At 1:40 PM 6/4/96, Scott Brickner wrote:

Bill Stewart writes:

...

...

I don't think multiple remailers at the same site help anything.

Assume Alice, Bob, and Carol are on abc.com and Xenu, Yak, and Zut are on xyz.com. Remailing between Alice, Bob, and Carol doesn't make appear to make much difference, but it does reduce the damage if one of the remailer's keys is compromised. On the other hand, mail from Alice -> Xenu -> Bob -> Yak -> Carol -> Zut adds traffic to the system, and makes traffic analysis more difficult, even if the Bad Guys are watching site abc.com and have stolen Alice, Bob, and Carol's keys.

Wait a minute. More traffic should make analysis easier, since traffic analysis is mostly statistical work on the source and destination (not necessarily "from" and "to"). A bigger sample makes more reliable results.

For traffic analysis, I don't know *who* sent the message (it was, after all, anonymized), but I do know a site which transmitted it and one which received it, the time it was transmitted, and maybe its size. Multiply this times a whole bunch of messages, and I can infer information about "common interests" between those sources and destinations.

The delays and mixing done by remailers make it harder by disassociating the true sender from the true receiver. If a remailer were to ignore this step, the analyst can deduce from the two data points

"message a, source A, destination RemailerX, time t, size s" "message b, source RemailerX, destination B, time t+0.001s, size s"

that there's some connection between A and B. The more such evidence, the stronger the connection. If the remailer does a good job with the delays and shuffling, then it becomes difficult for the analyst to match message a with message b, leaving him with what he already knew (that A and RemailerX have a common interest, as to B and RemailerX, but the interests may be wholly unrelated).

Multiple remailers on the same machine increases the resolution of the address information, at best, improving the analysts ability to make connections. The same traffic load going to a single remailer at the site makes the analyst's job harder.

...

The other threat it helps with is that if XYZ.COM gets complaints about that evil user Zut, she can kick her off (Bad Zut!) and still leave Xenu and Yak alone; if the remailer service were provided by the machine owner herself she might be directly liable.

Hmm. Nothing really stops the machine owner from creating a personal anonymous account to run the remailer. When someone complains, shut it down and create a new one. There isn't yet a law which requires that the owner be able to identify the user. This affords the same protection that multiple users does.

The time correlation attack can be defeated by sending mail into the remailer network with a period roughly equal to the propagation time of a message through a chain. That way your messages correlate with absolutely all receipts of all messages. That contains no information. -Lance ---------------------------------------------------------- Lance Cottrell loki@obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ----------------------------------------------------------