if the problem is about keeping ourselves out of trouble re: statements or
association with others on this list, I have some observations:
first-
if defeating traffic analysis is important, hiding message headers and using
anonymizing services isn't going to help very much. the existing newsgroup
system is trackable (even through anonymizing services). The scenario:
someone watches mr. white. mr. white xmits a message to anonymizing service
at 9:00pm. at 9:03pm the service routes message to newsgroup. unless the
message is encrypted for the anonymizing service, decrypted (to reveal
destination) by the anonymizing service, then delays delivery for a random
amount of time (5 mintues to 5 hours) to the true destination, the message
traffic or content could be pegged to a person.
...plus i don't fully trust anonymizing services because i haven't met the
individuals running them, and i've not seen the technology to know there
isn't a backdoor, etc.
potential solution: need an anonymizing service with encrypted inputs and
outputs, along with an encrypted gateway between the newsgroup and the
anonymous service. perhaps several unrelated anonymizing services use the
newsgroup's public key and only xmits traffic to the newsgroup service using
that key...plus the key should change every week. and no one should be able
to send messages directly to the newsgroup, even if the public key is known.
of course all messages sent to an anonymizing service should be signed using
the anonymizing service public key, and posters should not be allowed to
post to the same anonymizing service more than 3-4 times before switching
services. this can be done if we drop the notion of using a single nym for
online messages. btw, would not use PGP for the sigs, either. we should be
doing exactly what govts do...use proprietary algorithms which aren't
published but are frequently changed. there is enough expertise on this
list (i belive) to perform basic cryptanalysis on proposed algorithms, and
if we change the system frequently enough it would cause cryptanalysts a
tremendous headache -- becomes too expensive to manage if enough messages
are encrypted over time. we don't need to create a new AES...just need to
make sure there isn't ever enough traffic flow to crack one system before we
switch methods/systems. (yep i'm one of those who actually think it's not so
great to have publicly available algorithms...makes cryptanalysis much
easier even when an algo. is theoretically unbreakable.)
second-
perhaps the lawyers in this group could provide a standard disclaimer which
we could all attach to our sigyou know, something along the lines of
'this message is part of an ongoing satire...don't sue me or take me
seriously...' is this possible?? i assume probably not, but it's worth
investigating.
third-
isn't there something terribly anonymous about a huge mailing list like
this? i mean if we all simply took care of ourselves and went to whatever
lengths we needed to protect our own identities, why complicate the mailing
list?
if anyone is interested in exploring the first option above, i'd be willing
to offer design suggestions or assist in coordinating a red team exercise
against the system. let me know.
phillip
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Brian Minder
Sent: Wednesday, April 11, 2001 11:41 PM
To: [EMAIL PROTECTED]
Subject: Re: Cypherpunks, Feds, and Pudgyfaced Voyeurism
The "secret-admirers" list strips all headers (except the Subject:) from
submissions and is gatewayed to/from alt.anonymous.messages. The list
intro may be found below. If there was enough interest, it could be
hooked up to the CDR instead, or made standalone.
Thanks,
-Brian
__
I would like to announce the "secret-admirers" mail list.
The "secret-admirers" list is intended to function in a manner similar
to the well-known Usenet newsgroup "alt.anonymous.messages". This
newsgroup serves as a dead drop for communications in which the recipient
wishes to remain unknown.
While access to a Usenet news server is unavailable in many environments,
the ubiquity and flexibility of e-mail may be advantageous for the
following reasons:
- Penetration: More people having access to (pseudo|ano)nymizing tools
is generally a good thing.
- Pool Size:Higher utilization of the message pool may frustrate
traffic analysis. The list may be gateway back into
alt.anonymous.messages or vice versa. CDR-like
nodes for redistribution may be established to reduce
load on individual nodes.
- Filtering:E-mail filtering tools are widely available, allowing
recipients to draw only pertinent messages from the
pool by filtering on tokens which h