From: Marc.Ringuette@GS80.SP.CS.CMU.EDU
Date: Sun, 28 Feb 93 17:03:49 PST
To: cypherpunks@toad.com
Subject: Re: Future of anonymity (short-term vs. long-term)
Message-ID: <9303010103.AA08082@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry, I sent my last message before it was ready (and before it got
divided into two separate messages).  It mostly says what I wanted it
to, so I won't bother you with another version.

On the SHORT-TERM end of things,  I have two more thoughts on how to
make truly anonymous remailers good net citizens:

  1.  Agree on a header line which identifies all messages coming out of 
      our remailers.  If someone wants to filter out all anonymous messages,
      I think we should help them to do so.

  2.  Here's my proposal for what kind of remailer logging to do:
          logging of source-to-destination mapping:  NONE.
          destination logging:  NONE.
          source logging:  on a machine-by-machine basis, log the total
              input volume over a fairly long period, with some random
              noise added.  When a source is providing too much volume,
              and it's not on your local list of "friendly" remailers,
              then take action to reduce the volume.  I suggest that the
              first action should be to INCREASE THE DELAY to reduce the
              volume-per-unit-time of messages from that site.  If the
              volume of spooled traffic from a site reaches a threshold, 
              only then start throwing away messages.


-- Marc Ringuette (mnr@cs.cmu.edu)