From: daw@cs.berkeley.edu (David Wagner)
To: cypherpunks@toad.com
Message Hash: f4f12d3601999a8065b0a90f15a35a8c3d0825b6e9bc58d48a0f6f6741a64ffb
Message ID: <4rdm7p$2lm@joseph.cs.berkeley.edu>
Reply To: <adfe19830002100425c1@[205.199.118.202]>
UTC Datetime: 1996-07-03 14:52:40 UTC
Raw Date: Wed, 3 Jul 1996 22:52:40 +0800
From: daw@cs.berkeley.edu (David Wagner)
Date: Wed, 3 Jul 1996 22:52:40 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <adfe19830002100425c1@[205.199.118.202]>
Message-ID: <4rdm7p$2lm@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain
In article <adfe19830002100425c1@[205.199.118.202]>,
Timothy C. May <tcmay@got.net> wrote:
> I must be missing something....:
Nope! That would be..er..my fault. :-)
> I'm not following your "upload an article to the NNTP server." Don't most
> people use mail-to-News gateways to post anonymously? (If not, they should,
> of course.)
>
> This way, the posting of an article has the anonymity provided by the chain
> of remailers used to reach the terminal site, the mail-to-News gateway.
You are quite right. I was mixing my criticisms. My mistake.
A message pool provides only recipient anonymity, of course. For sender
anonymity (e.g. posting to a message pool), chaining is the right way to go.
> The posting is anonymous (within the usual limits we discuss here), and the
> reading is "pretty hard" to focus on, for several reasons:
>
> 1. Hard to gain access to local ISP without sending alerts out (it would be
> for my ISP, at least). This is admittedly not cryptographically
> interesting, but is a very real practical difficulty.
>
> 2. Many who browse alt.anonymous.messages probably "glance" at many of the
> oddly-named message pool messages. I know I do. Again, makes it a "needle
> in a haystack" to know which of several hundred folks who glanced at
> "ToBear" or "TheRealMessage"--assuming the NSA could ever identify these
> hundreds--is the real intended target.
>
> 3. And I recall that many have newsreaders which download _all_ messages in
> a newsgroup automatically. Again, this makes the pool of potential readers
> quite large and meaningless to try to track.
>
> The use of public posting areas for message pools (what I called "Democracy
> Walls" several years back) seems to me have several compelling advantages
> over "reply-block" approaches.
Good points, all of them.
I agree that public message pools seem to give far better security than
reply-block approaches. (Although the two can be combined: set up a nym
reply-block which just redirects traffic to alt.anonymous.messages; then
the reply-block is not security-critical, but does allow folks to contact
you by a simple email address.)
Jim Bell brought up the really nifty point that someday soon we may be
able to receive these message pools by satellite dish-- hurray for true
broadcasting! That would provide most excellent security (unless `they'
started requiring licenses, waiting periods, ... to own a dish-- unlikely).
I can't wait.
Another suggestion was to read alt.anonymous.messages by pointing the
anonymizer at it. This doesn't stand up to my threat model at all.
The anonymizer only provides you anonymity against a malicious server
who is trying to collect marketing information-- it doesn't protect
you against SIGINT folks eavesdropping on network links, performing
traffic analysis, etc. to trace back your access.
Now if we had pipe-net deployed :-), the idea might work...
Return to July 1996
Return to “tcmay@got.net (Timothy C. May)”