Re: [cryptography] [Cryptography] prism proof email, namespaces, and anonymity

2013-09-15 Thread Adam Back 

On Fri, Sep 13, 2013 at 04:55:05PM -0400, John Kelsey wrote:

The more I think about it, the more important it seems that any anonymous
email like communications system *not* include people who don't want to be
part of it, and have lots of defenses to prevent its anonymous
communications from becoming a nightmare for its participants.


Well you could certainly allow people to opt-in to receiving anonymous
email, send them a notification mail saying an anonymous email is waiting
for them (and whatever warning that it could be a nastygram, as easily as
the next thing).

People have to bear in mind that email itself is not authenticated - SMTP
forgeries still work - but there are still a large number of newbies some of
whom have sufficiently thin skin to go ballistic when they realize they
received something anonymous and not internalized the implication of digital
free-speech.


At ZKS we had a pseudonymous email system.  Users had to pay for nyms (a
pack of 5 paid per year) so they wouldnt throw them away on nuisance pranks
too lightly.  They could be blocked if credible abuse complaint were
received.

Another design permutation I was thinking could be rather interesting is
unobservable mail.  That is to say the participants know who they are
talking to (signed, non-pseudonymous) but passive observers do not.  It
seems to me that in that circumstance you have more design leverage to
increase the security margin using PIR like tricks than you can with
pseudonymous/anonymous - if the contract is that the system remains very
secure so long as both parties to a communication channel want it to remain
that way.

There were also a few protocols for to facilitate anonymous abuse resistant
emails - user gets some kind of anonymously refreshable egress capability
token.  If they abuse they are not identified but lose the capability.  eg
http://www-users.cs.umn.edu/~hopper/faust-wpes.pdf

Finally there can be different types of costs for nyms and posts - creating
nyms or individual posts can cost real money (hard to retain pseudonymity),
bitcoin, or hashcash, as well lost reputation if a used nym is canceled.

Adam
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] prism proof email, namespaces, and anonymity

2013-09-15 Thread StealthMonger 
John Kelsey crypto@gmail.com writes:

 In the overwhelming majority of cases, I know and want to know the
 people I'm talking with.  I just don't want to contents of those
 conversations or the names of people I'm talking with to be revealed
 to eavesdroppers.  And if I get an email from one of my regular
 correspondents, I'd like to know it came from him, rather than being
 spoofed from someone else.

That's a good description of stealthmail [1].  My only regret is that it
badly needs an update and I don't have time these days to work on it.
But it still works out of the box.  Here's the Debian description:


Package: stealthmail
Architecture: all
Pre-Depends: gnupg
Depends: procmail, esubbf, openssl, dc, libssl0.9.6 | libssl0.9.7,
 fetchmail | kmail, suck, ppp, solid-pop3d, exim | exim4, dpkg (= 1.10.21),
 grep (= 2.5), bash (= 2.05b), ${shlibs:Depends}, ${misc:Depends}
Description: scripts to hide whether you're doing email, or when, or with whom
 Maintain on-going random cover traffic via usenet newsgroup
 alt.anonymous.messages, substituting encrypted live traffic when
 available.  A live message is indistinguishable from a random cover
 message except with the decryption keys.  All potential participants
 send messages to alt.anonymous.messages with rigid periodicity
 uncorrelated with any live traffic, and maintain an uninterrupted
 full feed from alt.anonymous.messages, so that an observer cannot
 determine whether, when, or among whom live communication is
 happening.
 .
 Members of a stealthmail group -- call it OurGroup for purposes
 of this discussion -- are defined by their knowledge of the
 encryption keys created for the group.  With this package installed,
 mail addressed to OurGroup@stealthmail does not go directly to the
 Internet like ordinary mail, but gets encrypted by the OurGroup key,
 given an encrypted subject intelligible only with OurGroup keys, and
 queued to go to alt.anonymous.messages in place of a piece of cover
 traffic at the next scheduled sending time.  Meanwhile, all messages
 appearing on alt.anonymous.messages are downloaded into an incoming
 queue.  A POP3 server runs on the local host.  The mail reader is
 provided with filters so that when it fetches mail from this local
 server, messages having subject lines encrypted for OurGroup (or any
 other stealthmail group of which this host is a member) are decrypted
 by the appropriate key and presented.  Other messages are discarded.


[1] See mailto URL below.


-- 


 -- StealthMonger stealthmon...@nym.mixmin.net
Long, random latency is part of the price of Internet anonymity.

   anonget: Is this anonymous browsing, or what?
   
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key



pgpO3k_UKHHKr.pgp
Description: PGP signature
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography