nelson@crynwr.com writes:
Scott Brickner writes:
If the remailer does a good job with the delays and shuffling, then it becomes difficult for the analyst to match message a with message b, leaving him with what he already knew (that A and RemailerX have a common interest, as to B and RemailerX, but the interests may be wholly unrelated).
Nope. Not if each of them runs a remailer. That's why mixmaster is SO WONDERFUL.
Aside from the fact that your point doesn't address mine, it doesn't address the issue. The "to" and "from" values that the traffic analyst will be using are the IP addresses in the packets. It doesn't matter whether mixmaster, cypherpunks, or penet remailers are used, they still use IP addresses. Retransmission delays slightly reduce the analyst's ability to correlate inbound and outbound messages. Mixmaster significantly reduces it, since all messages are the same size. Chaining (and mixmaster's inter-host mixing) means that the analyst needs to target more machines to get meaningful correlations. The discussion was about multiple remailers from multiple accounts on the same machine. The very existence of the remailer, independent of issues like shuffling and chaining, is supposed to eliminate identifying the originator by the content of the message. Message shuffling, delays, and chaining are entirely for the purpose of reducing the information available to the traffic analyst. If several remailers are running on the same machine, they may be treated as if there were only one remailer, for the purpose of traffic analysis. Getting more traffic going through them just makes the analysts job easier, because his statistical conclusions are stronger.