Anonymous Remailers
Why is it that some who are very concerned about their personal privacy utilize anonymous remailers that: 1) Log all of their mail messages? 2) Are in many cases reputed to be run by foreign intelligence services? Do they really trust the owner of the remailer? (Unless of course, it is their remailer?) I seem to be missing something.
On Wed, 14 May 1997, Roger J. Jones wrote:
Why is it that some who are very concerned about their personal privacy utilize anonymous remailers that:
1) Log all of their mail messages? 2) Are in many cases reputed to be run by foreign intelligence services?
Chain enough emailers run by rival foreign intelligence servers together, and you've got fairly good privacy(tm). ;)
At 5:17 AM -0800 5/14/97, Roger J. Jones wrote:
Why is it that some who are very concerned about their personal privacy utilize anonymous remailers that:
1) Log all of their mail messages?
With chained, multiply-encrypted messages, logs are ineffective unless all of the links in the chain collude to trace messages. While this is certainly possible, it seems unlikely.
2) Are in many cases reputed to be run by foreign intelligence services?
This allegation was made by some clueless Washington think tank authors. They provided no evidence, only innuendo, and they were unwilling or unable to provide any further comments when queried by several Cypherpunks. And given that many or even most of the remailer operators are members of the various related Cypherpunks or Remailers Operators lists, and are known to various of us, the notion that most (or even many) remailers are run by intelligence agencies is absurd.
Do they really trust the owner of the remailer? (Unless of course, it is their remailer?) I seem to be missing something.
I don't recognize your name on this list. Fine, as we always like to see new subscribers. But I surmise you just haven't spent enough time yet reading and thinking about these issues. Welcome to the Cypherpunks list. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Wed, 14 May 1997, Roger J. Jones wrote:
Why is it that some who are very concerned about their personal privacy utilize anonymous remailers that:
1) Log all of their mail messages? 2) Are in many cases reputed to be run by foreign intelligence services?
Do they really trust the owner of the remailer? (Unless of course, it is
Net.myths their remailer?) I seem to be missing something. You are missing the fact that you can chain remailers. Therefore it is pretty much irrelevant if some remailers are compromised. Then again, I know several remailer operators personally. Which makes me less worried about the them being foreign intelligence agents. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
Yes, you are missing a lot. The bit about foreign inteligence agencies is almost certainly a canard created by one Strassman at a conference in Boston 2 years ago, then retracted. Anyway, if you use chaining, it's irrelevant. See <A HREF="http://www.law.miami.edu/~froomkin/articles/ocean.htm"> http://www.law.miami.edu/~froomkin/articles/ocean.htm </A> and <A HREF="http://www.law.miami.edu/~froomkin/articles/arbitr.htm"> http://www.law.miami.edu/~froomkin/articles/arbitr.htm </A> for the gory details. Note that I use a remailer beacause this group may be gatewayed to Usenet and I am trying to keep down the spam... On Wed, 14 May 1997, Roger J. Jones wrote:
Why is it that some who are very concerned about their personal privacy utilize anonymous remailers that:
1) Log all of their mail messages? 2) Are in many cases reputed to be run by foreign intelligence services?
Do they really trust the owner of the remailer? (Unless of course, it is their remailer?) I seem to be missing something.
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | "Cyberspace" is not a place. U. Miami School of Law | P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
On Wed, May 14, 1997 at 06:01:23PM -0700, Lucky Green wrote:
On Wed, 14 May 1997, Roger J. Jones wrote:
Why is it that some who are very concerned about their personal privacy utilize anonymous remailers that:
1) Log all of their mail messages? 2) Are in many cases reputed to be run by foreign intelligence services?
Net.myths
Do they really trust the owner of the remailer? (Unless of course, it is their remailer?) I seem to be missing something.
You are missing the fact that you can chain remailers. Therefore it is pretty much irrelevant if some remailers are compromised.
Then again, I know several remailer operators personally. Which makes me less worried about the them being foreign intelligence agents.
Lucky, since I am considered contemptible by several c'punks, I worry about them more than I would about foreign intelligence agents. I have actually considered sending some things through the remailers, but I don't trust them -- I don't find cypherpunks any less susceptible to ideology than foreign agents... -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
At 9:25 PM -0800 5/14/97, Kent Crispin wrote:
Lucky, since I am considered contemptible by several c'punks, I worry about them more than I would about foreign intelligence agents. I have actually considered sending some things through the remailers, but I don't trust them -- I don't find cypherpunks any less susceptible to ideology than foreign agents...
The main solution to such doubts about remailers and their logging or snooping tendencies is to use many remailers, encrypted all along the way, and with the remailers picked from diverse ideological points. (Other solutions are of course for remailers to move away from the "human in the loop" system of Unix box-based remailers toward a more fully-automated, black box approach. This was the basis of Chaum's 1981 system...the remailers implemented in 1992 were acknowledged by all to be pale shadows of these hardware-based mixes. There are still opportunities for snooping, if the hardware is either compromised or is not built according to published specs to reduce such snooping, and this is of course an issue to discuss. Certain approaches using DC-Nets make even this kind of collusion problematic.) Further, a clever little fix is to make one's own remailer site a link in the chain. All a snooping subset of remailers can do is trace the message back to your own remailers. Obviously, they can't know if the message was merely _remailed_ through your site, or _originated_ there. Thus, including oneself as a remailer also provides excellent plausible deniability.) But, finally, the most important point: Whether you, Kent, "trust" certain of us not to snoop or meddle is not the main point. It is not we who argue that remailers should be controlled, or limited, or regulated, or banned. It is the government side. So, we Cypherpunks would be happy to see remailers run by the Greens, the Maoists, the Panthers, the Weathermen, the Aryan Resistance, the Kulak Liberation Brigade, the Stonewall Queers, Dykes on Bykes, the Animal Liberation Front, the Phalangist Party, a hundred other fringe groups, and a few tens of thousands of individuals and small shops. Collusion between a carefully--or even randomly--selected chain of, say, 20 of these various and mutually-hostile groups would seem to be "unlikely." Kent, stop babbling and spend a few hours reading up on the basics of how remailers work, the issues of collusion, and the discussions we've had for several years on these issues. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Wed, 14 May 1997, Roger J. Jones wrote:
Why is it that some who are very concerned about their personal privacy utilize anonymous remailers that:
1) Log all of their mail messages?
Good. They will mainly waste space on a bunch of encrypted stuff with the possible exception of the very last entry in the chain (which may only give the recipient, and a message, which might reveal the author when decrypted by the recipient's key). Everything else will point to another remailer and be readable only by it. They can log who is using it if they are first in the chain (so run your own remailer), but all they will know is who is using it, assuming it is not a nym.
2) Are in many cases reputed to be run by foreign intelligence services?
So who says they don't provide a public service :). Although I would resent my tax money supporting something that can be done in the private sector if I lived in such a country. There should be a move to privatize them.
Do they really trust the owner of the remailer? (Unless of course, it is their remailer?) I seem to be missing something.
I shouldn't have to unless I only use one remailer exclusively. If I use random chains, or mixmaster type remailers, I don't HAVE TO TRUST the remailer. The worst they could do is not pass on mail (which would show up in the stats), or selectively not send mail, or log content when they were last on the chain and if the message was actually plaintext at that point. There are a few subtleties, but if you do things right, things are very secure. It depends if you are trying for 100% security or merely want to avoid spam.
On Wed, May 14, 1997 at 11:30:36PM -0800, Tim May wrote:
At 9:25 PM -0800 5/14/97, Kent Crispin wrote:
[...]
Collusion between a carefully--or even randomly--selected chain of, say, 20 of these various and mutually-hostile groups would seem to be "unlikely."
Kent, stop babbling and spend a few hours reading up on the basics of how remailers work, the issues of collusion, and the discussions we've had for several years on these issues.
Hmm. I did read, and I thought I understood this. I claim that if the remailers collude, then there in no anonymity. Correct? Even if I insert my own remailer in the list it doesn't help, if the others are all in cahoots. This seems pretty obvious. They all compare logs, and saved copies of the messages, and my message can be tracked from beginning to end. Right? I see a list of remailers posted on cypherpunks periodically -- a "cypherpunks" approved list, therefore. Lucky Green admits publically that he personally knows several of the remailer operators. And clearly, remailer operators must share a common ideological focus... There might even be a few honest remailer operators out there, but undoubtedly they have been heavily diluted by those that are part of the cypherpunks conspiracy. So the odds of picking a colluding remailer chain are pretty high. When I send my mail the first one in the chain will notice mail from songbird, and alert his buddies. If an honest remailer is in the chain the mail will conveniently be lost, of course. Only chains composed of co-conspirators will allow my mail to get through... You will probably say that this was an insane conspiracy theory, and that I don't understand how the remailers operate, and how ideologically different the operators all are. You might think that I am ignorant, or being facetious, or that I am really just out of touch with reality. But, on the other hand, you should be very familiar with this mode of thought -- it is so similar to your "analyses" of the "gubmint". You are quite fond of clever caricatures, of sly and subtle inuendo, of imputing slimy motives and conspiracies, of looking at the worst in people...all justified by righteous anger, of course. Of course, to you righteous anger justifies murdering babies...("Broken eggs, and all that." -- TCM) However, it's not my prefered mode of thought, and I can't sustain it for long: It does seem fairly unlikely that a large percentage of remailers collude, and in theory it is probably fairly safe to send through them. At this time I can't really think of anything I have to say that requires anonymity -- my comment to Lucky was intended to be a light-hearted reference to my humble stature among the cypherpunks. "Negativity is an easy habit, often confused with sophistication." -- Anne Beetem -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
Hmm. I did read, and I thought I understood this. I claim that if the remailers collude, then there in no anonymity. Correct?
Correct.
Even if I insert my own remailer in the list it doesn't help, if the others are all in cahoots. This seems pretty obvious. They all compare logs, and saved copies of the messages, and my message can be tracked from beginning to end. Right?
Wrong. One trusted mix is enough to guarantee anonymity: There is a large number of fixed-size messages coming in and a large number of messages going out in random order. (Consult the archives for information about possible attacks, such as flooding a remailer with dummy messages, and how to detect/prevent them.)
I see a list of remailers posted on cypherpunks periodically -- a "cypherpunks" approved list, therefore. Lucky Green admits publically that he personally knows several of the remailer operators.
So you say Raph actually *is* part of the cypherpunk conspirary??! BTW, that list is the "list of reliable remailers", not the "list of cypherpunk approved remailers". Now guess how a remailer qualifies to be listed.
And clearly, remailer operators must share a common ideological focus...
Remailer operators share the belief that it must be possible to use the net anonymously, without leaving traces. Is that what you mean? PS: Did you know that one remailer operator formerly was a soldier in East Germany's National People's Army? -- |\/| L~ |\ | | <~ /\ | | L_ |/ \_/ _> /~~\
Kent Crispin <kent@songbird.com> writes:
[about remailers] Hmm. I did read, and I thought I understood this. I claim that if the remailers collude, then there in no anonymity. Correct? Even if I insert my own remailer in the list it doesn't help, if the others are all in cahoots. This seems pretty obvious. They all compare logs, and saved copies of the messages, and my message can be tracked from beginning to end. Right?
Not entirely. If other people use your remailer also, and you have latency, they'll see n messages going into your remailer, and n come out. There will be log2(n) entropy added, they won't know which of those are from you and which from the other users. Flooding attacks might make the situation worse, say you wonder if all of the messages apart from your own are from the attackers, and that the purpose of these messages is to flush your message out of the mixing pool. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
On Fri, May 16, 1997 at 12:34:33PM +0200, Ulf Möller wrote:
Hmm. I did read, and I thought I understood this. I claim that if the remailers collude, then there in no anonymity. Correct?
Correct.
Even if I insert my own remailer in the list it doesn't help, if the others are all in cahoots. This seems pretty obvious. They all compare logs, and saved copies of the messages, and my message can be tracked from beginning to end. Right?
Wrong. One trusted mix is enough to guarantee anonymity: There is a large number of fixed-size messages coming in and a large number of messages going out in random order. (Consult the archives for information about possible attacks, such as flooding a remailer with dummy messages, and how to detect/prevent them.)
"Guarantee" is a strong word, wouldn't you say? Simple case: you have two messages; one you know I wrote, the other I didn't, you don't know which. You could say that is "anonymity". That's a reasonable use of the term. But it wouldn't make me feel secure. So that boils down to what is a "large" number. (I confess I *haven't* read the archives about flooding attacks. However, I don't see how they could be guarded against if *all* the other remailers are in collusion. But perhaps that case has been considered...)
I see a list of remailers posted on cypherpunks periodically -- a "cypherpunks" approved list, therefore. Lucky Green admits publically that he personally knows several of the remailer operators.
So you say Raph actually *is* part of the cypherpunk conspirary??!
Of course. I don't know Raph from Adam -- *I* just see a list posted on cypherpunks. For that matter, of course, you could be Tim May, as are all the "(T)ruth (M)ongers", and many other of the "personalities" on this list...
BTW, that list is the "list of reliable remailers", not the "list of cypherpunk approved remailers". Now guess how a remailer qualifies to be listed.
J E Hoover certified them? If I persist in my conspiracy theory, then it makes absolutely no difference how they qualify -- the list is just text produced by the cp conspiracy, after all, creatively edited to make it look legit. But seriously, I thought it was buy sending "ping" messages through them -- is there something more to it?
And clearly, remailer operators must share a common ideological focus...
Remailer operators share the belief that it must be possible to use the net anonymously, without leaving traces. Is that what you mean?
PS: Did you know that one remailer operator formerly was a soldier in East Germany's National People's Army?
How do you know that? And why should I believe you? Anyway, Ulf, as I said in my previous message, this was all started by me poking fun of my "contemptible" status among the cyphperpunks. That status is partially fueled by the fact that I work for that evil conspiracy, the "government". (In all honesty, I must confess that it may also be partially fueled by various failings of my own.) -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
On Fri, May 16, 1997 at 10:27:19AM +0100, Adam Back wrote:
Kent Crispin <kent@songbird.com> writes:
[about remailers] Hmm. I did read, and I thought I understood this. I claim that if the remailers collude, then there in no anonymity. Correct? Even if I insert my own remailer in the list it doesn't help, if the others are all in cahoots. This seems pretty obvious. They all compare logs, and saved copies of the messages, and my message can be tracked from beginning to end. Right?
Not entirely.
If other people use your remailer also, and you have latency, they'll see n messages going into your remailer, and n come out. There will be log2(n) entropy added, they won't know which of those are from you and which from the other users.
Flooding attacks might make the situation worse, say you wonder if all of the messages apart from your own are from the attackers, and that the purpose of these messages is to flush your message out of the mixing pool.
And of course, in some environments running a remailer would be highly suspicious -- even more so if it is a *public* remailer. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
May's Second Law of Paranoia: If everyone is out to get you, cryptography is pointless. May's Lemma for Remailers: If they are out to get you, and all remailers are colluding to help get you, then remailers are worthless. The recent "criticism" of remailers by Kent Crispin is just a manifestation of these obvious points. Truly, if everyone outside of some agent, Albert, is colluding with each other, then simple comparisons of what they've sent to each other must leave what Albert has sent. (There is still a minor use of cryptography in terms of encrypting diaries, or records on a machine, for example, even in a world in which they are all to get one.) The more interesting issues are the tradeoffs between sizes of collusion sets, the partitioning of the graphs into collusion sets, and estimates of remailer entropy in the presence of varying amounts of collusion, low latency/mixing, etc. Many of us have of course argued for years that more detailed studies are needed...Kent observing that if all remailers are colluding one gets fewer (or no) benefits is hardly original or profound. Cf. the discussions of collusion by Chaum, Birgit Pfitzman (Eurocrypt, I think in 1989), Hal Finney, Wei Dai, myself, and others. "All cryptography is economics." (Eric Hughes) All remailer security is about economics, about how many colluders are out there, about the incentives and disincentives they feel to collude (*), etc. (* Any remailer who seeks to collude will quite quickly become known to other remailers as a colluder. I think a fairly stable equilibrium is for nearly all remailers to refuse to collude on general principles, and only collude in extreme circumstances.) If critics of remailers like Kent will not even bother to think deeply about these issues, with some back of the envelope calculations, and with some perusal of the main papers and articles in the area, I fail to see why we should take his points with any degree of seriousness. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
foreign intelligence agents myths. disinformation.
It may be myth now, but we can work to change that! (:-) There may not be agents of Non-US Governments running remailers that we know about yet, but there are intelligent Non-US individuals running them, and Anarchists in North America, and Anarchists outside North America running remailers, which if you're in the US Government is at least semi-threatening... And the US Naval Research Labs folks are building Onion Routers, which are relatively similar to remailers, and they're Foreign Government Agents from the perspective of non-US cypherpunks. A more common approach for government agents has been to post news and send mail from various Internet addresses of convenience; some of it has certainly been propaganda, and some has been deliberate false information, as well as some being just strongly-held beliefs of people I happen to disagree with. If your remailer system is well-designed, running your mail through the occasional KGB and CIA remailer is just fine, as long as you also run it through systems you hope you can trust. Even at that, you may trust Alice B. Cypherpunk to run an honest remailer, knowing that she's got a strong ethical policy against logging, and not know that the NSA broke into her machine last year and is been running a wiretap that's "perfectly US-legal" because she's based in Amsterdam.
Lucky, since I am considered contemptible by several c'punks, I worry about them more than I would about foreign intelligence agents. I have actually considered sending some things through the remailers, but I don't trust them -- I don't find cypherpunks any less susceptible to ideology than foreign agents...
Are you aware of any cypherpunks remailers publicizing their log files, at least beyond their published policies (e.g. the "You SPAM, You Die" policy that some remailers announce.) The main events of this type I know of are Julf Helsingius and maybe one of the Dutch remailers giving the name of anti-Scientologist to the police when ordered by a court, and Julf closed anon.penet.fi after that. There have been some remailer operators who will help track down hate mail in response to complaints, and some who will help track down high-volume spammers, and they generally make their policies known; others only do blocking. Back when I was running a remailer, what I saw from the bouncemail and the complaints was a certain fraction of attack-mail, which I dealt with by blocking recipients, a fair bit of spam such as phone-sex ads to usenet (ignored), a lot of test messages (sometimes ignored, sometimes diagnosed), and a lot of help requests with incorrect headers (which I generally tried to reply to, especially after I'd killed the remailer.) The only times I checked non-bounced mail (other than testing my remailer code) was to clean out high-volume spam (my remailer was set to shut down at certain volume levels) and to remove queued mail for people who complained, (and of course if the spammers had the sense to encrypt their spam, that wouldn't have shown much either.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)
participants (10)
-
3umoelle@informatik.uni-hamburg.de -
Adam Back -
Bill Stewart -
Kent Crispin -
Lucky Green -
nobody@REPLAY.COM -
Rabid Wombat -
Roger J. Jones -
Tim May -
tzeruch@ceddec.com