"Small World" network models resolve almost all of these issues...the failure with all these models is the concept of 'root' (or more generaly 'heirarchy'). It's not needed. ---------- Forwarded message ---------- Date: Thu, 26 Jul 2001 01:52:53 -0400 (EDT) From: dmolnar <dmolnar@hcs.harvard.edu> Reply-To: cypherpunks@ssz.com To: gbroiles@speakeasy.org Cc: cypherpunks@lne.com Subject: CDR: Re: Open 802.11b wireless access points and remailers On Tue, 24 Jul 2001 gbroiles@speakeasy.org wrote:
forbidden emails or browse hidden sites did that by going to public terminals in libraries or web cafes or [...] - now perhaps they'll do that at Starbucks or the mall, either for free or having paid cash for short-term access via 802.11b wireless.
I heard recently that Starbucks is piloting 802.11b access in selected Manhattan locations. The issue is support, of course - they need to see if they'll have to hire a sysadmin for every Starbucks before rolling it out. I haven't taken my laptop and tried to verify this yet. Matthew Skala had some material on his web page concerning "community wireless" networks, as well, in which people offer free wireless connectivity as a public service. Presumably this too would offer opportunities for anonymous net access. I would be less willing to trust a static box connected to one of these networks, though. Once identified as a remailer, it seems that it might be too easy to track it to its physical location, at which point it can be borged or destroyed. After all, if it's going to be an active remailer, it will be sending and receiving several messages each day. You might try to get around this by developing a protocol in which there are many, many remailers, each of which only speaks once in a very long while. I don't know how easy or hard it is exactly to do this kind of tracking, however, which makes it difficult to say what such a protocol would look like. Perhaps mobile remailers might be more useful or more difficult to track to their physical implementation. The only problem with a mobile remailer is the question of "who's moving it?" (or what). I can imagine a mobile remailer the size of a Walkman without too much difficulty; I can also imagine that if I were to wear such a remailer and walk around in the wrong kind of environment, I'd be asking for a "mugging." or worse. Now that I think about it, it's not clear that wireless actually buys us more than obscurity of physical location. The real win, as you point out, is ease of access and ease of setup. Maybe less dependence on upstream connections, as well, so you can get around the problem of ISPs shutting down remailers for spam. Plus mobile remailers seem to require either a global address space or developing the notion of remailer confederations which allow dynamic leave and join of remailer nodes. I recall that the notion of dynamic collections of remailers came up in at least one previous discussion of disposable remailers. I don't remember that too many conclusions were reached, but it was a while abck. One problem is that an adversary can show up with polynomially many of its closest friends and have them all try to join a remailer confederation at once. While the MIX protocol is theoretically OK as long as even one MIX is honest, this may have bad implications for traffic analysis. Perhaps one thing we could do would be to borrow Levien's advogato metric. Let anyone who wants to start a remailer confederation. They form the root set of the trust metric for that confederation. Anyone can join the confederation's address space, but will start out with no trust links between them and the root set. Nodes can rate each other, establishing trust links. This way you can develop a trust metric / reputation system local to that particular remailer confederation. Now the issues are how the ratings are set up and maybe more important, how routing of messages is influenced by the trust metric. Ratings could be manual. We know how well that works from the PGP web of trust experiment - and here life is harder since remops usually will not know each other personally nor want to. Another issue is dealing with nodes which leave the confederation. What if all the confederation founders leave? what happens to the root set then? Also, building up trust may require time, which makes this unsuitable for nodes which want to pop in for 20 ins and then leave (say their owner is on the freeway). -David -- ____________________________________________________________________ Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light. B.A. Behrend The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------