CDR: Hard Shelled ISP?

Ray Dillinger bear at sonic.net
Thu Oct 26 11:59:51 PDT 2000


Would there be a market for someone to create an encrypted-services 
provider?  Would people do this?

Here is what I envision, at a cost of something like $10/month.

Email accounts that bounce anything not encrypted - either silently 
or with a message that says "this account accepts only encrypted mail." 
at the option of the account holder.  These accounts are restricted 
in some way that makes them unattractive to spammers - probably they 
are able to send no more than 3 or 4 unencrypted emails a day, maybe 
they are unable to send *any* unencrypted email.

Web Hosting strictly via HTTPS.  Standard accounts get four or eight 
kilobytes accessible by http (enough for a redirect), and 100 
Megabytes or so of web space accessible by HTTPS. 

Anonymous accounts.  You send a message with a long random key and 
a few dozen choices for your login name, and a password to use
(send via a remailer or whatever) and the provider publishes a 
webpage with listings mapping keys to login names to tell you 
what login name you've gotten.  The provider holds the name for 
a couple of weeks.  If during that time the provider recieves 
payment for an account by that name with a that password (say, 
by cash or bullion via mail or courier, or any of various ecash 
systems) then the provider creates an account with login, that 
balance and that password. 

The provider also publishes a page of login names in use, so you 
can check to try to avoid collisions.

To renew your account, your payment must be sent with your login 
name and the original payment key.

If it can be done legally, the service provider would get a debit 
card for each account paid more than $200 in advance, and give the 
card number to the account holder. Then, whatever amount had been 
prepaid would be available for web purchases, etc. for web 
merchants with POS stuff.  This is a sticking point, and could 
cause a lot of trouble if any missteps are made.  In the worst 
case, 30% of this money would have to be paid to the IRS - to 
avoid charges of abetting tax evasion while maintaining client 
anonymity. (technically, this ought to make the money paid for the 
service tax deductible, but you could only claim it by revealing 
your True Name along with proof that you'd paid it -- so clients 
interested in real anonymity would have to bite the bullet and 
pay taxes on that money twice). 

Nice anonymizing web proxy with whatever filters you like, returning 
whatever CGI information you want it to return.  Cookie functioning 
is selectable by host (so you can, eg, deal with your bank via the 
proxy if you want).  Web proxy is available only via https -- ie, 
the link between the proxy and the user is *required* to be encrypted. 

Anonymous encrypted FTP.  Two kinds -- one is FTP over SSL, the other 
is FTP where the file being downloaded is encrypted to start with. 
There are applications for both.  Paying clients could put up a 
download directory; joe random could download stuff from it. No 
unencrypted FTP would be available. 

NNTP over SSL.  Not that what's in usenet news is secret, but there's 
no point in having your reading habits monitored. 

The basic idea is, there's no point in having *any* unencrypted 
traffic on a server if you can help it.  It ought to be the case 
that even if a 'carnivore' is installed, there is no unencrypted 
traffic for it to sniff. 

I think this is, just barely, feasible. 
What say you all?

				Bear












More information about the cypherpunks-legacy mailing list