1994-02-09 - Netcom remailers.

Header Data

From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: a06c5077b0dfb4b502325bec65c5cd3aa6abcdc70f8b14166c70cd9a90fa615e
Message ID: <9402091544.AA03932@ah.com>
Reply To: <199402090752.XAA09584@mail.netcom.com>
UTC Datetime: 1994-02-09 15:52:22 UTC
Raw Date: Wed, 9 Feb 94 07:52:22 PST

Raw message

From: hughes@ah.com (Eric Hughes)
Date: Wed, 9 Feb 94 07:52:22 PST
To: cypherpunks@toad.com
Subject: Netcom remailers.
In-Reply-To: <199402090752.XAA09584@mail.netcom.com>
Message-ID: <9402091544.AA03932@ah.com>
MIME-Version: 1.0
Content-Type: text/plain


[Increasingly rant-like towards the end--ed.]

>Sure would be nice if I could
>fully forge e-mail as coming from "nobody@nowhere.org". Alternatively I
>could just keep logs. Or I could just never log into qwerty again, and see
>how long it lasts ;-)! Hit and run remailer accounts.

The remailers already partially forge mail by not using the correct
"From:" in the header.  That's why they contacted netcom mgmt instead
of you, because your name didn't appear in the mail.  (Well, maybe in
the out of band info).

The problem is that every time you use the standard SMTP mechanism to
get mail into a machine (regardless of where it comes from) 1. a log
entry gets made on the receiving machine, and 2. a Received: field
gets put in the header which contains the name of the originating
machine.  So to forge mail you have to first send mail to someone who
doesn't log and who doesn't put Received: fields in.

The upshot is that if you use Internet mail, you're stuck with this.
If you want to send mail to people who only use Internet mail, then
you're also stuck.

It is certainly possible to use non-standard mail delivery services
(they'd have to be written, even if lots of existing code could be
moved) but the final leg of delivery to a standard Internet mailer is
going to make a logfile entry and put in a Received: field.  So you're
right back where you started.

Tough.  That's the way it is.  You want an network anonymous at the
hardware level, go read some sci-fi.

Putting the remailer hack on top of existing delivery mechanisms is
more interesting than a custom system, in many ways, because the
existing system, experimental as it is, has the capacity to reach far
more people than a custom system would.

In a wide area system which is not private by default, one way of
getting privacy is to get someone else to put their name on it.
That's what the remailers do.  I call this "proxy privacy".  If A
sends anonymous mail, B stands in A's place as the technical sender of
that mail; B is proxy for A.

So whine, whine, somebody complained.  The last hop, final delivery,
for a remailer system is always going to come from some proxy.  To
send to arbitrary addresses, there _must_ be a proxy.  Perhaps you
wouldn't mind sending to other remailers, but just not to general
public.

And so you want to do good at no risk.  "Maybe someone will find out,
maybe I'll get in trouble".  Sure anarchy is for sale, and you're
buying it with the peace of mind from your good works, a semiotic coin
purchasing relief of bad feelings, rather than donating your risk and
exposure.

>Centralized remailers on the internet. Bah!

Can you name any other network that has so much email connectivity
than the Internet?  Hmm?

Compuserve, attmail, mcimail, delphi, aol, prodigy?  They all use the
internet as their gateway to non-customers.

BITNET?  UUCP?

Fido?  As anarchist as Fido is, it's only 20K-25K machine, a fraction
of the internet size.

Netware mail?  Any of the LAN delivery services for PC's or Macs?
These people haven't even discovered wide area networking for the most
part.

Look, Netware bought USL recently.  The most successful PC networking
company (one of Microsoft's only serious system-level competitors)
purchased one of the two major branches of Unix.  Can you guess why?
Wide area networking.  It already works--it _is_ the Internet.
Netware is a LAN protocol; your mail won't leave the building.  And
fat lot of anonymity you're going to get there.

Yeah, the internet technology is changing.  ATM is coming.  And guess
what?  People are already implementing internet protocols on top of
it.  The Internet is an idea implemented in software that can run, by
design, on most any 2-way communications technology.  Resilience by
design.

And you think the Internet isn't where it's at.

Feh.


Eric





Thread