Re: Traceable Infrastructure is as vulnerable as traceable messages.
On Sun, Aug 05, 2001 at 04:07:14PM +0300, Sampo Syreeni wrote:
Now, the above is of course fiction, for now at least. But keeping such widescale attacks on the infrastructure part of the threat model is not, IMHO, a bad idea. The discussions on stego, disposable remailers, physical broadcast technology and the like are part of that, and serve to lay the groundwork in case shit one day does hit the fan.
Last I checked, the vast bulk of remailers were in North America and Europe. Given sufficient provocation (Bush twins kidnapped, Osama talking biochemwomdterror in DC), I could easily see a coordinated set of pre-dawn raids to "gather evidence" and seize computers as part of a criminal investigation. Obviously the servers would have to be held as potential evidence for a trial - did they keep logs? our techs will find out - which could take a decade. This would cripple the current remailer network and generate almost no public outcry beyond the cypherpunks and such. -Declan
At 11:33 AM -0400 8/5/01, Declan McCullagh wrote:
Last I checked, the vast bulk of remailers were in North America and Europe. Given sufficient provocation (Bush twins kidnapped, Osama talking biochemwomdterror in DC), I could easily see a coordinated set of pre-dawn raids to "gather evidence" and seize computers as part of a criminal investigation. Obviously the servers would have to be held as potential evidence for a trial - did they keep logs? our techs will find out - which could take a decade. This would cripple the current remailer network and generate almost no public outcry beyond the cypherpunks and such.
Were that to happen, I'd bet a bunch of new remailers would be in place before the heliocopters were finished refueling. -- http://www.apa.org/journals/psp/psp7761121.html It is one of the essential features of such incompetence that the person so afflicted is incapable of knowing that he is incompetent. To have such knowledge would already be to remedy a good portion of the offense.
On Mon, 6 Aug 2001, Petro wrote:
Were that to happen, I'd bet a bunch of new remailers would be in place before the heliocopters were finished refueling.
Obviously you don't run one: the resources required are _not_ trivial, at least from the bandwidth perspective. -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
On Tue, Aug 07, 2001 at 01:04:29AM -0500, measl@mfn.org wrote:
On Mon, 6 Aug 2001, Petro wrote:
Were that to happen, I'd bet a bunch of new remailers would be in place before the heliocopters were finished refueling.
Obviously you don't run one: the resources required are _not_ trivial, at least from the bandwidth perspective.
Also, users won't immediately know about the new remailers or have any idea of their reliability. And while the Feds may be generally sluggish, when it comes to law enforcement (that is, remailer raids on anti-terrorism pretexts), I suspect they can be quite efficient. They don't have to succeed entirely, just enough to terrorize remailer operators and/or their Internet providers. -Declan
-- On 7 Aug 2001, at 7:38, Declan McCullagh wrote:
Also, users won't immediately know about the new remailers or have any idea of their reliability. And while the Feds may be generally sluggish, when it comes to law enforcement (that is, remailer raids on anti-terrorism pretexts), I suspect they can be quite efficient.
Provided they do not stop off at the donut shop. Some of the recent FBI scandals were callous indifference to human life and disregard of justice, but many of them were carelessness, neglect of duty, and gross incompetence. Similarly consider the CIA, whose assessments of the Soviet Union were consistently less accurate than my own. It appears to me that the level of corruption, laziness, irresponsibility, and sheer incompetence is fairly uniform throughout all branches of the government and all its activities. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 4+XoxbFtjmbwcVuklCLnkO3luRrkl/uC/vP8+7j8 4uxBjG18NPUTfucoHpSlutEoqUk9JOSyWeDgeamUq
At 1:04 AM -0500 8/7/01, <measl@mfn.org> wrote:
On Mon, 6 Aug 2001, Petro wrote:
Were that to happen, I'd bet a bunch of new remailers would be in place before the heliocopters were finished refueling.
Obviously you don't run one: the resources required are _not_ trivial, at least from the bandwidth perspective.
No, I don't. I've looked at it a couple times, and even set on up once, but never announced it or did anything with it. You imply that the bandwidth requirements are "not" trivial? What's "not" trivial? 128k? That's my home. 512k A phone call to Sprint away (which admittedly would take longer than the helo-refueling). Would a cable modem do it? How's about on an account in an employee rack at a major co-location facility with dual gig pipes? I have ready access to 2 of those, and the other 2 are only a matter of breaking loose with a little more cash (although I would hate to get cable). So why don't I run one now? Hassle. Time. I'd rather go riding or shooting than deal with it. -- http://www.apa.org/journals/psp/psp7761121.html It is one of the essential features of such incompetence that the person so afflicted is incapable of knowing that he is incompetent. To have such knowledge would already be to remedy a good portion of the offense.
At 07:54 PM 8/7/01 -0700, Petro wrote:
At 1:04 AM -0500 8/7/01, <measl@mfn.org> wrote:
On Mon, 6 Aug 2001, Petro wrote:
Were that to happen, I'd bet a bunch of new remailers would be in place before the heliocopters were finished refueling.
Obviously you don't run one: the resources required are _not_ trivial, at least from the bandwidth perspective.
No, I don't. I've looked at it a couple times, and even set on up once, but never announced it or did anything with it.
Its not the bandwidth, its the learning time, for the human who has to choose the code to install, install it, configure it, and test it. Attention is the limited resource.
[The remailer-bandwidth sub-thread...]
Were that to happen, I'd bet a bunch of new remailers would be in place before the heliocopters were finished refueling.
Obviously you don't run one: the resources required are _not_ trivial, at least from the bandwidth perspective.
Its not the bandwidth, its the learning time, for the human who has to choose the code to install, install it, configure it, and test it. Attention is the limited resource.
Attention *is* the limited resource; if it can be turned into script-kiddie-fodder it's ostensibly possible to get lots more. The big wins with Zero Knowledge were supposed to be two things - professionalizing the software so it's easy to install, and a business model that encourages ISPs to keep it around so you're not constantly worrying about getting kicked off your ISP, which leads to much of the monitoring that requires ongoing attention. Doesn't look like they won, but I'm glad they tried. Julf's original remailer ran on a 486 fed by a 64kbps private line. Modern remailers may get enough more traffic than that, but I doubt it - that's 691MB/day if you're not worried about really fast response time. I think most of the current remailers get a few thousand messages/day, probably averaging less than 10KB/message, so there's plenty of Headroom. Encryption burns a lot of CPU, but CPU's pretty near free these days. If the system gets used for Napster-like services, however, that involves lots more traffic. Cable modems don't gain you much - there's great downstream speed, so the remailer doesn't interfere with your other usage much and you can absorb bursts of traffic, but the upstream is usually limited to 128kbps in most of the US - only double the capacity of Julf's. Also, most cable-modem carriers have highly short-sighted views of what activities they want to allow and how many complaints they'll tolerate, so you could get the boot pretty fast if you're not a middleman or in-only. Petro's example of a colo site with dual gigabit feeds is more interesting, though that's highly unlikely to be full-time access for Gig-E per host, and most host computers can't keep up with that kind of load anyway. Still, the last estimate I heard for Usenet (probably 2-3 years old) was that the non-binaries used about 1 T1 full-time and the binaries used 2 more, so that's a total of ~5Mbps of drivel delivered right to your doorstep; remailers definitely should be smaller than that Until It Changes. Somebody said that remailers are pretty far down on the list of people who the government wants to Squash. True, but it wouldn't be hard to get most of them shut down quickly if they did want to, either directly in the US and cooperating countries, or through online cracker attacks elsewhere (particularly by harassing the ISPs of the remailer operators, who may not fold to overseas political pressure but don't like being attacked.)
At 11:00 PM 8/22/01 -0700, Bill Stewart wrote:
Cable modems don't gain you much - there's great downstream speed, so the remailer doesn't interfere with your other usage much and you can absorb bursts of traffic, but the upstream is usually limited to 128kbps in most of the US - only double the capacity of Julf's. Also, most cable-modem carriers have highly short-sighted views of what activities they want to allow and how many complaints they'll tolerate, so you could get the boot pretty fast if you're not a middleman or in-only.
128Kby/sec is 10 messages/sec. That's a lot for a 'commodity' home connection. 10 messages/sec because many remailers are text-only, no attachments. Few messages exceed 10Kby. The real issue IMHO is that, despite the boxes and pipes, the tech is not sufficiently deployed yet. We are hyping phone scramblers when telegraphs are more common.
participants (6)
-
Bill Stewart
-
David Honig
-
Declan McCullagh
-
jamesd@echeque.com
-
measl@mfn.org
-
Petro