|
Home > Archive > Anonymous Servers > September 2006 > Proposal for a simple nym - what do you think?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Proposal for a simple nym - what do you think?
|
|
| Bill Sykes 2006-09-20, 1:13 pm |
|
I admire the thought that has gone into the nym services, and hope that
they are widely used. My problem is that I find it difficult to set up a
nym. There are probably a lot of people like me, and I have a proposal for
a very simple nym and would like to get your opinion of it.
A user sends an email through the remailer system to setup@nymserver.
It has two lines: a nym name and a password. For evample:
mynym
12345678
where 'mynym' is the nym name and '12345678' is the password.
the nymserver adds the information to its database.
The user posts through the remailer system using mynym@nymserver as his
from address.
Somebody sends him an email at that address.
The email is ftp'd to the nymserver's web site as:
http://www.nymserver/12345678/C38YYU4X.CNM.
An alternative would be for the nymserver to mail the message to a
throwaway, on-the-fly, email service such as 6url.com. By typing 12345678
at the main page he would see all messages for his nym.
Whatever web site is used, it has to be accessible with Java and
javascript turned off, which is the case with 6url.com.
The user goes to the website, using Tor, and finds his message and reads
it there or downloads it.
Is this workable? Is it anonymous enough?
| |
| Anonymous 2006-09-20, 1:13 pm |
| Bill Sykes <charlesdickens.invalid> wrote:
[complex description of webmail service]
>
> The user goes to the website, using Tor, and finds his message and reads
> it there or downloads it.
>
> Is this workable? Is it anonymous enough?
It's eelbashian.
What you describe is a simple webmail service. They exist, are simple to
set up and run by experts, offer HTTPS, don't use sloppy shellscripts or
unnecessary transports like FTP, and, unlike you, are bound to data
protection laws against random snooping, among a list of other things
they're better at than you.
What was your idea again?
| |
| TwistyCreek 2006-09-20, 1:13 pm |
| Anonymous wrote:
> Bill Sykes <charlesdickens.invalid> wrote:
>
> [complex description of webmail service]
>
> It's eelbashian.
Almost spooky, isn't it?
>
> What you describe is a simple webmail service. They exist, are simple to
> set up and run by experts, offer HTTPS, don't use sloppy shellscripts or
Minor nitpicks...
1. HTTPS is generally handled by the web server software, not the
webmail software. But yes it's pretty simple to set up.
2. There's a good selection of webmail CGI packages out there that
really only need unpacked, copied to the proper directory, and a few
lines of editing to set up your host name and such. IOW, even this
isn't an "expert level" undertaking, it's doable by almost any monkey
with an opposing thumb.
Which of course leaves evil eels out of it. ;-)
| |
| Borked Pseudo Mailed 2006-09-20, 1:13 pm |
| Your friend moans about how time-consuming it is to deal with his
email correspondence using telnet.
You recommend:
[ ] Better fall back on drums.
[ ] How about an email client?
| |
| Bill Sykes 2006-09-20, 1:13 pm |
| On Wed, 20 Sep 2006 13:57:01 +0000, Anonymous wrote:
> What you describe is a simple webmail service.
Suppose we have this 'simple nym' or webmail service but with the
message that sits on the web server encrypted. Setting it up would still
be a lot simpler than a nym, but not as simple as opening an account
with yahoo, so let's compare the advantages of each.
By the way, I realize this is moronically simple to a lot of you experts,
but there are people visiting this group who don't know much about the
subject and it might be useful as a primer to them.
Regular Nym
Sending a message to a regular nym would mean it is unencrypted until it
gets to the nym server, but encrypted after that. It will end up on aam or
the nymholder's mailbox after going through a series of remailers.
If he reads it from aam, always downloading all messages, he is what?
somewhat partitioned? Safe from everybody but the NSA?
If he receives it through a series of remailers, he is what? Safe even
from NSA?
Of course, remailers come and go, so in either case, but especially the
latter, he may have to make irksome changes to keep the thing running.
Also, all but two nyms seem to be unreliable from what I have
been reading here.
A regular nym is also difficult to set up for a lot of us.
So, a regular nym can be made very safe, but it will probably be volatile
and need periodic changes to keep it reliable. Is that a fair assessment?
Simple Nym
To reiterate: I'm suggesting that the user sign up by sending an email to
the nymserver containing:
nym name
password (for the account, not the public key)
public key
Messages sent to the nymserver will be encrypted once they leave the
server - same as with a regular nym, though they will be encrypted only
once, using the public key. No conventional encryption added.
Only the user will know how to find the messages, since they will use the
password of the account as part of the name on the web site.
The user will use Tor to read/download messages.
Tor is probably useless against the NSA, because of the low latency, but
protects against anybody else.
Regular Webmail Account, used with Tor.
The user signs up with yahoo or some other webmail server (are there any?)
that does not require java/javascript, so he can use Tor to signup and use
the account.
Messages to his account are unencrypted and visible to the people who run
the web site.
If you don't care whether or not the messages to your nym email address
are ever encrypted, then a regular webmail account, using tor, sounds like
the best way to go.
If the encryption of the incoming messages (at least after they leave the
server) is necessary to you, then the simple nym sounds best.
If you also feel a need to foil NSA, then a regular nym, carefully used,
sounds best.
| |
| George Orwell 2006-09-20, 7:17 pm |
| Bill Sykes wrote:
> Regular Nym
>
> Sending a message to a regular nym would mean it is unencrypted until it
> gets to the nym server, but encrypted after that. It will end up on aam or
It's doesn't mean any such thing, because messages can be encrypted to
a standard nym account's key by the sender just as easily as they can
encrypt messages to your silly "eelbash mini-nym" account. Except
nymserver nyms are far more secure because your proposed setup and
retrieval protocols are totally buggered.
> the nymholder's mailbox after going through a series of remailers.
>
> If he reads it from aam, always downloading all messages, he is what?
> somewhat partitioned? Safe from everybody but the NSA?
A false assumption.
> If he receives it through a series of remailers, he is what? Safe even
> from NSA?
No. Reality is 180 degrees from your assumption. Reply blocks
terminating in AAM are slightly more secure than those terminating at
an email account.
> Of course, remailers come and go, so in either case, but especially the
> latter, he may have to make irksome changes to keep the thing running.
A minor problem for anyone who sets up proper nyms with multiple reply
blocks. In fact changing your reply blocks at some interval is a good
practice to get into whether or not you're having problems or see
broken reply blocks.
> A regular nym is also difficult to set up for a lot of us.
A lot?
I'd say a select few, and of those only a small percentage have any
real problem. The rest can be addressed with the age old acronym
"RTFM". Most people have trouble because they don't, or can't follow
simple instructions. Or use mostly simple-to-use software.
> So, a regular nym can be made very safe, but it will probably be volatile
> and need periodic changes to keep it reliable. Is that a fair assessment?
No, it's not in my opinion. It assumes way too much, and it's the
derivative of fallacious information.
> To reiterate: I'm suggesting that the user sign up by sending an email to
> the nymserver containing:
> nym name
> password (for the account, not the public key)
> public key
That's not a reiteration, it's a revision. Your original version said
nothing about any public key. At least be honest enough to admit when
you've been lead by the hand to some major flaw or hole in your
proposal, and tried to correct it.
Once again, if you're going to start dealing with pgp/gpg keys you're
inserting the very thing that causes most of the "problems" people
have setting up nyms now. If they can't be bothered with generating
compatible keys for a regular nym, what stretch of the imagination
makes you believe they'll be any more motivated to create compatible
keys for an insecure "eelbash mini-nym"?
> Only the user will know how to find the messages, since they will use the
> password of the account as part of the name on the web site.
<shakes head in disbelief>
Only the user, their ISP, the FBI/CIA/NSA, your mother and father, your
boss, your nosy girlfriend, some teen hacker wannabe who owns a router
or gateway anywhere in your traffic stream, the guy looking over your
shoulder or snooping around in your browser history, the bot herder who
owns the IRC channel that nasty piece of malware you picked up at
teenporn.com connects to, any admin at the web host your drawing
attention to by generating vast numbers of bizarre vhosts, and probably
any number of dozens of other people that don't happen to be at the tip
of my fingers at the moment.
This is the most glaring problem in your whole proposal. You've
severely compromised even the security offered by a standard webmail
account set up and accessed entirely through Tor by handing anyone who
happens to be looking valuable information.
> The user will use Tor to read/download messages.
>
> Tor is probably useless against the NSA, because of the low latency, but
> protects against anybody else.
You're assuming the NSA is a fabled global adversary. Many people
consider them to be somewhat less omniscient than that, especially
against such a geographically and politically diverse network.
> Regular Webmail Account, used with Tor.
>
> The user signs up with yahoo or some other webmail server (are there any?)
There's plenty. Anyone with the ability to cut and paste "free
webmail" into google will find dozens in a matter of milliseconds.
> that does not require java/javascript, so he can use Tor to signup and use
> the account.
>
> Messages to his account are unencrypted and visible to the people who run
> the web site.
So are nym messages, both normal and "eelbash mini". Unless the sender
specifically acquires the nym owner's key and encryptes at the source
they're all three open and equally vulnerable. And getting a "real" nym
owner's public key is usually very simple because most nym accounts
will send it with a properly formatted request. Unless of course the
nym owner has that feature disabled.
> If you don't care whether or not the messages to your nym email address
> are ever encrypted, then a regular webmail account, using tor, sounds like
> the best way to go.
>
> If the encryption of the incoming messages (at least after they leave the
> server) is necessary to you, then the simple nym sounds best.
>
> If you also feel a need to foil NSA, then a regular nym, carefully used,
> sounds best.
A regular nym sounds best in all three scenarios. Only a fool uses
cheap XXX, bargain bin tools that easily bend and break because they
don't perceive the job they're doing to be of any real importance.
It's always better to have and use the best tools you can, even when
they're not strictly necessary. Nothing is lost, and you and your tools
stay in good repair. 
| |
| Bill Sykes 2006-09-20, 7:17 pm |
| On Wed, 20 Sep 2006 20:30:22 +0200, George Orwell wrote:
> Bill Sykes wrote:
>
>
> It's doesn't mean any such thing, because messages can be encrypted to
> a standard nym account's key by the sender
Sure they can, but I'm assuming the sender is a civilian who knows
nothing about encryption, happened to see a message in a
newsgroup, and is sending an email to the author of the message.
If everybody used encryption, that would simplify things, but most
people don't, hence my assumption.
> just as easily as they can
> encrypt messages to your silly "eelbash mini-nym" account. Except
> nymserver nyms are far more secure because your proposed setup and
> retrieval protocols are totally buggered.
>
>
> A false assumption.
>
>
> No. Reality is 180 degrees from your assumption. Reply blocks
> terminating in AAM are slightly more secure than those terminating at
> an email account.
>
>
> A minor problem for anyone who sets up proper nyms with multiple reply
> blocks. In fact changing your reply blocks at some interval is a good
> practice to get into whether or not you're having problems or see
> broken reply blocks.
>
>
> A lot?
>
> I'd say a select few, and of those only a small percentage have any
> real problem.
My impression from the calls for help on this newsgroup for making
nyms, is that it is more than a small percentage.
> The rest can be addressed with the age old acronym
> "RTFM". Most people have trouble because they don't, or can't follow
> simple instructions.
I agree, but if you want to make the use of nyms more widespread,
then stoop to the level of the people who can't follow the
intructions as they now exist.
As often with this pc stuff, there is a lot of elitism and
arrogance, and an attitude of RTFM or go XXXX yourself. That's
fine if you want to hobnob with the snobs but I'd like to see the
slobs join in as well.
> Or use mostly simple-to-use software.
It's simple to you.
>
>
> No, it's not in my opinion. It assumes way too much, and it's the
> derivative of fallacious information.
>
>
> That's not a reiteration, it's a revision.
I said above, which you did not quote:
Suppose we have this 'simple nym' or webmail service but with the
message that sits on the web server encrypted.
'encrypted' - That was the revision.
>Your original version said
> nothing about any public key. At least be honest enough to admit when
> you've been lead by the hand to some major flaw or hole in your
> proposal, and tried to correct it.
I'm glad and usually careful to do just that. It was to save
typing that I left out the explanation, thinking that people would
be more interested in what I was saying now rather than earlier.
>
> Once again, if you're going to start dealing with pgp/gpg keys you're
> inserting the very thing that causes most of the "problems" people
> have setting up nyms now. If they can't be bothered with generating
> compatible keys for a regular nym, what stretch of the imagination
> makes you believe they'll be any more motivated to create compatible
> keys for an insecure "eelbash mini-nym"?
It's not the creation of the key that is difficult, at least for
me; the problem arises, as I said above, with the badly written or
non-existent instructions for getting through a minefield of
choices. Have you looked at the nym pages for jbn? Have you seen
what you have to do in QS to get a nym created?
Yes, I know, it's 'simple'. It isn't simple for the average user.
>
>
> <shakes head in disbelief>
>
> Only the user, their ISP, the FBI/CIA/NSA, your mother and father, your
> boss, your nosy girlfriend, some teen hacker wannabe who owns a router
> or gateway anywhere in your traffic stream, the guy looking over your
> shoulder or snooping around in your browser history, the bot herder who
> owns the IRC channel that nasty piece of malware you picked up at
> teenporn.com connects to, any admin at the web host your drawing
> attention to by generating vast numbers of bizarre vhosts, and probably
> any number of dozens of other people that don't happen to be at the tip
> of my fingers at the moment.
>
> This is the most glaring problem in your whole proposal. You've
> severely compromised even the security offered by a standard webmail
> account set up and accessed entirely through Tor by handing anyone who
> happens to be looking valuable information.
Sorry, I don't follow that. Just to be clear, I'm suggesting that
the mininym would (in one incarnation) create a
folder on the website of the nym operator's isp. The name of the
folder would be the password he emailed when he set up the nym.
Within the folder would be whatever messages he had received to
date.
Or it would go to a throwaway on-the-fly account such as one at
6url.com.
Sure, the isp could know the complete contents of the website,
but not the contents of the encrypted messages. And nobody else
would know what the folder name was, since it would be created
from the password the user would, presumably, have the sense to
keep secret.
That's a fault, but it has to be weighed against the advantage of
simplicity.
If as many people have such easy access to your pc as you
describe, above, then no kind of encryption will help you.
I'm assuming the user has his pc at his home, or at least knows
how to keep it secure when he's not around, and that he's not a
fool who goes to risky sites, etc.
>
>
> You're assuming the NSA is a fabled global adversary. Many people
> consider them to be somewhat less omniscient than that, especially
> against such a geographically and politically diverse network.
That's good to hear.
>
>
> There's plenty. Anyone with the ability to cut and paste "free
> webmail" into google will find dozens in a matter of milliseconds.
You answered before getting to the next sentence, which says:
'that does not require java/javascript'. I've looked over dozens
of 'free webmail' servers too, and found very very few that do not
require java/javascript.
>
>
> So are nym messages, both normal and "eelbash mini". Unless the sender
> specifically acquires the nym owner's key and encryptes at the source
> they're all three open and equally vulnerable. And getting a "real" nym
> owner's public key is usually very simple because most nym accounts
> will send it with a properly formatted request. Unless of course the
> nym owner has that feature disabled.
>
>
> A regular nym sounds best in all three scenarios. Only a fool uses
> cheap XXX, bargain bin tools that easily bend and break because they
> don't perceive the job they're doing to be of any real importance.
> It's always better to have and use the best tools you can, even when
> they're not strictly necessary. Nothing is lost, and you and your tools
> stay in good repair.
I would be happy to use regular nyms if:
the interface was made simpler
the nyms were more reliable
In regard to interfaces, I've seen two tutorials on rolling your
own, both almost useless when I attempted to follow them and
create the nym.
That's not to say they were badly written, but that the average
guy will find them useless.
If one of the gurus put together a script that was dedicated to
creating the nym, maybe providing a simple interface to make a
simple nym, along with one allowing for all the bells and
whistles, it might go some way toward making nyms more popular.
| |
| Bill Sykes 2006-09-21, 1:14 am |
| On Wed, 20 Sep 2006 13:57:01 +0000, Anonymous wrote:
>
> What you describe is a simple webmail service.
Why do nyms exist then? Why make the effort to set one up if a webmail
service, used with tor, will do the job?
If you can, please answer in a constructive manner.
| |
| TwistyCreek 2006-09-21, 1:14 am |
| Bill Sykes wrote:
> On Wed, 20 Sep 2006 13:57:01 +0000, Anonymous wrote:
>
>
> Why do nyms exist then? Why make the effort to set one up if a webmail
> service, used with tor, will do the job?
They're more secure. On top of layers of encryption and a distributed
network they add latency, pooling, and reordering. Things a real time
method like Tor can't offer.
> If you can, please answer in a constructive manner.
Prepending a plea for civility with a taunt generally isn't regarded as
"constructive", for what it's worth.
| |
| Anonymous 2006-09-21, 1:14 am |
| In article <9O2LJP0L38981.0284259259@twistycreek.com>
TwistyCreek <anon@comments.header> wrote:
>
> Bill Sykes wrote:
>
>
> They're more secure. On top of layers of encryption and a distributed
> network they add latency, pooling, and reordering. Things a real time
> method like Tor can't offer.
>
>
> Prepending a plea for civility with a taunt generally isn't regarded as
> "constructive", for what it's worth.
You forgot that a nym can post incoming mail to alt.anon.messages
with an encrypted header. No smtp server involved to read your
email. This system works, don't change it unless you can improve it.
| |
| Borked Pseudo Mailed 2006-09-21, 1:13 pm |
| Bill Sykes wrote:
<much snippage>
> On Wed, 20 Sep 2006 20:30:22 +0200, George Orwell wrote:
>
>
> Sure they can, but I'm assuming the sender is a civilian who knows
> nothing about encryption, happened to see a message in a
> newsgroup, and is sending an email to the author of the message.
Then there's no more or less security, from this point of view, than a
"normal" nym account. And generally much less overall. The messages are
still sent in the clear from sender to nym server, and any encryption
is done there. Decryption is performed after the message reaches its
destination in either case. The big difference is that your message
retrieval scheme thoroughly partitions a user by producing a one to one
relationship with him/her and their messages. By forcing users to visit
a specific site, server, or URL you've completely and thoroughly
destroyed any anonymity they might have had. All of it. You're using
Tor as a band aid over this sucking chest wound, and the result is an
overall significant loss of security.
What really needs to be done here, in place of some hairball scheme, is
you need to concentrate your efforts on writing the documentation you
believe is so lacking, or setting up and running a real nym server that
falls lock step with your vision of perfection. Within the context of a
real nym server of course.
Re: Nym setup problems.
> My impression from the calls for help on this newsgroup for making
> nyms, is that it is more than a small percentage.
Your impression is myopic and incorrect. The once-every-other-month-
or-so requests for nym help represent a very small fraction of nym
users.
>
> I said above, which you did not quote:
> Suppose we have this 'simple nym' or webmail service but with the
> message that sits on the web server encrypted.
>
> 'encrypted' - That was the revision.
Yes. That's what I said. You're scampering around trying to plug some
of the huge, gaping holes in your idea and telling people "I said this
before". At the very least this sort of thing is called disingenuous.
> It's not the creation of the key that is difficult, at least for
> me; the problem arises, as I said above, with the badly written or
> non-existent instructions for getting through a minefield of
I'm sorry you view the choice between RSA and DH as a "mine
field". Most of us don't see it as that big a deal, at least not after
we've overcome the daunting hurdle of reading which one a nym server
requires.
Yes, it's true. Most of the already small numbers of "I can't make it
work" complaints boil down to a user not bothering to 'R' even this
much of 'TFM'.
> Sorry, I don't follow that. Just to be clear, I'm suggesting that
> the mininym would (in one incarnation) create a
> folder on the website of the nym operator's isp. The name of the
> folder would be the password he emailed when he set up the nym.
If you don't see the folly in this, there's really no hope. 
> I'm assuming the user has his pc at his home, or at least knows
> how to keep it secure when he's not around, and that he's not a
> fool who goes to risky sites, etc.
I see. So your idea was hatched on the assumption that users aren't
capable of mastering basic encryption software, but hinges on their
knowledge of and dedication to.... overall security.
Fascinating.
<rest snipped, unread>
| |
| Bill Sykes 2006-09-21, 7:13 pm |
| On Thu, 21 Sep 2006 10:14:15 -0600, Borked Pseudo Mailed wrote:
> By forcing users to visit a
> specific site, server, or URL you've completely and thoroughly destroyed
> any anonymity they might have had. All of it. You're using Tor as a band
> aid over this sucking chest wound, and the result is an overall
> significant loss of security.
If Tor has now become merely a 'bandaid', then asking somebody to visit a
website to retrieve his email is certainly a poor idea. I thought Tor was
proof against most adversaries, perhaps even the NSA, if they are the less
than omniscient entity you say they are.
>
>
> Yes. That's what I said.
No, you said my reiteration of my revision was a revision not a
reiteration.
>
I should add that another problem is the unreliablity of nyms. Someone
mentioned two - panta and one other - that are reliable. That's two out of
how many supposedly in operation?
[vbcol=seagreen]
>
> I see. So your idea was hatched on the assumption that users aren't
> capable of mastering basic encryption software, but hinges on their
> knowledge of and dedication to.... overall security.
It's based on the assumption that there are people who would like to
use nyms who have good judgement, so do not visit 'dangerous' sites, and
know enough not to open email attachments willy-nilly, and have the
ability to secure their pcs by running programs with well-written gui
interfaces such as spybot, ad-aware, boclean, etc., and who are probably
at a stage in life where they live in their own home rather than, say, a
college dorm or some other place where unknown/untrusted people can get at
their pc, but have a less-than-good ability to understand the poor
documentation that accompanies the explanations of how to set up a nym,
and who would like to use nyms.
You can't seem to understand that people who have problems with geeky pc
stuff might otherwise be intelligent and able to exercise good judgement
in how they use their pcs.
> Fascinating.
>
> <rest snipped, unread>
Thanks for what time you did spend on the subject.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
On 21 Sep 2006, Bill Sykes <sykes@charlesdickens.invalid> wrote:
>On Thu, 21 Sep 2006 10:14:15 -0600, Borked Pseudo Mailed wrote:
>
>I should add that another problem is the unreliablity of nyms. Someone
>mentioned two - panta and one other - that are reliable. That's two out of
>how many supposedly in operation?
Four. That's half. One is unreliable because it's at LCS and run by college
kids, and the other is ignored by it's operator.
How many do you need to be reliable? Just one. So you have double what you
really need.
>
>
>It's based on the assumption that there are people who would like to
>use nyms who have good judgement, so do not visit 'dangerous' sites, and
>know enough not to open email attachments willy-nilly, and have the
>ability to secure their pcs by running programs with well-written gui
>interfaces such as spybot, ad-aware, boclean, etc., and who are probably
>at a stage in life where they live in their own home rather than, say, a
>college dorm or some other place where unknown/untrusted people can get at
>their pc, but have a less-than-good ability to understand the poor
>documentation that accompanies the explanations of how to set up a nym,
>and who would like to use nyms.
>
>You can't seem to understand that people who have problems with geeky pc
>stuff might otherwise be intelligent and able to exercise good judgement
>in how they use their pcs.
No, they are not. If they were truly intelligent, they would be capable of
learning the little bit required to use nyms. They are not hard to use or
set up, but a brand new user will have to learn some new things.
Put forth a little effort, and be rewarded with 100% anonymity. Not a bad
trade off.
>
>
>Thanks for what time you did spend on the subject.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQA/ AwUBRRLm2A6cfiGatg8+EQLivACeLJgkD0R6ldje
QdessIutpvpKiikAoPyV
PR4tQfCHewnHGl7Rsdw/F4O0
=fXsF
-----END PGP SIGNATURE-----
| |
| George Orwell 2006-09-21, 7:13 pm |
| Bill Sykes wrote:
> On Thu, 21 Sep 2006 10:14:15 -0600, Borked Pseudo Mailed wrote:
>
>
> If Tor has now become merely a 'bandaid', then asking somebody to visit a
> website to retrieve his email is certainly a poor idea. I thought Tor was
Tor is exactly a band aid in this case, because you're breaking
something then trying to repair it with Tor. You're taking something
that's ultimately the best security you can have, totaly breaking it,
then using Tor as a splint. And for nothing more than your
misconception that nym servers are beyond the capabilities of mere
mortals when in fact the numbers of people who have problems is small
and mostly a matter of not bothering to read the most basic of
instructions.
If you want to use Tor, then just use it. No need to fart around with
remailers, just open a free webmail account using Tor, access it using
Tor, and be done with it. Webmail accounts are a dime a dozen, and you
won't be adding an additional vector of compromise in the form of some
goofy "URL is your password" scheme.
>
> I should add that another problem is the unreliablity of nyms. Someone
> mentioned two - panta and one other - that are reliable. That's two out of
> how many supposedly in operation?
Four. 50% reliability and either of the two reliable nym servers will
get the job done just fine so the unreliable entries are meaningless.
Don't use them.
>
> It's based on the assumption that there are people who would like to
> use nyms who have good judgement, so do not visit 'dangerous' sites, and
> know enough not to open email attachments willy-nilly, and have the
> ability to secure their pcs by running programs with well-written gui
> interfaces such as spybot, ad-aware, boclean, etc., and who are probably
None of that crap has anything at all to do with anonymity software, or
with the encryption software that at the center of the small numbers of
problems people have with nym servers in the first place.
> You can't seem to understand that people who have problems with geeky pc
> stuff might otherwise be intelligent and able to exercise good judgement
> in how they use their pcs.
That's not what you said. You said they couldn't manage to make certain
software bend to their will in one scenario, but wouldn't have any
trouble with it in another. Whether or not you realize it, that's
exactly what you said because the exact same software willl be used in
both to encrypt messages, and the same problems will undoubtedly arise
with no doubt strikingly identical frequency. You're solving nothing,
and weakening what already exists.
Please explain where you see a benefit in that.
| |
| Bill Sykes 2006-09-22, 1:12 pm |
| On Thu, 21 Sep 2006 23:53:09 +0200, George Orwell wrote:
> Bill Sykes wrote:
>
>
>
> That's not what you said. You said they couldn't manage to make certain
> software bend to their will in one scenario, but wouldn't have any
> trouble with it in another. Whether or not you realize it, that's
> exactly what you said because the exact same software willl be used in
> both to encrypt messages, and the same problems will undoubtedly arise
> with no doubt strikingly identical frequency. You're solving nothing,
> and weakening what already exists.
>
> Please explain where you see a benefit in that.
I don't know if it is your writing style that is poor or it's me, but it's
difficult to make sense out of what you say. Some of your sentences are
almost gibberish.
I think you think that setting up a nym is no more difficult than running
a program like Adaware. Or maybe you are saying that if someone can
install pgp and create a key, he should be able to set up a nym - that the
two things are of equal complexity.
If you are saying either one, you don't know what you are talking about.
Running Adaware is a no-brainer because the gui was written by
professionals who have competitors and who will be out of a job if they
make things confusing or complicated; they are willing to stoop to the
level of the average intelligent user who is not a computer geek but who
wants to protect his computer.
When you run Adaware, you start the program and bring up the gui. If your
definitions aren't too old, all you need to do is click on 'start'. That
brings up the next screen with the scanning options. The default is 'smart
scan'. Click on next and it does the scan. If it finds anything, click on
next a couple more times and the junk is deleted.
If the definitions are old, it prompts you to download the new ones before
you click on 'start'.
If you install pgp it is almost as simple: you take the defaults (as I
recall). You have to think a bit when it comes to creating a key, but if
you go wrong, you will be told about it.
This is a lot simpler than setting up a nym with jbn or qs.
Let me describe a hypothetical nym-creation program that makes more sense
to me than the setups in jbn or qs. Compare it with what you go through to
set up a nym in jbn or qs.
I'll assume the user has somehow found out the name and setup address of
the nym he wants to use, and has somehow found and imported the key of the
nymserver, and that he knows how to use remailers and is running jbn or
qs.
He runs the program which brings up a gui. I'll describe it as if it is
text-based.
program: enter the name of your nym (as an email address). It should be
the same as your nym key.
user: joeblow@somenym.com
[the program locates the key on his keyring]
program: do you want a basic or advanced nym?
user: basic
program: what email address would you like nym messages to be sent to.
user: Bob Smith <smith@myemail.com>
[The program does a wget on a stats source. For example,
stats.bananasplit.info, and pulls off the names of remailers that are 97
percent or better. It then randomly chooses 4 to use as the remailer chain
from the nymserver to the user's email. If the 4 aren't on the user's
keyring, it might try another 4, or it might try to update his keyring
from a list of keys. If it can't find the keys, it aborts with a message
that the user needs to update his keyring.]
program: Here is the information about your nym. [It lists the information
it has, maybe in editable form. The user oks it or goes back to re-enter
information]
[If the user oks it, the program creates the reply block and prompts the
user to send it]
That's it. Any guru here could put a gui like that together between two
flicks of his cigarette ash. Understandably, they have other priorities,
but they probably also have your attitude that setting up a nym is already
as easy as it needs to be.
One problem (maybe the biggest problem) with nyms is that the
'infrastructure' is poor: Despite being described here as the best way to
have a replyable address, nyms are treated like poor relatives, with
information about them scattered and difficult to obtain.
I can go to noreply.org and see a list of remailers, with information
about keys, capstrings, reliability, etc. I know of no corresponding place
to find out information about nyms - I mean basic stuff like the keys for
the nym servers, the names of the nyms, the capstrings.
On alt.privacy.anon-server.stats there is a recent post from Bikikii that
lists 4 nyms. It looks like the first time it's been posted. That's a
start, but all it has is the name of the nyms - no capstrings, no email
address.
| |
| Anonyma 2006-09-22, 1:12 pm |
| Bill Sykes wrote:
>
> I don't know if it is your writing style that is poor or it's me, but it's
> difficult to make sense out of what you say. Some of your sentences are
> almost gibberish.
In fact, you just seem to be confused and having trouble following the
logical flow of a conversation. Ironically enough you still blundered
across a semi-relevant reply. But only after you snipped most of the
meat of a post and fixated on an issue you could apparently remain
blissfully confused about.
First we'll reiterate the salient points you snipped:
1. Your proposal is best described as shooting a big hole in the
remailer network, then using Tor to stem the flow of blood.
2. Consequently the remailer network is meaningless in context, and
users would be no worse off using Tor and any of the dozens of free
webmail services they could find with the most basic of Google searches.
3. Those facts aside, your proposal actually places users at much
greater risk of being found out because of your 'password is the URL'
nonsense. It essentially pastes a uniquely colored sticker on every
user's forehead and parades them around the Internet for everyone to
gawk at.
> I think you think that setting up a nym is no more difficult than running
> a program like Adaware. Or maybe you are saying that if someone can
Nobody said anything about Adaware being easy, hard, or relevant to
setting up a nym. In fact if you'd be so kind as to bring yourself up
to speed by reviewing your own thread you'll see that exactly the
opposite was said. Look for the phrase "None of that crap has anything
at all to do with anonymity software...".
<snip rest of irrelevant 'Adaware' rant>
> If you install pgp it is almost as simple: you take the defaults (as I
> recall). You have to think a bit when it comes to creating a key, but if
> you go wrong, you will be told about it.
BINGO! And in this context being "told about it" comes in the form of
your nym not working, no confirmation message, etc. The "going wrong"
part happens when you don't RTFM regarding what key types a nym server
uses, and you create useless keys. Whether you accept it or not, this
simple thing accounts for the vast majority of the very small number of
nymserver problems you see posted to this group.
> This is a lot simpler than setting up a nym with jbn or qs.
Nonsense. The same problem arises in either case. In fact amusingly
enough the problem regarding nym setup is most often "caused" by the
other software you seem to believe is so much more easy to use.
> Let me describe a hypothetical nym-creation program that makes more sense
So now we've meandered off on to the subject of a better GUI for the
existing nymserver implementation?
I have no real argument with that. I don't consider QS or JBN to be
particularly intuitive, but then the process of creating encryption
keys and using them, or using anonymous remailers at all, isn't
particularly intuitive to begin with. If you can create a "better GUI"
that still functions as a serviceable anonymity tool then by all means
do so. I think that you'll find solving the problem a little more
problematic than stating it though.
If you'd care to debate the efficacy of existing and theoretical GUI's,
you should probably start another thread.
<snip rest of non-topical 'GUI' rant>
| |
| Bill Sykes 2006-09-22, 7:12 pm |
| On Fri, 22 Sep 2006 12:35:28 -0400, Anonyma wrote:
> Bill Sykes wrote:
>
> BINGO! And in this context being "told about it" comes in the form of
> your nym not working, no confirmation message, etc.
That's true, but it's misleading. I know that having gone through
it. There are, it seems, at least to the non-geek, a dozen ways
you could have gone wrong, or it could be that you went right, but
the nym server doesn't confirm new nyms, or that your nym was
created but the nym server is down this week.
It's the combination of a complex setup and the uncertainty about
the quality of the nym server that I have had a problem with.
> The "going wrong"
> part happens when you don't RTFM regarding what key types a nym server
> uses, and you create useless keys.
> Whether you accept it or not, this
> simple thing accounts for the vast majority of the very small number of
> nymserver problems you see posted to this group.
That's not my impression from reading complaints over the years,
but if you've run a nym server, or have other inside information,
I'll believe you.
>
> Nonsense. The same problem arises in either case. In fact amusingly
> enough the problem regarding nym setup is most often "caused" by the
> other software you seem to believe is so much more easy to use.
You are, of course, talking about pgp, though my remark was
intended to refer to both adaware and pgp as examples.
If people are creating the wrong keys for a nym server, it's not
because they can't figure out how to run pgp, it's because they
didn't know that the nym server needed a different kind of key
than the one they created.
If you've mastered pgp to the point of creating a key, it's pretty
obvious to you what kind of key you are creating.
Despite what you think, using pgp does not present the same
problem as trying to set up a nym. pgp is much easier to master.
>
> So now we've meandered off on to the subject of a better GUI for the
> existing nymserver implementation?
This thread has been about the worth of alternative nyms and
about the difficulty or non-difficulty of setting up a regular
nym. You are probably right about the inferiority of alternative
nyms, and, in any case, I have said all I can about them.
I still think, hell, I know, that regular nyms are difficult to
set up using jbn or qs, and am suggesting that a gui might be
written to make that much easier. If that's meandering, that's too
bad.
| |
| Cyberiade.it Anonymous Remailer 2006-09-22, 7:12 pm |
| In article <45143e8f$0$22388$ed362ca5@nr2.newsreader.com>
Bill Sykes <sykes@charlesdickens.invalid> wrote:
>
>
> I still think, hell, I know, that regular nyms are difficult to
> set up using jbn or qs, and am suggesting that a gui might be
> written to make that much easier. If that's meandering, that's too
> bad.
It appears you've not heard of or used the snazzy Nym Wizard (1.9b14) which
is a module available for QuickSilver 1.4b24.
Easy as pie.
| |
| Nobody 2006-09-23, 1:12 pm |
| >I still think, hell, I know, that regular nyms are difficult to
>set up using jbn or qs, and am suggesting that a gui might be
>written to make that much easier. If that's meandering, that's too
>bad.
Combine your mail client and newsreader with OmniMix and you get the
GUI you're looking for.
BTW, with less than 200 nyms registered at panta, you're right seeing
nyms as a rarely used method of sending messages, no matter whether
it's due to an unspecific dislike, the lack of a necessity or
difficulties in setting up and using them. But, though I favour the
latter, that might be worth an investigation before jumping to
conclusions.
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified.
| |
| Borked Pseudo Mailed 2006-09-23, 7:12 pm |
| Bill Sykes <sykes@charlesdickens.invalid> wrote:
> On Fri, 22 Sep 2006 12:35:28 -0400, Anonyma wrote:
>
>
>
>
> That's true, but it's misleading. I know that having gone through
> it. There are, it seems, at least to the non-geek, a dozen ways
> you could have gone wrong, or it could be that you went right, but
> the nym server doesn't confirm new nyms, or that your nym was
> created but the nym server is down this week.
>
> It's the combination of a complex setup and the uncertainty about
> the quality of the nym server that I have had a problem with.
Oh for XXXX's sake! It's only complex if you're dumb as a
fence post. Most people who set up nyms have no trouble at
all. Some have minor issues but get them solved usually by
smacking themselves in the forehead and calling themselves
stupid. Only a few retards like you have these huge
repeating problems and see nym setup as some big puzzle.
There isn't one damned thing wrong with the way things are
now and we don't need some halfwit who can't follow simple
instructions trying to fix shit that's not broken with the
most stupid solutions he can come up with. Take your GUI
sob story and go complain the parents who hatched you or
the educational system that failed you. It's their fault
not ours.
Is THAT clear enough for you Billy?
|
|
|
|
|