RE: Moral Crypto isn't wuss-ninnie.
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Cordian Sent: Tuesday, September 04, 2001 6:05 PM To: [EMAIL PROTECTED] Subject: Re: Moral Crypto isn't wuss-ninnie. Aimee writes: I realize Tim's position, and I respect his right to express his political opinions and ideas, even though I don't agree with them, and think he is a self-identifying flamboyant jackass. I understand that many of you have the same opinions, and likewise Guess not all Lying Feminist Cunts troll Sex Abuse exclusively. yawn -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division Do What Thou Wilt Shall Be The Whole Of The Law I am not a Feminist. ~Aimee
Re: Moral Crypto
Anonymity allows people to evade laws. Governments don't like that. Read the archives. -Declan On Tue, Sep 04, 2001 at 05:47:33PM -0700, A. Melon wrote: What makes you think remailers are such a threat that the federal government would attempt to license them? How exactly will they help criminals and terrorists in the time frame of the next five years? They're not being used for much today, other than annoying people. It doesn't seem like criminals use them. What's the killer app (so to speak)?
Re: Moral Crypto
[EMAIL PROTECTED] writes: Anonymity allows people to evade laws. Governments don't like that. Read the archives. It would be nice to see at least one example of something nasty that could be done with an anonymous remailer in the next few years where you couldn't get the same effect at the corner phone booth or dropping a letter in a public mailbox. So far there have been no prohibitions on sending information anonymously via those mechanisms. Why would email be singled out?
Re: Moral Crypto isn't wuss-ninnie.
Aimee writes: I realize Tim's position, and I respect his right to express his political opinions and ideas, even though I don't agree with them, and think he is a self-identifying flamboyant jackass. I understand that many of you have the same opinions, and likewise Guess not all Lying Feminist Cunts troll Sex Abuse exclusively. yawn -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division Do What Thou Wilt Shall Be The Whole Of The Law
Re: Moral Crypto isn't wuss-ninnie.
On Tuesday, September 4, 2001, at 05:26 PM, Aimee Farr wrote: A potential balance between national security and science may lie in an agreement to include in the peer review process (prior to the start of research and prior to the publication) the question of potential harm to the nation I believe it is necessary before significant harm does occur which could well prompt the federal government to overreact. -- Inman, '82. --- It is not wuss-ninnie to spark debate, or to examine characterizations and motives. Many say, technology is neutral. It's not. Technology is CONTEXTUAL. Somebody is going to use it for something, and that's usually somebody and something in particular. Most of you would agree that surveillance researchers failed to consider and address the moral and societal implications of surveillance technologies. That, too many said, was somebody else's problem. Now, it's *our* problem. Had they looked into motivations and societal factors, we would have had more lead time to deal with improper surveillance and secondary use issues. We are in this position today because they were wuss-ninnies. Nonsense. None of the current moral and societal implications of surveillance technologies are either new or unexplored. From Bentham to Huxley to Orwell to Donner (The Age of Surveillance, 1980) to Brin (The Transparent Society, c. 1996), the implications have been explored in gory detail. The notion that these implications would be avoided or handled by submitting all research proposals to Inman's oversight board is naive in the extreme. Inman's board, had the Constitution even allowed such oversight of private actor activities, would have killed RSA in the womb, would have blocked PGP, and would have put the kibosh on remailersbut would have endorsed surveillance cams in football stadiums. If the benefits outweigh the costs, then fine -- but show me that you thought about it, and considered what other people might have to say, even if you might not agree with them (or me). I'm glad you have political ideas and theories of how it's going to all work outbut it often doesn't work out the way you think, or want it to. I've been reading and thinking about these issues since I was a kid. All of the above authors I've read, plus a whole shelf full (Declan and Lucky can attest to this) of other such books. Laqueur. Kwitny, Richelson, Bamford, Wise, Kahn, and dozens of other works touching on surveillance, secrecy, terror states, espionage, and on and on. But we don't have to justify to _you_ that we have read academic works or thought about the issues to then press for there being no Inman-style reviews of research, no Lincoln-style suspensions of habeas corpus, not statist-style restrictions on liberty in the name of fighting our endless enemies. I realize Tim's position, and I respect his right to express his political opinions and ideas, even though I don't agree with them, and think he is a self-identifying flamboyant jackass. I understand that many of you have the same opinions, and likewise Agent Farr, you need a new gig. --Tim May
Piggybacking tools for deployment is the point (was Re: Moral Crypto)
At 09:30 AM 9/5/01 +0200, Nomen Nescio wrote: On Sun, 2 Sep 2001, David Honig wrote: At 12:34 PM 9/2/01 -0700, Tim May wrote: Then design such a system. You did a few lines earlier: (Or if one is a remailer oneself.) Or, simply have a remailer client that randomly generates dummy traffic, and be sure to chain through multiple remailers. You don't need to accept incoming remailer traffic from other live people -- this is sufficient to hide when, if ever, you are using the remailer network. Yes, however my emphesis was on the *deployment* of the tools by piggybacking on other very-popular p2p-ish tools. You still stick out as a remailer user, though. Not if the next versions of IE or Windows or Morpheus contains remailer functionality enabled by default! That's the point. If every copy of Windows(Chinese) came with dissident software package 1.0 then it would be hard to bust people for possession of the tools. If every copy of Windows(English) came with remailer enabled, it would be hard to bust people for running a remailer. (A while ago, someone posted a physics question usnig a remailer, and Tim mused that they were probably a troll, since they were using a remailer to pose this question. I found that remark surprising, for precisely this reason. Everyone should use remailers from time to time to ask innocent questions, in case of being asked by The Authorities to provide an example of one's correspondence using such technology.) Yes; however its also possible the author didn't want their ignorance associated with a given nym. ... Perhaps this whole thing is just one person talking to himself, with Tim listening in! -Dr Evil
Re: Moral Crypto
Compare this with the original claim: in a properly designed anonymity system the users will be, well, anonymous, and it should be impossible to tell any more about them than that they pay their bills on time. These examples illustrate the falsehood of this claim. Much more is learned about the customers as they enter the anonymous system. But how do you know they've entered the anonymous system? If you are already being pursued by your antagonist, *and* you have been personally identified, then you have trouble you can't solve by any current software-based security technology. If you have not been personally identified, then your antagonist must either personally identify you or monitor all possible remailer network entrances. Monitoring all remailer network entrances can be done, but it is not for the weak of wallet. Even large governments do not have unlimited resources -- they must pick and choose their targets, rather than trying to go after everyone. The Soviet government and its puppet states encouraged people to turn each other in just so they didn't have to pay for 50% of the population to watch the other 50%. Large resources != infinite resources. === Mark Leighton Fisher[EMAIL PROTECTED] Thomson multimedia, Inc.Indianapolis IN The Illuminati are not dead -- they're just pining for the fnords...
Re: Moral Crypto
Killing remailers will be a by-product of regulating the net. Regulating the net to this extent would be a huge undertaking. Trying to regulate dead-tree publishers to this level would be a large undertaking, a task not likely to be accomplished without a lot of debate in Congress -- and there are many fewer dead-tree publishers than net publishers. The only way this could be done would be to attack at the large ISP level, which then brings up First Amendment issues along with common carrier issues. It could be done, but it would likely take a covert operation so large that: * It could only be funded by a government or other large body; and * Which would likely come to light relatively quickly (three can keep a secret, if two are dead). (Covert operation in the sense of staging many events that use the net in the process of harming people, as in using remailers for staging terrorist-like attacks for the express purpose of scaring the American public into abrogating their First Amendments rights unilaterally on the net.) === Mark Leighton Fisher[EMAIL PROTECTED] Thomson multimedia, Inc.Indianapolis IN The Illuminati are not dead -- they're just pining for the fnords...
Re: Moral Crypto
Your analogy is wrong. You should compare the number of meatspace publishers and their political clout to the number of anonymous remailer operators and their political clout. -Declan On Wed, Sep 05, 2001 at 01:21:03PM -0500, Fisher Mark wrote: Killing remailers will be a by-product of regulating the net. Regulating the net to this extent would be a huge undertaking. Trying to regulate dead-tree publishers to this level would be a large undertaking, a task not likely to be accomplished without a lot of debate in Congress -- and there are many fewer dead-tree publishers than net publishers. The only way this could be done would be to attack at the large ISP level, which then brings up First Amendment issues along with common carrier issues. It could be done, but it would likely take a covert operation so large that: * It could only be funded by a government or other large body; and * Which would likely come to light relatively quickly (three can keep a secret, if two are dead). (Covert operation in the sense of staging many events that use the net in the process of harming people, as in using remailers for staging terrorist-like attacks for the express purpose of scaring the American public into abrogating their First Amendments rights unilaterally on the net.) === Mark Leighton Fisher[EMAIL PROTECTED] Thomson multimedia, Inc.Indianapolis IN The Illuminati are not dead -- they're just pining for the fnords...
Re: Moral Crypto
On Tue, 4 Sep 2001, Eric Murray wrote: Another way to kill remailers would be through anti-spam legislation that forbids forging email headers. We're already seeing some of this. Declan brought this up in a sky-is-falling article about remailers and anti-spam legislation. I do not believe this is a valid threat. Mail from [EMAIL PROTECTED] does come from the melontraffickers.com server. It is not forged. (Such legistion would protect against unfortunate instances like the flowers.com case.) This *would* require some remailers, like frog2, to stop allowing From: line specification. But that's hardly a big issue. My guess is that the first or second is most likely. It won't even be targeted at remailers, just at regular email. Killing remailers will be a by-product of regulating the net. Unless the next Tim McVeigh ever uses a remailer in his life. Mark my words: The next major act of domestic terrorism will somehow involve either crypto or remailers, *according to the government investigators' reports.* Insert appropriate fnords where necessary.
RE: Moral Crypto isn't wuss-ninnie.
On Tue, 4 Sep 2001, Aimee Farr wrote: It is not wuss-ninnie to spark debate, or to examine characterizations and motives. Many say, technology is neutral. It's not. Technology is CONTEXTUAL. Ah, another convert. See, The message is the medium isn't right after all...it takes message, medium, context. I hope Marshall's spinnin' in his grave ;) -- natsugusa ya...tsuwamonodomo ga...yume no ato summer grass...those mighty warriors'...dream-tracks Matsuo Basho The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'-
Re: Moral Crypto
On Wed, 5 Sep 2001, Fisher Mark wrote: But how do you know they've entered the anonymous system? If you are already being pursued by your antagonist, *and* you have been personally identified, then you have trouble you can't solve by any current software-based security technology. Bingo! The primary(!) distinction of current technology is to increase revelation effort. To find... If they're already on to you then it's too damn late to be hiding. You should either give up or run like hell. -- natsugusa ya...tsuwamonodomo ga...yume no ato summer grass...those mighty warriors'...dream-tracks Matsuo Basho The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'-
Re: Moral Crypto
On Sun, 2 Sep 2001, David Honig wrote: At 12:34 PM 9/2/01 -0700, Tim May wrote: Someone else: The fact that you may be identifiable at the point of entry to an anonymity system is a weakness, not a desired feature, and if it can be avoided, it should be. Then design such a system. You did a few lines earlier: (Or if one is a remailer oneself.) Or, simply have a remailer client that randomly generates dummy traffic, and be sure to chain through multiple remailers. You don't need to accept incoming remailer traffic from other live people -- this is sufficient to hide when, if ever, you are using the remailer network. You still stick out as a remailer user, though. (A while ago, someone posted a physics question usnig a remailer, and Tim mused that they were probably a troll, since they were using a remailer to pose this question. I found that remark surprising, for precisely this reason. Everyone should use remailers from time to time to ask innocent questions, in case of being asked by The Authorities to provide an example of one's correspondence using such technology.)
Re: Moral Crypto
Tim May writes: It would be nice to see at least one example of something nasty that could be done with an anonymous remailer in the next few years where you couldn't get the same effect at the corner phone booth or dropping a letter in a public mailbox. Are you dense, or just ignorant? Consider the broad class of two-way communications, whether for information buying and selling, extortion, espionage, arranging contract killings, etc. Are these sufficiently nasty for you? Get real. There's no way these are going to be serious problems in five years. For one thing, they all depend on an established anonymous cash infrastructure for payoff off the crooks, buying the intelligence, etc. There's very little chance that such a system will come into existence soon (look at all the progress in the last five years), and even if it did, any problems with criminal use will be blamed on the cash system, not the email delivery. Now consider that both the corner phone booth and dropping a letter in a public mailbox are untraceable only in _one_ direction. Two-way communication is not untraceable. Two way anonymous communications have been around for years. Dead drops are a commonly used technique, likewise public postings in classified ads and similar places. It's nothing new and there have been no laws to ban this capability.
Re: Gnutella remailers (was Re: Moral Crypto)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 3 Sep 2001, Steve Schear wrote: At 08:55 PM 9/3/2001 -0400, V. Alex Brennen wrote: I've tried to contact limewire about working with them on some distributed resources coding concepts. I found them unreceptive. They suck. Maybe you're suggestion was too far afield from their ambitions for LimeWire. Maybe they thought you were a jerk. Maybe... In any case Lime is getting great reviews from friends regarding easy of learning, use and flexibility. It seems that if a few of the technically competent want to raise this issue with them perhaps we should discuss this a bit to see if we can reach something of a consensus and then have on of the coders make contact with Steve Cho at [EMAIL PROTECTED] Trust me, they suck. Their product may be the best thing out there now, but the open source client will be reasonably stable and usable soon enough (especially if some people on this list contribute patches). IIRC, I cc'd Steven Cho on the message I sent to Lime and the technical contact address they provided on their web page. The message I sent was basically an offer to implement MojoNation style swarm transmissions and distributed processing and to turn over the code (copyright and all) to them. I asked them to provide me with a copy of their java code, which they offered to do on their web page, and gave them a brief description of other successful projects I've worked on in the past so that they knew I could produce. They weren't interested - I got no response from them, not even a 'No, thank you'. So, I'm working on doing the same thing with the gnut code. (Note: I might be a little off on the above - it was a very long time ago.) If you look closely at the structure of their company and organization you can see that they're very closely tied to a VC outfit. I think the web pages about helping to develop the gnutella protocol and network etc are just a way from them to steal ideas from people. Here's a pretty good article about VC's from an engineer's perspective: http://www.spectrum.ieee.org/WEBONLY/resource/sep01/speak.html Granted the article is a little slanted. But the idea that VCs and big established corps can get crypto stuff out there in a way that allows it to serve the ideals of cryptoanarchy is one that should be questioned. If good crypto ideas are tied up by software patents, NDAs, and copyrights, it is much more difficult for those ideas to do anyone any good. When you go to a company like Lime, there's a danger of that. Cypherpunks should support the FSF and GPL'd software because the GPL helps protect cryptoanarchist ideas and code from being tied up by patents, NDAs, and copyright. The GPL helps ensure that programmers like me, who support the ideas of cryptoanarchy, can take the code and do something with it. Discussing the ideas on this list is a good course of action. But, do we really want or need to ever deal with Lime? People will migrate off Lime once something better and free is available. - VAB - --- V. Alex Brennen [[EMAIL PROTECTED]] F A R B E Y O N D D R I V E N ! -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQE7lH9y+pIJc5kqSz8RAuC9AJwMmyTp3KvqdAKyzrDNKUTi9WwqpgCfeapA 5oQEniKtscERDwTVTJVu+oM= =9sbJ -END PGP SIGNATURE-
Re: Moral Crypto
At 10:21 AM 9/4/01 -0700, Eric Murray wrote: I don't think that there is enough remailer traffic or remailers to require the feds to go throught the work of getting a law passed and setting up a licensing program. It's be nice if there was! Certainly not now, which is why I said I was talking about five years or so in the future. Going through the work can be something as simple as an attachment to a spending bill; unless it's controversial, it's truly not that difficult to do. Your point about ISPs as the targets for a code of conduct is a reasonable one, but the same analysis applies. Offshore ISPs will continue, at least at first, to host remailers, then perhaps be pressured into abandoning that plan if governments in other jurisdictions get sufficiently mobilized. Another point of attack, although more far-fetched, is restricting the sites to which network providers can carry traffic. A restriction like knowingly providing connectiviting to a service that provides anonymous re-mailing capabilities. Then the helpful Feds will provide daily lists of offshore remailers. -Declan
Re: Moral Crypto
On Tuesday, September 4, 2001, at 10:21 AM, Eric Murray wrote: On Tue, Sep 04, 2001 at 12:38:52PM -0400, Declan McCullagh wrote: On Sun, Sep 02, 2001 at 12:34:31PM -0700, Tim May wrote: The other remailers can theoretically band together as some kind of guild and reject packets from rogue remailers, but there are numerous practical problems. Identifying a rogue remailer which allows packets from baddies (e.g, from Mormons, or free speech advocates) In the next five years or so, I would not be suprised to see a call for federal licensing of remailers. I don't think that there is enough remailer traffic or remailers to require the feds to go throught the work of getting a law passed and setting up a licensing program. It's be nice if there was! It's more likely that remailers will get closed outright. Either one runs seriously afoul of the First Amendment. Remailers are publishers. Publishers cannot be licensed, nor can they simply be closed down. There is no issue of the public airwaves, which is what allowed the FCC to license broadcasters and to yank the licenses of those who ran afoul of various rules. One who takes in submissions, processes them according to his own proecedures, and then sends some output to other sites is a publisher. Further, it is doubtful than any of the oft-discussed all packets must be traceable to a meatspace person are constitutional. The little matter of unsigned political fliers comes to mind (though fascists like McCain, Feingold, Feinstein, and others are attempting to use campaign finance reform to require meatspace identities). And there are various practical enforceability issues, discussed here so often: -- the vast number of degrees of freedom in networks, intranets, mixes inside warehouses, wireless, transnational, regulatory arbitrage, stego, etc. I could write more on this, but I gotta go. --Tim May
Re: Moral Crypto
At 12:38 PM 9/4/2001 -0400, Declan McCullagh wrote: In the next five years or so, I would not be suprised to see a call for federal licensing of remailers. Some of the more mainstream remailer operators might even go along with it, eventually, calling for a voluntary-mandatory code of conduct and industry self- regulation. Rather than a direct ban on remailers, I think a creeping expansion of the DMCA is more likely, and a greater threat. Instead of making remailing a criminal act - where only law enforcement is able to chase violators - it's more effective to change liability rules, empowering lots of aggrieved parties to do their own takedowns. The civil version of the DMCA has already been more effective in limiting programmer speech than 20 years of ITAR and BXA regs were - not because the penalties are scarier, but because they're swifter, more certain, and applied to upstream providers instead of actual infringers, which changes those providers into reluctant (but effective) local enforcers. (this is just a corporate/institutional version of the policeman inside, discussed eventually on the list every time the make bombs d00d topic occurs - see http://cypherpunks.venona.com/date/1993/10/msg01213.html http://www.inet-one.com/cypherpunks/dir.1996.08.29-1996.09.04/msg00426.html http://www.inet-one.com/cypherpunks/dir.1997.05.08-1997.05.14/msg00339.html) Whereas many people reasonably calculated that their odds of being successfully prosecuted under a criminal enforcement scheme are very low - just look at the ratio of law enforcement agents to individuals using the Internet - broadening the categories of enforcer and viable target changes that calculation dramatically. By making every content provider a virtual prosecutor, and every ISP/web host/web page publisher/remailer a target, it's a lot easier to find someone to sue - and with that kind of risk in the air, potential targets get a lot more conservative and interested in suppressing the behavior in question. I can envision a legal situation that is close to the Napster-Gnutella controversy, where the entry points to the network are targets for the RIAA/MPAA lawyers. Similarly, the entry points to the remailer network may be targets under such a legal structure. Yeah - at least if the content isn't nested-encrypted, such that there's no reasonable way to identify content or its source. -- Greg Broiles [EMAIL PROTECTED] We have found and closed the thing you watch us with. -- New Delhi street kids
Re: Moral Crypto
At 12:38 PM 9/4/2001 -0400, Declan McCullagh wrote: In the next five years or so, I would not be suprised to see a call for federal licensing of remailers. Some of the more mainstream remailer operators might even go along with it, eventually, calling for a voluntary-mandatory code of conduct and industry self- regulation. What makes you think remailers are such a threat that the federal government would attempt to license them? How exactly will they help criminals and terrorists in the time frame of the next five years? They're not being used for much today, other than annoying people. It doesn't seem like criminals use them. What's the killer app (so to speak)?
Re: Moral Crypto
At 12:28 PM 9/4/01 -0700, Tim May wrote: Either one runs seriously afoul of the First Amendment. Remailers are publishers. Publishers cannot be licensed, nor can they simply be closed down. Let me play Devil's Advocate a bit and try to challenge this conventional cypherpunk wisdom. Unlike remailers, publishers exercise editorial discretion over what they print or distribute or broadcast. They do this by considering the content of the communication and judge, among other things, whether it is timely, newsworthy, informative, accurate, complete, relevant, interesting -- in other words, whether the content will succeed in the marketplace or not. A remailer does none of those things. Instead of a person judging articles, books, or multimedia clips as worthy of being published, a remailer simply forwards. To that end, it is far more like a mechanical device: a conveyor belt that moves an item from one place to another, perhaps taking off a layer of packaging along the way. Another analogy (though polluted because of the U.S. Mail regs) might be like a Mailboxes Etc.-type service that opens an envelope and forwards the extracted contents to you at another address. Even if that service *only* used FedEx and UPS (to avoid at least in part the postal regs), what court would strike down regulations enacted by legislatures or Congress? Seems to me the Supreme Court (wrongly) would say the First Amendment interests are limited, and it's a just exercise of the Commerce Clause. Much would depend on the details, I'd imagine, of such a hypothetical law. Is it a flat ban, or (at first) brief identity-escrow periods? Obviously I'm not trying to argue that Congress *should* enact such a law -- I think they should stay the hell away from this area -- but what if they do? How about if they try, as someone else suggested, to compel ISPs or network providers to be the _de facto_ cops? I'm not trying to scare off cypherpunk-types from coding or discussing these things. If anything, I'd argue that the next few years are the time to deploy mixes more widely, and weave them into popular products, so restrictions would meet with not just theoretical privacy-themed opposition, but lots of peeved users as well. I'm also not saying, to repeat my last message, that OECD or G8-wide legal restrictions would put remailers out of business, but I suspect such rules would make it much less likely they'd be mainstream. -Declan
RE: Moral Crypto isn't wuss-ninnie.
A potential balance between national security and science may lie in an agreement to include in the peer review process (prior to the start of research and prior to the publication) the question of potential harm to the nation I believe it is necessary before significant harm does occur which could well prompt the federal government to overreact. -- Inman, '82. --- It is not wuss-ninnie to spark debate, or to examine characterizations and motives. Many say, technology is neutral. It's not. Technology is CONTEXTUAL. Somebody is going to use it for something, and that's usually somebody and something in particular. Most of you would agree that surveillance researchers failed to consider and address the moral and societal implications of surveillance technologies. That, too many said, was somebody else's problem. Now, it's *our* problem. Had they looked into motivations and societal factors, we would have had more lead time to deal with improper surveillance and secondary use issues. We are in this position today because they were wuss-ninnies. If the benefits outweigh the costs, then fine -- but show me that you thought about it, and considered what other people might have to say, even if you might not agree with them (or me). I'm glad you have political ideas and theories of how it's going to all work outbut it often doesn't work out the way you think, or want it to. In my opinion, to characterize a technology as having aims detrimental to national security interests is both irresponsible and foolish. Words and events shape public policy -- why shape it against you? I realize Tim's position, and I respect his right to express his political opinions and ideas, even though I don't agree with them, and think he is a self-identifying flamboyant jackass. I understand that many of you have the same opinions, and likewise ~Aimee
moral crypto
What's with this moral crypto jive? Nomen sounds like Faustine in drag. Who cares if Osama benefits from crypto - he isn't any greater danger to our much tattered peace and freedom than Dubbya. Probably a lot less.
Re: Moral Crypto
At 12:34 PM 9/2/2001 -0700, Tim May wrote: On Sunday, September 2, 2001, at 12:26 PM, [EMAIL PROTECTED] wrote: I stand by my earlier statement. The fact that you may be identifiable at the point of entry to an anonymity system is a weakness, not a desired feature, and if it can be avoided, it should be. Then design such a system. Anyone a remailer, anyone a mint is one strong approach. I know this suggestion has been made before, probably by myself, but it seems the remailer programmers may be missing a good opportunity in not pursuing the inclusion of remailer code in the popular Gnutella cleints (e.g., LimeWire). They advertise they are looking for new content communities. http://www.limewire.com/index.jsp/formgroup I don't see any reason why email can't be added as a new form of content. steve
Re: Moral Crypto
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 3 Sep 2001, Steve Schear wrote: At 12:34 PM 9/2/2001 -0700, Tim May wrote: Anyone a remailer, anyone a mint is one strong approach. I know this suggestion has been made before, probably by myself, but it seems the remailer programmers may be missing a good opportunity in not pursuing the inclusion of remailer code in the popular Gnutella cleints (e.g., LimeWire). They advertise they are looking for new content communities. http://www.limewire.com/index.jsp/formgroup I don't see any reason why email can't be added as a new form of content. I haven't heard this before. It's a good idea. I've tried to contact limewire about working with them on some distributed resources coding concepts. I found them unreceptive. They suck. I've started on the very beginnings of a GNU Distributed Computing client to attack the RSA RC5 and factoring challenges. If you come up with a good concept and write some C code, I'll help you refine it and include it in the distributed computing client. I would also be willing to help you work it into the gnut Gnutella client and the KDE based Gnutella client if you can provide a reasonable argument for that as a better platform than the distributed computing client. - VAB - --- V. Alex Brennen [[EMAIL PROTECTED]] F A R B E Y O N D D R I V E N ! -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQE7lCZ/+pIJc5kqSz8RAvsZAJ9Ggr3WzJEz3sWxzHEqaYEG4ceWlwCgi4fB OT5/iUBtU7ZXCDgFpmo2sDs= =V2E0 -END PGP SIGNATURE-
Re: Gnutella remailers (was Re: Moral Crypto)
At 08:55 PM 9/3/2001 -0400, V. Alex Brennen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 3 Sep 2001, Steve Schear wrote: At 12:34 PM 9/2/2001 -0700, Tim May wrote: Anyone a remailer, anyone a mint is one strong approach. I know this suggestion has been made before, probably by myself, but it seems the remailer programmers may be missing a good opportunity in not pursuing the inclusion of remailer code in the popular Gnutella cleints (e.g., LimeWire). They advertise they are looking for new content communities. http://www.limewire.com/index.jsp/formgroup I don't see any reason why email can't be added as a new form of content. I haven't heard this before. It's a good idea. I've tried to contact limewire about working with them on some distributed resources coding concepts. I found them unreceptive. They suck. Maybe you're suggestion was too far afield from their ambitions for LimeWire. Maybe they thought you were a jerk. Maybe... In any case Lime is getting great reviews from friends regarding easy of learning, use and flexibility. It seems that if a few of the technically competent want to raise this issue with them perhaps we should discuss this a bit to see if we can reach something of a consensus and then have on of the coders make contact with Steve Cho at [EMAIL PROTECTED]
Re: Moral Crypto
On 2 Sep 2001, at 3:40, Nomen Nescio wrote: The fact that a given person is using the remailer network is not a secret. At least one remailer finds out every time he sends a message. The point is, the entry from the non-anonymous to the anonymous world is a vulnerability. Sort of. The first remailer in the chain will see something like an IP address. This might or might not be enough to identify the indvidual using it in principle (gee, it's somebody posting from a public library or internet cafe) and almost certainly isn't in practice (how many remaler operators bother keeping something like a reverse DNS table on their servers). If the remailer operators decided they wanted to deny baddies use of their services, they would not only have to unanimously agree as to who the baddies are, they would also have to deny their services in all cases where the client cannot be positovely identified. Neither of which strikes me as being plausible. -- blinding. (Hint: That Alice deposits money into a digital bank, and is identified by the bank, does not mean the bank knows who received digital money from Alice, because Alice unblinds the note before spending it--or redeeming it.) No, but the fact that Alice transfered a certain amount of funds into the anonymous bank is visible to at least some observers. Once again, the point is that as you enter the anonymous world your entry is visible. In the old style numbered swiss bank account, you give them a suitcase full of cash and you get an account number. They know who you are if the recognize you when you go in to set up the account, if not not. Compare this with the original claim: in a properly designed anonymity system the users will be, well, anonymous, and it should be impossible to tell any more about them than that they pay their bills on time. These examples illustrate the falsehood of this claim. Much more is learned about the customers as they enter the anonymous system. I stand by my earlier statement. The fact that you may be identifiable at the point of entry to an anonymity system is a weakness, not a desired feature, and if it can be avoided, it should be. George
Re: Moral Crypto
On Sunday, September 2, 2001, at 12:26 PM, [EMAIL PROTECTED] wrote: If the remailer operators decided they wanted to deny baddies use of their services, they would not only have to unanimously agree as to who the baddies are, they would also have to deny their services in all cases where the client cannot be positovely identified. Neither of which strikes me as being plausible. If there are many remailers, essentially zero chance. (Or if one is a remailer oneself.) The other remailers can theoretically band together as some kind of guild and reject packets from rogue remailers, but there are numerous practical problems. Identifying a rogue remailer which allows packets from baddies (e.g, from Mormons, or free speech advocates) will not be easy: the guild of do-gooders will only known a rogue packet has entered their system if they _trace_ it! Nearly all baddie packets exiting the system (Down with Barney the Dinosaur! and similar evil things) will only be detected--drum roll--when they _exit_ the system. Fat chance that N remailers around the world will proactively trace packets just so they can burn the Barney critic baddie. I stand by my earlier statement. The fact that you may be identifiable at the point of entry to an anonymity system is a weakness, not a desired feature, and if it can be avoided, it should be. Then design such a system. Anyone a remailer, anyone a mint is one strong approach. --Tim May
Re: Moral Crypto
At 12:34 PM 9/2/01 -0700, Tim May wrote: Someone else: The fact that you may be identifiable at the point of entry to an anonymity system is a weakness, not a desired feature, and if it can be avoided, it should be. Then design such a system. You did a few lines earlier: (Or if one is a remailer oneself.) If the next generation of OS, browser, Morpheus, etc. came with a remailer that was on by default, then even running a remailer would be too common to draw attention (prosecute). And given that Joe Sixpack's node regularly relays MSMixmaster messages, the *occasional* message injected by Joe will be nearly invisible. Heavy use might be detectable depending on how obvious the relayed messages are. Anyone a remailer, anyone a mint is one strong approach. Very strong. In the case of a remailer, necessary. I suppose the spam potential, of everyone an SMTP forwarder, is problem? Surmountable. Deployment, sending-ease-of-use are the real problems.
Moral Crypto
. We should structure our efforts so that they are in accordance with our highest goals. Having principles is nothing to be ashamed of. We all have them, and we should be proud of that. From your words, I doubt you support the same goals I support. In any case, please stop invoking my name in support of your moral crypto points. --Tim May
Re: Moral Crypto
Tim May wrote: On Saturday, September 1, 2001, at 01:30 PM, Nomen Nescio wrote: Yes and no. The users aren't all that anonymous, or they wouldn't need anonymous technologies, would they? The remailer network sees where this message originates. If you use Zero Knowledge software, their network knows exactly who is using it at any time. If a digital cash bank came into existence, payments transferred into the digital system from outside would largely be from identified sources. What can I say? You clearly don't understand: -- how remailer _networks_ work (Hint: nested encryption...all the first remailer sees when he opens a message is an encrypted message he can't read and instructions on which remailer to send it to next, and so on. Only if most/all remailers collaborate can the route be followed by them.) The fact that a given person is using the remailer network is not a secret. At least one remailer finds out every time he sends a message. The point is, the entry from the non-anonymous to the anonymous world is a vulnerability. -- how Freedom works (Hint: They say that even they cannot know who is using it, except in terms of network usage. Which with cover traffic, forwarding of other traffic, dummy messages, etc., means the fact that Alice was using the network during a period of time does not mean they know which exit messages are hers.) You are not stating their claims accurately. ZKS does indeed have information about who is using it at any given time, if they operate any of the servers. Or at least the server operators can tell. Each user sets up a route through a chain of servers, and any given server knows exactly who is using it as the initial connection into the network. Again, the entry from non-anonymous into anonymous networks is visible. -- blinding. (Hint: That Alice deposits money into a digital bank, and is identified by the bank, does not mean the bank knows who received digital money from Alice, because Alice unblinds the note before spending it--or redeeming it.) No, but the fact that Alice transfered a certain amount of funds into the anonymous bank is visible to at least some observers. Once again, the point is that as you enter the anonymous world your entry is visible. Compare this with the original claim: in a properly designed anonymity system the users will be, well, anonymous, and it should be impossible to tell any more about them than that they pay their bills on time. These examples illustrate the falsehood of this claim. Much more is learned about the customers as they enter the anonymous system. Nonsense. Most participants in this forum DO share common philosophical goals: the preservation and enhancement of individual freedom via technological means. This is our common heritage. People make moral judgements every single day on this list based on exactly this framework. And it is this moral view which tells us that bin Laden and his terrorist groups are not the market which we should target in order to advance these goals. How about McVeigh? How about The Real IRA? How about John Brown? How about Patrick Henry/ How about Cuban exiles? (By the way, everyone should know about the time an anti-Castro group blew up a Cuban airliner. Terrorists, freedom fighters, or just a bunch who wants to be in control?) Not everyone will agree with every specific case. But given our common philosophical heritage, list members can come to agreement with regard to most examples. The test is simple, whether these individuals advance the causes we support. As long as you're listing examples, what do you think about Osama bin Laden? Would you support efforts to market crypto technology to Islamic religious extremists? The great thing about bin Laden as an example is that we can see exactly what the consequences will be when he succeeds. With McVeigh, nobody knows for sure. But chances are it would be much the same if the militias achieved their goals: installation of a religious state. Supporting these people means helping bring about another Afghanistan, maybe right here at home next time. Surely not. Morality plays a part in everything we do. We have goals in common. We should structure our efforts so that they are in accordance with our highest goals. Having principles is nothing to be ashamed of. We all have them, and we should be proud of that. An additional point: if you were truly unconcerned with moral issues, you would have no objection to seeing discussion here about how we can use computer technology to promote government power and control. From your words, I doubt you support the same goals I support. We'll see. If you support increasing government power, then you are correct. 25BA1A9F5B9010DD8C752EDE887E9AF3 [Cantsin Protocol No. 2] 092AA1EC9926D468F8964B8EF537DDC1782A1281 92F14832E4C534B35B8E9A1C10A5346E1E472C95 -12FF 12FF
Re: Moral Crypto
On Sun, 2 Sep 2001, Nomen Nescio wrote: Again, the entry from non-anonymous into anonymous networks is visible. Which is where distributed systems like Plan 9 come into play. By being completely distributed and (at least in theory) encrypted at the network layer the 'vulnerability' becomes connecting to the network. Of sourse this still leaves the question of keys and their management as a 'entry' vulnerability. -- natsugusa ya...tsuwamonodomo ga...yume no ato summer grass...those mighty warriors'...dream-tracks Matsuo Basho The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'-