[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Twilight of the Remailers?



[email protected] (Timothy C. May) writes:

 > Between Hacktic going down, Hal's comments that he may shut
 > down his two sites, and this, plus others who are more
 > quietly making plans to shut down, I think the thread title
 > "The Remailer Crisis" is more apt than ever.

 > As to potential liability, it is very likely to be vastly
 > more than the examples Alex cites, of $1K or "even a $5k
 > personal loss." Lawyers don't get out of bed in the morning
 > for such insignificant sums.

Yet fully anonymous mailing has always been supported by the Post
Office.  You may put anything, or nothing, as the return address
on an item to be mailed, and drop it in the dead of night into
one of millions of conveniently provided bins located almost
everywhere.

All for the quite reasonable price of thirty-two cents.

It is interesting that the above model doesn't seem to survive
parallel translation across the manifold to the TCP/IP arena.

One reason for this is that there is no Postal Equivalent of
Usenet.  If anonymously mailed items magically appeared as
articles in tomorrow's paper, for instance, one might expect
significant heat to be generated, as well as calls for the
elimination of anonymous mailboxes, and the association of a
valid ID with each item mailed.

The other reason is that the network of anonymous Postal
mailboxes is so vast, and specific individuals are not associated
with particular mailboxes.  There is no way for someone like Hal
to have rhetorical responsibility, for instance, if the Unabomber
plops his latest exploding package into a particular box.

 > It's one reason I won't run a remailer that can ever be
 > traced back to me. (I also don't have a box on the Net and
 > don't really trust running remailers on machines someone
 > else has root to. And I'm not a Unix person. And....)

Of course, Unix people can send anonymous mail without the use of
remailers.  Spoof an Ident or an IP, stuff it in some kind
person's sendmail port, and "Voila!", the mail is on its way.

Perhaps we need a remailer that automates this process.  Current
remailers all identify the sender quite clearly with a message
such as the following...

"This message was mailed by an automatic posting service.  The
sender takes no responsibility for its contents, but if you want
to sue someone for an unspeakable amount of money, my name is
Hal."

It is clear that this model for remailers fails miserably if any
significant amount of legal heat is applied.

Contrast this with a DC-Net of boxes which can covertly inject
packets into the Net, in some untracable manner.  Now we have no
identifiable "Hal" to be harrassed, and no one for the Clams to
aim their lawyers at.  Perhaps we could also do something with
Mobile Agents, which could carry an encrypted message and stuff
it into the Net from some random location.

We are certainly at the point where the notion of a "remailer" as
an identifiable source of traffic run by a specific individual is
about to bite the dust.

 > Ironically, "copyright violation" and "clam secrets" were
 > not even on the list of "the Four Horsemen of the
 > Infocalypse" that we thought would really put remailers
 > under some extreme pressure. If the Scienotologists can shut
 > down many of the remailers, imagine what the Horsemen will
 > do!

I think it's time for a slight leap forward in the technology
that is employed to provide the functionality formerly known as
"remailing."

A little increase in reliablity might not hurt either.  My
current success rate for getting something through a remailer
chain is about 50%, and that's using Ralph's reliable remailer
list as a guide.

Time for a brainstorming session.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     [email protected]     $    via Finger.                      $