Re: Choate physics again

[Marcel Popescu]

X-Loop: openpgp.net
From: "Jim Choate" <[EMAIL PROTECTED]>

> It causes the photons emitted at the same time from the source to be
> received at different time, this interupts the ability of the receiver to
> correlate (i.e. verify coherence) them into a recognizable picture.

Huh? The photons from my TV screen arrive all at different times, and yet
the picture is pretty good :)

Mark

Re: Anonymous Remailers

[dmolnar]

On Tue, 3 Oct 2000, Steve Furlong wrote:

> cost might be a little extra electricity. No funding is necessary unless
> the usage is so high that my ISP bitches at me. Personal time involved
> in maintaining the system will, I hope, be low; if it's more than
> negligible I won't be able to do it. I can see the sense of running the
> plan past a lawyer, but why would there be a continuing expense in this
> area?

People will use your remailer to send spam and death threats. There may
even be people who will use your remailer to send spam and death threats
to themselves, simply because they hate remailers. The recipients will
contact you and your ISP. Repeatedly.

My impression from reading alt.privacy.anon-server is that for many ISPs,
it doesn't take too much of this before the ISP asks the remailer to
leave. It's not a question of legal liability so much as the spam and the
hassle. (An example of how life is lived mainly outside the law, though
maybe in view of it.)

You can implement spam-blocking filters on your remailer...but that's
another can of worms. 

-David

Re: CDR: Re: Niiice kitty....

[Ken Brown]

The quote it attributed to Clive Ponting's book on Churchill. So all
anyone has to do is check that. 
Ponting is a reasonably well-known author it should be possible to find
the book and check page 132. Whether Ponting was telling the truth is
another matter - but he isn't Chomsky.  

Nor is he a socialist of course. Chomsky is a left socialist anarchist
so JAD assumes that anything he says has to be a lie, with or without
evidence.

Ken

> If Churchill really said such a thing, we would have some source better
> than Chomsky for it, and if Churchill really did say it, Chomsky would have
> given us a source that was possible to verify.
>   4i2EZSRU++C5ilvvAmDcHPpIjAAdRwU9+ndWqhck2


> As Winston Churchill observed in a paper
> submitted to his Cabinet colleagues in January 1914, 

> "we are not a young people with an innocent record 
> and a scanty inheritance. We have engrossed to
> ourselves...an altogether disproportionate share
> of the wealth and traffic of the world. We have
> got all we want in territory, and our claim to 
> be left in the unmolested enjoyment of vast and
> splendid possessions, mainly acquired by violence,
> largely maintained by force, often seems
> less reasonable to others than to us." 

> To be sure, such honesty is rare in respectable 
> society, though the passage would be acceptable 
> without the italicized phrases, as Churchill 
> understood. He did make the paper public in the 
> 1920s, in The World Crisis, but with the offending 
> phrases removed.{Clive Ponting, Churchill
> (Sinclair-Stevenson 1994), 132.}

Re: CDR: A famine averted...

[Ken Brown]

Jim Choate wrote:

> Why in major disasters do prices go up, when it is clear this is contrary
> to the best interest of the market? 

Because markets have no interests, the participants in them do. The
argument is exactly the same as that advanced by biologists against the
idea of group selection.

NB in a real famine (as opposed to temporary shortages, which a place
like Belize can probably get through with less hassle than a richer more
efficient economy with all our "Just in Time" suppliers) food prices go
*down* at first... strange but true. It is due to farmers unloading
stock to get money in as quickly as they can. 

Ken

Re: CDR: Re: Anonymous Remailers

[Ryan McBride]

On Tue, 3 Oct 2000, dmolnar wrote:

> > but why would there be a continuing expense in this area?
> 
> People will use your remailer to send spam and death threats. 
> The recipients will contact you and your ISP. Repeatedly.

One of the ways to mitigate this risk is to set up your remailer in
middleman mode (at least in 2.9beta23). To quote from the installer: 

 Mixmaster can be installed in the low-maintenance 
 `middleman' mode. In that mode, it will send mail to 
 other remailers only, to avoid complaints about 
 anonymous messages.
  
Obviously this isn't a perfect solution, but it helps somewhat. It's what
I'm planning on doing until I can familiarize myself with the legal
ramifications of running an "open" remailer.

-Ryan

--
Ryan McBride - [EMAIL PROTECTED]
Systems Security Consultant
Countersiege Systems Corporation - http://www.countersiege.com

RE: Anonymous Remailers cpunk

[Trei, Peter]

> --
> From: dmolnar[SMTP:[EMAIL PROTECTED]]
> On Tue, 3 Oct 2000, Steve Furlong wrote:
> 
> > cost might be a little extra electricity. No funding is necessary unless
> > the usage is so high that my ISP bitches at me. Personal time involved
> > in maintaining the system will, I hope, be low; if it's more than
> > negligible I won't be able to do it. I can see the sense of running the
> > plan past a lawyer, but why would there be a continuing expense in this
> > area?
> 
> People will use your remailer to send spam and death threats. There may
> even be people who will use your remailer to send spam and death threats
> to themselves, simply because they hate remailers. The recipients will
> contact you and your ISP. Repeatedly.
> 
> My impression from reading alt.privacy.anon-server is that for many ISPs,
> it doesn't take too much of this before the ISP asks the remailer to
> leave. It's not a question of legal liability so much as the spam and the
> hassle. (An example of how life is lived mainly outside the law, though
> maybe in view of it.)
> 
> You can implement spam-blocking filters on your remailer...but that's
> another can of worms. 
> 
> -David
> 
[Warning in advance: I don't run a remailer, and never have, so what
follows could be labled uninformed speculation].

I would like to suggest that a remailer could eliminate nearly all it's 
problems by only sending out encrypted mails - that is, if after 
removing the encryption that was applied using it's own private
key, it finds that the result is plaintext, it simply drops the message.

This has some neat and useful properties.

* It eliminates spam. Spammers would have to encrypt each individual
message with the key of the recipient, which is too much hassle.

* It eliminates any possibility of the remailer knowing the content, which
alleiviates him/her of responsibility for that content. 

* The remailer still operates fine as a mid-chain remailer.

* All recipients need to have keypairs. They are thus at least somewhat
crypto-savvy people, and unlikely to place unreasonable requests on
the remailer or his/her ISP.

The only bad point:

* All recipients need to have key pairs. Thus, a crypto-only remailer 
can't be a terminal remailer to mailing lists, newsgroups, or 
individuals without keypairs.

Peter Trei



 

ANNC: GnuPG Keysigning Party HOWTO

[V. Alex Brennen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


I've written a small howto on holding a keysigning party
based on the use of GnuPG w/linux.

http://www.cryptnet.net/fdp/crypto/gpg-party.html

It's version 1.00, so feedback (comments, suggestions,
corrections) sent to me individually would be
appreciated.  The goal of the document was to help 
linux users gain familiarity with GnuPG, and encourage
them to hold keysigning parties. Some LUGs have started
holding keysigning parties at their meetings.  If you
are a linux user and in a LUG, I encourage you to
encourage your LUG to do the same.

- VAB

- ---
V. Alex Brennen  [[EMAIL PROTECTED]]
[ http://www.metanet.org/people/vab/ ]

"We all call mama earth our home.
  Respect her, protect her.
   Don't bite the hand - hand that feeds.
She bleeds by our greed.
 Yet still, she reseeds to meet our needs. 
  Do you hear her voice as she pleads?"

- Joules Graves, People of the Earth Tribe
  [ http://www.joulesgraves.com/ ]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE52ffR+pIJc5kqSz8RAkT7AKCm+Bqa6hJONpxIwv5mW/ZJmyWujACgm38v
zk3JA6jssNICn7Tj4t9e5eo=
=CVcc
-END PGP SIGNATURE-

Re: one time pad and random num gen

[Ray Dillinger]

On Tue, 3 Oct 2000, Kevin Elliott wrote:

>A 
>cryptographically strong PRNG would then be a PRNG with a very large 
>period and some way of reinjecting randomness to guarantee the device 
>never begins to recycle.
>-- 
>

Isn't that a misnomer though?  If randomness is reinjected to 
prevent the system from falling into a period, then it won't 
be possible to generate the same sequence of bits twice -- so 
you can't use such a system for a PSEUDO-random generator, in 
applications like a stream cipher or whatever.  Programs rely 
on the same sequence coming out of the same initial state with 
a PRNG -- otherwise things like stream ciphers can't be decrypted. 

What you describe above, I'd have termed an RNG - not a PRNG. 

Bear

Re: one time pad and random num gen

[Ray Dillinger]

On Tue, 3 Oct 2000, Kevin Elliott wrote:

>Actually if you can pull that off you've got yourself a darn fine 
>real random number generator- any PRNG has to have some period after 
>which it will begin to recycle (assuming no other randomness in 
>introduced into the system), in which case you just set i>the period 
>and read off future states using
>current state +1 = current state - period + 1.

True, but the period can be made such that the last star in 
the universe will die and grow cold first.  

If you have for example a 256-byte internal state, and your PRNG 
is a full permutation (ie, eventually every possible state is 
on the path of the "cycle") you don't really need to worry about 
it.

Bear

RE: Anonymous Remailers cpunk

[R. A. Hettinga]

At 10:48 AM -0400 on 10/3/00, Trei, Peter wrote:


> The only bad point:
>
> * All recipients need to have key pairs. Thus, a crypto-only remailer
> can't be a terminal remailer to mailing lists, newsgroups, or
> individuals without keypairs.

Not a problem, one would think. Just need to have a key-pair for a
list-server or mail-to-news-gateway. If it gets onerous, each mail or
newsgroup on the server can have its own keypair as well.

RSA signatures are public domain now, right? :-).

Cheers,
RAH
-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Anonymous Remailers

[Nomen Nescio]

On Mon, 2 Oct 2000, Steve Furlong wrote:

> Does anyone have any suggestions for setting up an anonymous remailer? 

You can get the source for the current version of Mixmaster (2.9b23) via
anonymous FTP from mixmaster.anonymizer.com.

Send mail to [EMAIL PROTECTED] for info on the
remop mailing list.  There's also a Mixmaster-specific list:
[EMAIL PROTECTED]

If you run into trouble during install, mail either of the lists with your
questions.

> I'd like a HOWTO, suggesting software to use and how to set it up. 

There isn't one, yet.  It's being worked on.  Slowly.

> I'm pretty clueless as to what would be needed, but I have a FreeBSD box
> and a DSL line with no usage restrictions. If need be I can set up 
> another box, dedicated to this purpose. I should have the means once I
> get whapped with a cluestick.

You're set with what you have.  In theory, maintaining a separate remailer
box may insulate the rest of your hardware should LEOs come a'knocking
some day, but I wouldn't count on it.  (I also wouldn't worry about this
scenario too much.)

> I'd also like discussions of real-world problems that people have found.
> What kind of things cause you to think about shutting down your
> remailer? Technical abuse, legal difficulties, or what?

Make damned sure you're on good terms with your ISP and whoever handles
your DNS.  Your remailer may get shut down when you're not looking.

That said, I've never given serious consideration to shutting down my
remailer.  It's certainly been a headache on numerous occasions, but so
are many things.  Like children.

"Technical abuse" has been only a minor annoyance for me.  

I've received several letters from PIs ranging from demands to reveal a
user's identity, to simple inquiries on how remailers work.  I also have a
small collection of letters from standard lawyers, and from Scientologist
ones as well.  I frequently receive notes informing me that Such-and-Such
Police Department has been informed of my "crimes," but I tend to ignore
those.

Get used to receiving a lot of hate mail.  In all the time I've been running
a remailer, I've gotten one thank you note, and countless threats.  Of
course, said threats are frequently so poorly written, you may find they
make an attractive addition to your refrigerator door.

The real trick for me has been figuring out when to reply to an
inquiry/complaint, and when to forward it to /dev/null.*  It's quite
possible that you'll receive tens of complaints of "abuse" every day.
They'll range anywhere from illiterate demands to cancel "Ann Onymous's
subscrivtion" for making an off-topic post in rec.pets.cats, to
notification that "Interpol, the FBI, and my brother, the cop," are all
coming to get you...for something.  I'm particularly fond of the "crimes"
of which I'm frequently accused by these complainers.  My personal
favourite involved an astute AOLer who informed me that "accessory to
acomplise harassment" is not looked upon favourably in Washington State.  
I laughed for days.

Separating the kooks and the nitwits from the legitimate (i.e. legal)
threats is just something you'll have to learn.  It should be fairly easy
for you -- you read cypherpunks.

* At least two Cypherpunk regulars have suggested piping all abuse@ mail
off to /dev/null.  While this is nice in theory, it could be disastrous
for a DSL subscriber with a toothy ToS agreement.

RE: Anonymous Remailers cpunk

[Trei, Peter]

> --
> From: R. A. Hettinga[SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, October 03, 2000 3:59 PM
> To:   Trei, Peter; Multiple recipients of list
> Subject:  RE: Anonymous Remailers cpunk
> 
> At 10:48 AM -0400 on 10/3/00, Trei, Peter wrote:
> 
> 
> > The only bad point:
> >
> > * All recipients need to have key pairs. Thus, a crypto-only remailer
> > can't be a terminal remailer to mailing lists, newsgroups, or
> > individuals without keypairs.
> 
> Not a problem, one would think. Just need to have a key-pair for a
> list-server or mail-to-news-gateway. If it gets onerous, each mail or
> newsgroup on the server can have its own keypair as well.
> 
No, it's still a problem. The goals here are to insulate intermediaries
from responsibility for content, and make the intermediaries
unfriendly to spammers. With your suggestion, the responsibility
for content - and spamming - is dumped on the list-server or 
gateway owner, which is no better than dumping it on the
terminal remailer. I no more want to see a listserv or gateway
owner in trouble than I do a remailer operator.

Forwarding plaintext, or exploding plaintext to many recipients
is what can get you into trouble.

[...]

Peter Trei

> Cheers,
> RAH
> 
> 

Re: CDR: A famine averted...

[Bill Stewart]

At 07:58 AM 10/3/00 -0500, Jim Choate wrote:
>I also thought of an example where a famine was averted due to government
>intervention.
>The current hurricane in Belize. Had the government not stepped in and
>'price fixed' the stores would have been depleted and cached by the few a
>week ago.

Doesn't make sense.  If the government imposed rationing, that would have
kept a few people from buying up everything, or if they required the
price to be very high, it would do that, but I assume you're saying they
artificially kept the price low - in that case, it's *easier* for somebody
to buy up everything and hoard it.

>Why in major disasters do prices go up, when it is clear this is contrary
>to the best interest of the market? 

Duh - basic supply and demand.  Major disasters imply that obtaining more
stuff in the near future will be difficult or impossible, so buyers
have an incentive to pay more money to get anything they can right now,
and sellers have an incentive to ask for more money for the stuff they've got.
If the sellers gouge too hard, they risk alienating customers and losing
future business to their competitors, but the goods they have are worth
more now.


>That without price fixing the majority of people will be left without. 
>Why is this hands-off philosophy not held accountable for its failings? 
>I must assume that the resultant famine due
>to price inflation by the individual resource owners is still a result of
>that government interference. ;)

>
Thanks! 
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Re: CDR: Re: Choate physics again

[Jim Choate]

On Tue, 3 Oct 2000, Marcel Popescu wrote:

> Huh? The photons from my TV screen arrive all at different times, and yet
> the picture is pretty good :)

No, they don't. The electron beam scans across your screen in a VERY
tightly sychronized dance. Vertical retrace, horizontal retrace, etc. Each
scan line data, etc. Television has all sorts of methods to sychronize the
emission of photons. There is a sampling window issue here related to
responce time of the eye as well. Then let's not forget that the rays your
eye gets are all closely parallel also.

If you think this doesn't matter play with a time delay and a television.
Pay attention to standard high voltage technique.



 He is able who thinks he is able.

   Buddha

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: CDR: A famine averted...

[Jim Choate]

On Tue, 3 Oct 2000, Ken Brown wrote:

> Because markets have no interests, the participants in them do.

There is NO difference between a 'market' and the 'participants in them'.

Silly pseudo-economics.



 He is able who thinks he is able.

   Buddha

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Oct. 3, Newsletter Bacalao.Net

[Bacalao.net]

News at Bacalao.net - Lo nuevo en Bacalao.net
--

http://bacalao.net


NEW MARKETING OPPORTUNITY!
--

We are pleased to announce a FREE interactive service in our web site 
(http://bacalao.net) for seafood industry professionals.  

With more than 1000  visitors each day, we can bring new qualified buyers to your site 
faster than any other form of advertising --- FOR FREE!!!

We invite you to try for yourself by posting an offer today.  If you would like to 
learn how to upload photos of your equipment with each offer, or link directly to your 
company's web site, we will be pleased to assist you with the details.  Please contact 
us today by e-mail: [EMAIL PROTECTED]

Check it out, and help us building a FREE interactive marketplace for seafood.

If you want to be removed from the mailing list, you can remove your e-mail  at 
http://bacalao.net, click Join Mailing list, type in your e-mail address in the 
Unsubscribe box and click the red box.

Best regards,
BACALAO.NET

---

NUEVA OPORTUNIDAD DE MARKETING!
---

http://bacalao.net


Como parte de nuestros servicios interactivos inauguramos un nuevo servicio GRATUITO 
dedicado a las empresas de maquinarias, equipos y suministros.

Con un tráfico mayor a los 1,000 usuarios por día, http://bacalao.net  le aportará 
nuevos clientes y visitas a su sitio, y --- GRATIS!!

Lo invitamos a publicar su oferta hoy mismo. Si desea  agregar fotografías  a las 
ofertas o hacer un link directo a su sitio, nuestro equipo lo asistirá. 
[EMAIL PROTECTED]

Contáctenos!

Esperamos contar con su presencia. Acompáñenos!

If you want to be removed from the mailing list, you can remove your e-mail  at 
http://bacalao.net, click Join Mailing list, type in your e-mail address in the 
Unsubscribe box and click the red box.

Best regards,
BACALAO.NET

RE: Anonymous Remailers cpunk

[Jim Choate]

On Tue, 3 Oct 2000, Trei, Peter wrote:

> I would like to suggest that a remailer could eliminate nearly all it's 
> problems by only sending out encrypted mails - that is, if after 
> removing the encryption that was applied using it's own private
> key, it finds that the result is plaintext, it simply drops the message.

And just exactly what algorithm is that you're using to determine
crypt-v-plaintext?

Ain't no such beast and won't be until somebody comes up with nearly
infallible translation technology. We're closer to quantum computers and
making the whole thing moot than we are to having near-flawless
translation technology.

If a bullfrog had wings, it wouldn't bump its butt when it jumped.

And let's not forget the key managment problem if remailers impliment such
a policy. Without a secure key management scheme then the 'encrypted body'
approach won't work because Mallet has the keys.

Key management and a billing model are what is required to make anonymous
remailers work.



 He is able who thinks he is able.

   Buddha

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Consider these two facts: 2684

[hhwwa]

As Steve Wynn of Mirage Resorts Says,
The Only Way To Make Money In A Casino Is To Own One.

Consider These Two Facts:

1. Internet use is continuing to explode! Itÿ92s estimated that a million
new people every day are joining the hundreds of millions already
online.

2. Legalized gaming has become the top revenue earner for all forms of
entertainment in the U.S. today.

In fact PC Computing Magazine has conservatively estimated that the US
internet
gaming market could soon reach $20 billion in annual revenue.

Contact us for your FREE VIDEO AND INFORMATION KIT on how you
can own your own online internet casino and sports book. Our company is
strategically aligned with industry leaders and ready to launch an
aggressive marketing strategy.

Don't wait, go to our websitenow!


CLICK HERE



~~

To Be Removed From Any Future Mailings:
Click here and click on link at bottom of page that loadsThanks!

Sony loses anti-reverse engineering suit against Connectix!!!

[sunder]

http://news.cnet.com/news/0-1006-200-2915049.html?tag=st.ne.1002.thed.ni


Sony loses appeal in PlayStation copyright fight 
By Bloomberg News October 2, 2000, 9:15 a.m. PT 

WASHINGTON--Sony today lost a U.S. Supreme Court bid to limit rivals from using 
reverse engineering to create competing products. 

The justices, without comment, refused to consider Sony's appeal of a decision 
rejecting its copyright claims against Connectix,
whose Virtual Game Station competes with Sony's top-selling PlayStation game console. 



Heh - apparently the judge decided that it's okay to allow reverse 
engineering in this case.  Wonder how this will affect DeCSS...

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

Re: Anonymous Remailers cpunk

[Trei, Peter]

> --
> From: Jim Choate[SMTP:[EMAIL PROTECTED]]
> 
> On Tue, 3 Oct 2000, Trei, Peter wrote:
> 
> > I would like to suggest that a remailer could eliminate nearly all it's 
> > problems by only sending out encrypted mails - that is, if after 
> > removing the encryption that was applied using it's own private
> > key, it finds that the result is plaintext, it simply drops the message.
> 
> And just exactly what algorithm is that you're using to determine
> crypt-v-plaintext?
> 
> Ain't no such beast and won't be until somebody comes up with nearly
> infallible translation technology. We're closer to quantum computers and
> making the whole thing moot than we are to having near-flawless
> translation technology.
> 
> If a bullfrog had wings, it wouldn't bump its butt when it jumped.
> 
> And let's not forget the key managment problem if remailers impliment such
> a policy. Without a secure key management scheme then the 'encrypted body'
> approach won't work because Mallet has the keys.
> 
> Key management and a billing model are what is required to make anonymous
> remailers work.
> 
Jim:

We're talking about ways to prevent some of the abuse to which 
remailers are subject. Not sending out plaintext gets rid
of spam, any suggestion that the remailer knows the
content of the message, and makes sure that the recipient
is a crypto-clueful person. 

I'm *not* talking about the remailer re-encrypting a message
before it's sent off to the recipient. I'm talking about the original
sender encrypting the message all the way to the recipient, so
the remailer only sees a 'next address' and an encrypted blob.
Your note indicates that you have failed to appreciate this
simple point.

-BEGIN PGP MESSAGE-
Version: N/A

pgAABOL1Mtkh7VXcUuV8Zp8wI5sUCB/qMHZVGHKiaP7uvZhsBjoh13Pvsg6FFxES
Yes+its+possible+to+disguise+plaintext+as+cryptotext+but+all+the
remailer+really+has+to+do+is+make+sure+that+the+message+being+++
sent+out+complies+with+one+of+the+various+ascii+armouring+++
formats+If+so+you+can+be+sure+that+the+message+cannot+be
confused+with+anything+that+looks+like+regular+plaintext
GPKInIcic85IcxhTBf1RSSaY9Jbpokwrc3mhFst22kEfm0FcLZCgDuZFCgg+5GLn
9YGBtzNT1A==
=5wNL
-END PGP MESSAGE-

This won't solve every problem, but it will solve many, and
make running a remailer a much easier choice.

BTW, how would you do key management and billing in a
system which is supposed to be anonymous? My suggestion could
be implemented tommorrow . How long would yours take?

Read more carefully before you post.

Peter Trei

Re: Anonymous Remailers cpunk

[Steve Furlong]

Jim Choate wrote:
> 
> On Tue, 3 Oct 2000, Trei, Peter wrote:
> 
> > I would like to suggest that a remailer could eliminate nearly all it's
> > problems by only sending out encrypted mails - that is, if after
> > removing the encryption that was applied using it's own private
> > key, it finds that the result is plaintext, it simply drops the message.
> 
> And just exactly what algorithm is that you're using to determine
> crypt-v-plaintext?

Why not just read the first 20 bytes of the body? If 90% or more aren't
printable ASCII assume the message is encrypted.

SRF

-- 
Steve Furlong, Computer Condottiere Have GNU, will travel
   518-374-4720 [EMAIL PROTECTED]

Re: Anonymous Remailers cpunk

[Jim Choate]

On Tue, 3 Oct 2000, Steve Furlong wrote:

> Why not just read the first 20 bytes of the body? If 90% or more aren't
> printable ASCII assume the message is encrypted.

So, how come all of a sudden we're injecting algorithms that the users
must know to even access the network? What sort of regulatory mechanism is
required to mediate changes to the process?

So, we can't send uuencoded text to guard against ASCII-pure (i.e. 7-bit)
machines? Why not? I actualy prefer that sort of stuff because as a last
resort I can check it visualy for errors.

Why not offer a set of services and 'default' or 'best practice'
suggestions, leaving the actual decisions up to the user where it belongs?

A remailer should do NO content checking, ever. It's ONLY job is to route
and destroy traffic analysis.



 He is able who thinks he is able.

   Buddha

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::>/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

No Subject

[sdpofkso]

GET YOUR OWN 100 MEG WEBSITE FOR ONLY $11.95 PER MONTH TODAY!

STOP PAYING $19.95 or more TODAY for your web site, WHEN YOU CAN 
GET ONE FOR ONLY $11.95 PER MONTH!

DO YOU ALREADY HAVE A WEBSITE? ALL YOU HAVE TO DO IS TRANSFER THE 
DOMAIN TO OUR SERVERS AND UPLOAD YOUR DATA AND YOU ARE READY TO 
GO! YOUR NEW WEB SPACE CAN BE CREATED INSTANTLY WITH JUST A 
SIMPLE PHONE CALL TO  OUR OFFICE.

YOU CAN CHANGE THE DESIGN OF YOUR SITE AS MUCH AS YOU WANT with 
no extra charge!  UNLIMITED TRAFFIC -- no extra charge!

FRONT PAGE EXTENSIONS are FULLY SUPPORTED.

A SET UP FEE OF $40.00 APPLIES for FIRST TIME CUSTOMERS.

ALL FEES PREPAID IN ADVANCE FOR THE YEAR PLUS A $40.00 SET UP 
CHARGE.

FOR DETAILS CALL 1 888 248 0765  if you are outside the USA,
please fax 240 337 8325

Webhosting International

 
 
 
 
 
 
 
 
 
 
 
 

Re: Re: Anonymous Remailers cpunk

[Bill Stewart]

At 10:26 PM 10/3/00 -0500, Jim Choate wrote:
>On Tue, 3 Oct 2000, Bill Stewart wrote:
>> Remember that we're talking about detecting spam on *outgoing* messages -
>
>No, we're not. We ARE talking bout checking incoming messages to ensure
>the body of the message is encrypted. No unencrypted traffic. End to end
>crypto, all the way baby...

Sure are - it's a followon to Peter Trei's message dated
Tue, 3 Oct 2000 10:48:07 -0400 which said
= I would like to suggest that a remailer could eliminate nearly all it's 
= problems by only sending out encrypted mails - that is, if after 
= removing the encryption that was applied using it's own private
= key, it finds that the result is plaintext, it simply drops the message.

That's a remailer checking outgoing mail to be sure it's encrypted,
as well as checking incoming mail.

>What algorithm is proposed that can reliably determine the difference
>between plaintext and cyphertext, note that we don't know what algorithm
>is used, with only 20 bytes/char's?

On incoming messages, it's easy to tell if it's encrypted to *you* -
decrypt it with your private keys, job's done.  If you don't recognize
the algorithm, the message wasn't for you.

>Another question I have is, does this mean that anonymous stego isn't
>possible now with this approach. 

Hmmm.  That's a more interesting problem - this does seem to have the
tradeoff that if you want to get messages sent to you using stego,
you shouldn't use a remailer that has a PGP-out-only policy.
On the other hand, mail from a known Cypherpunks Anonymous Secret
Message Remailer adds a certain amount of suspiciousness anyway.
You want to get your stego messages from "Fred's GIF-of-the-Day" or
"Pirate-Muzick-R-Us" or something that's a better cover story -
so make sure those sites accept incoming PGP mail.

>What algorithm will reliably find stego data?

If you can reliably find it, it's not very good stego :-)
Open source stego that's not key-based has inherent weaknesses -
the eavesdroppers can easily extract the message from the cover text,
so the message needs to be binary random-looking noise which
somewhat plausibly belongs in the message (e.g. low bits of sound samples.)

Thanks! 
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Re: Niiice kitty....

[James A.. Donald]

 --
At 02:23 AM 10/3/2000 -0400, Steven Furlong wrote:
 > But if Chomsky were in the habit of making up or "massaging" quotes,
 > perhaps he wouldn't give full reference information even for real
 > quotes. That way, when he did make up a quote, the lack of full cite
 > wouldn't count as a datum supporting the "made up" hypothesis.

Chomsky gives what sounds like full reference information for citations, 
but often these citations turn out to be unverifiable or highly misleading.

My favorite example is of course "repeated discoveries that the massacre 
reports were false".  (No one has been able to find these discoveries)

Charles Kalina's favorite example is Chomsky's fabricated quotes supposedly 
from Shawcross attributing ridiculous views to Shawcross.

However I am not much interested in those.  Charles Kalina seeks to argue 
that Chomsky is a cult leader, not a legitimate scientist, so the example 
of a lie that has the effect of libelling those of Chomsky's fellow 
leftists who failed to follow Chomsky's leadership serves Kalina's purpose 
well.

My purpose is different from Kalina's.  I seek to show that "anarcho 
socialists" are for the most part merely Marxists who have escalated the 
rhetoric about the state withering away, so the example of a lie that has 
the effect of serving the then Moscow line serves my purpose 
well.   Chomsky's pre1979 lies on Cambodia serve my purpose particularly 
well because the Moscow line on the Khmer Rouge changed abruptly in January 
1979.

Since nearly all today's anarcho socialists are incapable of issuing a 
statement that differs from the Moscow line as it was in 1987, they are 
severely handicapped in defending Chomsky.  They cannot say that what he 
said then about the Khmer Rouge was true, since after 1979 it became 
officially untrue.

 --digsig
  James A. Donald
  6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
  z53ZKZUN3B2Ev4r0h6bnHrb16EHfH+WcY8O6DvZC
  4/CssZ9J/joHF24TL2z55D2+xp6uWfYgChGl4yeyb

Re: CDR: Shunning, lesbians and liberty

[James A.. Donald]

 --
James A. Donald:
 > > You are putting ordinary dictatorships, like Pinochet's Chile or
 > > Park's Korea, in the same category as communist dictatorships,
 > > like Castro's Cuba or Mengistu's Ethiopia.  That is ridiculous.

01:02 PM 10/3/2000 +0100, Ken Brown wrote:
 > You really are a prat aren't you?
 >
 > So it is OK to be killed by a fascist bullet but not by a communist
 > one? There are a few million dead who would have been happy had they
 > known that before the likes of Pinochet or Franco murdered them.

Pinochet was not a fascist, not a totalitarian, and murdered only two or 
three thousand.  Any communist ruler that murdered so few would be hailed 
as a living saint and the moral equivalent of Ghandi.  Franco was a 
fascist, a totalitarian, but milder than most fascists, and most fascists 
are milder than most communists.  Franco only murdered fifty to a hundred 
thousand, which would not quite qualify him for sainthood if he was a 
communist, but close enough.

James A. Donald:
 > > and the distribution of famine (excluding famines caused by war)
 > > illustrates that difference. So let us go back to the original
 > > question:  Where was there a significant twentieth century famine
 > > other than those caused by war or socialism?

01:02 PM 10/3/2000 +0100, Ken Brown wrote:
 > Why include the word "socialism"?  Almost without exception, war is
 > almost the only thing that ever caused a prolonged famine. The
 > flavour of dictatorship in power at the time has very little to do
 > with it.

Only if you define socialism as war.  Socialist famines are usually imposed 
once the proletariat have been completely disarmed, and all resistance has 
been shattered.  The Ukrainian famine, the hungry ghosts famine, and the 
recent North Korean famine are all good examples of such famines.

Socialist famines are incomparably more severe and prolonged than war 
famines, the two greatest famines of the twentieth century being the 
liquidation of the kulaks, and the hungry ghosts.

Socialist famines are in a sense caused by war, in the sense that socialism 
tends to be unending war against a disarmed and already conquered populace.

So let us go back to the original question:  Where was there a significant 
twentieth century famine other than those caused by war or socialism?

 --digsig
  James A. Donald
  6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
  lnvt63+kFATuzbBdfp7sBHqo5VLNB3h9fUgBl0Kg
  4lX0FbyttnyjptykIBLTgR2aDJiF2Ik1nFC8DF2QR

Direct Email Marketing Services

[a_z50]

TIRED OF ENDLESSLY POSTING YOUR ONLINE CLASSIFIED AD AND GETTING 
NO RESULTS?

The fact is there are over 7000 such sites scattered about the web
and frankly none of them generate enough traffic to be worth your
while. Even when someone does find or visits one of these sites, your
ad is hopelessly lost in a myriad of similar offerings.

Another frustration is search engines. If you are not in the Top 10
forget about high traffic visiting your web site. Not everyone can be
in the Top 10 and stay there, when there are estimates of 4 million
that have a web pages.

You ask, how do we know? That's exactly what we used to do.

The greatest way of marketing this century is undoubtedly direct
e-mail. It's similar to the postman delivering a letter to your
mailbox. There is NO stumbling on to it! The ability to promote your
product, service, website, or MLM/Network Marketing opportunity to
millions instantly is what advertisers have been dreaming of for over
100 years. We will e-mail your one page promotion to a list of our
general addresses. The greatest part is, it's completely affordable.

---

NOTICE: No pornography, chain letters, get quick rich, pyramid scheme,
or any threatening or questionable materials. Don't even Ask!!

---

STANDARD PRICING AND PROCEDURES

---

EXTRACTING:

Our list of general Internet addreses are actually extracted 
from the most popular web sites on the Internet. The addresses are verified 
and run through our purification process. The process includes addresses
run against our custom filter of 2,492 keywords to remove as well as
through our 192MB remove /flamer list. The EDU, ORG, GOV, Mil, and US
domains are removed as well as well as other domains that asked not to
receive e-mail.

---

SET-UP FEE:  $150.00
This will cover the costs of uploading files, Internet Access (ISP),
and software set-up.

---

EVALUATION:  $350.00 (optional)
One of our Marketing Specialists will evaluate your sales letter, and
offer his/her expertise on how to make it the most successful.

---

STANDARD PRICING: (Emails Delivered)
1 Million- $800.00 per
2 Million- $700.00 per
3 Million & up- $600.00 per

---

SPECIAL OFFER!

This introductory offer of $475.00 includes:

1. Set-Up Fee
2. Evaluation of sales letter 
3. 250,000 e-mails delivered

---

PAYMENT POLICY
All services must be paid in full prior to delivery of advertisement.
Under NO CIRCUMSTANCES will any sales or marketing strategies be
discussed until payment is received.
---
If you are serious about Direct Email Marketing-Fax the following
form to (253) 498-4648
--

THIS FORM MUST BE COMPLETELY FILLED OUT!

Contact Name: _
Business Name:  __
Business Type:  __
# Years in Business:  _
Address: _
City:   State: __  Zip: __
Country: ___
Email Address: ___
Phone:  __Fax:  

---

Re: Anonymous Remailers cpunk

[Sean Roach]

At 05:22 PM 10/3/2000, Steve Furlong wrote:
...
>I'm assuming there's a way to tell with minimal difficulty if a message
>is encrypted, without relying on an easily-spoofed X header line.
>Perhaps someone who knows more about all of the many message protocols
>can weigh in here.
...

Excuse me for butting in here, as my knowledge of crypto can be expressed 
on one page, double spaced, but.

I believe Robert Morris, father of the (in)famous RTM, wrote a 
"spellchecker" for UNIX back in the 70's that was based on character 
probability.
He's also, from my understanding, responsible for the one way hash that 
keeps UNIX passwords secure, and he later signed on with the NSA.

Couldn't something that A.  Watched for a limited list of known words, 
(including the header information for UUENCODED, and MIME encoded, GIF's, 
JPG's, BMP's, MP3's etc, along with a dictionary of very common 6+ letter 
words.  and B.  Back that up with some simple analysis, of the sort that 
can break single alphabet cyphers, (finding the e's, etc).

Correct me if I'm wrong, and I may very well be, but, wouldn't an ecrypted 
message using modern techniques have a near flat distribution of all 
characters used?

Good luck,

Sean Roach

Re: CDR: Re: Anonymous Remailers

[dmolnar]

On Tue, 3 Oct 2000, Ryan McBride wrote:

>  Mixmaster can be installed in the low-maintenance 
>  `middleman' mode. In that mode, it will send mail to 
>  other remailers only, to avoid complaints about 
>  anonymous messages.
>   
> Obviously this isn't a perfect solution, but it helps somewhat. It's what
> I'm planning on doing until I can familiarize myself with the legal
> ramifications of running an "open" remailer.

It's a nice first step...it's just that if an adversary knows you
are running a middleman and has control over one of the hosts relaying
mail for your ISP, it may be able to 

1. send mail ostensibly to a legitimate, remailer address
via your "middleman" remailer

2. intercept the message you send out at the captured mail
relay

3. change the header so the mail you thought was going to
a remailer ends up in someone else's e-mail account. or
maybe the e-mail account of the adversary so he can
pose as an aggreived user.  

A contact to the ISP follows. You can try to convince your ISP that
"no, this shouldn't happen because I'm running as a middleman," 
but it's not clear how you could prove that you're under this kind of
attack. The threat here is an adversary who wants to see the remailer
go down, but is unwilling or unable to just mailbomb it. The
adversary succeeds after your ISP gets enough complaints about your
crappy remailer administration to pull the plug.


I'd have to go read the code to figure out whether a plaintext message
could be sent this way, or just a message actually encrypted to another
remailer. Might not be so bad if only encrypted messages go through, but
if an adversary can get plaintext messages through then you seem to have
the same possible exposure as if you were a public remailer. 
(though in real life, of course, it will be much less because who's
going to do this?)

-David