Hal Finney assumes that cooperating attackers are monitoring each and every remailer site used by a well-constructed message (which I define as two or more jurisdictions, at least one private box, and nested encryption). While ubiquitous wiretap is a good worst-case assumption to make when designing the remailers, the odds that all the remailers in such a chain are being wiretapped is vanishingly small. A post-hoc attack of examing logs, like what the FBI is probably doing now for the RC4 incident, is much more likely. A wiretap attack would only become even remotely likely if there was a repeated pattern, for example regularly leaked trade secrets that appeated to come from the same originator. Despite the possibility that the RC4 leaker used the predictable 'premail', or perhaps didn't even use nested encryption at all, and that the leak was serious enought to make the front page of the Wall Street Journal, I'll lay even odds that the leaker is never found. If the leaker used a well-constructed message, and doesn't try to repeat his coup, I set the odds at 1000:1 that we'll ever find him via remailer tracing. This despite the fact that the current remailer network falls well short of a wiretap-proof digital mix, as Hal correctly notes. Jim Hart hart@chaos.bsu.edu