[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Remailers, PGP, and a Project Suggestion




On Sun, 27 Sep 1998, Anonymous wrote:

> At 23 Sep 1998 04:27:46 Reeza! wrote:
> > anonymouse, 32 bit aohell to boot. you must feel very safe. Yours is hardly
> > the type of post that might necessitate the use of a remailer, so it should
> > be safe to assume you haven't the courage to stand behind your words, even
> > as mild as they are.
> >
> > Fuck you too. I suggest you discuss your lack of a spine with the maker.
> > See the above for instructions to meet the maker.
> >
> > Reeza!
>
> Hello? This is an old topic, but what the heck...
>
> There is a concept cypherpunks have called "Blacknet", which is an
> organisation that sells profiles of prospective employees based on
> their public comments on the Internet.
>
> This allows employers to filter out undesirables who might or might
> not have outgrown their rebellious youth. (You can never be too safe!)

Even this is a secondary issue.

Many people are using remailers these days because of the advent of the
WWW. Virtually anything written, retrieved, or transfered on the Internet
is vulnerable to monitoring, logging, and future use against you. Even if
you trust the guy you're sending mail to, you can't necessarily trust his
computer security or the security of the network. Systems like Dejanews
and the web search engines illustrate just how much of a log is out there.
That isn't counting the information available solely from mail headers and
IP addresses.

When somebody wants to perform a "great purge," they just go off to a
search engine or database, type in some parameters, and get a list of
people to shoot, jail, or harass.

The natural solution to this is to disguise your identity whenever
possible. I estimate that we have several dozen people who actively post
to Cypherpunks through remailers judging by the way some things are stated
in the postings. I can't tell for sure, and that's the point.

If you want to generate reputation capital, use a nym server. Nym servers
make it obvious that you're using a nym, but it allows you to generate as
many reputations as you want and keep them separate. They're hard to use
without a tool, even for the best of us. Premail leaves a lot to be
desired in that it's slow, has some bugs, and lacks some good features,
but most of the people who want to create a new version seem to live in
the U.S..

The real advantage of the nym servers is that they allow people to see the
origin of the message at a glance. You can do the same thing with regular
anonymous remailers, but you have to verify the signature rather than
glancing at the headers. You should still verify the signature in either
case. This was less of a problem than it once was because premail was out
there, until PGP 5 came out.

PGP 5.x is incompatable with previous versions since it changed both the
protocols and the command line interface. Unfortunately, they changed the
command line interface in a rather stupid way. They also wound up
releasing the Windows version before the UNIX version (by something like
three months).

They seem to check argv[0] to determine what kind of operation you want to
do. 'pgp -seat' won't work anymore. Instead, it's a variant under 'pgpe'.
One PGP binary is created, and several links are set up. The result is
that you can't change the name of the binaries and links if you want. If
there's an advantage to this, I sure don't see it.

When they released the Windows version, Windows users understandably
snatched it up and started using it. The result was a bunch of
incompatabilities between two platforms which could have easily been
solved had PGP, Inc. exercised a little more discression.

That's a moot point now, though. The problem which still remains is the
command line interface. It breaks any script which references PGP, and
that's the main problem.

What UNIX really needs is some kind of mailer which integrates an updated
premail, PGP 2.x support, and PGP 5.x support. Unfortunately, much to the
delight of the government, the people who would code such a thing are
probably in the U.S. like I am.