[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: freedom of spam (was: Re: benchmark print suplies )
At 02:36 AM 4/5/99 -0600, Zooko Journeyman wrote:
>"Robert A. Costner" <pooh@efga.org> wrote:
>>
>> While I think hashcash and other mechanisms are interesting intellectual
>> exercises, I don't believe they will be successful with spam.
>
>Do you want to explain why you think so?
As an earlier writer pointed out, you first have to decide whether your
goal here is to collect money, or give out permission. If you want to
collect money with TimCash(tm) then you can set up inter-lata billing
charges that go totally against the spirit of the free peering agreements
we currently have.
Esther Dyson suggested we put a $5 postage stamp on every email. Her
simple solution was to return the $5 if you liked the message, or keep the
$5 if you didn't like the message. I immediately emailed her, twice,
asking for clarification of the process. I never heard back from Ms.
Dyson. Best I can tell, my intellectual curiosity has put me out $10.
The phone company model of billing seems to suggest it is more expensive to
account for who is owed what money than it is to transport the message.
I can point out I am financially responsible for a remailer or two. One of
them has been known to send out over 20,000 messages per week. The 486
driven Cypherpunk and Mixmaster remailer has been known to have a backlog
of eight to twenty hours trying to get PGP to run on it's puny processor.
If the transport only cost me one penny per message, I still am potentially
liable for $200 week in email surcharges. If each hashcash cost me one
second, then why will it deter any spammer? If it cost the spammer 60
seconds on a Pentium II, then it will cost poor little Cracker 10 minutes
per message or 200,000 minutes per week, or 33,333 hours or 1,388 days of
hashcash for every week of messages.
Of course I've been told that the originator of the message will generate
my hashcash and it will through some magical arrangement be honored by all
randomly generated chains it encounters. How you allow this while ensuring
the hashcash will only be allowed to be used once is a mystery to me. But
we all know that everyone loves anonymous messages so it should be no problem.
On the other hand anyone who seriously wants to spam will just buy 10 new
500Mhz Pentium III's and send out one email with 15 seconds of hashcash, or
the same 1,388 days of work in about eight hours of hashcash. Feel free to
argue as to how you are going to make it possible for me to send out email
but not a spammer? Spam is like a mighty river; it flows in the path of
least resistance. Anyone can claim they prevent spam to themselves by
placed "NOSPAM" in their email address. But trust me, this is not the end
all spam block. If a high enough percentage of people did such a thing
then the spammer would make that magnificent leap of coding where you first
say extract the address, then secondly figure out the secret of demunging it!
Want about the end user side? If the average AOL user cannot figure out
how to configure his on/off spam filter for receiving email from
majordomo@efga.org when he signs up for an email list, then how is he ever
going to work the intricacies of hashcash? The difference between limited
use of PGP 2.6 and "widespread" use of 5.0+ is the interface and ease with
which PGP integrates with email. Yet for all that, if hashcash is as
transparent as PGP, then the average user may as well just give up on
sending email.
When you are a carpenter and your only tool is a hammer, everything must
look like a nail. When you are a cypherpunk, everything must look like a
crypto problem. The answer I keep hearing is that among friends the
postage won't have to be paid - apparently do the cryptographic exchange of
some shared secret. Spamgaurd already does this in a procmail script on
the server side. My secret phrase might be "Kryptonian Thunder Frog". All
you have to do is include this in your subject line, or the new hashcash
RFC "approved" header and my procmail script will recognize my shared
secret and let you send me free email.
As a network whole, we can't put an end to open mail relays. The
implementation issues of hashcash to be transparent to the average Windows
Eudora user will be a nightmare, let alone what happens when Microsoft
announces they now have MS-Hash which lets you choose what color you want
MS Outlook to display your hashcash with using HTML7.
As soon as you do in fact block spamming with hashcash, then mail list
managers will allow their users to email the list without it. Then the net
will abound with 1.5 million Email list names and hashcash override codes!
Free with the purchase of new Spam-O-Matic Deluxe.
My point is simply that the implementation is a nightmare, and the spammers
will adjust tactics to get around the blocking.
>> To me your comment makes no more sense that to say that burglaries only
>> happen due to an economic failure of the alarm and lock systems. People
>> who buy type one alarms and locks need to be getting type three systems.
>> While it may be true that a better alarm and lock system will deter
>> burglars, one can't overlook that the root of the problem is burglars.
>
>
>I believe that burglaries and locks and alarm systems are
>completely different from computation and information
>exchange, and that the common metaphors of "cyberspace",
>"cyber-thieves", "cyber-trespassing", "virtual locks", ad
>nauseam are all mistaken metaphors that serve only to mislead
>people who don't actually understand the laws of computation
>and information exchange.
A significant body of civil and criminal law, tested in court against spam,
has shown that you can't use and harm computer systems without permission.
Other laws have shown you can't pretend to be a company you are not while
trying to sell products. Existing laws are on the books. We don't need
new laws.
-- Robert Costner Phone: (770) 402-3580
Electronic Frontiers Georgia mailto:pooh@efga.org
http://www.efga.org/ run PGP 5.0 for my public key