Hi, As I'm taking my first steps towards ethernal freedom, I just wanted to try this channel with some questions: 1. Cypherpunk-remailers and multi-identities with preserved anonymity. What if I use >1 identities and don't want them to be associated with neither my username nor the other identities? When my mail leaves the last remailer in direction towards me, 'everyone' has the opportunity to read my mail. Ok, the mail may be encrypted with my public-key, but there comes the problem, by beeing encrypted with my pub.key it is also marked with one of my identities, so by monitoring my mail they can connect my 'real' name with pseudonyms I use! Of course, I can tell the senders to encrypt my mail with a passphrase (like PGP -c) before sending it to me, but that don't work in situations like: 'If you support these opinions, feel free to mail me , using this header and this key...' I guess it's not that smart to tell them 'Oh, and please encrypt my mail with PGP -c "secret" first!' ??? I may most certainly have overlooked some details about this, but if not, I would like to have a command in those remailers like: :: Conventional-encryption-password: 'password' Which invokes PGP -c 'password' on the rest of the message before sending it to next adress. 2. Server for Anonymous-headers. My problem with anonymous-headers (that is reversed chains of PGP-encrypted adresses for remailers) are that they: 1) Are too big and ugly, 2) Needs common updates as remailers goes down. Therefor, wouldn't it be nice with servers like the public-keys servers where you could request the latest header for a pseudonym? Maybe even be able to mail directly to that server with pseudonym@server... and get the mail redirected to 'pseudonym'? 3. Protection of remailers. How are the cypherpunk remailers protected from sec.key-thieves and mail monitoring? I mean, their keys can't be protected by passphrases, and they often resides in multiuser/timesharing systems? I would certainly make the first attack towards the remailers before trying brute-force on a 1024-bit RSA-key! Regards, Henrik
faust@cd.chalmers.se brings up some interesting points about remailer encryption, suggesting the capability to re-encrypt a message at the remailer point instead of a-prior by the sender. This was proposed to allow replies to a anonymous user to be encrypted using that user's public key, avoiding the problem of the final message being transmitted in cleartext. The sophisticated server run by D. Clunie around December for a few months allowed exactly this basic and valuable capability, and so far has been unmatched. In his system the user sent messages to the server encoded by the server's public key. Replies to the user through the server were first encrypted with that user's public key before being transmitted. This means that security at the remailer-to-`nym' is protected even if respondents do not encode their messages first. Despite being fairly simple to implement (esp. with the availability of PGP) this is not yet available on anon.penet.fi. J. Helsingius has repeatedly reaffirmed his intent to put the feature in a New & Improved Mark II server due sometime in the fall. I've also suggested some improvements to anonymous servers. In particular, I would like to see a sophisticated `nym-management' scheme whereby the user can allocate, redirect, and deallocate addresses at will. Such flexibility and versatility allows many other neat unforeseen uses of the anonymous server. For example, many sysadmins are in the habit of creating new email ID's for each new query posted on Usenet to aid in organizing simultaneous queries. With nym-management a user could do this as well. The user could also receive mailing lists at different addresses. This would be useful under a very radical new capability: local archives. In fact, the transition from anonymous servers to personal rented file spaces may be automatic and seamless in the future. Unfortunately, while there's been a modest proliferation of cypherpunk remailers, and quite a bit of general interest (the recent summer Usenix anonymity conference was attended by a few hundred, see comp.org.usenix), the only server allowing anonymous responses is still Helsingius's anon.penet.fi. (I've not heard a lot about Kleinpaste's.) It seems to me this is an extreme weakness in cyberspace at the moment. When his server went down recently for a few days (from 90 degree weather, damage to the system board) many people were `stranded'. In fact, the only link between a lot of people and their correspondents is that server and its nym-to-address database mapping file, and if anything happened to either many would be disconsolate at minimum. I suspect operators are reluctant to run a `full-fledged' anonymous server because of all the cyberspatial politics & hassle involved for virtually no personal benefit and serious drain on personal time, finances, and cycles. When someone sets up an FTP site they at least are creating a sort of personal library and BBS for perusal. But the anonymous server operator actually is ethically restricted from completely perusing the data spawned by his creation. Hopefully the field will change when there are economic incentives to run an anonymous server. For now we will have to rely on selfless heroes and paternalistic voyeurs. I'll leave it to the reader to sort them out.
participants (2)
-
faust@cd.chalmers.se
-
L. Detweiler