Re: CIA@funet.fi ?
: From: paulj@xs4all.hacktic.nl (Paul Jongsma) : Well don't think the funet.fi one is a CIA setup, but i know for sure that : anon@hacktic.nl isn't..... The trouble with the cypherpunk remailers is there isn't a single one of them I'd trust. The overwhelming credo of the sort of person I've met in this area is that they want extreme absolute privacy for *themselves* but sneak and spy on everything they possibly can about everyone else. (Oops - that sounds bad - I don't specifically mean the people who run cypherpunk remailers; I mean people who're obsessive about secrecy in general and hackers in particular. Secretive hackers being the worst.) And you can take it as read that every remailer will be logged by the Black Hats too. Only double-blinded *encrypted* remailing is going to have any chance of maintaining secrecy, and then only if you go out of your way to explicitly chain round dozens of remailers in the hope of finding *one* that isn't compromised. (And that, only if all the remailers are regularly spoofing traffic between themselves to foil traffic analysis) G
Graham Toal <gtoal@an-teallach.com> wrote:
: From: paulj@xs4all.hacktic.nl (Paul Jongsma)
: Well don't think the funet.fi one is a CIA setup, but i know for sure : that anon@hacktic.nl isn't.....
Graham Toal seems to have drug this thread to cypherpunks from alt.2600... Anyway, I tried the remailer at hacktic.nl and the mail bounces... The remailer does not seem to be working.
And you can take it as read that every remailer will be logged by the Black Hats too. Only double-blinded *encrypted* remailing is going to have any chance of maintaining secrecy, and then only if you go out of your way to explicitly chain round dozens of remailers in the hope of finding *one* that isn't compromised. (And that, only if all the remailers are regularly spoofing traffic between themselves to foil traffic analysis)
I doubt it... most of the time the system administrators aren't even aware of the remailer, much less the TLAs.
Graham Toal writes:
The trouble with the cypherpunk remailers is there isn't a single one of them I'd trust. The overwhelming credo of the sort of person I've met in this area is that they want extreme absolute privacy for *themselves* but sneak and spy on everything they possibly can about everyone else. (Oops - that sounds bad - I don't specifically mean the people who run cypherpunk remailers; I mean people who're obsessive about secrecy in general and hackers in particular. Secretive hackers being the worst.)
I agree that more robust, more automated (less human intervention), reputation-based remailers are needed. And the inevitable "abuse" of remailers (such as with death threats, mail bombs to newsgroups, etc.) needs to be treated differently, in the long term, than by compromising the security. (A Chaumian mix would have no manual system for overriding security of course.) Having said this, we're just beginning to learn about the practical problems of remailers: the flakiness, the scheduling of multiple, slightly incompatible remailers, and the reactions to abuse. This learning process is what we expected, I think.
And you can take it as read that every remailer will be logged by the Black Hats too. Only double-blinded *encrypted* remailing is going to have any chance of maintaining secrecy, and then only if you go out of your way to explicitly chain round dozens of remailers in the hope of finding *one* that isn't compromised. (And that, only if all the remailers are regularly spoofing traffic between themselves to foil traffic analysis)
I agree with Graham that several things are needed: - more consistency and reliability, to make use of chains of remailers acceptably convenient (In my opinion, digital postage, with a _profit motive_ attached to the operation of remailers, will ultimately make for less flakiness, greater reliability, and an incentive to deploy more remailers and then keep them up and running in a consistent way.) - encryption through each remailer, for several reasons - off-shore sites, out of the main jurisdictions (U.S., mainly), so that some of the remailer hops can be located outside the domain of any one nation's law enforcement powers - padding, latency, background traffic, etc., to make traffic analysis much harder I think some of these things are happening, what with new software from Karl Barrus, Sameer Parekh, and others, but there's a long way to go. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
participants (3)
-
Graham Toal -
Matthew J Ghio -
tcmay@netcom.com