From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matt Blaze Date: Sun, 1 Jan 95 09:21:32 PST To: rishab@dxm.ernet.in Subject: Re: Exporting cryptographic materials, theory vs. practice In-Reply-To: Message-ID: <9501011723.AA12712@merckx.info.att.com> MIME-Version: 1.0 Content-Type: text/plain >Just which form did they sign, exactly? These procedures remind me of Feynman' s >refusal to sign more than 12 times during some government talk. The license itself has a space for the customs people to "endorse" each export/re-import. Interestingly, I can't figure out how to distinguish between the signature I got when I left and the one I got when I came back. There are just two signatures and stamps on the back of the license, one dated when I left and one dated when I returned. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Lile Elam Date: Sun, 1 Jan 95 13:21:15 PST To: cypherpunks@toad.com Subject: good news about the EFF... Message-ID: <199501012115.NAA06292@art.net> MIME-Version: 1.0 Content-Type: text/plain This might be of interest: ---------- Forwarded message ---------- Date: Tue, 20 Dec 1994 17:04:23 -0800 From: Brock N. Meeks To: cwd-l@cyberwerks.com Subject: CWD Changes in the Wind At EFF CyberWire Dispatch // Copyright (c) 1994 // Jacking in from the "Back to the Future" Port: Washington, DC -- The Electronic Frontier Foundation has fired its Policy Director Jerry Berman and will soon release a sweeping new agenda for 1995 that promises to return the organization to its original grassroots beginning. Asked to comment on his firing, Berman bristles and says: "I think that's baloney." Then he quickly adds: "Did you ever think I might have wanted to leave?" Berman has, in fact, left EFF, to head a new, as yet unannounced, policy group called the Center for Democracy and Technology. His departure from EFF and the creation of CDT will be made public this week in a joint announcement with EFF, sources said. The official line that will be spun to the public is that the two came to a "mutual parting of the ways." That benign statement, however, doesn't reflect the long hours of the behind the scenes deliberations, in which the language of the press releases will be a cautiously worded as an official State Department briefing. Heroes and pioneers always take the arrows; EFF lately has looked more like a pin-cushion than its self-appointed role as protector of all things Cyberspace. The beleaguered organization has over the course of the past two years endured often withering criticism from the very frontier citizens it was sworn to uphold and protect. The reason: A perceived move away from its grassroots activism to the role of a consummate Washington Insider deal maker. Berman is the man largely responsible for cutting EFF's policy cloth. He wears the suit well. Maybe too well. Although he has the political acumen to arm-wrestle inside-the-beltway, it comes at the expense of his management style, EFF insiders said. Those shortcomings came at the expense of EFF's day-to-day operations and didn't go unnoticed by its board of directors. The EFF board in October fired Berman for mismanaging the group's organizational and fiscal responsibilities. No impropriety or malfeasance was alleged, the board was simply dissatisfied with Berman's day-to-day managing of the shop. In a precursor to the board's October decision, it split Berman's job, giving him charge of just the policy arm, which board members said played to his strength. They then hired Andrew Taubman as executive director to oversee the day to day tasks. Separate from the organizational and fiscal misgivings, the board also couldn't brook with priority on policy affairs that Berman had engineered. Although Berman expertly navigated EFF through the choppy political waters of Washington, that course increasingly steered the organization away from its original vision as a populist group. Never was the hardcore policy-driven slant of EFF more apparent than during the two-plus year political firestorm that surrounded the FBI's infamous Digital Wiretap. The political wrangling during that time, in which Berman brokered the influence of EFF with the backing of the telephone, computer and software industries, to reach a compromise with legislators and the FBI on the bill's language, increasingly drove a wedge between the organization and its grassroots membership. Nobody within EFF interviewed for this article disagreed with how Berman ran his policy tour de force. In fact, the board was generally in agreement that Berman did an excellent job in helping to broker a less nefarious version of the FBI's wiretap bill than would have otherwise passed without his involvement on EFF's behalf. As effective as Berman was in shuffling between the political and ideological interests of EFF and its members, the "inside baseball" political bullshit was largely lost on the community of the Net, who viewed it as a kind of betrayal. The fact that there would be a backlash from the Net came as no surprise to Berman and EFF, who recognized the fine line they had to walk in dealing with a politically charged issue rivaled only by the Administration's insipid Clipper Chip encryption policy. You see, the Net community is a binary braintrust, a world of ones and zeros -- either on or off -- in which shades of grey are rarely an option. Yet it is exactly these shades of grey in which Berman excels and thrives. It is a skill -- and damn near an art form -- to be able to move among the shadows and Washington's land of a thousand different agendas. And that's right where Berman had steered EFF. However, it's not where the EFF board thought the organization belonged. And so, in a few days the Net community will read a grand announcement in which EFF and Jerry Berman state they've had a "mutual parting of the ways." The announcement will be several fold, including: -- The formation of Berman's new Center for Democracy and Technology. -- That EFF has hired current board member David Johnson, currently a computer law attorney with the Washington law firm of Wilmer, Cutler and Pickering, to be its new policy director, although that exact title has yet to be finalized. -- A new policy agenda for EFF that includes creation of an annual "State of the Net" report. EFF Executive Director Taubman declined to comment on Berman's firing, saying only that the organization and its former director had, indeed, agreed to a "mutual parting of the ways." He said EFF and Berman's new group would continue to work closely with each other and that the efforts of each would be mutually beneficial. Johnson said he was excited about the new policy efforts he would be heading up for EFF, which, in addition to the "State of the Net" report, includes commissioning papers and studies to help build a more solid idea of what exactly constitutes the Net "community" on a global basis and helping to define the Net's community as recognizable legal entity. In addition to the new policy efforts, Johnson will have to restock EFF's policy department: All the EFF policy wonks have jumped ship, resigning their positions and joining with Berman's new venture. The upheaval at EFF -- which included moving the entire operation here to new digs in Washington -- apparently hasn't hurt moral which has "never been higher," Taubman said. Underscoring Taubman's remarks is EFF's on-line legal council Mike Godwin, who said the changes "create an opportunity for us to return to our more populist mission and vision that we started with." All Things Being Equal ================= Adversity for a political junkie is the warp and woof of Washington culture. Berman is no worse for the wear, having parachuted out of EFF and into his new organization. He said CDT will be differ from EFF "on what to emphasize." That emphasis will be to focus on "on the ground public policy," he said. And it won't only be Berman's staff that sets the scene for familiarity as he jump starts CDT. The former EFF policy staffers will supply him with horsepower and his political currency will open doors. But he needs cold hard cash to feed the troops and pay the rent. That means his new organization must have financial backing and here, too, there are no strangers. Berman's bringing along a fair chunk of EFF's corporate sponsors to his new home. Companies providing seed money to Berman's CDT include AT&T, Bell Atlantic, Nynex, Apple Computer and Microsoft. These same companies provided a combined $235,000 in donations to EFF in 1993, minus Nynex, which wasn't listed as a major donor (over $5,000) on EFF's tax returns. It's not known if these companies will continue to fund EFF in full or in part or what amount they have pledged to Berman's group. Just how well-heeled CDT is and exactly who makes up the full roster of its sponsorship remains to be seen. We'll know that after the organization files its first tax returns, which will be a matter of public record. Meeks out... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: raph@netcom.com (Raph Levien) Date: Sun, 1 Jan 95 13:45:35 PST To: cypherpunks@toad.com Subject: Berman resignation In-Reply-To: <199501012115.NAA06292@art.net> Message-ID: <199501012145.NAA10782@netcom20.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Brock's piece on Jerry Berman's resignation broke about a week after I sent my EFF t-shirt back, attn Jerry Berman. Never again believe that cypherpunk political action doesn't make a difference. Raph (BTW, I got a nice apology from Peter Lewis about the NYT article. Apparently, it got shredded in the editing process) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pcw@access.digex.net (Peter Wayner) Date: Sun, 1 Jan 95 12:38:42 PST To: cypherpunks@toad.com Subject: Stegno for Kids Message-ID: <199501012039.AA14592@access2.digex.net> MIME-Version: 1.0 Content-Type: text/plain I was at a birthday party for a nine-year old niece. She got some dolls (ugh), a Sega Game Gear Game called "Out Run" (not bad) and Crayola brand secret writing pens (WOW!!!!). There are about 8 pens in the set. You write secretly with two of them and develop the image with the other six. I believe the 6 developing pens create images in different colors, but I'm not sure. It just wouldn't look cool for me to rip open the package at SideShow Pizza and hog her gift. Then I had to go. Alas... -Peter From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in Date: Sun, 1 Jan 95 04:00:48 PST To: cypherpunks@toad.com Subject: Re: Exporting cryptographic materials, theory vs. practice Message-ID: MIME-Version: 1.0 Content-Type: text/plain Matt Blaze : > So we chatted about computers and cryptography for a while. Finally, > the two of them decided that it wouldn't really hurt for them to just > sign the form as long as I promise to call my lawyer and get the SED Just which form did they sign, exactly? These procedures remind me of Feynman's refusal to sign more than 12 times during some government talk. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mark Terka Date: Sun, 1 Jan 95 14:54:07 PST To: cypherpunks@toad.com Subject: The Code Breaker's Work Bench? Message-ID: MIME-Version: 1.0 Content-Type: text/plain I saw someone mention this program on sci.crypt once. Its supposed to be an aid to those trying to break a cypher. Does anybody know the ftp site it is located on? unimi.it perhaps? -------------------------------------------------------------------------- Mark Terka | werewolf@io.org | public key (werewolf) by Toronto,Canada | dg507@cleveland.freenet.edu | public key server or request --------------------------------------------------------------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: norm@netcom.com (Norman Hardy) Date: Thu, 5 Jan 95 01:07:06 PST To: cypherpunks@toad.com Subject: Re: another factoring thing. . . . Message-ID: MIME-Version: 1.0 Content-Type: text/plain At 11:04 PM 12/30/94, camp@industrial.com wrote: >Hey did anyone see the artical, some time ago in Science News (May 14, >1994) their was this artical on using a 'quantum computer'. Through >the marvels of quantum mechanics it is theroretically possible to >build a computer that would be really good at factoring large numbers >such as the ones used in RSA. This combined with team sieving could >possibly be used to signifigantly reduce the time required to factor >a key. Any thougts, did anyone else see the artical, has there already >been a really stimulating discusion that I missed? Well let me know. .... I think that that kind of quantum computer is much less likely to be built to impact RSA style crypto, than some revolutionary sort of factoring algorithm. It is not clear whether the tolerances required for the quantum computer can ever be met and it is not entirely clear if the quantum principles are correct. I don't entirely rule it out however. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: gnu Date: Sun, 1 Jan 95 18:55:23 PST To: cypherpunks@toad.com, gnu Subject: Book review: Codebreakers, the Inside Story of Bletchley Park Message-ID: <9501020255.AA13843@toad.com> MIME-Version: 1.0 Content-Type: text/plain This is NOT David Kahn's excellent book "The Codebreakers". This is a British volume full of personal stories of thirty people who worked at Bletchley Park or at British code-breaking in the field during WW2. I found it a very touching and personal book. Each person tells their own story in a five- or six-page essay, and the stories cover a whole range of activities, from cryptanalytical work to typing-and-filing to the people who constructed and maintained the physical buildings. As the introduction says, "...few of the events described here were chronicled at the time, and those who worked at Bletchley and its outstations were forbidden to talk or write about it -- almost to remember it. The compiling of this book has rested almost entirely on personal memories; and that is unusual in an account which pretends to any sort of accuracy. Moreover, nobody who worked at Bletchley can now be under 65; several contributors are in their mid-80s. For all of us clear and accurate recollection of highly specialized Top Secret facts across fifty years has been a demanding task, requiring much cross-checking." There are lots of details about how real live wartime code-breaking worked fifty years ago -- details I have seen nowhere else. I recommend this book to any cypherpunk. Codebreakers: the inside story of Bletchley Park. ed. by Francis Harry Hinsley and Alan Stripp. Oxford, England: Oxford University Press, 1994 (hardback issued in 1993). ISBN 0-19-285304-X. US$13.95, at my local bookstore. -- John Gilmore gnu@toad.com -- gnu@cygnus.com -- gnu@eff.org A well-regulated intelligentsia, being necessary to the security of a free State, the right of the people to keep and bear books, shall not be infringed. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Adam Shostack Date: Sun, 1 Jan 95 17:49:30 PST To: werewolf@io.org (Mark Terka) Subject: Re: The Code Breaker's Work Bench? In-Reply-To: Message-ID: <199501020148.UAA23008@bwh.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain | I saw someone mention this program on sci.crypt once. Its supposed to be | an aid to those trying to break a cypher. From cbw.doc: Overview The Crypt Breakers' Workbench (CBW) is an interactive multi-window system for mounting a cipher-text only attack on a file encrypted by the Unix crypt command. CBW is a workbench in the sense that it provides the user with an integrated set of tools that simplify the initial, middle and final portions of the decryption process. A user interacts with the workbench by choosing tools and setting parameters. CBW carries out the work and displays the results. A moderately experienced user of CBW can easily decrypt both long and short messages when bigram statistics are known for the message space. The basic cryptanalytic techniques used by CBW are described in a paper by Reeds and Weinberger that appeared in the October 1984 issue of the ATT Bell Laboratories Technical Journal. This manual explains the capabilities and operating procedures of CBW coast.cs.purdue.edu:/pub/tools/unix/cbw.tar.Z From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Robert A. Hayden" Date: Sun, 1 Jan 95 18:59:46 PST To: Cypherpunks Mailing List Subject: Ch-ch-ch-ch-changes... Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I read with interest about the (about time) reorganization of the EFF. While it is certainly a little early to make any kind of final decisions about the EFF, I do wonder a few things: What will the EFF now be doing now that isn't already done by other organizations? It sure seems to me that this CDT is awfully similiar to the CPSR, except it's headed by former EFF people who have been puckering up to the Washington politicos, the Telcos and other entities for the past few years. Is there really a purpose? Any thoughts on how the EFF will change it's approach? I'm due for renewal in March and I want to make sure I'm not flushing my money away. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwdsDDokqlyVGmCFAQFFlwP+NHiRjJPt8wqe4TuPoHrlAp9lbbu1Y2eZ foacY3htQgeXc2S4lcKbAvFAMEYpmjYw27IKpjSKXkuqML0x6uL7h9AGmc5EcP7h ZwWrOLhrqxqQNehGaxB6/2tqlb2W0usAkl3fwZPz/hJEPaR++ajmx/eunGFT8S6w pQWlpZL1K/0= =cuip -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> All I want is a cure... \/ Finger for PGP Public Key <=> And all my friends back! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: werewolf@io.org (Mark Terka) Date: Sun, 1 Jan 95 18:55:05 PST To: cypherpunks@toad.com Subject: Re: The Code Breaker's Work Bench? In-Reply-To: <199501020148.UAA23008@bwh.harvard.edu> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article <199501020148.UAA23008@bwh.harvard.edu>, Adam Shostack wrote: > >| I saw someone mention this program on sci.crypt once. Its supposed to be >| an aid to those trying to break a cypher. > >>From cbw.doc: > >Overview > The Crypt Breakers' Workbench (CBW) is an interactive >multi-window system for mounting a cipher-text only attack on a file >encrypted by the Unix crypt command. CBW is a workbench in the sense Ok....I thought it was more generic than that. To mount an attack on an opponent requires specific programs oriented toward the cypher in question. Can anyone suggest what programs / tools may be out there for cypher busting? I'm just curious....and no, I'm not planning on reading my girlfirend's mail :>. I'm just interested in the methods exist in the real world. Hell, I'd even be interested in a program to bust Enigma. That would give a basic example or idea of how codebreakers operate on a day to day basis. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwdk13BFBj7pSNyhAQFqoQf+MbB7ffw3gaFuynO3riyL0MSF/143a5d3 TnbnzsMd+srKSx3bhp4SkcgIazrP3h9DzpAyriFLJl+zfdPz+kFOQGZfwPfZvEu3 fwCO+ClrKBqnJ/WiMZ0aluxfFz5NkIDolwLeeW2UfzOEcGsN4DuFvpJ66PRgLZRg Uw3qouzBjljTazyFjVlH1VaxWbywQrhiCotPvgXCrMY+CBO3FXcPW6w7pYHi8Ovh yelANTkI9cSe7f1BE0ONaEac2Xhb1htdB99goRIbxQbqP1zKUsBM+JzGvkpr4gKT ihEV3EFBGW3EGHDrCkdDqox4hnl0HRkdsH3MWt9prJXvbXvBUIfxtA== =9fAE -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Lile Elam Date: Sun, 1 Jan 95 22:49:38 PST To: cypherpunks@toad.com Subject: I'm back. :) Message-ID: <199501020643.WAA08339@art.net> MIME-Version: 1.0 Content-Type: text/plain Hi folks, I finally got back on cypherpunks. Have been incredibly busy but wanted to keep intouch as several artist friends of mine want to start using art as a encryption vehical... Should be fun... Happy New Years. Let's hope it's a good one for cryptography. -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "a brush in hand, a wisp of wind, she sighs lile@art.net | knowing that this will be the great one..." http://www.art.net | -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matt Blaze Date: Sun, 1 Jan 95 20:21:50 PST To: gnu@toad.com Subject: Re: Book review: Codebreakers, the Inside Story of Bletchley Park In-Reply-To: <9501020255.AA13843@toad.com> Message-ID: <199501020423.XAA26847@crypto.com> MIME-Version: 1.0 Content-Type: text/plain Let me wholeheartedly echo John's recommendation; this is a terrific book, one from which I learned a great deal. You'll get more out of it, however, the more you already know about the Bletchley Park efforts and the principles on which the Enigma and Lorenz machines operated. In particular, Welchman's "The Hut Six Story" (McGraw Hill, 1982) makes good preparatory reading. Unfortunately, that book has been out of print for some time, but is fairly widely available at used book shops. I had the opportunity to visit Bletchley Park a couple of weeks ago. Most of the original huts are still standing, albiet in various states of disrepair. Walking around the site, knowing something of what went on there in complete secrecy 50 years ago, I could only imagine the sense of urgency and bustle that must have been in the air with 12000 people working (day and night, over three shifts) in a relatively small space. The more I learn about the effort the more impressed I am with the accomplishments that took place there. In particular, the path from basic research to operational functionality was far shorter than one would think possible. After the war, the site was used by GCHQ and by British Telecom as a training center. It was recently saved from redevlopment and is now being converted into museum. Among the projects taking place there is a construction of a working model of the original "Colossus" machine, arguably the first electronic computer ever built (it was used in breaking the Lorenz teleprinter cipher). I believe the site is currently open for visitors on alternate weekends. -matt From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Aron Freed Date: Sun, 1 Jan 95 23:04:48 PST To: Lile Elam Subject: Re: good news about the EFF... In-Reply-To: <199501012115.NAA06292@art.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sun, 1 Jan 1995, Lile Elam wrote: > CyberWire Dispatch // Copyright (c) 1994 // > > Jacking in from the "Back to the Future" Port: > > Washington, DC -- The Electronic Frontier Foundation has fired its Policy > Director Jerry Berman and will soon release a sweeping new agenda for 1995 > that promises to return the organization to its original grassroots > beginning. > > Asked to comment on his firing, Berman bristles and says: "I think that's > baloney." Then he quickly adds: "Did you ever think I might have wanted to > leave?" > > Berman has, in fact, left EFF, to head a new, as yet unannounced, policy > group called the Center for Democracy and Technology. His departure from > EFF and the creation of CDT will be made public this week in a joint > announcement with EFF, sources said. The official line that will be spun > to the public is that the two came to a "mutual parting of the ways." > > That benign statement, however, doesn't reflect the long hours of the > behind the scenes deliberations, in which the language of the press > releases will be a cautiously worded as an official State Department > briefing. > > Heroes and pioneers always take the arrows; EFF lately has looked more > like a pin-cushion than its self-appointed role as protector of all things > Cyberspace. The beleaguered organization has over the course of the past > two years endured often withering criticism from the very frontier citizens > it was sworn to uphold and protect. > > The reason: A perceived move away from its grassroots activism to the role > of a consummate Washington Insider deal maker. Has anyone seen Monty Python's Life of Brian..... DO I hear a parallelism??? Something to the effect of "The PEople's Judean Front", "The Popular People's Front", and it goes on an on.... HOw about for the modern approach.... CDT, EFF, CPSR, Cypherpunks... Do I hear more.. Or are we so split up that we can't agree on our common goal.... Aaron From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Lile Elam Date: Mon, 2 Jan 95 00:55:30 PST To: marc@cam.ov.com Subject: Re: Exporting cryptographic materials, theory vs. practice Message-ID: <199501020848.AAA08819@art.net> MIME-Version: 1.0 Content-Type: text/plain But what if that plane crashed... It's better to spread people out over several flights... -lile From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: skaplin@skypoint.com (Samuel Kaplin) Date: Sun, 1 Jan 95 23:25:31 PST To: cypherpunks@toad.com Subject: Listing of Files on the Auto-Responder as of 01-01-95 Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Last Modified: 01-01-95 20:30 (CST) This is the index for Sam Kaplin's Auto-Responder. To get a file: Send a message to: skaplin@c2.org The the subject of the message MUST BE: SEND FILE [file_name] EXAMPLE: Subject: SEND FILE help <----Case Sensitive!!! All binary files are UUENCODED with PGP signatures. Please address all comments or problems to skaplin@skypoint.com. If you receive a blank message back, then the file you requested does not exist. Should you have a crypto related file that you would like added, contact me at: skaplin@skypoint.com. Please note that I am subject to the petty whims of the U.S. government, so I will not add any files which may be subject to ITAR. - -------------------------------------------------------------------------- File Name Description - -------------------------------------------------------------------------- apgp212_1.uue Autopgp 2.12 offline mail packet processor. Automates PGP functions. Part 1 of 4 apgp212_2.uue Autopgp 2.12 offline mail packet processor. Automates PGP functions. Part 2 of 4 apgp212_3.uue Autopgp 2.12 offline mail packet processor. Automates PGP functions. Part 3 of 4 apgp212_4.uue Autopgp 2.12 offline mail packet processor. Automates PGP functions. Part 4 of 4 apgp22b2_1.uue Autopgp 2.2b2 offline mail packet processor. Automates PGP functions. Part 1 of 4 BETA apgp22b2_2.uue Autopgp 2.2b2 offline mail packet processor. Automates PGP functions. Part 2 of 4 BETA apgp22b2_3.uue Autopgp 2.2b2 offline mail packet processor. Automates PGP functions. Part 3 of 4 BETA apgp22b2_4.uue Autopgp 2.2b2 offline mail packet processor. Automates PGP functions. Part 4 of 4 BETA cp-faq1.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 1 of 11 cp-faq2.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 2 of 11 cp-faq3.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 3 of 11 cp-faq4.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 4 of 11 cp-faq5.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 5 of 11 cp-faq6.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 6 of 11 cp-faq7.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 7 of 11 cp-faq8.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 8 of 11 cp-faq9.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 9 of 11 cp-faq10.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 10 of 11 cp-faq11.uue Tim May's Cypherpunk Faq - Everything you wanted to know about C'Punk issues, but were afraid to ask. Part 11 of 11 crypto1.uue The Faq from talk.politics.crypto. A general overview of cryptography. Part 1 of 2 crypto2.uue The Faq from talk.politics.crypto. A general overview of cryptography. Part 2 of 2 help This file. key Sam Kaplin's PGP Public keys. news_gateways A listing of Mail -News gateways pgpfaq1.uue Frequently asked questions about PGP. Part 1 of 2 pgpfaq2.uue Frequently asked questions about PGP. Part 2 of 2 rsa1.uue A Faq put out by RSA outlining cryptography as it applies to RSA. Part 1 of 2 rsa2.uue A Faq put out by RSA outlining cryptography as it applies to RSA. Part 2 of 2 remailer_list A current listing of remailer sites. wherefaq.long Where to obtain PGP. (Long Version) wherefaq.short Where to obtain PGP. (Short Version) yn075_1.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 1 of 14 yn075_2.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 2 of 14 yn075_3.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 3 of 14 yn075_4.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 4 of 14 yn075_5.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 5 of 14 yn075_6.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 6 of 14 yn075_7.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 7 of 14 yn075_8.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 8 of 14 yn075_9.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 9 of 14 yn075_10.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 10 of 14 yn075_11.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 11 of 14 yn075_12.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 12 of 14 yn075_13.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 13 of 14 yn075_14.uue YARN .075 offline mail reader. Minimally supports PGP internally. Part 14 of 14 ============================================================================== Interpretation is the revenge of the intellect upon art. - Susan Sontag ============================================================================== skaplin@skypoint.com | Finger skaplin@infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key@four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin@mirage.skypoint.com | outside a Roman brothel. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwepPslnXxBRSgfNAQFjuAf/YfaeENpC16siv7SB9rkg6x1SiM5aup6n GXQQXaXtPA1pxgLDhv6gOgt/Zy/1M6tTJ/4uU2ft1KDU8wHlVt2JiU3d9/9JweZM zbpDCqh0ucyfRht2V27WMfYYfTXUQ7yHiWIg9gf2ODqQcwMEu8kAwTYZxXFmXDQ+ 9Xxchw7VR4ZGTo3cnPoh0526yKGBbi9hBr0vCr/IkTGH4cgf3BfXIF8Eolu4hQY3 r6XwcBYskN5afd/fVKA1qRhLkI3X9nP4oBNlVxdSs2cwgabQ2hZsExwtCwvHMi3K zGWAwZkd1VNMX4rC+uUkuEOR0GB9OikcRYoU9vvKDSHO1n6amnQamQ== =eeBK -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sun, 1 Jan 95 23:44:20 PST Subject: Re: Exporting cryptographic materials, theory vs. practice In-Reply-To: <9501020724.AA01894@dun-dun-noodles.cam.ov.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain I couldn't agree with the general drift much more. The real objective is to get the customs officials used to the procedure of dealing the cryptograhic materials. Your best asset is a good feature reporter and a photograher. Right now, I don't think U.S. Customs is going to ask you if you have PGP in your PC if you leave the country, or return either. They should, and I'd be proud to say yes. RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REGISTERED PGP KEY NO.0C91594D carolann@icicle.winternet.com finger carolann@winternet.com |more *********************************************************************** My WWW Homepage Page is at: http://www.winternet.com/~carolann On Mon, 2 Jan 1995, Marc Horowitz wrote: > >> My conclusion from all this is that it just isn't possible for an > >> individual traveler to follow the rules. > > I can think of a at least half a dozen cypherpunks who will be going > to IETF in Stockholm in July. I suspect there are more. Perhaps we > should all arrange to take the same flight, while carrying some bit of > approved-for-export material. Should drive the Customs guys > completely nuts. > > Marc > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in Date: Tue, 3 Jan 95 19:28:47 PST To: cypherpunks@toad.com Subject: NYT article and LaMacchia case Message-ID: MIME-Version: 1.0 Content-Type: text/plain Anon wrote: > I want to publicly thank John Young for making articles available. MOst of > those articles I would not otherwise have seen. I second that! > that John offered. Was there anyone in the world, well, in the cyberworld, who > was fooled by the article on the Microsoft acquisition of the Catholic church? > Anyone, who after reading that piece, considered anything other than the > creativity of the author, should be committed to St. John's Home for the > Desperately Dumb. Notice that Microsoft was flooded with complaints only after Rush Limbaugh read it on his show... > However, there was something in that article that was of concern. If the > Massachusetts judge in the MIT student case actually said that he couldn't act > because Congress had not enacted any laws, then it is for sure they will try to > and they will try to act hurriedly. Hurried actions by congress are even worse The Reuters report said: Although U.S. District Court Judge Richard Stearns was critical of LaMacchia's actions, he ruled he could not be prosecuted under a wire fraud statute because it could result in a flood of actions against home computer users copying even single software programmes for their own use. Anonymity had nothing to do with it. It was clear cut copyright law - which wouldn't have hurt LaMacchia as he wasn't making anything out of it, so they tried to hit him with wire fraud, and the Judge found _that_ untenable. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Marc Horowitz Date: Sun, 1 Jan 95 23:21:37 PST To: Matt Blaze Subject: Re: Exporting cryptographic materials, theory vs. practice Message-ID: <9501020724.AA01894@dun-dun-noodles.cam.ov.com> MIME-Version: 1.0 Content-Type: text/plain >> My conclusion from all this is that it just isn't possible for an >> individual traveler to follow the rules. I can think of a at least half a dozen cypherpunks who will be going to IETF in Stockholm in July. I suspect there are more. Perhaps we should all arrange to take the same flight, while carrying some bit of approved-for-export material. Should drive the Customs guys completely nuts. Marc From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: skaplin@skypoint.com (Samuel Kaplin) Date: Mon, 2 Jan 95 01:02:15 PST To: cypherpunks@toad.com Subject: Anonymous payment scheme Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- This idea just popped into my head, just as I was about to fall asleep. Being the idiot that I am, I had to get up to write it down. This idea has probably been presented before...but I haven't seen it here yet. Let's suppose myself and 10,000 of my closest friends form the First National Cypherpunk Bank and Trust. We go through all of the hassles in order to be the issuer of a Master Card or Visa. Now instead of having a credit line, it is set up as a debit card. The card's limit is how ever much you have prepaid the bank in advance. Once you have hit your prepaid amount the card no longer gets approved. Now because everything is prepaid, there is no risk to me, so I'll put any name you want on the card. The questions I have are: Is this legal in the U.S.? If so, is anyone doing it? If it's not legal in the U.S., is it legal anyplace else. If this is a gray area, why wouldn't this scheme work? If this scheme was set up, it appears to me that the infrastructure for anonymous payments/netcash is already in place. Of course the issuer would get a healthy fee for issuing the card...but then again, there truly is no such thing as a free lunch. As my 10,000 friends and I have no plans to set this up, feel free to pick it apart at will. (which I'm sure it will be) Sam ============================================================================== There is an order of things in this universe. -- Apollo, "Who Mourns for Adonais?" stardate 3468.1 ============================================================================== skaplin@skypoint.com | Finger skaplin@infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key@four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin@mirage.skypoint.com | outside a Roman brothel. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwe/6clnXxBRSgfNAQGZBAf9FAHHsI63OJ1uQo4SGAggs6Mk7BAe8Ysm oxibQfvNMN0dSPdyLjHutEm5/rtyTrRjU731QRQSDLUi0LSC9I0N5/cQsGeI+VV8 kAIiuHDq1eF4oZmZTuKIcKz42THliSAhSTkmpL8dZvcU3sJVPwIfGK5dNbQyUQHw J33h74Vg1jRIkeoodnAtTXPeUKi5HkcAp95zt8C/tGpke4+fx8QhqHSAvJgJoGdL a8clRTdilqwDfrdQlpgKHt33T5aLiYuQA8m9NpMiDKw/wEF+XvMrHYrksIUyQ2ZD gllxFl0WJcarRZTnIgtgAdA+hzQCbkfG10kcZUVTzquGcrgiKnp9ug== =l5Mr -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: an172607@anon.penet.fi (duquesne duke) Date: Sun, 1 Jan 95 19:48:12 PST To: cypherpunks@toad.com Subject: cnonymity, law and order Message-ID: <9501020251.AA27454@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain I want to publicly thank John Young for making articles available. MOst of those articles I would not otherwise have seen. I was particularly interested in Peter Lewis's article from the New York Tines that John offered. Was there anyone in the world, well, in the cyberworld, who was fooled by the article on the Microsoft acquisition of the Catholic church? Anyone, who after reading that piece, considered anything other than the creativity of the author, should be committed to St. John's Home for the Desperately Dumb. However, there was something in that article that was of concern. If the Massachusetts judge in the MIT student case actually said that he couldn't act because Congress had not enacted any laws, then it is for sure they will try to and they will try to act hurriedly. Hurried actions by congress are even worse than their considered actions. I think we need to keep in touch with our representatives and senators to make sure that all of the ramifications of any law are considered. Sometimes laws passed by Congress are rather well intentioned, but the bureaucrats who write the policies and procedures by which the laws will be implemented can make them an albatross around our necks. These policy and procedure writers are dreadfully misinformed and are to enamored with their power and position to inform themselves. Admittedly, anonymity and law and order are not easy bed fellows, but difficult issues are never solved by hurried, uninformed, politically-motivated action. This puts some pressure on us cypherpunks. We have to be ready to consider all aspects of the argument so that our presentation in favor of anonymity will be taken seriously. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: skaplin@skypoint.com (Samuel Kaplin) Date: Mon, 2 Jan 95 02:17:01 PST To: werewolf@io.org Subject: Re: Anonymous payment scheme In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- > > Let's suppose myself and 10,000 of my closest friends form the First > > National Cypherpunk Bank and Trust. We go through all of the hassles in > > order to be the issuer of a Master Card or Visa. Now instead of having a > > credit line, it is set up as a debit card. The card's limit is how ever > > > Why jump through the hoops Visa or M/C would send you through if its a DEBIT > card??? You don't need them for something like that, simply the > acceptance of the Internet community, that credits from another user > drawn on the Cypherpunk Bank would be accepted.....which leads to your next > paragraph... I was looking at at the bigger picture. Any merchant who accepts Visa or MC could now accept anonymous payments. No hassle at all on their part. They probably wouldn't even know that it was an anonymous account. It fits into the existing infrastructure very nicely. A bank in Minneapolis has a similar system in operation. They issue you a Visa card. That card automatically debits your checking account. The key would be not to have the card attached to the account. If the card is attached to any type of account, then there are reporting requirements. A more apt analogy would be the prepaid phone cards. Walk into the issuing authority, plunk your $9999.99 on the counter and ask for your card. When you've spent it all, toss the card. Sam ============================================================================== Marriage is like a cage; one sees the birds outside desperate to get in, and those inside equally desperate to get out. - Michel Eyquem de Montaigne ============================================================================== skaplin@skypoint.com | Finger skaplin@infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key@four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin@mirage.skypoint.com | outside a Roman brothel. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwfRXMlnXxBRSgfNAQH0twf+Is7Gur7MlN1djLdLKQ5N1Qcf+9tM4hD8 II+4Z3lSFsCYV3K30Iochnqr+9am8C08LZYk0uUqhW/EEhCkHIlivBniIHXNgvZ/ XbTqiZyAwP7E+8CQNbNywoRqJ46WKRgQpvpDFgSDUmnUzQliRzoBzsU6cwJY+uYp YLzpNkm+knleEDgAa978GaZsTK57wjkZ6ald2/gRoXzF4Pd0FW/lBd+KcSIq9KZN hU/VJ3dh6NDqbXbu92RjCl+Ba+UL3Ljk/+k4Gc+aQOV5f6vghOYmsVy9pqjz8R7a IfORPuLFYRDemWGjBF6vmWfkrOACdl6HLx5RdQd5eDfWqXFpDzE8eQ== =Y8cO -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mark Terka Date: Mon, 2 Jan 95 01:46:07 PST To: Samuel Kaplin Subject: Re: Anonymous payment scheme In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 2 Jan 1995, Samuel Kaplin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > This idea just popped into my head, just as I was about to fall asleep. > Being the idiot that I am, I had to get up to write it down. This idea has ....best time for ideas....between sleep and wakefulness.....:> > > Let's suppose myself and 10,000 of my closest friends form the First > National Cypherpunk Bank and Trust. We go through all of the hassles in > order to be the issuer of a Master Card or Visa. Now instead of having a > credit line, it is set up as a debit card. The card's limit is how ever Why jump through the hoops Visa or M/C would send you through if its a DEBIT card??? You don't need them for something like that, simply the acceptance of the Internet community, that credits from another user drawn on the Cypherpunk Bank would be accepted.....which leads to your next paragraph... > much you have prepaid the bank in advance. Once you have hit your prepaid > amount the card no longer gets approved. Now because everything is prepaid, > there is no risk to me, so I'll put any name you want on the card. The > questions I have are: Sounds good.....and practical. ANY citizen in the world deposits with your "Bank" legal tender in an account. US dollars would likely fit the bill as they are pretty well accepted from North America to North Korea (black market maybe.....but still accepted :>). Then, when someone presents to your Bank proof of purchase/transfer etc (a digitally signed message with your PGP Key perhaps?) then you transfer a dollar figure from one account to another ...... assuming both purchaser and seller have accounts atthe Cypherpunk Bank. If the purchaser does.....but the SELLER doesn't, then (if so desired by the seller) you have three choices: 1) open an account, f/o (favour of.....sorry....I'm a Banker so pardon my lapsing now and agin into our jargon) of the seller, transferring in the requisite amount of US $ for the seller's later use (ie... then HE goes out and buys something over the 'Net). 2) wire to the sellers account (overseas?) through a correspondent bank to the sellers bank where he has an account the US $. 3) mail a draft in the appropriate US $ to the seller's designated address .....either snail mail or Fed Express, or whatever courier is selected. > Is this legal in the U.S.? Dunno....I'm in Canada. But I know that U.S. banking arrangements are medieaval so I doubt it. > If so, is anyone doing it? See above :> > If it's not legal in the U.S., is it legal anyplace else. Sure.....Canada right now has a fully operational debit card system in place. You go to a supplier to make a purchase and they run your bank card through a machine just like your credit card for the purchase. Difference being, $$$ from your chequing account are debited, as opposed to to the line of credit on your credit card being debited. You have dollars in the bank sufficient for the purchase, then no problem. > If this is a gray area, why wouldn't this scheme work? Its a perfectly workable scheme....IF...the BANK in question is trusted as the medium of exchange. Thats the ONLY thing stopping its implementation, namely having a trusted institution to handle the deposits/transfers. Lets put it this way, I think the scheme would have ALOT more acceptance if you as a seller presented your invoice for settlement at Chase Manhattan or Bank of Montreal as opposed to the Cypherpunk Bank :>. > If this scheme was set up, it appears to me that the infrastructure for > anonymous payments/netcash is already in place. Of course the issuer would Sure it is....co-ordinating the infastructure would be interesting, but doable. The main thing is....is it economically viable for the institution in question? Would there be enough commerce doneover the 'Net to justify implementation of the supporting infrastructure (ie Internet hook-up's, training of staff, etc). Once there exists a demand for the service, coupled with a reasonable rate of return to the Bank for provision of the service, then you'll see ALL the top 20 banks in the world do it. Until then, nobody will do it simply because the Cypherpunks think it is a good idea. :> -------------------------------------------------------------------------- Mark Terka | werewolf@io.org | public key (werewolf) by Toronto,Canada | dg507@cleveland.freenet.edu | public key server or request --------------------------------------------------------------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Mon, 2 Jan 95 05:45:01 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme In-Reply-To: Message-ID: <199501021344.FAA11566@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain From: skaplin@skypoint.com (Samuel Kaplin) I was looking at at the bigger picture. Any merchant who accepts Visa or MC could now accept anonymous payments. No hassle at all on their part. [...] The key would be not to have the card attached to the account. If the card is attached to any type of account, then there are reporting requirements. Visa was talking about an electronic traveller's check, which, from what I could tell, instantiated an account in the sum of the value of the card purchased, which was then drawn down by purchase. The card, evidently, had no embossing on it. Personalization was limited to some account id which would last the lifetime of the balance and then disappear. Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Raph Levien Date: Mon, 2 Jan 95 06:49:15 PST To: cypherpunks@toad.com Subject: List of reliable remailers Message-ID: <199501021450.GAA02030@kiwi.CS.Berkeley.EDU> MIME-Version: 1.0 Content-Type: text/plain I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list@kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.30.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all@chaos.bsu.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list@kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"jpunix"} = " cpunk pgp hash latent cut post ek"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric post"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut post"; $remailer{"desert"} = " cpunk pgp. post"; $remailer{"nately"} = " cpunk pgp hash latent cut"; $remailer{"xs4all"} = " cpunk pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk pgp hash latent cut post ek"; $remailer{"rahul"} = " cpunk"; $remailer{"mix"} = " cpunk hash latent cut ek"; $remailer{"q"} = " cpunk hash latent cut ek"; catalyst@netcom.com is _not_ a remailer. Last ping: Mon 2 Jan 95 6:00:02 PST remailer email address history latency uptime ----------------------------------------------------------------------- nately remailer@nately.ucsd.edu +++++++++++* 32:53 99.99% mix mixmaster@nately.ucsd.edu +++++++++-+ 41:39 99.99% rahul homer@rahul.net --***#***#** 9:40 99.98% penet anon@anon.penet.fi ********+*** 26:09 99.99% vox remail@vox.xs4all.nl .-..------- 12:53:05 99.99% soda remailer@csua.berkeley.edu .-.._-.-.. 8:50:49 99.67% usura usura@replay.com *****+- -- * 22:53 99.33% flame tomaz@flame.sinet.org ** *-*-*-** 32:52 99.09% jpunix remailer@jpunix.com ** *-#-*-** 32:26 99.06% c2 remail@c2.org --__.-+*--** 2:50:57 98.95% rebma remailer@rebma.mn.org ---*----* 7:52:32 99.27% ideath remailer@ideath.goldenbear.com ++* ++** - 2:09:26 98.05% bsu-cs nowhere@bsu-cs.bsu.edu +* --#+##** 1:40:45 96.01% q q@c2.org --_ . --+ 6:03:15 92.56% alumni hal@alumni.caltech.edu *****#*++ *- 27:00 89.60% portal hfinney@shell.portal.com #*#**#*** *- 21:31 89.60% extropia remail@extropia.wimsey.com +.-+* +++ 12:38:44 77.66% xs4all remailer@xs4all.nl *** *-- 20:22 75.57% desert remail@desert.xs4all.nl ----____.-- 40:43:30 71.96% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. special Accepts only pgp encrypted messages. ek Encrypt responses in relpy blocks using Encrypt-Key: header. Comments and suggestions welcome! Raph Levien From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Bill Sommerfeld Date: Mon, 2 Jan 95 06:36:02 PST To: Marc Horowitz Subject: Re: Exporting cryptographic materials, theory vs. practice In-Reply-To: <9501020724.AA01894@dun-dun-noodles.cam.ov.com> Message-ID: <199501021422.JAA00361@orchard.medford.ma.us> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- > >> My conclusion from all this is that it just isn't possible for an > >> individual traveler to follow the rules. > > I can think of a at least half a dozen cypherpunks who will be going > to IETF in Stockholm in July. I suspect there are more. Perhaps we > should all arrange to take the same flight, while carrying some bit of > approved-for-export material. Should drive the Customs guys > completely nuts. Actually, those of us who are going should arrange to take *separate* flights... My reading of Matt's message said that most of the time was spent trying to figure out what to do, and only a little time was spent actually doing it. If a bunch of people all take the same flight, it will take them only a slight bit longer to process the whole bunch of you than if one person on the flight was doing it... - Bill -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwgMDLT+rHlVUGpxAQFJ4wP/VGVDeueP0Z2hFHy/LUZ65ed69RpwYv0X //Ser1wiS7/y0WKFU6+xWH+0IffDOWgXVv4V3h1Rs8jTtEfKb46TtFTcnIM2qKr5 OYMy8ERPiMn3nx3I3slkVWYhSQQo/SwOOt/wSBZ72KjoSvWuf1wZCo++bOu773zp mPN6RxAuR4c= =R/1O -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@rahul.net Date: Mon, 2 Jan 95 09:25:20 PST To: cypherpunks@toad.com Subject: Re: Exporting cryptographic materials, theory vs. practice Message-ID: <199501021725.AA09061@bolero.rahul.net> MIME-Version: 1.0 Content-Type: text/plain Matt has a good story, and the lesson that he draws, that presently the average person can't follow the rules, seems valid. But I don't see the point of the proposals to replicate his experiment. Doesn't Matt's experience really show simply that not enough people try to follow the rules, so the agencies aren't set up yet to make it easy? Is it our goal to change this, to get Customs to streamline their operation so that everyone really does register their crypto equipment on travels overseas? It seems to me we are better off with the present informal system where you can actually use crypto overseas without worrying much. I could see a system where you routinely fill out and have your card stamped when you check your luggage to show that you are carrying crypto. Then you turn it in when you come back. This might not be too different from what you do now when you declare items you are taking out and bringing back to show they are free of customs duties. How does this advance the CP cause? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Peter F Cassidy Date: Mon, 2 Jan 95 07:27:25 PST To: cypherpunks@toad.com Subject: exponential relationship of crytographer and cryptanalyst Message-ID: MIME-Version: 1.0 Content-Type: text/plain - I'm writing a piece on the politics of surveillance/privacy technologies for OMNI, essentially a survey of their advance since the 1967 proposal for the National Data Center. I cover cryptography, deriving the narrative from Clipper Chip initiative. The point I'm trying to make is that given the market forces pushing commerce onto the public networks and the increasing power of available encryption, the cold war national apparatus will have to mobilize quickly a la digital telephony to stomp it - yet the nature of computing puts them in a loosing position in the long run. Toward the latter part of this thesis, I've been told - and want check with youz - of the exponential relationship of crytographer and cryptanalyst. The heart of this relationship has been explained to me as follows: Increasing the key by one bit effectively doubles the number of keys and proportionally increases the power required to break it in a brute force attack. Is this true? Is there a truer way of stating it? Are there complicating factors this excludes that I should discuss? - Regards, - Peter Cassidy From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: shamrock@netcom.com (Lucky Green) Date: Mon, 2 Jan 95 11:03:09 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme Message-ID: MIME-Version: 1.0 Content-Type: text/plain Samuel Kaplin wrote: >Let's suppose myself and 10,000 of my closest friends form the First >National Cypherpunk Bank and Trust. We go through all of the hassles in >order to be the issuer of a Master Card or Visa. Now instead of having a >credit line, it is set up as a debit card. The card's limit is how ever >much you have prepaid the bank in advance. Once you have hit your prepaid >amount the card no longer gets approved. Now because everything is prepaid, >there is no risk to me, so I'll put any name you want on the card. The >questions I have are: > >Is this legal in the U.S.? > >If so, is anyone doing it? This type of card is issued with just about every checking accunt in Oregon. I don't know about other states, except that here in California I know of only two that are doing it: Charles Schwaab and Glendale Federal. There may be more, but I have yet to hear about them. In Oregon you get such an ATM/Visa card instead of your regular ATM card. Good credit, bad credit, no credit. Now if I could just remember what its called... -- Lucky Green PGP encrypted mail preferred. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brian Lane Date: Mon, 2 Jan 95 12:17:47 PST To: jRT Subject: Re: Anonymous payment scheme In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, jRT wrote: > > Well, I know some shops have so called 'switch' or 'smart' cards to debit > your account, some of these are on their own credit line, others are not. > > I have an account with a bank in Britain which gives me a "VISA" Card > which is actually a 'direct-debit' card. I can use it (and have) all > around the world as a regular VISA card and in any 'VISA compatible' ATM. Alot of the banks in the US are now offering these cards for use with checking accounts. > > As soon as my balance drops to zero, I can no longer use it. And when I > do, the money jumps out of my account immediately and can no longer be used. > > This is a bank-issued card, and also acts as my ATM card to access my > current account - there is NO charge for this. I'm not sure exactly how > that works. When a charge is made to the card it is subtracted from the balance until midnight? of that night. If the actual charge does not come in to the bank, the amount is then added back to the balance. (This was learned thru my GF who had some trouble with her card -- forgot to write down a couple of transactions and ended up at zero). > > Whether or not VISA would accept a proposal from First National > Cyberphunks or not remains to be seen... I think they should. If they would is another matter. It would be similar to having a 'secret' Swiss bank account that can be accessed from anywhere in the world, converted to cash at cash machines, transferred to others, etc. I like the idea of an anonymous Visa better than some sort of new net-bank because it is already established, the mechanism for transfer is already in place, and for the most part de-bugged. If there was an Anonymous Visa debit card I'd defiantly go for it. It would certainly keep those marketing types from tracking my spending patterns. Brian ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane@seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: KEY-CAPTURE@lsd.com (Dave Del Torto) Date: Mon, 2 Jan 95 13:00:53 PST To: Key_Capture_Survey@lsd.com Subject: RFC: Key Capture Utility Survey Message-ID: MIME-Version: 1.0 Content-Type: text/plain REQUEST FOR COMMENTS ON KEY CAPTURE UTILITIES --------------------------------------------- Key capture utilities present a serious threat to the security of passwords on individual and networked computing systems, especially when novice users are unaware of their presence. Well-educated users and administrators help make all systems on and off the Internet more reliably safe for everyone's data. If you are a: -- privacy, system security or cryptography advocate/activist -- network admin concerned with the password-hygiene of your users or -- computing professional with an appreciation of good security, then please complete and return this quick survey. By contributing to the knowledgebase on the subject of password protection, you can help educate yourself and many novice/intermediate users about a common weakness -- utilities that may capture their keystrokes unseen as they enter their *password* -- in ALL secured systems (a user's encryption app, your network or its dial-in access, your company's email system or database fileserver, etc.). The intent here is to create a *central list of all key-capture utilities* which will help people to at least be aware of their existence or operation on a given system and describe in simple terms how to disable the utility. The results of the survey will be tabulated and put in the public domain on the Internet. If your reply is included, your name will be acknowledged in the resulting document, which will be: part of the new "Beginner's PGP FAQ" for new users of the PGP (Pretty Good Privacy) application; a msg posted on various Internet lists and online services and; a text file available by anonymous FTP as: ftp.netcom.com:/pub/dd/ddt/crypto/crypto_info/key_cap_util.txt Please forward this survey to anyone you think can/will help - and thanks in advance for your contribution! _______________________________ THE KEY CAPTURE UTILITY SURVEY: The survey is very easy to participate in. Just send as much information as you can, even if you're only partially able to complete the form. Every piece of information that can lead us to the utility - even just a fragment of a name and an email address of someone who might know more about it - will help us compile a fairly exhaustive list. To assist us in easily tabulating the incoming mail on this topic, please send your reply to: - - - - Format your answer as follows: ******* PLEASE RETURN ONLY THIS INFORMATION ******* TO: KEY-CAPTURE@lsd.com SUBJ: PLATFORM/Utility Name MSG BODY: [1] OPERATING-SYS <--- i.e. WIN/DOS/MAC/OS2/UNIX, etc. [2] "Utility-Name" (utility-package-name, if not a stand-alone product) [3] Developer-Name (company-individual) [4] [5] Type <--- i.e.: system extension, autoexec, TSR [6] Path-to-file-location-when-loaded. [7] How to disable the utility's key capturing operations (step-by-step if possible). Please be brief, but aim for a novice level user. If disabling the key capturing is too complex to describe easily, then just explain what the user should ask a sys admin to do for them (while they watch, if applicable). *************************************************** (Here's an Example:) SUBJ: MAC/Now Save MSG BODY: [1] MAC [2] "Now Save" (Now Utilities v5.x), "NowSave" (Now Utilities v4.x) [3] Now Software, Inc. [4] [5] System extension/Control Panel device (CDEV) [6] [startup HD]:System Folder:Control Panels:Now Save (or :NowSave) [7] How to Disable: Open the "NowSave" (v4.x) or "Now Save" (v5.x) Control Panel. v4.x: Click the "Preferences" button. Click the "Key Capture..." button. Click the "OFF" radio button (upper right corner of dialog). Click the "OK" button. v5.0: Click the "Key Capture..." button in the button-bar. Click the "OFF" radio button (in upper right corner of dialog). Click the "OK" button. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Mon, 2 Jan 95 13:04:22 PST To: cypherpunks@toad.com Subject: Reminder: January 14th "Tools Demo Day" Meeting Message-ID: <199501022104.NAA01913@netcom19.netcom.com> MIME-Version: 1.0 Content-Type: text/plain This is a reminder that the January 14th "Tools Demo Day" meeting is coming up, standard place and time at the Silicon Graphics building in Mountain View, CA. I described this several weeks back and asked for folks interested in demonstrating any sort of software tools, crypto code, languages, etc., to get in contact with me. One person, Henry Strickland (Strick), has done so. In any case, the meeting will go on. I'll have my PowerMac 7100 there, and will demo some things like Mathematica, SmalltalkAgents, MacPGP, etc. An SGI Unix box is of course available. An Intel box running something of interest will presumably be brought by someone. Anyone planning to demo something should either plan to run on a machine they know will be there, or bring their own. A video projector is sometimes usable, and I plan to bring my video camera. The idea is that laptops and other non-video out systems can still be seen by lots of folks. (Someone mentioned also that an LCD projector may be available.) The normal meeting time is 12-5, but people usually spend the first hour shmoozing and eating their burritos, so I plan on starting the formal meeting at 1 (but don't get there at 1 and _then_ expect to shmooze/eat for the next hour!). The machines should be ready to go by 1:30 at the latest, so that demos can begin. If we have a lot of demos--not likely based on current information--then I'll propose parallel tracks. Please don't be bashful about doing a demo! The idea is to educate and expose people to tools and software they might otherwise only vaguely know about. Demos don't have to polished and professional. And please send me a brief note if you want to demo something. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Mon, 2 Jan 95 13:20:50 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme Message-ID: <199501022121.NAA07411@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- There are a couple of issues here. One is whether you could get a debit card with another name printed on it than your own. Sandy Sandfort and some others have suggested here that this would be legal and possible already as long as you don't do it with the intention to commit fraud. You can open a secured account by mail and give a false name. I'm not sure what you do in this situation if they ask to see some ID when you try to use the card. This would be rather embarrassing, it seems to me. Sorry, I guess I left my drivers license in my other pants... Or, never mind, try this card. That other one was from before I changed my name... The other issue is whether you could set up a payment system which did not require social security numbers from the participants. I think this is much more questionable. Although the phone cards and some other restricted usage systems are apparently legal, bank accounts seem to have many more restrictions. Barter and scrip systems are also heavily regulated. All these laws involving reporting requirements, etc., were passed to help the government track the flow of money. There is no way the government is going to make an exception at this point. In fact, I suspect that if the limited systems expanded to where they were used for general payments, the government would crack down. I recall reading that just such a crackdown occured in Las Vegas when casino chips started to be accepted for non-gambling payments. So, you may be able to have a form of anonymity from the person you are transacting with, but I don't think you can be anonymous from the bank and from the government. And personally, I am more concerned about the bank and gov't tracking my spending patterns than whether the guy I buy gas from knowing my name. The bank has a lot more information about me which is much more threatening to my privacy. A nom de guerre VISA or debit card does not seem to help this problem. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLwhuNRnMLJtOy9MBAQEkPQIAqEEglLxt8E4Rrgh7dR93fuCSJUI+UMgF 3XUrsTxM4whOejFMrluOAYM+2RdBOgYTk1mNEiAgSUPLLScIa9zU5A== =CF5G -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Johnathan Corgan Date: Mon, 2 Jan 95 13:43:20 PST To: "Timothy C. May" MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Some may recall an idea I wrote about a couple weeks ago to provide transparent encryption/signing/remailing facilities to users of Windows Sockets based mail agents on PC's (e.g., Eudora). I have completed an initial portion of the program as a "proof of concept." All it does right now is act as a SMTP server and accepts mail from a mail agent, performs requested encryption/signing operations on received messages, and puts RFC 822 compliant outbound messages in a directory for submission to a 'real' SMTP server. (No remailing features present). Of course, the next module to write is the SMTP client that takes this outbound message queue and sends it off to the actual SMTP server. It is a bare bones app with no user interface, fault tolerance, or configuration options, and probably only works on my machine at the moment :) I don't expect to make any significant progress on the program between now and the Jan. 14 meeting, but if anyone is interested I will bring it to the meeting and "demo" what little there is at the moment. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan@scruznet.com -Isaac Asimov WWW: ftp://ftp.netcom.com/pub/jc/jcorgan/www/homepage.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLwhxw+lPfVlQ1n99AQH6CAf8DJmXqtuP24C39k3/qk4mRuGxm4IehWdQ zdFjTgrzMuTXuM4SOtkV1k+JGZrjAW5G+tqiNLbNHDDzCWC/75G/8HMjUdWMSINq gOHXUl3oKtm6R27ClGhIZKuWJwLF0UH4XpUDWvawj5lFdWhKmSThuuF3WG1RKivQ PZjRh6Iq7wHf9wFI+rFRi8UHu311ZcyW4jR4h5R7siFeTd9GcBCEJ9CCQy+j+Vsu AbplhNZVztooLVitsAkYdcNu2gcAdun5u7WOPuEIM/Mwsokg53z4+AoUrYCkjqmu sqeAVr/S+1fwKXjMTSxt7qpIEUkErzTzhgQeQgLWYcUcnHg71A8AiA== =rOcl -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: John Young Date: Mon, 2 Jan 95 10:26:08 PST To: cypherpunks@toad.com Subject: (Fwd) Re Anonymous posting Message-ID: <199501021826.NAA11086@pipe2.pipeline.com> MIME-Version: 1.0 Content-Type: text/plain For those interested in the anonymity issue there is a lively debate on list Cyberia-L (a legal list) which was stimulated, in part, by Peter Lewis's articles on anonymity and the LaMacchia case dismissal. For participation send message to: listserv@listserv.cc.wm.edu subscribe cyberia-l Your name Provocatively, I forward the following: Forwarding mail by: jsilverm@reach.com (Jared Silverman -- NJ Bureau of Sec. - Newark) on Mon, 2 Jan 11:58 AM ------------------- On January 1, 1995, Buford Terrell wrote: >Anonymity is very much a core 1st Amendment value and at the >center of both political speech and the right to assemble. [Snip] >Often times, the only way weak or unpopular minorites can speak >is anonymously. There have been many times when to couple one's >name to one's writings would be to invite martyrdom. I had >rather risk a few perverts than to stifle this most important >channel for dissent. It is one thing to claim First Amendment protection to shield political speech, IMHO it is another to shield fraud and criminal behavior. Besides the First Amendment runs against the government, not in favor of individuals in actions brought by private parties. In the sexism thread, would anyone claim that an individual has the right to harass or stalk a person under the guise of the First Amendment? Would the First Amendment be a defense in a defamation suit? Of course not (Times v. Sullivan aside). Doesn't an individual have the right to know the identity of someone who is trying to communicate with him/her on a private basis? To a certain extent, the question was crystallized in the caller ID debate -- Who has the superior right, the calling party to anonymity or the called party to knowing who is calling? One of the areas of my professional concern is the use of cyberspace for securities fraud and manipulation. Cyberspace is an ideal medium for these activities because of the availability of anonymity and pseudonymity. Even on commercial BBSs, where "member lists" are available, posting to these lists is voluntary and those who draw my attention are rarely on these lists. Does all of cyberspace become off limits to conventional private rights and law enforcement under the rubric of "freedom of speech and assembly?" |--------------------------------------------------------------| |A. Jared Silverman, Chief-New Jersey Bureau of Securities | |jsilverm@reach.com | 201-504-3600 (phone) | 201-504-3601 (fax)| |**************************************************************| | My purpose holds to sail beyond the sunset - Tennyson | |**************************************************************| |The foregoing is the personal opinion of the sender and is not| |the official position of either the Bureau of Securities or | |the New Jersey Attorney General and the Department of Law and | |Public Safety. Affiliation given for identification only. | |--------------------------------------------------------------| From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: abostick@netcom.com (Alan Bostick) Date: Mon, 2 Jan 95 14:53:46 PST To: carolann@icicle.winternet.com Subject: Re: Exporting cryptographic materials, theory vs. practice In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article , you wrote: > Right now, I don't think U.S. Customs is going to ask you if you > have PGP in your PC if you leave the country, or return either. > > They should, and I'd be proud to say yes. And you can beam with pride as they impound your PC and take it away. Gosh. Sometimes it's just swell to be a cypherpunk. Kinda chokes me up. . . . Right now the situation is a sort of security-through-obscurity situation where they're not going to bother you for having PGP on your laptop's hard disk. Security through obscurity sucks, but the present situation is still better than the one where they know what to look for and what questions to ask, and you're headed for the slammer if you haven't gotten your temporary export license signed and stamped and ready to go. Do you want it to be easier to comply with bad law? | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick@netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLwh5U+VevBgtmhnpAQGWywMAhEpmFRrQXJPRpF4mPqAHmaxcGpZm00z2 acEogITT4O+aT+qGOoAiUnlaRWXOLmkOle75dhoAiJOabzRJ09rwXfyZzVLna8Gd DI9fVCrIjodY3Xl6BLZfRjblmDIQT6LA =RzSg -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Mon, 2 Jan 95 12:38:34 PST To: werewolf@io.org Subject: Re: Anonymous payment scheme Message-ID: <9501022030.AA03421@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 03:52 AM 1/2/95 -0600, Samuel Kaplin wrote: >... I was looking at at the bigger picture. Any merchant who accepts Visa or MC >could now accept anonymous payments. No hassle at all on their part. They >probably wouldn't even know that it was an anonymous account. It fits into >the existing infrastructure very nicely. If you can convince BankAmerica or MasterCard International to deal with you. > ... Walk into the issuing authority, plunk your $9999.99 on the counter and > ask for your card. When you've spent it all, toss the card. Right there you imply one of the requirements you'd need to fulfill--the reporting requirements on cash transactions over $10K. If you accepted many deposits over $5K, you probably get asked a lot of questions about how you're preventing people from structuring transactions to avoid the reporting requirement. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: crawford@scruznet.com (Michael D. Crawford) Date: Mon, 2 Jan 95 15:37:03 PST To: KEY-CAPTURE@lsd.com Subject: Comments on Key Capture Survey Message-ID: <199501022337.PAA05279@scruz.net> MIME-Version: 1.0 Content-Type: text/plain I am the author of the Last Resort keystroke capture program for the Macintosh, published by Working Software, Inc.. I am writing up the surveys for LR for Mac, DOS and Windows and will send them shortly. I have a couple of comments, which the list might be interested in hearing. Your entries for the Macintosh should record the file type and creator code, which are, for Last Resort, 'cdev' and 'mIKE' respectively (case is significant). If someone were to write an automated scanner meant to protect a disk against such utilities, it would be much more reliable if it looked for the creator codes, as Mac programs are usually written to not depend on having a particular file name. These codes live in the file system, but are not part of the name space as '.EXE' would be on DOS. You can view them with ResEdit's "Get File/Folder Info" item from the File menu. We spent a lot of time pondering the problem of password theft. We decided that the benefit to the consumer of having this utility available to save data outweighed the obvious danger of password and text theft. The problem increases, though, if one is not aware that Last Resort is installed. The Read Me file on the distribution disks has a discussion of this problem (as well as the problem of people snarfing your files when you share your disk to the whole company or campus), and there is a way to disable key capture temporarily, for password entry. I'm not real happy with the ease one can sneak Last Resort onto someone's machine, but I take a little ironic solace in knowing that similar programs that are "more hidden" than LR are available in source code form from Phrack, at least for DOS. On the plus side, I have gotten many, many letters, e-mails and phone calls from people who say it saved their butts when a piece of critical information would have been lost. I had the habit of taking customer orders over the phone while in the middle of debugging a program (like Last Resort!) and would frequently crash before the order could be saved or printed. LR saved my company real money in this case. David Pogue's book _Hard Drive_ is based in part on Last Resort, in that a key capture utility is used to recover a password that saves the world. I was quite tickled by this. I'm sad to say, though, that I know of one case in which Last Resort precipitated the end of a relationship, in which a fellow discovered the love letters his girlfriend had e-mailed to someone else in his Last Resort files. This particular fellow was glad that he found out about it, but I still feel a twinge of guilt when I think about it. I certainly support any effort made to document the existence of these programs. I might suggest that one way to defend against them would be to watch for the patching of certain system calls - patching GetNextEvent or installing a jGNEFilter on the Mac, and warning the user if this happens. It's easy to detect such patching; for the most part it will be innocent, but a hacker who had a fair amount of Mac programming knowledge could make a keystroke capture program in an evening of work, so attempting to catalog them all will provide only moderate protection against them. BTW... most of those other commercial keystroke capture programs (no names here) are clones of Last Resort. Some of them even had the gall to use our logo in their advertising (in a claim they were better than us). LR might not do as much as some of them, but I know that it is more reliable than the competitors I have tested. So if you are going to actually _use_ a key capture program for your own (legitimate!) use, consider getting The Real Thing, the One True Key Capture Program, the Saviour of Data: Last Resort. I don't work for WSI any more, but we remain friends, and they can be reached at: Working Software, Inc. PO Box 1844 Santa Cruz, CA 95061-1844 (408) 423-5696 (800) 229-9675 (408) 423-5699 FAX working@scruznet.com 76004.2072@compuserve.com Cheers, Michael D. Crawford crawford@scruznet.com <- Please note change of address. crawford@maxwell.ucsc.edu <- Finger me here for PGP Public Key. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Mon, 2 Jan 95 13:00:10 PST To: Cypherpunks Subject: Regarding anonymous debit cards.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain > Alot of the banks in the US are now offering these cards for use with > checking accounts. Yes. There are also the ``secured'' credit cards where one deposits X dollars into the issuing bank and is allowed 1.5 * X in credit. Many of these will promote to ``real'' credit cards after a year or some specific amount of charging that's been paid back on time (usually about $1000). These are a godsend for those who've gone bankrupt; as such I wouldn't be terribly surprised if the issuers didn't even bother to do a credit check until the card promotes, if at all. If this is the case, what's to stop someone from filling out the application under a pseudonymous identity with a mail drop as the contact address? > I think they should. If they would is another matter. It would be > similar to having a 'secret' Swiss bank account that can be accessed from > anywhere in the world, converted to cash at cash machines, transferred to > others, etc. It's a great idea - at last year's Siggraph convention I needed to stay in contact with an associate 24 hours a day if need be. I discovered that in the Kinko's in the Orange County Convention Center there's a cellular phone rental machine, but it took credit cards and the people at the desk wouldn't let me rent one without one - even though I offered to leave my ID and a sizable deposit. I'm technically not old enough to get a credit card, and regardless of that fact when I spoke to someone at Barnett Bank about getting one and listed my occupation as 'Consultant' she laughed in my face. Solution: I got a secured card from a bank in Vermont. They have $500 of my money in an account, and I have a card with a $500 limit in my father's name. > If there was an Anonymous Visa debit card I'd defiantly go for it. It > would certainly keep those marketing types from tracking my spending > patterns. Without a doubt. I wonder, again, if the issuing bank even _cares_ who you are if you get one of these secured cards. There was discussion here about debit/secured cards some time ago - anyone remember the upshot of the discussion? -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dave.hodgins@canrem.com (Dave Hodgins) Date: Mon, 2 Jan 95 13:58:58 PST To: cypherpunks@toad.com Subject: key servers list Message-ID: <60.18197.6525.0C1C6B79@canrem.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Does anyone have an up-to-date list of pgp keyservers available? Is there a fingerable keyserver, like wasabi@io.com used to be? Thanks in advance, Dave Hodgins. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwh0YJbACHtihSGlAQGxAwQAmCTfolPaXfyRIKWl+u8fzSrlLxv25GjB k/+50n11ErwRbJHRPsSAS8okZ9xq8CiVuCUiiOdFe3R7K3idCLVSVQeYWpBcy7ZO F1vUqcUrsqiar3IxUDAW0UAK5eIf/B5CIsN9TgYMxj7gd0r1UkSXjfgXq+PR9Iqf tMyBOICzwpU= =4FTc -----END PGP SIGNATURE----- **EZ-PGP v1.07 --- * RM 1.3 00820 * Internet:Dave.Hodgins@Canrem.com Rime->118 Fido(1:229/15) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Mon, 2 Jan 95 18:39:55 PST To: Carol Anne Braddock Subject: Re: Exporting cryptographic materials, theory vs. practice In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 2 Jan 1995, Carol Anne Braddock wrote: > Right now, I don't think U.S. Customs is going to ask you if you > have PGP in your PC if you leave the country, or return either. > > They should, and I'd be proud to say yes. Well Carol, I am sure your heart is in the right place, but I do not agree. They should not, and I'd be deranged to say yes. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Mon, 2 Jan 95 18:57:12 PST To: nobody@rahul.net Subject: Re: Exporting cryptographic materials, theory vs. practice In-Reply-To: <199501021725.AA09061@bolero.rahul.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 2 Jan 1995 nobody@rahul.net wrote: > Doesn't Matt's experience really show simply that not enough people try > to follow the rules, [...] > > [...] > > I could see a system where you routinely fill out and have your card > stamped when you check your luggage to show that you are carrying crypto. > Then you turn it in when you come back. [...] How does this > advance the CP cause? Exactly so. Surely we are better off with a system that does not work. Furthermore, with the current system, entropy works in our favor. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Syed Yusuf Date: Mon, 2 Jan 95 21:36:57 PST To: Cypherpunks Subject: Appolgy to P. Zimmerman Message-ID: MIME-Version: 1.0 Content-Type: text/plain Mr. Zimmerman, I would like to take this opertunity to publicaly appologize to Mr Zimmerman (the primary author of PGP). In a post to the internet I criticized Mr. Zimmerman for takeing a short route to legalize PGP short term rather then directly attack Public Key Partners so-called patent of public encryption. I would like appologize, as I have now been presented with the opertunity for a business venture requiring encryption of data I realize that we don't all have the legal resourses to be maveriks and challenge patents. Some of us need encryption now and it's only a matter of time before PKP's patents fall. --Syed Yusuf From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jRT Date: Mon, 2 Jan 95 08:58:31 PST To: Samuel Kaplin Subject: Re: Anonymous payment scheme In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Well, I know some shops have so called 'switch' or 'smart' cards to debit your account, some of these are on their own credit line, others are not. I have an account with a bank in Britain which gives me a "VISA" Card which is actually a 'direct-debit' card. I can use it (and have) all around the world as a regular VISA card and in any 'VISA compatible' ATM. As soon as my balance drops to zero, I can no longer use it. And when I do, the money jumps out of my account immediately and can no longer be used. This is a bank-issued card, and also acts as my ATM card to access my current account - there is NO charge for this. I'm not sure exactly how that works. Whether or not VISA would accept a proposal from First National Cyberphunks or not remains to be seen... ------------------------------------------------------------------------------ jrt@AsiaOnline.Net john@AsiaOnline.Net PO Box 86141, Govt PO, Kln, HKG. Help protect the environment : This message is made from recycled electrons ------------------------------------------------------------------------------ > Let's suppose myself and 10,000 of my closest friends form the First > National Cypherpunk Bank and Trust. We go through all of the hassles in > order to be the issuer of a Master Card or Visa. Now instead of having a > credit line, it is set up as a debit card. The card's limit is how ever > much you have prepaid the bank in advance. Once you have hit your prepaid > amount the card no longer gets approved. Now because everything is prepaid, > there is no risk to me, so I'll put any name you want on the card. The > questions I have are: From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mark Rogaski Date: Tue, 3 Jan 95 00:19:29 PST To: cypherpunks@toad.com (Cypherpunks) Subject: HACK - EFH Presents Free PGP Encryption Workshop (fwd) Message-ID: <199501030819.DAA29763@phobos.lib.iup.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Just thought you may be interested in this. Anybody ever hear of this EFH group? It's nice to see somebody making PGP a little easier for the average jane/joe end-user-type to use. - From the node of FringeWare Daily: : : Sent from: Jon Lebkowsky @io.com : : >From: robbiew@inviso.com : >Summary: January 14, 3:00 PM, SCCSI offices in Houston : >Keywords: Houston EFH PGP Workshop : : Electronic Frontiers Houston : presents a : Free Cryptography Workshop: : How to use Pretty Good Privacy : (PGP) : presented by Paul Elliott : 14 January 1995 3PM : : : It has become apparent that the data super highway is not safe. Messages : traveling the data highway can be hijacked by sinister data interlopers. : : After six months of unpaid labor, in June, 1991 Philip Zimmermann : released his controversial freeware program Pretty Good Privacy (PGP). : Just as Prometheus' liver was eternally chewed by eagles for the crime : of bringing fire to mankind, Philip Zimmermann's liver is now being : chewed by the Federal Eagle (The U.S. Custom Service) for the alleged : crime of releasing strong cryptography to the world. : : As a result of Philip Zimmermann's contribution, you can use the widely : available freeware program PGP to send electronic-mail messages to : anyone in the world, in complete privacy! In addition you can send : authentication with your messages so that the recipient can verify that : the message really came from you. You can encrypt sensitive files on : your computer so that the files remain private even if your computer and : disks are stolen. : : In this free workshop, our presenter Paul Elliott will show you how you : can use PGP effectively, easily, and intelligently. PGP is available for : most popular computers and Operating Systems, including MSDOS, UNIX, MAC : and OS/2 among many others. : : The Workshop will take place at on January 14, at 3:00 PM at the : offices of South Coast Computing located at 1811 Bering, Suite 100. Park : in the garage, and ignore the "contract only" sign. Enter through the : back door (adjacent to the garage) and use the house phone (dial 100) if : the door is locked. : : : | Augusta | Bering | Chimney Rock | 610 Loop West ^ : | | | | | : | | | | N : ----+-----------+-----------+----------------+---- San Felipe : | |* SCCSI | | : | | | | : ----+-----------+-----------+----------------+---- Westheimer : | | | | : | | | | : ----+-----------+-----------+----------------+---- 59 South (SW Fwy) : | | | | : | | | | : : : For more information call (713)799-1044 or : email efh@blkbox.com : : -- : Robbie Westmoreland robbiew@inviso.com : Electronic Frontiers Houston announcement : : : : : : -- : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= : Jon Lebkowsky FringeWare, Inc. jonl@fringeware.com : URL http://fringeware.com/staff/jonl/jonl.html voxmail 512-444-2693 : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= : : : : : - ----- Mark Rogaski a.k.a. Doc "I used to think that my brain was the rogaski@phobos.lib.iup.edu best part of my body ... but then I http://www.lib.iup.edu/~rogaski/ remembered who was telling me this." 100,000 lemmings can't be wrong! - Emo Phillips >>>>>finger fllevta@oak.grove.iup.edu for PGP Public Key and Geek Code v2.1<<<<< Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwkIix0c4/pqJauBAQGBpAQArkyQpzJi4ux+gDGrHAmbFMvifVkRYFfG KpkFcPC+h8eGZy3/bbGsKuev7ZXICUBKpf7KIPtg7P4vaD3hPyjRVZahu5doIWiY 9k//PkA0ViMq3p/bT0dfDcMavBVUppHNs4g8FxV0njqXinIT1PI42PRfroGSwL7m FqtECicCS3Y= =QD7G -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: bmorris@netcom.com (Bob MorrisG) Date: Tue, 3 Jan 95 07:42:27 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme In-Reply-To: <199501022121.NAA07411@jobe.shell.portal.com> Message-ID: <199501031542.HAA11629@netcom11.netcom.com> MIME-Version: 1.0 Content-Type: text/plain HH> So, you may be able to have a form of anonymity from the person you ar HH> transacting with, but I don't think you can be anonymous from the bank HH> and from the government. And personally, I am more concerned about th With a debit card you can't be anonymous, because your money resides in the bank. With digital cash, and the ability to transfer money to another digital cash card via phone lines, I don't see how they can successfully trace everything. They will try, no doubt. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brian Lane Date: Tue, 3 Jan 95 08:15:04 PST To: Bob MorrisG Subject: Re: Anonymous payment scheme In-Reply-To: <199501031542.HAA11629@netcom11.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Bob MorrisG wrote: > HH> So, you may be able to have a form of anonymity from the person you ar > HH> transacting with, but I don't think you can be anonymous from the bank > HH> and from the government. And personally, I am more concerned about th > > With a debit card you can't be anonymous, because your money resides in > the bank. With digital cash, and the ability to transfer money to > another digital cash card via phone lines, I don't see how they can > successfully trace everything. They will try, no doubt. I don't see why a debit card couldn't be anonymous, even to the point of having no name, AND no picture on it. Yes, the bank has the money, but their only obligation is to dish it out to the vendors/ATMs that you have used your card with. Why should a bank care who you are once they have your money in the account. As to avoiding fraud with the card, is it really that huge of a problem? As long as noone copies the number(could go so far as no embossed number. Just a gloss black card with a hologram of a Bald Eagle on the front of it), and you don't lose the card how can someone use your account? I think that this anonymous debit card would be a good first step towards anonymous digital cash. You still couldn't exchange digital cash with your buddy in Taiwain, but it would work for converting to physical cash(Which I still like, and is the best anonymous cash around right now). Anyone here adept enough at finance to write a proposal for CitiCorp? :> How would they make their mony off the cards? Annual fees, and vendor percentages I guess? Brian ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane@seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rah@shipwright.com (Robert Hettinga) Date: Tue, 3 Jan 95 05:18:10 PST To: Hal MIME-Version: 1.0 Content-Type: text/plain At 1:21 PM 1/2/95, Hal wrote: >I'm not sure what you do in this situation if they ask to see some ID >when you try to use the card. This would be rather embarrassing, it >seems to me. Sorry, I guess I left my drivers license in my other >pants... Or, never mind, try this card. That other one was from before I >changed my name... Why not, "It's a pseudonym."? Looks like an evangelistic opportunity to me. Pseudonyms can't be illegal, or Mark Twain and Bob Dylan would have written from prison. ;-). I also don't believe that you are legally required to produce ID for a credit card purchase. That was the point about those pictures on the front of Citibank cards. Citicorp did that to get around the legal restrictions on demanding ID to cope with the much larger issue of fraud. Most (smaller) vendors hardly check the signature on the back, much less validating it against a state ID, however. Hmmm. What if you produced a pseudonym card *with* your picture on the front? I smell a market opportunity. Or not... >And personally, I am more concerned about the >bank and gov't tracking my spending patterns than whether the guy I buy >gas from knowing my name. The bank has a lot more information about me >which is much more threatening to my privacy. A nom de guerre VISA or >debit card does not seem to help this problem. Indeed. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Connie Sadler Date: Tue, 3 Jan 95 09:30:30 PST To: cypherpunks@toad.com Subject: EFF PGP Workshop Message-ID: <01HLEL9APM96000ONS@MR.STANFORD.EDU> MIME-Version: 1.0 Content-Type: text/plain Sure would be nice to have a PGP workshop in the Bay Area - any EFF members or others willing? Connie From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Tue, 3 Jan 95 09:44:37 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme Message-ID: <199501031745.JAA09281@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- From: Brian Lane > I don't see why a debit card couldn't be anonymous, even to the point > of having no name, AND no picture on it. Yes, the bank has the money, but > their only obligation is to dish it out to the vendors/ATMs that you have > used your card with. Why should a bank care who you are once they have > your money in the account. Again, it is unclear here whether you are proposing that you would be anonymous to the bank or just have a blank card. As I wrote, banks are required to get SS#'s for depositers right now, and I wouldn't expect that to change any time soon. If anything, the trend appears to be towards more tightening rather than less. Duncan and/or Sandy have suggested giving a fake SS# when you open your secured account; maybe that would be legal but it sounds questionable to me. > As to avoiding fraud with the card, is it really that huge of a > problem? As long as noone copies the number(could go so far as no > embossed number. Just a gloss black card with a hologram of a Bald Eagle > on the front of it), and you don't lose the card how can someone use your > account? I used my VISA yesterday, and after swiping it through the now-ubiquitous card readers the vendor was required by the machine to manually enter the last four digits on the card. He complained that this was something new and was happening very frequently now (maybe a change with 1995?). I have heard of fraud where people make fake VISA cards (or steal them) and re-program the mag stripe to have a different number than what is on the front. Maybe this is a countermeasure for that. It doesn't sound like a blank card is the direction the industry is going. Does anyone have more info on this change? Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLwmNFBnMLJtOy9MBAQF4gAH7BgHuNzraGdAujkbnStXf9knBUYCKiJZv zodiYtbEFAKuuPUIT/aqyM1L7IPRbMuNMSW9hmel3k11g9ATHy+doA== =n71e -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Tue, 3 Jan 95 09:51:56 PST To: Cypherpunks@toad.com Subject: Press attack on anonymity. Message-ID: MIME-Version: 1.0 Content-Type: text/plain Yesterday an "opinion" article appeared in the SF Chronicle, written by some unimportant person who knew absolutely nothing about the internet. Today a similar, but better informed article, appeared in many newspapers, originating from the New York Times. Articles written for newspapers are written to survive arbitrary truncation, hence key points first, lesser points later. The interesting thing is that the two articles, despite different authors, had equivalent key points, implying that some single higher authority gave out a list of points to be made, but left the headline and overall spin to the columnist. Indeed, when one reads beyond the key points that were equivalent in both articles, it is as if one suddenly encounters a different journalist. There is an abrupt change of tone and style when one reads from the uniform part to lesser points. The key points in both articles are that the government should do something coercive to stop anonymity on the internet, and that there is widespread support for such a move. Note that since both articles are obviously tentacles, there is a mysterious and anonymous powerful person -- the single higher authority of which I spoke earlier -- who is anonymously attacking anonymity. In my opinion when a mysterious anonymous and powerful voice proclaims that the government should coerce someone, it is usually the government speaking -- a government department with guns is running up a trial balloon. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy Sandfort Date: Tue, 3 Jan 95 10:11:53 PST To: Hal Subject: Re: Anonymous payment scheme In-Reply-To: <199501022121.NAA07411@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 2 Jan 1995, Hal wrote: > . . . > There are a couple of issues here. One is whether you could get a > debit card with another name printed on it than your own. Sandy > Sandfort and some others have suggested here that this would be legal > and possible already as long as you don't do it with the intention to > commit fraud. You can open a secured account by mail and give a false > name. > Opening an account in the US without ID is very difficult > I'm not sure what you do in this situation if they ask to see some ID > when you try to use the card. This would be rather embarrassing, it > seems to me. Sorry, I guess I left my drivers license in my other > pants... Or, never mind, try this card. That other one was from before I > changed my name... > > The other issue is whether you could set up a payment system which did > not require social security numbers from the participants. I think > this is much more questionable. Although the phone cards and some > other restricted usage systems are apparently legal, bank accounts seem > to have many more restrictions. Barter and scrip systems are also > heavily regulated. All these laws involving reporting requirements, > etc., were passed to help the government track the flow of money. > There is no way the government is going to make an exception at this > point. In fact, I suspect that if the limited systems expanded to > where they were used for general payments, the government would crack > down. I recall reading that just such a crackdown occured in Las Vegas > when casino chips started to be accepted for non-gambling payments. > > So, you may be able to have a form of anonymity from the person you are > transacting with, but I don't think you can be anonymous from the bank > and from the government. And personally, I am more concerned about the > bank and gov't tracking my spending patterns than whether the guy I buy > gas from knowing my name. The bank has a lot more information about me > which is much more threatening to my privacy. A nom de guerre VISA or > debit card does not seem to help this problem. > > Hal > > -----BEGIN PGP SIGNATURE----- > Version: 2.6 > > iQBVAwUBLwhuNRnMLJtOy9MBAQEkPQIAqEEglLxt8E4Rrgh7dR93fuCSJUI+UMgF > 3XUrsTxM4whOejFMrluOAYM+2RdBOgYTk1mNEiAgSUPLLScIa9zU5A== > =CF5G > -----END PGP SIGNATURE----- > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy Sandfort Date: Tue, 3 Jan 95 10:20:33 PST To: Alan Bostick Subject: Re: Exporting cryptographic materials, theory vs. practice In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 2 Jan 1995, Alan Bostick wrote: > . . . > > Right now, I don't think U.S. Customs is going to ask you if you > > have PGP in your PC if you leave the country, or return either. > > > > They should, and I'd be proud to say yes. > > And you can beam with pride as they impound your PC and take it away. > Gosh. Sometimes it's just swell to be a cypherpunk. Kinda chokes me > up. . . . No reason to risk a hassle by exporting PGP from the US on your laptop, it's everywhere. Just take your Secret Keyring file and download PGP from a foreign FTP site once you are out of the US. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: db@Tadpole.COM (Doug Barnes) Date: Tue, 3 Jan 95 09:16:13 PST To: rogaski@phobos.lib.iup.edu (Mark Rogaski) Subject: Re: HACK - EFH Presents Free PGP Encryption Workshop (fwd) In-Reply-To: <199501030819.DAA29763@phobos.lib.iup.edu> Message-ID: <9501031715.AA08257@tadpole.tadpole.com> MIME-Version: 1.0 Content-Type: text/plain > > Just thought you may be interested in this. > Anybody ever hear of this EFH group? It's nice to see somebody making > PGP a little easier for the average jane/joe end-user-type to use. > Yes, many of the EFH founders have participated in EFF-Austin events. Steve Ryan, one of the EFH founders, spoke last week at HoHoCon (as did myself, Jim McCoy and Jeremy Porter.) I think the program is an excellent idea, and will be getting feedback from attendees with an eye to doing something similar here at some point. Doug From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "An annoyed user" Date: Tue, 3 Jan 95 10:54:25 PST To: Cypherpunks Subject: Anon penet addresses Message-ID: <9501031851.AA27170@toad.com> MIME-Version: 1.0 Content-Type: text/plain To whomever keeps signing up penet addresses of the form "anXXXX" to cypherpunks: Cut it out. I've changed your address from the anXXXX to the naXXXX address. If you don't know why anXXXX is antisocial, I can tell you while flaming you for not understanding what you['re doing. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy Sandfort Date: Tue, 3 Jan 95 10:57:36 PST To: Cypherpunks Subject: SAN FRANCISCO EDITORIAL Message-ID: MIME-Version: 1.0 Content-Type: text/plain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Here is a guest editorial that ran in Monday's SF Chronicle. It should make your blood boil. S a n d y * * * ANARCHY, CHAOS ON THE INTERNET MUST END Elections are over, and for better or worse, recognized leadership is installed and working in most places. Yet, in Cyberspace the electronic world dominated by the much-vaunted Internet, there is not much order. This huge international computer web tying together about 30 million people is governed by no one. What an amazing state of affairs. The most powerful communications medium ever invented is being left to the equivalent of mob rule. Last year was the year of the Internet in the media. Clearly it is now mainstream. Nonetheless, judging by what you read or hear, the key question of who runs it is not even an issue. It is more fun, after all, to contemplate shopping in an electronic mall or how to order a pizza through a modem. No matter, if you scratch the surface of this big, happy party, the need for firm direction is all too obvious. Also reported in the press is an expanding array of Internet problems. Unregulated broadcasting of sexually explicit material that is readily available to children usually heads the list, but on-line sexual harassment, profanity, defamation, forgery and fraud run close seconds. The secretiveness that computer communications allows is a special reason why abuse is easy. National and personal security are serious considerations when anyone can, with complete anonymity, send encrypted information worldwide via the Internet. Such problems are further exacerbated by a computer located in Finland called the Anonymous Server, which exists for the sole purpose of laundering computer messages, much like dirty money is laundered through small island nations. Consequently, if you want to, say, threaten someone with death, your risk of retribution is small, courtesy of the Anonymous Server. Nowhere are Cyberspace difficulties more evident than in the inevitable swing toward Internet commercialization. The widely reported turf war rages between academic factions that controlled the Internet before it went public and business newcomers who now want access to its huge audience. Electronic attacks on business people by means ranging from computer insults, called flames, to assorted forms of electronic vandalism, persist uncontrolled. Worst of all are the ``canceller robots,'' computer programs meant to erase the communications of anyone the hackers who usually launch them wish to silence. These self-styled vigilantes routinely challenge free speech in Cyberspace unabated. Internet access providers, companies that connect people to the Internet for a profit, likewise assume the role of censors, arbitrarily closing accounts of those whom they disapprove. Given its international nature, one obvious way to bring much needed order to the Internet is through diplomacy. The United States should lead in this. A good beginning might be to urge the Finnish government to deactivate the Anonymous Server. Diplomacy could also help to establish an international standard of recognizing laws existing at the point of origin as controlling the message sender. When conflicts arise, governmental diplomacy should again be the answer, just as it is with other trade and communications issues. Next, laws already regulating behavior in the real world should be applied in Cyberspace. This is already taking place on a case-by-case basis, but the process is too slow. The Supreme Court should act to crate a precedent stating that crime is crime, even when the criminal instrument is a computer keyboard. In the United States, legislation should be passed making Internet access providers common carriers. This will get them out of the business of censorship and under the guiding hand of the Federal Communications commission. People need safety and order in Cyberspace just as they do in their homes and on the streets. The current state of the Internet makes it clear that anarchy isn't working. If recognized governments don't find a way to bring order to the growing and changing Internet, chaos may soon dictate that the party is over. ---------- Martha S. Siegel is the author of ``How to Make a Fortune on the Information Superhighway'' and CEO of Cybersell in Scottsdale, Ariz. * * * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Charles Bell Date: Tue, 3 Jan 95 11:28:50 PST To: Sandy Sandfort Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain The author of this editorial is the Siegel of Cantor and Siegel fame, nicht wahr? Perhaps someone with detailed knowledge of that brouhaha should write the Examiner and point out that they allowed their editorial page to be used for ex parte pleading by one of the worst offenders in the history of the Internet -- and without informing their readers they were doing so. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: frissell@panix.com (Duncan Frissell) Date: Tue, 3 Jan 95 08:34:26 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme Message-ID: <199501031634.AA16432@panix.com> MIME-Version: 1.0 Content-Type: text/plain At 07:42 AM 1/3/95 -0800, bmorris@netcom.com wrote: >With a debit card you can't be anonymous, because your money resides in >the bank. With digital cash, and the ability to transfer money to >another digital cash card via phone lines, I don't see how they can >successfully trace everything. They will try, no doubt. Unless you open a bank account in a nome de guerre. In the Inter-mountain West and in small towns elsewhere, it is often possible even today to open a bank account with "soft ID." Such ID would include employment ID and student ID. Since anyone can be an employer or a school, anyone can issue such soft ID. These items work very well if backed up with a secured VISA card from one of the many issuers. Some of the issuers of secure credit cards want references but many will issue their cards if your name comes up as having no credit record. Made up people are the most likely to have no credit history. Even though a VISA card is not meant to be ID, most people (even state DMV offices) treat it as ID. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mclow@coyote.csusm.edu (Marshall Clow) Date: Tue, 3 Jan 95 11:42:04 PST To: cypherpunks@toad.com Subject: Re: SAN FRANCISCO EDITORIAL Message-ID: MIME-Version: 1.0 Content-Type: text/plain Sandy wrote: >C'punks, > >Here is a guest editorial that ran in Monday's SF Chronicle. It >should make your blood boil. > [ ranting gibberish deleted ] > >Martha S. Siegel is the author of ``How to Make a Fortune on the >Information Superhighway'' and CEO of Cybersell in Scottsdale, Ariz. > Not _the_ Martha Seigel, of Cantor & Seigel, targets of fine cancelbots everywhere? -- Marshall Marshall Clow Aladdin Systems mclow@coyote.csusm.edu From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: John Young Date: Tue, 3 Jan 95 09:55:13 PST To: cypherpunks@toad.com Subject: NYT on MEMS Message-ID: <199501031755.MAA07431@pipe1.pipeline.com> MIME-Version: 1.0 Content-Type: text/plain Malcolm Browne has longish article today on MEMS and current mathematical and engineering research on their use to control turbulence -- in planes, ships, submarines, blood, water, flatulence. For email copy send blank message with subject: MEM_tug From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cactus@seabsd.hks.net (L. Todd Masco) Date: Tue, 3 Jan 95 10:08:25 PST To: cypherpunks@toad.com Subject: Re: GUI: PGP vs novices Message-ID: <199501031814.NAA24428@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article , Dave Del Torto wrote: >The Cypherpunks should really launch a new list oriented toward novices >with basic questions. It could be a Web page with a question form, or even >an email address for the Web-challenged (I may do it, but I welcome any >offers to help). As an incentive to Cypherpunks, their friends and >colleagues and members of the general public, I'm hereby offering to spend >some time answering questions for novice users at either: > > or > . I attempted to set something like this up about 7 months ago. I got so little interest that I never set up the mailing list. Better than a single person's address, I'd suggest a pgp-help mailing list for all interested folks, just as the flexfax list works for flexfax users and commercial products have their own lists. I just set up a list on pgp-help@hks.net, and I'll place pgp-questions@lsd.com on the list (assuming you won't object). Anybody else who's interested, send me mail at pgp-help-request@hks.net. I don't have the list of folks who volunteered last time, so this'll be fresh. - - -- Todd Masco | "'When _I_ use a word,' Humpty-Dumpty said, in a rather cactus@hks.net | scornful tone, 'it means just what I choose it to mean - cactus@bb.com | neither more nor less.'" - Lewis Carroll - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwlY4hNhgovrPB7dAQEBvQQA1vxwGcYZ28qlytX3jrY95WN/L11X1FG2 MGwWjjk8BZ2cXk1uvLWtuhoNGwzqhup/aGLVGuPo2QjFPiqwjoA5pa+9+8093dpl tBMziDmJ5/Pg3jWirRiuuREa5Ki977I/uplp3Ysh0ioz07Ws44susZrcdDHbIChL TYKrC1DROi4= =GbTI - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwmT2yoZzwIn1bdtAQFvxwGAgkaHPEh2A7NuPXJgtNBNqV4j9KrnLbex az8jQmFpTfBaAbLPfP5i7tdVPjJ21xom =yR+4 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: koontz@MasPar.COM (David G. Koontz) Date: Tue, 3 Jan 95 13:44:53 PST To: cypherpunks@toad.com Subject: Re: Press attack on anonymity. Message-ID: <9501032146.AA19980@argosy.MasPar.COM> MIME-Version: 1.0 Content-Type: text/plain Sandy Sandfort posted an editorial from the Mondays SF Chronicle. There is a front page story in todays San Jose Mercury News on why anonymity is a bad thing. Its from a New York Times story by Peter H. Lewis The question is who launched all this stuff? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: frissell@panix.com (Duncan Frissell) Date: Tue, 3 Jan 95 10:47:10 PST To: Cypherpunks@toad.com Subject: Re: Press attack on anonymity. Message-ID: <199501031847.AA16557@panix.com> MIME-Version: 1.0 Content-Type: text/plain At 09:51 AM 1/3/95 -0800, James A. Donald wrote: >Yesterday an "opinion" article appeared in the SF Chronicle, >written by some unimportant person who knew absolutely >nothing about the internet. > >Today a similar, but better informed article, appeared in >many newspapers, originating from the New York Times. The later is presumably Peter Lewis' article on anonymity on the nets that appeared in the Saturday Times. It was not that negative about anonymity although it did seem to confuse spoofing with anonymity (since it talked about digital signatures as a response to "problems"). He did not advocate government intervention. Since the Supremes have always supported anonymous speech, it seems unlikely that anonymity could be outlawed. Things like mandatory identification for net access (hard to enforce worldwide) would also seem to be a "government license for publication" which is what the 1st Amendment was specifically written to stop. In any case, using companies as cutouts for such activities is trivial. Mandatory ID of any sort only goes back as far as the first entity which can be a company formed to block tracing. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy Sandfort Date: Tue, 3 Jan 95 13:47:13 PST To: Charles Bell Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 3 Jan 1995, Charles Bell and several others wrote along these lines: > The author of this editorial is the Siegel of Cantor and Siegel fame, > nicht wahr? > > Perhaps someone with detailed knowledge of that brouhaha should write the > Examiner and point out that they allowed their editorial page to be used > for ex parte pleading by one of the worst offenders in the history of the > Internet -- and without informing their readers they were doing so. Gosh, my education seems to be remiss with regard to the case/ incidents referred to. Could someone let us know who this person is and what her claim to fame is? (It certainly isn't her logic or writing ability.) S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: paul@poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 3 Jan 95 12:04:13 PST To: cypherpunks@toad.com Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: <199501032006.AA04977@poboy.b17c.ingr.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Despite the odiousness of the source, might it be a Good Thing to get a law giving ISPs common-carrier status passed? When you're a common carrier, no one hassles you about the content you pass-- this would make it much easier for anon remailers to flourish. - -Paul - -- Paul Robichaux, KD4JZG | Good software engineering doesn't reduce the perobich@ingr.com | amount of work you put into a product; it just Not speaking for Intergraph. | redistributes it differently. ### http://www.intergraph.com ### -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwmuSafb4pLe9tolAQF/EwQAkaG3Aeg5NRAXtlC7EkhQz1iONk0cBFSA a8CS+w0MgIK2ZpdQRfXDQuBrZ1Mowx1OTEaw4pZayIomFWAb1D4Kkdi8NKgBN53C Y4T8KEri2xSP3MESjKGcqw8p8ps/8W4ylGw2xyatIq8GWilNb9DHe5Y+/fxCkcyg aONdWuogsQE= =dYl4 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Robert A. Hayden" Date: Tue, 3 Jan 95 12:11:05 PST To: Hadmut Danisch Subject: Re: Stegno for Kids In-Reply-To: <9501031834.AA21554@elysion.iaks.ira.uka.de> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Hadmut Danisch wrote: > I had something like that as a toy about 20 years ago. A single pen with > tips on both sides. One to write, the other to develop. Didn't they have it > in America also? There was also this thing where you would get these books and a magic marker, and they you would do puzzles in the book, and use the pen to develope the answer. The old Infocom hint books also used a similiar setup. ____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> All I want is a cure... \/ Finger for PGP Public Key <=> And all my friends back! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Erik Selberg Date: Tue, 3 Jan 95 14:17:58 PST To: Cypherpunks Subject: Re: SAN FRANCISCO EDITORIAL Message-ID: <199501032218.OAA03693@meitner.cs.washington.edu> MIME-Version: 1.0 Content-Type: text/plain > C'punks, > > Here is a guest editorial that ran in Monday's SF Chronicle. It > should make your blood boil. > > > S a n d y > > * * * > > ANARCHY, CHAOS ON THE INTERNET MUST END Yup, it's the same net-spamming Siegel, arguing for: End of mob rule, so she can advertise everywhere for free; End of anonymous encryption, so we can't send plans for the new stealth basselope to the commies (or I guess it's liberals, nowaways). End of anonymous mail, so she can tell back at all those who yell at her for spamming Terms of surrender for us academic types, who only exist to attack business people (and, if you're at CMU, check out the nudie pics) End of private providers yanking abuser's accounts basicly, a nice editorial which sugar-coats what she wants, which is the ability to send out what she wants, ensure that it gets to everyone she sends it to, and not worry about flames or getting the boot. What's scary is that it's very easy to slide this kind of stuff onto an ignorant and conservative legislature. Big leaders who want to do good see an obvious good side to removing the ability to post anonymously --- law enforcement can track people making drug transactions, and if someone broadcasts a nudie pick found to be obscene in TN, well hey, they can now haul his ass to TN for some jail time. It's going to take a lot of lobbying to ensure that this doesn't happen. work: (206) 543-7798 Erik Selberg play: (206) 517-3039 speed@cs.washington.edu I get by with a little help from my friends... From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jeff Barber Date: Tue, 3 Jan 95 11:38:29 PST To: sandfort@crl.com (Sandy Sandfort) Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: <9501031929.AA13882@wombat.sware.com> MIME-Version: 1.0 Content-Type: text/plain Sandy Sandfort writes (quoting SF Chronicle article): [ Much bs elided ] > Martha S. Siegel is the author of ``How to Make a Fortune on the > Information Superhighway'' and CEO of Cybersell in Scottsdale, Ariz. Isn't this the Siegel of the infamous "Canter and Siegel"? -- Jeff From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy Sandfort Date: Tue, 3 Jan 95 14:33:58 PST To: "Perry E. Metzger" Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: <9501032202.AA13835@snark.imsi.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Oh, THAT Cantor and Seigle. If someone with the facts (Perry?) is so inclined, a letter to the editor would be in order. These scum bags need to be exposed. The address is: San Francisco Chronicle 5th and Mission San Francisco, CA 94103 S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Tue, 3 Jan 95 14:44:36 PST To: cypherpunks@toad.com Subject: Re: San Francisco Editorial Message-ID: <199501032244.OAA15281@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Another point re Cantor and Siegel is that there is now a service calling itself CancelMoose which goes through Julf's anon server in Finland (anon.penet.fi) to cancel spams. (Spams are off-topic, nearly-identical posts to large numbers of groups.) This is what Siegel is really upset about. She and her husband are publishing a book telling businesses how they can use spam posts on usenet as free advertising. But now CancelMoose is a relatively accepted counter to these increasingly-frequent spams (pyramid schemes, etc.). This makes their book obsolete and really hits them where it hurts. But they can't sue CancelMoose because its identity is hidden. Personally, I don't like the idea of cancelling other people's posts, spam or not. I would rather see news readers enhanced to detect copies of posts I have already seen and delete them. The awful thing about Cantor and Siegel's Green Card spam was that they didn't cross-post, they used a bot to individually post to all groups. I was shown their message headers for days. Ordinary off-topic posts don't bother me much because I can ignore them easily. With a better newsreader the Green Card spam would have been equally trivial to ignore. The scary thing about cancels is that some proposals have actually been directed at anonymous posts themselves. Someone anonymously posted what purported to be a grisly transcript of the last seconds of the doomed Challenger crew as they fell to the ocean. This caused a great hue and cry and some calls for banning anonymous posts and/or retroactively cancelling them. This led to some very amusing events which Detweiler has chronicled in his FAQ on anonymity, the net result of which was that the idea was discredited. But the emergence of CancelMoose is not an altogether positive event in my view. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLwnTGRnMLJtOy9MBAQGjFAH/WEzWgAEG4mX9c6yR1iyR2nWq3V1AvUBL lC1rTlUWUf8YWZDmVAuOkg8AH8nPo3L1e67l66wMrgGedaCD39/3Aw== =psrV -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Black Unicorn Date: Tue, 3 Jan 95 11:55:53 PST To: Sandy Sandfort Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Sandy Sandfort wrote: > Date: Tue, 3 Jan 1995 10:58:09 -0800 (PST) > From: Sandy Sandfort > To: Cypherpunks > Subject: SAN FRANCISCO EDITORIAL > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > Here is a guest editorial that ran in Monday's SF Chronicle. It > should make your blood boil. > > > S a n d y > > * * * > > ANARCHY, CHAOS ON THE INTERNET MUST END [Trash about mob rule, and the need for international diplomacy (Read U.S. imposition of local law to foreign sovereigns) to correct the problem, happily deleted.] > > Martha S. Siegel is the author of ``How to Make a Fortune on the ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Information Superhighway'' and CEO of Cybersell in Scottsdale, Ariz. ^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^ I guess anonymous posting abilities just kill the internet direct mail business hmmmm? 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Ben Goren Date: Tue, 3 Jan 95 14:45:02 PST To: cypherpunks@toad.com Subject: Re: Stegno for Kids In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Lemon juice makes a good invisible ink for kids. Write the message; heat the paper to reveal it. I used a match, but I suspect a hairdryer would be much more sensible. b& From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: marsha-w@uiuc.edu (Marsha-W) Date: Tue, 3 Jan 95 13:52:15 PST To: cypherpunks@toad.com Subject: LAW AND ETHICS ON THE "NETS" Message-ID: MIME-Version: 1.0 Content-Type: text/plain Looks like more of a push for regulation: Charles Bell thought you all might have something to say about this... ------------------------------------------------------------------------------ ABA SCI/TECH SECTION, IPPP COMMITTEE LAW AND ETHICS ON THE "NETS" December 8, 1994 The John Marshall Law School's Center for Informatics Law, in conjunction with the ABA Section of Science & Technology Committee on Information Practices, Policies, and Privacy, is undertaking a project entitled, "Law and Ethics on the 'Nets'" (LEON). The development of a national information infrastructure and a global electronic network, of which Internet is the backbone, has presented a multitude of legal and ethical problems involving use and abuse of the networks, nationally and worldwide. Almost on a daily basis, news items announce electronic network transmissions constituting hate mail, profanity, vulgarity, obscenity, child pornography, sexual harassment, defamation and invasion of privacy. The violation of intellectual property rights and information system security are also frequent occurrences. National and international discussions consider such questions as what "rules of the road" ought to apply, who can make them, how can they be enforced, and what will be the legal and political relationships between states and nations regarding cyberspace? It is argued that at present the lawless, the intolerant and the disrespectful seem able to pollute the worldwide information stream with little constraint. Certainly, the current state of anarchy in national and global electronic networks cannot continue if the technology is to achieve the remarkable benefits that have been predicted in terms of communications among institutions and individuals, whether government, business or society at large. The purpose of the CIL/S&T project is to promote a dialogue that can lead to recommendations for treating with the many issues at hand. We solicit the participation of the Sci/Tech IPPP Committee (and interested others!) in addressing the foregoing issues. Please send me your expression of interest -- indicating what specific aspects of the various questions you would like to address, and then I'll organize us into some working groups. PLEASE LET ME KNOW YOUR INTERESTS BY JANUARY 9, 1995, SO WE CAN STRUCTURE THE PROJECT AND PROMPTLY GET UNDER WAY. We plan a program on the project for the ABA annual meeting in Chicago next August, and we hope to generate a publication for the Section concerning the project results. George B. Trubow, Professor of Law Director, Center for Informatics Law The John Marshall Law School 315 S. Plymouth Ct. Chicago, IL 60604-3907 Fax: 312-427-8307; Voice: 312-987-1445 E-mail: 7trubow@jmls.edu Marsha Woodbury marsha-w@uiuc.edu U of Illinois/Urbana-Champaign FAX 217-356-7050 Home 217-337-0001 Work 217-244-0780 http://www.cpsr.org/dox/global.html From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Dr. D.C. Williams" Date: Tue, 3 Jan 95 12:55:30 PST To: cypherpunks@toad.com Subject: Re: Press attack on anonymity. Message-ID: <199501032101.QAA27544@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Forwarded message: - From dcwill@python.ee.unr.edu Tue Jan 3 11:52:23 1995 From: "Dr. D.C. Williams" Message-Id: <199501031952.LAA04685@python.ee.unr.edu> Subject: Re: Press attack on anonymity. To: asgaard@sos.sll.se (Mats Bergstrom) Date: Tue, 3 Jan 1995 11:52:15 -0800 (PST) Cc: dcwill@python.ee.unr.edu (Dr. D.C. Williams, P.E.) In-Reply-To: from "Mats Bergstrom" at Jan 3, 95 08:05:49 pm X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 842 Mats Bergstrom wrote: > Since Joe User doesn't really > care if he can connect anonymously or not, at least not yet, > they might very well succeed in making some aspects of anonymity > 'illegal'. But who cares, if anonymous agents can't be traced? Because then the last, unstoppable act of the State will be to clamp down on anonymous agents. See "How to Boil Live Frogs". You can't dump them into boiling water because they will jump out. Instead, start at a comfortable temperature and turn up the heat a little bit at a time. Eventually, the frogs become unable to escape and are lulled to their unconscious death. I equate "making some aspects 'illegal'" with increasing the water temperature. To paraphrase and oft-seen .sig from this list: "Seldom is freedom of any kind lost all at once." =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwm6/ioZzwIn1bdtAQGuRwGAobH2lCXDIHUCitG1mcI0RasjMOWjovT2 xUpa1Xta/mphm/s+2H21f7kuFvY6smcn =wclb -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: raph@netcom.com (Raph Levien) Date: Tue, 3 Jan 95 16:59:09 PST To: cypherpunks@toad.com Subject: Siegel and Lewis Message-ID: <199501040022.QAA21291@netcom17.netcom.com> MIME-Version: 1.0 Content-Type: text/plain I just got off the phone with Peter Lewis, reporter for the New York Times. He is unaware of any grand consipracy to regulate the Net, but then again if there was one, I don't think they'd tell him. His piece that ran Saturday was badly mangled by the editorial process, especially since it ran on page one. Those articles get to be mangled by a whole new set of people who otherwise wouldn't get to touch it. I think Lewis has basically good intentions, and does do his homework before writing a story. Yecchh. Now I know why I don't rely on daily newspapers for my news (the Internet keeps me up on the fast-breaking stuff, and the Economist fills me in on the rest). The fact that most people rely papers and the even worse TV news does not bode well. Martha Siegel is just fucked up enough that she will probably push for legislation regulating the nets. Congress is just fucked up that they might pass it. Raph From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Tue, 3 Jan 95 14:37:58 PST To: Cypherpunks Subject: calls for regulation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain This is pretty scary, I mean it always sat in the back of my mind that they would attemt to rgulate the net, and to pass legislation and all, but now that it is rearing it's head and looks like there is going to be a push for it, I am actually concerned, to teh point of fear almost. Not a paralyzing fear, but a definite feeling that action is neccesary now to either head it off, or provide for alternative forms of communication on the Net if it does come. Thank goodness the cypherpunks have been working on crypto, it is at least deployed enough now that any attempt to control that would entail drastic measures, like REALLY drastic. I think perhaps we should make a concerted effort to alert eh rest of the net of these happenings, and to tell them to contact their legislators and such to try and stop it, or at least attempt to stop the hystericism that these articles will drum up in congress. Perhaps someone will be kind enough to write "newsletter" or a post to be spread throught usenet and other BBS's and mailing lists(under control, not spamming or anything) that alerts people on what is happening, and what they can do about it. I am afraid I am to inexperienced as a writer of such things, I could do it, but i am sure that others here would do much better jobs of it, and thus influence mroe action from the people on the net. get on your boots fellas, load your guns too. Loks like a war is starting up, or is it a police action 8) i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy Sandfort (by way of marsha-w@uiuc.edu (Marsha-W)) Date: Tue, 3 Jan 95 14:34:18 PST To: cypherpunks@toad.com Subject: Re: LAW AND ETHICS ON THE "NETS" Message-ID: MIME-Version: 1.0 Content-Type: text/plain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Thanks to Marsha-W for telling us about the "Law and Ethics on the 'Nets'" project being organized at the John Marshall Law School. I'm signing up. I think ALL of us should, if you get my drift. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Tue, 3 Jan 95 14:01:58 PST To: Sandy Sandfort Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: <9501032202.AA13835@snark.imsi.com> MIME-Version: 1.0 Content-Type: text/plain Sandy Sandfort says: > Gosh, my education seems to be remiss with regard to the case/ > incidents referred to. Could someone let us know who this person > is and what her claim to fame is? (It certainly isn't her logic > or writing ability.) Martha is a de facto disbarred attorney, who, along with her equally slimey hubby, also a de facto disbarred attorney (both resigned from the Florida bar for ethical violations rather than be disbarred), began posting to every group on Usenet a scummy ad explaining that if people would only pay them a bunch of money they would file entries into last years green card lottery for their clients, who, of course, could have simply sent their letters in on their own for free. The net reacted rather violently to their spamming, because unlike most rational individuals they contended that they were doing something perfectly decent and honest. People stopped them in the long run by rigging up cancelbots to administer the Usenet death penalty to them. No one would be giving them a shred of respect, except for the fact that a certain New York Times reporter named Peter Lewis appeared to miss the point in certain articles he published about the incident. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brian Lane Date: Tue, 3 Jan 95 17:24:48 PST To: Hal Subject: Re: Anonymous payment scheme In-Reply-To: <199501031745.JAA09281@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Hal wrote: > > I don't see why a debit card couldn't be anonymous, even to the point > > of having no name, AND no picture on it. Yes, the bank has the money, but > > their only obligation is to dish it out to the vendors/ATMs that you have > > used your card with. Why should a bank care who you are once they have > > your money in the account. > > Again, it is unclear here whether you are proposing that you would be > anonymous to the bank or just have a blank card. As I wrote, banks are I'm aiming towards anonymous from everyone. The vendor, and the bank. > required to get SS#'s for depositers right now, and I wouldn't expect > that to change any time soon. If anything, the trend appears to be > towards more tightening rather than less. Duncan and/or Sandy have > suggested giving a fake SS# when you open your secured account; maybe > that would be legal but it sounds questionable to me. I guess I'm being a little too unrealistic about my wishes. In my ideal case the IRS and the government would have nothing to do with the bank. Fake SS# is a good idea, but noone seems to know exactly how legal this is. They could, for example, claim that you were trying to defraud the bank and/or the IRS. > I used my VISA yesterday, and after swiping it through the now-ubiquitous > card readers the vendor was required by the machine to manually enter the > last four digits on the card. He complained that this was something new > and was happening very frequently now (maybe a change with 1995?). I I hadn't heard of this. Its been a couple of years since I've had a VISA card. > have heard of fraud where people make fake VISA cards (or steal them) and > re-program the mag stripe to have a different number than what is on the > front. Maybe this is a countermeasure for that. It doesn't sound like a > blank card is the direction the industry is going. Does anyone have more > info on this change? That's why I suggested the blank card(no embossing). Without that it makes it more diffcult to get your card number. I envision a transaction like so: 1. Card is swiped and the database is checked for your card # and enough balance for the purchase. 2. If authorized, a receipt is printed without card #. To get your card # the criminal has to either intercept the transaction with the database(not too hard), or comprimise the database itself. As long as you keep your card physicly secure you should be reasonably secure. Brian P.S. I apologize for any misspellings or missing chars. My ISP(seanet.com) misses incoming characters when more than 3 sz sessions are running. ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane@seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: roy@cybrspc.mn.org (Roy M. Silvernail) Date: Tue, 3 Jan 95 18:31:51 PST To: cypherpunks@toad.com Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: <199501032006.AA04977@poboy.b17c.ingr.com> Message-ID: <950103.173130.6M1.rusnews.w165w@cybrspc.mn.org> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, perobich@ingr.com writes: > Despite the odiousness of the source, might it be a Good Thing to get > a law giving ISPs common-carrier status passed? > > When you're a common carrier, no one hassles you about the content you > pass-- this would make it much easier for anon remailers to flourish. I can't speak for ISPs in general, but when I still ran a public-access system, the absolute last thing I wanted was to be thought of as a common carrier. While common carriers are held blameless for the content of traffic they pass, they are also heavily regulated. In general, a common carrier may not refuse to provide services unless special circumstances exist. Want to bet Usenet abuse won't be one of those circumstances? Spammers would love such a state of affairs. (and remember who wrote that whine) I'm for keeping regulation out of the Inet whenever and wherever possible. - -- Roy M. Silvernail [ ] roy@cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request@cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwnfPxvikii9febJAQF/QwQAuwj1FBH/Dcx0eG6gES6DB0cxYroSHkCe L1QP67dyjtyQ+DGIV/+JLUJuAuszmNenzv2dqUL//Nmp5dpLqVSTm2n4D6cGrs3/ YlU0J1TixBnoPMkOKFs18czBQRw/ezSH9tnCKQ0PFf+f1Se/tvS3htOxohkKPpGe 7g85dDm4wow= =slH/ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Lile Elam Date: Tue, 3 Jan 95 17:49:51 PST To: jamesd@netcom.com Subject: Re: Press attack on anonymity. Message-ID: <199501040143.RAA22066@art.net> MIME-Version: 1.0 Content-Type: text/plain Or prehaps it is someone at HotWired... :) -lile From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Arsen Arachelian Date: Tue, 3 Jan 95 15:01:47 PST To: sal@panix.com Subject: rarachel - no email Message-ID: MIME-Version: 1.0 Content-Type: text/plain Hey guys, It's me. Don't let the new account name, and the horrible name of this despicable machine throw you off. It's me, Ray Arachelian. Some rat(s?) hacked into photon, the machine where my home account lives, and now, while I can read my prism email by going through major acrobatic maneouvers, I have to use this slimy shitty student account. So for the time being, please direct any mail to this account aarach01@barney.poly.edu (God I hate this machine's name!) I'll still be able to read anything you send to prism for the time being (durring winter recess they said.) See, I have to log in to barney, ftp my mailbox over from prism, telnet to barney and delete my mailbox, and then read it with pine... :-( [Eileen, could you at least build a home directory for my old account with a .forward to Barney for now? Or just let me use prism without having to have photon connected to it?] Thanks, -- Ray (Arsen) Arachelian. [also known as rarachel@prism/photon.poly.edu, RayDude@aol.com, etc.] From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Arsen Arachelian Date: Tue, 3 Jan 95 15:06:31 PST To: "David K. Merriman" Subject: Re: Comdex Disks? In-Reply-To: <199412272331.AA09920@metronet.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 27 Dec 1994, David K. Merriman wrote: > Back some time ago, there was some discussion of giving away disks at Comdex > in NY; by any chance, does anyone have a copy of the contents of what was on > those disks? I'd like to be able to give away 'basic info' in > easy-to-handle format :-) That was my puppy. My friend Sal@panix and I gave the disks away at PC-EXPO and at various other events. I have the lastest disk version of it if you want it, but you'll need to update PGP on the disk and maybe include/add/remove some articles from the articles package. You can call me at 212-618-8818 (work) or email me here, but with the situation with my account, call me instead. (And that goes for anyone else on the list willing to send diskettes out. Please don't call me if you aren't going to give out disks and are just interested in a copy. You can ftp the old copies from somewhere in Canada...) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Johnathan Corgan Date: Tue, 3 Jan 95 18:48:58 PST To: Sandy Sandfort MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- >No reason to risk a hassle by exporting PGP from the US on your >laptop, it's everywhere. Just take your Secret Keyring file and >download PGP from a foreign FTP site once you are out of the US. Or you can do what someone mentioned to me he does when he travels abroad: He keeps PGP and his keyrings on a floppy, but then _deletes_ PGP.EXE. Of course, being a good PC user, he _always_ carries a copy of Norton Undelete with him :) Quite creative, IMHO, and technically legal. == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan@scruznet.com -Isaac Asimov WWW: (for now) ftp://ftp.netcom.com/pub/jc/jcorgan/www/homepage.htm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwoKl01Diok8GKihAQH00gP/VLWJaDaS7DNp+bv1BLszEQpOlNFyS22Y BL+Wv8Rs5efF2SG5t3E+6aHwSvaRigtjE1wwF3f46QY23ZnO1x+DTuEXy9gBRu+s usNniiyfcozfT90wPU79b/qhRrnM/Uzwxn8XddWNz0ONEk/QZqXLLx/4PdczwDaN L5XclEMG8n4= =Kzyl -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Charles Bell Date: Tue, 3 Jan 95 19:06:00 PST To: Brian Lane Subject: Re: Anonymous payment scheme In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain I don't know about the rest of these suggestions, but I am reasonably sure that using a fake social security number is a violation of federal law -- no matter what the user's motivation may have been. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: danisch@ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:08:20 PST To: cypherpunks@toad.com Subject: Re: Phil's Plight Message-ID: <9501031808.AA21529@elysion.iaks.ira.uka.de> MIME-Version: 1.0 Content-Type: text/plain > I think Phil deserves better than the > silence his plight has received as of late. True. But would it be good or bad help if something other than silence came from outside the USA? I mean if the rest of the world says they love him, the attorney will say "yes, of course. Therefore he gets sued." :-( Hadmut From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: danisch@ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:10:03 PST To: cypherpunks@toad.com Subject: Re: Why I have a 512 bit PGP key Message-ID: <9501031809.AA21532@elysion.iaks.ira.uka.de> MIME-Version: 1.0 Content-Type: text/plain > A compiler can recognize one specific piece of code or a few > specific peices of code and do something perverse. It cannot > recognize functionally equivalent code, this > being a high order artificial intelligence problem. It's enough to recognize DES tables or PGP procedures. Hadmut From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: danisch@ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:20:27 PST To: cypherpunks@toad.com Subject: Re: Why I have a 512 bit PGP key Message-ID: <9501031819.AA21541@elysion.iaks.ira.uka.de> MIME-Version: 1.0 Content-Type: text/plain > While it's likely that a sysadmin could hack the kernel to substitute > bogus MD5 hashes, doing so in certain environments could earn the sysadmin a > quick exit from employment. If it wasn't the reason he was employed for. In Germany it is not allowed to spy out someone elses phone calls. (Is it in the USA?) But some cases got public where employees of several companys got their phones tapped. It was done to find out whether they do private phone calls or what they say in private phone calls. Hadmut From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Johnathan Corgan Date: Tue, 3 Jan 95 19:36:39 PST To: cypherpunks@toad.com Subject: RE: Edupage 1/3/95 Message-ID: MIME-Version: 1.0 Content-Type: text/plain Some selected articles from Educom that may interest you... *************************************************************************** Edupage, a summary of news items on information technology, is provided three times each week as a service by Educom -- a Washington, D.C.-based consortium of leading colleges and universities seeking to transform education through the use of information technology. *************************************************************************** CYBERPHOBICS GALORE A recent Gallup poll conducted for MCI shows almost half of the 600 white collar respondents admitting they are cyberphobic or resistant to new technology. More than a third do not use a computer at all, either at home or at work, and nearly 60% don't use voice mail. Two thirds do not use e-mail at work, and about the same number don't carry a pager. The most common reason cited for anti-technology attitudes was a fear of loss of privacy. Close runners up were worries over information overload and a fear of losing face-to-face contact with associates. (Miami Herald 1/2/95 p.22) MORE INTERNET FACTS Traffic on the NSFnet grew a whopping 110% in 1994, and the number of countries online increased from approximately 137 in 1993 to approximately 159 this past year. There were 1,964 phone calls to InterNIC Registration Services during November '94. For more facts, check out http://www.openmarket.com/info/internet-index/current-sources.html. (The Internet Index, Number 5) "GIVE US YOUR MONEY, BUT KEEP YOUR OPINIONS TO YOURSELF!" A survey of small business executives conducted for IBM by Roper Starch Worldwide shows 65% of the respondents saying that building the information highway is a good use of government funds, but only 3% think the government should have "a lot" of influence on how the highway operates. Forty-four percent felt the government should have no influence, and 49% said they thought it should have "some" say in how things were run. (Inc. Technology Premiere Issue p.19) THE WIRED REVOLUTION While saluting Wired magazine's worthy premise as a publication that addresses the social and cultural effects of digital technologies, the director of the 21st Century Project at the University of Texas blasts Wired for its "fevered, adolescent consumerism, its proud display of empty thoughts from a parade of smoke-shoveling celebrity pundits, its smug disengagement from the thorny problems facing postindustrial societies, and most annoyingly, its over-the-top narcissism. If this is the revolution, do we really want to be part of it?" (New Republic 1/9-16/95 p.19) ************************************************************************ EDUPAGE is what you've just finished reading. To subscribe to Edupage: send a message to: listproc@educom.edu and in the BODY of the message type: subscribe edupage Sidney Carlton (assuming that your name is Sidney Carlton; if it isn't, substitute your own name) ... To cancel subscription to Edupage: send a message to: listproc@educom.edu and in the BODY of the message type: unsubscribe edupage. ************************************************************************ Educom -- Transforming Education Through Information Technology ************************************************************************ Written by John Gehl & Suzanne Douglas. V: 404-371-1853. F: 404-371-8057 == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan@scruznet.com -Isaac Asimov From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: danisch@ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:34:08 PST To: cypherpunks@toad.com Subject: Re: Stegno for Kids Message-ID: <9501031834.AA21554@elysion.iaks.ira.uka.de> MIME-Version: 1.0 Content-Type: text/plain > and Crayola brand > secret writing pens (WOW!!!!). There are about 8 pens in the set. You write > secretly with two of them and develop the image with the other six. I had something like that as a toy about 20 years ago. A single pen with tips on both sides. One to write, the other to develop. Didn't they have it in America also? Hadmut From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: danisch@ira.uka.de (Hadmut Danisch) Date: Tue, 3 Jan 95 10:38:49 PST To: cypherpunks@toad.com Subject: Re: Exporting cryptographic materials, theory vs. practice Message-ID: <9501031838.AA21557@elysion.iaks.ira.uka.de> MIME-Version: 1.0 Content-Type: text/plain What do I have to do if I want to bring cryptographic equipment _into_ the USA temporary (for use or demo) and want to take it back home after some days or weeks. Since I am in America then I am under american law. The _export_ of my own crypto stuff is not temporary. Does the american law allow me (a foreigner!) to take out any cryptographic material, even if it is my own thing? Hadmut From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in Date: Sat, 7 Jan 95 03:08:58 PST To: cypherpunks@toad.com Subject: Re: SAN FRANCISCO EDITORIAL Message-ID: MIME-Version: 1.0 Content-Type: text/plain Sandy posted Martha "Spam" Siegel's SF Chronicle editorial. If it boiled anyone's blood quite enough to write a letter to the paper on both the author's background as well as the unconstitutionality of her 'solutions', I'd be happy to sign my name in support. BTW while paranoia is good for C'punks, I don't see a hidden plot in the recent media coverage of anonymity. The media likes 'hot' issues, and have flogged the other one - kiddie porn - to death. Everyone from Newsweek to The Economist mentioned pedophilia, simply because it grabs attention more than global K-12 projects conducted over the net, just as anonymity grabs more attention in relation to crime than to sexual abuse recovery groups. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in Date: Sat, 7 Jan 95 03:08:51 PST To: cypherpunks@toad.com Subject: Compliance and lax Customs Message-ID: MIME-Version: 1.0 Content-Type: text/plain In India telco (and several other) laws are ridiculously outdated (see my "FREEdom on the Net in India" Electrosphere, WIRED 3.01), although our Customs are pretty techno-savvy, as they need to know prices off the cuff for all the goodies people try to smuggle in without duty. But we're quite adept here at ignoring many of the more inconvenient laws - I just bought myself a new 540 mb hard disk for the equivalent of $350, and none of the BBSes pay the required $50,000/year license fee. It's nice to know that the US Customs are catching up with the technical incompetence one sees in the LEAs here. But I guess American Cypherpunks are to compliant to attempt to take advantage of such things. In fact, there's been a noticeable slump in the mirroring of crypto from US-only ftp sites to Europe. Obviously Cypherpunks are far more law-abiding in _practice_ than the media would have us believe, based on what they _discuss_ ;-) ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mats Bergstrom Date: Tue, 3 Jan 95 11:05:37 PST To: cypherpunks@toad.com Subject: Re: Press attack on anonymity. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain James A. Donald wrote: > higher authority of which I spoke earlier -- who is > anonymously attacking anonymity. > the government speaking -- a government department with guns is > running up a trial balloon. Expected and hardly anything to go into public dispute about. Cypherpunks are here to circumvent the measures of various governments by technical means. Since Joe User doesn't really care if he can connect anonymously or not, at least not yet, they might very well succeed in making some aspects of anonymity 'illegal'. But who cares, if anonymous agents can't be traced? Mats From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in Date: Sat, 7 Jan 95 03:09:04 PST To: cypherpunks@toad.com Subject: Law and ethics on the Net Message-ID: MIME-Version: 1.0 Content-Type: text/plain > ABA SCI/TECH SECTION, IPPP COMMITTEE > LAW AND ETHICS ON THE "NETS" > December 8, 1994 I've been on the Cypherpunk's mailing list for about half its lifetime, am a technology consultant based in New Delhi, do a weekly column on information society which has covered many of the issues you seem interested in, and write for WIRED magazine. I am interested in law and ethics in cyberspace, and would like to participate in your project, as long as it is not primarily intended to culminate in a set of guidelines for legislation, which I believe to be pointless. I'm including here some comments to your original announcement, which I only saw today. > The development of a national information infrastructure and > a global electronic network, of which Internet is the backbone, has > presented a multitude of legal and ethical problems involving use > and abuse of the networks, nationally and worldwide. Almost on a > daily basis, news items announce electronic network transmissions > constituting hate mail, profanity, vulgarity, obscenity, child > pornography, sexual harassment, defamation and invasion of privacy. Unfortunately, due to the way media works, we don't read of the benefits of total anonymity to participants in sexual abuse groups, human rights activists and many others. Going by what we read in the media, 93.5% of people on the Net are habitual child abusers, and 62% are nuclear-equipped narco-terrorists. > The violation of intellectual property rights and information > system security are also frequent occurrences. National and > international discussions consider such questions as what "rules of > the road" ought to apply, who can make them, how can they be > enforced, and what will be the legal and political relationships > between states and nations regarding cyberspace? It is argued that > at present the lawless, the intolerant and the disrespectful seem > able to pollute the worldwide information stream with little > constraint. Or free it from the monopoly of large media organizations. Ninety-five percent of the world's news is distributed by four agencies, who effectively shape our view of the world at large, and decide for us the crises du jour. The Net, _precisely_ because of its unregulated, bottom-up structure, allowed activists to communicate during the revolution in Chiapas, Mexico; got international agencies to offer support for the massive earthquake in Latur India at once, rather than wait for a Time magazine photo feature (which - surprise! - was on Somalia just days before the world suddenly took notice of _that_ problem). The commitment to freedom of expression, in _any form whatsoever_ including the anonymous, is arguably the cause for much of the economic and technological power of the US. It is a matter for concern that, rather than help spread this freedom to the rest of the world (as is inevitable _if_ the Internet continues not to be 'governed'), many in and out of government are attempting to clamp down, out of an almost primeval fear of Digital Evil that stems from ignorance of wider issues. > Certainly, the current state of anarchy in national and global > electronic networks cannot continue if the technology is to achieve > the remarkable benefits that have been predicted in terms of > communications among institutions and individuals, whether > government, business or society at large. The purpose of the On the contrary, the 'current state of anarchy' has largely been responsible for advancements in US research for the two decades since the Internet was born. What is needed, perhaps, is a dialogue to improve understanding among 'society at large' of a community that is, though at present largly composed of technology professionals or academics, an example of multicultural and multinational cooperation and tolerance that would be nice to see in, say, Los Angeles, or elsewhere in the 'real world'. > George B. Trubow, Professor of Law > Director, Center for Informatics Law > The John Marshall Law School > 315 S. Plymouth Ct. > Chicago, IL 60604-3907 > Fax: 312-427-8307; Voice: 312-987-1445 > E-mail: 7trubow@jmls.edu ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Tue, 3 Jan 95 17:48:13 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme Message-ID: <9501040140.AA27685@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 08:16 AM 1/3/95 -0500, Robert Hettinga wrote: >Hmmm. What if you produced a pseudonym card *with* your picture on the >front? I smell a market opportunity. Or not... You'd need to promenently state on the front "not to be used for id" or some such. Otherwise you could potentially get nailed for issuing fraudulent identity documents. Too many places think that a MC/Visa is a form of id. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Tue, 3 Jan 95 17:48:08 PST To: Hal MIME-Version: 1.0 Content-Type: text/plain At 09:45 AM 1/3/95 -0800, Hal wrote: > ... As I wrote, banks are >required to get SS#'s for depositers right now, and I wouldn't expect >that to change any time soon. If anything, the trend appears to be >towards more tightening rather than less. ... Isn't that only a requirement on interst-bearing, or potentially interest-bearing, accounts? --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: VAMAGUS@delphi.com Date: Tue, 3 Jan 95 18:16:11 PST To: cypherpunks@toad.com Subject: H.R.4922 Message-ID: <01HLF9W9HYG2938CN8@delphi.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- If I am digging up old info please excuse me, I haven't been able to read the majority of mail due to the volume of, fluff, shall we say. For U.S. cypherpunks this is it: H.R. 4922 "Interception of Digital and Other Communications" passed as of October. This is the first *I* heard about it. In short the bill requires: " ...telecommunications carrier shall insure that it's equipment, facilities, or services are capable of (1) expeditiosly isolating and enabling the government, persuant to a court order or other authorization, to intercept, to the exclusion of all other communications, all wire and electronic communications carried by the carrier....etc. Time for me to generate more keys! More info available at: ftp.eff.org /pub/EFF/Policy/Digital_Telephony/digtel94.bill gopher.eff.org /1/EFF/Policy/Digital_Telephony/digtel94.bill http.eff.org /pub/EFF/Policy/Digital_Telephony/digtel94.bill ***************************Frenchie Sends******************************* * PGP Public Keys: 1024/BEB3ED71 & 2047/D9E1F2E9 on request. * * As soon as any man says of the affairs of the state * * "What does it matter to me?" the state may be given up for lost. * * J.J.Rousseau - The Social Contract * * PGP info: email to mail-server@rtfm.mit.edu with first line: * * send pub/usenet/alt.security.pgp/* * *****************************J. Francois******************************** -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwoD8LbmxeO+s+1xAQEuCgQAlI0vevAU7Gc1rkraQufpw+1NT9n2qSw5 DIoJvA0lS49ECiZeUOhwNql3cx6tPaOEeMeJIqkcv/PecX3wh3I2AzU2NGmNerOM Z2HPjdoz3xO8u0wDOJbZDRlzQafzbh0RShxAlCxPQE+qspWhmtydMvRl6KtvT1T+ s/kMO5VMkQY= =r8C+ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Tue, 3 Jan 95 22:13:21 PST To: bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Subject: Re: Book review: Codebreakers, the Inside Story of Bletchley Park In-Reply-To: <9501040525.AA10625@anchor.ho.att.com> Message-ID: <199501040551.VAA12193@netcom13.netcom.com> MIME-Version: 1.0 Content-Type: text/plain bill.stewart@pleasantonca.ncr.com +1-510-484-6204 wrote: > > Another book with some insight into Bletchley Park is > "Cloak and Gown" (I forget the author), about the relationship between > Yale academics and the OSS, the WW2 predecessor to the CIA. That's by Robin Winks. I have a copy, in hardback, that I found some years back in a used book store. Lots of good stuff about the central role Yale has played. > Among the various Yalies who went into the OSS was James Jesus Angleton, > who spent a lot of time at Bletchley analyzing information that might > be useful for US Army and covert OSS activities, and trying to support ... A friend of mine, Buddy Diamond, developer of the "NFL Challenge" PC game of some years back, worked with James J. Angleton on a kind of "CIA Challenge" training game. I met Buddy at the 1988 Crypto conference, and he was the main reason I got invited to the Hackers Conference that year (and thereafter, as is the norm). Oh, he went to Yale, and this had a lot to do with the CIA getting in touch with him. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Black Unicorn Date: Tue, 3 Jan 95 19:04:02 PST To: Nesta Stubbs Subject: Re: Calls for Reg. [Cypherpunks=Quick&Smart] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Nesta Stubbs wrote: > Date: Tue, 3 Jan 1995 16:34:22 +0000 > From: Nesta Stubbs > To: Cypherpunks > Subject: calls for regulation > > > This is pretty scary, I mean it always sat in the back of my mind > that they would attemt to rgulate the net, and to pass legislation and > all, but now that it is rearing it's head and looks like there is going > to be a push for it, I am actually concerned, to teh point of fear > almost. Let me blow all your horns. Kudos to the exposure. Just goes to support my theory that cypherpunks tend to be way ahead of the rest of the world in predicting political moves. I have little doubt this one will come to a head as well. > > i want to know everything http://www.mcs.com/~nesta/home.html > i want to be everywhere Nesta's Home Page > i want to fuck everyone in the world & > i want to do something that matters /-/ a s t e zine > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Black Unicorn Date: Tue, 3 Jan 95 19:16:57 PST To: VAMAGUS@delphi.com Subject: Re: H.R.4922 In-Reply-To: <01HLF9W9HYG2938CN8@delphi.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995 VAMAGUS@delphi.com wrote: > Date: Tue, 03 Jan 1995 21:16:31 -0500 (EST) > From: VAMAGUS@delphi.com > To: cypherpunks@toad.com > Subject: H.R.4922 > > -----BEGIN PGP SIGNED MESSAGE----- > > If I am digging up old info please excuse me, I haven't been able > to read the majority of mail due to the volume of, fluff, shall > we say. > > For U.S. cypherpunks this is it: > H.R. 4922 "Interception of Digital and Other Communications" > passed as of October. This is the first *I* heard about it. > In short the bill requires: > " ...telecommunications carrier shall insure that it's equipment, > facilities, or services are capable of (1) expeditiosly isolating and > enabling the government, persuant to a court order or other > authorization, to intercept, to the exclusion of all other communications, > all wire and electronic communications carried by the carrier....etc. > > Time for me to generate more keys! I assume you are concerned that this requires carriers to provide plaintext even if the end users are encrypting. It really does not. If you are simply concerned about mandated interception ability plain or cypher, it's mildly old news. > > More info available at: > ftp.eff.org /pub/EFF/Policy/Digital_Telephony/digtel94.bill > gopher.eff.org /1/EFF/Policy/Digital_Telephony/digtel94.bill > http.eff.org /pub/EFF/Policy/Digital_Telephony/digtel94.bill > > ***************************Frenchie Sends******************************* > * PGP Public Keys: 1024/BEB3ED71 & 2047/D9E1F2E9 on request. * > * As soon as any man says of the affairs of the state * > * "What does it matter to me?" the state may be given up for lost. * > * J.J.Rousseau - The Social Contract * > * PGP info: email to mail-server@rtfm.mit.edu with first line: * > * send pub/usenet/alt.security.pgp/* * > *****************************J. Francois******************************** > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLwoD8LbmxeO+s+1xAQEuCgQAlI0vevAU7Gc1rkraQufpw+1NT9n2qSw5 > DIoJvA0lS49ECiZeUOhwNql3cx6tPaOEeMeJIqkcv/PecX3wh3I2AzU2NGmNerOM > Z2HPjdoz3xO8u0wDOJbZDRlzQafzbh0RShxAlCxPQE+qspWhmtydMvRl6KtvT1T+ > s/kMO5VMkQY= > =r8C+ > -----END PGP SIGNATURE----- > > > > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Tue, 3 Jan 95 19:30:34 PST To: Raph Levien Subject: Re: Siegel and Lewis In-Reply-To: <199501040022.QAA21291@netcom17.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > Martha Siegel is just fucked up enough that she will probably push > for legislation regulating the nets. Congress is just fucked up that > they might pass it. And if they do I will make it a definate point to do all I can to emigrate to the UK, the Netherlands, or somewhere else. This country is increasingly becoming a police state, and I've got too many years of life left to just passively deal with it. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Tue, 3 Jan 95 19:32:00 PST To: "Paul J. Ste. Marie" Subject: Re: Anonymous payment scheme In-Reply-To: <9501040140.AB27685@eri.erinet.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > I've heard of that, but I thought it was only a redundancy check to check > for read errors in the swiping process. That's why they use checksums - I have some information about the VISA-net authorization network (which came from Phrack) and also some about the actual encoding of the card, if anyone cares. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Michael Handler Date: Tue, 3 Jan 95 19:25:24 PST To: Hal Subject: Re: San Francisco Editorial In-Reply-To: <199501032244.OAA15281@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Hal wrote: > Another point re Cantor and Siegel is that there is now a service > calling itself CancelMoose which goes through Julf's anon server in > Finland (anon.penet.fi) to cancel spams. This is a common misconception. Cancelmoose[tm] doesn't use anon.penet.fi for cancelling spams -- she telnets directly into the NNTP server of a university in Norway. Strangely enough, this is the same university where Arnt Gulbrantsen works. Arnt, if you don't already know, is the Norwegian hacker who wrote the cancelbots that are being used against spams (Canter & Siegel's included). Cancelmoose[tm] is reachable through anon.penet.fi for comments, and she always lists the form of the address (non-double-blinded) > The scary thing about cancels is that some proposals have actually been > directed at anonymous posts themselves. Someone anonymously posted > what purported to be a grisly transcript of the last seconds of the > doomed Challenger crew as they fell to the ocean. This caused a great > hue and cry and some calls for banning anonymous posts and/or > retroactively cancelling them. This led to some very amusing events > which Detweiler has chronicled in his FAQ on anonymity, the net result > of which was that the idea was discredited. But the emergence of > CancelMoose is not an altogether positive event in my view. Dick Depew and AARM (Auto-Active Retro Moderation). He wanted to cancelbot any posting from anon.penet.fi in the Big Seven Usenet hierarchies. He was promptly beaten down by the net. Feh. -mbh- ObCrypto: I've been working on a draft paper that puts forward a proposal to make Usenet articles uncancellable except by [1] the original author of the article or [2] the system admin who runs the NNTP server the article issued from. The problem with this is that it eliminates Cancelmoose[tm] and the other spam cancellers, who, IMHO, are Good Things. -- Michael Handler Philadelphia, PA Civil Liberty Through Complex Mathematics s.s.y.g-l-b co-moderator PGP Key ID FC031321 Print: 9B DB 9A B0 1B 0D 56 DA 61 6A 57 AD B2 4C 7B AF "They like to watch everything you do / Transmitters hidden in the wall"--JD From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Tue, 3 Jan 95 20:31:47 PST To: Cypherpunks Subject: EVEN MORE creis for regulation Message-ID: MIME-Version: 1.0 Content-Type: text/plain Yet ANOTHER call for net regulation. There are so many now I am hard pressedto keep track of them. It appears that the media may adopt "regulation of the Internet" as it's next babe. Ya know how the adopted the Internet itself first, now watch as the entire mainstream media is flooded with calls for net regulation. Bigots' Growing Use Of Computer Networks Assailed The Simon Wiesenthal Center on 12-13-94 sent a letter to Prodigy protesting bigots online messages of hate. Rabbi Abraham Cooper of the center decries the growing use by hate groups. The Wiesenthal Center wants government policing of the internet. They fear one-sided exposure of youths to white supremacist messages. Civil libertarians and white supremacists say that free speech should prevail. Marc Rotenburg of the Electronic Privacy Info Center says that it's a difficult issue and that censorship and control are ver y inappropriate. White supremacist groups like the National Alliance and the American Rennaisance can spread propaganda nationwide. These types of hate groups are kept out of mainstream media and are thus short of funds. Valerie Filds of West LA said she saw an anti latino diatribe on Prodigy that plugged American Rennaisance of Louisville KY. She says she saw a message that seemed to be from a white supremacist group. She says she saw one referring to the "Diary of Anne Frank" as a "Jewish Hoax". The Wiesenthal cente r wants such messages deleted. Anti-semitic comments on Prodigy in 1991 resulted in a policy prohibiting "blatant expressions of hatred". Kevin Strom, who produces a radio show for National Alliance, said he was recently blocked from forums on Compuserve. He said that "the system operator decided we didn't deserve free speech." His article "The Wisdom of Henry Ford" about the book "The International Jew" was downloaded 120 times. Georgia Griffith of Compuserve said "we are not oblidged to publish it for him." There are 5 m subscribers to commercial online services, 2 m to Prodigy, 20 m accessing the internet. Rabbi Cooper wants the FCC to place a cop on the internet. White supremacist propaganda is available on the internet. The Institute for Historical Review's article "Frequently Asked Questions about National Socialis m" is available. Far-right activists say anonymity removes inhibitions too. The National Alliance uses Netcom Online Communications Services in California. Texts and promotions of its radio show are available there. National Alliance chairman William Pierce said "The major media in this country are very biased against our political point of view. They present us with ridicule or in a very distorted way. The information superhighway is much more free of censorship." From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rmtodd@servalan.servalan.com (Richard Todd) Date: Tue, 3 Jan 95 22:37:33 PST To: hfinney@shell.portal.com Subject: Re: San Francisco Editorial In-Reply-To: <199501032244.OAA15281@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain In cypherpunks Hal Finney writes: >Another point re Cantor and Siegel is that there is now a service >calling itself CancelMoose which goes through Julf's anon server in >Finland (anon.penet.fi) to cancel spams. (Spams are off-topic, Um, not exactly. CancelMoose has a mailing address on the anon.penet.fi server, for the benefit of those who wish to contact him, but the cancels are injected elsewhere. I don't believe anon.penet.fi lets you send control messages (of which cancels are a subject) thru it. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 Jan 95 21:26:57 PST To: gnu@toad.com Subject: Re: Book review: Codebreakers, the Inside Story of Bletchley Park Message-ID: <9501040525.AA10625@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain Another book with some insight into Bletchley Park is "Cloak and Gown" (I forget the author), about the relationship between Yale academics and the OSS, the WW2 predecessor to the CIA. Among the various Yalies who went into the OSS was James Jesus Angleton, who spent a lot of time at Bletchley analyzing information that might be useful for US Army and covert OSS activities, and trying to support counterintelligene work by correlating the information from intercepts of German understanding of US and British plans with the Allied sources and users of those plans, to try to find leaks, traitors, moles, spies, and other types that counter-spook spooks worry about. Besides the Enigma interceptions themselves, the big secret the OSS and British intelligence were paranoid about protecting was that all the known German spies in Great Britain had been caught and turned for disinformation use (or killed); almost everything Germany was getting from its spies was bogus. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pcw@access.digex.net (Peter Wayner) Date: Tue, 3 Jan 95 22:02:05 PST To: cypherpunks@toad.com Subject: Re: SAN FRANCISCO EDITORIAL Message-ID: <199501040602.AA11010@access2.digex.net> MIME-Version: 1.0 Content-Type: text/plain The scandalous Finland anonymous remailer is also used for good. The Samaritans, an organization in England devoted to helping folks who are thinking of suicide, often receives notes filtered through it. If someone sends me the right address, I'll send a letter to the Comical explaining this politely. We should stress the strength of anonymity. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in Date: Sat, 7 Jan 95 04:25:18 PST To: cypherpunks@toad.com Subject: 3D TV and crypto Message-ID: MIME-Version: 1.0 Content-Type: text/plain This just might have a crypto app ;-) Just saw a BBC WSTV report on a 3D TV developed in the UK. Unlike other extremely expensive 3D TVs based on laser-holograms, this one has an ordinary hi-def screen, pointing upwards. A beam splitter crosses the screen at an angle, and reflectors is above and to the side, so the image actually forms as an intersection of three beams in mid-air. A profile view: vvvvvvvvvv <--- reflects down v ^ /< image < < v ^ /< < forms v /> > < <--- reflects left here < < / ^< < < mid-air / ^ < ^^^^^^^^^^ <--- TV image is formed here, facing up The company says 'affordable' models could appear next year. ObCrypto: Suppose the reflector(s) is another TV, displaying a moving-image 'key'? The main TV image could be 'encrypted' by subtracting the 'key' from itself... Voila! And there's more... Suppose the 'key' is light passed through a human hand... Oh you though the first e-mail from a head of state was from Sweden? Queen Elizabeth II sent one in the 70s - according to a wonderful episode of BBC's Tomorrow's World, which did a cyberspace episode that included a sort-of solution to the travelling salesman problem by BT physicists using evolutionary algorithms! The episode DID NOT MENTION CHILD PORNOGRAPHY!!!! ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 Jan 95 22:53:32 PST To: bmorris@netcom.com Subject: Re: Anonymous payment scheme Message-ID: <9501040637.AA11348@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain > HH> So, you may be able to have a form of anonymity from the person you ar > HH> transacting with, but I don't think you can be anonymous from the bank > HH> and from the government. And personally, I am more concerned about th > With a debit card you can't be anonymous, because your money resides in > the bank. With digital cash, and the ability to transfer money to > another digital cash card via phone lines, I don't see how they can > successfully trace everything. They will try, no doubt. I thought the origination of this thread was a hypothetical proposal to start a Cypherpunks Bank which would join Visa and issue debit cards; they could be started for cash, under pseudonyms, and would expire when they ran dry. So you and your 10,000 closest friends could call yourselves anything you want, and the merchant would know that Johnny Cash Foobar buys a lot of pharmaceutical manufacturing equipment, but doesn't know who he is. The bank's not paying interest, so they probably don't need SSNs until the next round of privacy-prevention laws, and they're not using them as credit-validation tools since they're only issuing debit cards to cash customers anyway. Meanwhile, it gets to hire lots of lawyers, pay Visa commissions, and collect interest on the float. And if you get tired of being Johnny Cash Foobar, or don't like having your purchases correlated, John Hancock's card can buy the motorboats and Joe Toshiba's can pay for the precision machine tools... The standard merchant contract with Visa/Mastercharge used to forbid merchants from asking for additional ID unless they suspected fraud; I think some states have made laws about this as well. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 Jan 95 22:53:36 PST To: jamesd@netcom.com Subject: Re: Exporting cryptographic materials, theory vs. practice Message-ID: <9501040641.AA11386@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain James Donald writes: > On Mon, 2 Jan 1995, Carol Anne Braddock wrote: > > Right now, I don't think U.S. Customs is going to ask you if you > > have PGP in your PC if you leave the country, or return either. > > > > They should, and I'd be proud to say yes. > > Well Carol, I am sure your heart is in the right place, but I > do not agree. > > They should not, and I'd be deranged to say yes. Of course you'd be deranged to say yes, but just imagine what would happen if every Customs Thug were required to ask everyone carrying a PC into our out of the country if they had any software on it capable of protecting the privacy of their files or communications, and requiring major paperwork of anyone who said yes.... the law would be gone in a week. My latest beef with the customs thugs was when I last came back from Mexico, I noticed that their arm badges said something about like "U.S. Customs Service - Protectors of Independence" Arrrgh! Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 Jan 95 22:53:38 PST To: cypherpunks@toad.com Subject: Art and Crypto - Re: I'm back. :) Message-ID: <9501040652.AA11466@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain Lile Elam writes > I finally got back on cypherpunks. Have been incredibly busy > but wanted to keep intouch as several artist friends of mine > want to start using art as a encryption vehicle... Should be fun... It works on so many levels, as well - hiding encrypted bits in the low-order bits of pixel color values - representing data in the colored spots on a Seurat impressionist work or the lines and splotches on a Jackson Pollack imitation - wondering what the artist _really meant_ by a given figure :-) It also may be a good way to nag us into doing stealthy versions of PGP and other cryptosystem headers - steganography is less useful when the encrypted message always starts off with - ----- BEGIN PGP ENCRYPTED FILE and has the recipient's keyid readily findable as well. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in Date: Sat, 7 Jan 95 04:24:43 PST To: cypherpunks@toad.com Subject: Information highways, oceans and islands Message-ID: MIME-Version: 1.0 Content-Type: text/plain Electric Dreams #42 examines the notion of distance in and out of cyberspace, and debunks the information highway as a metaphor. Send a blank message with a command in the Subject: line of the header, for more info. 'get dreams-42' (without quotes) for a copy of the article; 'get index' for an index of those so far; and 'subscribe' to receive 5 kbytes every week. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: gnu Date: Wed, 4 Jan 95 02:37:13 PST To: gnu@toad.com Subject: Re: Cloak and Gown In-Reply-To: <9501040525.AA10625@anchor.ho.att.com> Message-ID: <9501041037.AA11018@toad.com> MIME-Version: 1.0 Content-Type: text/plain > Another book with some insight into Bletchley Park is > "Cloak and Gown" (I forget the author), "Use the source, Luke!" % telnet locis.loc.gov L O C I S : LIBRARY OF CONGRESS INFORMATION SYSTEM To make a choice: type a number, then press ENTER 1 Library of Congress Catalog 4 Braille and Audio 2 Federal Legislation 5 Organizations 3 Copyright Information 6 Foreign Law ... b cloak and gown To choose from list, see examples at bottom. FILE: LOCI Terms alphabetically close to:CLOAK AND GOWN B01 Cloak & gown//(TITL=3) B02 Cloak and dagger//(TITL=3) B03 Cloak and dagger fiction//(TITL=2) B04 Cloak and Dagger in Predator and Prey//(TITL=1) B05 Cloak and gavel//(TITL=1) B06+Cloak and gown//(TITL=3) B07 Cloak for the dreamer//(TITL=1) B08 Cloak of Aesir//(TITL=1) B09 Cloak of competence//(TITL=1) B10 Cloak of consciousness//(TITL=1) B11 Cloak of darkness//(TITL=2) B12 Cloak of friendship//(TITL=1) ---EXAMPLES: s b6 (SELECTs line b6; creates a SET for each term type) f b6-b8/b10 (FINDs b6-b8 and b10; combines sets, displays result) r b6 (RETRIEVEs term on b6; searches text in some files) r subj=b6 (RETRIEVEs term type specified; e.g., SUBJ, TITL) f b1/b6 ITEMS 1-3 OF 3 SET 3: BRIEF DISPLAY FILE: LOCI (DESCENDING ORDER) 1. 88-672288: Winks, Robin W. Cloak and gown : scholars in America's secret war / London : Collins Harvill, 1987. 607 p. ; 24 cm. NOT IN LC COLLECTION 2. 88-30560: Winks, Robin W. Cloak & gown : scholars in the secret war, 1939-1961 / New York : Quill, 1988. p. cm. CIP - NOT YET IN LC 3. 87-7683: Winks, Robin W. Cloak & gown : scholars in the secret war, 1939-1961 / 1st ed. New York : Morrow, c1987. 607 p., [16] p. of plates : ill., ports. ; 25 cm. LC CALL NUMBER: JK468.I6 W48 1987 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: db@Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 95 06:26:22 PST To: raph@netcom.com (Raph Levien) Subject: Re: Siegel and Lewis In-Reply-To: <199501040022.QAA21291@netcom17.netcom.com> Message-ID: <9501041424.AA25564@tadpole.tadpole.com> MIME-Version: 1.0 Content-Type: text/plain Why is it that so many cypherpunks like the economist? I learned recently that Eric is a big fan. So am I. You're certainly not the first other cypherpunk to mention this. Weird. I mean, it's not exactly a radical publication... it just gets its *&#$*#$ facts right. Probably this is it. Doug From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Wed, 4 Jan 95 06:09:12 PST To: Cypherpunks Subject: Re: Siegel and Lewis In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Jonathan Cooper wrote: > > Martha Siegel is just fucked up enough that she will probably push > > for legislation regulating the nets. Congress is just fucked up that > > they might pass it. > > And if they do I will make it a definate point to do all I can to > emigrate to the UK, the Netherlands, or somewhere else. > > This country is increasingly becoming a police state, and I've got too > many years of life left to just passively deal with it. uhm Jon, it seems that emigrating would be passively dealing with it, kinda contradicting your statement that you re too young to just passively deal with it. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: bmorris@netcom.com (Bob MorrisG) Date: Wed, 4 Jan 95 08:52:49 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme In-Reply-To: Message-ID: <199501041652.IAA22982@netcom7.netcom.com> MIME-Version: 1.0 Content-Type: text/plain BL> I don't see why a debit card couldn't be anonymous BL> Why should a bank care who you are once they have BL> your money in the account. The bank might not care. The IRS probably does and would insist on knowing about transfers from bank accounts to anon debit cards. BL> you don't lose the card how can someone use your account? Just like with real cash. Possession is ownership. Digital cash involves crypto and, I assume, some type of personal ID? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dmandl@bear.com Date: Wed, 4 Jan 95 06:03:44 PST To: cypherpunks@toad.com Subject: Re: Press attack on anonymity. Message-ID: <9501041402.AA07682@yeti.bsnet> MIME-Version: 1.0 Content-Type: text/plain > From: > > Sandy Sandfort posted an editorial from the Mondays SF Chronicle. > > There is a front page story in todays San Jose Mercury News on why > anonymity is a bad thing. > > Its from a New York Times story by Peter H. Lewis > > The question is who launched all this stuff? Funny thing is, _I_ just wrote a long piece on anon remailers too, though it was obviously from a different perspective from Peter Lewis's (and a lot better written, natch). The local paper it was written for liked it, but thought the subject matter was "too technical" for its readership, so I'm hoping to get it published elsewhere. When I got the idea, all I could think of was why no one else had done a piece specifically on remailers. It's an important story. I guess everyone else was working on them at the same time. I hope that there are some good pro-anonymity pieces published soon to give some "balance." P.S.: Martha S. Siegel is absolutely out of her mind. If she wasn't lynched after the green card episode, this latest stunt should do it. --Dave. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dmandl@bear.com Date: Wed, 4 Jan 95 06:18:02 PST To: cypherpunks@toad.com Subject: Re: Siegel and Lewis Message-ID: <9501041417.AA08643@yeti.bsnet> MIME-Version: 1.0 Content-Type: text/plain > From: > > I just got off the phone with Peter Lewis, reporter for the New > York Times. He is unaware of any grand consipracy to regulate the Net, > but then again if there was one, I don't think they'd tell him. > > His piece that ran Saturday was badly mangled by the editorial > process, especially since it ran on page one. Those articles get to be > mangled by a whole new set of people who otherwise wouldn't get to > touch it. I think Lewis has basically good intentions, and does do his > homework before writing a story. I have a good friend who writes for the Times. Last time I spoke to him, he was frantically trying to get in touch with the Business editor because a piece he'd just written had been hacked to bits, with several inaccuracies introduced. He probably couldn't reach the guy, and I bet the mutilated version got printed (I don't know for sure, since I don't read the Times). This is standard. It's almost a rule that whenever there's a story on a subject you're familiar with there'll be major inaccuracies. So what does that say about all the others? > Yecchh. Now I know why I don't rely on daily newspapers for my news Well, that's one reason, anyway... --Dave. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Wed, 4 Jan 95 06:39:58 PST To: raph@netcom.com (Raph Levien) Subject: Re: Siegel and Lewis In-Reply-To: <199501040022.QAA21291@netcom17.netcom.com> Message-ID: <9501041431.AA14688@snark.imsi.com> MIME-Version: 1.0 Content-Type: text/plain Raph Levien says: > I just got off the phone with Peter Lewis, reporter for the New > York Times. He is unaware of any grand consipracy to regulate the Net, > but then again if there was one, I don't think they'd tell him. I doubt that there is one. > Martha Siegel is just fucked up enough that she will probably push > for legislation regulating the nets. Congress is just fucked up that > they might pass it. Peter should take some responsibility for perpetuating Mr. Canter and Ms. Siegel. He failed, in my opinion, to properly reflect the situation in his articles about it in The Times. In particular, he did very little to convey that the two are de fact disbarred attorneys who had played the same games in "real space" that they had in Cyberspace and had been dragged through the coals by the Florida bar association for it because to almost anyone what they had been doing was a gross ethical violation. He also made it seem as though internet users were opposed to advertising, when, of course, advertising has been on the net for many many years, and newsgroups like comp.newprod exist to publish nothing but ads. He didn't properly convey that the defect in their behavior had been the jamming of other people's communications with their ads, rather than the act of advertising per se -- much like someone standing up during a town meeting on some local matter and starting to declaim loudly not on the purpose of the meeting but instead about how great their legal services were. Peter also did little to interview anyone with substantial standing in the internet community about what C&S were doing -- a quote or two from an old net hand like a Gene Spafford or someone of that ilk might have been valuable. As it was, he didn't produce much to counter the viewpoint that they were the victims rather than the victimizers. I think it is only because the "paper of record" published articles that made them look like their point of view had any merit at all that they managed to survive this long. As it is, the Tennessee Bar is looking in to whether they have committed any new ethical violations. I'd say, of course, that they had... Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nathaniel Borenstein Date: Wed, 4 Jan 95 06:45:31 PST To: cypherpunks@toad.com Subject: Re: San Francisco Editorial In-Reply-To: <199501032244.OAA15281@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain A letter to the editor is like spitting into the wind in this case. I think what's needed is a more constructive affirmative action, ideally taking Cantor and Siegel to court somewhere. I know that there was an FCC ruling in 1993 that has saved me LOADS of annoyance from telephone sales calls, because now if you get such a call and you formally request to be taken off their dialing lists, you can actually SUE them if they call you again. As a result, they now tend to take you very seriously when you make such a request in a knowledgable fashion. Does anyone know if there might be a similar legal case to be made against net spammers who persist after being warned? I suspect that it's easy to make such a case for email spamming, but probably not for spamming of umoderated newsgroups. Note that I speak entirely for myself here, not for my employers. -- Nathaniel From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Octavian Ureche Date: Wed, 4 Jan 95 06:41:39 PST To: cypherpunks@toad.com Subject: Re: 16 years old hacker arrested ? Message-ID: <199501041442.AA20561@von-neumann.info.polymtl.ca> MIME-Version: 1.0 Content-Type: text/plain > According to AFP(London), The Independent reported on January 3, 1995 > that a sixteen years old boy was arrested for breaking into the > computer network of US Defense Department. > > The report also tells that the hacker posted documents about last > year's nuclear crisis between North Korea and USA. > > Does anyone know where can I get a copy of that documents ? > This is a repost from another list: --------------------------------------------------------- TEEN-AGE HACKER TAPS INTO U.S. DEFENSE SECRETS From wire reports LONDON - A British teen-ager allegedly hacked into sensitive U.S. government computers and was able to monitor secret communications over the North Korean nuclear crisis last spring, the Independent newspaper reported Tuesday. The boy tapped into several defense computers for seven months in what U.S. officials conceded was one of the most serious breaches of computer security in recent years, the paper said. The 16-year-old, after reading the messages, put them on a bulletin board on the Internet, an international computer network accessible to 35 million users. A British hacker who read the messages told the Independent they contained information about firing sites in North Korea and field intelligence. "He kept detailed logs of communication traffic. He really couldn't believe his luck. The Americans thought he was a spy but he told them he was just doing it for fun," the hacker told the Independent. The boy, nicknamed "Datastream" by other Internet users, was finally caught by special U.S. investigators because he left his terminal on-line to a U.S. defense computer overnight. British police arrested the boy in July and prosecutors are expected to decide this month whether he can be charged, the Independent said. In a statement to the paper, the U.S. Air Force Office of Special Investigations acknowledged the hacker could have accessed and read the Korean files. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: The Dalai Lama Date: Wed, 4 Jan 95 06:59:35 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme In-Reply-To: <9501040637.AA11348@anchor.ho.att.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain I know that in Delaware it is illegal for a merchant to request ID when you pay by credit card. I'm not sure if this is wide spread or just local. -- [Here's something for those friendly mail scanners...] hack phreak crack assassinate president virus espionage clinton honduras root RSA LSD-25 plutonium north korea terrorist encryption die NSA CERT quiche > The standard merchant contract with Visa/Mastercharge used to forbid > merchants from asking for additional ID unless they suspected fraud; > I think some states have made laws about this as well. > > Bill > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: frissell@panix.com (Duncan Frissell) Date: Wed, 4 Jan 95 07:14:10 PST To: cypherpunks@toad.com Subject: Regulatory Risks Message-ID: <199501041514.AA02778@panix.com> MIME-Version: 1.0 Content-Type: text/plain So if the feds intend to regulate cyberspace, what specific sorts of regulations are possible at this point? Forget laws, what is *technically* and institutionally feasible? Can they just throw out TCP/IP and mandate X25? Can TCP/IP be "tamed?" How can they control private virtual networks that piggyback on the basic network structure? Just questions. No answers. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Wed, 4 Jan 95 10:38:47 PST To: "David G. Koontz" Subject: Re: Press attack on anonymity. In-Reply-To: <9501032146.AA19980@argosy.MasPar.COM> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, David G. Koontz wrote: > The question is who launched all this stuff? When the government -- or some rogue government department wishing to expand its role and authority -- wishes to launch a new, and possibly unpopular, act of coercion, they normally find some interest group that might be advantaged by that act of coercion, and boost them up. Assume the objective is to make the famous information superhighway into an imitation of Plodigy and existing media -- in other words ensure that it is dominated by few to many communications, and that many to many communications are censored. The obvious interest group is those who wish to advertise on the interent as if it was a normal few to many medium. This assumption makes predictions consistent with what we observe. I am not unduly worried. Cantor and Siegal is not a significant interest group. Furthermore the Republican party is at present in favor of many to many communications because talk radio was a big factor in their victory, and the internet was a major factor in the defeat of Foley. This is just a small time conspiracy by some ignorant rogue government department, perhaps the NSA, that does not realize what they are confronting. When the internet starts to have a serious impact on government revenues, then I am going to worry. In addition, many to many communications work primarily against the Democrats primarily because they are so entrenched in power. When the Republican party has been in power a while, they will no longer be so keen on many to many communication. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Wed, 4 Jan 95 11:06:45 PST To: Duncan Frissell Subject: Re: Regulatory Risks In-Reply-To: <199501041514.AA02778@panix.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Wed, 4 Jan 1995, Duncan Frissell wrote: > So if the feds intend to regulate cyberspace, what specific sorts of > regulations are possible at this point? > > Forget laws, what is *technically* and institutionally feasible? Criminalize anonymity, and tell the internet providers to figure out how to enforce it or face confiscation. After that, they can get involved in the standards business to ensure that when the current 32 bit internet address space is upgraded, we go with a system where the technology supports centralized administration rather than anarchy. They can do it -- but they probably will not. Recent political events mean that such actions can only be done on presidential authority. It will be impossible to obtain new law to enforce such measures for at least four years. There will be eventually a big confrontation between governments and liberty in cyberspace -- but I doubt that this is it. This one can be won with a few letters to the editor. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jim Gillogly Date: Wed, 4 Jan 95 11:08:49 PST To: cypherpunks@toad.com Subject: Re: Warning letter from Co$. [any comments ?] In-Reply-To: <199501041600.AA07488@xs1.xs4all.nl> Message-ID: <199501041907.LAA06127@mycroft.rand.org> MIME-Version: 1.0 Content-Type: text/plain > nobody@replay.com (Name withheld on request) writes: > FROM: THOMAS M. SMALL > COUNSEL FOR RELIGIOUS TECHNOLOGY CENTER AND BRIDGE > PUBLICATIONS, INC. While the issue is interesting (using anonymous mailers to violate copyrights or to expose scams, depending on your view of the content), the apparent aim of the Scientologists isn't met by approaching the cypherpunk remailers: the specific anonymous postings have been through penet so far, I think. > Recent proposed legislation regarding potential > liability of systems operators and others who provide > facilities or services, such as annonymous remailers, for > information passing through their systems has understanda> bly > created concern on the part of systems operators as a > potential liability. We ask your voluntary assistance in You missplet "anonymous". Hope this helps. The only "proposed legislation" I know of was proposed by Martha Siegel, the greencard guru from CyberHell. Any others? > We ask that you confirm that you have blocked access to > these newsgroups through your remailer. If you are unwilling > to do so, we ask that you inform us as to the reasons for > your position. Yeah, right. People unclear on the concept of anonymous remailers. Maybe they should be talking to the mail-to-news forwarders instead. Jim Gillogly Highday, 13 Afteryule S.R. 1995, 19:06 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Wed, 4 Jan 95 11:13:46 PST To: Cypherpunks@toad.com Subject: Anonymity and talk.politics.chinal Message-ID: MIME-Version: 1.0 Content-Type: text/plain Many of the messages in talk.politics.china are anonymous. They use anon.penet.fi Many of these messages are in Chinese, not ASCII. This is an obvious example of legitimate use of anonymity. In addition this example makes an association in peoples minds between suppressing anonymity, and discouraging dissent. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Charles Bell Date: Wed, 4 Jan 95 11:38:33 PST To: Nathaniel Borenstein Subject: Re: San Francisco Editorial In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain "A letter to the editor is like spitting into the wind", you say. Well, yeah...but with enough spit, the wind may change. So everyone should write letters to the editor....and make copies for your congressman while you're at it. This is absolutely the most effective action you can take for 64 cents. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: sghahn@math1.kaist.ac.kr (han@joe.math.uga.edu) Date: Tue, 3 Jan 95 19:15:44 PST To: cypherpunks@toad.com Subject: 16 years old hacker arrested ? Message-ID: <9501040310.AA04088@math1.kaist.ac.kr> MIME-Version: 1.0 Content-Type: text/plain According to AFP(London), The Independent reported on January 3, 1995 that a sixteen years old boy was arrested for breaking into the computer network of US Defense Department. The report also tells that the hacker posted documents about last year's nuclear crisis between North Korea and USA. Does anyone know where can I get a copy of that documents ? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pcw@access.digex.net (Peter Wayner) Date: Wed, 4 Jan 95 09:30:06 PST To: perry@imsi.com Subject: Re: Siegel and Lewis Message-ID: <199501041728.AA27110@access2.digex.net> MIME-Version: 1.0 Content-Type: text/plain > >Peter also did little to interview anyone with substantial standing in >the internet community about what C&S were doing -- a quote or two >from an old net hand like a Gene Spafford or someone of that ilk might >have been valuable. As it was, he didn't produce much to counter the >viewpoint that they were the victims rather than the victimizers. Geez, thanks. He quoted me in an article on the C&S problem long ago. I had a legitimate beef because my service provider dutifully kept many empty newsgroups around just in case someone discovered them. C&S did and I literally spent 2 hours unsubscribing from all of them. I seem to remember that he quoted me as being really inconvenienced, which is pretty much what happened to everyone else. > >I think it is only because the "paper of record" published articles >that made them look like their point of view had any merit at all that >they managed to survive this long. As it is, the Tennessee Bar is >looking in to whether they have committed any new ethical >violations. I'd say, of course, that they had... You are correct, though, about this. They seem to draw much more unsuspicious attention then a pair of disbarred attornies should get. Of course, all attornies deserve caution and suspicion. > >Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rah@shipwright.com (Robert Hettinga) Date: Wed, 4 Jan 95 09:50:48 PST To: cypherpunks@toad.com Subject: Re: Warning letter from Co$. [any comments ?] Message-ID: MIME-Version: 1.0 Content-Type: text/plain At 5:00 PM 1/4/95, Name withheld on request wrote: This may be interesting. Practically the entire revenue stream for the "Church" of "Scientology" comes from "sales" of this "literature". If someone publishes it on the internet anonymously, the revenue accounts of the Co$ may become "Clear". Ahem. Meanwhile, theology and philosophy departments everywhere are fighting for funding to put most of the legitimate canon in their fields on the net for free... > Thomas M. Small ^^^^^ Cheers, Bob R. Nott ^^^^ ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: anonymous-remailer@shell.portal.com Date: Wed, 4 Jan 95 13:10:13 PST To: cypherpunks@toad.com Subject: who? Message-ID: <199501042110.NAA27459@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain does anybody know what the email address is for the good samaritans? tia ps, how come mail i send to jpiunix.com is getting bounced, are they down? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: frissell@panix.com (Duncan Frissell) Date: Wed, 4 Jan 95 10:36:29 PST To: cypherpunks@toad.com Subject: British Hacker Article Message-ID: <199501041831.AA22005@panix.com> MIME-Version: 1.0 Content-Type: text/plain From The Independent (London) Tuesday 3 January 1995 - Front Page [Banner Headlines] BRITISH BOY `RAIDED US DEFENCE SECRETS' by Tim Kelsey A 16-year-old Briton allegedly hacked into some of the US government's most sensitive computers and was able to watch secret communications between US agents in north Korea during the crisis over nuclear inspection last spring. After reading them, he put them onto a bulletin board of the Internet, an international computer network accessible by 35 million users. _The_Independent_ has learnt that Scotland Yard has arrested the boy and has sent a report to the Crown Prosecution Service. Officers expect to be told whether he can be charged this month. In what US officials have conceded is one of the most serious breaches of computer security in recent years, the boy accessed several defence department systems for at least seven months without detection. The systems he obtained access to included those for ballistic weapons research, and aircraft design, payroll, procurement, personnel records and electronic mail. The boy, who was arrested in Tottenham, north London in July, was, according to US officials, one of a number of people who broke into US defence computers in the latter months of 1993 and the early months of 1994. But it is understood that he was responsible for most of the damage. In all, more than a million user passwords were compromised. The US Defence Information Systems Agency admitted in a private briefing, which has been confirmed, that the hackers had affected the Department's "military readiness." The boy was first detected in March 1994, and the Air Force Office of Special Investigations (OSI) was appointed to investigate. The OSI is a special task force, based at Bolling Air Force Base in Washington DC. It mounts special "raids" on classified computer sites to test their security. A spokesman said yesterday that the boy, who was nicknamed "Datastream" by friends on the Internet, needed "more knowledge than the average home computer owner would possess" to hack the computers. It is understood that he invented a "sniffer" programme which searched across hundreds of computers attached to the Internet for passwords and user names. He was finally caught because he left his terminal on-line to a US defence computer over night. Another British hacker, aged 22, who is acquainted with "Datastream", read some of the messages accessed by him. "They contained information about firing sites in North Korea and stuff like that. Field intelligence. He kept detailed logs of communication traffic. He really couldn't believe his luck. The Americans thought he was a spy but he told them he was just doing it for fun. The OSI said in a statement: "It is unknown if any hacker actually read, copied or took any other action with the Korean files or any other sensitive data. The Korean files were on the Girths Air Force Base computer system and therefore the could have been accessed. It is our opinion that the hacker who accessed the Korean file system learned of its existence form a bulletin board system or another hacker. It is possible the hacker could have read the Korean files." Scotland Yard's Computer Crime Unit is able to prosecute the boy under the terms of the Computer Misuse Act, which allows for crimes committed overseas by Britons to be dealt with in UK courts. A spokesman confirmed that a report had been sent to the CPS. The Internet, designed in the 1960s by US Defence engineers to enable them to communicate quickly by computer, is now available to anyone who pays a small fee. --- Keyboarding by Lois Roth ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Black Unicorn Date: Wed, 4 Jan 95 10:55:56 PST To: Doug Barnes Subject: Re: Siegel and Lewis In-Reply-To: <9501041424.AA25564@tadpole.tadpole.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Wed, 4 Jan 1995, Doug Barnes wrote: > Date: Wed, 4 Jan 1995 07:42:57 -0600 (CST) > From: Doug Barnes > To: Raph Levien > Cc: cypherpunks@toad.com > Subject: Re: Siegel and Lewis > > > Why is it that so many cypherpunks like the economist? > > I learned recently that Eric is a big fan. So am I. You're certainly > not the first other cypherpunk to mention this. Weird. I mean, it's > not exactly a radical publication... it just gets its *&#$*#$ facts > right. Probably this is it. I am also a fan. I tend to focus on the subject matter economist prints. I just find it more on target than most if not all of the major U.S. media sources. > > Doug > > 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: koontz@MasPar.COM (David G. Koontz) Date: Wed, 4 Jan 95 13:59:06 PST To: nobody@replay.com Subject: Re: Warning letter from Co$. [any comments ?] Message-ID: <9501042201.AA29419@argosy.MasPar.COM> MIME-Version: 1.0 Content-Type: text/plain Other than the obvious, that elctronic media hasn't been shown to be covered by intellectual property, and that something that has been placed in the public domain, rightly or wrongly isn't confidential ... Is this a hoax? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 4 Jan 95 11:41:13 PST To: frissell@panix.com Subject: Re: Regulatory Risks Message-ID: <9501041905.AA17682@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain Duncan asks > So if the feds intend to regulate cyberspace, what specific sorts of > regulations are possible at this point? > Forget laws, what is *technically* and institutionally feasible? > Can they just throw out TCP/IP and mandate X25? Can TCP/IP be "tamed?" > How can they control private virtual networks that piggyback on the basic > network structure? "Our chief weapon was surprise", and of course Fear, Uncertainty, and Doubt. The most effective thing they could do would be to deploy a digital signature system that you _have_ to use to pay your company taxes or file your individual tax returns on-line, and go from there to requiring it for other business transactions with the government. Subsidized servers, of course. It's worked with Social Security Numbers, and if they control on-line signatures for business, then they can control access to the nets for a large fraction of the population. Along with it, require that banks use the signatures for electronic banking, which is a bit easier since banks are heavily regulated and the Federal Reserve would probably be happy to help. Besides, it gives the Post Office something to do in a post-paper world. They obviously can't prevent piggyback networks, but they _can_ make it economically infeasible for medium-large companies to run them. For instance, declaring internet providers to be common carriers, and doing a "digital telephony bill" to require them to use IPng authentication on packets and traceable headers on news and email systems, with the risk of de-licensing and confiscation for non-conformists. It's nice that the largest backbone provider is now NOT the NSFnet, but a commercial provider (though I'd obviously prefer AT&T to Sprint+MCI :-), but they're still the Phone Company, and could be forced to accept regulation. Meanwhile, at the user end, the Enemy could start using confiscation on any computers caught running remailers or encryption - even if they can't stop us Nasty Evil Black-Marketeering K0deZ Dealers, they could make it too risky to do at work or school, which means your own money is on the line if you get caught calculating in the Black Numbers. I doubt they'll be able to ban convicted lawbreakers from using computers entirely for much longer (heck, I wouldn't be able to use my microwave oven any more, much less drive my car), but they could still try. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Dave Horsfall Date: Tue, 3 Jan 95 19:02:58 PST To: cypherpunks@toad.com Subject: Re: Why I have a 512 bit PGP key In-Reply-To: <9501031809.AA21532@elysion.iaks.ira.uka.de> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Hadmut Danisch wrote: [ On smart compilers ] > It's enough to recognize DES tables or PGP procedures. And common benchmarks, such as Eratosthenes' Sieve... -- Dave Horsfall (VK2KFU) | dave@esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Enki of Enridu Date: Wed, 4 Jan 95 14:10:47 PST To: "Robert A. Hayden" Subject: Re: Stegno for Kids In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Robert A. Hayden wrote: > On Tue, 3 Jan 1995, Hadmut Danisch wrote: > There was also this thing where you would get these books and a magic > marker, and they you would do puzzles in the book, and use the pen to > develope the answer. > > The old Infocom hint books also used a similiar setup. I remember those. The hints would range in order of how desperate the player was. That was almost as much fun as the game... David Elkins From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Blanc Weber Date: Wed, 4 Jan 95 14:42:04 PST To: db@Tadpole.COM Subject: Re: Siegel and Lewis Message-ID: <9501042243.AA25793@netmail2.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain Why is it that so many cypherpunks like the economist? I learned recently that Eric is a big fan. So am I. You're certainly not the first other cypherpunk to mention this. Weird. I mean, it's not exactly a radical publication... it just gets its *&#$*#$ facts right. Probably this is it. ................................................... I like it for its classy, stylish prose. And the fact that it presents an economic perspective on world events. .. Blanc From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Wed, 4 Jan 95 14:47:32 PST To: Jonathan Rochkind Subject: Re: Siegel and Lewis In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Wed, 4 Jan 1995, Jonathan Rochkind wrote: > In a rather disjointed sort of way, that makes it easy to beleive the > article was mangled somewhat in editing. Perhaps they rearanged it to put > the "sensational" fear-mongering stuff first. Which is unfortunate, and One of the top points was "experts say ....". Journalists do not quote anonymous "experts" on controversial stuff unless they have marching orders from above. It is a violation of the standard rules of journalism. You are always supposed to identify the person allegedly speaking. "Experts say .." is like "Highly placed sources ...". You know an official lie issued by the the appropriate department of lies is about going to follow when you see those words. This article was no accident of sloppy thinking and editing. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: erc@s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Wed, 4 Jan 95 13:45:48 PST To: cypherpunks@toad.com Subject: Re: warning letter from... Message-ID: MIME-Version: 1.0 Content-Type: text Speaking of Scientology... Forwarded message: > Newsgroups: rec.humor.funny > Subject: Do we face Mount St. Helens twice a day? > From: wb8foz@netcom.com (David Lesher) > Keywords: topical, funny, parody, computers > Approved: funny@clarinet.com > Message-ID: > Date: Wed, 4 Jan 95 12:20:02 EST > > AP: BILL TAKES ON ORAL & JIM > > Bill Gates, Incorporated announced that the Corporation has > purchased a controlling interest in the Church of Scientology, > effective today. The amount of the transaction was not > disclosed. > > A corporate spokesman reading from a prepared text called > "premature" reports that the next version of the company's > mainstay product, referred to as "Windows_2001" in the trade > press, will incorporate an E-meter pop-up box. > > The spokesman did vehemently deny that BGI had really intended > to purchase the Roman Catholic Church, but had drafted the > contract with Microsoft Word on a Pentium, thus causing the > error. > > "We got what we wanted. We see a great potential in the > Church's auditing techniques, and plan to use them to > investigate methods of producing more uniform structured > thoughts, err, code." > > BGI is privately held. > RCC stock closed down 1/8, in light trading. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: bshantz@spry.com Date: Wed, 4 Jan 95 14:48:48 PST To: cypherpunks@toad.com Subject: The Good Times virus ... Message-ID: <199501042250.OAA01990@homer.spry.com> MIME-Version: 1.0 Content-Type: text/plain Hey folks, Remember the AOL Good Times virus? Well, we just got some mail here at SPRY warning us about it. I laughed rather hard. Anyway, I told the guy who sent the mail that I would send him a number of pieces of documentation about the fact its a hoax. There was a NASA newsletter a few months back about it. I deleted it, because I thought I'd never need it again. Does anyone know where I might get a copy of that or another press release about the Goot Times hoax? I'd appreciate any help. Thnax, Brad >>>>>>>>>>>>>>>>>>>>>INTERNETWORKING THE DESKTOP<<<<<<<<<<<<<<<<<<<<<<< Brad Shantz bshantz@spry.com Senior Software Engineer SPRY Inc. Direct #: (206)-442-8251 Seattle, WA 98104 WWW URL: http://WWW.SPRY.COM ---------------------------------------------------------------------- PGP Public Key at: http://www-swiss.ai.mit.edu/~bal/pks-toplev.html Or email: pgp-public-keys@pgp.ai.mit.edu Subj: GET bshantz >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: adwestro@ouray.Denver.Colorado.EDU (Alan Westrope) Date: Wed, 4 Jan 95 14:05:43 PST To: cypherpunks@toad.com Subject: Re: who? In-Reply-To: <199501042110.NAA27459@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- On Wed, 4 Jan 1995 13:10:45 -0800, anonymous-remailer@shell.portal.com wrote: > ps, how come mail i send to jpiunix.com is getting bounced, are they down? Regrettably, it appears jpunix.com is down permanently. I can't fault John at all, and want to thank him for running a robust remailer for as long as he was able. I captured this earlier today: ============================================================================= From: perry@jpunix.com (John A. Perry) Newsgroups: alt.privacy.anon-server,alt.anonymous Subject: Re: Jpunix "unknown"? Date: 4 Jan 1995 06:55:22 -0600 Organization: J. P. and Associates In article , Don Doumakes wrote: >I've gotten several pieces of mail returned from jpunix. Is it down >permanently, or is this just a temporary problem? Here is the test of a message I sent to remailer-operators: The anonymous remailer at jpunix.com is going to shut down permanently shortly after I send this message. I spent my holidays fighting spams, running out of disk space because of spams and people sending HUGE binaries, and running out of swap space. I have come to the ultimate conclusion that the Internet is not mature or developed enough for remailers. The intended purpose has been completely ignored while abuse is growing almost geometrically on a daily basis. I have concluded that running a remailer on the Internet is like giving a bunch of terrorists a nuclear bomb and then telling them "But only use it for good!". There just doesn't seem to be much point in thrashing my disks and computer to aid somebody in net abuse. I hardly ever (never) see any use of the remailer for the purposes it was intended. BTW as I type this, mailgate.mail.aol.com is hammering my port 25 every 30 seconds. The contents of the spam being passed thru my system essentially says: THIS IS A MAIL BOMB!! **** BOOM *** ============================================================================= Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwsa7VRRFMq4NZY5AQEC7QP/SsfagBISP7k+0en0MeJpTPD56BNv0xGX Fh80FuzJ/8Ya7Z4ykz8C1zTtXUaKJeIMgGbQkwybYveOGY5eZWgkc62r+FjmW6fh JY2WhI7e0w+NpfjLBktr+deBvy3b9ElXfbiObfftZMZX/yVke7KX7p7hhdK8t7/g vVj+TqEMhGU= =GnaX -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Wed, 4 Jan 95 13:22:59 PST To: Cypherpunks Subject: regards to legal attempt to stifle remailers In-Reply-To: <199501041600.AA07488@xs1.xs4all.nl> Message-ID: MIME-Version: 1.0 Content-Type: text/plain After reading the post from teh Scientologists about lockout out groups form anon-remailers, I was thining a little bit, note I said a little bit this isnt a fully fleshed out idea yet. I was thinking it may be smart for osme of the remailers to lock out the groups, in particular those operators who do it forma student acount, or perhaps from their own account in teh United states where legal action would be able to reach them. But to get around this, the anon users can use the Finland server, or a new and imporoved anon-remailer. By shopping around for ISPs it is possible to find a provider who takes payment thru mail and doesnt require positive ID to set up an account. With this you then either run that account as the remailer, a totally anon account not linked to your person and thus immune from legal actions(besies having it closed by the ISP if they are pressured) or you can run a SLIP connection and runa remailer much like Julf's on your own machien thru a dedicated SLIP line. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: anonymous-remailer@shell.portal.com Date: Wed, 4 Jan 95 15:24:17 PST To: cypherpunks@toad.com Subject: Re: who? Message-ID: <199501042324.PAA14631@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain i'm sorry to hear the jpunix remailer is down for good-- why can't people learn to be more fuckin responsible! i guess this is just yet another inconvenience we can tank terrorists for and those aol-holes! anybody know the email address of the good samaritans? tia From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: bshantz@spry.com Date: Wed, 4 Jan 95 15:45:24 PST To: cypherpunks@toad.com Subject: Re: The Good Times virus ... Message-ID: <199501042346.PAA03355@homer.spry.com> MIME-Version: 1.0 Content-Type: text/plain Thanks to the people who've sent me copies of the CIAC announcement. That should cover my needs for right now. Hopefully I can convince these people not to worry. -- brad From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Avi Harris Baumstein Date: Wed, 4 Jan 95 12:46:33 PST To: cypherpunks@toad.com Subject: Re: Warning letter from Co$. [any comments ?] In-Reply-To: <199501041600.AA07488@xs1.xs4all.nl> Message-ID: <199501042047.PAA06797@cutter.clas.ufl.edu> MIME-Version: 1.0 Content-Type: text/plain nobody writes a very nice, non-confrontational and well thought out letter supporting his case (and ignoring the oddness of copyrighting religous materials). but i have some questions that weren't discussed when i took business law 101 a few years ago: nobody@replay.com (Name withheld on request) writes: > applicable. Damages and an injunction against further > unauthorized copying and distribution may be obtained against > infringers and, all unauthorized copies and all materials and > equipment by which the unauthorized copies may be reproduced > can be impounded. Unauthorized disclosure of the > confidential Advanced Technology materials also violates > applicable trade secrets laws. i know there has been much chatter on this subject, but are there truly any precedents that could hold on the anonymous distribution of copyrighted material? are remailer-ops truly in legal danger? what exactly constitutes a trade secret, and what sort of laws apply? > clients' property rights. Courts are holding such > contributory infringers liable. Two examples are: Sega > Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. > Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. > 1152 (M.D. Fla. 1993). what of these cases? is this just an example of typical lawyerly intimidation tactics? how do you remailer-ops plan to react? my first instinct (were i running a remailer) would be to ignore it, on grounds that i wouldn't examine any mail passing through. but if there really were valid precedent in this matter... (has anyone seen any well-written lay-person evaluations of the steve jackson case? i read the ruling, but much of it went in one eye and out the other). i think the censorship thing is building steam, and we should start preparing (and informing) ourselves... -avi From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Dave Horsfall Date: Tue, 3 Jan 95 21:06:46 PST To: cypherpunks@toad.com Subject: Re: San Francisco Editorial In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Michael Handler wrote: > Dick Depew and AARM (Auto-Active Retro Moderation). He wanted to > cancelbot any posting from anon.penet.fi in the Big Seven Usenet hierarchies. > He was promptly beaten down by the net. Feh. He was also the one who presented a convincing argument that the one who posted the alleged transcript was none other than Julf himself; he (Dick) was getting responses from the perpetrator faster than the delayed-response mechanism would have allowed... -- Dave Horsfall (VK2KFU) | dave@esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Greg Broiles Date: Thu, 5 Jan 95 00:25:20 PST To: cypherpunks@toad.com Subject: Remailers, law and the Church of Scientology Message-ID: <199501050035.AA02970@ideath.goldenbear.com> MIME-Version: 1.0 Content-Type: text -----BEGIN PGP SIGNED MESSAGE----- AvI Harris Baumstein writes: >> clients' property rights. Courts are holding such >> contributory infringers liable. Two examples are: Sega >> Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. >> Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. >> 1152 (M.D. Fla. 1993). >what of these cases? is this just an example of typical lawyerly >intimidation tactics? Neither case is particularly similar to the remailer situation. _Maphia_ concerned a business which sold $350 boxes to copy SEGA programs from and to ROM cartridges; they also sold access to their BBS which held unlicensed copies of SEGA games. The court held that the copying devices had no purpose other than to contribute to infringement, and that when SEGA programs were uploaded to the BBS, the upload was made with the knowledge of the defendants. _Frena_ involved a BBS operator who made copyrighted pictures from Playboy available on his BBS; Playboy trademarks were removed from the pictures prior to posting. Access to the BBS was only available to people who paid for access, or who otherwise did business with the defendant. The court's discussion about the defendant's mental state in _Frena_ consists of a single sentence, and a cite to Jay Dratler, Jr., "Intellectual Property Law: Commercial Creative, and Industrial Property", $ 6.01[3] at 6-15(1991). The court seems to be addressing direct, not contributory infringement. (I don't have Dratler available easily right now so I dunno what it says.) _Maphia_ does cite text from _Casella v. Morris_ 820 F.2d 362 (11th Cir. 1987): "'[o]ne who, with knowledge of the infringing activity, induces, causes or materially contributes to the infringing conduct of another' may be held liable as a contributory infringer." (quoting from _Gershwin Publishing Corp. v. Columbia Artists Management, Inc._, 443 F.2d 1159,1162 (2nd Cir. 1971). I don't think the cases cited stand for what the Church's attorney says they stand for. I'm not convinced that the "contributory infringement" doctrine can be reasonably applied to remailer operators; and I'm not sure that remailer operators have the sort of mental state (knowledge) required to create liability. The letter to operators may be part of a strategy to establish knowledge of the potential for misuse, to later prevent operators from claiming a lack of knowledge. I'm not sure that a vague warning "someone might use your service to infringe a copyright" is strong enough to establish that sort of knowledge. As a remailer operator, I don't see a good way to eliminate infringing uses without also eliminating non-infringing uses; the crazy politics around this Scientology stuff makes it seem like the perfect place for people to use remailers. I also think the non-commercial and political nature of postings to the Scientology groups may make a fair-use analysis turn out differently than in _Maphia_ and _Frena_; both defendants tried a fair use argument, and both lost. On the other hand, I'm a law student, not an attorney, and the person who wrote that letter certainly knows more about law in general and about copyright than I do. I may be totally hosed. Coincidentally or not, I had a long chat today with the sysadmin of the system immediately upstream from mine. He said, out of the blue, "So .. you run a remailer?". In the past he has been privacy-friendly and anon-friendly, and seems to remain so today, but the timing was a little peculiar. I explained about the remailers and told him how to get Raph's list and about alpha.c2.org and all the rest of it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLws+TH3YhjZY3fMNAQEpmgP+JnIZKmdzLWx3P8fMVO0v1pEZ33lrlHHe FLZBnk59rDXZBomFhprlZAs65ERmKBbugXRJYkPhFA7aKYqcmpquGj6BqWp0oTul SjHS3OWpsDJhPVEWzt5uOhlV5WrDdhqUWgrI9hN1nfLHnD/Y2NGvPPUt4J2Web/H uD9htAdxH8o= =U4oG -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: db@Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 95 15:21:02 PST To: adwestro@ouray.Denver.Colorado.EDU (Alan Westrope) Subject: Remailer Abuse In-Reply-To: Message-ID: <9501042320.AA07624@tadpole.tadpole.com> MIME-Version: 1.0 Content-Type: text/plain The problem with a _free_ remailer is obvious -- like many other Internet resources, it can suffer from the tragedy of the commons. Even a negligible fee would do much to prevent gross remailer abuse. It may not be feasible to make remailers in to an industry, but this isn't the point -- it will keep the utterly lame from using it for pranks and their ilk. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 4 Jan 95 13:45:21 PST To: Hal MIME-Version: 1.0 Content-Type: text/plain At 5:44 PM 01/03/95, Hal wrote: >The scary thing about cancels is that some proposals have actually been >directed at anonymous posts themselves. Someone anonymously posted >what purported to be a grisly transcript of the last seconds of the >doomed Challenger crew as they fell to the ocean. This caused a great >hue and cry and some calls for banning anonymous posts and/or >retroactively cancelling them. This led to some very amusing events >which Detweiler has chronicled in his FAQ on anonymity, the net result >of which was that the idea was discredited. But the emergence of >CancelMoose is not an altogether positive event in my view. I too have mixed feelings about CancelMoose. But it must be noted, that while it's possible for CancelMoose to be used for Evil Purposes, it hasn't. This isn't a trivial point. The net collectively (well, it wasn't really collective, but I suggest if this individual anonymous CancelMoose hadn't existed, someone else would have done it) responded to something that it's nearly universally agreed upon is bad; C&S-style spamming. That is an example of an anarchist non-hierchical system _working_, despite the lack of rules. And the widespread cancelling of anonymous posts, or posts from communists or whatever, _hasn't_ happened. And if someone tried it, I bet it wouldn't work for long, something would be done to stop it. An anti-cancelbot that reposts anything cancelled by the Evil Censoring Cancelbots, or something. (Why haven't C&S thought of this themselves? Would really create havok with all the cancels and anti-cancels and re-cancels, etc.) I dont' think Martha Siegel really understands what's going on (not a surprise). She is speaking out against a lawless anarchist net, and saying we need more rules. Because she's mad at people cancelling her posts, mainly. But it seems completely obvious that if we _did_ have rules, they would prohibit the kind of really horrible spams she and her husband have been undertaken. Because 99.99% of the net agrees that those spams are really bad. But, like I said, such rules aren't even neccesary. The net collectively reacts. And there will be a counter reaction, C&S will figure out how to get around the cancelbots, or the cancelbots will be used for Evil, or whatever. But I believe firmly that that would cause yet another counter reaction of some kind. And so on and so on. The net will stay at equilibrium. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 4 Jan 95 13:46:49 PST To: cypherpunks@toad.com Subject: Re: Siegel and Lewis Message-ID: MIME-Version: 1.0 Content-Type: text/plain At 7:22 PM 01/03/95, Raph Levien wrote: > His piece that ran Saturday was badly mangled by the editorial >process, especially since it ran on page one. Those articles get to be >mangled by a whole new set of people who otherwise wouldn't get to >touch it. I think Lewis has basically good intentions, and does do his >homework before writing a story. Yeah, I encourage everyone to actually _finish_ reading that article before putting Lewis on your permanent hate list. I almost put it down in disgust, from the stuff on page 1, but if you turn to where the article is continued, it becomes quite a bit more balanced and less fear-mongering. In a rather disjointed sort of way, that makes it easy to beleive the article was mangled somewhat in editing. Perhaps they rearanged it to put the "sensational" fear-mongering stuff first. Which is unfortunate, and perhaps intentional, because most people probably won't make it to the end of the article, and if they do, will have been pre-biased by the initial paragraphs, especially if this is the first they've heard of the subject. But I don't have too much trouble believing that all blame belongs on the editors, and not Lewis. :) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@replay.com (Name withheld on request) Date: Wed, 4 Jan 95 08:00:03 PST To: cypherpunks@toad.com Subject: Warning letter from Co$. [any comments ?] Message-ID: <199501041600.AA07488@xs1.xs4all.nl> MIME-Version: 1.0 Content-Type: text/plain January 3, 1995 TO: INTERNET REMAILER OPERATORS FROM: THOMAS M. SMALL COUNSEL FOR RELIGIOUS TECHNOLOGY CENTER AND BRIDGE PUBLICATIONS, INC. I represent Religious Technology Center ("RTC"), which owns the unpublished, confidential Advanced Technology of the religion of Scientology, and holds exclusive rights under the copyrights applicable to the Advanced Technology materials. I also represent Bridge Publications, Inc., which holds the exclusive right to print, publish and sell various non-confidential works by the founder of the Scientology religion, L. Ron Hubbard, and to make and publish compilations and derivative works of and from those works and to enforce all rights in them. It has come to my attention that there are two alternate newsgroups on the Internet to which individuals have been annonymously posting certain of my clients' published and unpublished copyrighted materials, including certain of the confidential Advanced Technology materials. These confidential materials being posted were stolen from my client. There is reason to believe that the materials which are uploaded by these users may also be downloaded by other users, and that these activities may be occurring through the systems which are linked into the Internet. The two newsgroups into which these materials are being copied are alt.technology.clearing and alt.religion. Scientology. We request your assistance in dealing with the problem. The spread of infringements and misappropriations by the users will be lessened if you lock out from your systems the two newsgroups involved, alt.religion.scientology and alt.technology.clearing, limiting the potential for reposting and downloading. It will then be easier to deal with the intentional infringers through appropriate channels. Both the uploading and downloading of these materials constitute unauthorized copying and distribution of the materials in violation of our clients' rights under United States copyright laws and the law of other countries, where applicable. Damages and an injunction against further unauthorized copying and distribution may be obtained against infringers and, all unauthorized copies and all materials and equipment by which the unauthorized copies may be reproduced can be impounded. Unauthorized disclosure of the confidential Advanced Technology materials also violates applicable trade secrets laws. Action is being taken directly with the systems users who we know are primarily responsible for these violations of my clients' rights. We hope those actions will put an end to the infringements by these users. We do {not} wish to involve others in litigation. Unfortunately, however, such actions will be unavoidable where there is contributory infringement by those who knowingly induce or contribute to the infringing conduct of these users by providing facilities or systems that enable the direct infringers to infringe, because we legally must take all actions to protect our clients' property rights. Courts are holding such contributory infringers liable. Two examples are: Sega Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. 1152 (M.D. Fla. 1993). Recent proposed legislation regarding potential liability of systems operators and others who provide facilities or services, such as annonymous remailers, for information passing through their systems has understandably created concern on the part of systems operators as a potential liability. We ask your voluntary assistance in dealing with these known wilful infringers so that we can both deal with the problem without legal hassles, and legal liability can be confined to those who intend to create the situation. We ask that you confirm that you have blocked access to these newsgroups through your remailer. If you are unwilling to do so, we ask that you inform us as to the reasons for your position. Sincerely, Thomas M. Small From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Wed, 4 Jan 95 17:30:07 PST To: entropy@IntNet.net (Jonathan Cooper) Subject: Outlawing Anonymity In-Reply-To: Message-ID: <199501050126.RAA01575@netcom12.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Jonathan Cooper wrote: > > > Criminalize anonymity, and tell the internet providers to figure > > out how to enforce it or face confiscation. > > Which would probably amount to sniffing all packet traffic. > > If that ban was implemented, so would ways around it be implemented. > I would prefer that they not need to be invented but if they must be, > they will be. This same topic--the outlawing of anonymity and anonymous remailers--is also being debated on the Cyberia list, as many of you know. (Timely, I guess, because of the Siegel comments, the Lewis article, and the Church of Scientology threats.) The ways around such a ban are so patently obvious that any such "ban" is unenforceable. I wrote a piece on this for the Cyberia list, but this was my single most important point: If anonymous mail is outlawed, then the anonymous mailers can attach real names. To wit, all mail from a famous remailing site in the Netherlands could be marked as being from "Hans Brinker." This would presumably meet the letter of the law, if not the "spirit." (I always did hate this "spirit.") Further, sites which "forward" anonymous mail, or mail from "Hans Brinker," are in most cases precluded by the ECPA from screening this mail or otherwise examining it. I see no prospect whatsover that a ban on anonymous mail could be implemented, enforced, or upheld in the courts. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Michael Conlen Date: Wed, 4 Jan 95 15:17:09 PST To: Jonathan Cooper Subject: Re: Siegel and Lewis In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 3 Jan 1995, Jonathan Cooper wrote: > > Martha Siegel is just fucked up enough that she will probably push > > for legislation regulating the nets. Congress is just fucked up that > > they might pass it. > > And if they do I will make it a definate point to do all I can to > emigrate to the UK, the Netherlands, or somewhere else. > > This country is increasingly becoming a police state, and I've got too > many years of life left to just passively deal with it. As I understand it, the government owns a portion of the internet. What they want to regulate about that is their business. What I want to know is how can they regulate what private business and citizen's do with there Fiber Optic's, ISDN lines, telephone lines, and computers. If the government was to ban anything on the net, it would shurly seem to me to be in violation of the first ammenment. Things like pirated software, being illegal already, is one thing, but our mail, conversations, ect. is diffrent. Does anyone have any information on what grouds Seigel and Lewis plan to use for legislation? If they do pass laws regulating the 'net I hope someone comes up with a no-spamming law, then I am getting a ticket on Jon Coopers plane out of the country. Groove on Dude Michael Conlen From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cactus@seabsd.hks.net (L. Todd Masco) Date: Wed, 4 Jan 95 15:07:09 PST To: cypherpunks@toad.com Subject: Re: Warning letter from Co$. [any comments ?] Message-ID: <199501042312.SAA03816@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <199501042047.PAA06797@cutter.clas.ufl.edu>, Avi Harris Baumstein wrote: >i know there has been much chatter on this subject, but are there >truly any precedents that could hold on the anonymous distribution of >copyrighted material? are remailer-ops truly in legal danger? what >exactly constitutes a trade secret, and what sort of laws apply? This is oddly timely. The LaMacchia decision showed that providing a service for others to use for the distribution of copyrighted material (in his case, copyrighted software) was not prosecutable under Wire Fraud statutes. The judge told the Feds, "no dice. Stop trying to applying laws to areas where they weren't intended." Civil matters are another matter, of course, but that's one avenue that's closed. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLwrwjBNhgovrPB7dAQHIYAP6AtRFkIqOj+vRPxUPLdGaUK9t9/pZQi8g 6HyXHBjaEA9ygX8ALQEbS3AK1a1DsqWIsOxXVivszfEY+1lmS3w93VnICjigebbf YuHpFOOgyf8IkUBslov1V7Pw0/X/blMVspyc1nDigK3KsyMi7PalAw5ECECqkhkD AizVLOZNrO0= =yOiL - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwsrTyoZzwIn1bdtAQH9xAF/dFkiStD+csfx4ATJ76WaxrfcLPEYej+p Ec55BXkOYH+96xGLHugficY5hRjtL5eL =LPEW -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Wed, 4 Jan 95 16:11:42 PST To: cypherpunks@toad.com Subject: Re: British Hacker Article Message-ID: <9501042343.AB19355@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 01:31 PM 1/4/95 -0500, Duncan Frissell wrote: >>From The Independent (London) Tuesday 3 January 1995 - Front Page > ... The US Defence Information >Systems Agency admitted in a private briefing, which has been confirmed, >that the hackers had affected the Department's "military readiness." "Admitted"? Probably "complained without substaniation" would be more accurate. > ... It is understood that >he invented a "sniffer" programme which searched across hundreds of >computers attached to the Internet for passwords and user names. ... If he was really behind the various password sniffers running on Netcom, etc, he has a lot of explaining to do. > ... "They contained information about >firing sites in North Korea and stuff like that. Field intelligence. He >kept detailed logs of communication traffic. ... The Korean files were on >the Girths Air Force Base computer system and therefore the could have been >accessed. ... Harumpf. Either the stuff wasn't classified, or else someone had a major security procedures breach and had classified material sitting on a computer with an uncrypted comm link. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Wed, 4 Jan 95 16:21:19 PST To: Nathaniel Borenstein Subject: Re: San Francisco Editorial In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain > A letter to the editor is like spitting into the wind in this case. I > think what's needed is a more constructive affirmative action, ideally > taking Cantor and Siegel to court somewhere. Perhaps it's my libertarian outlook, perhaps not, but I tend to abhor using the US government's ``legal'' system for almost any reason. The worst thing about doing this (suing them), IMHO, is that if you lost you would create a precedent for all the people who aren't doing it because they might consider it illegal or immoral -- far too many people consider things that the court okays to be morally okay. Instead, I think it's a great stimulus for better software - there's no reason to sue them when it'd be a better thing for the community if newsreaders and mailreaders were enhanced to deal with spams. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Wed, 4 Jan 95 16:27:25 PST To: "James A. Donald" Subject: Re: Regulatory Risks In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain > Criminalize anonymity, and tell the internet providers to figure > out how to enforce it or face confiscation. Which would probably amount to sniffing all packet traffic. If that ban was implemented, so would ways around it be implemented. I would prefer that they not need to be invented but if they must be, they will be. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Wed, 4 Jan 95 16:29:09 PST To: Black Unicorn Subject: Re: Siegel and Lewis In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain > I tend to focus on the subject matter economist prints. I just find it > more on target than most if not all of the major U.S. media sources. I find _Reason_ quite excellent as well. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Wed, 4 Jan 95 16:37:41 PST To: Michael Conlen Subject: Re: Siegel and Lewis In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain > As I understand it, the government owns a portion of the internet. What Yes. And through my work's upcoming link, so will they. So what? > they want to regulate about that is their business. What I want to know On their own networks, surely. > is how can they regulate what private business and citizen's do with > there Fiber Optic's, ISDN lines, telephone lines, and computers. If the They already do - look at the regulations on telcos, power companies, water companies, cellular/paging companies, lawyers, doctors, etc. > government was to ban anything on the net, it would shurly seem to me to > be in violation of the first ammenment. Things like pirated software, An interesting point. Any legal views from someone more versed in the law than I? -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Wed, 4 Jan 95 16:40:13 PST To: Doug Barnes Subject: Re: Remailer Abuse In-Reply-To: <9501042320.AA07624@tadpole.tadpole.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > The problem with a _free_ remailer is obvious -- like many > other Internet resources, it can suffer from the tragedy of > the commons. See the remailer at c2.org as an example - quite nice, and has a pay-for-more than n bandwidth agreement. Works fine for a few small chatty messages, won't work worth a damn for spamming. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Wed, 4 Jan 95 17:31:32 PST To: db@Tadpole.COM Subject: Re: Remailer Abuse In-Reply-To: <9501042320.AA07624@tadpole.tadpole.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain From: db@Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 1995 16:38:21 -0600 (CST) Cc: cypherpunks@toad.com The problem with a _free_ remailer is obvious -- like many other Internet resources, it can suffer from the tragedy of the commons. Even a negligible fee would do much to prevent gross remailer abuse. It may not be feasible to make remailers in to an industry, but this isn't the point -- it will keep the utterly lame from using it for pranks and their ilk. Use First Virtual. The "information" that you sell is a one-time email alias that points to your remailer. After an hour, that email alias gets disabled. This dynamic setup is easy to do with smail, just a matter of dropping a file into a directory. And who cares if they pay you or not, because if they don't pay (choose to purchase the information), eventually FV will cancel their account. Send mail to info@fv.com. This gets you an automated response. Their contract says that they won't enforce payment on services, so if you offer a service, you're completely at risk, but again, there's not much real risk here... -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 4 Jan 95 17:37:07 PST To: Aron Freed MIME-Version: 1.0 Content-Type: text/plain At 11:23 PM 01/01/95, Aron Freed wrote: >Has anyone seen Monty Python's Life of Brian..... DO I hear a parallelism??? >Something to the effect of "The PEople's Judean Front", "The Popular >People's Front", and it goes on an on.... > >HOw about for the modern approach.... CDT, EFF, CPSR, Cypherpunks... Do I >hear more.. Or are we so split up that we can't agree on our common goal.... The more the merrier, in my opinion. As long as they can all get funding, which admittedly could be a problem, but presumably if it is then some of the organizations will just drop out. *shrug* But in general, decentralization is good, right? I'd rather have 5 organizations defending electronic rights then just one, when we know all too well how possible it is for that just one to negotiate a compromise that seems more like a betrayal. The more active, funded organizations, the more it appears to legislators like people are really concerned about this stuff, and the safer we are against point-failure. Decentralize, distribute, good. :) [Of course it remains to be seen if so many organizations at once can remain active and well funded.] From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: danisch@ira.uka.de (Hadmut Danisch) Date: Wed, 4 Jan 95 13:02:33 PST To: cypherpunks@toad.com Subject: Re: Warning letter from Co$. [any comments ?] Message-ID: <9501042102.AA22721@elysion.iaks.ira.uka.de> MIME-Version: 1.0 Content-Type: text/plain > These confidential materials being posted were stolen from > my client. There is reason to believe that the materials > which are uploaded by these users may also be downloaded by > other users, What makes him think that anyone (except thetans which spend all their money to scientology anyway) wants to have this "material" and wastes any diskspace or bandwith for ? Hadmut From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: db@Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 95 20:52:46 PST To: nelson@crynwr.com (Russell Nelson) Subject: Re: Remailer Abuse In-Reply-To: Message-ID: <9501050453.AA10198@tadpole.tadpole.com> MIME-Version: 1.0 Content-Type: text/plain > The problem with a _free_ remailer is obvious -- like many > other Internet resources, it can suffer from the tragedy of > the commons. > > Even a negligible fee would do much to prevent gross remailer > abuse. It may not be feasible to make remailers in to an > industry, but this isn't the point -- it will keep the utterly > lame from using it for pranks and their ilk. > > Use First Virtual. The "information" that you sell is a one-time > email alias that points to your remailer. After an hour, that email > alias gets disabled. This dynamic setup is easy to do with smail, > just a matter of dropping a file into a directory. Heh. An anonymous remailer paid for by credit card... there'd have to be an additional level of indirection for it to work, which would make the methods for tracking those who don't pay quite problematic. Also, most remailer abuse tends to be of the hit-and-run variety, which is still nicely enabled by FV. Anonymous remailers pretty much require anonymous digital cash, although this could be built on top of some other electronic payment system with somewhat less payment lag and reversability than FV. Doug From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Wed, 4 Jan 95 19:11:15 PST To: cypherpunks@toad.com Subject: The NYTimes article Message-ID: MIME-Version: 1.0 Content-Type: text/plain The New York Times article is on Nando (News and Observer)'s WWW server: http://www.nando.net/newsroom/nt/inf/01029537644.html For those who haven't seen it... -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: db@Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 95 20:58:12 PST To: entropy@IntNet.net (Jonathan Cooper) Subject: Re: Remailer Abuse In-Reply-To: Message-ID: <9501050458.AA10237@tadpole.tadpole.com> MIME-Version: 1.0 Content-Type: text/plain > See the remailer at c2.org as an example - quite nice, and has a > pay-for-more than n bandwidth agreement. Works fine for a few small > chatty messages, won't work worth a damn for spamming. > I like both this idea and this particular service. I didn't mean to imply that nobody was charging/reducing spam. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wulkwa@near.net Date: Wed, 4 Jan 95 13:47:22 PST To: cypherpunks@toad.com Subject: Regulatory Risks Message-ID: <199501042146.QAA08343@nova.umd.edu> MIME-Version: 1.0 Content-Type: text/plain I think it's important to realize that organizations move on a slower time scale than people. The larger the organization, the longer the time scale. Thus, when looking at the government's response to anonymous transactions it would be wise to look at trends dating back to the '70s (if not earlier). Also, it's important to realize that such long-term activities are systemic in nature. Examples of government attacks on anonymous activities might include the war on drugs (especially the money laundering countermeasures). W. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Aron Freed Date: Wed, 4 Jan 95 20:30:14 PST To: Jonathan Rochkind Subject: Re: good news about the EFF... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Wed, 4 Jan 1995, Jonathan Rochkind wrote: > which admittedly could be a problem, but presumably if it is then some of > the organizations will just drop out. *shrug* But in general, > decentralization is good, right? I'd rather have 5 organizations defending > electronic rights then just one, when we know all too well how possible it > is for that just one to negotiate a compromise that seems more like a > betrayal. The more active, funded organizations, the more it appears to > legislators like people are really concerned about this stuff, and the > safer we are against point-failure. Decentralize, distribute, good. :) > > [Of course it remains to be seen if so many organizations at once can > remain active and well funded.] A good point, but I was just trying to make the point of too many organizations becomes very silly.... But thanks for pointing out the other extereme... | A(a)ron M. Freed | It is naive to believe people are honest. | | s009amf@discover.wright.edu | It is naive to believe programmers are | | (513)276-3817 (voice) | honest. It is even more naive to believe | | (513)276-4158 (data/fax) | the government is honest. Down with Big | | | Brother. | |_____________________________|___________________________________________| From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Thu, 5 Jan 95 00:02:06 PST To: cypherpunks@toad.com Subject: Re: Warning letter from Co$. [any comments ?] In-Reply-To: <199501042047.PAA06797@cutter.clas.ufl.edu> Message-ID: <199501050801.AAA18013@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain From: Avi Harris Baumstein i know there has been much chatter on this subject, but are there truly any precedents that could hold on the anonymous distribution of copyrighted material? Cubby v. Compuserve is relevant here, as well as that bookstore case in the 50's that I never remember the name of. Mike G., can you help me out on this one? These cases are about other kinds of wrongs (libel in one and obscenity (?) in the other), but copyright violation doesn't seem to be have any particular features to set it apart from the basic principle of these. Namely, if you know, you're responsible; if you don't, you're not. This, you all realize no doubt, is a gross simplification of a long chain of reasoning. what exactly constitutes a trade secret, and what sort of laws apply? The short answer is that if you didn't sign a trade secret agreement or are party to one by some other relationship (such as agency), then a trade secret that comes your way is no secret any more. > clients' property rights. Courts are holding such > contributory infringers liable. Two examples are: Sega > Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. > Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. > 1152 (M.D. Fla. 1993). what of these cases? is this just an example of typical lawyerly intimidation tactics? I have personal experience with the first case. It was a local BBS run by a friend of a friend, and I got involved a year ago right after the seizure. (It was, BTW, a _civil_ seizure of a BBS, not criminal.) I believe the case settled out of court. There were court documents approving the seizure however; I don't know if these set precedent or not. I suspect not, because the action was entirely _ex parte_ (Latin for one-sided). Mike, again? Other legal folk? I know nothing about the second one. nhow do you remailer-ops plan to react? my first instinct (were i running a remailer) would be to ignore it, on grounds that i wouldn't examine any mail passing through. The people who keep logs, yes, are in more danger than those who don't. Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Wed, 4 Jan 95 20:58:24 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme Message-ID: <199501050503.AAA07022@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- The Dalai Lama writes: > I know that in Delaware it is illegal for a merchant to request ID when > you pay by credit card. I'm not sure if this is wide spread or just > local. As I recall there was something of a national outcry about this practice several years back. I think California outlawed it at the time, along with other states, though I don't know if any federal law was passed. Since I understand MBNA America is the second-largest employer in Delaware, I'd guess that if Delaware banned it, so did most states. Retail stores often asked one to write one's phone number on the check when paying that way. I remember my father habitually writing the police dept.'s non-emergency number in all such cases :] > -- [Here's something for those friendly mail scanners...] > [...] LSD-25 plutonium north korea terrorist encryption die NSA CERT quiche "quiche" ? The *real* Four Horsemen don't eat quiche ! -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwt8YWf7YYibNzjpAQF02QP/dTKpXWYIIQmc53X+TqctbvSY3Lv2Rohz GP1Lm1RXkMtmEPfsLgmZOg6J+E7dw6NYlr9rpANLHsy3Hf7lPlMSbVKNJ/b3dO7z 6Cox4ve2hG1WjLaHu8tKbzW1mPWASX+wojyvJhe8dX1wCEdlUkJk7qMk5kSLWqKk K4X8H7MH5Nw= =noOA - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwt9kSoZzwIn1bdtAQFIrgF+OxMRUbtLW4JhKFMxvdNg62v6Lqdb5Bog IRrUySoeo39h5EL9474TY9Gnd4r7debR =iplm -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: an172607@anon.penet.fi (duquesne duke) Date: Wed, 4 Jan 95 17:24:22 PST To: cypherpunks@toad.com Subject: gif format in newsbytes Message-ID: <9501050029.AA25564@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain CompuServe GIF License & Royalties Raises Hackles COLUMBUS, OHIO, U.S.A., 1995 JAN 4 (NB) -- On-line giant CompuServe has sparked controversy on the Internet by offering a $1-plus-royalties license for developers to use its previously free GIF (Graphics Interchange Format) image file format. CompuServe terms the fee an offer and a benefit to the on- line community, but skeptics quickly dubbed it a "GIF tax." The new fee system is based on a licensing agreement reached between CompuServe and Unisys Corp. (NYSE:UIS) in June, 1994, for use of LZW (Lempel- Zev-Welch) compression in its GIF format. Unisys has claimed a patent on LZW technology. Under the CompuServe agreement, developers who wish to operate under the on- line firm's LZW license agreement with Unisys pay a one-time fee of $1 plus a royalty of 1.5 percent or 15 cents per registered program, whichever is greater. Downloaded programs that do not get registered are not subject to the fee, nor are end-users. CompuServe announced the new fee system in various areas or "forums" of the service on December 29. The timing has led to suspicions by some that the service was not being fully honest with its members. In an open letter, Pat Clawson, president and chief executive officer (CEO) of TeleGrafix Communications Inc., called it "the online communications community's equivalent of the sneak attack at Pearl Harbor," and added: "The announcement of the CompuServe-Unisys GIF Tax on December 29, during the lull between Christmas and New Year's Day, was clearly timed to cause maximum damage while an unsuspecting public celebrated the holidays." Clawson said his firm, which developed the RIPscrip 2.0 online multimedia technology and the RIPTERM terminal program that leans heavily on the JPEG (Joint Photographic Experts Group) image format, will drop support of GIF images because of the new fee system. RIPscrip 2.0 is scheduled for release January 16. Speaking to Newsbytes, CompuServe spokesman Pierce Reid acknowledged that the release date may have been unfortunate from a public relations viewpoint, but he said it was an accident of timing, not a desire to avoid public scrutiny. Reid pointed out that it took a year and a half to hammer out a licensing agreement with Unisys Corp. (NYSE:UIS). Unisys holds a patent on the GIF format's underlying LZW compression technology. Once the agreement with Unisys was signed in June, 1994, he added, it took CompuServe another six months to arrive at a way to, as he put it, "share" the license. "Six months is not a long time to settle the details of a licensing agreement, if you know how these things work," he told Newsbytes. "We're not making any money on this. We paid a substantial fee to Unisys for the license, and we offered to share the license for the benefit of the development community as well as for ourselves and our subscribers." Reid said the license was based on the fact that CompuServe had found merit in a Unisys patent claim. CompuServe had used the patented LZW technology in its 1987 development of the GIF format, believing the technology to be in the public domain. Unisys contacted the on-line firm about its patent claim in 1993, and that eventually led to the December 29 announcement, the firm said. Commented Reid: "I've been watching the Internet, and those who are commenting are on a bell curve -- the vast majority are taking a reasonable view, but there are always those out on the extreme ends. "A number of people regard this as a real benefit. CompuServe, by requiring no money for negotiations, is saving developers from the need to waste time. There's no worrying about legal or licensing issues, and we've done that for a dollar." (Craig Menefee/19950104/Press Contact: Pierce Reid, CompuServe, 614-538-4571; Pat Clawson, TeleGrafix, 714-379-2140, Internet e-mail rip.support@telegrafix.com; Oliver Picher, Unisys, 215-986-5367) Unisys Seeks Royalties On GIF Algorithm BLUE BELL, PENNSYLVANIA, U.S.A., 1995 JAN 4 (NB) -- Unisys Corp. (NYSE:UIS) said it will seek royalty payments from developers of software using the Graphic Interchange Format (GIF). Unisys said it owns rights to an algorithm that is widely used in GIF tools. Oliver Picher, a spokesman for Unisys, told Newsbytes that the online service CompuServe introduced the GIF format in 1987, and incorporated the Unisys algorithm, apparently believing it was in the public domain. Unisys learned that the algorithm was used in the GIF technology about two years ago, contacted CompuServe, and in June, 1994, the companies reached an agreement under which CompuServe paid Unisys an undisclosed sum for use of the algorithm. The payment was "a reasonable amount but not an overwhelming amount," Picher said, declining to reveal the exact sum. CompuServe was the first to license the algorithm from Unisys for use in a GIF tool, Picher said, but about 100 companies have licensed it for other purposes. Picher said one other online information service has already licensed the algorithm, but could not say if it was for GIF-related use in that case. Unisys is negotiating with all the major online services for possible license agreements, Picher said. While he would not give specifics, he said the terms Unisys is seeking are "very reasonable to the point where license fees shouldn't be a barrier" to using GIF. He added that people who have GIF software on their PCs will not be affected. The same algorithm is also used in the Tagged Image File Format (TIFF) graphics format, and Unisys concluded a license agreement with Aldus Corp. some time ago, Picher said. (Grant Buckler/19950104/Press Contact: Oliver Picher, Unisys, 215-986-5367) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@replay.com (Name withheld on request) Date: Wed, 4 Jan 95 18:35:29 PST To: cypherpunks@toad.com Subject: British Hacker Story Message-ID: <199501050236.AA22300@xs1.xs4all.nl> MIME-Version: 1.0 Content-Type: text/plain From: newsbytes@clarinet.com (NB-LON) Subject: London Newspaper Runs Old "Superhacker" Story 01/03/95 Date: 3 Jan 95 20:44:22 GMT LONDON, ENGLAND, 1995 JAN 3 (NB) -- As the UK started back to work today after the long Christmas and New Year shutdown, readers of the Independent newspaper were treated to the banner headline "British Boy Raided US Defense Secrets." The curious thing about the story was that none of the other nationalpapers or news wires carried any reports. On investigation, Newsbytes discovered why -- the story dates back to July of last year, and briefly resurfaced in early November on the US news wires. According to the Independent, a 16-year-old British boy has been arrested in connection with a alleged unauthorized intrusions into the US government's computers and "was able to watch secret communications between US agents in North Korea during the crisis over nuclear inspections last spring." The story is quite correct, except that the boy in question was arrested last July, when the original story broke. Commenting on the story, Peter Sommer, a leading security consultant and a senior with the Computer Research Center at the London School of Economics, said that it smacked of the British Telecom secrets case of late November,also reported in the Independent. That story, as reported by Newsbytes, turned out to be something of a non-event when the hacker, who posted details of top secret files on BT's ex-directory computer "across the Internet," turned out to be Steve Fleming, a Scottish freelance journalist who worked as a temp for BT in the summer and broke BT's own security rules by downloading files from the BT's Customer Service System (CSS) computer, then mailed them -- across the Internet -- to other people. "I'm amazed at the Independent running yet another story involving the Internet," Sommer told Newsbytes, adding that it is "a very old story. It seems that all they have to do is to work up a story about a hacking attempt, whether successful or not, and weave in a story about the Internet, and it's a headline story." Ken Young, newly installed editor of Communicate, a leading industry communications magazine in London, and a veteran of the UK communications industry for more than a decade, told Newsbytes that the story seemed a little thin. "It looks like another hacking story except that (the newspaper) has written in something about the Internet, and bingo! You've got a report that the information was accessible to 32 million users on the Internet," he said. Sommer, meanwhile, told Newsbytes that he had made his own discreet inquiries about the story with high level authorities when it broke last summer. "There are two problems with this case. Firstly, any lawyer worth his salt would invoke Section 69 of the Police & Criminal Evidence Act," he said. This Act, Sommer explained, requires that, before a computer can be considered as admissible evidence in court, the owner of the computer must issue a certificate of correct working. This, he said, could not be issued, as a casual user of a PC would be unable to make such a certification. Sommer went on to explain that the second reason that the case could be problematic for the prosecution was "that the lawyer would ask the court for full disclosure of all affected files on victim's host computers," which, since such files are almost certain to be classified in the US, could not be revealed in a British courtroom. The facts surrounding the case, as reported by Newsbytes, were that the 16-year-old -- operating under the code name of Data Stream -- was one of several who gained unauthorized access to the US defense computer network in late 1993 and early 1994 and that some files were deleted. At the time, press reports said that as many as a million passwords were compromised, and may have compromised the military readiness of the United States. The case has, Newsbytes understands, been fully investigated by the US Air Force Office of Special Investigations (OSI) although details of the report of the investigation by the USAF OSI are classified. Originally, the press reports of the time speculated whether the youth would be the first under-18 to be extradited to the US to face charges. It seems that, following last summer's arrest and submission of the report to the Crown Prosecution Service that the case is being quietly shuffled into a file because of the practical problems in pursuing a prosecution. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Thu, 5 Jan 95 00:59:11 PST To: cypherpunks@toad.com Subject: Re: C'punks Economist Fan Club Message-ID: <199501050904.EAA09785@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- > Why is it that so many cypherpunks like the economist? The Economist is my favorite magazine (my parents' too). I don't read it regularly, but that has more to do with my being busy than anything else. It succeeds in providing fairly balanced in-depth coverage of international news that isn't terribly Amerocentric or Anglocentric. At worst it's G7-centric, but I think that's entirely reasonable ;) It's witty, politically aware, relatively technically savvy. The articles exhibit a healthy (IMHO) cynicism about what happens and why, yet maintain some idealism about what should happen. It's not perfect, but it's difficult to imagine surpassing it. I recently read an interview with Bill Gates in which he was asked which periodicals he reads. His first response was: "The Economist, every page". -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwu1BGf7YYibNzjpAQH9nAP/SMG+SpBKMnW0owZJb8mH1+boR8veHxZR ZHF88L2XRKb4PRvzBho8oukfGAneaTJ45EaApZ7PAcz+zWin3PT3IHl6KqsgZger nHl2g7HHVqVO+XXbcpM3eSzvfA8lzbQgWLGM+0RAguYjAPFoMgWNunDU7xUrfuwY 66mBQMCNUlo= =QPTj - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwu2ISoZzwIn1bdtAQEw0wGA4UqmMyxtaoR6nzs54zUesF2CvvSROy6O xAOR//mT0N6v7oLdhTmOHlWDVeFqJBXw =M8TG -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rah@shipwright.com (Robert Hettinga) Date: Thu, 5 Jan 95 04:20:20 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: MIME-Version: 1.0 Content-Type: text/plain Factoids lifted from apple-internet-users@medraut.apple.com: >Jonathan P. Sullivan wrote : > Here are some other stats culled from an article in the 12/22/94 edition of > Washington Technology: > >* Approximately 300,000 attacks have been made on DoD computers >* Hackers have successfully compromised 350 DoD computer systems >* 88% of all information warfare attacks succeed >* 96% of those successful attacks are never noticed >* Only 4% of those noticed are reported Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Thu, 5 Jan 95 04:29:02 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse In-Reply-To: <9501050453.AA10198@tadpole.tadpole.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain From: db@Tadpole.COM (Doug Barnes) Date: Wed, 4 Jan 1995 22:11:11 -0600 (CST) Heh. An anonymous remailer paid for by credit card... there'd have to be an additional level of indirection for it to work, which would make the methods for tracking those who don't pay quite problematic. Why wouldn't it work? I plan on doing this, and I'll be selling lots of things besides a remailer, including lots of email traffic. So there won't be any effective way to find out who paid for access to my remailer. Sure, I'll know who used it, but I'm not going to keep that information. (Yes, yes, FV says that I have to keep records of who bought what, but I'll label all my information with a random number, that simply says that X bought information worth Y, not *what* information.) And if you don't trust a remailer operator, then you won't use it. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Thu, 5 Jan 95 05:24:23 PST To: Michael Conlen Subject: Re: Siegel and Lewis In-Reply-To: Message-ID: <9501051324.AA16313@snark.imsi.com> MIME-Version: 1.0 Content-Type: text/plain Michael Conlen says: > As I understand it, the government owns a portion of the internet. Nope. Sorry. They don't. > Does anyone have any information on what grouds Seigel and Lewis > plan to use for legislation? Peter Lewis is a reporter, and to my knowledge has no plans to lose his job by lobbying for legislation. I am unaware of what his opinions on this topic might be. My only beef with him is that his stories tend to be full of inaccuracies. This mornings, for instance, gave the impression that there are no unpatented algorithms available to do high-quality compression -- when of course, there are many. Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Joe Thomas Date: Thu, 5 Jan 95 05:50:35 PST To: Russell Nelson Subject: Re: Remailer Abuse In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Thu, 5 Jan 1995, Russell Nelson wrote: > From: db@Tadpole.COM (Doug Barnes) > Heh. An anonymous remailer paid for by credit card... there'd > have to be an additional level of indirection for it to work, > which would make the methods for tracking those who don't pay > quite problematic. > Why wouldn't it work? I plan on doing this, and I'll be selling lots > of things besides a remailer, including lots of email traffic. So > there won't be any effective way to find out who paid for access to my > remailer. Another thought: why couldn't you sell a book of "stamps" -- Magic Money tokens -- and get paid for them using First Virtual? This would get around two problems: the lack of anonymity using First Virtual, and the fairly high 29-cent-per-transaction fee. You could sell a book of twenty remailer stamps for a dollar, or something. I'd buy. And it wouldn't make it too easy for people to use remailers without paying. FV will still take an account away from someone who denies legitimate charges too many times. I guess there is the problem of Chaum's patents (and RSA's). Is there anyplace where neither set of patents is valid, or where they'd be practically unenforceable? Joe From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Tommy the Tourist (Anon User) Date: Thu, 5 Jan 95 08:51:05 PST To: cypherpunks@toad.com Subject: _Why_ the print media doesn't like Usenet Message-ID: <199501051651.IAA24155@soda.CSUA.Berkeley.EDU> MIME-Version: 1.0 Content-Type: text/plain As many of you know, recent articles and editorials in the nations main newspapers (_New_York_Times and the _Chicago_Tribute_ to name just two) have presented shockingly distorted accounts of the infamous Canter & Siegel Usenet spam. Ordinary Usenetters, outraged at the socking abuse of the internet by Canter & Siegel, were transformed into "network terrorists" in these editorials. The attorneys, who have haughtily expressed their determination to repeatedly inconvenience millions of Usenet readers by flooding Usenet newsgroups with unsolicited advertisements, were portrayed as the innocent victims of anti-business "vigilantes" bent on terrorizing the attorneys after their widespread Usenet spam last year. The articles also included numerous serious technological inexactitudes which supported the distorted conclusions of the articles. The articles called for increased government regulation of the internet in order to thwart the alleged abuses. Determined efforts by Usenetters to educate the print media into presenting a more balanced (and, I might add, less dis-ingenuous point of view) have been in vein. It seems reasonable to point out the following facts: 1. It has not been unknown for powerful individuals in newspapers (such as editors and owners) to manipulate articles for political purposes. 2. Usenet has often been highly critical of the print media, especially editorials which disagreed with strongly held Usenet views and articles which contained erroneous information. This criticism may have been seen by the print media as damaging. 3. From time to time articles published in newspapers have been posted (sometimes anonymously) to various newsgroups. This has denied the print media of revenue since readers only had to turn to Usenet to read especially sensationalist articles. 4. In the past, the print media has held a monopoly on detailed news. Sure, television could bring news stories instantly, but for detail one had to turn to the newspaper. Usenet and the internet are capable of providing very detailed information rapidly and on demand, changing instantly as conditions change. It is a very real competitor. 5. Government regulation would seriously hurt Usenet. Censorship (like an FCC censor) and regulation of anonymous remailers would result in increased legal liability on the internet. Holding Usenet posters and other providers of information liable for the accuracy and tastefulness of their information would make many people think twice before making their information available. This would eliminate not only inaccurate and tasteless information, but it would also greatly hinder the flow of even accurate information. This would put the print media on a more even footing. These facts together suggest that it might be to the advantage of the print media to call for government regulation. Once this is realized, the behavior of these newspapers can be better understood, and action can be taken against them: 1. Misleading information in the print media about Usenet must be widely disseminated so as to damage the reputations of newspapers that print inaccurate accounts and encourage them to get their facts straight the next time around. 2. The print media's self-interest in government regulation of Usenet must be pointed out, both to the public and to law-makers so as to reduce the effectiveness of their pleas. 3. Usenet should seek the support the of the media (especially rivals like TV media that have less to lose from Usenet) to obtain favorable and anti-regulatory publicity. -> If you found this article interesting, please feel free to distribute widely. <- ------------ To respond to the sender of this message, send mail to remailer@soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```%I^&2?(E+YR'QAJ3&+D2`UAI&EZX\# M%D0S6>LX!B&XC`CI2S9?]$AN7*P9K`)Q4JT_V`>$K2Z,T(@` ====Encrypted-Sender-End==== From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: John Young Date: Thu, 5 Jan 95 07:05:49 PST To: cypherpunks@toad.com Subject: NYT on $GIF Message-ID: <199501051505.KAA06613@pipe4.pipeline.com> MIME-Version: 1.0 Content-Type: text/plain Peter Lewis writes today on Compuserve and Unisys grub for royalties on GIF. Perry has noted its sty, java-eyely. For email copy send blank message with subject: GIF_nip From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Thu, 5 Jan 95 11:50:51 PST To: jpb@gate.net Subject: Re: Remailer postage In-Reply-To: <199501051802.NAA22909@seminole.gate.net> Message-ID: <199501051942.LAA07959@netcom8.netcom.com> MIME-Version: 1.0 Content-Type: text/plain jpb@gate.net wrote: > I am concerned about the ethics of having a paymailer feed into the free > remailer soup - how would their operators react if I'm effectively making money > (no matter how little) off of them? I can't speak for others, but making money off remailing is a GOOD THING. If other remailers wish to give their services away for free, so be it. There will likely be an ecology of remailers with different fee schedules, different technical capabilities, and different policies. Personally, I think that "free remailers" will always be with us, but will come and go, as spammers and the like abuse them. The invisible hand will of course choose some and reject others. And a for-pay remailer is not making money "off them" (the other remailers), as the paying customer is the one who is making the choice of which remailers to use, which to pay digital postage on, etc. [Comment: I see disdainful comments here about the profit motive, about for-pay services, etc. I urge folks to carefully think about this point. Services that are "free" are actualy paid for by someone, in various ways and for various motivations. Some things are worth paying for, some are not. Any customer who pays for remailing has made an uncoerced, voluntary decision that his interests are better serviced by paying for remailing than by using a free remailer. Sounds fair to me.] --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jpb@gate.net Date: Thu, 5 Jan 95 11:11:06 PST To: nelson@crynwr.com Subject: Remailer postage Message-ID: <199501051802.NAA22909@seminole.gate.net> MIME-Version: 1.0 Content-Type: text Russ, Where can I get the Magic Money software? I'm also interested in a combination FV/MM approach to anonymous postage. I'm still waiting to get my linux box set up (hassle with client paying the bill and all that fun stuff) but am considering starting a remailer once I get the site set up. I am concerned about the ethics of having a paymailer feed into the free remailer soup - how would their operators react if I'm effectively making money (no matter how little) off of them? In the interest of preserving anonymity, perhaps their should be a set postage rate - that way someone could use a digital stamp anywhere, helping to confuse the audit trail. I'm not sure if I want to get involved in the hassles of redemption though. It would probably become a major hassle for all the operators to have to do that much accounting on a regular basis. jpb@gate.net finger for pgp and ripem keys From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Thu, 5 Jan 95 13:49:56 PST To: db@Tadpole.COM (Doug Barnes) Subject: Re: Remailer postage In-Reply-To: <9501052103.AA23382@tadpole.tadpole.com> Message-ID: <199501052148.NAA07203@netcom5.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Doug Barnes wrote: > I strongly agree with Tim that one should not look > down at for-profit anonymizing services. This is the > _only_ way I see to establish and maintain reliable > service and avoid spamming and denial of service. > It's also the only way such a service can scale if > it becomes suddenly popular -- if there's no increased > revenue, it's going to be harder to get more h/w and > bandwidth. Indeed, the problems Julf & Company are having in getting adequate CPU power is illustrative. I see Julf saying he desperately needs some more computer power (this was a few months back) and I see others making the same tired old calls for "donations." (I say tired because requests that some people make contributions to effectively pay for the services used freely by others are rarely very effective....look to the sorry state of public broadcasting "begathons" for one example.) Instead of pointless beggings of the form "If only everyone who used Julf's service would send him $5," a pay-per-use system is much more scalable, and "closes the loop" on who pays. To wit, those that use the service, pay. Those that don't, don't. (I understand that Russ Nelson has experience in the shareware business, so he may know how many people send in their voluntary contributions. My understanding is that it's a tiny fraction, and that few shareware authors ever make much money. I've talked to some of them, and they consider shareware a failed experiment, except for new products trying to break into crowded markets, where the "shareware" label is just a facade for essentially giving it away in exchange for fame and eventual fortune if the product goes commercial.) > Even if one had a heart of gold and purely charitable > instincts, one would eventually come to the conclusion > that such a service operates better if users are > paying for it. And this is even before we address matters > like the benefits of competition. Precisely. A for-pay remailer can also be pressured by customers to enhance services, not take the remailer down for frivolous reasons, etc. It's real hard to ask a "charityware" remailer to honor comitments, add features, etc. Simple economics, and free market anarchy. Nobody here is proposing that fees be set (how could we?), that free remailers be banned (how?), etc. Those that want to give away their products are free to do so, just as those who want to charge $25 per remailing are free to do so. Free remailers will have a place, but will likely get "discovered" by spammers and by those who see no costs in adding it to their remailer chains. Hence, overuse. (More precise than "overuse": crowding, poor service, flakiness, etc.) Just like anything else in economics. The users ("the market") will largely determine how it all shakes out. There are fortunately no government agencies in any of the countries I know of that claim to be able to set fee schedules, ban "price gouging," ban "underpricing," or regulate remailers in any practical way. service, flakiness, etc.) Just like anything else in economics. (Such moves may someday come, but that's another topic.) --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Thu, 5 Jan 95 11:14:40 PST To: cypherpunks@toad.com Subject: Re: Remailer postage In-Reply-To: <199501051802.NAA22909@seminole.gate.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain From: jpb@gate.net Date: Thu, 5 Jan 1995 13:02:57 -0500 (EST) I am concerned about the ethics of having a paymailer feed into the free remailer soup - how would their operators react if I'm effectively making money (no matter how little) off of them? There is no ethical problem. How do they know someone isn't making money off them already? If they haven't considered that, they should. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: db@Tadpole.COM (Doug Barnes) Date: Thu, 5 Jan 95 13:03:52 PST To: jpb@gate.net Subject: Re: Remailer postage In-Reply-To: <199501051802.NAA22909@seminole.gate.net> Message-ID: <9501052103.AA23382@tadpole.tadpole.com> MIME-Version: 1.0 Content-Type: text/plain I strongly agree with Tim that one should not look down at for-profit anonymizing services. This is the _only_ way I see to establish and maintain reliable service and avoid spamming and denial of service. It's also the only way such a service can scale if it becomes suddenly popular -- if there's no increased revenue, it's going to be harder to get more h/w and bandwidth. Even if one had a heart of gold and purely charitable instincts, one would eventually come to the conclusion that such a service operates better if users are paying for it. And this is even before we address matters like the benefits of competition. Doug From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Thu, 5 Jan 95 14:32:10 PST To: s675570@aix1.uottawa.ca (Angus Patterson) Subject: Re: True Names In-Reply-To: Message-ID: <199501052231.OAA11745@netcom5.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Angus Patterson wrote: > > I've been trying to get True Names by Vernor Vinge, and have been told it's > out of print (like most good cypunk ), does anybody have it scanned? > I realize this is without permission, so does anybody have Vinge's address? > (e-mail or otherwise) or could anybody ask him? Btw, does he have any other > crypto/anonymity related stories? Thanks in advance. I see copies in used bookstores often. It's in the collection "True Names and Something-or-other" and was in print until recenly. I also have the Bluejay edition, with an afterward by Marvin Minsky. Check around any large used bookstore. It's too long for reasonable scanning (and I have both a scanner and an OCR program, and scanned-in one or more of the papers at the soda site) and would bring on heat. Besides, it's just too easy to find in bookstores or libraries, regardless of being "out of print." As to other such stories, "The Ungoverned" is interesting. And fo course the "Peace War" and "Marooned in Realtime" (aka "Mushrooms in Real Slime") novels have some futurist items of interest. (In particular, I think of public key crypto as "bobbling" data inside, encasing data in a silvery sphere unbreachable by outsiders. I mentioned this to Vinge once and he was amused.) Finally, his Hugo-winning novel, "A Fire Upon the Deep," has some casual mentions of crypto, including the odd speculation that those in the know in the distant future don't really trust public key crypto. Death to vermin! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Thu, 5 Jan 95 15:11:42 PST To: cypherpunks@toad.com Subject: Vinge reference in Moving Mars Message-ID: <199501052312.PAA26449@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain Greg Bear's novel Moving Mars, now out in paperback, has a cute reference to Vernor Vinge's ideas from True Names. p.208: "'Don't stick on the names,' Orianna said, shaping the living room into more Regency. 'All my friends are into Vernoring. They work and play with fake names. I don't know their true ones. Not even their parents know.' "'Why?' "'It's a game. Two rules - nobody knows what you're doing, and you do nothing illegal.' "'Doesn't that take the fun out of doin crypto?' I asked. "'Wow - crypto! Hide in the tomb. Sorry. I shy from two-edged words. We call it Vernoring.' "'Doesn't it?' I persisted. "'No,' Oriana said thoughtfully. 'Illegal is harm. Harm is stupid. Stupid is its own game, and none of my friends play it. Here's Kite.'" The book is pretty good, lots of nano and other hot tech, but not much crypto (sorry, Vernoring)... A little slow in places, though. Hal From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: chen@intuit.com (Mark Chen) Date: Thu, 5 Jan 95 15:31:01 PST To: cypherpunks@toad.com Subject: RSADSI Conference - Extra Passes? Message-ID: <9501052330.AA15736@doom.intuit.com> MIME-Version: 1.0 Content-Type: text/plain A cohort of mine is in need of a pass to next week's RSADSI conference, which, unfortunately, is sold out. So if anyone has a pass that they're not planning to use for a half-day or so, please drop me an e-mail and I will be in your debt. Thanks! -- Mark Chen chen@intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: erc@s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Thu, 5 Jan 95 14:40:30 PST To: cypherpunks@toad.com Subject: available NNTP posting sites? Message-ID: MIME-Version: 1.0 Content-Type: text Does anyone have a list of NNTP sites that take connections from anyone for posting? My regular NNTP site seems to be hosed, or something, and I have a post that needs to get out, but also needs to originate from this site. Thanks in advance :) -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brian Lane Date: Thu, 5 Jan 95 16:01:25 PST To: Angus Patterson Subject: Re: True Names In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Thu, 5 Jan 1995, Angus Patterson wrote: > I've been trying to get True Names by Vernor Vinge, and have been told it's > out of print (like most good cypunk ), does anybody have it scanned? > I realize this is without permission, so does anybody have Vinge's address? > (e-mail or otherwise) or could anybody ask him? Btw, does he have any other > crypto/anonymity related stories? Thanks in advance. Go your local library and request it. Here in the states they will search all over for you. I had a paperback copy in about 3 weeks. Excellent book I might add. Brian ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane@seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Blanc Weber Date: Thu, 5 Jan 95 16:47:41 PST To: cypherpunks@toad.com Subject: Re: True Names Message-ID: <9501060048.AA11061@netmail2.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain From: Timothy C. May I see copies in used bookstores often. It's in the collection "True Names and Something-or-other" and was in print until recenly. I also have the Bluejay edition, with an afterward by Marvin Minsky. .............................................................. I bought one at Half-Price Books. I don't know what edition it is, it's a dingy little paperback with a signature in it of some stranger that I wouldn't know. I keep it with my "previously owned" collection. Blanc From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 5 Jan 95 14:08:40 PST To: nelson@crynwr.com Subject: Re: Remailer Abuse Message-ID: <9501052114.AA03759@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain Russ Nelson writes: > Heh. An anonymous remailer paid for by credit card... > Sure, I'll know who used it, but I'm not going to keep that > information. (Yes, yes, FV says that I have to keep records of who > bought what, but I'll label all my information with a random number, > that simply says that X bought information worth Y, not *what* > information.) And if you don't trust a remailer operator, then you > won't use it. I'd be worried about a couple of issues - one is just the transaction cost - can you successfully market remailer use at a buck a shot or whatever you'd be charging beyond FV's 29c stamp, or would you have some convenient way to aggregate bill? Beyond that, though, are some traffic analysis problems - remailers require a fair bit of traffic to be useful, and unless you receive a reasonable amount of encrypted traffic, and support encrypted email for purchasing remailer service and other merchandise, an eavesdropper would have a fairly good source of traffic data on your remailer users, especially since buying and using remailer service requires two messages within an hour or so. An alternative billing mechanism, which wouldn't use Chaum-patented cash, would be to sell a bunch of one-shot random-number tokens. When you sell the tokens, you add them to the database of valid tokens, and when one comes in on a message you delete it. This allows you to sell more than one message or service-period per FV transaction, and separates the purchase and use by a longer time, without adding the need for record-keeping based on the user's ID. It obviously does require encrypted reply messages. Another variant is for the user to send you a bunch of tokens along with the purchase, which you store. Blind signatures would improve the security of this process, but require more computation and may involve Chaum's patents. In this case, the message from the client to you would be encrypted, but you wouldn't have to send a reply, so the request could come in anonymously. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ddt@lsd.com (Dave Del Torto) Date: Thu, 5 Jan 95 16:13:34 PST To: Angus Patterson Subject: C-LIT: Vernor Vinge's "A Fire Upon the Deep" (was: Re: True Names) Message-ID: MIME-Version: 1.0 Content-Type: text/plain At 1:48 pm 1/5/95, Angus Patterson wrote: >I've been trying to get True Names by Vernor Vinge, and have been told it's >out of print (like most good cypunk ), does anybody have it scanned? >I realize this is without permission, so does anybody have Vinge's address? >(e-mail or otherwise) or could anybody ask him? Btw, does he have any other >crypto/anonymity related stories? Thanks in advance. Amazing that you should mention this, Angus: I *just* finished reading "A Fire Upon the Deep" and it is not only exeedingly gnarly, but also features a universal net, galactic-wide relays and Netscum-like service providers and associated user kvetching, a sinister-billions-of-years-old-AI-virus, newsgroups, lists populated by aliens - and even _crypto_ as the key to the whole shebang. There's also a great futuristic "dig" on pub key encryption buried in it. Neural net stuff. A possible explanation for the existence of both God and Newt Gingrich...and I could go on. Great read, true anus-clenching adventure... and this from one who does NOT normally read anything more sci-fi than certain software manuals. :) Strongly recommended for c-punks who can last 600 pages (after the first ten, you're hopelessly hooked if you have half a brain left afdter reading this list for a year or two). I _WISH_ I had VV's email address! I'd like to send the guy a big thank-you and ask if he's writing a sequel (yet). If anyone does know it, puh-LEEze mail me. First book of his I've read, first of it's kind I've enjoyed in a very long time. I'll scan my favorite crypto-related (legal-length) excerpt and post it next week, howzat? dave _________________________ Big books small Books high books tall Just give me a good Little book, That's all. -Truman Capote (age 11) C-LIT = Cypherpunk LITerature. Gitcher mind outta the gutter there, Lancelot. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mike Godwin Date: Thu, 5 Jan 95 13:27:04 PST To: eric@remailer.net (Eric Hughes) Subject: Re: Warning letter from Co$. [any comments ?] In-Reply-To: <199501050801.AAA18013@largo.remailer.net> Message-ID: <199501052127.QAA09356@eff.org> MIME-Version: 1.0 Content-Type: text/plain Actually, civil copyright infringement liability doesn't turn on knowledge. You can be an infringer even if you don't know. Criminal copyright infringement requires a guilty mental state, so *that* you have to know. > From: Avi Harris Baumstein > > i know there has been much chatter on this subject, but are there > truly any precedents that could hold on the anonymous distribution of > copyrighted material? > > Cubby v. Compuserve is relevant here, as well as that bookstore case > in the 50's that I never remember the name of. Mike G., can you help > me out on this one? > > These cases are about other kinds of wrongs (libel in one and > obscenity (?) in the other), but copyright violation doesn't seem to > be have any particular features to set it apart from the basic > principle of these. Namely, if you know, you're responsible; if you > don't, you're not. This, you all realize no doubt, is a gross > simplification of a long chain of reasoning. > > what > exactly constitutes a trade secret, and what sort of laws apply? > > The short answer is that if you didn't sign a trade secret agreement > or are party to one by some other relationship (such as agency), then > a trade secret that comes your way is no secret any more. > > > clients' property rights. Courts are holding such > > contributory infringers liable. Two examples are: Sega > > Enterprises Ltd. v. Maphia BBS, 30 U.S.P.Q. 2d 1921 (N.D. > > Cal. 1994) and Playboy Enterprises v. Frena, 839 F. Supp. > > 1152 (M.D. Fla. 1993). > > what of these cases? is this just an example of typical lawyerly > intimidation tactics? > > I have personal experience with the first case. It was a local BBS > run by a friend of a friend, and I got involved a year ago right after > the seizure. (It was, BTW, a _civil_ seizure of a BBS, not criminal.) > I believe the case settled out of court. There were court documents > approving the seizure however; I don't know if these set precedent or > not. I suspect not, because the action was entirely _ex parte_ (Latin > for one-sided). Mike, again? Other legal folk? > > I know nothing about the second one. > > nhow do you remailer-ops plan to react? my first > instinct (were i running a remailer) would be to ignore it, on grounds > that i wouldn't examine any mail passing through. > > The people who keep logs, yes, are in more danger than those who don't. > > Eric > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Angus Patterson Date: Thu, 5 Jan 95 13:45:27 PST To: cypherpunks@toad.com Subject: True Names Message-ID: MIME-Version: 1.0 Content-Type: text/plain I've been trying to get True Names by Vernor Vinge, and have been told it's out of print (like most good cypunk ), does anybody have it scanned? I realize this is without permission, so does anybody have Vinge's address? (e-mail or otherwise) or could anybody ask him? Btw, does he have any other crypto/anonymity related stories? Thanks in advance. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jim Gillogly Date: Thu, 5 Jan 95 17:07:10 PST To: cypherpunks@toad.com Subject: Re: True Names In-Reply-To: <9501060048.AA11061@netmail2.microsoft.com> Message-ID: <199501060107.RAA18958@mycroft.rand.org> MIME-Version: 1.0 Content-Type: text/plain > Blanc Weber writes: > I see copies in used bookstores often. It's in the collection "True > Names and Something-or-other" and was in print until recenly. I also "True Names and Other Dangers" -- I think it's a Baen edition. > have the Bluejay edition, with an afterward by Marvin Minsky. Me too, and I also have the first published version, which is in "Binary Star #5" with "Nightflyers" by George R. R. Martin. Great book -- I want to be a cybergod when I grow up. Jim Gillogly 15 Afteryule S.R. 1995, 01:06 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Michael Conlen Date: Thu, 5 Jan 95 14:44:10 PST To: Jonathan Cooper Subject: Re: Siegel and Lewis In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Wed, 4 Jan 1995, Jonathan Cooper wrote: > > is how can they regulate what private business and citizen's do with > > there Fiber Optic's, ISDN lines, telephone lines, and computers. If the > > They already do - look at the regulations on telcos, power companies, > water companies, cellular/paging companies, lawyers, doctors, etc. A big difference between the 'net and some of the above, is that the net has been around in a very large presence (internatonaly) before the laws are being introduced, where as paging and cellular service didnt exist. As far as lawyers and doctors and lawyers, one of the big things the government does is protect agianst quacks. Not to many people are going to argue with this. The government wants to protect us from speech in the case of the 'net, well there are quite a few people who are going to stand up for their first amenment rights. If you want your own communication service, you can buy it. weather you use fiber based WAN's or go straight for satalite service, used by companies such as Holiday Inn, or Circuit City. You can exchange any information you want. I think the important thing to remember is that net access is not a right. My service provider has the right to give service to whom they please, as long as race, sex, or creed are not deciding factors. What goes across .gov and .mil computers is one thing, however what commes across sprintlink's computers to my service proveder to my computer is up to sprintlink, Intnet.net and myself. I dont care to read racist comments, so I dont view them. If I want to download nudie gifs, its my business, and right as stated under the First Amenment. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rah@shipwright.com (Robert Hettinga) Date: Thu, 5 Jan 95 14:40:11 PST To: John Young MIME-Version: 1.0 Content-Type: text/plain ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Blanc Weber Date: Thu, 5 Jan 95 17:50:45 PST To: jim@acm.org Subject: Re: True Names Message-ID: <9501060151.AA16068@netmail2.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain From: Jim Gillogly > Blanc Weber writes: > I see copies in used bookstores often. It's in the collection "True > Names and Something-or-other" and was in print until recenly. I also ............................................................. No, No, Jim, that wasn't me saying that - that statement was made by a cpunkgod. Mine was beneath it. Blanc From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Thu, 5 Jan 95 15:30:21 PST To: cypherpunks@toad.com Subject: Anonymity in Donating Message-ID: <199501052335.SAA16921@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Some nice examples of the preservation of anonymity in charitable donations, both for the donor and for the recipient, caught my attention today. An article by Clare Ulrich in the December 1994 Communique (Vol.18 No.3), published by The Cornell Campaign, pays tribute to an anonymous donor to Cornell U.: "While some acts of generosity are marked by a name on a building or a plaque on a wall, others, so to speak, can be counted among the philanthropic `whodunits.' These are the anonymous gifts, and Communique would like to profile several innovative projects that one anonymous donor helped launch this year. According to the donor, anonymity provides greater freedom to `pick and choose' projects that are personally interesting. This donor is particularly attracted to programs that involve computer technology or promise to generate benefits beyond the scope of the immediate project. [...] The same donor who declined recognition for these high-tech projects also provided support for 24 high school juniors from Boys Harbor in Harlem to attend the six-week Cornell Summer College Program in 1994, as well as the two previous summers. [...] Although this anonymous donor may not be interested in getting a name on something, he certainly leaves an indelible mark on the quality of education at Cornell." Closer to home, our dept. chair Dave Stemple broadcast a request for donations to an anonymous recipient: "One of our undergrad majors lived in Amherst Crossings, which burned down last week. As a result this student, a senior who had planned to graduate this spring, is destitute and needs help or he will be unable to complete his degree. If you would like, you can contribute clothes or money (cash only please in order to maintain the student's anonymity) to him. [...]" Incidentally, I received my B&W C'punks shirt from Kevin Prigge a few weeks ago, and consider myself a very satisfied customer. I made a point of wearing it on the flights both ways for a recent vacation I took in California. On the return trip, I was delayed at O'Hare for over an hour due to a leaky window on the airplane. A man in his 50s or 60s approached me and asked, with a smirk, what a Cypherpunk was. I explained a bit, mentioning the passage of the DT bill. Noting the mention of the NSA on the shirt, the man mentioned that his son is working at Apple "with the NSA".... -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwyA6mf7YYibNzjpAQFENAQA09JTWr501ZJliFWK4efY8py2OhgBq8gy rqYvrGX+EZ49Uq+IDU2DjiiPBHuYPOE23wb/QfouhmKaSSUMqifYTd+uau247Cot CC+CYceBvH3oK35oTr7CahSqb4JLUNs4atOkoYtpbYPG5qrR8yJkAGBKbVzQZHKt ioUFB5xhYKA= =QD4b - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwyB+CoZzwIn1bdtAQEgkAF+OBkRShMO+Et/Kr8AkPXPz564xgNnhzfP WPSO0W0UCpkg/e7bQIliMCXiyzp7nHQr =1IBd -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Thu, 5 Jan 95 18:56:29 PST To: rah@shipwright.com (Robert Hettinga) Subject: Re: floating point crypto? In-Reply-To: Message-ID: <199501060251.SAA26936@netcom13.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Robert H. has asked that we reply in e-mail to him, to avoid "cluttering the list more than I already have...," but the logic of this is faulty. The few lines of a response such as this one, or even of several such responses, are as nothing compared to dozens or more people sifting their own archives so they can each independently send Robert what they find. Hence my public reply. Robert Hettinga wrote: > I casually mentioned somewhere else that I saw something on this list about > floating-point math being used in crypto, contrary to popular belief, and > somebody had the *timerity* to call me on it. ;-). > > I think it had to do with factoring, but maybe even in key-generation, > though that doesn't sound right at all... The thread was "Pentium bug and CRYPTO," and it hit on 1994-11-21 and lasted a few days. Posts by Derek Atkins, Mike Duvos, and others stated persuasively that no floating point operations are included in PGP, that no FP coprocessor is needed or used for PGP, and that the Pentium bug could not affect PGP. (In another thread, which I have no intention of trying to dig up now, though I recall either Norm Hardy or Hal Finney was one of those to comment, it was noted that some clever uses of floating point hardware can help with ostensibly integer-only computations. But PGP, as noted above, does not do this, and I expect this trick is not common.) > So, are there c-punk archives I could look in? I remember hearing something > about that, too. > > However, if someone remembers off the top of their head, or if they have an > actual copy of the posting, that would be great, too. > > Please send me whatever it is by e-mail. No point cluttering the list more > than I already have... (I will send Robert several of these article, so others don't have to. Game theory and all that good stuff.) > > Of all the nerve.... Not to sound strident, but if folks would keep copies of articles and spend some time organizing them in data bases or in other searchable forms, this would help the list. In my opinion, having personal access to past posts is several orders of magnitude more important than having MIDI-MIME JPEG-II TeX players that can display "Cypherpunks R Us" in the correct font and with the "R" reversed according to spec. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 5 Jan 95 16:27:02 PST To: cypherpunks@toad.com Subject: Re: ecash trial issues explained Message-ID: <9501060025.AA06458@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain > From: Wolfgang Roeckelein > > >-> Digital cash should not be "anonymous" -- paper currency isn't. Serial > > There seems to be a misconception here what is meant with anonymous. Paper cash > is anonymous: I can't derive the person I got the note from from the note > itself. So if I meet a guy in the street, he gives me a pack of cigarettes and > I give him cash, this transaction is anonymous. It isn't difficult to make paper cash less anonymous, though, by tracking serial numbers. This is occasionally done in "law enforcement" situations - recording the notes used to pay ransom or bribes. It wouldn't be difficult to add serial-number recording equipment/mechanisms to automatic bank-teller machines, to record what serial numbers would be given out to whom. (This can be done either by adding scanners to the ATMs themselves, or by scanning the money before putting it into the ATM, and having the ATM record that transaction #43 dispensed the 105th-110th bills in the stack. Scanning can either be done by OCRs, or by replacing the human-readable numbers with bar-codes, as some of the paranoids periodically suggest the US Treasury is about to do as part of some heinous plan. However, the original posters' assertion that digital cash should not be anonymous is not a technical statement, it's a value judgement, and in my opinion it's a bad one. There are a lot of genuine social needs that anonymity can support, and a lot of bad things that can be done with traceable money. Aside from that, traceability costs money. Original gold and silver money didn't need to be traceable, though coiner's and assayer's marks were useful, and it is easier to keep track of your pile of gold bars if they're numbered. But paper money has serial numbers largely to prevent easy copying; gold is a lot harder to counterfeit, unless you've got a king who insists that coins with his face on them should be worth N times as much as anonymous coins. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Thu, 5 Jan 95 16:27:39 PST To: cypherpunks@toad.com Subject: Re: Remailer postage In-Reply-To: <199501052148.NAA07203@netcom5.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain From: tcmay@netcom.com (Timothy C. May) Date: Thu, 5 Jan 1995 13:48:34 -0800 (PST) (I understand that Russ Nelson has experience in the shareware business, so he may know how many people send in their voluntary contributions. My understanding is that it's a tiny fraction, and that few shareware authors ever make much money. I've talked to some of them, and they consider shareware a failed experiment, except for new products trying to break into crowded markets, where the "shareware" label is just a facade for essentially giving it away in exchange for fame and eventual fortune if the product goes commercial.) Shareware is essentially begging, yes. Far better to just give the software away to create a need for your services. Then people are actually getting something for their money. Selling services is profitable, particularly if you can sell the same service to multiple people at the same time. If you're very good at selling, you can even sell a service as an insurance plan. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rah@shipwright.com (Robert Hettinga) Date: Thu, 5 Jan 95 16:32:59 PST To: Robert Hettinga Subject: Re: GIF_nip Message-ID: MIME-Version: 1.0 Content-Type: text/plain > Watch your Cc: headers, s'vous plait? AAK! Eudora's "reply-to-all" strikes again! Grovelling in your general direction, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Thu, 5 Jan 95 16:58:57 PST To: Doug Barnes Subject: Re: Remailer Abuse In-Reply-To: <9501050453.AA10198@tadpole.tadpole.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > Anonymous remailers pretty much require anonymous digital cash, > although this could be built on top of some other electronic > payment system with somewhat less payment lag and reversability > than FV. Perhaps if the people at DigiCash had seen fit to give me the beta client and server software I could attempt to implement such a beast. Unfortunately, I don't meet their critera. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Thu, 5 Jan 95 17:02:26 PST To: Robert Hettinga Subject: Re: your mail In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain > >* Hackers have successfully compromised 350 DoD computer systems If the DoD includes the various branches of service {Army, Navy, etc.} that number is grossly inaccurate. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Michael Handler Date: Thu, 5 Jan 95 17:22:42 PST To: cypherpunks@toad.com Subject: Re: True Names In-Reply-To: <9501060048.AA11061@netmail2.microsoft.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Timothy C. May writes: > I see copies in used bookstores often. It's in the collection "True > Names and Something-or-other" and was in print until recenly. "True Names and Other Dangers", if anyone's trying to mail order it. --Mike, still looking for a copy himself From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: SINCLAIR DOUGLAS N Date: Thu, 5 Jan 95 17:40:39 PST To: cypherpunks@toad.com Subject: DES for HP48 Message-ID: <95Jan5.204113edt.4634@cannon.ecf.toronto.edu> MIME-Version: 1.0 Content-Type: text/plain There used to be some code on soda to do DES on an HP48 palmtop/calculator. I looked this afternoon, on ftp.csua.berkeley.edu, and I couldn't find it. Anyone know where it got to? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Thu, 5 Jan 95 20:43:54 PST To: cypherpunks@toad.com Subject: Re: DES for HP48 In-Reply-To: <95Jan5.204113edt.4634@cannon.ecf.toronto.edu> Message-ID: <199501060443.UAA19367@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain From: SINCLAIR DOUGLAS N There used to be some code on soda to do DES on an HP48 palmtop/calculator. ftp://ftp.csua.berkeley.edu/pub/cypherpunks/applications/misc/des.hp48sx.gz Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in (Rishab Aiyer Ghosh) Date: Fri, 6 Jan 95 06:06:39 PST To: cypher@dxm.ernet.in Subject: Re: PATNEWS: PTO accepting USENET FAQs are formal prior art In-Reply-To: <199501040304.AA01233@world.std.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Thought I'd pass this on... -Rishab srctran@world.std.com (Gregory Aharonian) writes: > !010394 PTO accepting USENET FAQs as formal prior art > > It seems that the US Patent Office is accepting Internet USENET FAQs > (Frequently Asked Questions - periodic postings on USENET groups with > questions and answers) as prior art. As you see in the following entry > from my software prior art database, one of the Other References is to > a cryptography FAQ. If any knows if the European Patent Office is accepting > USENET FAQs, and has an example, let me know. > > Thus if an examiner objects to your use of a FAQ as prior art, cite > this patent (NTIPAFCAP*). It probably would be helpful if the PTO came out > with a quick guideline to a consistent way of doing so. I suppose archiving > FAQs is one more thing I can add to my databases. > > It's nice to see the PTO embracing part of the Internet, even as it > rejects other parts of the Internet. Eventually, though, the PTO will have > to choose one or the other. > > Greg Aharonian > Internet Patent News Service > (for subscription info, send 'help' to patents@world.std.com ) > (for prior art search services info, send 'prior' to patents@world.std.com ) > (for WWW patent searching, try http://sunsite.unc.edu/patents/intropat.html > ==================== > > TYP[USPAT] > NUM[5371794] > ASS[Sun Microsystems] > CUN[USX] > ISD[19941206] > CLS[380/21] > ART[222] > LOC[] > GRG[] > TIT[Method and apparatus for privacy and authentication in wireless networks] > ORF[5] > ORFTXT[ > Authentication and Authenticated Key Exchanges, Authors: Diffie, Oorschot & > Weiner, Published by Designs, Codes & Cryptography 2, 107-125, > .COPYRGT.1992 Kluwer Academic Publishers. > The First Ten Years Of Public Key Cryptography, Author: Whitfield Diffie, > Reprinted from Proceedings of the IEEE, vol. 76, No. 5, May 1988. > > Overview of Cryptology: Summary Of Internet Cryptology Frequently Asked > Questions (Oct. 1992). > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > The Keys To Privacy and Authentication, Publication by RSA Data Security, > Inc., 100 Marine Parkway, Redwood City, Calif. 94065. (Oct. 1993). > Answers To Frequently Asked Questions About Today's Cryptography, Author: > Paul Fahn, RSA Laboratories, 100 Marine Parkway, Redwood City, Calif. 94065 > (Sep. 1992). > ] > > > ============================================================================= > > (NTIPAFCAP* = Not that issued patents are formally citable as precedent). ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rah@shipwright.com (Robert Hettinga) Date: Thu, 5 Jan 95 18:01:33 PST To: cypherpunks@toad.com Subject: floating point crypto? Message-ID: MIME-Version: 1.0 Content-Type: text/plain I'm incensed. I casually mentioned somewhere else that I saw something on this list about floating-point math being used in crypto, contrary to popular belief, and somebody had the *timerity* to call me on it. ;-). I think it had to do with factoring, but maybe even in key-generation, though that doesn't sound right at all... So, are there c-punk archives I could look in? I remember hearing something about that, too. However, if someone remembers off the top of their head, or if they have an actual copy of the posting, that would be great, too. Please send me whatever it is by e-mail. No point cluttering the list more than I already have... Of all the nerve.... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: danisch@ira.uka.de (Hadmut Danisch) Date: Thu, 5 Jan 95 12:56:32 PST To: cypherpunks@toad.com Subject: Re: Are 2048-bit pgp keys really secure ? Message-ID: <9501052056.AA24402@elysion.iaks.ira.uka.de> MIME-Version: 1.0 Content-Type: text/plain > A somewhat disturbing trend has appeared in the low-end cost-sensitive PC > SIMM market. Some supposedly 9-bit SIMMs are actually 8-bit SIMMs plus > a parity generator. This means that the parity checking is essentially > subverted, because the parity bit is generated from the stored contents > of memory at read time, rather than the stored contents when it was > written to. As such, NO bit errors are detected. So why not do a cheap trick: After the small primes check calculate a CRC checksum over the number. Then do the primality check. If it is a prime, store it together with the CRC. The CRC can be checked for every use of the number. (PGP encrypts the secret key and therefore it generates a CRC for the encrypted packet. But this CRC is generate after the primality check.) We already had some SIMM modules with bit errors. They were detected by a parity check. If cheap pc simms don't have a real parity bit, the probability of having such a bug isn't as low as 10^-40. If cheap parity-less simms are available they get sold (cheap and expensive). Hadmut BTW: Some weeks ago they found motherbords with falsified cache rams: They had just the normal DIL-ICs and the normal pins, but the plastic of the ICs didn't contain a chip. The BIOS was modified to give out a message about a good cache ram check at boot time. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Thu, 5 Jan 1995 21:57:05 -0600 To: carolann@vortex.mm.com Subject: No Subject Message-ID: <82e47b32bd189967ee9a205e1d1602de@NO-ID-FOUND.mhonarc.org> MIME-Version: 1.0 Content-Type: text/plain [icicle.winternet.com] Login name: carolann In real life: CarolAnne Braddock Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern New mail received Thu Jan 5 21:16:23 1995; unread since Mon Jan 2 13:18:25 1995 Plan: This account has been disabled permanently. Mike Horwath - Admin - Winternet - drechsau@winternet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Dan Harmon Date: Thu, 5 Jan 95 22:54:18 PST To: "Timothy C. May" Subject: Re: Book review: Codebreakers, the Inside Story of Bletchley Park In-Reply-To: <199501040551.VAA12193@netcom13.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Another book that has not been mentioned is "Alan Turing the Enigma" by Andrew Hodges. It gives, what I think, is a good analysis of Turing's work, alot of which is still classified, what role Hut 6 played (theater traffic analysis, bombe development, and other projects after Hut 6) , and his subquent role in the development computing. Hodges does a good job of putting Turing in historical and mathematical/cryptological perspective. Alas, like some of the books that are sugguested, it is recently out of print ( look for it in the remainder/used book stores). Dan From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: m00012@KANGA.STCLOUD.MSUS.EDU Date: Thu, 5 Jan 95 22:58:49 PST To: cypherpunks@toad.com Subject: sniff passwords on PC (DOS) Message-ID: <0098A089.4C425900.550@KANGA.STCLOUD.MSUS.EDU> MIME-Version: 1.0 Content-Type: text/plain As a demonstration of concept, I wrote a small, simple program that replaces the keyboard interrupt and stores all keystrokes in a buffer. It was very very easy to write. It works while using pgp and windows\net. It does not work after starting windows. Not sure, but it seems obvious that MS windows installs it's own keyboard interrupt. I suppose it would be easy to enhance this simple program (I bet it's been done by others) to store passwords into a secret file on a hard drive unbeknownest to the user. I first suspected that such a program already existed after hearing, two days after his arrest, that the CIA had cracked Aldrich Aim's encrypted files. (sorry if I spelled his name incorrectly.) Think about it, the govt. could spend 50,000 to 100,000 to create a freeware gif viewer, for example, that installed such a tsr. Mike P.S. If the guy who wanted to see his gf's files writes me, I'll send you this keyboard sniffer program. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Dan Harmon Date: Thu, 5 Jan 95 23:11:22 PST To: Doug Barnes Subject: Re: Siegel and Lewis In-Reply-To: <9501041424.AA25564@tadpole.tadpole.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Wed, 4 Jan 1995, Doug Barnes wrote: > > Why is it that so many cypherpunks like the economist? > > I learned recently that Eric is a big fan. So am I. You're certainly > not the first other cypherpunk to mention this. Weird. I mean, it's > not exactly a radical publication... it just gets its *&#$*#$ facts > right. Probably this is it. > > Doug > The reason is, and I do not presume to speak for other individuals on this list, the Economist looks at the world from an independent (i.e. not owned by one of the major publishing houses, if I'm not mistaken) point of view, and is not afraid to pursue different analysis of a topic. I will also venture that the closest that we have in the US is Forbes. Dan From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Thu, 5 Jan 95 23:55:22 PST To: cypherpunks@toad.com Subject: All I did was properly crosspost! Message-ID: MIME-Version: 1.0 Content-Type: text/plain I first saw the Dubois Letter in alt.security.pgp the 28th. PRZ posted it here the next day. I "crossposted" it to my favorite 10 newsgroups. Just 10. Some creep complained. (we'll get to him a bit later). I didn't get a chance to get back on-line for 3 1/2 days. I was lied to. I am hurt. My mail has been stolen. I haven't read any of you for four days now. My web pages are vulnerable. Is there somebody who can please help me get my 2 megs of mail? I can't get at your keys. http://www.winternet.com/~carolann/coffee.html has the cypherpunk rant links on the page. I'm proud of them, and proud to be on this list. But to take my account away for crossposting to 10 groups is not right. I'll be back with a better chronology. Love Always, Carol Anne ps Hope you like (and feel free to use) my new .sig From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Thu, 5 Jan 95 23:59:42 PST To: Dan Harmon Subject: Re: Siegel and Lewis In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Guess I'm worse than Siegel & Lewis now, huh? On Fri, 6 Jan 1995, Dan Harmon wrote: > On Wed, 4 Jan 1995, Doug Barnes wrote: > > Why is it that so many cypherpunks like the economist? > > I learned recently that Eric is a big fan. So am I. You're certainly > > not the first other cypherpunk to mention this. Weird. I mean, it's > > not exactly a radical publication... it just gets its *&#$*#$ facts > > right. Probably this is it. > > Doug > The reason is, and I do not presume to speak for other individuals on > this list, the Economist looks at the world from an independent (i.e. not > owned by one of the major publishing houses, if I'm not mistaken) point > of view, and is not afraid to pursue different analysis of a topic. > > I will also venture that the closest that we have in the US is Forbes. > > Dan > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Fri, 6 Jan 95 00:02:03 PST To: cypherpunks@toad.com Subject: Re: public vs. private replies Message-ID: <199501060807.DAA22166@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Tim May writes: > [...] has asked that we reply in e-mail to him, to avoid > "cluttering the list more than I already have...," but the logic of > this is faulty. The few lines of a response such as this one, or even > of several such responses, are as nothing compared to dozens or more > people sifting their own archives so they can each independently send > [...] what they find. Hence my public reply. I'd like to amplify this point, which is missed all too often on Usenet and mailing lists. Replies to requests for fairly widely-known factual information should be directed to the forum (i.e. the mailing list, newsgroup, or what have you). This practice not only prevents duplication of effort by the repliers, as Tim mentioned, but also prevents duplication of effort by others interested in the same answer. I try to make a point of replying to the whole list when someone asks for a list of remailers, mail-news gateways, etc. for precisely this reason. As I see it the basic principle rests on a simple comparison of the number of replies desired with the likely number of replies. If you anticipate getting many more replies than you want, you should ask for replies to the entire forum in which you place the query. Otherwise, seek private email. This is certainly not a perfect heuristic, but it's an excellent starting point IMHO. For example, a few months back I wanted to give away an old AM/FM/ shortwave radio, so I posted to a local newsgroup. I asked for initial public replies, so that I wouldn't be flooded with mail before I had the chance to announce that a recipient had been selected (first-come first-served). After the initial expression of interest, further correspondence continued in private. [...] > In my opinion, having personal access > to past posts is several orders of magnitude more important than > having MIDI-MIME JPEG-II TeX players [...] It takes more disk space from one's personal quota, though (for those who suffer under such restrictions). :[ Let's not head down this road again.... "You've gotta keep `em separated !" -Offspring -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLwz5Mmf7YYibNzjpAQEooAQAlj93pc1CuSMTdApaRTg06ONgPkeyqUfY KhdcqzDmEnuWBDdwgO+YtHOHFsOGlPhoFhOijajJzTh97G1TBYn5plBECaZXs1RJ Au9g1uqEAKtFLFYB/jKDaDA/Xzf13irCKb846IAhttKICwQJ8HfLfgPWLHMa1/f1 ldkXYq7DfY8= =7KNc - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLwz6PCoZzwIn1bdtAQGpbwGAqY6tLm7TAN2TluCpD1WOTsR6kMgI2R27 CMExwcLopwSapiPNO0u/IHnzHUq5ij2C =TyKQ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 01:21:47 PST To: Thaddeus Ozone Subject: We still don't have the mailbox. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Thanks Doc. Wrote Phil Dubois, Zimmy's Lawyer. It's something I'll show you a copy of when I get back to playing "catch-up". Love Always, Carol Anne On Fri, 6 Jan 1995, Thaddeus Ozone wrote: > Carol, > I DL'd the whole thang. If it was world-readable, I've got it locked up on > my hard drive. I'll have to wait until I can get my hands on some 800k > disks, it takes up 1776k on my hard drive, but should fit on 2 - 800k's > once it gets transferred. I took the liberty of taking EVERYTHING that was > readable, including what was in the main directory. Talk to you over the > weekend. > Your pal, -doc- > > >I tried again, even from my pages. > >I do believe it's the local server that's gotta do the job. > >Anyway, I'm bookmarking all the links. > >And downloading all the pages. > >Will go ftp here in a minute. > > > >Love Always, > > > >Carol Anne > >more in about an hour. > > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Fri, 6 Jan 95 00:55:49 PST To: cypherpunks@toad.com Subject: Re: All I did was properly crosspost! Message-ID: <199501060901.EAA22716@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- [I'm cc:ing this to C. A. Braddock's new address and her ex-sysadmin, in addition to the cypherpunks list. --L. Futplex McCarthy] Carol Anne Braddock writes: > I first saw the Dubois Letter in alt.security.pgp the 28th. > PRZ posted it here the next day. > > I "crossposted" it to my favorite 10 newsgroups. Just 10. Posting letters asking for $$$ is of course a risky venture on Usenet. We see the PRZ Appeal as a Worthy Cause (tm), but that's just what all the MAKE.MONEY.FAST posters think of their garbage too. If you go sticking out your hand, you'd better be doing it in the right place. My frank reaction as a veteran Usenetter is that 10 newsgroups sounds like rather a lot, especially when that presumably excludes the groups like a.s.pgp to which the letter was originally posted. To which 10 newsgroups did you repost the letter ? [...] > Is there somebody who can please help me get my 2 megs of mail? I believe it's questionable whether your old system is under any legal obligation to provide access to your accumulated mail there. As I recall, Netcom ended up deleting most of the deluge of mail Canter & Siegel received after their infamous spam. However, in this instance it does seem that it would be polite (and good P.R.) to give you access to the mail your account has received. Apologize and ask your former admin nicely, and you might well get it. He could move it to an anon-ftp directory, perhaps encrypted with some public key of yours :) [...] > But to take my account away for crossposting to 10 groups is not right. Well, it depends greatly upon what you posted and where. If I posted the PRZ Appeal to *my* ten favorite newsgroups (including alt.config, alt.religion. kibology, and alt.sexual.abuse.recovery), I'd certainly expect to face trouble and perhaps lose posting privileges. [...] > Login name: carolann In real life: CarolAnne Braddock > Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp > Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern > New mail received Thu Jan 5 21:16:23 1995; > unread since Mon Jan 2 13:18:25 1995 > Plan: > This account has been disabled permanently. > > Mike Horwath - Admin - Winternet - drechsau@winternet.com -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw0Fu2f7YYibNzjpAQGwoAP/RrXUl3vguSSJSvGDNKsXIMek61Ay5Cvy xFO/NWcyZpzXkqwF3w19DOtke1EQ1NuPP7Z9luN6zF/QkqNwS6Z0mAMc8hcI0kLg F3ESx06UABPJMQoVY63BtaDYuj6Dualjs903koAliIUhpITZ+qsf7jaj3qT1FtMa d3SzHqOWGYM= =876P - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw0G3CoZzwIn1bdtAQHTCQGAgs4itNl5sAZMFjgMIx4Gef52o49+4q3k m36gnACMfYDMThQyhcOS8udSMFw3YM4Q =uty3 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Fri, 6 Jan 95 01:09:01 PST To: cypherpunks@toad.com Subject: Re: sniff passwords on PC (DOS) Message-ID: <199501060914.EAA22804@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Mike writes: > days after his arrest, that the CIA had cracked Aldrich Aim's encrypted > files. (sorry if I spelled his name incorrectly.) FYI, I'm fairly sure it's "Aldrich Ames". > Think about it, the govt. could spend 50,000 to 100,000 to create a > freeware gif viewer, for example, that installed such a tsr. ...most of that going to Compu$erve/Uni$y$... > P.S. If the guy who wanted to see his gf's files writes me, I'll send you > this keyboard sniffer program. Just to clarify slightly, the person who originally asked the question (Adam Gerstein aka THE MAC GURU) said he had a _friend_ who wanted to see his (the friend's) gf's files. - - -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw0I8mf7YYibNzjpAQEF/wP9GPKLX7KifBFRenzmbvsCdbOQ7Narlm8/ qiW/nSLRr7jZUtjAyhYM71eI9GsQbO6lADfV9ncoPIATNB/eJNCqa2O0cmNa67O/ KuUSQl0NQPiUQyevkLRldllEb9hSuTNeHyJZ4SFDpMbFrGYXX4Iu/w9RYcn9ssNS 29qFs0vNK30= =Z0ZM - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw0J9ioZzwIn1bdtAQHXVgF8CVyuTHInzoYDUZmZZXwksIosAuiP4TSh pfZJLbRcoPPP9sJ63CTfnexZXenEzhLf =zrNo -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Fri, 6 Jan 95 02:05:21 PST To: cypherpunks@toad.com Subject: Chain letter bounced (fwd) Message-ID: <199501061011.FAA23248@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- A small advisory: since na166182@anon.penet.fi is subscribed to the c'punks list, and anon.penet.fi attempts to filter out instances of Make Money Fast, any mention of "MAKE.MONEY.FAST" on the list will likely generate an autoreply like the one below. It appears that a copy of the MAKE.MONEY.FAST FAQ (there, I've said it again :) included in the autoreply will even trigger this mechanism, which is awfully ironic at best. At worst, this self-referential property seems liable to allow some nasty email feedback loops. Offhand it appears that a message with an address @anon.penet.fi (preferably forged) in the From: line, and "MAKE.MONEY.FAST" as the message body, would launch an automatic recursive bounce process as anon.penet.fi attempts to send itself a message it considers illegal. Presumably this would crash when the disk quota on some mail spool somewhere is exceeded. If the message was forged to come From: cypherpunks@toad.com or another list to which an anon.penet.fi user is subscribed, I imagine the list would have the dubious privilege of witnessing all the recursive bounce messages along the way. I'm not volunteering to try to write a better MMF-recognizer for a.p.f, though.... Forwarded message: > From daemon@anon.penet.fi Fri Jan 6 04:22:39 1995 > To: lmccarth@ducie.cs.umass.edu > Subject: Chain letter bounced > > You, lmccarth@ducie.cs.umass.edu, have sent a message that seems to contain yet another > copy of the infamous Make Money Fast chain letter. > > If you want to make a complaint, please send just the headers of the > message to admin@anon.penet.fi - albeit as the messages have been blocked > (as you can see), the message probably *didn't* go through anon.penet.fi > but was faked (using NNTP faking or something similar). > [...] > To: cypherpunks@toad.com > From: "L. McCarthy" [...] > Posting letters asking for $$$ is of course a risky venture on Usenet. We > see the PRZ Appeal as a Worthy Cause (tm), but that's just what all the > MAKE.MONEY.FAST posters think of their garbage too. If you go sticking out [...] -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw0WJGf7YYibNzjpAQEfxAQAiA70W8v7saU4TU+0yJL4XC44uhV50Q34 rX5T1A1ADbPgKeIEX/nImyRP2h6T+V2GdYBWPMJjlVYV1Nyqpxb2kHToocQCbtjd ILyNYew0zHfpZAPeYYM4Y35ru1LoQeg9+COo9RElkS3daMB2gtUjmY2EtfPF6h4V tDei1OHtdl0= =vxjA - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw0XKioZzwIn1bdtAQE2egF/Z5Tjg/dzt8cc/lkFXA/LMd17nNNGYv8N 7E7qlnWAhdz82+cILCVHmfVpHNIfdTUH =xtDg -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: frissell@panix.com (Duncan Frissell) Date: Fri, 6 Jan 95 03:23:19 PST To: cypherpunks@toad.com Subject: Re: C'punks Economist Fan Club Message-ID: <199501061123.AA10001@panix.com> MIME-Version: 1.0 Content-Type: text/plain >It's witty, politically >aware, relatively technically savvy. The articles exhibit a healthy (IMHO) >cynicism about what happens and why, yet maintain some idealism about what >should happen. It's not perfect, but it's difficult to imagine surpassing it. The Economist is fully informed and funny. What domestic news magazine would include the following in one of *their* leads (editorials): Circa 1987 "It is unlikely that Gorbachev has included an invasion of Western Europe in his next Five Year Plan but his generals *have* made their preparations. Lucky Britain is in the *Polish* Army's Zone of Occupation." DCF -- Have you registered a domain today. My template worked first time and I have since registered nine domain names. Send for a free copy. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: frissell@panix.com (Duncan Frissell) Date: Fri, 6 Jan 95 03:23:20 PST To: cypherpunks@toad.com Subject: Re: True Names Message-ID: <199501061123.AA10015@panix.com> MIME-Version: 1.0 Content-Type: text/plain > >--Mike, still looking for a copy himself > Boy, for people who can make the World's Governments tremble with the click of a keyboard some of you seem a bit print disabled. How to buy an Out of Print Book (c) 1995 Offshore Enterprises 1) Find an OP book search specialist 2) Ask he/she to find it for you 3) Pay for it To accomplish 1), ask at (independent) bookstores in your vicinity (those are places you may have seen around town full of processed tree carcasses), libraries, etc. DCF -- Correlation between (40 years of pack-a-day)second-hand smoke and cancer: +1.19 Correlation between having had an abortion and cancer: +1.50 Correlation generally accepted as significant for disease studies: +3.00 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nathaniel Borenstein Date: Fri, 6 Jan 95 04:28:54 PST To: db@Tadpole.COM Subject: Re: Remailer Abuse In-Reply-To: <4748.789282395.1@nsb.fv.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Excerpts from mail: 5-Jan-95 Re: Remailer Abuse db@Tadpole.COM (1180*) > Heh. An anonymous remailer paid for by credit card... there'd > have to be an additional level of indirection for it to work, > which would make the methods for tracking those who don't pay > quite problematic. Again, this comes down to definitions of anonymity. In this case, if you start from the silly assumption that the anonymous remailer actually keeps records that correlate messages to payment mechanisms, Doug is right, but barely. To break the anonymity, you'd need collusion between the operator of the anonymous remailer AND First Virtual, because the former knows which account sent a message, and the latter knows who that account belongs to. (And before you tell me that this sounds a lot like the Clipper key escrow, I would point out that instead of two "trust us, they're independent" agencies of the US government, in this case we're talking about two independent private companies which are probably in two different countries. For my part, I figure that if the government of Finland and the government of the US can actually agree that it's so important to force the sacrifice of anonymity in a given case that they're both willing to coerce companies under their jurisdiction, they will probably have a very good reason for doing so. Maybe I'm too trusting, though.) Moreover, and perhaps most important, even THIS can only be done if the anonymous mailer keeps records of WHICH account paid for WHICH posting, and if I were to operate a for-pay remailer, I wouldn't do that anyway. It sort of defeats the whole point of the service. > Also, most remailer abuse tends to be of the hit-and-run variety, > which is still nicely enabled by FV. Only if you assume that the same people aren't responsible for multiple hit-and-run attacks. I would tend to assume the opposite. Russ Nelson saw the first point quite clearly, and wrote: Excerpts from mail: 5-Jan-95 Re: Remailer Abuse nelson@crynwr.com (1177) > Sure, I'll know who used it, but I'm not going to keep that > information. (Yes, yes, FV says that I have to keep records of who > bought what, but I'll label all my information with a random number, > that simply says that X bought information worth Y, not *what* > information.) And if you don't trust a remailer operator, then you > won't use it. All I'd add here is that the requirement to keep records is one that we have to pass on from the credit card world. If you didn't keep ANY records, my understanding is that all that this would really mean in practice is that there would be an extremely strong presumption AGAINST you in certain dispute-resolution situations. That's just my understanding, however, and it doesn't in any way supersede or supplement our legal terms and conditions, available from fineprint@fv.com. (You should try them, I find them more effective than Sominex.) Excerpts from mail: 5-Jan-95 Re: Remailer Abuse wcs@anchor.ho.att.com (2028) > I'd be worried about a couple of issues - > one is just the transaction cost - can you successfully market remailer use > at a buck a shot or whatever you'd be charging beyond FV's 29c stamp, > or would you have some convenient way to aggregate bill? Depending on how often you aggregate, you can charge almost any amount. 20 cents might be very reasonable. If you run a cron job once a month to post aggregated billings to anyone who had two or more outstanding uses, you'd make only a small amount on the two-time users, but you'd get serious aggregation from the regular users. (You might also want to bill the really-high-volume users weekly, to prevent them from going into shock at their huge monthly bills.) > Beyond that, though, are some traffic analysis problems - > remailers require a fair bit of traffic to be useful, and unless > you receive a reasonable amount of encrypted traffic, > and support encrypted email for purchasing remailer service > and other merchandise, an eavesdropper would have a fairly good source > of traffic data on your remailer users, especially since buying and using > remailer service requires two messages within an hour or so. Well, I think low-volume remailers are always a bit vulnerable to traffic analysis attacks, aren't they? One thing you could do is build a variable time-delay into the remailer, to make it harder to correlate messages coming in with those going out. To take paranoia a step further, you could allow people to encrypt their mail TO an anonymous remailer with the remailer's public key, and let the remailer send it out unencrypted. No snooper should be able to correlate the *contents* that way, and it avoids lots of key management problems by only using the remailer's key, not the user's. > An alternative billing mechanism, which wouldn't use Chaum-patented cash, > would be to sell a bunch of one-shot random-number tokens. > When you sell the tokens, you add them to the database of valid tokens, > and when one comes in on a message you delete it. > This allows you to sell more than one message or service-period per > FV transaction, and separates the purchase and use by a longer time, > without adding the need for record-keeping based on the user's ID. > It obviously does require encrypted reply messages. I think this could work quite nicely, at first glance. This is also the kind of service for which you might want to wait until after the "yes" reply to deliver the "goods". My only concern, would be the key management issues, but they might be manageable in this case by using the equivalent of a session key, instead of a permanent personal key. I think this is a promising idea. -- Nathaniel From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 06:40:49 PST To: Duncan Frissell Subject: Re: C'punks Economist Fan Club In-Reply-To: <199501061123.AA10001@panix.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain This I hope shows I can keep my humor level a bit. How does "CENSORED.COM" sound? My original reply is still in suspended composition. On Fri, 6 Jan 1995, Duncan Frissell wrote: > Have you registered a domain today. My template worked first time and I > have since registered nine domain names. Send for a free copy. > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Fri, 6 Jan 95 07:02:07 PST To: Cypherpunks Subject: Re: All I did was properly crosspost! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Carol Anne Braddock wrote: > > I first saw the Dubois Letter in alt.security.pgp the 28th. > PRZ posted it here the next day. > > I "crossposted" it to my favorite 10 newsgroups. Just 10. > Some creep complained. (we'll get to him a bit later). > ten is not a large number when it comes o cross-posting on soem topics, I can think of at lezast tewenty newsgroups where the PRZ letters and such would make alot of sense and be on topic. This just goes to show the soemtimes reactionar steps people take to control spamming. it leads to people getting hurt, especially whent he sysop at your site is nto intelligent enough to look aat the article, and see wether or not it was cross-posted to valid groups etc..and not only that, but to completely pull your account for such a small thing(ten groups? that's nothing in comparison to some aticles out there still going) What is the name of the sysop at that site your account was pulled form? > But to take my account away for crossposting to 10 groups is not right. > I agree, ten groups is a small amount, especially if they are at least amrginally on topic. This is soemthing that we need to watch out for tho, it makes people fearful of spreadung information, when evenif you spread it in a nice manner, to on-topic groups etc.. that you face the chance of some bozo net-vigilante complaining to your sysop and having your account yanked. From teh evidence here it seems the sysop acted in a reactionary manner, probably out of fear of some asshole mailbombing your account. I heartily reccomend that those of you who do not know your sites policies for such, become aquainted with them, or at least contact the syspo and talk about this issue. If you contact him and talk to him(her) about it then they are less likely to react so quickly and IMO stupidly. It's amazing how much just knowing your sysops first name helps in such a situation. As for MCs, I am not sure of their policies but Karl is very reliable, and I doubt he would be so reactionary, in any case, I'll contact him about such policies. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: anonymous-remailer@shell.portal.com Date: Fri, 6 Jan 95 09:47:43 PST To: cypherpunks@toad.com Subject: TRUE NAMES FOR FREE Message-ID: <199501061748.JAA12677@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain Angus Patterson wrote a short while ago: S6>I've been trying to get True Names by Vernor Vinge, and have been told it's >out of print (like most good cypunk ), does anybody have it scanned? Laissez Faire Books has a stockpile and they're giving them away! LF sends you _True_Names_ free when you buy _Solomon's Knife_ by Victor Korman (a pen-name). Order FN5136, $9.95 for both + $3.25 shipping: Laissez Faire, 938 Howard Street #202, San Francisco, CA 94103, tel 800-326-0996, fax 415-541-0597. They have their own Laissez Faire Book News list, too, with previews and samples. Ask Chris Whitten for more info at . "Capt'n Bob" Correspondents: Communications went down recently when 2 remailers shut up shop. A new address will be up and running during next week. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 08:18:03 PST To: Michael Froomkin Subject: Re: Sorehand mailing list In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Yes, Michael I might get SOREHAND having to rewrite all my HTML code. Thanks for the great tip. An ounce of prevention, is worth a pound of cure. Love Always, Carol Anne ps and here's the SOREHAND M/L address in case you trashed it. On Fri, 6 Jan 1995, Michael Froomkin wrote: > While I was abroad, someone from this list asked me for the address > for the SOREHAND mailing list, which helps those suffering from > repetitive strain injuries (RSI), including carpal tunnel syndrome. > I didn't have the listserve info in England, and somehow lost the request > before I got back. > > Figuring, however, that cypherpunks write code, that writing code causes > RSI, and hence this address might be of more general interest, here it is: > > to subscribe, send a SUBSCRIBE SOREHAND to > > Listserve@ucsfvm.ucsf.edu > > A.Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) > U.Miami Law School | MFROOMKI@UMIAMI.IR.MIAMI.EDU > PO Box 248087 | > Coral Gables, FL 33146 USA | It's warmish here, almost cool. > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Michael Froomkin Date: Fri, 6 Jan 95 07:35:46 PST To: cypherpunks@toad.com Subject: Sorehand mailing list Message-ID: MIME-Version: 1.0 Content-Type: text/plain While I was abroad, someone from this list asked me for the address for the SOREHAND mailing list, which helps those suffering from repetitive strain injuries (RSI), including carpal tunnel syndrome. I didn't have the listserve info in England, and somehow lost the request before I got back. Figuring, however, that cypherpunks write code, that writing code causes RSI, and hence this address might be of more general interest, here it is: to subscribe, send a SUBSCRIBE SOREHAND to Listserve@ucsfvm.ucsf.edu A.Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) U.Miami Law School | MFROOMKI@UMIAMI.IR.MIAMI.EDU PO Box 248087 | Coral Gables, FL 33146 USA | It's warmish here, almost cool. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 08:43:15 PST To: "L. McCarthy" Subject: Re: Chain letter bounced (fwd) In-Reply-To: <199501061011.FAA23248@bb.hks.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Thanks for the great article....I chuckled a lot, and I haven't had a lot to chuckle about these days..... But I still think that as the computer program we trust the most, he deserves overt support in all phases of of my life. Even though I am dead broke, I could tell my main newsgroups. I wasn't asking or telling. Just informing. And it was to .1% of all Usenet ....That...is...not...a...lot! I am sure the real point of your post will come through, but for now I'm kinda clueless. Love always, Carol Anne On Fri, 6 Jan 1995, L. McCarthy wrote: > [...] > > To: cypherpunks@toad.com > > From: "L. McCarthy" > [...] > > Posting letters asking for $$$ is of course a risky venture on Usenet. We > > see the PRZ Appeal as a Worthy Cause (tm), but that's just what all the > > MAKE.MONEY.FAST posters think of their garbage too. If you go sticking out > [...] > > -L. Futplex McCarthy From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 09:26:14 PST To: "david d `zoo' zuhn" Subject: Re: Chain letter bounced (fwd) In-Reply-To: <199501061705.LAA04565@monad.armadillo.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Inasmuch as I sent the prior posting the way I did, (as I can only read one letter at a time), You do not speak for all the cypherpunks, neither do I. On the time cronology you are the first to complain about the account closing notice. That doesn't constitute a WE yet. So please do not send me further personal mail. I'm glad I'm not so clueless about Stalking Laws in the State of Minnesota. Now I've go to my free.org account and get my Star-Trib address archive back. Carol Anne Braddock signed 1/6/95 11:25 A.M. On Fri, 6 Jan 1995, david d `zoo' zuhn wrote: > // come through, but for now I'm kinda clueless. > > Very very true. > > And please stop including this stuff at the end of every message. WE DON'T > CARE. > > > // From carolann@vortex.mm.com Fri Jan 6 01:39:29 1995 > // Date: Thu, 5 Jan 1995 21:57:05 -0600 > // From: Carol Anne Braddock > // To: carolann@vortex.mm.com > // > // [icicle.winternet.com] > // Login name: carolann In real life: CarolAnne Braddock > // Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp > // Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern > // New mail received Thu Jan 5 21:16:23 1995; > // unread since Mon Jan 2 13:18:25 1995 > // Plan: > // This account has been disabled permanently. > // > // Mike Horwath - Admin - Winternet - drechsau@winternet.com > // > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 09:39:26 PST To: Nesta Stubbs Subject: Re: All I did was properly crosspost! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Nesta Stubbs wrote: > On Fri, 6 Jan 1995, Carol Anne Braddock wrote: > ten is not a large number when it comes o cross-posting on soem topics, I > can think of at lezast tewenty newsgroups where the PRZ letters and such > would make alot of sense and be on topic. This just goes to show the > soemtimes reactionar steps people take to control spamming. it leads to > people getting hurt, especially whent he sysop at your site is nto > intelligent enough to look aat the article, and see wether or not it was > cross-posted to valid groups etc..and not only that, but to completely > pull your account for such a small thing(ten groups? that's nothing in > comparison to some aticles out there still going) What is the name of the > sysop at that site your account was pulled form? > His name is Michael Horwath, root@winternet.com > > But to take my account away for crossposting to 10 groups is not right. > > > I agree, ten groups is a small amount, especially if they are at least > amrginally on topic. > > This is soemthing that we need to watch out for tho, it makes people > fearful of spreadung information, when evenif you spread it in a nice > manner, to on-topic groups etc.. that you face the chance of some bozo > net-vigilante complaining to your sysop and having your account yanked. > >From teh evidence here it seems the sysop acted in a reactionary manner, > probably out of fear of some asshole mailbombing your account. > > I heartily reccomend that those of you who do not know your sites > policies for such, become aquainted with them, or at least contact the > syspo and talk about this issue. If you contact him and talk to him(her) > about it then they are less likely to react so quickly and IMO stupidly. > It's amazing how much just knowing your sysops first name helps in such a > situation. > > As for MCs, I am not sure of their policies but Karl is very reliable, > and I doubt he would be so reactionary, in any case, I'll contact him > about such policies. > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 09:46:03 PST To: "david d `zoo' zuhn" Subject: Re: All I did was properly crosspost! harrassments another story In-Reply-To: <199501061733.LAA04744@monad.armadillo.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, david d `zoo' zuhn wrote: > Sorry, but I don't flame in public fora. I do so in email only. > > The Michigan precedent for email stalking isn't very strong (it also > included several incidents of physical contact as well), so you threats are > not really too worrisome. The last time I checked with various folks about > the Minnesota laws, it's not exactly too clear on email (prosecution in the > situation in question was declined due to lack of confidence in > conviction), so again, I'm not very worried. > > But it doesn't matter since you've just entered my global kill files. > Anything you send to me won't be seen at all. Anywhere. Anyhow. News. > Mail. Etc. Plonk! > > And as a personal note, if your concept of 'dealing' involves making legal > threats at the first possible instance of disagreement, then I think you > need a new concept of 'dealing'. > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Christopher E Stefan Date: Fri, 6 Jan 95 11:55:22 PST To: Angus Patterson Subject: Re: True Names In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Thu, 5 Jan 1995, Angus Patterson wrote: > I've been trying to get True Names by Vernor Vinge, and have been told it's > out of print (like most good cypunk ), does anybody have it scanned? > I realize this is without permission, so does anybody have Vinge's address? > (e-mail or otherwise) or could anybody ask him? Btw, does he have any other > crypto/anonymity related stories? Thanks in advance. I saw a copy of _True Names_ in a local bookstore recently, so if you check around you may be able to find it. You may also want to check the used bookstores in your area. Good luck! -- Christopher E Stefan * flatline@u.washington.edu * PGP 2.6ui key by request From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Dr. D.C. Williams" Date: Fri, 6 Jan 95 08:51:10 PST To: cypherpunks@toad.com Subject: Remailer anonymity Message-ID: <199501061656.LAA26109@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Much has been said lately about maintaining anonymity for remailer users while providing some "pay to play" mechanism for the operator. Absent strong collusion between operators, doesn't remailer chaining ensure anonymity? Plenty of movie "bad guys" escape by getting on the subway because no one knows where they'll get off or change lines. It seems to me that knowing a person entered the system is far less information than knowing where they exited. As long as remailers have guaranteed access to other remailers, anonymity should be maintained. Re: collusion; I'd sooner believe the Macro$oft/RCC fable. In a gadda da vida, Billy. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw12MioZzwIn1bdtAQH+XQF/RGe9sufCmL8KB2ARuyJNChmF+ZA4DRlf cCnAwpyUhRRtWdpDRx7wZxopjvPHUYDC =kVwM -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 10:03:17 PST To: Alex de Joode Subject: Re: Your HomePage at winternet.com In-Reply-To: <199501061739.AA29180@xs1.xs4all.nl> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Dear Alex, We have all the web pages. They should be moving to spring.com shortly. It's kinda sad that they bootleg off my net.web.goodwill, as My pages are are at the 200+ access count and rising level per day. The Webbittown pages will remedy this in the not too distant future. (PGP encoded HTML) They should be down by the end of the day. Love Always, Carol Anne > -- > Alex de Joode > usura@replay.com Hate mail appreciated, > http://www.xs4all.nl/~usura weekly contest for best death threat. > > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 10:14:39 PST To: cypherpunks@toad.com Subject: Guess what I just got In the mail? giggle..giggle Message-ID: MIME-Version: 1.0 Content-Type: text/plain ---------- Forwarded message ---------- Date: Fri, 6 Jan 95 18:57:36 +0200 From:daemon@anon.penet.fi To: carolann@mm.com Subject: Chain letter bounced You, carolann@mm.com, have sent a message that seems to contain yet another copy of the infamous Make Money Fast chain letter. If you want to make a complaint, please send just the headers of the message to admin@anon.penet.fi - albeit as the messages have been blocked (as you can see), the message probably *didn't* go through anon.penet.fi but was faked (using NNTP faking or something similar). If you are trying to *post* the chain letter, please read the following: By now you should know that the net doesn't find all the waste of networking resources, time and money this stupid and illegal scam has caused amusing at all. I have actually been forced to incorporate an automatic chain letter detector / bouncer just for this... Here is the appropriate FAQ: - - - - - - - - - - - - - - - - - - - This FAQ is for the benefit of those who have never experienced the advertisement MAKE.MONEY.FAST. Here are some answers to some questions frequently asked. 1. Does MAKE.MONEY.FAST really work? Not in the sense that you'll make money fast, but you'll make a lot of enemies fast. 2. If I forward or repost MAKE.MONEY.FAST, will I get a lot of mail? Yes, hate mail, flames, etc. 3. How can I get my account cancelled? Post MAKE.MONEY.FAST. 4. How can I get my system administrator mad at me? Post MAKE.MONEY.FAST. His mailbox will be so full of complaints, it'll take him/her a week to sort through all of them. 5. Who is Dave Rhodes? Salmon Rushdie's roommate. Just about every administrator wants to kill him so he had to go in hiding. 6. How can I assure I have a long and prosperous life? Well, nobody can guarantee that, but it can be guaranteed that if you post MAKE.MONEY.FAST you're life may be cut short by accident (hee hee). 7. Just how does one have to never work again after posting MAKE.MONEY.FAST? Well, MAKE.MONEY.FAST is a Ponzi scheme. Ponzi schemes are illegal. Ponzi schemes are a form of fraud. Some of these net interchanges go over telephone wires, optic fibers, and microwave transmissions all regulated by the FCC. If you repost MAKE.MONEY.FAST over the net, and someone at the FCC wanted to get nasty, they may want to prosecute you for WIRE fraud. Once you're in jail, you never have to pay rent, your meals are free. Anal injections are free. MAKE.MONEY.FAST has a lot of side benefits. 8. How can I help to stop the spread of MAKE.MONEY.FAST? When some netter newbie blunders and posts MAKE.MONEY.FAST on the net, just send him a polite letter to not do it again (remember, the newbies act out of ignorance) then write the root@domain and request they inform all their users not to perpetuate this drivel. - - - - - - - - - - - - - - - - - - - Contents of message follows: X-Envelope-To: na166182 Received: by anon.penet.fi (5.67/1.35) id AA19254; Fri, 6 Jan 95 18:50:45 +0200 Received: from relay2.uu.net(192.48.96.7) by anon.penet.fi via anonsmtp (V1.3mjr) id sma017754; Fri Jan 6 18:47:54 1995 Received: from toad.com by relay2.UU.NET with SMTP id QQxxnn06516; Fri, 6 Jan 1995 11:50:16 -0500 Received: by toad.com id AA06017; Fri, 6 Jan 95 08:43:15 PST Received: from vortex.mm.com ([204.73.34.1]) by toad.com id AA05996; Fri, 6 Jan 95 08:42:58 PST Received: from downburst.mm.com (carolann@downburst.mm.com [204.73.34.2]) by vortex.mm.com (8.6.9/8.6.6) with ESMTP id KAA28027; Fri, 6 Jan 1995 10:48:27 -0600 Received: (carolann@localhost) by downburst.mm.com (8.6.9/8.6.6) id KAA13250; Fri, 6 Jan 1995 10:48:16 -0600 Date: Fri, 6 Jan 1995 10:48:16 -0600 (CST) From: Carol Anne Braddock Subject: Re: Chain letter bounced (fwd) To: "L. McCarthy" Cc: cypherpunks@toad.com In-Reply-To: <199501061011.FAA23248@bb.hks.net> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cypherpunks@toad.com Precedence: bulk Thanks for the great article....I chuckled a lot, and I haven't had a lot to chuckle about these days..... But I still think that as the computer program we trust the most, he deserves overt support in all phases of of my life. Even though I am dead broke, I could tell my main newsgroups. I wasn't asking or telling. Just informing. And it was to .1% of all Usenet ....That...is...not...a...lot! I am sure the real point of your post will come through, but for now I'm kinda clueless. Love always, Carol Anne On Fri, 6 Jan 1995, L. McCarthy wrote: > [...] > > To: cypherpunks@toad.com > > From: "L. McCarthy" > [...] > > Posting letters asking for $$$ is of course a risky venture on Usenet. We > > see the PRZ Appeal as a Worthy Cause (tm), but that's just what all the > > MAKE.MONEY.FAST posters think of their garbage too. If you go sticking out > [...] > > -L. Futplex McCarthy >From carolann@vortex.mm.com Fri Jan 6 01:39:29 1995 Date: Thu, 5 Jan 1995 21:57:05 -0600 From: Carol Anne Braddock To: carolann@vortex.mm.com [icicle.winternet.com] Login name: carolann In real life: CarolAnne Braddock Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern New mail received Thu Jan 5 21:16:23 1995; unread since Mon Jan 2 13:18:25 1995 Plan: This account has been disabled permanently. Mike Horwath - Admin - Winternet - drechsau@winternet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 10:57:46 PST To: Niall Murphy Subject: Re: your mail In-Reply-To: <20014f17.39f3-niallm@avernus.internet-eireann.ie> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Is that better...giggle... Hope you make and hand out some hard copies! Love Always, Carol Anne ps if it was you instead of Zimmy the result would have been the same, I think. I'll rant why I'm actually on the list soon From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 11:03:12 PST To: cypherpunks@toad.com Subject: There.....Do ya like this one better? Message-ID: MIME-Version: 1.0 Content-Type: text/plain Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List. Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 11:24:21 PST To: anonymous-remailer@shell.portal.com Subject: Re: SysAdmin of the year In-Reply-To: <199501061846.NAA26994@bb.hks.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Aren't ya glad 94's over with? He was in a big hole as 95 started. His machine was being hacked routinely. Nobody on the Web visited the site. I just like PGP. I believe it to be the nicest program anywhere. It has lots of everyday uses, even you used it. And when I crosspost a help note to .1% of Usenet, and lose 4 days of good postings, everyone loses. Till of course the story is told, for all to know. Love Always, Carol Anne Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM On Fri, 6 Jan 1995 anonymous-remailer@shell.portal.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > > > According to Carol Anne Braddock: > > > His name is Michael Horwath, root@winternet.com > ^^^^^^^^^^^^^^^ > > > [icicle.winternet.com] > > Login name: carolann In real life: CarolAnne Braddock > > Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp > > Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern > > New mail received Thu Jan 5 21:16:23 1995; > > unread since Mon Jan 2 13:18:25 1995 > > Plan: > > This account has been disabled permanently. > > > - --- > [This message has been signed by an auto-signing service. A valid signature > means only that it has been received at the address corresponding to the > signature and forwarded.] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Gratis auto-signing service > > iQBFAwUBLw2PxioZzwIn1bdtAQEgggF+ImxhTJlTtuMMJglmt3z/EriU0W2KisJZ > kr+JZeyf2iPyi5O/xsoHNWR/jHaYtE34 > =wNlp > -----END PGP SIGNATURE----- > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dwomack@runner.utsa.edu (Dave) Date: Fri, 6 Jan 95 11:35:16 PST To: cypherpunks@toad.com Subject: Carol Anne - C'Punk Poster Person? Message-ID: <9501061935.AA14193@runner.utsa.edu> MIME-Version: 1.0 Content-Type: text/plain It occurs to me that Carol's problem may well be of considerable interest to c'punks and free speechers everywhere. Not that I favor spam or it's derivatives - but Cancelmoose and others define spam as *_50_* or more groups, esp. without crossposting. My basis for saying that Carol's situation is of interest is ---- as the net becomes more vulnerable to regulation, who among is immune to a quick cancellation of account? For something such as, say, the irresponsible (and antisocial?) advocacy of crypto? If an account can be chopped for 10 posts, where is the bottom limit? 5 perhaps? 2 maybe? 1 post that the sys-admin disagrees with? Developing the idea, and combining it with for-profit remailers...what would be wrong with a provider offering a unix shell based account, with the option of registering the account under a nym - and with finger user switchable from on to off and back again? The login ID would also be unconnected to the name. Frankly, none of this seems that radical...our friend, America On Line has some of these characteristics! Various 'anti-true spam' strategies could be used to prevent massive postings of Make Money Etc...But instead of a remailer, an actual *_system_* would be used. Payments could be by electronic invoice and money orders... Any thoughts on this? Dave From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: anonymous-remailer@shell.portal.com Date: Fri, 6 Jan 95 10:40:21 PST To: cypherpunks@toad.com Subject: SysAdmin of the year Message-ID: <199501061846.NAA26994@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- > > According to Carol Anne Braddock: > His name is Michael Horwath, root@winternet.com ^^^^^^^^^^^^^^^ > [icicle.winternet.com] > Login name: carolann In real life: CarolAnne Braddock > Directory: /usr2/carolann Shell: /etc/scripts/tcsh-susp > Last login Thu Jan 5 21:38 on ttyq5 from annex3-1.wintern > New mail received Thu Jan 5 21:16:23 1995; > unread since Mon Jan 2 13:18:25 1995 > Plan: > This account has been disabled permanently. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw2PxioZzwIn1bdtAQEgggF+ImxhTJlTtuMMJglmt3z/EriU0W2KisJZ kr+JZeyf2iPyi5O/xsoHNWR/jHaYtE34 =wNlp -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 11:43:17 PST To: Mike Horwath Subject: Re: Files and mail In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Dear Mr. Horwath, A written reply will suffice. You have my permission to make all of my files world readable. You can put them in the ftp site. Upon receipt of notice, they will be removed within 24 hours, and you will recieve a signed PGP statement with the new key, stating that the files have been removed. Other Winternet users have already gone to my defense, and copied all of the world readable material anyway. And the whole account might as well be, too. Please do not forward any mail here. You will better serve yourself bouncing the letter back to the sender and informing them of my new address. If I find forwarded mail in my mailbox, I will print hard copies and visit the Attorney General's Office and file a complaint under the Stalking laws of the State of Minnesota. And please...deactivate my WWW pages. I was astounded to find out that during the suspension, they continued to remain active, as I learned in the office Wednesday. That was (and still is) stealing my net.web.goodwill, and creating a falsehood amongst other users. My WWW Pages have found a nice, new, warm sunny home in Austin, Texas. I spent six full hours making a personal appearance, at great personal expense, to the Winternet Office to resolve the situation. My original reply still sits in suspended composition in my mailer. I wasted not a nano-second in preparing my reply to the posting. In legal point of fact, the poster is violation of Minnesota State Law. He has no legal jurisdiction whatsoever. I did not take days to "investigate", nor cite that other things such as "my machines being hacked" and "I'll do it when I'm ready to do it,". I was a simple complaint. It had no validity. Crossposting an article to .1% of the Usenet News Groups does not by the very statistic constitute spam. (And I own two shares of Hormel Corp, so I do know what SPAM (tm) is. As was pointed out in alt.current-affairs.net-abuse The complainer didn't fully read said article. It was timely.(and still is) The crossposting wasn't wasting resources. It is of no one's concern the actual groups posted. They have the right and ability to respond. I asked for no money. I did not stand to profit by the posting. The person who started the whole thing was pretty heavily chastised, by the readers of his own news group. A fast "K" was all that any individual needed for this article. No, Mr. Horwath, you are "way out-of-bounds" this time. And as the time cronology unveils itself, I am sure that will be shown to be a very truthful, factual statement. Dangerous precedents were set here. I will not rest until the whole of the Internet knows and is aware of the situation. Signed Carol Anne Braddock Friday January 6th, 1995 9:40 A.M. On Fri, 6 Jan 1995, Mike Horwath wrote: > You are welcome to your files and mail, I will pack everything up for > you as you left it, including your FTP area. > > I expect you to try to reach me today in the afternoon at my office and > I will fully explain why your account was deleted, with full detail as > to why. > > I do appreciate the work you did on the shirts for Winternet. I don't > appreciate the harassment you have already tried to bring upon me. > > When we talk, I think you might understand why this was done. If you do > not, then I feel bad, as I must then not be making myself clear. But > no matter what, this was policy that you chose to break even after I > had talked to you about it. More on this when we talk. > > Good luck at your new provider, Larry Leone is an old user of mine and > seems to be a good guy, even if a little quiet on the newsgroups :) > > A copy of this letter is also going to your new admin so that he knows > what is going on. > > Larry, Carol Anne was using about 11.5MB of disk that will be moving > over from Winternet to MM. > > Also, how have you been anyway? Been awhile since I saw you. Oh, and > could you install identd on your system? Get back to me on anything, > or with questions. > > -- > Mike Horwath IRC: Drechsau LIFE: Lover drechsau@winternet.com > Winternet: info@winternet.com root@jacobs.mn.org <- Linux! > Twin Cities area Internet Access: 612-941-9177 for more info > Founding member of Minnesota Coalition for Internet Accessibility > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Blanc Weber Date: Fri, 6 Jan 95 13:51:51 PST To: dwomack@runner.utsa.edu Subject: RE: Carol Anne - C'Punk Poster Person? Message-ID: <9501062152.AA05672@netmail2.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain From: Dave It occurs to me that Carol's problem may well be of considerable interest to c'punks and free speechers everywhere. Not that I favor spam or it's derivatives - but Cancelmoose and others define spam as *_50_* or more groups, esp. without crossposting. ........................................................... It occurs to me that Carol's problem is personal, that we don't know all of the details, that the sysadmin responsible is in contact with her and appears quite willing to communicate on the episode, to explain to her the reason for the action taken as well as being willing to provide to her opportunity to retrieve all of her email, etc. as well as to talk to her new provider and explain once again the details of the situation. If the sysadmin's action was the result of regulation, then it would be apropos for a wider range of interest, but it appears to be the decision of an individual sysadmin acting on his own prerogative. Objections could be sent to him personally, unless someone wanted to make him answer to the list for his judgement and decision, and spend a lot of time arguing with him about it. Blanc From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Adam Shostack Date: Fri, 6 Jan 95 11:19:04 PST To: nsb@nsb.fv.com (Nathaniel Borenstein) Subject: Re: Remailer Abuse In-Reply-To: Message-ID: <199501061911.OAA08861@bwnmr5.bwh.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain nsb wrote: | Excerpts from mail: 5-Jan-95 Re: Remailer Abuse db@Tadpole.COM (1180*) | > Heh. An anonymous remailer paid for by credit card... there'd | > have to be an additional level of indirection for it to work, | Again, this comes down to definitions of anonymity. In this case, if [...] | two different countries. For my part, I figure that if the government | of Finland and the government of the US can actually agree that it's so | important to force the sacrifice of anonymity in a given case that | they're both willing to coerce companies under their jurisdiction, they | will probably have a very good reason for doing so. Maybe I'm too | trusting, though.) Its also a matter of analysing your threats. There may be employees of one or more companies involved who might sell information. Then again, if you're selling plans of the B2 to the Iraqis, the US & Norwegian governments might collude to track you down, (and in the process, read a lot of other messages.) | Excerpts from mail: 5-Jan-95 Re: Remailer Abuse wcs@anchor.ho.att.com (2028) | > Beyond that, though, are some traffic analysis problems - | > remailers require a fair bit of traffic to be useful, and unless | > you receive a reasonable amount of encrypted traffic, | > and support encrypted email for purchasing remailer service | > and other merchandise, an eavesdropper would have a fairly good source | > of traffic data on your remailer users, especially since buying and using | > remailer service requires two messages within an hour or so. | Well, I think low-volume remailers are always a bit vulnerable to | traffic analysis attacks, aren't they? One thing you could do is | build a variable time-delay into the remailer, to make it harder to | correlate messages coming in with those going out. To take paranoia a | step further, you could allow people to encrypt their mail TO an | anonymous remailer with the remailer's public key, and let the remailer | send it out unencrypted. Time delay does not guarantee mixing, which is the intent of time delay schemes. Might as well mix directly, since thats what you're trying to accomplish. Someone (I think it was Hal) wrote up a message describing the math involved. And I don't think encrypting the various parts of a remailer chain is very paranoid; I don't particularly trust the remail ops not to read my mail. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Fri, 6 Jan 95 14:19:53 PST To: Jonathan Rochkind Subject: Re: for-pay remailers and FV (Was Re: Remailer Abuse) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Jonathan Rochkind wrote: > Hmm. Maybe I don't completely understand how this is going to work, but > won't _every_ remailer in the chain need to know your FV billing account? First remailer knows you and your FV billing account. Charges you its own fee and the fee for all for profit remailers in the list. (The envelope states what this fee is going to be) Second remailer charges first remailer. Third remailer charges second remailer. If the postage on the envelope is insufficient to cover all the for profit remailers the message passes through, it gets bounced or dropped. In principle it could work, But blinded digital cash makes it a lot easier. (blinded postage stamps) I would not try to implement it. Too much like hard work, for an unnecessarily complex solution. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 11:16:09 PST To: Nathaniel Borenstein MIME-Version: 1.0 Content-Type: text/plain At 7:28 AM 01/06/95, Nathaniel Borenstein wrote: >Again, this comes down to definitions of anonymity. In this case, if >you start from the silly assumption that the anonymous remailer actually >keeps records that correlate messages to payment mechanisms, Doug is >right, but barely. To break the anonymity, you'd need collusion between >the operator of the anonymous remailer AND First Virtual, because the >former knows which account sent a message, and the latter knows who that >account belongs to. (And before you tell me that this sounds a lot like While this might be secure enough for some people, it is important to note that it definitely is less secure then the current free remailer net. Currently, if I send my message through 10 remailers, many more then just two of the operators need to cooperate in order to get my true identity. I think that at least 8 or 9 of them do, actually. In a First Virtual payment-scheme remailernet, no matter how many remailers I send my message through, any _one_ operator, together with First Virtual, can burst my anon bubble. I suppose this still might be enough security for some people. After all, penet is enough security for some people. But I'd guess that most people using cypherpunks remailers instead of Julf's penet remailer aren't going to be willing to settle for it, because it doesn't give you very much more security then penet. My trust of Julf, who has an amazingly good reputation on the net and furthermore isn't in the U.S. (and presumably isn't subject to U.S. government coercion), certainly isn't any less then my trust of First Virtual. And if I'm still sending through 10 remailers, which I'd be doing for traffic analysis reasons, any _one_ of them, together with FV, can compromise me. Weakest link in the chain. Which means my risk _rises_ with increased remailer chain length. If I was willing to accept that level of risk, I'd just use penet which is much more convenient. The First Virtual method does seem possible for Julf's remailer, since users are pretty much already trust Julf completely, so the Julf+FV system isn't any less secure then the just Julf system. But it's just not anonymous enough for cypherpunks-style remailers. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "david d `zoo' zuhn" Date: Fri, 6 Jan 95 12:38:39 PST To: cypherpunks@toad.com Subject: Re: Carol Anne - C'Punk Poster Person? Message-ID: <199501062040.OAA06369@monad.armadillo.com> MIME-Version: 1.0 Content-Type: text/plain I don't think there's much of a case for 'poster child' status involved. Users on the Winternet systems (of which I happen to be one) sign an Agreement stating that they'll abide by Netiquette whenever using internet services. Failure to do so can result in termination of service. This is Mike's way to limit the amount of time he has to spend dealing with users who generate flamage. There was [apparently] another issue involving reselling of service that I don't have details on, but which is likely to be related. Where's the censorship? I don't see it. CarolAnne is free to make whatever statements she likes (since she has service from another provider). The New York Times doesn't have to allow me to put an article on page one (much as I might wish to do so). That's not censorship either. No one is obligated to provide a soap box for someone to stand on. This is a free market issue, not free speech. Since there is competition in the local area, people are free to choose whichever provider they like. Some have more explicit AUP's than others. Some probably haven't even considered the issue. There's no one crying "Foul! Begone from the net forever". THAT would be censorship. But this is a case of "You're not following my rules. Be gone from my machine." I've got my own setup at home, mostly independent of network provider and becoming moreso as time progresses, to prevent J. Random Sysadmin from cutting me off arbitrarily. It costs more money this way, but that's not entirely unreasonable. I'd rather see a market of half a dozen or more providers in any given area, each mostly independent, providing a number of choices as to service levels and policy expectations, instead of a monolithic Micro$oft (or AOL or CI$ or Delphi or etc) "We ARE the Internet" where censorship (in the traditional definition of someone vetting any public [or private!] postings) is much more common. I could see a market for service where someone who decided to armorplate their machine could provide service to those who persist in doing "net.stupid.things". Provide anonymous accounts on that machine, and remailer accounts, and such, and then stand back and ignore all of the flamage that will come the way of root|postmaster|usenet|whatever. [ Personally, I'd likely put that domain into my global killfiles, but that's selective reading, not censorship. ] [ More disclaimers -- I don't represent Winternet in any way, nor Mike Horwath nor CarolAnne Braddock. I have no connection with Winternet except as a customer. I speak solely for myself and Armadillo Zoo Enterprises. And I'm not afraid of an electronic stalking prosecution. ] -- - david d `zoo' zuhn -| armadillo zoo software -- St. Paul, Minnesota -- zoo@armadillo.com --| unix generalist (and occasional specialist) ------------------------+ http://www.armadillo.com/ for more information pgp key upon request +---------------------------------------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Fri, 6 Jan 95 12:08:18 PST To: jrochkin@cs.oberlin.edu Subject: Re: Remailer Abuse In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Date: Fri, 6 Jan 1995 14:19:07 -0500 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) In a First Virtual payment-scheme remailernet, no matter how many remailers I send my message through, any _one_ operator, together with First Virtual, can burst my anon bubble. Why? Why wouldn't the FV remailers use settlements? At the end of the month, everyone settles accounts in re who gets what fraction of what. No logs are needed other than counters. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: bshantz@spry.com Date: Fri, 6 Jan 95 15:35:54 PST To: cypherpunks@toad.com Subject: The Carol Anne Controversy Message-ID: <199501062336.PAA12592@homer.spry.com> MIME-Version: 1.0 Content-Type: text/plain C'Punks, Well, folks, this has certainly been an exciting SPAM/FLAME war we've been watching. I've personally enjoyed skipping a good portion of the text of the messages and just watching the headers continue to grow in size as more and more people have been added to the CC list. Although, I must admit that I enjoyed the Winternet Sysadmin's Rebuttal. Between this and Matt's article about being an international arms courier (Great Article Matt!!!) I've discovered my own answer to the Soap Operas I miss while I'm at work every day. Think I'll go make some popcorn and sit back to watch the fireworks some more. -- Brad From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 13:35:58 PST To: Russell Nelson Subject: Re: Remailer Abuse In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Yes Russell, you hit the nail on the head. It's all about trust. On Fri, 6 Jan 1995, Russell Nelson wrote: > what. No logs are needed other than counters. > > -- > -russ http://www.crynwr.com/crynwr/nelson.html > Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key > 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? > Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? > Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 12:39:26 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse Message-ID: MIME-Version: 1.0 Content-Type: text/plain At 3:12 PM 01/06/95, Russell Nelson wrote: > Date: Fri, 6 Jan 1995 14:19:07 -0500 > From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) > > In a First Virtual payment-scheme remailernet, no matter how many remailers > I send my message through, any _one_ operator, together with First Virtual, > can burst my anon bubble. > >Why? Why wouldn't the FV remailers use settlements? At the end of >the month, everyone settles accounts in re who gets what fraction of >what. No logs are needed other than counters. Oh, you're suggesting that I'd only actually pay the first remailer on my chain, and at the end of the month he'd pay some of the money I (and others) paid him to all of the other remailers his transacted with over the month? I hadn't thought of that, but now that I do, I can see several problems arising. 1) The initial remailer has no way of knowing how many subsequent links there are in the chain, and so doesn't know if I've paid him enough to reimburse everyone else. I can easily cheat. He also doesn't know _who_ the subsequent chains are. He can deduct one "stamp" from the amount, and forward the rest on to the next remailer, and trust them to do the same, but if I'm cheating there won't be enough to make it to the end of the chain. Both of these facts (initial op doens't know how long the chain will be, or who will be on it) are essential to the security I get from using anon remailers, so even if they could be "fixed", it would be bad to. 2) This system requies a good deal of cooperation and organization among remailer operators. They've got to agree to send each other the proper amount of money, they've got to set up policies for what the proper amount of money is, they've got to stay in relatively constant contact to keep everything running smoothly. In effect, a remailers trade association is created, and if I want to use any of the remailers in that group, I've got to use _only_ remailers in that group in my chain. I'd rather use a chain of remailers which aren't associated that closely, hopefully don't even know each other, and possibly some of which only exist for a short period of time (guerilla remailers, a risk if I'm paying, in that I can't neccesarily trust them not to steal my money, but if the money I'm paying is something like $.05 to each remailer, not a real serious risk). Assuming that there will be some free as well as some charging remailers, I'd also like to use some of each in my chain. I see some problems with the Remailer Trade Association allowing those transactions to happen. (will they accept incoming mail from a non-affilated remailer, which surely won't be paying them at the end of the month? Surely not, which means if I use any affilated remailers in my chain, no affilated remailers can come afterwords. So all affilated remailers I'm using have to come before all non-affiliated remailers, which is an undesirable restriction which could aid traffic analsysis. If there are several affiliations, things get even more complicated.) There are probably other problems too, that I haven't thought of yet. An FV-style system doesn't seem to do the trick. And it isn't an issue of certain sacrifices you have to make in order to set up for-pay remailers, as a Chaum digicash based for-pay remailer system would work admirably, and none of my objections would apply to it. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jim Gillogly Date: Fri, 6 Jan 95 15:57:26 PST To: cypherpunks@toad.com Subject: Re: floating point crypto? In-Reply-To: Message-ID: <199501062358.PAA22404@mycroft.rand.org> MIME-Version: 1.0 Content-Type: text/plain > rah@shipwright.com (Robert Hettinga) writes: > Nonetheless, I *am* thankful to Jim Gillogly, who sent me a great bunch of > stuff about what the pentium.whistleblower, Dr. Nicely, was working on. Jim > said he got it out of WWW, and maybe he'll post the URL here and that will > be that. Nicely was working with finding multiple primes: Prime twins, > prime triplets, etc. The page is titled "The Pentium Papers": http://www.mathworks.com/README.html From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nathaniel Borenstein Date: Fri, 6 Jan 95 13:15:51 PST To: nelson@crynwr.com Subject: Re: Remailer Abuse In-Reply-To: <28351.789422888.1@nsb.fv.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Excerpts from mail: 6-Jan-95 Re: Remailer Abuse nelson@crynwr.com (779) > From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) > In a First Virtual payment-scheme remailernet, no matter how many remailers > I send my message through, any _one_ operator, together with First Virtual, > can burst my anon bubble. > Why? Why wouldn't the FV remailers use settlements? At the end of > the month, everyone settles accounts in re who gets what fraction of > what. No logs are needed other than counters. I hate to say it, because I generally tend to take the pro-FV side of most arguments :-), but I think Jonathan's closer to the mark in this case. If mail goes through ten remailers, and they ALL charge via First Virtual, then the last one in the chain won't have to know who you are, but it will have to know your FV billing account. Thus it, together with FV, have enough information to break anonymity. This is NOT the same as saying that ANY one operator, together with FV, can burst anonymity; it means that the last one + FV can do so. I think, however, that you'd need to break into the last one to get enough information to allow the next-to-last one to figure out the right FV-id. (This assumes that you're tracing the message from its ultimate destination, not monitoring traffic as it passes through the remailers -- in the latter case, Jonathan is probably right on the mark.) Personally, for my taste this is sufficiently anonymous for any reasonable purpose. HOWEVER, I can imagine how to make it even more anonymous. Imagine that there are ten for-profit anonymous remailer operators who form an "anonymous remailers consortium". Each of them operates TWO remailers, a for-pay one and a free one, but the free one will only take things that have come directly via some consortium member's anonymous remailer, so your message has to be paid for once, at the entry point to the overall system. Now you can build up a chain that STARTS with a payment, but then threads its way through a bunch of less traceable systems. where the operators can't give tracing information even under court order. The consortium members would probably have to agree to some revenue sharing arrangements, but you could make this work. I think this level of engineering is overkill -- for my personal level of paranoia, I would settle for a single for-pay anonymous remailer located in a country with very different laws than those that governed the payment system. Such a system would probably be "breakable" for the legal pursuit of genuine terrorists, but not for government harassment of political dissidents, closet gays from conservative countries, pornographers, etc. I guess my basic assumption is that while any given government can not be trusted with too much power, if you can't distribute your trust for such things across several very different governments, human freedom may be a lost cause in the long run anyway. -- Nathaniel From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mpd@netcom.com (Mike Duvos) Date: Fri, 6 Jan 95 16:10:51 PST To: cypherpunks@toad.com Subject: Re: Files and mail In-Reply-To: Message-ID: <199501070010.QAA02210@netcom10.netcom.com> MIME-Version: 1.0 Content-Type: text/plain drechsau@winternet.com (Mike Horwath) carefully explains all the reasons why is it better to have a Netcom account than a Winternet account! > I was going to be in, I decided to rest instead. So sue me > for it. Big providers like Netcom have many employees and many machines. Things do not screech to a halt when "the guy who owns the machine" takes a mental health day. :) > Talk about net.good.will...you stole service after it was > suspended. Free service offered to the public cannot be stolen, even by prior dissatisfied customers. Big providers like Netcom don't care if someone they don't like logs onto the machine again as "guest". > Tuesday, after being up for 20+ hours and getting a couple > hours sleep, you call ... Again, sue me, this time for being > tired. Service at big providers like Netcom doesn't slack off when "the guy who owns the machine" misses his nap... > Wednesday, I was going to be into work, which you assumed I > would be, ... I decided I was going to take that day off ... ...or when "the guy who owns the machine" goes fishing... > The machine being down was not used as an excuse, but it is > hard to operate like we used to with only one user machine. ...or when "the machine" is broken. > That is 2 counts in 2 days (notified on monday, early, of > the spamming, notified on wed of the mass unsolicited > mailings). Sorry, someone had to put their foot down, and > it happened to be us. Big service providers like Netcom don't interfere with customer use of the resources they sell, except when network functionality is impacted. Even in such cases, they try to reach an understanding with the user, and terminate accounts only as a last resort. Accounts don't vanish when "the guy who owns the machine" decides to throw a tantrum. > It was innapropiate for the groups that you posted to. Big providers like Netcom don't pass editorial judgment on the content of material posted by their customers. > Sorry Carol Anne, but this is a system I administer and I > use the AUP to protect all of us accross the 'net. I am sure we will all sleep more soundly knowing that Mike Horwath and his tiny pimple of a machine on the Internet are "protecting" us. > We had talked about the winternet t-shirts and how we would > use the work you did and the monies you would receive as > payment. Big providers like Netcom don't make silly little deals with customers for T-shirts... > Well, no t-shirts have gone out and at this time, I will be > cancelling all orders for them and will redesign them and > have them produced externally to what you have done. This > is what happens when you hold something over someones head. ...or cancel those agreements out of spite when they don't get everything done their way. You know, I used to use BBS systems a great deal before large providers like Netcom began offering personal accounts with Internet access at reasonable rates. A BBS is about as far from a common carrier as one can get, and many Sysops disclaim all your rights under the ECPA, read private mail, forbid the use of PGP, decide what opinions may be expressed on various issues, and boot off any user who questions anything they do. Since the Sysop owns the machine, they are legally within their rights to act like this, and as long as there are enough users who will put up with their behavior, they can run a system. Now that Unix boxes are not much more expensive than PCs used to be, every asshole in the world who played Sysop on a BBS now envisions himself as Sysadmin of an ISP. So you have an infestation of tiny service providers, running on toy machines, that coast along for a few years until the person running them either goes bankrupt or gets bored. I certainly wouldn't subscribe to one of these services, because the management mentality and problematical service most of them provide is exactly what I came to Netcom to get away from. Quite frankly, I don't see why Carol doesn't just get a Netcom account and stop quibbling with this twit. Stop letting him waste any more of your time and let him play his administrative power games with newbies who don't know any better. My two cents. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: drechsau@winternet.com (Mike Horwath) Date: Fri, 6 Jan 95 14:12:55 PST To: carolann@mm.com Subject: Re: Files and mail In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text [This is hopefully going to be my only message on this matter, questions or comments, just reply to me directly] > A written reply will suffice. > You have my permission to make all of my files world readable. > You can put them in the ftp site. Since you are posting this to so many people, they can all see my reply. And this is a written reply :) > Upon receipt of notice, they will be removed within 24 hours, > and you will recieve a signed PGP statement with the new key, > stating that the files have been removed. Other Winternet users have > already gone to my defense, and copied all of the world readable > material anyway. And the whole account might as well be, too. Fine, when I have things packed up, they will be moved and you will be notified. > Please do not forward any mail here. You will better serve yourself > bouncing the letter back to the sender and informing them of my new > address. If I find forwarded mail in my mailbox, I will print hard > copies and visit the Attorney General's Office and file a complaint > under the Stalking laws of the State of Minnesota. You can either take the alias in my alias database or have no forwarding address left, that is your choice. We are courteous enough to forward for you, take it or leave it. And stalking laws? I don't think so. There is a difference in notification and stalking and my email to you is far from stalking. > And please...deactivate my WWW pages. I was astounded to find out > that during the suspension, they continued to remain active, as I > learned in the office Wednesday. That was (and still is) stealing my > net.web.goodwill, and creating a falsehood amongst other users. They were left there because they are of use to the 'net and until I could hear from you what you wanted done with your files, there was no need to remove the WWW pages or your account. Now that we have your decision, everything will be removed. And stealing? You had them up for public consumption for many weeks. Did everyone who touched your page steal then? So, no, no advantage was taken by us via your WWW pages. > I spent six full hours making a personal appearance, at great > personal expense, to the Winternet Office to resolve the situation. Great personal expense? This is going to be fun. I don't think harassing Chad (my intern) or Doug (my roommate) for 6 full hours a very nice thing to do at all. If you had wanted to meet me there, you could have had one of them call me, or if they did not have the number for where I was at that day (which happened to be my first complete day off in a few weeks), you could have dropped me email stating you were at the office to discuss this. I was only 10 minutes away at a friends house to escape work. I am pretty sure they told you I was taking a day off after they found out from me. I was going to be in, I decided to rest instead. So sue me for it. No Carol Anne, you did not have any 'great personal expense', what you did do was impose yourself on two people for 6 hours. You also then used our basic login on our console machines, which is there for when people come to visit, to post messages to UseNet and to send and receive email. Not very nice now is it? When service was suspended, it meant all service, not just your account on the main machines. Talk about net.good.will...you stole service after it was suspended. > My original reply still sits in suspended composition in my mailer. I > wasted not a nano-second in preparing my reply to the posting. In legal > point of fact, the poster is violation of Minnesota State Law. He has > no legal jurisdiction whatsoever. What are you talking about now? I hope you don't think I am taking legal action for something, because that would be just funny to hear. Your account was terminated for a breach in our AUP, not because you caused me or Winternet harm. > I did not take days to "investigate", nor cite that other things such as > "my machines being hacked" and "I'll do it when I'm ready to do it,". First day, monday, when I suspended your account, you did not even feel it was resonable to call me when I had written a message to your screen explaing that we needed to talk. Tuesday, after being up for 20+ hours and getting a couple hours sleep, you call and harass me at home even more about the status of your account. I told you I wanted to investigate these instances and that I did not have the time because I was dealing with some hackers who had tried to break in. Again, sue me, this time for being tired. Wednesday, I was going to be into work, which you assumed I would be, but did not bother to call to make sure I was around. I decided I was going to take that day off I had been trying to take and did NOT find out you were in the office until late afternoon Wed. I asked Chad and Doug why you were there, and they said they did not know. If you had wanted to see me to talk about this, you should have spoken up. The machine being down was not used as an excuse, but it is hard to operate like we used to with only one user machine. This is a piece of stress on me, which was never taken out on you or on any other user. > I was a simple complaint. It had no validity. Crossposting an article to > .1% of the Usenet News Groups does not by the very statistic constitute > spam. (And I own two shares of Hormel Corp, so I do know what SPAM (tm) is. What you consider spamming, and what others do, is two different things. I explained my views, you have seen our AUP, and it was in my judgement, and later, after talking with my peers, their judgement, that things had gone too far. Should I also bring to light your unsolicited mailings you did to users on Winternet and others out to the 'net? Remember those? Something about selling web pages from your account, which I had told you I would rather you did not do, very politely I might add. Or what about the net cash mass mailing you did to people? That is 2 counts in 2 days (notified on monday, early, of the spamming, notified on wed of the mass unsolicited mailings). Sorry, someone had to put their foot down, and it happened to be us. > The crossposting wasn't wasting resources. It was innapropiate for the groups that you posted to. > It is of no one's concern the actual groups posted. It is when others have to read it. > They have the right and ability to respond. And they did, both to you, you have stated, and to me, as the admin of Winternet. > I asked for no money. I did not stand to profit by the posting. That doesn't matter, it was still innapropiate to post this message to the groups you posted to. > The person who started the whole thing was pretty heavily chastised, > by the readers of his own news group. Huh? > A fast "K" was all that any individual needed for this article. Uhuh, we could have done that for C&S also, but it would not have helped. > No, Mr. Horwath, you are "way out-of-bounds" this time. > And as the time cronology unveils itself, I am sure that > will be shown to be a very truthful, factual statement. Sorry Carol Anne, but this is a system I administer and I use the AUP to protect all of us accross the 'net. This was not an attack against you. You were not judged unfairly. What you did was break our agreement and for this, you lost your service. Also, you hadn't paid for your account for over 10 weeks, so why are you bitching so much anyway? We had talked about the winternet t-shirts and how we would use the work you did and the monies you would receive as payment. Well, no t-shirts have gone out and at this time, I will be cancelling all orders for them and will redesign them and have them produced externally to what you have done. This is what happens when you hold something over someones head. > Dangerous precedents were set here. I will not rest until the > whole of the Internet knows and is aware of the situation. Then spam again, Carol Anne. > Signed > Carol Anne Braddock > Friday January 6th, 1995 9:40 A.M. > On Fri, 6 Jan 1995, Mike Horwath wrote: > > > You are welcome to your files and mail, I will pack everything up for > > you as you left it, including your FTP area. > > > > I expect you to try to reach me today in the afternoon at my office and > > I will fully explain why your account was deleted, with full detail as > > to why. > > > > I do appreciate the work you did on the shirts for Winternet. I don't > > appreciate the harassment you have already tried to bring upon me. > > > > When we talk, I think you might understand why this was done. If you do > > not, then I feel bad, as I must then not be making myself clear. But > > no matter what, this was policy that you chose to break even after I > > had talked to you about it. More on this when we talk. > > > > Good luck at your new provider, Larry Leone is an old user of mine and > > seems to be a good guy, even if a little quiet on the newsgroups :) > > > > A copy of this letter is also going to your new admin so that he knows > > what is going on. > > > > Larry, Carol Anne was using about 11.5MB of disk that will be moving > > over from Winternet to MM. > > > > Also, how have you been anyway? Been awhile since I saw you. Oh, and > > could you install identd on your system? Get back to me on anything, > > or with questions. > > > > -- > > Mike Horwath IRC: Drechsau LIFE: Lover drechsau@winternet.com > > Winternet: info@winternet.com root@jacobs.mn.org <- Linux! > > Twin Cities area Internet Access: 612-941-9177 for more info > > Founding member of Minnesota Coalition for Internet Accessibility [all previously included messages left intact] -- Mike Horwath IRC: Drechsau LIFE: Lover drechsau@winternet.com Winternet: info@winternet.com root@jacobs.mn.org <- Linux! Twin Cities area Internet Access: 612-941-9177 for more info Founding member of Minnesota Coalition for Internet Accessibility From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mpd@netcom.com (Mike Duvos) Date: Fri, 6 Jan 95 16:20:05 PST To: cypherpunks@toad.com Subject: Re: All I did was properly crosspost! In-Reply-To: <9501062310.AB20311@eri.erinet.com> Message-ID: <199501070020.QAA03416@netcom10.netcom.com> MIME-Version: 1.0 Content-Type: text/plain > The discussion on alt.current-events.net-abuse seemed to indicate that the > claim of "Just 10" above is a slight understandment. The newsgroups seem to > have been hit alphabetically, and I believe the total count was in the hundreds. > > --Paul J. Ste. Marie > pstemari@well.sf.ca.us, pstemari@erinet.com The individual who posted the first hysterical message about Carol's alleged spam in a.c-e.n-a leaped to the conclusion that it was being posted to a large number of groups because one of the newsgroups posted to had a very low ordinal in the alphabetical list of all newsgroups. The message itself, which he quoted, was only cross-posted to the 10 newsgroups specified. I believe the CancelMoose threshold for an official spam is 50 newsgroups. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nathaniel Borenstein Date: Fri, 6 Jan 95 13:21:06 PST To: jrochkin@cs.oberlin.edu Subject: Re: Remailer Abuse In-Reply-To: <1185.789426406.1@nsb.fv.com> Message-ID: <4j3PEYr0Eyt5IxI7VW@nsb.fv.com> MIME-Version: 1.0 Content-Type: text/plain Excerpts from mail: 6-Jan-95 Re: Remailer Abuse jrochkin@cs.oberlin.edu (3378*) > 1) The initial remailer has no way of knowing how many subsequent links > there are in the chain, and so doesn't know if I've paid him enough to > reimburse everyone else. I can easily cheat. This depends entirely on your definition of "cheating". Basically, my proposal (which I think crossed in the mail with yours, so I'm not claiming that you misunderstood it -- in fact you anticipated *most* of it, I think) was to charge once for entry to the "system", and to include in that charge as many "hops" as you feel are necessary. No cheating involved -- the truly anonymous hops would only be accessible from within the "system", i.e. from a similar anonymous remailer "inside" the system or from one of the fee-for-entry systems. If this is the charging model, then the objections about knowing the chain length, etc. all go away. > 2) This system requies a good deal of cooperation and organization among > remailer operators. Not that much, just a revenue sharing arrangement based on income and volume. Consortia do this sort of thing all the time, though most consortia aren't formed in quite the atmosphere of paranoia that often surrounds remailers..... > Assuming that there will be some free as well as some charging remailers, > I'd also like to use some of each in my chain. I see some problems with > the Remailer Trade Association allowing those transactions to happen. > (will they accept incoming mail from a non-affilated remailer, which surely > won't be paying them at the end of the month? Surely not, which means if I > use any affilated remailers in my chain, no affilated remailers can come > afterwords. So all affilated remailers I'm using have to come before all > non-affiliated remailers, which is an undesirable restriction which could > aid traffic analsysis. If there are several affiliations, things get even > more complicated.) Actually, I think this could be serialized -- you could design it so that you could use free remailers either before or after the consortium members, but once you left the consortium system your message would have to somehow pay to get back in again. That would be a mess, and not my preferred way to do it. > And it isn't an issue of > certain sacrifices you have to make in order to set up for-pay remailers, > as a Chaum digicash based for-pay remailer system would work admirably, and > none of my objections would apply to it. Yes, it is is true that if digicash starts working for real money, it will answer your objections quite nicely. However, there are lots of objections to that sort of system, too, they're just different ones. As both the FV and Digicash folks have pointed out many times, we have very different technologies that fill very different requirements, it's not an either/or choice. I think you could build interesting anonymous remailers on each system, too. -- Nathaniel From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonny Goldman Date: Fri, 6 Jan 95 16:19:51 PST To: tengi@Princeton.EDU Subject: Indexing and searching (was Re: public vs. private replies) In-Reply-To: <9501062315.AA29835@deepthought.Princeton.EDU> Message-ID: <9501070020.AA01782@philo.synopsys.com> MIME-Version: 1.0 Content-Type: text/plain Date: Fri, 06 Jan 1995 18:15:40 EST From: "Christopher J. Tengi" You may want to take a look at glimpse and harvest. Here are some useful URLs for them: http://glimpse.cs.arizona.edu:1994/ http://harvest.cs.colorado.edu/ Both very good systems. Harvest is probably overkill. Glimpse is nice, but I don't know if it handles mail archives (unless they are one-file-per-message). > > In article <199501060807.DAA22166@bb.hks.net>, > L. McCarthy wrote: > >Tim May writes: > >> In my opinion, having personal access > >> to past posts is several orders of magnitude more important than > >> having MIDI-MIME JPEG-II TeX players [...] > > > >It takes more disk space from one's personal quota, though (for those who > >suffer under such restrictions). :[ > > All posts to cypherpunks since June '94 are available by ftp from > ftp.hks.net:/cypherpunks/nntp/cypherpunks. They are also available > via nntp from nntp.hks.net:hks.lists.cypherpunks. > > I'd be glad to put a search engine of some sort on them, either by > Web or by mailserver, if someone can suggest a reasonable way to index > the whole lot. There used to be a WAIS index of cypherpunks on mariposa, but it doesn't seem to work now. WAIS indexing mail archives is pretty easy. - Jonny G From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 13:30:13 PST To: Nathaniel Borenstein MIME-Version: 1.0 Content-Type: text/plain At 4:10 PM 01/06/95, Nathaniel Borenstein wrote: >I hate to say it, because I generally tend to take the pro-FV side of >most arguments :-), but I think Jonathan's closer to the mark in this >case. If mail goes through ten remailers, and they ALL charge via First >Virtual, then the last one in the chain won't have to know who you are, >but it will have to know your FV billing account. Thus it, together >with FV, have enough information to break anonymity. > >This is NOT the same as saying that ANY one operator, together with FV, >can burst anonymity; it means that the last one + FV can do so. I Hmm. Maybe I don't completely understand how this is going to work, but won't _every_ remailer in the chain need to know your FV billing account? How would the rest of them charge via FV without knowing your billing account? What Russell was suggesting (I think), was that only the first would bill via FV directly, so only the first would need to know your billing account, and then he'd settle up with the others at the end of the month. (A particular variation of that scheme is what you mentioned later in your message, and I'll get to that). But assuming that every remailer along the chain _was_ charging via FV, I fail to see how only the last one would need your billing account; seems to me they all would, and thus any one could collude with FV to violate your anonimity. [...] >Personally, for my taste this is sufficiently anonymous for any >reasonable purpose. HOWEVER, I can imagine how to make it even more >anonymous. Imagine that there are ten for-profit anonymous remailer >operators who form an "anonymous remailers consortium". Each of them >operates TWO remailers, a for-pay one and a free one, but the free one >will only take things that have come directly via some consortium >member's anonymous remailer, so your message has to be paid for once, at >the entry point to the overall system. Now you can build up a chain >that STARTS with a payment, but then threads its way through a bunch of >less traceable systems. where the operators can't give tracing >information even under court order. The consortium members would >probably have to agree to some revenue sharing arrangements, but you >could make this work. Yeah, that's a specific instance of the type of thing Russel was proposing in the message you were replying to. An instance which avoids many of the critisisms I made directly after Russell's message, but not all. The remailer operators still have to have an organization and remain in close contact, which I am uncomfortable with because it seems to make collusion more likely. And it's still dificult to intermix for-pay and free remailers within your chain, or even just for-pay remailers from several different consortiums. And there are a variety of problems in that inability. [The consortium, as far as I can tell, would also find it rather dificult to charge more for a longer chain, I can't think of any way for them to charge anything excpet a uniform amount regardless of length of chain, unless you give the first remailer a way to tell the length of your chain, which is undesirable. I'm not sure if this is a problem.] >I think this level of engineering is overkill -- for my personal level >of paranoia, I would settle for a single for-pay anonymous remailer >located in a country with very different laws than those that governed >the payment system. Such a system would probably be "breakable" for And this level of paranoia would be perfectly well surved by a Julf/penet style remailer, which _would_ work well with an FV-payment system, as I agreed before. The cypherpunks chained remailernet system as a whole is overkill for your paranoia needs, but appearantly not for the needs of those who use it over Julf's. It appears to me, that an FV-style payment scheme can't be added to the cypherpunks chained remailer system without dropping it's security to the level of Julf's. Which might be good enough for you, but not good enough for me, or presumably for anyone else that uses cypherpunks remailers. [Do you understand how cypherpunks remailers work, and the difference between them and a julf/penet style remailer? Do you understand how encryption is used in a cypherpunks-style remailer chain to make it so each individual remailer only knows the next remailer along the chain, and not the entire rest of the chain?] From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 13:44:48 PST To: Nathaniel Borenstein MIME-Version: 1.0 Content-Type: text/plain At 4:20 PM 01/06/95, Nathaniel Borenstein wrote: >Yes, it is is true that if digicash starts working for real money, it >will answer your objections quite nicely. However, there are lots of >objections to that sort of system, too, they're just different ones. As >both the FV and Digicash folks have pointed out many times, we have very >different technologies that fill very different requirements, it's not >an either/or choice. I think you could build interesting anonymous >remailers on each system, too. -- Nathaniel Try to bring up objections to a digicash-style system that are applicable to remailers. I agree that they are different technologies that fill different requirements, but it seems to me that the particular requirements of a remailer system are only met by a digicash/magic money style technology. I think an electronic cash system that will work with remailers, must satisfy these things: 1) You need to be able to enclose the "signifyer" of the transaction inside encryption. Whether the "signifyer" is the cash itself, or an agreement to make a transaction together with a billing number, or whatever, you need to be able to enclose it in a PGP (or other arbitrary PKE protocol) encrypted block. 2) The "signifyer" of the transaction (which again might theoretically be the cash itself, or some kind of billing number) alone shouldn't be enough to reveal the identity of the anonymous user. Number two up there is what most of us _mean_ by "anonymous digital cash", and FV simply doesn't meet it. FV might be perfectly adequate in some circumstances, but it doesn't meet that requirement, and many of us aren't going to feel comfortable using a system to pay for remailer access (among other things, certainly, but remailer access is something that is worthless without anonymity) that doesn't fulfill that requirement. If the "signifyer" alone can be used to determine who I am, even if it takes the collusion of FV and a remailer op, I'm not comfortable with that. Number One is neccesary for the ecash protocol to work within the remailer framework effectively; I've got to send each remailer it's payment within an "envelope" that no one else can penetrate. The use of an ecash payment system which doesn't meet these two requirements can't help but _lessen_ the security of the current conglomeration of remailers. Which is unacceptable to me. Remailers should be trying to approach the goal of ensured secure anonymity, and requiring payment by an ecash system which doesn't meet those two requirements would seem to be retreating from that goal, in a rather dificult to reverse manner. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matt Blaze Date: Fri, 6 Jan 95 13:56:39 PST To: cypherpunks@toad.com Subject: My life as an international arms courier Message-ID: <9501062154.AA04543@merckx.info.att.com> MIME-Version: 1.0 Content-Type: text/plain Under an obscure provision of US law, devices and computer programs that use encryption techniques to hide information from prying eyes and ears are considered ``munitions'' and subject to the same rules that govern the international arms trade. In particular, taking such items out of this country requires the approval of the State Department, which decides whether exporting something might endanger national security. In the past, these restrictions were of little concern to the average citizen; encryption found most of its application in military and diplomatic communications equipment. Today, however, growing concern over electronic fraud and privacy means that encryption techniques are starting to find their way into more conventional commercial products like laptop computers and portable phones. Mostly to find out what the process was like, I recently applied for a temporary export license for a portable telephone encryption product that I wanted to take with me on a business trip to England and Belgium. The item in question is more properly called a ``telephone security device.'' This is a little box that scrambles telephone conversations to protect them against eavesdroppers; this sort of protection is sometimes important when discussing confidential business matters from faraway places. The particular model I bought was already approved for export; it employs a cipher algorithm that the government has already decided is not a threat to national security even should it fall into the hands of some rogue government. This model is aimed primarily, I presume, at international business travelers who want to communicate in a reasonably secure manner with their home offices in the states. In other words, a typical user buys two of them, leaving one at the home office and carrying the other when traveling abroad. The options that came with my device included a James Bond-ish looking acoustic coupler and handset to facilitate its connection to the hardwired phones that are still common in European hotel rooms. It turns out that there was recently some discussion in the government about exempting products like my secure phone from the licensing paperwork requirements. Unfortunately, however, this exemption never actually took effect. So even though the device I had was already approved for sale abroad, I still needed to get a temporary export license before I could take it with me. But I was assured that ``this is an easy, routine process''. Well, sure enough, about two weeks before I was to leave I got back my official US State Department ``license for the temporary export of unclassified defense articles''. So far, so good. From what I was able to figure out by reading the license (and having a few conversations with an export lawyer), I'm required to leave from an international airport with a Customs agent present (no problem there, although Customs is geared to arriving, rather than departing, travelers). At the airport, I'm supposed to fill out a form called a ``shipper's export declaration'' (SED) on which I have to declare that ``these commodities are authorized by the US government for export only to Belgium and the United Kingdom. They may not be resold, transshipped, or otherwise disposed of in any country, either in their original form or incorporated into other end-items without the prior written approval of the US Department of State''. Then I'm to present the SED and export license to a Customs official at the airport before I leave. The Customs officer is supposed to take my SED and endorse my license to show what I'm actually taking out of the country. On the way back in, I'm supposed to ``declare'' my item at Customs (even though it was manufactured in the US) and show them my license, and they're supposed to endorse the license again as proof that I have, in fact, returned the ``defense article'' to the safety of the United States. The first hitch I ran into was that no one could actually tell me where I could get an SED form. But when I called Customs they assured me that this was no big deal. ``Just come by when you get to the airport and we stamp the license. I guess you can just fill out the SED there,'' they said. I made sure to get to the airport early anyway. Although there was moderately heavy traffic near the airport, I made it to JFK two and a half hours before my 10pm flight. I was flying United, which has their own terminal at JFK, so Customs has an office right there in the same building from which I was to depart (JFK is awful to get around, so I was glad for this). I checked in for my flight (and got upgraded to first class, which bolstered my expectation that everything was going to be really easy from here on). Then, luggage, license and phone in hand, I made my way downstairs to Customs, expecting to fill out the SED form and ``just have my license stamped'' as they had assured me earlier on the telephone. I explained my situation to the security guard who controls entry to the Customs area, and he led me to ``the back office'' without much argument or delay. The head uniformed Customs guy in the back office (which I think is same office where they take the people suspected of being ``drug mules'' with cocaine-filled condoms in their stomaches) looked approachable enough. He had a sort of kindly, grandfatherly manner, and he was playing a video game on a laptop computer. I got the impression that most of the people he encounters are suspected drug smugglers, and he seemed pleased enough to be dealing with something a little different from the norm. When I explained what I was doing he looked at me as if I had just announced that I was a citizen of Mars who hadn't even bothered to obtain a visa. He explained, carefully, that a) I really do need the SED form; b) not only that, I should have already filled it out, in duplicate; c) he doesn't have blank SED forms; d) he, like everyone else in the entire US government that I had spoken to, has no idea where one gets them from, but people must get them from somewhere; and e) it doesn't really matter, because I'm in the wrong place anyway. I asked him where the right place is. ``The cargo building, of course,'' he told me, patiently. I remembered the cargo building because I passed it in the taxi just as the traffic jam began, about half an hour before I got to the United terminal. The airport shuttle bus doesn't stop there. I'd have to call a taxi. ``But I think they're closed now, and even if they were open you'd never make it before your flight'' he helpfully added, saving me the trip. He also complemented me for going to the trouble to get the license. I must have looked hurt and confused. Eventually he called in some fellow in a suit who I presume to have been his boss. ``Are you the guy who wants to export the fancy gun?'' the fellow in the suit asked me. ``It's not a gun, it's a telephone,'' I responded, with a straight face. ``Why do you have a license to export a telephone?'' Good question, I thought. I explained about the export law and showed him the thing. He agreed that it looked pretty harmless. The fellow in the suit reiterated points a through e almost verbatim (do they rehearse for these things?) and explained that this isn't really their department, since my license was issued by the State Department, not Customs, and my situation doesn't come up very often because exports usually go via the cargo building. He'd love to help me, but the computer in which these things get entered is over in Cargo. ``That's how the records get made. But you do have a valid license, which is nice.'' He also suggested that I would have had an easier time had I shipped the device instead of carrying it with me. I asked what I should do, given that my plane was scheduled to leave in less than an hour. Neither was sure, but the fellow in the suit seemed willing leave it to the discretion of the uniformed guy. ``How does this thing work, anyway?'' he asked. I explained as best as I could, trying to make it sound as harmless as it is. ``You mean like that Clipper chip?'' he asked. At this point, given that he has a computer and knows something about the Clipper chip, I figured that maybe there was some hope of making my flight. Or maybe I was about to spend the night in jail. In my mind, I put it at about a 90:10 hope:jail ratio. Then he asked, ``Do you know about this stuff?'' So we chatted about computers and cryptography for a while. Finally, the two of them decided that it wouldn't really hurt for them to just sign the form as long as I promised to call my lawyer and get the SED situation straightened out ASAP. They assured me that I won't be arrested or have any other trouble upon my return. I made my flight, validated license in hand. An aside: Throughout my trip, I discovered an interesting thing about the phone and the various options I was carrying with it. Under X-ray examination, it looks just like some kind of bomb. (I suspect it was the coiled handset cords). Every time I went through a security checkpoint, I had to dig the thing out of my luggage and show it to the guard. I almost missed the new ``Eurostar'' chunnel train (3hrs 15mins nonstop from London to Brussels, airport-style checkin and security) as the guards were trying to figure out whether my telephone was likely to explode. Coming back to the US was less eventful, though it did take me an extra hour or so to get through Customs. Expecting a bit of a hassle I didn't check any luggage and made sure to be the first person from my flight to reach the Customs line. The inspector was ready to wordlessly accept my declaration form and send me on my way when I opened my mouth and explained that I needed to get an export license stamped. That was obviously a new one for him. He finally decided that this had to be handled by something called the ``Ships Office''. I was sent to an unoccupied back room (a different back room from before) and told to wait. I thought about the recent Customs experiences of Phil Zimmermann. (Zimmermann, the author of a popular computer encryption program, was recently detained, questioned and searched by Customs officials investigating whether he violated the same regulations I was trying so hard to follow.) After about half an hour, an officer came in and asked me what I needed. I explained about my export license that had to be endorsed. She just shrugged and told me that she had to ``process the flight'' first. As best as I could tell, her job was to clear the airplane itself through Customs, that being, technically speaking, a very expensive import. It would take a little while. She was pleasant enough, though, and at least didn't look at me as if she intended to send me to jail or have me strip searched. Finally, she finished with the plane and asked me for my form. She studied it carefully, obviously never having seen one before, and eventually asked me what, exactly, she was supposed to do. I explained that I had never actually gone through this process before but I understood that she's supposed to record the fact that I was re-importing the device and stamp my license somewhere. She told me that she didn't know of any place for her to record this. After some discussion, we agreed that the best thing to do was to make a Xerox copy of my license and arrange for it to go wherever it had to go later. She stamped the back of the license and sent me on my way. It was a little over an hour after I first reached the Customs desk. My conclusion from all this is that it just isn't possible for an individual traveler to follow all the rules. Even having gone through the process now, I still have no idea how to obtain, let alone file, the proper forms, even for a device that's already been determined to be exportable. The export of export-controlled items is ordinarily handled by cargo shipment, not by hand carrying by travelers, and the system is simply not geared to deal with exceptions. Technically speaking, everyone with a laptop disk encryption program who travels abroad is in violation of the law, but since no one actually knows or checks, no mechanism exists to deal with those who want to follow the rules. While (fortunately) everyone I dealt with was sympathetic, no one in the government who I spoke with was able to actually help me follow the rules. I was permitted to leave and come back only because everyone involved eventually recognized that my telephone was pretty harmless, that my intentions were good, and that the best thing to do was be flexible. If anyone had taken a hard line and tried to enforce the letter of the law, I simply wouldn't have been able to take the thing with me, even with my license. Had I just put my telephone in my suitcase without telling anyone instead of calling attention to myself by trying to follow the rules, chances are no one would have noticed or cared. Unfortunately, however, these absurd rules carry the full force of law, and one ignores them only at the risk of being prosecuted for international arms trafficking. While it may seem far-fetched to imagine US citizens prosecuted as arms smugglers simply for carrying ordinary business products in their luggage, the law as written allows the government to do just that. At the same time, anyone who is aware of and who tries to follow the regulations is made to jump through pointless hoops that are so obscure that even the people charged with enforcing them don't know quite what to make of them. Copyright 1995 by Matt Blaze. All rights reserved. Electronic redistribution permitted provided this article is reproduced in its entirity. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Dr. D.C. Williams" Date: Fri, 6 Jan 95 14:12:05 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse Message-ID: <199501062217.RAA29043@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- > >Why? Why wouldn't the FV remailers use settlements? At the end of > >the month, everyone settles accounts in re who gets what fraction of > >what. No logs are needed other than counters. > Oh, you're suggesting that I'd only actually pay the first remailer on my > chain, and at the end of the month he'd pay some of the money I (and > others) paid him to all of the other remailers his transacted with over the > month? Way too complicated . . . Why not establish a system where the only the first remailer is paid and all subsequent remailers agree to accept traffic from other remailers without compensation? Assuming that first remailer use is or would be somewhat distributed, the net from each remailer would approach the same figure reached by endlessly confusing cross-payments (A pays B, C, and D, B pays A, C, and D, etc.). Only non-remailed access would be subject to a fee. Operators with the best net. reputations and those whose remailers are especially full featured or prompt will likely receive more use as "entry" remailers; this is good capitalism which should not only increase their number but improve the state of remailers in general. If someone wants to establish a remailer that will join the existing mesh of remailers, it will have to accept messages from others gratis if it wants such access to the rest of them. Its compensation would be derived from initial traffic. Maybe this would also encourage operators to beat the bushes for traffic, which would also be a Good Thing. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3BayoZzwIn1bdtAQECegGAjSdkX8YYygLJkk1K/Sr6A84QpdNOXbUq uuWxqbSg+6T3Tac+GKdxdNw2SqdExIrV =z/ms -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: roy@cybrspc.mn.org (Roy M. Silvernail) Date: Fri, 6 Jan 95 18:07:47 PST To: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Subject: Re: Remailer Abuse In-Reply-To: Message-ID: <950106.173231.9X3.rusnews.w165w@cybrspc.mn.org> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, jrochkin@cs.oberlin.edu writes: > At 3:12 PM 01/06/95, Russell Nelson wrote: >>Why? Why wouldn't the FV remailers use settlements? At the end of >>the month, everyone settles accounts in re who gets what fraction of >>what. No logs are needed other than counters. > > Oh, you're suggesting that I'd only actually pay the first remailer on my > chain, and at the end of the month he'd pay some of the money I (and > others) paid him to all of the other remailers his transacted with over the > month? I hadn't thought of that, but now that I do, I can see several > problems arising. This might not be as much of a problem as you think. Given that there will likely be a mixture of free and pay remailers, and that a given message may chain through one or more of either type, why not place the stamp for each pay remailer inside the encrypted sub-packet which that mailer will receive? Think of each remailer as an independant post office. For each pay remailer, you need one stamp. Ideally, each stamp would be a bit less expensive, but since remailers don't need to share their revenue, that shouldn't be much problem. An intelligent chainer (Chain++, maybe?) could keep track of your postage and put the stamps in the proper inner envelopes. This would work best if all the pay remailers accepted a common brand of stamp. - -- Roy M. Silvernail [ ] roy@cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request@cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw3VrBvikii9febJAQFozwQAkYUBp9Uc5Lbmc4udL7hwTgBY9I+yfKdy wvW5xl4TeTeJLAS95yHOyiEKP/nVsjfknr4gx1mOrFZYOxkNRJa78YeQ8tDAVq7Y S1UQrYqHJAoi/AKdypufIaeu8iF/1pVbYLDdIbbQm3bxlUZHwciYJUvnneRjFbhA BJB+ruqzEMs= =CGFS -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nathaniel Borenstein Date: Fri, 6 Jan 95 14:45:49 PST To: jrochkin@cs.oberlin.edu Subject: Re: for-pay remailers and FV (Was Re: Remailer Abuse) In-Reply-To: <2292.789427808.1@nsb.fv.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Excerpts from fv: 6-Jan-95 for-pay remailers and FV (W.. jrochkin@cs.oberlin.edu (4416*) > Hmm. Maybe I don't completely understand how this is going to work, but > won't _every_ remailer in the chain need to know your FV billing account? > How would the rest of them charge via FV without knowing your billing > account? What Russell was suggesting (I think), was that only the first > would bill via FV directly, so only the first would need to know your > billing account, and then he'd settle up with the others at the end of the > month. (A particular variation of that scheme is what you mentioned later > in your message, and I'll get to that). The latter is what I was proposing. Only the first one would charge via FV, but the other ones would form a "closed system" that you could only get into by going through one that charged. > But assuming that every remailer along the chain _was_ charging via FV, I > fail to see how only the last one would need your billing account; seems to > me they all would, and thus any one could collude with FV to violate your > anonimity. That's not my assumption. I think you may have misread my mail -- I *agree* with you on this point. Sorry if I was unclear! > The > remailer operators still have to have an organization and remain in close > contact, which I am uncomfortable with because it seems to make collusion > more likely. As I said, it all depends on your level of paranoia.... I tend to think that in such an organization, where the primary "product" is privacy, each member would tend to watch all the other members like hawks, eager to publicize any instance of the other guy not being sufficiently zealous in protecting privacy. (Of course, I'm assuming that people like *you* will be running these services, i.e. people even more paranoid about privacy than me.) > And it's still dificult to intermix for-pay and free remailers > within your chain, or even just for-pay remailers from several different > consortiums. I think this is wrong. In my model, each consortium model has two, a for-pay and a for-free. Anyone can send to a for-pay, but only a consortium remailer can send to a for-free. Not that complicated, really. > [The > consortium, as far as I can tell, would also find it rather dificult to > charge more for a longer chain, I can't think of any way for them to charge > anything excpet a uniform amount regardless of length of chain, unless you > give the first remailer a way to tell the length of your chain, which is > undesirable. I'm not sure if this is a problem.] To my mind, that's not a bug, it's a feature. The consortium is charging you a set fee for privacy, and you get to decide how many hops are required to have a level of privacy you trust. > And this level of paranoia would be perfectly well surved by a Julf/penet > style remailer, which _would_ work well with an FV-payment system, as I > agreed before. The cypherpunks chained remailernet system as a whole is > overkill for your paranoia needs, but appearantly not for the needs of > those who use it over Julf's. It appears to me, that an FV-style payment > scheme can't be added to the cypherpunks chained remailer system without > dropping it's security to the level of Julf's. Which might be good enough > for you, but not good enough for me, or presumably for anyone else that > uses cypherpunks remailers. This is true of the scheme that I said I would be satisfied with (one remailer + FV), but not true, I think, of the "overkill" scheme, which was the consortium. > [Do you understand how cypherpunks remailers work, and the difference > between them and a julf/penet style remailer? Do you understand how > encryption is used in a cypherpunks-style remailer chain to make it so each > individual remailer only knows the next remailer along the chain, and not > the entire rest of the chain?] Well, I *think* I do, though I may be suffering from a bit of dilletantism here -- I'm certainly no expert in cryptography, but I think I understand the concepts involved. We haven't even gotten into the effect of encryption yet -- so far, we've just been talking, I thought, about untraceability. But as far as I can see, there's no reason that the consortium pay-only-at-entry scheme couldn't work with encrypted remailers. Am I confused? Couldn't you use the same cryptographic chain as is currently used, where all the inner entries in the chain are free crypto-remailers open only to other consortium remailers, but in which the outer encrypted message had the FV payment attached, which gained it entry to the remailer pool? > Try to bring up objections to a digicash-style system that are applicable > to remailers. I agree that they are different technologies that fill > different requirements, but it seems to me that the particular requirements > of a remailer system are only met by a digicash/magic money style > technology. Again, I think you mis-read me. I haven't (nor do I care to) spent a lot of time thinking about how to do remailers at all, let alone with digicash. What I was referring to was the basic objections that come from using a digital cash scheme in the first place. > I think an electronic cash system that will work with remailers, must > satisfy these things: > 1) You need to be able to enclose the "signifyer" of the transaction inside > encryption. Whether the "signifyer" is the cash itself, or an agreement to > make a transaction together with a billing number, or whatever, you need to > be able to enclose it in a PGP (or other arbitrary PKE protocol) encrypted > block. > 2) The "signifyer" of the transaction (which again might theoretically be > the cash itself, or some kind of billing number) alone shouldn't be enough > to reveal the identity of the anonymous user. I agree that FV doesn't meet the above requirements, but I don't see why they're necessary for remailers. In the consortium scheme I'd proposed, the only thing that could ever be proven about you would be that you had used a remailer. Now, if the message was not encrypted, your anonymity could be broken by collusion of FV and the "entry" remailer. But if the cypherpunks style cryptographic chain was used, i.e. if the contents (including an inner envelope that said who you really sent it to) were encrypted, nothing more would ever be derivable without the collusion of everyone in the chain, and even then it would only be derivable if certain records were kept. All I'm claiming is that it's do-able using the FV payment system. I'm not going to do it myself because I don't personally feel that this level of untraceability is EVER legitimately necessary..... -- Nathaniel From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cactus@seabsd.hks.net (L. Todd Masco) Date: Fri, 6 Jan 95 14:33:37 PST To: cypherpunks@toad.com Subject: Re: public vs. private replies Message-ID: <199501062238.RAA29242@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <199501060807.DAA22166@bb.hks.net>, L. McCarthy wrote: >Tim May writes: >> In my opinion, having personal access >> to past posts is several orders of magnitude more important than >> having MIDI-MIME JPEG-II TeX players [...] > >It takes more disk space from one's personal quota, though (for those who >suffer under such restrictions). :[ All posts to cypherpunks since June '94 are available by ftp from ftp.hks.net:/cypherpunks/nntp/cypherpunks. They are also available via nntp from nntp.hks.net:hks.lists.cypherpunks. I'd be glad to put a search engine of some sort on them, either by Web or by mailserver, if someone can suggest a reasonable way to index the whole lot. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw2LTRNhgovrPB7dAQEDNwP/QTydu0Tp68ytNupes18WU+uv159GJJfE Wy+3iLxj+9rbPJwEKBZlXqhkfV7pf4nK9wNwiwNR4ZF13zpCAljWPhw3BEgNM4Xj Ity2GWLb8s7PBMplc+ggTQ4LowMYGqoO/e1pBWH3joFCuv11owkf+ZmbvTSZgU7h l07wq41l2L0= =Ao+S - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3GJCoZzwIn1bdtAQFdVAF8DB7xxjzPgHNj2Eil0zEuLKj8SofCLFAs HBdXBN2fFjT5mNwnKh5a4T1R1Dv0Zp/c =6bFr -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nathaniel Borenstein Date: Fri, 6 Jan 95 14:45:36 PST To: Jonathan Rochkind Subject: Re: for-pay remailers and FV (Was Re: Remailer Abuse) In-Reply-To: <4715.789430801.1@nsb.fv.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Excerpts from fv: 6-Jan-95 Re: for-pay remailers and F.. "James A. Donald"@netcom (1127*) > On Fri, 6 Jan 1995, Jonathan Rochkind wrote: > > Hmm. Maybe I don't completely understand how this is going to work, but > > won't _every_ remailer in the chain need to know your FV billing account? > First remailer knows you and your FV billing account. Charges you > its own fee and the fee for all for profit remailers in the list. > (The envelope states what this fee is going to be) > Second remailer charges first remailer. > Third remailer charges second remailer. > If the postage on the envelope is insufficient to cover all > the for profit remailers the message passes through, it gets > bounced or dropped. > In principle it could work, Yes, I think you've probably just identified a *second* way it could work. I agree it's awfully complex, though. I'd prefer my consortium approach, but it's nice to see that multiple models are possible. -- Nathaniel From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 14:40:13 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse Message-ID: <199501062245.RAA29327@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- At 5:10 PM 01/06/95, Dr. D.C. Williams wrote: [suggestion that only the first remailer would get payed, with justification for that.] >Operators with the best net. reputations and those whose remailers are >especially full featured or prompt will likely receive more use as >"entry" remailers; this is good capitalism which should not only increase >their number but improve the state of remailers in general. If someone >wants to establish a remailer that will join the existing mesh of remailers, >it will have to accept messages from others gratis if it wants such access >to the rest of them. Its compensation would be derived from initial traffic. Yeah, that does seem possible. One thing to keep in mind, though, is that it's really the _last_ remailer in the chain that's taking the most heat, and it would be nice if they got payed. There's also an issue of some remailers refusing to be last in the chain, so they dont' expose themselves so much. So the remailers which _did_ agree to be last in the chain would obviously get used for this purpose, while the others wouldn't, but they wouldn't get any more money for it. They might even get less, since most people probably don't use the same remailer twice in a chain, so the ones agreeing to be last are hardly ever going to be first. That seems undesirable. Ideally, the forces of capitalism would work on the last remailer on the chain, rather then (or in addition to) the first, to increase the number of remailers willing to do this. All this goes triple for mail-to-news remailers, since that poses even more exposure to heat, and it would be nice if ops were conpensated for. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3H8yoZzwIn1bdtAQHFWwGAqDhDUgU4+I4wLsqR8AwHEm09E9lqVjCX IcKjz280k1pK3MLaOMTCueXVUaZCam6u =4Wi5 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Fri, 6 Jan 95 18:12:40 PST To: Mike Duvos Subject: Re: Files and mail In-Reply-To: <199501070010.QAA02210@netcom10.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Mike Duvos wrote: > > drechsau@winternet.com (Mike Horwath) carefully explains all the > reasons why is it better to have a Netcom account than a > Winternet account! > > > I was going to be in, I decided to rest instead. So sue me > > for it. (Long hilarious list of Mike Horwaths's totally unprofessional behavior deleted To save bandwidth, just read it twice, or better still three times.) > [Netcom] accounts don't vanish when "the guy who owns the > machine" decides to throw a tantrum. > > [...] > A big problem with Netcom is it that it has no web server, and its ftp server is totally overwhelmed. I use nw.com for my web pages and netcom for everything else. Big bandwidth webservice at reasonable rates Does anyone have a better suggestion? I have been shopping around for a reasonably priced 28KB SLIP connection. Have not found one yet. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rah@shipwright.com (Robert Hettinga) Date: Fri, 6 Jan 95 15:10:09 PST To: rah@shipwright.com (Robert Hettinga) Subject: Re: floating point crypto? Message-ID: MIME-Version: 1.0 Content-Type: text/plain At 6:51 PM 1/5/95, Timothy C. May wrote: >Robert H. has asked that we reply in e-mail to him, to avoid >"cluttering the list more than I already have...," but the logic of >this is faulty. The few lines of a response such as this one, or even >of several such responses, are as nothing compared to dozens or more >people sifting their own archives so they can each independently send >Robert what they find. Hence my public reply. Got that right. No one can be more chagrined than I about this, because I've seen it happen. I remember Way Back in Ancient History (1985) when someone who couldn't remember the name of the movie posted the plot to "Slient Running" to net.sf(?), and asked for e-mail answers, so it "wouldn't clog the newsgroup". He was begging for mercy as little as 4 hours later... How soon they forget. I'm lucky it didn't happen to me. Thanks Tim, for saving my bacon. Nonetheless, I *am* thankful to Jim Gillogly, who sent me a great bunch of stuff about what the pentium.whistleblower, Dr. Nicely, was working on. Jim said he got it out of WWW, and maybe he'll post the URL here and that will be that. Nicely was working with finding multiple primes: Prime twins, prime triplets, etc. I will now proceed to post the relevant bits of Jim's and Tim's stuff to the newsgroup I got "called" in. Thanks to everyone who sent me comments, pointers, etc. >Not to sound strident, but if folks would keep copies of articles and >spend some time organizing them in data bases or in other searchable >forms, this would help the list. In my opinion, having personal access >to past posts is several orders of magnitude more important than >having MIDI-MIME JPEG-II TeX players that can display "Cypherpunks R >Us" in the correct font and with the "R" reversed according to spec. Indeed. Having limited space on my poor PowerBook, I have kept mostly the "excrable e$" types of files, to wit: anything mentioning money, finance, economics, and whatever crypto is specific to those areas. Since I started hanging out here this spring, I've accumulated about 10 megs of stuff between this list and www-buyinfo. I just archived everything from November backwards into Stuffit-compressed Eudora mailboxes. If you want those, I've got 'em. I did search the files I have after the "great squeeze", but to no avail. Unfortunately, I did not think I would have to keep anything to do with WIntel and their potential tribulations. I am, after all a Certified Macintosh Bigot. Thanks again, everyone. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Fri, 6 Jan 95 15:19:20 PST To: cypherpunks@toad.com Subject: Re: sniff passwords on PC (DOS) Message-ID: <9501062310.AB20311@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 01:00 AM 1/6/95 CST, m00012@KANGA.STCLOUD.MSUS.EDU wrote: > ... It does not work after starting windows. Not sure, but it seems obvious >that MS windows installs it's own keyboard interrupt. ... True, but it's fairly simple to write a program that loads itselfs in win.ini and also hooks the keyboard messages from Windows. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mpd@netcom.com (Mike Duvos) Date: Fri, 6 Jan 95 18:12:43 PST To: cypherpunks@toad.com Subject: Re: Files and mail In-Reply-To: Message-ID: <199501070212.SAA19162@netcom3.netcom.com> MIME-Version: 1.0 Content-Type: text/plain "I'm Wozz" writes: [miscellaneous Netcom-honking elided] > It just so happens the AUP of winternet allows for this > situation. Right. And a small service provider can make any "terms of service agreement" his or her little heart desires. Just like the owner of a two line BBS. With big service providers, such things tend to be done in a somewhat more business-like fashion. > its a bit far fetched to call HIS reaction a tantrum.... If > anyone's screaming for mommy its whats-her-name.... Well, if I posted a message to 10 newsgroups and some bozo posted a message to a.c-e.n-a falsely implying that it was the beginning of some sort of massive spam, I would certainly not be pleased. If Netcom, after receiving some small amount of flamage on the subject, summarily removed access to my account and made themselves unavailable for several days when I tried to contact them to discuss the matter, and then tossed me off with a flippant "so sue me" when I protested, I would be even less pleased. Fortunately, I can't imagine Netcom even caring about a 10 newsgroup cross-post. > big is better i guess.... In the case of Internet Service Providers, big is definitely better. There are simply economies of scale which are not realized with smaller operations. Netcom has had some problems, but almost all of them were growth related. None of them were intrinsic to the systems and network itself. > Winternet is HARDLY a 'bbs'. Its a regional internet > service....much as netcom was before they flooded every > city with dialups. Read again, this time for comprehension. I did not say Winternet was a BBS. Merely that smaller ISPs have many of the undesirable characteristics found in BBS systems. > Any professional knows better than to read private > mail...and if this is so...then they aren't worthy of having > a site to run For legal purposes, most BBS systems declare that for the purposes of the ECPA, there is no such thing as private mail on their system. The Sysop is then free to read anything he wishes to. This policy is clearly stated in the user agreements of almost all BBS systems offering access to the public. > as for PGP, this is an individual thing....I'm sure mike > has no such objections...i know here at MindVox we > don't...in fact, we installed it for the users Many BBS Sysops forbid PGP and kick users off their systems who use it. They cite fears of encrypted illegal porn and credit card numbers passing through their systems, and potential legal liability. > Netcom is an abomination.....it is the only one of its kind > (not counting delphi etc, since they were conceived under > differnent systems) Netcom is the fastest growing and leading Internet Service Provider. Their ability to attract new customers is limited only by the rate at which they are able to increase capacity. Their respect for freedom of expression is absolute and they do not meddle in their customers' affairs. Their prices are reasonable and their user agreement is fair. Works for me. :) > They suck network services off others (irc as one example) > and don't take responsibilty for the HUGE number of idiots > on their service who maliciously hack anything they can > reach....its totally without personality...AND....its slower > than molasses...the management is out of touch with the > users and they are so overloaded with trouble reports, they > don't know what to do with them. Perhaps an exaggerated description of Netcom a few months ago, but certainly not the current state of affairs. I always get a line when I dial in, response time is reasonable, disk is abundant, and almost all software is available. Speed of network connections to other sites is quite acceptable. > This has got to be one of the largest loads of crap I've > seen tossed on this list in the year and a half i've lurked > on it. Everyone is certainly entitled to an opinion, which, in the words of Robert Blake, is one of the two things all humans have. :) > oh...btw...i don't have ANY connection to winternet, other > than knowing MANY satisfied customers, and having heard > alot about them, as a sysadmin for a site in much the same > situation. The number of satisfied customers is not the measure of a site, any more than the number of people still alive is the measure of a disease. Netcom works with the reliability of the phone company. It is always there, almost always up, and is redundant enough that when something breaks, it is still usable. I pay my $19.50 a month and I get unlimited everything. I'm happy. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Christopher J. Tengi" Date: Fri, 6 Jan 95 15:23:33 PST To: cactus@seabsd.hks.net (L. Todd Masco) Subject: Indexing and searching (was Re: public vs. private replies) In-Reply-To: <199501062238.RAA29242@bb.hks.net> Message-ID: <9501062315.AA29835@deepthought.Princeton.EDU> MIME-Version: 1.0 Content-Type: text/plain You may want to take a look at glimpse and harvest. Here are some useful URLs for them: http://glimpse.cs.arizona.edu:1994/ http://harvest.cs.colorado.edu/ > -----BEGIN PGP SIGNED MESSAGE----- > > - -----BEGIN PGP SIGNED MESSAGE----- > > In article <199501060807.DAA22166@bb.hks.net>, > L. McCarthy wrote: > >Tim May writes: > >> In my opinion, having personal access > >> to past posts is several orders of magnitude more important than > >> having MIDI-MIME JPEG-II TeX players [...] > > > >It takes more disk space from one's personal quota, though (for those who > >suffer under such restrictions). :[ > > All posts to cypherpunks since June '94 are available by ftp from > ftp.hks.net:/cypherpunks/nntp/cypherpunks. They are also available > via nntp from nntp.hks.net:hks.lists.cypherpunks. > > I'd be glad to put a search engine of some sort on them, either by > Web or by mailserver, if someone can suggest a reasonable way to index > the whole lot. > - - -- > Todd Masco | "life without caution/ the only worth living / love for a man/ > cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich > Cactus' Homepage > > - -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLw2LTRNhgovrPB7dAQEDNwP/QTydu0Tp68ytNupes18WU+uv159GJJfE > Wy+3iLxj+9rbPJwEKBZlXqhkfV7pf4nK9wNwiwNR4ZF13zpCAljWPhw3BEgNM4Xj > Ity2GWLb8s7PBMplc+ggTQ4LowMYGqoO/e1pBWH3joFCuv11owkf+ZmbvTSZgU7h > l07wq41l2L0= > =Ao+S > - -----END PGP SIGNATURE----- > - --- > [This message has been signed by an auto-signing service. A valid signature > means only that it has been received at the address corresponding to the > signature and forwarded.] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Gratis auto-signing service > > iQBFAwUBLw3GJCoZzwIn1bdtAQFdVAF8DB7xxjzPgHNj2Eil0zEuLKj8SofCLFAs > HBdXBN2fFjT5mNwnKh5a4T1R1Dv0Zp/c > =6bFr > -----END PGP SIGNATURE----- > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Dr. D.C. Williams" Date: Fri, 6 Jan 95 15:19:15 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse Message-ID: <199501062324.SAA29816@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Jonathan replied: > One thing to keep in mind, though, is that it's really the _last_ remailer > in the chain that's taking the most heat, and it would be nice if they got > payed. Unfortunately, this creates the closest association between specific traffic and paying customers. > There's also an issue of some remailers refusing to be last in the > chain, so they dont' expose themselves so much. So the remailers which > _did_ agree to be last in the chain would obviously get used for this > purpose, while the others wouldn't, but they wouldn't get any more money > for it. What's to prevent mail from remailer A sent to remailer B from being sent right back to A for delivery? That's a part of the mixing required for true randomness. I don't know if this is being done now (by Chain or premail), and I'd like to know why. There might well be a good reason I'm not aware of. In order to join the mesh, remailers would be required to accept and ultimately deliver mail to ensure equality among them. I believe that a class of "prime" remailers would arise; these would be the preferred remailers, and their input and output would largely be balanced. This assumes, of course, that "second-class" remailers (those which profit equally but don't deliver as the last unit in the chain) aren't allowed in on a equal basis. Prime operators deserve, and would receive, compensation. > They might even get less, since most people probably don't use the > same remailer twice in a chain, so the ones agreeing to be last are hardly > ever going to be first. That seems undesirable. See above. What's the difference between A-->B-->C-->B and A-->B-->C-->D ? If someone is logging messages and routing, it's less secure, but then so is the entire remailer system. Prime remailer operators are those who don't log. Maybe message size would tip off snoopers. This can be overcome with minor tweaking to existing remailer code by tacking on or or eliminating padding to messages. But logging still makes the whole system extremely vulnerable. > remailers, since that poses even more exposure to heat, and it would be > nice if ops were conpensated for. Agreed. But since the payment "on the way out" (i.e.; a store) is much less desirable (and would probably work to reduce traffic), payment "on the way in" (i.e.; the subway) seems like the preferred alternative. =D.C. Williams - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3RLCoZzwIn1bdtAQHpYgF/brIk7ssBTsR+26TqW6MifGwz+lymbXlc cYWFzNCJcrbRTgy7zHgPisvk/roHW0Nv =XJAq -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Fri, 6 Jan 95 18:26:04 PST To: "I'm Wozz" Subject: Re: Files and mail In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, I'm Wozz wrote: > > > > Big providers like Netcom have many employees and many machines. > > Things do not screech to a halt when "the guy who owns the > > machine" takes a mental health day. :) > > > > no instead things screech to a halt when the 1000th user gets on each > client machine When Netcom slows down, this is not because the asshole in charge is being an asshole. He may well be an asshole, but the size of netcom protects me from having to discover this. This is good for my mental health. > > I'd love to see a response to this...please! You are totally full of shit. Mike Horwath was arrogant and unprofessional. The problems you describe with Netcoms service are entirely accurate. I am looking for better solution. Submitting to the authority of an arrogant and incompetent fool does not seem like a good solution. He is plainly a fool, because if I had acted as he has acted, I would certainly not post this all over the place. Until he posted, I had assumed that Carol was having a hissy fit, that she was premenstrual or something. Now I see why she is upset. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Fri, 6 Jan 95 15:37:15 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse Message-ID: <9501062326.AA20655@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 03:44 PM 1/6/95 -0500, Jonathan Rochkind wrote: > ... Why? Why wouldn't the FV remailers use settlements? At the end of >>the month, everyone settles accounts in re who gets what fraction of >>what. No logs are needed other than counters. > > ... 1) The initial remailer has no way of knowing how many subsequent links >there are in the chain, and so doesn't know if I've paid him enough to >reimburse everyone else. I can easily cheat. He also doesn't know _who_ >the subsequent chains are. He can deduct one "stamp" from the amount, and >forward the rest on to the next remailer, and trust them to do the same, >but if I'm cheating there won't be enough to make it to the end of the >chain. Both of these facts (initial op doens't know how long the chain >will be, or who will be on it) are essential to the security I get from >using anon remailers, so even if they could be "fixed", it would be bad to. No, basically the idea is that each stamp covers an average number of remailer hops. The remailer ops get together, with counts of their ins and outs to each other, and split some fraction of the stamp prices accordingly. They can even determine the average number of hops given the in/out counts. Fairly simple, actually. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Fri, 6 Jan 95 18:31:50 PST To: cypherpunks@toad.com Subject: Re: for-pay remailers and FV In-Reply-To: Message-ID: <199501070231.SAA20999@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain This whole fracas between blind-sig money and FV money is a symptom of the confusion between clearing and settlement. Roughly speaking, clearing is when authorization moves (i.e. a liability is created), and settlement is when money moves (i.e. when that liability is discharged). Clearing should always happen at or before settlement. In order to do on-line digital postage, you need clearing to happen at the point of remailing. Settlement can happen at some later time. Settlement need not be in real money. The liability of other settlement facilities can be used. This is in fact how central banking works. Only the central bank moves "actual" funds; everyone else moves liabilities around. To wit, a remailer consortium would do best to issue a local banknote usable only by themselves and have customers settle with the consortium issuer, rather than any member of the consortium itself. If the consortium issuer were to use blind sigs, the consortium members wouldn't be able to ascertain who paid. The mechanism for settlement could be credit cards directly, mailed in checks, even FV. The preferences of the consortium members for issues of timeliness of settlement, reversibility, loss sharing, etc. would decide the actual choice of settlement mechanism. Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Fri, 6 Jan 95 18:44:27 PST To: Eric Hughes Subject: Re: for-pay remailers and FV In-Reply-To: <199501070231.SAA20999@largo.remailer.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Eric Hughes wrote: > This whole fracas between blind-sig money and FV money is a symptom of > the confusion between clearing and settlement. It is nothing to do with that confusion. > To wit, a remailer consortium would do best to issue a local banknote > usable only by themselves and have customers settle with the > consortium issuer, rather than any member of the consortium itself. > If the consortium issuer were to use blind sigs, the consortium > members wouldn't be able to ascertain who paid. If they could use blind sigs they would not need a consortium. The customer would just put the postage inside the envelope, and each for-pay remailer would just peel of an envelope layer, and use the postage that the user provided for it. Chaumian money solves the problems we are discussing. The problem that we are discussing is how to solve them without using Chaumian money. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Fri, 6 Jan 95 19:12:01 PST To: tcmay@netcom.com Subject: A Fire Upon the Deep Message-ID: MIME-Version: 1.0 Content-Type: text/plain In article <199501052231.OAA11745@netcom5.netcom.com>, tcmay@netcom.com (Timothy C. May) says: >Finally, his Hugo-winning novel, "A Fire Upon the Deep," has some >casual mentions of crypto, including the odd speculation that those in >the know in the distant future don't really trust public key crypto. This is quite sensible given that in the Zone universe, you may have no idea how much computing power your enemies have, so no cryptography that is only computationally secure can really be trusted. _A Fire Upon the Deep_ also describes how anarchy might work on a galactic scale. For example, Vinge seems to think that arbitration organizations would be very important in such an anarchy and would acquire military characteristics. Issues of trust and reputation are also treated implicitly. There was some recent talk about network agent technology on this list. Vinge mentions almost in passing how an entire planet (or maybe planets) was taken over by an "intelligent net packet". Makes me rather nervous about things like Magic Cap... One more thing that's marginally related to cypherpunks (hey I really like this book so I'll take any chance I can to talk about it ;-) is the idea that the efficiency of distributed computation (and distributed intelligence) depends on high bandwidth and low latency of the communication medium. Since anonymity seems to have rather high costs in terms of bandwidth and latency (compare anonymous e-mail with internet video conferencing or even with normal e-mail), this implies that an organization of anonymous agents will not work as efficiently as a similar orginzation whose members are not concerned about anonymity. Wei Dai PGP encrypted mail welcome. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Todd Masco" Date: Fri, 6 Jan 95 16:47:38 PST To: cypherpunks@toad.com Subject: Peter D. Lewis Message-ID: <199501070053.TAA00768@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Culled from a columbia newsgroup: >WIRED magazine now has a "Peter Lewis Prize for Bad Internet >Reporting". Check out: http://www.hotwired.com/Signal/Flux/ where >they announce the prize each week. Also read the story how Reuters >muffed up the Microsoft/Catholic Church reporting. You know it's bad when WIRED accuses you of bad reporting. - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw3l5yoZzwIn1bdtAQHYmwGAmV97gzR8Tcl4b5iWMtRSbxUGKGFjEErS CNbc4fIyVrRnpUg55T8PSB9RktUn/I5K =OK63 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: I'm Wozz Date: Fri, 6 Jan 95 17:08:34 PST To: Mike Duvos Subject: Re: Files and mail In-Reply-To: <199501070010.QAA02210@netcom10.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Mike Duvos wrote: > drechsau@winternet.com (Mike Horwath) carefully explains all the > reasons why is it better to have a Netcom account than a > Winternet account! > > > I was going to be in, I decided to rest instead. So sue me > > for it. > > Big providers like Netcom have many employees and many machines. > Things do not screech to a halt when "the guy who owns the > machine" takes a mental health day. :) > no instead things screech to a halt when the 1000th user gets on each client machine > > Talk about net.good.will...you stole service after it was > > suspended. > > Free service offered to the public cannot be stolen, even by > prior dissatisfied customers. Big providers like Netcom don't > care if someone they don't like logs onto the machine again as > "guest". > when she was prohibited from that service because of her actions it is. > > Tuesday, after being up for 20+ hours and getting a couple > > hours sleep, you call ... Again, sue me, this time for being > > tired. > > Service at big providers like Netcom doesn't slack off when "the > guy who owns the machine" misses his nap... > no they slack off whenever they get a chance > > Wednesday, I was going to be into work, which you assumed I > > would be, ... I decided I was going to take that day off ... > > ...or when "the guy who owns the machine" goes fishing... > ...or when 5 trillion hackers descend on the machine and eat it alive > > The machine being down was not used as an excuse, but it is > > hard to operate like we used to with only one user machine. > > ...or when "the machine" is broken. > ...or when "their network" is broken. > > That is 2 counts in 2 days (notified on monday, early, of > > the spamming, notified on wed of the mass unsolicited > > mailings). Sorry, someone had to put their foot down, and > > it happened to be us. > > Big service providers like Netcom don't interfere with customer > use of the resources they sell, except when network functionality > is impacted. Even in such cases, they try to reach an > understanding with the user, and terminate accounts only as a > last resort. Accounts don't vanish when "the guy who owns the > machine" decides to throw a tantrum. > if a user on netcom violates the AUP, their account would be terminated...if those were the terms of the AUP. It just so happens the AUP of winternet allows for this situation. its a bit far fetched to call HIS reaction a tantrum.... If anyone's screaming for mommy its whats-her-name.... > > Sorry Carol Anne, but this is a system I administer and I > > use the AUP to protect all of us accross the 'net. > > I am sure we will all sleep more soundly knowing that Mike > Horwath and his tiny pimple of a machine on the Internet are > "protecting" us. big is better i guess.... > > > We had talked about the winternet t-shirts and how we would > > use the work you did and the monies you would receive as > > payment. > > Big providers like Netcom don't make silly little deals with > customers for T-shirts... > Big providers like Netcom don't have a 'community' to speak of. > > Well, no t-shirts have gone out and at this time, I will be > > cancelling all orders for them and will redesign them and > > have them produced externally to what you have done. This > > is what happens when you hold something over someones head. > > ...or cancel those agreements out of spite when they don't get > everything done their way. uhmm, sounds like the deal was cancelled because she didn't deliver.,..not out of spite > > You know, I used to use BBS systems a great deal before large > providers like Netcom began offering personal accounts with > Internet access at reasonable rates. A BBS is about as far from > a common carrier as one can get, and many Sysops disclaim all > your rights under the ECPA, read private mail, forbid the use of > PGP, decide what opinions may be expressed on various issues, and > boot off any user who questions anything they do. Since the > Sysop owns the machine, they are legally within their rights to > act like this, and as long as there are enough users who will put > up with their behavior, they can run a system. HAhahaha...if you had any idea what you were talking about, you would realize you are totally off base. Winternet is HARDLY a 'bbs'. Its a regional internet service....much as netcom was before they flooded every city with dialups. Any professional knows better than to read private mail...and if this is so...then they aren't worthy of having a site to run as for PGP, this is an individual thing....I'm sure mike has no such objections...i know here at MindVox we don't...in fact, we installed it for the users Who owns netcom's machines? > > Now that Unix boxes are not much more expensive than PCs used to > be, every asshole in the world who played Sysop on a BBS now > envisions himself as Sysadmin of an ISP. So you have an > infestation of tiny service providers, running on toy machines, > that coast along for a few years until the person running them > either goes bankrupt or gets bored. I certainly wouldn't > subscribe to one of these services, because the management > mentality and problematical service most of them provide is > exactly what I came to Netcom to get away from. > Once again, you speaketh from your ass.... Netcom is an abomination.....it is the only one of its kind (not counting delphi etc, since they were conceived under differnent systems) Netcom is a Winternet which has grown out of control. They suck network services off others (irc as one example) and don't take responsibilty for the HUGE number of idiots on their service who maliciously hack anything they can reach....its totally without personality...AND....its slower than molasses...the management is out of touch with the users and they are so overloaded with trouble reports, they don't know what to do with them. > Quite frankly, I don't see why Carol doesn't just get a Netcom > account and stop quibbling with this twit. Stop letting him > waste any more of your time and let him play his administrative > power games with newbies who don't know any better. Yes....join them carol join them.... join them.... join them.... be like us.... be like us.... be like us.... we will care for your every need.... we will care for your every need.... we will care for your every need.... look deep into my eyes.... look deep into my eyes.... look deep into my eyes.... This has got to be one of the largest loads of crap I've seen tossed on this list in the year and a half i've lurked on it. I'd love to see a response to this...please! oh...btw...i don't have ANY connection to winternet, other than knowing MANY satisfied customers, and having heard alot about them, as a sysadmin for a site in much the same situation. , /\_-\(:::::::::)/\_-\ matthew e. cable - systems administrator . . <((_)) MindVox ((_))> phantom access technologies inc . \- \/(:::::::::)\- \/ wozzeck@phantom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brian Lane Date: Fri, 6 Jan 95 20:26:55 PST To: cypherpunks Subject: Too Much! Message-ID: MIME-Version: 1.0 Content-Type: text/plain Yet again I have un-subbed from the list because of the S/N ratio. And things were looking so good there for a while. Advice to Carol Ann: Take your crusade to e-mail. Brian ------------------------------------------------------------------------------ "Everyone is a prisoner holding their own key." | finger blane@seanet.com -- Journey | PGP 2.6 email accepted ------------------------------------------------------------------------------ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Fri, 6 Jan 95 20:28:32 PST To: cypherpunks@toad.com Subject: Re: for-pay remailers and FV In-Reply-To: Message-ID: <199501070428.UAA21189@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain From: "James A. Donald" On Fri, 6 Jan 1995, Eric Hughes wrote: > This whole fracas between blind-sig money and FV money is a symptom of > the confusion between clearing and settlement. It is nothing to do with that confusion. Keep your day job. > To wit, a remailer consortium would do best to issue a local banknote > usable only by themselves and have customers settle with the > consortium issuer, rather than any member of the consortium itself. > If the consortium issuer were to use blind sigs, the consortium > members wouldn't be able to ascertain who paid. Get it? The first sentence refers to a "local banknote". The second sentence refers to a particular way of issuing that banknote. Passage from the general to the specific. The problem that we are discussing is how to solve them without using Chaumian money. Think about how a local clearing organization allows this. Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Fri, 6 Jan 95 20:33:00 PST To: cypherpunks@toad.com Subject: Re: A Fire Upon the Deep In-Reply-To: Message-ID: <199501070432.UAA21211@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain From: Wei Dai This is quite sensible given that in the Zone universe, you may have no idea how much computing power your enemies have, so no cryptography that is only computationally secure can really be trusted. I asked Vernor about this one a few months ago. He got lucky on this one. He thought that some advances in theory might render the whole idea ridiculous. It was not the case that he was considering relative computational power, which works much better in context, especially given the hints of some computational power beyond Turing machines. A great one-liner about debating public-key, in any case. Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Fri, 6 Jan 95 20:32:28 PST To: cypherpunks@toad.com Subject: Re: Can someone verify this conjecture for me? Message-ID: <199501070433.UAA16429@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- From: nelson@crynwr.com (Russell Nelson) > > I'd like to make sure I understand how a digital mix works. I've read > Chaum's paper on it, but hey, there's a reason why I don't have a Phd > in spite of having all the coursework done. > > It seems like it solves two separate problems: 1) foiling traffic > analysis, and 2) foiling a cheater remailer. The problems are > separate, really, because if you really, really trust the remailer (as > many people do Julf), then 2) isn't a problem. All you need to do is > solve 1. Or, you can solve 1) by using a single remailer. A > necessary but not sufficient step to foil traffic analysis is to strip > headers. My take on the paper is that he first presents the "mix", or remailer, as a method of foiling traffic analysis. Then he extends this to the "cascade", or chain of remailers, which does not improve traffic analysis resistence but as you say provides some immunity against a bad operator. > If you trust any one remailer, then you needn't bother using any other > ones (assuming that remailer has enough traffic, delay, mixing, etc to > foil traffic analysis). There's no real difference between using a > set (N>1) of trusted remailers and using only one, because you can > consider the set of remailers to be a single remailer from the point > of view of traffic analysis. There are other differences which may be relevant in practice. One is bandwidth. With a Chaumian cascade of N remailers you get N times the bandwidth used, as well as increased latency through the remailer network. One thing that is not often appreciated in Chaum's paper is that at least in his first description of the cascade, the assumption is that all users use the same sequence of remailers in the same order. We OTOH usually assume a different model, where the different possible paths are chosen with some distribution and randomness. I posted an analysis of some of the impacts of this difference a few months ago. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLw4ZXhnMLJtOy9MBAQGjtwIA7tlEMnKPqUAVqAMSmK6EE6eaOlzhqeLL hsHXhNJajyZQjF6osybGSYJ00UBhRkbAxUOtjY4MNf6oMrb9fKRxGg== =A3oZ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Fri, 6 Jan 95 20:48:40 PST To: pcassidy@world.std.com (Peter F Cassidy) Subject: Re: Peter D. Lewis In-Reply-To: Message-ID: <199501070448.UAA05731@netcom5.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Peter F Cassidy wrote: > > wired has balls. the economist has to figure out what all this stuff > means in the real world. wired just sells ads around the events it > covers. lewis is innocent compared to wanton scum like kelly. Maybe I'm biased, but I have a lot of respect for Kevin Kelly. I met him at the first "Artificial Life" conference, at Los Alamos, 1987, and he drove down here to Santa Cruz to interview me for several hours for his not-yet-published "Wired." (As it turned out, Steven Levy also interviewed some of us and Kelly chose to run Levy's article in the #2 isuusue of "Wired," instead of his own, and submitted his own article to "Whole Earth Review," where it ran in the Summer 1993 issue. I've found Kelly to be somewhat quiet, and deep, and not all flamboyant and grubbing after soundbite quotes. His book "Out of Control," 1994, is the beast summary I've seen of the swirl of concepts we are generally interested in. So, what's your problem with Kelly? If it's the profit motive of "Wired," we disagree, as I think profits are great. If it's the ad-laden pages of "Wired," well, that's life in the high-tech age of cheap color printing, zillions of Macintoshes, and a culture that loves high-tech glitz. I think Kelly is a person of high integrity. It's hard to demand much more than this. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Fri, 6 Jan 95 20:50:56 PST To: nesta@nesta.pr.mcs.net Subject: Re: procnail In-Reply-To: Message-ID: <199501070450.UAA21282@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain ftp://ftp.informatik.rwth-aachen.de/pub/packages/procmail Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Fri, 6 Jan 95 19:32:02 PST To: Cypherpunks Subject: Re: A Fire Upon the Deep In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Wei Dai wrote: > In article <199501052231.OAA11745@netcom5.netcom.com>, tcmay@netcom.com > > There was some recent talk about network agent technology on this list. > Vinge mentions almost in passing how an entire planet (or maybe planets) > was taken over by an "intelligent net packet". Makes me rather nervous > about things like Magic Cap... > does anynoe have any information about intelligent agents? I mean I know about filter and stuff, but they arent intelligent agents. I assume one would be something like the WWW worm and other searching scripts that have a database of information to cross-reference their finds and decide what to send back to you. the WWWWorm is a good centralized illustration of this, with a searchable index of HTML pages. Or is there osmethign else that makes upa "intelligent agent" > One more thing that's marginally related to cypherpunks (hey I really > like this book so I'll take any chance I can to talk about it ;-) is > the idea that the efficiency of distributed computation (and distributed > intelligence) depends on high bandwidth and low latency of the communication > medium. Since anonymity seems to have rather high costs in terms of > bandwidth and latency (compare anonymous e-mail with internet video > conferencing or even with normal e-mail), this implies that > an organization of anonymous agents will not work as efficiently as > a similar orginzation whose members are not concerned about > anonymity. i disagree storngly. anonimity with almost no increase in latency or decrease in bandwidth is easily viable. Especially if it was a group of coleagues planning to get together, I mean the remailers and stuff are a different thing altogehter, but ytalk or another confrencing system with untracable features is no problem, hell just a conference call dialing up from payphones, ora favorite hacker trick of running a conference of a COCOT. etc.... i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Derek.Zeanah@f903.n102.z1.fidonet.org (Derek Zeanah) Date: Sat, 7 Jan 95 00:52:00 PST To: cypherpunks@toad.com Subject: TEMPEST Questions... Message-ID: <121_9501062145@borderlin.quake.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I'm writing an article on TEMPEST technology. The focus is on what TEMPEST is and how to defeat it, if possible. So far I've gotten some insightful information, but I'm looking for all I can get. Has anyone ever heard of TEMPEST being used in the continental US? Can anyone tell me what measures offer some level of protection, or steps that can be taken to reduce the likelihood of being successfully targeted? Has anyone ever seen TEMPEST in action? Any and all information will be greatly appreciated. I prefer responses via e-mail to dzeanah@holonet, but I also read this newsgroup pretty frequently. Thanks a lot. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAi34pIYAAAEEALUNlIECc/SWho25DYEMwSAB0pEZsVro086ocA1eFmqfPUdb Mziw9z4lclX0DCznLzcYXzRBHQXYHclcSsPCn6lXYugmPdT8t5OkoqzN8mdU1iuH /YQZ79q1Iv+kufa0A8ZJn+9R/QmQnbxiOPJPOJzHYivd/hui70wIwf2qjF2hAAUR tCVEZXJlayBTLiBaZWFuYWggPGR6ZWFuYWhAaG9sb25ldC5uZXQ+iQCVAwUQLw3z i0wIwf2qjF2hAQGvawP/RSkJ0YSZX0MpeBMjo2BS9Qbsxs9iIS7/J1UesbNmR4ST 686EwPcpIMjiERJ425gXthOC7Jb7+39epkJkgoeuQqzj5FpnklpaGgG/2oyNbMKt EdysgkcufQm7lYMx4r/EOdW/PvLPL7cFBkCbdYRxOGmhy+iLnYrVRLqVNLteluI= =VD2n - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw4n/EwIwf2qjF2hAQGcuQP/UtKXz0w3icEf3j094LpkOmr7t+miBcT4 9T0rsZ8UNz/Md7l4iY0sA929vU5IiZs58dTH0qiIVrFLf5qh0hzV+7edX6ARxccP ZSsdchd6g6LdRJn+s4QvOQT19TgcAGfW1p0lbVvDKGsh2+KmpQ4jHiLC3ugYq2x3 nqL4aY8dC4c= =L/Fy -----END PGP SIGNATURE----- ~~~ PGPBLUE 3.0 ... I don't see my signature anywhere on this "social contract" -- | Fidonet: Derek Zeanah 1:102/903 | Internet: Derek.Zeanah@f903.n102.z1.fidonet.org | via Borderline! uucp<->Fido{ftn}gate Project +1-818-893-1899 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Fri, 6 Jan 95 20:41:56 PST To: cypherpunks@toad.com Subject: Remailers, Linux, & Help ... Message-ID: <199501070337.VAA00697@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text Hi all, Normaly I use(d) 'ravage@bga.com' to access this list but the times they are a changin' ... I have successfuly gotten my network at home on Internet via a ISDN link. We are interested in setting up a remailer which among other things supports anonymity. If anybody has experience or learned input on doing this under Linux please contact me. A reminder that RoboFest 6 in Austin, TX will occur this year on April 1 & 2. If there are any c-punks interested in giving a talk or doing demo's then please contact me. If any of you folks are in the area then stop by and say Hi. I will be working at the Wired Society booth. Take care! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mpd@netcom.com (Mike Duvos) Date: Fri, 6 Jan 95 21:57:33 PST To: cypherpunks@toad.com Subject: Re: Netcom is not a good example (Was: Re: Files and mail) In-Reply-To: Message-ID: <199501070557.VAA12227@netcom18.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Michael Handler writes: > Yeah. They only kill accounts when people criticize > NetCruiser. :-P > Netcom is hardly an example of a quality service provider. > They suffer periodic long term news and email delays; their > service personnel are rude, slow, and unprofessional (read: > Bruce Woodcock & the above incident); NetCruiser is a "work in progress" and continues to evolve in the right direction. Bruce Sterling Woodcock is history. On the rare occasions when I have interacted with support@netcom.com, their responses have been both helpful and provided in a timely fashion. > Their security has been compromised countless times This is Unix. Not a problem exclusive to Netcom. > They are home to some of the most infamous net.kooks and > net.cretins (like Tom Servo, currently), ... I suppose I should be pleased that you have not included me by name in the list. :) > Frankly, I'd rather have a Winternet account than a Netcom > account. Fine with me. As long as *I* don't have to have a Winternet account. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: I'm Wozz Date: Fri, 6 Jan 95 19:07:38 PST To: "James A. Donald" Subject: Re: Files and mail In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, James A. Donald wrote: > On Fri, 6 Jan 1995, I'm Wozz wrote: > > > > > > Big providers like Netcom have many employees and many machines. > > > Things do not screech to a halt when "the guy who owns the > > > machine" takes a mental health day. :) > > > > > > > no instead things screech to a halt when the 1000th user gets on each > > client machine > > When Netcom slows down, this is not because the asshole in charge > is being an asshole. I'd hardly call taking a day off being an asshole. Is he supposed to staff the thing 24 hours a day 7 days a week? No...its a small operation, that cannot be expected. > > He may well be an asshole, but the size of netcom protects > me from having to discover this. > and you like the fact that you have NO idea who's running the place. > This is good for my mental health. > > > > > I'd love to see a response to this...please! > > You are totally full of shit. and why is this? there is no support for this statement... > > Mike Horwath was arrogant and unprofessional. > hardly...after the fit this woman threw. CC'ing his private mail and interactions with her to COMPLETELY unrelated places .... such as cypherpunks, nicholas negreponte of all people, wired, etc, etc, etc as i understand the situation, the main contention here is that she was trying to sell space on her web pages.....on winternet's machines....without winternet's permission. How would netcom react to such a situation (oh thats right....you're not allowed to have web pages) How about a similar situation, such as you selling the time you don't use on your account to a friend and pocketing the money > The problems you describe with Netcoms service are entirely > accurate. I am looking for better solution. Submitting to > the authority of an arrogant and incompetent fool does not > seem like a good solution. > no...instead, submit to the authority of 100 or so ANONYMOUS arrogant incompetent fools > He is plainly a fool, because if I had acted as he has acted, > I would certainly not post this all over the place. > he's not posting this all over the place....Carol had a fit and he chose to respond. I'm afraid the baby here is Carol , + . /\_-\ ==================---------------------- . ` . <((_))> ==============-------------------- ` x . \- \/ ===========------------------ , /\_-\(:::::::::)/\_-\ matthew e. cable - systems administrator . . <((_)) MindVox ((_))> phantom access technologies inc . \- \/(:::::::::)\- \/ wozzeck@phantom.com + ` /\_-\ ===========------------------ . , * ' <((_))> ==============-------------------- + x \- \/ ==================---------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: I'm Wozz Date: Fri, 6 Jan 95 19:20:46 PST To: Mike Duvos Subject: Re: Files and mail In-Reply-To: <199501070212.SAA19162@netcom3.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Mike Duvos wrote: > "I'm Wozz" writes: > > [miscellaneous Netcom-honking elided] > > > It just so happens the AUP of winternet allows for this > > situation. > > Right. And a small service provider can make any "terms of > service agreement" his or her little heart desires. Just like > the owner of a two line BBS. With big service providers, such > things tend to be done in a somewhat more business-like fashion. hahah....netcom can make up anything they want to. You do of course, read these agreements before you get on...don't you... Here's a simple solution...don't get on a systems who's AUP you disagree with. You assertion that simply because a company is not netcom's size, that its unprofessional and incompetent is rediculous. > > > its a bit far fetched to call HIS reaction a tantrum.... If > > anyone's screaming for mommy its whats-her-name.... > > Well, if I posted a message to 10 newsgroups and some bozo posted > a message to a.c-e.n-a falsely implying that it was the beginning > of some sort of massive spam, I would certainly not be pleased. > If Netcom, after receiving some small amount of flamage on the > subject, summarily removed access to my account and made > themselves unavailable for several days when I tried to contact > them to discuss the matter, and then tossed me off with a > flippant "so sue me" when I protested, I would be even less > pleased. Fortunately, I can't imagine Netcom even caring about a > 10 newsgroup cross-post. > right....because Netcom is FILLED with assholes....those that crosspost to 10 groups are overlooked > > big is better i guess.... > > In the case of Internet Service Providers, big is definitely > better. There are simply economies of scale which are not > realized with smaller operations. Netcom has had some problems, > but almost all of them were growth related. None of them were > intrinsic to the systems and network itself. > so...AOL is better than netcom? at least they have an irc server. and ALL of netcom's problems are related to the systems and network.... they didn't plan their expansion correctly....and as a result...are feeling it now. > > Winternet is HARDLY a 'bbs'. Its a regional internet > > service....much as netcom was before they flooded every > > city with dialups. > > Read again, this time for comprehension. I did not say Winternet > was a BBS. Merely that smaller ISPs have many of the undesirable > characteristics found in BBS systems. > and Netcom has many of the undesirable characteristics found in big systems like Prodigy and Compuserve... if you honestly find this attractive.....well, enjoy > > Any professional knows better than to read private > > mail...and if this is so...then they aren't worthy of having > > a site to run > > For legal purposes, most BBS systems declare that for the > purposes of the ECPA, there is no such thing as private mail on > their system. The Sysop is then free to read anything he wishes > to. This policy is clearly stated in the user agreements of > almost all BBS systems offering access to the public. > well of course.....Netcom will read your mail too if you are accused of hacking. The fact is....the chances of someone reading your mail on Netcom are about 100 times higher than on a smaller system....simply becuase the place is so overridden with root wielding hackers who have nothing better to do than torment others.... > > as for PGP, this is an individual thing....I'm sure mike > > has no such objections...i know here at MindVox we > > don't...in fact, we installed it for the users > > Many BBS Sysops forbid PGP and kick users off their systems who > use it. They cite fears of encrypted illegal porn and credit > card numbers passing through their systems, and potential legal > liability. > well......once again.....shop before you buy. You can't make such blanket assertations, because they simply aren't true. > > Netcom is an abomination.....it is the only one of its kind > > (not counting delphi etc, since they were conceived under > > differnent systems) > > Netcom is the fastest growing and leading Internet Service > Provider. Their ability to attract new customers is limited only > by the rate at which they are able to increase capacity. Their > respect for freedom of expression is absolute and they do not > meddle in their customers' affairs. Their prices are reasonable > and their user agreement is fair. Works for me. :) > Netcom is also the LEADING source of trouble for the rest of the network because of the way they handle their user population. They can't keep up with all their problems. This seems to translate to you as - "They respect me and don't bother me" THe fact is....they don't even know who the hell you are. And....being a matter of scale, as several pointed out... netcom is about 100 times the size of winternet....(approximation)... thus...lets multiply everything by 100, profits, users, problems, etc, etc If one of their user's posted (10x100) 1000 MAKE.MONEY.FAST posts to 1000 different groups.....you can bet that person wouldn't have their account the next day. > > They suck network services off others (irc as one example) > > and don't take responsibilty for the HUGE number of idiots > > on their service who maliciously hack anything they can > > reach....its totally without personality...AND....its slower > > than molasses...the management is out of touch with the > > users and they are so overloaded with trouble reports, they > > don't know what to do with them. > > Perhaps an exaggerated description of Netcom a few months ago, > but certainly not the current state of affairs. I always get a > line when I dial in, response time is reasonable, disk is > abundant, and almost all software is available. Speed of network > connections to other sites is quite acceptable. > this is THEIR network..... there is ANOTHER network out there....its called...the Internet. I've had MANY users at my site connecting from netcom, and insisting that our T1 is overloaded because of the chunky responses they are getting... well, guess what. As soon as they tried from somewhere else....their problems dissapeared. They contribute very little to the Internet .... and that which they do is overshadowed by the harm many of their more immature users cause > > > oh...btw...i don't have ANY connection to winternet, other > > than knowing MANY satisfied customers, and having heard > > alot about them, as a sysadmin for a site in much the same > > situation. > > The number of satisfied customers is not the measure of a site, > any more than the number of people still alive is the measure of > a disease. its not? then your opinion doesn't count...right? i mean...you're just a satisfied user > > Netcom works with the reliability of the phone company. It is > always there, almost always up, and is redundant enough that when > something breaks, it is still usable. I pay my $19.50 a month > and I get unlimited everything. I'm happy. > If you call netcom usable...you've obviously NEVER tried another ISP...or had several VERY bad experiences with the few you've tried. I urge you to give the whole situation another look. , + . /\_-\ ==================---------------------- . ` . <((_))> ==============-------------------- ` x . \- \/ ===========------------------ , /\_-\(:::::::::)/\_-\ matthew e. cable - systems administrator . . <((_)) MindVox ((_))> phantom access technologies inc . \- \/(:::::::::)\- \/ wozzeck@phantom.com + ` /\_-\ ===========------------------ . , * ' <((_))> ==============-------------------- + x \- \/ ==================---------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: I'm Wozz Date: Fri, 6 Jan 95 19:22:52 PST To: cypherpunks@toad.com Subject: re: Netcom Message-ID: MIME-Version: 1.0 Content-Type: text/plain Oh yes....and how can we forget... for all its superiority....it seems to have dropped SLIP/PPP because that made them have to deal with the customers too much. Makes you feel all loved eh? , + . /\_-\ ==================---------------------- . ` . <((_))> ==============-------------------- ` x . \- \/ ===========------------------ , /\_-\(:::::::::)/\_-\ matthew e. cable - systems administrator . . <((_)) MindVox ((_))> phantom access technologies inc . \- \/(:::::::::)\- \/ wozzeck@phantom.com + ` /\_-\ ===========------------------ . , * ' <((_))> ==============-------------------- + x \- \/ ==================---------------------- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Johnathan Corgan Date: Fri, 6 Jan 95 22:28:11 PST To: "L. Todd Masco" MIME-Version: 1.0 Content-Type: text/plain >You might want to try reading it from NNTP, via c2.org or hks.net. You >can then use Kill files. What is the group name? == Johnathan Corgan "Violence is the last refuge of the incompetent." jcorgan@scruznet.com -Isaac Asimov From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Fri, 6 Jan 95 20:38:48 PST To: Cypherpunks Subject: procnail Message-ID: MIME-Version: 1.0 Content-Type: text/plain in response to the recent barrage of nonsensical bullshit here, I was wondering if anyone knew the archive site or procmail, the mail filtering program? I think this is a good time to school everyone in the basics of Killfiles. I have never wanted to killfile a person before, this is a big step for me. 8) i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Fri, 6 Jan 95 20:03:52 PST To: cypherpunks@toad.com Subject: Can someone verify this conjecture for me? Message-ID: MIME-Version: 1.0 Content-Type: text/plain I'd like to make sure I understand how a digital mix works. I've read Chaum's paper on it, but hey, there's a reason why I don't have a Phd in spite of having all the coursework done. It seems like it solves two separate problems: 1) foiling traffic analysis, and 2) foiling a cheater remailer. The problems are separate, really, because if you really, really trust the remailer (as many people do Julf), then 2) isn't a problem. All you need to do is solve 1. Or, you can solve 1) by using a single remailer. A necessary but not sufficient step to foil traffic analysis is to strip headers. If you trust any one remailer, then you needn't bother using any other ones (assuming that remailer has enough traffic, delay, mixing, etc to foil traffic analysis). There's no real difference between using a set (N>1) of trusted remailers and using only one, because you can consider the set of remailers to be a single remailer from the point of view of traffic analysis. But to be sure, at least one of your remailers MUST attempt to foil traffic analysis, otherwise you're effectively mistrusting the remailer operators but trusting the NSA (or FBI). As I said a month or two ago, you MUST assume that the spooks are watching all the remailers. It's cheap and easy, therefore it's being done. Sorry for the Crypto 101, but I figure that there are other people out there who don't understand it. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Peter F Cassidy Date: Fri, 6 Jan 95 20:11:53 PST To: "L. Todd Masco" Subject: Re: Peter D. Lewis In-Reply-To: <199501070053.TAA00768@bb.hks.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain wired has balls. the economist has to figure out what all this stuff means in the real world. wired just sells ads around the events it covers. lewis is innocent compared to wanton scum like kelly. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 6 Jan 95 20:13:43 PST To: cypherpunks@toad.com Subject: Carol Anne Whoever Message-ID: MIME-Version: 1.0 Content-Type: text/plain I don't care very much about Carol Anne whoever. I don't care very much about her plight. I have received just enough information about her plight (via this list, oddly enough), to know that I don't have enough information to tell who I agree with in this dispute. I don't particularly want to get enough information to do that, because I don't care. If I did care, I would get the information through some other method then this list, because it seems completely inappropriate. The merits of netcom vs. smaller services seem irrelevant to this list, too, in my mind, and I don't care to see those either. If you were wondering. I also don't care to see 10 or 20 posts a day by Carol Anne Whoever which are resposes to random crypto-related posts wherein the whole post is quoted, and then Carol Anne adds "me too!", or "Does that remind you of a certain sysadmin? giggle, giggle.", or "Good point!" I am at a loss as to why Carol Anne thinks the details of her life, and her inane "me too"s are of interest to the cypherpunks list. I guess we can't stop Carol Anne from sending this stuff to the list anyways (but I can killfile her), but it would be nice if people would stop responding to her stuff. Obviously if you really feel it's an appropriate use of the list to do so anyway, I can't stop you. I'm just asking you to for purely selfish reasons, so I don't feel the need to killfile people who make otherwise intelligent posts, and miss those posts. [I'm beginning to suspect that Carol Anne, and her sysadmin too, are just tentacles of Detweiler.] From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: erc@s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Fri, 6 Jan 95 22:26:18 PST To: cactus@seabsd.hks.net (L. Todd Masco) Subject: Re: Files and mail In-Reply-To: <199501070607.BAA04310@bb.hks.net> Message-ID: MIME-Version: 1.0 Content-Type: text > Anybody want to offer odds on whether or not this merry little exchange > will be reported in Wired as news? No bet. ;) The computer press is pretty imature, they'll report almost anything. Personally, I think both Carol Anne Braddock and Mike Horwath BOTH need to grow up, along wih a substantial number of the snipers and slammers and back-seat-driver commentators regarding this thread. Maybe they ought to restrict net access by age? 25 or so oughta be a good age ... anyone younger is barred from access, or unless they provide evidence that they have a maturity level greater than that of your average six-year-old. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: No Taxes through No Government Date: Fri, 6 Jan 95 20:26:33 PST To: cypherpunks@toad.com Subject: Re: Outlawing Anonymity Message-ID: <199501070427.XAA02486@grog.lab.cc.wmich.edu> MIME-Version: 1.0 Content-Type: text TC May writes: >I see no prospect whatsover that a ban on anonymous mail could be >implemented, enforced, or upheld in the courts. Never say never. Even coming from Tim, this surprises me just a little. Never think that government won't do something. The effectiveness of their 'solution' may be minimal, but billions can be wasted, and countless lives ruined, before it can be stopped (or more likely, dammed; once government achieves power, it is loath to relinquish it without a death struggle). Some nation's groups of 'leader'-thugs may be in a better position than others to go for such a power grab at this moment in time. But any and all of them should be constantly scrutinized for the inevitable slide down that slippery slope. The "article" by our pal Martha which the SF Chronicle had the poor judgment and atrociously swollen cojones to publish, is one of the most dramatically explicit warning signs of the year so far... and NOT because the year is yet so young. And to think, Tim used to be the pessimist on this list, saved only by the reassurances of Duncan and Sandy... :-S From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nissim@acs.bu.edu Date: Fri, 6 Jan 95 20:48:25 PST To: pcassidy@world.std.com Subject: Re: Peter D. Lewis Message-ID: <199501070438.XAA101470@acs.bu.edu> MIME-Version: 1.0 Content-Type: text/plain I'm unfamiliar with what it is people have against Kevin Kelly. Why "wanton scum"? people might want to send mail not cc:ed to cypherpunks to keep the list from experiencing too much of a burden here. -A From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: doumakes@netcom.com (Don Doumakes) Date: Fri, 6 Jan 95 21:55:59 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse Message-ID: <199501070554.VAA14679@netcom9.netcom.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- > One thing to keep in mind, though, is that it's really the _last_ remailer > in the chain that's taking the most heat, and it would be nice if they got > payed. There's also an issue of some remailers refusing to be last in the > chain, so they dont' expose themselves so much. I agree, this is an important issue. But I think it's a separate one from the question of how users pay for the service. In other words, once there's a consensus to have a Guild of for-pay remailers, all the users should have to do is pay the Guild once. The Guild can then haggle over how to divvy up the money. Hard jobs, such as posting anon news, should command more money. On the issue of the medium of exchange, I favor blinded digital cash with its absolute anonymity. The "remailer in a box" that we spoke of earlier would do well to include this capability. - -- ______________________________________________________________________ Don Doumakes Finger doumakes@netcom.com for PGP public key Foxpro databases built to your specifications. Email me for details. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLw3RTBtumcu2AjihAQF+DQQAmhQxuMl4C6VzZLD+mHF5i0OAjLUZAhV+ eNOi4F6bUBsDyfm7TmxxWMsiJRlJFrKhIMT+A16lmBZPdQ/pnZjQSk2keLyXgs0N phsPmZsTWGZMOyWGH+Hh2ggBc5syhmZxuTWwHFqqbAKTVoYRC4esxW8g/lTKot7F drI0amkbq20= =pHqY -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Michael Handler Date: Fri, 6 Jan 95 21:13:17 PST To: cypherpunks@toad.com Subject: Netcom is not a good example (Was: Re: Files and mail) In-Reply-To: <199501070010.QAA02210@netcom10.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995, Mike Duvos wrote: [ big monolithic service providers like Nyetcom are the best and will crush all you piddly little upstart ISPs ] > Big service providers like Netcom don't interfere with customer > use of the resources they sell, except when network functionality > is impacted. Even in such cases, they try to reach an > understanding with the user, and terminate accounts only as a > last resort. Accounts don't vanish when "the guy who owns the > machine" decides to throw a tantrum. Yeah. They only kill accounts when people criticize NetCruiser. :-P Nyetcom is hardly an example of a quality service provider. They suffer periodic long term news and email delays; their service personnel are rude, slow, and unprofessional (read: Bruce Woodcock & the above incident); their security has been compromised countless times; their FTP server is constantly overloaded; their toy software NetCruiser generates nonconformant Usenet articles; their 18 (!) machines are constantly overloaded that it takes a good five minutes to respond to a finger request; they have no http:// support. They are home to some of the most infamous net.kooks and net.cretins (like Tom Servo, currently), and their net.reputation sucks. Frankly, I'd rather have a Winternet account than a Netcom account. ObCypherpunks: sameer's system, the Community Connexion, suffers *none* of these problems. http://www.c2.org or for more information. sameer supports PGP and the running of anonymous remailers on his system. Check it out, send him money. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Todd Masco" Date: Fri, 6 Jan 95 21:52:52 PST To: cypherpunks@toad.com Subject: Re: Peter D. Lewis Message-ID: <199501070558.AAA04212@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Tim sez: > I think Kelly is a person of high integrity. It's hard to demand much > more than this. I simply can't think much of a magazine that has cover stories deriving entirely from kiddie-kracker squabbles. Kelly may have plenty of integrity but that's not the word that the magazine "Wired" usually brings to mind. It's not the profit motive or the ads that get me: running a business, I know you can't be picky about who you take money from. It's the lack of meaningful content that annoys me. As with Lewis, frequenly when they're discussing something I know something about their stories are fraught with inaccuracies and rumours. My personal favorite is when they list reporters among the "experts" on their technology-watch light bites. Their entire approach is to cast Like "Seventeen," "Wired" should prepend "don't you wish you were" to its title. - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw4tbioZzwIn1bdtAQEM7gF9EZE2qciEPOqQTYjwiqDF9vakwzSS3DSh ZJy1S0gTP7kNSTDnm/8UuoVOxehFhJ+X =g0sd -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cactus@seabsd.hks.net (L. Todd Masco) Date: Fri, 6 Jan 95 22:02:08 PST To: cypherpunks@toad.com Subject: Re: Files and mail Message-ID: <199501070607.BAA04310@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Anybody want to offer odds on whether or not this merry little exchange will be reported in Wired as news? - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw301xNhgovrPB7dAQFj3gP8CJV4TyRUl+sEQRHX6qH2TKK+B+JKLrwk kUM7Y0yaY2ZwScBnYRva5/Pyu8r70i2Z3yQUQFF7ECasxHwrYftfWweD0/4Pc4ws qEGNfGIheHtnP/J0B7G7xsIyAMSZIlUD3RCQ49o4BOpWk6bev4t5i/RP10yK9sit dA1go4Jiaag= =eQPF - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw4vqSoZzwIn1bdtAQER/QF/SkRQGEEjHn+E0SZEiWs0McAvRccuzxFQ Uv76Kmmya6EMxTJOJFtatP1uQ7V6JmSA =g1Bd -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Todd Masco" Date: Fri, 6 Jan 95 22:10:57 PST To: cypherpunks@toad.com Subject: Re: Too Much! Message-ID: <199501070616.BAA04394@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article you write: > Yet again I have un-subbed from the list because of the S/N ratio. And >things were looking so good there for a while. You might want to try reading it from NNTP, via c2.org or hks.net. You can then use Kill files. Wonderful beasts, those. (And if more people do this, we could actually try to use some distributed mechanisms such as that that strn uses.) - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw32/xNhgovrPB7dAQEUBwQAhWOYKkqwHGyi2eFfnYt+8LsFU+Af3Lsl sT1VDjICu1XIAhswVfKL+h7Dn9r1pmeNHtJFF0V8S/fKGVOU5dhv+gZZwVOTjbnL a2g+MTZkh/vonVy5PLDELrpeRlcVdxR+abcg9AWahjYCFlua8NR5GjiN6iKeC1C8 o3F377//PSU= =rxxD - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLw4xuCoZzwIn1bdtAQHTNgF/T9OR6yUCu05KZW4s3MSHptRoclc31xO8 5O0jAXDA0c9oE/39smLZ++I6OoGh7Wiq =5/FC -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 23:18:51 PST To: "Paul J. Ste. Marie" Subject: Soapbox mode on!(but short) In-Reply-To: <9501062310.AB20311@eri.erinet.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Dear Paul J. Ste. Marie, I was quietly going through my mail after an eight hour layoff. The first thing you do is lie. I have called you a liar. Point Blank! And for the honor of this very list, so that there is some credibility, I shall retrieve from a tin reader the actual posting, COMPLETE WITH HEADER. And what makes creeps like you going is the ability to continue, to spread those lies. [soapbox mode on] THE POSTING WENT UNANSWERED FOR 3 DAYS IN 10 NEWSGROUPS. UNANSWERED...NADA ...NO BYTES...NO BITS.....NO ANYTHING THE FIRST PERSON TO RESPOND WAS HORWATH, ISSUING SOME KIND OF REALLY LAME APOLOGY...TO WHOM NO ONE KNOWS, FOR NO ONE HAD RESPONDED....GET IT....CAN YOU HANDLE PLAIN ENGLISH? NO MR. STE. MARIE I WILL NOT START RUMOR OR CONTINUE RUMOR. YOU HAVE LIED TO THE FINE PEOPLE OF CYPHERPUNK LIST. YOU HAVE WASTED THEIR TIME AND THEIR BANDWITH (THEIR LIFE) FOR THE MOST IMPORTANT CODE YOU CAN EVER WRITE IS THE TRUTH. [soapbox mode off] Please pardon me now, while I retrieve the actual postings. Love Always, Carol Anne On Fri, 6 Jan 1995, Paul J. Ste. Marie wrote: > At 08:58 AM 1/6/95 +0000, Nesta Stubbs wrote: > >On Fri, 6 Jan 1995, Carol Anne Braddock wrote: > > ... > >> I "crossposted" it to my favorite 10 newsgroups. Just 10. > >> Some creep complained. (we'll get to him a bit later). > >> > >ten is not a large number when it comes o cross-posting on soem topics, I > >can think of at lezast tewenty newsgroups where the PRZ letters and such > >would make alot of sense and be on topic. This just goes to show the > >soemtimes reactionar steps people take to control spamming. ... > > The discussion on alt.current-events.net-abuse seemed to indicate that the > claim of "Just 10" above is a slight understandment. The newsgroups seem to > have been hit alphabetically, and I believe the total count was in the hundreds. > > --Paul J. Ste. Marie > pstemari@well.sf.ca.us, pstemari@erinet.com > > Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 1995 01:26:50 -0600 To: carolann@vortex.mm.com Subject: (fwd) Re: Phil Zimmermann Message-ID: <283c371c68a89a4d2ae07bc0ed855b15@NO-ID-FOUND.mhonarc.org> MIME-Version: 1.0 Content-Type: text/plain Organization: Minnesota MicroNet, St. Paul, MN Path: vortex.mm.com!news2.mr.net!mr.net!winternet.com!drechsau From: drechsau@winternet.com (Mike Horwath) Newsgroups: soc.support.transgendered,alt.transgendered,mn.general,alt.sex.femdom,alt.artcom,alt.sex.bondage,alt.sex,comp.infosystems.www.users,alt.dreams.lucid,alt.dreams Subject: Re: Phil Zimmermann Followup-To: soc.support.transgendered,alt.transgendered,mn.general,alt.sex.femdom,alt.artcom,alt.sex.bondage,alt.sex,comp.infosystems.www.users,alt.dreams.lucid,alt.dreams Date: 5 Jan 1995 23:57:09 GMT Organization: StarNet Communications, Inc Lines: 12 Message-ID: <3ei10l$mvo@blackice.winternet.com> References: <3dtkaj$lg8@news-2.csn.net> <3dvdsb$ads$1@mhade.production.compuserve.com> NNTP-Posting-Host: icicle.winternet.com X-Newsreader: TIN [version 1.2 PL2] We wish to apologize for Carol Anne's actions while with Winternet. This account has been deleted for breach of our AUP. Questions, comments, problems or general bitching, please reply to this message. -- Mike Horwath IRC: Drechsau LIFE: Lover drechsau@winternet.com Winternet: info@winternet.com root@jacobs.mn.org <- Linux! Twin Cities area Internet Access: 612-941-9177 for more info Founding member of Minnesota Coalition for Internet Accessibility -- Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 1995 01:26:51 -0600 To: carolann@vortex.mm.com Subject: (fwd) Re: Phil Zimmermann Message-ID: <1e5cdf203746b1a0144dbaf6df3710d1@NO-ID-FOUND.mhonarc.org> MIME-Version: 1.0 Content-Type: text/plain Path: vortex.mm.com!news2.mr.net!mr.net!skypoint.com!jlogajan From: jlogajan@skypoint.com (John Logajan) Newsgroups: mn.general Subject: Re: Phil Zimmermann Date: 6 Jan 1995 05:09:12 GMT Organization: SkyPoint Communications, Inc. Lines: 13 Message-ID: <3eij9o$8nu@stratus.skypoint.net> Reply-To: jlogajan@skypoint.com NNTP-Posting-Host: mirage.skypoint.com X-Newsreader: TIN [version 1.2 PL2] Mike Horwath (drechsau@winternet.com) wrote: : We wish to apologize for Carol Anne's actions while with Winternet. : This account has been deleted for breach of our AUP. : Questions, comments, problems or general bitching, please reply to this : message. Since you are publicly accusing Carol Anne of "breach of our AUP", you better explain what horrible crime she committed. -- - John Logajan -- jlogajan@skypoint.com -- 612-633-0345 - - 4248 Hamline Ave; Arden Hills, Minnesota (MN) 55112 USA - - WWW URL = http://www.skypoint.com/subscribers/jlogajan - -- Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 1995 01:26:52 -0600 To: carolann@vortex.mm.com Subject: (fwd) Re: Phil Zimmermann Message-ID: MIME-Version: 1.0 Content-Type: text/plain Path: vortex.mm.com!news2.mr.net!mr.net!winternet.com!news From: "Mr.Fish" Newsgroups: soc.support.transgendered,alt.transgendered,mn.general,alt.sex.femdom,alt.artcom,alt.sex.bondage,alt.sex,comp.infosystems.www.users,alt.dreams.lucid,alt.dreams Subject: Re: Phil Zimmermann Date: 6 Jan 1995 05:39:51 GMT Organization: StarNet Communications, Inc Lines: 16 Message-ID: <3eil37$6a@blackice.winternet.com> References: <3dtkaj$lg8@news-2.csn.net> <3dvdsb$ads$1@mhade.production.compuserve.com> <3ei10l$mvo@blackice.winternet.com> NNTP-Posting-Host: mwalleye.winternet.com > We wish to apologize for Carol Anne's actions while with Winternet. > > This account has been deleted for breach of our AUP. > > Questions, comments, problems or general bitching, please reply to this > message. > > -- > Mike Horwath IRC: Drechsau LIFE: Lover drechsau@winternet.com Looking at the groups that you cross-posted, I sure as heck would like to know what she did to get kicked off?;) What the heck do you have to apologize for Mike? Unless you might of been involved too?;) I told you you've been working too hard. Come on now bud, give us the lowdown! -- Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: RopeGun@calvino.alaska.net (Oren Tanay) Date: Sat, 7 Jan 95 01:59:39 PST To: cypherpunks@toad.com Subject: pgp shells for windows.... Message-ID: MIME-Version: 1.0 Content-Type: text/plain I've read the pgp docs and several other unofficial documents on pgp and I have come to the conclusion that a shell for pgp is the most sensible approach using such a powerfull encryption program. I've searched to the best of my abilities and have found several pgp shells for windows, but all of them seem to assume that the user has an above average understanding of the workings of pgp and all of its uses. At this point your probably thinking that I'm looking for an easy way to get around learning pgp the hard way, but I'm not... the whole idea of pgp is that privacy and security be available to anyone, using any platform. But ease of use was not really one of the features built into pgp. If anyone can refer me to a windows shell for pgp (for dummys :-) ) I would like to get a copy of it for distribution on the bullitin board nets... Was I to verbose? \\|||||||// | o o | Oren Tanay | J | RopeGun@alaska.net \--- www.alaska.net/~RopeGun/RopeGun.html "My Cat Can Eat A Whole WaterMelon" From owner-cypherpunks Sat Jan 7 02:21:34 1995 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: RopeGun@calvino.alaska.net (Oren Tanay) Date: Sat, 7 Jan 95 02:21:34 PST To: erc@s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Subject: Re: pgp shells for windows.... Message-ID: MIME-Version: 1.0 Content-Type: text/plain winpgp2.6 was the most succesfull pgp shell I could find but the interface was stale and non descript. including the fact that when it executed the commands it opened a window and I was interfacing with the dos pgp interface, I found that a little redundant for a shell program; but then again I'm not sure if an interface with pgp can be done any other way. \\|||||||// | o o | Oren Tanay | J | RopeGun@alaska.net \--- www.alaska.net/~RopeGun/RopeGun.html "My Cat Can Eat A Whole WaterMelon" From owner-cypherpunks Fri Jan 6 23:59:11 1995 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Fri, 6 Jan 95 23:59:11 PST To: Cypherpunks@toad.com Subject: From me to me to you...The Actual Article Message-ID: MIME-Version: 1.0 Content-Type: text/plain Dear All of You, This is the article, and what I did with it. It is complete in it's entireity, from the bang paths, to the crosspostings. Please study them carefully, for my next post will contain the first response to the article, three days later. ALL DURING THIS TIME, I WAS LED TO BELIEVE, THROUGH PHONE CALLS THAT THIS WAS "GOING TO BE INVESTIGATED SOON". NOTHING OF THE SORT HAPPENED. NO ONE IN ANY OF THE TEN GROUPS RAISED A SINGLE OBJECTION. PERIOD. I believe in your capacity to fairly judge. My response to the first complaint lies still censored in my mail reader. For if .1% of all the Usenet is inappropriate to post to, when will it become just .01% ? Now, the article, From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 1995 01:26:26 -0600 To: carolann@vortex.mm.com Subject: (fwd) Re: Phil Zimmermann Message-ID: <53ae08506afed0671ca88cb1b531a06e@NO-ID-FOUND.mhonarc.org> MIME-Version: 1.0 Content-Type: text/plain Path: vortex.mm.com!news2.mr.net!mr.net!umn.edu!spool.mu.edu!howland.reston.ans.net!pipex!uunet!winternet.com!icicle.winternet.com!carolann From: Carol Anne Braddock Newsgroups: soc.support.transgendered,alt.transgendered,mn.general,alt.sex.femdom,alt.artcom,alt.sex.bondage,alt.sex,comp.infosystems.www.users,alt.dreams.lucid,alt.dreams Subject: Re: Phil Zimmermann Date: Mon, 2 Jan 1995 04:05:13 -0600 Organization: StarNet Communications, Inc Lines: 317 Message-ID: References: <3dtkaj$lg8@news-2.csn.net> <3dvdsb$ads$1@mhade.production.compuserve.com> NNTP-Posting-Host: icicle.winternet.com Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII In-Reply-To: Please read, and help if you can. You can get PGP at my WWW HomePage. http://www.winternet.com/~carolann Love Always, Carol Anne RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REGISTERED PGP KEY NO.0C91594D carolann@icicle.winternet.com finger carolann@winternet.com |more *********************************************************************** My WWW Homepage Page is at: http://www.winternet.com/~carolann On Fri, 30 Dec 1994, Michael Paul Johnson wrote: > Christopher W. Geib <72144.1426@CompuServe.COM> writes: > > >Phil, > > >Could you repost here the address where we can send our support? > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Phil Zimmermann Legal Defense Fund Appeal > > In November, 1976, Martin Hellman and Whitfield Diffie announced > their discovery of public-key cryptography by beginning their paper > with the sentence: "We stand today on the brink of a revolution in > cryptography." > > We stand today on the brink of an important battle in the > revolution they unleased. Philip Zimmermann, who encoded and released > the most popular and successful program to flow from that discovery, > Pretty Good Privacy ("PGP"), may be about to go to court. > > It has been over fourteen months now since Phil was first informed > that he was the subject of a grand jury investigation being mounted by > the San Jose, CA, office of US Customs into the international > distribution, over the Internet, of the original version of the > program. On January 12th, Phil's legal team will meet for the first > time with William Keane, Assistant US Attorney for the Northern > District of California, who is in charge of the grand jury > investigation, in San Jose. An indictment, if one is pursued by the > government after this meeting, could be handed down very shortly > thereafter. > > If indicted, Phil would likely be charged with violating statute 22 > USC 2778 of the US Code, "Control of arms exports and imports." This > is the federal statute behind the regulation known as ITAR, > "International Traffic in Arms Regulations," 22 CFR 120.1 et seq. of > the Code of Federal Regulations. Specifically, the indictment would > allege that Phil violated 22 USC 2778 by exporting an item listed as a > "munition" in 22 CFR 120.1 et seq. without having a license to do so. > That item is cryptographic software -- PGP. > > At stake, of course, is far more than establishing whether Phil > violated federal law or not. The case presents significant issues and > will establish legal precedent, a fact known to everyone involved. > According to his lead counsel, Phil Dubois, the US government hopes to > establish the proposition that anyone having anything at all to do with > an illegal export -- even someone like Phil, whose only involvement was > writing the program and making it available to US citizens and who has > no idea who actually exported it -- has committed a federal felony > offense. The government also hopes to establish the proposition that > posting a "munition" on a BBS or on the Internet is exportation. If > the government wins its case, the judgment will have a profound > chilling effect on the US software industry, on the free flow of > information on the emerging global networks, and in particular upon the > grassroots movement to put effective cryptography in the hands of > ordinary citizens. The US government will, in effect, resurrect > Checkpoint Charlie -- on the Information Superhighway. > > By now, most of us who are reading this know about Phil and the > case, whether by having the program and reading the doc files or by > seeing reports in the Wall Steet Journal, Time, Scientific American, > the New York Times, Wired, US News and World Report, and hundreds of > other news outlets; on Usenet groups like talk.crypto.politics or > alt.security.pgp; or by listening to Phil give talks such as the one he > gave at CFP '94 in Chicago. We know that PGP has made great strides > since version 1.0, and is now a sophisticated encryption and > key-management package which has become the de facto standard in both > micro and mainframe environments. We know that Phil and the PGP > development team successfully negotiated a commercial license with > Viacrypt, and, through the efforts of MIT, a noncommercial license for > PGP with RSA Data Security, the holders of the patent on the RSA > algorithm on which PGP is based, thus freeing the program from the > shadow of allegations of patent infringement. We know that programs > such as PGP represent one of our best bulwarks in the Information Age > against the intrusions of public and private information gatherers. We > know that PGP is a key tool in insuring that the "Information > Superhighway" will open the world to us, without opening us to the > world. > > What we may not all know is the price Phil has had to pay for his > courage and willingness to challenge the crypto status quo. For years > now Phil has been the point man in the ongoing campaign for freely > available effective cryptography for the everyday computer user. The > costs, personal and professional, to him have been great. He wrote the > original code for PGP 1.0 by sacrificing months of valuable time from > his consulting career and exhausting his savings. He continues to > devote large amounts of his time to testifying before Congress, doing > public speaking engagements around the world, and agitating for > "cryptography for the masses," largely at his own expense. He is now > working, still for free, on the next step in PGP technology, PGP Phone, > which will turn every PC with a sound card and a modem into a secure > telephone. And we know that, just last month, he was searched and > interrogated in the absence of counsel by US Customs officials upon his > return from a speaking tour in Europe. > > Phil's legal team consists of his lead counsel, Philip Dubois of > Boulder, CO; Kenneth Bass of Venable, Baetjer, Howard & Civiletti, in > Washington, DC, first counsel for intelligence policy for the Justice > Department under President Carter; Eben Moglen, professor of law at > Columbia and Harvard Universities; Curt Karnow, a former assistant US > attorney and intellectual property law specialist at Landels, Ripley & > Diamond in San Francisco; and Thomas Nolan, noted criminal defense > attorney in Menlo Park. > > While this is a stellar legal team, what makes it even more > extraordinary is that several of its members have given their time for > free to Phil's case. Still, while their time has been donated so far, > other expenses -- travel, lodging, telephone, and other costs -- have > fallen to Phil. If the indictment is handed down, time and costs will > soar, and the members of the team currently working pro bono may no > longer be able to. Justice does not come cheap in this country, but > Phil deserves the best justice money can buy him. > > This is where you and I come in. Phil Dubois estimates that the > costs of the case, leaving aside the lawyers' fees, will run from > US$100,000 - $150,000. If Phil's team must charge for their services, > the total cost of the litigation may range as high as US$300,000. The > legal defense fund is already several thousand dollars in the red and > the airline tickets to San Jose haven't even been purchased yet. > > In September, 1993 I wrote a letter urging us all to support Phil, > shortly after the first subpoenas were issued by Customs. Today the > need is greater than ever, and I'm repeating the call. > > Phil has assumed the burden and risk of being the first to develop > truly effective tools with which we all might secure our communications > against prying eyes, in a political environment increasingly hostile to > such an idea -- an environment in which Clipper chips and digital > telephony bills are our own government's answer to our concerns. Now > is the time for us all to step forward and help shoulder that burden > with him. > > It is time more than ever. I call on all of us, both here in the > US and abroad, to help defend Phil and perhaps establish a > groundbreaking legal precedent. PGP now has an installed base of > hundreds of thousands of users. PGP works. It must -- no other > "crypto" package, of the hundreds available on the Internet and BBS's > worldwide, has ever been subjected to the governmental attention PGP > has. How much is PGP worth to you? How much is the complete security > of your thoughts, writings, ideas, communications, your life's work, > worth to you? The price of a retail application package?i Send it. > More? Send it. Whatever you can spare: send it. > > A legal trust fund, the Philip Zimmermann Defense Fund (PZDF), has > been established with Phil Dubois in Boulder. Donations will be > accepted in any reliable form, check, money order, or wire transfer, > and in any currency, as well as by credit card. > > You may give anonymously or not, but PLEASE - give generously. If > you admire PGP, what it was intended to do and the ideals which > animated its creation, express your support with a contribution to this > fund. > > * * * > > Here are the details: > > To send a check or money order by mail, make it payable, NOT to Phil > Zimmermann, but to "Philip L. Dubois, Attorney Trust Account." Mail the > check or money order to the following address: > > Philip Dubois > 2305 Broadway > Boulder, CO USA 80304 > (Phone #: 303-444-3885) > > To send a wire transfer, your bank will need the following > information: > > Bank: VectraBank > Routing #: 107004365 > Account #: 0113830 > Account Name: "Philip L. Dubois, Attorney Trust Account" > > Now here's the neat bit. You can make a donation to the PZDF by > Internet mail on your VISA or MasterCard. Worried about snoopers > intercepting your e-mail? Don't worry -- use PGP. > > Simply compose a message in plain ASCII text giving the following: > the recipient ("Philip L. Dubois, Attorney Trust Account"); the bank > name of your VISA or MasterCard; the name which appears on it; a tele- > phone number at which you can be reached in case of problems; the card > number; date of expiry; and, most important, the amount you wish to do- > nate. (Make this last item as large as possible.) Then use PGP to en- > crypt and ASCII-armor the message using Phil Dubois's public key, en- > closed below. (You can also sign the message if you like.) E-mail > the output file to Phil Dubois (dubois@csn.org). Please be sure to use > a "Subject:" line reading something like "Phil Zimmermann Defense Fund" > so he'll know to decrypt it right away. > > Bona fides: My relation to Phil Z. is that of a long-time user and > advocate of PGP and a personal friend. For over a year I moderated the > (no longer published) digest, Info-PGP, on the old lucpul.it.luc.edu site > here at Loyola. I am in no way involved with the administration of the > PZDF. I volunteer my time on its behalf. > Phil Dubois is Phil Z.'s lawyer and lead counsel in the Customs case. > He administers the PZDF. > To obtain a copy of my public key (with which you can verify the > signature on this doc), you have a number of options: > - Use the copy which I will append below. > - Send mail to me at hmiller@luc.edu with the "Subject:" line > reading "send pubkey" > - Get it by anon ftp at ftp://ftp.math.luc.edu/pub/hmiller/pubkey.hm > - Obtain it from an Internet PGP keyserver machine such as > pgp-public-keys@pgp.ai.mit.edu. Just send a mail message to this > address with the "Subject:" field "GET hmiller". Other keyserver > machines on the Net which accept the same message format (and > automatically synchronize keyrings with each other every 10 minutes or > so) include: > > pgp-public-keys@pgp.mit.edu > pgp-public-keys@demon.co.uk > pgp-public-keys@pgp.ox.ac.uk > pgp-public-keys@ext221.sra.co.jp > pgp-public-keys@kub.nl > pgp-public-keys@pgp.iastate.edu > pgp-public-keys@dsi.unimi.it > pgp-public-keys@pgp.dhp.com > > You can verify my public key by calling me at 312-338-2689 (home) > or 312-508-2727 (office) and letting me read you my key fingerprint > ("pgp -kvc hmiller" after you have put my key on your pubring.pgp keyring). > I include it also in my .sig, below, if that's good enough for you. > You might also note that Phil Zimmermann has signed my public key. > Hopefully he is Node #1 in your Web-of-Trust! His key is available on > the net keyservers and in the 'keys.asc' file in the PGP distribution > packages. > Phil Dubois's pubkey can also be obtained from the keyservers, if > you prefer that source to the text below, and from 'keys.asc'. Phil Z. > has signed his key as well. > > Here is Phil Dubois's public key: > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.7 > > mQCNAiyaTboAAAEEAL3DOizygcxAe6OyfcuMZh2XnyfqmLKFDAoX0/FJ4+d2frw8 > 5TuXc/k5qfDWi+AQCdJaNVT8jlg6bS0HD55gLoV+b6VZxzIpHWKqXncA9iudfZmR > rtx4Es82n8pTBtxa7vcQPhCXfjfl+lOMrICkRuD/xB/9X1/XRbZ7C+AHeDONAAUR > tCFQaGlsaXAgTC4gRHVib2lzIDxkdWJvaXNAY3NuLm9yZz6JAJUCBRAsw4TxZXmE > uMepZt0BAT0OA/9IoCBZLFpF9lhV1+epBi49hykiHefRdQwbHmLa9kO0guepdkyF > i8kqJLEqPEUIrRtiZVHiOLLwkTRrFHV7q9lAuETJMDIDifeV1O/TGVjMiIFGKOuN > dzByyidjqdlPFtPZtFbzffi9BomTb8O3xm2cBomxxqsV82U3HDdAXaY5Xw== > =5uit > - -----END PGP PUBLIC KEY BLOCK----- > > Here is my (Hugh Miller's) public key: > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQCNAy7frrEAAAEEALzOAQt+eWHzXSDLRgJaQMQ7Uju1xrD9mXAZGAG1GmiTNjKl > wK68qOXrwJvnH1BmGtg8GGv53nTeabltpn5crsQVFm+0623M56/T7SOeUBWxxoa0 > vvqAA8sJ6ac1/MXY9KIgqxu8Mu6Qwf68C4OnwCbE7T71bi+fjdEdYC5Hk8UpAAUR > tB1IdWdoIE1pbGxlciA8aG1pbGxlckBsdWMuZWR1PokAlQMFEC7ryVNleYS4x6lm > 3QEBW6YD/2IOIZX9FOggNyemvPwM/EN86KW74ZGuYuTIfPCrvOMy8pFqfE33Bw93 > UkyIDj1Yh/nDlclEOO/J0tyngPn2BD2vMtaKIGRhVjnoxQc3BfzdjJ2nnHoFzAjz > 0MBxYthysmWYsyF8cQxST6LZLITKkf41dti8SVKYVRWIgkyub02HiQCVAwUQLt/F > oNEdYC5Hk8UpAQHD1wP9GdN9OHAKkIRsHeHy0wsEkI4Emb/bHiU+W59Zw7NPWsWF > 3WTT1z8GKNToQLUdysbbJuSSk3rD3F4SNGJ+KPjR4674pmEfCVVP8cQPXEl4a3Zs > xSLWNI6rG3muUAfLdyZiFP08NthOVlP2h1aOLCqIgkjEYMfQNEgkefBRJd6JywI= > =hWCA > - -----END PGP PUBLIC KEY BLOCK----- > > * * * > > This campaign letter will be posted in a number of Usenet groups. > I will also be turning it into a FAQ-formatted document, which will be > posted monthly in the relevant groups and which will be available by > anonymous ftp from ftp://ftp.math.luc.edu/pub/hmiller/PGP/pzdf.FAQ. If > you come upon, or up with, any other ways in which we can help raise funds > for Phil, drop me a line at hmiller@luc.edu and let me know, so that I > can put it in the FAQ. > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLvFO3tEdYC5Hk8UpAQF6IwQAp3Ig71gGRj/dDGXDBdqj55uMQQsywhi2 > pEzh0arfrRonqMX0UleysqYqjcUtm0rvbrXoYUy8a9vJzj4Wuyf1dQ6WyqBkcmOX > z7RGtoLVxsfTjNNTrY0810SXx/yOMYtBW7mq+zNmqEykGFZTdfsVKFEyFw6AJ//B > Ah+LQNb01Xo= > =aW2m > -----END PGP SIGNATURE----- > > > > -- > Hugh Miller, Ph.D. Voice: 312-508-2727 > Asst. Professor of Philosophy FAX: 312-508-2292 > Loyola University Chicago Home: 312-338-2689 > 6525 N. Sheridan Rd. E-mail: hmiller@luc.edu > Chicago, IL 60626 WWW: http://www.luc.edu/~hmiller > PGP Public Key 4793C529: FC D2 08 BB 0C 6D CB C8 0B F9 BA 55 62 19 40 21 -- Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 00:15:04 PST To: Cypherpunks@toad.com Subject: The first reply came 3 days later. Message-ID: MIME-Version: 1.0 Content-Type: text/plain These groups are important to me. It is why I posted them there. I use PGP extensively in my usenet postings, and I am not the only one in those groups that posts with PGP. Yes, suffice to say, I endorse this letter. I dream of a day when we do not have to deal with this issue, yet it is something that affects any one who uses the program. All that was really asked was not to go to the meeting with the D.A., and make a protest. MOST CYPHERPUNKS I KNOW OF COULDN'T HAVE MADE IT ANYWAY, THIS TIME, BECAUSE THE STAKES IN THE REMAILER GAME ARE HIGH, AND WITHIN A MONTH OR TWO, THERE WILL BE SYSTEM SO THAT WE CAN GET SOME MONEY TO EAT WITH AND BUY EQUIPMENT. But on the user level, I do my best to TEACH GOOD FUNDAMENTAL COMPUTER SAFETY. Rumors are no good for this. There was PRZ's letter to us, and Dubois's letter to alt.security pgp. Those are facts. Those I can teach with, and so can even a one month PGP Cypherpunk Novice. So can you. Now, the first reply, From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nobody@replay.com (Name withheld on request) Date: Fri, 6 Jan 95 17:26:41 PST To: cypherpunks@toad.com Subject: No Subject In-Reply-To: <199501062336.PAA12592@homer.spry.com> Message-ID: <199501070127.AA00746@xs1.xs4all.nl> MIME-Version: 1.0 Content-Type: text/plain > Think I'll go make some popcorn and sit back to watch the fireworks some more. (giggle) (giggle) (giggle) (giggle) Me, too. Love always, Carole Anne Buttock P.S. Someone with a clue: please help me get a life. Only 10 cross posts!!! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nissim@acs.bu.edu Date: Fri, 6 Jan 95 23:55:20 PST To: cypherpunks@toad.com Subject: what to do about live video - all the time? Message-ID: <199501070745.CAA64839@acs.bu.edu> MIME-Version: 1.0 Content-Type: text/plain I've just invented a big hassle, and if I don't start the patent process someone else will. Picture a near future in which your shirt or walkman is a 360 degree video camera sensing live video across visible and other spectra. Your shirt sends out a signal to your home computer, Your home computer archives your daily environment and activities for you. You have been sold this device on several premises. 1) crime reduction - no sane low level criminal would harass you; you have him, his biometrics, unique thermal signature etc. on video. Talk about neighborhood watch. 2) life/work productivity enhancement. What was said when? what could you have looked into today but slipped your mind? 3) warm fuzzies. Kodak style "your life in pictures." For now I'll assume the device actually works as claimed. It is affordably priced. Any normal person who has a car alarm, walkman, or laptop PC is apt to have one. You even get a small discount on your health insurance. Maybe your local taxes go down as your district votes to reduce the # of cops. For now, we assume that all the output of your video shirt is securely encrypted when it leaves the Vshirt. ISSUE 1: Who controls the data? Year 0: The devices are so rare the police don't think to ask people to supply their tapes if they witness a crime committed re: a third party. Year 3: The police subpeona Vshirts they know to be in the crime vicinity. Presumably they use their current abilities with cellphone companies to locate who's where when. Year 3.1 While reviewing Vshirt tapes police note that non-case related illegal activities are going on. Jaywalking. Speeding. Recreational drugs. Verbal assault. Life and property threatening felonies are also discovered. At this point the scene bifurcates wildly: Do the police say, "look, this is happening anyway, we need 24 hour video surveillance of everything - if nothing else to protect ourselves in court." Evidence: in the UK they video the motorways, and several public areas in the cities (soc.culture.british Jan '95) -for crime/security purposes. In the US, there are utility poles wired for sound. Design News had an item on this in their Yellow newsflash section in '93 I think. The utility poles were/are in washington DC, and supposedly only listen for gunshots. I'm pretty sure the poles could call the cops in using triangulated crime location data too. However slight the infraction, we are all lawbreakers. Do we have a right to 'not testify against ourselves" by refusing to decrypt? Can we buy (ugh.) an "attorney-client privlege" box that hold all of our data Keys in a legal fiction that the courts currently respect? Will the 5th fare any better than the 1st and second amendments? Will the state issue a "statute of limitations" on data-recorded crime, so that you can't be arrested for last year's public drunkenness? Will Vshirt makers make, or be allowed to make, devices that create -absolutely no residue- data keys? that way, if you want to protect yourself from what you happened last thursday you can set the keystrip on fire and nobody, not even you, has a hope of ever decrypting? Evidence: in the US Digital audio tape Mfrs. are required to put in some sort of copyguard. Also scanners w/image signature. In the US, reconstructed deleted files for legal purposes is considered legal evidence. There is a firm in Seattle that has even reconstructed harddisks written over with 0s for criminal (tax) cases. Citizens or their employers are required to keep and prepare documentation adequate to prepare a valid tax return. i.e., some records you _have_ to keep. and of course the digital telephony bill... What thoughtful Pro-freedom arguments can be constructed to deal with this device and its social fallout? What thoughtful software and hardware can be created? The device does not yet exist, but component parts can be assembled for less than $2000 and 17oz weight that do a fair job of mimicking it. Moore's "law" suggests that by 2000, these oughta be $19.99/month plus data charges. VoicePGP is a great jumping-off place...will there be a VideoPGP, or rather an optimized-for-videoPGP coming soon? If I've christened its existence now. I hereby declare the application of Public+private key cryptography as it especially applies to picture, live picture, and/or video transmission to be public domain. (Surely I'm not the first, but this can't hurt.) Write. Talk. Create. Protect yourselves. ObLameJoke: Well, as far as I know none of my relatives were killed by Stalin, or Mao, or interned in WWII, or blacklisted, or even jailed. I suppose a few were drafted. I guess it's about time for the forces of authority to reach into my little corner of the gene pool and crush me too. I mean, I'm missing out! Treon Verdery, posting under the auspices of Adam Almog From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 00:56:30 PST To: Cypherpunks@toad.com Subject: I haven't read this response, until now! Message-ID: MIME-Version: 1.0 Content-Type: text/plain Dear All, I haven't seen the next two responses, yet they comprise all the responses that ten news groups had made as of this posting, in my newsreader here at MM.COM. I am told there are now more, yet I think it's kind of a moot point (david@winternet.com was the reporter). So I am going to import the text now and read it finally. I have read the text, and I giggle a little, at who sent it. Now you already have had the advantage of seeing copy by Mr. Horwath. Mr. Logajan didn't. And didn't for a number of days. Nor did anyone anyone else either. [teacher mode on] LOOK AT THE GROUPS MR. LOGAJAN IS RESPONDING TO. HE IS ONLY REPLYING TO ONE, NOT TEN GROUPS. AND, EITHER HE OR MR. HAS CENSORED NINE OTHER GROUPS FROM THEIR RIGHTFUL REPLIES. I DO BELIEVE, WHEN YOU LOOK AT MR. HORWATH'S PRIOR POSTING, I THINK YOU WILL FIND THAT HE DID TAMPER WITH THE POSTING. AND, WHAT YOU GET AS A LESSON HERE IS JUST WHY THE REMAILER PROGRAM IS IN TROUBLE. THERE JUST HAS TO BE PLAIN AND SIMPLE TRUST. MR. LOGAJAN IS UNDER THAT SIMPLE DELUSION, FOR THE MOMENT. YET AS CYPHERPUNKS, THERE IS A KIND OF AN UNSTATED UNDERSTANDING THAT WE DO NOT DO THIS TO OTHERS OR OURSELVES. [teacher mode off] Mr. Horwath at least owes Mr. Logajan an apology. For misrepresentation. Mr. Horwath owes nine newsgroups an apology. For telling them (through ommission) that mn.general is more important than they are. It was about this point I was on the list again. The damage was done, and now repairs were under way. Now, the third and last response I know of, to this point. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: erc@s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Sat, 7 Jan 95 02:12:51 PST To: RopeGun@calvino.alaska.net Subject: Re: pgp shells for windows.... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text > I've read the pgp docs and several other unofficial documents on pgp and I have come to the conclusion > that a shell for pgp is the most sensible approach using such a powerfull encryption program. I've > searched to the best of my abilities and have found several pgp shells for windows, but all of them seem to > assume that the user has an above average understanding of the workings of pgp and all of its uses. At > this point your probably thinking that I'm looking for an easy way to get around learning pgp the hard way, > but I'm not... the whole idea of pgp is that privacy and security be available to anyone, using any platform. > But ease of use was not really one of the features built into pgp. If anyone can refer me to a windows > shell for pgp (for dummys :-) ) I would like to get a copy of it for distribution on the bullitin board nets... Which ones have you looked at? -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: erc@s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Sat, 7 Jan 95 02:32:20 PST To: RopeGun@calvino.alaska.net Subject: Re: pgp shells for windows.... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text > winpgp2.6 was the most succesfull pgp shell I could find but the interface > was stale and non descript. including the fact that when it executed the > commands it opened a window and I was interfacing with the dos pgp > interface, I found that a little redundant for a shell program; but then > again I'm not sure if an interface with pgp can be done any other way. Try ftp.netcom.com:/pub/ec/ecarp/pgpwind.zip - you might find it a bit more to your liking. There are others out there, and their authors will probably speak up :) -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: bart@netcom.com (Harry Bartholomew) Date: Sat, 7 Jan 95 03:36:04 PST To: tengi@Princeton.EDU (Christopher J. Tengi) Subject: Re: Indexing and searching In-Reply-To: <9501062315.AA29835@deepthought.Princeton.EDU> Message-ID: <199501071134.DAA17942@netcom4.netcom.com> MIME-Version: 1.0 Content-Type: text/plain We sure need some indexing and searching to use the archive. A directory command at ftp.hks.net:/cypherpunks/nntp/cypherpunks get you 8200+ lines of: ... -rw-r--r-- 1 8 8 34609 Sep 24 20:02 3255 -rw-r--r-- 1 8 8 1154 Sep 24 20:24 3256 -rw-r--r-- 1 8 8 1443 Sep 25 03:15 3257 -rw-r--r-- 1 8 8 1675 Sep 25 03:33 3258 -rw-r--r-- 1 8 8 1634 Sep 25 10:35 3259 -rw-r--r-- 1 8 8 3243 Jul 21 23:59 326 -rw-r--r-- 1 8 8 955 Sep 25 11:41 3260 -rw-r--r-- 1 8 8 2088 Sep 25 12:05 3261 -rw-r--r-- 1 8 8 3930 Sep 25 12:06 3262 ... Why its virtually encrypted! How fitting. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 01:42:30 PST To: Cypherpunks@toad.com Subject: Nope, the Skypoint Newsreader didn't carry any of the 9 groups. Message-ID: MIME-Version: 1.0 Content-Type: text/plain Dear All, And, amazingly neither does MM.Com. And if I'm going to infer, I'd better go back and look at the facts on hand. No, Mr. Horwath's reader has up to 4,500 or so groups in it at any given moment. Here at MM.Com we only have 1,009 to be precise. So let us remind ourselves that this didn't even get "full" coverage in a lot of places. And, in some maybe none at all. So stay tuned, as the story of the anonymous remailer cartel works it's way into place. I have a chain.exe script in the winternet.files. Spose I could go net.rad and go get another from soda.berkeley or somewhere. Look remailers, meet somehwere face to face, shake hands, hug each other, cut a deal eyeball to eyeball, just do the best you can with what you've got. So remailer cartel 1.0 has a bug or two. So does all humanity. Even so did my logic for a minute or two (only). So go somewhere fun and sort it out. And write what wonderful "vacations" you having, as you all will be MAKING MONEY FAST, within hours after your glorious return to civilization. (even money says the anon server bounces this to somebody) And as I stated four postings ago. No Mr. Ste. Marie only ten, and as we saw in some cases only one. not hundreds or thousands, just a few. .1% One One Tenth of a Percent. And, one instance of One One Hundreth of a Percent. About as bad as the pentium bug story. And that's still an acceptable post in any group. Somebody uses PGP in any of those groups. They are my friends. I hope I can learn remailer procedure and code soon, it looks fun. Thanks for your time. Love Always, Carol Anne From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 03:27:52 PST To: "I'm Wozz" Subject: Big vs Little providers (punkette view) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Perspective, Perspective, Perspective. You're both right on many counts. Mike is a "fine benevolent dictator". He has many "happy" users. He has now five local Usenet groups of winternet.* But he reneges on deals. The shirts were ready before Thanksgiving. He posseses them as I write. He violates the spirit by which I processed their making (the samples). Many orders for the shirts were made prior to Thanksgiving, I still have the mail for them at squeaky.free.org (good storage place). Then there's the GT story. I organized one for them. Created a sked for more of them. He didn't like the sked. The Users did. There was an incident of much greater magnitude, that drew far less attention. It was my call for WWW crosspost linkages. It was hand posted to 75 or so groups, one at a time. The plus minus ratio of mail was last at 412 positive, and 8 negative. Squeaky has half the mail. There's 50 and growing crossposts that are drawing 200+ accesses a day to that page. Any other page he has on his system is only drawing 40-50 responses at best. I have copies of the daily access statistics /usr/local/ect/httpd/stats/summary If my mail is frozen, so to should all phases of that account, including the WWW Pages. Besides maybe they"have violated acceptable use policy",too! That's just sound administrative policy to shut everything down. You haven't heard about Webbittown, yet. Bruce Sterling owns #9 Blackice Blvd. It's a Web page city of 20,000 individual pages, at a $1,000 a page. Just like Real Estate. Run by doom software drivers. Mike's poor vision is another T1 line, maybe two if he's lucky. They are hacking his machine like crazy, he claims. That means you got some serious enemies, if it's true. That means you don't abuse your fans like me, at a time like that. It also probably means one of his "friends" is his enemy. I have an alt.dream.lucid of having the world's best web server. I dream of people being able to protect their HTML code with PGP. Funtional on top, crypto underneath. Encryption on the fly. This was something that was bound to happen sooner or later. Better sooner than later. Now there's precedent. 10 groups, and the reply's caught in the pine processor 3.91,too! Doc Ozone says pine 3.91's full of leaks. Doc Ozone and I make machines for people who are 'netless'. It's called the tired, poor project. Give us your tired, your poor, your old PC's. Miles, a seven year old is next on the list. We gave Mike a Sparc monitor from one of our equipment forrays. Free,zip, zilch for we got for free zip zilch. He begged for it. It was still sitting in the office wednesday, unfixed for anyone. I equate the thing to a domestic abuse situation. As long as it's minor, as long as it's hushed, it's OK Even this would have been OK if had stayed silent. There is a safety in numbers factor. AOL proves it. And as they descend upon the the net things will change again. The moment I called little tiny Micro Net, I knew there would be fallout. I will not respond to the actual posting unless I'm asked a direct question about the substance of the post. But it's pretty self explanitory, and I cry to think there's a real bitch. Yes, at Netcom, I can now probably get much further, much faster. No I wouldn't subject myself or anyone to Winternet. But I wouldn't subject a newbie to Netcom either. I did it once and was sorry, too. I'm just a punk girl who writes great HTML code. And I hope that it can be protected by cryptograhy, that's my little goal. I hope I have both made you think and feel you are right, because both of you are, in certain kinds of ways. And you know it, too. Now where was I?, oh yeah, Is there like a Remailer for Dummies, quick reference manual? I could have fun learning & doing that. Till My Next Mini-Rant, Love Always, Carol Anne Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 04:40:49 PST To: "L. Todd Masco" Subject: Re: Files and mail In-Reply-To: <199501070607.BAA04310@bb.hks.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain You should paint this as a canvas,and sell it for five big digits. This post right here, in all its mono glory, is real art. On Sat, 7 Jan 1995, L. Todd Masco wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > - -----BEGIN PGP SIGNED MESSAGE----- > > > Anybody want to offer odds on whether or not this merry little exchange > will be reported in Wired as news? > - - -- > Todd Masco | "life without caution/ the only worth living / love for a man/ > cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich > Cactus' Homepage > - - -- > Todd Masco | "life without caution/ the only worth living / love for a man/ > cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich > Cactus' Homepage > > - -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLw301xNhgovrPB7dAQFj3gP8CJV4TyRUl+sEQRHX6qH2TKK+B+JKLrwk > kUM7Y0yaY2ZwScBnYRva5/Pyu8r70i2Z3yQUQFF7ECasxHwrYftfWweD0/4Pc4ws > qEGNfGIheHtnP/J0B7G7xsIyAMSZIlUD3RCQ49o4BOpWk6bev4t5i/RP10yK9sit > dA1go4Jiaag= > =eQPF > - -----END PGP SIGNATURE----- > - --- > [This message has been signed by an auto-signing service. A valid signature > means only that it has been received at the address corresponding to the > signature and forwarded.] > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: Gratis auto-signing service > > iQBFAwUBLw4vqSoZzwIn1bdtAQER/QF/SkRQGEEjHn+E0SZEiWs0McAvRccuzxFQ > Uv76Kmmya6EMxTJOJFtatP1uQ7V6JmSA > =g1Bd > -----END PGP SIGNATURE----- > Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 04:52:46 PST To: cypherpunks@toad.com Subject: Killfiles 101 Message-ID: MIME-Version: 1.0 Content-Type: text/plain 1. The best and only way you can be sure you're killing a file is to turn your machine off. Only then can you be sure it is dead. 2. If you must resort to using killfiles, (great marketer trick, make you use it again and again, and again, like a gun) kill "classes" of files, as opposed to individuals, you'll get better kill ratio. A good example is anon or wizvax users. 3. Note: Killfiles are a censor's best friend! And you'll become what you swore you wouldn't. does your signature tell the truth nesta? Can't know everything with a killfile! Eventually you'll kill the file that'd get you sex. Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: x Date: Sat, 7 Jan 95 03:59:40 PST To: cypherpunks@toad.com Subject: intelligent discovery agents Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Fri, 6 Jan 1995 Nesta Stubbs wrote: >> There was some recent talk about network agent technology on this list. >> > does anynoe have any information about intelligent agents? I mean I know > about filter and stuff, but they arent intelligent agents. I assume one > would be something like the WWW worm and other searching scripts that > have a database of information to cross-reference their finds and decide > what to send back to you. You might want to check out Brian LaMacchia's Ph.D. proposal to create a new class of knowbot, to be termed "Internet Fish". It is posted on http://www.swiss.ai.mit.edu/~bal/bal-home.html LaMacchia's proposal is interesting in that his 'fish' seem to have limited autonomy, thus moving us closer to a content-addressable model of net info retrieval. Also of interest is RFC 1728: Resource Transponders, by C. Weider. The idea is that there should be meta-information (information about information) available for use by info retrieval programs like 'archie'. From ftp://nic.ddn.mil/rfc/rfc1728.txt The following is extracted from LaMacchia's abstract: > We will design, implement and deploy a system for constructing > ``Internet Fish,'' a new type of resource discovery tool. Internet > Fish attempt to discover new sources of information related to a > particular topic; characteristics that describe the topic of interest > may be specified by the user or deduced by the Fish over the course of > time. As part of the information-gathering process Fish conduct > long-term conversations with users; these conversations permit Fish to > ask for human assistance when necessary and allow humans to > dynamically reallocate Fish resources. In addition, Fish facilitate > *serendipitous* resource discovery; that is, the act of finding > interesting information in an unexpected place or manner, information > that we were ``lucky'' to have discovered. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 05:17:09 PST To: cypherpunks@toad.com Subject: Dear Zimmy, Message-ID: MIME-Version: 1.0 Content-Type: text/plain They still miss the point, I think. They haven't figured out how to teach others. They can do it in ten newsgroups. They whine and snivel like two year old brats. They just can't for the life of them grab the original letter. They can't go teach their top-ten newsgroups. They can't figure out how to come back here and rant how they did it and I didn't (lose my account over it) They rapidly forget crypto loses it's power against a bullet. Eventually they'll come with guns again and take the machines away. There were 10,000 newsgroups I only went to 10. The best kill file is a turned off machine. I touched my first fortran card 22 years ago. There's a lot of difference between showing up the 12th, and showing up in say 12 newsgroups. Sorry Zimmy, It don't look good for the home team. Love Always, Carol Anne Signature back on the drawing board Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 05:32:38 PST To: cypherpunks@toad.com Subject: A day in the life of the Cypherpunk list Message-ID: MIME-Version: 1.0 Content-Type: text/plain Dear Bruce, When you see the actual postings on the last 24 hours, they are all running to the newsgroup to use killfiles. Isn't it ostriches that do that kinda thing? They've been caught napping. The Webbittown Post Office could use all the remail people. Every last one of them And meanwhile, still stuck in the pine composer, lies the original response. Good copy, definitely good copy. Love Always, Carol Anne Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Carol Anne Braddock Date: Sat, 7 Jan 95 06:02:50 PST To: x Subject: Re: intelligent discovery agents In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain There's this rad.web.intelligent person by the name of Sang. Visit Sang at http://www.inlink.com/users/sangria/homepage.html Sang has more information on Robots, Spiders, Ants, and Worms than any other computer person I have yet to link up with. Feel free to grab a copy of the Web Server Software while your there. Love Always, Carol Anne On Sat, 7 Jan 1995, x wrote: > On Fri, 6 Jan 1995 Nesta Stubbs wrote: > > >> There was some recent talk about network agent technology on this list. > >> > > does anynoe have any information about intelligent agents? I mean I know Signature withdrawn at the request (pretty rightfully so) of my dear friends on the Cypherpunk List Coming Soon: The Internet Debut of CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "John A. Thomas" Date: Sat, 7 Jan 95 08:44:51 PST To: Derek Zeanah Subject: Re: TEMPEST Questions... In-Reply-To: <121_9501062145@borderlin.quake.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On 6 Jan 1995, Derek Zeanah wrote: > > I'm writing an article on TEMPEST technology. > > The focus is on what TEMPEST is and how to defeat it, if possible. So far > I've gotten some insightful information, but I'm looking for all I can get. > > Has anyone ever heard of TEMPEST being used in the continental US? Can anyone > tell me what measures offer some level of protection, or steps that can be > taken to reduce the likelihood of being successfully targeted? Has anyone > ever seen TEMPEST in action? > You might start with van Eck, Wim, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?", Computers & Security 4 (1985) 269-286. That will give you the technical basics. If someone has actually seen Tempest interception in action, I'd like to hear about that as well. John A. Thomas jathomas@netcom.com N5RZP 214/263-4351 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Sat, 7 Jan 95 08:59:01 PST To: jathomas@netcom.com (John A. Thomas) Subject: Re: TEMPEST Questions... In-Reply-To: Message-ID: <199501071544.JAA00423@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text Hi all, Regarding Tempest, Something similar happens to me in my workshop. I have several computers stacked on two shelves. It is quite commen for several of them to be on at one time. In particular when I have my Amiga 1200 driving my NEC TV/Monitor I notice that it appears on the other composite video monitors even though the Amiga drives RGB. What I think is happening is that the NEC is converting the RGB to standard TV drive rates. The short of it is that I can watch my Amiga 1200 on my TV that is sitting a couple approx 3ft. from it. It could also be the fact that the 1200 has a video output that is poorly shielded. It is capable of driving a composite device directly as well. One aspect that is interesting is that if you have several sources going at once the quality degrades. One possible technique for defeating such monitoring would be to have a couple of standard video recorders drive a video game rf modulator tied to an antenna to provide a 'shell' of drivel from your cable feed. Your VCR may be able to drive the antenna directly. Take care. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: adwestro@ouray.Denver.Colorado.EDU (Alan Westrope) Date: Sat, 7 Jan 95 09:38:57 PST To: cypherpunks@toad.com Subject: Re: Peter D. Lewis In-Reply-To: <199501070558.AAA04212@bb.hks.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- On Sat, 7 Jan 1995, "L. Todd Masco" wrote: > Like "Seventeen," "Wired" should prepend "don't you wish you were" to > its title. Ah, yes, I wish I were "(c) Both of the above" -- as the Sinatra lyric sez, "When I was seventeen, it was a very WiReD year..." I think generalizing about "Wired" is like generalizing about the NY Times, where Markoff and Lewis arguably exemplify the best and worst of mainstream computer/telecom journalism. "Wired" has many flaws, but I consider Steven Levy's articles about Cypherpunks, Whitfield Diffie, and digital cash to be among the best expositions of Cypherpunk issues for the layperson. (Kelly's "Whole Earth Review" piece is another.) I can forgive some faults in return for seeing Levy's non-technical explanations of public-key crypto and the Dining Cryptographers protocol in successive issues. :-) Alan Westrope __________/|-, (_) \|-' 2.6.2 public key: finger / servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw7QeVRRFMq4NZY5AQEc8AQAqZ/Yp7+yEEYikZja/bF8c468I4C147q7 7AjuMsT1NN0Yt9HZB+mxtKdrbOL7QLyJgbk3c6NJ18nUkianZTnQNCEzr35BYwh7 7dCsIsiMWUVdjmahjEeppJZvKAZrRioW0KAMTnmPK6vWFXtttS0kl5k5FG/na3+n KJoDdNOVsTg= =lcQW -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Sat, 7 Jan 95 09:21:03 PST To: dfloyd@io.com Subject: Re: Data Haven problems In-Reply-To: <199501071710.LAA21334@pentagon.io.com> Message-ID: <199501071606.KAA00541@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text > > > While programming my data haven code, I am wondering how to guard against > spamming the data haven parser. It is trivial to mount a denial of > service attack by repeatedly mailing large files. which will fill up the > quota or filesystem of the data haven host, and if you have mail on a > root partition, will cause hangs or crashes. > If there is no cost associated with the haven and there are no account limitations (ie anyone can get an account) then I don't see a means to do it reliably. However, if you work up a fee based scheme such that you charge per M then it is trivial. If the data is larger than the account balance it bounces. By limiting the availability of accounts you can make it less enticeing for users to spam the haven because they are hurting themselves. And it is assumed that since the accounts are limited that there is an assumed web of trust working. > Any ideas on how to guard against mailbombs, and to confirm to the sender > that their files are stored successfully? Perhaps do a mailing with > a test command that validates the existance of the file, and sends a > reply back wether the file is okay or not, or would this result in a > possible security hole? > It seems to me that a message should come back only if there is a problem. > As to the code, this will have to be my second rewrite as I am going to > do it in perl code, rather than C... last rewrite was from a daemon to > a program activated by a .forward file. > > Lastly, instead of postage (like a remailer would get), how hard would it > be to implement "rent" where if the "rent" is not paid, and a grace period > has elapsed the file would be trashed. All this while preserving the > anonymity of the sender and the data haven site. > This form of dating files is pretty commen in bbs systems where if a user doesn't log in for say 30 days the account and its contents are deleted. To do this doesn't even require knowing anything about the user other than how long the files have been there versus how long they are supposed to be there. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Sat, 7 Jan 95 10:47:56 PST To: Adam Shostack Subject: Re: A Fire Upon the Deep In-Reply-To: <199501071808.NAA09510@bwh.harvard.edu> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Adam Shostack wrote: > Anonymous mail has bandwidth costs that are only slightly > higher than regular mail. You could hide quite a bit in most video > packets. The latency is a reflection of the lack of volume, because > volume is needed for reordering. If your favorite remailer gets more > mail, the latency will drop. Anonymous e-mail that goes through a chain of N remailers will cost at least N times as much bandwidth and have N times as much latency as normal e-mail. But e-mail is hardly the state-of-the-art of network communication, while anonymous e-mail IS the state of the art for anonymous communication. How long will it take for the technology of anonymous video conferencing to develope, for example? By then, of course, those who are not concerned with anonymity will probably have things such as full sensory virtual interaction. Note that I SUPPORT anonymous communication, but its costs of bandwidth and latency may be a real obsticle to developing Cryptoanarchy (of the kind described by Tim May) if most people are not willing to put up with those costs. Wei Dai PGP encrypted mail welcome. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: John Young Date: Sat, 7 Jan 95 07:58:53 PST To: cypherpunks@toad.com Subject: NYT on Survivalists Message-ID: <199501071559.KAA23283@pipe3.pipeline.com> MIME-Version: 1.0 Content-Type: text/plain Philip Weiss writes in tomorrow's Magazine a very long (52K) cover story on Idaho survivalists Bo Gritz, Randy Weaver and the burgeoning anti-government population. The longest story I've seen in there in years. Mentions societal threats of cashless economy, tax nix, and more c'punk tonics. Is The Times getting antsy, seeding a L&O crackdown? Or huffing luridities? See for yerself by sending blank message with subject: SUR_huf From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dfloyd@io.com Date: Sat, 7 Jan 95 09:09:48 PST To: cypherpunks@toad.com Subject: Data Haven problems Message-ID: <199501071710.LAA21334@pentagon.io.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- While programming my data haven code, I am wondering how to guard against spamming the data haven parser. It is trivial to mount a denial of service attack by repeatedly mailing large files. which will fill up the quota or filesystem of the data haven host, and if you have mail on a root partition, will cause hangs or crashes. Any ideas on how to guard against mailbombs, and to confirm to the sender that their files are stored successfully? Perhaps do a mailing with a test command that validates the existance of the file, and sends a reply back wether the file is okay or not, or would this result in a possible security hole? As to the code, this will have to be my second rewrite as I am going to do it in perl code, rather than C... last rewrite was from a daemon to a program activated by a .forward file. Lastly, instead of postage (like a remailer would get), how hard would it be to implement "rent" where if the "rent" is not paid, and a grace period has elapsed the file would be trashed. All this while preserving the anonymity of the sender and the data haven site. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLw7KpFLUeLjqSiixAQHs4wf+Mf4CVx77nXjUXug/3q1hINhCyWgWmal7 vY1WeCDXM+qrrdxUgqzIhYRYpCPKChMjeozFltn9T0CcH/YdaD5hx3dB5A0YUPWZ SpF5oCL3iZzf2veA8BBJEIrFdmts/nFUzWaqMx4+2IcufYb+0kVw/AKi2M5B0ZiT UoOFFIsySR9hIMMIfHlkGqrnoO8LhlViRBx4u1O0bb0GYAyc+Nv6HvDJOSWuVe9C g5B4GMLuW1t9e5Qw3W0Qy1VRIC4QbOrd0zbjDrQ38GUemOjALuZ2h4+tr3bR93KU ZthueqsIzGKlr90PU6AVVZd128mDHLofJO4I4IoOgSPV7XIK4tufyA== =KZk0 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: peb@netcom.com (Paul E. Baclace) Date: Sat, 7 Jan 95 11:19:20 PST To: root@einstein.ssz.com Subject: Re: TEMPEST Questions... Message-ID: <199501071919.LAA22533@netcom19.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Grady Ward wrote an article on implementing something like TEMPEST ("something like" means that it was not derived from classified documents). I can't seem to find my copy of his text and it doesn't appear anymore at netcom:/ftp/pub/gr/grady...Anyyone have a pointer to this? This article is definitely the most practical and comprehensive that I've seen on this subject. Paul E. Baclace peb@netcom.com peb@eng.sun.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 11:50:42 PST To: weidai@eskimo.com (Wei Dai) Subject: Latency Costs of Anonymity In-Reply-To: Message-ID: <199501071950.LAA22106@netcom17.netcom.com> MIME-Version: 1.0 Content-Type: text/plain [thread name changed to reflect actual topic] Wei Dai wrote: > Note that I SUPPORT anonymous communication, but its costs of bandwidth > and latency may be a real obsticle to developing Cryptoanarchy (of the > kind described by Tim May) if most people are not willing to put up with > those costs. > The good news is that many of the messages that people want anonymity for are *text* files, e.g., offers of services, controversial data or opinions, etc. There's a kind of tradeoff in size and urgency. To wit, it is seldom "urgent" that a 1 MB or 100 MB or whatever file get through. (Sorry I can't draw my favorite little diagram here showing the space of messages, with "urgency" and "size" as the axes.) However, I will try such a diagram here: ^ ^ | |short <---there are very few large files URGENCY |messages that must be urgently transmitted | | | | non-urgent | huge files ----------------------> text books videos 10K 1 MB 1GB S I Z E ---> (The tradeoffs are of viewing time, caching, information, etc. A short message can be _read_ quickly, and hence may need to be transmitted quickly. The canonical "Attack at dawn" message, for example. A long message, such as my 1.3 MB FAQ, clearly can be delayed for hours or days with no real loss, save impatience. My contention is that network speeds--ISDN, Mosaic usage, faster modems, direct connections--are being set up and that "urgent-but-small" messages will fit in nicely, and with low latency through remailers. In the next several years, that is.) What this means is that networks of the future, set up to handle huge files, video-on-demand, etc., will allow text messages to be carried almost unnoticeably. Interstitially, if you will. Reordering still requires N messages (whatever N may be), so it is true that remailer sites must still have some traffic. But this doesn't have to introduce latencies that are unacceptable. (If this isn't clear, what I mean by the situation about large files being shipped is that there should be little cost for users circulating their own dummy messages through remailer chains. Digital postage will cost, but costs will drop. Lots of tradeoffs here. No point in me or any of us trying to anticipate costs, volumes, etc., as these will evolve and the market will decide.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Sat, 7 Jan 95 12:51:25 PST To: "Timothy C. May" Subject: Re: Latency Costs of Anonymity In-Reply-To: <199501071950.LAA22106@netcom17.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Timothy C. May wrote: > The good news is that many of the messages that people want > anonymity for are *text* files, e.g., offers of services, > controversial data or opinions, etc. > > There's a kind of tradeoff in size and urgency. To wit, it is seldom > "urgent" that a 1 MB or 100 MB or whatever file get through. (Sorry I > can't draw my favorite little diagram here showing the space of > messages, with "urgency" and "size" as the axes.) The points Tim makes here are quite good. However, I'm more concerned with a slightly longer time scale, when people focus less on FILES, but more on CONVERSATIONS and INTERACTIONS. It is then that latency becomes more problematic. Can anyone give me an estimate of when truly anonymous video conferencing will become possible? This is not just to help me make the point, but I'm really wondering. Wei Dai From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Adam Shostack Date: Sat, 7 Jan 95 10:08:06 PST To: weidai@eskimo.com (Wei Dai) Subject: Re: A Fire Upon the Deep In-Reply-To: Message-ID: <199501071808.NAA09510@bwh.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain Anonymous mail has bandwidth costs that are only slightly higher than regular mail. You could hide quite a bit in most video packets. The latency is a reflection of the lack of volume, because volume is needed for reordering. If your favorite remailer gets more mail, the latency will drop. Also, on the book trend, Neal Stephenson's new book, The Diamond Age (Bantam Spectra, 1995) has a brilliant hacker dump information he comes across becuase its encrypted, and he knows he'll never manage to break the encryption scheme. I haven't finished it, but its quite good about 1/3 of the way through. Adam Wei Dai wrote: | One more thing that's marginally related to cypherpunks (hey I really | like this book so I'll take any chance I can to talk about it ;-) is | the idea that the efficiency of distributed computation (and distributed | intelligence) depends on high bandwidth and low latency of the communication | medium. Since anonymity seems to have rather high costs in terms of | bandwidth and latency (compare anonymous e-mail with internet video | conferencing or even with normal e-mail), this implies that | an organization of anonymous agents will not work as efficiently as | a similar orginzation whose members are not concerned about | anonymity. -- "It is seldom that liberty of any kind is lost all at once." -Hume From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Adam Shostack Date: Sat, 7 Jan 95 10:19:54 PST To: nesta@nesta.pr.mcs.net (Nesta Stubbs) Subject: Re: procmail In-Reply-To: Message-ID: <199501071818.NAA09659@bwh.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain ftp.informatik.rwth-aachen.de:/pub/packages/procmail I find I need the following rule to get everything sent to cypherpunks: :0 * (^TOCypherpunks|Sender:.*cypherpunks|^From owner-cypherpunks@toad.com) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: doumakes@netcom.com (Don Doumakes) Date: Sat, 7 Jan 95 11:27:20 PST To: Cypherpunks Subject: Let's NOT talk about Netcom Message-ID: <199501071927.LAA09582@netcom20.netcom.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- If I wanted to read flamage about Netcom, I'd check out netcom.general, which is 150 messages a day of, mostly, garbage. I earnestly request that we not duplicate that clutter on the cpunks list. - -- ______________________________________________________________________ Don Doumakes Finger doumakes@netcom.com for PGP public key Foxpro databases built to your specifications. Email me for details. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLw6RQxtumcu2AjihAQHKTwP/fMxLVjDp/9yO2hFkCJQ+Vo5PGQvEAakt KiCrs3nTsbZwkwxjyzgwgnuJkOVcIWgIndkO+AViI4zmOTT+9lp2FlK3gdv1qIWl +pI/rkcegd9jyzRxz+HybONLtppAft8RZ6UlPmzS2w2Il+oHIPK9OtxRH5bGXj2D YHzBctPXYt0= =msXo -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: roy@cybrspc.mn.org (Roy M. Silvernail) Date: Sat, 7 Jan 95 11:54:26 PST To: cypherpunks@toad.com Subject: Re: cel fraud In-Reply-To: <9501071759.AA00953@anon.penet.fi> Message-ID: <950107.134210.3m7.rusnews.w165w@cybrspc.mn.org> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, an172607@anon.penet.fi writes: > AT&T's Steve Fleischer, speaking to Newsbytes, said such cloning operations > have become such a successful criminal industry that some criminals sell the > phones with 30-day guarantees. > > "If a number is cut off, you can bring it back to the cellular bandits and > have it reprogrammed for no additional charge," he explained. "It costs the > carriers around $1 million a day." > > He paused, then added: "It just shows how big a demand there is for wireless > communications." Does anyone else think this is funny (in both senses of the word)? The cell-phraud system shows a demand for cheap, though illegal, phone service. The wireless aspect is pretty much incidental to the fraud aspect, no? - -- Roy M. Silvernail [ ] roy@cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request@cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw7vEhvikii9febJAQGLlgQAiteZ/51syb6gSkiwWMLs9oQ+99hMxbps L7rshpeQ0xDM7GN+Szz4PiQ4CQrqMlxxkvgppsrRbU2E5WPv8IGvW9pa6gWx8Y9B H/ZwmjSz1lIMCATh5osFt9myK3nkwHasxjGYqpyJJwcbTd+rQi8/lIv1EYcxv+HX qtiHdjrFvbE= =D0AH -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 14:58:36 PST To: weidai@eskimo.com (Wei Dai) Subject: Re: Latency Costs of Anonymity In-Reply-To: Message-ID: <199501072258.OAA28744@netcom4.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Wei Dai wrote: > The points Tim makes here are quite good. However, I'm more concerned > with a slightly longer time scale, when people focus less on FILES, > but more on CONVERSATIONS and INTERACTIONS. It is then that latency > becomes more problematic. > > Can anyone give me an estimate of when truly anonymous video conferencing > will become possible? This is not just to help me make the point, but > I'm really wondering. I didn't know you meant real-time conversations and interactions. These are indeed very hard to get acceptable latency on in mixes. Defeating traffic analysis in such a case is highly problematic, at least with conventional remailers. (Unconventional remailers, such as a dedicated telephone "traffic scrambler," with lots of internal bandwith between nodes, could work. Obviously a lot of other traffic would have to be flowing in and out.) The tradeoffs are best analyzed with an actual mathematical model of nodes, traffic rates, clumping of traffic, etc., rather than our hand-waving here (hand-waving is OK for broad conceptual points, but not in cases like this). I'll be interested in what others calculate, but I think "conversation mixes" are several years off, at best. The upcoming demo of Voice PGP by Phil Zimmermann (scheduled to appear at the Demo Day meeting next Saturday) may be a step in this direction. BTW, to my graph in my last post we could add a z-axis representing "value." Roughly, how much per unit of data transmitted. The crypto-canonical "Attack at dawn" message might easily be worth many dollars per byte to transmit untraceably, whereas a casual phone conversation between Alice and Bob may not be worth (to them, separately or in combination) much more than a few cents per kilobyte transmitted. In other words, there are economic as well as technologic reasons I doubt we'll see low-latency, high-bandwidth audio or video remailers anytime soon. (As we're seeing now: short messages can get through in tens of seconds, But like I said, some calculations are called for. I'd start by analyzing the existing voice-over-Internet systems, the packet sizes, and so forth. My suspicion is that Alice and Bob cannot defeat traffic analysis while ~10K bits per second are flowing continuously between them (audio), at least not until _many_ subnetworks are _much_ faster. Also, the CPU loads would be great (= costly)). Video is even further off. Tricks to reduce bandwidth may help. The digital mixes implicitly assumed in "True Names"--the year before Chaum published his seminal mix paper--are a ways off. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Sat, 7 Jan 95 14:59:27 PST To: cypherpunks@toad.com Subject: Re: Latency Costs of Anonymity Message-ID: <199501072300.PAA25794@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- From: Wei Dai > The points Tim makes here are quite good. However, I'm more concerned > with a slightly longer time scale, when people focus less on FILES, > but more on CONVERSATIONS and INTERACTIONS. It is then that latency > becomes more problematic. I think this is a good point. We have had some discussions about getting anonymity with web browsing. The "mix" or "remailer" concept doesn't work so well there as the connections are very short, so there is less chance of multiple communications going on at one time. OTOH I have heard discussions of asynchronous transfer mode, ATM, as a new packet-based network technology that could support high bandwidth communications. All messages, presumably even streams like video signals, get broken into fixed-size packets, which make their way through the network and are reassembled into a stream on the other end. The individual packets may not all take the same path through the network. (I am far from an expert on ATM so I welcome corrections to this description.) This technology does sound like mixing could work pretty well to provide anonymity. There is some price in bandwidth and latency but ATM is so fast that probably several steps of chaining and mixing would be possible. Naturally such mixes would have to be hardware based due to the rapid speeds of the packets. So this would be kind of a "souped up" version of our current email remailer network, with vastly greater bandwidths and switching speeds. Another possibility with connection-based communications would be Chaum's DC-Nets. These are networks where message source cannot be determined. They do face potentially severe costs in terms of bandwidth, though, depending on how much anonymity you get. As both mixes and dcnets have bandwidth costs, I wonder if it is provable that anonymity implies such costs. > Can anyone give me an estimate of when truly anonymous video conferencing > will become possible? This is not just to help me make the point, but > I'm really wondering. > > Wei Dai I think it may be more useful rather than speaking of "true" anonymity to think of factor-of-N anonymity. This reflects the bandwidth costs. I would guess that, if you have a packet-based video converencing system, that today you could probably get factor-of-2 anonymity with custom hardware, and perhaps even more than that. One other point I would make, based on Wei's original post, is that no doubt anonymity does exact some costs. However this does not mean that it is uncompetitive. It also may have, in some circumstances, advantages. People may be more frank and critical when they are shielded by anonymity. I've read articles about companies which introduce electornic "suggestion boxes" where people can post anonymously, and upper management is often shocked at the results. It is too early to judge how much of a net benefit or harm anonymity will be in general. Furthermore, it is likely that the net advantage will differ depending on the business or organization. At one extreme, a group working with illegal or restricted technology would probably benefit more from anonymity. I think it was Keith Henson who posted a story here a couple of years ago that he was working on, involving some kind of underground protest group which organized itself using crypto anonymity. So it is really not a question of whether anonymity is good or bad, but rather whether its costs outweigh its advantages in a particular situation. Hal Finney hfinney@shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLw8c9xnMLJtOy9MBAQFZBgH/R1c3FLHECJiEHDoUl/gUPaBIVzd3kvVz Uv2jqFwJxSFQjnrb1wtGT7vLjNOOXJ7uYpBNJU+ZfPSKOvPgGFD8yQ== =+6iw -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cjl Date: Sat, 7 Jan 95 12:18:49 PST To: Oren Tanay Subject: Re: pgp shells for windows.... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Oren Tanay wrote: [PGP Windoze front-end request. . .] In response to a similar question a wiser head than mine suggested looking in ftp to unix.hensa.ac.uk/pub/uunet/pub/security/virus/crypt/pgp/shells C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Greg Broiles Date: Sat, 7 Jan 95 15:45:24 PST To: cypherpunks@toad.com Subject: Anonymity and cost Message-ID: <199501072330.AA30350@ideath.goldenbear.com> MIME-Version: 1.0 Content-Type: text -----BEGIN PGP SIGNED MESSAGE----- Wei Dai writes: > Anonymous e-mail that goes through a chain of N remailers will cost at > least N times as much bandwidth and have N times as much latency as normal > e-mail. But e-mail is hardly the state-of-the-art of network > communication, while anonymous e-mail IS the state of the art for > anonymous communication. How long will it take for the technology of > anonymous video conferencing to develope, for example? By then, of > course, those who are not concerned with anonymity will probably have > things such as full sensory virtual interaction. At a very basic level, anonymous (not pseudonymous, like the remailers are) messages are *cheaper*, because they carry less information; they do not need to send the bits which identify the sender. This conversation seems to elide distinctions between low-level anonymity (where source information is simply not transmitted) and high-level anonymity, where source information is transmitted but is not used for social or political reasons. Anonymous remailers are considered "anonymous" because (some of us) agree that we won't treat the "From:" line as indicating the real author of the text below. We agree this because we know how remailers work; we know that (probably) the person who wrote the message isn't the same person as the owner of the "From:" address. When we say a message is "anonymous" we mean that its real author should not/cannot be connected with the text of the message. We could just as easily agree on an "Identify-Author:" header field by which authors could indicate whether or not they wished to be speaking "on the record" when they wrote the message. A multi-hop message where the "From:" line changes with each hop costs almost precisely what a multi-hop message would cost without the "From:" line changes. Folks feeling detail-oriented can calculate the cost of the CPU time to strip header information vs. the cost of sending that header information to the next hop. I don't care about the answer, so I'm not going to. Anonymous video conferencing is available now; go to Kinko's, pay cash for the use of their video conference room. Or, ask/convince the recipient to consider the conversation "off the record". Current remailer operators experience a cost in that they receive some amount of hassle and exposure to liability by running remailers; but this is merely a "cost" shifted from one person (the author) to another, the surrogate author. This may look like a cost of anonymity but it's more accurately described as the cost of being provocative or rude or illegal. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw8j133YhjZY3fMNAQGB5QP9HCgA2QiHLPVupVgOeU/Tez5SH8Ie3ch3 nSJreSYl3a97blPr/aI1Yx577EQuCwrHoyZKWWpVc/8u728i10gTbJPbavzpDBOw i3JawSt4+d/tMWBfLzYHzdrVALIcTZeGnmLLbfgzWzzC8NUDsDG/ppDB7sDq2ktf NiwvDeQzoYk= =oU42 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 15:38:25 PST To: jsled@free.org (Josh Michael Sled) Subject: Don't Say Anything More in Public! In-Reply-To: <199501072319.RAA03833@squeaky.free.org> Message-ID: <199501072338.PAA04770@netcom4.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Josh Michael Sled wrote: ... > The idea of the Chinese Lottery seemed to be rather far fetched in my > first few readings, but then I came across the discussion of the new > Emergency Broadcast System. > > This may just be an unfair helping of paranoia, but the system seems > to be a perfect distribution system for a Chinese Lottery-like > keychecking or cracking system. Even though the public can turn off the > broadcast, the signal will still be sent. The chips may even be > government-regulated... available only from the government so no one can > tamper with the signal and use this system for their own > information-disemination needs (*ahem* Political agendas *ahem* > re-election ads). They might even encrypt the signals, for a touch of > irony. Anyone find fault in this? Josh, I'm sending this note to you privately--please don't comment anymore in public on this! You could be undermining national insecurity by revealing this system! More than just key-crackers are included in the Emergency Broadcast System boxes. In addition, the red LED acts just as the LEDs on cable set-top boxes act, namely, as an infrared sensor. These LEDs can count the numbers of citizen-units in the same room as the unit, and can of course even detect the thermal signature of drug abuser (flushed skin, dilated eyes, etc.). The key-cracking functions are only incidental. In fact, they may not even be cost-effective. I was told last year by the NSA's A.U.N.T.I.E. (Authorization Unit for Non-Terminal Industrial Enterprises) group that the real key-cracking crunch is contained in the *Clipper* phones, which of course have crypto modules and can do all the right calculations. They can also occasionally dial the Clipper phone ("Sorry, wrong number.") and check on the progress of calculations. Mysterious phone calls in the middle of the night should rightly worry folks--it may mean your number's up. But don't discuss this on the list! If you do, she'll have us killed. (And don't call her Dotty!) --Klaus! von Future Prime, being channelled by Carol Moore^H^H^H^H^HAnne Braddock From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 16:18:40 PST To: greg@ideath.goldenbear.com (Greg Broiles) Subject: Re: Anonymity and cost In-Reply-To: <199501072330.AA30350@ideath.goldenbear.com> Message-ID: <199501080018.QAA11241@netcom4.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Greg Broiles wrote: > At a very basic level, anonymous (not pseudonymous, like the remailers > are) messages are *cheaper*, because they carry less information; they > do not need to send the bits which identify the sender. I think the meaning of "anonymous" here is clearly with respect to _traffic analysis_. The "cost of anonymity" is with respect to the costs and delays of using digital mixes (remailers)). The relatively few bytes of header information don't affect the cost in any substantive way. > This conversation seems to elide distinctions between low-level > anonymity (where source information is simply not transmitted) and > high-level anonymity, where source information is transmitted but is > not used for social or political reasons. Again, traffic analysis is the issue. (And I don't necessarily mean NSA-type traffic analysis...Net-savvy investigators can trace messages back to origins even when a message is ostensibly anonymous. So far as I know, some form of mix/remailer is needed to ensure anonymity.))0 > A multi-hop message where the "From:" line changes with each hop > costs almost precisely what a multi-hop message would cost without > the "From:" line changes. Folks feeling detail-oriented can calculate > the cost of the CPU time to strip header information vs. the cost of > sending that header information to the next hop. I don't care about > the answer, so I'm not going to. ??? This is not the "cost" that is being discussed. Stripping or changing headers is a trivial cost compared to the latency delays that may result when mix reordering is done (how much latency is involved is a function of several things, including reordering desired ("N"), amount of other traffic). > Anonymous video conferencing is available now; go to Kinko's, pay > cash for the use of their video conference room. Or, ask/convince > the recipient to consider the conversation "off the record". Neither of these kinds of "anonymity" are cryptographically interesting, or strong. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Sat, 7 Jan 95 16:37:54 PST To: "Timothy C. May" Subject: Re: Latency, bandwidth, and anonymity In-Reply-To: <199501072258.OAA28744@netcom4.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Timothy C. May wrote: > The tradeoffs are best analyzed with an actual mathematical model of > nodes, traffic rates, clumping of traffic, etc., rather than our > hand-waving here (hand-waving is OK for broad conceptual points, but > not in cases like this). Are there any theoritical tools developed especially for this type of analysis? If so, can anyone provide some references? > I'll be interested in what others calculate, but I think "conversation > mixes" are several years off, at best. The upcoming demo of Voice PGP > by Phil Zimmermann (scheduled to appear at the Demo Day meeting next > Saturday) may be a step in this direction. Secrecy will of course have to come before anonymity. I am eagerly awaiting Voice PGP, but unfortuanately can't make the Demo Day meeting. Will someone please report the highlights? > In other words, there are economic as well as technologic reasons I > doubt we'll see low-latency, high-bandwidth audio or video remailers > anytime soon. (As we're seeing now: short messages can get through in > tens of seconds, So, the situation: high-latency, low-bandwidth e-mail remailers the goal: low-latency, high-bandwidth interactive A/V type anonymity, but this seems too far away Perhaps we can tackle the problems of latency and bandwidth seperately. That is, develop 2 sets of anonymity tools: 1. low-latency, low-bandwidth, for use in textual interactions such as MUD and IRC 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps anonymous TV broadcasting I'm not too familiar with DC-nets, but they can probably be used as tool set #1. (correct me if i'm wrong) How about tool set number 2? > My suspicion is that Alice and Bob cannot defeat traffic analysis > while ~10K bits per second are flowing continuously between them > (audio), at least not until _many_ subnetworks are _much_ > faster. Also, the CPU loads would be great (= costly)). Video is even > further off. Tricks to reduce bandwidth may help. Indeed, Vinge makes use of such a trick in True Names. If I remember correctly, the technology in the story includes the ability to compress full virtualy reality type interactions down to a few hundred bytes per second! (maybe is was thousands, but either way it seems unlikely) Vinge seems to be a stronger believer of compression. There is a similar technology in A Fire Upon the Deep. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Sat, 7 Jan 95 14:57:34 PST To: Carol Anne Braddock Subject: Re: Killfiles 101 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Carol Anne Braddock wrote: all responses and replys and nosensical remarks to this post can be taken off the cypherpunks list and directed to me carol, or whomever decides to respond, unless of course something productive pops out of it. > > 1. The best and only way you can be sure you're > killing a file is to turn your machine off. > Only then can you be sure it is dead. > wow, she knows about puns, cool. > 2. If you must resort to using killfiles, > (great marketer trick, make you use it > again and again, and again, like a gun) > kill "classes" of files, as opposed to > individuals, you'll get better kill ratio. > A good example is anon or wizvax users. > class of users are to vague and I fear I may kill something I want to read. I have never came toa a point where i knew all posts from such and site site or class of users was not worth my time, but I have run across dozens of individuals who I realized said nothing I wanted to waste a "d" or "n" keystroke on. > 3. Note: Killfiles are a censor's best friend! > And you'll become what you swore you wouldn't. > Bullshit, you sound like Doctress fuckin Nuetopia. Kill files are not censorship at all, do you pay attention to everythign that coems your way? Do you read every last scrap of paper people put in front of you? Do you go out and buy every fuckin perdiodical just in case there is an article in them you want, or are you intelligent enough to make judgemnets to conserve your time and sanity by not wasting your time on information resources you know will bring nothing too you. If I really wanted to censr or kill you Carol, and not simply avoid having to "d" thru a good thrity messages I don't want to read, you wouldn't be replying to this at all dear. > does your signature tell the truth nesta? Can't know everything > with a killfile! Eventually you'll kill the file that'd get you sex. So far your posts have told me nothing I didnt already know. Damn Carol, I was on your side until you started to REALLY SPAM. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Sat, 7 Jan 95 17:00:48 PST To: weidai@eskimo.com (Wei Dai) Subject: Re: Latency, bandwidth, and anonymity In-Reply-To: Message-ID: <199501080059.QAA19944@netcom10.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Wei Dai wrote: ... > Are there any theoritical tools developed especially for this type > of analysis? If so, can anyone provide some references? No, this is too small a community for such tools to exist off-the-shelf. Start with the standard mix papers, mentioned here often. Also, Hal Finney made a first stab at a more careful calculation of just how well remailer's do their job...this was about half a year ago, as I recall. > So, the situation: high-latency, low-bandwidth e-mail remailers > the goal: low-latency, high-bandwidth interactive A/V type anonymity, but > this seems too far away The goal for whom? I find IRC a waste of time, so "anonymous audivisual" is not even on my radar screen of things of interest. I think it's >10 years off. > Perhaps we can tackle the problems of latency and bandwidth seperately. > That is, develop 2 sets of anonymity tools: > 1. low-latency, low-bandwidth, for use in textual interactions such as MUD > and IRC > 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps > anonymous TV broadcasting Think market. I don't see anyone paying for this until costs drop dramatically. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Sat, 7 Jan 95 17:08:42 PST To: Hal Subject: Re: Latency Costs of Anonymity In-Reply-To: <199501072300.PAA25794@jobe.shell.portal.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Hal wrote: > This technology does sound like mixing could work pretty well to provide > anonymity. There is some price in bandwidth and latency but ATM is so > fast that probably several steps of chaining and mixing would be > possible. Naturally such mixes would have to be hardware based due to the > rapid speeds of the packets. So this would be kind of a "souped up" > version of our current email remailer network, with vastly greater > bandwidths and switching speeds. The problem here is that you'll have to do a RSA operation on EACH packet. Pretty hard on the CPU... > I think it may be more useful rather than speaking of "true" anonymity > to think of factor-of-N anonymity. This reflects the bandwidth costs. I > would guess that, if you have a packet-based video converencing system, > that today you could probably get factor-of-2 anonymity with custom > hardware, and perhaps even more than that. I'm not exactly sure what you mean by "factor-of-N". I only used "true" to distiguish it from "trivial" anonymity (such as using a pay phone). Of course, anonymity, like security, can only be relative. > One other point I would make, based on Wei's original post, is that no > doubt anonymity does exact some costs. However this does not mean that > it is uncompetitive. It also may have, in some circumstances, > advantages. People may be more frank and critical when they are shielded > by anonymity. I've read articles about companies which introduce > electornic "suggestion boxes" where people can post anonymously, and > upper management is often shocked at the results. It is too early to > judge how much of a net benefit or harm anonymity will be in general. > > Furthermore, it is likely that the net advantage will differ depending on > the business or organization. At one extreme, a group working with > illegal or restricted technology would probably benefit more from > anonymity. I think it was Keith Henson who posted a story here a couple > of years ago that he was working on, involving some kind of underground > protest group which organized itself using crypto anonymity. So it is > really not a question of whether anonymity is good or bad, but rather > whether its costs outweigh its advantages in a particular situation. This is all very true. I guess I'm just lamenting the loss of my ealier, more naive dream that one day everyone will be anonymous (read pseudonymous), and that physical and digital identities will be totally seperate. Wei Dai Who should really start signing his posts but left his key in another computer. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jsled@free.org (Josh Michael Sled) Date: Sat, 7 Jan 95 14:59:43 PST To: cypherpunks@toad.com Subject: Chinese EBS Message-ID: <199501072319.RAA03833@squeaky.free.org> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I've been reading through "Applied Cryptography," as every good boy and girl should :) and one of the concepts struck out at me recently. The idea of the Chinese Lottery seemed to be rather far fetched in my first few readings, but then I came across the discussion of the new Emergency Broadcast System. This may just be an unfair helping of paranoia, but the system seems to be a perfect distribution system for a Chinese Lottery-like keychecking or cracking system. Even though the public can turn off the broadcast, the signal will still be sent. The chips may even be government-regulated... available only from the government so no one can tamper with the signal and use this system for their own information-disemination needs (*ahem* Political agendas *ahem* re-election ads). They might even encrypt the signals, for a touch of irony. Anyone find fault in this? - -Joshua M. Sled -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLw3WJqTT29daLBKRAQFbRgP/RAhGdEmxMe4zOuLORY9rKu7VhapXen7S 6+cVOvrlOxJ2ohCmxZpXbwKY9oR6ggF1jURwb9LZEiHPfzaOOsftURxcmJUsC2db 1vkSRuBarkm6vOK+JIlLMwKzRdk9omt+TmJPD7/wI5M1jhMfLRNS+fkbEpDFtisn 0s1H2nvXdDs= =kGbJ -----END PGP SIGNATURE----- --- þ KWQ/2 1.2g NR þ "MTV get off the air!" - DKs From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Sat, 7 Jan 95 15:53:56 PST To: Cypherpunks Subject: Re: The first reply came 3 days later. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain From my present calcuations approximately 14 percent of my mail for the last two days has been form Carol Ann, this is not a small feat co9nsidering the amount of mailing I usually recieve. Perhaps if Carol would post a well thoguth out and written article on what happened, instead of posting a thousand little "me toos" and "told ya so's" and such, this wouldn't be so annoying. rough estimate of mine is that she is repsonsible for 30 some percent of the traffic on cypherpunks at this time. Worse par tis that because i recieve my mail thru a SLIP lin which is admittedly slow, I still have to recieve all noise messages thru my SLIP link before procmail can trash/delete/redirect them. SO now taking this into consideration, it seems that Carol Ann is responsible for more thruput on my SLIP link the myself, since mostly I recive mail thru it. It's a close call, me or Carol, that's counting in FTPs and WWW browing. I mean maybe I hsould charge her money now 8) i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: an172607@anon.penet.fi (duquesne duke) Date: Sat, 7 Jan 95 10:55:27 PST To: cypherpunks@toad.com Subject: cel fraud Message-ID: <9501071759.AA00953@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain Fighting Cellular Fraud, New York To Washington BEDMINSTER, NEW JERSEY, U.S.A., 1995 JAN 6 (NB) -- Bell Atlantic Mobile (BAM, parent NYSE:BEL) and NYNEX Mobile Communications (parent NYSE:NYN), two large US cellular phone carriers, are about to block automatic "roaming" service in New York City and surrounding areas. Starting January 9, BAM customers who place calls in the city will need to enter a personal identification number (PIN) issued by BAM in order to complete the call. The new policy is an antifraud measure to combat criminals who steal cellular service, BAM said. The PIN system was developed by NYNEX and is in use inside the City now, NYNEX sources said. Both firms emphasized that the new policy is no magic wand to do away with cellular fraud. However, as a BAM spokesperson told Newsbytes, the combination of restricted roaming and PIN numbers will "raise the bar again" where cellular fraud is concerned. Under the new system, the two cellular carriers will restrict calls in the greater NYC area by roaming customers from a "Fraud Protection Zone" that includes Washington, D.C.; Baltimore; Pittsburgh; and greater Philadelphia, including Delaware and southern New Jersey. BAM adopted the new measures because of increasing problems with cloning, in which a criminal picks off a cellular customer's automated phone IDs during a legitimate call and uses them to make a "clone phone." The cloned phone can be used to make calls for which the legitimate customers, not the cloners, are billed. AT&T's Steve Fleischer, speaking to Newsbytes, said such cloning operations have become such a successful criminal industry that some criminals sell the phones with 30-day guarantees. "If a number is cut off, you can bring it back to the cellular bandits and have it reprogrammed for no additional charge," he explained. "It costs the carriers around $1 million a day." He paused, then added: "It just shows how big a demand there is for wireless communications." Under the new policy, customers from inside the protected zone who want to use their phones at standard "roaming" rates in New York City must first contact BAM by dialing 211 from their cellular phone. After they provide proper identification and select a PIN code, the company deactivates the fraud zone lock-out. NYNEX spokesperson Kim Ancin told Newsbytes that customers with PIN numbers place calls as much usual by dialing the destination number and pressing the Send button. However, on protected phones, the customer then punches in the PIN number and presses Send again. Ancin explained that the PIN number goes out on a frequency different from the initial send. Cellular bandits use special equipment to pick up a legitimate phone's mobile identification number (MIN) and electronic serial number (ESN), which until now have been enough to clone a phone. However, she said, adding a PIN number on a second frequency makes cloning much more difficult. BAM said it would not activate the fraud protection lock-out in northern New Jersey, where calls to New York City are local calls. However, since customers who travel frequently into the city are at risk from cloning, the firm strongly recommended that northern New Jersey customers sign up for a PIN. Eventually, the firm said, all new customers will be required to select PINs. BAM said if a bandit does succeed in cloning a PIN-equipped phone, a customer can simply change the PIN number. Customers without PIN numbers must bring their phones back to a carrier or dealer to install a new phone number, notify business associates and friends of the number change, and modify business cards and stationery. There is no extra charge for PIN numbers, which are implemented by software at the carrier's switch, BAM's Fleischer told Newsbytes. The feature will not affect commonly used cellular services like voice mail or call waiting. Calls to 911, 611 and 411 will not require a PIN. (Craig Menefee/19950106/Press Contact: Steve Fleischer, 908-306-7539 or Brian Wood, 908-306-7508, both of BAM; Kim Ancin, 914-365-7573, or Jim Gerace, 914- 365-7712, both of NYNEX) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Sat, 7 Jan 95 18:02:18 PST To: "Timothy C. May" Subject: Re: Latency, bandwidth, and anonymity In-Reply-To: <199501080059.QAA19944@netcom10.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Timothy C. May wrote: > > Perhaps we can tackle the problems of latency and bandwidth seperately. > > That is, develop 2 sets of anonymity tools: > > 1. low-latency, low-bandwidth, for use in textual interactions such as MUD > > and IRC > > 2. high-latency, high-bandwidth, for non-interactive A/V use, perhaps > > anonymous TV broadcasting > > Think market. I don't see anyone paying for this until costs drop > dramatically. Oops, I didn't mean to exhort anyone to actually make the tools, but was just thinking about the feasibilities. (I know, "Cypherpunks write code", not "Cypherpunks convince others to write code." ;) OTOH, I DO think people with anonymity needs will pay for lower latency and/or higher bandwidth (right now probably tool set #1 will have a greater demand, given the heavy use of MUDs and IRC). In the longer term, anonymous communication is in danger of being used only by fringe groups if it falls too much behind the non-anonymous kind in terms of latency and bandwidth (and cost, I guess). Maybe ONLY drug dealers, nuclear terrorists, etc., will use anonymous remailers when full sensory virtual interaction is the must popular way for most people to communicate and remailers are still the only choice for the anonymity-conscious. By then, the remailers themselves will be in danger of being outlawed, or just close down for lack of business. > I find IRC a waste of time, so "anonymous audivisual" is not even on my > radar screen of things of interest. I think it's >10 years off. I think limited virtual interaction can be available on the Internet in 5 years (in prototype), so I sure hope anonymous A/V is not that far off. I know, I know, the market will decide... But second guessing the market can be fun and sometimes profitable. Just look at all those people trying to make money on the stock market. Sorry if I'm hammering the subject to death... Wei Dai From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Sat, 7 Jan 95 18:40:47 PST To: cypherpunks@toad.com Subject: Re: Latency Costs of Anonymity Message-ID: <199501080241.SAA13329@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- From: Wei Dai > [My idea for ATM mixes] > The problem here is that you'll have to do a RSA operation on EACH > packet. Pretty hard on the CPU... Yes, good point. It might be possible to use a stream model where the separate packets which make up a stream use the same conventional key. This allows the various packets which make up a stream to be identified as such by outsiders, but still if there are a large number of virtual streams going through the network at one time it should be possible to confuse the streams pretty well. ("I've got a crazy idea. Let's cross the streams!" -- Ghostbusters). Then you only need to do the RSA work at setup time, and you need a fast streaming cypher during the conversation. This is how the streaming-packet encryption models like IPSP or Netscape's SSL seem to work. > > I think it may be more useful rather than speaking of "true" anonymity > > to think of factor-of-N anonymity. This reflects the bandwidth costs. I > > would guess that, if you have a packet-based video converencing system, > > that today you could probably get factor-of-2 anonymity with custom > > hardware, and perhaps even more than that. > > I'm not exactly sure what you mean by "factor-of-N". I only used "true" > to distiguish it from "trivial" anonymity (such as using a pay phone). > Of course, anonymity, like security, can only be relative. By "factor-of-N" I meant anonymity where you can only pin the source of a message down to one of N possibilities. It appears to me that many of the costs will be a function of N. It will be relatively easier to cloak your source as one of say 50 possibilities than to make it any of one in a million. This is why I suggested that factor-of-2 anonymity would be the easiest. The DC-Net concept would allow two users to share a cryptographically strong pseudo-random stream, and each of them to XOR their video output with the random stream; then these modified outputs from each of them are themselves XOR'd together to produce the joint output. As long as only one sends at a time, the resulting stream is their output, but it is impossible for an outsider to determine which one is sending. The hardware requirements seem quite modest and perhaps would be adequate today even for video. > [My points about limitations on suitability of anonymity] > > This is all very true. I guess I'm just lamenting the loss of my ealier, > more naive dream that one day everyone will be anonymous (read > pseudonymous), and that physical and digital identities will be totally > seperate. I don't think we would really expect everyone to be anonymous all of the time. In our personal lives, with friends and family, it doesn't seem appropriate to expect anonymity (although my earlier quotes from Greg Bear's sci fi story suggest differently). But still I think that for people who desire it and are willing to pay the prices, anonymity would indeed be available in many or most electronic communications. So if that is your desire you should be able to achieve it. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLw9Q1xnMLJtOy9MBAQEhPwH+KSYD4KhA1HOUxqOzdb2WdMuq0i1XTFzH fKMnejTqlKVbFfEnQqfHukwKpH5nFpuN7towJ1o98aGqT1ACxbSjpQ== =2mxw -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: klp@epx.cis.umn.edu Date: Sat, 7 Jan 95 17:50:26 PST To: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Subject: Re: Carol Anne Whoever In-Reply-To: Message-ID: <0012f0f4513022117@epx.cis.umn.edu> MIME-Version: 1.0 Content-Type: text/plain According to legend, Jonathan Rochkind said: > [I'm beginning to suspect that Carol Anne, and her sysadmin too, are just > tentacles of Detweiler.] Actually (unfortunatly?) I can confirm the fact that Carol Anne, and Mike are >not< Detweiler, CA by personally knowledge, and Mike by reputation. Just thought I'd toss that out for the viewing public, and go back to my 'no comment' stance on the whole rest of the deal... -- Kevin Prigge internet: klp@epx.cis.umn.edu CIS Consultant MaBellNet: (612)626-0001 Computer & Information Services SneakerNet: 152 Lauderdale From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Sat, 7 Jan 95 19:44:19 PST To: m00012@KANGA.STCLOUD.MSUS.EDU Subject: Re: carrol( In-Reply-To: <0098A1FE.894B5380.788@KANGA.STCLOUD.MSUS.EDU> Message-ID: <199501080230.UAA00614@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text > > > What is wrong with this person? > > ban her if you can, that's my opnion. > Hi all, For what it is worth, I oppose banning in any manner, shape, or form. There is no morale or ethical justification for it. Take care. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathon Fletcher Date: Sat, 7 Jan 95 03:58:33 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: MIME-Version: 1.0 Content-Type: text/plain who cypherpunks end From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathon Fletcher Date: Sat, 7 Jan 95 04:26:04 PST To: cypherpunks@toad.com Subject: Re: your mail Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Jonathon Fletcher wrote: > who cypherpunks > end I know, I know. I'm sorry. I'll send it to the right place next time. Small slip of the qwertys -Jon -- Jonathon Fletcher, jonathon@japan.sbi.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: m00012@KANGA.STCLOUD.MSUS.EDU Date: Sat, 7 Jan 95 19:30:25 PST To: cypherpunks@toad.com Subject: carrol( Message-ID: <0098A1FE.894B5380.788@KANGA.STCLOUD.MSUS.EDU> MIME-Version: 1.0 Content-Type: text/plain What is wrong with this person? ban her if you can, that's my opnion. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mikepb@freke.lerctr.org (Michael P. Brininstool) Date: Sat, 7 Jan 95 14:09:35 PST Subject: Re: SAN FRANCISCO EDITORIAL In-Reply-To: Message-ID: <1995Jan7.134217.22470@freke.lerctr.org> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article sandfort@crl.com (Sandy Sandfort) writes: >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >C'punks, > >Here is a guest editorial that ran in Monday's SF Chronicle. It >should make your blood boil. Is anyone going to write rebuttals? Would the SF Chronicle print them? As I read this, I only saw the following propaganda: > ANARCHY, CHAOS ON THE INTERNET MUST END in Cyberspace, there is not much order. It is governed by no one. ... being left to the equivalent of mob rule. the need for firm direction is all too obvious. ... unregulated broadcasting ..., sexual harassment, profanity, defamation, forgery and fraud ... secretiveness is why abuse is easy. problems are further exacerbated by Anonymous Server, which launders computer messages, like money is laundered. ... difficulties in commercialization. turf war rages between factions ... attacks on business people ... vandalism, persist uncontrolled. Worst of all are the ``canceller robots,'' ... the communications the hackers wish to silence. vigilantes routinely challenge free speech unabated ... access providers, assume the role of censors, arbitrarily closing accounts of those whom they disapprove. one obvious way to bring much needed order, is through diplomacy. The United States should lead in this. ... urge the Finnish government to deactivate the Anonymous Server. establish a standard of recognizing laws existing at the point of origin as controlling the message sender. When conflicts arise, governmental diplomacy should again be the answer, just as it is with other trade and communications issues. Next, laws already regulating behavior in the real world should be applied in Cyberspace. The Supreme Court should act ... stating that crime is crime, even when the criminal instrument is a computer keyboard. legislation should be passed making access providers common carriers. This will get them and under the guiding hand of the FCC ... People need safety and order in Cyberspace just as they do in their homes and on the streets. The current state makes it clear that anarchy isn't working. If governments don't bring order, chaos may soon dictate. !@&^%&^!%@&$^%&^@%$&^!@$ I wish I could write worth beans. I have never been publish in any newspaper, anywhere. They never like my rebuttals. I guess I get too rabid when I write. - ---------------------------------------------------------| | #include "std/disclaimer.h" Michael P. Brininstool | | mikepb@freke.lerctr.org OR mikepb@netcom.com | |--------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.9 alpha I - BACK UP YOUR KEYRING BEFORE USE iQCVAgUBLw8KT1gtYer4uLCdAQFLnQP/ZxwEsLtssYkk7F58v/ITcj9dx/Utyl4m RzIdsgdg98h0c0WzDsXm2ZxKOK7rcucSMx+UF94jc0qVyTLk3T13Hm1n86WRJHSL 6vDdKiKP50WqjHg+1cBSMs9DOer/Q2wOCznMPK8LobYLII43YY2cvWhCt8JSC8o+ QpVkdv7IRqA= =b3pW -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Sat, 7 Jan 95 22:13:50 PST To: Carol Anne Braddock Subject: Re: From me to me to you...The Actual Article In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain The world is full of self important assholes. You will go mad trying to deal with people like him. Life is too short. From time to time post messages belittling him and his service, and get on with a new service. If you find a reasonably priced 28KB SLIP connection let me know. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Sat, 7 Jan 95 22:23:30 PST To: Carol Anne Braddock Subject: Re: Big vs Little providers (punkette view) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sat, 7 Jan 1995, Carol Anne Braddock wrote: > Yes, at Netcom, I can now probably get much further, much faster. > No I wouldn't subject myself or anyone to Winternet. But I wouldn't > subject a newbie to Netcom either. I did it once and was sorry, too. Actually you cannot. No web pages, and their ftp is really bad. I put my web stuff on http://nw.com/jamesd/ Cheap, good bandwidth, but I have trouble getting usage statistics. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: storm@marlin.ssnet.com (Don Melvin) Date: Sun, 8 Jan 95 13:24:19 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse In-Reply-To: <199501070554.VAA14679@netcom9.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I'm joining this a bit late, but if you take the concept proposed earlier about sticking a remailer stamp on each encrypted envelope and that stamp being removed by the remailer, each remailer will get paid for handling the message. The anonymity (assuming an FV-type postage sale) can be restored by having one or more trusted postage exchanges. You buy a hundred stamps, send them to the exchange, and get back ninety-nine stamps from a pool. You now have a valid remailer stamp that does not have a link to you. Of course, to keep the purchasers honest, the stamps should probably be send from the purchase point (FV in this example). And there would also have to be a fast clearing house so stamps can't be reused/copies. - -- America - a country so rich and so strong we can reward the lazy and punish the productive and still survive (so far) Don Melvin storm@ssnet.com finger for PGP key. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw9nAmvyi8p8VUiJAQHAsAQAj+hPIqS8lKFgRSr+m/aqrDp96W/ZTAw6 icQoAserp1gdWeOOaYKVZOgFA4Fn4BRM1ghs6mKO9nInVqJf9rCLpPhRCQ7ABPUi lR9mHq4ib4wA7cWzpraXy+Bf6eht0DaPHO8aUFW1Hz8wDGLjtamzrknjhnUGyS1Z LaKifu4R2o8= =NXlf -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: m00012@KANGA.STCLOUD.MSUS.EDU Date: Sat, 7 Jan 95 21:17:19 PST To: nelson@crynwr.com Subject: Re: carrol( Message-ID: <0098A20D.79070F00.2@KANGA.STCLOUD.MSUS.EDU> MIME-Version: 1.0 Content-Type: text/plain I would put her in my killfile, but I don't know if vms has a kill file capibility. I use my unix accounts for important email, and do not want to have to sift through the volume I get from the cypherpunks. Otherwise, given that the percentage of interesting posts is going down as a result of carrolann (and perhaps me too now), I think having an elite group capable of banning certain people is perfectly ethical. mike From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Sat, 7 Jan 95 20:19:31 PST To: m00012@KANGA.STCLOUD.MSUS.EDU Subject: Re: carrol( In-Reply-To: <0098A1FE.894B5380.788@KANGA.STCLOUD.MSUS.EDU> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Date: Sat, 07 Jan 1995 21:31:45 CST From: m00012@KANGA.STCLOUD.MSUS.EDU What is wrong with this person? ban her if you can, that's my opnion. Gee, I don't know what everyone is complaining about, because I have: if (from = "carolann@mm.com") then delete in my ~/.elm/filter-rules file. I highly encourage everyone to have their own mail filters, because then you don't have to convince anyone to ban anyone, you just do your own banning. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Sat, 7 Jan 95 20:53:29 PST To: "L. Todd Masco" MIME-Version: 1.0 Content-Type: text/plain At 01:16 AM 1/7/95 -0500, L. Todd Masco wrote: >You might want to try reading it from NNTP, via c2.org or hks.net. You >can then use Kill files. At that point, isn't the mailing list simply becoming a newsgroup? For that matter, is there some reason that escapes me why it ISN'T a newsgroup? I suppose the proportion of net.kooks is higher in a newsgroup than a mailing list, but arguably we're ALL net.kooks here. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Sat, 7 Jan 95 20:53:49 PST To: Carol Anne Braddock Subject: Re: Soapbox mode on!(but short) Message-ID: <9501080445.AB23191@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 01:22 AM 1/7/95, Carol Anne Braddock wrote: >Dear Paul J. Ste. Marie, > >I was quietly going through my mail after an eight hour layoff. >The first thing you do is lie. > >I have called you a liar. Point Blank! > >And for the honor of this very list, so that there is some >credibility, I shall retrieve from a tin reader the actual >posting, COMPLETE WITH HEADER. Interesting. You did retrieve the message I posted, but not the article from alt.current-events.net-abuse. If you want to call me a liar, that's fine, but post something with some relevance. I'm not in the habit of scanning the news hierarchy for spam, and I'm perfectly willing to believe you stopped after ten groups, but that isn't what I recalled seeing in a.c-e.n-a. I could be remebering things wrong, but if that is the case, kindly post something that actually shows the discussion in a.c-e.n-a was otherwise. >And what makes creeps like you going is the ability to continue, >to spread those lies. And now you're sounding like Martha Siegel. My words were: >> The discussion on alt.current-events.net-abuse seemed to indicate that the ^^^^^^^^^^^^^^^^^^ >> claim of "Just 10" above is a slight understandment. The newsgroups seem to >> have been hit alphabetically, and I believe the total count was in the >> hundreds. Am I rememebering a.c-e.n-a inaccurately, or have you simply decided not to rebut anything in the forum in which it was presented? All I suggested is that your account bore checking out before people leaped to your defense. An unwillingness to have your story verified speaks for itself. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Dave Harvey Date: Sat, 7 Jan 95 20:52:02 PST To: Russell Nelson Subject: Re: carrol( In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Could you tell me how to do this with Pine? I would love to know how. Regards, Dave > Gee, I don't know what everyone is complaining about, because I have: > > if (from = "carolann@mm.com") then delete > > in my ~/.elm/filter-rules file. I highly encourage everyone to have > their own mail filters, because then you don't have to convince anyone > to ban anyone, you just do your own banning. ___ /\ PGP the Cutting Edge of Privacy. /vvvvvvvvvvvv \-----------------------------------\ | WARRIOR ( | PGP Key Id 0XC554E447D > Magnus Frater Videt Tu `^^^^^^^^^^^^ /===================================/ \/ Finger for PGP 2.6.2 public Key. PGP Fingerprint 15 99 09 6D 11 C8 7C E0 08 C7 E6 95 46 65 FE F0 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Dave M. Harvey warrior@infinet.com| | PO Box 151311 dharvey@freenet.columbus.oh.us| | Columbus, OH 43215-8311 fm063@cleveland.freenet.edu| =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: lcottrell@popmail.ucsd.edu (Lance Cottrell) Date: Sun, 8 Jan 95 00:08:15 PST To: cypherpunks@toad.com Subject: Re: Remailer Abuse Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- > >See above. What's the difference between A-->B-->C-->B and A-->B-->C-->D ? >If someone is logging messages and routing, it's less secure, but then so is >the entire remailer system. Prime remailer operators are those who don't >log. > >Maybe message size would tip off snoopers. This can be overcome with minor >tweaking to existing remailer code by tacking on or or eliminating padding >to messages. But logging still makes the whole system extremely vulnerable. > >=D.C. Williams > Message size can best be handled by using a remailer which uses messages which never change size. Mixmaster is now ready for testing. It still does not run on Linux or FreeBSD. I don't know what else it does run on. It works great on Sun machines with gcc. Since it is export restricted, send me mail and I will send you the name of the hidden directory to get the file. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLw+btVVkk3dax7hlAQFW/QP9GZAIODaKt/VYsDGWUExiY4NUapvnQpZ/ FWtucyqX+4v9JnJv318PaKEs5xqHMcqtdq0fGZn6qNe1k5MbSVBb5wzfclMQm3LY J7b3qv8zymedXpcmM2hm6bCnbpJkRivIjJTCDmg2yMKRH1Uv+Le5eN2haRxw3d76 e51KLqZJbh4= =BKtC -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki@nately.ucsd.edu PGP 2.6 key available by finger or server. Encrypted mail welcome. Home page http://nately.ucsd.edu/~loki/ Home of "chain" the remailer chaining script. For anon remailer info, mail remailer@nately.ucsd.edu Subject: remailer-help "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rah@shipwright.com (Robert Hettinga) Date: Sat, 7 Jan 95 21:35:12 PST To: cypherpunks@toad.com Subject: cipher magazine Message-ID: MIME-Version: 1.0 Content-Type: text/plain Someone just gave me this URL. It's probably in the cyphernomicon already, but I had fun rooting around in here and thought I'd pass it around to those who haven't seen it yet. http://www.itd.nrl.navy.mil:80/ITD/5540/ieee/cipher/ Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Nelson Date: Sat, 7 Jan 95 21:43:02 PST To: cyper punk Subject: how to subscribe Message-ID: MIME-Version: 1.0 Content-Type: text/plain can someone please mail me where to post to get subscribed Jonathan Nelson a015880t@bcfreenet.seflin.lib.fl.us From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mkj@october.ducktown.org Date: Sat, 7 Jan 95 23:42:50 PST To: cypherpunks@toad.com Subject: The Value of Anonymity Message-ID: <199501080700.CAA00298@october.ducktown.org> MIME-Version: 1.0 Content-Type: text -----BEGIN PGP SIGNED MESSAGE----- The value of anonymity, both on the nets and off, seems to be poorly understood, even among its strongest defenders. The positive value of anonymity is not merely about protecting a few special groups such as sexual-abuse victims and whistleblowers. While these are certainly valuable uses, if I believed that anonymity's positive impact were limited to these outside-the-mainstream groups, then I probably wouldn't accept the benefits of anonymity as outweighing its costs. But in fact, I believe that anonymity has crucially important benefits for nearly everyone. There are several good arguments to be made, but in the interest of brevity I'll focus on only one: The explosive development of such personal data industries as targeted marketing and consumer and demographic profiling, have demonstrated that the business community considers personal data to be of great economic value. (There's a parallel observation to be made here about governments, but I won't go into that now.) There are also myriad uses being made of personal data throughout the professions, from labor negotiators to house burglars. It is something of a truism that anyone who knows enough about you can probably find a way to beat you, either legally or illegally, often at great profit to themselves. In an information-age society without extremely strong privacy protections, the chief factor which makes the difference between winners and losers may be how much information each of us has on others, and how much they have on us. Given this degree of economic and social motivation, it is easy to imagine the sort of panopticon which will soon arise on the Internet (and its descendants), unless the strongest possible protections are adopted. (And it is equally easy to imagine who the biggest winners and losers will be.) Relying on government to protect personal privacy is like appointing the fox to guard the henhouse (or, as I seem to recall John Perry Barlow once putting it, "... getting a peeping tom to install your window blinds," or something like that). In addition to the government's own motivations for eroding privacy, all the above economic considerations enter into government through lobbying, desires to maximize tax revenues, fund-raising considerations, and a whole raft of other avenues. Furthermore, the only tools which government could bring to bear would be a complex web of laws and regulations governing the circulation of personal data. Such laws and regulations would have to constantly shift in a never ending cat-and-mouse game with business; and what's more, many of these laws and regulations would necessarily conflict with the free speech rights of private organizations. Bottom line: Anonymity is the only available tool which puts control over my own privacy firmly into my own hands, where it belongs, and does so without infringing on anyone's freedom of speech. Certainly there are drawbacks, and anonymity may invite some abuses; but we have survived anonymity's problems in the past, and 'tis better to suffer in the hell we know than to be dragged into a new and hotter one. The only society without any crime is a society without any freedom. My ($.02) conclusion: For preserving meaningful privacy, and for preventing an ugly and probably irreversible transformation of our world, anonymity is the best, perhaps the only viable tool we have. --- mkj -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLw+MZF11Wd4tm8clAQHC3QP8DrxVrUAUM+UKKeKzosFmCXGLkuwJYGDS nE+pFEFIDC8cq7/35h99oIrCszmnkIjwso8PhwlwqRzuxFTZPMI3XuK5wt95tJCL 6Iy2oQ7wjCv+xnL2QjdAGNl68WD0ZhmPv9Q62cvWYjzRXnQJJF7dZiES5l14/NM2 Ij4rLh8AdEo= =OGBF -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: carolb Date: Sun, 8 Jan 95 03:15:57 PST To: mkj@october.ducktown.org Subject: Re: The Value of Anonymity In-Reply-To: <199501080700.CAA00298@october.ducktown.org> Message-ID: MIME-Version: 1.0 Content-Type: text/plain No, sometimes you don't learn till you've made a mistake. As you could see I hurt really badly yesterday. And now, so I can occupy myself quietly for a few days, are there some good files to read so I can understand, and become a good remailer? RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb@spring.com carolann@mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM On Sun, 8 Jan 1995 mkj@october.ducktown.org wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > The value of anonymity, both on the nets and off, seems to be poorly > understood, even among its strongest defenders. The positive value of > anonymity is not merely about protecting a few special groups such as > sexual-abuse victims and whistleblowers. While these are certainly > valuable uses, if I believed that anonymity's positive impact were > limited to these outside-the-mainstream groups, then I probably > wouldn't accept the benefits of anonymity as outweighing its costs. > > But in fact, I believe that anonymity has crucially important benefits > for nearly everyone. There are several good arguments to be made, but > in the interest of brevity I'll focus on only one: > > The explosive development of such personal data industries as targeted > marketing and consumer and demographic profiling, have demonstrated > that the business community considers personal data to be of great > economic value. (There's a parallel observation to be made here about > governments, but I won't go into that now.) There are also myriad > uses being made of personal data throughout the professions, from > labor negotiators to house burglars. It is something of a truism that > anyone who knows enough about you can probably find a way to beat you, > either legally or illegally, often at great profit to themselves. > > In an information-age society without extremely strong privacy > protections, the chief factor which makes the difference between > winners and losers may be how much information each of us has on > others, and how much they have on us. Given this degree of economic > and social motivation, it is easy to imagine the sort of panopticon > which will soon arise on the Internet (and its descendants), unless > the strongest possible protections are adopted. (And it is equally > easy to imagine who the biggest winners and losers will be.) > > Relying on government to protect personal privacy is like appointing > the fox to guard the henhouse (or, as I seem to recall John Perry > Barlow once putting it, "... getting a peeping tom to install your > window blinds," or something like that). In addition to the > government's own motivations for eroding privacy, all the above > economic considerations enter into government through lobbying, > desires to maximize tax revenues, fund-raising considerations, and a > whole raft of other avenues. > > Furthermore, the only tools which government could bring to bear would > be a complex web of laws and regulations governing the circulation of > personal data. Such laws and regulations would have to constantly > shift in a never ending cat-and-mouse game with business; and what's > more, many of these laws and regulations would necessarily conflict > with the free speech rights of private organizations. > > Bottom line: Anonymity is the only available tool which puts control > over my own privacy firmly into my own hands, where it belongs, and > does so without infringing on anyone's freedom of speech. Certainly > there are drawbacks, and anonymity may invite some abuses; but we have > survived anonymity's problems in the past, and 'tis better to suffer > in the hell we know than to be dragged into a new and hotter one. The > only society without any crime is a society without any freedom. > > My ($.02) conclusion: For preserving meaningful privacy, and for > preventing an ugly and probably irreversible transformation of our > world, anonymity is the best, perhaps the only viable tool we have. > > --- mkj > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBLw+MZF11Wd4tm8clAQHC3QP8DrxVrUAUM+UKKeKzosFmCXGLkuwJYGDS > nE+pFEFIDC8cq7/35h99oIrCszmnkIjwso8PhwlwqRzuxFTZPMI3XuK5wt95tJCL > 6Iy2oQ7wjCv+xnL2QjdAGNl68WD0ZhmPv9Q62cvWYjzRXnQJJF7dZiES5l14/NM2 > Ij4rLh8AdEo= > =OGBF > -----END PGP SIGNATURE----- > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Sun, 8 Jan 95 09:41:01 PST To: cypherpunks@toad.com Subject: Re: The Value of Anonymity Message-ID: <199501081741.JAA05815@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- From: mkj@october.ducktown.org > The value of anonymity, both on the nets and off, seems to be poorly > understood, even among its strongest defenders. The positive value of > anonymity is not merely about protecting a few special groups such as > sexual-abuse victims and whistleblowers. While these are certainly > valuable uses, if I believed that anonymity's positive impact were > limited to these outside-the-mainstream groups, then I probably > wouldn't accept the benefits of anonymity as outweighing its costs. These are good points. However I think your presentation is a little too oriented towards the libertarian perspective of distrusting government, and also comes off sounding harshly competitive: > It is something of a truism that > anyone who knows enough about you can probably find a way to beat you, > either legally or illegally, often at great profit to themselves. > > In an information-age society without extremely strong privacy > protections, the chief factor which makes the difference between > winners and losers may be how much information each of us has on > others, and how much they have on us. I think most people don't think so much in terms of winners and losers, of beating and being beaten. Rather, I think it will be more acceptable to couch the issue in simple privacy terms. People do value their privacy. I don't think you have to overly justify the value of privacy. A few examples of how little privacy people could actually have in a non-anonymous network of the future should suffice to establish motivation IMO. > Given this degree of economic > and social motivation, it is easy to imagine the sort of panopticon > which will soon arise on the Internet (and its descendants), unless > the strongest possible protections are adopted. I like this phrase! It nicely connotes the transparency of the nets. > Relying on government to protect personal privacy is like appointing > the fox to guard the henhouse (or, as I seem to recall John Perry > Barlow once putting it, "... getting a peeping tom to install your > window blinds," or something like that). In addition to the > government's own motivations for eroding privacy, all the above > economic considerations enter into government through lobbying, > desires to maximize tax revenues, fund-raising considerations, and a > whole raft of other avenues. This is where I think you are getting too libertarian for a broad audience. Also, this wording invites the reader to assume that anonymity will lead to tax avoidance and evading laws. Most people feel that they are paying their own taxes, and if others avoid them then it just increases the burden on themselves. So except to certain selected groups I would avoid playing this angle up. I think your next argument will have wider appeal: > Furthermore, the only tools which government could bring to bear would > be a complex web of laws and regulations governing the circulation of > personal data. Such laws and regulations would have to constantly > shift in a never ending cat-and-mouse game with business; and what's > more, many of these laws and regulations would necessarily conflict > with the free speech rights of private organizations. Be aware that this is in fact the "mainstream" solution to the problem. There was some discussion on comp.org.eff.talk of some kind of committee headed by EFF board member Esther Dyson which issued a statement on privacy protection in the nets. They issued the by-now traditional call for laws along the lines of "information collected for one purpose cannot be used for another purposes". Like, VISA can't sell data on your spending patterns, at least not without telling you. Nobody criticized this point; even the relatively net-aware civil liberties types mostly explicitly endorsed this provision. Laws like this are apparently already in place in Europe. So the momentum is in exactly this direction. I think your arguments are good ones; the government would undoubtedly exempt itself from such rules (the IRS is already starting to use dataveillance and matching to look for discrepencies between tax returns and spending patterns), plus such provisions would seem to require a labyrinth of exceptions, special cases, etc. Eventually I could see laws telling exactly what a business can and cannot do with the names of people who phone or net in for information; yes, they can be kept on a list for up to 6 months and sent additional promotional literature, except that the business must require standard form 11832 to allow the customer to get his name off the list, which must be handled within 5 working days for businesses with more than 100 employees, etc., etc. You could have volumes of this kind of stuff. I think Tim wrote some essays a long time back pointing out the absurdity of this approach, especially if you tried to apply it to private individuals. > Bottom line: Anonymity is the only available tool which puts control > over my own privacy firmly into my own hands, where it belongs, and > does so without infringing on anyone's freedom of speech. Certainly > there are drawbacks, and anonymity may invite some abuses; but we have > survived anonymity's problems in the past, and 'tis better to suffer > in the hell we know than to be dragged into a new and hotter one. The > only society without any crime is a society without any freedom. > > My ($.02) conclusion: For preserving meaningful privacy, and for > preventing an ugly and probably irreversible transformation of our > world, anonymity is the best, perhaps the only viable tool we have. That's a good summary. This is definately an uphill battle, though. I see no significant standards body or organization of influence (except for CPs, to the extent that we have any influence) which is moving in this direction. Add to this the costs of anonymity as Wei has been discussing and it really isn't clear how to proceed. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLxAj1xnMLJtOy9MBAQGujQIAqooWk8OsbJzbAGpxIP+EYnPJM0kA7Ojm /3i04Odoq/YZEH1Fv81/RbwsDahe+AGtmqU+VQ1KpjUTJuPfNKJ4dQ== =w/FH -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Greg Broiles Date: Sun, 8 Jan 95 11:29:40 PST To: tcmay@netcom.com (Timothy C. May) Subject: Re: Anonymity and cost In-Reply-To: <199501080018.QAA11241@netcom4.netcom.com> Message-ID: <199501081921.AA00714@ideath.goldenbear.com> MIME-Version: 1.0 Content-Type: text -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: > > At a very basic level, anonymous (not pseudonymous, like the remailers > > are) messages are *cheaper*, because they carry less information; they > > do not need to send the bits which identify the sender. > I think the meaning of "anonymous" here is clearly with respect to > _traffic analysis_. The "cost of anonymity" is with respect to the > costs and delays of using digital mixes (remailers)). I don't think it's useful to redefine "anonymous" to include some messages which identify the author, and to exclude some messages which do not identify the author. Then again, I'm not sure it's useful to play Language Cop, either. But count mine as a voice in favor of describing accurately what's being discussed. (Perhaps messages which defy traffic analysis might be called "untraceable" but not "anonymous", unless they also do not identify an author.) > > Anonymous video conferencing is available now; go to Kinko's, pay > > cash for the use of their video conference room. Or, ask/convince > > the recipient to consider the conversation "off the record". > Neither of these kinds of "anonymity" are cryptographically > interesting, or strong. I agree. I fear I've been influenced by some of the authors on that Cypher[something] list who've recently argued persausively in favor of applying technology appropriate to local conditions; e.g., not wasting time on the techno-gadget-of-the-month when more pedestrian but functional means are available. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxA7I33YhjZY3fMNAQGIQAQAqzEU6ru3/9/ScfHCZ6DnVK8bDewPVrg2 LAAZpVWuxfAW0W1oJ7NSXxrMmrIEX7MJetrpzlb+D5A1JuOVdtJ8gUwMxCRIMOeI LU78Q/MuSp1oWbPEARDJ6JLZztU3Zs0bQH13kTY1tSZaZlQWj/cmWKUrmis4ZRkE +px7kuMB8lg= =Ty1L -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Todd Masco" Date: Sun, 8 Jan 95 11:54:15 PST To: cypherpunks@toad.com Subject: Re: Too Much! Message-ID: <199501081959.OAA21945@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Paul J. Ste. Marie writes: > At 01:16 AM 1/7/95 -0500, L. Todd Masco wrote: > >You might want to try reading it from NNTP, via c2.org or hks.net. You > >can then use Kill files. > > At that point, isn't the mailing list simply becoming a newsgroup? For that > matter, is there some reason that escapes me why it ISN'T a newsgroup? I > suppose the proportion of net.kooks is higher in a newsgroup than a mailing > list, but arguably we're ALL net.kooks here. Not really, not until a huge number of hosts carry it as a newsgroup. As for why cypherpunks isn't a newsgroup... IMO, it would end up carrying too much traffic and be way too high profile. As is, the people who really want to find it will and a hordes of riff-raff (not all, mind you) are less likely to bother with it. -- Todd - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxBD/yoZzwIn1bdtAQHMrAF8ChmS332TabEbGslXsxzOLqIHEBOnJBYs KIdzflR9PJWsYuNJBH6LrHtBWK/q7ejP =T4k6 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Erik Selberg Date: Sun, 8 Jan 95 19:17:30 PST To: Cypherpunks@toad.com Subject: Re: From me to me to you...The Actual Article Message-ID: <199501090318.TAA14113@meitner.cs.washington.edu> MIME-Version: 1.0 Content-Type: text/plain Carol Anne Braddock writes: > This is the article, and what I did with it. It is complete in it's > entireity, from the bang paths, to the crosspostings. Please study them > Now, the article, > Date: Sat, 7 Jan 1995 01:26:26 -0600 > From: Carol Anne Braddock > To: carolann@vortex.mm.com > Newsgroups: soc.support.transgendered, alt.transgendered, > mn.general, alt.sex.femdom, alt.artcom, alt.sex.bondage, alt.sex, > comp.infosystems.www.users, alt.dreams.lucid, alt.dreams > Subject: (fwd) Re: Phil Zimmermann So, I don't read any of those groups, and I could be dead wrong on all of this. But I'll yap away anyway. Off the cuff, I'd say your article could be inappropriate. Granted it's a good cause, and you're not advertising for yourself but for a charity. However, charitable spam is still spam (and I'm not calling your article spam... spam lite, maybe). I understand your point about feeling a sense of community with the above groups; however, I think that massive "Please help..." postings can be just as annoying as the MAKE.MONEY.FAST postings. Erik Selberg "I get by with a little help selberg@cs.washington.edu from my friends." http://www.cs.washington.edu/homes/selberg From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Sun, 8 Jan 95 19:27:03 PST To: jRT Subject: Remailer security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 9 Jan 1995, jRT wrote: > > The thing being, say you set up an anonymous-video-or-otherwise-remailer, > you have to ensure that people don't manage to get into that as such > would obviously give away the identities of all parties. Given that > people can supposedly hack the DOD computer system, that doesn't seem so > unlikely, so are anonymous-remailers really all that safe? This is why you want to use a remailer chain instead of just one remailer. Hopefully, not all of the remailers in your chain are subverted by your enemy. (They may all be subverted, but as long as not by people who cooperate with your enemy you're still ok :-) Also, make your chains as heterogeneous as possible. That is, include remailers that use different hardware, operating systems, remailer softwares, are in different countries, are controlled by different organizations, etc., so that one security hole will not compromise your entire chain. I've kinda evaded the original question, which is about the (average?) security of the individual remailers. Does anyone have a real answer? Wei Dai PGP encrypted mail welcome. (I realize a PGP signature says this implicitely, but I left my key in another computer.) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: skaplin@mirage.skypoint.com (Samuel Kaplin) Date: Sun, 8 Jan 95 18:41:03 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme In-Reply-To: <199501021344.FAA11566@largo.remailer.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article <199501021344.FAA11566@largo.remailer.net>, you wrote: > From: skaplin@skypoint.com (Samuel Kaplin) > > I was looking at at the bigger picture. Any merchant who accepts Visa or MC > could now accept anonymous payments. No hassle at all on their part. > [...] > The key > would be not to have the card attached to the account. If the card is > attached to any type of account, then there are reporting requirements. > > Visa was talking about an electronic traveller's check, which, from > what I could tell, instantiated an account in the sum of the value of > the card purchased, which was then drawn down by purchase. The card, > evidently, had no embossing on it. Personalization was limited to > some account id which would last the lifetime of the balance and then > disappear. This is EXACTLY what I was contemplating. I really wish they would implement it. Then I can get the traveler's cheques out of my wallet. (unsigned in both spots of, course.) - -- ============================================================================== skaplin@skypoint.com | Finger skaplin@infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key@four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin@mirage.skypoint.com | outside a Roman brothel. ============================================================================== Be careful when playing under the anvil tree. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxCfB8lnXxBRSgfNAQH6yAf/RMSqUXOHouTE3qKqaU/naHO8fdr8cEKL EjAemhDQj5yVHeTz4YCT1p16CW8X+++fTXGsfZoCr7c+xxYoj/04OVC/u3UPvpJy kAtwhbZhIG7ndKk2weoxZLTnxl5TVlkYjZUrufSccUw0ZfA6h27WrZNV7jFV89dk c2xPr9oJ8dj/jwJtaNIR2KtTc9THWyxlGEIBzMn4mA1VeFz0I27uPK9RSs0M4eXb JCW/ns92Gzwslq0/3n7d4JctGXar+9cUTjowPYRXinKX7wsyoKj5nN7HrCo8D5ot W0KCfDzkn2YOGCj1CzkRkcW0wiGXI9kBXpCQVXJFlKZ6r7d5QnN0AA== =B73o -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 8 Jan 95 18:18:53 PST To: mkj@october.ducktown.org Subject: Re: The Value of Anonymity Message-ID: <9501090217.AA13075@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain Hear, hear! mkj's article on anonymity is worth reading. From my perspective, the most important thing cryptography offers us is not just the ability to have private conversations without eavesdroppers; it's the ability to change the balance of power from the centralized control and accumulation of information that computers bring back to a level where _you_ can control what happens to your personal data. Do you _like_ starting transactions by giving some big company your Social Security Number which lets them, and everyone else, know everything you've ever done, where you live, how you vote, what you buy? We can move to a society where you can give the other party as much information as they need to do business with you, without having to give them everything else, or connect this transaction to all your others. Sometimes that means giving people more detail than you give them now, usually less. Cryptography becomes the technical glue to control how much you tell somebody on each transaction, anywhere from total anonymity to deep personal information, to let you have a driver's license that says "yes this person is a safe driver" without it becoming the key to your bank account of you lose your wallet, to have voter's registration that doesn't permit fraud but doesn't require universal identification. Some good technical references are the set of papers that David Chaum published about blind signatures and anonymous credentials. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jonathan Cooper Date: Sun, 8 Jan 95 19:53:13 PST To: Dave Del Torto Subject: Vinge's _A Fire Upon the Deep_ In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain > I _WISH_ I had VV's email address! I'd like to send the guy a big thank-you > and ask if he's writing a sequel (yet). If anyone does know it, puh-LEEze > mail me. First book of his I've read, first of it's kind I've enjoyed in a > very long time. I'll scan my favorite crypto-related (legal-length) excerpt > and post it next week, howzat? Ditto that. I've enjoyed all of his works. He's one of my top three favourite SF writers of all time. Any of you who are in contact with VV have an e-mail address for him? He deserves accolades, but snailmail is too slow for my liking. -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 ) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 8 Jan 95 19:54:12 PST To: weidai@eskimo.com Subject: Re: Latency, bandwidth, and anonymity Message-ID: <9501090353.AA13655@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain My initial reaction to "Anonymous video conferencing" was "That's when you wear black ski masks and use voice scramblers and call from video payphones", i.e. not very useful. ("Subcomandata Marcos here...") On the other hand, Wei Dai's followup message about > In the longer term, anonymous communication is in danger of being used > only by fringe groups if it falls too much behind the non-anonymous kind > in terms of latency and bandwidth (and cost, I guess). Maybe ONLY drug > dealers, nuclear terrorists, etc., will use anonymous remailers when full > sensory virtual interaction is the must popular way for most people to > communicate and remailers are still the only choice for the > anonymity-conscious. puts a different spin on it. It's a real problem, if not now, then maybe in 5-10 years. I realize that those of us in the Phone Company who have predicted universal Picturephone in the past have been over-optimistic :-), but the video compression people and the faster-chip people keep bringing us closer to having good-quality low-bandwidth video, and ISDN and fast modems are bringing available loop-end bandwidth up to the point that reasonably-priced circuits can carry it. (Long-haul raw bits have been cheap enough for a while; it's the distribution and switching technology that have a lot of the cost, and providing cheap high-bandwidth circuits makes it hard to make money on voice calls.) The approaches to anonymous video conferencing will depend a bit on whether the technology takes off on the nets or the phone system, if those two are still different by then. It's easier to obscure the origins of a call on the nets, where users own large parts, than it is on the phone system, where the Phone Companies own and operate most of it; the latter environment would require Phone Remailers, such as PBXs you call into on T1 lines and get shuffled out on other circuits - it's hard to get adequate mixing except in rather large environments.... Recircuiting on the nets will be left as an excercise to the reader. I suspect the harder parts of the job may be doing the faces and voices right - anonymous voice conference bridges are ok if the participants mostly don't know each other, but they're less useful if people know each other and cops with computerized voiceprint equipment may be eavesdropping (not common now, though computers and models of the human voice are improving; I suppose voice disguisers may improve from the kid's-toy quality to something better if there's a market, or if computers with full-duplex soundcards become more common.) Faces are harder, and they're not really a crypto problem - how do you fake them well? It's not too hard to do a "quayletool" quality solution that generates moving lips in front of a static picture, even timed with an audio feed, but that won't play too well in the business world, and having the camera pointing at your calendar or home page is only semi-useful. If video-calling evolves on the nets, there'll be a lot more need for speed-matching services, and it may be that computer-enhanced video receiving for high-bandwidth users will fund the technology development for face-simulation? If so, maybe you can use it to start with fake stills instead of real ones? Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 8 Jan 95 20:49:40 PST To: dfloyd@io.com Subject: Re: Data Haven problems Message-ID: <9501090448.AA14477@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain dfloyd asks for ideas about preventing spamming in data havens, for the code that he's working on. It's a hard job. A related problem is how to prevent your data haven from becoming the porno-ftp site of the week, and either being swamped with traffic or raided by the Post Office Reactionary Neighborhood Police. One way to stop spamming is to charge sufficient money for the service that using it always pays for itself - spamming is then reduced to a source of profit, e.g. no problem. If people want to hire you to store spam, it's their money they're wasting. But that requires an anonymous digital cash infrastructure, which we don't really have yet. And it's a lot less interesting academically (:-) than finding solutions which can also work in a cooperative system, or at least a system that doesn't charge per transaction. Probably the most important step you can take is to build in operator-selectable filtering, because the problems keep changing. Operators probably need to be able to block storage and retrieval by specific users and sites (It's easier to prevent access by president@whitehouse.gov than it is to detect forged requests, and you probably want to keep both real and fake Cantor&Siegel users off, plus the bozo of the month and the broken-remailer of the day.) Some operators may find it useful to limit the amount of data that can be stored or retrieved by a specific user or site, though this is less useful with anonymous and pseudonymous remailers around, since "a specific user" becomes vaguer. Filtering by filename and type can also be useful - if you don't allow files named *.gif and *.jpg, users may be less likely to spam you with pornography. Namespace control in general is an issue - do users get to choose filenames, or list directories, or do they have to know the names of files to retrieve. Another issue is whether files can only be retrieved by the sender - probably a local policy issue. Some sites may only accept encrypted files, which reduces the spam potential considerably, as well as reducing your exposure to the porn police, though it's difficult to do anything about files that are encrypted with a public key whose private key has been posted to the net, or fake crypto headers in an otherwise unencrypted file, unless you put in lots more code to check the insides of files and watch the net for such postings, which is unrealistic. There's also the problem that PGP and especially RIPEM files are non-stealthy, and users may not want to leave even keyids in their files. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Mon, 9 Jan 95 00:04:06 PST To: "L. Todd Masco" Subject: Re: Vinge's True Email name ? In-Reply-To: <199501090729.CAA28854@bb.hks.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 9 Jan 1995, L. Todd Masco wrote: > Sigh. Please don't use this, people. I'm sure VV has no desire to > pay for oodles of mail telling him just how much people like him. Treat > it like a home phone number (of course, some people abuse home phone > numbers of famous folks...). A general hint for finding authors' e-mail addresses: figure out where he/she works from the book jacket, use WHOIS to find their domain name, and then finger them or look at their web page to see if they have an e-mail directory. (Now keep this a secret! I don't want the internet.masses to find out my e-mail address when I become rich and famous! :-) I bet Vinge has written for himself a really intelligent filter like the kind he describes in AFUtD. Of course I wouldn't want to test this. I guess this is not really related to cypherpunks, except to the general philosophy of making tools to protect oneself, instead of relying on the good will (and intelligence) of others. Wei Dai From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 8 Jan 95 21:09:23 PST To: cypherpunks@toad.com Subject: Re: Can someone verify this conjecture for me? Message-ID: <9501090508.AA14605@anchor.ho.att.com> MIME-Version: 1.0 Content-Type: text/plain > From: nelson@crynwr.com (Russell Nelson) > > It seems like it solves two separate problems: 1) foiling traffic > > analysis, and 2) foiling a cheater remailer. The problems are > > separate, really, because if you really, really trust the remailer (as > > many people do Julf), then 2) isn't a problem. All you need to do is > > solve 1. Or, you can solve 1) by using a single remailer. A > > necessary but not sufficient step to foil traffic analysis is to strip > > headers. There are a couple of advantages of chaining multiple remailers. One is that traffic analysis is an art, rather than a science, and to really foil it, you've got to know how good it is, which is hard. Long-term patterns may show up even though the traffic mixes are pretty good in the short run, and if you can spread out the remailer use and increase the traffic load, plus constantly sending encrypted traffic between remailers, it does make the job harder. If the Bad Guys can isolate their target to a few remailer users, they can often find the real one by rubber-hose or a small number of wiretaps at the user locations instead of the remailers; that's impractical if there are thousands of potential users in multiple countries across the remailer-chain. Another is that if one good trustable remailer can foil traffic analysis, then multiple remailers increases the chance that at least one of them is good. Sure, Julf's a good guy, but what if the KGB has kidnapped his grandmother, or the CIA has planted wiretaps inside his computer - will you know if it's compromised? There's also the reliability issue - what if the Finnish Phone Company decides Julf is using too much of their resources and cuts him off, or the Mafia steals one of your police-informants' remailers, or the California Public Utilities Commission declares email to be a common carrier and insists on auditing all transactions? Multiple remailer in a strongest-link chain reduce the risks. Bill From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Lou Poppler Date: Sun, 8 Jan 95 21:16:53 PST To: Jonathan Cooper Subject: Re: Vinge's True Email name ? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain I knew that old compuserve account was good for something. They list Vinge, Vernor San Diego CA 72267.2656@compuserve.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Mon, 9 Jan 95 00:46:58 PST To: lmccarth@ducie.cs.umass.edu (L. McCarthy) Subject: Re: Vinge's True Email name ? In-Reply-To: <199501090800.DAA29142@bb.hks.net> Message-ID: <199501090847.AAA23833@netcom2.netcom.com> MIME-Version: 1.0 Content-Type: text/plain L. McCarthy wrote: > I began composing a reply precisely to this effect, but was stopped by the > words "They list...". If the address appears in some standard Compu$erve > email directory, then this was hardly a major transgression. > > Allow me to suggest a compromise. If some enterprising VV fan would volunteer > to collect fan mail from c'punks, then forward it all, everyone involved > might be fairly satisfied. As I described in a post last summer, I was at a party that Vernor was at, and several of us stayed over until Sunday afternoon (it being deep in the mountains of Marin and all, a long drive)). Eric Hughes was there. Anyway, I talked about all this in that post. Vernor was there until Sunday night, too, when the party hosts drove him off to SFO (the airport, for the TLA-impaired) and I dropped Eric off in Berkeley on my way home to Santa Cruz. The point I'm making? First, Vernor had gotten some Cypherpunks posts forwarded to him by that time, mostly by Russell Whittaker. He is well-aware that the Cypherpunks list exists, and one must presume that if he wanted to be on the list, he could be on it easily. (I doubt his CompuSlave account is his only one, as he's on the faculty at San Diego State, and hence has the usual access. I suspect he uses the CompuServe account for his rec.arts.sf-lovers sort of mail; just a hunch.) Second, he was aware of--and generally pleased by--the explicit role "True Names" played in the early motivation for our activities. (As is well known, the works of Chaum, Vinge, Card, Stephenson, Brunner, and others played major roles.) Third, for the curious, he _is_ working on a sequel to "AFUTD." Contact him if you wish, but bear in mind that the more time he has to spend reading and answering e-mail, the less work he'll get done on his SF writing. (And if he has to spend many hours getting his HyperMIME-JPEG3 SLIP system running to see "Vernor Rulez!" in 80-point type, he may truly decide he's been marooned in realtime.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Wei Dai Date: Mon, 9 Jan 95 00:56:36 PST To: wcs@anchor.ho.att.com Subject: Re: Latency, bandwidth, and anonymity In-Reply-To: <9501090353.AA13655@anchor.ho.att.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Sun, 8 Jan 1995 wcs@anchor.ho.att.com wrote: > My initial reaction to "Anonymous video conferencing" was > "That's when you wear black ski masks and use voice scramblers > and call from video payphones", i.e. not very useful. > ("Subcomandata Marcos here...") Video conferencing was just ONE of the applications of high-bandwidth, low-latency anonymous communication. Maybe it was a bad example. Here's a couple more: 1. anonymous distributed computing: suppose Alice wants to help Bob crack a secret key by using both of their computers, but the algorithm entails some heavy exchange of data between them 2. anonymous remote consulting: Alice is building a nuclear bomb and needs help, so she sends a live video feed of her workshop to Bob (and have the computer blot out her face in real time). Bob sends Alice an audio only commentary of what Alice is doing wrong. We tend to focus on the more exotic applications of these tools, but as mjk pointed out they will have perfectly ordinary uses by people who simply don't want everyone in the world to be able to know everything about them. Maybe Alice just wants to call AT&T to ask about their Clipper phone, and not have everybody realize that and send her a bunch of propaganda about Voice PGP. :-) Even now, this may not be as implausible as it sounds. What if Alice is using MCI as the long distance carrier, and MCI happens to be selling Voice PGP? Wei Dai From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cactus@seabsd.hks.net (L. Todd Masco) Date: Sun, 8 Jan 95 23:23:39 PST To: cypherpunks@toad.com Subject: Re: Vinge's True Email name ? Message-ID: <199501090729.CAA28854@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article , Lou Poppler wrote: >I knew that old compuserve account was good for something. >They list Vinge, Vernor San Diego CA 72267.2656@compuserve.com Sigh. Please don't use this, people. I'm sure VV has no desire to pay for oodles of mail telling him just how much people like him. Treat it like a home phone number (of course, some people abuse home phone numbers of famous folks...). - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxCrChNhgovrPB7dAQF7VgQAqsDQM0h7b0VDmBISGd3o0YqYg4q2HYmQ m0g7VtnX3yEU1vi9N96HPilMwe2JGs/6Frlvf9IKMmzGAIJxEQzGdMLbow54Il1/ akV9siQAH7BvKwaEWkzO8dDi6nl83ZtawVXIQNacIb5v9oEIQwK/vw4aYWitmDAv B0eJJUVT1XI= =u+fn - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxDlzSoZzwIn1bdtAQEXTwGAqVqaYnu+0yy8/d0HSZseTDuxP7BBWqGb PuzL4Xpu2HE7DDrIaALalplmGIYrHnun =zr9V -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Sun, 8 Jan 95 23:54:29 PST To: cypherpunks@toad.com Subject: Re: Vinge's True Email name ? Message-ID: <199501090800.DAA29142@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- NOTE: This mutation of this thread has no crypto content, but some (awfully specific) privacy relevance. Todd Masco writes: > Lou Poppler wrote: > >I knew that old compuserve account was good for something. > >They list Vinge, Vernor San Diego CA [email address omitted] > Sigh. Please don't use this, people. I'm sure VV has no desire to > pay for oodles of mail telling him just how much people like him. Treat > it like a home phone number (of course, some people abuse home phone > numbers of famous folks...). I began composing a reply precisely to this effect, but was stopped by the words "They list...". If the address appears in some standard Compu$erve email directory, then this was hardly a major transgression. Allow me to suggest a compromise. If some enterprising VV fan would volunteer to collect fan mail from c'punks, then forward it all, everyone involved might be fairly satisfied. Disclaimer: I'm not familiar with the details of CI$'s fee schedule; if one pays by sheer volume and not number of messages, then obviously this approach won't alleviate the burden. Maybe then someone could volunteer actually to ask VV whether/how he'd like to hear from fans.... - - -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxDr62f7YYibNzjpAQGxAwP+LloeLQS/BJcZciApmMWEvmOhSaCQJX8u uuwzprP2ZYTmbsb08lfTHnofS1TXKmoZ3BrYdiqjugaCTKFweg8BSZ2vw5i6KplV x2ArBnejYPKjtqs3C12mf8WJrgjnKdMZ9LxLgjlE1ymELG1bhH0loIyq3YX3x46G 69hvZyz/qQ8= =h05K - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxDtAyoZzwIn1bdtAQHLNAF+LEFF+UniR9jrXSZxd6Ia9L5aJIXjFFt3 J9aUAIUQKXf0o5ytM2nHYUvj7v0cWhn6 =e+gV -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Todd Masco" Date: Mon, 9 Jan 95 00:31:37 PST To: cypherpunks@toad.com Subject: More signal than YOU can handle. Message-ID: <199501090837.DAA29692@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- For the moment, all of the archives that Eric just dropped me are on ftp://ftp.hks.net/cypherpunks/All I'll be making some primitive engines to access individual articles by various means but I thought I'd put 'em up in case anybody else with more disk space than brains would like to snarf 'em (following the Shulgin model). (By the way, Glimpse looks like it'll be ideal, since everything is already in its own file, the "since June" archive currently being our /usr/spool/news/... dir.) Look for more info in this space (that sucking sound is my copious free time). - - -- Todd. - -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAwUBLxD1GBNhgovrPB7dAQEOQAQAuTRIVTQOzIbjqrUAFsPu3xHTJAH+3YnX ickYtw627leo3vs7wD2rxGfHNx6As7JbzSI1JwD26zsb2CMqMGgvQHNQ5eD7rW/N 3ICSWACwESWlnL/rAFvVh69mZDM/IUv5C+eSTVHKdlh3KWYbetRvCgkRNQvGVl58 S06pthGBpJ8= =f4fe - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxD1nyoZzwIn1bdtAQEv7wGAhSVywzGivjeo9fZwVrYDRaJx596TPVeJ pjutyvubg3yyKmqFD+Ele62LhiPvhxtX =pooh -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Mon, 9 Jan 95 01:27:51 PST To: cypherpunks@toad.com Subject: PV Advocate on Clipper in `95 Message-ID: <199501090933.EAA03532@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Just ran across a pretty nice (IMHO) short piece of media coverage of Clipper in a local weekly, the [Pioneer] Valley Advocate. This is item #85 in the "Tech Check" section of their list of "95 Things to Watch for in 1995". Joint authors of the whole forecast are: Mark Kendall Anderson, Everett Hafner, Stephanie Kraft, Tom Mudd, Steve Penhollow, Chris Rohmann, David Simons, Michael Strohl, and Rob Weir. ------------------ begin included text ---------------------- 85. Clipper Clipping Along Unfortunately, the failure of the mainstream media to cover the government's steamroller tactics in technology policy may well continue. The ``Clipper Chip,'' what NSA, CIA and FBI spooks see as the ideal data protection measure, stands to become national standard if all goes as planned. That is, as more people communicate with digital devices (computers and TVs and eventually telephones and faxes) the need to scramble and unscramble communications will increase -- ideally so that the phone conversation you have with your uncle or the email you send to a co-worker is private and unintelligible to anyone else. However, in the brave new world as it currently is being designed, the feds will also be able to decode every digital signal the Clipper chip scrambles. Consequently, drug kingpins, mafiosi, and anyone else requiring secure communications will have it (real data encryption is cheap and relatively easy to implement), while the remaining information consumers will have Big Brother to contend with. --------------------- end included text ---------------------- FYI, the Advocate accepts letters at 71632.100@compuserve.com. -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxEBwmf7YYibNzjpAQFdkgQAkciJkPMXESO9yvl3jKaH7WT6H4wGcgfG W8KyX2myH1zOmN/aZAQVSWX/Rtrs3r+gTwIlCf7DVhFnp1n+lImzrs/T8pKTx/25 gh30s6sm0AGrxcxCV8rgKbXT4KCdPOlXT+kTp5wWaLYBqbZlogvyQIivW3GLZ1U/ 9YnjTb0OXNk= =DaLq - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxEC7CoZzwIn1bdtAQEl6AGAtktxeMXLzVqxHi/0qhEgGRtlCg5Oq/aa O/RrNyyqbV8eKzSr/n06bt98bGfRfbgY =ullh -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jRT Date: Sun, 8 Jan 95 13:46:50 PST To: Wei Dai Subject: Re: A Fire Upon the Deep In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain When we say 'anonymous video-conferencing' here, I take it that's not the same as in videophones whereby you sit there and have your mugshot transmitted across to the other party... that would be distinctly un-anonymous :) The thing being, say you set up an anonymous-video-or-otherwise-remailer, you have to ensure that people don't manage to get into that as such would obviously give away the identities of all parties. Given that people can supposedly hack the DOD computer system, that doesn't seem so unlikely, so are anonymous-remailers really all that safe? ------------------------------------------------------------------------------ jrt@AsiaOnline.Net john@AsiaOnline.Net PO Box 86141, Govt PO, Kln, HKG. Computers Communications Reduced Rate IDD Service Innovative Widgets Help protect the environment : This message is made from recycled electrons ------------------------------------------------------------------------------ On Sat, 7 Jan 1995, Wei Dai wrote: > On Sat, 7 Jan 1995, Adam Shostack wrote: > > Anonymous mail has bandwidth costs that are only slightly > > higher than regular mail. You could hide quite a bit in most video > > packets. The latency is a reflection of the lack of volume, because > > volume is needed for reordering. If your favorite remailer gets more > > mail, the latency will drop. > > Anonymous e-mail that goes through a chain of N remailers will cost at > least N times as much bandwidth and have N times as much latency as normal > e-mail. But e-mail is hardly the state-of-the-art of network > communication, while anonymous e-mail IS the state of the art for > anonymous communication. How long will it take for the technology of > anonymous video conferencing to develope, for example? By then, of > course, those who are not concerned with anonymity will probably have > things such as full sensory virtual interaction. > > Note that I SUPPORT anonymous communication, but its costs of bandwidth > and latency may be a real obsticle to developing Cryptoanarchy (of the > kind described by Tim May) if most people are not willing to put up with > those costs. > > Wei Dai > PGP encrypted mail welcome. > > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jRT Date: Sun, 8 Jan 95 13:48:45 PST Subject: Re: ANONYMOUS REMAILERS In-Reply-To: <199501071950.LAA22106@netcom17.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Oops, what I meant to add onto that last bit was that if you're required to keep records of the to and from, and especially the contents, you are severely likely to be raided by some govt agency whenever they wanna see who said what. I'd think twice about using a remailer that kept records on it all. ------------------------------------------------------------------------------ jrt@AsiaOnline.Net john@AsiaOnline.Net PO Box 86141, Govt PO, Kln, HKG. Computers Communications Reduced Rate IDD Service Innovative Widgets Help protect the environment : This message is made from recycled electrons ------------------------------------------------------------------------------ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Mon, 9 Jan 95 03:51:37 PST To: Lou Poppler Subject: Re: Vinge's True Email name ? In-Reply-To: Message-ID: <9501091150.AA22634@snark.imsi.com> MIME-Version: 1.0 Content-Type: text/plain Lou Poppler says: > I knew that old compuserve account was good for something. > They list Vinge, Vernor San Diego CA 72267.2656@compuserve.com Too bad for him that he used his true name. Now lots of "fans" are going to bother him.... .pm From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Raph Levien Date: Mon, 9 Jan 95 06:48:43 PST To: cypherpunks@toad.com Subject: List of reliable remailers Message-ID: <199501091450.GAA27265@kiwi.CS.Berkeley.EDU> MIME-Version: 1.0 Content-Type: text/plain I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list@kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.30.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all@chaos.bsu.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list@kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric post"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut post"; $remailer{"desert"} = " cpunk pgp. post"; $remailer{"nately"} = " cpunk pgp hash latent cut"; $remailer{"xs4all"} = " cpunk pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk pgp hash latent cut post ek"; $remailer{"rahul"} = " cpunk"; $remailer{"mix"} = " cpunk hash latent cut ek"; $remailer{"q"} = " cpunk hash latent cut ek"; catalyst@netcom.com is _not_ a remailer. Last ping: Mon 9 Jan 95 6:00:01 PST remailer email address history latency uptime ----------------------------------------------------------------------- nately remailer@nately.ucsd.edu ++++++++++ 1:28:30 99.99% rahul homer@rahul.net **#**##****# 4:31 99.99% mix mixmaster@nately.ucsd.edu ++-+-++-++ 48:36 99.99% penet anon@anon.penet.fi *+****+***** 28:32 99.99% vox remail@vox.xs4all.nl ----------- 14:34:13 99.99% usura usura@replay.com -- -+--+*** 22:31 99.44% bsu-cs nowhere@bsu-cs.bsu.edu +##**##***+# 23:14 99.26% ideath remailer@ideath.goldenbear.com * --- ----- 2:08:58 99.12% q q@c2.org --+--*++-- 2:33:18 98.62% soda remailer@csua.berkeley.edu -..-.- ... 8:10:14 98.47% alumni hal@alumni.caltech.edu ++ *-**+**** 7:37 97.74% portal hfinney@shell.portal.com ** *-#*#*#** 5:32 97.74% c2 remail@c2.org *--*+* *+ 1:13:45 95.50% desert remail@desert.xs4all.nl _.----.--- 19:54:01 94.80% extropia remail@extropia.wimsey.com ++__ +++++ 13:02:14 84.83% xs4all remailer@xs4all.nl *-- -+*** 16:29 76.54% rebma remailer@rebma.mn.org -*___-__- 31:31:05 70.47% flame tomaz@flame.sinet.org -*-*+ 29:22 37.83% For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. special Accepts only pgp encrypted messages. ek Encrypt responses in relpy blocks using Encrypt-Key: header. Comments and suggestions welcome! Raph Levien From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Raul Deluth Miller Date: Mon, 9 Jan 95 05:11:16 PST To: cypherpunks@toad.com Subject: remailers Message-ID: <199501091310.IAA13683@nova.umd.edu> MIME-Version: 1.0 Content-Type: text/plain I'm wondering if I understand this remailer debate. Here's my summary (based not so much on reading of cypherpunk traffic, but on my understanding of the basic principles): (*) define an encrypting mailer protocol (basically, just PGP or some such). When a mailer receives an encrypted message, it unpacks (0) a message which may have been doubly encoded (once by originator, once by prior remailer to disguise padding) -- if so, must decrypt twice. (1) the message to be forwarded, annotated with control info (e.g. padding, delay, key to reencrypt under) (2) payment information in whatever format is advertised for that remailer. As I understand it the problem with digital cash is defining physical link for the "cash", without compromising the identity of whoever payed into the account. The proposal-to-date involves a guild of remailers. As I see it, this would be primarily of value for shuffling cash around -- call it a build of bankers instead. Once you've established your "cash"-net, presumably with related services such as drop-boxes and temporary accounts, you could use more flexible mechanisms for anonymous mail, which feed off the cash net where necessary. I've not read Chaum(sp?)'s work on encrypted cash, so perhaps I've ignored some terribly obvious issues. [No PGP signature -- at the moment, I don't have a host sufficiently secure to be worth bothering with.] -- Raul D. Miller N=:((*/pq)&|)@ NB. public e, y, n=:*/pq P=:*N/@:# NB. */-.,e e.&factors t=:*/<:pq 1=t|e*d NB. (,-:<:)pq is four large primes, e medium x-:d P,:y=:e P,:x NB. (d P,:y)-:D P*:N^:(i.#D)y [. D=:|.@#.d From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Mon, 9 Jan 95 09:09:35 PST To: cypherpunks@toad.com Subject: Re: More signal than YOU can handle. In-Reply-To: <199501090837.DAA29692@bb.hks.net> Message-ID: <199501091709.JAA25055@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain From: "L. Todd Masco" For the moment, all of the archives that Eric just dropped me are on ftp://ftp.hks.net/cypherpunks/All This includes all the stored messages at toad.com from the beginning of time up to a few months ago. I've got a short lacuna at toad.com from some deletion I never understood, but it's only a few weeks long and is covered by Todd's archive. I would like someone to make an official enumeration of the articles as they passed out to the list for global reference. You may self-volunteer by grabbing the archives above and starting. Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Mon, 9 Jan 95 09:24:53 PST To: cypherpunks@toad.com Subject: Re: Data Haven problems In-Reply-To: <199501071710.LAA21334@pentagon.io.com> Message-ID: <199501091724.JAA25074@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain From: dfloyd@io.com While programming my data haven code, I am wondering how to guard against spamming the data haven parser. Here's an example of where the mechanism/policy distinction helps a lot. Mechanism here is how you store data. Policy is how you decide whether to accept a particular request. The suggestions to date have all suggested particular policies to put into your code (with the exception of Bill Stewart). In addition, almost all of these suggestions have been pay-per-use. As significant as policies are, they aren't your most important issue right now. The single thing you need to get right today is the means of separating the mechanism from the policy. Different operators will have different policies. If it's difficult to change policies, fewer services will be offered. The issue of policy separation is a software architecture one. I don't know the structure of your code, but I'd suggest that whatever it looks like, that you make a (1) clean interface and that you (2) document it. If you do these two things, you'll have substantially achieved separation. I think you should spend more time worrying about the interface than about the specific policies. In order to focus on the policy interface, I'd suggest an extremely simple policy to work with, namely, an access list. Anyone listed can use the server; everyone else is denied. That will get you started. I would distribute your first code with a simple policy such as this. It will allow prototypes to get worked on. Since a data haven isn't of much use without clients for it, a simple policy is adequate for a first release. Eric From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: RGRIFFITH@sfasu.edu Date: Mon, 9 Jan 95 07:32:20 PST To: cypherpunks@toad.com Subject: Re: Anonymous payment scheme Message-ID: <01HLMZ1MIHOM000TCU@TITAN.SFASU.EDU> MIME-Version: 1.0 Content-Type: text/plain >At 09:45 AM 1/3/95 -0800, Hal wrote: >> ... As I wrote, banks are >>required to get SS#'s for depositers right now, and I wouldn't expect >>that to change any time soon. If anything, the trend appears to be >>towards more tightening rather than less. ... > >Isn't that only a requirement on interst-bearing, or potentially >interest-bearing, accounts? > > --Paul J. Ste. Marie > pstemari@well.sf.ca.us, pstemari@erinet.com > Yes, but the account form will have a place for it anyway and the account opening person will demand it. My experience a few years ago was that I had to go to an officer and point out that the account was not interest bearing and so the SS# was not required in order to get the account opened without it. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Mon, 9 Jan 95 07:37:40 PST To: Mats Bergstrom Subject: Re: Data Haven problems In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 9 Jan 1995, Mats Bergstrom wrote: > Hardly. (*.gi0 and *.jp0 for a start?) > But what are data havens for, if not for controversial data? > One of the greatest needs, if not _the_ greatest, in our times > for a data haven is probably for storing porno. There is a > tremendous, world-wide demand for porno. Yet, there are numerous > countries where sex.gif's found on your disk (encrypted or not, > they can use thumb-screws to force the key out of your hands) > will put you in a very difficult situation (loss of social > status, jail, decapitation). It might be much more convenient > for, let's say, a Saudi teenager to store his encrypted private > gif's in a data haven in Sweden, download them when he feels > the urge and purge the copies after every use. My feelings exactly. Are we going to fall prey to the medias asault on porno and resort to self-censorship? If a data haven resorted to filtering out all gifs and jpegs, or even porno, then it wouldn't be one I wouldn't use it, for my porn, nor for my other data. If it is going to be a datahaven it can;t fall to such things as filtering data for controversial subject the owner doesn't like. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: paul@poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 9 Jan 95 07:45:17 PST To: dfloyd@io.com Subject: Re: Data Haven problems In-Reply-To: <199501071710.LAA21334@pentagon.io.com> Message-ID: <199501091546.AA19741@poboy.b17c.ingr.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- > Any ideas on how to guard against mailbombs, and to confirm to the sender > that their files are stored successfully? Perhaps do a mailing with > a test command that validates the existance of the file, and sends a > reply back wether the file is okay or not, or would this result in a > possible security hole? To solve problem #1, use digital postage of some form. Digicash, FV, Tacky Tokens, Mountain Dew futures... just require a per-storage-unit charge _to initially check in the file_. You can of course charge for storage over time, too. To solve problem #2, send an MD5 hash of the file back to the sender. Ideally, you would also provide (in perl, C source, csh, or whatever) a submission script which outputs an MD5 hash before the file is sent. As long as the before-sending hash matches the hash returned by the haven, you can assume that the file is intact. > Lastly, instead of postage (like a remailer would get), how hard would it > be to implement "rent" where if the "rent" is not paid, and a grace period > has elapsed the file would be trashed. All this while preserving the > anonymity of the sender and the data haven site. Not very. Use a dbm database to map "rent due" dates by file, then periodically sweep through the database. > As to the code, this will have to be my second rewrite as I am going to > do it in perl code, rather than C... last rewrite was from a daemon to > a program activated by a .forward file. Perl has the nice property of being fairly portable, too. - -Paul - -- Paul Robichaux, KD4JZG | Good software engineering doesn't reduce the perobich@ingr.com | amount of work you put into a product; it just Not speaking for Intergraph. | redistributes it differently. ### http://www.intergraph.com ### -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxFaRafb4pLe9tolAQH3EwQAmokOebOJtSbny7rAphWBE7n38XvWYbwy SMFXmctU6DNnM+9oGTtlaROTUy2jbbt6zDf1/1wIOG/p0C6K7BAD8lt0mkrf4OqN As1yf9JLxtTHgYIKF94aUiGiqCUo5zWe12CB+GwZ9LKma4BxXKqT3iCYrjQL+2Su us2wL5AVRd4= =McPN -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brad Dolan Date: Mon, 9 Jan 95 09:54:33 PST To: cypherpunks@toad.com Subject: Rumored CBS "hit" on internet coming Message-ID: <199501091755.JAA10056@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain This may be old news or it could be bogus but fyi anyway: >From parsons@bga.com Mon Jan 9 05:16:49 1995 >From: Brad Parsons >Subject: CBS/C.Chung Plan Hit Job on Internet? (fwd) >To: bdolan@well.sf.ca.us > > >Brad, Could you forward this to the cypherpunks list? Thanks.--BJP > >---------- Forwarded message ---------- >Date: Mon, 9 Jan 1995 03:48:01 -0600 (CST) >Subject: CBS/C.Chung Plan Hit Job on Internet? > >A friend tells me that CBS and Connie Chung plan a hit job on Internet >on the evening news today, 1/9/95. Apparently it may be in the context >of youths supposedly learning how to make bombs from online info. In >case I don't get to watch it, could somebody make it a point to watch >it and give us a summary of the report. Thanks. Reply, if you're inclined, via e-mail. I'm off the list until the Carol Ann stuff dies out. - Brad Dolan, bdolan@well.sf.ca.us  From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pcw@access.digex.net (Peter Wayner) Date: Mon, 9 Jan 95 07:09:57 PST To: perry@imsi.com Subject: Re: Vinge's True Email name ? Message-ID: <199501091510.AA16373@access3.digex.net> MIME-Version: 1.0 Content-Type: text/plain >Lou Poppler says: >> I knew that old compuserve account was good for something. >> They list Vinge, Vernor San Diego CA 72267.2656@compuserve.com > Of course, he might have used his true name because he wanted to hear from people. Tom Clancy seems to enjoy the newsgroup created to discuss his books and he posts there regularily. Many people strive to become famous because they love the adolation of the fans. Others don't. Who knows about VV? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anthony Garcia Date: Mon, 9 Jan 95 08:27:41 PST To: cypherpunks@toad.com Subject: Re: Vinge's True Email name ? In-Reply-To: <199501091510.AA16373@access3.digex.net> Message-ID: <199501091628.KAA00456@Starbase.NeoSoft.COM> MIME-Version: 1.0 Content-Type: text/plain As Wei Dai pointed out, the hostname of Vernor Vinge's office workstation at San Diego State University can be easily determined in about 5 minutes of poking about. (He appears to have about 10-15 shells running at any given time...) I really enjoy his work. However, I've never sent him any email. The general impression I've gotten is that he prefers not to receive fan email, since it distracts him from important work. If you *really* want to send him fan mail, I recommend sending it in paper form to his publisher. First, this allows him to better handle fan mail in batches. Second, this gives his publisher some indication of interest in his work, and maybe gets him a better deal on his next book. -Anthony Garcia agarcia@neosoft.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Rich Salz Date: Mon, 9 Jan 95 08:28:01 PST To: carolann@mm.com Subject: Re: Remailer Abuse Message-ID: <9501091624.AA05922@sulphur.osf.org> MIME-Version: 1.0 Content-Type: text/plain What lists did you post to? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: ddt@lsd.com (Dave Del Torto) Date: Mon, 9 Jan 95 11:48:43 PST To: cypherpunks@toad.com Subject: HUMOR:...and we thought _PRZ_ had troubles! Message-ID: MIME-Version: 1.0 Content-Type: text/plain My apologies for this non-crypto posting, but I just _couldn't_ resist sharing. Ironically (incredulously?), paranoia does nothing to improve one's grasp of adjectives and adverbs... Anyway, please, please restrict your replies (if any) to private email amongst yourselves and don't follow my poor example and post anything more about it to the list. BTW..."Half" street?! dave ____________________________________ "Fascinating, Captain." -Mr. Spock =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= cut here =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Newsgroups: alt.alien.visitors Subject: Truth or Paranoia? From: doctor.doom@citylink.uu.holonet.net Date: Fri, 6 Jan 95 21:56:00 EST I found the following disturbing post on a BBS in the Washington DC area: Msg # 48 of 83 Date: Fri 12-03-93, 6:29 pm From: UNIT Read: 7 times [1 Reply] Forwarded From: 1900 Half Street, SW Subject: important The story I am about to relate may seem incredulous in many ways even thought it is true and I solemly attest that it is true despite the fact that it seems incredulous in many ways there is verifiable evidence and i urge you to verify the evidence on your own if you should find this incredulous which is the natural response. I am a victim of government sponsored terrorism and racism sponsored by the us government and big corporations which actually work HAND IN HAND with the us government towards these ends. This of course includes the liberal media although some cells of independence remain and not all individual journalists are accessories to the conspiracy. Suffice it to say that democracy does not in any way exist in the United States of AmeriKKKa. The government has been out to get me ever since I was born in 1966 as a result of a specific genetic coding abnormality which makes me unique among the 99.9999 th percentile of the American population and makes people like me marked for harrassment. The abnormality may have been spawned by mass CIA mind control tests conducted in 1961, which affected certain birth patterns. They actually have attempted to cause me to try to kill myself on several occasions and have attempted to drive me crazy by chemical and psychological means including retroactive radio control from the future (any scientist will tell you that radio waves which move faster than light speed are capable of moving backwards in time and thus controlling the past). The constant chemical assaults on my well being mean I cannot leave my apartment except in dire circumstances and then I must breathe through a gas mask. Not only that but people are strategically placed at all places I interact with people out of necessity (I cannot avoid such encounters entirely) to make me self aware and paranoid. These efforts are futile and I continue to defy the Amerikkkan government. On June 11 1986 they deliberately influenced me by radio to be present at the intersection of Sherman Avenue and Harvard Street NW at precisely 1:42 am and I had to cross seven blocks of territory that had been sealed by the police. This is documented. I witnessed seven police forces engaged in a shootout that lasted three hours. THe police forces were shooting at EACH OTHER and I counted at least thirty verifiable casualties. Although this has never made the newspapers due to the government/corporate conspiracy the information is readily obtainable but must be sought through FOIA requests at the FBI. The files are disguised as traffic fatalities and the true cause of death is not noted. Also documentable is my genetic trait which Johns Hopkins in Baltimore will provide upon demand. I am considered a threat to the CIA because of my superior evolutionary status and my radical thoughts. In 1971 the United States abandoned the Bretton Woods system of fixed exchange rates and secretly implemented a dual currency system along with ruling elites from other major countries including the USSR and Red China. I know this because agents have tried to buy me off with this currency which exists solely in the form of informational transactions and has no physical manifestations yet makes a mockery of the valueless Dollar. I am a man of integrity and I refused to participate in this plot. Needless to say the federal deficit is measured in dollars and is therefore nonexistent and irrelevant. The secret currency system is solvent. In 1987 the Wall Street Journal documented the cataclysmic stock market crash but made no mention of the real underlying factors behind it, which again represented a government conspiracy. After I wrote to the Wall Street Journal to point this out, attempts to kill me trebled. There are also listening devices implanted everywhere to monitor my actions and junk mail sorted with DMSO and curare arrives daily. I remove the mail with tweezers and leave it on the counter for the mailman as unreturnable. He wears gloves of course. The only reason I am still alive is because I persist in making my case public at every opportunity, which means the government does not directly try to kill me but relies on third-party means which I have so far avoided. A rental car I obtained in Sausalito in 1989 was irradiated with depleted uranium which increased the total mass of the car by 33% d would have caused me to go over a cliff were it not for the normal precaution I take of always driving 15 mph under the speed limit. But it is this kind of insidiousness which I am consdtantly faced with. I also can only cross the street in crosswalks so that any attempt to kill me with a vehicle could not be blamed on pedestrian error. The only reason I am still alive is because I persist in making my case public at every opportunity, which means the government will not try to kill me directly, since that would verify my claims instantly in the public's eyes. For that reason I urge all of you to write to the media, contact your senators, and do everything you can to let the conspirators know that my story has been heard, and that the eyes of the public are upon the conspiracy. It is only through concerted collective action that I can remain alive and the AmeriKKKan government which has been ruling illegitimately since a secret coup in 1947 (documented at the Library of Congress) can be brought down and freedom restored. -end?- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matthew Ghio Date: Mon, 9 Jan 95 11:32:46 PST To: alt.privacy.anon-server@demon.co.uk Subject: Re: Remailer source In-Reply-To: <199412301935.AA22766@von-neumann.info.polymtl.ca> Message-ID: <199501091929.LAA22433@infinity.c2.org> MIME-Version: 1.0 Content-Type: text/plain Octavian Ureche wrote: > Does anybody know where could I find UNIX sources > for a remailer ? ftp cs.cmu.edu /afs/andrew.cmu.edu/usr12/mg5n/public/remailer From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Mon, 9 Jan 95 11:47:52 PST To: cypherpunks@toad.com Subject: Experiments and Toys vs. the Real Thing Message-ID: <199501091946.LAA06410@netcom18.netcom.com> MIME-Version: 1.0 Content-Type: text/plain The debate about data havens and what they ought to really be, what they ought to really accept, etc., is similar to debates about what digital money ought to be, how remailers ought to operate, etc. It's useful to categorize projects as "experimental" (or "toy," with no negative connotations implied) or "commercial" (or "real," I suppose): * EXPERIMENTAL, or TOY: Early efforts, meant to help illuminate the issues, uncover problems, gain knowledge, educate people, etc. * COMMERCIAL, or REAL: More robust, well-established. Usually "for pay," and expected to be maintained, available, professionally operated. Now there's a fuzzy distinction between these, a continuum, really. For example, PGP began life (esp. as v. 1.0) as an amateur or experimental thing, with a few hacker experimentalists playing with it. Version 2.x has been usable as a commercial tools, every bit as good as "MailSafe," the ostensibly commerical RSADSI tool. The user community has added enough capability and hooks to clearly put PGP in the COMMERCIAL category: robust, supported, etc. Remailers are _almost_ in the second category, especially when taken as an ecological whole. (That is, any single remailer may be flaky--though many aren't--but the pinging and reputation tools that support the ecology make the ensemble more robust and usable.) Many of us believe that "digital postage" paid remailing will be the final step needed to move remailers into the commercial/real category. Until thien, they're not businesses--they're hobbies and experiments. (Which is fine, as one of the main reasons for Cypherpunks was to take the academic papers presented at Crypto conferences and reify them in working code, as experiments.) Digital cash is more clearly still at the experimental level, as are anonymous markets (like BlackNet), data havens, and so forth. Why do I mention these points? Because there's a danger in "premature professionalization." And a danger in criticizing experimental or toy efforts for not being "pure enough." The recent claims that nascent "data havens" _must_ support all files, including hard-core porn, weapons secrets, etc. seems to be an example of this. I'm not for censorship, just concerned that the data haven _experiments_ are not secure enough, not robust enough, to actually carry high-visibility files. For example, data havens will clearly someday be used to carry defense secrets, troop movements, weapons manufacturing details, etc. But I would not want to carry them on my "experimental data haven," for obvious reasons. Even if I only carried "non-American" secrets, such as reports on Russian troop manouvers around Grozny, I could expect visits from American officials (to stop me, to plant data they want planted, etc.). (And let's not forget "snatch teams" that grab foreign nationals suspected of crimes...Israel, Iraw, Iran, and the U.S. have grabbed people in other countries. And more common is simple execution. If a Swedish data haven carried files related to U.S. operations, and the data haven location was known--part of what I mean by saying the enabling technologies do not yet exist--then various measures would be applied. Diplomatic, equipment sabotoage, even killing the operators. I'm not being Ludlumesque here...clearly such "threats to national security" would be seen as justifying various reactions. Especially to send a message to other potential operators.) Those advocating a "purist" (= professional/real) approach to data havens, seen recently in the calls for data havens to never screen files or accesses, should bear in mind that "data haven technology" is lacking. Remailer chains leading in and out of data havens are still non-robust, subject to attacks and compromises. And of course, digital cash is still being thrashed out. An experimental data haven that allowed unscreened access or depositing of information would also become a a magnet for kooks, for those wishing to sabotage such havens, etc. If truly serious information was found on the haven, huge efforts would be mounted to find the source, get the site shut down, etc. Current remailer technology is just not up to the challenge. (I'm not saying it won't someday be, just not now.) Criticizing experimental data havens for "not going all the way" seems to me to be wrong-headed. First, there's the usual issue of who bears the risk, with those not at risk urging others to put themselves and their sites are risk by being "pure." Second, and more important, the enabling technologies for data havens are just not yet themselves available and robust. A data haven that carries "Four Horseman of the Infocalypse" material will come under strong attack, legal, cryptographic, and physical. There's a place for experimental or toy implementations, e.g., data havens that operate in some limited domain. This allows the issues to get explored before full-scale attacks are mounted. Think of it as a training exercise, a drill, or an immunization. --Tim May, who thinks the first real data havens will come under intense attack and so had better be secure from the start -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Mon, 9 Jan 95 11:56:00 PST To: bdolan@well.sf.ca.us (Brad Dolan) Subject: Re: Rumored CBS "hit" on internet coming In-Reply-To: <199501091755.JAA10056@well.sf.ca.us> Message-ID: <199501091955.LAA07671@netcom18.netcom.com> MIME-Version: 1.0 Content-Type: text/plain > >Subject: CBS/C.Chung Plan Hit Job on Internet? > > > >A friend tells me that CBS and Connie Chung plan a hit job on Internet > >on the evening news today, 1/9/95. Apparently it may be in the context > >of youths supposedly learning how to make bombs from online info. In > >case I don't get to watch it, could somebody make it a point to watch > >it and give us a summary of the report. Thanks. Argghh!! When Connie interviewed me last week, she said I could _whisper_ some dark uses to her and it would just be between the two of us! Life's a bitch, and so is Connie. > Reply, if you're inclined, via e-mail. I'm off the list until the Carol > Ann stuff dies out. - Brad Dolan, bdolan@well.sf.ca.us It seems to have gone through the "Newbie-nova" (a double newism?) phase and is already dropping exponentially. (By Newbie-nova I mean the spate of initial posts. I know the syndrome, as I made several posts on my first day on "Cyberia.") --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Rick Busdiecker Date: Mon, 9 Jan 95 09:01:00 PST To: "Jim Grubs, W8GRT" Subject: Re: BofA+Netscape In-Reply-To: Message-ID: <9501091655.AA24435@cfdevx1.lehman.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- From: "Jim Grubs, W8GRT" Date: Tue, 13 Dec 94 11:27:45 EST Rick Busdiecker writes: > Even Apple & Microsoft agree that Netscape is brain dead... Please be more careful in your attributions. The extent to which I wrote the above comment is that I quoted it from someone else's article. Rick -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLxFqg5NR+/jb2ZlNAQFRbwP/cPEMxF4aSfGPyi7gbudxG6NGUtNl9Ted hsCDzg4KLb1jRTtwt66c6R+W8Qd1ekZw6kv9qbCu/xiIDNI4DG0Z9VUyt4a4+EdE v45i5An70yLUS6wd7ncicH4Rxoo4KxU2fOwe5PZWzBAWHWRQA8zOB8pbpbwZcg6Q BCkf6Q6jGTc= =ngk4 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mats Bergstrom Date: Mon, 9 Jan 95 03:07:59 PST To: cypherpunks@toad.com Subject: Re: Data Haven problems In-Reply-To: <9501090448.AA14477@anchor.ho.att.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain wcs@anchor.ho.att.com wrote: > Filtering by filename and type can also be useful - if you don't allow > files named *.gif and *.jpg, users may be less likely to > spam you with pornography. Hardly. (*.gi0 and *.jp0 for a start?) But what are data havens for, if not for controversial data? One of the greatest needs, if not _the_ greatest, in our times for a data haven is probably for storing porno. There is a tremendous, world-wide demand for porno. Yet, there are numerous countries where sex.gif's found on your disk (encrypted or not, they can use thumb-screws to force the key out of your hands) will put you in a very difficult situation (loss of social status, jail, decapitation). It might be much more convenient for, let's say, a Saudi teenager to store his encrypted private gif's in a data haven in Sweden, download them when he feels the urge and purge the copies after every use. Mats From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: abostick@netcom.com (Alan Bostick) Date: Mon, 9 Jan 95 15:32:00 PST To: cypherpunks@toad.com Subject: Re: Vinge's True Email name ? In-Reply-To: <199501091628.KAA00456@Starbase.NeoSoft.COM> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article <199501091628.KAA00456@Starbase.NeoSoft.COM>, you wrote: > If you *really* want to send him fan mail, I recommend sending it in > paper form to his publisher. First, this allows him to better handle > fan mail in batches. Second, this gives his publisher some indication > of interest in his work, and maybe gets him a better deal on his next > book. And if you *really* want to send Vernor Vinge fan mail, and you *can't* *stand* the notion of sending it via snailmail, you can send email to his publisher: pnh@tor.com . That's the email address for Patrick Nielsen Hayden, senior editor at Tor Books. Patrick will know what to do with it. (n.b.: I don't think Patrick is actually Vinge's editor; I think [but am not sure] that Vinge's editor is Jim Frenkel, who oddly enough is married to Vernor Vinge's ex-wife, Joan Vinge.) (Cypherpunks Duncan Frissell and Sandy Sandfort may recall Patrick from his salad days in San Francisco, when he was part of the crew which took over FREEDOM TODAY and FREE MARKET REPORTER magazines in 1978.) | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick@netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLxGaoeVevBgtmhnpAQFYxQL+JqH6lhYdbhZ5uxaQS8G6dnvtLAZEt49b Ye/jJG1xpQGqsLu1wV3pCPDvo+/MUHF6dX8Jt/VaSy4aAkFz3dqm3n9btjWBwvpt LHQjBqwg70PAyiiJ9/MdYj9pUCeurFqr =5A8z -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Sandy Sandfort Date: Mon, 9 Jan 95 13:08:54 PST To: Eric Hughes Subject: Re: for-pay remailers and FV In-Reply-To: <199501070231.SAA20999@largo.remailer.net> Message-ID: MIME-Version: 1.0 Content-Type: text/plain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, > . . . a remailer consortium would do best to issue a local banknote > usable only by themselves and have customers settle with the > consortium issuer, rather than any member of the consortium itself. > If the consortium issuer were to use blind sigs, the consortium > members wouldn't be able to ascertain who paid. > > The mechanism for settlement could be credit cards directly, mailed in > checks, even FV. The preferences of the consortium members for issues > of timeliness of settlement, reversibility, loss sharing, etc. would > decide the actual choice of settlement mechanism. > . . . Gee, this sounds awfully familiar. Maybe Eric will have more luck in getting you remailer folks to listen. I hardly got so much as a peep when I suggested that a remailers' guild create or authorize one or more digital stamp issuers. Damn, I hate being so far ahead of my time. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nissim@acs.bu.edu Date: Mon, 9 Jan 95 10:51:09 PST To: cypherpunks@toad.com Subject: positive publicity for anonymity Message-ID: <199501091843.NAA112415@acs.bu.edu> MIME-Version: 1.0 Content-Type: text/plain I've just posted a proposal to alt.config for a new group alt.temping I'm hoping that temporary workers will use this as a forum to compare and contrast temp agencies, wage differences, 'permanent hire penalties' etc. There are about 4.4 million business service temps in the US. Wage differentials are noticeable - one egency will pay $2.00 more than another; this means $320/month to a temp worker. I expect temps to use anonymous posting capabilities to compare wage rates and company patterns *anonymously* because they may fear discrimination from their agencies. (I know I would) This seems like a very positive use of anonymity. Not only will millions of people on the bottom rung of office life be able to gain advantage by information, there are clear parallels to areas in the past of the left where unions and workers rights were seen as causes of first importance. In fact, the troubles involved in being temporary have been championed several times on television. This might make a good counterargument to 'teenagers and pipe bombs' If we say anonymity is a tool that helps up to 3-4% of the work force make intelligent choices and get paid more we may key into the left wing slant of the media. Treon Verdery (not posting from Adam's account this time!) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: abostick@netcom.com (Alan Bostick) Date: Mon, 9 Jan 95 15:21:38 PST To: dfloyd@io.com Subject: Re: Data Haven problems In-Reply-To: <9501090448.AA14477@anchor.ho.att.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article <9501090448.AA14477@anchor.ho.att.com>, you wrote: > Filtering by filename and type can also be useful - if you don't allow > files named *.gif and *.jpg, users may be less likely to > spam you with pornography. Namespace control in general is an issue - > do users get to choose filenames, or list directories, or do they > have to know the names of files to retrieve. > Another issue is whether files can only be retrieved by the sender - > probably a local policy issue. Pornographic images aren't spam _per_se._ What makes them troublesome is the huge number of people who wish to download them when their availability is widely known. (My ISP's ftp site is being bogged down by lots of accesses; it is speculated that these are people trying to access pornography kept there.) The obvious fix here is the same as the proposed fix for remailer spamming: charge for access. As a (presumably) fixed-location data haven, one would want to be able to use some kind of anonymous e-money for payment, but one could also use good, old-fashioned credit card numbers, too. The feelthy peexture business might well be the cash cow that keeps a data-haven/fortress remailer afloat (if that's not too mixed a metaphor). | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick@netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLxGxHOVevBgtmhnpAQEEnAL/blauOWwrahdpEK+NbH4WC5V5fekmUYdg tT5VU+d2C5PGF9Bm5cXtNlZczbI84f+jsBmxRDlXQAsec56D7M7ZwjBMcp2X8t9Z +FlsU90fRN3NGbYOK/vlSOmzjPBQxf8A =gvPB -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Angus Patterson Date: Mon, 9 Jan 95 10:48:35 PST To: cypherpunks@toad.com Subject: Re: Vinge's True Email name ? In-Reply-To: <199501091628.KAA00456@Starbase.NeoSoft.COM> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 9 Jan 1995, Anthony Garcia wrote: > If you *really* want to send him fan mail, I recommend sending it in > paper form to his publisher. First, this allows him to better handle I can see your point, but since it's been asked (and you're all responsible people and he knows about killfiles) This is the address I just found in the cyberpunk faq : vinge@aztec.sdsu.edu And btw, thanks for all the replies to my True Names question. I did end end up finding it (on loan), but somehow this city's used bookstores seem to have every one of his books but True Names. Sigh... Back to crypto though, would anybody know about any more recent works on the NSA than Puzzle Palace (other than the Wired articles or the NSA handbook that was posted to the net)? For that matter, has anybody heard of a recently published book on the Canadian Security Establishment (it came out just two months ago I think, I just can't remember the author or title) or anything else on that agency? Mucho Thank you. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: abostick@netcom.com (Alan Bostick) Date: Mon, 9 Jan 95 15:22:24 PST To: cypherpunks@toad.com Subject: Re: Latency, bandwidth, and anonymity In-Reply-To: <9501090353.AA13655@anchor.ho.att.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article <9501090353.AA13655@anchor.ho.att.com>, wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) wrote: > My initial reaction to "Anonymous video conferencing" was > "That's when you wear black ski masks and use voice scramblers > and call from video payphones", i.e. not very useful. > ("Subcomandata Marcos here...") I thought so too, at first; but then I thought of this obvious application: The scene is a bare room, with a single chair in the middle. Seated on the chair is THE VICTIM, whose head covered in a hood. The victim's hands are bound to the armrests, and the legs to those of the chair. A KIDNAPPER enters the scene and walks over to the victim. The kidnapper's face is obscured, either by a hood or ski mask, or by digital scrambling of the image. The kidnapper's voice is scrambled digitally. The kidnapper pulls the hood off of the victim's head, and speaks. KIDNAPPER: Okay, you're on! Talk! The camera slowly zooms in on the victim's face. VICTIM (tentatively): Mom? Dad? It's me. DAD (voice over): Is that really you, son? Are you all right? VICTIM: It's me. I'm okay. This is no picnic, but they're treating me okay, considering. Listen, have a message they want you to pass on to the President. DAD: I don't know if I can get it to him. It's not like we play golf together. VICTIM (nervously): You have to. You'll find away. Tell the President that he has to pull the troops out of Belgrade. If the U.S. forces aren't pulled completely out by the end of this month, they say they're going to cut me into pieces and send them to you piece piece. . . . etc. Whether technology is going to be developed for the convenience of kidnappers and terrorists is an open question. But there is clearly at least this one clear use for anonymous video conferencing. There are probably more. | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick@netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLxG1reVevBgtmhnpAQH+jwL/cAzxwneTG6Wl7H9VCasFBH8X4daM8NUx ORKp06DYybTv45h2baQtINvpDceD4nHt3OThvIEMVg6FCGNq2fBolZHOqTwYP1K6 66QNxEjlyKiQ5dkNKPlwgabFZ6pR0H5y =sbqg -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: perry@imsi.com (Perry E. Metzger) Date: Mon, 9 Jan 95 11:07:22 PST To: cypherpunks@toad.com Subject: AT&T produces video encryptor -- is it clipper based? Message-ID: <9501091904.AA19196@webster.imsi.com> MIME-Version: 1.0 Content-Type: text/plain I just saw a story go by on the dow jones wire saying that AT&T had developed a "comprehensive security system for commercial information services". It is said to be an encryption system developed jointly by Bell Labs and VLSI, and its intedned for set-top boxes and "the internet". VLSI was one of the contractors on Clipper. Anyone know if this is an "escrowed" system? Anyone know any other details? Perry From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Matt Blaze Date: Mon, 9 Jan 95 13:10:05 PST To: perry@imsi.com Subject: Re: AT&T produces video encryptor -- is it clipper based? In-Reply-To: <9501091904.AA19196@webster.imsi.com> Message-ID: <9501091944.AA07520@merckx.info.att.com> MIME-Version: 1.0 Content-Type: text/plain >I just saw a story go by on the dow jones wire saying that AT&T had >developed a "comprehensive security system for commercial information >services". It is said to be an encryption system developed jointly by >Bell Labs and VLSI, and its intedned for set-top boxes and "the >internet". VLSI was one of the contractors on Clipper. Anyone know if >this is an "escrowed" system? Anyone know any other details? > > >Perry I wasn't involved in this product, but i know the people who are. No, It's not clipper based. It's beimngh announced (right now) at the rsa cinference (which I'm at tat the moment). More later -matt From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jamesd@netcom.com (James A. Donald) Date: Mon, 9 Jan 95 15:19:01 PST To: digitaliberty@phantom.com Subject: (fwd) Re: Racism on the Internet Message-ID: <199501092317.PAA08453@netcom5.netcom.com> MIME-Version: 1.0 Content-Type: text/plain Xref: netcom.com alt.internet.services:40076 alt.internet.media-coverage:2932 Path: netcom.com!ix.netcom.com!howland.reston.ans.net!pipex!uunet!nwnexus!news.halcyon.com!usenet From: mpdillon@halcyon.com (Michael Dillon) Newsgroups: alt.internet.services,alt.internet.media-coverage Subject: Re: Racism on the Internet Date: Wed, 28 Dec 1994 18:11:51 +0000 Organization: Memra Software Inc., Armstrong, B.C., Canada Lines: 36 Message-ID: References: <18570UODGFHLRSDHOUP@curvet.com> NNTP-Posting-Host: halcyon.com This is forwarded from can.infohighway. Note the quote from Rutkowski at the bottom. This info should be more generally know on the net. In article <18570UODGFHLRSDHOUP@curvet.com>, dshaw@curvet.com wrote: > > IN>ae763@FreeNet.Carleton.CA (Harvey Goldberg) writes: > > >I work for the Canadian Human Rights Commission. > >I am currently doing research on the use of the > >Internet for the propagation of hate material. > >The purpose of the research is to determine what > >measures could be considered to control the use > >of the Net for this type of purpose. > > >I would appreciate hearing from anyone who has > >any views, information or comments on this > >subject or who know of anywhere on the Internet > >where this matter is discussed. > > According to Tony Rutkowski, Executive Director of the Internet > Society, "The Internet from a regulatory standpoint falls into the > category of private value-added networks, and in most countries under > the treaty provisions of the ITU, as well as the GATT, these are > networks that are outside the purview of government. To the extent > that there is any kind of obligation by governments, it is to allow > such networks to exist on a competitive basis". January 1995>. --------------------------------------------------------------------- Cool cats, brick bats, bad boys wearin' big hats Surf's up, my cup, floating, flying, rising up. Michael Dillon mpdillon@halcyon.com C-4 Powerhouse, RR #2 michael@junction.net From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Rich Salz Date: Mon, 9 Jan 95 12:49:04 PST To: x Subject: Re: intelligent discovery agents Message-ID: <9501092044.AA08382@sulphur.osf.org> MIME-Version: 1.0 Content-Type: text/plain >Visit Sang at http://www.inlink.com/users/sangria/homepage.html >Sang has more information on Robots, Spiders, Ants, and Worms >than any other computer person I have yet to link up with. I suspect your original respondent doesn't get around very much. Rummaging around the above URL gets you little more then http://web.nexor.co.uk/mac/doc/robots/robots.html Tracing down the above URL points you to You really want to get the WWW conference proceedings; try email to wwwf94@osf.org and also http://www.ncsa.uiuc.edu/SDG/IT94/Proceedings/Agents.html Ob-crypto: there is a Security.html (instead of Agents) but it's more commerce-oriented, except for the DCE Web paper. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: db@Tadpole.COM (Doug Barnes) Date: Mon, 9 Jan 95 14:34:50 PST To: sandfort@crl.com (Sandy Sandfort) Subject: Re: for-pay remailers and FV In-Reply-To: Message-ID: <9501092235.AA15387@tadpole.tadpole.com> MIME-Version: 1.0 Content-Type: text/plain Sandy -- I for one read your proposal and thought, "yep, that's how it should work" and considered the problem solved. Not being a remailer operator (yet) I didn't want to get involved until I was or I had a more concrete proposal (e.g., "I am now accepting $$ for E-stamps, of the form ...") Also, there is no reason on earth to take FV for payment under such a scheme, if one wishes to preserve anonymity, and not have to deal with the fraud/reversal factors. (The stamp issuer would not know which blind-signed stamps were issued to the turkey who reversed all his credit card transactions two months after buying them -- see various threads on this vis-a-vis using FV to buy blinded digital cash and why it won't work too well.) However, for maximum anonymity, said consortium or other stamp issuer could easily accept money orders through the mail, with a disk with enclosed blind-signed tokens and the public key to be used in encrypting the stamps, which would be posted to, say, alt.anonymous.messages or whatever. A little overboard for most, but effective at preserving anonymity -- the stamp issuer could be the NSA, and it would make little difference as long as they continued exchanging $$ for stamps and redeeming stamps for $$. The stamp issuer could also take checks, or, if the fraud and reversability of credit cards were factored in, accept credit cards directly (possibly e-mailed using PGP.) I don't see any reason to get FV involved, unless one were so lame as to be unable to get signed up directly with the credit card companies as a merchant -- a process of appropriate complexity to indicate the posession of at least one (1) clue, which is prob. desirable in someone who's going to be handling remailer finances Sandy writes: > Gee, this sounds awfully familiar. Maybe Eric will have more > luck in getting you remailer folks to listen. I hardly got so > much as a peep when I suggested that a remailers' guild create > or authorize one or more digital stamp issuers. > > Damn, I hate being so far ahead of my time. > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Pierre Uszynski Date: Mon, 9 Jan 95 15:58:54 PST To: cypherpunks@toad.com Subject: Re: for-pay remailers and FV In-Reply-To: <9501092235.AA15387@tadpole.tadpole.com> Message-ID: <199501092359.PAA27987@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text Doug Barnes said: > > Sandy -- > > I for one read your proposal and thought, "yep, that's how it > should work" and considered the problem solved. Not being a > remailer operator (yet) I didn't want to get involved until I > was or I had a more concrete proposal (e.g., "I am now accepting > $$ for E-stamps, of the form ...") Same here, but from the other tack: "Remailer Guild??? Give me a break :-)" My problem with the idea of "Guild" (or any quasi general agreement) of remailer operators is that: On the one side: - The whole idea of a using a remailer chain comes from distrust of the operators. The operators should be the ones to distrust each other the most. And on the other side: - Most of the arguments I see in favor of some higher organisation comes from difficulties for the users in using the current payment systems without trace, and come from getting more weight in establishing policies. Simply put, we'll get to untraceable cash (usable as stamps on every envelope level), and we'll get to systematically encrypted messages (policy only relevant at last stage remailers) soon enough. A guild trying to distribute funds would need a system of accounting that the operators themselves couldn't mess up. Good luck. On the other hand, once you have: - anonymous, untraceable e-money (small amounts are fine, no large bank backing is fine, a simple anonymized Netcash would be fine. Remailers won't be making big money from any single cheating entity anytime soon.) - reputation systems, in the line of the current remailer pinging. They could include price surveys too. I also see them handling more flow control missions in particular for "everyone a remailer" remailers. - mailing tools that juggle for you all the different types of remailers, cash, and rep systems. Then and only then, you get for-pay remailers. There is still a need for political and legal support for last stage remailers but that's pretty likely to be country specific, and that's certainly independant from a payment system (which would be netwide). Finally, I do not believe that introducing payment in the remailer system would curb abuse in any significant way. Significant abuse is that which causes significant problems for the operators: posting secret religious technology, forging prime minister mail, harrassing a member of any number of opposite persuasions, etc... Do you think for a minute that a 5 cents postage is going to stop these messages now? And how about when remailers do attain good reliability and untraceability, for 3 cents? Give up already: remailers are going to transport lots of material that will be offensive to somebody, illegal somewhere, in bad taste here, or at least that somebody (with guns) will want to trace. That's the whole point of remailers. Remailers that want to limit the heat can, for now, restrict to encrypted traffic, there is certainly no dishonor to that. Pierre. pierre@shell.portal.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Andy Brown Date: Mon, 9 Jan 95 09:28:31 PST To: cypherpunks@toad.com Subject: RC5 data, anyone? Message-ID: MIME-Version: 1.0 Content-Type: text/plain Has anyone got any plaintext/cyphertext/key data sets that I can use to test my RC5 implementation against? +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A C0 1F 9F 66 64 02 4C 88 | +-------------------------------------------------------------------------+ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: shamrock@netcom.com (Lucky Green) Date: Mon, 9 Jan 95 17:35:14 PST To: cypherpunks@toad.com Subject: SafeBoot PC Security System Message-ID: MIME-Version: 1.0 Content-Type: text/plain I helped setting up the DigiCash booth at the RSA conference last night when some guy in the same room with us handed me a copy of their SafeBoot PC Security System. It consists of a processor, real-time clock, some other gadgets, and a magnetic transducer -- all embedded in a 3.5 inch floppy casing -- as well as some supporting software. The system interacts with the read/write head of the floppy drive, pretending to be a floppy. It is supposed to do provide for secure drive encryption (DES) and other things. Seems they are giving away one of these devices to each attendee of the conference. Does anyone on this list have experience with this device? I understand it has been out for a while. I use a Mac at home, and while I am resposible for some PC's at work, these are used for alpha testing of hardware components only , which makes them pretty unstable the way it is and I don't really want to add more trouble just to them to give the device a good workout. Sounds interesting, though... -- Lucky Green PGP encrypted mail preferred. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Anonymous User Date: Mon, 9 Jan 95 19:07:00 PST To: cypherpunks@toad.com Subject: No Subject Message-ID: <199501100222.AA15620@ideath.goldenbear.com> MIME-Version: 1.0 Content-Type: text/plain Pierre Uszynski writes: > Significant abuse is > that which causes significant problems for the operators: posting > secret religious technology, forging prime minister mail, harrassing a > member of any number of opposite persuasions, etc... on that note, check out this excerpt from the remailer-help file of the q@c2.org remailer: > Abuse/Self-Preservation Policy: > Abuse of the Q Mixmaster Remailer consists in those uses of the remailer > which endanger its continued operation. Please don't ruin anonymity > services for those people with legitimate needs for them. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Mon, 9 Jan 95 15:33:37 PST To: sandfort@crl.com (Sandy Sandfort) Subject: Re: for-pay remailers and FV Message-ID: <9501092326.AA05351@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 03:53 PM 1/9/95, Doug Barnes wrote: > ... Also, there is no reason on earth to take FV for payment under >such a scheme, if one wishes to preserve anonymity, and not have >to deal with the fraud/reversal factors. (The stamp issuer >would not know which blind-signed stamps were issued to the >turkey who reversed all his credit card transactions two months >after buying them -- see various threads on this vis-a-vis >using FV to buy blinded digital cash and why it won't work too >well.) > ... I don't see any reason to get FV involved, unless one were so lame >as to be unable to get signed up directly with the credit card >companies as a merchant -- a process of appropriate complexity >to indicate the posession of at least one (1) clue, which is prob. >desirable in someone who's going to be handling remailer finances MC/Visa require the reversibility of transactions as a condition of their merchant agreements. It's not something peculiar to FV. In fact, under certain conditions it is mandated by federal law. Escort services have a similar problem as far as non-returnability goes, but I don't know how they finesse their way around it. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: dfloyd@io.com Date: Mon, 9 Jan 95 17:25:52 PST To: nesta@nesta.pr.mcs.net (Nesta Stubbs) Subject: Re: Data Haven problems In-Reply-To: Message-ID: <199501100125.TAA29250@pentagon.io.com> MIME-Version: 1.0 Content-Type: text/plain > > On Mon, 9 Jan 1995, Mats Bergstrom wrote: > > > Hardly. (*.gi0 and *.jp0 for a start?) > > But what are data havens for, if not for controversial data? > > One of the greatest needs, if not _the_ greatest, in our times > > for a data haven is probably for storing porno. There is a > > tremendous, world-wide demand for porno. Yet, there are numerous > > countries where sex.gif's found on your disk (encrypted or not, > > they can use thumb-screws to force the key out of your hands) > > will put you in a very difficult situation (loss of social > > status, jail, decapitation). It might be much more convenient > > for, let's say, a Saudi teenager to store his encrypted private > > gif's in a data haven in Sweden, download them when he feels > > the urge and purge the copies after every use. > > My feelings exactly. > > Are we going to fall prey to the medias asault on porno and resort to > self-censorship? If a data haven resorted to filtering out all gifs and > jpegs, or even porno, then it wouldn't be one I wouldn't use it, for my > porn, nor for my other data. If it is going to be a datahaven it can;t > fall to such things as filtering data for controversial subject the owner > doesn't like. > > > i want to know everything http://www.mcs.com/~nesta/home.html > i want to be everywhere Nesta's Home Page > i want to fuck everyone in the world & > i want to do something that matters /-/ a s t e zine > My problem is not that people will bitch about my DH. My problem will be arfholes or yellow journalists uploading K*dd*e p**n to my DH, then making a long report how I cater to p*dofiles and other evil denezins that pop from time to time. Then, I get the police knocking at my door, asking me to come to Club Fed for a looooonnnggg vacation. Of course, the DH will be hidden by a good remailer (anon.penet.fi), but it is trivial to use traffic analysis to find where the DH lies. Just monitor traffic from/to the remailer and do a series of store/retrives. Then for confirmation, forge a mail from the dh site to the remailer with the password (obtained from sniffing) to yourself. This is the main reason I haven't worked on this code for so long, as well as finals and other distractions. Until I find a decent solution to this problem (The alpha test will be a snap... just allow certain people to send/get and ban all others, but once in full working mode this ceases to be a solution.) I am hesitant on setting up a working DH. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Mon, 9 Jan 95 17:44:27 PST To: cypherpunks@toad.com Subject: Pornography, What is it? Message-ID: <199501100141.TAA00216@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text From: ravage@bga.com To: cpunks the world over Hi all, I am very interested in the data haven issue now that I have my site up. The aspect of pornography is a problem that has to be faced. To this end, I would like to ask that we look at how pornography is defined. From my own view, I fail to see any way to truly define pornography as anything other than the ravings of a neurotic (both on a personal and a societal level). Every example of pornography I have seen has been put in that category because it contravenes some personal or group taboo. Take care. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Mon, 9 Jan 95 17:09:54 PST To: cypherpunks@toad.com Subject: revoked transactions/guerrilla fee remailers Message-ID: <199501100115.UAA15109@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Paul J. Ste. Marie writes: > MC/Visa require the reversibility of transactions as a condition of their > merchant agreements. It's not something peculiar to FV. In fact, under > certain conditions it is mandated by federal law. Escort services have a > similar problem as far as non-returnability goes, but I don't know how they > finesse their way around it. Two plausible tactics for escort services: [0] Price inflation: treat a revoked transaction rather like shoplifting, by passing the costs on to the customers; escort services are not cheap [1] Embarrassment: tip off family and employers of people who accept escorts, then decide not to pay for them; the perceived threat of publicity should keep plenty of folks in line There's not much that can be done to someone who uses an escort service once, revokes the transaction, and doesn't care who knows about it. How might this apply to remailing services ? Right now, with a fairly small customer base, I imagine price inflation would be impractical, but embarrassment might prove fairly effective. In the developed market we envision, presumably operators could get away with price inflation, but embarrassment would lose much of its potential sting. (I assume that once a critical mass of populace uses remailers, an announcement that Josie Worsham has used a remailer would elicit only yawns.) Do others see the resulting applicability of additional regulations to remailers as an issue in having them charge for service ? Within the category of fee-charging remailers, the distinction between non-profit and for-profit operations may be worth considering. I suppose that the IRS and analogous agencies would be inclined to ask questions about it, for starters. My threat model for the remailer bramble includes, at a minimum, a host of typical government agencies obligated to wrap everything in red tape. Look for anti- trust investigations to be launched against a price-fixing cartel of remailers. - - From what I've seen so far, accepting payment would seem to make anonymous _operation_ of a remailer well nigh impossible. Anonymous operation with revenue would require a corresponding level of anonymity in the transfer of money. Until such time as conversion of funds from a net-liquid form to a conventional form becomes unnecessary (or just commonplace ?), financial traffic analysis can't adequately be thwarted. All this bodes ill, IMHO, for the prospect of guerrilla or quasi-guerrilla remailers charging for service any time soon. There's just too much infrastructure to which they'd need to be tied at the moment. -L. Futplex McCarthy; PGP key by finger or server "The objective is for us to get those conversations whether they're by an alligator clip or ones and zeroes. Wherever they are, whatever they are, I need them." -FBI Dir. Freeh - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxHeC2f7YYibNzjpAQGhlQP/fkyvN0QqDkbLhgqecGUaeu3cbCstMd4y lgs/XzCeiXVt6EiQ8tmDVbq4G0QYTGntph/3knciJopGrH+Nu6LVmiqWNiRWFxm8 zJBRenCW2SN9nRixJiI4S2n0yQ//v9C7sOEfmu9SToQDYc+U1CBNSUhhJAveT1GN BD4WNFlm/WY= =VY8W - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxHfcSoZzwIn1bdtAQGyEAGAwKES86hkJ8GkLsYCr+vEAjH1/L2GdrCj jw0b83L7FHA99sUihIYe2zUUxr+Sqb2b =7Aai -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jrochkin@cs.oberlin.edu (Jonathan Rochkind) Date: Mon, 9 Jan 95 17:37:08 PST To: "L. McCarthy" MIME-Version: 1.0 Content-Type: text/plain At 8:15 PM 01/09/95, L. McCarthy wrote: >- - From what I've seen so far, accepting payment would seem to make anonymous >_operation_ of a remailer well nigh impossible. Anonymous operation with >revenue would require a corresponding level of anonymity in the transfer of >money. Until such time as conversion of funds from a net-liquid form to a >conventional form becomes unnecessary (or just commonplace ?), financial >traffic analysis can't adequately be thwarted. >All this bodes ill, IMHO, for the prospect of guerrilla or quasi-guerrilla >remailers charging for service any time soon. There's just too much >infrastructure to which they'd need to be tied at the moment. Well, that's certainly true, for the reasons you gave. Right now, it's enough of a chore just to get non-anonymously run remailers charging for operation. And it's not easy to set up an effective guerilla remailer either. I think the set of tools and environments that make it possible to run a remailer anonymously and charge for it certainly aren't going to exist until the component problems of charging for a remailer at all and running a guerilla remailer at all are made easy. I think once both of those problems are dealt with, it won't be too dificult to deal with the combined problem of guerilla for-pay remailers. Or at least, exactly what things are neccesary to solve that combined problem will be obvious. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Mon, 9 Jan 95 18:58:04 PST To: Cypherpunks Subject: Re: Experiments and Toys vs. the Real Thing In-Reply-To: <199501091946.LAA06410@netcom18.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 9 Jan 1995, Timothy C. May wrote: I was one who wrote a post saying that a data haven should support all files, including porno and such things, and that filtering would be bad karma. I was under the assumption then that we were talking about fully operational, well established Data-havens, as in I thought were were speaking mostly hypotjetically. I agree with tim when it comes to the experimental stage of a project. > Digital cash is more clearly still at the experimental level, as are > anonymous markets (like BlackNet), data havens, and so forth. > I would like it if the person who is working ont eh datahaven code would give us soem more information, like what it does, what are the plans for it etc.. DataHaven is a vague word. Blacknet is going on right now, only none of uf are involved in it, not to say I'm so k-rad and kool that i am underground and involved in it, but eh anonymous market is alive today, JUST that it isn't bieng studied, like one such as BlackNet concievably owuld have been. There are definetly people making anon. transactions out there. > The recent claims that nascent "data havens" _must_ support all files, > including hard-core porn, weapons secrets, etc. seems to be an example > of this. I'm not for censorship, just concerned that the data haven > _experiments_ are not secure enough, not robust enough, to actually > carry high-visibility files. > I was refering to the finished, established project, and not the experiment/study level. > (And let's not forget "snatch teams" that grab foreign nationals > suspected of crimes...Israel, Iraw, Iran, and the U.S. have grabbed > people in other countries. And more common is simple execution. If a > Swedish data haven carried files related to U.S. operations, and the > data haven location was known--part of what I mean by saying the > enabling technologies do not yet exist--then various measures would be > applied. Diplomatic, equipment sabotoage, even killing the operators. > I'm not being Ludlumesque here...clearly such "threats to national > security" would be seen as justifying various reactions. Especially to > send a message to other potential operators.) > Sterling's _Islands In The Net_ is a must read for this topic matter. In this book, the DataHaven operators maintain security thru the data they horde, by hoding it over poeples heads, and also by just plain technical savvy(ala action thrillers hehe) > --Tim May, who thinks the first real data havens will come under > intense attack and so had better be secure from the start > I would like to help get them off the ground, by either providing help with code, policy, or just another head in teh game. They are a techno fetish of mine, I mean I'm even nymed after one, Nesta Stubbs, from _Islands In The Net_ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Mon, 9 Jan 95 19:09:47 PST To: dfloyd@io.com Subject: Re: Data Haven problems In-Reply-To: <199501100125.TAA29250@pentagon.io.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 9 Jan 1995 dfloyd@io.com wrote: > My problem is not that people will bitch about my DH. My problem will > be arfholes or yellow journalists uploading K*dd*e p**n to my DH, then > making a long report how I cater to p*dofiles and other evil denezins > that pop from time to time. Then, I get the police knocking at my > door, asking me to come to Club Fed for a looooonnnggg vacation. > I myself see nothing wrong with selectivly choosing your users at this juncture. With an experimental server that wouldn't have the back-up to protect itself fomr attacks in real-space(police feds guns dogs fundies) you DO need to be careful. If you wanna turn this into a profit thing(which is possible) you then would get to choose your clients. I guess what I meant o say in tha tlast letter, was directed towards a full-fledged, well established and backed DataHaven that was not run for profit, but rather as a service to help the public(yeah, I know this lists idea on those projects, I wont go that direction no more) and thus would need to be open liek that. > Of course, the DH will be hidden by a good remailer (anon.penet.fi), but > it is trivial to use traffic analysis to find where the DH lies. Just > monitor traffic from/to the remailer and do a series of store/retrives. > Then for confirmation, forge a mail from the dh site to the remailer with > the password (obtained from sniffing) to yourself. > Well for an experiemnt that is fine, and I don't see it then much mroe then a listerv file service with encryption, unless i am missing something in teh DataHaven you have planned. But later on when you wanna get serious and shit, you could get better shielding then that, depending on how much money you wanna spend. Everythign from offshore sites with sattelite feeds or radio feeds(encrypted of course) with physical securiy measures and such. > This is the main reason I haven't worked on this code for so long, as > well as finals and other distractions. Until I find a decent solution > to this problem (The alpha test will be a snap... just allow certain > people to send/get and ban all others, but once in full working mode > this ceases to be a solution.) I am hesitant on setting up a working > DH. > I would set one up if I had the code tha tmet my standards(I don't have time right now to write it myself, but maybe if this thread goes well i will be inspired enough to order a few pizzas and go for it). Right now my connection is muc much too slow to allow such traffic. This is somethign i have been doing some serious thinking about also. I cn actually see it bieng possible for me to have a small scale experiemntal data haven up and running in the near future, acting not only as a drop box, but also as a storage place and database of obscure information. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Mon, 9 Jan 95 19:13:27 PST To: root Subject: Re: Pornography, What is it? In-Reply-To: <199501100141.TAA00216@einstein.ssz.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 9 Jan 1995, root wrote: > > From: ravage@bga.com > To: cpunks the world over > > Hi all, > > I am very interested in the data haven issue now that I have my site up. The > aspect of pornography is a problem that has to be faced. To this end, I would > like to ask that we look at how pornography is defined. What you define as pornography doesn't mean shit, it's what the media and jornalists and fundies etc.. decide is pornographic that you gotta watch out for. This means just about anythign that isn't vanilla After School Special material is suspect. I too mayt have a site int eh near future, so I am interested int eh project also, as I have always been really into the idea of data-havens. I think that a self-sufficient data-haven is going to need alot of resources tho to continue it's operation past the pont were it is known to exist. i want to know everything http://www.mcs.com/~nesta/home.html i want to be everywhere Nesta's Home Page i want to fuck everyone in the world & i want to do something that matters /-/ a s t e zine From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Raul Deluth Miller Date: Mon, 9 Jan 95 18:25:54 PST To: cypherpunks@toad.com Subject: data havens Message-ID: <199501100225.VAA08907@nova.umd.edu> MIME-Version: 1.0 Content-Type: text/plain The problem with encryption, in general, is that it's an attempt to hide information -- unless the information is trivial, encryption is only a temporary measure. Believe it or not, the government (or, more properly, people associated with the government) is still trying to figure out which industries are Iraqi owned -- one technique being brought to bear is statistical analysis of company activities, with special attention to changes which occurred during the gulf war. The only way to have data havens be acceptable to the U.S. government would be to have them become acceptable to the U.S. population (or some significant fraction of them). This would imply phasing out the DEA and the IRS, at a minimum. [Newspaper article this weekend: how it's so horrible that some people deal in cash and thus are evading the IRS.] More generally, the way to keep a data haven from being located is to make sure it doesn't have a location... This is hard to do without severely impacting latency. -- Raul D. Miller N=:((*/pq)&|)@ NB. public e, y, n=:*/pq P=:*N/@:# NB. */-.,e e.&factors t=:*/<:pq 1=t|e*d NB. (,-:<:)pq is four large primes, e medium x-:d P,:y=:e P,:x NB. (d P,:y)-:D P*:N^:(i.#D)y [. D=:|.@#.d From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Mon, 9 Jan 95 19:30:14 PST To: nesta@nesta.pr.mcs.net (Nesta Stubbs) Subject: Re: Data Haven problems Message-ID: <9501100322.AB12220@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 07:25 PM 1/9/95, dfloyd@io.com wrote: > ... Of course, the DH will be hidden by a good remailer (anon.penet.fi), but >it is trivial to use traffic analysis to find where the DH lies. Just >monitor traffic from/to the remailer and do a series of store/retrives. >Then for confirmation, forge a mail from the dh site to the remailer with >the password (obtained from sniffing) to yourself. ... Hmm, hmm. Using c'punk remailers with encrypted send blocks fixes one problem, especially if the c'punk mailers do some sort of file splitting and reassembly along the lines of what happens to IP packets that are too large for a given link. What would also help would be a mechanism for randomly varying the encrypted send-to block. The password replay attacks can be fixed by encrypting the transmitted password along with a timestamp/sequence number. One problem that remains would be a trail left by the increased traffic to/from a DH vs a normal user. That could only be fixed by a multitude of DH sites. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Mon, 9 Jan 95 20:36:44 PST To: nesta@nesta.pr.mcs.net (Nesta Stubbs) Subject: Re: Pornography, What is it? In-Reply-To: Message-ID: <199501100432.WAA00738@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text > > > > I am very interested in the data haven issue now that I have my site up. The > > aspect of pornography is a problem that has to be faced. To this end, I would > > like to ask that we look at how pornography is defined. > > What you define as pornography doesn't mean shit, it's what the media and > jornalists and fundies etc.. decide is pornographic that you gotta watch > out for. This means just about anythign that isn't vanilla After School > Special material is suspect. > I am well aware that what I personaly consider pornography carries little weight. But it does carry some since I do vote. There is the whole issue of community standard that has been left out of this discussion so far and that means that I as a taxed land owner (5 acres in Lockhard, TX) get to sit on juries now and again. In that sense what I believe can carry a lot of weight. Even to the point of refusing to convict somebody because I personaly feel a law or precedence is incorrect. But when you consider states like Oregon where the whole concept of pornography has been removed from the books it makes me have a little hope for sanity. My personal contention is that pornography does not exist any more than good or evil do, these concepts are based on our personal ethos not anything absolute. > I too mayt have a site int eh near future, so I am interested int eh > project also, as I have always been really into the idea of data-havens. > I think that a self-sufficient data-haven is going to need alot of > resources tho to continue it's operation past the pont were it is known > to exist. > As to data havens being dangerous to run...I don't know. At the recent HoHoCon there was a long discussion 'bout networks hidden within networks that was very intriguing. If Doug Barnes is reading this he may be willing to reiterate some of the talk. I do know that at the moment my partners and myself are looking at remailer software running under Linux and data havens are something that we have discussed. I personaly see data havens as a repository for information that is beyond the keen of governments to regulate. This is the key point to me. Not whether it is industrial secrets, military secrets, or .gif's that jr. can get his rocks off over. I see the whole pornography issue as a red herring that keeps the dim-witted and ignorant busy on while everyone else with a clue gets on with their own personal agenda. I do not mean this to imply a conspiracy, simply that most DA's have something they want (ie political clout) and they will in general do whatever it takes to get. In a sense one could consider such regulatory agencies as mercenaries for personal gain. > i want to know everything http://www.mcs.com/~nesta/home.html > i want to be everywhere Nesta's Home Page > i want to fuck everyone in the world & > i want to do something that matters /-/ a s t e zine > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Hal Date: Mon, 9 Jan 95 23:02:20 PST To: cypherpunks@toad.com Subject: Re: for-pay remailers and FV Message-ID: <199501100701.XAA15283@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- From: Pierre Uszynski > Finally, I do not believe that introducing payment in the remailer > system would curb abuse in any significant way. Significant abuse is > that which causes significant problems for the operators: posting > secret religious technology, forging prime minister mail, harrassing a > member of any number of opposite persuasions, etc... Do you think for a > minute that a 5 cents postage is going to stop these messages now? And > how about when remailers do attain good reliability and untraceability, > for 3 cents? I had suggested an idea a while back where you would try to address the abuse issue directly rather than charging per message. I agree with Pierre that any reasonable per-message charge will not help in many forms of abuse, although it should address the worst spam attacks. The idea is to have a sort of digital cash token, but it is free. The key is that each person just gets one of these, but they are reusable. After a remailer sends a message, it waits and sees if it gets any complaints. If not, the token is re-blinded and made available to the original user via some kind of pool. He can then send another message. But if he commits abuse, he doesn't get his token back. Obviously there are problems with this, the worst probably being how we can keep people from acquiring lots of tokens under different names. Perhaps you could charge some small amount for them, but require VISA payment, and check the names on the VISA cards. (This doesn't hurt anonymity when the tokens are actually used because of the blinding.) To get multiple tokens a person would have to commit some serious real world name trickery, a considerably higher barrier than making up a pseudonym on the net. Another problem is that as stated above, you could only send one anonymous message every day or two. Perhaps we relax the rules and let people have a few of these tokens; they can then abuse the system a few times but each time they lose a token. A similar idea might work for the data haven problem, although I don't understand exactly what is intended there. This approach is a variation on the "is a person" credential, which attempts to make sure that each person only gets one of something. A lot of situations would benefit from such a credential, although some people don't like them. Hal -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLxIw2RnMLJtOy9MBAQGWCgH6A1SFyzZDDhd/NVrMck5SAf3mS4IOl5On aJNFKUopZi4Fb7tqQfbFukDl/lF+clnBDBNh/yXAsFcABJaWaTUzZA== =pLOT -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Mon, 9 Jan 95 21:07:46 PST To: root Subject: Re: Pornography, What is it? In-Reply-To: <199501100432.WAA00738@einstein.ssz.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Mon, 9 Jan 1995, root wrote: > As to data havens being dangerous to run...I don't know. At the recent HoHoCon > there was a long discussion 'bout networks hidden within networks that was very > intriguing. If Doug Barnes is reading this he may be willing to reiterate some > of the talk. I do know that at the moment my partners and myself are looking > at remailer software running under Linux and data havens are something that we > have discussed. I personaly see data havens as a repository for information > that is beyond the keen of governments to regulate. This is the key point to > me. Not whether it is industrial secrets, military secrets, or .gif's that > jr. can get his rocks off over. This is something I have been doing seom writing on lately, teh idea of nets on top of nets, the almost fractal nature of networking of this scale and horizontal nature on the INternet. A DatHaven, like I mentioned in another post, is a vauge name, it could be some hacker kid with a lot of space on his HD and a fast modem who hacks the local univeristy and installes term, riggin his term connection to allow FTP connections, or telnet connections, or it oculd be someone with a decent size dinvestor backing him up as he gets a site linked ot teh net from some Carribean Island, who collects and intercepts TRW and Equifax like data on credit transactions and shit like that, selling it to those about to invest in soemone or something and want more info on it. OR maybe it's an elaborate set-up of mail aliases thru remailer chains and clearing stations that lead to data safe deposit boxes, where someone can leave a large amount of date anon, and then allow osmeone else to retrieve it anon also. With suffiecient planning, coding and equipment a datahaven could perform almost all the ideas that Tim came up with in his cyphernomicon, from selling crdit info, to a data drop box, to a holding agent for anon transactions(can't remember proper term). damn I wish I could have made it to HoHoCon. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Raul Deluth Miller Date: Mon, 9 Jan 95 20:07:07 PST To: cypherpunks@toad.com Subject: Re: Pornography, What is it? Message-ID: <199501100406.XAA14238@nova.umd.edu> MIME-Version: 1.0 Content-Type: text/plain Pornography is in the eyes of the beholder. [Especially if the beholder happens to be a postmaster in Memphis...] -- Raul D. Miller N=:((*/pq)&|)@ NB. public e, y, n=:*/pq P=:*N/@:# NB. */-.,e e.&factors t=:*/<:pq 1=t|e*d NB. prim=:1&=@| 2&^@<: [. large=:>&(2^1024) x-:d P,:y=:e P,:x NB. (d P,:y)-:D P*:N^:(i.#D)y [. D=:|.@#.d From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Dean Anderson Date: Thu, 12 Jan 95 14:12:56 PST To: lpf-all-members@albert.gnu.ai.mit.edu Subject: LPF Statement on the GIF controversy Message-ID: <9501092348.AA28210@loki.hi.com> MIME-Version: 1.0 Content-Type: text/plain [ Please repost this wherever you think is appropriate! ] Until now, most computer professionals and companies have ignored the problem of software patents. The GIF format for graphical images was adopted widely on the net, despite the Unisys patent covering the LZW data compression algorithm. The patent dates to 1985, but its enforcement has been carried out with private threats; most victims are afraid to talk about it. Now the patent has shown its teeth. For a few days, the Internet community was shaking with anger at the surprise demand to pay license fees for the use of GIF format. It turns out that the license being offered today is only for Compuserve users. Compuserve accepted an offer from Unisys that they couldn't refuse. Compuserve users can accept this offer now, or face Unisys later on their own. The rest of us don't have a choice--we get to face Unisys when they decide it's our turn. So much trouble from just one software patent. There are now over ten thousand software patents in the US, and several thousand more are issued each year. Each one may be owned by, or could be bought by, a grasping company whose lawyers carefully plan to attack people at their most vulnerable moments. Of course, they couch the threat as a "reasonable offer" to save you miserable years in court. "Divide and conquer" is the watchword: pursue one group at a time, while advising the rest of us to relax because we are in no danger today. Software patents may not seem like an urgent problem until you find one aimed at you. We all have other fires to fight, and most developers have hoped that the patents would never blaze up. In an ironic way, Unisys has done us a favor--by showing that the problem is too serious to ignore. What people first feared, could just as well have happened. Each of the thousands of software patents has the potential to devastate a segment of the community, both software developers and users. There will be more nasty surprises. They are part of a system. Unisys has given us a chance to work together to change the system--rather than waiting to be sued one by one for this patent or that. We can win the fight against software patents, if we speak loud and clear against them. What can people do? * Express your disapproval to Unisys by writing a letter to its CEO. Tell him what you think of his company's actions: James Unruh CEO UNISYS Corp. PO Box 500 Blue Bell, PA 19424 fax: 215-986-6850 Please use snail mail--a physical pile of letters is more impressive, psychologically, than a big file of email. Keep it short--ten lines is enough. Don't spend hours composing your letter; there's no need. But do write it in your own words, because sending a form letter written by someone else is not impressive. Make it clear that the usual excuses--"We're just exercising our property rights; look how reasonable we are being (compared to what we _could_ have done)"--won't wash with you. Avoid saying anything nasty that would give Unisys a chance to paint itself as the victim. Cold condemnation is more powerful than flames. Please email a copy of your letter to the League for Programming Freedom at gif-letters@lpf.org. We might ask you for permission to publish your letter. * Don't sign a license--stop using GIF. The World Wide Web consortium at MIT will probably be coordinating the move away from GIF, and offering advice and assistance. See `http://www.w3.org/'. * Join the League for Programming Freedom. The League is a membership-based organization whose aim is to bring back the freedom to write software. The League says that no one should be able to dictate what kinds of programs you can write. You can contact the LPF by email to lpf@uunet.uu.net, or look at its Web pages at `http://www.lpf.org/'. ** Note: the recent license demand came in the name of Compuserve; but the impetus for it came from Unisys. Compuserve developed the GIF format many years ago, not knowing there was a patent on LZW. (Most programmers have no idea what patents their programs are vulnerable to--there are too many patents to keep track of.) When Unisys threatened to sue them, Compuserve had to give in to Unisys's demands. Compuserve arranged to be allowed to offer Compuserve users a sublicense, but the "offer" was formulated in a way that was tantamount to an ultimatum. Compuserve may bear responsibility for some of the details of how this was handled, but the main responsibility falls on Unisys. It is Unisys that claims the power to dictate what kinds of software you can write. Unisys decided to use the power for aggression; Unisys forced Compuserve to participate. =++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++= Dean Anderson Dean@hi.com President League for Programming Freedom From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Dean Anderson Date: Thu, 12 Jan 95 17:24:56 PST To: lpf-all-members@albert.gnu.ai.mit.edu Subject: /n@Nd0/ LPF Statement on the GIF controversy Message-ID: <9501092348.AA28210@loki.hi.com.nando> MIME-Version: 1.0 Content-Type: text/plain [ Please repost this wherever you think is appropriate! ] Until now, most computer professionals and companies have ignored the problem of software patents. The GIF format for graphical images was adopted widely on the net, despite the Unisys patent covering the LZW data compression algorithm. The patent dates to 1985, but its enforcement has been carried out with private threats; most victims are afraid to talk about it. Now the patent has shown its teeth. For a few days, the Internet community was shaking with anger at the surprise demand to pay license fees for the use of GIF format. It turns out that the license being offered today is only for Compuserve users. Compuserve accepted an offer from Unisys that they couldn't refuse. Compuserve users can accept this offer now, or face Unisys later on their own. The rest of us don't have a choice--we get to face Unisys when they decide it's our turn. So much trouble from just one software patent. There are now over ten thousand software patents in the US, and several thousand more are issued each year. Each one may be owned by, or could be bought by, a grasping company whose lawyers carefully plan to attack people at their most vulnerable moments. Of course, they couch the threat as a "reasonable offer" to save you miserable years in court. "Divide and conquer" is the watchword: pursue one group at a time, while advising the rest of us to relax because we are in no danger today. Software patents may not seem like an urgent problem until you find one aimed at you. We all have other fires to fight, and most developers have hoped that the patents would never blaze up. In an ironic way, Unisys has done us a favor--by showing that the problem is too serious to ignore. What people first feared, could just as well have happened. Each of the thousands of software patents has the potential to devastate a segment of the community, both software developers and users. There will be more nasty surprises. They are part of a system. Unisys has given us a chance to work together to change the system--rather than waiting to be sued one by one for this patent or that. We can win the fight against software patents, if we speak loud and clear against them. What can people do? * Express your disapproval to Unisys by writing a letter to its CEO. Tell him what you think of his company's actions: James Unruh CEO UNISYS Corp. PO Box 500 Blue Bell, PA 19424 fax: 215-986-6850 Please use snail mail--a physical pile of letters is more impressive, psychologically, than a big file of email. Keep it short--ten lines is enough. Don't spend hours composing your letter; there's no need. But do write it in your own words, because sending a form letter written by someone else is not impressive. Make it clear that the usual excuses--"We're just exercising our property rights; look how reasonable we are being (compared to what we _could_ have done)"--won't wash with you. Avoid saying anything nasty that would give Unisys a chance to paint itself as the victim. Cold condemnation is more powerful than flames. Please email a copy of your letter to the League for Programming Freedom at gif-letters@lpf.org. We might ask you for permission to publish your letter. * Don't sign a license--stop using GIF. The World Wide Web consortium at MIT will probably be coordinating the move away from GIF, and offering advice and assistance. See `http://www.w3.org/'. * Join the League for Programming Freedom. The League is a membership-based organization whose aim is to bring back the freedom to write software. The League says that no one should be able to dictate what kinds of programs you can write. You can contact the LPF by email to lpf@uunet.uu.net, or look at its Web pages at `http://www.lpf.org/'. ** Note: the recent license demand came in the name of Compuserve; but the impetus for it came from Unisys. Compuserve developed the GIF format many years ago, not knowing there was a patent on LZW. (Most programmers have no idea what patents their programs are vulnerable to--there are too many patents to keep track of.) When Unisys threatened to sue them, Compuserve had to give in to Unisys's demands. Compuserve arranged to be allowed to offer Compuserve users a sublicense, but the "offer" was formulated in a way that was tantamount to an ultimatum. Compuserve may bear responsibility for some of the details of how this was handled, but the main responsibility falls on Unisys. It is Unisys that claims the power to dictate what kinds of software you can write. Unisys decided to use the power for aggression; Unisys forced Compuserve to participate. =++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++==++=+=+=+++= Dean Anderson Dean@hi.com President League for Programming Freedom From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Christopher Allen Date: Tue, 10 Jan 95 00:16:36 PST To: cypherpunks@toad.com Subject: PRESS RELEASE - RSA Licenses Commercial Distribution Rights to RSAREF (long) Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,MIC-CLEAR Content-Domain: RFC822 Originator-Certificate: MIICRjCCAdsCBQJTAAAEMA0GCSqGSIb3DQEBAgUAME4xCzAJBgNVBAYTAlVTMRMw EQYDVQQIEwpDYWxpZm9ybmlhMSowKAYDVQQKEyFDb25zZW5zdXMgRGV2ZWxvcG1l bnQgQ29ycG9yYXRpb24wHhcNOTQwNjI3MDAwMDAwWhcNOTUwNjI2MjM1OTU5WjCB 4DELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExKjAoBgNVBAoTIUNv bnNlbnN1cyBEZXZlbG9wbWVudCBDb3Jwb3JhdGlvbjETMBEGA1UEERMKOTQxMTQt MzYxNTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj bzEeMBwGA1UECRQVNDEwNC0yNHRoIFN0cmVldCCmNDE5MRIwEAYDVQQMEwlQcmVz aWRlbnQxGjAYBgNVBAMTEUNocmlzdG9waGVyIEFsbGVuMHAwDQYJKoZIhvcNAQEB BQADXwAwXAJVKa43Pd6AhLaYGRLMwvGGvZ7dtzK+XpsRtwKYEDQKHE8swS09ViEg MKuMa/+weQXDBpqQ6SDj/xgHGzmwGhkbeitPWr/6Du5gemMLrhhTs8eMhAXLXwID AQABMA0GCSqGSIb3DQEBAgUAA1YAEkQDfJmroAMZD5v1F7fPK38y4waoX0FSpdsf jcXf04URcEJc5dCFm0DzrMPMdVpNz5tpSBy0ZUeg/xqbwRfHIW34bMAVLc9kojIi AGXlHL/q8HRCIx== Issuer-Certificate: MIIB6TCCAVYCBQJBAAAKMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDA1MDUwMTEwMDRaFw05 OTA0MzAwMTEwMDRaME4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MSowKAYDVQQKEyFDb25zZW5zdXMgRGV2ZWxvcG1lbnQgQ29ycG9yYXRpb24wcDAN BgkqhkiG9w0BAQEFAANfADBcAlUpc+2/Ec+bydwsB6enemznB/aQwd4gp2YSI3FW PHl2tc/aa7HZFA0qCL/0Ol6ituC+yUEO3IWKQ5U8hhl1RVqmW7mzwNOr2yeHIFA5 rqXvAvMvlGpvAgMBAAEwDQYJKoZIhvcNAQECBQADfgA2QEssX/nG3spHBpbkU4KV oQdVhxtQEmjuIrqBVI9jQRntacJ0tw1m5MsLV6hNMV/mD0yKmDc9ywSF7ZWIipVY tz8E52yQEprR+JxTad+/ZtTI0wEvEM5313jUF4ivF86eOuZDqHd4zbRHk6ggIAGH 86GFbMaWDaKoGUrde2== MIC-Info: RSA-MD5,RSA, J9l0zSgqnVqK8a9QQ3Ml+O6tv58PsVmCELOQTqj1i8HCQoHpJ+bEmayf4WyIbqoY y4xFecAPQfP5hpHPLVoLX4IM7kNT0UhDHW8XklfhhAVE1+Y0Og== Date: Mon, 09 Jan 1995 09:00:00 -0800 Subject: PRESS RELEASE - RSA Licenses Commercial Distribution Rights to RSAREF From: Christopher Allen Organization: Consensus Development Corporation, San Francisco, CA USA Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Text-Source: ftp://ftp.consensus.com/pub/consensus/pr/RSAREF-PR.txt X-HTML-Source: http://www.consensus.com:8300/RSAREF-PR.html Summary: RSA announces that it is licensing commercial distribution rights of its RSAREF software to Consensus Development, allowing for implementation of commercial Privacy Enhanced Mail (PEM) applications. Keywords: press release, consensus development corporation, rsa data security, rsaref, commercial license, support, marketing, maintenance, encryption, digital signature, source code, tool kit, PEM, privacy enchanced mail RSA Licenses Commercial Distribution Rights to RSAREF ===================================================== RSA announces that it is licensing commercial distribution rights of its RSAREF software to Consensus Development, allowing for implementation of commercial Privacy Enhanced Mail (PEM) applications. Press Release - ------------- REDWOOD SHORES, CALIFORNIA--JANUARY 9, 1995--RSA Data Security, Inc. and Consensus Development Corporation jointly announce today at the RSA Data Security Conference that Consensus Development is licensing the commercial distribution rights of RSAREF from RSA Data Security. RSAREF (pronounced "R.S.A. reff") is short for "RSA reference implementation" and is a cryptography source code toolkit designed to allow developers to create PEM (Privacy-Enhanced Mail)software and other encryption/authentication tools. Until now, RSAREF has been an unsupported RSA product approved for use only as part of freeware and not-for-profit software applications. Consensus Development will now be able to market and license RSAREF to commercial software developers, and provide software support and future enhancements to the RSAREF source code library. This announcement is significant because it is the first program of its kind to make the RSAREF implementation of RSA's popular patented authentication technology available to commercial vendors. "Data mailed, posted, or put on servers on the Internet is inherently untrustable today, " said Jim Bidzos, president of RSA. "Tampering with electronic documents takes no special skills, and leaves no trace.With the availability of RSAREF for both free software as well as commercial software there is no need for this situation to continue." Now that a commercial license to RSAREF is available, applications may now be developed and sold that incorporate Privacy-Enhanced Mail's authentication and encryption capabilities. Christopher Allen, President of Consensus Development adds "The PEM standards have been under development for a couple of years and only now are coming to fruition. The ability to offer both freeware developers and commercial software vendors a license to RSAREF will kickstart the adoption of PEM-capable mail software." Consensus Development will be creating an email discussion list for software developers interested in RSAREF. To join the discussion, send a message to with the body of the message requesting "subscribe RSAREF-DEV-L firstname lastname". Background - ---------- The RSA cryptosystem was invented and patented in the late 1970's by Drs. Rivest, Shamir, and Adleman, at the Massachusetts Institute of Technology, who started RSA Data Security in Redwood City, California, in 1982. Digital signatures are produced using the RSA Cryptosystem, which is a public-key cryptosystem. Each user has two keys - one public and one private. The public key can be disclosed without compromising the private key. Electronic documents can be "signed" with an unforgeable signature by using a document/private-key combination to produce a signature unique to the author and particular document. Anyone using an application that supports RSAREF and has the public key of the author can subsequently verify the authenticity of the document. Applications of digital signatures are endless: expense reports, electronic forms and purchase orders, contract revisions, engineering change orders, even tax returns can be electronically signed to speed electronic document flow and eliminate fraud. Furthermore, digital signatures can also be used to detect any virus before a program is executed, since any change whatsoever is detected. One reason that the paperless office has never materialized is that paper must still be printed so that handwritten signatures can be applied. RSAREF eliminates that necessity. Applications supporting RSAREF could have prevented last year's computer fraud at Dartmouth College, in which students were tricked into missing an important midterm by a fraudulent electronic mail message claiming to be from university faculty. Corporate Profiles - ------------------ RSA Data Security, Inc. is the acknowledged world leader in encryption technology, with over three million copies of its software encryption and authentication installed and in use worldwide. RSA is a defacto standard for encryption and digital signatures, and is part of existing and proposed standards for the Internet, CCITT, ISO, ANSI, IEEE and business and financial networks around the globe. RSA develops and markets platform-independent software developers' kits, end-user products, and provides comprehensive consulting services in the cryptographic sciences. RSA technology has been embedded in the products of many companies, including Microsoft, IBM, Apple, Oracle, General Magic, DEC, Sun, Novell, Lotus, Motorola, Northern Telecom, AT&T, WordPerfect, General Electric, Hughes Aircraft, and many others. The company is headquartered in Redwood City, California. Consensus Development Corporation is a software development and consulting firm specializing in the support of organizations that need long-distance collaboration via wide-area networks and the Internet.Consensus Development has been offering consulting and software tools in the area of collaboration support since 1988 and is based in San Francisco, California. Clients include Aladdin Systems, American Information Exchange (AMIX), America Online, Apple Computer, Attain, Authorware, Berrett-Koehler Publishers, Claris Corporation, Component Integration Laboratories, Connectix Corporation, Digicash bv, Group Technologies, InterCon, ON Technology, Portfolio Systems, RSA Data Security, Ronin Publishing, Software Ventures, Visa International, and Xanadu Operating Company. Contact - ------- Kurt Stammberger RSA Data Security, Inc. 415/595-8782 Christopher Allen Consensus Development Corporation 415/647-6383 $$ - ------------------------------------------------------------------------ ...Christopher Allen Consensus Development Corporation.. ... 4104-24th Street #419.. ... San Francisco, CA 94114-3615.. ... o415/647-6383 f415/647-6384.. ...Mosaic/WWW Home Page: .. ...Consensus Home Page .. -----END PRIVACY-ENHANCED MESSAGE----- Created with RIPEM Mac 0.8.5 b1 From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: rishab@dxm.ernet.in Date: Mon, 9 Jan 95 18:45:28 PST To: cypherpunks@toad.com Subject: Privacy markets Message-ID: MIME-Version: 1.0 Content-Type: text/plain mkj@october.ducktown.org wrote: > Bottom line: Anonymity is the only available tool which puts control > over my own privacy firmly into my own hands, where it belongs, and > does so without infringing on anyone's freedom of speech. Certainly Some months ago I extended this to the concept of privacy markets - where individuals will be able to disclose their 'truename value' to providers of services (such as libraries, publications) whose marketing would benefit, in lieu of cash. I rather think big business is in a better position than government to exploit the 'profiling' fallout of universal use of truenames. In the hope of increasing the declining signal content on the list, I'm reposting my article: ====================== Electric Dreams Weekly column for The Asian Age by Rishab Aiyer Ghosh #35, 31/October/1994: Selling privacy as a commodity It was once said that you should never post publicly to cyberspace what you don't want to see in tomorrow's newspapers. While newspapers are rarely interested in your idle thoughts, others are. Future employers, advertisers and an army of 'user profilers' have begun to exploit the availability of huge data banks of Net traffic, just waiting to be indexed by your names and opinions. It is already possible to buy CD-ROM or tape archives of posts to newsgroups on the Internet. Collecting newsgroup posts as they arrive is trivial. Apart from ordinary Internet connections, all newsgroups are available on one- way, open-access satellite data broadcasts. As traffic flows in, it can be indexed and backed up on extremely cheap storage media such as Digital Audio Tape, for later search and retrieval. While the US National Security Agency is naturally one of the best at hunting for signs of incorrect thinking in cyberspace, several techniques to search large volumes of data by very flexible criteria are publicly available. Electronic writing is one of the best sources for employers to learn the views of prospective employees. The groups people participate in can also form useful inputs to consumer profiles. Some companies have already started offering directory services based on posts to USENET, the semi-official collection of major newsgroups. It is easy to imagine Profiles-R-Us shops that sell dossiers on any individual, detailing political, religious and sexual preferences, and other interesting tidbits - all the nasty things you ever said about Microsoft, for instance! Public discussion is of course just that, and it's ridiculous to attempt to prevent it being put to use for purposes not originally intended. The remedy to an invasion is to build walls; when the invasion is one of privacy, the walls are technological. Some pioneers are already protecting themselves through the use of encryption, digital signatures, and multiple pseudonyms - making it impossible for profilers to associate opinions with real people. In a way, the Invasion Of The Profilers is a good thing - it will make individuals realize what little privacy they have, and teach them the value of privacy. Not everyone will want to seal themselves in private cocoons. Most will not object to some loss of privacy, but in exchange for a (not necessarily monetary) share of the profilers' profits. Individuals will control their privacy and selectively reduce it when it benefits themselves. A particularly useful application of this is in an electronic public library. Once access to data is severely restricted to protect intellectual property rights, the Internet as a source of knowledge for everyone will die, unless libraries are opened to provide information free of cost. Such libraries need not survive on subsidies; rather, they can ask for a copy of any information base in cyberspace from all publishers. By limiting access to individuals who are willing to give up some privacy, the library and publishers will benefit from the sale of users' access records to advertisers. Advertisers will be delighted, as most other inputs for profiling in a privacy- aware society will be unavailable. Finally, users will get free access to information if they so choose, at a cost that they can agree to. While one can be frightened by the ease with which a multitude of Big Brothers can monitor the citizens of cyberspace, technology, as always, has something for everyone. As it becomes easier to search through electronic communications, it also becomes easier to protect privacy to varying degrees. Individuals will be forced to be aware of risks to their privacy. With the opening of markets for profiles, privacy may finally find a concrete value. Rishab Aiyer Ghosh is a freelance technology consultant and writer. You can reach him through voice mail (+91 11 3760335) or e-mail (rishab@dxm.ernet.in). --====(C) Copyright 1994 Rishab Aiyer Ghosh. ALL RIGHTS RESERVED====-- This article may be redistributed in electronic form only, PROVIDED THAT THE ARTICLE AND THIS NOTICE REMAIN INTACT. This article MAY NOT UNDER ANY CIRCUMSTANCES be redistributed in any non-electronic form, or redistributed in any form for compensation of any kind, WITHOUT PRIOR WRITTEN PERMISSION from Rishab Aiyer Ghosh (rishab@dxm.ernet.in) --==================================================================-- ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "In between the breaths is rishab@dxm.ernet.in the space where we live" rishab@arbornet.org - Lawrence Durrell Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Mon, 9 Jan 95 22:55:04 PST To: cypherpunks@toad.com Subject: Re: DH Traffic Volume Analysis Message-ID: <199501100612.BAA22933@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Paul J. Ste. Marie writes: > One problem that remains would be a trail left by the increased traffic > to/from a DH vs a normal user. That could only be fixed by a multitude of > DH sites. Ubiquitous remailing -- having a significant portion of the net population bouncing around randomly fluctuating encrypted traffic as background noise -- should help to cover both remailers and data havens. It would be nice to have more people firing off occasional encrypted stuff to muddy the waters. (Picture yourself in Bridge over the River Kwai if it helps ;) -L. Futplex McCarthy; PGP key by finger or server - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxIkLGf7YYibNzjpAQGZfgQAp464Szt+W1pvcHQRLH39kmato3tQaHIn mNSNjeXBwWqrgIXYoLAQfcX1qvVb0NJQikGc4P7Xo/o7Aa2LOIWTt6TRxXlUkaod gmYr6XGvoCST1eciMeMTKRjVRJgA6p4/GmQwQwmvFtTus1waS5T+RsNX0nbCu3ng eg3sZ5s7pKI= =973H - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxIlNCoZzwIn1bdtAQFGBQF/Zl+lLTMyM55oRF2PSsA0ld13i/I1uyvW sD3C3JkqgQ9XsDjGquKXoPwDCsAEgN6E =7MWJ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: jpb@gate.net Date: Mon, 9 Jan 95 22:54:53 PST To: pstemari@erinet.com (Paul J. Ste. Marie) Subject: Thoughts on Data Havens In-Reply-To: <9501100322.AB12220@eri.erinet.com> Message-ID: <199501100630.BAA10057@hopi.gate.net> MIME-Version: 1.0 Content-Type: text Re: > At 07:25 PM 1/9/95, dfloyd@io.com wrote: > > ... Of course, the DH will be hidden by a good remailer (anon.penet.fi), but > >it is trivial to use traffic analysis to find where the DH lies. Just > >monitor traffic from/to the remailer and do a series of store/retrives. > >Then for confirmation, forge a mail from the dh site to the remailer with > >the password (obtained from sniffing) to yourself. ... This is a known weakness of the wizvax style remailers. It is a shame that they are so easy for naive users to use - while I like the idea of an easy to use remailer, I have to shudder at how many people think that they are a secure system, especially when the reason they use them is usually because of a very real fear of the possible consequences if their lifestyle becomes public. > Hmm, hmm. Using c'punk remailers with encrypted send blocks fixes one > problem, especially if the c'punk mailers do some sort of file splitting and > reassembly along the lines of what happens to IP packets that are too large > for a given link. What would also help would be a mechanism for randomly > varying the encrypted send-to block. The password replay attacks can be > fixed by encrypting the transmitted password along with a timestamp/sequence > number. Post a new PGP key and encrypted address block weekly to alt.data.havens, alt.2600, or a stegoed picture to alt.binaries.pictures.whatever. If you are limiting usership, perhaps an autoencrypting majordomo list. If you do decide to go the steganography route, keep in mind that users on other platforms will want to use your DH and pick your stego program accordingly. As a Mac user, few things irritate me as much arj and zip files on ftp sites. gzip is a pain also, but at least I can un-gzip in my shell account before downloading. > One problem that remains would be a trail left by the increased traffic > to/from a DH vs a normal user. That could only be fixed by a multitude of > DH sites. One way of solving the traffic analysis problem is to have the DH account also act as a remailer. It would also be a good idea to only allow DH commands to be executed if the encrypted (mandatory) control message arrived from another remailer account - people knowledgeable enough to be using a dh will probably not mind if they are "forced" to route traffic through the remailer network - anyone paranoid enough to be a client is going to tack your address block on the end of a long chain they created themselves. As an added security measure, when a valid control message is received, an identical length stream of random garbage should then be encrypted and passed into the remailer pool. This would be easier if remailers supported some sort of bit sink command to trash a message rather than pass it along. Joe Block No man's life, liberty or property are safe while the legislature is in session. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Mon, 9 Jan 95 22:54:30 PST To: cypherpunks@toad.com Subject: Re: Anonymous videoconferencing applications Message-ID: <199501100644.BAA23178@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Alan Bostick writes: > I thought so too, at first; but then I thought of this obvious application: [lurid details omitted ;] "Ever seen your children bound and blindfolded from across the globe ? You will...." > Whether technology is going to be developed for the convenience of > kidnappers and terrorists is an open question. I'd answer, "Undoubtedly," but I wonder just how readily available such technology would be to, uh, the rest of us. > But there is clearly > at least this one clear use for anonymous video conferencing. Perhaps headhunters would find it handy for anonymous job interviews with candidates who prefer to remain nameless, but not jobless.... -L. Futplex McCarthy - -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxIrqmf7YYibNzjpAQGE9AQAlSGdkOEWsbXICCygoa4Sr+Gj9y91xHeS 3YpA40lODXDmvAoIxWRtpOt2k3a1G381xwxaSCh7b+Wh90V4dknS/ysvu/VLLdUG k1H/eGttn+TzcVPARc0fxExDV5yNxueDRaqil1sDnsgtVyBMzCmu6jdHKL4molku 5zN0SLh2RLY= =zmcz - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxIstCoZzwIn1bdtAQFiIQF9Ho6rMKp+ii7kSgFalxf8j+05ZHTFkxCc /LQUDOvxy1jXK5+EpaOwP/LyI5fru7YQ =ZD2g -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mccoy@io.com (Jim McCoy) Date: Mon, 9 Jan 95 23:54:41 PST To: root@einstein.ssz.com (root) Subject: Re: Pornography, What is it? In-Reply-To: <199501100432.WAA00738@einstein.ssz.com> Message-ID: <199501100754.BAA23939@pentagon.io.com> MIME-Version: 1.0 Content-Type: text/plain > From: root [...] > > What you define as pornography doesn't mean shit, it's what the media and > > jornalists and fundies etc.. decide is pornographic that you gotta watch > > out for. [...] > > > I am well aware that what I personaly consider pornography carries little > weight. One minor nit. Pronography is not illegal, obscenity is what is regulated. The difference between the two the fine line upon which we tread. > As to data havens being dangerous to run...I don't know. At the recent > HoHoCon there was a long discussion 'bout networks hidden within networks > that was very intriguing. If Doug Barnes is reading this he may be > willing to reiterate some of the talk. I do know that at the moment my > partners and myself are looking at remailer software running under Linux > and data havens are something that we have discussed. That was my talk, and if I ever get around to it I will be putting my notes and design details for underground internetworking up on the web. These notes include the slides from the talk and the technical notes relating to this issue... jim From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Mon, 9 Jan 95 23:31:44 PST To: cypherpunks@toad.com Subject: Re: Traffic generation Message-ID: <199501100736.CAA23603@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Joe Block writes: > As an added security measure, when a valid control message is received, > an identical length stream of random garbage should then be encrypted and > passed into the remailer pool. This would be easier if remailers supported > some sort of bit sink command to trash a message rather than pass it along. Lance Cottrell's Mixmaster software supports this -- just use Anon-To: null - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxI43yoZzwIn1bdtAQFNJwGAyLeVNnXjphXZFF9tznd4BI09+e4ec3z7 XjLgNg3qtNoxUM44ZkW0xsME+ot5B4A/ =q5OQ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: carolb Date: Tue, 10 Jan 95 01:16:36 PST To: Christopher Allen Subject: Re: PRESS RELEASE - RSA Licenses Co In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Thanks, that was nice & handy, & scary. RegisteredBEllcore Trusted Software Integrity system programmer *********************************************************************** Carol Anne Braddock "Give me your Tired, your Poor, your old PC's..." The TS NET REVOKED PGP KEY NO.0C91594D carolb@spring.com carolann@mm.com ************************************************************************ COMING SOON TO AN INTERNET NEWSGROUP NEAR YOU...............CENSORED.COM From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: craig@passport.ca (Craig Hubley) Date: Tue, 10 Jan 95 00:49:55 PST To: cypherpunks@toad.com Subject: Re: Files and mail In-Reply-To: <199501070212.SAA19162@netcom3.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain > "I'm Wozz" writes: > > > Any professional knows better than to read private > > mail...and if this is so...then they aren't worthy of having > > a site to run > > For legal purposes, most BBS systems declare that for the > purposes of the ECPA, there is no such thing as private mail on > their system. The Sysop is then free to read anything he wishes > to. This policy is clearly stated in the user agreements of > almost all BBS systems offering access to the public. This may be true of public access BBS systems, but on corporate sites the smart money pulls the other way. Smart corps avoid reading email for the same reason they avoid listening in on voice conversations (except in telemarketing etc.). Likelihood of a corporation being held liable for any abusive use of a system by an employee is drastically outweighed by the likelihood of a costly wrongful dismissal suit should any investigation of private correspondence reveal some private fact (e.g. they are gay, they are having an affair, etc.) that leads to their dismissal (and thus loss of access to the system!). In other words, abuse by managers of their supervisory priveleges is far more likely to come back and haunt the organization than abuse by employees, in legal terms anyway. At a recent seminar on doing business on the internet I stated this opinion to an audience that included at least 20 lawyers. None disagreed, the numbers are clear enough. One added the qualification, which I agree with, that pirated software that the organization directly benefits from is a specific exception where the organization is guilty until proven innocent. But he hastened to add that the rest of the argument stood up. We agreed that a 'software audit' program such as the SPA provides could meet that need without compromising end user privacy. Slowly I believe that Prodigy, AOL, etc., are getting this message, that it costs more to censor than not to. Reading of the week: "Defending Pornography", by the head of the ACLU (yes a woman) who argues that the fight against censorship is equivalent to the fight for women's rights, and historically has always had the same enemies. Kind words on the jacket from Friedan and other mainstream feminists. > > as for PGP, this is an individual thing....I'm sure mike > > has no such objections...i know here at MindVox we > > don't...in fact, we installed it for the users > > Many BBS Sysops forbid PGP and kick users off their systems who I can't speak to the paranoia of garage system operators but: > use it. They cite fears of encrypted illegal porn and credit > card numbers passing through their systems, and potential legal > liability. We work with a lot of large corporate clients using the internet. We have recommended PGP as a means of securing privacy for all corporate communications (note I don't use it from this site as I don't download all mail from here before reading it, a GUI PGP that was usable would go a long way to overcoming resistance) and deal only with BBS operators who fully support user privacy. As I suggest, we have recommended strongly against investigating the contents of mail etc., and have been backed by the lawyers of these organizations who see a nightmare of legal liability even in the *ability* to look. (When does the ability to look become an obligation to record? Go ask your service provider!) It seems to me that, although there have been some misguided prosecutions with serious impact on the livelihoods of some small operators, the defense that the operators did not know what was moving through their site has held up. Criminal liability hinges on knowledge of the act - you cannot be held criminally liable unless you knew what was going on... period. Exceptions to that ('guilty until proven innocent' doctrine that blames the publisher and forces them also to be a censor) are offensive to the principles of both the law and liberalism. I would cite broadcasting law as an example of such an abusive body of law, and note that it was written entirely in this century. The 'common carrier' status is not a silver bullet, it obligates carriers to co-operate with authorities to maintain that status, as it is specially granted. It is actually better to let it evolve by precedent, a 'de facto' common carrier defense, as that way it cannot be withdrawn by a government without special legislation that itself may be overturned by the courts (in constitutional democracies). In other words, keep on using PGP, ditch providers who forbid it, and recommend it to every company you can. Once it becomes clear to Ford and Kraft and GM that a decision to hold a BBS operator responsible for traffic that moved through his system without his intervention, is also likely to deem *them* responsible for employees (and suppliers!) once they have established internally a comfortable precedent of just leaving the mail alone... very expensive and disruptive to overturn... you can be damn sure that some serious campaign contributions will swing over to the privacy advocates. I make these assumptions: that corporate America, as commercial entities, have no interest in knowing about anything that is not directly related to the making of money. It does not want its business complicated by the necessity to become a censor of employee discussions. Piss tests etc. were an example of DoD over-control forcibly imposed on the private sector... with predictable results like the Intel Pentagronk (who ever heard of a serious system being built entirely without benefit of psychoactives?) With DoD spending disappearing, the military-industrial complex shrinking, this economic influence is reduced and we get more overt legislative attempts to exert control like the Clipper, motivated by 'civilian' concerns like 'kiddie porn' (gee Japan has no such laws and it hasn't collapsed yet, has lower incidence of child molestation too...) and 'violent porn' (same story, you can get it in Denmark and they have less rape than here...) and 'stolen goods' (which can be moved around easily enough by a hundred other means). In other words, the same lame excuses that politicians use every time they want to control people. But I don't think business is with the program, I think corporations only react to fear of liability etc. (which is kept heightened by governments with their own agenda) which can be reduced by education and measured by intelligent risk analysis. In my opinion, as the architect of several risk management systems, the latter demonstrates that the danger is less than 'most BBS operators' think, and it arises from different factors than they think, to wit: If a small service provider is prosecuted for moving alt.binaries.snuff through his system, it is not because he carries it: so do 500 other service providers, and they can't prosecute them all. It is because he was careless enough to indicate in non-PGP-encrypted email that he was intending to make a political donation to the prosecutor's opponent. Barring a nationwide crackdown, where the initial prosecution is always carefully chosen for minimum public sympathy, these random prosecutions are going to be motivated by the petty whims of cops and bureaucrats. I see no reason why one would leave one's opinions open to them to read. All that can do is make you a target, and who needs to be a target ? That said, I can understand their fear. If I were operating an internet service today, I doubt I would have posted this to cypherpunks (which I read primarily to protect my own privacy, that of my clients, and advise them on effective means of privacy protection). Now I'm probably on an NSA list somewhere... good thing I'm up here in Canada...! Craig Hubley Business that runs on knowledge Craig Hubley & Associates needs software that runs on the Web craig@passport.ca 416-778-6136 416-778-1965 FAX From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: skaplin@mirage.skypoint.com (Samuel Kaplin) Date: Tue, 10 Jan 95 03:24:11 PST To: cypherpunks@toad.com Subject: Julf gets some negitive press!!! Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- I found this surfing USENET. Very interesting... From: cmfaltz@panix.com (Titania) Subject: SIEGAL STRIKES AGAIN -- HEADS UP, FOLKS; CENSORS GETTING READY Date: 5 Jan 1995 09:28:40 -0500 Organization: The Q Continuum Lines: 112 Message-ID: <3egvmo$lfg@panix.com> NNTP-Posting-Host: panix.com Chck the blurb at the end of this reprint from the San Francisco Chronical -- bitch Siegel is complaining about net hoods again, while supplementing her income providing a how-to book for those hoods -- oh, she would say her book is informative, bringing Net abuses and scams to the public knowledge, but human nature being what it is, how much do you wanna bet scum have been buying up her little tome for ideas? Check 'er out, everyone -- she's the face of the enemy -- get ready. Reprinted from Monday's SF Chronicle *Anarchy, Chaos on the Internet Must End* Martha S. Siegel Elections are over, and, for better or worse, recognized leadership is installed and working in most places. Yet, in Cyberspace, the electronic world dominated by the much vaunted Internet, there is not much order. This huge international computer web tying together about 30 million people is governed by no one. What an amazing state of affairs. The most powerful commu- nication medium ever invented is being left to the equivalent of mob rule. Last year was the year of the Internet in the media. Clearly it is now in the mainstream. Nonetheless, judging by what you read or hear, the key question of who runs it is not even an issue. It is more fun, after all, to contemplate shopping in an electronic mall or how to order a pizza through a modem. No matter, if you scratch the surface of this big, happy party, the need for firm direction is all too obvious. Also reported in the press is an expanding array of Internet problems. Unregulated broadcasting of sexually explicit material that is readily available to children usually heads the list, but on-line sexual harassment, profanity, defamation, forgery and fraud run close seconds. The secretiveness that computer communications allows is a special reason why abuse is easy. National and personal security are serious considerations when anyone can, with complete anonymity, send encrypted information worldwide via the Internet. Such problems are further exacerbated by a computer in Finland called the Anonymous Server, which exists for the sole purpose of laundering computer messages, much like dirty money is laundered through small island nations. Consequently, if you want to, say, threaten someone with death, your risk of retribution is small, courtesy of the Anonymous Server. Nowhere are Cyberspace difficulties more evident than in the inevitable swing toward Internet commercialization. The widely reported turf war rages onbetween academic factions that controlled Internet before it went public and business newcomers who now want to access its huge audience. Electronic attacks on business people by means ranging from computer insults, called flames, to assorted forms of electronic vandalism, persist uncontrolled. Worst of all are the "canceller robots," computer programs meant to erase the communications of anyone the hackers who usually launch them want to silence. These self-styled vigilantes routinely challenge free speech in Cyberspace unabated. Internet access providers, companies that connect people to the Internet for a profit, likewise assume the role of censors, arbitrarily closing accounts of those whom they disapprove. Given its international nature, one obvious way to bring much needed order to the Internet is through diplomacy. The United States should lead in this. A good beginning might be to urge the Finnish government to deactivate the Anonymous Server. Diplomacy could also help to establish an international standard of recognizing laws existing at the point of origin as controlling the message sender. When conflicts arise, governmental diplomacy should again be the answer, just as it is with other trade and communications issues. Next, laws already regulating behavior in the real world should be applied to Cyberspace. This is already taking place on a case-by-case basi, but the process is too slow. The Supreme Court should act to create a precedent stating that crime is crime, even when the criminal instrument is a computer keyboard. In the United States, legislation should be passed making Internet providers common carriers. This will get them out of the business of censorship and under the guiding hand of the Federal Communications Commission. People need safety and order in Cyberspace just as they do in their homes and on the streets. The current state of the Internet makes it clear that anarchy isn't working. If recognized governments don't find a way to bring order to the growing and changing Internet, chaos may soon dictate that the party is over. ** Martha S. Siegel is the author of "How to Make a Fortune on the Information Superhighway" and CEO of Cybersell in Scottsdale, Arizona In any case, the San Fransisco Chronicle may be reached at: Letters to the Editor, San Fransisco Chronicle 901 Mission Street San Fransisco, Ca 94103 or you can fax a letter at (415) 512-8196 - -- ============================================================================== skaplin@skypoint.com | Finger skaplin@infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key@four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin@mirage.skypoint.com | outside a Roman brothel. ============================================================================== Anyone who hates Dogs and Kids Can't be All Bad. -- W. C. Fields -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBLxJtEMlnXxBRSgfNAQGz6gf/bwcCfyl+Cbktb/rGHUoudNWRKgXBjaNC 73V2FADhPRK+GIocliO6n/jNKetgfmvR7vKRkC98DuL5eJ4nek6XBqZ1eMBv0gBU FWSyRulYy3DJghWTUwFFuzm5GgNgC7j3kHOAdoLDys7FPaD7VprxD6esiIZnE/Ao rG2LqXrjQ3ofHqKiCxpldKJv51ttGZaWCbT39IfJOoB9dYs6vPTaDf7aOuqHfUKi +ZgwEwf/tM0x2BX6GuKCNXhFnPjL947kTQuSQ8JEcwHbvqAueMFaehNOtRczqwSj CBtwUYF9NIPmZ1kqEtJBQegDqj71xcD3c17NpjFAVjx1dz4ceIBRVQ== =FTmU -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Tue, 10 Jan 95 04:07:20 PST To: mccoy@io.com (Jim McCoy) Subject: Re: Pornography, What is it? In-Reply-To: <199501100754.BAA23939@pentagon.io.com> Message-ID: <199501101202.GAA00328@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text > [...] > > > What you define as pornography doesn't mean shit, it's what the media and > > > jornalists and fundies etc.. decide is pornographic that you gotta watch > > > out for. [...] > > > > > I am well aware that what I personaly consider pornography carries little > > weight. > > One minor nit. Pronography is not illegal, obscenity is what is regulated. > The difference between the two the fine line upon which we tread. > If this is so then everything I have read or seen misses this minor point completely. Every press release, speech, etc. that I see uses the term pornography, not obscenity. TV preachers, news anchors, newspapers, DA's, etc. consistently use the term pornography. The state of Oregon specificaly legalized pornography, not osbcenity. I think from a legal standpoint there is little difference between the two. > > As to data havens being dangerous to run...I don't know. At the recent > > HoHoCon there was a long discussion 'bout networks hidden within networks > > that was very intriguing. If Doug Barnes is reading this he may be > > willing to reiterate some of the talk. I do know that at the moment my > > That was my talk, and if I ever get around to it I will be putting my notes > and design details for underground internetworking up on the web. These > notes include the slides from the talk and the technical notes relating to > this issue... > Sorry, for the slip. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brad Dolan Date: Tue, 10 Jan 95 06:42:27 PST To: cypherpunks@toad.com Subject: Response to CBS News "drive-by" attack on the internet Message-ID: <199501101442.GAA21852@well.sf.ca.us> MIME-Version: 1.0 Content-Type: text/plain January 10, 1995 Eric Ober President, CBS News 524 W. 57th Street New York, NY 10019 Dear Mr. Ober: In its 1/9/95 evening news broadcast, CBS aired a segment presenting a number of people who argued that the content of school libraries, written communications, and electronic communications should be censored for the common good. Since CBS did not present anyone with an opposing point of view, I assume the position presented is believed by CBS to be correct and not controversial. At first I was concerned about your network's apparent lack of support of first amendment rights to freedom of speech and of the press. Then I realized that these freedoms are only to discuss topics which could not result in physical or moral harm to anyone. I have some friends who share your concerns. They have been trying for years to reduce availability of morally dangerous materials like _The_Catcher_In_The_Rye_ and _Heather_Has_Two_Mommies_. They will be so excited to hear that you are now on their side. Sincerely, Brad Dolan bdolan@well.sf.ca.us  From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: daleh@ix.netcom.com (Dale Harrison (AEGIS)) Date: Tue, 10 Jan 95 08:27:05 PST To: cypherpunks@toad.com Subject: DataHavens Message-ID: <199501101626.IAA19511@ix3.ix.netcom.com> MIME-Version: 1.0 Content-Type: text/plain If one wonders what sort of physical threat an operator of a datahaven could potentially face, then today's (01/10/95) Wall Street Journal editorial is must reading. It's on the Op-Ed page (page A20) and is titled: "No Accountability at the FBI". It discusses the Randy Weaver siege in 1992 and the subsequent investigation and whitewash that followed. It's scary stuff! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mpd@netcom.com (Mike Duvos) Date: Tue, 10 Jan 95 08:44:22 PST To: cypherpunks@toad.com Subject: Re: Fwd: Re: netcom discussion in news.admin.misc In-Reply-To: <199501100351.TAA05721@ix3.ix.netcom.com> Message-ID: <199501101633.IAA07416@netcom19.netcom.com> MIME-Version: 1.0 Content-Type: text/plain johndix@ix.netcom.com (John Dix) writes: > I've mentioned to Netnews that a good first step would be to > make it harder to forge messages by changing the news > software to no longer accept a user-supplied "Sender:" line > in the article header, and he has agreed. However, I fail > to understand just *what* is taking so long to make this > (much needed) change. The problem here is that the news transport mechanism is not particularly resistant to arbitrary text being posted by a user. Newsreaders can check for forged "From:" or "Sender:" lines, but newsreaders then call shell scripts like inews and injnews to process their material. Users can call these scripts directly and bypass any checks by the newsreader. None of this requires any special privs, and only the lowest level of the news transport mechanism, relaynews, requires set-user-id netnews to function. The latest version of Tin does check for forged "From:" lines, but the version Netcom runs allows anything to be posted. Fudging the lower levels of the news transport mechanism to check "From:" and "Sender:" lines can mess up other things, since processes may need to inject news into the news stream which they themselves did not author. One solution to the problem is to have a secure level of the news transport mechanism add an "Originator:" line to every message which it handles. This will identify users attempting forgeries, and will not require munging of an existing header line. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: mpd@netcom.com (Mike Duvos) Date: Tue, 10 Jan 95 08:47:54 PST To: cypherpunks@toad.com Subject: Re: Julf gets some negitive press!!! In-Reply-To: Message-ID: <199501101646.IAA09037@netcom19.netcom.com> MIME-Version: 1.0 Content-Type: text/plain skaplin@mirage.skypoint.com (Samuel Kaplin) writes: > bitch Siegel is complaining about net hoods again, ... > Such problems are further exacerbated by a computer in > Finland called the Anonymous Server, which exists for the > sole purpose of laundering computer messages, much like > dirty money is laundered through small island nations. I predicted a while back, that when the time came for a serious attack by authority types on anonymous remailers, we would see the term "message laundering" suddenly spring into the public lexicon. > Consequently, if you want to, say, threaten someone with > death, your risk of retribution is small, courtesy of the > Anonymous Server. Well, I certainly wouldn't post death threats through Penet. At the very least, it would threaten the existance of the server, which is a valuable net.resource, and cause me to receive nasty mail from Julf. I think Bitch Siegel exaggerates the potential danger of this particular system. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $ From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Avi Harris Baumstein Date: Tue, 10 Jan 95 06:18:11 PST To: cypherpunks@toad.com Subject: Re: Data Haven problems In-Reply-To: <199501100125.TAA29250@pentagon.io.com> Message-ID: <199501101418.JAA08782@cutter.clas.ufl.edu> MIME-Version: 1.0 Content-Type: text/plain dfloyd@io.com writes: >My problem is not that people will bitch about my DH. My problem will >be arfholes or yellow journalists uploading K*dd*e p**n to my DH, then >making a long report how I cater to p*dofiles and other evil denezins >that pop from time to time. Then, I get the police knocking at my >door, asking me to come to Club Fed for a looooonnnggg vacation. well i remember a suggestion a while back to only accept encrypted files. i don't remember who made the suggestion, but this seems like a good idea for several reasons: 1) most journalists won't know how to encrypt their files (ok, this is an admittedly short-term advantage, as journalists get smarter) 2) you will have no idea *what* is stored, and absolutely no way of finding out, even if you wanted to. you should advertise this feature widely. 3) it will help promote the use of crypto, as those who want to use the DH will have to have a way to encrypt their files. and charging, even an extremely minimal fee, will help to reduce wanton usage. but then you get into the whole electronic payment infrastructure problem again... -avi From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: anonymous-remailer@shell.portal.com Date: Tue, 10 Jan 95 09:33:17 PST To: cypherpunks@toad.com Subject: Anarcho-Cap - Newt and Gorby? Message-ID: <199501101733.JAA21222@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain ## From: sherbock@remailer.net -----BEGIN PGP SIGNED MESSAGE----- Crypto-anarchy, many-to-many communications, inter- national/cultural communications, bandwidth price plummet, computer ubiquity, philosophical/ideological evangelism, freedom of speech/trade/association and other factors talked about on this list are together heralding huge transformations. With this as background together with the statement that I am somewhat of a "Frissell/Sandforth Optimist," let me present a short essay and ask a single political question. I want to propose that a change to more of a Snow Crash society with anarcho-capitalism as the norm is not necessarily being _caused_ by pressures listed above, but, rather, fit a grander historical destiny. What we are seeing and will see in the information age has been bound to happen all along. It is an inevitable follow-on phase to our industrial age. One way to view our (Cypherpunks) work is "lead, follow or get out of the way." What's happening is going to happen. I just want to be in the center of it! (I could write much more in support of this. Read Gilder, Rees-Mogg, etc. and much of the techno Sci-Fi suggested by Cypherpunks.) Hindsight is 20/20. Many experts have analyzed the collapse of the USSR. Many are quick to claim that the dissolution was inevitable, historical, even. Consider the possibility that the dissolution of large, centralized federal republics is also inevitable. (The Frissel/Sandforth Optimists have been arguing this exact point.) As an interesting specific, consider parallels in the roles of former Soviet leader Mikhail Gorbachev and the U.S. House Speaker Newt Gingrich. Gorbachev, by self-proclamation, was a communist first and foremost. He was in no way a destructionist. In fact, it can be argued that he never intended to weaken the central power of the Supreme Soviet. He introduced liberalization reform (parestroika?) with the intent only of heading off the foreboding economic collapse of his State. Gorbachev's reforms were little baby walking steps in a direction that the Bear already was poised to _run_. Mr. Gingrich is a REPUBLICan. From what I can see, he loves the Constitutional government process of the United States. His proclaimed intentions are for downsizing and deregulation. However, he does not seem to desire the dissolution of federal, central government. He has not openly claimed to be libertarian or anarcho-capitalistic. :) Will Newt's deregulatory reforms be baby walking steps in the direction Uncle Sam (and the world) is already poised to _run_? G. del Sherbock - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAy8RoncAAAECAK5jkuO+3qNE4veGXrwKqgJs9GhJibpNBOOacLN/OueiDX4R w0+fvCNCwIGT49T6acJvgSb/Kej3BcJViw4fkRUABRG0D0cuIGRlbCBTaGVyYm9j aw== =RPy1 - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBLxKvjAXCVYsOH5EVAQEXHQH+IT6n/vth2UcQrhJ9faEn8nfwU/XA/OyL 3qfXso1b7/NoivfSiuAvI8wQHasXQsWOheSwTE9c/TI7w6gAX4Yltw== =TJqU -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: storm@marlin.ssnet.com (Don Melvin) Date: Tue, 10 Jan 95 07:37:43 PST To: cypherpunks@toad.com Subject: Re: Rumored CBS "hit" on internet coming In-Reply-To: <199501091955.LAA07671@netcom18.netcom.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- In article <199501091955.LAA07671@netcom18.netcom.com>, you wrote: > > Argghh!! When Connie interviewed me last week, she said I could > _whisper_ some dark uses to her and it would just be between the two > of us! > > Life's a bitch, and so is Connie. I believe the current PinC expression should be Life's a Hillary, and so is Connie - -- America - a country so rich and so strong we can reward the lazy and punish the productive and still survive (so far) Don Melvin storm@ssnet.com finger for PGP key. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxKh7mvyi8p8VUiJAQHxmQP/UP733aoSsBqI23NR1p6A4Gcl79VT8Dvc cC4MpxRQZwe0w2dx7jNMpXNJY5iwMOwpXNkfY/SEX0iyGXL0B8kjHLOYJkhtOZMA 5PyPqU8fbskKz5xXd/kBeTtZmnVzi4eMFYczm4+ThWlwzEoka5PATP3pa2SSXwmc rCGsnPDuJQA= =V+K/ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: eric@remailer.net (Eric Hughes) Date: Tue, 10 Jan 95 10:11:37 PST To: cypherpunks@toad.com Subject: RSA Licenses Commercial Distribution Rights to RSAREF (URLs to PressRelease) Message-ID: <199501101810.KAA26946@largo.remailer.net> MIME-Version: 1.0 Content-Type: text/plain I've been waiting for this, for oh, about two years now. Eric ----------------------------------------------------------------------------- RSA Licenses Commercial Distribution Rights to RSAREF ===================================================== RSA announces that it is licensing commercial distribution rights of its RSAREF software to Consensus Development, allowing for implementation of commercial Privacy Enhanced Mail (PEM) applications. Press Release -------------- REDWOOD SHORES, CALIFORNIA--JANUARY 9, 1995--RSA Data Security, Inc. and Consensus Development Corporation jointly announce today at the RSA Data Security Conference that Consensus Development is licensing the commercial distribution rights of RSAREF from RSA Data Security. RSAREF (pronounced "R.S.A. reff") is short for "RSA reference implementation" and is a cryptography source code toolkit designed to allow developers to create PEM (Privacy-Enhanced Mail)software and other encryption/authentication tools. Until now, RSAREF has been an unsupported RSA product approved for use only as part of freeware and not-for-profit software applications. Consensus Development will now be able to market and license RSAREF to commercial software developers, and provide software support and future enhancements to the RSAREF source code library. (continued in full text press release...) Full Text --------- A World-Wide-Web/Mosaic page for this press release can be found at: A digitally signed text copy of this press release can be found at: Discussion/Announcement List ---------------------------- Consensus Development will be creating an email discussion list for software developers interested in RSAREF. To join the discussion, send a message to with the body of the message requesting "subscribe RSAREF-DEV-L firstname lastname". From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nesta Stubbs Date: Tue, 10 Jan 95 08:51:29 PST To: Cypherpunks Subject: Re: Data Haven problems In-Reply-To: <199501101418.JAA08782@cutter.clas.ufl.edu> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 10 Jan 1995, Avi Harris Baumstein wrote: > dfloyd@io.com writes: > > >My problem is not that people will bitch about my DH. My problem will > >be arfholes or yellow journalists uploading K*dd*e p**n to my DH, then > >making a long report how I cater to p*dofiles and other evil denezins > >that pop from time to time. Then, I get the police knocking at my > >door, asking me to come to Club Fed for a looooonnnggg vacation. > > well i remember a suggestion a while back to only accept encrypted > files. i don't remember who made the suggestion, but this seems like a > good idea for several reasons: > I like this too, it keeps the data safe not only in transit, but also on the site itself. So I don't have to re-encrypt files, they are alredy crypted, and signed(another good bonus) by the sender or account holder. > 2) you will have no idea *what* is stored, and absolutely no way of > finding out, even if you wanted to. you should advertise this feature > widely. depends on how it is encrypted, if they encrypt it too the datahaven, using your public key, that argument won't work, BUT if they are suing it as a anon drop box, then they can encypt it to another publik key of the recipient(an anon key of course) and oyu would never be abl to read it. This is a good feature of a data-haven, one that may be able to produce profit int eh future if tha is a motive. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: RGRIFFITH@sfasu.edu Date: Tue, 10 Jan 95 08:52:58 PST To: cypherpunks@toad.com Subject: procmail: another question Message-ID: <01HLOG4V1I1E00106V@TITAN.SFASU.EDU> MIME-Version: 1.0 Content-Type: text/plain Please excuse my ignorance, but will procmail run under DOS? Will it download mail from a PopMail server? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Nathaniel Borenstein Date: Tue, 10 Jan 95 07:59:27 PST To: db@Tadpole.COM Subject: Re: for-pay remailers and FV In-Reply-To: <21043.789692792.1@nsb.fv.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain Excerpts from fv: 9-Jan-95 Re: for-pay remailers and FV db@Tadpole.COM (2073*) > Also, there is no reason on earth to take FV for payment under > such a scheme, No reason on Earth? Try any of the following: 1. You can actually get paid, in real money, using a system that is operating NOW. 2. It requires no special software for the user of the remailer service, thus preserving a very positive feature of most of today's anonymous remailers. 3. You don't need to have a credit card merchant account (and the technical arrangements for using it) in order to run a remailer service. There are more, but those are probably the top three. > I don't see any reason to get FV involved, unless one were so lame > as to be unable to get signed up directly with the credit card > companies as a merchant -- a process of appropriate complexity > to indicate the posession of at least one (1) clue, which is prob. > desirable in someone who's going to be handling remailer finances Well, I could be wrong, but from the above paragraph I can only infer that you've never actually tried to set yourself up as a merchant. The hardest part is getting approved for a merchant account. Unless you already have an established business or money in the bank, this will *probably* be a showstopper if you want to set up a remailer-for-pay service. Getting a merchant account is never trivial, and getting one in a whole new industry is VERY hard. Once you have a merchant account, establishing the right technical setup to do the actual authorization and purchases is not rocket science, but it certainly requires more than "1 clue" -- in particular, it typically requires hooking up some special hardware, installing and configuring some new software, and some serious thought about the implications for your system's security. None of this is needed if you use FV. Also, as Paul pointed out, the requirement for reversibility applies to ANY credit-card-based service, not just FV. This is NOT an option, it is required by law (reg Z). Excerpts from fv: 10-Jan-95 Re: for-pay remailers and FV Hal@shell.portal.com (2603) > Perhaps you could charge some small amount for them, but require VISA > payment, and check the names on the VISA cards. (This doesn't hurt > anonymity when the tokens are actually used because of the blinding.) To > get multiple tokens a person would have to commit some serious real world > name trickery, a considerably higher barrier than making up a pseudonym > on the net. This is workable. It also reinvents a big chunk of what FV does, if you do it yourself. -- NB From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "James A. Donald" Date: Tue, 10 Jan 95 11:27:40 PST To: Adam Shostack Subject: Re: procmail: another question In-Reply-To: <199501101826.NAA15838@hermes.bwh.harvard.edu> Message-ID: MIME-Version: 1.0 Content-Type: text/plain On Tue, 10 Jan 1995, Adam Shostack wrote: > Procmail is a very versatile, relatively easy to use way of > processing mail. "Relatively easy" -- Relative to the usual venomous Unix user hostile interface that is. I use procmail, but my local Unix guru does not, even though he has a clear need to do so. > Its most obvious function is to put mailing lists > into one or several folders, but it also can be made into a file > server*, automatically retrieve PGP keys, act as a basic remailer, > etc, etc. The .procmailrc file is in effect a program, rather than a bunch of flags. Every time procmail receives a message it interpretively executes this program, which does a pattern match on the mail, if it gets a match, passes the mail to some external program, which may be yet another invocation of procmail executing a different .rc file. Now if us windows folk had done it, we would have done it as visual basic controls and we would have created an installation program. Still I must confess, we windows folk have not done it and the unix folk have done it, so I guess it is score 1 for unix, 0 for windows. But I guarantee the chairman of the board is not going to use procmail. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from http://nw.com/jamesd/ the arbitrary power of the omnipotent state. jamesd@netcom.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Christopher Allen Date: Tue, 10 Jan 95 11:25:32 PST To: cypherpunks@toad.com (Cypherpunks Mailing List) Subject: Re: RSA Licenses Commercial Distribution Rights to RSAREF (URLs to Press Message-ID: MIME-Version: 1.0 Content-Type: text/plain At 10:21 AM 1/10/95, Adam Shostack wrote: > Its just another example of RSADSI trying to act more like a >government agency. :) I hope not -- one thing that I'm trying to do by taking over support for RSAREF is make it much more responsive to what developers demand. Like you I was disappointed by the slow progress of RSAREF, so that is why I worked so hard to get this deal going. ------------------------------------------------------------------------ ...Christopher Allen Consensus Development Corporation.. ... 4104-24th Street #419.. ... San Francisco, CA 94114-3615.. ... o415/647-6383 f415/647-6384.. ...Mosaic/WWW Home Page: .. ...Consensus Home Page .. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mark Rogaski Date: Tue, 10 Jan 95 08:29:28 PST To: cypherpunks@toad.com (Cypherpunks) Subject: HTTP and ID Verification Message-ID: <199501101629.LAA05969@phobos.lib.iup.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Can anyone tell me what the URL for the site that displays all the identifying info it gets when you request it is? - ----- Doc doc@phobos.lib.iup.edu aka Mark Rogaski http://www.lib.iup.edu/~rogaski/ Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... [finger fllevta@oak.grove.iup.edu for PGP Public Key and Geek Code v2.1] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxK1yB0c4/pqJauBAQHjjgP/VsewWr3MtyULjeb1H1SF7FEHBLK4rtML dHEGG88AOPI4C6shO/xpn7fauZM4serMt2OkXXoXcKjc4DXXnrRB23NUhWXXwEBl iIWucy4p6FEBzKLPv3ulmNRzl+JBsKvNdFTVvYiutFmagA1W/t9WCon+p1eEurnK LlBNqcnL+Rk= =DdD8 -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 08:30:24 PST To: cypherpunks@toad.com Subject: Re: for-pay remailers and FV In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Date: Tue, 10 Jan 1995 10:57:56 -0500 (EST) From: Nathaniel Borenstein The hardest part is getting approved for a merchant account. I've tried. Nathan is right. Also, as Paul pointed out, the requirement for reversibility applies to ANY credit-card-based service, not just FV. This is NOT an option, it is required by law (reg Z). But if you sell services or information, this is not a really big problem. You just say "fuck it, I got screwed", and you reverse the charges. And as for anonymity/privacy, if the business is doing a lot of other transactions, and the remailer ones are mixed in, then who's to say who's who? Maybe it's time to remind people that there is no such thing as perfect security, only varying degrees of such. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 08:34:48 PST To: cypherpunks@toad.com Subject: DH testing Message-ID: MIME-Version: 1.0 Content-Type: text/plain A DataHaven is only as good as it's been tested. You could pay for a tiger team to attack it, but why bother? Just take some nudie pictures of a girl >=18 years old who looks <18 years old, announce publicly that you have kiddie porn for sale, sit back and let the FBI test your DH for free. Be sure to charge enough for your eventual legal defense... -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 08:42:02 PST To: cypherpunks@toad.com Subject: "safe" Internet access Message-ID: MIME-Version: 1.0 Content-Type: text/plain If you want to access the Internet in a way that doesn't reveal your physical location (much), buy access from Metricom. They sell Internet access via radios. A small part-15 (900Mhz) $500 radio modem is needed, plus a few dozen bucks/month (thereabouts). If you use a yagi antenna, that will reduce your emissions to mostly one direction. If you're in line-of-sight with one of their poletops, you can point a telescope in that direction, and transmit only when you *don't* see a truck bristling with antennas. Every radio has a serial number, and they record who's got what, so they could cut you off much, much easier than catching you. For more information, see . Same thing can be done with radiomail, but the speed is slower and the radios and service are more expensive. And, they can still cut you off. Of course, part-time connectivity is problemmatic, because you need to receive mail at all times. Of course, you could use a mail hub in a "safe" country, but then you're tied to a government again. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | What part of "Congress shall make no law" eludes Congress? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: erc@s116.slcslip.indirect.com (Ed Carp [khijol Sysadmin]) Date: Tue, 10 Jan 95 13:07:42 PST To: nelson@crynwr.com (Russell Nelson) Subject: Re: "safe" Internet access In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text > Of course, part-time connectivity is problemmatic, because you need to > receive mail at all times. Of course, you could use a mail hub in a > "safe" country, but then you're tied to a government again. If you batch your email and news using UUCP, you don't need to be connected all the time. And it can also be encrypted... -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jef Poskanzer Date: Tue, 10 Jan 95 11:58:51 PST To: "Bradley W. Dolan" <71431.2564@compuserve.com> Subject: Re: Why is WELL down? Message-ID: <199501101958.LAA07295@hot.ee.lbl.gov> MIME-Version: 1.0 Content-Type: text/plain >My favorite net access provider, the WELL, is down and I can't >get a straight answer from the normally frank WELL folks why. Is that sarcasm? "Never attribute to malice what can be explained by simple stupidity." --- Jef From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Tue, 10 Jan 95 13:18:28 PST To: cypherpunks@toad.com Subject: MEETING: Jan. 14th Bay Area Cypherpunks Meeting Message-ID: MIME-Version: 1.0 Content-Type: text/plain ANNOUNCEMENT ============ This month's Bay Area Cypherpunks Meeting will be held this Saturday, January 14th, from 12 noon until 6 pm in Silicon Graphics Cafe Iris, the usual place and time. Detailed directions are at the end of this message. The topic: Demonstrations The emphasis will be on hands-on, live demonstrations of items of interest. Several speakers will demonstrate products and tools on actual machines. I encourage eating, shmoozing, and general milling-around to be finished by 12:30 at the latest, so we can start discussion of general items, updates, etc. I'd really like to get the demos started by 1 p.m., and 1:30 at the latest. We have a lot of demos planned and some special visitors in town this week, and some special events that just happened. So, as I'm the rotating chairentity this month, I'll wield the gavel ruthlessly. The RSA Data Security Inc. annual conference happened this past week, so I expect several folks will want to provide updates and news announcments, e.g., the licensing of RSAREF, status of lawsuits, new results, etc.. Short updates are good, but we just don't have the time for this meeting to formally present recaps of interesting papers. If there were any *amazing* results, they'll surely keep for a future meeting for more detailed discussion (could be a theme for a meeting). Also, Phil Zimmermann may be at the meeting (he's scheduled), so hearing from him could easily soak up a couple of hours, which we just don't have. In fairness to those who've planned demos, we'll have to try to limit all these interesting folks to the first hour or so. Maybe a few minutes more. And maybe later in the day there'll be time. We have these demos planned. * Henry Strickland (Strick) will, in his words, "be demoing Skronk (transparent above-the-kernel encryption for TCP/IP) and Kudzu (the TCL toolkit)." * Jack Repenning of SGI will demo two interfaces. In his own words, "I'm planning to demo two interfaces, actually: the Emacs one (on an Indy), and the MCIP "MacPGP Kit" plus Eudora extensions, on a Mac." * Phil Zimmermann "will demo pgp 2.9 and possibly voice pgp," according to Katy Kislitzin, who is in contact with Phil. * Katy Kislitzin will bring up the "demo smosaic" she has. (Secure Mosaic.) * Raph Levien will demonstrate "premail," his remailer-chaining tool. * Other ad hoc demos of items of interest may happen. We'll have several machines set up, so those with interesting software or hardware can perhaps do some brief, unscheduled demos. If I left anyone out, anyone who sent me e-mail saying they wanted to demo, I apologize. I went back over my mail and these were the folks I found who'd sent me e-mail. Contact me at my normal e-mail address (tcmay@netcom.com) as soon as possible if you want to be added. (I'll be travelling to LA on Friday, for a television interview with the BBC on crypto, and so will be unwired that day.) The emphasis is on hands-on demos, to expose folks to tools, capabilitities, possible future products. Informality is fine. NOTE TO PRESENTERS: Make arrangements to have machines you'll need there. An SGI Unix machine is permanently in the room. Other machines will have to be brought. Because of my trip to LA on Friday, I doubt I'll be bringing my PowerMac 7100AV with me, but I will have a PowerBook 170 laptop Macintosh, if all else fails. Windows and DOS demo folks should bring their machine of choice. (Atari, Cromemco, Amiga, Altair, and Exidy Sorcerer users are of course on their own.) The overhead video system is often more trouble than its worth, but it will be available for at least some of the demos. Those wishing to tie into should have either RGB outputs from their machine, or NTSC composite video. I'll bring my Hi-8 camcorder, which can tie in, and thus allow me to zoom in on whatever machines are there and display the video on the overhead screen. Dinner plans will, as usual, be made in the last chaotic moments of the meeting. ----------------------------------------------------------------------------- DIRECTIONS: Silicon Graphics, Inc. Building 5 (SGI Cafeteria) 2025 North Shoreline Boulevard Mountain View, CA From 101 take Shoreline East. This is towards Shoreline Amphitheatre. It's also "logical east", and points more north that east. (That is, it's east with respect to 101 North, which points west near the exit.) If you're coming in on 101 South, you'll cross over the bridge. Continue on Shoreline and go past a whole bunch of other SGI buildings. Turn right onto Steirlin Court at the big red metal sculpture. There will be even more SGI buildings surrounding you--take note of the building numbers. Go almost to the end of this street. Building 5 is on the right. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Adam Shostack Date: Tue, 10 Jan 95 10:19:52 PST To: eric@remailer.net (Eric Hughes) Subject: Re: RSA Licenses Commercial Distribution Rights to RSAREF (URLs to Press In-Reply-To: <199501101810.KAA26946@largo.remailer.net> Message-ID: <199501101821.NAA15802@hermes.bwh.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain Its just another example of RSADSI trying to act more like a government agency. :) Adam | I've been waiting for this, for oh, about two years now. | | Eric | ----------------------------------------------------------------------------- | | RSA Licenses Commercial Distribution Rights to RSAREF | ===================================================== From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Adam Shostack Date: Tue, 10 Jan 95 10:23:52 PST To: RGRIFFITH@sfasu.edu Subject: Re: procmail: another question In-Reply-To: <01HLOG4V1I1E00106V@TITAN.SFASU.EDU> Message-ID: <199501101826.NAA15838@hermes.bwh.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain You wrote: | Please excuse my ignorance, but will procmail run under DOS? Will it | download mail from a PopMail server? Procmail will run on the UNIX system that you connect to via pop. It processes mail, it doesn't transport it. (It can, of course, hand mail off to an MTA.) Procmail is a very versatile, relatively easy to use way of processing mail. Its most obvious function is to put mailing lists into one or several folders, but it also can be made into a file server*, automatically retrieve PGP keys, act as a basic remailer, etc, etc. Adam *RTFM: procmailex(5) -- "It is seldom that liberty of any kind is lost all at once." -Hume From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: John.Schofield@sprawl.expressnet.org (John Schofield) Date: Tue, 10 Jan 95 21:18:55 PST To: cypherpunks@toad.com Subject: Keep Out Electronic Availability Announcement Message-ID: <4bc_9501101432@expressnet.org> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Keep Out The Journal of Electronic Privacy January 10, 1995 ** Keep Out Volume 1, Number 2 now available electronically ** ** Keep Out Volume 2, Number 1 coming soon ** ** FREE sample issues available ** I am pleased to announce the electronic availability of Volume 1, Number 2 of Keep Out, the Journal of Electronic Privacy. To receive a copy, simply send e-mail to keep-out-current@expressnet.org. The subject and body of the message do not matter. You will receive an ASCII-text copy of the issue in reply to your message. You can also do a Fidonet file request to 1:102/903 and request VOL1-NO2.TXT, or call the Sprawl BBS at +1-818-342-5127 and download it. Volume 1, Number 2 had stories on the Pretty Good Privacy (PGP) signature bug, a how-to story on anonymous remailers, an interview with remailer operator Erich von Hollander, and of course, a continuation of our PGP beginners' series with an introduction to digital signatures and the web of trust. While Keep Out is primarily a paper magazine, the text of each issue is released electronically to make sure the information is disseminated widely. This information is too important to limit it to those who can afford a subscription. I am sending this message instead of posting the full text of Keep Out because the electronic edition contains the same commercial advertisements that the paper version does. It would be inappropriate to post it here. To encourage people to subscribe, and to ensure that Keep Out remains solvent, the electronic edition is released roughly one month after the paper version. It seems to be the lot of new magazines to have deadline troubles. Keep Out has unfortunately been no exception. The second issue of Keep Out was released quite late. To bring the magazine's date of issue back in touch with reality, the next issue (Volume 2, Number 1) will be dated March/April, and will be released in paper form on February 27. For that issue, we are working on a review of steganography software (programs for hiding data in sound and picture files), an in-depth report on Tempest technology (which allows an eavesdropper to view your computer screen from a distance without using wires), a story telling the current state of the government's Clipper (wiretap) Chip initiative, and a continuation of our PGP for beginners' series. To receive a free, sample issue of Keep Out, with no strings attached, simply send your postal address to one of the addresses below. You will receive a copy of the next issue when it is mailed out. Keep Out's mailing list is completely confidential. No information about you will be released for any reason, except for court orders, of course. Subscriptions to Keep Out are $15 a year for six issues in the U.S. and Canada, $27 elsewhere. Back issues of the first two issues (Volume 1, Numbers 1 and 2) are available at $7 each inside the U.S. and Canada, $9 elsewhere. U.S. funds only, please. Unfortunately, we can not accept credit cards, but checks and money orders payable to "Keep Out" are welcome. _______________ Contact Methods Voice: +1-818-345-8640 Fax/BBS: +1-818-342-5127 Internet: keep.out@sprawl.expressnet.org Fidonet: "Keep Out" at 1:102/903.0 Snail Mail: Keep Out P.O. Box 571312 Tarzana, CA 91357-1312 USA -----BEGIN PGP SIGNATURE----- Version: 2.7 Comment: Call 818-345-8640 voice for info on Keep Out magazine. iQCVAwUBLxL5+Wj9fvT+ukJdAQEeMgP8DG/x1JtkES7yEXyW67xOXiC/GPSn29ru eeBgjp7Otqc4HVH46fJBe14zoSAfkgVuQUesOxtsVBUAVT6MS/SICr/i+Wrig6lS k2LbokBD9GIihRVDG20XSkqfo3Uw7GBevFEJClCR7T5+rglnbVP8j+bXhumXBtAv y8wU0yYwaD8= =jZNP -----END PGP SIGNATURE----- ... "Happiness is a warm puppy," said the anaconda. --- Blue Wave/RA v2.12 -- |Fidonet: John Schofield 11:310/12 |Internet: John.Schofield@sprawl.expressnet.org | | Standard disclaimer: The views of this user are strictly his own. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cactus@seabsd.hks.net (L. Todd Masco) Date: Tue, 10 Jan 95 11:20:14 PST To: cypherpunks@toad.com Subject: Storm Signals Message-ID: <199501101924.OAA29627@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- On a social mailing list that I'm on, two things have been noticed in the last week: 1: Somebody's roommate (a Green Beret) has been called back into 6 months of active service. He was not told where he'd be. 2: GPS fine positioning has been turned off. This is only done during times of military operations (such as the 'invasion' of Haiti and the Iraq Massacre). It's also been highly correlated with Pentagon pizza deliveries. Anybody else have any clues as to what's up? No overt crypto relevence, but some parallels to traffic analysis could be easily drawn. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxKkJhNhgovrPB7dAQGCqwP/YzFcuNDCoUDY4a8O5YuVryBZ51HisN6m PHwc5W2bmwXx8LLQs1fOu8J9d3SFZM8l47bBj8EZCIvXatrUCHPVIqnBWfE30z8w 7uQRBn+eTtct/vs9MgPTGDk+mNWgDtYHL7TQ8vfypkYVgrlWH3pNbEs4+EkRv/5l ayYaAPq3IoU= =YUo1 - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxLe7CoZzwIn1bdtAQHEcgGAm0rMUiMy+5bUX419XmkLtHFXNUjvV8e0 1YylcQ5G9C/HlWXYZett0tudtpBUGZsS =kfFB -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Bradley W. Dolan" <71431.2564@compuserve.com> Date: Tue, 10 Jan 95 11:40:48 PST To: Subject: Why is WELL down? Message-ID: <950110193426_71431.2564_FHJ103-1@CompuServe.COM> MIME-Version: 1.0 Content-Type: text/plain My favorite net access provider, the WELL, is down and I can't get a straight answer from the normally frank WELL folks why. Is there a net.guru out there that might have any insight into whether this shutdown is technical or political? Brad Dolan From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Brian Beattie Date: Tue, 10 Jan 95 14:49:59 PST To: cypherpunks@toad.com Subject: Phil Zimmerman's Legal Defense Fund Message-ID: MIME-Version: 1.0 Content-Type: text/plain Could somebody mail me the info on sending a contribution Phil Zimmerman's Legal fees related to the PGP issue? Brian Beattie | [From an MIT job ad] "Applicants must also have | extensive knowledge of UNIX, although they should beattie@csos.orst.edu | have sufficently good programming taste to not Fax (503)754-3406 | consider this an achievement." From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Adam Shostack Date: Tue, 10 Jan 95 12:25:13 PST To: jamesd@netcom.com (James A. Donald) Subject: Re: procmail: another question In-Reply-To: Message-ID: <199501102026.PAA16836@hermes.bwh.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain | On Tue, 10 Jan 1995, Adam Shostack wrote: | > Procmail is a very versatile, relatively easy to use way of | > processing mail. | | "Relatively easy" -- Relative to the usual venomous Unix | user hostile interface that is. I use procmail, but my | local Unix guru does not, even though he has a clear need to do so. Its got a nasty learning curve; I held off for a long time before making the leap. What all mail filters need is better integration with MUAs, so I can say "This message should have gone into my cpunks-noise folder, fix the rules." Of course, doing that really well is not trivial. Safe-tcl has a shorter learning curve, but I've spend enough time that I don't want to switch without a payoff. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Todd Masco" Date: Tue, 10 Jan 95 13:34:06 PST To: cypherpunks@toad.com Subject: Crypto functions Message-ID: <199501102139.QAA00961@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- What crypto functions are considered modern and usable? The list I have right now is: RSA IDEA DES 3DES RC4 RC5 BLOWFISH MD4 MD5 (and FLAMINGO, a trivial test case, which consists of xor'ing every 8 chars with "flamingo".) Pointers to code for any other schemes will be greatly appreciated. Thanks, -- Todd - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxL+YSoZzwIn1bdtAQGmbgF+Il9/8OU3smhe+DqhKBX5a51N9H15/ElN 4ByTAiKfNjXu21HWyV29kSxEBofo5003 =j55J -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jeff A Licquia Date: Tue, 10 Jan 95 14:44:56 PST To: cypherpunks@toad.com Subject: Re: MEETING: Jan. 14th Bay Area Cypherpunks Meeting In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Ah, to be less locationally challenged! Anyone got a plane ticket they can donate? :-) I (and, I imagine, others) would highly appreciate a summary from some worthy soul fortunate enough to be there. ---------------------------------------------------------------------- Jeff Licquia (lame .sig, huh?) | Finger for PGP 2.6 public key jalicqui@prairienet.org | Me? Speak for whom? You've got licquia@cei.com (work) | to be kidding! From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. McCarthy" Date: Tue, 10 Jan 95 13:44:15 PST To: cypherpunks@toad.com Subject: Re: HTTP and ID Verification Message-ID: <199501102149.QAA01058@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Doc writes: > Can anyone tell me what the URL for the site that displays all > the identifying info it gets when you request it is? One option is http://www.uiuc.edu/cgi-bin/printenv - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxMAvioZzwIn1bdtAQGhxwF/VkjkXoQ/s6U85F90IqcUotmoHbCojLE9 Wmn+KPyoeIa6THpY/w3VGAV7ug5i5WZB =PkPL -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Syed Yusuf Date: Tue, 10 Jan 95 17:04:20 PST To: Cypherpunks Subject: FBI and BLACKNET Message-ID: MIME-Version: 1.0 Content-Type: text/plain I was just visited by the a humble servant of the FBI inquireing what I knew of BLACKNET. They apparently believe it's a possible network industrial sabbatoge (read Terrorism). Although the person I spoke to was quite cordial and even bought me lunch (that's the way to win me over) I must really question the intellegence (read IQ) and intellagence (read reconnasance) of his superiors. apparently whoever sent him his lead doesn't pay attention to the net enough to know Blacknet was a hoax, and why did it take since august for them to find me? I explained to him the differece between a Cyperpunk and a hacker explained what a joke it is to be prosicuting Mr. Zimmerman and why the Government is in the wrong for trying to limit encrytion strenght. Then I demonstrated the Internet and how to e-mail the prez and FTP speaches of the Prez :) (I know I know, act stupid so they volentere as much info as possible, he let too many things slip, but still If I had his job I'd be following up things like this too) --Syed Yusuf (Cypherpunk and proud of it damnit!) From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Perry E. Metzger" Date: Tue, 10 Jan 95 14:08:54 PST To: "L. Todd Masco" Subject: Re: Crypto functions In-Reply-To: <199501102139.QAA00961@bb.hks.net> Message-ID: <9501102208.AA26444@snark.imsi.com> MIME-Version: 1.0 Content-Type: text/plain "L. Todd Masco" says: > What crypto functions are considered modern and usable? The list I have > right now is: > > RSA > IDEA > DES > 3DES > RC4 > RC5 > BLOWFISH > MD4 > MD5 I wouldn't use BLOWFISH. MD4 is flawed -- and its a hash function, not a crypto function (as is MD5). RC5 is very, very new. RC4 hasn't been well studied in the open literature yet, though it is quite promising. .pm From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: skaplin@mirage.skypoint.com (Samuel Kaplin) Date: Tue, 10 Jan 95 23:17:05 PST To: cypherpunks@toad.com Subject: Re: Storm Signals In-Reply-To: <199501101924.OAA29627@bb.hks.net> Message-ID: <4Rn4lKjqRCC3075yn@mirage.skypoint.com> MIME-Version: 1.0 Content-Type: text/plain In article <199501101924.OAA29627@bb.hks.net>, you wrote: > [BEGIN PGP SIGNED MESSAGE] > [BEGIN PGP SIGNED MESSAGE] > > On a social mailing list that I'm on, two things have been noticed in > the last week: > > 1: Somebody's roommate (a Green Beret) has been called back into > 6 months of active service. He was not told where he'd > be. > > 2: GPS fine positioning has been turned off. This is only done > during times of military operations (such as the 'invasion' > of Haiti and the Iraq Massacre). It's also been highly > correlated with Pentagon pizza deliveries. > > Anybody else have any clues as to what's up? Perhaps Bosnia? -- ============================================================================== skaplin@skypoint.com | Finger skaplin@infinity.c2.org for | a listing of crypto related files PGP encrypted mail is accepted and | available on my auto-responder. preferred. | (Yes...the faqs are there!) | E-mail key@four11.com for PGP Key or | "...vidi vici veni" - Overheard Finger skaplin@mirage.skypoint.com | outside a Roman brothel. ============================================================================== A fanatic is one who can't change his mind and won't change the subject. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "L. Todd Masco" Date: Tue, 10 Jan 95 14:25:43 PST To: cypherpunks@toad.com Subject: Re: Crypto functions Message-ID: <199501102230.RAA01492@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- Well, by cryptographic I mean "interesting crypto-type functions," not necessarily just reversible mappings. As far as an encryption API is concerned, hash functions are no different: a byte stream comes in, a different byte stream comes out. I ask because I'm starting to put together those GUCAPI function I was talking about before the new year and defining the initial set of functions. L. McCarthy noted that I didn't include sapphire, and I've included it in the (trivially expandable) interface definition. I'm more interested in being inclusive than in excluding cryptographicall weak functions (and I don't feel that I'm qualified at this point to make the call between what's weak and strong anyway). - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCUAwUBLxLPixNhgovrPB7dAQEWZgP3eLGNg+X5oxIySLFaTRaZN5eHgS402S39 /6FsB2eiUhy0j7OOrd3OiMorQSJ+V/8UvyJUayUYlWBoTgC/zJn8Vry4zX0HWhRh URv5IT3l3Q/8kFCBkjRMSS/2b3ya0s2gFUJMzEYz78JNpLOwjtm59svdjydTE+z2 bboLSy+H1A== =1noA - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxMKeCoZzwIn1bdtAQHtGAGAzxBCONKibbY5cvv/7a/POL5mqRjDfQ7B c7S0z6EJMyGFsGeWJrOVlCgVum0TPrTE =Rcku -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Tue, 10 Jan 95 15:47:47 PST To: ekr@eit.COM (Eric Rescorla) Subject: Re: Pornography, What is it? In-Reply-To: <9501101603.AA02337@eitech.eit.com> Message-ID: <199501102342.RAA00418@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text > >> > >If this is so then everything I have read or seen misses this minor point > >completely. Every press release, speech, etc. that I see uses the term > >pornography, not obscenity. TV preachers, news anchors, newspapers, DA's, > >etc. consistently use the term pornography. The state of Oregon specificaly > >legalized pornography, not osbcenity. > >I think from a legal standpoint there is little difference between the two. > > Not so. Obscenity is a class of speech which is completely unprotected > by the First Amendment [*Note, I don't agree with this line of reasoning, > but it's what the Supremes say.] I.e. you can simply ban obscenity, > like child pornography. Pornographic material cannot be banned but > can be regulated according to 'time place and manner'. Hence the > zoning restrictions on Adult book stores. > I understand what you are saying, what I am saying is the distinction is not used in practice. The bbs operator in Cali. that was busted in Tennessee was busted for delivering PORNOGRAPHY (not obscenity) to a minor (in short a 14 year olds account being operated by a oinkdroid.) If you can 'simply' ban obscenity then why all the rucus? Simple, you can't ban it simply... or any other way for that matter. As to your zoning restrictions, they change from place to place and hence are not a hard and fast rule either. The bottem line is that the distinction fostered by legal eagles is a straw man argument, it is intended to distract from the real issue - freedom to do what you want unless you harm another or their property without their prior concent. > >From a legal perspective, the difference between pornography and > obscenity is defined by the Miller test. [This may have changed > a bit in the past few years]. This states that in order for > material to be obscene it must be: > > 1. Devoid of any artistic or literary importance. > 2. Appeal to a prurient interest. [i.e. be arousing]. > 3. Be patently offensive by contemporary community standards. > > This isn't the exact wording, but it's the general idea. > This test is a joke, if you apply it fairly then a man and his wife having anal sex would qualify as obscene in many places (which it does in some states) Also, the whole concept of community standards is unworkable. Whose community? The reason so few people get busted under the Miller test is that there really are so few idiots out there who would fall for it. > In practice, it's very hard to get anything declared obscene, > hence the desire to regulate pornography strongly within the > permitted bounds of the First Amendment. > The reason they want to regulate pornography is that it is a stepping stone to a total ban. It is based on religous grounds and the issue really has little if anything to do with Constitutional rights. > -Ekr > From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cactus@seabsd.hks.net (L. Todd Masco) Date: Tue, 10 Jan 95 14:45:00 PST To: cypherpunks@toad.com Subject: Re: QUERY: S/Keyish PGP? Message-ID: <199501102249.RAA01602@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- I'm catching up on old mail... In response to my query, Adam Shostack wrote: > >| A quick question: Has anybody considered the possibility of hacking >| something into PGP's password protection to allow an S/Key like access? > > I thought of this, bounced it off a few people, none of whom >caught the flaw. When I got around to implementing it, I realized >that for it to work, your key would have to be securely stored on your >unix box without encryption. I caught that. What I was hoping for was something that would allow a key to be use for a specific purpose once and only once by a given passphrase. Ideally, this could be done on a machine that was totally insecure. I didn't catch the fundamental flaw, though. If the machine is compromised the key can always be compromised by taking an image of the previous state and replaying whatever passphrase was intercepted. Bummer. - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxLUPBNhgovrPB7dAQEn8gP8DrC3h9Dv21JGgg4Vsz/76gnUfnTJBPD+ PPyZ2gi2dzzQOVkYsxZBHQs7kRq6ZSANNbCfM5wY1GbBagZvv2gAPMx9bESudH+l wtoFcZGH5Az85O+k6FhN/QsOjJq/PaHUbNMui1Q+QKrMqU4I/UGCJCxAVRP8/wfS 8rLKzm7TxTU= =LxUH - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxMPACoZzwIn1bdtAQH7DAF9EMimhI0J9JUN9bqaHhsz2opQXZSIQC+g D32kU3ELjC58Y4Ig3e9fLLrPoGtTub85 =Uq/c -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: pstemari@erinet.com (Paul J. Ste. Marie) Date: Tue, 10 Jan 95 21:52:02 PST To: jpb@gate.net Subject: Re: Thoughts on Data Havens Message-ID: <9501102319.AB01326@eri.erinet.com> MIME-Version: 1.0 Content-Type: text/plain At 01:30 AM 1/10/95, jpb@gate.net wrote: > ... Post a new PGP key and encrypted address block weekly to alt.data.havens, >alt.2600, or a stegoed picture to alt.binaries.pictures.whatever. If you >are limiting usership, perhaps an autoencrypting majordomo list. ... Still, messages intended for the DH could be identified by the publically known mailer address. Some sort of protocol where each message to the remailer results in a new and different encrypted send-to block being returned to the sender would seem to be required. Avoiding traffic analysis on these messages would require you to place a new and different encrypted reply-to on each message chunk. > ... It would also be a good idea to only allow DH >commands to be executed if the encrypted (mandatory) control message arrived >from another remailer account ... I was assuming this--on the basis that the DH would not want its location know to the presumeably large number of clients. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: root Date: Tue, 10 Jan 95 21:41:34 PST To: ekr@eit.COM (Eric Rescorla) Subject: Re: Pornography, What is it? In-Reply-To: <9501102357.AA12620@eitech.eit.com> Message-ID: <199501110033.SAA00514@einstein.ssz.com> MIME-Version: 1.0 Content-Type: text > > You seem to have missed where I say that I don't agree with this > line of reasoning. I tend to believe that the first amendment means > what it says. (I.e. make no law.) But the fact of the matter is that > the people who make the law think differently, right or wrong. > I understand, I just don't think most of the folks out there against porno are interested in constitutional rights. They don't see them as relevant to their day to day lives. You might call it a sort of cult of personality which is using religion as the head. Also, the 1st Amendment says that Congress shall make no law, it doesn't say a damn thing about the states doing it. When I read this amendment what I see is the founding fathers saying it is up to each state to decide for themselves. And since Congress is placed in charge of inter-state relations it is quite simple to reduce this to mean that States may not apply their standards to other states because they would then be acting in the place of the federal government. > >I understand what you are saying, what I am saying is the distinction is not > >used in practice. The bbs operator in Cali. that was busted in Tennessee was > >busted for delivering PORNOGRAPHY (not obscenity) to a minor (in short a 14 > >year olds account being operated by a oinkdroid.) > The key word here is 'minor'. Minor have nowhere near the rights > that adults have. Try banning the sale of pornography to demonstrated > adults. > Yes, but at no time was it proved that a mindor DID d/l the file only that they could. Big distinction to me. A oinkdroid did the d/l'ing by playing like the 14 year old. To me this is entrapment. > I think you misunderstand. The First Amendment places restrictions > upon what the States may do. The States are free to make such > laws or NOT. Some don't. Most do. > The 1st. Amendment says nothing about what the states can do, only Congress. > It's all very well and good to say such things, but this formulation > of liberty has no reasonable basis in Constitutional Law. The > Bill of Rights does not encode Mill's On Liberty, as much as you > might like it to. > Then I suggest you read the 9th and 10th Amendment. The 9th says the states will ALWAYS get the benefit of the doubt. The 10th says the federal government will NEVER get it unless there is a Constitional Amendment. > Huh? Obscenity has to do with freedom of speech, not action. It's > an exception to the First Amendment, not to some general class > of liberties. Depictions of anal sex are typically not considered > obscene. The act of anal sex is often made illegal, but that's an > entirely separate issue. It is made illegal because it is considered obscene. You seem to be skirting the issue here. And since when is speech not an act? There are a whole list of things included in the freedom of speech issue (ie freedom of the press) that clearly implies that speech is one kind of act. > > >Also, the whole concept of community standards is unworkable. Whose community? > The community passing the law. Last time I checked such cases were tried by 12 peers, this hardly qualifies as community by any definition. It is not like they take a vote of all the people in the community of voting age (which they should). > > > Look, you can make general arguments about the way that you think > that your liberty should be, but the only legal basis you have > for claims that you have the freedom to do something is the > Bill of Rights. I'm arguing from that basis. > As am I. I base each and every one of my beliefs about how this government is supposed to be run on that document and that document alone. It is not the supreme law of the land for nothing. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: david.lloyd-jones@canrem.com (David Lloyd-Jones) Date: Wed, 11 Jan 95 00:22:42 PST To: cypherpunks@toad.com Subject: Re: January meeting with Message-ID: <60.18618.6525.0C1C8733@canrem.com> MIME-Version: 1.0 Content-Type: text/plain LE+> The following is a message from my lawyer, Phil Dubois. He posted it +> to alt.security.pgp, and I thought I should post it here as well. The +> message is signed with his key. +> +> --Philip Zimmermann +> LE+The aforementioned signed message from PKZ's lawyer message failed +signature check on my system, apparently because it contained a very +long text line which, somewhere along the way, was chopped into two +lines before it arrived in my mailbox. LE+The two lines as they appeared in my message (which failed signature +test) are: Well, there it is. Phil goes free. -dlj. david.lloyd-jones@canrem.com * 1st 1.11 #3818 * Gingrich, n. abbrev. : "giving to the rich". From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Mark Rogaski Date: Tue, 10 Jan 95 17:10:14 PST To: cypherpunks@toad.com (Cypherpunks) Subject: Returned mail: User unknown (fwd) Message-ID: <199501110109.UAA03229@phobos.lib.iup.edu> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- - From the node of anonymous-remailer@shell.portal.com: : : I want to propose that a change to more of a Snow Crash society : with anarcho-capitalism as the norm is not necessarily being : _caused_ by pressures listed above, but, rather, fit a grander : historical destiny. What we are seeing and will see in the : Not necessarily to the EXTREME that Stephenson predicted, but I definitely see alot of what he said already starting to happen. Hell, look at the Burbclaves. Lil' old Indiana, PA had their first drive-by shooting a few months ago. Some of the growing gang-warefare influence is starting to spill over from Pittsburgh. Once people get a little more frightened of violence, the engineered community idea is going to explode. Now take that with private and corporate police forces and ... BINGO! Snowcrash. : Consider the possibility that the dissolution of large, : centralized federal republics is also inevitable. (The : Frissel/Sandforth Optimists have been arguing this exact point.) : The decentralizing effect of digital networks (or Webs a la Hakim Bey) is pretty self evident. One can easily extrapolate the effects of a structure like the Internet, a structure that by nature routes around any form of 'censorship' from above. - ----- Doc doc@phobos.lib.iup.edu aka Mark Rogaski http://www.lib.iup.edu/~rogaski/ Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... [finger fllevta@oak.grove.iup.edu for PGP Public Key and Geek Code v2.1] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxMZ/R0c4/pqJauBAQH8LwP+PrvNhKJVEzmhZVcuvkNMLmGWWgyflAlh PxvR5BtJHBpE/oNqB3TVOywt9eJYeIV7L7BSboIFosEyqC4OEFS6WRTAJpWhPg8L L9CdvhaDKubnTteBEtugEtU1HB3iJ+zRucJYUVit0bBwCimcqvr/aTMab7h4Yqw9 uKJPulSTg/w= =jdlE -----END PGP SIGNATURE----- ----- Doc doc@phobos.lib.iup.edu aka Mark Rogaski http://www.lib.iup.edu/~rogaski/ Disclaimer: You would probably be hard-pressed to find ANYONE who agrees with me, much less my university or employer... [finger fllevta@oak.grove.iup.edu for PGP Public Key and Geek Code v2.1] From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: danisch@ira.uka.de (Hadmut Danisch) Date: Tue, 10 Jan 95 12:22:06 PST To: cypherpunks@toad.com Subject: Re: "safe" Internet access Message-ID: <9501102021.AA04063@elysion.iaks.ira.uka.de> MIME-Version: 1.0 Content-Type: text/plain > If you want to access the Internet in a way that doesn't reveal your > physical location (much), buy access from Metricom. They sell > Internet access via radios. A small part-15 (900Mhz) $500 radio modem This seems to be one of these devices which use the celular phone network. In Germany they are also available ("Modacom") and use the D1/D2/E-Plus networks. These networks can localize a sender in many cases with a precision of about 20-40 meters. Not the best way to keep the physical location secret... Hadmut From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Angus Patterson Date: Tue, 10 Jan 95 18:52:33 PST To: cypherpunks@toad.com Subject: Why use plastic for remailers and DH? Message-ID: MIME-Version: 1.0 Content-Type: text/plain This point may have been raised before, but anyway, unless you're using a swiss-bank issued credit card for a numbered account (if that's at all possible), or a bogus name on the card, why would anybody want to use something as completely traceable as a credit card to pay for a remailer or a data haven? From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: Jurgen Botz Date: Tue, 10 Jan 95 19:08:46 PST To: jpb@gate.net Subject: Re: Remailer postage In-Reply-To: <199501051802.NAA22909@seminole.gate.net> Message-ID: <199501110308.WAA07340@orixa.mtholyoke.edu> MIME-Version: 1.0 Content-Type: text/plain jpb@gate.net wrote: > Where can I get the Magic Money software? I'm a bit behind, so sorry if others have already suggested this, but you should need any digicash for this... stamps can be just big random numbers. Someone buys a books of stamps, you make 10 big random numbers send them a copy and keep a copy on file. After a message comes through with a particular number you throw that number out. Just like real stamps, and unlike money, they can be used only once. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: "Philippe Nave" Date: Tue, 10 Jan 95 22:05:45 PST To: cypherpunks@toad.com Subject: Odd bits, minutinae... Message-ID: <9501110606.AA21223@abacus.ewindows> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Would *I* abstract an internal communique for a bunch of net.riffraff? Surely not - you must know me better than that... [...stuff...] Search done for Message: <<< BELL LABS NEWS >>> - ---------------- >>> ENCRYPTION -- This week, Bell Labs reported development of the AT&T Information Vending Encryption System (IVES), a security system that protects commercial information services -- such as video on demand, home shopping and banking -- and electronic news and alerting services. Using chips designed by Bell Labs and VLSI Technologies, IVES works on various networks including the Internet, cable TV networks and direct satellite broadcasting. The first application of IVES is in set-top cable television boxes being built by AT&T for Cablevision Systems Corp., the nation's fifth-largest cable service provider. By employing secure cryptographic addressing, IVES will assure that only paying customers receive enhanced pay-per-view and video-on-demand services. "There have been effective attacks on most, if not all, video encryption systems, despite highly sophisticated countermeasures," said Dr. David Maher, chief scientist for AT&T Secure Communications Systems. "Hackers are dedicated and can be well funded. Incentives are rising rapidly." [...stuff...] Dedicated? Definitely. Well-funded? Hmmm. This item is something for your acronym-scan parsers; will IVES become interesting? (If not IVES, what of CURRIER? Whoa- it was a joke, officer - CURRIER and IVES, get it? Oh, shit.) Search done for Message: <<< BELL LABS IN THE NEWS >>> - ---------------- >>> DNA -- In a bold experiment that provokes investigators to reconsider what a computer is, a researcher has used the genetic material DNA as a sort of personal computer. The experiment's designer, Dr. Leonard Adleman, translated a difficult math problem into the language of molecular biology and solved it by carrying out a reaction in one-fiftieth of a teaspoon of solution in a test tube. Adleman, of the Univ. of Southern California in Los Angeles, used DNA to solve a problem that involved finding the shortest path linking seven cities. Molecular computers, Adleman said, are fast and efficient, and they have unheard-of storage capacities. He said molecular computers can perform more than a trillion operations per second, which makes them 1,000 times as fast as the fastest supercomputer. And they can store information in a trillionth of the space ordinary computers require. "It's a very intriguing idea," said Ron Graham, of the Bell Labs Information Sciences Division at Murray Hill. "It's more than just cute. It makes you think in a different direction." (from the Denver Post, Nov. 22, '94) [...stuff...] Hmmm. Have you ever been spied on by your own metabolism? ..... YOU WILL. Then again. maybe not. FYI. -Philippe -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLxN0uQvlW1K2YdE1AQHMGAQAu5S0T9xUPsdY8SfB0k43bE2BNL5pb1OE FAg7qjbJ1ugZw0EPDrGFBH7sjq2GHBhyXwgBrlL5j2oAVnnGL2+3QtrcyxIEsrXA 42ME+1JaOQo5+pclCjOrxF00MDoqGdw7hMLexGyawOs7zp+RGDrhPUkMG7ennpky 8QEfrFh8yYU= =pI4l -----END PGP SIGNATURE----- -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! nave@abacus.dr.att.com | Denver, Colorado USA | PGP public key: by arrangement. From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay@netcom.com (Timothy C. May) Date: Tue, 10 Jan 95 23:46:44 PST To: root@einstein.ssz.com (root) Subject: Re: Pornography, What is it? In-Reply-To: <199501110033.SAA00514@einstein.ssz.com> Message-ID: <199501110734.XAA16586@netcom20.netcom.com> MIME-Version: 1.0 Content-Type: text/plain root wrote: > Also, the 1st Amendment says that Congress shall make no law, it doesn't say > a damn thing about the states doing it. When I read this amendment what I see > is the founding fathers saying it is up to each state to decide for themselves. > ... > The 1st. Amendment says nothing about what the states can do, only Congress. The Amendment(s) may read "Congress shall make no law...," but the states are *not* in fact able to pass laws restricting freedom of speech, establish religions, quarter troops, and so on. Or, rather, they may go ahead and pass such laws, but the Supreme Court will generally strike them down as being "unconstitutional." See how far Utah would get in establishing Mormonism as the official state religion ("But the Constitution says _Congress_ shall make not no, and we're not the Congress, so there!"). Deviations exist, of coure. The Second Amendment is in fact routinely trampled by various states and local jurisdictions, as states ban various types of guns, etc. There is hope in the gun rights community that the Supremes will someday deign to hear a case on this and so strike down these laws which clearly controvert the Constitution. I'm not a lawyer, and it's been 25 years since I was in a "civics" class, so I'm sorry to not recall the precise language by which "Congress shall make no law" also is taken to apply to Sacramento, Albany, Austin, and so forth. --Tim May From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: cheap_anonymous@crl.com Date: Tue, 10 Jan 95 21:39:56 PST To: cypherpunks@toad.com Subject: Jay Leno Message-ID: <199501110448.XAA04663@bb.hks.net> MIME-Version: 1.0 Content-Type: text/plain -----BEGIN PGP SIGNED MESSAGE----- Tonight on the Tonight Show with Jay Leno, Leno said: "...why is O.J. writing a book? If he's so eager to tell his experiences, whisper it to Connie Chung." Thought it might be mildly humerous for those of us who read Tim's message about Connie. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxNjBioZzwIn1bdtAQGEzQF/XkfPjWrW2kbgpYLB6Gf1EiNXEJTwKW1l mtuAnfhbSHsXPDIvv4IzGoAof2qlsd2v =66P/ -----END PGP SIGNATURE----- From cypherpunks@MHonArc.venona Wed Dec 17 23:17:14 2003 From: nelson@crynwr.com (Russell Nelson) Date: Tue, 10 Jan 95 21:56:58 PST To: cypherpunks@toad.com Subject: Re: Why use plastic for remailers and DH? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain Date: Tue, 10 Jan 1995 21:54:24 -0500 (EST) From: Angus Patterson This point may have been raised before, but anyway, unless you're using a swiss-bank issued credit card for a numbered account (if that's at all possible), or a bogus name on the card, why would anybody want to use something as completely traceable as a credit card to pay for a remailer or a data haven? Because the message you sent into the remailer isn't tracable to the message that left the remailer (isn't that the point?). Give the FBI credit for *some* brains and assume that they already know y