1993-01-25 - Coupled programs and security by obfuscation

Header Data

From: mjr@netcom.com (Matthew Rapaport)
To: cypherpunks@toad.com
Message Hash: 7d57dcc9e2e58da1594aaba595dd7c6422e72998e257cccc3b88f44d182846f9
Message ID: <9301252034.AA21595@netcom2.netcom.com>
Reply To: N/A
UTC Datetime: 1993-01-25 20:34:55 UTC
Raw Date: Mon, 25 Jan 93 12:34:55 PST

Raw message

From: mjr@netcom.com (Matthew Rapaport)
Date: Mon, 25 Jan 93 12:34:55 PST
To: cypherpunks@toad.com
Subject: Coupled programs and security by obfuscation
Message-ID: <9301252034.AA21595@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

**** Pat Farrel <pfarrell@cs.gmu.edu> writes

>I expect that current terminal/menu based BBSes will disapear
>once folks realize how much better easier, faster, and all
>around better programs that use computers as computers work.

I hope not... At least not until the BBS operators and writers agree
on some standardized API so people like me and other third parties
can write PC based interfaces in a language of our choice. The problem
with current "coupled systems" (for example the Coconet BBS software)
is that they all rely on proprietary interface programs on the PC. If
I communicate with 10 BBS systems (large or small), I must have 10
different communications programs... No thanks...

Also keep in mind that much of the value of these systems comes from
their availability to the widest possible audience. There are people
in many parts of the world who still have nothing better then 1970's
style glass tty's and even paper-output type terminals!


Back on the issue of privacy and anonymity, I don't understand the lure
of all these schemes for hiding mail paths, etc. If encrypted messages
pass through one aliaser, and get decrypted (and aliased again) on
another machine, you are protected. The machine that knows who you are
can't read your material, and the machine that can read you doesn't know
who you are. Any further obfuscation adds little (IMHO) to your
security. Revelation of your identity (in either case) depends on
collusion between system administrators on the different hosts. True
this might be even less likely where 3 or more hosts are involved, but
how much less so? If some agency is powerful enough to force two systems
in different parts of the world (and the net) to reveal what they know
about you, the chances are they can force three or four, etc.

matthew rapaport     Philosopher/Programmer At Large      KD6KVH
           mjr@netcom.com     70371.255@compuserve.com