anonymous mailboxes
Some time ago I heard about Lucky Green's then-immature scheme for anonymous email boxes, whereby a user can receive email and even a traffic analysis attacker is unable to glean information about who received what when. I forget exactly what ve called vis method... Is there a paper available anyplace? Has the scheme been validated mathematically? Has it been implemented? ::sprokkit:: ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
It was not my scheme. I simply gave a presentation at HIP of a system that was designed by a person wishing to remain anonymous. Much of the design has changed since. I am not at liberty to discuss futher details. The original presentation in MS PowerPoint format is still sitting at http://www.cypherpunks.to/~shamrock/anonmail.ppt I have no plans to update or convert this particular presentation. On Thu, 4 Jun 1998, Sprokkit Amhal wrote:
Some time ago I heard about Lucky Green's then-immature scheme for anonymous email boxes, whereby a user can receive email and even a traffic analysis attacker is unable to glean information about who received what when. I forget exactly what ve called vis method...
Is there a paper available anyplace?
Has the scheme been validated mathematically?
Has it been implemented?
::sprokkit::
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
-- Lucky Green <shamrock@cypherpunks.to> PGP v5 encrypted email preferred. "Tonga? Where the hell is Tonga? They have Cypherpunks there?"
On Thu, 4 Jun 1998, Sprokkit Amhal wrote:
anonymous email boxes, whereby a user can receive email and even a traffic analysis attacker is unable to glean information about who received what when. I forget exactly what ve called vis method...
One way to do pseudonymous email boxes is to use a web-based mailbox server such as hotmail and pick up the mail through anonymizers or onion routers. Obviously you need SSL for the anonymizer connections, and for the mailbox connection as well, and the name of the mailbox needs to be in the encrypted portion of the SSL requests rather than in the sniffable URL parts. The main threat is eavesdroppers watching the anonymizers over a period of time, picking up patterns that may not show during a single mail pickup. So you need enough anonymizers out there, or enough cover traffic on a smaller number of anonymizers, but it should basically be doable. It also helps if you can send mail to the mailer using the web, with SSL and chains of anonymizers to do it, to protect the sender, but anonymous remailers can also solve that problem. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (3)
-
Bill Stewart -
Lucky Green -
Sprokkit Amhal