1993-01-15 - Re: possible solution to the anonymous h

Header Data

From: Hal <74076.1041@CompuServe.COM>
To: <cypherpunks@toad.com>
Message Hash: 1d8fe1118882ccdc8bcdc3c53ac5a828b26e7f2e2be08fcd71642614d05720fc
Message ID: <93011506584074076.1041_DHJ55-1@CompuServe.COM>
Reply To: _N/A

UTC Datetime: 1993-01-15 07:08:10 UTC
Raw Date: Thu, 14 Jan 93 23:08:10 PST

Raw message

From: Hal <74076.1041@CompuServe.COM>
Date: Thu, 14 Jan 93 23:08:10 PST
To: <cypherpunks@toad.com>
Subject: Re: possible solution to the anonymous h
Message-ID: <930115065840_74076.1041_DHJ55-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain

I have to agree with Peter Honeyman that Marc Horowitz's proposal
that remailers reveal message sources under certain conditions
wouldn't work well.  Remailer users will prefer remailers which won't
do this.  So reputations and such will tend to push things in the
opposite direction.

Also, I'd point out that the Pax remailer actually did maintain a database
of anonymous addresses with the corresponding real addresses.  So it
already worked much as Marc suggested.  You can actually send mail to
someone who posts anonymously through Pax just as easily as you could
send to someone who posted non-anonymously.  So if you want to complain
about some offensive posting or email to the person who did it, you
still could with Pax.  These features didn't stop Pax from getting shut

Marc's suggestion that commercial users could run remailers without pressure
from NSF sounds good in theory, but it's not clear how well it would work
in practice.  I don't think Cypherpunks could run such a remailer, even
if Marc is right and it would cost $10 per Cypherpunks reader per month.
I doubt that many people would be willing to make this charitable contribution
for what would be a public good - a remailer that anyone could use.

Even if it could be done, one remailer isn't enough.  We need many remailers
so that no one remailer can expose users.

I think the best bet would be a commercial site which has a connection for
other reasons, and which is willing to run a remailer on the side.  I
don't know what kinds of sites use these commercial connections.  The
commercial Internet access that I am aware of is through companies like
Compuserve, Portal, Netcom, the WELL, and so on, and I think they all have
to abide by the NSF acceptable use policies.  At least, I had to agree to
those on Portal and I think on Compuserve.  What would be an example of a
site with commercial Internet access which would be free of NSF pressure?

One other point I'd make with regard to Marc's message is that if PGP itself
is the problem, there's no reason the remailers can't use RIPEM.  That's
legal in the U.S., so the legality issue would not arise.  This might be
a good approach to take in broaching the subject with administrators.  I
haven't looked at RIPEM much but I'm sure the remailers could use it just
as easily as PGP.  Even non-encrypting remailers can provide basic
anonymous posting and mail, if those would be more acceptable.

A final point is that forwarding mail for another person can hardly be
made illegal in general.  If I receive a message from person A asking me
to forward it on to person B, and I do so, this is clearly a legitimate
email message that I choose to send.  To try to disallow this would be to
put intolerable restrictions on email content.  So, if this is allowed, it
seems to me that I should be able to write a program to do what I am
allowed to do manually.

If these remailers could be made widespread, with tens of thousands of people
running them as a routine service, I think a crackdown would be much more
difficult.  I think we need to educate users about the value of privacy
and anonymity in order to encourage more people to run remailing software.
Can anyone suggest a newsgroup where these kinds of discussions would be

Hal Finney