Re: Message Havens
-----BEGIN PGP SIGNED MESSAGE-----
People could use anonymous remailers to send in messages, and use pseudonyms to protect their privacy.
It occured to me that perhaps getting messages to a message haven won't require anonymous mail to protect privacy (who you are communicating with. You would still need to use a remailer to hide the fact you are using the message haven!). In each message, the author could specify what to name the next reply. If messages are encrypted, then all a watcher would see is incoming messages from various people, but not be able to figure out who is reading what message, and what messages are responses to what other messages. This would require the service to reject unencrypted messages, which would be easy enough. But it would still require people to "download" everything and sift through it at home, to hide what messages they are interested in. Karl Barrus klbarrus@owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdG1c4OA7OpLWtYzAQH2MQP/f5M/4QHHHl8qg85ikGCkmFiN6wrs+DHc 3iIpogSO5oj/tJZ0xnHzky8B3Ll2rjmHgW+vH5hxTONw+2TZ5+5aFjJbqCs1pL1a rYFFyUP6AOj3809G1gSuLwa85iw5jY5fT/JZsMH82uL2v5i2839jQDZo1SCHff/1 77gQgjP9Agk= =7p6A -----END PGP SIGNATURE-----
Downloading the whole message base to scan for one's messages will place a massive load on net.resources, and probably a prohibitive load on most people's terminals. This scheme should avoid this nescessity: Alice wishes to write a message anonymously to Bob. They have agreed in previous communications that their tag is the string "foo". Alice writes her messages, and encrypts it with Bob's public key. She then prepends the tag. It looks like this: Tag: foo --- Begin Pgp Message --- zxcvm,/asdfjk;qup .... iuerpw,d,fy --- End Pgp Message --- Next, she encrypts this with the gopherhole's public key. The resulting message is posted to the gopherhole, where it is decrypted and made available for all to download. Now, Bob enters the gopherhole and instructs it to download all messages with the tag of "foo". To thwart trafic volume analysis, he also downloads messages with tags "bar", "baz" and "quux", which he then discards. Problems: The gopherhole must be trusted not to divulge which posts came from who, and it's key must not be compromized. A tap on Bob's line shows that he /may/ have a connection with the "foo" tag. However, the only person that knows anything about that tag is Alice. Thus, the other party in the conversation must colaborate in an attack, probably ruining her anonymity. Comments?
Downloading the whole message base to scan for one's messages will place a massive load on net.resources, and probably a prohibitive load on most people's terminals. This scheme should avoid this nescessity:
Alice wishes to write a message anonymously to Bob. They have agreed in previous communications that their tag is the string "foo". Alice writes her messages, and encrypts it with Bob's public key. She then prepends the tag. It looks like this:
Tag: foo --- Begin Pgp Message --- zxcvm,/asdfjk;qup .... iuerpw,d,fy --- End Pgp Message ---
Next, she encrypts this with the gopherhole's public key. The resulting message is posted to the gopherhole, where it is decrypted and made available for all to download.
Now, Bob enters the gopherhole and instructs it to download all messages with the tag of "foo". To thwart trafic volume analysis, he also downloads messages with tags "bar", "baz" and "quux", which he then discards.
Why can't gopherhole send a random number of messages with a user selected cap? Bob just sends one tag request encrypted with gopherhole's public key, and gets between 5 and [User cap] messages. Even better, (Light bulb) Bob can send the number of messages he is currently equipped to filter along with the tag and gopherhole can modify this just a touch +/- 10% say just to keep Bob from getting lazy and asking for the same number all the time. Bob can then filter the tags himself with procmail or something. Just seems simpler and easier on the user while harder on traffic analysis.
Problems: The gopherhole must be trusted not to divulge which posts came from who, and it's key must not be compromized.
Same as remailers really. Perhaps there is a way to chain message havens?
A tap on Bob's line shows that he /may/ have a connection with the "foo" tag. However, the only person that knows anything about that tag is Alice. Thus, the other party in the conversation must colaborate in an attack, probably ruining her anonymity.
With the right randomization and frequent tag changes, it is hard to associate bob with any tag. This problem becomes increasingly difficult if one introduces randomly generated tags and pgp messages and if the user keeps the message cap high (25-30). Bandwidth simply cannot be saved if the attacker is getting the downlink from gopherhole if you are using a tag system like this. The user just has to deal with 30 messages to best avoid the traffic analysis on this side. A tap on bob's line reveals that he may have a connection with any of 25-30 real or imaginary tags. One less thing to go on if you are an attacker, fake tags are a real headache. Some clever filtering method for tags would be a nice touch. All lowercase, all between four and seven letters and nouns or something...?
Comments?
Nice structure. -uni- (Dark)
Why can't gopherhole send a random number of messages with a user selected cap?
Bob just sends one tag request encrypted with gopherhole's public key, and gets between 5 and [User cap] messages. Even better, (Light bulb) Bob can send the number of messages he is currently equipped to filter along with the tag and gopherhole can modify this just a touch +/- 10% say just to keep Bob from getting lazy and asking for the same number all the time. Bob can then filter the tags himself with procmail or something. Just seems simpler and easier on the user while harder on traffic analysis.
Of course! If the gopherhole already has a keypair, it may as well be used as much as possible. Good idea.
With the right randomization and frequent tag changes, it is hard to associate bob with any tag. This problem becomes increasingly difficult if one introduces randomly generated tags and pgp messages and if the user keeps the message cap high (25-30). Bandwidth simply cannot be saved if the attacker is getting the downlink from gopherhole if you are using a tag system like this. The user just has to deal with 30 messages to best avoid the traffic analysis on this side. A tap on bob's line reveals that he may have a connection with any of 25-30 real or imaginary tags. One less thing to go on if you are an attacker, fake tags are a real headache. Some clever filtering method for tags would be a nice touch. All lowercase, all between four and seven letters and nouns or something...?
Yeah, it certainly isn't trivial to attack. However, I'd like to make sure that it's proveably hard. I'll sit down tonight and try to muddle through it.
-uni- (Dark)
Doug
participants (3)
-
Black Unicorn -
Karl Lui Barrus -
SINCLAIR DOUGLAS N