From: Peter Breton <pbreton@cs.umb.edu>
Actually, forging mail at the machine you're on en route to the remailer protects you against:
1) Anyone who can snoop the message headers on the way to the remailer ("Tra la la. Let's keep a little list of everyone using those remailers...")
2) A corrupt remailer operator.
It's not so much a matter of "corrupt" remailer operators. The remailer scripts on the cypherpunks FTP site are distributed with automatic logging of the text of ALL remailed messages by default. This is intended for debugging purposes, but some of the remailers still operate in this mode. This could perhaps provide some protection against liability for operators of remailers, because they can trace back the source of an abusive message that was sent through their remailers. However, it obviously seriously impairs user privacy. The only logs my remailers (on hfinney@shell.portal.com and hal@alumni.caltech.edu) keep are the date and time when they did an operation. No record is kept of any message header or content which would allow re- construction of sender information. The date/time stamps just give me a general idea of how much my remailer is used. However, Eric Hughes has pointed out that most Unix systems can be configured to keep logs of all incoming and outgoing mail. Such logs could be used to reconstruct input/output pairs, by observing that a particular message sent to me was followed by a particular outgoing message a few seconds later. I have not been able to determine whether such logs are kept on the machines I use (the directories which would hold them are protected) but it's safest to assume that they are. I think a better solution to the problem than trying forged mail is to use a chain of cypherpunks remailers, some of which are user-owned and -operated and which (I think) have policies of not keeping content logs. The monthly postings of remailer lists include information on which machines are user- owned, although no information is listed presently about logging. Since the whole point of a remailer is to lose incoming-to-outgoing correspondence, it seems to me that logging should be minimized, otherwise there is little point to running a remailer. Hal Finney hfinney@shell.portal.com
participants (1)
-
hfinney@shell.portal.com