Quoting Steve Schear <s(_dot_)schear(_at_)comcast(_dot_)net>:
At 12:56 2003-07-03 +0000, Andrew Akehurst wrote:
I do take your point about the ease of setting this up. However it
would create a nice market for companies to provide proxying to common
webmail services.
They could let me log in at their website and proxy on my behalf to
Hotmail (or whoever), passing the results back to my browser. To
average Joe Public it could be made very easy to use by being almost
totally transparent and it would make a nice business opportunity for
companies to rent such services to people.
Its much more generalized and effective to just proxy all Web access,
like Anonymizer and JAP.
True, but I'm not sure how comfortable the average user would be in twiddling
with their proxy settings. I suppose it depends how knowledgable they are, and
different companies can always provide different types of proxying service. It
depends what the market wants.
As long as whatever new e-mail system arises in future doesn't preclude the
possibility of protecting the sender's physical identity then that's fine.
Personally I'm deeply suspicious of anything that over-centralises (not just
because of privacy issues, but also due to the possibility of a central point
of attack/failure).
After all, as long as you can trace spam back to a definite e-mail account,
then all that needs to be done is to shut down or suspend that account. It's
not always necessary to know the identity of the human being who sent the
message in order to deal with their abuse of the system.
I suppose legal action against the individual might be a possible remedy in
cases of severe abuse, but then if spam were traceable via some "source
tracking component" this would discourage a lot of the abuse before it occurs.
I'm sure there's lots of ways to arrange things which can still allow human
anonymity whilst preventing spam.
Now, this is fairly true, but is anonymity via webmail sufficient?
... 8< ...
One issue is that if courts could order anonymiser services to
surrender their logs then that might be a problem.
These services, like the mixmaster remailers, do not keep/generate
logs.
Glad to hear it although I expect they need some level of logging to diagnose
problems with their system. However if they don't keep them for long or don't
log full message headers then that's probably OK.
On the subject of legal remedies, could a court document retention order be
used to force anonymiser companies to keep their logs? Even if it could though,
I expect "off-shore" companies could dodge such orders due to lack of
jurisdiction? Again, I consider the parallel with Swiss banking
confidentiality. Of course I'm not a lawyer, so any legal insight would be
helpful here.
There are many other net address obfuscation techniques. See
http://gray-world.net for a good overview of tunneling, covert channels,
network related steganographic methods.
Fascinating. I feel a little less worried now, thanks.
Andrew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg