In message <199408110212.TAA17672@ucsd.edu> Lance Cottrell writes:
If anyone cared enough, what they would do is (a) put up enough remailers so that they were, say, a steady 80% of those announcing in the alt.x group; (b) provide a good, reliable service nearly all of the time; and (c) drive the other 20% out of business with a steady disinformation campaign (rumors, complaints, etc) and other more aggressive tactics. The FBI types running (a) and (b) would be well funded and they would be the sort of steady, unimaginative people who run small businesses well. The CIA field agents masterminding (c) would be very well funded network freaks, some of them ex-hackers. They could operate outside the USA and pay little or no attention to US laws. Pity the poor 20% in the face of such attacks.
Any traffic sent through this remailer network would have only a tiny chance of getting through without being compromised. If you picked 5 remailers, the chances of all being non-FBI would be about .2^5, 3 in 10,000. The other 9,997 messages would be copied immediately to Langley.
I fear that you have the math wrong. The odds that the path would be compromised (that is all five nodes are FBI) is 1-(.8^5) = .67
Actually, the odds are better than this, .8^5, about 0.33. You will be compromised "only" 1/3 of the time. But if you are sending regular messages to another party, then traffic analysis will quickly show that you are communicating, because even if the boys at Langley are really dumb, you won't make send more than two or three messages without having all the cherries lining up. You will be protected if you have encrypted your messages, but using a remailer network offers little additional protection.
If I understand your system one compromised node is a total loss for that message.
No, as I have said elsewhere, I think that an 'empowered user' of RN0.2 can communicate with another empowered user through a completely compromised network with little risk, so long as there are many other such users. This is because the compromised gateways will not be able to tell when and whether either of the users is actually communicating. -- Jim Dixon
participants (1)
-
jdd@aiki.demon.co.uk