On Thu, 4 Jun 1998, Sprokkit Amhal wrote:
anonymous email boxes, whereby a user can receive email and even a traffic analysis attacker is unable to glean information about who received what when. I forget exactly what ve called vis method...
One way to do pseudonymous email boxes is to use a web-based mailbox server such as hotmail and pick up the mail through anonymizers or onion routers. Obviously you need SSL for the anonymizer connections, and for the mailbox connection as well, and the name of the mailbox needs to be in the encrypted portion of the SSL requests rather than in the sniffable URL parts. The main threat is eavesdroppers watching the anonymizers over a period of time, picking up patterns that may not show during a single mail pickup. So you need enough anonymizers out there, or enough cover traffic on a smaller number of anonymizers, but it should basically be doable. It also helps if you can send mail to the mailer using the web, with SSL and chains of anonymizers to do it, to protect the sender, but anonymous remailers can also solve that problem. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639