FW: Anonymous Remailers
At 5:17 AM -0800 5/14/97, Roger J. Jones wrote:
Why is it that some who are very concerned about their personal privacy utilize anonymous remailers that:
1) Log all of their mail messages?
Tim May Responded With chained, multiply-encrypted messages, logs are ineffective unless all of the links in the chain collude to trace messages. While this is certainly possible, it seems unlikely. Roger J Jones Responded Several of you have suggested as Tim has that the chain of remailers is secure. I suggest that the statement is only true to the extent that one wants to trace back a particular message. On the other hand, if one wants to find the source of postings to anonymous remailers and has skilled access to the Internet the task is quite simple and does not even require attacking the remailers. Of course, one could break the chain by having the remailers call each other outside of the Internet, but then of course the phone records would disclose the connection. Then again, one could hard wire a private connection between two remailers outside of both the Internet and the phone system but even this connection would be disclosed through reasonable traffic analysis. Of course, the simple fact that even encrypted streams need to include the ultimate destination of the message makes content analysis easier and weakens the encryption. Then again, all of this is a lot of work. Social Engineering and pure bribery would more likely be the most efficient and effective solution. Roger J Jones wrote:
2) Are in many cases reputed to be run by foreign intelligence services?
Tim May Responded This allegation was made by some clueless Washington think tank authors. They provided no evidence, only innuendo, and they were unwilling or unable to provide any further comments when queried by several Cypherpunks. And given that many or even most of the remailer operators are members of the various related Cypherpunks or Remailers Operators lists, and are known to various of us, the notion that most (or even many) remailers are run by intelligence agencies is absurd. At 9:48 AM -0800 5/14/97, Roger J. Jones wrote: I suggest that just because you chose to characterize the sources as "clueless Washington think tank authors" does not (as they say in Star Trek - The Next Generation) "make it so". The "allegation" that foreign governments actively participate in actions to violate personal privacy ("borrowing" laptops from traveling businesspeople, taping phones, etc.) are all documented in various places. Of course, they could all the result of a single psyop with excellent results. But I doubt it. Tim May Responded Your first point, using some kind of Star Trek lingo, is beyond comment. I provided a lot more context than your original point provided, and yet you seem to want even more documentation. Go back and read the archives for a discussion of this paper (hint: search on "remailers" ANDed with "SAIC." Pay particular attention to the critique of this paper by such folks as Raph Levien, and others. Anonymous Responded Yes, you are missing a lot. The bit about foreign inteligence agencies is almost certainly a canard created by one Strassman at a conference in Boston 2 years ago, then retracted. Anyway, if you use chaining, it's irrelevant. See <A HREF="http://www.law.miami.edu/~froomkin/articles/ocean.htm"> http://www.law.miami.edu/~froomkin/articles/ocean.htm </A> and <A HREF="http://www.law.miami.edu/~froomkin/articles/arbitr.htm"> http://www.law.miami.edu/~froomkin/articles/arbitr.htm </A> for the gory details. Roger J Jones Responded Given that several of you have suggested that the "foreign agent" theory is a hoax I suggest that this does not give me much faith either. What we have is the classic case that it difficult if not impossible to prove the non-existence of anything. For example, presume that one could identify every real owner of every remailer in the Internet universe. Have we proved anything? Not really. Because in the time it has taken to prove the case, a new remailer could have been created. Or the remailer that one thinks is secure could be down with a different remailer operating as an IT spoof. Or, after checking with the owner of the "safe" remailer the owner becomes subject to the normal desires of life (fear, greed, power, etc.) and "turns." The existence of both type one and type two errors prevents even an exhaustive search from being fully satisfied. Roger J Jones wrote
Do they really trust the owner of the remailer? (Unless of course, it is their remailer?) I seem to be missing something.
Roger J Jones wrote further...... So, chaining does not seem to be a secure solution. It just makes the process more difficult, but not impossible. The non-existance of "agents" who would operate a remailer for purposes other than protecting security can not be proven. I still seem to be missing something.........
At 7:34 AM -0800 5/15/97, Roger J. Jones wrote:
Roger J Jones Responded Several of you have suggested as Tim has that the chain of remailers is secure. I suggest that the statement is only true to the extent that one wants to trace back a particular message. On the other hand, if one wants to find the source of postings to anonymous remailers and has skilled access to the Internet the task is quite simple and does not even require attacking the remailers. Of ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Care to tell us how this tracing is done without cooperation of the remailers? Perhaps you don't understand how remailers work, how many messages they accumulate to provide the mixing entropy, and how long they typically delay messages. (Latency, or the delay, is not the central issue...mixing entropy is. But, in practice, latency is associated with this.)
I still seem to be missing something.........
I agree. But we can't help you, as you seem to be unknowledgeable about the basic nature of digital mixes. If you won't take the time to figure out the basics of how they work, how can we keep writing articles trying to correct your misapprehensions? --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
"Roger J. Jones" <cyber@ibpinc.com> writes:
So, chaining does not seem to be a secure solution. It just makes the process more difficult, but not impossible.
The non-existance of "agents" who would operate a remailer for purposes other than protecting security can not be proven.
Run your own remailer. Tell your friends to run their own remailers. Use one or more of those somewhere in the chain, then you *know* your messages are secure. The software can be found at ftp://ftp.replay.com/pub/replay/pub/remailer
I still seem to be missing something.........
You may want to read the paper "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms" by David Chaum (CACM, 2/1981). It is available at http://world.std.com/~franl/crypto/chaum-acm-1981.html
participants (3)
-
3umoelle@informatik.uni-hamburg.de -
Roger J. Jones -
Tim May