Lucky Green wrote:
On Mon, 29 Sep 1997, Anonymous wrote: [In reply to my claim that Type 1 remailers are fun toys. No more].
Please pardon my ignorance, but could you elaborate on this attack? Assuming the user's machine is not compromised, in which case the game is over, whose machines are being broken into? Are you saying that The Enemy just watches the messages going in and out of a particular site and then watches the site where they suspect the messages are going?
Correct. The adversary watches messages move in and out of the mix. [This is quite easy to acomplish, given the security or lack thereof, of much network infrastructure]. I really don't have the time to write an intro on this topic. Subscribe to the Bugtraq mailing list for a year and you'll understand what I mean.
I run two Type 1 remailers on different machines which access different ISPs. I not only swap in/out messages between machines, I also send some of the email via separate machines on separate accounts. The remail I handle is not super-clandestine stuff, it is mostly for those who wish to post to health lists without insurance company narcs gathering information they can use to fuck them out of their coverage. I also employ some tactics which I will not reveal, as my stance is that one should proceed as if every spook in the world is monitoring them, regardless of the level of security that may be sufficient if one goes by surface appearances. If one is serious about anonymity, then one should always assume that each and every remail contains life and death information that should not be compromised. Fuck You ~~~~~~~~