[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blocking addresses by default



-----BEGIN PGP SIGNED MESSAGE-----

Mark M. wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> With remailer abuse becoming more popular and remailers going down
> because of complaints, there seems to be some interest in remailer
> software that will block all email by default and will only pass
> along email that is explicitly unblocked.

I think this threatens serious security problems for the remailer 
network in two ways:

1. You'd create a list of people interested in anonymous information,
   which could potentially be obtained by police or other armed thugs.

2. The traffic would go down so substantially that traffic analysis     
   would be trivial.

As a counterproposal, I'd like to see better disclaimers on remailed 
messages. The reason the people complaining are so pissed off is that 
the blocklists are neither advertised nor automated enough. I'd like to 
see disclaimers and block list instructions at the top of the body of 
every single message. This would be encapsulated in some mark characters 
so that it could easily be removed by remailer chains. E.g.,

 To: [email protected]

 Request-Remailing-To: [email protected]

 [message]

[email protected] prepends the following to the message before it is 
sent along:

 $$
 This message was sent through the anonymous remailer network. Neither
 the operator of this remailer, [email protected], nor the
 postmaster at this site has any way of determining the source or
 filtering the content of remailer messages. No logs are kept. If you
 do not wish to receive such anonymous messages from any link in the
 remailer network, send an email message to [email protected]
 with subject line "block." For more information on the remailer
 network, see [Raph's list] or send email to help@[?].
 $$

[email protected] looks for "$$" as the first line of the message, 
and strips everything up to the next occurrence of "$$". It then appends 
its own disclaimer block before sending the message to the hop (remailer 
or final destination).

A bit annoying, yes, but I think this would go a long way towards 
improving public relations. I don't see how it compromises security.

What's wrong with this scheme? Other than the fact that all remailers 
would have to change their software at the exact same moment. :-)

[By the way, someone told me that the Chardos remailer doesn't include 
Complain-To or block-list instructions anywhere, not even in X-Headers.
Is this true? I think that would be bad. [tm]]

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMoJFnCoZzwIn1bdtAQEZSwF/eurxI6jVBcv4srS8FEE3Rtc5rVCTfyw8
gNrC5p5ZzBGgFCaM3MOair4gH91zH/HK
=oqSh
-----END PGP SIGNATURE-----