At 10:43 AM -0700 7/24/01, gbroiles@speakeasy.org wrote:

Several years ago, there was discussion on the list about creating headless or throwaway remailers (likely hidden in some institution where they could get power and net access for a long time until they were discovered)- I didn't spend a lot of time thinking about that, because I thought that the necessary Ethernet (or other network) connection which would be made between the hidden machine and the host network would make it easy enough to detect and disable that it wasn't a productive direction for exploration. (There are also any number of legal issues related to trespass, unauthorized network use, etc., which may apply.)

However, that limitation may be withering away, with the spread of 802.11b (or similar) wireless networks - the attached email describes a Seattle-area system apparently set up by Microsoft in a shopping mall providing free network access to people within the reach of its radio units.

An old laptop, a solar panel, some auxiliary batteries, and an 802.11 network card might be able to stay online for a long, long time in that sort of environment.

There are several companies making embedded systems boards that use very little power and are capable of running linux. I don't know if any of them are quite low power enough to run off a solar panel yet, but some of the mips/arm designs might be. It would seem to me that if it's a box you don't expect to get back, it might be a better idea to build a special purpose machine--just the motherboard, 802.11 device and a reduced Linux installation running out of flash ram.

And, if you're the sort that's worried about permission, etc., the nice thing is that these networks are explicitly intended for the use of guests on the premises, so at least the first level of concerns about trespass or unauthorized use are addressed.

Depending on the area covered, you wouldn't even need to trespass. If it's in a mall area, coverage would probably extend to certain areas of the outside of the building where it might be feasible to mount a small enough box that it wouldn't get noticed. Epoxy your box to the wall next to some other sort of electrical equipment (if the interference won't get in the way) and it will probably remain undiscovered for a while.

These days, remailers aren't as exciting as they once were - perhaps the next important tools are going to be Freenet or Mojo Nation nodes - but the combination of wireless access plus anonymous access provides an interesting opportunity for network participants which are physically within a jurisdiction yet unavailable for punishment.

Another interesting possibility is "Public VPNs" (I'm sure someone else has come up with this concept and given it a different name) but use VPN software to establish a connection to a box as described above, and your home IP is lightly masked. It might, given a big enough network, be possible to do some sort of "anonymous packet forwarder" like remailers, only in real time. Well, no. I'm sure it's possible, it'll just take a lot of bandwidth.

On Tue, 24 Jul 2001 gbroiles@speakeasy.org wrote:

forbidden emails or browse hidden sites did that by going to public terminals in libraries or web cafes or [...] - now perhaps they'll do that at Starbucks or the mall, either for free or having paid cash for short-term access via 802.11b wireless.

I heard recently that Starbucks is piloting 802.11b access in selected Manhattan locations. The issue is support, of course - they need to see if they'll have to hire a sysadmin for every Starbucks before rolling it out. I haven't taken my laptop and tried to verify this yet. Matthew Skala had some material on his web page concerning "community wireless" networks, as well, in which people offer free wireless connectivity as a public service. Presumably this too would offer opportunities for anonymous net access. I would be less willing to trust a static box connected to one of these networks, though. Once identified as a remailer, it seems that it might be too easy to track it to its physical location, at which point it can be borged or destroyed. After all, if it's going to be an active remailer, it will be sending and receiving several messages each day. You might try to get around this by developing a protocol in which there are many, many remailers, each of which only speaks once in a very long while. I don't know how easy or hard it is exactly to do this kind of tracking, however, which makes it difficult to say what such a protocol would look like. Perhaps mobile remailers might be more useful or more difficult to track to their physical implementation. The only problem with a mobile remailer is the question of "who's moving it?" (or what). I can imagine a mobile remailer the size of a Walkman without too much difficulty; I can also imagine that if I were to wear such a remailer and walk around in the wrong kind of environment, I'd be asking for a "mugging." or worse. Now that I think about it, it's not clear that wireless actually buys us more than obscurity of physical location. The real win, as you point out, is ease of access and ease of setup. Maybe less dependence on upstream connections, as well, so you can get around the problem of ISPs shutting down remailers for spam. Plus mobile remailers seem to require either a global address space or developing the notion of remailer confederations which allow dynamic leave and join of remailer nodes. I recall that the notion of dynamic collections of remailers came up in at least one previous discussion of disposable remailers. I don't remember that too many conclusions were reached, but it was a while abck. One problem is that an adversary can show up with polynomially many of its closest friends and have them all try to join a remailer confederation at once. While the MIX protocol is theoretically OK as long as even one MIX is honest, this may have bad implications for traffic analysis. Perhaps one thing we could do would be to borrow Levien's advogato metric. Let anyone who wants to start a remailer confederation. They form the root set of the trust metric for that confederation. Anyone can join the confederation's address space, but will start out with no trust links between them and the root set. Nodes can rate each other, establishing trust links. This way you can develop a trust metric / reputation system local to that particular remailer confederation. Now the issues are how the ratings are set up and maybe more important, how routing of messages is influenced by the trust metric. Ratings could be manual. We know how well that works from the PGP web of trust experiment - and here life is harder since remops usually will not know each other personally nor want to. Another issue is dealing with nodes which leave the confederation. What if all the confederation founders leave? what happens to the root set then? Also, building up trust may require time, which makes this unsuitable for nodes which want to pop in for 20 ins and then leave (say their owner is on the freeway). -David