[Remops] bomb threats

remop at hermetix.org remop at hermetix.org
Thu Aug 30 02:26:18 BST 2007 

On Tue, Aug 28, 2007 at 02:18:52PM -0700, Len Sassaman wrote:
> On Tue, 28 Aug 2007 remop at hermetix.org wrote:
> 
> > Contextual food for thoughts:
> >
> > JAP has an additional 'feature' that was added to the Mix server code
> > that enables operators to revoke anonymity if they all work together and
> > recompile their software. As stated above, this is completely covered by
> > the AN.ON threat model and no security leak. Currently, further research
> > is done by AN.ON to make this functionality even more privacy-friendly

I made a point not to make any judgement about the above statement. I
was interested in hearing what other remops think.

In light of what have been happening to hermetix (and others) it's hard
not to wish for a way to defend yourself.

Would it be bad ethics?

It makes me try to define better where we, as a network, stand on those
issues.

In my opinion, the question is the same as free speech.

Remailers offer a mean toward free speech (this is the way I run mine,
at least). Anonymity is needed for real privacy and privacy is needed
for really free speech.

If the goal was just to provide anonymity I would feel free to decide
"what" can use it "how" it can be used while still providing full anonymity
to those I want to.

In practice, the difference is in filtering out on content or not. I'm
not even thinking of backdooring the software for reasons stated below.

Mixmaster does some filtering out of the box for newsgroup and there is
some efforts made to stop spam from coming out of our network.

So we promise to offer only the first one, but we do we it for the third.
It's not clearly stated anywhere, but that's what I understand.

We offer a mean and trust in this mean is everything for the users.
I don't want us to start revoking anonymity so we can start censoring.
Then we'd have to decide what and THEN it gets really ugly ;)

Some issues are easy to decide on (spam, bomb threats) but it is not
possible to universally use the legality of content to draw a line.

What is considered legal changes from country to country as do values from
individual to individual. Even inside the same legal code the legality of
something can be debated.

Even if technically feasable, I don't think it could be done ethically.

> There have been a number of different proposals for doing backdoored
> anonymity systems. All of them have substantial problems. I am unlikely to
> be convinced that we can do backdoored anonymity systems "safely", setting
> aside the debate on whether or not they are a good idea in the first
> place.

I don't think it would be possible to revoke anonymity for only a subset
of users so we would have to revoke it altogether and thus unknowingly
from the users of the network for it to make sense. That might mean
compomising a lot of legitimate users (maybe seriously) to stop another
one from using us. This does not make sense either way.  Even if we
didn't care about free speech.

> I'm pretty convinced we don't know how to do anonymity safely in the first
> place, let alone how to design, build, and deploy a system that will break
> when you want it to, but not when you don't.

I tend to agree with you, in general. Your technical objection is
relevant and probably the pratical bottom line for an ethical decision.

> So, if our goal is to provide people with a communications channel with
> strong anonymity properties, we have no business putting backdoors into
> our infrastructure.
 
Totally!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mixmin.net/pipermail/remops/attachments/20070829/99fabbd6/attachment.pgp

More information about the Remops mailing list