CDR: RE: Anonymous Remailers cpunk

Trei, Peter ptrei at rsasecurity.com
Tue Oct 3 07:48:07 PDT 2000 


> ----------
> From: 	dmolnar[SMTP:dmolnar at hcs.harvard.edu]
> On Tue, 3 Oct 2000, Steve Furlong wrote:
> 
> > cost might be a little extra electricity. No funding is necessary unless
> > the usage is so high that my ISP bitches at me. Personal time involved
> > in maintaining the system will, I hope, be low; if it's more than
> > negligible I won't be able to do it. I can see the sense of running the
> > plan past a lawyer, but why would there be a continuing expense in this
> > area?
> 
> People will use your remailer to send spam and death threats. There may
> even be people who will use your remailer to send spam and death threats
> to themselves, simply because they hate remailers. The recipients will
> contact you and your ISP. Repeatedly.
> 
> My impression from reading alt.privacy.anon-server is that for many ISPs,
> it doesn't take too much of this before the ISP asks the remailer to
> leave. It's not a question of legal liability so much as the spam and the
> hassle. (An example of how life is lived mainly outside the law, though
> maybe in view of it.)
> 
> You can implement spam-blocking filters on your remailer...but that's
> another can of worms. 
> 
> -David
> 
[Warning in advance: I don't run a remailer, and never have, so what
follows could be labled uninformed speculation].

I would like to suggest that a remailer could eliminate nearly all it's 
problems by only sending out encrypted mails - that is, if after 
removing the encryption that was applied using it's own private
key, it finds that the result is plaintext, it simply drops the message.

This has some neat and useful properties.

* It eliminates spam. Spammers would have to encrypt each individual
message with the key of the recipient, which is too much hassle.

* It eliminates any possibility of the remailer knowing the content, which
alleiviates him/her of responsibility for that content. 

* The remailer still operates fine as a mid-chain remailer.

* All recipients need to have keypairs. They are thus at least somewhat
crypto-savvy people, and unlikely to place unreasonable requests on
the remailer or his/her ISP.

The only bad point:

* All recipients need to have key pairs. Thus, a crypto-only remailer 
can't be a terminal remailer to mailing lists, newsgroups, or 
individuals without keypairs.

Peter Trei

More information about the cypherpunks-legacy mailing list