CDR: Re: Hard Shelled ISP?
Declan McCullagh
declan at well.com
Thu Oct 26 19:46:28 PDT 2000
You might want to check out what Lance is doing with his dialup accounts.
Anyone can pay him a few dollars a month (cash, money order is fine)
and get an anonymous account. That account can be configured to reject
unencrypted email (procmail) or use HTTPS only, or whatnot.
I think this solution already exists. anonymizer.com.
-Declan
On Thu, Oct 26, 2000 at 11:59:51AM -0700, Ray Dillinger wrote:
>
> Would there be a market for someone to create an encrypted-services
> provider? Would people do this?
>
> Here is what I envision, at a cost of something like $10/month.
>
> Email accounts that bounce anything not encrypted - either silently
> or with a message that says "this account accepts only encrypted mail."
> at the option of the account holder. These accounts are restricted
> in some way that makes them unattractive to spammers - probably they
> are able to send no more than 3 or 4 unencrypted emails a day, maybe
> they are unable to send *any* unencrypted email.
>
> Web Hosting strictly via HTTPS. Standard accounts get four or eight
> kilobytes accessible by http (enough for a redirect), and 100
> Megabytes or so of web space accessible by HTTPS.
>
> Anonymous accounts. You send a message with a long random key and
> a few dozen choices for your login name, and a password to use
> (send via a remailer or whatever) and the provider publishes a
> webpage with listings mapping keys to login names to tell you
> what login name you've gotten. The provider holds the name for
> a couple of weeks. If during that time the provider recieves
> payment for an account by that name with a that password (say,
> by cash or bullion via mail or courier, or any of various ecash
> systems) then the provider creates an account with login, that
> balance and that password.
>
> The provider also publishes a page of login names in use, so you
> can check to try to avoid collisions.
>
> To renew your account, your payment must be sent with your login
> name and the original payment key.
>
> If it can be done legally, the service provider would get a debit
> card for each account paid more than $200 in advance, and give the
> card number to the account holder. Then, whatever amount had been
> prepaid would be available for web purchases, etc. for web
> merchants with POS stuff. This is a sticking point, and could
> cause a lot of trouble if any missteps are made. In the worst
> case, 30% of this money would have to be paid to the IRS - to
> avoid charges of abetting tax evasion while maintaining client
> anonymity. (technically, this ought to make the money paid for the
> service tax deductible, but you could only claim it by revealing
> your True Name along with proof that you'd paid it -- so clients
> interested in real anonymity would have to bite the bullet and
> pay taxes on that money twice).
>
> Nice anonymizing web proxy with whatever filters you like, returning
> whatever CGI information you want it to return. Cookie functioning
> is selectable by host (so you can, eg, deal with your bank via the
> proxy if you want). Web proxy is available only via https -- ie,
> the link between the proxy and the user is *required* to be encrypted.
>
> Anonymous encrypted FTP. Two kinds -- one is FTP over SSL, the other
> is FTP where the file being downloaded is encrypted to start with.
> There are applications for both. Paying clients could put up a
> download directory; joe random could download stuff from it. No
> unencrypted FTP would be available.
>
> NNTP over SSL. Not that what's in usenet news is secret, but there's
> no point in having your reading habits monitored.
>
> The basic idea is, there's no point in having *any* unencrypted
> traffic on a server if you can help it. It ought to be the case
> that even if a 'carnivore' is installed, there is no unencrypted
> traffic for it to sniff.
>
> I think this is, just barely, feasible.
> What say you all?
>
> Bear
>
>
>
>
>
>
>
>
More information about the cypherpunks-legacy
mailing list