At 09:52 PM 7/10/2003 +0100, Andrew Akehurst wrote:
Quoting Steve Schear <s(_dot_)schear(_at_)comcast(_dot_)net>:
> At 12:56 2003-07-03 +0000, Andrew Akehurst wrote:
>>I do take your point about the ease of setting this up. However it
>> would create a nice market for companies to provide proxying to common
>> webmail services.
>>
>> They could let me log in at their website and proxy on my behalf to
>> Hotmail (or whoever), passing the results back to my browser. To
>> average Joe Public it could be made very easy to use by being almost
>> totally transparent and it would make a nice business opportunity for
>> companies to rent such services to people.
> Its much more generalized and effective to just proxy all Web access,
> like Anonymizer and JAP.
True, but I'm not sure how comfortable the average user would be in twiddling
with their proxy settings. I suppose it depends how knowledgable they are,
and
different companies can always provide different types of proxying
service. It
depends what the market wants.
As long as whatever new e-mail system arises in future doesn't preclude the
possibility of protecting the sender's physical identity then that's fine.
Personally I'm deeply suspicious of anything that over-centralises (not just
because of privacy issues, but also due to the possibility of a central point
of attack/failure).
After all, as long as you can trace spam back to a definite e-mail account,
then all that needs to be done is to shut down or suspend that account. It's
not always necessary to know the identity of the human being who sent the
message in order to deal with their abuse of the system.
I suppose legal action against the individual might be a possible remedy in
cases of severe abuse, but then if spam were traceable via some "source
tracking component" this would discourage a lot of the abuse before it
occurs.
I'm sure there's lots of ways to arrange things which can still allow human
anonymity whilst preventing spam.
> > > Now, this is fairly true, but is anonymity via webmail sufficient?
... 8< ...
>> One issue is that if courts could order anonymiser services to
>> surrender their logs then that might be a problem.
> These services, like the mixmaster remailers, do not keep/generate
> logs.
Glad to hear it although I expect they need some level of logging to diagnose
problems with their system. However if they don't keep them for long or don't
log full message headers then that's probably OK.
On the subject of legal remedies, could a court document retention order be
used to force anonymiser companies to keep their logs? Even if it could
though,
I expect "off-shore" companies could dodge such orders due to lack of
jurisdiction? Again, I consider the parallel with Swiss banking
confidentiality. Of course I'm not a lawyer, so any legal insight would be
helpful here.
> There are many other net address obfuscation techniques. See
> http://gray-world.net for a good overview of tunneling, covert channels,
> network related steganographic methods.
The requirements document mentions the issue of anonymity
(https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg05084.html):
----snip------
2.14 Accountability and Anonymity
Proposals MUST address issues of accountability and anonymity
of MTS users, specifically message senders.
2.14.1 Rationale:
One of the most pernicious issues involving [spam] are related
to accountability of the [spammers] who provide invalid or
simulated information in order to "game the system" provided by
the current MTS. Designers MUST describe the issues of
accountability addressed by their proposal. Message
origination and message formatting forgery must be considered
in designs, an optimal design would allow tracing of messages
to the sending person, organization and/or system.
Additionally, there is just cause for preserving sender
anonymity and supporting the use of appropriate 'anonymization'
services that currently exist. Designers must consider the
impact of accountability by a proposal on these systems and
address the issues related to preserving anonymity for
[legitimate] uses.
----snip------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg