[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Message pools _are_ in use today!

To: [email protected]
Subject: Re: Message pools _are_ in use today!
From: [email protected] (David Wagner)
Date: 3 Jul 1996 04:40:41 -0700
Newsgroups: isaac.lists.cypherpunks
Organization: ISAAC Group, UC Berkeley
References: <adfe19830002100425c1@[205.199.118.202]>
Sender: [email protected]

In article <adfe19830002100425c1@[205.199.118.202]>,
Timothy C. May <[email protected]> wrote:
> I must be missing something....:

Nope!  That would be..er..my fault. :-)

> I'm not following your "upload an article to the NNTP server." Don't most
> people use mail-to-News gateways to post anonymously? (If not, they should,
> of course.)
> 
> This way, the posting of an article has the anonymity provided by the chain
> of remailers used to reach the terminal site, the mail-to-News gateway.

You are quite right.  I was mixing my criticisms.  My mistake.

A message pool provides only recipient anonymity, of course.  For sender
anonymity (e.g. posting to a message pool), chaining is the right way to go.

> The posting is anonymous (within the usual limits we discuss here), and the
> reading is "pretty hard" to focus on, for several reasons:
> 
> 1. Hard to gain access to local ISP without sending alerts out (it would be
> for my ISP, at least). This is admittedly not cryptographically
> interesting, but is a very real practical difficulty.
> 
> 2. Many who browse alt.anonymous.messages probably "glance" at many of the
> oddly-named message pool messages. I know I do. Again, makes it a "needle
> in a haystack" to know which of several hundred folks who glanced at
> "ToBear" or "TheRealMessage"--assuming the NSA could ever identify these
> hundreds--is the real intended target.
> 
> 3. And I recall that many have newsreaders which download _all_ messages in
> a newsgroup automatically. Again, this makes the pool of potential readers
> quite large and meaningless to try to track.
> 
> The use of public posting areas for message pools (what I called "Democracy
> Walls" several years back) seems to me have several compelling advantages
> over "reply-block" approaches.

Good points, all of them.

I agree that public message pools seem to give far better security than
reply-block approaches.  (Although the two can be combined: set up a nym
reply-block which just redirects traffic to alt.anonymous.messages; then
the reply-block is not security-critical, but does allow folks to contact
you by a simple email address.)

Jim Bell brought up the really nifty point that someday soon we may be
able to receive these message pools by satellite dish-- hurray for true
broadcasting!  That would provide most excellent security (unless `they'
started requiring licenses, waiting periods, ... to own a dish-- unlikely).
I can't wait.

Another suggestion was to read alt.anonymous.messages by pointing the
anonymizer at it.  This doesn't stand up to my threat model at all.
The anonymizer only provides you anonymity against a malicious server
who is trying to collect marketing information-- it doesn't protect
you against SIGINT folks eavesdropping on network links, performing
traffic analysis, etc. to trace back your access.

Now if we had pipe-net deployed :-), the idea might work...

References:
- Re: Message pools _are_ in use today!
  - From: [email protected] (Timothy C. May)

Prev by Date: Re: PGP secret keys
Next by Date: Re: Info on alleged new German digital wiretapping law?
Prev by thread: Re: Message pools _are_ in use today!
Next by thread: Re: Message pools _are_ in use today!
Index(es):
- Date
- Thread