From: sameer <sameer@c2.org>
Date: Sun, 22 Oct 95 00:45:39 PDT
To: mark@lochard.com.au (Mark)
Subject: Re: Encrypted TCP Tunneler
In-Reply-To: <199510220457.AA22856@junkers.lochard.com.au>
Message-ID: <199510220738.AAA08907@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


A) Maintanence requests come in through the remailer network. Someone
tcp sniffing my incoming network would only see SMPT packets coming
froma remailer.) and the SMTP messages would be encrypted with
alpha.c2.org's key.

B) See (A)

C) We don't keep any information about the owners of anonymous
accounts. We will gladly give up any information we have given a
properly executed court order. The important fact though is that we
don't have the information that an LEA would need to find the person
publishing the materials that the LEA doesn't like.



	The anon shell accounts are more difficult to secure.


> 
> >alpha.c2.org will soon start provided anonymous web page
> >services.  You can get normal webserver access (the alpha.c2.org web
> >pages will be very limited) through an anonymous shell account.
> 
> >> A more cypherpunky type of application would be to enable anonymous
> >> httpd's so that your clients could advertise their nice/naughty products
> >> and be safe from location identification. If they had to pack up then
> >> they could move to another ISP and reconnect to the anon.net as normal.
> >> (Didnt I just read this in a spam HOWTO?)
> 
> >> The problem I see is when a LEA gets involved and snoops your wires and
> >> traces you back to your starting point and then traces the client that is
> >> supplying nasty httpd services. You wouldnt necessarily be aware of this
> >> occuring either.
> 
> How do you propose to protect entities wanting to utilise this function from
> 
> a) people sniffing the tcp packets coming in to discover who is maintaining
>    a web page,
> 
> b) the above LEA attack where your own lines are monitored and data is tracked
>    back thru the various networks to the web page maintainer?
> 
> c) an open LEA confrontation where they issue a warrant demanding any and all
>    info you have on the web page maintainer. (e.g. co$ doesnt like whats on
>    one of the pages)
> 
> The same again for the anon shell accounts.
> 
> Apart from a once off mailed to you via remailer, the creator of a web page
> needs to maintain their creations. This implies a means of accessing it that
> is repeatable. Wether thats via a dialup account or over the net, it can be
> traced. It's only when the entity uses channels outside of the jurisdiction
> or capabilities of those monitoring that some anonymity can be achieved.
> (Implies they weren't monitored entering the blinding channels in the first
> place).
> 
> Cheers,
> Mark
> mark@lochard.com.au
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer@c2.org