Marc Ringuette worries about anonymous messages flooding the nets:

I wonder if full crypto anonymity as we envision it will be stable? I'm very concerned about the problem of anonymous users intentionally flooding the network with garbage in order to bring it to its knees. Current practice, in the non-anonymous world, is to trace excess traffic to its source and stop it from being generated. This will no longer be possible when true anonymity is available.

The simple solution: paid transmissions. Remailers pass on messages only if they receive the payment they've announced is their fee. While _some_ remailers may pass on messages for free (charity, policy, etc.), _their_ recipients are under no obligation (obviously) to continue to forward them if no postage is attached. This means the nets may indeed be filled with junk, but at least somebody has to pay for it--and the remailers are making nice profits. Economics thus provides a damping effect against runaway situations (as it does in so many areas that at first seem unstable). (The analogy with junk mail in the current postal system is apt: you may not like getting 10 pieces of junk mail a day, but at least you never have to pay for it directly...and the Postal System _likes_ "direct mail" (junk mail), as it pays the bills.)

This would particularly be a problem if a remailer is willing to forward an incoming message to more than one destination. In that case, by sending a single anonymous message, a saboteur could generate an exponential amount of net traffic. This would be bad.

Again, a remailer "willing to forward" to multiple destinations must pay for the transmission--and the recipients will of course look to see that _their_ remailing fees are paid. It is thus extremely expensive to "flood" the nets, as each message costs some amount to transmit to remailers, to remail, etc. And don't forget that most folks will likely have various forms of reputation filters running. The may scan incoming messages for interesting content, for messages from senders known to them, etc. As with our ordinary mail, the junk can be thrown away very quickly.

Two basic precautions for a remailer to take are 1. To require a 1-1 correspondence between input and output messages. 2. To require that the address portion of the message shrink at each step (preventing infinite loops). If this is done, then the saboteur's original message can be at most n-fold replicated, where n is the maximum number of remailer hops allowed.

Fine, some remailers may insist on a 1-1 correspondence, others may remail to as many sites as postage is provided for. The market can then decide which remailer to use. Businesses who take all paying customers generally outcompete those with arbitrarily set policies or their own ideas of rationing services (e.g., "But, sir, we can't let you buy five tubes of toothpaste--what if _everyone_ tried to buy five tubes?").

However, I still have some fundamental concerns that an anonymity-based system is vulnerable to flooding and denial of service by the bad guys, including Big Brother, who may wish to prevent effective use of such systems. This may make operating a remailer a difficult proposition.

I'm discouraged. Any thoughts?

Little need to be discouraged. There are a great many "covers" for anonymous mail, including legal consultations (attorney-client privilege), psychiatric consultations (ditto), religions ("Digital Confessionals--the Latest in Catholic Computing"), games (role-playing), and "personals" ads (as in newspaper ads that match partners, dates, etc., except mediated electronically in this case). Stopping any one of these will be tough, stopping them all would be very hard indeed. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available.