On Fri, 2004-04-30 at 14:12, An Metet wrote:
What technologies currently exist for receiving a/psuedononymous message? With Mixmaster, sending mail, posting news, and even blog posting are possible, However, receiving replies securely or, better, holding a private conversation is difficult or impossible. Best bet seems is to encrypt and spam somewhere very public? Ugly, ugly. No technological method, just a few "trust me" remailers. Other options?
A simple option is to use a free webmail account and access it via an anonymizing proxy. You can send mail that way too. The great advantage of this is that it does not brand you as an "anonymous mail user" and thereby call attention to your activities. You look like just another of the millions of people who use such services. For anonymizing proxies, do a google search on anonymous web surfing. There are many more companies than anonymizer.com, although it is the oldest and probably the best. You can also begin experimenting with the onion routing network at http://www.freehaven.net/tor. This is like a free version of the old ZKS Freedom network where you construct a path through a number of forwarding nodes. You could also combine these and use TOR to access anonymizer.com and go from there to hotmail.com, etc. There's a new proposal out called the Pynchon Gate from Len Sassaman and Bram Cohen, http://www.freehaven.net/doc/pynchon-gate/. Sassaman is one of the main Mixmaster/Mixminion developers, and Cohen of course has revolutionized the P2P file sharing scene this past year with his BitTorrent. These guys have a pretty good pedigree for getting stuff done, and they claim to be in the process of implementing this new system. The Pynchon Gate will use a crypto protocol called Private Information Retrieval to let people receive messages anonymously. The way PIR works, all the incoming messages for all users are stored in a big database which is replicated at several servers. Recipients connect to each server and download a packet of data, which is combined at the local machine to reconstruct one incoming message. However the algorithm is such that each individual server learns nothing about which message is being fetched, protecting the receiver's anonymity. Here's a simple example of how it would work. The method relies on two properties of XOR: XORing a value with itself yields zero; and the result of XORing a random value with a predetermined pattern is still a random value. Suppose there are only two database servers, each holding 8 messages, where the messages are all split or padded to be a standard size: M1 M2 M3 M4 M5 M6 M7 M8 Suppose you want to fetch M4. Now you create a random 8-bit binary string: 1 0 1 0 0 0 0 1 Make a copy of that string and XOR in the bit position of the message we want, in this the 4th bit: 1 0 1 1 0 0 0 1 Note that because of the 2nd property of XOR listed above, both bit strings are individually indistinguishable from random and neither by itself gives any information about which bit was XOR'd. Send the first bit string to the first server and the 2nd bit string to the 2nd server. Each server XOR's the messages corresponding to the 1 bits and returns the results, which will be the size of single standard message: Server 1: M1 xor M3 xor M8 Server 2: M1 xor M3 xor M4 xor M8 The recipient xors these two messages together: (M1 xor M3 xor M8) xor (M1 xor M3 xor M4 xor M8) = (M1 xor M1) xor (M3 xor M3) xor (M8 xor M8) xor M4 = M4 The result is the required message. Individually, each server saw a random bit string and neither one by itself had any indication about which message was being fetched, hence the recipient's anonymity was protected. The same method can be generalized to larger numbers of servers, and that is the intention with the Pynchon Gate system. The privacy threat with this approach is that if the servers combine their information, they can deduce which message the recipient was fetching, by XORing all their bit strings together. However, as long as even one server is honest and refuses to go along with this, the other servers can learn nothing about which message was being fetched. This security guarantee is similar to that of a remailer chain, where if they all colluded they could track user messages, but if at least one is honest then privacy is protected. Hence it is a good match for users who rely on remailers. It's not yet clear that this method can be really practical, can scale to a reasonable number of users, resist flooding, and avoid leaking information in terms of how many requests a given user makes in a given period of time. These are serious practical issues that need to be solved. But they do have one really good idea, which is that the user-end software will be an agent that executes this protocol on a regular basis to fetch messages, then makes them available to the mail client by acting as a local POP server. All modern mail clients let you set multiple POP servers to be queried, so this should produce nearly transparent integration to existing mail clients. This concept might be copied for other mail receiving methods in the future.