[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Message pools _are_ in use today!
At 11:40 AM 7/3/96, David Wagner wrote:
>Jim Bell brought up the really nifty point that someday soon we may be
>able to receive these message pools by satellite dish-- hurray for true
>broadcasting! That would provide most excellent security (unless `they'
>started requiring licenses, waiting periods, ... to own a dish-- unlikely).
>I can't wait.
Yeah, and I should have mentioned the "PageSat" Usenet distribution model,
too. (It was a really hot topic 3-4 years ago, but I've heard little of it
in the past couple of years...the rise of the Web has made passive
downloads of Usenet a lot less interesting.)
Someone mentioned the Ku-band dishes that are used by PageSat (or whatever
it is now called....). My DSS system, which is technically a Ku-band
receiver, has a digital i/o connector of some sort on the back, and it is
rumored that this will someday be available for PageSat-like uses. (I have
a feeling this may be years off, for admin reasons if not technical
reasons.)
The point being that there are already _many_ ways to read NetNews almost
untraceably. With more to come.
(NetNews also used to be available on CD-ROM; the volume is now so high
that this just isn't practical anymore. But it underscores the point that
NetNews is so "distributed" that attempts to track who is reading
"alt.anonymous.messages," and _particular_ messages in such a group, are
nearly hopeless.)
Finally, the threat model has two angles to consider:
1. The authorities want to know all those who have read a particular
message--call it "ToAlice" to keep in the "Alice" and "Bob" framework.
2. The authorities already have identified a suspect, call him "Bob," and
wish to know if he reading (and perhaps decrypting) messages to "Alice."
As several of us have noted, #1 is tough--real tough. The authorities would
have to contact 10,000 or more ISPs who have local newsfeeds and subpoena
their logs of who read which newsgroups...assuming such logs are even kept
(I don't know the granularity of such logs, whether any logs are kept of
specific newsgroups and specific messages within newsgroups).
The authorities would have to also check on the other distribution
"vectors," including _subscriptions_ to NetNews newsgroups (where a
newsgroup is _mailed_ to recipients...I heard this is an option for some).
And PageSat, and so on.
The second angle, #2, is formally equivalent to wiretapping a target. Once
identified, and tapped, anything the target reads can presumably be read by
the authorities. (Quibbles: I really mean a "black bag" type of
surveillance, where the target's local machine has been
compromised/tapped.)
The bottom line is this: were I an FBI agent given the task of finding out
who is reading a specific message or series of messages, e.g., the
"ToAlice" encrypted messages posted in alt.anonymous.messages, I would tell
my bosses it is economically impractical.
--Tim May
(P.S. I think this recent discussion of message pools, started by Hal and
continued by this latest thread, is very important. Message pools have
fewer of the kinds of "correlations" that can allow sender-recipient
correlations to be made.)
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Licensed Ontologist | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."