From: Hal <74076.1041@CompuServe.COM>
Date: Fri, 26 Feb 93 10:04:55 PST
To: <cypherpunks@toad.com>
Subject: Re: more ideas on anonymity
Message-ID: <930226173222_74076.1041_DHJ72-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


I want to add to John Gilmore's point about the practical difficulty of 
controlling anonymous postings and mailings if you are going to allow 
them at all.
 
Johan is taking a very principled position by promising not to reveal 
true identities behind the pseudonyms.  Instead, he offers to warn 
abusers, and if problems continue, to block their access to the service.
 
Unfortunately, as more remailer sites develop, this tactic may become 
ineffective.  It will be possible to chain remailers together in 
different ways, so that the effect is that you can post through Johan's 
system from many different addresses.  With multiple remailers and 
chaining there is no way for the final remailer in the chain to know 
when two messages are coming from the same person.
 
This will mean that it will not, in practice, be possible to block 
access for a given user.
 
We discussed this earlier in the context of anonymous email.  I had 
received a complaint from a young lady about receiving some offensive 
anonymous mail through my remailer.  (This story was resolved 
surprisingly, BTW: it turned out that it was a joke message sent by a 
good friend of hers, someone who knew one of the Cypherpunks and who 
knew about the remailers.  So she is no longer upset about the message 
at all.  But I didn't know this at the time.)  Realizing that it would 
not be practical to do source blocking, my suggestion was to implement 
destination blocking: no mail from my remailer would go to this person.
 
Eric Messick expanded upon this idea recently so that only people who 
had actually requested anonymous mail would receive it.  (A variation 
would be to first send a note to a person saying, "I have some anonymous 
mail for you; please reply within 48 hours if you'd like to receive it, 
otherwise it will be deleted.")  Other variations upon this approach 
could help to keep anonymous remailers politically acceptable.
 
But the idea doesn't generalize well to anonymous posting, except to do 
as Johan has done and forbid posting to certain newsgroups (sci.*, 
news.*, I'm not sure what else).  This throws out the good postings 
along with the bad, though.
 
I think the bottom line is that it will be difficult to provide 
anonymous/pseudonymous postings in a way which won't elicit the kinds of 
strong objections Johan has been facing.  His controls are OK for now, 
but in the long run I think they won't work.
 
What would happen if Johan just started ignoring the objectors?  What if 
he stopped reading his mail for a while and left the service operating?  
Would his newsfeed eventually get cut off by Finnish authorities goaded 
into action by email complaints?  Are there ANY sites in the world which 
would be immune to such pressures?
 
I read that at the Hacker's Conference, the owner of Portal offered to 
run a remailer.  Would he be able to stand up to these pressures?  How 
about John Gilmore's machine?  He made a powerful argument recently that 
he was not subject to various restrictions.  Would it be possible to run 
a remailer there, perhaps based on Johan's code, which simply ignored 
complaints and allowed anonymous postings to all groups?
 
Hal Finney