Black Unicorn said: There are a few cypherpunks probably listening to this who've been smacked with subpoenas for running remailers. I think you'll find that the government is pretty persuasive to third parties like these. The only defense (which one administrator of a remailer I won't name was clever enough to set himself up with) is to say (my paraphrasing) "I don't have access to those logs or any of that data. I don't keep such logs and I never have because it's too much overhead and work." -- I suspect I'm the remop being referred to here, so I'll comment: That defense is valid because it is true. It isn't a contrived excuse for not keeping logs that I conveniently pull out of the wings to protect the anonymity of my users. Keeping logs really is too much of a resource drain on my system. At some point I will probably begin keeping logs that expire after a period of several hours, so that I can identify and block spammers. I'm interested in your thoughts on this, Uni. Is the defense "I never retain logs longer than 2 hours; they are automatically deleted out of disk space considerations" as string as the first one? (This is how many remailers are configured. But even if the remailers all kept logs, if users are chaining their messages through multiple remailers, anonymity should still be preserved.) Regardless, I haven't had the time to implement such a system anyway. My point here is that, if you are going to be using the "off-shore attorney" system of preserving your data, I think it would be helpful if there was a legitimate reason for placing your information in the hands of this other entity (other than protection from the US courts.)