From: gturk@concentric.net
Date: Tue, 23 Sep 1997 04:53:03 +0800
To: phelix@vallnet.com
Subject: Re: The politics of problem playing with our constitutional rights
In-Reply-To: <3429560f.30622794@128.2.84.191>
Message-ID: <3.0.3.32.19970922164300.0091ca10@pop3.concentric.net>
MIME-Version: 1.0
Content-Type: text/plain



At 11:28 AM 9/22/97 GMT, phelix@vallnet.com wrote:

>On 22 Sep 1997 02:32:12 -0500, Alan <alan@ctrl-alt-del.com> wrote:

>>Mail is another hole.  Eudora now distributes PGP 5.0 with the latest
>>version.  (This version does not do RSA keys. You can get the plug in to do
>>those keys from PGP inc.)  This is helpful, but there are many other
>>plug-ins that need to be written.  Support for remailers is lacking.
>>Windows based code for Mixmaster is also a needed thing.  A good interface
>>would help immensely.  (Private Idaho was a big step in the right
>>direction. Integrated with a remailer people already use would be another
>>big step forward.)

>Agreed.  I think Remailer support could be a big opportunity.  People may
>not understand/care-about encryption, digital signing, etc., but they
>definitely understand the need for anonymity.

Give the people what they want.

>Question:  If a free remailer plugin for eudora is released, can the
>remailers handle the increased load?  Are there enough remailers?
>People will not tolerate more than a 24 hour delay for getting their
>messages delivers.  What about spamming?  

Use hashcash, or even better, digital cash of your chosen currency.

It costs 32 cents to mail a first class letter.  Is it worth paying that to 
send an anonymous email through a chain of a dozen remailers using a Eudora 
plug-in, or a java applet?  For some people it is, if it's made easy to do.

If a thousand people used it each day, that would mean $320 every 24 hours, 
or $116,800 a year to be divided up amongst the 12 remailer operators.  
Similar possibilities exist for remailer pinging services and nymservers.

>>I am sure that people can think of all sorts of other ideas for needed
>>apps.  But to make them usable for the "general public", the apps will be
>>needed to be written for Windows.  (As much as I hate to think about it...)

Why not rewrite Windows?  Call it Secured Windows (or S/Win).  Features 
might include:
	- no swapfile, or at least one that is securely deleted each
	  time the system is shut down
	- automatically overwrite __ times when deleting information
	  from the hard drive
	- digital cash wallet app
	- S/WAN or SSH-type access to ISP
	- library of different encryption apps, including an easy way
	  to quickly encrypt all sensitive files

Initially S/Win would be useful for emerging ecommerce businesses, and also 
companies and individuals handling sensitive data (i.e., accountants, 
lawyers, etc.).  As ecommerce begins to evolve, people doing high-value 
transactions (like buying stocks and other financial instruments) will want 
to know they aren't getting bogus stock ticker prices (a la IP-spoofing) so
they don't unintentionally "sell the farm" at the wrong moment.

Maybe it's a crazy idea to rewrite Windows, but seeing as so many people are 
familiar with it already, why not make it more useful/better/secure?  

When the majority of computer owners realize that their emoney transactions 
can be compromised on an unsecure platform like Windows, they will demand a 
"product" like S/Win.  After all, what good is your personal Verisign 
certificate (a public key) -- not to mention SET -- if the corresponding 
signing/authentication (secret) key can be swiped off your computer by a 
malicious Active X control along with the keystroke sequence of your 
passphrase?

-g

"It sucks being a control freak during an information revolution."