From: Hal <hfinney@shell.portal.com>
Date: Wed, 18 Oct 95 06:55:06 PDT
To: cypherpunks@toad.com
Subject: Re: Anonymity: A Modest Proposal
In-Reply-To: <Pine.3.89.9510180431.A22347-0100000@netcom4>
Message-ID: <199510181353.GAA25545@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Modemac proposes sending messages to remailers via newsgroup postings.

This is not a bad idea, although I would not use a shared secret key
for all remailers, but rather use a stealth system and encrypt for a
specific remailer.  However, it doesn't go to the crux of the problem.

From my experience operating two remailers, ALL complaints are the result
of SENDING messages, not RECEIVING them.  This is how I can tell: my two
remailers, hal@alumni.caltech.edu and hfinney@shell.portal.com, are
different.  The first one is run on a "free" account whereas the second I
pay $20 to $50 a month for.  Also, the management at Portal has
demonstrated commitment to cypherpunk type goals.  So I view that
remailer as much stronger, politically.

As a result I have my alumni.caltech.edu remailer configured to forward
all messages via the portal remailer.  That means that no one will EVER
see an anonymous message from hal@alumni.caltech.edu.  People can send
messages to that remailer, but they come out via the portal one.

Now, since I have set it up this way, which was about two years ago, I
have not received a single complaint about operating the remailer at
alumni.caltech.edu.  Nobody sends me mail saying "your system is
accepting objectionable messages."  Instead, all the complaints I get are
about the Portal remailer (averaging one per week, probably).  People
complain when they receive a message or newsgroup posting that they find
objectionable.  They don't care if some system is accepting messages.
They care about the system which is sending them.

This has always been the weak link in the remailer system: the last
remailer in the chain takes the political and legal heat.  If there is
ever a libel or copyright infringement suit, or criminal prosecution,
against a remailer it will almost certainly be against the last remailer
in the chain.  Those are the source of the complaints and those are the
ones which people try to shut down.

So I don't think schemes to produce "virtual remailers" and such are
going to work unless you have a very secure remailer as the last in the
chain.  And once you have that there is not much need to change the
system for accepting messages into the remailer net.

Hal