-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brad Knowles writes:
At 2:25 PM -0400 2003/10/21, Denny Figuerres wrote:
Anonimity: as far as I am concerned if someone wants me to recive a
message they should be willing to identify them selves.
This does not mean you can not recive an email from an "unknown" party,
but it does mean that I should be able to read a valid
Email header that is not lying to me.
There are human rights workers around the world that have their
lives literally depending upon being able to send anonymous e-mail.
You will literally be responsible for the murder of tens, hundreds,
thousands, maybe millions of people, if you do not account for this
issue.
This is important, I agree.
But IMO, something like the PGP remailers and/or hushmail are the key
systems to support this form of free speech -- it should *not* be part of
the core SMTP protocol. Here's why:
As it stands, SMTP is *not* anonymous for such people. It takes a lot of
technical know-how to send an anonymous email that cannot be tracked to
your ISP, who then have your phone number in their call records. For
example, I know right away that your mail was sent by 216.194.225.101
at Wed, 22 Oct 2003 15:02:10 -0400. No matter what header data you
insert or remove, you can't hide that tracking data.
To avoid this, you may use open proxies. But for a whistleblower, this
still would not be safe, if there was enough law enforcement interest; an
authoritarian state would just have to sniff the unencrypted traffic going
*from* the source *to* the proxy to catch "troublemakers".
More likely, a sensible whistleblower would be using systems like
hushmail, Peekabooty, Freedom Network, and (if they're techie) the PGP
remailers network. (Most nowadays seem to use hushmail.)
These can be volume-throttled, do not provide spammable bandwidth, or use
CAPTCHAs, so they become useless for bulk mail spamming -- but remain
*very* useful for free speech, since they *are* fully encrypted and
*designed* for whistleblowing activity.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS
iD8DBQE/lt52QTcbUG5Y7woRAi9eAKCV2IQ687iSXnQxqJcmWhR863tNBwCeOT2z
0L2+xlsRMXqy9Fz+YS8qS9k=
=dPOm
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg