|
Home > Archive > Anonymous Servers > September 2007 > Remailer Allow List - Followup
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Remailer Allow List - Followup
|
|
| Nomen Nescio 2007-09-18, 7:12 pm |
| I think hashcash would work well for this - no need for 'capcha'.
Allow the user to use the same hashcash token over and over,
either permanently or for x days. But allow only 1 or 2 posts per
day.
Make the generation of the hashcash (ral token) take, let's say, 20
hours for a middle-speed computer. What would that be, 2ghz?
Not too many people would dedicate a computer to churning out
ral tokens if it took that long to make one, but if somebody did,
and publicized them on apas or elsewhere, the maintainer of the ral
database could simply flag them as expired. Poof, all that work
gone in an instant.
Sure, you might email one to a friend who has a slow computer, and
that is fine, but I don't think there would be a problem with
anybody generating ral tokens wholesale and giving them away.
Yes, it takes a long time to make a token, but it is
reusable forever or for x days, and if all the exit remailers
signed on to the ral, anybody who really needed to use the
remailer system, rather than use it to have fun, would probably be
glad to invest his computer's time to create the ral token.
There would be far fewer posts going through the system, but the
remailer operators, who are clearly an idealistic lot, would have
the great satisfaction of knowing that the posts were from people
who truly needed the service that the operators were offering.
| |
| Borked Pseudo Mailed 2007-09-19, 1:14 am |
| Eelbash Admin wrote:
> There would be far fewer posts going through the system, but the
> remailer operators, who are clearly an idealistic lot, would have
> the great satisfaction of knowing that the posts were from people
> who truly needed the service that the operators were offering.
It seems you don't understand various things about the remailer
network and how it provides anonymity; with your history, it isn't
surprising.
Far fewer messages going through the system is *not* a good thing. The
anonymity the network provides relies on your message being mixed
up with loads of others. People just 'having fun' actually help
provide cover for the people who 'actually need to use it'.
What you are proposing also turns the network into a *pseudo*nonymous
network instead of an anonymous one. Having tokens that stay around for
multiple messages links all of those messages together which is not a
good thing for anonymity for pretty obvious reasons.
And of course we have the whole "what problem is this trying to
solve?" question that needs to be asked. You come up with all these
crazy controlling schemes to solve problems that don't exist. The
remailer network is working just fine thanks very much; even better
now that you don't run one.
Explain why you feel this has to be done. Let me guess, you're seeing
posts coming from the remailer network that contain content you find
offensive or abusive or whatever and you feel they should be stopped?
| |
| Anonymous Remailer (austria) 2007-09-19, 1:14 am |
|
Nomen Nescio wrote:
> I think hashcash would work well for this - no need for 'capcha'.
> Allow the user to use the same hashcash token over and over,
> either permanently or for x days. But allow only 1 or 2 posts per
> day.
And of course partition that user either permanently, or for x days.
>
> Make the generation of the hashcash (ral token) take, let's say, 20
> hours for a middle-speed computer. What would that be, 2ghz?
One inherent problem with hashcash is how it penalizes weaker users.
Current implementations strike a sane balance between effectiveness and
control of abuse. Your "enhancements" would accomplish nothing but
making it impossible for Chinese dissident types to use the remailer
network. All you'd do is drive a stake through the heart of the good
things remailers are used for because the people who need anonymity the
most are typically those with the least horsepower and most limited
windows of opportunity to post. Jiang Foo, a poor Christian living in
Commmunist Asia desperately trying to move informatin about his
impending arrest using the dinosaur 386 he and 20 other people share
would have to wait weeks or months to be able to send a message.
> Not too many people would dedicate a computer to churning out
> ral tokens if it took that long to make one, but if somebody did,
> and publicized them on apas or elsewhere, the maintainer of the ral
> database could simply flag them as expired. Poof, all that work
> gone in an instant.
You could do the same thing with digital signatures.
Oh wait, we already have a system like that in place. It's called nym
servers.
> Sure, you might email one to a friend who has a slow computer, and
> that is fine, but I don't think there would be a problem with
> anybody generating ral tokens wholesale and giving them away.
On the contrary, your scheme would create that market. But only in
microcosms where users didn't truly need anonymity. Like among abusers.
Those who reply on strong anonymity would either be forced to
compromise it my accepting authentication certificates from third
parties, or be prohibited from using the network.
> Yes, it takes a long time to make a token, but it is
> reusable forever or for x days, and if all the exit remailers
> signed on to the ral, anybody who really needed to use the
Great. Not only do you suggest that users partition themselves with
unique identifiers, but that those identifiers should be shared across
all points of failure.
Are you trying to devise a way to combat abuse, or attack anonymity
directly?
> remailer system, rather than use it to have fun, would probably be
> glad to invest his computer's time to create the ral token.
>
> There would be far fewer posts going through the system, but the
Yet another way the security of the remailer network would be
compromised.
> remailer operators, who are clearly an idealistic lot, would have
> the great satisfaction of knowing that the posts were from people
> who truly needed the service that the operators were offering.
Quite the opposite in fact. What you'd have is a situation where users
with the most time and resources, and no pressing need for strong
anonymity, would have a distinct advantage over the vast majority of
legitimate users.
This idea is probably one of the worst you've ever had.
| |
| Anonymous Sender 2007-09-19, 7:14 am |
| In article <4c4a0d58576fc2f69de75671cd25841c@dizum.com>
Nomen Nescio <nobody@dizum.com> wrote:
>
> I think hashcash would work well for this - no need for 'capcha'.
> Allow the user to use the same hashcash token over and over,
> either permanently or for x days. But allow only 1 or 2 posts per
> day.
>
> Make the generation of the hashcash (ral token) take, let's say, 20
> hours for a middle-speed computer. What would that be, 2ghz?
>
> Not too many people would dedicate a computer to churning out
> ral tokens if it took that long to make one, but if somebody did,
> and publicized them on apas or elsewhere, the maintainer of the ral
> database could simply flag them as expired. Poof, all that work
> gone in an instant.
>
> Sure, you might email one to a friend who has a slow computer, and
> that is fine, but I don't think there would be a problem with
> anybody generating ral tokens wholesale and giving them away.
>
> Yes, it takes a long time to make a token, but it is
> reusable forever or for x days, and if all the exit remailers
> signed on to the ral, anybody who really needed to use the
> remailer system, rather than use it to have fun, would probably be
> glad to invest his computer's time to create the ral token.
>
> There would be far fewer posts going through the system, but the
> remailer operators, who are clearly an idealistic lot, would have
> the great satisfaction of knowing that the posts were from people
> who truly needed the service that the operators were offering.
Blow me.
|
|
|
|
|