-----BEGIN PGP SIGNED MESSAGE----- Several weeks back, I posted a message stating the need (in my opinion) for a system of anonymity on the Internet that would be more secure than the anonymous remailers. Despite the valuable service provided by the remailers, I am troubled by their vulnerability. It seems likely that at some point in the near future, a remailer is going to be silenced, and possibly (though not inevitably) the contents of its database made public. This may possibly lead to criminal charges being filed against someone, based on alleged criminal acts in which the remailer plays a part. (I am not going to state what these "criminal acts" may be, because I don't know which ones will be involed. I don't know when this blow to the remailer system will come, or who it will happen to. I simply believe that, given the growing trend towards censorship and anti-privacy in government and business circles, the blow will come sooner or later.) The vulnerability of the remailer system, in my opinion, rests in the fact that a remailer is physically located in a certain place. This makes the remailer a target for attacks, as shown by the futile efforts (so far) of the so-called "church" of Scientology to silence the remailers at anon.penet.fi and xs4all.nl. (The original demand of Scientology in the Penet affair was for the entire contents of Julf's database to be revealed, but fortunately Julf was able to limit the exposure to a single user. When Scientology attempted to raid xs4all, their original seizure order was against the remailer itself - -- but fortunately (again) the remailer itself had been closed two months before. The representative of Scientology had to re-phrase the seizure order on the spot, declaring instead that the reason for the seizure was the existence of the infamous "Fishman Affivavit" on an xs4all Web page.) I believe a system of anonymity is needed that can withstand attacks of this sort. The current remailer system may be able to weather the oncoming storm, but it will suffer damage in the process. A system to reduce the effect of pro-censorship forces on sources of online anonymity is needed. But what shall this system be? Since the prime vulnerability of the remailers rests in their physical locations, we have the possibility of physically hiding their locations. This is impossible in the long run, and it hampers the ability to set up a remailer on a short-term basis. How hard is it to set up a node that is hidden from efforts to discover its location? If setting up a remailer requires you to go into hiding, many would-be privacy activists will be dissuaded from giving it a try. Rather, I wonder if it would be possible to devise a system that introduced a random element into the picture, one that lessens the possibility of blame being placed on any one individual, or any one site. The Netherlands responded to Scientology's attack on xs4all by spreading the Fishman Affivavit far and wide. At the time of this writing, this document now exists on more than eighty Web pages in Holland, and this makes it far more difficult for Scientology to stop the spread of information. (They are still trying, however. The latest word from Europe is that a member of Scientology's "Office of Special Affairs" has flown to Europe, and is now calling service providers and individual users. A lawyer for Scientology is there as well. See alt.religion.scientology for more details of this case.) Using Scientology as an example once again (this will be my last mention of it, I promise), note the failure of the "church" to shut down alt.religion.scientology. They have tried every possible means to prevent the newsgroup from spreading information to the world, and every attempt to stop this "leak" has failed. If it was possible to effectively eradicate a newsgroup, Scientology would certainly have done so by now. Alt.religion.scientology cannot be shut up because it is distributed to thousands of sites around the world, thus making it impossible to shut them all down. That's why I believe a newsgroup for anonymous messages would be able to withstand attacks by would-be censors. Previously, I had suggested the possibility of a "moderated" anonymous newsgroup that would forward all postings to the address of the "moderator," where they might then be randomly distributed to remailers before being posted to the anonymous newsgroup. However, that idea had several inherent weaknesses, including attacks on the "moderation" site and newgroup messages designed to compromise the newsgroup and send postings to other places. The way to prevent a newsgroup from being compromised in this manner, then, would use a different method -- one that is immune to control messages. In the course discussion with a group of cyberpunks on IRC a couple of days ago, another possible system for anonymity was devised. This system can reply on a unmoderated newsgroup as a source for messages. Instead of forwarding messages to an address in order to hide the ID of an anonymous poster, it was suggested that PGP be used to protect the messages themselves. The basic idea for this system goes like this: 1) A person writes a message and encrypts it with PGP. 2) That person then posts his message to the "anonymous messages" newsgroup. 3) A remailer scanning the newsgroup picks up the message, decrypts it, strips the headers and makes it anonymous, and sends it to its destination. Because the anonymous messages come to the remailer by scanning a newsgroup, tracking a remailer's incoming-mail logs would be useless. To offer further protection for the remailers, a random system could be devised to ensure that no one knows exactly which remailer scans a particular message at a particular time. I am not a programmer, and some of the technical details in this proposal go over my head. Hopefully you can clairfy some of the points presented here and see if this system is possible or not. The actual remailer code, involving scanning the newsgroup for PGP-encrypted messages and stripping headers, could be written with PERL scripts. This would keep it portable, and it would be easy for a person to tell if it has been tampered with. This code would be distributed widely. A series of remailers would be used to decrypt anonymous messages. A "token" (like the token ring of IBM fame) would be passed back and forth between all of the Cryptoclients in the remailer network, so that only one remailer would be "active" at any given time. This token would be passed back and forth at random, so no one would know exactly which remailer is being used to anonymize a message. The "token" is the key to this remailing system. This token would include necessary information such as the last message scanned, and to coordinate timing among the remailers. This will work to avoid duplication of messages. (Of course, the remailers should also hold messages for a random amount of time -- say, up to two hours -- in order to prevent someone from being traced, based on the time he posted his encrypted message to the newsgroup.) The decryption key for the anonymous messages would be created using a 2047-bit PGP key. To prevent this key from falling into the wrong hands, a "web of trust" could be used to pass pieces of the key among each other. If enough sites trust remailers trust a site, that site will receive enough pieces of the group key to be able to respond and "accept" the token. The public key for this PGP key would be sent to the keyservers. People would encrypt their messages using this key. The mental image I have is that of a virtual "anon demon," zipping back and forth among the network of remailer sites, stopping at each site to scan messages from the newsgroup and send them to their destinations. If a large network of remailers is connected in this fashion, it becomes impossible to prevent stop anonymous messages from reaching their destination simply by attacking one site, or even a series of sites. The "anon demon" would simply bypass the compromised sites and use other points in the network. Comments are welcome concerning the vulnerability of this system, its complexity, its ability to withstand attacks, and any other constructive criticism. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMIToGR7ohFhEPknNAQHEtwP9EmdEVtNoEJC6MtokZs66ea27Nx874K+s ueOiX21QL01SGjn7AvHUxTDPSiNXdnqSlDRqsnc2nefNlkhc2bzZklovlnZ15XC/ ZUxRWtCBk0LFoPyxbc/kEOM2cjqJdZ4llxYRHed0RcH0ABvYcGv8ZTjxtKEwN9Sy IDxmiTlqHXU= =yLqV -----END PGP SIGNATURE-----