Well, in light of the comments recently from Rotenberg that we are just a bunch of armchair activists, and in light of comments I've received that my
... Well Tim you did sorta ask for that particular comment... but passing on
We see this "they can probably track messages if they want to" view expressed often. Especially by people who haven't thought about the issue in detail, who perhaps just think it "only stands to reason" that the NSA or CIA could backtrack trace messages if they wished to.
The point I was making was rather different, I think the total volume of PGP mail of all types is probably not a large enough fraction of the trafic on the net to be secure. Taking any use of PGP as prima facie evidence of subversive activity probably provides a reasonable cut. If you want to take this offline I can discuss actual examples of countries that use this type of trafic analysis. The point is to identify social networks. Anyone attempting to conceal their social network is probably subversive. Note that the type of government I'm talking about here is way beyond the US in authoritarianism, much more like the USSR of old.
While not accusing Phill of being one of these folks who is just speculating, I really encourage him to carefully look at this issue, to do some calculations of the mix entropy introduced with sites use mix fan-ins of sufficient size.
How many people in total do you have using the mixers? How many mixers are there?
(Hint: 10 remailers each taking in 10 messages of the same rounded-off size give 10^10 possible routings to follow. Of course, there are not 10 billion messsages in all. But by the pigeonhole principle, in fact, it means any final output message could have been any of the input messages. If the remailers do not reveal input-output mappings ("collusion"), it is hard to imagine traffic analysis doing much.
Not if the principle applied is that any use of the mixer taints the person concerned.
With 100 digital mixes, each taking in 100 messages before resending, there are more routings to track back than there are particles in the universe. Smoke that, CIA!
If the total usebase is bellow 10,000 then identifying which person received which message is probably not too necessary. Phill