From: nobody@soda.berkeley.eduhfinney@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 029186b92061f9bd2977053458096872607003a4b23703e168e840d7b6d5e67a
Message ID: <9310171819.AA21961@soda.berkeley.edu>
Reply To: N/A
UTC Datetime: 1993-10-17 21:00:47 UTC
Raw Date: Sun, 17 Oct 93 14:00:47 PDT
From: nobody@soda.berkeley.eduhfinney@shell.portal.com
Date: Sun, 17 Oct 93 14:00:47 PDT
To: cypherpunks@toad.com
Subject: Problems of anonymous posts
Message-ID: <9310171819.AA21961@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
(This is from Hal; I still can't post from Portal.)
After going to enormous efforts to create a network of anonymous remailers,
we are hoist by our own petard, as our list receives strange, irrelevant,
and argumentative posts through our own anonymous remailers. (Not all
anonymous posts are like this, but there have been quite a few in the last
few weeks which fall into these categories.)
This should challenge us to reconsider the value of anonymity and remailers.
Are we working only to make the net safe for the immature and incoherent?
I would say not, but these posts should remind us of how incomplete is the
infrastructure needed for successful use of anonymity.
A brief recap of the benefits of anonymous mail: presently, on the net,
all mail is tagged with the sender and destination. This means that not
only the recipient, but any net snoopers and sysops at systems through
which the mail passes, may be able to know that person A is sending mail
to person B. This kind of information can be used to build up dossiers
of who talks to whom.
Worse, as we move into an era of electronic commerce, more and more of our
lives may begin to take place on the net. We may shop, find entertainment,
do business, even work for a living across the network. This will open up
even more opportunities for collecting data about how we live our lives.
In my opinion, the best way to preserve our privacy is to make it impossible
to collect this data. Anonymous remailers, and their cousins, IP bouncers
(which perform an analogous function for telnet-type connections), can
prevent the collection of this kind of information by hiding exactly who is
communicating with whom. These services can serve as the basis for the
other privacy-protecting technologies we've been discussing, such as digital
cash. There's not much point in using digital cash to prevent tieing
customers to vendors if monitoring the net will provide that information
anyway.
This isn't just a futuristic concern, either. Already today the government
is taking steps which could, under some not-so-far-fetched extrapolations,
get people on the list in trouble. Many people on this list have communicated
with Phil Zimmermann, for example. What if email logs were used to track
all those people down, and they became suspects in this criminal investigation
that the government seems to be pursuing?
It's not even impossible that the government could someday try to paint the
cypherpunks themselves as a subversive organization. Think how much more
difficult any such diabolical attack would be if people subscribed to the
list via remailers, under digital pseudonyms. These days, with the shaky
legal status of cryptography, we of all people should be able to see the
benefits of anonymous communication.
The problem is, then, how to gain the benefits of anonymity, while avoiding
the abuses. One solution which we have long discussed is reputations and
pseudonyms; another is making people pay to use remailers.
The way reputations work is that people would digitally sign their anonymous
postings. This way someone could post anonymously and build up a reputation
by means of a series of postings signed under the same name. As time went
on, they would no more want to damage the reputation of their pseudonym
than they would want to damage their reputation under non-anonymous posting.
To make this work, people need to be able to easily filter their mail
on the basis of the pseudonym it came from, rather than the (irrelevant)
anonymous remailer which sent it. Then they can choose to accept and read
mail from anonymous posters who have built up a good reputation while
ignoring that from those who have ruined their good (pseudo) name.
Karl Barrus has done some experiments along these lines. He described
some time back a system he had for working with the elm mail reader,
one of the most common Unix-based mail agents. The software will display
the true originator of PGP-signed posts (anonymous or not). This allows
readers to apply the same standards to signed anonymous mail as to regular
mail. It raises anonymous posters to the same level, and holds them to
the same standards, as other posters. This software could allow anonymous
posters to build up their reputations, encouraging more responsibility on
their part.
The other solution, pay-for-use remailers, has also been pioneered by
Karl. His idea is to make the remailer a little harder to use by forcing
the user to include some digital postage (based, I think, on what Tim May
called "poor man's postage stamps"). This could help reduce the volume
of anonymous mail and make it less likely that joke or trivial messages
would be posted. (We could even consider applying Karl's approach to
the list as a whole; people would have to apply ahead of time for posting
tokens in order to post. This might force people to take a little more
care and time in their postings.)
I don't think Karl's efforts have been sufficiently appreciated here.
He is quietly working to create the tools needed to allow anonymity to
be a useful and important part of the net architecture rather than the
annoying sideshow that it sometimes seems to be becoming. We need to
support Karl, work to bring his innovations into other remailers and other
mail agents, if we want to gain the benefits from what we have done so far.
Hal Finney
hfinney@shell.portal.com
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLMFf3qgTA69YIUw3AQEp9QP/UyEvuQgM6GKiKdkZtHJw4/NhMwQDihrs
2D8weSeUQpKHPpxEnXiDEG6qswI0B4auq+hK3EDYIzccA6c6/+0Xa7SzESsujtjs
VDRY7BNphAQ8ix6vd4Ti2vuk8sWa7IHasuAF+UytJrUXPaMbJgH1u/84M9HstA4t
kNQ3venrgh4=
=CFWw
-----END PGP SIGNATURE-----
Return to October 1993
Return to ““Robert J. Woodhead” <trebor@foretune.co.jp>”