At 01:25 AM 1/16/98 GMT, Adam Back wrote:
How do we improve the resistance of the remailer network to well resourced attackers intent on dismantling it?
An obvious thing to try is to add some more remailers. 300 remailers would not be immune to simultaneous shutdown by the authorities, but it would make it more difficult. A dozen of so remailers makes shutdown fairly simple. A less obvious thing to try is to get the general windows users to start making use of remailers. If Eudora, Pegasus, and Outlook came nym ready out of the box, with the ease of use of a spell checker, then this would generate enough traffic to flood the remailer network and require hundreds of servers. This idea has it's own problems, but there is not much traffic on remailers. One of the busiest remailers in the world still has only about 3,000 messages per day. One spammer can send mail to more destinations in a weekend than the entire remailer network in a year. Threats to the remailer network come from a few basic places. 1. Traditional law enforcement 2. Unauthorized law enforcement 3. "friends" of message recipients or "friends" of the remailer 4. unreliability of the machines that form the network 5. Hacking attacks 6. Design 7. User incompetence Of the above, the most dangerous in my opinion is "friends". This is what shut Balls down. This is where Cracker gets the worst complaints. Seldom do I hear a complaint from a message recipient, more I hear from "I have a friend who got this message..." Traditional law enforcement is a quick call with a thank you I'm dropping this. While penet shut down after an investigation, he alluded to the fact that he was just tired of the hassles. Weasel did not shut down because of the law, but due to the desire to not expose his ISP to hassles. Traditional law enforcement takes so long to investigate, the keys could be canceled and replaced several times. In the US I don't think that law enforcement really cares enough to issue a warrant. Almost no warrants have ever been issued for remailers. Though I would not be surprised to find that intense extra-legal investigations were done on cases that involved situations such as Jim Bell's Assassination Politics. Cracker goes off line for a few hours every month. We basically never lose messages, but we can delay some. We have a downtime between 1.6% and 3% on the overall average. This is our remailer only. Compare this with the network - we only had 26 minutes of downtime in the last 365 days. Recently another remailer went down due to a hard drive problem - for a week or more. Software and hardware problems are significant issues for remailers. Another is incompatibilities in moving data from one mail host to another. Every once in awhile machines just become incompatible, often due to sendmail configurations designed to block spam or provide better security. As for hacking attacks, Cracker/EFGA has had some people censured by their ISP for stuff like spoofing us, mailbombing, and that good 'ole ping thing. To be honest, we've never been hurt by it anyway, but we do monitor for such things. A significant problem is in design. The remailer network is not designed to be robust or fault tolerant. There is no error notification to the user. If your message gets dropped along the way, there is no recovery system that gets it through another route. If you misspell your destination address, or other problem exists, you don't get notified of the event. Still for a group of volunteers running software that is patched almost every week, providing services for free - they don't do a bad job. -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key