From: IN%"hfinney@shell.portal.com" "Hal" 28-MAY-1996 21:35:03.17

Or better still, run one remailer on the machine, and use it multiple times in the chain. It seems to me that one remailer on a machine is better than several because it will allow more mixing of messages. If two messages enter a machine and later leave, it may be possible to distinguish them if they went to different remailers and left with different From: addresses (or other header fields) as a result. If they had both gone to the same remailer it would be harder to tell them apart.

But you could get a massive amount of mixing of messages, by this logic, simply by having 1 gigantic remailer. It'd have a vast traffic flow and could do a lot of latency, etcetera. But this also means that whoever runs it can trace everything - and whoever breaks into it can trace everything. While multiple remailers on the same machine isn't ideal for this purpose (if root is cracked, they all are cracked), it's better for this aspect than 1 remailer; root can be assumed to be harder to crack than a non-root-account remailer. Moreover, this is assuming one machine, or an interlinked group of machines set up such that there is one root account for all of them; separating the remailers into machines with different roots would help. The rubber-hose attack on the sysadmin is still a problem, though. -Allen