[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: It is good that anon.penet.fi has been closed!



In a challenging article posted 12:33 PM 9/1/96 -0500, 
[email protected] (Igor Chudov) wrote:
>Yes, subject says it all. anon.penet.fi was a whole lot worse than
>cypherpunks remailers. It provided clueless users with no real security,
>because it stored return addresses and did not use chaining and
>encryption.

There are different reasons people use remailers, different
amounts of security they need, and different levels of security
that the remailers can provide.  Anon.penet.fi was a Good Thing.
It got a few hundred thousand people thinking about remailers,
and why they want them, and thinking they were good tools.
It helped the public learn that anonymity is useful for real people, 
and helped the public learn that they can't always believe an
email message is from the "person" on the From: line,
and that email and news postings aren't always authentic just
because they come out of a computer :-)

One way to provide privacy is through heavy mathematics;
for some people, and some threats, you need that.
Another way to provide privacy is through a trusted operator
who's willing to put up with a lot of crap to provide the service.
For many people, that's enough - not for people worried about
eavesdroppers and overthrowing governments, but enough for people
talking about their attitudes toward work and sex and drugs who 
don't want their email traced by their employers, nosy neighbors,
or local vice cops.  And part of this security is the willingness
to close down a popular service when it's security is threatened.

One feature that's really needed for many remailer applications
is reply addresses.  Doing that securely with cypherpunks-style 
remailers is hard; doing it securely with trusted-sysop remailers is
much easier, and even then there were occasional bugs, and plain surprises.
In general, anything that knows the return path is vulnerable;
if the person sending the reply knows the destination address,
which doesn't apply to many of the applications,
the remailer system in between can be secure, 
but otherwise you're not "truly secure" - only "pretty good".

Knowing what the users really want to do helps you do it more securely.
>From what I know of remailer history, the main original goal 
of the cypherpunks-style remailer was to provide
security against traffic analysis by eavesdroppers, rather than to
prevent the recipient from knowing the sender's address, though
everybody pretty quickly realized that the latter was an interesting
feature, especially coupled with posting to Usenet.
Learning the differences between what people will really do with
2-way remailers as opposed to 1-way remailers can be done
better with an easy-to-use 2-way remailer like penet.fi
which can get 500,000 (possibly duplicated) users than with
moderately complicated systems like alpha.c2.org or the really
complicated things that may be needed to get better security.

>Maybe closing of anon.penet.fi will spur real interest from the unwashed
>alt.sex.* masses to the truly secure remailers.
Who knows; maybe the most effective way to fund "truly secure" (bwah-hah-ha)
remailers will turn out to be to carry phone sex advertising :-)
Or maybe somebody will build a decent digicash interface
to a remailer, which will help get digicash going now that
everybody who uses remailers will be looking for a new home.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!