR H=<.QFIZN(34A*N]G0&Y @:K., ;Q3-L.[MGC MN_ at T[3$X>H^34E5:57!M1RO RG$R0HJ+$.D=ARH-59,UF8^,KRAC+5$\162/ MRFH'$ @ZU6QVKM7B.18&^" &X(N&^"Y7+8,!C[A+AJAWJI"N'44 MSO"^OO+A\FVW"CB.YSP?UZ,+;_ at K/Y;F>RMJS7OL-5'>#.2%T6'.,5<<0HN3 MZ+I17)E=Y'-5!HE0B8)O0JLI*VE#'G.GF&%9K>&YHIGP\YL&W>:#!*O[R'OA M9*.F4SMV8\SE?"PX5-V??D1YQPG:Y,"]X5TZ1K#8V4CVA+'6?#60!X- M_PVPOCN,6,UK<=\U5GQ&2(_V+G:Z7.LDK%OY#7Q4RIQ/2CM#]I^T?1=W=.\> MMQXLUTSGM1IC9#YD$&),=WYSH']P 6RT=VGLQWW_EW(!*&#E58!B)##78WY9 ME"E]U0:U%WIV-('M!P)(0")G%#BJ at C(C51O;47:MPD?W%R='HV&- at QM,Y$1N MT'^653EL &/,EE"J B,WZ#YCE'\>R"='F(-.,1 ^F$I^-#5"Z&=*!@<8-B5( M:&H-*&+MUH2BAE3:)X')]T_EM%!5912($ETU5( MM3[MTSC&58-%<5=L(&QXYW^5 at X9^Q1TJ$R S1GZ9MX3OTF[%Y 9YD#W+ @+% M at 5VU4X9FB()I<$.3YEXG4!O ]@-9Y8>2=G,PA@;6%V#%45]4<%^,5VRH."GA M1SCAPXB"MT=G\ ;:HXEVR'SFM1J&!H9C]#&D&'.PQR?NY(M6YS/@@P8+DU"# M4CB$U87N=(P0QR=IP(PGR 2\B(4$:"CW86_P]G+C9(J5HRH!D8)1) =\QAHH MD *:N$KJ.& TBP\572]1'U:!(;Y5QO%L6 -]F"QV$524'ELZ(:78BAU< ;@ M!X:X at 8UA]X49YCX,-P>V4APPP(Q^! .62(1R0 ?B at 4G% 8;B$4S%(27QA8XY MEAO%46(GEF*#R%$@$ 0Q5C6P="RR) <2Z4_W5QZ=V&X'Z0:LI(5.&(_MAJG8A#>8RO.=F6'-P?[ M%VR81A3%<0)< ,G@)7*IQM4\T[QE%BL=7^?6&EKN4=M^99Q>66KB'T/J'UK M^9=P^6U%@7YFI7A]^9%NF9A7!I%RL(.KL06'"0*1&9 at V&)5A>"&8V05%@9B< M6124Z9BB"9F J9A$(8=BJ%2AR2>DR9JDUB.QF46S>66KUFH066_ M9IBIJ46YV6XF!W1_M#,)%4_^EES+Y62EF(QI- 9PD 7_HID7 )6WV:0=;D 9=$)L]T)8M< +[J45^1#\#P5-S M 'D&!H."HV$KA![)(@(M( *M at HX)>DH+FD9IQ*!GX* 0*AXB$ 8H"@(A('5U MDVU9%8F3^"< B:.8Z 2TJ6TK8I[P]*+7]J"D1S WFJ, at T'-,P*/^U)(?&0(P MB6),4*0*>J1(&FKP!*,RVJ1F\*0Z.J4 at 8 (F0"OSR0,#JB MH!4I0*5\M*+C ME)]IP*6G1)[8.9ARD);6UJ!,NIY:16"IZ*=2A1VFDIXNJBJ!D_6B9VGB3*!&J.#BJK] MZ)G_F*B;502R2A2-JD6[FIQVJ*'%-V"J at 9-I>8[)&">/VAJ1*@?I(FW#BI:% M^22M,J%L0J>IJBOE>9: .J!C2JA%T:N^^H,_\V< !HT",P<[- :-]4MD(!YS M0%5WP"CR at X4+2!3+VJS:&JUE,*T:N:DXVI+66A15.5YB&IKK*9QE]Y&WL4/1 MIBLT*@J9T6JI%80:6XF0H\'OA<8]VM$XE MVWGA&:HQ(!XZ2?FD;-:K)SNK=$<:J.FYP !8*:HJRTX6,0,QVV82 at I0FB&YK1[1+DB MF)F;F:L]12M3R[)56[96)+=KVK:LFYAHJY\]"[*G)+I;H+@"@0*BVRHKH!6B MF9M:A;NZ&VV]&[QT2[ABUK,@$KDFYT=)<%$R\GS/J#*JTAK#1[0'>JQ=2BM4 M>YAM.0)ZFTJVRT??B[RE&[FXVY?"BTK@:J2T\J4O:K(T"HBDU"I0*J6MP@=\ M$+GR&Z;T.S!--5V8JK]J>ZVK:I[2EQ92TX)M8+A[E*RA12M6JJ;.ZV:2*@>" MVWH/JY/21$SLTTXJV!3W:[7Z6[N16W=86!Q?"F?>(60Z-".M8A#V,27F*7HJ M2W-Q9G-#-J>F&RJ6IY![ ."UL A",&HM* Z-\(NZ;$7 M+&GLLW,O?'-E=\1$D:R16[ZII,(HJ8?NY,5\0K,\A0)D+,1$G+]3=\!91<8? MV<9#_%%H#,0\7'8RX,8?5<=[O'!H_+Z\VK,2O* A4,&<6F0N"L L2Z.,:0<@ M3!#N5,)PO*,HK%4J_)$M7',PO$,[-L/78\.WE\.8N\.?O*]0?$I+3,1GBL9\ MRL:!# ="W,0L^,1H+,593,66:,7&-<7M",A"UL61"\9:)<:H1,?% NS,W$K%6$G$7GS">'?*2- MK,$!+ ).!W66[,NHA,Q9M,DLK,/<',.A+'\U/ 8WG+)FT,FH?',Q[,,I/,O5 M#"/%$<\! '%5RG$4V_9TX?V52[-T_NBQJZR[FM=U90!7A9+C&/*OOLMU.\ ;O39OJK=TH M( +]Z3ZX(=Z&NZ#^V(!S\+$4.=_[70)S$$Y28]MB**V+>J^[&]E at Y :MPBXP MX-CYO=W]+95?Q(/4I> ,GH7^J8,5OM,2;KP.?B$77JT]N^'[W>%A" )%,! A MON!7U."M?=NL0IO@&M\?F-WT/1ME<-_8C> BL!;2=.,CKI[X+>3[;3)D79/' MUCA,GN,Y2=9 at M9XC\%LK0 at 357077+9P+IRXHD']I*9ZEIQL;8S@\%2L1HS6X M2"I.^W#%L;"[B^;Z2J-W,-YQLJ!V3M, at 4+XP+@)%( >&DAMCL#%)B(LAQ8L^VH=P!<>:,2-E%47G/L09GWH"V_N)0;NB(;AU,4FK.4NPL M)^DCGNPG ^&&C >:SNG'O=($1[%-\F>>%G_ ?E:YJ$6\3;*1#&SNBL,#/?"7 M3MPX ^V=;N]Y-P7G%9(YV22-WI0>P[D)56I.&_"^'<"E/-##':$;OR-P!C%IJWHQ04(_R&LPG MA8X+NHO:T\O&P>D]J\4LMJ@<_]L?C]6M(O+N2@>E]O,3"P(CZRKE2CA%GXS- M&R#OTG^%WY[53[+ at A.79K]O/'/O1//MH7_MKKZIM M#U'V(5'B,=Q0*O>;K_JLO^O'_1+2>-%^(XL &OX<6)Y/8I MKMW[\W0"CE81.-QW2H:2C,,-O,O!$;QJY("4W;YZ?60.#IBY2O?NRH ,,%P2 MQ]@QK&]7 EO at Q!D8?2[ ':D82*U.6 "4;^MMOQVZ1*NY!^/ N!E:=WIEZ47$\S*Y%P44U" M3\@*&].E X5%P?DILN;4K/I at RWJ%'# /8D%:V *8BBPA"$)@6[!!79@)^2!4 M(X/44%><0:$F"+^58.J$V(\11<$#H, at .J9_U*X3BT!^R0W?8RO#8 M at 4@ ( (B>CH[5QUF( L<@?"L% (Z7-0#L9DB9$+C;@B:.Q54\112(K% 2Q!? ML#OW]P1-H/:S=LSM$[8;;O<=L)W%&X<1; I60108KOS(%< :' -GW >$4A4* MR>8J#0.#BAR,3J$HFD/F&WR"*0%*O;L'^D;>!8P36BP$#+ at S, =H4P9L;?\H M&9(]^;?RSIY-5$BMXO[IBK;7_D1 _W. 2@\ :A%JM_T6X.>#B^#O*A:R=G/X M$E^%6WQP3R,]ODT4^915;:!\2C$]?(HQD/E45,^JBR*- 8(\O @!]>(I:7V3 MI=[MD;)'_\[B ;1][4AM43OHQ_O6$14+?@%L^)FNHU?SCA\L'"?+3[^@-8]& M*Z!?<7B-NPT<%D"9N-NDHMWS?E51/%A&1L7Y"&%;%(X)D2?&OYK5&;,?:#PC M8M'P>2FV!P=^&S>A8IPN+GJVGO6E$%]U#L1V]0.WHV&*C[VA^/:W=T$7= MN !YX_3SC9Z/*E)&JYCM-*,W'(0'T1,F1PQXI$* CP)OT?$++D.AIE[8"Z5Y M+Z4P%&[# KB7PE,V[!Z!<" 6Q_P8#F^B%6Q/\+$ WD6W]@#IH\4S7)S1+&:_ M &D;V&-D=(]9!#*>K W9>CHDGR,&=(NRD<.J?"&XV8DBV:OY=%(59;)LHI!)%GZT4*B M,179_:1D<#2 -=)TI;,).".=Y'WTAH*I3.Y'\G:D$F%1L%.0S8'!K-GP"SF? M=7A/4DNJB:"M%;M%YF M&DI+AWN$VA6Z+2 %1-,6+ W_0<%%EC6H*U' J1 #G6B%6+AVUUYPPYP$-MJ. M*-1!"76U2A,Z:S<,4:%],SJ@'%G43VM6=;#%R<530NUD(78"4!LJCKBK!880 MDB4?F83 at LOB(RX$Q#;,9NFP^,H/_K0QDZL M03BV1!MH+D/7N*.5MI(+@@!=J09S)8YSBRRB6)ZL;%DO 82T4#@H %_&$7,) MKGY<>C25INE at -H&$B2L79FUHF"838C9(X=@+[0"];#I<85*WO6LB1= MP6FWS8%@X08&VEFB40H.8E+,GI7BM at .=E%9NR\61+['&"#5FP*Q-::%@7L%[ M"2\!9AF at 4>U2J_A+XB,OAZ;6!(1.\VJRRWTI->UE& R; K,&0B NUUBF&YBS M;NI+9!:GCL(K'^:QK)-=;B E[.XH at 8)!%L0.8) MGRP3)ZC6\M(VYH5/,(G@"0_/S> AGD7!9-$>T'-[2 _NHIZBYW@:ON3YY^"? MO9R%+.L&,B[:!+4^$@Q(76Z-]AC*9IFUPB>@!$Z"GMK03"D!^6N]Y=1'SB*LPYQ>S;&T2> I/D)E%EE5+2Y\T MR at QP0=B&I at C1K4P1JZ]?,L*5J2?-Y65+;6C4EUB2[%@/EZA6P6QY-%+8$C(P M'NNA;)N:Y:D.YC:B^=/.Z.RI7Y70U70VIHD%=Y.K6:1QPF,V+1QJAY1:J "B MR:A\F5%'ED=%@!K%E6QT,&ZBZ+52CB(<[27H*$Z at 1]HX1$&:])R3 at Y2/>BP_ M^D?QZ"/5H[>DD'HLQQ;KCJ;8K&CM!@_&H>^T$[5HB:20N[$^>E$0 *ZL:(9S M-,T+*-F6DE%Y/B"G%(&NBL2YCS0W/,5-R-QQ#R[86$_/E):VP/*R4X0G3H3- MXX-IO&=S2F!H4YPZH9>I(*E@/CT8I7!KQLMU"89(YQ_ZFVT@J &6T at K2*J,&R/2(]B% MIV[X6L8=\[E.6,,AP0 at 4T!ZT0@[( 7TL!MS4&9 >UH,.#0/R P5=#Y:*89!< M$, at 84L"BH 'I9#+H#QFP(D2UT$74,N P0< 6: '2YH&)IJNZ(OQ4"_ at 8H@EB M;M00Q$]#)I*[JEB(,K4 8".:+L\_"2JCCLN<%Z( M0G>;#><-!OF7 BDQ_X-$20%Z%'&G3?U(A7NRHE5!P?7AB1VG7 K;B!P5W&' MY+YKC2,#XE7')5<6]SF5J6K5;R*@OK&&RXI?;2$)(PK3%6(ZN2.'6:6<5Z%R M>RB\ 5B[Z3_LBG,A$%*"2I00BT! \,*6X LI08&HA+I VC 8"@3AN$NT(": M( -D W("1IDPEZ&#N)!^(**S0Q;P4YPAA=+8\$"GZ "W8'ES)0'RP9B"JD@ M'V/@J#RA0.,P7 UN6 \\,SVT!J at 36)#K;'@+4N%F3($FT#.*0"H24,V$652% M)R,LAE8P,EK6)D9\"C<09M&5$&(!BR_M,(R8B8YC%16$ID0)6=(

.AKNH7%F(HUJ(F],L>@:.A3XU3% ( M##J[KIK"C D#ZX&)* FBS!N!8_5%3VCO at 5%1#0^\*R: 1#IJM*B!Z8@^9Y1 M&5 2235P8@\RZ961+;P-V^ ZP 8 &OE 46^K'=8X-W*P%5!*:@VH*A:\4 J:!8M8EH=X]3)VC5K:*)14SR=%$,!B%0GD1;^ M UR9 W*%KCC8@= C/%UD at 48IQ=7J._BS(LC'6#U$2,<-E(>V<+I B<"0/&"2 M*E ,BQ$H]BSVNAXLY?M0(Z at C!T*1'@HK?L;:@A_R\7"B$5-\M68!1LA9["4X M!52 \FO.9%4 at C/57<#,&GZ6XC$@\N),T2Z) S)Q4LOF"9Q"%<3LK)E^,2#FL M(7G&'_+1!)" _$$(*T-30A2>H0"JTABIG.$_,%LB=T1N++RU)K<$VG+:3G'1$ M*AZL@[T8$4'Q[SY<]]$SFD!T2 at -3PW*!7!PT2,C'VX4Z"L#LVEGYLQZF1)#- M#0&J V&,^\!GJ(!<9%XT*P(^;]SU>FY@^0J$YOL6#L;J MS4EP=P at 1WZJ;,79NCM642:M9)(XJ%Q#"F[N-1-J7-?",MP $.$95^!&E8*.D!.^BA_ at S6?]$965$CF-<35EHRT3&"*?%2>9C M4Z 9*Y5ZGZZ%4*FT#GN X9++!M!LLHBUTKN/.BA1P3A[T2*WPLJ=BI*F*I8%0Q<=H5EG24< M4;@UB)>M41N$<%QKQN%6%-<85>R,WV 2?H-+>!IO&;(;;ZD1#>[%L)@::<$U MJH4'R3'^PA9O#BB VL$$3,?&=8R-B!EDUMR+@]E1I98H'<*KYOVRDI"H#6XJ3@^YT&L:.]N\'8[R&Z MH25OO3$YUL(*8#8LBJ]A*\9P-#IV?>4(IKO#*)%5:L\XJJ*&7(W:1B&T5 at 2: M<@A" <8*W^+Q<#$,;N*%Q=,BWYE?8/Q+;LDR'F#DV B; MXZ>"CJ5Q$Z;&[9A\O&.;XXOE,1:N)5UY"Z^(>YR,P? ^=@+]6+92HY9$D&WR M0D;(SD(A?Q at U['=181MNMP$Y#@?&>N4E%TL8PJ' A#$;O4D M<^5KHI*QQ at IIR3"M&==CF;P>:')!#KU+ ]1HBC&"DQSR /O)5%HN2X'&X_W&IH 2>5 MKIF+9NN$BP([1KO0H@,["T0B<0MR:N!%:^#H*%D>Q((:1TD<+_J8.S DA_1: M60YETLRU82DOC="Y'LY)QTFZM!G-4";4K&3-L''>;W+M8*1+ ?4:QA*OV \R MK at 5 O+\VG>DN6AX/UKC2_F9YNXT'3&UPSG$M.I^!<+N@$9N&EKO4^4&+7FQ, MH=7NA:YPT%FQ58IP^UY3=&M;; V:-53G0 at R%*;1V/EW=>0Q/SO!LA2(%%@H0 MYWG7<(Q% BNJ+FQU< 09S6!H%^V?Q at BM;11_62 LVK<((Y*" FC1&IHR1Z. M()*$HK\Y,W\8Z18A =4IR(EH"E?+6T%,6RZ-;AI MXZR>_P1[MK=U^MUNYKR;FU6*C%C!1EF?SKAH=&'*<$(&+.$V04.\UP"B'?0Z MAL(1^NQF8P!AH at 4U0=#0'-I',^DMQ-EBM+,5T;%Z],[J"EV9L;2*WM#N]JC> M!Z/S+%2&E!#*&0CQ#IIWLX*#->'8.$2943B*5TOY1D#,D+=O 4QAF18$,0C' M]^6SGMHIP%X:+8MIBBV&"S)X#_-9-!,MVH#Y4 T*HMOY&6&Q@>M J$@DUNQC M_ VAQ9.-W]!",X'64+_69@)EC\IJ'C4LAXD$"QU,/O"PJDLXW6$>H]*A=T9T M$FVR"99LS-IFJR S*W&*NVES;2;MM-^VE [:DOMJ4VU MJ[;5OMI8.VMK[:WMM =&T+R;UC6*73E at OZ8V]*=K M>UT"U+)Y3\]FW'Z:7E..OFV%RC7EMKG at EWL*;-YML9DZG\0XC&YN,\Q=M^$E M-QG*KG28(VYHYLWM0=W at IM9$J'Q[H!). at F@XRP#B1 &*<\PP3JH<*!YGY)R< M<%H;(]1I:LXV6O7IG,^JTY7.T%D3"[<=G-VBTW:OSM9ICM4BMC2F_,K%L\!1Z$H7YB3U+D%D; M0=73*U;O\6!/]>$397R&JWSFR0/*M0#3!^6 at Z[-K^4GV7;80I?,:H6J+;050 M1PFWYO?^II0$U%*>$O:=*3=E$8U5;))-T2=5*#TE:!:AH*;)@N),R91!%Y-(A/4<%819DI M%I58>8>+CIG[(PRO=VB$KHL25=K2\VU*UZBKU%]K[HV>/^X5N+$@'46F6;R' M.U(IBDOCLBY]E=NQEV[Q0+I.XK(PA>.']'MB)T5:1U=C(R6EOS1D1%)(F$HI M:0*SI! #DV[. at I+69+@4VG7+$Y1B<6?G2]GXP#BE_B&5*B=6.KTP^1CO6;/4 MIUFU.?Y+!:D;_^)V[;1E%4!:RNLX,$'EL:UG%=,1B,:UB'W-(E:4WCG3G8T0 M8>0TK:;,M+ at ZU$X4)SR@@YNHR966LU-]I;;BZ3E-YMIGG;:V=OI.GZYP1UF;O$\82YP^9Z&N80U2K=VXYZ MZ: W0YGG'G4_ at -1Q-VY! $E% 2;U6"\GE1I<#5>A>ZEY(*8N55I14W4J3D5^ M.S4C_]2 at 2C_L W_=;LJZ9"A5IDH5)O)3=0,7?;]-U:IZ5;,J#;6J7[46R8&O M"A?"JH[CJ&6UI9Y5N2:J<<-:11EME?V.5CH at 5TMAH;.K8RF\]72#OE?[:DTR M;^"-5 at S6]5)8GT]!?W**5;OY5<>JTC&09'T1E+4N6[R0GEDWJTT"*9[5'(/6 MJJO3VTYI[3 2XZD36/S*6HF":T4S[MG!Z>5'G8!L*V[5K;Q5;.X,X$I4AZLP M/Z[)%F5Z<1% MN+&MXM IBXOLW;6]RO7W>MDI$WTE?'?P8P)!_*I?BUQJE>F8E>M>]K9]7[>; M-T:P826^-E@ $F&E=H75$FH"PY($#0LF,(*')1.%(8*(6!)K8E%LF^#:$X'% MMMBI+4+N!'1?VG;7S;7K3ZL at K/#I';+^ILA"C"-++VP%G]V[!H)A6Y2CTAJF M;)6]LB/-&N=_;-\5=6N at M>?: M0OM9UM!DU7*A-12'-BC.\T6KDT\RI$V_D]9:AQK2JV0WK7$F%;/X98!:HB!J M9S,UHK6M6%V]8GG5:BVSQ9ZUIW94V-I DVM%T:Y]5TK!UW9:\A'B>T2QA0O' M-G0FVV5+G0_&EDZUKYC:VHKNC&VIT8O7T at LY"(';_RN6W*+ M$$2TO 4VG9=.4]0TU"G(@WF /KE!\@+%^XH5;5APN#>X4 MW1GEKFF+.R$T+4;^QP/ZI'S1]LKKT@&GNN&(X70S184P^@*##&M=$$ TTT#3G=63/BI&Y2M+N(\ M+R\G'.^D*X]NLWS8I?3 FFA):.RLC6MUE?<1;C<'7]^Y*Z,?M'R^RGZF[T*5 M,1)X.8EX+KQ-00,=7S1K.8]%XU5TI2'S1MZTP)K9;^6]O)GW.#<'SFM^6X/U M?;7VG<.;WJ/2652O57:]GSKVSM[:2P9N;VO(O9&V;5 ,0\P6$+$Y'KYNI?BN M!X;+(I+O;(B_W/?YWO#HNW!&!/4]]_\A AW)?'2*M M^G6K5(%;FO!(; +D " M4V +C(%;@P:.,8W$ S?YI",01G!>-\%#A\^F8*80CTGR"^;-\1I;<* I3"IL ML"V:$'U7\I;I;)V9 at SU9"\MWJ->1Y0&6CL_RJRZ[\G8MP^ =G['?\FB>RUC= M"VMUA12&5X1?[L^GFJ6 at X7+U6MFPFMW(BMDBTV$[O!Y>O!Y>#\:B#]\,3SZ9 M,;.W+\03XA#OY3>HB-<#(]X9YLI90&*PD3PGL4:>/Q-Y17IN)9NT"#*>CGRA MN&6^9$#]C%>Z:&;%2)Y=L?WM/FQKL8#!Q4Q!%]-:>,SV-S5Z2/3$V#H8X[B/ MC)_N,B9KS5 at LB_UHS(1GM*9.*1J>U]-J;GR'OCXXWKJJ/_F'?50X]G=2V7?^ MUWE6JWW>//NO,#U.R7!_\LC]Q7R7\_(_WLCFB5?8:;MOD/^R?];["YGONV;# M_"K0#.#WTH(?1N:8:0V at GTH5_PEC'QF\%9*=6B/98U:2968TFN_G&IP5GAEY MX7F%9K?9(!63T6>!0N[GG=UDJIE.5IGY?P7 at 60&;!66CA8D'7!QE&.#BH)3% M9=#6;L920&78F"XVE=U:P-^'=[E4+%M9?,:U?_Z8+L:7S7\?H/V7]UD/^1]AYO=9#T^7S@"' M 8!SF "(^#F O4YD-G1,9B*9JW69/8"/W_,WFE& +!DU8IN58BD9!VB:35G\ M&4ZVFG$@/-D56)/$9BE at LY:?57]>Q4LFG^EFH +Y1P/^9C9@<$:ZY8"^6%8F MEP%B/J ET9RA:!^:KW8$HGW42-"WG5D'.1KGL*.)9W!->>;:. L6F: EI[5G M^,)[%@%F at IS:?+8HV&>X 7XVP>AG#@Y_9JH%9O^9B7*IW%S.QTE1H$T'!UJ? MYIDH:!$/'="J%7MG'_2GZ\EJ)1KUMZ3A:E1>,[BKF6?2&;'WJT6#$-HT**Q5 M at Q8:>,6#;(.K((LVJ!UKS^ W:'>!@DB7<\*=02.TB(X&GHEG5PBI$:1!"A]% MD08+\A2RH,\0JEV# MV3AH9Y;K9"HD9(5&D&@K'VH at D,M-:6MC,H9O\&XY>= MC6DGQ=;G\Z$&ZT2:%G!%:JH at H!6G66ISFJ26J=UIGICYLZ>=@\K at 0^@L_&G" MGZW@$#9I$&&AMJTI68C:1$B-,&HC@@R&B]16B=ZD)A*^@I@:. at 6?X6;Z6+I6 MA85JL16IMFO]@E=9JK8,KFIP0#OX"4J#7]8X& K6:C,AKY:KO0;H((SF#5Z% MX6!62*)MA=1?5\@-(FM;1D;'K/E at S]J%08!(:VL6,9?N86LJ at Z$6D8D WEIE M1CZ$:T,'X;&!F6M6F5*XKKU;M!\MUF.]:STAR 9ST6N3R+V6!N1K?4;QQ2) M#/[:?3"D14YPP< &;:$9!ML*@; 9" H;?M82L044(ENV]>1A;""# MV[=RG12.X<0VLI4[&][)QNTA0?F8RN8ML&PODD*"$Z%)$Q#0MB();4V!BQ1P M at 4A04G.4LTUR*QLTU1[Y; "/<=@E-4!,4EY4M"UR%-!R at P)<=^!A>"@>CH?D *87EH'IZ'Z.%U!QLT end From pete at cirrus.com Fri Mar 26 12:51:45 1993 From: pete at cirrus.com (Pete Carpenter) Date: Fri, 26 Mar 93 12:51:45 PST Subject: TEMPEST in a teapot Message-ID: <9303262028.AA11335@ss2138.cirrus.com> ----- Begin Included Message ----- It is speculated that poorly protected systems can be effectively monitored up to the order of one kilometer from the target equipment. ----- End Included Message ----- The "readability" of the relatively high energy sweeps in a standard CRT monitor is well known. Any idea of similar effects on LCD screens ? The energy involved would be orders of magnitude less, just for starters. Also, since the whole screen is effectively oscillating, I'm not sure that there is any 'raster' sweep per se going on here at all. This could be a factor for the truly paranoid :-) using portables with LCD screens. Pete Carpenter pete at cirrus.com Talk about your plenty, talk about your ills, One man gathers what another man spills. - Robert Hunter From tytso at Athena.MIT.EDU Fri Mar 26 12:53:13 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 26 Mar 93 12:53:13 PST Subject: Anonymous Corollary... In-Reply-To: <199303261908.AA26423@access.digex.com> Message-ID: <9303262051.AA04090@SOS> Date: Fri, 26 Mar 1993 14:08:05 -0500 From: Peter Wayner The point: the government has a relentless desire to document and assign accountability for everything. It's bred in their bones. Even the President can avoid it. There is an interesting quote reportedly made by Stephen Wolfe, head of the NSF, when someone was amazed about the incredible inefficiency of some of the government purchasing procedures ---- ``The people don't want efficient goverment; they want an accountable government --- and there's a difference.'' Given the distrust voiced by many people when Dr. Demming's proposal was brought forth, anonymity is probably a bad thing when it comes to goverment officials performing official actions in the line of duty. Given how petty, vicious, and evil (tm) government bureaucrats are(*), it's probably a good thing that they have to be held strictly accountable for everything they do, and for all of that to be documented. Would you like to give all sorts of powers to the likes of Ollie North, and then give them license to work anonymously? Now, this line of reasoning only applies to government officials --- what standards should apply to private citizens are of course completely different. In the case of Hillary's Health Care Committee, it isn't clear whether or not the names listed were merely private citizens giving "testimony" or "evidence" to feed into the process as input, or whether they're people who are making policy decisions. If they're people making policy decisions, even if they are not officially governmente employees, the Wall Street Journal's decision to publish their names is emminently justifiable. The last thing a democracy needs is a secret cabal making all the decisions in a back room. - Ted (*) or at least how evil(tm) it is widely believed them to be.... From julf at penet.FI Fri Mar 26 12:59:08 1993 From: julf at penet.FI (Johan Helsingius) Date: Fri, 26 Mar 93 12:59:08 PST Subject: Many Important Items in the News In-Reply-To: <9303242312.AA07079@netcom.netcom.com> Message-ID: <9303261839.aa28234@penet.penet.FI> > And given that our systems are "even more anonymous" that Julf's was, the > abuses seen with his system will have to be faced on our systems. The > alleged abuses of Julf's system: supposedly a picture of a burn victim was > posted to one of the erotica groups (tacky in the extreme, but hardly > illegal or a threat), instructions on how to poison cats (also tacky but > not ipso facto criminal), etc. (I don't know what the culminating case was, > nor will I speculate.) Uh... I really am a bit hesitant to talk about this, so I would appreciate it if you kept this private. A very visible and highly-regarded net personality took offense at some rather abusive exchanges in talk.politics.mideast, and contacted just the right people in a very politically loaded Finnish networking scene, but I know he acted out of a regard for (his wiew of) the best for the networking community. I have been expecting him to come forward and state his reasons. The problem is that I live in a country where somebody got thrown in jail for high treason for selling a couple of old, second-hand VAX machines to the former Eastern Block. And as people managed to turn the mail "from an international networking authority" into proof of the fact that I was destroying the image of networking in Finland in the eyes of the international community.... > There was also a major flamewar over the weekend when one Richard DePew > decided to initiate his "ARMM" ("Automated Retroactive Minimal Moderation") > program, which sent out "CANCEL" notices for anonymous messages posted to > certain groups. Very controversial, and a sign of things to come. (The > connection, if any, with Julf's shutdown remains unclear. Certainly the > whole issue of anonymous postings reached a head this past weekend. > Sternlight's threats about PGP may have been involved as well. Julf?) The ARMM thing actually backfired in a spectacular fashion, causing a lot of people to speak up in defence of the service. > These are certainly interesting times. Uh, yes, in many ways (says Julf, fresh back from Slovakia...) From tytso at Athena.MIT.EDU Fri Mar 26 13:04:15 1993 From: tytso at Athena.MIT.EDU (Theodore Ts'o) Date: Fri, 26 Mar 93 13:04:15 PST Subject: Anonymity, accountability, and control In-Reply-To: <9303261754.AA06965@tramp.cc.utexas.edu> Message-ID: <9303262102.AA04094@SOS> From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Fri, 26 Mar 1993 11:54:39 -0600 (CST) I believe that UUNET has applied for and received common carrier status, in which case they are not responsible for thier traffic and cannot make any judgement calls regarding the traffic coming from a particular site. It is kind of like the phone company; they may not approve of the 976-BABE numbers, but as long as those operations do not break the law there is nothing the phone company can do about them no matter how many complaints they may receive. I'd love to hear more about this --- my understanding was that "common carrier" status only had a specific meaning for telephone companies, and also meant as a side effect that they had to regulated by the FCC. I was not aware that "common carrier" status had any meaning in the computer networking arena, since no regulatory agency would have the right to receive applications and grant common carrier status, unless a law were specifically passed by Congress or perhaps some action resulting from a Federal court decision. Or is it that UUNET merely considers themselves a "common carrier" but that this has yet to be tested in court? Would Mike Goodwin be willing to comment on this? It would certainly have a lot of implications towards providing free speech on computer nets, and I'd love to have a real lawyer's perspective on this --- as opposed to the perspective of millions of people who merely play one on USENET. :-) - Ted From ld231782 at longs.lance.colostate.edu Fri Mar 26 13:12:13 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 26 Mar 93 13:12:13 PST Subject: Many Important Items in the News In-Reply-To: <9303260756.AA24450@soda.berkeley.edu> Message-ID: <9303262110.AA06813@longs.lance.colostate.edu> >All the more reason to allow the backbone admins the power to not pass >anonymous articles. It won't work, they'll feel like they're in >control, and everyone wins. wait, are you advocating news admins allowed to filter anonymous mail from downstream/upstream feeds? I don't get this. From mccoy at ccwf.cc.utexas.edu Fri Mar 26 13:20:12 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Fri, 26 Mar 93 13:20:12 PST Subject: Anonymity, accountability, and control In-Reply-To: <9303262102.AA04094@SOS> Message-ID: <9303262118.AA09185@tramp.cc.utexas.edu> > I believe that UUNET has applied for and received common carrier > status [...] > > I'd love to hear more about this --- my understanding was that > "common carrier" status only had a specific meaning for telephone > companies, and also meant as a side effect that they had to regulated by > the FCC. I was not aware that "common carrier" status had any meaning > in the computer networking arena, since no regulatory agency would have > the right to receive applications and grant common carrier status, > unless a law were specifically passed by Congress or perhaps some action > resulting from a Federal court decision. I am fairly certain that the people doing Skynet (Usenet news over satelite) are common carriers (or at least that is what Len Rose told me, I could be wrong...) For an example that predates computer communication by some time but might be a worthwhile example anyway, take a look at Western Union's telegraph business. What is/was thier status regarding the messages they sent? jim From nowhere at bsu-cs.bsu.edu Fri Mar 26 13:26:10 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Fri, 26 Mar 93 13:26:10 PST Subject: REMAIL: sendmail.cf problems Message-ID: <9303262128.AA18752@bsu-cs.bsu.edu> I am working on a new project on 386BSD with pseudonymous user ID's. What I want to do is use a rule in the /etc/sendmail.cf file to make all messages to "anon.###" be processed by the anonymous contact service and everything else to be processed as local mail. I added the following lines to my configuration file and made a new frozen config file, but I keep having trouble getting it to work: Ranon.$- $#acs$:anon.$1 Macs, P=/usr/guest/anon/anon-reply, F=nlF, S=10, R=20, A=anon-reply $u The first line should make all mail directed to "anon.*" be processed by the mailer "acs." The second should define a mailer named acs that executes anon-reply. I found that this would make it impossible to alias anon.post, anon.admin, anon.ping, anon.help, etc. So, I changed the first line to: Ranon.[0-9]$- $#acs$:anon.$1 That makes newaliases stop bitching about the aliases, but any mail directed to an anon.### account bounces and it says "User unknown." I ignored the alias problem once and actually got it to get farther, where it said "Unknown mailer error 2." I think that's because it was using /bin/sh instead of /bin/csh which is required for the scripts that I got from a friend. (acs2.2 is what I got, it was used for alt.personals) I want to rewrite it, but the important part is getting the aliasing to work. The rest is a piece of cake once I can get sendmail do to this. I hate to rebuild my alias database, besides which, that slows down ALL mail. If anyone knows which RFC's to look at for the sendmail.cf format or has experience with this problem, I would be eternally grateful. Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From nobody at alumni.cco.caltech.edu Fri Mar 26 13:31:39 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Fri, 26 Mar 93 13:31:39 PST Subject: ANON: Shutdown of Anon.penet.fi Message-ID: <9303262028.AA06217@alumni.cco.caltech.edu> It is fruitless to guess. You only tar innocent people. The truth will come out, more likely sooner than later. Nowhere, Man. From baumbach at atmel.com Fri Mar 26 13:55:59 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Fri, 26 Mar 93 13:55:59 PST Subject: How secure is an anonomous mail-server Message-ID: <9303262144.AA07992@walrus.chp.atmel.com> Suppose somone wanted to compromise an anonomous mail-server. Couldn't it be possible without the owner of the mail-server knowing? The attack might consist of monitoring all traffic to and from that address. Unless the server waits a long and random time to forward the incoming mail, couldn't a mapping be made of real-name/possible-anon-names? If a users uses the same anonomous name for long enough (2 times?) couldn't the attacker be very confident of the mapping? If the attacker uses the server themselves creatively, wouldn't the task be even easier? This seems like a simple cipher easily broken. I am new to this, so I appologize if this is a dumb question. Peter Baumbach baumbach at atmel.com From tcmay at netcom.com Fri Mar 26 14:49:02 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 26 Mar 93 14:49:02 PST Subject: How secure is an anonomous mail-server In-Reply-To: <9303262144.AA07992@walrus.chp.atmel.com> Message-ID: <9303262247.AA18162@netcom3.netcom.com> Peter Baumbach writes: > Suppose somone wanted to compromise an anonomous mail-server. Couldn't it > be possible without the owner of the mail-server knowing? The attack might > consist of monitoring all traffic to and from that address. Unless the > server waits a long and random time to forward the incoming mail, couldn't > a mapping be made of real-name/possible-anon-names? If a users uses the > same anonomous name for long enough (2 times?) couldn't the attacker be > very confident of the mapping? If the attacker uses the server themselves > creatively, wouldn't the task be even easier? > > This seems like a simple cipher easily broken. > > I am new to this, so I appologize if this is a dumb question. Yes, this is basically the "traffic analysis" problem. This is discussed (briefly) in the "Glossary" located in the Cypherpunks archives at soda.berkeley.edu (in the /pub/cypherpunks directory). Existing remailers are not secure against either traffic analysis or record-keeping by the operators. Nor are they secure against textual analysis (a lesser problem). Adding encryption helps against operator record-keeping. Accumulating enough messages (e.g., 10) so that following a message through 10 remailers is problematic is another approach, though nobody is now doing this. (And even with lots of accumulated messages and lots of remailers, statistical evidence can be accumulated. For example, if everytime "Deadbeat" posts to some group there was a packet leaving my machine some hours before.....) David Chaum's 1981 CACM paper/letter described "mixes," which some on this list are pursuing. His even more advanced "DC-Nets" (also covered in the Glossary and in _many_ postings on this list) are information-theoretically secure. We may see them deployed soon, in at least an experimental form. Not a dumb question, just one that's come up several times. (Someday we may even have a Cypherpunk FAQ.) -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From pete at cirrus.com Fri Mar 26 16:57:36 1993 From: pete at cirrus.com (Pete Carpenter) Date: Fri, 26 Mar 93 16:57:36 PST Subject: ANON: Shutdown of Anon.penet.fi Message-ID: <9303270027.AA11431@ss2138.cirrus.com> ----- Begin Included Message ----- Date: Fri, 26 Mar 1993 10:38:31 -0800 To: cypherpunks at toad.com From: lefty at apple.com (Lefty) Subject: ANON: Shutdown of Anon.penet.fi I have been told that Clayton Cramer, the bete noire of alt.sex.bondage, is the "net.personality" responsible for the shutdown of anon.penet.fi. I do not know this to be a fact. Funny, I never thought of him as being particularly "highly regarded". ----- End Included Message ----- Mr. Cramer is highly regarded for his scolarly work in regard to the Civil War, and the political history of the Second Amendment. He has just published a book on the later. His other 'opinions' have always amused me somewhat, because he was one of the first net.people that got me interested in the Libertarian Party. Those rantings seem very out of step with this general political attitude, quite un-libertarian, in fact. Pete Carpenter pete at cirrus.com Talk about your plenty, talk about your ills, One man gathers what another man spills. - Robert Hunter From mdiehl at triton.unm.edu Fri Mar 26 17:38:00 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Fri, 26 Mar 93 17:38:00 PST Subject: we need a faq. In-Reply-To: <9303262247.AA18162@netcom3.netcom.com> Message-ID: <9303270136.AA27824@triton.unm.edu> > > Not a dumb question, just one that's come up several times. (Someday > we may even have a Cypherpunk FAQ.) > I will mantain the faq if people will send my usefull information, such as ftp sites, remailer-reposter sites, short answers to "obvious" questions, etc. I will mail it out on a regular basis and perhapse to new subscribers, if that is possible. Come on folks give me a hand here! ;^) +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From tcmay at netcom.com Fri Mar 26 18:57:57 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 26 Mar 93 18:57:57 PST Subject: we need a faq. Message-ID: <9303270256.AA21236@netcom.netcom.com> J. Michael Diehl writes: >I will mantain the faq if people will send my usefull information, such as ftp >sites, remailer-reposter sites, short answers to "obvious" questions, etc. I >will mail it out on a regular basis and perhapse to new subscribers, if that is >possible. > >Come on folks give me a hand here! ;^) The problem with FAQs is that someone almost always volunteers to put together a FAQ if people will "send them stuff." Then he realizes what an enormous job it is, as the submissions are either a) not there, b) are too brief or confusing, c) require lots of editing, or d) other problems exist. Then that volunteer just sort of lets it all slide--and several months later some new eager beaver makes a similar proposal. I've seen this happen on several groups and mailing lists. Someone on this list boldly stepped forward last September, begged for submissions (some of us even sent stuff in), then let it slide. Officially, I suppose he is still working on it, but nothing has appeared. I'm not holding my breath. Since we are an anarchy, nobody can force him--or you, for that mattter--to finish it. The way FAQs traditionally get done is for someone to just write the whole damn thing...this will of course mean that someone must become quite knowledgeable about remailers, PERL, Chaum's work, the math of crypto, the politics and jargon of crypto privacy, and on and on. Not trying to scare you off, just pointing out that a FAQ will not write itself, nor can you count on others to "contribute" (for the reasons mentioned above). (Sometimes a "stone soup" approach works, where a "Rev. 0" FAQ is posted and then the critics come out of the woodwork to suggest improvements. If I was writing the FAQ, that's how I'd approach it...just get *something* out as quickly as possible and then see if anyone wants to change anything or make additions.) If you publicly announce your plans to do the FAQ, and begin soliciting contributions, PLEASE make sure it gets finished! By the way, in my opinion, the Cypherpunks FAQ is *essentially* available already in the regular postings of list members Lance Detweiler (he posts a long article to sci.crypt describing privacy on the Internet) and Karl Barrus (he keeps an updated list of remailers). Good luck. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From hughes at soda.berkeley.edu Fri Mar 26 19:06:39 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 26 Mar 93 19:06:39 PST Subject: Remailers In-Reply-To: <9303261530.AA19663@toad.com> Message-ID: <9303270302.AA28743@soda.berkeley.edu> I wrote: >The question you asked me about understanding the remailer operation >is of general enough interest that you ought to just ask the list at >large. >In specific, I don't know of any such theory of operation. When I wrote this, I wasn't thinking. When I wrote the original remailer code, I posted it to alt.hackers along with a theory of operation. I don't know if I have a copy of that anymore. Can someone provide it? It was from last September. Who gets Usenet on CD here, anyway? Eric From hughes at soda.berkeley.edu Fri Mar 26 19:43:32 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 26 Mar 93 19:43:32 PST Subject: Many Important Items in the News In-Reply-To: <9303262110.AA06813@longs.lance.colostate.edu> Message-ID: <9303270339.AA00329@soda.berkeley.edu> >>All the more reason to allow the backbone admins the power to not pass >>anonymous articles. It won't work, they'll feel like they're in >>control, and everyone wins. >wait, are you advocating news admins allowed to filter anonymous mail >from downstream/upstream feeds? I don't get this. Yes. If someone doesn't want to pass traffic, let them. It's extremely foolish; they'll get a bad rep for it. If they're a commercial site, they'll lose customers. If they're not, they'll lose face. Freedom to filter is freedom to shoot yourself in the foot. But as Peter Honeyman points out, filtering anonymous posts won't work to prevent them from being passed around, and they'll continue to use external channels to pressure connectivity and administration. These channels have no technical amelioration; doing politics in the broad sense is the only solution for this. Eric From stig at transam.ece.cmu.edu Fri Mar 26 20:55:04 1993 From: stig at transam.ece.cmu.edu (Jonathan Stigelman) Date: Fri, 26 Mar 93 20:55:04 PST Subject: Availability of filtering scripts Message-ID: <223@x15_remote.stigmobile.usa> In message <9303260732.AA23550 at soda.berkeley.edu> you write: >Were such a utility posted to alt.sources, and if all a user had to do >was ftp it from an archive, unpack it, and run it once, we would be in >a much better position politically, (even if the utility received very >little use). > >It is difficult to install mail filters. Our argument for user >filtering would be much stronger if installation were simple. > >A similar argument holds for anonymous posting filters in a global >KILL file. > two points: 1. An even more convienient way to distribute this filter would be by having it available from the anonymizing server itself. Mail to filter-request at anon.foonet.bar to get a copy. This is better for sites that do not have ftp available. 1.5 A variant on this approach would be for the server itself to do the blocking of mail. Mail to block-my-mail at anon.foonet.bar. Would prevent that server from sending anonymous mail to you. (the server would, of course, send a receipt for the transaction to the user who's mail is blocked...just in case of request forgery.) 2. This would be a political win, but it would really be just a step in the right direction since many people don't read their mail from UNIX boxes.... PCs, Macs, Fidonet boards, VMS, etc. Stig From CVADSAAV at CSUPomona.Edu Fri Mar 26 22:38:11 1993 From: CVADSAAV at CSUPomona.Edu (Lord Krieg) Date: Fri, 26 Mar 93 22:38:11 PST Subject: Comments on anonymous servers Message-ID: <9303270638.AA02109@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Joe Thomas has suggested that a group of penet-style anonymous servers be set up to act as "front ends" for the Cypherpunk remailers. This seems like a good idea (provided that the technical problems can be overcome), but I'd like to propose an addition. Having more than one of the penet-style front ends active at once will only provide more targets for (anonymous) net.fascists. I suggest that instead of having a handful of front ends operating, have only one front end actually operational at a time. Other servers would be on standby, and would constantly update their database with the active server. That way, the moment someone trashed the active server, another could be activated. This way the service would be interupted only briefly. Since it has thus far taken some time for anonymous servers to be brought down, this should allow the front ends to keep up. If someone out there trashes a new front end every month, we would only need to find a new server every month, with a "cushion" of servers waiting on standby. Now, as I understood the suggestion from Joe Thomas, the Cypherpunk remailers behind the front ends would only be "visible" to the people involved in running the service. This would certainly make the remailers more secure, since the net.fascists would not know who to terrorize to can the remailers. Although I certainly may be misunderstanding something, I don't really see why the users of the service would ever need to see a message about "if mail to here bounces, try there." Shouldn't the loss of a remailer be dealt with entirely "behind the scenes," by the service administrators? If I've said something really stupid or obvious here, please bear with me. The whole idea of anonymity only became of interest to me a few days ago. (It's amazing how badly some people react to fascist slime telling them they can't do something, even if they never thought of doing it before.) Kenneth G. Hagler ********************************************************************** * Internet: cvadsaav at csupomona.edu * My insurance company * * Phone: (909) 865-7751 * is Beretta U.S.A. * * PGP 2.2 key available on request * * *--------------------------------------------------------------------* * ...study of the military arts will make one who is naturally * * clever more so and one who is born somewhat dull rather less * * so. * * --Daidoji Yuzan Shigesuke, _Budo Shoshinshu_ * ********************************************************************** -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7PzpiipatcRAyu9AQGqfAQAlO2qB1QkrUg4oRA03nQw3qhPnIz8GpQt jFBKGdlXFYgVRbVQsG2ZvkUFwSZe9UOnFn8YXsCimRKA/9V7L0tpIeDRdAJvApvs Wfg0AsJ0toV+O8M1zw0Rfni1zy/HBvfJbc9rAJoRKR+3JaeFoqNI3KZ68jqa5Lk4 Lm7EYHHQXT0= =aB5h -----END PGP SIGNATURE----- From jcoryell%nwu.edu at UICVM.UIC.EDU Sat Mar 27 01:43:04 1993 From: jcoryell%nwu.edu at UICVM.UIC.EDU (John Coryell.) Date: Sat, 27 Mar 93 01:43:04 PST Subject: your note on sci.crypt Message-ID: <9303270942.AA06381@toad.com> Very nicely stated, Phil. John Coryell. From edgar at spectrx.Saigon.COM Sat Mar 27 07:44:18 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Sat, 27 Mar 93 07:44:18 PST Subject: PGP: Key Updates Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'm re-posting my 512 and 1024 bit public keys. They haven't changed, but some new signatures have been added. - --Type bits/keyID Date User ID - --pub 1024/87C0C7 1992/10/17 Edgar W. Swank - --sig AF00E5 David Del Torto - --sig DD98D9 Vesselin V. Bontchev - -- - --sig 67F70B Philip R. Zimmermann - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf 9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2 hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR tClFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYWlnb24uY29tPokAlQIF ECuXMhOhwThfSq8A5QEBqF0D/itGhJWncb4qLTC+RwC+mfC3u9IRikddKTKgLwt0 Cqz1t+3k0NM7KSDDkfWoUbUOiqTqhHTLFjST3V5WgFVyUtYNv3iw07cmMcko79B0 4OKTkOmZcSdCEF8uW6O5iQK0mOgG/X5B0iaee/1o2J0a4sCd429n5Q02p8TchFKH M3DciQCVAgUQK2PmLDZWl8Yy3ZjZAQEMRgP/aIwyaXrl4Vo1as0/tptiHxBbf4ye PKXkI2kCMaTF6OYibidkqpQc3kO4bOkkOey1HBvPp1pcrXldygzWbyC6G7pTMjAe z36FsoTqKdMLPgLSYTnk9Ka8X96ON7GcbOyIWm4WeM3+xGtIdznt+U4hRYEJkPwe LPPdpgHGa/AnzreJAJUCBRArERcc4nXeDv9n9wsBAbJiA/9qly/1XYxscWBTSGXQ PgwuoaMFF5R8OujFAKyCxNv/SevVb3KW0Eypg+APtOEsB/avEg81sbIPtVQDbstP BBNLqfaZu2Qc68ZBXDsnYbBMDrfX0Z/RCd7QzWHtUlaMVfRXOO6H+eTpu3Eza5Mt IXadSwNd7n/03ld56wWGttc2sw== =F7iK - -----END PGP PUBLIC KEY BLOCK----- - --Type bits/keyID Date User ID - --pub 512/4F0C47 1992/09/26 Edgar W. Swank - --sig! DD98D9 1993/02/02 Vesselin V. Bontchev - --sig! 67F70B 1992/10/14 Philip R. Zimmermann - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQBNAirEvxwAAAECAMUkLHrx6JH45BMd4bxZDNQO3HrLmhZSvsHJzLH9+90BTbuX 3Kvo0pSLCh98m2Abu/LtoHDggJOKxRGee+5PDEcABRG0KUVkZ2FyIFcuIFN3YW5r IDxlZGdhckBzcGVjdHJ4LnNhaWdvbi5jb20+iQCVAgUQK27LwjZWl8Yy3ZjZAQHi 5AP6AwciH+ZSRaeBF0Qrt6yNOTkYiM4BxyKQ3GldPbcXlIU9p2fSsaMHzGwnn4ka hekEWAXM76PR3i/wwrFKehwCBrRqawUKZZonomDAQYkmQoVVTU/PWCvv8XveDaOb NMEAJ1klELvORoCx+HMirJPzLD0GQHCaZFmnmPHfQYn8T7SJAJUCBRAq27WH4nXe Dv9n9wsBAWCcBACNGUqaZK8MxlRYozYFAWamocGJoKDs4soQWeD2lkbHarNgcJk4 v5r0DR7E309EC1XpsSb34XxWg4SlXIXfjpcnDATV7/XcgRMcWLsl319uOzDy+hAW rPr1fanzGgQvFi2pKXB85DdLsk7LLHj+nTh8b8lm5EmJxVpQhGUMock8nQ== =XtlP - -----END PGP PUBLIC KEY BLOCK----- I can receive messages encrypted with either key, but I will usually -sign- messages with the 1024-bit key. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7RY1N4nNf3ah8DHAQHB4QP+LE70bsNtOy1TjpV73P5xHHib4wH/LGX5 rMoU5w8t4p8q8OCUhUaQG5OmtE79nZFt2q49rIg9FQZH1NlhKlfpZa5JSCMcs4Ls IOY2BKDw2voxAIpooueqUTHMwRNGakMA3utUnVTQ8gf001Ie8GRpdomDxbsmW6uG PtXkyQpuRQo= =TGiw -----END PGP SIGNATURE----- -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca From edgar at spectrx.Saigon.COM Sat Mar 27 07:44:22 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Sat, 27 Mar 93 07:44:22 PST Subject: REMAIL: "Stealth" Remailers Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In the wake of the forced demise of penet.fi, Dave del Torto said: >>> The anonymous service at anon.penet.fi has been closed down. This is a dark day indeed. The forces of Repression are upon us yet again. OK, where do we set up the next one? I guess the solution here is to have a floating set of difficult-to-detect anon remailers and switch between them regularly. I have an idea for making remailers more difficult to find. This applies only to systems where the remailer operator owns the system, such as at wimsey.com. (But a "system" can be just a PC/XT with hard disk and modem - maybe under $1000). Where the remailer operator controls the system, it's easy to "forge" net headers. The problem is that once you send mail, other systems are going to add "Received:" lines to the net headers that point back to you. I don't know how to stop this once the mail leaves your control. But it should be possible to add -extra- "Received:" headers, indicating you received the message from some system "behind" you. Should the "net police" trace an "offensive" message back to you, you can point to the added net headers and say, "Oh, but this came from -him-, not -me-; -I'm- just an innocent forwarder (not remailer) of this message. That SOB down at the end there must be running one of those infernal remailers; Go get him!!" By the way, these phony added headers should all have -real- system names. It's fairly easy to trace messages along the "mainline" internet, because those are all "hard-wired" leased lines. But there's another class of system called UUCP which sends and receives messages over the - -switched- network (ordinary dialup telephone lines). Many of the mainline systems accept UUCP accounts, so UUCP systems usually have the same internet connectivity as the mainline systems for E-mail. (They can't do FTP and Telnet). Furthermore, UUCP systems can allow other systems UUCP accounts, creating long chains over the dial-up net. Furthermore, a UUCP system can be set up with a minimal investment in hardware. A single hardware system can be -many- different UUCP "systems" by just dialing into different UUCP "accounts". A good strategy is to accept mail for remailing at one well-publicized UUCP address, but -never- use that same account for -sending- remailed mail. Just use one of several -other- UUCP accounts for that, adding phony "From:" and "Received:" net headers as explained above. Be generous in accepting UUCP accounts from other systems; don't take too much trouble verifying the registration info they give you. Once they've been on a while, start using their names in the phony "Received:" headers you generate. Well, I'm not an expert on either the net or the "Waffle" software used to run small UUCP systems (like this one). But perhaps the above ideas will prove useful to those of you who are. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7RidN4nNf3ah8DHAQG1/AP/dphEH+j0pou/jZ86PhQEffyVyzcHBm0A lwEnJFhX7RXx3l4RNlhv9dTRwQwaQPiaZ7qfWhdtqIsWwBSD39krfv7RwZDVI6Rs nuzE67BvLljl4N1rEqUdW/ln3gFvUBo/ud+b3DBFJFZEOMRPJFFkE5hux5RBxG+N wk3X28rUUM8= =BVPy -----END PGP SIGNATURE----- -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca From honey at citi.umich.edu Sat Mar 27 07:47:28 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Sat, 27 Mar 93 07:47:28 PST Subject: How secure is an anonomous mail-server Message-ID: <9303271547.AA16120@toad.com> one way to defeat traffic analysis is to maintain a steady stream of traffic. to this end, avi and i are considering a "remailer tax" -- if you send a message through a remailer, you pay a tax of (say) ten additional messages sent and ten received. so if you send a message via a remailer, your software is obliged to send out an additional ten nonce messages, spaced out over time. that's not so onerous ... but those messages have to *go* somewhere, so you will also be taxed by receiving ten nonce messages. this remailer tax is not completely thought out ... what do you think? if remailers catch on, the nonce traffic can be cut back. i'm also still enamored of the probabilistic remailer notion i proposed a few months ago, where a remailer flips a coin to determine whether to deliver a message to it's destination or whether to throw it back into a pool of like remailers. peter From grady at netcom.com Sat Mar 27 09:30:12 1993 From: grady at netcom.com (Grady Ward) Date: Sat, 27 Mar 93 09:30:12 PST Subject: Distributed distribution of PGP 2.2 Message-ID: <9303271728.AA12159@netcom.netcom.com> Since most of us live in widely-separated places, it might really help broaden the popular support and use of PGP by distributing it to your local BBS. Most of these people are disjoint from Unix people with Internet connections and so would welcome access to whatever versions and platforms of PGP you can upload. I've just finished uploading the MSDOS, Mac, and Unix (with source) versions to the local rural BBS. If many people did the same for their areas it is hard to imagine how PGP could ever be "stamped out". Lists of BBS for your area code are available from your favorite platform archive site. Not negligibly, many more people exposed to and using PGP means that many more eyes and fingers finding bugs, suggesting patches and improvments and generally playing with the PGP concept. Apple Computer is reputed to be readying the release of their new "cyclone" computers during the next month or so. This top-end line of machines has been said to incorporate licensed RSA technology at the operating system level. With the usual marketing hoopla this will mean that security in general but specifically RSA and public key technologies will get a big public push. It would be great if at the time of this marketing blitz people could turn to their local bbs and satisfy their curiosity about RSA and public keys with PGP 2.2... -- grady at netcom.com 2EF221 / 15 E2 AD D3 D1 C6 F3 FC 58 AC F7 3D 4F 01 1E 2F From 0005037030 at mcimail.com Sat Mar 27 09:38:09 1993 From: 0005037030 at mcimail.com (AJ Janschewitz) Date: Sat, 27 Mar 93 09:38:09 PST Subject: PGP key Message-ID: <00930327173700/0005037030ND3EM@mcimail.com> My "old" PGP key died with my PSI account. The new key is below, and can be accessed by fingering my secondary mail address, ajay at holonet.net. If the list server ops would kindly kill my old key (which should have my name and an attached address of p00258 at psilink.com), I'd appreciate it. Scary thought: If any goon wanted to trace remailers, with the Clintoon Administration now accepting E-Mail, all one would have to do is send a threatening message through a remailer and it would give the brownshirt squad license to do all kinds of things. A government bent on knowing everything might even initiate such a move itself. How do the people running remailers and those of us who might have occasion to use them deal with this straw man threat? ==a.j.== -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiuyVNUAAAEEAMWyeYBYXNT6JXDS/3ixsS1tFd02K/qekH6gjAThcm8KkFmL FVRsW9pwgpkrLV/nra3kWKeV6tA1Lic+21pmoXhdAR9tMLpy6k0KFYPTbYob8hkr kZ6u6rpRz2WcvA3LxpVbPXMMa5R/rsH9r6lnE23gD3JxGoqkaxk4MFKFFwHhAAUT tDdBLkouIEphbnNjaGV3aXR6IDxhamF5QGhvbG9uZXQubmV0LDUwMzcwMzBAbWNp bWFpbC5jb20+ =Ylln -----END PGP PUBLIC KEY BLOCK----- From ghoast at gnu.ai.mit.edu Sat Mar 27 12:33:31 1993 From: ghoast at gnu.ai.mit.edu (ghoast at gnu.ai.mit.edu) Date: Sat, 27 Mar 93 12:33:31 PST Subject: TEMPEST in a teapot Message-ID: <9303272031.AA36215@hal.gnu.ai.mit.edu> > > ----- Begin Included Message ----- > > It is speculated that poorly protected systems can > be effectively monitored up to the order of one kilometer from the target > equipment. > > ----- End Included Message ----- > > The "readability" of the relatively high energy sweeps in a standard CRT monitor > is well known. Any idea of similar effects on LCD screens ? The energy involved > would be orders of magnitude less, just for starters. Also, since the whole screen > is effectively oscillating, I'm not sure that there is any 'raster' sweep per se > going on here at all. This could be a factor for the truly paranoid :-) using > portables with LCD screens. > > > Pete Carpenter pete at cirrus.com > I've been told that the CRT is not what is generating the signals at all, rather that it is the CPU, and that having an LCD screen won't save you, strength of signal reduced or otherwise. From 74076.1041 at CompuServe.COM Sat Mar 27 15:28:55 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Sat, 27 Mar 93 15:28:55 PST Subject: ANON: Mark anon. posts a Message-ID: <930327232219_74076.1041_FHD20-2@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- I sent mail to Cypherpunks on this a couple of days ago, but it never appeared. There is a problem with the notion that all "anonymous" remailers and news-posting services should label their messages as anonymous so that users can decide whether to read them or not. This approach abandons one of the strongest arguments in favor of anonymous remailers, which is that the net is inherently an anonymous environment. Especially as more public access Unix systems, BBS systems, and so on become part of the net, we are going to see less and less of the strict controls on identity which were possible when the net was restricted to a few government labs and large universities. The level of anarchy will inevitably increase as larger numbers of people acquire net access. Unless massive and universal authentication efforts are undertaken, it is going to be more and more the case that you will know little about the true identity of a poster. Because of this, those who object to having to read the words of an "anonymous" poster are taking an untenable position. They are already reading words of people about whom they know no more than they would about an anonymous poster. And the argument that "non-anonymous" posters are subject to a form of discipline not available to anonymous posters - messages to the system operator - is clearly falsified by the existance of many sysops who care nothing about complaints. As more and more people run their own machines with net access, these cases will only increase. In short, we anonymous remailer operators have every right to be part of the net. We introduce no more problems than are already happening and will continue to occur as the net grows and becomes more universal. The resistance we've seen is from old-time sysops who are unable to adjust to a changing network environment. Rather than placating obsolete beliefs about network identity by agreeing to mark our messages with the scarlett letter A for anonymity, by accepting that we deserve to be in a ghetto set aside for inferior posts, I feel that we should challenge the net with messages that blur the distinction between anonymous and authenticated posts. The sooner people realize that there is no line that divides the clean from the unclean, the sooner anonymity will be widely accepted on the net. Hal Finney 74076.1041 at compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK7S2oqgTA69YIUw3AQEfagP8DlzINcvUDn7jc351S+hHTBz5NtB3RbRC l+0rgltFcn6QxWaE0GsWFcOa6RcPOe1DOTlwiJejiT6MbnfuDopbUoS98bCiIzLE 0Q2ZVhtsfLs5zFdUj08bRzzU7zyuzSmNoSsCx01O6OiGZB/zs0PEnx/0XqRtXFD2 RM1YTCPIF7Y= =0zw5 -----END PGP SIGNATURE----- From 74076.1041 at CompuServe.COM Sat Mar 27 15:28:58 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Sat, 27 Mar 93 15:28:58 PST Subject: REMAIL: Anon. remailers Message-ID: <930327232156_74076.1041_FHD20-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- Kenneth G. Hagler, "Lord Krieg" , writes: > Joe Thomas has suggested that a group of penet-style anonymous servers > be set up to act as "front ends" for the Cypherpunk remailers. This seems > like a good idea (provided that the technical problems can be overcome), > but I'd like to propose an addition. I don't see the advantage of having behind-the-scenes remailers. The addresses of the front-end remailer(s) will have to be advertised, and that is where people will think of the service as originating. That is where their attacks will be focussed. It won't matter if there are other systems involved with the remailing. If one front-end gets shut down then yes, it would be nice to have another. Again, I don't see how this is made much easier by the existance of multiple back-end systems. Penet has not been replaced yet, and I think the reason is because nobody wants to take the heat for running such a system. What difference does it make whether you are running front-end software or an entire remailer? Either way you have to be a system manager in order to install new mail aliases ("an12345", etc.). There just aren't that many system managers out there willing to take on the traffic load and the political heat for a service which they may not even believe in that strongly. > Now, as I understood the suggestion from Joe Thomas, the Cypherpunk > remailers behind the front ends would only be "visible" to the people > involved in running the service. This would certainly make the remailers > more secure, since the net.fascists would not know who to terrorize to > can the remailers. Again, saying that it is the back ends which are the remailers is misleading. As far as the net at large will be concerned, it is the front end which is the remailer. That is where you send your mail if you want it to be remailed. That is where the heat will be. And shutting down all the front ends will shut down the remailing service. The existance of back ends does not affect the strategy used by our opponents, nor does it give us any additional defense that I can see. > Although I certainly may be misunderstanding something, I don't really > see why the users of the service would ever need to see a message about > "if mail to here bounces, try there." Shouldn't the loss of a remailer be > dealt with entirely "behind the scenes," by the service administrators? How could this be done? If I still try to send mail to an1234 at anon.penet.fi, it will not be remailed. If Julf does start enabling such messages to be remailed, by forwarding or by any other way, he will presumably face the same consequences which convinced him to stop. On the other hand, if all messages from a remailer say "reply to address A; if that doesn't work try B, and then C" then I can guarantee that when net powers try to shut down the remailers they will go after A, B, and C. Exposing their names like that will just give opponents of anonymity more time to marshall their forces against these alternative remailer sites. I think the only reasonable approach is to make the remailer code widely available, and to try to convince people to run it who are in a position not to be exposed to pressure. From earlier postings here, it sounds like someone who is paying his own money for a UUNET connection, which someone said costs about $50 per month (what does that $50 include?), would be a good choice. It sounds like UUNET is not going to cut off a paying customer just because others complain about his use of the net, particularly if it is true that UUNET is a immune to legal threats about what they carry. If he who pays for the feed is willing to carry the remailer traffic then he should be immune to pressure. Hal Finney 74076.1041 at compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.1 iQCVAgUBK7SyjagTA69YIUw3AQEVkwP/T6VMZJToUCvNnBTwrYZRKiJarxproRRP usOFFWyQ27ABBGypS79PfJmJZUyJAuZkAGExEapMTF/Nh0zNb8feZimfJk8A7SbM 5CvlITUMJsjmNCvk/HeeJadhkADyFiD9zRbuZiSzPGNCankt4lCxoGA2qIDklBYp ZlcMs+eHxbs= =IT8B -----END PGP SIGNATURE----- From wixer!pacoid at cactus.org Sat Mar 27 17:48:55 1993 From: wixer!pacoid at cactus.org (Paco Xander Nathan) Date: Sat, 27 Mar 93 17:48:55 PST Subject: REMAIL: Anon. remailers Message-ID: <9303280123.AA04407@wixer> One alternative would be to use the technology within its own narrative.. If IP providers and other sysops are *annoyed* that an anonymous remailer passes "untraceable" email, why not have a remailer that passes email with a trail of encrypted SASE ?? That way, the identity of the person posting is preserved, albeit not the physical location.. pxn. pacoid at wixer.cactus.org From eggo at student.umass.edu Sat Mar 27 19:12:58 1993 From: eggo at student.umass.edu (Round Waffle) Date: Sat, 27 Mar 93 19:12:58 PST Subject: TEMPEST in a teapot In-Reply-To: <9303272031.AA36215@hal.gnu.ai.mit.edu> Message-ID: <9303280311.AA28562@titan.ucs.umass.edu> Possessed by The Unholy, ghoast at gnu.ai.mit.edu scrawled the following in blood: > I've been told that the CRT is not what is generating the signals at all, rather > that it is the CPU, and that having an LCD screen won't save you, strength of > signal reduced or otherwise. > Actually, it's almost entirely the cables, and somewhat the screen (CRT, that is). A shielded CPU box isn't going to be giving off really any appreciable amount of RF waves, certainly not enough to read coherently. An LCD will help, since they don't emit the same kind of signals (no CRT), and no cables going to them. +- eggo at titan.ucs.umass.edu --><-- Eat Some Paste -+ +- Yorn desh born, der ritt de gitt der gue, -+ +- Orn desh, dee born desh, de umn bork! bork! bork! -+ +----------------- The Durex Blender Corporation -----------------+ From O1DSH at VM1.CC.UAKRON.EDU Sat Mar 27 20:07:25 1993 From: O1DSH at VM1.CC.UAKRON.EDU (David Heck) Date: Sat, 27 Mar 93 20:07:25 PST Subject: Speaking of TEMPEST.... Message-ID: <9303280407.AA07006@toad.com> I was able to procure a tempest specced HP Laserjet + (model 2686 TA), used around a year ago and recently did a motherboard swap to upgrade the unit to 2mb of RAM...wasn't all that much to rip apart and put back together...even with all the damn machined-screws and shielding, the thing still emits a fair amount of noise, but no farther than the room it's in... I checked all my cables and system box and switched to shielded cables and cleaned up the the noise as best I could...interesting design and at least I would see the damn snoops...they'd have to be in my front yard to pick it up...anyone else hack any used TEMPEST stuff? David a.k.a. Unixorn From nobody at alumni.cco.caltech.edu Sat Mar 27 20:37:54 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Sat, 27 Mar 93 20:37:54 PST Subject: ANON: Shutdown of Anon.penet.fi Message-ID: <9303280437.AA23525@alumni.cco.caltech.edu> It is fruitless to try to guess the identity of the famous network personality. You only tar innocent people. The truth will come out, more likely sooner than later. Nowhere, Man From mdiehl at triton.unm.edu Sat Mar 27 22:46:25 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sat, 27 Mar 93 22:46:25 PST Subject: Speaking of TEMPEST.... In-Reply-To: <9303280407.AA07006@toad.com> Message-ID: <9303280644.AA11996@triton.unm.edu> > I was able to procure a tempest specced HP Laserjet + (model 2686 TA), > used around a year ago and recently did a motherboard swap to upgrade > the unit to 2mb of RAM...wasn't all that much to rip apart and put back > together...even with all the damn machined-screws and shielding, the thing > still emits a fair amount of noise, but no farther than the room it's in... How does one go about testing such a thing? > I checked all my cables and system box and switched to shielded cables and > cleaned up the the noise as best I could...interesting design and at least > I would see the damn snoops...they'd have to be in my front yard to pick it > up...anyone else hack any used TEMPEST stuff? Is there any way of Jamming a computers emmisissions? Just a thought. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From Marc.Ringuette at GS80.SP.CS.CMU.EDU Sat Mar 27 23:26:59 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Sat, 27 Mar 93 23:26:59 PST Subject: ANON: real-person newsgroups Message-ID: <9303280726.AA11118@toad.com> Hal Finney (I think) writes, > the net is inherently an anonymous environment. > ...The sooner people realize that there is > no line that divides the clean from the unclean, the sooner anonymity will > be widely accepted on the net. But there _is_ a line, and people will likely want to draw it. It's true that currently there aren't any security guarantees to prevent a person from pretending to be someone else, but there will be. PEM certificates will distinguish between real people and personas. A public-key-authenticated "real person newsgroup" can be implemented. This raises the possibility that most newsgroups will transition to real-person-only status. This will cramp the style of those of us who wish to participate in the net using a persona. I think a major task ahead of us is to provide an alternative to "real people = good, personas = bad", and to put forward alternatives to "real person newsgroups" which are tolerable to most and more palatable to us. So what's the distinction we might wish to put forward instead of "real person"? "Paying customer", perhaps, or "respected reputation"? Yeah, that sounds good. Maybe it's time to set up some reputation based newsgroups, with a means of keeping track of who has been posting good stuff, and of filtering for credibility. -- Marc Ringuette (mnr at cs.cmu.edu) From ebrandt at jarthur.Claremont.EDU Sat Mar 27 23:35:48 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Sat, 27 Mar 93 23:35:48 PST Subject: Speaking of TEMPEST.... In-Reply-To: <9303280644.AA11996@triton.unm.edu> Message-ID: <9303280735.AA11161@toad.com> > How does one go about testing such a thing? Anything that is interfered with will work, but listening to an AM radio tuned to maximal interference is easy. When you have no audible interference, though, it just means that there's none left that this will pick up. > Is there any way of Jamming a computers emmisissions? Just a thought. Technically, sure. But you'd need some kinda broadband licence to operate it... legally. > | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From hughes at soda.berkeley.edu Sun Mar 28 08:58:12 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sun, 28 Mar 93 08:58:12 PST Subject: ANON: real-person newsgroups In-Reply-To: <9303280726.AA11118@toad.com> Message-ID: <9303281938.AA29951@soda.berkeley.edu> Marc Ringuette writes: >PEM certificates will distinguish between real people and personas. >A public-key-authenticated "real person newsgroup" can be >implemented. I am opposed to "is-a-person" credentials, especially of the type "is-this-specific-person". The knowledge of personal identity is in most cases not salient. We are in danger of creating a system similar to the SSN fiasco, where a public identity is now not only a number but a cryptographically protected one. When such a system exists, there will be strong pressures to use it for other purposes, just as there are with SSN's. In short, do not support the PEM certification hierarchy in any way. If you are in a corporate position with the power to make this decision, nix it. If you are an individual, do not get or use these certificates. Do not even get persona certificates; it strengthens the person identification system by its negative. >I think a major task ahead of us is to provide an alternative to >"real people = good, personas = bad", and to put forward alternatives >to "real person newsgroups" which are tolerable to most and more >palatable to us. Newsgroups could be the first structure to require identity, and they wouldn't be the last. We need alternatives before authentication to real people becomes prevalent. I fully agree that the creation of better structures is pressing on us. I would prefer to be the default and make PEM "the alternative". >So what's the distinction we might wish to put forward instead of >"real person"? "Paying customer", perhaps, or "respected reputation"? The simplest replacement for "real person" is "public key." Carl Ellison argues mightily and well for this, and has for several years. By going to just public key, you can support other models and retain continuity of conversation, where that is desired. >Yeah, that sounds good. Maybe it's time to set up some reputation >based newsgroups, with a means of keeping track of who has been >posting good stuff, and of filtering for credibility. We need to set up some replacement for the existing fora. Here are some of the characteristics I've thought about: 1. Eliminate the default behavior to transmit everything received. On both mailing lists and newsgroups, everthing anybody wants to say to is sent to the whole group. There are two common restrictions on this. One is closed mailing lists, where the same default transmission occurs but is a closed group. That group can get large, however, and manifest all the probelms of an open group. The other is to use a moderator, or more accurately an approver, to pre-read all the material before transmission. So default transmission has to go. What will replace it? Whatever it is, it must have the characteristic that there will be posts that will not be sent to everybody when they first arrive. Simple, but this is an extremely important characteristic of any future forum. I think the origin of this behavior lies in the UUCP origins of newsgroups, where interactive use was difficult and expensive, and where mail delivery turnaround times were measured in days. Back then, it actually was better to do default transmission, especially in a fairly homogenous environment where most people got along OK. 2. For bootstrapping purposes, default transmission must be supported to some subset of the member of the forum. This seems to directly conflict the point made above. Default transmission must be supported to some, but can't be to all. If you require that anybody who wants to use this new forum install "work-in-progress" software in order to participate, you'll cut out most of your participants. Now people won't participate unless there's some content to the forum, and that will have to be provided by more than just the users of the new software. 2a. Corollary: A "lurker-only" mode must always be supported. There will always be those who just want to listen who are not expected to otherwise participate. A lurker mode, by its nature, will be default transmission, but not of the whole discussion, perhaps. 3. The social relations among individuals must not have any assymetry enforced by the software. A moderator, for example, is in a different position than any other list participant. That means that all people must be able to participate in deciding what they want to read and what they want to say about what they've read. 4. The development of social assymetries must not be prevented by the software. Some people will want to ignore others and want to listen only to others. When these preferences become commonplace, there are optimizations that can take place which create assymetries, for example, by doing transmissions to lurkers based on the ratings of the most respected group members. 5. Since people must base their decisions on something other than the content of the postings themselves, and since meta-traffic about postings shouldn't completely overwhelm the forum itself, it is desirable that ratings be specified in some contrained grammar, preferably very small and machine-parsable. 6. There must exist a mechanism for ensuring that the aggregate rating information is not unbounded. This is a subtle point which I illustrate with an analogue: in an adventure game, there must be some limit on the total amount of money. If voting is completely unconstrained, you quickly get vote inflation and the devaluation of an individual's opinion. If I can vote one hundred times for myself, something's wrong. Therefore I suggest that opinion votes be issued similarly to money. Each person voting gets to withdraw one "permission to publish an opinion" per message, withdrawn by a blind signature, and then gets to use it however they want. They can cast it themselves, or give it someone else to cast by proxy. (Note that a blind signature is an interactive protocol.) You want a blind signature to avoid the trap of revealing privacy information by default. If someone wants to say what they thought, they are, of course, free to do so. 7. Participants should have the ability to distinguish between blind votes and public votes. People should have the option of ignoring the "prevailing wisdom," especially when that prevailing wisdom tends to crush minority opinions. 8. The rating system should be separable from the transmission system. This is to allow multiple rating systems to emerge. A rating collective built on top of a mailing list, for example, could get a full feed of all posts, but not transmit all of them to all of its members. 9. Someone is going to have to look at the really awful stuff in order to rate it negatively. "I just don't want it to be me." Many will say this, no doubt. That's all for now. Eric From hughes at soda.berkeley.edu Sun Mar 28 09:13:28 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sun, 28 Mar 93 09:13:28 PST Subject: ANON: Mark anon. posts a In-Reply-To: <930327232219_74076.1041_FHD20-2@CompuServe.COM> Message-ID: <9303281953.AA00227@soda.berkeley.edu> Hal writes: >[...] one >of the strongest arguments in favor of anonymous remailers, which is >that the net is inherently an anonymous environment. It is anonymous by default. If someone wants to break anonymity, they may. I make this stronger below. >In short, we anonymous remailer operators have every right to be part of >the net. We introduce no more problems than are already happening and >will continue to occur as the net grows and becomes more universal. We create no new problems to be sure; we just bring them on faster, in order to prepare for them. >Rather than placating obsolete beliefs about network identity by agreeing >to mark our messages with the scarlett letter A for anonymity, by accepting >that we deserve to be in a ghetto set aside for inferior posts, I feel that >we should challenge the net with messages that blur the distinction between >anonymous and authenticated posts. I agree. Hal argues that this means not marking anonymous posts. I disagree with this technique. My solution to this is to make the posting anonymous but to sign the post with your real name. (Yes, that means however _you_ construe your real name.) If we wish to blur the distinction, we should make the means of transport anonymous and the contents of the posting named. Surely this blurs the distinction between named and anonymous posts. People will ask "Why would anyone not want the routing information revealed when they are saying who they are?" This question, even merely asked, has positive effects. It makes one aware that identity is not an email address, nor is accountability the ability to complain to an authority. It allows people to kill anonymous posts out of whatever spite they feel to "those cowardly hypocrites". It also allows the worst excesses to be restrained. Yet if there is a visible group of respected individuals who use anonymous mechanisms for reasons other than avoiding rebuttal, those who unrestrainedly ignore anonymity will find themselves missing out. I suggest that those who participate in news.admin.policy and sci.crypt be the first to start this practice. The more respected users of anonymous servers there are, the greater will be the incentive not to ignore anonymity completely. Eric From hughes at soda.berkeley.edu Sun Mar 28 09:17:40 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sun, 28 Mar 93 09:17:40 PST Subject: REMAIL: "Stealth" Remailers In-Reply-To: Message-ID: <9303281958.AA00395@soda.berkeley.edu> Edgar writes: >I have an idea for making remailers more difficult to find. [added extra Received: fields to obscure the actual origin] I do not think that any solution which requires deception in order to work is a good solution for creating a social agreement. We should implement systems that are upfront about their activity. We wish to say "I am protecting the privacy of others, and in doing so I am protecting my own." We do not wish to say "Who, me?" and be roundly disbelieved. Eric From hughes at soda.berkeley.edu Sun Mar 28 09:26:28 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sun, 28 Mar 93 09:26:28 PST Subject: alt.hackers post Message-ID: <9303282007.AA00701@soda.berkeley.edu> Rusty Babani forwarded me my hackers postings from six months ago. Thanks! Here they are (in two messages). Eric ----------------------------------------------------------------------------- From: hughes at soda.berkeley.edu (Eric Hughes) Newsgroups: alt.hackers Subject: Remailer that will run on a user account Date: 25 Sep 92 16:17:25 GMT Distribution: alt Organization: /accounts/hughes/.organization Lines: 347 What follows are a couple of postings to the recently formed cypherpunks mailing list. They are tutorial in form because the list is not entirely hackers. Enjoy and deploy. Eric ============================================================================= How to Make an Automated Remailer in Your Copious Spare Time with Easy to Find and Inexpensive Software Tools You May Have Lying Around. The basic remailer illustrates how to hook in automated software processing into the Unix mail system. Here are the basic elements. 1. .forward 2. slocal and .maildelivery 3. remail.perl 4. /usr/lib/sendmail -------------------------------------------- 1. .forward Unix mail provides a way to have accounts on many different machines but to receive all your mail in one place. That facility is the .forward file, which resides in the home directory. The file is one line long and contains the email address to which the mail will be forwarded. But the .forward file has another mode of operation. If the string begins with the pipe character '|', the mail will be piped through the program listed. Enclose the string with double quotes if you need spaces included. Here is my .forward file: "| /usr/local/lib/mh/slocal -user hughes" Thus all my mail gets processed by the slocal program, described next. I don't know where the man page for .forward is. Perhaps someone could provide a reference. --------- 2. slocal and .maildelivery The software system MH contains a bunch of useful tools for handling mail, only one of which we need. For details on MH, do 'man mh'. MH has a nice little mail hook processor called slocal. Its docs can be found by 'man mhook'. slocal can conditionally perform operations on mail messages and consider them either delivered or not. It allows multiple operations on individual mail messages. slocal reads the file .maildelivery when it starts up for instructions. Here is my .maildelivery file: # # field pattern action/ string # result (quote included spaces) # Request-Remailing-To "" pipe R "perl remail.perl" Request-Remailing-To "" file R archive.remailer The various pieces of the .maildelivery file are fully documented in the man page. I'll just explain what mine does. Each line describes one operation to be performed on each incoming mail message. Fields are separated by whitespace, so if you need to include spaces, use quotes. The first field, labelled field, is the mail header field to look for. slocal can selectively process on any header line. If the header line does not exist, then the mail does not match this line and no operation is performed. If the header line does exist, processing continues. The second field, pattern, is a text string to match with the contents of that header line, i.e. with everything after the colon. In my case, I put the empty string in, which matches everything. You need the pair of quotes to have a placeholder for the field contents. The next field, action, tells what to do with the message. 'pipe' sends the message to the standard input of the named program. 'file' appends the message to an archive or log file. A useful pipe command for testing is "tee foo", which makes a copy of the message in file foo, but does not append, so that you get an exact copy of what slocal is going to pass to your pipe. This allows testing of the pipe program without sending yourself mail all the time. The next field, result, tells what to do with the message after processing. I am currently using R for Regardless to indicate that this action should always be performed no matter what. The code R indicates that the mail should be considered not delivered after processing; thus slocal writes the mail back into my local spool and I see it as normal. Later, after I'm sick of looking at all the forwarded mail, I'll change this code to A, meaning if the processing succeeds, then the mail is considered delivered. The archive file will always remain R. The last field, string, is the parameter to the action. It is a file name or program. Use quotes to include spaces. The name of my mail processor is "perl remail.perl", which is to run the perl script remail.perl on the mail. The .maildelivery file is also the place to put encryption hooks to automatically decrypt the bodies of messages. More on that in a future version. --------- 3. remail.perl Perl is a wonderful language for doing all sorts of useful work like processing mail headers. Do 'man perl' for details, or get the O'Reilly book and really learn how to use it. The perl script, in summary, strips off the mail headers, saving the Subject: line, rewrites a new header, and appends the body of the previous message. Here is the script: --------- cut here --------- while (<>) { last if /^$/ ; $subject = $_ if /^Subject:/ ; if (/^Request-Remailing-To:/) { chop ; s/^.*:// ; $addressee = $_ ; } } #open( OUTPUT, ">foo" ) || die "Cannot open 'foo'." ; open( OUTPUT, "| /usr/lib/sendmail " . $addressee ) ; select( OUTPUT ) ; print "To:" . $addressee . "\n" ; print "From: nobody\n" ; print $subject ; print "Remailed-By: Eric Hughes \n" ; print "\n" ; while (<>) { } continue { print ; } --------- cut here --------- Here is a summary of the operation. To really understand this, you'll have to learn perl. The while loop processes standard input. 'last' terminates the loop as soon as a blank line is seen. A blank line separates the header from the body. The subject line, if seen, sets the subject variable to the whole subject line. The Request- header line has its final newline removed, the contents up to the colon substituted into nonexistence, and saves the rest in the addressee variable. Next the pipe to sendmail is opened and its output is selected so that all print commands will go to the pipe. There is a comment for a different output channel to the file foo which can be commented in for testing. Next the remailed header is constructed out of print statements. Lastly the rest of the standard input is passed through unmodified to the output channel. The while loop terminates when there is no more input. --------- 4. sendmail sendmail is the backend mailer; it expects complete mail messages and does not usually generate any line itself except for the first "From" (with no colon) line. Any header you construct will thus get passed through mostly unmodified. Hence you can put in any "From:" line you want and any other header info, such as my "Remailed-By:" line. sendmail expects the name of the addressee on its command line, otherwise it puts an "Apparently-To:" line in the header. Any mail processor which remails should probably go through sendmail, although it would also be possible to talk to an SMTP port directly, were you so motivated. MH also has some remailing programs; see 'man mhook'. --------- A few words for tinkerers. -- You can always send mail to yourself. Especially after you've done one kind of mail processing and want to pass the mail through the filters again. -- When getting started, create an empty .maildelivery file first and then get your .forward file working. Test it by sending messages to yourself. If you're not getting them, they are going into the bit bucket. All your other mail will as well, in this case, so if you can't afford to lose mail, do it right the first time or work on a spare account. -- Any mail slocal does not process will get delivered as normal. Running a remailer will not interfere with your other work. -- Remember to use quote marks. -- You don't need to be a sysadmin to run this kind of remailer. There is nothing, however, to prevent a sysadmin from running this sofware under an alias. The sysadmin is also a 'trusted user' to sendmail and can get rid of pesky "From"-no-colon lines. -- Perl has a random function which could be used to automatically choose various "From:" lines from a database. Remember to include yeltsy at kremvax.rus. -- postnews or inews could be substituted for sendmail. Different header lines would have to be created. Such a service could run in parallel with a remailer. You too can now repost to alt.sex.bondage! Enjoy. And watch for interesting improvements like encryption. Eric ============================================================================= The hopping remailer is finished. I wrote it this morning. The change to make a hopping remailer is very easy. Here's the new perl script: --------- cut here --------- while (<>) { last if /^$/ ; $subject = $_ if /^Subject:/ ; if (/^Request-Remailing-To:/) { chop ; s/^.*:// ; $addressee = $_ ; } } #open( OUTPUT, ">foo" ) || die "Cannot open 'foo'." ; open( OUTPUT, "| /usr/lib/sendmail " . $addressee ) ; select( OUTPUT ) ; print "To:" . $addressee . "\n" ; print "From: nobody\n" ; print $subject ; print "Remailed-By: Eric Hughes \n" ; # # check to see if there are header lines in the body to collapse # into the full header. # if ( $_ = <> ) { if (/^##$/) { # do nothing if the pasting token appears # the rest of the body will be directly appended # this allows for extra header lines to be added } else { # normal line print "\n" ; print $_ ; } } else { # empty body exit ; } while (<>) { } continue { print ; } --------- cut here --------- Short explanation. The 'print "\n" ;' line was moved inside the new if statement. The if statement reads a line of the body and stops the script if there is no body. The line read is tested to see if it contains the two characters "##" alone on the line. "##" is the ANSI C token pasting operator. If there is no pasting, a blank line is printed to mark the end of the header and the first line of the body is printed. If there is pasting, then the conditional does nothing, which has the effect that the body is appended directly onto the end of the header, allowing you to add more header lines after the header is rewritten. Here is a sample message that I sent myself after the new script was installed: --------- cut here --------- To: hughes Subject: multiple hops Request-Remailing-To: hughes ## X-Hop: 1 Request-Remailing-To: hughes ## X-Hop: 2 Request-Remailing-To: hughes ## X-Hop: 3 This is a test message of multiple hops. Eric --------- cut here --------- I received four pieces of mail after sending this to myself. The first was the actual letter, which is still delivering normally and not being filtered. The next two were the first and second remailings; they had X-Hop: 1 and 2. The last message was the final one, had X-Hop: 3 in its header and was delivered normally. At each stage, the header got rewritten and a new Request-Remailing-To: line inserted. When that mail got delivered, it was again rewritten, with a new remailing request. This process is extensible up to the 50K or so practical limitatation on mail size. Note that this system is not at all secure by itself. But if each message body were encrypted first, and the message first decrypted before the header re-write took place, the routing instructions as a whole would be hidden from prying eyes. That's the next project. Eric ============================================================================= To be on the cyhperpunks mailing list, mail to cypherpunks-request at toad.com I'll put you on. Eric From hughes at soda.berkeley.edu Sun Mar 28 09:27:10 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sun, 28 Mar 93 09:27:10 PST Subject: alt.hackers post Message-ID: <9303282007.AA00730@soda.berkeley.edu> Here's the other one Eric ----------------------------------------------------------------------------- From: hughes at soda.berkeley.edu (Eric Hughes) Newsgroups: alt.hackers Subject: a new feature of the remailer Message-ID: Date: 9 Oct 92 13:58:48 GMT Distribution: alt Organization: /accounts/hughes/.organization Lines: 191 Here is the third in the series of articles on the remailer. Remember, these are meant to be fairly tutorial. Eric ----------------------------------------------------------------------------- There's a new feature in the remailing software. Some people can't add arbitrary header fields because of mailer or gateway restrictions. This restricts them from using the remailer. I have added a facility to allow new header fields to be pasted onto the end of a header when the mail arrives. This effectively happens before processing by the remailer software. These new fields exist during transit in the message body, where they remain untouched. Only after the message is delivered to my account does this operator take effect. Syntax: If the first line of the body is the two characters "::", then the following lines are appended to the header, up to the next blank line. Here's how it works. First of all, here's my new .maildelivery file: ------- cut here ------- # # field pattern action/ string # result (quote included spaces) # Request-Remailing-To "" pipe R "perl remailer/remail.perl" Request-Remailing-To "" file R remailer/archive * "" pipe R "/usr/local/lib/mh/rcvtty -biff" * "" pipe ? "perl remailer/incoming.header.perl" ------- cut here ------- Comments are indicated by #. The Request-Remailing-To lines have been there. The second of the makes an archive for debugging purposes. It will go eventually. The third field, "*", indicates all fields, it runs 'rcvtty' on my mail; this replaces the function of biff, since mail is getting piped to slocal now, disabling biff. The last line is the important one. It says "If the mail hasn't been delivered by now, run the incoming header rewrite script on it. If that doesn't work, continue trying to deliver it." Now here's the trick. slocal has no way of taking the output of the rewrite and continuing to process it. (It should. It would make this whole job easy.) So in order to continue processing, you need to redeliver the mail. You could invoke sendmail and mail it back to yourself, but that would mangle the existing header. So the thing to do is to recursively invoke slocal from within the perl script. Here's the perl script to do all this: ------- cut here ------- # First read in the whole header. # We check for the Second-Pass: line to detect infinite loops. while (<>) { last if /^$/ ; exit 1 if /^Second-Pass:/ ; $header .= $_ ; } # We have just read the last line in the header. # Now we check to see if there is a pasting operator. if ( ( $_ = <> ) && /^::$/ ) { while (<>) { last if /^$/ ; $header .= $_ ; } } else { # There is either an empty body or no pasting operator # Thus exit with a return code of 1 to indicate that # the mail has not been delivered. exit 1 ; } # There was a header pasting operator. # So we open 'slocal' as a pipe, effectively redelivering the mail # back to ourselves. #open( OUTPUT, ">foo" ) ; open( OUTPUT, "| /usr/local/lib/mh/slocal -user hughes" ) ; select( OUTPUT ) ; # print a "From " line to satisfy slocal @weekdays = ( "Sun","Mon","Tue","Wed","Thu","Fri", "Sat" ) ; @months = ( "Jan","Feb","Mar","Apr","May", "Jun","Jul","Aug","Sep","Oct","Nov","Dec" ) ; ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime ; printf "From hughes %s %s ", @weekdays[ $wday ], @months[ $mon ] ; printf "%2d %02d:%02d:%02d 19%d\n", $mday, $hour, $min, $sec, $year ; # Now just print out the message print $header ; print "Second-Pass:\n" ; print "\n" ; while (<>) { } continue { print ; } ------- cut here ------- Here's how the perl script works. The first loop reads lines from the existing header. When it sees a blank line (regexp /^$/) it terminates the loop. If it sees a field "Second-Pass", it knows it has filtered this message before and exits with a return code indicating that the mail has not been delivered. The variable $header is appended with the current header line. $header contains the whole header when the loop terminates. Properly speaking, the Second-Pass test is not necessary to detect infinite loops. Since the pasting operator gets removed during the rewrite, the script won't return an exit status of 0 more times than the pasting operator appears. But should something get screwed up, such as a different module adding pasting commands (how? I don't know), the Second-Pass test should prevent infinite recursion. The next statement reads another line from the input file. This line is the first line of the message body. If this line is the pasting operator, then header lines are accumulated in $header as before until a blank line. The difference is that these header lines are being read from the body of the message. If there is no pasting operator, the script exits undelivered. At this point we now have to redeliver the message back to ourselves. We first open slocal as the output pipe. The next section is a kludge. It turns out that slocal strips off the out-of-band "From " (no colon) line that the mail delivery system uses. In other words, the message which slocal pipes into its pipes is not identical to the message it itself received. This means that slocal cannot be directly recursed. What this section does is to create a "From " line to make slocal happy. It calls localtime() and then formats those numbers into the proper form. It turns out that slocal will deliver this mail without the "From " line, even to /usr/spool/mail, but it doesn't do so properly. On my system, in added some delimiters which I think I've tracked down to the 'mtstailor' file, namely mmdelivery1 and mmdelivery2. Since these are not null on my system, there's some garbage added which screws up separation of the spool file into messages. Adding a "From " line fixes that. This misbehavior may not be so surprising, considering that slocal was "meant" to be invoked only in a .forward file. Now we print the variable $header which contains the whole header, including newlines. Using a single string removes the need for an array. We added the Second-Pass line and a blank line for the end of the header. The final loop prints out the rest of the message body. There is another way to proceed to get the same functionality. One could write a filter to translate the first occurrence only of \n\n::\n into \n. We could then pass the message through this filter before slocal saw it. And for now, that would do the same thing. But suppose we want more that one rewrite rule active? Then you would only be able to apply each rewrite rule exactly once in fixed order. You want to be able to rewrite a message and then apply all the rewrite rules again. At least one other rewrite rule is planned: automatic decryption. Since decrypting a message will completely change the body, and since some of the header fields may need to be hidden, you have to be able to decrypt the body and then paste on header lines. But since you need to indicate an encrypted body by a header line (well, not really, but it's more reliable), and since some people can't add these header lines, you need to paste lines before encryption as well. Thus the rewrite rules need to be applied asyncronously and hence I'm using a fairly complex slocal scheme to do a simple filter. Eventually I hope to write an equivalent to slocal which knows about message rewrites and simple filters, but that's for later. ----------------------------------------------------------------------------- To follow this project (and others soon to be started), send mail to cypherpunks-request at toad.com and I'll add you to the mailing list. Eric From mcguirk at enws302.eas.asu.edu Sun Mar 28 10:43:05 1993 From: mcguirk at enws302.eas.asu.edu (Dan McGuirk) Date: Sun, 28 Mar 93 10:43:05 PST Subject: Penet.fi replacement up Message-ID: <9303282130.AA00433@enws302> I just wanted to let everyone know that another penet.fi-style anonymous service has been set up. It works the same as anon.penet.fi did for anonymous mail, but it only allows anonymous posting to about ten newsgroups. For information, send a message to "anonymus+info at charcoal.com" (yes, anonymous should be misspelled). From miron at extropia.wimsey.com Sun Mar 28 12:45:57 1993 From: miron at extropia.wimsey.com (Miron Cuperman) Date: Sun, 28 Mar 93 12:45:57 PST Subject: REMAIL: "Stealth" Remailers In-Reply-To: Message-ID: <1993Mar28.223940.23755@extropia.wimsey.bc.ca> -----BEGIN PGP SIGNED MESSAGE----- edgar at spectrx.Saigon.COM (Edgar W. Swank) writes: >I have an idea for making remailers more difficult to find. This >applies only to systems where the remailer operator owns the >system, such as at wimsey.com. (But a "system" can be just Make that "extropia.wimsey.com". "wimsey.com" is my feed. - -- Miron Cuperman | NeXTmail/Mime ok | Public key avail AMIX: MCuperman | PSM 18Mar93 0/0 Laissez faire, laissez passer. Le monde va de lui meme. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7YpDpNxvvA36ONDAQH6TQP+MvdAXTKDqzDgKJVHgsw5qBab+SEYsYRh ohCmrAkY5Y+N7RFRuwIv1COiE8Z9o67SYLWZ+yxCrBjF9SM2gAPlxIRCy/sK7BjZ /x5t7Znhhip1ihkh8lAqV6VHPz4L692x7j0yT2L8yAD89Yw6fA+ypSE7SAMHikL/ 9D8RdipXrXA= =CBh9 -----END PGP SIGNATURE----- From ebrandt at jarthur.Claremont.EDU Sun Mar 28 16:17:30 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Sun, 28 Mar 93 16:17:30 PST Subject: a blackmail opportunity Message-ID: <9303290017.AA05745@toad.com> While writing some appropriate paranoia for a canned response to remailer info requests, I realized that running a remailer is a perfect prelude to blackmail. An unscrupulous person running a remailer can obviously keep records of truenames, along with messages that their senders do not want associated with them. Making use of this information could involve a scenario to the crypto-extortion previously discussed, but blackmail would be far more believable than anonymous threats. Alternatively, the blackmailer could be low-tech and resort to present techniques. Always encrypting helps with mail, but not with news. PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From CVADSAAV at CSUPomona.Edu Sun Mar 28 18:42:51 1993 From: CVADSAAV at CSUPomona.Edu (Lord Krieg) Date: Sun, 28 Mar 93 18:42:51 PST Subject: anonymous services Message-ID: <9303290242.AA09702@toad.com> -----BEGIN PGP SIGNED MESSAGE----- After reading Mr. Finney's response to my comments, I can see that I really shouldn't try to make suggestions on how an anonymous service should be implemented. I clearly don't have the knowledge necessary to address this subject without sounding like an idiot. :-) So... I'll instead simply say what I would like to see in an anonymous service, and I'll leave discussion of the technicalities to people who know what they're talking about. I'd like to see something which combines the strengths of the different types of anonymous services while reducing or eliminating the weaknesses. A service which can be used as easily as anon.penet.fi would certainly be nice. I'd also like to see encryption available as an option. Ideally, messages would not _have_ to be encrypted. Making encryption optional would be good for paranoid individuals such as myself, while making the service more accessible to people who are willing to sacrifice security. This would also accomodate people within the U.S. who want to use the service put are afraid of Mr. Sternlight. :-) I like the way the Cypherpunks Remailers let users chain and encrypt their messages so that even the remailers can't know both the sender and recipient. This is something I'd also like to see in a new anonymous service. I still think that one or more back-up servers would not be a totally bad idea. I realize that I don't know what I'm talking about, but I just don't understand why it would be impossible to have a back-up server (with a copy of the active server's database) on standby. I'm not saying that the existence of such a back-up should be advertised--I just think that it should be possible to have somebody set up a backup _without actually running it_ so that when the active server gets shut down, it can quickly step in to take over. Oh, and on a unrelated subject... Could anybody with information on $50/month UUNET connections please send it to me, or tell me who I should write to about it? Thanks in advance. Kenneth G. Hagler ********************************************************************** * Internet: cvadsaav at csupomona.edu * My insurance company * * Phone: (909) 865-7751 * is Beretta U.S.A. * * PGP 2.2 key available on request * * *--------------------------------------------------------------------* * ...study of the military arts will make one who is naturally * * clever more so and one who is born somewhat dull rather less * * so. * * --Daidoji Yuzan Shigesuke, _Budo Shoshinshu_ * ********************************************************************** -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7aFnSipatcRAyu9AQF6UgQAwmchM/JwJS16i/FA6MF0yVAhUg2gpkX2 osLEPpPrlISCwy1dulBxpHJhFyIVSshTx2J5962efiw4pR9+/1F47tOESFHbGLN1 yfKU1pJo1pNyh2ZX72YKK2AvOvAtgz22sXZK01I7jDJbCZdvfoha2T1c5H4KfRQ6 23ddGKcUOVc= =VXNO -----END PGP SIGNATURE----- From uni at acs.bu.edu Sun Mar 28 19:07:03 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sun, 28 Mar 93 19:07:03 PST Subject: PGP Secure? Message-ID: <9303290550.AA41108@acs.bu.edu> Forgive my slow math mind, but I pose the following question, knowing in advance that it's a FAQ, but I can't find an answer anywhere.... Given a brute force attack on ciphertext encrypted with PGP2.2 using the 1024 bit key, how many operations are required to hit on the session key...? (The session key being used with the IDEA cipher) What about derriving the RSA key pair from the public key and message? How many operations might this require? Along these lines, what's the best guess at the highest technology level available today with regard to speed? How many operations per second might the most resourced orginization be expected to achieve? The real meat of this question boils down to: What are the capabilities currently, and what is required to brute force the various stages of PGP? Also: What does 1024 bit refer to? The IDEA session key? or the RSA key? Thanks in advance... uni From mccoy at ccwf.cc.utexas.edu Sun Mar 28 19:49:13 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Sun, 28 Mar 93 19:49:13 PST Subject: PGP Secure? In-Reply-To: <9303290550.AA41108@acs.bu.edu> Message-ID: <9303290632.AA21124@tigger.cc.utexas.edu> > > Forgive my slow math mind, but I pose the following question, knowing > in advance that it's a FAQ, but I can't find an answer anywhere.... > > Given a brute force attack on ciphertext encrypted with PGP2.2 > using the 1024 bit key, how many operations are required to > hit on the session key...? > (The session key being used with the IDEA cipher) This has been recently hashed over in sci.crypt. Here are a few generalities, read the articles in sci.crypt for the real numbers. -If you did 1000 attempts to break a 1024 bit RSA key every second and started your calculations at the beginning of the universe, you would still have several trillion years to go. -If you stored every attempted key in a single atom, you would run out of atoms in the universe long before you ran out of keys. If I remeber correctly there are something like 10^152 primes possible with a 512 bit key. That is what most people refer to as a BIG number... :) > The real meat of this question boils down to: What are the capabilities > currently, and what is required to brute force the various stages of PGP? What it boils down to is that anyone who tried a brute-force attack on your RSA key is either very stupid or hopes to be very lucky. (very, very, very lucky) It would be easier for the person to track you down, put a gun to your face and force you to disclose the message. Barring any mathematical miracle with regards to factoring large numbers, RSA using large keys is safe from brute-force attack. > Also: What does 1024 bit refer to? The IDEA session key? or the RSA key? The RSA key. It would probably be easier for someone to try to brute-force your IDEA session key than your RSA key; but this would only give them one message, while cracking a RSA key gives you all messages that have the session key wrapped with that RSA keypair. jim From greg at ideath.goldenbear.com Sun Mar 28 21:53:38 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 28 Mar 93 21:53:38 PST Subject: UUNET connections Message-ID: <8qZ61B1w164w@ideath.goldenbear.com> My previous message re my UUCP connection to UUNET has generated several questions in E-mail, as well as a recently posted question about "the $50 connections to UUNET", so I feel like I oughta answer the question(s) apparently created by my quick summary of my use of UUNET's services. UUNET will allow you to make a UUCP connection to their machines for an "administrative fee" of $36 per month, plus hourly connect rates. These rates are (as of my booklet rcvd from them in 1/93) $2.60/hr if you call their local dialup (NPA 703), and $5.60/hr if you dial in via the Compuserve packet network. Their local dialups support the PEP protocol as well as v.32 connections; I average around 700 cps when I dial in directly with v.32, and around 450 cps when I dial in via Compuserve. The $50 figure I quoted is my average monthly cost for a slow but steady trickle of mail (roughly 7K per day) and approximately 20 newsgroups, none of which are binary-oriented and none of which are super-high traffic. This includes my hourly cost for both direct-dial and Compuserve connections; I prefer to dial in directly, but have my Systems file set up to use Compuserve as a backup means of connection when the direct lines are busy (which happens with some frequency.) UUNET will register a domain name for you for free if you are a subscriber; if you do not subscribe to their service, the cost is $50. (I incorrectly quoted $25 for this to someone via E-mail.) UUNET sends a free copy of O'Reilly & Associates' _Managing uucp & Usenet_ when you sign up with them; great book, nice touch, probably saves them money for all of the questions it answers. To get in touch with UUNET: info at uunet.uu.net or 800-488-6384 I think you could also probably find some information files if you FTP'd to ftp.uu.net; I'm unsure about that and offer no guarantees. UUNET also offers a "low-volume" agreement that I don't know much about since I don't subscribe to it. I know that PSI offers similar service; my recollection is that they want $75/3mos for mail, and $225/3mos for news, flat-rate. PSI can be reached at 'info at psi.com' or 703-620-6651. I have no connection with UUNET beyond being a happy & satisfied customer; I've found them to be friendly & helpful and generally good to work with. The folks at PSI seem nice too but their prices for what I want right now are higher. UUNET and PSI both offer realtime IP connections, in addition to UUCP links like the one I use; call them for more information. -- Greg Broiles greg at goldenbear.com Golden Bear Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From thug at phantom.com Mon Mar 29 05:40:09 1993 From: thug at phantom.com (Murdering Thug) Date: Mon, 29 Mar 93 05:40:09 PST Subject: PGP: Improvements needed. Message-ID: I like PGP 2.2 a lot, but I think there is still much room for improvement. I would like to throw the following suggestions on the table and open up a discussion on them: Here is what I think needs to be done: - PGP needs the talked about "stealth" mode, wherein PGP encrypted files and documents contain no PGP header. This would allow the embedding of PGP documents into files containing "white noise static" data, or into the LSBs of graphic and sound files. - PGP needs to use a better compression algorithm. From what I know, I believe PGP currently uses LZW (the same algorithm as in the Unix compress utility). Anyone who has used Gnuzip (aka: gzip) knows that LZW typically compresses text files down to only 40-45% of their original size, while LZ77 (the algorithm in gzip) compresses text files down to 30% or less of their original size. Clearly LZ77 not only saves space, but improves the entropy/randomness of the cyphertext, making PGP that much harder to crack. - PGP needs a version or front end for the masses. A point-and-click version or front end that runs under DOS. I know there are really good front ends for pkzip for DOS, so how come someone doesn't write a front end for pgp2.2? I would also suggest a Windows version, but that is not as important as having a really user friendly DOS version. Hopefully, by PGP 2.5 or 3.0, these things will happen. But I'd like to see them in 2.3 if possible. Thug From uri at watson.ibm.com Mon Mar 29 06:16:49 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Mon, 29 Mar 93 06:16:49 PST Subject: PGP Secure? In-Reply-To: <9303290550.AA41108@acs.bu.edu> Message-ID: <9303291700.AA17161@buoy.watson.ibm.com> Jim McCoy writes: > > Given a brute force attack on ciphertext encrypted with PGP2.2 ^^^^^^^^^^^^^^^^^^^^ > > using the 1024 bit key, how many operations are required to > > hit on the session key...? > -If you did 1000 attempts to break a 1024 bit RSA key every second > and started your calculations at the beginning of the universe, you > would still have several trillion years to go. > -If you stored every attempted key in a single atom, you would run > out of atoms in the universe long before you ran out of keys. Well, of course one doesn't have to break RSA to get the _session_ key, it would be enough to break IDEA, which will automatically deliver the key to you along with the cleartext. Again of course, it's not obvious, why one might want that session key (:-). > What it boils down to is that anyone who tried a brute-force attack on your > RSA key is either very stupid or hopes to be very lucky. (very, very, very > lucky) ............. Sure... How about one, who simply knows how to improve brute-force key-search attack on IDEA? A possibility? (:-) Regards, Uri. ------------ From hughes at soda.berkeley.edu Mon Mar 29 06:36:45 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 29 Mar 93 06:36:45 PST Subject: anonymous services In-Reply-To: <9303290242.AA09702@toad.com> Message-ID: <9303291717.AA20805@soda.berkeley.edu> >A service which can be used as easily as anon.penet.fi would certainly be >nice. Right now the cypherpunks remailers are designed as a back end. Clever people can program the back end directly, but it's not for everybody. It's the user's software that should provide a good front end. >I'd also like to see encryption available as an option. Ideally, >messages would not _have_ to be encrypted. That's the way the current remailers work (with the exception of Miron Cuperman's). But fundamentally, there's no good reason not to encrypt, except, of course, for the last hop out of a Usenet post. The user's front end software should encrypt automatically. Remember, you need to encrypt everything, so that when you really need the protection, it doesn't appear as though anything is different. >This would also accomodate people within the U.S. who want to use the >service put are afraid of Mr. Sternlight. :-) The remailers could just as easily be built on top of RSAREF. Licensing is a red herring for this project. Eric From hughes at soda.berkeley.edu Mon Mar 29 06:47:27 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 29 Mar 93 06:47:27 PST Subject: a blackmail opportunity In-Reply-To: <9303290017.AA05745@toad.com> Message-ID: <9303291727.AA21227@soda.berkeley.edu> Eli Brandt writes: >An unscrupulous person running a >remailer can obviously keep records of truenames, along with >messages that their senders do not want associated with them. >Always encrypting helps with mail, but not with news. If you don't trust your remailer operator, use more than one. This is the whole point of multiple chainings. A single point failure can be any number of different threats: blackmail, coerced disclosure by threat of violence, compromised equipment. All of these can be defended against by making a system proof against single point failure. For posting to news, one should always use two hops. The first destroys any the identity of the poster and the second one decrypts it for transmission. Both hops are encrypted, but the second relay sees the plaintext and cannot link it to anyone because the first relay is anonymous. Eric From mrnoise at econs.umass.edu Mon Mar 29 07:01:58 1993 From: mrnoise at econs.umass.edu (Mr. Noise) Date: Mon, 29 Mar 93 07:01:58 PST Subject: anon email/caller id Message-ID: <9303291745.AA27050@titan.ucs.umass.edu> Phil Karn's anology between anonymous e-mail & caller i.d. gets it right, I think. If you don't want to read it, don't, just as you may block calls without caller i.d. There are two concerns I'd like to see addressed, though: first, what about those who use anon email to get away with behavior that wastes net resources? When the identity of the poster is know, they can be 'disciplined' by other net.citizens (call it frontier justice if you like...). second, from the opposite end, won't the availability of caller i.d. mean that it will become more diffuclt to engage in truly anonymous conversations over the telephone network, as revealing one's identity becomes the norm? As to the first objection, I suppose we could continue to rely on the site administrators (& remailer admins) to discipline the offenders. After all, the sites are still subject to the same discipline we can inflict on the individual poster if known. As to the second, I suppose we can always observe that those who won't accept our anonymous call aren't worth talking to in the first place, but that evades the question IMHO. Also, having the capability in the phone system means someone can still abuse it without our knowledge. I would suggest another solution to this dilemma: 'handles'. Having a semi-secret identity means having control over your Real Life exposure to risk, whiel still allowing those you come in contact with to indentify you-- & ignore you if they wish with minimal trouble. It also means that you can set different levels of security: anyone who cares to can find out who Mr. Noise is, but how many of you know the *other* 'real mes'? Well, just some rambling thoughts at lunchtime as a way of saying hello to all of you on this list, since I just joined a week ago & didn't want to 'lurk'. :-) Have an anonymous day! Mr. Noise From baumbach at atmel.com Mon Mar 29 08:50:32 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Mon, 29 Mar 93 08:50:32 PST Subject: PGP Secure? Message-ID: <9303291843.AA08556@walrus.chp.atmel.com> > This has been recently hashed over in sci.crypt. Here are a few > generalities, read the articles in sci.crypt for the real numbers. For those of us who don't have access to USENET, is there a mailing-list that echo's it's content and allows posting? > -If you did 1000 attempts to break a 1024 bit RSA key every second > and started your calculations at the beginning of the universe, you > would still have several trillion years to go. > -If you stored every attempted key in a single atom, you would run > out of atoms in the universe long before you ran out of keys. Couldn't this argument also be made about a simple substitution code? How secure is PGP with current smarter attacks? Peter Baumbach baumbach at atmel.com From gg at well.sf.ca.us Tue Mar 30 01:54:36 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Tue, 30 Mar 93 01:54:36 PST Subject: discount datacom rates? Message-ID: <199303300954.AA03537@well.sf.ca.us> I've discovered there may be a way to provide late night (1am - 4am) dialup data communication at a substantial discount in long distance charges. We'd need something like a few thousand users in order to get this running. Feedback...? Ideas...? Email gg at well.sf.ca.us From scott at shrug.dur.ac.uk Tue Mar 30 02:53:13 1993 From: scott at shrug.dur.ac.uk (Scott A. McIntyre) Date: Tue, 30 Mar 93 02:53:13 PST Subject: Anybody out there? Message-ID: I have received nothing on this list sicne Feb 20th, is it just me? Thanks, Scott From jcook at pro-storm.metronet.com Tue Mar 30 07:06:10 1993 From: jcook at pro-storm.metronet.com (Julian Cook) Date: Tue, 30 Mar 93 07:06:10 PST Subject: discount datacom rates? Message-ID: Well you definitely have my interest peaked. Let's discuss this scheme some more Julian Cook JCook at pro-storm.metronet.com ProLine: jcook at pro-storm Internet: jcook at pro-storm.cts.com UUCP: crash!pro-storm!jcook Bitnet: jcook%pro-storm.cts.com at nosc.mil From 74076.1041 at CompuServe.COM Tue Mar 30 09:22:34 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 30 Mar 93 09:22:34 PST Subject: ANON: UUNET Info. Message-ID: <930330171358_74076.1041_FHD43-1@CompuServe.COM> Thanks to Greg Broiles for the information on UUNET. I ftp'd some info from ftp.uu.net as he suggested. Here is an edited version of one of their main info files. I have left in the part relevant to UUCP connections. I would comment that this looks like it would not be an economical approach for providing an anonymous posting service. The volume experienced by these services has been very high. Greg indicates that he gets about 700 chars per second for his link. Any posting or remailing request is going to have to be transmitted twice (once in, once out). At $2.47 per connect-hour we're talking about $2.00 per megabyte posted or remailed. I believe Julf has seen several megabytes per day. So this volume will push the bill up to the range of hundreds of dollars a month. This is pretty expensive just to support truth, justice and the American way on the net. (This could be reduced if large messages were filtered, but I don't know if UUCP allows for a way to filter incoming messages so you don't get billed for them. After a while, though, if people learned that large messages don't get remailed, they might stop sending them. OTOH, the operator of this service would be vulnerable to mail bombs by those opposed; the bombs would land right in his wallet.) Info from UUNET, edited, follows below. Hal 74076.1041 at compuserve.com -------------------------------------------------------------------------- UUNET offers access to: * UUCP mail - Over 2,000 direct mail connections - UUNET is an authorized Internet mail gateway, and can act as your Internet mail forwarder. - UUNET serves as the principal gateway to European, Australian Asian, Indian, and South American UUCP sites. * USENET news - UUNET offers a full or partial news feed; all news groups are offered. - Over 1,000 news feeds [...] WHICH ACCESS METHODS ARE AVAILABLE? * From within the United States: - Dial your closest CompuServe network access number (local from thousands of US cities). You are then connected to UUNET via the X.25 public data network. No registration with CompuServe is necessary. - Direct dial modem at our Austin, TX; Berkeley, CA, Boston, MA; Falls Church, VA; Palo Alto, CA; Portland, OR; and San Jose, CA hubs. - 800 number - 900 number for anonymous access to our archive * Connection Methods - UUNET supports all standard modems (V.32 / V.22bis / Bell 212A / Bell 103) - For those of you with UNIX platforms, you only need the standard UNIX uucp programs. For those with non-UNIX platforms, software is available through commercial vendors. * Modem Types - UUNET uses Telebit T2500 Modems - We support Telebit PEP / 9600 V.32 / 2400 / 1200 / 300 bps [...] HOW DO I SUBSCRIBE TO UUNET? We have several subscription options for users with different needs. The options and pricing are described below. Call us and ask for the General Information Packet on UUNET and AlterNet. Fill out the UUNET Subscription Form and send the original in to us! Subscription options are: * Regular uucp Our basic service which provides email and news connectivity for $36 per month plus your connect hours. Charges for connect hours are listed below. RATE TYPE RATE LESS 5% MINIMUM _____________________________________________________________________ Local Inbound (per hour) | $2.60 | $2.47 | 1 min. Local Outbound (per hour) | $2.60 | $2.47 | 3.6 min. | | | Remote Inbound (per hour) | $5.60 | $5.32 | 1 min. | | | Compuserve Modem (per hour) | $5.60 | $5.32 | 1 min. | | | Inbound (800) and Outbound WATS Daytime | $16.00 | $15.20 | 1 min. Inbound (800) and Outbound WATS Evening | $13.00 | $12.35 | 1 min. Inbound (800) and Outbound WATS Night | $10.00 | $9.50 | 1 min. -------------------------------------------------------------------- * Low-volume Users All sites are entitled to three connect hours per month for an annual fee of $300, paid in advance. Customers may connect via local dialup, remote dialup, or the CompuServe remote network (CompuServe charges are included in the fee). In addition, customers may use UUNET's 800 number for an additional $180 per year (total $480, paid in advance). Restrictions - Sites exceeding three connect hours will be charged at regular UUNET rates for the entire monthly usage, not just the excess. This includes the $36 administrative fee. - The yearly fee is non-refundable and will not be prorated for partial months. - This offer is only available in the continental USA and may be withdrawn at any time. [...] WHO DO I CONTACT WITH QUESTIONS? Please contact us and ask for Customer Support. WHERE IS UUNET? The address is: UUNET Technologies, Inc. 3110 Fairview Park Drive, Suite 570 Falls Church, Virginia 22042 USA +1 800 4UUNET4 (voice) +1 703 204 8000 (voice) +1 703 204 8001 (fax) info at uunet.uu.net From jthomas at access.digex.com Tue Mar 30 10:49:27 1993 From: jthomas at access.digex.com (Joe Thomas) Date: Tue, 30 Mar 93 10:49:27 PST Subject: FWEE!: Supreme Court news Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In the �Why We Need an Anonymous Whistleblower Group� department, I quote the last few paragraphs of a story in today�s paper (�Justices to Rule on �Pretty Woman� Parody,� but that�s not what this is about...) The Washington Post, page A4, Thursday, 30 March 1993, reproduced without permission: Separately yesterday, the justices refused to hear an appeal by two former defense contractors who were convicted in 1991 of illegally obtaining Pentagon information in the fraud scandal known as �Operation Ill Wind.� Thomas D. McAusland and Christopher M. Pafort, former executives at Litton Data Systems, which was seeking Navy contracts, were prosecuted under federal statutes that bar theft of government property. In their appeal, they argued that government information is not �property� and that no statute or published regulation actually barred dissemination of the information. Their lawyers said an appeals court ruling in the case, _McAusland v. U.S._, could make any leak of government information, even to the press, the basis for criminal liability. [The defendants are apparently typical sleazy contractors who managed to get some inside information on a contract they were pursuing. Obtaining such information was made a crime _after_ they got the information, so the government charged them with the �theft of government property� crime -JGT] And, from an editorial in the Post (�. . . Custom and Crime�), page A20: It is not necessary to make a judgment on the defendants� conduct to be appalled by the use of the theft statute to prosecute them. There should be a presumption that government information belongs to the people unless specifically protected by law, as national security data have been for some time and as contracting information now is. The Washington Post joined other media organizations in filing a brief in this case to make exactly that point. The high court�s failure to review this case leaves in place a ruling that would make it possible to prosecute journalists who receive tips from government sources about corruption or public advocacy groups that listen to whistleblowers� charges about waste and inefficiency. It is not enough to say, as the government does, that this probably won�t happen. The court should have reversed these convictions to make clear that it cannot happen. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7iTLYwu6QoBw6rbAQHcMgP+N0g3KbTfy5KOlKoylYMg+ZFZrw+Rf4T7 pERTml6QQ4ZYkerLXZD24QGqJHNv/eNeHhwQmTvm4b8mQIY0M1fdecOZNsfKV9GJ sRKs2gu0Jgl/PW51gDkbZaIvTnz1bJF5gbvGylcZHOiMwva+p5ioxYOMhey79bOk 15KzBlhTQ94= =G3NJ -----END PGP SIGNATURE----- -- Joe Thomas PGP key available by request or by finger. PGP key fingerprint: 1E E1 B8 6E 49 67 C4 19 8B F1 E4 9D F0 6D 68 4B From deltorto at aol.com Tue Mar 30 11:34:27 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Tue, 30 Mar 93 11:34:27 PST Subject: FWEE! latest WB news/ideas Message-ID: <9303301434.tn14761@aol.com> -----BEGIN PGP SIGNED MESSAGE----- Gang, Much Cpunx mail is passing under the bridge and my boat is brimming, but I am bailing with alacrity. In this case, I prefer to view things as "half empty" (with apologies to Confucius), to wit: Eric Hughes contributed these [>>] kewl comments: >>regarding Tim May's whistleblower test: >>>I know you >>>really wanted to post that nifty F-117A thing you OCR'd _somewhere_ but that >>>was not particularly helpful. >> >>I think it was extremely helpful. Especially when we are in a design >>phase, it is good to know just how strong a reaction there will be to >>some of these posts. It benefits us to have had the experience, not >>just an awareness of the problem. Touche`, mon ami. I guess what I meant to say was "I'M not ready," which is different. I am getting ready-er. :-) >>>Someone suggested a set of WB guidelines should be posted. >> >>Any guidelines must remain completely neutral about content of >>postings. A whistleblowers group is for expressing outrage. And well should they be - neutral, that is. Any and all submissions to me at or on the list* are appreciated. While I accept that WB's themselves might BE outraged, it is my hope to enshrine in the WB Guidelines the idea that the area is for CONSTRUCTIVE CRITICISM of some ABUSIVE STATUS QUO in government or industry that needs attending to by the media or activist groups, and NOT simple OUTRAGE that there's "bad stuff going on in government" (gee, really, Virginia?). We have a loooong way to go with this and I would like it to at least get OFF on the right foot. I'm sure that in short order, lots of "maroons" will be posting spurious dingleberries (not _you_ Tim, you're just helping to test the system !) and we'll be attacked by various three-lettered government agencies. There will also be the many, many interested onlookers posting items of dubious value and waves of inane banter, but we'll have to develop strict guidelines/metaprefixes to help filter that noise-chaff from the Pithy Stuff. (Earpluuugs, gitcher-earplugs heere... fittycents! gitcher-eeearplugs!) One among us, who shall remain anonymous mainly because I like him, suggested in private to me that Organized Crime might be interested in providing an "impervious" site for anon remailing, but I am publicly poo-pooing that idea lest we get off on the wrong foot in deep water with cement overshoes (howzat for mixed metaphors, big daddy-o?). >>A whistleblowers newsgroup must remain value-neutral with respect to >>all values except the freedom to speak. Solid, baby. That's a 10-4, as long as the normal newsgroup guidelines such as adhering to the general topic-flow are inherently adhered to by all adherents (coherently, if possible). >>Value neutrality must be taught; it will not come automatically. Amen, however, once we achieve value-neutrality as a species we will either: [1] simultaneously enter the Kingdom of Heaven hand-in-hand and thus never need encryption ever again, rendering this entire discussion moot, or [2] perish in a vast and uniformly logical fireball of hitherto unimagined proportions Pick a scenario, any scenario, operators are standing by at 976-ARMAGEDDON. Self-fulfilling prophecies accepted upon receipt of your validated reality check-stub. >>This, and the ability to teach the defense of privacy, are in the long >>run much more valuable than any one specific whistleblowing. Perhaps so, but then one day, there may be that _one special whistle_ that gets blown, iykwim. That's the one I'M listening for, the "Big Fwee," as it were. Or as Bullwinkle might say to Rocky: "Give me Fweedom or give me Death." And now, here's something you'll REALLY like: >>>Nicholas Johnson, the former head of the FCC (under Johnson) >>>Ralph Nader's organization >>>Jim Settle (FBI Computer Crime Squad) >>>a fellow from the CIA [his name's Ross Stapleton] >> >>Dave mentions all these people are in favor of whistleblowing. The >>place where they can help the most is by affixing their signature to a >>document that defends the whistleblowers group in advance of >>"problems" with it. Speaking of Boris & Natasha, with the _specific exception_ of the "fellow from the CIA" whose name I did not mention at his express request (| open mouth; insert keyboard; repeat | Eric) and will not herein verify 'identity-wise' (regardless of Mr. Hughes' dental bills), the above-mentioned entities are well-intentioned and supportive of the WB idea in general and might well help out with signatures affixed to such a predefensive document. The Devil's in the Details however, and they may balk depending on how "mature" that document is. We can gather a lot of support beforehand, so spread the word now and have people email me at so I can put them into the db. The WB Position Paper is "under construction" and will be pre-circulated on the Cpunks list for commentary and revision before being broadcast publicly. >>If we can gather enough signatures from a wide enough spectrum >>of the political process, the publication of the document alone >>will be worth press coverage. It might also be worthwhile to >>take out a few big ads in major newspapers and print a position >>paper. Agreed, wholeheartedly. I am quietly trying to garner support from various left-leaning politcos as we type (She with the pugilistic name for one). I caution all that this is currently an "idea under development" and they are all post-nasal-Hip enough to regard it as such until we broadcast its availability widely. Needless to say, almost everyone I have spoken to about it is fairly-to-extremely enthusiastic about the idea and wants immediate access when it's online. I also plan to send a note to Billary Clinton when we have our schtick happening, so's the White House can tune in and listen to the crackle of disgruntled Govvamint Employees. Again submissions for the WB Guidelines and the WB Position Paper are strongly encouraged. Keep in mind that this is a positive, constructive outlet for the technology we're discussing on this list and a great opportunity for good press. And write lots of clever stuff so I don't have to, willya? :-) >>[Re: comments from xxxxx Mistah CIA-mon xxxxx] >>>done "correctly," the system can 'perhaps be somewhat protected' from >>>posting by pranksters/attackers with bogus revelations - it might >>>require someone to preview postings >> >>There's no need to preview anything. Let people say whatever they >>want. Then, should the CIA wish to confirm something, they can issue >>a statement with a digital signature attached to it, referencing the >>post in question. I explained what the "nameless one from the CIA" had to say rather poorly. He was not proposing that his Agency have any previewing capabilities, although he ventured in the most generic terms the opinion that CIA Tech would be doing it's best to break the anonymity as soon as possible (anon remailer technologists take heed of the most subtle and pernicious attacks). Rather, what we discussed as two private citizens interested in Freedom of Speech and the Occasional Corrective Force applied to the Tiller of the Ship of State was more along the lines of: >>Review and verification [...as was ably interpreted by E. Hughes...] ...by a Cypherpunk committee monitoring the WB list or _another group_ whose charge is to evaluate claims by anon posters for their veracity and to establish the reliability of such sources for future correspondence. I ventured that this would be far too involved for the Cpunks to deal with and that it would have to be the responsibility of the interested parties in the media or activist org's to verify anon WB claims. We can at best provide good mechanisms for them to use, IMHO. Furthermore, there was no implication that ANYone would edit postings (least of all the Certifiably Insane Agency), only that those chartered with verification might scribble them into invisibility if it was determined by the committee that the source was chronically unreliable. Beware, anon bombers and other nefarious monkey-wrenchers, lest you SLIP on your own banana protocols. This Verification Thing, by the way, is the single biggest issue with the entire WB process and the one that frames encryption as an interesting possible solution to the problem of establishing successive levels of trust between postees and verifiers (on top of the basic anon remail technology). More on this later as Those Who Know Far More than I Do contribute their Wisdom. IMPORTANT NOTE along those Lines: would all Cypherpunks who: [1] run an anonymous service [2] have new improvements to existing anon services [3] have experience and/or the desire to actually run the WB remailer system [4] know what a dingleberry is ...PLEASE make yourselves known to me asap so I can know who the players are and co-ordinate who can be asked to provide what part of the process and when. There is no purchase necessary and no commitment for now, I just need to build a db of skills and volunteers. For this purpose ONLY, please mail me at . Please include (and format in NEON for easy readability): [1] What you would be willing to offer in the way of remailer software/hardware technology and wisdom, etc. [2] Your current Public Key (even if you think I already have it and esp if you bin slackin' off sending it) [that means YOU, Gnu... git with the program!] [3] Your t-shirt size (S, M, L, XL) and 1-bit chromatic preference (B or W) [4] Your favorite recipe for fudge brownies (optional, but really helpful) Hey, is this great or what? dave * My mail reader (sweet Eudora) and I are noting a strong propensity for folks to FORGET to use metaprefixes in their SUBJECT lines. Once again, and on behalf of all those suffering masses who have to sift daily through Unsubscribe dribble, flame-flotsam and other ubiquitous jetsam, I ask that ALL Cypherpunks with even a passing semblance of politesse put appropriate "PREFIX: blahblahblah" thingies in the SUBJECTs of their postings to the list: it's a courteous habit to get into (...that, and wearing clean underwear on a second date). - ------- PS/FYI: All of you who have requested an anon ftp site for MacPGP v2.2 will not have much longer to wait (zzzzzzz-HUH?!?). Also, the version about to be posted (ftp details soon) will be the "final" version and not the .91 beta previously mentioned. I will also make it available to CompuServe people who can then forward it along to colleagues, friends and relatives FOR EDUCATIONAL PURPOSES ONLY. Any weasel who sent me mail asking for it thusly and who didn't include a CompuServe address better get aboard - you know who you are. It will be a self-expanding archive, fully System 7.1-compatible. There's even an custom folder icon for that educational "ooohhh-aaahhh" factor. Wowsie-wowsie-woo-woo. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK7gshKHBOF9KrwDlAQF3swP/d6z6k/NYLBw0I4peteh8Nif+1Z3r0NoL UnhoHJVfMmYON5XJcIOgcBgzYvMJgZuEXVjjwMnXgUf0jmG/FJTV6VFv89PseigT V/tj/D5rcDUnK9+gkbTAwYdISmnGroXyZc5+L+Ozm0xgACWDlz2iM3B4FfMYG0ew VfUI9sSKsa8= =95TB -----END PGP SIGNATURE----- From stig at transam.ece.cmu.edu Tue Mar 30 12:51:19 1993 From: stig at transam.ece.cmu.edu (Jonathan Stigelman) Date: Tue, 30 Mar 93 12:51:19 PST Subject: Many Important Items in the News Message-ID: <227@x15_remote.stigmobile.usa> In message <9303270339.AA00329 at soda.berkeley.edu> you write: >>wait, are you advocating news admins allowed to filter anonymous mail >>from downstream/upstream feeds? I don't get this. > >Yes. If someone doesn't want to pass traffic, let them. It's >extremely foolish; they'll get a bad rep for it. If they're a >commercial site, they'll lose customers. If they're not, they'll lose >face. Freedom to filter is freedom to shoot yourself in the foot. > All this is presuming that future and present net.users remain as abreast of net activity as the frontiersmen (hi John) that were adamant enough about uncensored communication to create the alt backbone. Thankfully, the frontiersmen haven't ridden off into the sunset, never to be seen again...and the number of net users with their mindset has even grown. But, the growth of the net also means that there will be a continuing influx of people who think a lot more about Monday night football than they think about censorship. >[...] doing politics in the broad sense is the only solution for this. If, by this, you mean that the *REAL* battle is one of marketing, I think that you're right. People with censored feeds WON'T KNOW WHAT THEY'RE MISSING (because they don't get to see it)! And, if the votes for the right to anonymous expression are going to be cast via economic choices, then it's important to remember that it's not a one person one vote situation. Stig From stig at transam.ece.cmu.edu Tue Mar 30 12:51:22 1993 From: stig at transam.ece.cmu.edu (Jonathan Stigelman) Date: Tue, 30 Mar 93 12:51:22 PST Subject: ANON: Mark anon. posts a Message-ID: <229@x15_remote.stigmobile.usa> >There is a problem with the notion that all "anonymous" remailers and >news-posting services should label their messages as anonymous so that >users can decide whether to read them or not. This approach abandons one >of the strongest arguments in favor of anonymous remailers, which is >that the net is inherently an anonymous environment. > Here's a queer thought: You've heard about the usenet dossiers that have been compiled and sold to prospective employers? How about a dossier-lookup function integrated into your favorite news reader? It would connect to a dossier server and quickly provide a cross-reference of all the other posts by the current poster...copies of the last 10 revisions of his plan file...and an analysis of his individual quirks...(along with, perhaps, a list of the top ten reasons not to hire him).... Is this so off-base? We've also been talking a lot about reputation filters, which would probably require such activity logging. Hell, it could even be put to a few good uses: We could call up Eric's dossier to quickly find his original remailer post to alt.hackers... Stig From hughes at soda.berkeley.edu Tue Mar 30 19:26:51 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 30 Mar 93 19:26:51 PST Subject: Another UUCP service provider In-Reply-To: <5ga01B1w164w@ideath.goldenbear.com> Message-ID: <9303311648.AA18969@soda.berkeley.edu> >I'm >getting kinda bored with the topic of small-system connectivity and don't >think it's really what the cypherpunks list is about/for; This information is generally useful for the following tactical reasons: 1. Anonymous remailers are disapproved of. 2. Pressure is brought to bear against the operators of such systems. 3. All the owners of the machines and the communications channels must not give in to such pressure in order to avoid shutdown. 4. Private ownership of remailer nodes seems essential. 5. No organizations have volunteered use of their machines. 6. Personal ownership by individuals seems necessary in order to get this off the ground. We don't need to discuss it much, but news is appreciated. Eric From 74076.1041 at CompuServe.COM Wed Mar 31 09:27:47 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Wed, 31 Mar 93 09:27:47 PST Subject: REMAIL: Filters for copyright? Message-ID: <930331171832_74076.1041_FHD21-1@CompuServe.COM> Among thuh objections to anonymous postin', like, we have discussed various ideas for controllin' volume abuse. Content abuse is ya know, like, what seems to cause most of thuh complaints, like, wow, though. I think we can awesumly ignore those who simply object to an obnoxious, tasteless or inappropriate message. Man, another issue that has been raised is the question of illegal messages. It's not clear to me what would be illegal in thuh U.S. Like, there is that nasty old First Amendment that keeps gettin' in thuh way. One class which has been discussed is copyrighted messages. If someone posts a long excerpt from a published document without thuh author's permission, man, this would violate his copyright. I had thuh idea of performin' a transformation on all messages so that the text of a message would be altered. Since copyright does not protect ideas, fer shure, but rather thuh specific expression of an idea, man, this might keep any message from violatin' copyright. Like, there are a couple of filters in comp.sources.games: jive and valspeak. These are pretty amusin'. Perhaps a variation on these filters, fer shure, ones which do some simple word substitution, man, would be enough to prevent copyright violations to come out of an anonymous postin' service. Like, ya know, this messages has been processed by thuh valspeak filter. Hal Finney 74076.1041 at compuserve.com From tjw at GAS.uug.Arizona.EDU Wed Mar 31 11:32:23 1993 From: tjw at GAS.uug.Arizona.EDU (Theodore J Weinberg) Date: Wed, 31 Mar 93 11:32:23 PST Subject: subscribe Message-ID: <9303311954.AA09764@GAS.uug.Arizona.EDU> thanks '.