jdd@aiki.demon.co.uk (Jim Dixon) writes:
In message <199408070216.TAA09025@jobe.shell.portal.com> Hal writes:
If this idea seems valid, it suggests that the real worth of a network of remailers is to try to assure that there are at least some honest ones in your path. It's not to add security in terms of message mixing; a single remailer seems to really provide all that you need. Yes, in an ideal world. Each additional remailer introduces another chance of being compromised.
Once again I find myself with an understanding that is exactly the opposite of Jim's. I must be missing the point of his network design. In the remailer networks I am familiar with, each additional remailer introduces another chance of being uncompromised, rather than being compromised! Only if all the re- mailers in the chain are cooperating and logging messages can they recon- struct the path my message took. If any one remailer is honest, my message is successfully mixed with the others. A design in which any one remailer in the chain can compromise the privacy of the user seems to have a very big flaw.
But in an ideal remailer network operated by real human beings, you cannot trust the operator. You would prefer that at least the points of entry and exit from the network be different, because this decreases the probability of the message being 'outed' by a very large factor. If you are seriously concerned about legal factors, you would prefer that the remailer gateways be in different legal jurisdictions.
Yes, this makes a lot of sense. Use different jurisdictions to make attacks by government agencies more difficult, use multiple remailers in a chain, etc. I just don't follow the earlier comment which suggests a different model of information exposure than I use. Hal