As Tim says, it is no secret on this list that the remailers are not presently secure. I posted a long message a few months ago outlining possible attacks on the remailers. It's worth noting that Karl Barrus' remailer does batch up messages and send them out once a day. If enough people use it that will help mix them up. There is still the message size to match them up, though (and, believe it or not, the Subject: line!). Karl is working on padding code. Really, fixing these problems is not hard. There will be some penalties in terms of usability of the systems. Subject lines will have to be embedded in the encrypted message blocks, so the software which sets up cascaded message commands will need to do this. More intrusively, I think all messages will have to be padded to be the same size everywhre in the remailer network. We need to pick a size large enough to accomodate most messages yet not so large that padding all messages to that size will be too expensive or wasteful. Then messages bigger than that size will either be rejected or at least some warning given to the user that his message will be trackable. The traffic volume problem should be solved by having a source of random messages which traverse the network, mixing in with user messages. This will help, but you still have the problem that only user messages will leave the network. The biggest problem is that many remailers are on unsecure systems. The PGP keys and passwords for these remailers are on the disk IN THE CLEAR. Anyone who can get privileges on these systems (many hackers, these days, not to mention the NSA) can get the remailer's keys and decrypt any messages sent to those remailers. Karl's monthly posting shows which remailers are on private machines; those are the only ones which have any hope of being secure against the NSA. As I said, I think most of these problems are fixable, or at least can be significantly improved. Perhaps after the holidays interested parties can set up a sub-list to discuss "Mark II" remailers which will more closely approximate Chaum's vision. Hal Finney hfinney@shell.portal.com