[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: My anonymous remailer



Graham Toal <[email protected]> writes:

>I think it's time to try a
>new experiment in anonymous remailing.  I think that all remailers
>should close down, then open up with new addresses and a single shared
>new policy... the new policy being that each individual remailer will
>do his best to 'out' all posters - complete disclosure, log files
>available, posts available, summaries show up via finger etc etc.

This is a pretty radical idea, but it is tempting.  Like other remailer
operators, I get tired of fielding complaints.  I don't look at the messages
when they go through, but incorrect ones end up in my mailbox, and I may
see them by accident.  So many are obscene, name-calling, etc., that it
kind of makes you wonder after a while whether the service is worthwhile.
Of course, I do tend to see the "dregs", users who are clueless about using
the service.  Hopefully the more capable users are doing something a
little more worthwhile with it.

Then there are the constant moral dilemmas.  I got flamed pretty well
for outing Detweiler on his "Death to Blacknet" spam.  I try hard not to
look at the messages, deleting bounced mail just from the headers, etc.,
but it gets to be a pain.  In some ways Graham's suggestion to just say,
screw you, I'm going to feel free to publicize everything that goes through
my remailer, is tempting.

Still, though, I think this would do more harm than good.  I get about
20 to 40 messages a day through my remailer, and only 5 or 10 of those are
encrypted.  Switching to a policy that would require chaining and encrypt-
ing to make it useful would make it a lot harder to use the remailer.  If
I have faith that the remailer is doing some good for someone, somewhere,
then it would be bad to take that away from the people who are using it
now.  (I just did a complete search of the news spool directory here for
postings from my remailer, and found only four, two of which were duplicates
of a claim that cable companies can listen to what you are saying in your
living room.  I wonder what the traffic through my remailer is?)

The other problem I see with Graham's idea is that I'm not sure the
technology is there to provide good security in the face of this much
information.  Not many of the remailers add delay, and a lot of people don't
like it when they do.  In that case it may be easy to figure out what
path even a chained encrypted message took.  Even the delaying remailers,
if they published message sizes, would usually reveal their in-to-out
correspondance.  So I think it is premature to do this.  Until we have
remailers which can support cryptographically strong message padding
with standard message sizes, running on un-hackable systems with delays
and batching to confuse the in-out relationships, it would be counter-
productive to do what Graham suggests.

Even once we have it, there is still the question of what the remailer
network is for.  I think news posting is responsible for a large fraction
of the complaints.  But does it also provide much of the utility of the
technology?  Do people use remailers for ordinary email, or just for
broadcast-type messages?  Unless we understand what the market is for the
service it's hard to know what features to provide.  In particular, if
cleartext output is prevented, how much does that impair the usefulness of
the network?  My instinct is that it hurts a lot, although it would be nice
for the operators since it would eliminate most sources of complaints.

Hal