-----BEGIN PGP SIGNED MESSAGE----- Bill O'Hanlon <wmo@digibd.com> wrote:

In that case, even if I were to keep logs, all that anyone would know from a message is that a particular user used a remailer, or that a particular cleartext message had a certain remailer as its jumpoff point. Not both. (Unless, of course, I'm in collusion with other remailer operators. But that'salso a non-code issue.)

Collusion wouldn't be necessary. If an interested party, such as a "TLA" were to follow the chain backwards, seizing the logs at each successive link, they could eventually find the originator of the message. (This assumes that the logs were detailed enough to record each incoming and outgoing message, and match them up.)

My personal situation is, I run a remailer on a home Unix machine via a phone line UUCP feed. I am the only user of this machine, so I do not have to defend against users with local access. My efforts are intended to block the following foes: my service provider and any node upstream of it, thieves/misguided law enforcement types, and phone taps. Encrypting something that I receive in the clear over an insecure line isn't useful.

It is useful against after-the-fact snooping. If they're monitoring you in advance, then no, it wouldn't be of much help. But let's say that someone were to anonymously post a portion of the classified Clipper algorithm to Usenet, with an indication that the rest was to follow in multiple installments. There would be a very strong incentive for some TLA to attempt to trace and arrest this individual before the algorithm was further compromised, even if full-time monitoring of remailers wasn't already on their agenda. If logs were not kept, or were securely destroyed often enough, then by the time the message came out in the clear, the data needed to trace through the early links in the chain would already be gone. -- "Diogenes II" -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlLAQuRsd2rRFQ1JAQGutgQAmejmA2jS70yGUxT3dJrUnAkshdN28RHy 6pcndcbDsb7Ink4h0eAUMnGN7jxIok+1ltZQK4Lo+nFWCnerAmWd0mT5KihxkRb7 Yyl0cxYqpjD53uTHMZoIS7wyOy9SYPDX3qyNjzo4N6L5KQ1OaksZ+6kUAxVh07cO UqhmI61ZUjE= =R4sg -----END PGP SIGNATURE-----