Cypherpunks, pay per use remailers, and the good ol' days

[Declan McCullagh]

At 04:40 PM 8/7/01 -0700, Tim May wrote:
>I disagree, slightly. The same old "improvements" are still not 
>implemented. Notably, pay-for-use remailers.

Let me play devil's advocate here and say I'm not sure that the existence 
of PPU remailers would change much.

First, the current state of remailers may be enough for many 
cypherpunks-interesting projects that do not quite reach the 
national-security-threat level. Second, it's not clear that even if the 
improvement existed, there would be sufficient market demand for the 
service to keep the operators interested in providing continued for-fee 
operation. (There's overhead involved in just setting up such a service 
that the activists currently running no-charge remailers don't have.) Other 
improvements such as better user interface may be necessary. Third, there 
already is a cousin of a pay-per-use remailer, albeit not with the same 
utility as mixmaster, in the form of ZKS' Freedom application.

You'd think that if there were sufficient market demand, someone would try 
to set up such a PPU service. It hasn't happened yet. Explanations might 
include market inefficiencies in the communication of user preferences to 
prospective remailer ops, government regulation (spoilation alert!), lack 
of reasonable payment structure.

Yet some form of PPU remailer could exist today: A remailer would find a 
cookie and an encrypted-to-PPU-public-key credit card in the body of the 
message it receives. It would then debit a credit card for, say, $3 and 
award a credit to that cookie for $2.95 (5 cent per email message charge). 
Next time another message appeared with that cookie, that same "account" 
would be debited five cents. The remailer would, unless it's the entry 
point in the chain, not be able to contact the "account" holder for a 
recharge, so a client application should handle the balance accounting.

The honesty of the remailer could be verified and published via the usual 
reputational mechanisms. Though I admit I'd be a bit hesitant to give 
today's remailers my credit card number.

The usual objection to such a system would be that the feds would impose 
pressure on the banking system (or credit card companies would do it 
themselves) and prevent remailer ops from securing merchant accounts. That 
may be true, but remailers at least today aren't seen as a serious threat. 
They could get away with it for a while.

Besides, other payment mechanisms, while not quite Chaumian, would work. I 
presume a similar, and perhaps less complicated, system could be crafted 
using egold or paypal. Peter Wayner's already using paypal, per his post 
this week, to sell lightly-protected content. There's always the option of 
sending physical dollars or 7-11 money orders to open "accounts" with 
remailers too.

Tim says that "interest in running remailers is waning" and says it's the 
lack of a Clipper threat. I'm not sure that interest, as a factual point, 
is actually waning. The remailer-ops mailing list has received 1730 
messages since February. There seem to be over a dozen to a score of 
well-known remailers (perhaps many more lightly-advertised ones), which I 
recall is about where matters were five years ago. I do of course agree 
interest in cypherpunks is due in part to a lack of a big, nasty threat. 
Any political interest group picks up in activism when its enemies are in 
power or actively threatening them; NOW gains members when Ashcroft is in 
office; the NRA got a boost under Clinton.

I did note in May 2000 -- and was the first reporter to do so -- that the 
Council of Europe treaty requires "websites and Internet providers to 
collect information about their users, a rule that would potentially limit 
anonymous remailers" (http://www.politechbot.com/p-01136.html). But that's 
theoretical since the COE is still a far-off threat and doesn't have the 
same urgency as a House committee voting to make it a felony to manufacture 
or distribute unescrowed crypto (this actually happened).

Tim says "the heyday" of cypherpunks was during Clipper and Zimmermann. 
True. But much has changed since then. People have gone off to start 
companies; cypherpunkly ideas are no longer new; early cypherpunkish 
predictions turned out not to be true, at least not yet; there are other 
interesting areas such as Freenet and P2P to work on; crypto is 
more-or-less mainstream and certainly corporate; people have peeled off 
from cypherpunks to join other communities that don't have the same volume 
of traffic; more sub-par humans seem to infest the cypherpunks list than 
before; prosecutions of cypherpunks subscribers may have scared off others.

Right now the "crypto activism" equivalent is over in the DMCA camp, trying 
to "Free Dmitry."

-Declan