Cypherpunks, Feds, and Pudgyfaced Voyeurism
Phillip H. Zakas
pzakas at toucancapital.com
Wed Apr 11 21:28:28 PDT 2001
if the problem is about keeping ourselves out of trouble re: statements or
association with others on this list, I have some observations:
first-
if defeating traffic analysis is important, hiding message headers and using
anonymizing services isn't going to help very much. the existing newsgroup
system is trackable (even through anonymizing services). The scenario:
someone watches mr. white. mr. white xmits a message to anonymizing service
at 9:00pm. at 9:03pm the service routes message to newsgroup. unless the
message is encrypted for the anonymizing service, decrypted (to reveal
destination) by the anonymizing service, then delays delivery for a random
amount of time (5 mintues to 5 hours) to the true destination, the message
traffic or content could be pegged to a person.
...plus i don't fully trust anonymizing services because i haven't met the
individuals running them, and i've not seen the technology to know there
isn't a backdoor, etc.
potential solution: need an anonymizing service with encrypted inputs and
outputs, along with an encrypted gateway between the newsgroup and the
anonymous service. perhaps several unrelated anonymizing services use the
newsgroup's public key and only xmits traffic to the newsgroup service using
that key...plus the key should change every week. and no one should be able
to send messages directly to the newsgroup, even if the public key is known.
of course all messages sent to an anonymizing service should be signed using
the anonymizing service public key, and posters should not be allowed to
post to the same anonymizing service more than 3-4 times before switching
services. this can be done if we drop the notion of using a single nym for
online messages. btw, would not use PGP for the sigs, either. we should be
doing exactly what govts do...use proprietary algorithms which aren't
published but are frequently changed. there is enough expertise on this
list (i belive) to perform basic cryptanalysis on proposed algorithms, and
if we change the system frequently enough it would cause cryptanalysts a
tremendous headache -- becomes too expensive to manage if enough messages
are encrypted over time. we don't need to create a new AES...just need to
make sure there isn't ever enough traffic flow to crack one system before we
switch methods/systems. (yep i'm one of those who actually think it's not so
great to have publicly available algorithms...makes cryptanalysis much
easier even when an algo. is theoretically unbreakable.)
second-
perhaps the lawyers in this group could provide a standard disclaimer which
we could all attach to our sig....you know, something along the lines of
'this message is part of an ongoing satire...don't sue me or take me
seriously...' is this possible?? i assume probably not, but it's worth
investigating.
third-
isn't there something terribly anonymous about a huge mailing list like
this? i mean if we all simply took care of ourselves and went to whatever
lengths we needed to protect our own identities, why complicate the mailing
list?
if anyone is interested in exploring the first option above, i'd be willing
to offer design suggestions or assist in coordinating a red team exercise
against the system. let me know.
phillip
> -----Original Message-----
> From: owner-cypherpunks at Algebra.COM
> [mailto:owner-cypherpunks at Algebra.COM]On Behalf Of Brian Minder
> Sent: Wednesday, April 11, 2001 11:41 PM
> To: cypherpunks at minder.net
> Subject: Re: Cypherpunks, Feds, and Pudgyfaced Voyeurism
>
>
>
> The "secret-admirers" list strips all headers (except the Subject:) from
> submissions and is gatewayed to/from alt.anonymous.messages. The list
> intro may be found below. If there was enough interest, it could be
> hooked up to the CDR instead, or made standalone.
>
> Thanks,
>
> -Brian
>
> __________________________________________________________________________
> I would like to announce the "secret-admirers" mail list.
>
> The "secret-admirers" list is intended to function in a manner similar
> to the well-known Usenet newsgroup "alt.anonymous.messages". This
> newsgroup serves as a dead drop for communications in which the recipient
> wishes to remain unknown.
>
> While access to a Usenet news server is unavailable in many environments,
> the ubiquity and flexibility of e-mail may be advantageous for the
> following reasons:
>
> - Penetration: More people having access to (pseudo|ano)nymizing tools
> is generally a good thing.
> - Pool Size: Higher utilization of the message pool may frustrate
> traffic analysis. The list may be gateway back into
> alt.anonymous.messages or vice versa. CDR-like
> nodes for redistribution may be established to reduce
> load on individual nodes.
> - Filtering: E-mail filtering tools are widely available, allowing
> recipients to draw only pertinent messages from the
> pool by filtering on tokens which have been negotiated
> out-of-band or by the public key to which a message has
> been encrypted.
>
> The mail list is unmoderated and accepts messages from any submitter.
> Submissions should be sent to "sa at minder.net".
>
> TO SUBSCRIBE to the list, send a message with "subscribe secret-admirers"
> in the body to majordomo at minder.net. The more subscribers, the better,
> even if procmail just sends it to /dev/null.
>
> TO UNSUBSCRIBE from the list, send a message with "unsubscribe
> secret-admirers" to majordomo at minder.net.
>
>
>
> On Wed, 11 Apr 2001, Morlock Elloi wrote:
>
> > > The best name (cypherpunks) seems to be taken. Hmm. I will
> > > have to consider. The naming of things is a ticklish business.
> >
> > "cypherpunken"
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
> >
>
>
>
>
More information about the cypherpunks-legacy
mailing list