Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Privacy

NymIP: Anonymity At The IP Layer 99

Posted by timothy from the they'll-never-catch-me-now dept.
Eloquence writes: "NymIP is a new project that aims to set a standard for Internet anonymity at the IP level. It was started by Zero Knowledge Systems, but is now led by Harvard's Scott Bradner, an IETF member. Some of the biggest players in the field participate in the project, which will be introduced at the 49th IETF Meeting that starts today." Comments especially sought from anyone who attends that meeting.
This discussion has been archived. No new comments can be posted.

NymIP: Anonymity At The IP Layer More

NymIP: Anonymity At The IP Layer

Comments Filter:
  • After reading the page on their site, I'm convinced this is a great endeavor. Unfortunately, I don't believe it will succeed. Obviously this protocol will only serve to mask those with something to hide such as child molestors, crackers and federal building bombers.

    "For the sake of our children", use of this will probably be outlawed-- or it will in some way be crippled by legislation so that government and law enforcement will still be able to defeat the anonymity -- defeating the main goal of anonymity in the first place.
    ---
    seumas.com

  • Onion routing doesn't require every router to participate in the protocol, but it is not based on central proxies either. Sniffing in and out packets on onion routers doesn't work (you can't match packets because one side is encrypted). The proxy server closest to you does not know any more than that you're communicating; neither who you're talking to nor about what. The same is true for the other side of the connection. A single trustworthy onion routing hop is sufficient for privacy, more trustworthy hops add redundancy and thus overall trustworhtyness. The key feature of onion routing is that from an "attackers" point of view observing traffic, even all of it, gains you nothing unless you manage to compromise every single routing hop (the onion router itself, not the communication lines!).
  • And the united states is probably one of them.
  • Running an anonymiser is a great way to conduct man in the middle attacks, particularly since you know anyone using an anonymiser is doing something they don't want people to find out about.

    You hit it right on the head.

    Sometimes, the best practical anonymity comes from not making a big deal about encryption, etc., but from just doing things the way everyone else does so that ones traffic in the clear isn't particularly noticeable, anyway, and thus not logged or read. It's the difference between mailing a postcard and mailing a red envelope with a wax seal stamped TOP SECRET on the outside. One will arouse people's curiosity more than the other.

    Unless using anonymous protcols is standard, it becomes like using encryption--waving a big red flag saying "investigate me." This puts the most ardent supporters of anonymity and encryption in the ironic position of having to be squeaky clean, because the gubmint will be looking for any reason to string them up as the battle for personal privacy against corporations and governments turns overtly nasty in the next few years.

    P.S., I've always suspected that perhaps TPTB either have a mole in or are at least closely monitoring (i.e. capturing and logging all traffic to and from) anonymizer.com and similar services. The only thing saving people committing petty crimes (e.g. piracy, questionable porn, harassment) is that the government wouldn't tip its hand for something that small in open court.

  • Re:Anonymity sometimes just isn't the right idea (Score:5)

    by Nightlight3 ( 248096 ) on Sunday December 10, 2000 @05:34AM (#569134)
    ... they know they are doing something they shouldn't be doing. If no one was breaking the rules, then there'd be no problem. By that logic, when you shut your doors when going to toilet, you have something to hide, you must be doing something wrong. Why not let the well meaning authorities have cameras in your bathroom and your bedroom if you have nothing to hide? Why not let whole neighborhood watch you on the monitors as well? You are not breaking any rules, so why not?
  • Now everyone can run a porn server without fear of big brother =)

    nah, the porn server is *run* by big brother.

    This allows big brother to both keep tabs on you, and to keep you occupied so that you do not have enough time to meddle in things where you might be actually be dangerous or get things done.

    Big brother cherishes his control.

  • Re:No Technical Details To Be Found? (Score:5)

    by regen ( 124808 ) on Sunday December 10, 2000 @05:52AM (#569136) Homepage Journal
    I know TCP/IP fairly well, and this doesn't make sense to me. I want to establish a TCP connection to another host (packets are going both ways), so how can I stay anonymous when the remote host needs to send packets back to me? It has to go from router A, to router B, etc and then back to my computer.

    You may know TCP/IP fairly well, but you don't know cryptography very well. It is possible for two parties to agree on a common random value without exchanging that value. This is the basic idea put forth in the Diffie-Hellman Key Exchange. Once you have a random number known to the two parties trying to communicate and no one else, you can use that number as an address to route the packets through the network. I don't know if this is what the research group has in mind but it is a possibility. Yes, there are some problems with this system, in particular the initial key exchange is not anonymous, but this makes it much harder to trace the actually data transfer.

    The other thing too keep in mind is this: no matter what protocol you're using over the Internet, you can find out where the packets are coming from and going to. This includes ssh (Secure Shell), tunneling, normal TCP/UDP connections and even spoofed packets. This is done by running sniffers on each interface on a router (starting with the target that's being DoSed or whatever) and seeing which interface these packets came in on. You find out what that interface is connected to and start sniffing there. Repeat this process enough times, and you'll find out the source and destination of any packet.

    In theory this will work, but once you cross an administrative domain, i.e. from one ISP's network to another ISP's network, you will find that they are so willing to co-operate. Read Cliff Stoll's Cuckoo's Egg [fatbrain.com] for a real world example. It took him over two years to track someone, not because of technical problems, but because of adminstrative problems.

    A company I used to work for had three different operating units with three different data centers in one building. To set up sniffers on the networks took two weeks of meeting and getting sign-off from data-center managers, since the managers didn't want their networks touched unless it was to fix a production problem in their network.

  • Most of these NymIP style systems (Zero Knowledge's Freedom, at least) make you have some persistence in your anonymous identity. That is, no one can tell who you are, but they can still tell that all of your activity is coming from the same place. And they could block you just the same as they would in regular TCP/IP.
    --
  • If Silencers for guns were available to the public

    Building a silencer is not rocket science. By your logic, since it's so easy, we'd all be murdering each other with silencer equipped pistols. Maybe you would be wantonly killing if you could figure out how to do it without getting caught, but it's incorrect extrapolate your own desires to mean those of every member of society.

    The point is, the greatest opponents of anonymity are opponents of anonymity for others--they want to keep getting away with the illegal things they are doing. They "know" (because they are in that situation) that those who want anonymity have something to hide.

  • Well then I guess its up to the person I shoot in the head to duck the bullet.

  • Its up to the admin to secure the site? BS (Score:4)

    by piku ( 161975 ) on Sunday December 10, 2000 @09:22AM (#569140) Homepage
    So I guess its up to the guy I shoot in the head to duck the bullet then?
  • Analogies between the internet and the real world don't work. Period.

    In the real world, people can do real harm. Like kill you, rape you, or just plain beat you up. Further, people only have finite memory, so if you walk down a crowded street, for all intents and purposes, you are _completely_ anonymous. It is only when you enter a shop, and talk to a shop assistant are you likely to lose that anonymity. Even then, their recollection is likely to be hazy.

    In contrast, online, you can do no physical harm to another human being (short of life critical systems being interfered with). If you are having trouble with (cr|h)ackers, then secure your systems! And here is the _real_ contrast with the real world: computer memory is perfect, and can record (implicating) details that are accurate for months or years (not to mention essentially costless to transfer from one person to another). Frankly, this is unprecedented in human history, and I think it would be _extremely_ unwise to give up anonymity before people have understood the true implications of perfect recall.

  • ...could you imagine if the entire internet was like that?

    It already is.

    Penguins need privacy too. The Linux Pimp [thelinuxpimp.com]

  • Your knowledge of business and marketing are kinda weak:) Routing vendors will make whatever
    sells.

  • Great now we need another administrative body to
    make sure the keys are unique? I'm not familiar with Diffie-Hellman. Does it guarantee a one to
    one hash? If so can it be that strong of an
    encryption?

    (I'm not trying to be argumentative I really want to know, this sound interesting:) )
  • The only reason people strive for anonymity on the net is because they know they are doing something they shouldn't be doing.


    Wrong, wrong, wrong!


    People strive for anonymity on the net because they fear the repurcussions of their act. Maybe they don't want to die because they're reporting a dangerous criminal. Maybe they don't want to be fired and made unhireable because you report unjust business practices. Maybe they don't want to be made an outcast because they have HIV, or they're gay, or they're not of the correct religion.


    It would be great if the only reason for anonymity was to do bad deeds. Unfortunately, we don't live in that world.

  • Money will always be a useful concept whenever two or more people have resources worth trading.
  • Freedom of speech is not much worth if You can't talk without punishment (to the end, with death). If I don't remember it wrong, there were in Soviet laws (constituition ?), during Stalin's regime, words of "free speech".
    That was, in practice, not very much of "Freedom of speech" during these Years...

    What You get with anonymus speech is opinions not liked by the majority or these with power. Thats really a good thing, that way You get opinions/thoughts that else would never appeared. Think of the Hitler regime, Pol Pot, the mafia, etc.

    Thomas Berg

  • The price of true freedom is that you have to accept all styles of life, not just those that you agree with. The "war on drugs" is probably the best example of this. Sure, drugs are dangerous. Drugs can ruin your life. But when you look at the bottom line, the "war on drugs" is anti-freedom. It all boils down to control. Do you trust the government to control your life, or do you want to live Free and choose for yourself?
  • Students in belgium unite !
  • No matter how anonymous this new technique will be there will always be a way around it. If someone is determined enough to get information out of you if you AREN'T using anonymous software, they will be even more determined to get info out of you if you are using anonymous software. If you can make it, they can hack it. The hackers will always "find the way".

    ______________________________________

    --
  • In contrast, online, you can do no physical harm to another human being (short of life critical systems being interfered with).

    Actually, you can do substantial harm to another online, physical harm isn't the only form of damage, you know. If I steal your credit card, and anonymously use it on the net for thousands of dollars of purchases, you have been harmed, even if you eventually get it all untangled. If I purchase merchandise from you, and pay with a stolen/fake CC, you still lose the merchandise, although you don't get the money. If I slander you in public sight, your reputation suffers...that is damage as well. I can certainly see that some parts of the world could benefit from the ability of people to post without repercussion, but make no mistake about it...anonymity (aka lack-of-accountability) is the single biggest factor in the slowness of the "net economy" to improve (a 30% CC fraud rate will do that). And it is directly responsible for so many of the things most of us dislike about the net now (can you say spam, trolls, and flames).

  • True, a proxy server operator can launch a man-in-the-middle attack easily, but pseudonymity can be built into IP using ideas from onion routing [onion-router.net]. You will also be interested in reading about MIX-nets [harvard.edu]; many papers have been published on this topic. If you implement these ideas on the level of email messages (as opposed on the IP level), you'll get what is known as Mixmaster [obscura.com]/Nymserver [publius.net] networks.

    I don't know about ZKS's solution, but I guess it's a mixture of MIX-net ideas and Crowds [att.com].

    If you haven't time to read the stuff behind the links above, the idea behind MIX-nets is that an encrypted datagram is source-routed through the network. Each hop is encrypted with the key of the next router. The final destination is only visible to the last router of the chain, whereas the source is only visible to the first router. Crowds, on the other hand, is based on you being a part of a 'crowd' of hosts that is sending, say, HTTP requests. The destination only sees that the request originated from the crowd.

  • That appears to be a fine troll indeed--subtle, but spitting in the face of logic.

    Do you have a citation to back up your claim of a 30% fraud rate? In the U.S. or in some third world backwater? For porn sites only? That number sounds like pure, unadulterated bullshit to me, but if you're not really trolling, I'm interested in hearing where you got it.

  • The Fling project [sourceforge.net] already does something like this. Fling protocol is only at the "nice idea" stage yet, and is hosted above the IP level, but it could be used to tunnel IP.

    Fling works on a pass-the-parcel principle like Mixmaster, where the message is bounced from one host to another, with each host not knowing if they are the final one in the bounce chain, or from whence the message originated.
  • I agree in personal freedom as well. In so many areas it is necessary for the growth of our kind. I do not beleive in providing the veil of anonynimty for the intent to do harm. I found it kind of wierd that they had a picture of some 8 yr old girl standing there looking all kinds of sad. It gave me the immediate impression that some one could use this when trying to view child porn.

    Privacy is Privacy. Respect it. You just don't walk over to your next door heighbors house and start /root-ing through his stuff right? You get busted or shot when you pull that shit, regardless if you have a ski mask on or not.

    If people could shoot back a little easier when getting cracked there'd be a lot of dead script kiddies out there. Shoot first and ask questions later. Like "what the fock are you doing in my computer? Buck-Buck!"

  • Toto, we are no longer on the Internet anymore (Score:3)

    by Paul68 ( 262479 ) on Sunday December 10, 2000 @06:30AM (#569156)
    Over the last years I have given precisely this issue quite some thought. Initially I did not like the answer.

    IP addresses allow remote servers and third parties to invade your privacy by linking your actions to that address. Even if you get a different address regularly it still is a way of linking actions within a certain timespan (typically a dailup session or a dhcp timeout). Also handing out your address to everyone makes you a target for hacking and DoS.

    So trying to allow the user to control wether this privacy sensitive informartion is given away or obscured is a good thing.

    However if you start looking at how you implement this you run into a number of interesting issues.

    1. we are talking about some form of address translation here.
    2. For certain applications this requires application-level awareness of the translation here. Please note that I am not calling it NAT, you simply rewrite the from address not alter anything in the packet. (Oh yeah, all of this breaks IP sec... So you need a seceure tunneling protocol to get to the translator.)
    3. You will need an organisation that will provide this for you. This could be your ISP, it could be someone else.
    4. At any rate you need to have a contract with those guys stating that they will keep the mapping between your real IP address and your apparent address very private and change it regularly, sometimes even for each packet you send out. (oops, you'd have to be able to select this behaviour per application, it breaks some of of the applications we have now that assume you stay on the same address during a session...)
    5. Yet the authoraties will soon catch up and governments will demand that this information will be made available for legal interception purposes. In some countries the government is already prepared for this because they stated that every telecommunication service shall be interceptable. This is not necessarily a bad thing. It is just something to keep in mind, you are not anonymous to everyone.
    6. In order to make yourself not immediately a suspect to legal investigation just by using it once. you'd have to use nymity all the time . It is a common misconception that only crooks require privacy. Everyone has the need for privacy! Wether it is about your bank transactions, religion, illnesses all people have things they'd like others not to know (or at least control to whom they communicate it).
    If we would introduce nymity boxes we seem to have lost the transparency of the Internet. I'd not like to see this as unraveling of the Internet. I'd like to see this as a different kind of IP deployment. You could tunnel this over the Internet or have a new kind of network for it.

    Is this necessarily a bad thing? No! As long as the applications remain transparent this can work. Yet it requires some thought.

    While you are breaking the Internet-model anyway you may just as well go all the way and include:

    • QoS, the kind where you can reserve a path end-to-end (this implies authentication and billing per second)
    • access control, so your wireless 3rd generation terminal does not suffer a DoS attack because someone burns up the bandwidth on its wireless link or your mobile phone gets hacked so someone can access your bank-account.
    I know, this sounds like heresey at first, but after a while I could see the appeal of a world in which you can have privacy, QoS and access control . Especially if this not replaces the Internet but offers you more choice.

    Now let's see when Scott Bradner is going to have a BoF session on this.

  • Well, actually, given the number of crypto-freaks that I've met that seem to enjoy using encryption whenever possible, I suspect that a lot of what would get revealed would be pretty picayune.

    One could even make a case for totally gratuitous use of such features (anonymizers for e-mail and IP, crypto, etc.) as a means of helping to conceal genuine uses of same. You never know when you yourself might need them for real.

  • Re:No Technical Details To Be Found? (Score:1)

    by Anonymous Coward
    There are some technical details in the document Mature NymIP Network: IP-Layer Desiderata [sourceforge.net]. Also, if you believe IP anonymizing is impossible, check out ZKS's freedom.net and try it out for yourself.

    You're right of course in that the eventual destination can see where the packets are coming from and follow it back and repeat this until hitting the source, but only with the collaboration of each node along the way. Put bluntly, a determined, armed multinational agency would be able to break through the system of course, but only with the investment of a high degree of resources.

    What it does make "impossible" is passive, wiretap-style monitoring and definately echelon/carnivore-style information-dredging, providing that at least one (of the several nodes along the way) is trustworthy.

    (by "impossible" I mean, impossible except for the usual caveats along the lines of solving the usual factoring issues or whatever.)

    I'm guessing that ZKS are finding that freedom.net is not a financially successful product, but idealistically still wish it to be available. So they're diversifying the company into other areas while encouraging non-proprietary development of the freedom.net concept. Sounds good to me.

  • What I am curious about is how they combat people hiding behind this anonymity to launch Denial of Service attacks. In Freenet, which also provides anonymity to users, DOS attacks are not possible since the only person you end up attacking is yourself, but since what they are doing seems to be at the IP layer, I don't think they can take the Freenet approach.

    --

  • Re:Just impossible (Score:4)

    by acceleriter ( 231439 ) on Sunday December 10, 2000 @06:50AM (#569160)
    Exactly. This is what we're taught, and what we (collectively speaking) never do. People who sign every message (to provide repudiation for those they didn't send, they have to sign all the ones they did send as standard procedure) are called out as paranoid. Our (collectively again) associates and friends have a hard time understanding encryption, and when they learn to operate the tools, it's inconvenient to do so, so they only use them for, you guessed it, the "good stuff."

    I agree completely that we need to make privacy, security, and anonymity standard practices--to do otherwise draws attention to those of us who do use these tools consistently.

    I also relish the thought of some three letter agency expending millions of CPU hours on my correspondence, only to find picayune (love that word--thanks) stuff :).

  • No, not impossible. There is a real world example of this system in use today. Take a look at www.zeroknowledge.net and also take a look at Chaums Digital Mixes paper, as well as the source code for the nym remailer, mix remailer, cypherpunk remailer, onion skin router and crowds proxy system.

    The issues have indeed been dealt with quite effectiely to prevent even the middlemen from knowing what traffic is flowing thru them, where it is going and from whence it came.
    Python

  • There is very much a need for anonymity. Be it reporting crack dealers without fear of them finding and killing you in revenge, women needing rape counseling without worrying about family and friends and strangers finding out who she is if she doesn't want anyone to know, employees needing to report discriminatory or unsafe practises by their employer without fear of firing, people to report abusive police action, the list is endless, and is never cut and dry, i.e. no one standard will suffice to decide what is and is not needing of anonymous speech, and there are far too many needs to have special exemptions on anonymous speech written into the law on a need by need basis. [Wow that was a long sentence].

    Can we agree that:

    (1) unlimited anonymous speech will lead to untrackable and damaging slander as well as unauthorised copying of copyrighted materials.

    and

    (2) That speech always trackable to a person will result in a climate of fear, undeserved vengeance, persecution, and a stifiling of free speech and new ideas.

    Given these two choices, I think (1) is the least evil. It's like "innocent until proven guilty beyone a reasonable doubt". i.e., better to let a few guilty people escape punishment than to ever... than to ever... I stress this because it is so important, than to ever wrongfully deprive an innocent individual of his freedom.

  • Has Happened: See nym.alias.net. (Score:3)

    by Python ( 1141 ) on Sunday December 10, 2000 @10:11AM (#569163)
    You're not very up on the times it would seem. Penet went down because its reply blocks were in the clear, and there was no ability to chain your replies thru other anonymous remailers cryptographically. Penet did not use any encryption at all. Thats why it went down. It was a giant risk to its users and as such, a nice big fat juicy target for the cult of scientology to sue (to try and get those reply blocks). The model was hopelessly flawed, but that does not mean that the idea of perfect forward secrecy, digital mixes and anonymous bi-drectional communication is flawed. Its not.

    Modern remailers, such as Type I and Type II remailers, as well as nym remailers (which allow for anonymous bi-directional traffic, without reply blocks being in the clear, and with the ability to chain the replies thru N Type I or Type II remailers) which have been in use for years, solve all of the problems that brought penet.

    You can have absolute privacy and absolute anonymity now. Just visit http://mixmaster.shinn.net [shinn.net] or any of the other remailers websites for instructions. Heck, if you want ease of use, you can install ZKS' freedom software and abstract away all the work (at a little cost to security). Privacy is not that hard to do, and its really frustrating that people on slashdot have bought into the myth that privacy is not something you can have in this day and age. That is absolute bunk.


    Python

  • "Yelling fire in a crowded theater" makes a good slogan. Too good.

    I wish people knew more about the case behind it -- Shenck vs. US (1919). Then maybe they'd be ashamed to use it as a rallying cry.

    Schenck was only informing the public of their constitutional rights (and no one accused him of not portraying those rights accurately). he was accused of yelling firw in a crowded theatre THAT WAS ACTUALLY ON FIRE. The Justices of the time(many of whom I regard highly) wanted to avoid public tumult at any cost. Shenck spent (IIRC) over a decade in prison for simply pointing out constitutional rights, and he wasn't alone. There were several cases of 'grass roots' leaders being arrested for this. I believe even the Pulitzer Prize winning journalist Upton Sinclair was arrested -- for reading the text of the Constitution to a lawfully asembled crowd. The Vietnam anti-war protests (or Slashdot) could easily be shut down under both the spirit and the letter of Schenk -- if it weren't considered, even within the legal community a dangerous and even bad precedent.

    Here's a readable summary of Shenck and many other classic precedents [krusch.com] involving the First Ameendment topics we see on Slashdot -- and for completeness and accuracy, you can check the actual ruling in Schenck [ukans.edu], too -- no one is slanting the facts. The truth actually is that disgraceful

    Remember, there are still plenty of places, in and out of the US where peace and order are considered more important than truth or justice. Not in your town? Oh yes - check your local high schools, for example (I have a kid in HS, just for the record). It's a basic human instinct going back to the monkeys
  • Shit like what happens on Slashdot! Other than the 1% of actual useful posts from anonymous cowards, the rest is plain garbage. SPAM, penis birds, first posts, flames... could you imagine if the entire internet was like that?

    While no harm is done from any of this, it still goes to show what happens when people can't be held accountable for their actions. There needs to be some acountability on the internet. There are plenty of ways for there to be anonymity as well as accountability, they just need to be implemented.

    (for instance, the option of having only ISP's have ANY information linked to your IP address. That way people must submit valid reasons to get at that information. That probably wouldnt work well, but its just a suggestion :P )

    But Slashdot does go to show that the only people who want to be anonymous are the ones that cause trouble.
  • The best way to have bad laws changed is to have people who are willing to accept the consequences of their actions stand up to them. How effect would Rosa Parks have been if she had been anonymous?
  • I recommend that anyone whose knee-jerk reaction is to flame the above post to read The Transparent Society [fatbrain.com], by David Brin. It's great book, and unless you're dense as a brick, it will challenge your assumptions on privacy, anonymity, and the role of the citizen on keeping his government and fellow citizens honest.
    --
    Bush's assertion: there ought to be limits to freedom
  • "The only reason people strive for anonymity on the net is because they know they are doing something they shouldn't be doing."

    RIGHT. So, the only reason (assuming you don't live in a fascist country) that you would want your freedoms, along the same lines as you just outlined, is if you were a revolutionary trying to overthrow the current government? Else why would you want those freedoms to go where you would, bear arms and whatnot? (insert your favorite rights if those don't apply :P )
  • Ok, fine, you should be allowed to break the law. But the people who break laws also NEED to be accountable for thier actions. If I go out and protest illegally then I should be held responsible for the actions that I do, I can go to jail, get fined, get the crap beat out of me by the cops, etc... By using an anonimizer over the internet you are then able to break the law without being held responsible, and that's jsut wrong, you should be alowed to do whatever you want without being effected in some way.
  • Penet did not use any encryption at all. Thats why it went down.

    That may be a related issue, but anon.penet.fi was shut down in response to specific cases involving child pornography. This is well documented.

  • Im not saying it's right, but if you decide to do something you have to relize that you may get killed for it. They died for what they believed in, they died doing what they loved doing. Martyrs can be a very powerfull part of change, and they deffinitly relize that thier actions have an effect.
  • Yes, it's up to the admin to secure his own site. Think about it this way: Everything you say is speech. Everything your computer says is speech.

    If I tell you "Give me your credit card number, I want to buy myself a car.", it's up to You to say "No".

    If my computer tells your computer "Give me your credit card number", it's up to your computer to say "No".

    Authentification/Identification is really what is needed. When you write a check at the store, they ask for your ID, because there is a stiff criminal penalty if you fake it. (Besides being difficult to fake.)
    So really you need criminal penalties for stealing someone's private key.

    Hey if I asked you for a piece of paper & you gave me 20 bucks in cash, that's your problem. It's also your computers problem if my computer asks for a list of files it's allowed to get & your computer gives me back the root password.

  • So I guess its not a crime to loot someones house if they left their door open?
  • > A MIX network is like a system of remailers, just for IP packets.

    Cool, an entire network of multi-level open relays for IP packets. Just what the spammers ordered.

    Will somebody please make an list of these sites, so that we can RBL them on our routers?

    --

  • Yay! (Score:1)

    by caryw ( 131578 )
    Now everyone can run a porn server without fear of big brother =)
  • Citation, as in a publicly released study? No. Evidence in the form of what -we- see at the online game company I work for; some...our fraud rate runs about 18%, but our charges are almost all repeating, monthly charges, and therefore would be expected to be lower than most store-type operations. It's anecdotal evidence (for anyone who doesn't work there, anyway), so you'll have to decide for yourself how reliable it is. For more anecdotal evidence, talking to the folks at PaymentTech (who supply our credit card services), 30% is about average for the industry.
  • I would be really suprised if Big Brother sits by and lets this project go through. It seems that there are many countries that would not allow this type of technology to be used within their boundaries.
  • OK, you aren't trolling :). Now I'm speaking anecdotally, but wouldn't online gaming be more fraud prone than, say, an online bookstore? I just can't believe that even with the obscene merchant fees and interest collected by credit card companies that they would tolerate or could survive a 30% fraud rate in online transactions. I would think it would become impossible for all but the most enormous companies to obtain a merchant account.

  • Only without logging... (Score:3)

    by limbostar ( 116177 ) <stephen&awdang,com> on Saturday December 09, 2000 @11:35PM (#569179) Homepage
    The overview isn't much on gory details, so I'm speaking from a somewhat limited viewpoint here. Hopefully someone else will know more about this and be able to flesh it out a little more into reality.

    This can only work if they intend to create what amounts to proxy-based co-operative subnets, which allocate, use, and discard IP addresses for sets of users. With a large enough number of users per group, it would tend to mask out individual users.

    The problem as I see it is that you'd still have to have some identifying information, or there's no way to form a socket. Even if the identifying information is one of the sockets within a certain group, the accessed server will still log the connection as coming from a user within that group.

    The group can't be infinitely large because that would be too much strain on the proxy routers. But they can't be too small, either, because information could be inferred from the time of the connection, etc.

    And it doesn't stop people from tying together a username, biographical information, and the proxy-router pool of users the accesses are coming from. Then again, the article says it's 'controlled nymity', but it's a long way from paying in cash for a pr0n mag.

    --sjd;
  • Online gaming in one sense probably -is- more fraud prone than merchandise sales, i.e. in the sense that our customer base is of a significantly lower average maturity than a book store's. OTOH, the fact that our customers want to play for more than one month, means that they -must- come up with a reliable means of payment, fraud isn't repeatable on any long-term basis. The balance between those factors is the interesting question. Isn't there anyone else reading here from a "hard" sales e-business that'll cough up some rough estimates of fraud rates? ;)

    Depending on how the merchant operates, the credit card issuer isn't at risk for all those fees...if they have not pre-authorized the charge (and even now, a large number of merchants don't do so), the issuer will simply not pay the merchant. If the charge gets disputed at a later date, the credit card issuer does -not- take the hit, they charge it back to the merchant. As an example, ever wonder why so many places don't take Amex? Because Amex doesn't require any sort of documentation from the customer, just a verbal statement that it's not their charge. As our average charge is in the $10-$30 range, and the cost of challenging a disputed charge is higher than that, the defrauder wins...once.

    I suspect this is a significant factor in why so few e-businesses are in the black. The costs are a -lot- higher than they appear at first glance.

  • W00-H00! (Score:5)

    by Johnny Starrock ( 227040 ) on Saturday December 09, 2000 @11:37PM (#569181)
    Now no one can trace my mad fr1st postering sk1llz!!

    B0mb-0mb hax0ring instructions are as follows:

    Oh crap... forgot to czeck "Post Anonymously"
  • I am fully for First Ammendment rights...
    Fine, then wait a bit for the comments outside of the two coasts..

    Seriously, I don't regard myself as an anarchist, but I don't think an established power should control the future, and noone should be able to escape and build something better. As a quite stretched example, how useful is money, and the concepts of "owning" music copyright to thousands of people travelling to a star system far away?

  • _When_ in the IETF is it going to be talked about? I did not see specific WG/BOF for it, at least.

  • Comment removed (Score:3)

    by account_deleted ( 4530225 ) on Saturday December 09, 2000 @11:31PM (#569184)
    Comment removed based on user account deletion
  • Comments especially sought from anyone who attends the ITF meeting.

    d00dz I s4w t4e c00l3st war3z @ da ITF m33ting ....

  • This isn't really the same as yelling "Fire!" in a crowded theater. Anything posted anonymously will face a tough credibility problem. Would you really take something said anonymously serious without something to corroborate it?

    Besides, I think it's a step we need to take. The world has already been moving in the opposite direction. We have less and less privacy all the time. There are bound to be people that decide to take steps to recover some privacy.

  • Isn't it ironic that just one week after Bill Clinton discussed the need for a "second internet" (and he wasn't talking about Internet-2) we have this technology that increases the anonymitiy of the already notoriously anonymous internet-1.

    What bubba was talking about was a second internet with restricted access, where in order to be a member of, one had to declare their identity. Personally I think this new internet is just asking for l337 h4x0rs to take advantage of. The .gov will never allow this to happen IMHO.
  • Will it be Microsoft or the world governments that try to squash this? It really looks like something that I'd love to use. It's the same with most security technologies, I'd love to be able to use them... but they just aren't there yet.
  • Well, this actually works. Go to the Freedom.net [freedom.net] page. Freedom.net is a product of Zero Knowledge [zeroknowledge.com]. I actually tried this one when the product was in a beta stage. It is using a lot of anonymous proxies. The connection from your host to the endpoint is fully encrypted. You can choose the available routers if you want. ZeroKnowledge pays you money, if you make a server for them (the money is paid depending of traffic that goes through you).

    So again: You choose the route. ZK promises, the logging is completely turned off on any of the machines. The machines are modified RedHat distributions with their software running. It _HAS_ to be a standalone machine. So it's at least nice.

    It also masks your email address and indent identity (the email anonymizing is working even nicer than anon.penet.fi -> it's completely transparent to you)

    As to technical use of Freedom.net, it is now only available for Windows, which makes me sad, because I don't use Windows. It attaches itself to the IP layer, so no other application-specific changes have to be made. Even sending/receiving e-mails is done on the POP3/IMAP/SMTP layer, not in the user's email agent.

    They were promising the Linux version from the beginning, but I can't see it, which makes me sad. This announcement makes me happy, because I hope more people will develop software based on this (very wonderful) standard.

  • I disagree. (Score:3)

    by Sylvestre ( 45097 ) on Saturday December 09, 2000 @11:48PM (#569190) Homepage
    Anonymous political speech is what it's all about. You need to be able to say things without dying for your cause... so much pain comes to those who speak out (ask Ken Sare We-wa (sp)).
  • I don't believe that because I think government organizations have better things to do than worry about what some joe schmoe is reading about.

    Ok what about the Uk governments RIP Act and other assorted snooping laws? Try here [theregister.co.uk] and here [cryptome.org] and here [observer.co.uk] and here [observer.co.uk] for the latest insanity brought to you by our esteemed leaders.

  • Re:No Technical Details To Be Found? (Score:1)

    by Anonymous Coward

    It's just not a "promise" to keep the logging off... The freedom network is set up in such a way that even if the logging was on, Zero Knowledge would not be able to link Nyms to real IDs.

    The Freedom linux client is out as well as the source (there was an announcement on /. about it).

    You can find the linux client here [zeroknowledge.com]. (I'm using it now!)
  • Although I'm not advocating full anonymity for everything internet, I would like some of the anonymity that PPP gave the user when browsing given to broadband services like cable. It's getting too easy for a web site to track a person using IP address alone because the IP address is too static.

    The limited anonymity was just a lucky artifact of PPP, because the IP address issued during login, but the effect was beneficial for the user.
  • I totally agree about the HIV point. That is a very valid use and reason for anonymity.

    But then what if that same person decides to hack into that same HIV website?
  • The other thing that makes me wonder is "how can this thing actually work?"

    Well, it can't. At least not at the level that you are thinking about. But they don't appear to be discussing implementing this as "anonymous IP". They want to implement something below the IP level--I quote from their list of goals-

    Ability to carry IP traffic, and possibly other network-layer trafic.

    To me, the word carry implies that they are intending to encapsulate IP inside their new protocol. Now, if they're going to try to craft a network level replacement for IP they may be able to achieve the goals they have.

    Unfortunately, this almost eradicates any chance of anything they produce being useful, at least in the short term. The installed base of IP aware devices is so great that anything new would spend about 99% of its time in IP-mode where the (pseudo|ano)nymity features will probably have to be unavailable.

    daniel

  • Calle Ballz makes a good point about accountability: we need to have it. Although 99% of us aren't causing trouble, that 1% can really spoil things, and with no way to track people actions, laws become meaningless. Someone has to be able to track down who-dunnit. An anonymiser can keep logs, be subject to federal law and govermnet wiretaps. Since no system can offer true anonimity, *someone* can get the information and missuse/abuse it. Would you prefer that anyone with basic network tools like traceroute have this information, so that we're all equal, or should one company or government hold our personal information in its clutches?

  • Will Never Happen: See anon.penet.fi (Score:3)

    by Ars-Fartsica ( 166957 ) on Sunday December 10, 2000 @08:04AM (#569197)
    Whether your big book of ideals say anonymity is required for you to enjoy complete privacy is irrelevant - the powers that be are never going to allow this to be implemented at the carrier/backbone level, and frankly in the world we live in, this may be a wise choice.

    Before you get into a tizzy, for 99% of us, the most intriguing thing we do online is buy things, and this is already tracked through our credit card numbers, so issues of IP tracing are irrelevant.

    Unfortuntely, you have no privacy, deal with it.

  • Governments are already spooked about cyberterrorism - they won't hesistate for a second to shut down any ISP that implements this standard. Even then, the ISPs won't go for this either, as it makes DOS/other attacks even more palatable to crackers.

    Basically the only elements of society who want this are the ones furthest away from the decision making process.

  • I was using the Linux beta until it expired, it worked great. When 2.0 is released linux will be fully supported, it should be any day now...
  • Obviously this protocol will only serve to mask those with something to hide such as child molestors, crackers and federal building bombers.

    Dear Sir,

    As an agent of the federal government I am requesting entrace to your home to look around for illegal things of any type. If you do not allow me into your home, you MUST be hiding something, like child molesting, cracking, or bomb making.

    See you soon...
  • No, penet was shut down because the cult of scientology sued Julf for the lists of his users. That is well documented. People tried and failed to shut down penet on the allegation that it was being used to send child pornography. There is an amazing dislike for anonymity by a small, vocal, visceral minority of extremeists that will make up anything to get someones anonymity stripped away from them.

    Regardless, Julf shut penet down because he could no longer guarantee the privacy of his users and he was being sued by the cult of scientology [xenu.net]. Furthermore, the Finish police admitted that there was no evidence that the remailer was involved in child porography. So that entire line of reasoning is a red herring, and is this digression you have thrown up to confuse the issue.

    Anonymous bi-directional communication is happening now, via all manner of vectors, not the least of which are Type I, Type II and nym anonymous remailers. So, you are wrong that this sort of thing won't happen, which was your original argument. Its happening now and its being done in a way that does not leave the users identity open to attack as with penet model.


    Python

  • Maybe some people do, but some people think Pro Wrestling and the Jerry Springer Show are real too. There will always be morons, but thankfully they are usually easy to spot, and we've grown accustomed to ignoring them.

  • Continuing on with the point above (which wasn't mine to begin with), I am posting as DoomHaven. So, what's that to you? A name - that's it. You have no idea who DoomHaven *really* is; whether that's me beside you, smiling that knowing smile, or if its a person you will never seen in your life. I am posting anonymously, even though you see my "nom de nette" on the posting, because, quite bluntly, you will probably never know who DoomHaven is.

    However:

    The crew at Slashdot can track my IP. They could track it down to my provider, who could pop out a name and an address, which could mean that one night, I could get a knock at my door, and hear, "Open up DoomHaven, we know you are in there!"

    However:

    Taking the "nom de nette" as DoomHaven allows me a pretty big margin of anonymity). 99% of the people/crew of Slashdot only know me as "DoomHaven", and not as "K--------- G--------". The odds of someone tracking me down are remote; they are well within my acceptable levels of anonymity. Besides which, it has been my experience that even if person X finds my real address, they will never be able to find my address because of the idiots here who have done the street signs :)

    The question now becomes: how much anonymity is necessary? Is it necessary for (to use an above poster's example) people who are reporting police brutality to be anonymous at the IP level? For rape counselling?

    What about places that require accountability, like when using a credit card to buy online? Should they refuse business with people who have anonymous IP addresses?

    And what about criminals/crackers, should they be allowed anonymous IP addresses? How will the IP addresses be allocated?

    I have serious doubts that any use of anonymous IP couldn't be done with something else.

  • Some words on the matter (Score:3)

    by kris ( 824 ) <kris-slashdot@koehntopp.de> on Sunday December 10, 2000 @12:13PM (#569204) Homepage
    Since my wife is one of the persons on the list of people actually working on this, I may add a few words to it. Marit [koehntopp.de] has a publications list [koehntopp.de] online.

    How does it work? Well, have a look at project anonymity and unobservability [tu-dresden.de] on the Internet. A MIX network is like a system of remailers, just for IP packets. There are several kinds of attacks against a MIX network ("nix the MIX") and they are categorized and discussed in that paper.

    Specifically, the problem of cooperating MIX network node operators is being discussed. Have a look at the properties of ideal MIXes: It is sufficient for the MIX network to have a single trustworthy node in your path in order to protect your anonymity (section 1.2 of that paper).

    Marit has a paper on anonymity terminology [koehntopp.de] online, too (txt version of that paper [koehntopp.de]). Have a look at it in order to get your vocabulary. Additionally, there is a web page on identity management [koehntopp.de] on her server. This relates P3P [w3c.org] and anonymity/pseudonymity.


    © Copyright 2000 Kristian Köhntopp [koehntopp.de]
    All rights reserved.
  • Are you saying that the human rights workers who are "held accountable for their actions" in such places as Burba really deserve to be shot?
  • ...but do you really want to force everyone who wants to protest do so in the open? That may not be very bad here and now, but in such places as Burma or China, it's not really an option unless one accepts a very high attrition rate of protestors. (Not that these protocols could be used there without using stenography to hide them in an audio stream or whatnot).

    Anonymous contributors really do have effects -- Had it not been possible for Madison and Jay to publish their 85 thesis as Publius, the American Revolutionary War may not have picked up steam. Do you think that America would be a better place today if these two framers had been executed for their actions (and thus if all their later contributions had been lost)?

    We may not need anonymity, but others do -- and perhaps one day we will too.
  • Obviously some of you don't read the white-papers. As the blurb pointed out, the efforts were started by Zero Knowledge Systems (http://www.zeroknowledge.com), creators of the Freedom(tm) pseudonimous software. If you check out the site and read the whitepapers, you'll see how the software anoymises your ip by going through the freedom network through 3 encrypted hops, and hav eyour packaets coming out from a freedom network node's wormhole. Thus all that someone else sees is the ip of the last freedom node's wormhole. Freedom is the proof of concept that ip's can be anonymized. I'm not suggesting that NymIP will work in the same way, indeed, its mandate is to arrive at independent and open-standard solutions that may very well be alternatives to this concept, but rest assured that it can and will be done.
  • [WARNING: RAMBLING BELOW]

    You think I'd have my MTA set up to accept NymIP connections? Hell, no! But if I were running a web site with content which might be illegal (or in violation of a ISP's TOS) *anywhere*, a download forum for crypto software, a support group for survivors of abuse or a web forum on the actions of an oppressive government, I most certainly would enable it there. And if I *were* setting up a MTA which accepted NymIP connections, I would be extremely careful about configuring it to prevent abuse. If your concern is SOMEONE ELSE setting up an MTA that does this because they like spam (or for whatever other neason), people can set up MTAs to serve as blind, anonymizing relays right now. That doesn't mean it happens.

    Me personally, I'd probably enable NymIP on my more innocuous sites too -- not company sites, of course, but certainly my own personal repository of free software. Were clients widely enough available, I might offer services through it exclusively, so that it couldn't be presumed of all users of NymIP that they're doing something wrong ('why else would you use it, otherwise?'). Why? Because I would rather put up with 100 abusers than see one person with a legitimate use go to jail or be killed; that's my bottom line.

    However, that's just me. Nobody's forcing you to accept this protocol on all ports, or to accept it at all.

    NymIP is just a tool. There's nothing inherently good or evil about it. Claiming that a tool should not exist because it can be used for ill is a position I find offensive.
  • (I'm probably going to get flamed for this post) When you walk down the street you can't just put on a "Generic Pedestrian Mask" and be anonymous to the world. Same with online, even though your IP address is shown to the world, as long as you configure stuff right, that's all that is seen. Who can put an IP address to a name/face/identity unless they research through your ISP? No one does that anyways unless you give them a reason to. The only reason people strive for anonymity on the net is because they know they are doing something they shouldn't be doing. If no one was breaking the rules, then there'd be no problem. I understand that there are plenty of paranoid conspiracy theorists out there who believe that if they go to a site that contains literature on illegal activity, that the CIA is going to log that and continue to monitor everything that person does. I don't believe that because I think government organizations have better things to do than worry about what some joe schmoe is reading about. If you could go on the internet and have absolutely no worry about anyone ever finding out who you are, then you are free to do whatever you want, including hacking, denial of service and other things that get really annoying. One complaint I have about anonymizer.com is all the people using it to exploit IIS's Unicode exploit. Where I work, when that happens, we can't do anything about it. That is why I don't agree that people should be anonymous. Just don't do anything wrong.

  • No Technical Details To Be Found? (Score:5)

    by n3rd ( 111397 ) on Saturday December 09, 2000 @11:52PM (#569210)
    This looks like a good cause, but the first thing I noticed is there aren't any technical details to be found, from links on the page referenced, or even in the mailing list archives.

    The other thing that makes me wonder is "how can this thing actually work?".

    I know TCP/IP fairly well, and this doesn't make sense to me. I want to establish a TCP connection to another host (packets are going both ways), so how can I stay anonymous when the remote host needs to send packets back to me? It has to go from router A, to router B, etc and then back to my computer.

    The only way around this issue is if a proxy is used, and I don't think this will work because someone has to provide massive amounts of bandwidth for these anonymous connections, and whoever is in control (or can gain control) of the proxy server would see everything.

    The other thing too keep in mind is this: no matter what protocol you're using over the Internet, you can find out where the packets are coming from and going to. This includes ssh (Secure Shell), tunneling, normal TCP/UDP connections and even spoofed packets. This is done by running sniffers on each interface on a router (starting with the target that's being DoSed or whatever) and seeing which interface these packets came in on. You find out what that interface is connected to and start sniffing there. Repeat this process enough times, and you'll find out the source and destination of any packet.
  • To get IP traffic the sender needs to know what IP you are at, if they can get your IP they can log it. Proxies can disguise this, but you still need to trust the person running the proxy.

    Running an anonymiser is a great way to conduct man in the middle attacks, particularly since you know anyone using an anonymiser is doing something they don't want people to find out about.
  • Here's something you can do about it - DON'T USE IIS!
  • This sounds great, but it will be interesting to see how exactly they implement this. I mean, without rewriting the entire scheme of things or having people decompile it and remove the protection anyway. This seems really hard because whether or not you get it, you still need to address the packets somewhere and with logs on ISP computers across the net, you could be traced. Unless of course they somehow bypass logs...but then the decompiling comes into play again.
  • I'm going to respond to this on the presumption that you aren't a troll -- while you have a valid point, it's also an easy one to use while looking for flames. That said...

    You operate on the presumption that that which is wrong and that which is illegal are one and the same. I (A US citizen) have done (and exported) work on crypto software (before the laws were relaxed), which made my actions illegal under munitions export laws. Does that mean I shouldn't have done it? Personally, I don't think so.

    Basically, I think that individuals should be able to defy the law. Every revolution, every protest, every major stride in human rights -- all of these involved broken laws. Do you really think humanity would be better served by an unevadable law enforcement?

    Personally, I don't.

  • Re:Anonymity sometimes just isn't the right idea (Score:4)

    by funkapus ( 80229 ) on Sunday December 10, 2000 @02:19AM (#569215) Homepage
    I see your point, but I think your analogy is flawed.

    While pedestrians can't put on a "Generic Pedestrian Mask," neither are all of their actions logged. Some of your actions are logged--video cameras will log that you walked into a store, credit card purchases create a paper trail as well--but you can avoid most of them (pay cash) and the ones that you can't avoid (security cameras) don't tie your action explicitly to your identity. They may have an image on tape of you walking into 7-11 to buy your copy of Juggs Magazine, but they don't know who that image represents without extensive research.

    Furthermore, people don't just go for anonymity because they're doing something they shouldn't be doing. If you think you might have HIV, and you're looking at HIV information sites in a panic trying to figure out what to do and whether you're going to die, you have every moral AND LEGAL right to anonymity.

    Also, it's not just concern about governmental monitoring that motivates people to go anonymous. I would argue that some cracker who wants to extort money from you is just as big a concern, as is the private investigator hired by your ex-spouse to dig up dirt on you.

    And I don't buy the statement that "government organizations have better things to do than worry about what some joe schmoe is reading about." Plenty of non-paranoid types will agree that the government does a hell of a lot of grab-bag signal interception and analysis, i.e. Echelon.
  • I think there is a lot of countries that would not allow this technology to be used OUTSIDE ther borders...

    Or is it only one country?
  • Have you some RPMs built? I could be able to build it myself, but I just can't download new gcc, gdk-pixbuf, etc. over a slow 56Kbps microwave line. I could handle the RPM download. Do you have this? If yes, please contact me (juraj (at) bednar.sk)

  • Re:Good, but do we want this? (Score:4)

    by Skald ( 140034 ) on Sunday December 10, 2000 @04:01AM (#569218)
    Anonymous speech has a long and illustrious history, both in writing an in literature. Writing anonymously can be the only way to speak out against oppressive laws and governments without fear of retribution. And freedom often seems to be an all-or-nothing issue on the Internet.

    It is interesting to note the tradition anonymity has in American Politics. Tracts like Paine's Common Sense [constitution.org] were originally published anonymously. And after the revolution, highly influential papers like those in the Anti-Federalist Papers [constitution.org] were penned under names like "Centinel" and "Federal Farmer".

    Anonymity can serve as a check on the power of government (not to mention the wraith of the masses). There is a compromise, of course. If one can speak anonymously, one is safe to publish lies and slander. And it's rapidly coming to mean that you can publish hard-core kiddy porn and nuclear weapon schematics too.

    Oh, well. Nobody said freedom was perfect. The alternative is to place your trust in your government, and hope no utterance you make ever comes to be regarded as seditious.

    Me? Well, I guess it's enough to note that my real name isn't "Skald" :-)

  • FSKing with wireless networks works by jumping between a set of frequencies in a period of time to create some form of privacy out of the link. What about jumping between between a set of IP's over a period of time... sort of like creating a blur out of the originating address? Would be a horrendus waste of addresses though, but there is always NAT I spose. This could be something to be implemented at the ISP end, with them providing the engine and NAT to go between the destination and their border network address translation device
  • When you walk down the street you can't just put on a "Generic Pedestrian Mask" and be anonymous to the world.

    Nonsense - of course you can, unless you live in a very broken country.
    --

  • Quite saddly, Ars-Fartsica shortsightedly speaks:
    "for 99% of us, the most intriguing thing we do online is buy things"

    People actually do many other interesting things on-line, and here's some of them:

    • Many folks read and contribute opinions to public or semi-public discussion forums, as you and I have done here. Perhaps it is less than in the glory days of usenet, but it's certainly a healthy percentage. Public discussing boards are common at many websites, and they tend to be filled with comments. That's no tiny fraction of users.
    • Most users exchange private messages with a limited set of other users. E-mail is used, at least somewhat, by nearly ALL internet users. Many many users, at some point, exchange email with another person whom they would not have met and communicated with in the absence of the internet.
    • A good number of people participate in real-time chat or instant messaging. AOL and MS wouldn't have a big IM war if there weren't an aweful lot of "eyeballs" at stake.
    • A significant number of people exchange files with one-another. Napster's claimed 40e6 userbase, and actual 500k to 1e6 active-at-any-given-time numbers are very significant. Copyright issues aside, digital data copying creates an exchange of commodities based on abundance instead of scarcity. I personally find this environment of abundance very intriguing.
    • A smaller, but meaningful number of users publish their ideas or creative efforts. Personal websites are often lacking content, but there are a good many that are among the most informative sites on the web, at least for their particular topic. Even though this number is small, the benefit is quite substantial, and when you consider the number of readers, the total number of users involved grows quickly.
    • A good number of programmers write Free or Open-Source software, which would otherwise not come about with the net. While the number of programmers is small compared to the entire group of users, the combined group of programmers and users of their wares (the full set involved in the communication) is rather large.
    I suppose the meaning in your comment revolves around the word "intriguing". It is a sad state of affairs when on-line shopping is more intriguing than these examples of people communicating with other in ways generally not possible with the net, and with people whom they would likely never have known, exchanging ideas that they would not have expressed, or publishing or consuming data they would not have had, had it not been for the internet.

    It is a topic of much debate if anonymous access is a benefit. For people who can't see much value in the internet beyond on-line shopping, anonymous access must seem like a worthless persuit. In all of these examples listed above, anonymous access can add intriguing possibilities. Some possibilities are for abuse (spam email comes easily to mind), some allow users to exchange copyrighted or contraband material, and others allow people to express themselves and share ideas that they would have been afraid to share otherwise.

    The in the subject line, anon.penet.fi was an anonymous remailer. (this paragraph is for the benefit of anyone who wasn't using the net back then.... back with on-line shopping more or less didn't exist) You sent an email, and it would resend it to someone else or to a newsgroup, without any identifying info about you. When someone replied, it would receive the reply and send it to you, in a similarily anonymous way. It was used heavily in the old days of the usenet (before being overrun with spam). It was commononly used by people in various alt.sex... groups, who obviously wanted to talk about their (often kinky) sex interests, without fear of neighbors and workmates learning their identity. There were many other legit uses, sexual abuse recovery discussions come to mind, though open sex related conversations seemed to be one of the largest legit uses. Unfortunately there were many abuses, such as posting hate speach, death threats, etc. I remember when it was shut down, but I've since forgotten the details. Perhaps someone else will post them. For a long time, it was believed that anon.penet.fi would never compromise. The guy running it (wasn't it something like "Julf") claimed he'd delete everything if a court order ever was served. Unfortunately, the court order did happen and enough pressure was applied that the authorities made him comply and they obtained all the data. Many people who had depended on the anonyminity were scared that they would be exposed. The whole anon.penet.fi case certainly is a lesson that in the long run, a central server won't work.

    For better or worse, I'm quite interested in the technical aspects of how such an anonymous protocol could be designed. I was unaware of these other projects, fling [sourceforge.net] and the work at zer0knowledge [zeroknowledge.com]. Had it not been for this slashdot discussion, I probably would not have learned of their existance. Now I have some interesting reading to go do.... but I'll say just one more time: anyone who thinks the most intriguing aspect of the internet is on-line shopping really needs to open their eyes. I know it's less than 99%, and I hope it's a lot less.

  • In that case the Supreme Court ruled that a Las Angeles ordinance prohibiting unlicensed distribution of anonymous handbills was unconstitutional. I believe that precedent will hold for the internet as well if its is ever tested.
    Bradley
    (who should be studying for his constitutional law test instead of posting on slashdot)
  • this is the equivelant of giving everyone a ski mask.

    Or pointy white hoods.
  • I just monitor and take action on the activity monitored by our IDS engines. We monitor 124 IDS' across the country. I do not administrate anything behind those IDS's nor do I have any jurisdiction of what is behind them. I don't even know what is behind them. If i see an event, my job is to find out if anything has been affected. and if it is I have to make sure that the source network can no longer reach any of our networks for the time it takes to isolate and fix the problem with the affected destination. Blocking anonymizer.com is just plain stupid.
  • This issue seems to me like it is more a privacy/4th ammendment type issue than a free speech/1st ammendment one. This isn't just about saying things anonymously. This is about being able to retreive information anonymously too. When I'm looking at certain websites at work, I really wish my external IP address didn't resolve to the-name-of-my-company.com. Fortunetly for me, our network uses NAT so I have the same external IP as everyone else in the building. Still, on principal, I wish I didn't have to go through anonymizer to be anonymous.
  • You have a valid point against mine. I agree that there are laws that shouldn't exist, and that sometimes it is necessary to break the law, in which case, anonymity would become a tool in helping to progress society. But that is rare. In a case of total IP Anonymity, you would have the majority of people Spamming, Hacking, DoS'ing and other things that would become a pain in the ass. It's bad enough right now with spammers that can't hide their IP's. Imagine being able to set up your own SMTP server running behind an anonymous network doing nothing but mailing 24/7. And if it's totally anonymous, then whoever supplying the service would have no right to monitor what you are doing. That is why I don't agree that it would be a good idea, for those that need to be anonymous, there are plenty of ways out there. But for a service like this to be offered out, it would just turn bad.
  • Yo, you are MAD funny, hahaha
  • I agree, most people are decent, but there are those that feel that they should be able to do whatever they want, not caring who it might hurt in the end.

    If Silencers for guns were available to the public, it would make it 90% easier to snipe off your worst enemy and make it that much harder to get caught. You could be gone from the scene long before someone figures out a gun was fired. But it is hard to obtain a silencer, so it makes it harder to get away with crimes involving firearms

    Now I am not saying that people won't break laws if they know they can get caught, but proving anonymity service would just make it easier.

    wouldn't it be great to be a bank robber and just be able to stroll into the bank, take the money, take a seat in the bank and count your loot? Then just kinda stroll out, stop by the convenience store across the street and pick up a pack of smokes?

    Bank robbing is nothing like this, it still happens though, but because it's not that easy to rob a bank, it doesn't happen as often as it could.

    that's pretty much my point

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Close