After sending the attached message to Johan Helsingius, I decided it might be of general interest to the Cypherpunks list. It's a message I sent out in December, originally, and which got debated. Johan's concern about my "accusations" suggests there may be enought newcomers to the list to justify republication of posts. --Tim From: tcmay (Timothy C. May) Subject: Re: Communications Policy To: julf@penet.FI (Johan Helsingius) Date: Thu, 21 Jan 93 9:49:00 PST

...

e-mail system kept by sysadmins. Sort of like the archives being kept by some of the so-called anonymous remailers!)

Hmmmm.... I find the accusation about anonymous remailers pretty strong. If you have proof of stuff like that happening, or even reasonable cause for suspicions, I feel the accusations and names of the sites should be published as widely as possible. That is the only way we can stop such unethical behavior.

Johan, Attached below is the message I sent to the Cypherpunks list in December, about remailers keeping logs. As I said in my message today to the list, there was a debate about this, and an admission by several remailers that they keep archives. From: tcmay@netcom.com (Timothy C. May) Message-Id: <9212140649.AA12228@netcom.netcom.com> Subject: A minor experimental result To: cypherpunks@toad.com Date: Sun, 13 Dec 92 22:49:45 PST One of the purposes of setting up remailers is to experiment with them, see what kind of emergent behavior appears, see what kind of flaws and obstacles arise, see how they break, etc. Here's one: the compromise of my "anonymity" by one of the folks running a remailer. (Who and where don't matter, just the phenomenon itself.) I used a single bounce without any encryption to send a message and got a query from the owner of the remailer saying "I couldn't help looking through my remailer archives and noticing...." and requesting more information from me!! Hoist by my own petard! Several lessons: * Multiple bounces help, even without encryption, as then the remailer sysop can't be sure who originated the message. * Encryption is of course even more desirable, though a hassle (especially for Mac users). * Remailer sysops should make a point to _not_ look at their remailer archives. In fact, they should discard them immediately (for their own legal protection, and for slightly greater trust amongst users, though this is a hazy area...). (Recall that the "mix" on which our software-based remailers are loosely patterned are "memoryless," i.e., the tamper-resistant modules that implement the receive-decrypt-store-forward protocol have no memory of the mapping between incoming and outgoing messages. In fact, the outside world cannot possibly compromise the protocols to get at this information.) So, my laziness in using only a single bounce, combined with the curiosity of a remailer sysop, breaks the anonymity. Neither surprising nor profound, but I thought you folks would like to know. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP Public Key: by arrangement.