Another possible remailer attack?
Date: Fri, 8 Nov 1996 12:58:42 -0800 From: nobody@cypherpunks.ca (John Anonymous MacDonald) Subject: Vulis on the remailers Please, remailers, source block Vulis for a week. Remailer Fan
Suppose you operate an ISP and you suspect that one of your users (let's call him Dimitri) is using anonymous remailers to submit politically incorrect messages (under a pseudonym, or all with the same writing style) to Usenet, mailing lists, and a well-known phreak/hack publication. Also suppose that these public messages are appearing on a regular basis. You want to know if Dimitri is the person regularly posting these messages. So, you use your powers as ISP to block his access to all remailers. If the public messages suddenly stop then you can be reasonably certain that Dimitri was sending them. I expect this would work even against DC nets. The only solution I can think of is to have an account with multiple ISPs and always send mail from more than one account. This probably wouldn't offer much protection against TLAs (NSA, CIA, FBI, MCI, AT&T ;) who may be able to block traffic no matter where it comes from. Comments?
Steve Reid wrote:
Date: Fri, 8 Nov 1996 12:58:42 -0800 From: nobody@cypherpunks.ca (John Anonymous MacDonald) Subject: Vulis on the remailers Please, remailers, source block Vulis for a week. Remailer Fan
Suppose you operate an ISP and you suspect that one of your users (let's call him Dimitri) is using anonymous remailers to submit politically incorrect messages (under a pseudonym, or all with the same writing style) to Usenet, mailing lists, and a well-known phreak/hack publication. Also suppose that these public messages are appearing on a regular basis.
You want to know if Dimitri is the person regularly posting these messages. So, you use your powers as ISP to block his access to all remailers. If the public messages suddenly stop then you can be reasonably certain that Dimitri was sending them.
I expect this would work even against DC nets.
The only solution I can think of is to have an account with multiple ISPs and always send mail from more than one account. This probably wouldn't offer much protection against TLAs (NSA, CIA, FBI, MCI, AT&T ;) who may be able to block traffic no matter where it comes from.
Comments?
"Dimitri" can always telnet to smtp ports of various sites and use them to forward his mail to remailers. If his ISP blocks him (via a router filter, for example), then he would notice. A schizophrenic mind can imagine a situation where USENET Cabal would try to fool him and try to stand in the middle between him and all smtp servers, emulating their responses, but that is not terribly feasible. Also, some people regularly (via crontab) send anonymous email to themselves, just in case. They would notice when they stop receiving them. - Igor.
At 2:34 PM -0800 11/9/96, Steve Reid wrote: ...
You want to know if Dimitri is the person regularly posting these messages. So, you use your powers as ISP to block his access to all remailers. If the public messages suddenly stop then you can be reasonably certain that Dimitri was sending them.
I'm not following something...just how to your "powers as ISP" affect a remailer in, say, Holland, or one for that matter on another ISP? (As a matter of fact, I expect the "compliance rate" with your request would be something less than 10%.)
I expect this would work even against DC nets.
One presumption about nodes in DC-nets is that they are even more crypto-savvy than routine mixes, so I doubt even more strongly than nodes in a DC-Net would obey your recommendations to source-block any particular user from entering the DC-net. (And all your hypothetical "Dimitri" has to do is to use a remailer outside the DC-net to anonymize his identity, or to use Unix/Sendmail hacks to obscure the name, etc.) On the larger issue of foiling remailer networks by analyzing message sent--message received statistics, this is never going to go away completely. Just as the Nazis could isolate spy transmitters by selectively turning off electricity to different neigborhoods, so, too, can various in-out correlations be analyzed to deduce _probable_ sources of some messages. Given enough traffic. A SIGINT problem similar to submarine warfare Bayesian statistics problems. -Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (3)
-
ichudov@algebra.com -
Steve Reid -
Timothy C. May