CDR: Re: Anonymous Remailers cpunk

Mon Oct 16 02:54:58 PDT 2000

Jim Choate wrote:
> They do it now, sans encryption. The mass distribution is what makes it
> economical. If the encryption can be gateway'ed then it's useless and
> doesn't raise the cost significantly.

it is INDIVIDUAL encryption. want to spam 100,000 people? gotta encrypt
your spam 100,000 times to 100,000 different keys. if you have a fast
machine that takes only a second to do so, it'll cost you just over a
day...

> It's your problem, there are aspects of this proposal that are simply
> silly, and several others that haven't been adequately explained or
> examined.
> 
> You talk about decreasing the load due to spam, and don't even recognize
> that you've replaced it with a whole other process. One that potentialy
> could be more complicated, error prone, and expensive in time and resource
> impact than the original 'problem'.

this process is exactly as complicated as you sending me a PGP-encrypted
message. remailer or not doesn't make a difference.

don't you get it? all we do is couple remailers with PGP encryption,
enforcing the second by a simple test in the first.

> The solution to bad speech is more speech, not regulation. And don't kid
> yourself that setting up such a mechanism isn't regulatory.

it's my remailer, and I can do to it whatever I like. you are, of
course, free to not use it.

> What algorithm are you proposing to identify plain-text? 

several have been discussed here over the past week or so. none are
perfect, but most are good enough to distinguish between spam (which has
a describeable structure) and encrypted stuff (which, too, has a
describeable structure).

> There are key
> managment issues, what is your proposal for this problem? There is the
> increased complication of admining the box (think of resources to support
> both the remailer operation as well as the encryption - consider that
> scale carefuly).

there is no additional complication. to prove that, I'm in the process
of setting up just such a remailer. this takes some time since I have no
experience in remailer operation, but it'll be done. if anyone wants to
help me, send me a mail

> You need the key to get into the remailer, otherwise how does it tell the
> message is encrypted? 

I can see whether or not a text is greek or russian without
understanding it. likewise, I bet you that anyone on this list can
identify an ASCII-armoured PGP message with a single glance. shouldn't
be too tough to teach that to a machine, should it?

> You seriosly propose sticking some static PGP header
> for example will stop anyone, spammers know how to use word processors too
> you know.

please take a look at the simple script I posted here recently. tell me
how you want to get it to accept any of the standard spam messages.
hint: adding a fake PGP header won't work.