Quoting Steve Schear <schear@lvcm.com>:
I don't run a mixmaster because: - its not been easy to get running - it uses SMTP ports which are filtered on my AT&T cable system. The remailer reference lists need to include port number references so users on these "restricted" ISPs can participate. Since the traffic is encrypted it might make sense for operators to choose port numbers used by P2P applications which currently encrypt traffic (I believe Morpheus does). - it didn't run under Windows (until the other day)
[admittedly, I'm very biased, since I have more of a network engineering/admin point of view than a normal end-user cypherpunk point of view] I'm wary of doing things which violate internet standards and generally complicate application design to support: 1) Windows users trying to run servers 2) People running reliable servers on filtered networks (just get a tunnel if you really care) I don't see there being a huge need for middleman/remix-only nodes. There is a huge need for well-configured, production-grade exit hosts with testicular fortitude and a bad attitude. Are there *any* documented cases of people subpoenaing more than one layer deep in a remailer net? Or even actively fucking with a single remailer who simply says "I keep no logs" successfully enough to do any more than shut him down? (mixmaster, not penet) Things like the hotmail exit code are foiled these days by the "prove you are a real human or a turing-test-complete AI to open an account" Relying on services which are in violation of terms of service (running a remailing server on a consumer dialup or cablemodem with a no-servers policy, abusing stupid web email providers to take the heat) is not a good way for high-visibility, high-abuse postions of the network to operate, if reliability is key (as it is for non-abusive remailer users). Until there is evidence otherwise, I think 5-10 well-administered, professionally maintained remailers, run by reasonably well known organizations, with sufficient legal firepower to defend themselves, running a codebase which is as reliable as a standard MTA, with best-efforts spam and abuse prevention, would provide a better service to users than 100 99% reliable remailers running on cablemodems which can be incapacitated by a single email to noc@home.net or blown power supply or whatever. Simultaneously raise the bar in some ways (require better network, maintenance, etc.) but lower it in the ways which influence TCO for a professional organization (install and maintenance admin time). Provide a way to inject messages into the system without identifying the user as "member of the set of remailer users"; put up a web interface accessible via a quality anonymizing proxy, or pick up encrypted messages from USENET, or encourage dummy traffic from end users (put a nice web anonymizer and/or SSL web server with general-interest content right next to the remailer, ideally, for plausible deniability, and use JS or java or something so normal browsing sessions and remailer-interaction sessions are similar).
There needs to be an automated way to anonymously and securely determine if your messages have gotten stuck at a particular remailer.
Given the level of latency and standard deviation for messages, I'm not sure if this would provide a reasonable level of quality of service, using today's remailer population. -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F