Mike Duvos <mpd@netcom.com> wrote:
Andrew Loewenstern <lowensa@il.us.swissbank.com> wrote:
While this is a nice thought, it is incorrect. You can't "covertly inject packets into the Net, in some untraceable manner."
You can temporarily modify router tables, spoof IPs and idents, and leave few traces behind once the data has been transferred, particularly if the origin is some obscure foreign location.
Sure, doing this will make your packets untraceable, but for how long? Changing router tables and spoofing IPs is going to attract unwanted attention fast. I don't think such active IP attacks are appropriate for a remailer running unattended. Perhaps you mean that individual users should do these kinds of things instead of using remailers? For untraceability, I would put my money on chained MixMasters over IP spoofing. Besides, with IPv6 you won't be able to do these things anymore, but remailers will still work.
The idea here was to have a large number of nodes, each capable of injecting data into the Net in a manner which cannot be easily traced back to an individual. These nodes would talk to each other using a mechanism which obscured both eavesdropping and traffic analysis of their communications, a DC-Net being one possible way of doing this.
It's a good idea but it doesn't work in the real life. You can't put a message in a public place (like UseNet) or send one to an unwitting e-mail recipient (such as a mailing list) in an untraceable manner, repeatedly over time. The last remailer is going to traceable. A DC-Net is great, but it isn't going to be useful to very many people if the only people you can send messages to are the other DC-Net participants. Yes, this has applications, but it is not a replacement for the remailers we have now and are starting to loose at an alarming rate.
Since it looks like the "everyone's a remailer" dream is not becoming a reality, the key to successful remailers is to make the *operators* untraceable as well. If you can't trace the operator, you can't hold them liable. We have discussed techniques for doing this before: cash paid accounts, using dialups (possibly from a public phone). The remailer must be a 'sacrificial cow' that can be > snatched up by 'authorities' at any time.
You could get the same effect with an instant anonymous account that could be purchased with Ecash. You would buy it on the spot, send your mail, and forget about it. For all practical purposes, it would serve the same function as a remailer, and steps could be taken to obscure the identity of whoever had telnetted to it.
But not every piece of mail sent through a remailer is 'hot' enough to get it shut down. The vast majority of traffic is harmless. Also, taking steps to obscure the identity of whoever had telnetted to it is hard, way too hard for the average user who wants to send remail securely. If the remailer op does it once to setup a remailer, then potentially a very large number of people can use the remailer until it gets busted. In the mean time the remailer op collects postage to compensate him for his effort. Also you later say that "I don't think most people are going to pay to remail." Well if people aren't going to pay to remail, why would they pay to open a disposable ecash account to send a piece of untraceable mail? How much will the cheapest account be? Probably less than what a remailer, which can handle hundreds of messages a day, running on the exact same account would charge. Then you say "Or, to put it another way, the types of traffic people will pay to remail are those no remailer operator will want to touch with a barge pole." Well duh. My message you are refuting (and suggesting that the alternative is IP spoofing) is entirely centered around the idea that the remailer operator remain untraceable is because the traffic could potentially be too 'hot' for the remail-op to manage. I guess you mean that the all the harmless traffic will disappear once you have to pay to play. Well, if the only remailers around are for-pay ones with untraceable operators because all the public ones got busted, people will pay. If people didn't want a high assurance of untraceability, people would just use Penet. I don't think remail postage is going to have to be expensive. It doesn't take long to pay for a $15 a month telnet-only account. If you charged only a dime each, it would only take 150 messages to pay for it. Over a month thats about 5 messages a day. Sounds reasonable to me. A 3 remailer chain would cost $0.30, less than snail mail...
Another possible approach is the "remailing packets" one. You could set up a packet remailer which could be used as a universal proxy server in some untouchable foreign location. If we had a "packet remailer in a box", these things could pop up all over the place, live a short time, and be nuked. Since the communication would be real-time, concerns over reliability and delivery would not exist in the same way they do for the current system of remailers.
Which untouchable foreign locations do you refer to? For all the talk of these glorious havens we don't have any remailers setup in them. The Netherlands isn't one of them. Neither is Germany or France for sure. You can't have these "pop up all over the place" if it has to pop up in an untouchable foreign location that doesn't exist. If you think people get the heebie jeebies about running a remailer that could possibly be used to carry threats or illegal pictures, just wait to you see their reaction when you tell them that people could use their packet remailer to hack other sites. While remailer traffic has a chance of getting constitutional protection (in this country obviously), there is no doubt that hacking machines is not protected. Buying an anonymous telnet-only account with cash, then using a CyberCafe or some other public Net terminal to setup the remailer sounds like a much more viable solution for a potential remail-op than flying to Micronesia. Or waiting patiently for people in these untouchable foreign locations to setup remailers. Also, I think it's time to stop expecting people to rush out and setup these things if they were easier to setup. People simply don't get enough benefit for the risk of running a remailer. A web server is harder to setup than Mixmaster but there are a lot more web sites. If remailer ops are going to be liable for content, then few people are going to want to do it, regardless of the difficulties involved of setting up the software. Also, people want an/pseud-onymity. Look at how many accounts the penet service has. As people realize that such services offer little assurance of untraceability, they will turn more and more to cypherpunk remailers. If the only way a remailer can stay up is if it charges then the market will decide if it is worth it. I think the market is there. andrew