From: Hal <74076.1041@CompuServe.COM>
Date: Fri, 15 Jan 93 10:39:53 PST
To: <cypherpunks@toad.com>
Subject: more on security/obscurity/reality
Message-ID: <930115183334_74076.1041_DHJ45-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


I can understand Daniel Ray's proposing to keep a low profile in 
running remailers, using encryption and such.  Pax was probably the 
highest profile service, at least in the Usenet groups I use, and look 
what happened to it.
 
The problem is, how can a remailing service be secret?  Its address has 
to be known in order for it to be used!  The only way it could be 
secret that I can see would be for it to have only a small, select 
group of "clients" who use it, and who keep the address to themselves.  
But there is no such group; it's not like there's some kind of ring of 
privacy lovers out there who will want to use such services but who 
will be willing to keep the servers secret.
 
If remailers are going to be useful, they _have_ to be public.  People 
have to know how to reach them in order to use them.  The real task, it 
seems to me, is to justify anonymous mail to the Internet public, so 
that people will not support these shutdowns, and, even better, so that 
people will routinely use encryption and even remailing when they 
communicate.  Eric Hughes made the point here some time back that we 
should aim for a society where sending non-encrypted remail is 
considered rather eccentric: "What?  You send your mail _exposed_?  You 
don't mind if everyone reads it?"  In the same way, sending mail in 
such a way that everyone can see who you are communicating with, and 
that everyone you send to can see your true address automatically, 
could become equally unusual.
 
One other point I'd make regards the use of pseudonyms for replying.  
The Pax service created a pseudonym for each person who used the 
service which was put into the "From:" line of outgoing mail.  Then 
people could reply to that pseudonym and it would go back to the 
original sender.
 
The problem with this approach, as far as spreading remailers, is that 
you have to have privileges on your machine in order to create new user 
ID's.  An individual user who doesn't own or run a machine is generally 
not able to create such pseudonyms.  This means that the number of 
people who can run remailers which use such features is much smaller 
than the number who can run the simpler Cypherpunks remailers in their 
current versions.
 
The Cypherpunks remailers do allow for anonymous return addresses, but 
they are quite cumbersome to use, not automatic like the Pax type.  But 
they do have the advantage that anyone who has access to Unix, PGP and 
Perl can run them.  This is probably a much larger population.
 
Hal