Pay per use remailers and remailer reliability tracking.

[Steve Schear]

At 11:52 PM 12/20/2001 +0000, Ryan Lackey wrote:
>As much as I love the idea of using electronic cash for remailers,
>given the current state of things, I think it's not the first thing
>which should be done for remailers.
>
>1) We don't yet *have* an electronic cash system with sufficient volume to
>cover this -- you'd want a general-use electronic cash system where
>purposes like this were a small part, otherwise the billing records
>show all remailer users.  (unless you used a system like hashcash,
>which will eliminate spam, but not compensate remailer operators)
>
>2) Remailed messages would fall into the "millicent ghetto" -- how
>much do you think messages will cost?  If the goal is ecash, why not
>focus on higher-value but clear market-demand apps?  If the goal is
>improving remailers, there are some other things which can be done
>first (and which are essential steps to an ecash based remailer
>anyway).  If the goal is actually ecash-based remailers just as a cool
>thing, then please do the other fixes first anyway :)
>
>3) Ease of use -- it's hard enough to run mixmaster already.  The low
>hanging fruit would be in automating key management, packaging *well*
>for debian, redhat, etc., and fixing a bunch of the random bugs in
>mixmaster which cause it to blow up on certain From: addresses.  If it
>were possible to run mixmaster 3 with *no* real user intervention (no
>need to subscribe to flamey mailing lists, no need to manually fuck
>with people who change keys, no need to watch a list to edit people's
>capstrings, etc. -- then more people would run remailers.

I don't run a mixmaster because:
  - its not been easy to get running
  - it uses SMTP ports which are filtered on my AT&T cable system.  The 
remailer reference lists need to include port number references so users on 
these "restricted" ISPs can participate.  Since the traffic is encrypted it 
might make sense for operators to choose port numbers used by P2P 
applications which currently encrypt traffic (I believe Morpheus does).
  - it didn't run under Windows (until the other day)


>This goes double for clients.  In the case of remailers, increasing
>volume *does* enhance privacy; if we didn't care about volume, we'd
>just use a bunch of rooted boxes through netcafes to send high-value
>anonymous messages...remailers are only useful with volume, and
>legitimate applications make them easier to defend.

There needs to be an automated way to anonymously and securely determine if 
your messages have gotten stuck at a particular remailer.



>There's certainly a need to compensate remailer operators, but the
>$10/month or so a remailer network would likely provide through ecash
>is probably not the way to do it.  What does it cost to run a
>remailer:
>
>* A box (pretty low spec; mine is a 533Mhz celeron and does other
>   stuff too, and has never had a problem)
>* Reasonable network connectivity (56Kbps fulltime, DSL,
>   leased...maybe moving on to DSL or leased at a minimum for
>   interesting stuff)
>* Some level of agility or fault-tolerance on the link, so you can
>   operate in the face of complaints
>* A "fuck the law" attitude (.45s or J.D. optional)
>
>What do remailer operators want:
>* Ego boost
>* "Doing something cool"
>* Social respect from peers.
>* Low overhead and hassle
>* Entertainment (I *love* reading abuse at remailer.havenco.com)
>* Personal use of remailer for nefarious purposes (freedom of anonymity only
>   truly belongs to he who owns the anonymizer)
>
>
>I think the best way to get remailers widely deployed is:
>
>1) Create a version of mixmaster which is much more self-running, at
>least on UNIX, OSX, and cygwin, and allows cpunks, mixmaster, and
>maybe future constant-rate or stego or other interesting transports as
>plugins -- make keying be a policy decision but with the code smart
>enough to handle updates within authority delegated to it by the
>operator.
>
>2) Make it easy to install a remailer; "apt-get install mixmaster" and
>maybe a few questions, all of which should have sensible defaults, so
>you can just hold down return and get a working, productive (if not
>optimal) remailer.
>
>3) Promote the remailer and applications which make use of the
>remailer (there's nothing I've seen, other than pingers and remailer
>infrastructure, which uses remailers programmatically in some cool
>way.  Some kind of ok-with-high-latency application -- ecash tunneled
>through remailers?  Another blacknet test?  An anonymous-only message
>board?  Web publishing?  Whatever.
>
>4) Some kind of internal or external benefits to remailer operators.
>Something along the lines of "I will throw a party at DefCon with free
>(heh) ---- and -----s for the first 20 people who can prove control of
>mixmaster remailer keys which transit test messages I send throughout
>the year (selected based on normal client criteria, such as uptime,
>latency, etc.)".  Someone could presumably donate money in a similar
>fashion.  This would provide some level of decoupling from "bank
>accounts of those who sponsor remailers" and "remailer users".
>("convince legions of 18-25 year old females that remailer operators
>are the best in bed" would be ideal, but is probably not going to happen)



>
>6) Deal with the spam issue -- integrate something like nilsima into
>mixmaster directly, none of this procmail hackery (which I haven't
>bothered to configure myself).  This would eliminate "whitelists" and
>other cruft which decrease the reliability of the remailer network
>substantially.  Doesn't stop mailing list or newsgroup spam, but it's
>fucking 2001 (almost 2002) -- if you care that much about the 0.1
>seconds of time to delete a piece of spam, your list should be
>filtered, moderated, or posting limited to subscribers only.

I won't run an exit remailer because of the obvious risks  Does Ian G's 
Hotmail exit code still work?  Is this practical?


>7) Provide a UI which doesn't suck for users -- including better
>web-based interfaces (perhaps as part of the base distribution?) with
>anti-spam measures (mixmaster+nilsima may be enough, but "copy this
>image number down" might be needed.

The only client I frequently used was Geoff Keating's Java applet.  It was 
excellent and simple.  Has anyone looked into freshening it up?

steve