From: Mixmaster <mixmaster@remail.obscura.com>
To: m2n@alpha.jpunix.com
Message Hash: 80b53f18096b3425a815054a20bd2caaf12696d1263ece3732acc705d0d4e4c5
Message ID: <199711211531.HAA11593@sirius.infonex.com>
Reply To: <slrn66v7m2.gk.ichudov@manifold.algebra.com>
UTC Datetime: 1997-11-22 03:45:34 UTC
Raw Date: Sat, 22 Nov 1997 11:45:34 +0800
From: Mixmaster <mixmaster@remail.obscura.com>
Date: Sat, 22 Nov 1997 11:45:34 +0800
To: m2n@alpha.jpunix.com
Subject: Re: RESULT: comp.org.cauce passes 548:122
In-Reply-To: <slrn66v7m2.gk.ichudov@manifold.algebra.com>
Message-ID: <199711211531.HAA11593@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain
devin@premier1.net (Devin Ganger) wrote:
> : If an address points back to a real address, then it's not *ANONYMOUS*,
> : though.
>
> I think you're pushing an unrealistic and overlarge definition of
> anonymity here.
>
> Anonymous simply means that I don't know the real identity of the person,
> and that I have no easy way of ascertaining that knowledge. However, I
> can still deal with that anonymous persona *as* that anonymous persona.
>
> Two-way anonymous remailers fit that description.
So would a message through a TRUE anonymous remailer (not a nymserver) that
was PGP-signed with the same key used for other posts. In fact, it would
provide a more reliable correspondence between the post and its anonymous
author than relying on a mere From: address in the header. Yet the
proponents of the CAUCE proposal insisted on a repliable (and mailbombable,
spammable, etc.) address. Why?
> What you and others are talking about when you discuss anonymity is
> something far beyond that -- you're talking about a complete
> disassociation between the speakers and their words (or posts). Whether
> one calls that "privacy" or "irresponsibility" is a flamewar of a
> different color, and totally beside the point. It is a concept that
> certainly *contains* anonymity as a necessary pre-condition, but it goes
> far beyond the bounds of anonymity.
"Anononymous but traceable" is an oxymoron that necessarily depends on
trusting a person who "holds the secrets". The security of the
anon.penet.fi remailer, for example, depended upon the ability of its
operator to defend the security of its database against attacks from
powerful, censorious elements such as the "Church" of $cientology.
Ultimately, it was unable to do so and chose to shut down rather to
incur expensive litigation in defense of the privacy of its clients.
Not trusting such traceable schemes to protect one's privacy does not
"go far beyond the bounds of anonymity". Calling any such scheme true
anonymity is nothing but SNAKE OIL. The "fortress 'nym server" in which the
operator is not only personally trustworthy but also possesses the ability
to defend against any and all external attacks on the integrity of its
identifying database simply does not exist in the real world.
The fallacious assumption at work here seems to be that the validity of
an idea is somehow dependent on the identity of the messenger conveying
that idea. Thus, the notion of "2+2=4" may not be valid if the identity
of the person stating it cannot be verified. Personally, if I got a knock
on my door at 2 AM warning me that my house was on fire, I'd investigate
it, even I didn't know the person warning me.
> In this case, it seems that the *intent* behind the comp.org.cauce
> proposal was to allow anonymity in an environment that also allowed some
> level of accountability, which the total privacy thing necessarily
> lessens. And, again, whether or not the means they chose to pursue that
> intent were duplicitous or not is a flamewar for other days and
> newsgroups.
The fact that identification through a unique, non-forgeable PGP signature
on each post was rejected but a repliable e-mail address was accepted as
that form of "accountability" casts doubt on the true motives behind this
requirement, though.
Real world experience on the internet should teach any objective observer
that a repliable e-mail address is no guarantee of "accountability". The
presumption is apparently that any perceived misbehavior can be remedied
by either killfiling the person's e-mail address, or Net-copping the
individual and harassing his/her sysadmin into cancelling the account.
But how often have we seen Usenet spammers who can acquire new accounts
faster than the old ones can be killfiled or nuked?
--
Return to November 1997
Return to “Mixmaster <mixmaster@remail.obscura.com>”
Unknown thread root