-----BEGIN PGP SIGNED MESSAGE----- I know this isn't the right place to send this, but I can't get Frost to work (which is a bit ironic considering my following proposal).
I propose a protocol called freenym. It is an updated version of the classic newnym (or just nyms). The basic concept of both is that a user can create a regular email account in which it is impossible for even the nym server to know who the user is. Newnym uses remailers to acheive security and anonymity, freenyms use Freenet and Frost. The first thing a user has to do is choose a freenym server. This server has to be trusted to be reliable. The server does not have to be trusted to keep your identity safe (like hushmail does). It should be trusted to not be "hacked" into--this could let people read your messages, and take over your account. It would not however reveal your identity. Let's say the server is freenym.net. The next thing to do is announce your self, and announce how to communicate to the freenym server. First create a message like this: user: goodguy name: "Good Guy" options: (some options here, possibly server specific) send_board: goodguy_send send_board_public_key: SSK@~1Z3qigXRgZHm8o-~To2WG2qZ34 receive_board: goodguy_receive receive_board_private_key: SSK at Tq56~p2ap2pK7Czj1theKvNnxrA receive_board_public_key: SSK at YAnkuDpYH5k3SDUQiXwYxDYkvys This email is then encrypted so that only the guys at freenym.net can read it (using PGP, unless there is an easier way to do it with Freenet routines). The encrypted message is then posted to the freenym_net board where freenym.net's server software automatically processes the account. The receive_board_private_key can be thrown away by the user. To send an email all the user has to do is post a message to the secure board goodguy_send formated like this: to: badguy at aol.com subject: The subject The message body. freenym.net's software will automatically process this, and send an the email to badguy at aol.com from "Good Guy" <goodguy at freenym.net>. To receive a reply from badguy at aol.com, the user simply has to check goodguy_receive for incoming messages (which he can do since he has the public key). The messages would be in the same format as above. This (in my opinion) is better than newnyms for the following reasons: 1. It's a lot easier to setup and use. As a newnym user myself I can promise you that it is a pain in the ass to setup an account, send/receive email, and maintain a newnym account. Most people use special software to do all of the above, since it involves lots (LOTS) of pgp, gathering statistics on remailers, and creating new reply blocks as remailers go bad. Some people go through usenet and use encrypted subjects. Trust me, this would be easier. 2. It would be a lot more secure. With newnyms messages always go through the same remailers, which opens you up to traffic analysis. Using Freenet/Frost traffic analysis would be much harder. Everyone who sends/receives a lot of encrypted mail with remailers are probably using nym accounts, and therefore using anonymous email. This person is now a target. People using Freenet could be doing lots of (legal) things, and hopefully there will be many more Freenet users than newnym users (there's probably only about a thousand newnym users, since it's so hard to use). 3. It would be more reliable. Once Freenet is improved, and Freenet grows, it should be very reliable. There is no need to keep up-to-date statistics about remailers. With freenyms, if one node between you and the nym server goes down, another will be found, and all will be good. I'd really love to do this all myself. But I don't know Java, or how to access Frost, PGP, fetchmail, or sendmail using any language. I do know C/C++, and if no one is willing to take this on (which when compared to Freenet/Frost/IIP is a small project), then I might be willing to learn Java and take this on, but it would be a while since the new semester is starting and all. I'd like to see this happen, but I'm not sure if I could do it. John Frink ~~~ This PGP signature only certifies the sender and date of the message. It implies no approval from the administrators of nym.alias.net. Date: Thu Jan 3 20:33:07 2002 GMT From: [email protected] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBPDTABk5NDhYLYPHNAQFg6wf/W+BC84XFCmAC+/HsNBJMe8XAJinXyuV8 xct/9KUp+F14NVQux1eGh83J56JIr5oy3oNAq2bxgfjGlCb1mfz6Na5QFQxlqqWE fKNP3Dw5audBX8/Nvdgub/cHYS+yzaSwTh/llxJ0LbxNUZrxOl23KjuqWAfEtvyq JA0tEpApdpBVXCIDSPEHv/A9aWpscuSOzlJm3lBICfg2weC6cRZLcJ4uLTxLEOdY ggPfIuF+ASEqQ0f4mj/0GjVl1UqBjnRxjfgpH+qo1+V2VIpTlRq9qps5T0RTnu6B 29iSJCwKl3Bf8TQIUJZnDiPye9+obbU3HFIAhbXK1eAxrUzCcQJ3Hw== =nwVN -----END PGP SIGNATURE----- _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
