[118428] in Cypherpunks
reader anonymity orthogonal? ((fwd) Re: Cypherspace project)
daemon@ATHENA.MIT.EDU (Adam Back)
Mon Sep 27 17:42:54 1999
Date: Mon, 27 Sep 1999 21:15:50 +0100
Message-Id: <199909272015.VAA09010@server.cypherspace.org>
From: Adam Back <adam@cypherspace.org>
To: eternity@internexus.net
Cc: cypherpunks@cyberpass.net
Cc: I.Brown@cs.ucl.ac.uk
Reply-To: Adam Back <adam@cypherspace.org>
More discussion of design issues -- especially the question of whether
reader anonymity should be part of an eternity design, or as I was
arguing a separate privacy vector provided by anonymizer, ZKS/freedom,
crowds, onion router, lpwa/ProxyMate. (Links for that set on:
http://www.cypherspace.org/links.html)
Adam
======================================================================
Date: Sun, 26 Sep 1999 18:40:22 -0400
From: Michael Hohensee <michael@sparta.mainstream.net>
To: Adam Back <adam@cypherspace.org>
CC: I.Brown@cs.ucl.ac.uk
Subject: Re: Cypherspace project
Adam Back wrote:
>
> I think you are adding a design criteria to eternity which we didn't
> try to address: anonymity for the reader.
>
> I think eternity designs are on the border line of too complicated to
> implement, as is, and so tried to purposefully restrict it to
> publication anonymity, and content blind service for the servers (so
> they don't see what they're serving).
You have a point. But consider that the value of a publication medium
is directly proportional to the audience it reaches. If the audience is
nervous about going to the theater, as it were, you're not going to
attract a large one. The smaller the audience, the less all of our fun
and games with eternity servers are worth, as any serious attacker would
deduce.
> Reading anonymity can be addresseed by (see:
> http://www.cypherspace.org/links.html under Anonymity references, at
> least that subset relevant to anonymous web browsing: freedom
> (zks.net), anonymizer, onion router.
The problem with most of these is that while they hide the exact data
being transfered, they're still subject to traffic analysis, and there
is no trivial way for the clients to be sure that the anonymous servers
haven't been compromised. Besides, I feel bad about even slightly
centralized anonymity systems. :-)
> Being caught reading something is not usually as high risk as
> publishing it.
That may be, but the risk of being caught reading something can be bad
enough to discourage casual use. Suppose I'm applying for a security
clearance, and my background check says that I'm spending an awful lot
of bandwidth reading anti-government materials --it probably won't help
me. Or perhaps I'm looking at illegal pornography in Malaysia, and
being added to the list of those who look at such evil materials may be
dangerous. Heck, most people go to some trouble to avoid having their
email address added to a spammer's mailing list.
It may not be imminently risky to read sensitive material, but it does
pose a long term risk if an attacker keeps track of you because of it.
If the average person is even a little bit worried about such things
occuring, he's not likely to use cypherspace, and if we're left with
only cypherpunks using the system, and pretty much everyone like that is
worth adding to somebody's list. ;-)
- --
Michael Hohensee
"Remember, it takes 42 muscles to frown and only 4 to pull the trigger
of a decent sniper rifle."
