Danny Amor's Online Library

home *** CD-ROM | disk | FTP | other *** search

/ Danny Amor's Online Library / Danny Amor's Online Library - Volume 1.iso / html / faqs / faq / net-privacy / part3 < prev

Wrap

Text File | 1995-07-25 | 43KB | 1,089 lines

Subject: Privacy & Anonymity on the Internet FAQ (3 of 3) Newsgroups: sci.crypt,comp.society.privacy,alt.privacy,sci.answers,comp.answers,alt.answers,news.answers From: ld231782@longs.lance.colostate.edu (L. Detweiler) Date: 21 May 1994 10:06:41 GMT Archive-name: net-privacy/part3 Last-modified: 1993/10/11 Version: 3.2 IDENTITY, PRIVACY, and ANONYMITY on the INTERNET ================================================ (c) Copyright 1993 L. Detweiler. Not for commercial use except by permission from author, otherwise may be freely copied. Not to be altered. Please credit if quoted. SUMMARY ======= Email and account privacy, anonymity, file encryption, relevant legislation and references, and other privacy and rights issues associated with use of the Internet and global networks in general. (Search for <#.#> for exact section. Search for '_' (underline) for next section.) PART 3 ====== (this file) Resources --------- <6.1> What UNIX programs are related to privacy? <6.2> How can I learn about or use cryptography? <6.3> What is the cypherpunks mailing list? <6.4> What are some privacy-related newsgroups? FAQs? <6.5> What is internet Privacy Enhanced Mail (PEM)? <6.6> What are other Request For Comments (RFCs) related to privacy? <6.7> How can I run an anonymous remailer? <6.8> What are references on privacy in email? <6.9> What are some email, Usenet, and internet use policies? Miscellaneous ------------- <7.1> What is ``digital cash''? <7.2> What is a ``hacker'' or ``cracker''? <7.3> What is a ``cypherpunk''? <7.4> What is `steganography' and anonymous pools? <7.5> What is `security through obscurity'? <7.6> What are `identity daemons'? <7.7> What standards are needed to guard electronic privacy? Footnotes --------- <8.1> What is the background behind the Internet? <8.2> How is Internet `anarchy' like the English language? <8.3> Most Wanted list <8.4> Change history * * * RESOURCES ========= _____ <6.1> What UNIX programs are related to privacy? For more information, type `man [cmd]' or `apropos [keyword]' at the UNIX shell prompt. passwd - change password finger - obtain information about a remote user chfn - change information about yourself obtainable by remote users (sometimes `passwd -f') chmod - change the rights associated with a file or directory umask - (shell) change the default (on creation) file access rights ls - list the rights associated with files and directories xhost - allow or disable access control of particular users to an Xwindow server last - list the latest user logins on the system and their originations who - list other users, login/idle times, originations w - list other users and what they are running xhost - access control list for X Window client use xauth - control X Window server authentication .signature - file in the home directory appended to USENET posts .forward - file used to forward email to other accounts .Xauthority - file used for X Window server authentication keys $SIGNATURE - variable used for name in email and USENET postings The `tcpdump' packet-tracing program is loosely based on SMI's "etherfind". It was originally written by Van Jacobson, Lawrence Berkeley Laboratory, as part of an ongoing research project to investigate and improve tcp and internet gateway performance. A current version is available via anonymous ftp from host ftp.ee.lbl.gov (currently at address 128.3.254.68) file tcpdump.tar.Z (a compressed Unix tar file). _____ <6.2> How can I learn about or use cryptography? A general introduction to mostly theoretical cryptographic issues, especially those frequently discussed in sci.crypt, is available in FAQ form: > Compiled by: > cme@ellisun.sw.stratus.com (Carl Ellison) > Gwyn@BRL.MIL (Doug Gwyn) > smb@ulysses.att.com (Steven Bellovin) NIST (U.S. National Institute for Standards and Technology) publishes an introductory paper on cryptography, special publication 800-2 ``Public-Key Cryptograhy'' by James Nechvatal (April 1991). Available via anonymous FTP from csrc.ncsl.nist.gov (129.6.54.11), file pub/nistpubs/800-2.txt. Also via available anonymous FTP from wimsey.bc.ca as crypt.txt.Z in the crypto directory. Covers technical mathematical aspects of encryption such as number theory. More general information can be found in a FAQ by Paul Fahn of RSA Labortories via anonymous FTP from rsa.com in /pub/faq.ps.Z. See the `readme' file for information on the `tex' version. Also available as hardcopy for $20 from RSA Laboratories, 100 Marine Parkway, Redwood City, CA 94065. Send questions to faq-editor@rsa.com. Phil Zimmerman's PGP (Pretty Good Privacy) package for public key encryption is available at numerous sites, and is in widespread use over the internet for general PC-, Macintosh-, and UNIX-based file encryption (including email). Consult the archie FTP database. Also see the newsgroup alt.security.pgp. Mailing list requests to info-pgp-request@lucpul.it.luc.edu. From the RIPEM FAQ by Marc VanHeyningen <mvanheyn@whale.cs.indiana.edu> on news.answers: > RIPEM is a program which performs Privacy Enhanced Mail (PEM) > using the cryptographic techniques of RSA and DES. It allows > your electronic mail to have the properties of authentication > (i.e. who sent it can be confirmed) and privacy (i.e. nobody can > read it except the intended recipient.) > > RIPEM was written primarily by Mark Riordan > <mrr@scss3.cl.msu.edu>. Most of the code is in the public domain, > except for the RSA routines, which are a library called RSAREF > licensed from RSA Data Security Inc. > > RIPEM is available via anonymous FTP to citizens and permanent > residents in the U.S. from rsa.com; cd to rsaref/ and read the > README file for info. > > RIPEM, as well as some other crypt stuff, has its `home site' on > rpub.cl.msu.edu, which is open to non-anonymous FTP for users in > the U.S. and Canada who are citizens or permanent residents. To > find out how to obtain access, ftp there, cd to pub/crypt/, and > read the file GETTING_ACCESS. Note: cryptography is generally not well integrated into email yet and some system proficiency is required by users to utilize it. _____ <6.3> What is the cypherpunks mailing list? Eric Hughes <hughes@toad.com> runs the `cypherpunk' mailing list dedicated to ``discussion about technological defenses for privacy in the digital domain.'' Frequent topics include voice and data encryption, anonymous remailers, the Clipper chip. Send email to cypherpunks-request@toad.com to be added or subtracted from the list. (Traffic is sometimes up to 30-40 messages per day.) From `Wrestling Over the Key to the Codes', by John Markoff, New York Times, Sun. May 9 1993: > In the obscure world of computer cryptography, there may be no > more self-consciously ornery group of coders than the > Cypherpunks, an alliance of some of Silicon Valley's best > programmers and hardware designers, who preach absolute privacy > in the information age. > > The Cypherpunks, who often communicate among themselves by > electronic mail protected with an encryption system popular in > the computing underground, feel certain about one thing: The > Government should not be creating a national encoding standard, > as the Clinton Administration has recently proposed. From the charter on soda.berkely.edu:/pub/cypherpunks: > The most important means to the defense of privacy is encryption. > To encrypt is to indicate the desire for privacy. But to encrypt > with weak cryptography is to indicate not too much desire for > privacy. Cypherpunks hope that all people desiring privacy will > learn how best to defend it. _____ <6.4> What are some privacy-related newsgroups? FAQs? Newsgroups ========== alt.comp.acad-freedom.news alt.comp.acad-freedom.talk -------------------------- Moderated and unmoderated issues related to academic freedom and privacy at universities. Documented examples of violated privacy in e.g. email. Documented examples of `censorship' as in e.g. limiting USENET groups local availability. alt.cyberpunk ------------- Virtual reality, (science) fiction by William Gibson and Bruce Sterling, cyberpunk in the mainstream. alt.hackers ----------- USENET Network News Transfer Protocol (NNTP) posting mechanisms, Simple Mail Transfer Protocol (SMTP), `obligatory hack' reports. alt.politics.org.nsa -------------------- Discussion of the U.S. National Security Agency, in charge of international radio surveillance, making and breaking official military codes and behind the Clipper proposal. alt.privacy ----------- General privacy issues involving taxpaying, licensing, social security numbers, etc. alt.privacy.anon-server ----------------------- Spillover of debate on news.admin.policy regarding anonymous servers. alt.privacy.clipper ------------------- Group dedicated to discussing technical/political aspects of the Clipper chip. alt.security comp.security.misc ------------------ Computer related security issues. FAQ in news.answers below. alt.security.pgp alt.security.ripem ---------------- Dedicated to discussing public domain cryptographic software packages: PGP, or ``Pretty Good Privacy'' Software developed by Phil Zimmerman for public key encryption, and RIPEM by Mark Riordan for public key and DES encryption. alt.whistleblowing ------------------ Whistleblowing on government and commercial fraud, waste, and abuse. Discussion of claims. Whistleblower support. comp.society.privacy -------------------- Privacy issues associated with computer technologies. Examples: caller identification, social security numbers, credit applications, mailing lists, etc. Moderated. comp.org.eff.news comp.org.eff.talk ----------------- Moderated and unmoderated groups associated with the Electronic Frontier Foundation started by Mitch Kapor for protecting civil and constitutional rights in the electronic realm. news.admin news.admin.policy ----------------- Concerns of news administrators. NNTP standards and mechanisms. news.lists ---------- USENET traffic distributions. Most frequent posters, most voluminous groups, most active sites, etc. sci.crypt --------- Considers scientific and social issues of cryptography. Examples: legitimate use of PGP, public-key patents, DES, cryptographic security, cypher breaking, etc. talk.politics.crypto -------------------- The politics of cryptography. ITAR regulations, patent ] restrictions, `arms analogies', key escrow, etc. FAQs ==== FAQs or ``Frequently-Asked Questions'' are available in the newsgroups *.answers or via anonymous FTP to pit-manager.mit.edu [18.172.1.27] (also rtfm.mit.edu) from the directory /pub/usenet/news.answers/[x] where [x] is the archive name. This FAQ is archived in the file `net-privacy'. Others are: network-info/part1 ------------------ Sources of information about the Internet and how to connect to it, through the NSF or commercial vendors. alt-security-faq ---------------- Computer related security issues arising in alt.security and comp.security.misc, mostly UNIX related. ssn-privacy ----------- Privacy issues associated with the use of the U.S. Social Security number (SSN). pdial ----- Public dialup internet accounts list. college-email/part1 ------------------- How to find email addresses for undergraduate and graduate students, faculty and staff at various colleges and universities. ripem/faq --------- Information on RIPEM, a program for public key mail encryption officially sanctioned by Public Key Partners Inc., the company that owns patents on public key cryptography. unix-faq/faq/part1 ------------------ Frequently-asked questions about UNIX, including information on `finger' and terminal spying. distributions/* --------------- Known geographic, university, and network distributions. _____ <6.5> What is internet Privacy Enhanced Mail (PEM)? Internet drafts on Privacy Enhanced Mail (PEM) describe a standard under revision for six years delineating the official protocols for email encryption. The standard has only recently stabilized and implementations are being developed. - RFC-1421: ``Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures.'' J. Linn <104-8456@mcimail.com> - RFC-1422: ``Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management'' S. Kent <Kent@BBN.com> - RFC-1424: ``Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services'' B. Kaliski <burt@rsa.com> - RFC-1423: ``Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers'' D. Balenson <belenson@tis.com> Send email to pem-info@tis.com for more information. See ``RFCs related to privacy'' for information on how to obtain RFCs. _____ <6.6> What are other Request For Comments (RFCs) related to privacy? RFC-822: SMTP, Simple Mail Transfer Protocol RFC-977: NNTP, Network News Transfer Protocol RFC-1036: Standard for interchange of network news messages RFC-1208: Glossary of Networking Terms RFC-1207: Answers to ``experienced Internet user'' questions RFC-1206: Answers to ``new Internet user'' questions RFC-1355: Privacy issues in Network Information center databases RFC-1177 is ``FYI: Answers to commonly asked ``new internet user'' questions, and includes: basic terminology on the Internet (TCP/IP, SMTP, FTP), internet organizations such as IAB (Internet Activities Board) and IETF (Internet Enbgineering Task Force), and a glossary of terms. Also from ftp.eff.org: /pub/internet-info/internet.q. > RFCs can be obtained via FTP from NIC.DDN.MIL, with the pathname > RFC:RFCnnnn.TXT or RFC:RFCnnnn.PS (where `nnnn' refers to the > number of the RFC). Login with FTP, username `anonymous' and > password `guest'. The NIC also provides an automatic mail > service for those sites which cannot use FTP. Address the > request to SERVICE@NIC.DDN.MIL and in the subject field of the > message indicate the RFC number, as in `Subject: RFC nnnn' (or > `Subject: RFC nnnn.PS' for PostScript RFCs). > > RFCs can also be obtained via FTP from NIS.NSF.NET. Using FTP, > login with username `anonymous' and password `guest'; then > connect to the RFC directory (`cd RFC'). The file name is of the > form RFCnnnn.TXT-1 (where `nnnn' refers to the number of the > RFC). The NIS also provides an automatic mail service for those > sites which cannot use FTP. Address the request to > NIS-INFO@NIS.NSF.NET and leave the subject field of the message > blank. The first line of the text of the message must be `SEND > RFCnnnn.TXT-1', where nnnn is replaced by the RFC number. _____ <6.7> How can I run an anonymous remailer? Cypherpunk remailer source is at soda.berkeley.edu in the /pub/cypherpunks directory. It's written in PERL, and is relatively easy to install (no administrative rights are required) although basic familiarity with UNIX is necessary. Karl Barrus <elee9sf@menudo.uh.edu> has more information and modifications. Also, most remailer operators mentioned above are amenable to discussing features, problems, and helping new sites become operational. Address all points in the section ``responsibities of anonymous use'' in this document prior to advertising your service. You should be committed to the long-term stability of the site and avoid running one surreptitiously. _____ <6.8> What are references on privacy in email? Brown, Bob. ``EMA Urges Users to Adopt Policy on E-mail Privacy.'' Network World (Oct 29, 1990), 7.44: 2. Bairstow, Jeffrey. ``Who Reads your Electronic Mail?'' Electronic Business (June 11, 1990) 16 (11): 92. ``Electronic Envelopes - the uncertainty of keeping e-mail private'' Scientific American, February 1993. ftp.eff.org =========== /pub/EFF/legal-issues/email-privacy-biblio-2 --- Compilation of bibliography on E-Mail and its privacy issues (part 2 of the work). Compiled by Stacy B. Veeder (12/91). /pub/EFF/email-privacy-research --- The author at Digital Research tried to formalize their employee privacy policy on E-Mail. The casesightings are divided into two groups: US Constitutional law, and California law. _____ <6.9> What are some email, Usenet, and internet use policies? The Computer Policy and Critiques Archive is a collection of the computer policies of many schools and networks, run by the Computers and Academic Freedom group on the Electronic Frontier Foundation FTP site. The collection also includes critiques of some of the policies. > If you have gopher, the archive is browsable with the command: > gopher -p academic/policies gopher.eff.org > > The archive is also accessible via anonymous ftp and email. Ftp > to ftp.eff.org (192.88.144.4). It is in directory > `pub/academic/policies'. For email access, send email to > archive-server@eff.org. Include the line: > > send acad-freedom/policies <filenames> > > where <filenames> is a list of the files that you want. File > README is a detailed description of the items in the directory. > > For more information, to make contributions, or to report typos > contact J.S. Greenfield (greeny@eff.org). Directory `widener' > contains additional policies (but not critiques). ftp.eff.org =========== /pub/cud/networks/ --- Acceptable Use Policies for various networks, including CompuServe (file `compuserve'), NSFNET (file `nsfnet') with information on research and commercial uses. See /pub/cud/networks/index. /pub/cud/networks/email --- Policies from various sysadmins about how they handle the issue of email privacy, control, and abuse, compiled by T. Hooper <hooper_ta@cc.curtin.edu.au>. /pub/cud/schools/ --- Computer use policies of a number of schools. See schools/Index for a full list and description. Commentary ========== /pub/academic/faq/policy.best --- Opinions on the best academic computer policies. /pub/academic/faq/email.policies --- Do any universities treat email and computer files as private? /pub/academic/faq/netnews.writing --- Policies on what users write on Usenet. /pub/academic/faq/netnews.reading --- Policies on what users read on Usenet: should my university remove (or restrict) Netnews newsgroups because some people find them offensive? /pub/academic/faq/policy --- What guidance is there for creating or evaluating a university's academic computer policy? MISCELLANEOUS ============= _____ <7.1> What is ``digital cash''? With digital encryption and authentication technologies, the possibility of a widespread digital cash system may someday be realized. A system utilizing codes sent between users and banks (similar to today's checking system except entirely digital) may be one approach. The issues of cryptography, privacy, and anonymity are closely associated with transfer of cash in an economy. See the article in Scientific American by David Chaum (~Dec.1992). An experimental digital bank is run by Karl Barrus <elee9sf@Menudo.UH.EDU> based on suggestions by Hal Finney on the cypherpunks mailing list. To use the server send mail to elee7h5@rosebud.ee.uh.edu message with the following text: :: command: help user@host where `user@host' is your email address. A new set of Internet standards called Internet Mercantile Protocols are being developed to support cash transactions in encrypted email. See thumper.bellcore.com:/pub/devetzis/imp. Includes a mailing list archive and other documents. Some papers on the subject of digital cash are available from ftp.cwi.nl: - CS-R9323 Stefan Brands ``An Efficient Off-line Electronic Cash System Based On The Representation Problem'' - CS-R9318 N. Ferguson ``Single Term Off-Line Coins'' Thanks to P. Honeyman <honey@citi.umich.edu> and J. McCoy <mccoy@ccwf.cc.utexas.edu> for contributions to this section. _____ <7.2> What is a ``hacker'' or ``cracker''? These terms arouse strong feelings by many on their meaning, especially on the internet. In the general news media in the past a person who uses computers and networks to malicious ends (such as breaking into systems) has been referred to as a hacker, but most internet users prefer the term ``cracker'' for this. Instead, a ``hacker'' is perceived as a benign but intensely ambitious, curious, and driven computer user who explores obscure areas of a system, for example---something of a proud electronic pioneer and patriot. This is the sense intended in this document. See also the ``Hacker's Dictionary'' and the FAQ `alt-security-faq'. _____ <7.3> What is a ``cypherpunk''? From the charter of the cypherpunk mailing list: > Cypherpunks assume privacy is a good thing and wish there were > more of it. Cypherpunks acknowledge that those who want privacy > must create it for themselves and not expect governments, > corporations, or other large, faceless organizations to grant > them privacy out of beneficence. Cypherpunks know that people > have been creating their own privacy for centuries with whispers, > envelopes, closed doors, and couriers. Cypherpunks do not seek > to prevent other people from speaking about their experiences or > their opinions. From `Wrestling Over the Key to the Codes,'' by J. Markoff in the New York Times, Sunday, May 9 1993: > In the obscure world of computer cryptography, there may be no > more self-consciously ornery group of coders than the Cypherpunks, > an alliance of some of Silicon Valley's best programmers and > hardware designers, who preach absolute privacy in the information > age. > > The Cypherpunks, who often communicate among themselves by > electronic mail protected with an encryption system popular in > the electronic underground, feel certain about one thing: The > Government should not be creating a national encoding standard, > as the Clinton Administration has recently proposed. See information on the cypherpunk mailing list below. See also the CryptoAnarchist Manifesto and the Cryptography Glossary in soda.berkeley.edu:/pub/cypherpunks. _____ <7.4> What is `steganography' and anonymous pools? Closely associated with encryption is `steganography' or the techniques for not only pursuing private (encrypted) communication but concealing the very existence of the communication itself. Many new possibilities in this area are introduced with the proliferation of computer technology. For example, it is possible to encode messages in the least-significant bits of images, typically the most 'noisy'. In addition, when such an item is posted in a public place (such as a newsgroup), virtually untraceable communication can take place between sender and receiver. For steganographic communications in the electronic realm one another possibility is setting up a mailing list where individual messages get broadcast to the entire list and individual users decode particular messages with their unique key. An anonymous pool has been set up by Miron Cuperman (miron@extropia.wimsey.com) for experiments. Send email to <pool0-request@extropia.wimsey.com> with one of the following commands in the subject line: subscribe unsubscribe help _____ <7.5> What is `security through obscurity'? `Security through obscurity' refers to the attempt to gain protection from system weaknesses by hiding sensitive information or programs relating to them. For example, a company may not make public information on its software's encryption techniques to evade `attacks' based on knowledge of it. Another example would be concealing data on the existence of security holes or bugs in operating systems. Or, some reliance may be made on the fact that some standard or mechanism with potential problems is serious because they are ``not widely known'' or ``not widely used.'' This argument is occasionally applied to mechanisms for email and Usenet posting `forgery'. `Security through obscurity' is regarded as a very feeble technique at best and inappropriate and ineffective at worst (also called the ``head-in-the-sand approach''). See the FAQ for alt.security. Some remarks of John Perry Barlow, cofounder of the Electronic Frontier Foundation, directed to NSA agents at the First International Symposium on National Security & National Competitiveness held in McLean, Virginia Dec. 1, 1992: > Digitized information is very hard to stamp classified or keep > contained. ... This stuff is incredibly leaky and volatile. It's > almost a life form in its ability to self-propagate. If > something hits the Net and it's something which people on there > find interesting it will spread like a virus of the mind. I > believe you must simply accept the idea that we are moving into > an environment where any information which is at all interesting > to people is going to get out. And there will be very little > that you can do about it. This is not a bad thing in my view, > but you may differ... _____ <7.6> What are `identity daemons'? Ident Protocol -------------- The RFC 1413 `Identification Protocol' standard (obsoletes RFC-931) describes a protocol standard that allows UNIX programs to query a remote user's login name after connection to a local communication socket (a connection of this type is established during FTP and TELNET sessions, for example). The standard is not uniformly supported, about 200 sites and domains currently implement it but the number is increasing (the most common implementation `pidentd' has reportedly been ported to over a dozen UNIX variants). Under an optional `HIDDEN-USER' function the user may be able to disable it individually but this capability is not guaranteed. The protocol is detrimental to anonymity but as a voluntary standard system adminstrators can decide not to install it. This standard may represent a trend toward greater authentication mechanisms (as with user verification in the NNTP news posting protocol). This software can be used to enforce e.g. program usage (licensing) restrictions such as databases that restrict access to a particular organization. The protocol can also be used in some cases (when it is supported) to track down problematic users. - An `Ident' server can only inquire about connections from a directly-connecting host. If a user uses that host as an intermediate link in a chain the protocol cannot trace past the nearest link in the chain. - `Ident' must be running on both sides of a connection for the receiver's identification request to succeed. - Reportedly no systems are currently shipped with the Ident protocol installed. Installation is voluntary on the part of system administrators. - The Ident program can be configured to refuse to return information for particular (groups of) users by the administrator although the conventional implementation returns any requested user information by default. - Some popular freeware packages and sites are now supporting Ident services. For example, the popular FTP site wuarchive.wustl.edu contains a built-in Ident client and will interact with an existing Ident server on the remote machine. To determine whether or not your particular Unix machine is running an Ident server, examine the file /etc/services. If you find a list entry for port 113, your system is supporting Ident. The line should look something like `auth 113/tcp' An implementation of the Ident protocol and related files are available via anonymous FTP from ftp.lysator.liu.se:/pub/ident. TCP Wrapper ----------- Wietse Vensema's tcp_wrapper suite is a group of programs that `wraps around' the traditional tcp/ip utilities, such as finger, telnet, rsh, and ftp. It allows an admin to make origin-based decisions about network requests. For example, all `finger' requests could be denied or `telnet' sessions could be restricted to certain remote users or sites. See ftp.win.tue.nl:/pub/security/log_tcp.shar.Z. Thanks to Wes Morgan <morgan@engr.uky.edu> for contributions here. _____ <7.7> What standards are needed to guard electronic privacy? Remailing/Posting ----------------- - Stable, secure, protected, officially sanctioned and permitted, publicly and privately operated anonymous servers and hubs. - Official standards for encryption and anonymity in mail and USENET postings. - Truly anonymous protocols with source and destination information obscured or absent and hidden routing mechanisms (chaining, encrypted addresses, etc.) - Standards for anonymous email addressing, embedding files, and remailer site chaining. General ------- - Recognition of anonymity, cryptography, and related privacy shields as legitimate, useful, desirable, and crucial by the general public and their governments. - Widespread use and implementation of these technologies by systems designers into hardware, software, and standards, implemented `securely,' `seamlessly,' and `transparently'. - General shift of use, dependence, and reliance to means other than wiretapping and electronic surveillance by law enforcement agencies. - Publicity, retraction, and dissolution of laws and government agencies opposed to privacy, replaced by structures dedicated to strengthening and protecting it. FOOTNOTES ========= _____ <8.1> What is the background behind the Internet? The article ``Internet'' in Fantasy and Science Fiction by Bruce Sterling <bruces@well.sf.ca.us> contains general and nontechnical introductory notes on origins of the Internet, including the role of the RAND corporation, the goal of network resilience in face of nuclear attack, MIT, UCLA, ARPANET, TCP/IP, NSF, NREN, etc.: > ARPANET itself formally expired in 1989, a happy victim of its > own overwhelming success. Its users scarcely noticed, for > ARPANET's functions not only continued but steadily improved. > The use of TCP/IP standards for computer networking is now > global. In 1971, a mere twenty-one years ago, there were only > four nodes in the ARPANET network. Today there are tens of > thousands of nodes in the Internet, scattered over forty-two > countries, with more coming on-line every day. Three million, > possibly four million people use this gigantic > mother-of-all-computer-networks. > > The Internet is especially popular among scientists, and is > probably the most important scientific instrument of the late > twentieth century. The powerful, sophisticated access that it > provides to specialized data and personal communication has sped > up the pace of scientific research enormously. > > The Internet's pace of growth in the early 1990s is spectacular, > almost ferocious. It is spreading faster than cellular phones, > faster than fax machines. Last year the Internet was growing at > a rate of twenty percent a *month.* The number of `host' > machines with direct connection to TCP/IP has been doubling > every year since 1988. The Internet is moving out of its > original base in military and research institutions, into > elementary and high schools, as well as into public libraries > and the commercial sector. Internet (NSFNet) statistics are available via anonymous ftp to nic.merit.edu in the /statistics/nsfnet directory. Summaries are contained in the `highlights' file organized by year. References ========== Bowers, K., T. LaQuey, J. Reynolds, K. Roubicek, M. Stahl, and A. Yuan, ``Where to Start - A Bibliography of General Internetworking Information'' (RFC-1175), CNRI, U Texas, ISI, BBN, SRI, Mitre, August 1990. The Whole Internet Catalog & User's Guide by Ed Krol. (1992) O'Reilly and Associates, Inc. --- A clear, non-jargonized introduction to the intimidating business of network literacy written in humorous style. Krol, E., ``The Hitchhikers Guide to the Internet'' (RFC-1118), University of Illinois Urbana, September 1989. ``The User's Directory to Computer Networks'', by Tracy LaQuey. The Matrix: Computer Networks and Conferencing Systems Worldwide. by John Quarterman. Digital Press: Bedford, MA. (1990) --- Massive and highly technical compendium detailing the mind-boggling scope and complexity of global internetworks. ``!%@:: A Directory of Electronic Mail Addressing and Networks'' by Donnalyn Frey and Rick Adams. The Internet Companion, by Tracy LaQuey with Jeanne C. Ryer (1992) Addison Wesley. --- ``Evangelical'' etiquette guide to the Internet featuring anecdotal tales of life-changing Internet experiences. Foreword by Senator Al Gore. Zen and the Art of the Internet: A Beginner's Guide by Brendan P. Kehoe (1992) Prentice Hall. --- Brief but useful Internet guide with plenty of good advice on useful databases. See also ftp.eff.com:/pub/internet-info/. (Thanks to Bruce Sterling <bruces@well.sf.ca.us> for contributions here.) General ======= Cunningham, Scott and Alan L. Porter. ``Communication Networks: A dozen ways they'll change our lives.'' The Futurist 26, 1 (January-February, 1992): 19-22. Brian Kahin, ed., BUILDING INFORMATION INFRASTRUCTURE (New York: McGraw-Hill, 1992) ISBN# 0-390-03083-X --- Essays on information infrastructure. Policy and design issues, research and NREN, future visions, information markets. See table of contents in ftp.eff.org:/pub/pub-infra/1992-03. Shapard, Jeffrey. ``Observations on Cross-Cultural Electronic Networking.'' Whole Earth Review (Winter) 1990: 32-35. Varley, Pamela. ``Electronic Democracy.'' Technology Review (November/December, 1991): 43-51. ______ <8.2> How is Internet `anarchy' like the English language? According to Bruce Sterling <bruces@well.sf.ca.us>: > The Internet's `anarchy' may seem strange or even unnatural, but > it makes a certain deep and basic sense. It's rather like the > `anarchy' of the English language. Nobody rents English, and > nobody owns English. As an English-speaking person, it's up > to you to learn how to speak English properly and make whatever > use you please of it (though the government provides certain > subsidies to help you learn to read and write a bit). > Otherwise, everybody just sort of pitches in, and somehow the > thing evolves on its own, and somehow turns out workable. And > interesting. Fascinating, even. Though a lot of people earn > their living from using and exploiting and teaching English, > `English' as an institution is public property, a public good. > Much the same goes for the Internet. Would English be improved > if the `The English Language, Inc.' had a board of directors > and a chief executive officer, or a President and a Congress? > There'd probably be a lot fewer new words in English, and a lot > fewer new ideas. _____ <8.3> Most Wanted list Hopefully you have benefitted from this creation, compilation, and condensation of information from various sources regarding privacy, identity, and anonymity on the internet. The author is committed to keeping this up-to-date and strengthening it, but this can only be effective with your feedback, especially on sections of interest. In particular, the following items are sought: - Short summaries of RFC documents and other references listed, esp. CPSR files. - Internet traffic statistics. How much is email? How much USENET? What are the *costs* involved? - Famous or obscure examples of compromised privacy on the internet. - Volunteers for EFF, CPSR, Clipper, etc. FAQ writing. Commerical use of this document is negotiable and is a way for the author to recoup from a significant time investment. Email feedback to ld231782@longs.lance.colostate.edu. Please note where you saw this (which newsgroup, etc.). _____ <8.4> Change history 10/11/93 v3.2 (current) More notes on (in)security of internet networks. NIST BBS pointer. Digital cash section strengthened with IMP and FTP references. Email & posting liability section mentions C. Kadie. talk.politics.crypto and alt.politics.org.nsa newsgroups added. UNIX `finger' utilities and FTP site added (finally!). `finger' identity question rearranged. 7/10/93 v3.1 Minor formatting, FTP reference fixup. New Clipper references and quotations. Expansion on Cypherpunk documentation. CFP reference added. Merit Internet statistics pointer. Anonymity references added. Identity daemon function elaborated. 5/7/93 v3.0 Revisions/additions to Anonymity history. Anonymity history & commentary moved to new FAQ. Information on the Clipper chip initiative. Minor miscellaneous corrections. Crosslink program info deleted. Some EFF out-of-date file pointers not fixed. 3/3/93 v2.1 CPSR pointer, new UNIX mode examples, digital telephony act, Steve Jackson incident, additions/ reorganization to anonymity section, part 3. Note: v2.0 post to sci.crypt, alt.privacy, news.answers, alt.answers, sci.answers was cancelled by J. Kamens because of incorrect subject line. 2/14/93 v2.0 Major revisions. New section for X Windows. Some email privacy items reorganized to network security section. New sections for email liability issues, anonymity history and responsibilities. Split into three files. Many new sources added, particularly from EFF and CAF in new `issues' part. `commentary' from news.admin.policy. 21 day automated posting starts. 2/3/93 v1.0 More newsgroups & FAQs added. More `Most Wanted'. Posted to news.answers. Future monthly posting to sci.crypt, alt.privacy. 2/1/93 v0.3 Formatted to 72 columns for quoting etc. `miscellaneous,' `resources' sections added with cypherpunk servers and use warnings. More UNIX examples (`ls' and `chmod'). Posted to alt.privacy, comp.society.privacy. 1/29/93 v0.2 `Identity' and `Privacy' sections added. `Anonymity' expanded. Remailer addresses removed due to lack of information and instability. Posted to sci.crypt. 1/25/93 v0.1 Originally posted to the cypherpunks mailing list on 1/25/93 as a call to organize a list of anonymous servers. email ld231782@longs.lance.colostate.edu for earlier versions. * * * SEE ALSO ======== Part 1 ------ (first file) <1.1> What is `identity' on the internet? <1.2> Why is identity (un)important on the internet? <1.3> How does my email address (not) identify me and my background? <1.4> How can I find out more about somebody from their email address? <1.5> How do I provide more/less information to others on my identity? <1.6> Why is identification (un)stable on the internet? <1.7> What is the future of identification on the internet? <2.1> What is `privacy' on the internet? <2.2> Why is privacy (un)important on the internet? <2.3> How (in)secure are internet networks? <2.4> How (in)secure is my account? <2.5> How (in)secure are my files and directories? <2.6> How (in)secure is X Windows? <2.7> How (in)secure is my email? <2.8> How am I (not) liable for my email and postings? <2.9> Who is my sysadmin? What does s/he know about me? <2.10> Why is privacy (un)stable on the internet? <2.11> What is the future of privacy on the internet? <3.1> What is `anonymity' on the internet? <3.2> Why is `anonymity' (un)important on the internet? <3.3> How can anonymity be protected on the internet? <3.4> What is `anonymous mail'? <3.5> What is `anonymous posting'? <3.6> Why is anonymity (un)stable on the internet? <3.7> What is the future of anonymity on the internet? Part 2 ------ (previous file) <4.1> What is the Electronic Frontier Foundation (EFF)? <4.2> Who are Computer Professionals for Social Responsibility (CPSR)? <4.3> What was `Operation Sundevil' and the Steve Jackson Game case? <4.4> What is Integrated Services Digital Network (ISDN)? <4.5> What is the National Research and Education Network (NREN)? <4.6> What is the FBI's proposed Digital Telephony Act? <4.7> What is U.S. policy on freedom/restriction of strong encryption? <4.8> What other U.S. legislation is related to privacy? <4.9> What are references on rights in cyberspace? <4.10> What is the Computers and Academic Freedom (CAF) archive? <4.11> What is the Conference on Freedom and Privacy (CFP)? <4.12> What is the NIST computer security bulletin board? <5.1> What is the Clipper Chip Initiative? <5.2> How does Clipper blunt `cryptography's dual-edge sword'? <5.3> Why are technical details of the Clipper chip being kept secret? <5.4> Who was consulted in the development of the Clipper chip? <5.5> How is commerical use/export of Clipper chips regulated? <5.6> What are references on the Clipper Chip? <5.7> What are compliments/criticisms of the Clipper chip? <5.8> What are compliments/criticisms of the Clipper Initiative? <5.9> What are compliments/criticisms of the Clipper announcement? <5.10> Where does Clipper fit in U.S. cryptographic technology policy? * * * This is Part 3 of the Privacy & Anonymity FAQ, obtained via anonymous FTP to rtfm.mit.edu:/pub/usenet/news.answers/net-privacy/ or newsgroups news.answers, sci.answers, alt.answers every 21 days. Written by L. Detweiler <ld231782@longs.lance.colostate.edu>. All rights reserved.