[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PGP and offline-readers




>> I am getting involved in networking some local BBS' and
>> message bases.

I'm beta testing a privacy-oriented BBS right now that I just finished
programming, called CryptoBBS and what better place to
introduce/ask questions on it than among the cypherpunks!

It is geared towards the hobbyist sysop with an old XT clone or
something lying around as it is a mere 80K (for the floppy-sysops!)
There is no logon prompt asking for name, birthdate, SSAN, and
who knows what else, it goes directly onto the board.  Callers
wishing to post messages, are asked for an alias name to
fill in the FROM: block, but real names or call-back verifiers
are not supported.  My hope is to offer sysop's a choice,
between *choosing* to preserve privacy, rather than the
current practice of obtaining personal information because
the questionnaire's are preprogrammed that way.

The unique feature about CryptoBBS is it's "Post Office."  The
P.O. allows callers to set up a p.o. box from which they can
up/download any file (pgp encrypted files for instance) to any
other user on the board without the sysop's approval/knowledge.
It encourages and nurtures an anonymous "mail drop" community
while protecting the caller's privacy.

The question is, should I throw away the virtues of a lean 'n mean
app at 80K by adding a dolphin or pgp to it that automatically
encrypts the message base, uploaded messages, etc?  Should
we give the BBS caller a little credit and assume he knows to
encrypt at his own machine before uploading the text?  Or is
the temptation to make everyone *lick and seal their message
envelopes* too invasive?

I know the issue of encouraging pgp use by making it as
painless as possible on the end-user is nothing new around
here, but as far as I know no one has ever discussed whether
or not BBS's should handle the job for the caller.