1993-02-24 - dispatches from the front lines of anonymity

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: df2bf4fa3ad6288c68b1a881871edf2d0fad2d41d0a816890f95fd160dc543cd
Message ID: <9302240246.AA03185@soda.berkeley.edu>
Reply To: <9302232001.AA01786@longs.lance.colostate.edu>
UTC Datetime: 1993-02-24 02:49:18 UTC
Raw Date: Tue, 23 Feb 93 18:49:18 PST

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Tue, 23 Feb 93 18:49:18 PST
To: cypherpunks@toad.com
Subject: dispatches from the front lines of anonymity
In-Reply-To: <9302232001.AA01786@longs.lance.colostate.edu>
Message-ID: <9302240246.AA03185@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain

>Eric Hughes suggests an alt.whistleblower with localized anonymizing. I
>like this, but I don't see how NNTP provides it. Wouldn't every server
>have to be modified or upgraded to support anonymizing? 

In an already supported sense, yes.  As I understand it, when a
moderated group is created, an email address for the moderator is
propagated with it.  So every time a moderated group is created, every
server already is "modified".

But the anonymity does not take place in NNTP.  The news server mails
every posting to the moderator's address.  The header filtering take
place on that machine, unbeknowst to the original NNTP server.  I hear
that this mechanism didn't used to work reliably, but that it now
basically does.  Comments?

In addition, the direct mail address should be advertised
independently, so that those without easy access to Usenet news can
still use the system.

>[...] I think we will find that the people in charge of NNTP are
>looking for ways to increase authentication and validation mechanisms,

The way to forge a posting to alt.whistleblower would be to post with
your real address in it!  That's not exactly a positive feedback loop
for the outlaw.

> [...] a centralized moderator stripping addresses, [...]  is
>problematic because it is a single location with all the traffic

Granted.  Thus the need for a periodic posting stating exactly what
the security level of the system is.

>But I think the localized header-stripping is totally superior to all

Agreed.  That's why you publish the newsgroup entry point.  Then a
more sophisticated whistleblower could use a remailer chain to get to
the access point.