From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 185175ff6871736bf94e3d99d220d21a6da2616360b704ed92ab5d274a903478
Message ID: <9402150456.AA21040@ah.com>
Reply To: N/A
UTC Datetime: 1994-02-15 05:04:45 UTC
Raw Date: Mon, 14 Feb 94 21:04:45 PST
From: hughes@ah.com (Eric Hughes)
Date: Mon, 14 Feb 94 21:04:45 PST
To: cypherpunks@toad.com
Subject: Detweiler abuse again
Message-ID: <9402150456.AA21040@ah.com>
MIME-Version: 1.0
Content-Type: text/plain
My maxim for cases like Hal's monitoring of his remailer:
Strengthen all parties.
Therefore, we have two problems to solve. The user of the remailer
got his anonymity blown, and the usenet groups got abused.
A. User anonymity
It has become very clear to me that the opponent model of universal
network monitoring is not the first model that we should be deploying
for. This is the worst case, and the worst case is the hardest to
solve.
The opponent here was logging by the service provider, and the
technique was logging. We should ensure that we can defend against
this opponent and this technique.
Any email-based entry point into an anonymous messaging system will
contain an identity-based address. Yet an IP-based entry point will
only reveal the host. The lesson:
Remailers ought to run server daemons.
This has the happy side-effect of removing default email logging. It
also will allow for IP forwarders to have some reason for use and
development.
B. usenet abuse
The automatic broadcast property of Usenet is profoundly broken for
the long run, since there is no upper bound on the amount of resources
required. More immediately, this property also requires a 100%
completely distributed salience filter in all the posters for
newsgroup topicality to hold, that is, everybody has to stay on topic,
no exceptions. Please.
The feedback mechanism of bitching and moaning to sysadmins does not
scale, however, especially when nodes spring up dedicated to
technologically-enforced freedom of speech, nodes which completely
ignore any particularities of content.
In the long run, Usenet will have to move to some method of
distributed moderation before widespread distribution. Since salience
is determined by humans, humans will have to read messages before
transmission. The scale of distribution may be wide. One path of
development in support of remailers, therefore, has nothing to do with
remailers as such but rather with the re-creation of the public forum
which is suitable for anonymity.
In the short run, anonymous mail should not be posted to newsgroups by
parties unwilling to take the heat, both external flames and internal
guilt. The operators of remailers who don't wish this should acquire
lists of known mail-to-news gateways and then filter. The rest of the
operators may wish to install their own gateways in the remailer as
Eric Hollander has done.
Eric
Return to February 1994
Return to “tytso@ATHENA.MIT.EDU (Theodore Ts’o)”