Re: a few short notes

On Mon, 2 Feb 2004 10:30, Chuq Von Rospach wrote:

that's why I don't want anoymous operations at the mail-ng level.

It strikes me that you can achieve your chain of accountability solong as

anonymous actions are *explicitly* anonymous.

And if some site along the way compromises the accountability (i.e.,the spammer controls the man in the middle), you find yourself with afascinating quandary -- how to figure out who is compromised and how totrack them down.

anonymity is a serious problem here. think about it -- you're going tohave to remove all tracking information, all sourcing information, andall sender information. If you don't, you aren't really anonymous, justobfuscated. If, for instance, I know what site the message originatedon, you sure aren't anonymous, and in many cases you're now identified.anonymous(_at_)plaidworks(_dot_)com just isn't going to hide me very well.


Who manages this anonymity at the protocol level?

1) If it's the sender's machine, his anonymity ends as soon as a systemstarts adding tracking/trust information, and that information may wellleave enough hints behind to allow me to subjectively identify who thesender is, or at least come really close. That defeats the purpose.

2) If it's the receiver's machine, the sender is depending on thereceiving machine abiding by his request for anonymity. Hopefully, weall agree that's a non-starter, and if you don't understand why, pleasethink about it for a while (try this scenario: you send an anonymouspiece of hate mail to abuse(_at_)fbi(_dot_)gov, and expect them to respect youranonymity?)

3) some site in the middle? it's in control of neither party. Thesender can't depend on that middle site abiding by the request, and thereceiver may still get enough tracing information to backtrace to thesender's ID.

There is no safe way to embed anonymity down at the protocol levelwe're designing. That's why it needs to be at a higher level, aspecific service that accepts a message, scrubs it of identifyinginformation, and re-mails it under an identify owned by that service toguarantee anonymity.

Anything else makes assumptions about the reliability of the systemthat someone wanting anonymity shouldn't be making. It's faux anonymityif I can get close enough to you through tracing to guess whichdoorbell to push....

Your main problem is with falsified address information, not anonymous
senders.

Oh, I've had enough fun with anonymous remailers in the past that I canhonestly say that's not true. Well, true at the moment, but far fromforgotten.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: a few short notes, (continued) Re: a few short notes, Paul Crowley Re: a few short notes, Hector Santos Re: a few short notes, Iljitsch van Beijnum XML consideration. [Was Re: a few short notes], Hector Santos Re: a few short notes, Paul Smith Re: a few short notes, Chuq Von Rospach Re: a few short notes, Martin Duerst Re: a few short notes, James Seng Re: a few short notes, Paul Smith Re: a few short notes, Chuq Von Rospach Message not available Re: a few short notes, Chuq Von Rospach <= Anonymity, Jacob Palme Re: a few short notes, Martin Duerst Re: a few short notes, James Craig Burley Re: a few short notes, Jari Arkko Re: a few short notes, Eric A. Hall Re: a few short notes, Paul Smith Re: a few short notes, Chuq Von Rospach Re: a few short notes, Paul Smith Chains of trust vs. PKI, Paul Crowley Re: a few short notes, Eric A. Hall