[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PGP-out-only vs. hashcash aware remailers?

At 05:40 PM 12/30/1997 -0400, Privacy Admin <[email protected]> wrote:
>Since I've switched to type-I pgponly remailer I haven't had a problem
>with spammers. I've been wondering if hashcash makes sense for remailers,
>or [only] for mail2news gateways. 
>I guess I am looking for any means of controlling spammers using remailers
>and mail2news gateways.

Hashcash won't help mail2news, except by discouraging dumb spammers,
because news spam only needs a few messages.
PGP-only input will cut down on most spammers, though you'll still get 
a few, especially if they're spamming mailing lists (which makes the 
encryption both worth the effort and useful for safety.)

If you modify your remailer to only _output_ PGP-encrypted messages,
you get hashcash-equivalence, and cut abuse substantially.
The cost is limiting recipients to pgp users (plus known exceptions),
but it's tough to spam people when you need to look up their PGP key
and encrypt to it (at least you'll only get spams for high-tech stuff),
and it's tougher for random abusers to abuse people since most targets
don't have PGP keys, and a mailbox full of PGP junk is less annoying
to most people than a mailbox full of human-readable hate mail.
In particular, it's harder to send death threats to politicians
if they don't have published PGP keys.

Is this a feature that makes sense?

PGP-out-only remailers aren't as useful for anonymous tip lines
(unless the tip line has a PGP address.)  
They're not as useful for inviting new people into your conspiracy, 
though they're fine for conspiring with people whose keys you already know 
(and they can be unlisted keys only used for the conspiracy.)
If the Bank of Caribbean Cash Importers is interested in taking
anonymous clients who contact them through remailers, they've 
probably got a PGP key handy to send to anyway.
They're not transparently useful for mail2news, but the remailer
could make exceptions for known mail2news sites, or could ignore
the problem, which is fine for posting to alt.anonymous.messages,
though not for posting to alt.whistleblowers.

How would you implement it?
Obviously you'd need to allow some unencrypted lines at the beginning,
at least if they have remailer syntax( ::, ##, mail headers, etc.).
Do you cut all lines after the "-----END PGP"?  My first impression was
yes, but after reading the Freedom Remailer source, it looks like
this might kill messages using encrypted reply blocks, so maybe not.
Detecting the PGP itself can be crude ("----- BEGIN PGP ENCRYPTED"...)
or can be a bit fancier (make sure the lines are all the right length
and limited to the correct character set), 
or much fancier (de-armor and look for PGP blocks).

Even the fancy approaches can be spoofed, since you can't go very
deep into the headers without the right keys, so a couple lines of
real PGP material could be included, leaving possibilities like
	Request-Remailing-To: Your Mama
	Subject: My Guitar Wants to Kill Your Mama
	Version: PGP for Personal Privacy 5.0
	Comment: PGP allows arbitrary comments, so Decrypt This!

	-----END PGP MESSAGE-----
	and your little dog, too!

But at least it's a start.
Bill Stewart, [email protected]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639