[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Anonymous flooding
Marc Ringuette worries about anonymous messages flooding the nets:
>I wonder if full crypto anonymity as we envision it will be stable?
>I'm very concerned about the problem of anonymous users intentionally
>flooding the network with garbage in order to bring it to its knees.
>Current practice, in the non-anonymous world, is to trace excess
>traffic to its source and stop it from being generated. This will no
>longer be possible when true anonymity is available.
The simple solution: paid transmissions. Remailers pass on messages only if
they receive the payment they've announced is their fee. While _some_
remailers may pass on messages for free (charity, policy, etc.), _their_
recipients are under no obligation (obviously) to continue to forward them
if no postage is attached.
This means the nets may indeed be filled with junk, but at least somebody
has to pay for it--and the remailers are making nice profits. Economics
thus provides a damping effect against runaway situations (as it does in so
many areas that at first seem unstable).
(The analogy with junk mail in the current postal system is apt: you may
not like getting 10 pieces of junk mail a day, but at least you never have
to pay for it directly...and the Postal System _likes_ "direct mail" (junk
mail), as it pays the bills.)
>This would particularly be a problem if a remailer is willing to forward
>an incoming message to more than one destination. In that case, by sending a
>single anonymous message, a saboteur could generate an exponential amount
>of net traffic. This would be bad.
Again, a remailer "willing to forward" to multiple destinations must pay
for the transmission--and the recipients will of course look to see that
_their_ remailing fees are paid. It is thus extremely expensive to "flood"
the nets, as each message costs some amount to transmit to remailers, to
remail, etc.
And don't forget that most folks will likely have various forms of
reputation filters running. The may scan incoming messages for interesting
content, for messages from senders known to them, etc. As with our ordinary
mail, the junk can be thrown away very quickly.
>
>Two basic precautions for a remailer to take are
> 1. To require a 1-1 correspondence between input and output messages.
> 2. To require that the address portion of the message shrink at each step
> (preventing infinite loops).
>If this is done, then the saboteur's original message can be at most
>n-fold replicated, where n is the maximum number of remailer hops
>allowed.
Fine, some remailers may insist on a 1-1 correspondence, others may remail
to as many sites as postage is provided for. The market can then decide
which remailer to use. Businesses who take all paying customers generally
outcompete those with arbitrarily set policies or their own ideas of
rationing services (e.g., "But, sir, we can't let you buy five tubes of
toothpaste--what if _everyone_ tried to buy five tubes?").
>However, I still have some fundamental concerns that an anonymity-based
>system is vulnerable to flooding and denial of service by the bad guys,
>including Big Brother, who may wish to prevent effective use of such
>systems. This may make operating a remailer a difficult proposition.
>
>I'm discouraged. Any thoughts?
Little need to be discouraged. There are a great many "covers" for
anonymous mail, including legal consultations (attorney-client privilege),
psychiatric consultations (ditto), religions ("Digital Confessionals--the
Latest in Catholic Computing"), games (role-playing), and "personals" ads
(as in newspaper ads that match partners, dates, etc., except mediated
electronically in this case).
Stopping any one of these will be tough, stopping them all would be very
hard indeed.
-Tim May
--
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: MailSafe and PGP available.