CDR: Re: Hard Shelled ISP?

[Declan McCullagh]

You might want to check out what Lance is doing with his dialup accounts.
Anyone can pay him a few dollars a month (cash, money order is fine)
and get an anonymous account. That account can be configured to reject
unencrypted email (procmail) or use HTTPS only, or whatnot.

I think this solution already exists. anonymizer.com.

-Declan


On Thu, Oct 26, 2000 at 11:59:51AM -0700, Ray Dillinger wrote:
> 
> Would there be a market for someone to create an encrypted-services 
> provider?  Would people do this?
> 
> Here is what I envision, at a cost of something like $10/month.
> 
> Email accounts that bounce anything not encrypted - either silently 
> or with a message that says "this account accepts only encrypted mail." 
> at the option of the account holder.  These accounts are restricted 
> in some way that makes them unattractive to spammers - probably they 
> are able to send no more than 3 or 4 unencrypted emails a day, maybe 
> they are unable to send *any* unencrypted email.
> 
> Web Hosting strictly via HTTPS.  Standard accounts get four or eight 
> kilobytes accessible by http (enough for a redirect), and 100 
> Megabytes or so of web space accessible by HTTPS. 
> 
> Anonymous accounts.  You send a message with a long random key and 
> a few dozen choices for your login name, and a password to use
> (send via a remailer or whatever) and the provider publishes a 
> webpage with listings mapping keys to login names to tell you 
> what login name you've gotten.  The provider holds the name for 
> a couple of weeks.  If during that time the provider recieves 
> payment for an account by that name with a that password (say, 
> by cash or bullion via mail or courier, or any of various ecash 
> systems) then the provider creates an account with login, that 
> balance and that password. 
> 
> The provider also publishes a page of login names in use, so you 
> can check to try to avoid collisions.
> 
> To renew your account, your payment must be sent with your login 
> name and the original payment key.
> 
> If it can be done legally, the service provider would get a debit 
> card for each account paid more than $200 in advance, and give the 
> card number to the account holder. Then, whatever amount had been 
> prepaid would be available for web purchases, etc. for web 
> merchants with POS stuff.  This is a sticking point, and could 
> cause a lot of trouble if any missteps are made.  In the worst 
> case, 30% of this money would have to be paid to the IRS - to 
> avoid charges of abetting tax evasion while maintaining client 
> anonymity. (technically, this ought to make the money paid for the 
> service tax deductible, but you could only claim it by revealing 
> your True Name along with proof that you'd paid it -- so clients 
> interested in real anonymity would have to bite the bullet and 
> pay taxes on that money twice). 
> 
> Nice anonymizing web proxy with whatever filters you like, returning 
> whatever CGI information you want it to return.  Cookie functioning 
> is selectable by host (so you can, eg, deal with your bank via the 
> proxy if you want).  Web proxy is available only via https -- ie, 
> the link between the proxy and the user is *required* to be encrypted. 
> 
> Anonymous encrypted FTP.  Two kinds -- one is FTP over SSL, the other 
> is FTP where the file being downloaded is encrypted to start with. 
> There are applications for both.  Paying clients could put up a 
> download directory; joe random could download stuff from it. No 
> unencrypted FTP would be available. 
> 
> NNTP over SSL.  Not that what's in usenet news is secret, but there's 
> no point in having your reading habits monitored. 
> 
> The basic idea is, there's no point in having *any* unencrypted 
> traffic on a server if you can help it.  It ought to be the case 
> that even if a 'carnivore' is installed, there is no unencrypted 
> traffic for it to sniff. 
> 
> I think this is, just barely, feasible. 
> What say you all?
> 
> 				Bear
> 
> 
> 
> 
> 
> 
> 
>