For-Pay Remailers

Hal Finney



What if you could make money by running a remailer?

Right now, most remailer operators are operating out of altruism. This is good in a lot of ways but it has its problems, as recent events have shown:

  • lack of motivation to keep remailers operating when faced with hassles and possible legal risks
  • ease of spamming attacks by malicious users
  • lack of incentive for a commercial-quality remailer service

I'm sure we can all think of more. I know that it would be a lot easier to justify continuing to run the remailer to myself if it were bringing in a few dollars a month.

I think there are some experiments in for-pay remailers that have been tried. Sameer is, I think, charging for some services, although paerhaps that was just for anonymous return addresses. A long time ago Karl Barrus had a service which required pre-issued "digital postage stamps", but I don't think many people used it.

The time may be ripe to look at this more seriously. Several factors are coming together:

  • some efforts at standardization of remailer commands and cooperation of operators (e.g. this list)
  • wider use of scripts and utility programs to help people use the remailers several competing real-money systems which have come online just in the last month or so which let you get paid for things on the net

To expand on these:

It is obviously difficult to operate a remailer service that charges if other people are offering the equivalent service for free. Since it is pretty easy to start up a remailer, the marginal cost to do so is low, hence the profits are low, too. However, although it is easy to start a remailer, it is not so easy to keep one running in the face of complaints from recipients of abusive mail or inappropriate posts; hassles from sysops, owners, net feeds, or others upwards in that great chain of command; possible law enforcement problems when illegal communications occur; possible threats of lawsuits (such as from the scientologists when their sacred documents are posted), etc. So we should not be misled into thinking that running a remailer is cost free.

On the other hand I should be clear that I would not expect to make a killing on this service. Something on the order of a penny a message seems reasonable just at a guess. Maybe it should be a factor of 10 higher or lower.

One issue is of course the additional difficulty this will cause in the use of the remailer. There are several things to consider here. On the one hand you could argue that it is already too difficult to use the remailers, and any additional hassles involved with including some kind of payment tokens would kill the market. OTOH I can agree in spirit with the sentiments expressed here recently about the low quality which seems to characterize much of the use of the remailers.

I don't look at messages, but occasionally I do see bounces, and very frequently they are ugly little flames or similar worthless material. Now, I hope that I am seeing the dregs, that the kinds of clueless people who make the mistakes which cause me to see the messages are the ones least likely to use the service in a worthwhile manner. But still, it is discouraging. In that context, maybe making the system a little harder to use would be worthwhile, in that it would screen out the casual harrasser. (Or, more realistically, this might just keep the exceptionally motivated harrassers.)

In any case, I think the presence of the remailer scripts can make using a for-pay remailer not much more difficult than using a free one. If the cost is as low as I suggested and the inclusion of payment tokens is nearly automatic, then adding costs should not have much negative impact on use, certainly not on meaningful, worthwhile use.

And even a modest cost might arrest the wholesale spamming that Detweiler and/or the recent "Scythe" seem to love. At least we would be paid for enduring the hassle of the complaints.

Now, the next question is the details of the payment. Frankly, I don't think any of the current systems are quite right for us due to our special needs, but things are changing rapidly. Let me describe something about how they work.

I know of two systems that are VISA/Mastercard based. One is called First Virtual (http://www.fv.com). They are oriented towards information sales and say that they aren't for service providers, but in practice it looked to me like they could be used for services. When a customer wants to pay, he sends you his FV ID. You send this to FV and they send an email message to the customer asking whether he authorizes the payment. If he says "yes", FV credits your account. You get a check every month. Customers who always say "no" get booted out of the system (as do merchants who submit bogus bills). They charge 29 cents plus 2 percent per transaction, but merchants can batch up multiple orders by a single customer before sending it in.

There are a few problems with a system like this, many of which are somewhat generic to our situation. The most fundamental is that we don't know who our customers are much of the time. In fact, the whole point of the remailer network is that we not know that fact for any case except the first hop in the chain. If we required customers to expose their FV account ID at every hop, it would make it a lot easier to track messages through the network (even if the ID's were hidden in the encryption envelope it seems risky). If we then sent a message to FV saying that we needed to charge ID XXX, and FV responds with an email to the person's home address, this offers more possibilities for tracing.

One solution would be only to charge on entry into the remailer net. Perhaps remailer operators would even charge each other then, and the first remailer would charge some larger amount to deal with a "typical" chain length? Many interesting possibilities here.

Another issue is that the overhead charges by FV would require batching up messages before submitting them. Let me make clear that the batch must consist all of charges to a single user. It doesn't do any good to send one message to FV asking them to please charge a penny to each of 100 VISA accounts. No, you would have to count messages from each user, separately, and when user XXX had sent, say, $1 worth of messages, you could send in the request to FV and get back 70 or so cents.

So this adds some overhead and record-keeping that we don't currently have to do, although perhaps it is not so difficult. But it would raise new questions of authenticating FV ID's, and shares some of the negative privacy impacts and message linking issues mentioned above.

The other VISA based system is called OpenMarket. I just read about it tonight so I don't know it as well (http://www.openmarket.com). It is pretty tied to the WWW so it would not seem to work for us. Customers get connected to a particular WWW server which authenticates them and charges their VISA card appropriately, then they get redirected to the merchant with some kind of token that says they have paid.

The NetBank (email to [email protected]) is a digital-cash like system. Customers get tokens which are basically large secret numbers which have a cash value. They send them to the merchants, and the merchants then send them to the bank which credits their account. The NetBank sends you a check every month.

The interesting thing is how customers buy the cash tokens. One way is by connecting to a 900 number with your modem. They charge the customer $10.00 and give him a digital cash token worth that much. Another way is by faxing a check to them. I wasn't clear on how you get the cash token back in that case; I guess they email it to you at an address you specify. From the privacy point of view, these are not that great; 900 numbers have Automatic Number Identification so unless you are willing to tramp out to a pay phone to get your cash then it could be linked to your phone number. And the fax system must have some kind of return address that would link to you.

The other problem with NetBank is that the smallest denomination which can be spent is 25 cents. Due to the cash-like nature of the tokens, I don't see a natural way to accumulate several messages into one payment. Maybe we could layer our own low-value digital cash system on top of NetBank, where users could buy our anonymous cash for 25 cents and get enough tokens for 25 messages, then we would settle amongst ourselves (or actually with the anon-mail-token bank). Actually this might help with the privacy problems, too. Anonymous digital cash is heavily patented, though.

With a cash-like system, each message would include a numeric token in the header which is the digital cash. The remailer would strip that out and send it in for credit. This is a simple system and could be largely automatic. However there are some tricky issues about cheaters re-using cash.

NetBank charges $4 per month, plus, for the 900-number-based cash, 20% off of face value.

The last system I'll describe is David Chaum's DigiCash (http://www.digicash.com). Chaum is the inventor of digital cash and he certainly knows his stuff, plus as I said he has the intellectual property pretty well sewed up patent-wise. The DC payment system is also WWW based at present. The customer has to be running a special program on his computer, separate from his web browser. This program holds his digital cash, which is similar conceptually to the NetBank cash but more sophisticated cryptographically. When he wants to buy something, the merchant's web server makes a connection to the customer's DC program, and it transfers the cash to the merchant.

DigiCash says they are planning an email based system but for now their emphasis is on the WWW. Right now they are only in beta and not using real money. I don't know when they will be real and email based, and I don't know if they have said what their commission will be. But when this comes up it may be the best approach if small-value transactions can be supported. DigiCash is fully anonymous in the sense that once a customer receives the money, it is "blinded" in a special cryptographic way so that the bank cannot associate it with that customer (and no one else can, either). This kind of anonymity fits in very well with our remailer requirements.

Well, I know this is a lot of information to work through, but mostly I want people to be aware of the possibilities. Most of this stuff is very, very new, only weeks old, generally. Probably over the next few months we will see a lot more options appear. I am confident that there will soon be payment systems that would provide the technical basis for fee based remailing. I don't expect anyone to get rich by this, but it might help compensate for the risks we all face, and it might serve to improve the quality of the remailer network.

Hal Finney
[email protected]

Hal Finney Home Page