1996-01-17 - mailbombing and anonymity – inseparable

Header Data

From: Bryce <wilcoxb@nagina.cs.colorado.edu>
To: jpb@miamisci.org (Joe Block)
Message Hash: c095fe7919fcaea6c17074e2ad00ff7eacc7d4cc3502e9261e15be4a53ad6024
Message ID: <199601152251.PAA07589@nagina.cs.colorado.edu>
Reply To: <v01520c02ad1f92382586@[199.227.1.218]>
UTC Datetime: 1996-01-17 17:37:19 UTC
Raw Date: Thu, 18 Jan 1996 01:37:19 +0800

Raw message

From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Thu, 18 Jan 1996 01:37:19 +0800
To: jpb@miamisci.org (Joe Block)
Subject: mailbombing and anonymity -- inseparable
In-Reply-To: <v01520c02ad1f92382586@[199.227.1.218]>
Message-ID: <199601152251.PAA07589@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 I wrote:
>
> In fact, it is *in general* impossible to have both
> anonymity and prevention/control of mail-bombing.  Of course
> digital postage will help the problem somewhat by making the
> bombers pay for it, and smarter filters on the recipient's end
> will help, but in general it is a problem we are going to have
> to live with if we want anonymity.
 
 
 An entity calling itself Joe Block allegedly wrote:
>
> Impossible is an awfully strong word.
 
 
Indeed.  And I would be delighted (sort of) if someone could
show me how my assertion above is incorrect.
 
 
> If I was going to implement free digital stamps, I'd have a autoreply
> daemon (stamps@remailer.com) that when sent a mail, would respond with X
> number of valid stamps.
 
 
<snip>


Look I don't actually understand how remailers are currently
implemented, but for the purpose of this discussion it doesn't
matter.  Any sequence of steps that a legitimate correspondant
can use to send a letter a mailbomber can use to send an 
e-mailbomb.


Now you can make the sequence of steps more complex in the 
hope of weeding out the less technically competent mailbombers,
but this is a weak solution which will also make remailnet even
more inaccessible to the barely technically competent people
who make up the vast majority of e-mail users.


Look at it this way.  How can one ensure that one receives only
the kind of e-mail that one likes?  I can think of only 3 ways:


1.  Discriminate based on content.  (killfiles, etc.)
2.  Discriminate based on authorship.  (PGP sigs, reputations,
etc.)
3.  Retaliate against those who send you mail that you didn't
want.  (mail-bombing, reputation-trashing, social or legal
penalties, violence, assassination, etc.)



Now unconditional anonymity (or even "Pretty Good" anonymity a
la cpunks remailers) does away with option #3, right?  (I take 
a moment to note that this is precisely *why* we advocate
anonymity in the first place...)


So that leaves us with option #1 and option #2.  It is
impossible for current computers to reliably identify for us
whether a given e-mail message is junk mail or not.  (I take a
moment to note that when it becomes possible for computers to do
so we will probably have bigger things to worry about...)
  *But* there is a lot that done with regard to discrimination
based on content.  First there's the obvious stuff-- killfiling
topics and keywords (like "NSA" and "ITAR" on cpunks...) and
splitting messages into different folders based on which list
they are from-- and then what about this idea:  someday people 
will include a few micro-dollars in their messages to encourage 
you to read them.  Now that would be interesing.


Now the schemes that I have seen aired here about how to
prevent these kinds of distributed e-mailbombs generally
focussed on a rough version of option #1-- just discriminate
against multiple copies of the same content.  That's fine
(although some of my friends who are always sending me the same
jokes might get left out in the cold...) but you have to realize
that it is a weak fix that can be easily overcome by a
technically sophisticated attacker.


Also I think all such things should be done on the user's end.
I would thank *my* anonymous remailers to let me and my computer
decide what mail to trash.


Of course as always people should pay as they go to send mail.
Thus no direct financial harm is done to the recipient (or even
a pecuniary bonus!  See above) and the remailers could probably 
make a profit off of mailbombers.


I'll leave option #2 alone.  No fresh ideas today.


Okay I've wandered, but to restate my main point mailbombing 
and anonymity are *in general* inseparable.  Just as harassment,
intimidation, blackmail, libel, copyright violations and other 
"information crimes" will be encouraged by anonymity.  Get used
to it, or else stop advocating anonymity.


Regards,

Bryce

PGP sig and clear-text timestamp follow


Mon Jan 15 15:46:21 MST 1996

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMPraYfWZSllhfG25AQGcZwP+L7DwXIksx1cNkqpUDxqlRcfsTw7bmRih
sB5Ib1QQOoP53R9XinFHWdvvrfWx/M5sIlnZ2CweOnGyL8MgpYA+5FBjfrDvkGm9
B1EOzHMsfc0rQBOzERFvque/Kg+ojkIsoCXcvu3K9XUPpBv4iGs7E/oBSkKYX0pC
1cg35pR7SaQ=
=m85b
-----END PGP SIGNATURE-----





Thread