On 2 Sep 2001, at 3:40, Nomen Nescio wrote:
The fact that a given person is using the remailer network is not a secret. At least one remailer finds out every time he sends a message. The point is, the entry from the non-anonymous to the anonymous world is a vulnerability.
Sort of. The first remailer in the chain will see something like an IP address. This might or might not be enough to identify the indvidual using it in principle (gee, it's somebody posting from a public library or internet cafe) and almost certainly isn't in practice (how many remaler operators bother keeping something like a reverse DNS table on their servers). If the remailer operators decided they wanted to deny "baddies" use of their services, they would not only have to unanimously agree as to who the "baddies" are, they would also have to deny their services in all cases where the client cannot be positovely identified. Neither of which strikes me as being plausible.
-- blinding. (Hint: That Alice deposits money into a digital bank, and is identified by the bank, does not mean the bank knows who received digital money from Alice, because Alice unblinds the note before spending it--or redeeming it.)
No, but the fact that Alice transfered a certain amount of funds into the anonymous bank is visible to at least some observers. Once again, the point is that as you enter the anonymous world your entry is visible.
In the old style numbered swiss bank account, you give them a suitcase full of cash and you get an account number. They know who you are if the recognize you when you go in to set up the account, if not not.
Compare this with the original claim: "in a properly designed anonymity system the users will be, well, anonymous, and it should be impossible to tell any more about them than that they pay their bills on time." These examples illustrate the falsehood of this claim. Much more is learned about the customers as they enter the anonymous system.
I stand by my earlier statement. The fact that you may be identifiable at the point of entry to an anonymity system is a weakness, not a desired feature, and if it can be avoided, it should be. George