At 9:36 AM -0400 9/20/00, Asymmetric wrote:
I do understand how both types work, however, the opportunity for subterfuge is always present. I was making a point that the assumed security of a remailer should not factor in if you intend to put yourself at risk. Assumptions are dangerous all over the place, and if your assumption could get you into trouble, it's better to verify it or not instead of just proceeding blindly, if at all possible.
And yet you have repeatedly blathered on about how "forging headers" is a good alternative to anonymous remailers. Your explanations indicate you just haven't grokked the level of misdirection and untraceability behind the use of N nested remailers, encrypted at each stage.
What is the outrageous claim? That someone could purposely set up an insecure remailer, claim that it's secure, and that people could then unwittingly use it to incriminate themselves?
There has never been any doubt that some particular remailer may be logging and correlating: this is why N remailers are recommended, with the heuristics we've been discussing here since 1992. (For example: encrypt at every state, a la Mixmaster-type remailers, include one's _own_ remailer in the chain, loop multiple times, etc.) You keep tossing about the "insecure remailer" claim, seemingly not knowing the implications of N-chained remailing. Hint: there is essentially nothing a particular remailer can do to such a chained message except see where he's being asked to send it and correlate this with where it came from. He can't see inside the packet (for obvious reasons), he can't alter the packet (because then later decryptions fail and the packet gets dumped), and he can't even change the remailer he is supposed to deliver to. All he can do is correlate, which is, of course, bad. Hence the role of multiple hops. Still a far cry ahead of your oft-mentioned "mail header forgery" alleged solution.
It comes down to a simple bit of confusion on my part. I cannot understand the mentality of someone who has the time and resources to effectively combat the spam on this list, and yet who does not have the time or resource to either respond in a somewhat civil fashion, or to just delete the message along with the rest of the refuse.
You seemed to be a bit more level headed, so while I still totally disagree that it's a waste of time to try and figure a way around this problem, I haven't utterly lost respect for you as I have with Tim. "Pillar of the community" or not, the guy is an utter asshole.
"Somewhat civil fashion" and "a bit more level headed." You're also a pompous ass. At least you called me "Tim." Most pompous asses here fall into the pseudo-Brit mode of calling me "Mr. May" when they are being pompous. As for your comment that you have never used an anonymous remailer, I had already concluded as much. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.