From: tytso@ATHENA.MIT.EDU (Theodore Ts’o)
To: hughes@ah.com
Message Hash: 755e973d9c4242f20019487803da02733eb0510510ba9626b75f1fdab018bf05
Message ID: <9402150656.AA28719@tsx-11.MIT.EDU>
Reply To: <9402150456.AA21040@ah.com>
UTC Datetime: 1994-02-15 07:01:33 UTC
Raw Date: Mon, 14 Feb 94 23:01:33 PST
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
Date: Mon, 14 Feb 94 23:01:33 PST
To: hughes@ah.com
Subject: Re: Detweiler abuse again
In-Reply-To: <9402150456.AA21040@ah.com>
Message-ID: <9402150656.AA28719@tsx-11.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain
Date: Mon, 14 Feb 94 20:56:31 -0800
From: hughes@ah.com (Eric Hughes)
B. usenet abuse
The automatic broadcast property of Usenet is profoundly broken for
the long run, since there is no upper bound on the amount of resources
required. More immediately, this property also requires a 100%
completely distributed salience filter in all the posters for
newsgroup topicality to hold, that is, everybody has to stay on topic,
no exceptions. Please.
I've tried this argument before, but people weren't willing to believe
it back then. Maybe people will listen now. Reread the above paragraph,
and then read the following:
"This practice of people wandering about outside without bullet-proof
vests is profoundly broken for the long run. This property also
requires a 100% completely distributed responsibility of citizens not to
go on a shooting spree."
Yes, computer systems should be made more secure. I am quite sure that
Usenet will never be made secure; it is much more likely that someone
will create a new, better system which might eventually replace Usenet,
but the fundamental model of Usenet requires its insecurities, and
that's not going to change without massive, global software upgrades all
over the Usenet. That's not going to happen any time soon. In the
meantime, there's a certain thing known as community responsibility,
which rabid individualists may or may not choose to recognize.
In the long run, Usenet will have to move to some method of
distributed moderation before widespread distribution. Since salience
is determined by humans, humans will have to read messages before
transmission. The scale of distribution may be wide. One path of
development in support of remailers, therefore, has nothing to do with
remailers as such but rather with the re-creation of the public forum
which is suitable for anonymity.
In the long run, someone will have to come up with a replacement for
Usenet, that's actually *secure*. And while they're at it, they can fix
some other long-standing deficiencies with Usenet, as well.
In the short run, anonymous mail should not be posted to newsgroups by
parties unwilling to take the heat, both external flames and internal
guilt. The operators of remailers who don't wish this should acquire
lists of known mail-to-news gateways and then filter. The rest of the
operators may wish to install their own gateways in the remailer as
Eric Hollander has done.
In the short run, there's such a thing as net.responsibility (for those
remailer operators capable of feeling internal guilt on this issue).
And if that's not enough, there's the kiddy porn issue --- that's
probably the easiest way to shut a remailer down.
Heck, you don't even need to involve the Usenet. Just simply send a
uuencoded GIF file containing kiddy porn through a remailer chain, and
point it at president@whitehouse.gov. Then sit back and wait for the
last remailer in the chain to receive a visit from the secret service
agents....
Lance is, unfortunately, pointing out some huge, gaping holes in the
current architecture of the Cypherpunks remailers. It would be good if
they were fixed ASAP.
- Ted
Return to February 1994
Return to “tytso@ATHENA.MIT.EDU (Theodore Ts’o)”