Quoting Spencer Dawkins <spencer(_at_)mcsr-labs(_dot_)org>:
[deleted down to]
Anonymous transmission is indeed a feature of our current systems,
not a bug. Any new system or authentication layer on top of what
already exists needs to maintain that.
As I understand it, most of the proposals of that nature are about
tying messages to a specific e-mail address. Just because you can trace a
message back to a certain address does not necessarily mean you can
identify the human being who sent it.
Ya know, I understand what you're saying, but (1) we're going
through an IPv6 exercise to say "well, maybe MAC addresses
are too closely tied to people to use them as part of
autoconfigured IPv6 addresses"
That's an interesting point in itself. Tracing a MAC address (or an IPv6
address derived from one) could allow an eavesdropper to trace traffic from
multiple connection sessions (over a period of time) back to a single network
interface.
Of course there still isn't necessarily a one-to-one mapping between a network
interface and a human being. NAT gateways can hide many machines and people
behind them, and of course even a single machine may have multiple people who
log on and use it.
The shortage of IPv4 addresses has lead to mechanisms like DHCP and NAT, both
of which can provide limited levels of privacy... This issue intrigues me a lot
but I won't say too much else about it here for fear of getting wildly off-
topic.
(2) for most users of
personal computers, saying "someone else must have broken
into my house and sent all this child porn from my PC" has not
been observed to work very well, and (3) in order to say
"IP addresses != people", you would need dynamic IP
addresses that don't tie to NAIs, etc. - I believe all the IP
addresses I use for POP3/SMTP can be traced back to
me pretty easily... if I was a charter member of al Queda
I'd be more motivated to hide, but I don't think anonymous
POP3/SMTP is as easy as you're making it sound.
Well, maybe I glibly made it sound easy. My example deliberately bypassed the
need for POP3 by using a webmail interface to access a mailbox that way.
My point was simply that, whatever new e-mail system is developed in future, if
access to it can be proxied in some way (via a web interface or otherwise) then
IP address tracing would turn up at a dead end.
We should of course consider privacy as a requirement, but one needn't define
it as an explicit part of a new e-mail system provided some external anonymity
protection method is compatible with it - or at least new ideas shouldn't
preclude some kind of anonymity even if they don't actually define a mechanism
for it.
By "anonymous", I'm talking about two-way communication -
more than just sending an e-mail from Bill Gates saying "I'm
really excited about this quarter's earnings prospects". Simple
forgery is, of course, a variant of one-way anonymous communication.
That's a good reminder, thanks for that.
OK, suppose there were a tracked, secure version of Hotmail (say) whose
messages could always be traced back to my Hotmail e-mail address, I could
still use an anonymous web proxy service to both send and receive messages on
that account.
That way, if I sent spam, my account could still be closed by MSN for violation
of their abuse policy. But anyone with a personal or political grudge against
me would not be able to trace the e-mail address to me as an individual.
Would that work? (Once again I assume that I would lie to Hotmail about any
personal details they ask for, since it would be difficult for them to check at
the time of sign-up)
I do take your point about the ease of setting this up. However it would create
a nice market for companies to provide proxying to common webmail services.
They could let me log in at their website and proxy on my behalf to Hotmail (or
whoever), passing the results back to my browser. To average Joe Public it
could be made very easy to use by being almost totally transparent and it would
make a nice business opportunity for companies to rent such services to people.
Now, this is fairly true, but is anonymity via webmail sufficient?
It's difficult to say. On the technical side, with only access to the IP
address of my proxy and my message itself it might still be possible to
identify me by my apparent relationship with those I contact. Then again, it
might still be possible to do so if I wrote a letter to someone.
If I were really paranoid I'd use something like public key cryptography and
send my messages that way. Whether webmail companies would provide that service
for free is another matter. Certainly having a protocol which sends e-mail over
encrypted connections between MTAs might help stop eavesdroppers en route from
intercepting my message. The technology to do that is readily available.
One issue is that if courts could order anonymiser services to surrender their
logs then that might be a problem. However jurisdiction would likely rest with
the country in which the server is based. Indeed, some countries might do a
nice trade in off-shore privacy proxies (just as Switzerland does with banking
privacy). I'm not a lawyer however, so I'll leave it to the legal experts to
determine the risks of that one.
Is any of this helpful? Personally I'll always be paranoid about communications
privacy, but I happen to believe that low-level paranoia is a survival skill. :-
)
Andrew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg