Re: Remailer Attack
-----BEGIN PGP SIGNED MESSAGE----- Robert A. Costner wrote:
At 03:03 AM 9/26/97 -0400, Monty Cantsin wrote:
Right now it's [the remailer network] sort of usable, but only for the dedicated, and there aren't many of us. I seem to be the only persistent authenticated nym who posts with any frequency. ... One problem with operating a nym is that people almost always respond to it with suspicion and hostility, even on this list. It would be nice to have an ordinary looking e-mail address that took in messages, encrypted them for your public key, and then sent them out to alt.anonymous.messages for pickup. Going the other way it would be nice if the account would accept signed messages and send them out as normal e-mail or news articles. This would allow nyms to participate in NetWorld like everyone else.
Your desired functionality seems to be describing the operation of a nym server, which you are not using.
No, the nym servers differ in two important ways. 1. They use a reply block so your true identity lies encrypted beneath the public keys of several remailers. I would rather the message went to alt.anonymous.messages. (I guess this could be jury-rigged by supplying a reply block which sends the messages to a Usenet gateway.) Didn't the weasel remailer operator recently move his accounts over to redneck because of police interest? Weren't we reassured that no identities were revealed and that they wouldn't be revealed? That should be a good illustration of the weakness of a reply block to an ordinary e-mail address. Also, by my reading of the "uptime" statistic in Raph's remailer chart, a reply block is not going to be very reliable for receiving mail. Are there any nyms out there using the nym servers who will endorse the reliability of reply blocks? Would you run a business using them? 2. The nym servers advertise that the accounts are nyms through the choice of domain names. So, presumably, people will respond with the same hostility that they respond to any other anonymous message. I presume the remailer operators want to minimize the number of times somebody is defrauded through an anonymous account. But, by the same logic, ISPs should carefully identify their customers the same way a bank does. E-mail addresses should not be used as an authentication method. Monty Cantsin Editor in Chief Smile Magazine http://www.neoism.org/squares/smile_index.html http://www.neoism.org/squares/cantsin_10.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBNCvO2paWtjSmRH/5AQEuFQf5AUPisKJypoHrU7H2Oi8bbs2GSBP+IvS3 iQJd+JO7rQv6h8rZ/qPKrgZOViAz95xNCVHLabQsIZKPJxxhjV94obu5k2+QW06S i7PrsQM9y4+G611Cej5ND2axo9yDxprOV3/IQ/VuXvmXxyK8Xeg4Wt7GD/Skatc9 dVvTwPCD523tZJeYvKSq9l4AE/Gum+7LTEmWewz36dOm9dNokrRLcM3IqDhzhigW np9tFPxwdrVy2AEDl8RCg8oAVzJt1sjW7CytuCK3kOyeh9hF0NlcSgE+BtMoVoqW IhMVVeD4pMjeHWohAfyTuEEzDRPkNdBf/9YUulik+aMkR4TWnXUG+A== =xYd9 -----END PGP SIGNATURE-----
At 01:19 PM 9/26/97 -0400, Anonymous (Monty Cantsin) wrote:
No, the nym servers differ in two important ways.
1. They use a reply block so your true identity lies encrypted beneath the public keys of several remailers. I would rather the message went to alt.anonymous.messages.
This is an interesting idea. I'm going to forward it to the remailer-politics list and see what people there think of the idea.
Also, by my reading of the "uptime" statistic in Raph's remailer chart, a reply block is not going to be very reliable for receiving mail.
The Redneck remailer, for instance, has a 99+% uptime rate. The reason for this being high is that it is run under a business model. The connectivity basically cannot go down. There has only been 23 minutes of connectivity downtime in the last year. Redneck is run on a business quality network with multiple backbone feeds. But things break down after that. Redneck also runs on an underpowered 486 with no "hotfix" backup machine. It is not considered to be a mission critical piece of equipment. I might notice Redneck have a problem at 1:00 am, but it can wait until in the morning to get fixed. Situations like this, combined with software upgrades account for downtime. Back to your question of latency, the actual latency on Redneck is about six seconds if chaining is not used. This is "high" because the remailer runs on an underpowered machine. If the machine is not doing its thing for any length of time, then the figure will go up dramatically, which is why you see the two minute latency now. Cracker however is *designed* to have additional latency. The figure shown is twenty something minutes, but actual latency of an individual message cannot be determined. Conceivably, it could be much higher or lower on any given message. The latency could be under 60 seconds during a busy time, or could be hours during a slow time.
2. The nym servers advertise that the accounts are nyms through the choice of domain names. So, presumably, people will respond with the same hostility that they respond to any other anonymous message. I presume the remailer operators want to minimize the number of times somebody is defrauded through an anonymous account.
This is similar to the AOL effect. It is often hard to have respect for an unknown poster from AOL. The remailer at EFGA is new. I've come to realize that this natural hostility towards a remailer is a good reason to put the remailer on a separate domain. We might do this. -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key
participants (2)
-
Anonymous -
Robert A. Costner