[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Insisting on encryption/Picking remailer for abuse



-----BEGIN PGP SIGNED MESSAGE-----

John Perry writes:
> Anonymous writes:
> > * require encryption for incoming messages.
> Good idea in theory but won't work in practice. The stats generated by the
> anonymous remailer show that less than 40% of the messages passing thru
> are encrypted. Most people would find being forced to encrypt a huge
> inconvenience.

[Underdog's remailer-stats for the past 24 hours show just under 50% use of
encryption.] I suspect, though, that there's a fairly effective process of 
self-selection in determining whether encryption is used. On the one hand, we 
have the folks planning the Quayle `96 campaign strategy, who demand maximal 
privacy w.r.t. the content of their messages, and are liable to face increased
scrutiny by eavesdroppers in virtue of their address subdomains anyway. These
people realize they're under the microscope, and should *ahem* take great
precautions as a result. OTOH, there are high school students posting to asar
about their abusive stepfathers. With very high probability, no-one operating
packet sniffers really cares about the content of this traffic. In fact,
since the messages ultimately appear in public, the only significant need is
anonymity. I hate to say it, but these users inherit by default a fair 
amount of security through obscurity. The few people who might wish to
identify them as the authors of these messages often aren't even aware that 
they should be looking, which is quite different from the situation in the
previous case. The latter group probably doesn't bother with encryption much,
but they probably don't really need it much from their POV.

Obviously it would be beneficent from the anti-traffic analysis perspective
were everyone to encrypt, but at present it requires far too much effort
(relatively speaking) with too little personal gain for the latter group of
users to bother. It's worth remembering that seamless integration of
encryption with standard communication tools passively enlists the help of 
all the people who don't give a damn about using encryption, not just those
who eagerly await improved interfaces.

> If remailers are going to be legally jeopardized, I would 
> think the impact would be less if it were one instead of many. But, there 
> is also safety in numbers. Hmm...

I've been meaning to respond to your announcement of the latest abuse of
jpunix, and this appears to be an ideal opportunity. You evince a degree of
puzzlement about the reasons for the popularity of [email protected] for
"abuses" such as software copyright infringement. I can't help thinking that,
if I were an aspiring member of the copyright violation squad *and* a
dedicated cypherpunk, I would have paid close attention to the discussion of
fortress remailers. I would have noted that you (among others) offered your
remailer as a fortress remailer. To minimize the chances of crashing part of
the remailer bramble, I might well deliberately pick a fortress remailer to
release the sensitive material, reasoning that it's less likely to face
foreclosure in the aftermath of the incident. 

If you build a bulletproof Popemobile for the pontiff, his chauffeur will
enter the demolition derby in it in preference to nailing some steel sheets
onto a weekend special from Avis. "Build it and they will come !" :}

     -L. Futplex McCarthy; use "Subject: remailer-help" for an autoreply
PGP key by finger or server; "Better watch what you say, or they'll be calling
you a radical...a liberal" --Supertramp  "[CIA/KGB mole Aldrich Ames] took 
information in shopping bags out the front door" --miscellaneous Congressperson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLsvylmf7YYibNzjpAQEltwP+PaXLVOnyPkt6cjbVj76UxBo1sgSPER8C
2+jmOr9l7FsduYJDceoyGPgRLEWp+zrSVchSFfegPkIe+lb0MnAaawtpNcbYxSRs
dlqcOP1bC0FS9SFYoj0RygW1MJAdmyjh72NKvZdzRMmQITKVZ1RYAaPr/4pOHhG4
ZVFlMfMANmE=
=Ic3H
-----END PGP SIGNATURE-----