Date: Sun, 18 Apr 1999 09:54:12 +0100 From: Adam Back To: rah@shipwright.com Cc: cypherpunks@toad.com, dbs@philodox.com Cc: eternity@internexus.net Subject: (eternity) eternity issues (Re: Occam's Razor, DC-Nets, and Eternity-\ Based Assassination Servers) Robert Hettinga writes: > > >> Eternity server. > > > > > >Cool. > > > > > >Show me one that's running, please? > > > > > >Cheers, > > >RAH > > > > We need e$ to fund it. Show me a running e$ system. I do agree that the lack of e$ makes creating eternity difficult. (Though I did think that hashcash might be enough to provide some weak "economic" pressures to an eternity space with donated resources, the servers would keep around pages which get more hashcash donated by readers). However I don't think AP particularly relies on eternity. Eternity in general just provides convenient web access, USENET and dejanews, and alta-vista news archives and anonymous posting via type II (mixmaster) remailers would be just fine to hold whatever supporting info was necessary. In fact the prototype USENET based eternity service I coded at: http://www.dcs.ex.ac.uk/~aba/eternity/ and http://www.replay.com/aba/eternity/ does basically the same thing as dejanews, only it restricts itself to documents that match it's eternity format, and pretty prints them as web pages using a sort of proxy approach as the interface to the browser (actually HTML re-writing approach to go via a CGI, in a similar way to the way that anonymizer does). If you want to talk about AP, the current gap is ecash for the managing anonymous bets. > I can see it now: > > "Anonymous, perfectly pseudonymous, or near-anonymous digital cash can > be used to do perfect kidnappings and assassinations, not to mention > terrorism, money-laundering, tax evasion, child molestation, and drug > dealing, and will make all known closet-monsters come out, and walk > the earth in daylight, absolutely impervious to the effects of > bedclothes drawn firmly over the head." You don't need eternity for that, it happens already with USENET except as limited by lack of anonymous e$. Markus Kuhn (@cl.cambridge.ac.uk) is Ross Anderson's phd student (I think?), and he posted a description of an approach to managing content to the eternity list a while back. It was a sort of distributed computerised democracy with a grammar for expressing constitutions, and cryptographic support to handle the multiparty signatures or whatever to implement it. I think Markhus was of view that this would prevent the more obnoxious types of data which would be posted, or at least prevent groups of people not-interested in seeing some types of data from seeing it, because they could vote to have it removed! My comments to this were that this was only modulo the tyranny of the majority, but at least one can wonder off and setup a different constitution and a different section of eternity space operating under it if you fall out with the others. Still, for a large group of people, if the demographics of subscribership were not that evenly distributed, the tyranny of the majority is what you'd get, in that many people would be able to see information if the majority (or whatever threshold of votes is required by the constitution) decide it's not in good taste. My reply at the time was that I thought it better to consider content served and content viewable by a given individual as separable issues, and have a filtering layer, where groups of voters, or third party filtering services (such as netnanny etc) could create lists of URLs which they didn't approve of. That way nothing needs to be deleted, and content can be controlled directly by economics. Providers, and readers who pays more get better coverage and longevity of data. > While the idea of putting your information holographically onto the net in > encrypted form will certainly happen, it just seems to me that eternity > servers per se create an awful lot of overhead without much return on the > marginal investment. I think I agree with that. Even with high resourced enemies like the scientologists, manual mirroring seems to fare suprisingly well. Probably the answer to this is that a succesful eternity service would have to be: - reasonably light-weight - and offer something else useful: - like automatically managed longevity (eternal availability) whilst there is interest in the data (as measured by e$ votes), - persistent URLs, and perhaps load balancing. Load balancing is interesting, because the way the web ends up working at the moment is that if there is a spike of interest in someone's URL, the webserver falls over under the load, or the t3 is saturated by teh load preventing other work. (Dan Farmer had this problem when he released Satan due to the publicity, he turned off http for weeks at flying.fish.com!) I figure the above set of objectives would stand a chance of success, however the design is hard, as it is difficult to do distributed load balancing, and measuring of interest whilst still retaining resistance to censors, and preventing attackers being able to locate servers, or preventing attackers locating servers faster than mirrors can be automatically put up to replace servers that have been subject to attack. > For instance, I think that information on the net is proving to be pretty > much unexpungeable as it is. If we add cash to the mix, we get encrypted > data in known storage locations, which, I might try to claim, is > functionally as good as what you can get with eternity, for probably less > cost. encrypted data in known locations could be interesting, as it would strengthen argument of content neutrality on the part of the servers. Ian Brown and I tried to work out a design based on this approach, and our conclusion was that the weak link will be the name space. You want a virtual URL to be usable to locate the data, even when the location of the data moves because of censors. The problem is the attacker will then attack the name server. This was the motivation for the tamper resistant distributed name spaces design I discussed on cypherpunks and cryptography a while back. > Finally, we started out talking about the anonymous serving of data, > ostensibility the status of an eternity-based cypherspace "dead pool", > which again, may not prove to have a market, ceteris paribus. > > Or it may. An appreciating cypherspace dead pool, is in fact, an > appreciating contingent claim on someone's life, held, of course, in bearer > form. Remailers (type II or perhaps ZKS when they go live) are required for anonymous publishing (be that via USENET or via eternity, you need a way to submit the data anonymously. They'd have a job to shut down USENET, but USENET is no use without remailers, and the weak point there is the remailer net. Shutting down a fledgling eternity service would be easy also. Shutting down the ecash system or forcing identity escrow would be relatively easy also. Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0