I'm quite aware of the attack. It's not guaranteed successful yet. If you've paid attention to our lawyers recently it sounds like the battle is sporadic and the outcome mixed. Until the heavy hand wipes out remailers the fate of an individual message is interesting. So as of even date being able to assign IP addresses to persons and remailer nodes is not equivalent to compromising the communications. It's the best solution available today isn't it? Ray Dillinger wrote:
On Fri, 3 Aug 2001 mmotyka@lsil.com wrote:
Nested encryption protects a subverted node from being able to trace the entire chain in one fell swoop.
Take your focus off the individual message.
Okay?
Now look at the system, the infrastructure, that you need to send that message anonymously. It relies on identifiable remops existing at known addresses. Known to the people sending messages == known to the cops.
If the law wants to take this thing down, they will not be attacking the strongest point -- ie, trying to trace individual messages.
Instead, they will attack the weakest point -- trying to drive remailer operators out of business and thus destroy the infrastructure you need. That is the threat model I'm concerned about, and given that network monitoring is now automatable and cheap, it is entirely do-able.
As long as there is one uncompromised node in a chain subversion doesn't guarantee a matchup of "from" and "to" but it improves the odds.
So what? A move by the g8 to protect the "global infrastructure" of the Internet, (polspeak for protecting their ability to control what the sheep think) followed by laws passed in individual countries, would force remops to operate solely in "rogue states", and messages to and from them could be screened out pretty simply.
Bear