[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
The Remailer Crisis

To: [email protected]
Subject: The Remailer Crisis
From: [email protected] (Timothy C. May)
Date: Thu, 19 Jan 1995 01:14:05 -0800 (PST)
Cc: [email protected] (Timothy C. May)
Sender: [email protected]

I don't think I've used "crisis" in a thread I started, so this tells
you what I think.

The remailers are stagnating, only very slowly adding important
features, and the number is not growing...in fact, it's been
shrinking.

This, as the remailers are under attack. Editorialists are railing
against the dangers of anonymity and remailers, and the "Church of
Scientology" is threatening lawsuits against remailer operators unless
they block certain newsgroups. (Lots of issues, clever workarounds
proposed, etc.)

Now whether or not the Church of Scientology, or RSADSI (for the RC4
code remailing), or anyone else could legally _win_ such a case is not
the issue. Not many remailer operators would be able to mount a
defense...they are not, frankly, folks heros as Zimmermann is--and
even PRZ is struggling to raise money. Maybe the EFF (ugh) would leap
into the fray, but I doubt it. Nope, I fear that the pressures that
have driven several remailers to halt operation are just the tip of
the iceberg. (Some remailers have quit because of words from their
sysadmins, semi-threatening conversations with Brad Templeton--Hi,
Brad!--, and so on. Real letters from real lawyers would have a
profoundly more chilling effect.)

We've debated this stuff many times, but the numbers of remailers are
shrinking. Raph Levien summarized the situation nicely in a post to
alt.anon-server: 

"We're down to fifteen remailers now, many of which are unreliable. I
would say the remailer net is not in good shape right now.
Fortunately, I know of a number of plans to bring new remailers up, as
well as restoring old ones."

(I hope Raph can share with us soon what some of the plans are, unless
he fears revealing this will aid our opponents.)

I could see the whole remailer system imploding. A few threatening
letters, especially if sent by real lawyers, could demolish the few
U.S. sites. And with the Netherlands toying with proposals to ban or
limit private encryption, having Holland as the main remaining host for
remailers would be rather precarious.

We need lots more remailers, in many more countries.

What can be done?

* We need to get the number of "solid" remailers up from the current
dozen or so up into the _hundreds_.

* I favor separating the "account that remails" from the "owner of the
site," as I have argued in vain in the past. (Example: a willing site
gives out or sells many accounts...each is legally separate, and each
must be legally challenged. My longer posts dealt with this.)

(The owner of the site/machine can take a "hands off" attitude toward
what his customers are doing in their accounts. This doesn't stop
pressures from being applied, but it slows them down, and (probably)
better insulates the owner from legal charges.)

* Traffic needs to be increased. Remailers should probably go to
constant padding traffic, to do this. Exhorting end-users to use
remailers more won't be enough.

* More offshore sites are needed. So far, only Canada and the
Netherlands are offshore hosts (and Canada is effectively part of the
U.S.). Some sites in Russia would be dramatic. Ditto for Asia, South
America, etc.

* The whole issue of "remailer businesses," with all the usual issues
of digital postage, stamps, coupons, etc, has to be resolved. That is,
we need to get some movement here. Most remailers are run as projects
by students on machines they don't control, or that they can be
pressured on, or with a committment to stay in business that will
evaporate too easily. A business, with business responsibilities, is
usually a more stable solution. 

I think we need to set some rough targets and brainstorm on how to get
to them.

For example, the Linux mavens could tell us if Linux-based remailer
boxes could be hung on dedicated connections to The Little Garden
network, as a specific example. A "black box remailer" such as several
folks have suggested (Chaum (in 1981), me, Eric Hughes, others) might be
buildable for under a grand. We could ask here for contributions, and
might even raise this amount of money. Then each of us who contributed
could have "accounts," maybe several of them. Imagine 100 or more
"remailers" all on this one machine--I'm deliberately ignoring the
security issue for now. Little Garden has stated categorically that
they will not tell users what they can or can't do with their machines
(though I can think of some cases where they might have to, as with
spamming, etc.). Anyway, you can see where I'm headed.

My big fear is that the one really major achievement of the
Cypherpunks group, the remailers, are not increasing in number and
could be knocked out all too easily with some legal attacks.

It's time to get cracking on this crisis.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
                       | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay
Prev by Date: Re: Multiple symetric cyphers
Next by Date: Re: remailer security
Prev by thread: Re: Factorisation and Discrete Logs (was Re: EE Times on PRZ)
Next by thread: Re: The Remailer Crisis
Index(es):
- Date
- Thread