1997-01-03 - Cypherpunk Elitism and Spam Filters

Header Data

From: Alan Olsen <alan@ctrl-alt-del.com>
To: cypherpunks@toad.com
Message Hash: 157e2ad238996d9fbe1cb5be6dd507abd9693d4b00e82f5af3781425776fdb33
Message ID: <3.0.1.32.19970102222216.0068b54c@mail.teleport.com>
Reply To: N/A
UTC Datetime: 1997-01-03 06:24:02 UTC
Raw Date: Thu, 2 Jan 1997 22:24:02 -0800 (PST)

Raw message

From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Thu, 2 Jan 1997 22:24:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cypherpunk Elitism and Spam Filters
Message-ID: <3.0.1.32.19970102222216.0068b54c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I have been watching the debate on Cypherpunk Extremism, filtering spam,
and the like and have a few comments.

When Tim May claims that Cypherpunk solutions lead to elitism, he is more
correct than Vullis or any of his ilk are willing to realize.  The reasons
for this are out of implementation, not out of any ill-will or evil intent.
 It is because it requires special knowledge and/or software to be able to
implement the "solution(s)".  (Note that I am only aware of his comments
through quotes of his material.  I have blocked him at the procmail level,
so I cannot go back through trash and read the originals.  Probably a good
thing, as it keeps me from sinking to the level of flames and personal
attacks.  Attention Vullis revels in...)

I have watched the conversations on filtering and have seen few, if any,
methods that would be usable by a poster of average experience without alot
of extra frustration and/or time involved.  For a filtering or posting
method to be useful (or used), it has to be uncumbersome to use, no matter
the platform.

Charging for posting is not (in my opinion) a good method because
conversions from real cash to e-cash are not very easy and/or available at
this time.  It would leave the posting to the "elite" who have connections
to e-cash acceptable to the list management.

Tokens are nice, but most plans for them make it a pain to post with any
sort of e-mail software.  (Cut and pasting a token will work for one or two
sites, but if a user posts to many lists, keeping track of all those tokens
could become quite a pain.  There is also the risk of people posting their
tokens for general use or the token being used to track anonymous posters.

PGP signatures are a solution, but not a very adequate one at this point.
Most  autosign software has one or two minor problems.  The first is that
they do not line wrap before signing the text.  This causes the sig to
break.  The second thing that people get bitten by is that some signing
software only takes the "default" key.  This means that, without special
effort, they are stuck with one key to use for signing.  (Which makes anon
postings a bit of a pain.)

The reason anon.penet.fi became as popular as it did is because it was
easier to use than the alternatives.

A solution that is difficult to use will be left to an "elite" to use.  (If
used at all.)

A good example of this is the PGP aware version of Majordomo.  The traffic
on one list using that software is little to none.  I believe that this is
because the "ante" to post is too high.  (It also has strange desires for
specific linefeed formats, as well as other things that make posting a chore.)

The "solution" to this is to design tools that make use of these things
usable, not only for the "elite", but for the rest of the user community.
(Or at least the upper 70-90%.  There has to be some level of knowledge for
entry into the game.  The difficulty is knowing where to set that "bar".)

Netscape is a good example of "transparent" crypto.  It has problems
though.  How many sites do you connect to that use SSL?  Damn few I will
bet.  How many encrypt everything, not just the "important stuff".  Next to
none.  Why?  Getting a secure server costs a fair chunk of change.  It is
possible to get one for "non-commercial use", but it is still going to cost
you a bit for the certificate needed to run the server. ($295 bucks and the
list of hoop to jump through.  Verisign usually wants you to be a corporate
entity.)  Any chance of a CPunk CA coming into existence any time soon?

A better chance for "transparent" security is with the IPSec FreeSwan
project.  How many of you out there are willing to put in the effort to get
it to work though?  It does have a pretty high cost in knowledge and
effort.  (It also seems to have some places that need work. Non-Unix
clients and sites feeding off of dynamic IPs are going to be a future
hurdle.)  It does have probability of making things a whole lot more
difficult for the busybodies at the various TLAs.  (The NSA krill nets will
no longer be as effective.)  Until the bugs are worked out, it will be an
"elitist" solution.  There is no escaping that.  (And since there are
people who would rather concentrate on personal feuds instead of technical
hurdles, it will probably remain one for alot longer.)

I would like to see alot less of the "elitist" solutions.  My reasons are
very plain.  Elitist solutions take far too much of my time to use.  They
do not have to be that way.

There are Cypherpunks doing work to make these tools more usable.  Most of
them are doing it in the background and not looking for the "glory".
Because of the self-centered ranting of a few, most of those who were the
strongest supporters of "Cypherpunk goals" no longer associate with the
list.  The ones who have my highest respect are those that have actually
done something to accomplish those goals, instead of writing
(semi-)anonymous flames and personal attacks against Tim May and/or John
Gilmore.  (I sometime what Vullis has done to promote privacy and security
for individuals.  His pissing in the list pool certainly has done nothing
positive that I have seen.)

[Note that I do not always agree with Tim May.  There have been many time I
have read his posts and wondered if he was indulging in chemical
recreation.  (And he has probably wondered the same about some of my posts.
 probably about this one...) Sometimes he is dead on and well worth
reading.  But his posts are at least thought out and lack the most of the
vitriol that some others on this list have been spitting.  Part of the
problem with reputation schemes is that humans are not always consistent.
Sometimes they do not fit into the "yes" or "no" boxes we try and stuff
them into.]

Those who are working towards "elitist" solutions are at least working
towards solutions.  I think people need to ask themselves what goals they
desire for themselves and what it will take to get there.  You don't need
to write code necessarily, but you do need to do something other than just
bitch and moan.

What have you done to support privacy today?

---
|   If you're not part of the solution, You're part of the precipitate.  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|





Thread