Does anyone have any suggestions for setting up an anonymous remailer? I found a FAQ from a "Cypherpunks Home Page" mirror, but that's from _1993_! I assume there's more recent work out there somewhere, but I didn't see anything on Google or Packetstorm, nor mentioned in Phrack or some other zines. I'd like a HOWTO, suggesting software to use and how to set it up. I'm pretty clueless as to what would be needed, but I have a FreeBSD box and a DSL line with no usage restrictions. If need be I can set up another box, dedicated to this purpose. I should have the means once I get whapped with a cluestick. I'd also like discussions of real-world problems that people have found. What kind of things cause you to think about shutting down your remailer? Technical abuse, legal difficulties, or what? Thanks, SRF -- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net
On Mon, 2 Oct 2000, Steve Furlong wrote:
I'd also like discussions of real-world problems that people have found. What kind of things cause you to think about shutting down your remailer? Technical abuse, legal difficulties, or what?
Lawyer fees. There is no clear mechanism to fund anonymous remailers and their resource requirements can be potent. ____________________________________________________________________ He is able who thinks he is able. Buddha The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
You need to find the remailer operators mailing list. But I'd be interested in hearing some folks running remailers answer your question. -Declan At 22:59 10/2/2000 -0400, Steve Furlong wrote:
Does anyone have any suggestions for setting up an anonymous remailer? I found a FAQ from a "Cypherpunks Home Page" mirror, but that's from _1993_! I assume there's more recent work out there somewhere, but I didn't see anything on Google or Packetstorm, nor mentioned in Phrack or some other zines.
I'd like a HOWTO, suggesting software to use and how to set it up. I'm pretty clueless as to what would be needed, but I have a FreeBSD box and a DSL line with no usage restrictions. If need be I can set up another box, dedicated to this purpose. I should have the means once I get whapped with a cluestick.
I'd also like discussions of real-world problems that people have found. What kind of things cause you to think about shutting down your remailer? Technical abuse, legal difficulties, or what?
Thanks, SRF
-- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net
Jim Choate wrote:
On Mon, 2 Oct 2000, Steve Furlong wrote:
I'd also like discussions of real-world problems that people have found. What kind of things cause you to think about shutting down your remailer? Technical abuse, legal difficulties, or what?
Lawyer fees. There is no clear mechanism to fund anonymous remailers and their resource requirements can be potent.
Quite a reasonable answer in today's America. But how much of your answer is supposition based on the general climate and how much is actual cases? If a remailer accepts all comers, with no filtering of content, can he claim common carrier exemption from liability, or has that been taken away <bleat>for the chiiiildren</bleat>? In my case, I already have the hardware and DSL line, so the physical cost might be a little extra electricity. No funding is necessary unless the usage is so high that my ISP bitches at me. Personal time involved in maintaining the system will, I hope, be low; if it's more than negligible I won't be able to do it. I can see the sense of running the plan past a lawyer, but why would there be a continuing expense in this area? Thanks, SRF -- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net
At 10:59 PM -0400 10/2/00, Steve Furlong wrote:
Does anyone have any suggestions for setting up an anonymous remailer? I found a FAQ from a "Cypherpunks Home Page" mirror, but that's from _1993_! I assume there's more recent work out there somewhere, but I didn't see anything on Google or Packetstorm, nor mentioned in Phrack or some other zines.
Perhaps Google is blocking you, as I was able to find more recent pages, including: http://www.obscura.com/~loki/remailer/mixmaster-faq.html http://anon.efga.org/~rlist/ http://www.skuz.net/potatoware/reli/OperMan.htm (This last one is a detailed page on setting up a client.) I agree that there seem to be fewer, proportionately, articles than in the heyday of remailers, circa 1994-5. Why there are not more "How to Set Up a Remailer" current FAQs and pages is unclear. Making remailers easy to set up, especially in this era of Linux and DSL/cable modems, would seem to be a big win.
I'd like a HOWTO, suggesting software to use and how to set it up. I'm pretty clueless as to what would be needed, but I have a FreeBSD box and a DSL line with no usage restrictions. If need be I can set up another box, dedicated to this purpose. I should have the means once I get whapped with a cluestick.
I'd also like discussions of real-world problems that people have found. What kind of things cause you to think about shutting down your remailer? Technical abuse, legal difficulties, or what?
As Declan said, find the Remailer Operators list. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
On Tue, 3 Oct 2000, Steve Furlong wrote:
Quite a reasonable answer in today's America. But how much of your answer is supposition based on the general climate and how much is actual cases? If a remailer accepts all comers, with no filtering of content, can he claim common carrier exemption from liability, or has that been taken away <bleat>for the chiiiildren</bleat>?
Actual cases of what? Remialers win very few cases. Ask the remailer operators how many complaints they handle per day and how much money and time comes out of their pocket with little hope of recovery. You can't 'claim' commen carrier, that must be earned by going through a long difficult process of vetting through the government. Besides, commen carrier status brings with it lots of other aspects such as covert regulation by your 'public utility commission' or whatever they call it that reduce your freedom. You should talk to a real lawyer about the various aspects of remailer operation. I did several years ago when the Austin Cypherpunks was running kourier.ssz.com. It was clear that to do it right was going to be very expensive.
In my case, I already have the hardware and DSL line, so the physical cost might be a little extra electricity. No funding is necessary unless the usage is so high that my ISP bitches at me. Personal time involved in maintaining the system will, I hope, be low; if it's more than negligible I won't be able to do it. I can see the sense of running the plan past a lawyer, but why would there be a continuing expense in this area?
It isn't a technical issue that makes remailers hard, it's the people side of thing. You really should have a lawyer look this over, especialy your ISP contract. ____________________________________________________________________ He is able who thinks he is able. Buddha The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Mon, 2 Oct 2000, Jim Choate wrote:
On Mon, 2 Oct 2000, Steve Furlong wrote:
I'd also like discussions of real-world problems that people have found. What kind of things cause you to think about shutting down your remailer? Technical abuse, legal difficulties, or what?
Lawyer fees. There is no clear mechanism to fund anonymous remailers and their resource requirements can be potent.
By the way, reading the newsgroup alt.privacy.anon-server offers a view as to what one anon-remailing "scene" looks like these days. Lots of stories there about experiences running remailers, dealing with ISPs, complaints from recipients, and so on. -David
On Tue, 3 Oct 2000, Steve Furlong wrote:
cost might be a little extra electricity. No funding is necessary unless the usage is so high that my ISP bitches at me. Personal time involved in maintaining the system will, I hope, be low; if it's more than negligible I won't be able to do it. I can see the sense of running the plan past a lawyer, but why would there be a continuing expense in this area?
People will use your remailer to send spam and death threats. There may even be people who will use your remailer to send spam and death threats to themselves, simply because they hate remailers. The recipients will contact you and your ISP. Repeatedly. My impression from reading alt.privacy.anon-server is that for many ISPs, it doesn't take too much of this before the ISP asks the remailer to leave. It's not a question of legal liability so much as the spam and the hassle. (An example of how life is lived mainly outside the law, though maybe in view of it.) You can implement spam-blocking filters on your remailer...but that's another can of worms. -David
On Tue, 3 Oct 2000, dmolnar wrote:
but why would there be a continuing expense in this area?
People will use your remailer to send spam and death threats. <snipage> The recipients will contact you and your ISP. Repeatedly.
One of the ways to mitigate this risk is to set up your remailer in middleman mode (at least in 2.9beta23). To quote from the installer: Mixmaster can be installed in the low-maintenance `middleman' mode. In that mode, it will send mail to other remailers only, to avoid complaints about anonymous messages. Obviously this isn't a perfect solution, but it helps somewhat. It's what I'm planning on doing until I can familiarize myself with the legal ramifications of running an "open" remailer. -Ryan -- Ryan McBride - mcbride@countersiege.com Systems Security Consultant Countersiege Systems Corporation - http://www.countersiege.com
On Tue, 3 Oct 2000, Ryan McBride wrote:
Mixmaster can be installed in the low-maintenance `middleman' mode. In that mode, it will send mail to other remailers only, to avoid complaints about anonymous messages.
Obviously this isn't a perfect solution, but it helps somewhat. It's what I'm planning on doing until I can familiarize myself with the legal ramifications of running an "open" remailer.
It's a nice first step...it's just that if an adversary knows you are running a middleman and has control over one of the hosts relaying mail for your ISP, it may be able to 1. send mail ostensibly to a legitimate, remailer address via your "middleman" remailer 2. intercept the message you send out at the captured mail relay 3. change the header so the mail you thought was going to a remailer ends up in someone else's e-mail account. or maybe the e-mail account of the adversary so he can pose as an aggreived user. A contact to the ISP follows. You can try to convince your ISP that "no, this shouldn't happen because I'm running as a middleman," but it's not clear how you could prove that you're under this kind of attack. The threat here is an adversary who wants to see the remailer go down, but is unwilling or unable to just mailbomb it. The adversary succeeds after your ISP gets enough complaints about your crappy remailer administration to pull the plug. I'd have to go read the code to figure out whether a plaintext message could be sent this way, or just a message actually encrypted to another remailer. Might not be so bad if only encrypted messages go through, but if an adversary can get plaintext messages through then you seem to have the same possible exposure as if you were a public remailer. (though in real life, of course, it will be much less because who's going to do this?) -David
On Wed, 4 Oct 2000, dmolnar wrote:
if an adversary knows you are running a middleman and has control over one of the hosts relaying mail for your ISP, it may be able to
1. send mail ostensibly to a legitimate, remailer address via your "middleman" remailer
2. intercept the message you send out at the captured mail relay
3. change the header so the mail you thought was going to a remailer ends up in someone else's e-mail account. or maybe the e-mail account of the adversary so he can pose as an aggreived user.
A contact to the ISP follows. You can try to convince your ISP that "no, this shouldn't happen because I'm running as a middleman," but it's not clear how you could prove that you're under this kind of attack.
An individual can simply fabricate an e-mail outright (requesting the help file to provide himself with an easily-modified template and log entries on on the mail relayy) or just not even show it. "Umm...Like I got this death threat... but I deleted it" would be sufficient for some of the more spineless providers.
I'd have to go read the code to figure out whether a plaintext message could be sent this way, or just a message actually encrypted to another remailer.
It seems as though if you're running as a middleman and you encounter a plaintext message, it'll encrypt the message with the next remailer's key before it mails it out. But I only took a quick look at the code. -Ryan -- Ryan McBride - mcbride@countersiege.com Systems Security Consultant Countersiege Systems Corporation - http://www.countersiege.com
At 09:26 AM 10/3/00 -0400, dmolnar wrote:
People will use your remailer to send spam and death threats. There may even be people who will use your remailer to send spam and death threats to themselves, simply because they hate remailers. The recipients will contact you and your ISP. Repeatedly.
You could set up a remailer which is never an exit point for mail, so that your ISP never gets the flak. This could still provide an entrance point (e.g., SSL'd webform to encourage use) and also participate in the randomly-store-and-forward mix-infrastructure. This of course regresses the problem to the exit nodes. But it encourages more anonymizing infrastructure. "The electron, in my judgment, is the ultimate precision-guided munition." -John Deutsch, CIA Director
On Wed, 4 Oct 2000, David Honig wrote:
This of course regresses the problem to the exit nodes. But it encourages more anonymizing infrastructure.
Yes, running a middleman is a good idea. Unfortunately if an adversary knows you're running a middleman, it seems that he can make it seem as though you're sending spam and so on (or just claim it w/o proof, depending on ISP). My impression is that there are some people out there actively going after remailers, but it's a vague impression. -David
On Wed, 4 Oct 2000, David Honig wrote:
This of course regresses the problem to the exit nodes. But it encourages more anonymizing infrastructure.
One variation of the original proposal would be to only allow egress to addresses known to lay in a jurisdiction different from the one in which the remailer resides. I know, the problem is nontrivial with all the dotcom addresses and such around. Does doing a DNS lookup and working on IP addresses help? Sampo Syreeni <decoy@iki.fi>, aka decoy, student/math/Helsinki university
On Thu, 5 Oct 2000, Sampo A Syreeni wrote:
On Wed, 4 Oct 2000, David Honig wrote:
This of course regresses the problem to the exit nodes. But it encourages more anonymizing infrastructure.
One variation of the original proposal would be to only allow egress to addresses known to lay in a jurisdiction different from the one in which the remailer resides. I know, the problem is nontrivial with all the dotcom addresses and such around. Does doing a DNS lookup and working on IP addresses help?
Nope. Unfortunately it does not. Deriving the geographical location from an IP address and a DNS name is not always feasible. There are a couple of big ISPs (UUNet/Worldcom comes to mind) which have allocated huge chunks of IP space which then get re-allocated to their regional providers in different countries. Of course there is some scheme involved in this process which could be reversed to get to the geographical location, however it will not always be readily apparent how it works. What one could do however is have the remailer pass on every message which has a recipient address that is *known to be in a jurisdiction that is different from the remailers*. You will not be able to reach each and every target then, but at least it's better than nothing. On the other hand I remember that the Curch of Scientology was able to have an impact on anon.penet.fi despite the fact that this remailer was outside of US jurisdiction. Maybe we have to come up with a list of "incompatible" jurisdiction systems to avoid this sort of thing from happening again. Cheers, -Ralf -- Ralf-P. Weinmann <rpw@uni.de> PGP fingerprint: 2048/46C772078ACB58DEF6EBF8030CBF1724
On Thu, 5 Oct 2000, Ralf-Philipp Weinmann wrote:
One variation of the original proposal would be to only allow egress to addresses known to lay in a jurisdiction different from the one in which the remailer resides. I know, the problem is nontrivial with all the dotcom addresses and such around. Does doing a DNS lookup and working on IP addresses help?
Nope. Unfortunately it does not. Deriving the geographical location from an IP address and a DNS name is not always feasible.
But actually the problem, here, is less one of pinpointing the location than of trying to ensure that the location is far enough away. I think some careful thinking in terms of the current BGP aggregation scheme should help at least a little.
which could be reversed to get to the geographical location, however it will not always be readily apparent how it works.
How about trying to automate this process? Using the remailer IPs and possibly some others as well known geographical 'beacons' and utilizing routing aggregation to get parts of the address space that are sure to be close to the remailer and hence 'dangerous'. I think geographical information at the level of nations is at least somewhat reflected in the allocation of IP addresses - it wouldn't seem sensible to allocate IP addresses for two different countries from a single pool.
What one could do however is have the remailer pass on every message which has a recipient address that is *known to be in a jurisdiction that is different from the remailers*.
And pass those that are known to be in the same.
You will not be able to reach each and every target then, but at least it's better than nothing.
If this sort of egress filtering (or any variant of the original scheme proposed) seems useful, why not develop some protocol/uniform data format to acknowledge the limitations of a given remailer. Type 2 remailers even have the necessary public key infrastructure in place to sign such extra data.
On the other hand I remember that the Curch of Scientology was able to have an impact on anon.penet.fi despite the fact that this remailer was outside of US jurisdiction. Maybe we have to come up with a list of "incompatible" jurisdiction systems to avoid this sort of thing from happening again.
The anon case was perhaps a bit different - provided that a remailer is well maintained, cpunk remailer maintainers can display that no data is retained on where different messages originated or were posted to. I do not think even CoS could have shut anon.penet.fi down. Sampo Syreeni <decoy@iki.fi>, aka decoy, student/math/Helsinki university
participants (9)
-
David Honig -
Declan McCullagh -
dmolnar -
Jim Choate -
Ralf-Philipp Weinmann -
Ryan McBride -
Sampo A Syreeni -
Steve Furlong -
Tim May