From: nobody@REPLAY.COM (Anonymous)
To: remailer-operators@anon.lcs.mit.edu
Message Hash: 0be64e248100dcecb26ca8e4d7d67d606307bdb30b63bd52c710963dcc8f527c
Message ID: <199711121408.PAA07532@basement.replay.com>
Reply To: N/A
UTC Datetime: 1997-11-12 14:51:32 UTC
Raw Date: Wed, 12 Nov 1997 22:51:32 +0800
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 12 Nov 1997 22:51:32 +0800
To: remailer-operators@anon.lcs.mit.edu
Subject: NoneRe: Databasix conspiracy theories
Message-ID: <199711121408.PAA07532@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain
Andy Dustman <andy@neptune.chem.uga.edu> wrote:
> > Maybe the next time Gary, Linda, or Paul send a remailer operator a
> > complaint, the operator will know what to expect next.
>
> I did get one complaint from Gary Burnore about stuff being sent directly
> to him. He wasn't a jerk about it, and I haven't heard a peep out of him
> since.
Jeff Burchell's systems, Mailmasher and Huge Cajones, seemed to bear the
brunt of the wrath and attacks by Gary Burnore and his associates Billy
McClatchie (aka "Wotan") and Belinda Bryan. Perhaps that's because they
were most often utilized by one or more of his detractors in posting public
criticism about the tactics of himself, his company, and his associates.
> > thing that's not so random is the high percentage of words that are
> > related to DataBasix, such as "DataBasix", "Burnore", and "Wotan". I'm
> > almost waiting for Gary Burnore to give the remailer and mail2news
> > operators a "helpful" suggestion that they could curb most of this
> > "abuse" by simply blocking any anonymous posts containing any of those
> > three keywords. <g> Or perhaps he's done so and politely been turned
> > down.
>
> He's never asked us, at least. Although, when spam-baiting started hot and
> heavy this summer, another Databasix employee did suggest that his address
> should not appear in posts. I made it quite clear we don't check for
> specific names, words, or addresses, and that he was a legitimate topic of
> discussion. Never heard back after that, and this was several months ago.
IMO, that's a good policy. In fact, the best strategy seems to be to have a
plan in place before starting a remailer so that when attacks and/or demands
come in, the operator will have already decided what responses are appropriate
and what aren't. To fail to do that is to leave one's system open to
"designer abuse" where a certain kind of fabricated abuse implies a certain
"cure", which is exactly why the abuser did it in the first place. For
example, if someone comes along and starts spamming newsgroups, seemingly at
random, and the common thread seems to be that each of the spams mentions
Gary Burnore or DataBasix, the "obvious" solution would seem to be block all
posts which include the keywords "Burnore" or "DataBasix". By doing that, you
stop the abuse -- as well as effectively censoring any anonymous criticism of
Gary Burnore and DataBasix. It's not hard to figure out the motives behind
such actions.
> > Perhaps the next wave of attacks on remailers will not consist of
> > attempts to shut them down altogether but to progressively cripple them
> > by getting certain features disabled, one by one. This seems to have
> > already started. The strategy seems to be to fabricate a form of
> > "abuse", anonymously through remailers, for which the seemingly
> > "logical" solution is to disable a certain feature. This has already
> > proven successful with header pasting, for example. Now you can't post
> > to Usenet and set the From: address to that of your own 'nym.
>
> If you really want the post to have the From: address of your nym, send
> the post with your nym and not with the remailer as the last hop. The
> point of anonymous remailers is to be anonymous. If you want to use a
> psuedonym, use a nymserver.
If I remember correctly, the documentation for at least one of the nymservers
suggested that posting through a remailer and pasting in the return address
would be quicker and impose less burden on the server than having to process
each outgoing message through the server.
> > If the "camel" can get his nose under the tent and convince operators
> > to start filtering on the *CONTENT* of the Subject: line or body of
> > usenet posts, the anti-privacy nuts will have scored a major victory.
> > In fact, from reading Jeff Burchell's posts, it looks like Gary and his
> > DataBasux-ers had initially convinced Jeff to do exactly that. But, in
> > a symbolic victory for freedom of speech, he removed those filters for a
> > week before he finally shut down Huge Cajones altogether.
>
> Cracker does have a spam-bait mangler which is somewhat simpler than the
> scheme Jeff used. In a nutshell, if there are an inordinately large number
> of addresses (compared to other text), the addresses are mangled, i.e.,
> president@whitehouse.gov becomes president <AT> whitehouse <DOT> gov.
> Still human-readable but useless for address harvesters. No posts get
> dropped or filtered out under this scheme, and no keywords or particular
> addresses are looked for.
I'm not sure that even that is a wise precedent to set. In itself it seems
innocuous enough, but it could always lead to a demand, "Well, you already
mangle e-mail addresses contained in the bodies of posts, so why not also
alter the contents of posts in the following way..."
Also, I hope that your mangler is smart enough to distinguish e-mail addresses
from lists of Usenet message IDs, since a list of such references should be
perfectly valid in the body of a post. The problem with destroying machine
readability of e-mail addresses is that many newsreaders will turn an e-mail
address into a hot link where one could simply click on it to send e-mail. If
someone were to anonymously post a message in support of or in opposition to
a certain piece of legislation, and include a list of the e-mail addresses of
the Congress-critters on a certain committee considering that bill, such a
scheme might defeat the purpose of the list. IMO, anything that makes posting
via a remailer less functional than doing so non-anonymously is ultimately
detrimental to the cause of privacy.
BTW, is there any evidence to indicate that anyone is really harvesting e-mail
addresses from the BODIES of Usenet posts? Gary Burnore posts his flames quite
widely, so it's quite likely that any bulk e-mailing lists he's on is the
result of his (non-mangled) e-mail address being in the From: line of his own
posts.
Perhaps the ultimate reality check is whether someone is seeking to impose a
standard on remailers that's stricter than the one imposed on the phone company
or the postal service. I can drop some coins in a pay phone and call anyone at
any time. The functionality of a public phone is not restricted merely because
the users are not identified. Similarly, I can drop a letter in a public mailbox
without anyone verifying my identity. No return address is required. Or I can
write in a return address and nobody will check whether it's "genuine" or
"forged". It would be ludicrous, for example, for someone who had received a
couple of crank phone calls from payphones to demand that the phone company
either totally prevent this abuse from ever happening again or else remove all of
its pay phones! And yet those are exactly the demands that anti-privacy zealots
have made on remailers, and often they've succeeded.
Should one's willingness to broadcast his/her name and e-mail address
indiscriminately to a WORLDWIDE newsgroup be a prerequisite for one to express
one's views? Is that not tantamount to saying that one cannot walk down the
street without wearing a badge containing his name, address, and phone number for
all to read? Or should one's name and e-mail address be considered his property
to be divulged only if and when he chooses?
--
Without censorship, things can get terribly confused in the public mind.
-- General William Westmoreland
Return to November 1997
Return to “nobody@REPLAY.COM (Anonymous)”