One of the purposes of setting up remailers is to experiment with them, see what kind of emergent behavior appears, see what kind of flaws and obstacles arise, see how they break, etc. Here's one: the compromise of my "anonymity" by one of the folks running a remailer. (Who and where don't matter, just the phenomenon itself.) I used a single bounce without any encryption to send a message and got a query from the owner of the remailer saying "I couldn't help looking through my remailer archives and noticing...." and requesting more information from me!! Hoist by my own petard! Several lessons: * Multiple bounces help, even without encryption, as then the remailer sysop can't be sure who originated the message. * Encryption is of course even more desirable, though a hassle (especially for Mac users). * Remailer sysops should make a point to _not_ look at their remailer archives. In fact, they should discard them immediately (for their own legal protection, and for slightly greater trust amongst users, though this is a hazy area...). (Recall that the "mix" on which our software-based remailers are loosely patterned are "memoryless," i.e., the tamper-resistant modules that implement the receive-decrypt-store-forward protocol have no memory of the mapping between incoming and outgoing messages. In fact, the outside world cannot possibly compromise the protocols to get at this information.) So, my laziness in using only a single bounce, combined with the curiosity of a remailer sysop, breaks the anonymity. Neither surprising nor profound, but I thought you folks would like to know. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP Public Key: by arrangement.
Excerpts from Cypherpunks: 13-Dec-92 A minor experimental result by Timothy C. May@netcom.com:
* Multiple bounces help, even without encryption, as then the remailer sysop can't be sure who originated the message.
Tim, Please tell me if this makes sense: If I wanted to be obnoxious, I could set myself up as a remailer, then screen all incoming messages to see whether they came from other known remailers. If not, then I can archive the message, have a look at it, and maybe compromise the original sender. Is this so? In this case, everyone wanting to use a remailer should in principle *own* a remailer, and you'd probably want your own to be the first remailer. Then, to avoid compromise of the recipient, maybe you'd want yours to be the last remailer. So why not use your own remailer exclusively? To take this to an extreme, set up a remailer and then use this *all* the time for the mail you originate. Does this gain you anything? Just curious. I'm new on the list and might be missing something. Thanks in advance for replies from anyone. Liam Gray
lg2g+@andrew.cmu.edu (Liam David Gray) writes:
If I wanted to be obnoxious, I could set myself up as a remailer, then screen all incoming messages to see whether they came from other known remailers. If not, then I can archive the message, have a look at it, and maybe compromise the original sender.
This is possible only if encryption is not used. With encryption,
only the first remailer knows the sender (but not the plaintext or
recipient) and only the last remailer knows the recipient (but
not the sender or plaintext).
--
Miron Cuperman
participants (3)
-
Liam David Gray -
miron@extropia.wimsey.com -
tcmay@netcom.com