From: Hal <74076.1041@CompuServe.COM>
To: <cypherpunks@toad.com>
Message Hash: 9a65273604f7c2220f971fdd12f1db61ec907b082315bfc4a6023735f14d11c0
Message ID: <93022617322274076.1041_DHJ72-1@CompuServe.COM>
Reply To: _N/A
UTC Datetime: 1993-02-26 18:04:55 UTC
Raw Date: Fri, 26 Feb 93 10:04:55 PST
From: Hal <74076.1041@CompuServe.COM>
Date: Fri, 26 Feb 93 10:04:55 PST
To: <cypherpunks@toad.com>
Subject: Re: more ideas on anonymity
Message-ID: <930226173222_74076.1041_DHJ72-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain
I want to add to John Gilmore's point about the practical difficulty of
controlling anonymous postings and mailings if you are going to allow
them at all.
Johan is taking a very principled position by promising not to reveal
true identities behind the pseudonyms. Instead, he offers to warn
abusers, and if problems continue, to block their access to the service.
Unfortunately, as more remailer sites develop, this tactic may become
ineffective. It will be possible to chain remailers together in
different ways, so that the effect is that you can post through Johan's
system from many different addresses. With multiple remailers and
chaining there is no way for the final remailer in the chain to know
when two messages are coming from the same person.
This will mean that it will not, in practice, be possible to block
access for a given user.
We discussed this earlier in the context of anonymous email. I had
received a complaint from a young lady about receiving some offensive
anonymous mail through my remailer. (This story was resolved
surprisingly, BTW: it turned out that it was a joke message sent by a
good friend of hers, someone who knew one of the Cypherpunks and who
knew about the remailers. So she is no longer upset about the message
at all. But I didn't know this at the time.) Realizing that it would
not be practical to do source blocking, my suggestion was to implement
destination blocking: no mail from my remailer would go to this person.
Eric Messick expanded upon this idea recently so that only people who
had actually requested anonymous mail would receive it. (A variation
would be to first send a note to a person saying, "I have some anonymous
mail for you; please reply within 48 hours if you'd like to receive it,
otherwise it will be deleted.") Other variations upon this approach
could help to keep anonymous remailers politically acceptable.
But the idea doesn't generalize well to anonymous posting, except to do
as Johan has done and forbid posting to certain newsgroups (sci.*,
news.*, I'm not sure what else). This throws out the good postings
along with the bad, though.
I think the bottom line is that it will be difficult to provide
anonymous/pseudonymous postings in a way which won't elicit the kinds of
strong objections Johan has been facing. His controls are OK for now,
but in the long run I think they won't work.
What would happen if Johan just started ignoring the objectors? What if
he stopped reading his mail for a while and left the service operating?
Would his newsfeed eventually get cut off by Finnish authorities goaded
into action by email complaints? Are there ANY sites in the world which
would be immune to such pressures?
I read that at the Hacker's Conference, the owner of Portal offered to
run a remailer. Would he be able to stand up to these pressures? How
about John Gilmore's machine? He made a powerful argument recently that
he was not subject to various restrictions. Would it be possible to run
a remailer there, perhaps based on Johan's code, which simply ignored
complaints and allowed anonymous postings to all groups?
Hal Finney
Return to February 1993
Return to “Marc Horowitz <marc@MIT.EDU>”