The Twilight of the Remailers?
At 7:59 PM 5/21/96, Alex Strasheim wrote:
I'm closing my mixmaster, nsa@omaha.com, on the 4th of June.
There wasn't an incident that triggered this, but Hal's post about the FBI sort of spooked me, as have the lawsuits. I don't have a lot of assets myself, but I do have partners. My lawyer tells me that there's no reliable way to separate my personal net activities from those of the company my parnters and I own, and that I could even be exposing my parnters to personal liability.
I can't speak for anyone else, but for me the problem with running a remailer is that it's an inherently altruistic enterprise. That in itself wouldn't be so bad, but the liability makes the extent of the altruism open ended. If I knew that the worst case scenario would be $1k or even a $5k personal loss I could do it, but an open ended liability that's shared by my partners is unacceptable.
I'm sorry for the inconvenience this will cause.
Between Hacktic going down, Hal's comments that he may shut down his two sites, and this, plus others who are more quietly making plans to shut down, I think the thread title "The Remailer Crisis" is more apt than ever. As to potential liability, it is very likely to be vastly more than the examples Alex cites, of $1K or "even a $5k personal loss." Lawyers don't get out of bed in the morning for such insignificant sums. Keith Henson has been a friend of mine for the past dozen years (and I actually met him first in 1976), and he has kept me informed of his fight with the CoS. He's being sued for $100,000 by the CoS. (And they asked him a lot of questions about remailers, and who runs them. He didn't tell them much.) I can't say whether they are likely to win their suit, or what the judgment might be. But make no mistake about it, if the CoS wins and Keith is ordered to pay.... It's one reason I won't run a remailer that can ever be traced back to me. (I also don't have a box on the Net and don't really trust running remailers on machines someone else has root to. And I'm not a Unix person. And....) I figure that there are some, such as Detweiler, maybe government types, maybe others, who would make efforts to "take me down." Posting some child porn through my site to a Usenet group and then alerting the media would pretty much do it. (Or if binaries are not allowed, posting solicitations. Or if Usenet posting is not allowed...well, there are still ways...) "The Twilight of the Remailers"? Ironically, "copyright violation" and "clam secrets" were not even on the list of "the Four Horsemen of the Infocalypse" that we thought would really put remailers under some extreme pressure. If the Scienotologists can shut down many of the remailers, imagine what the Horsemen will do! --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
tcmay@got.net (Timothy C. May) writes:
Between Hacktic going down, Hal's comments that he may shut down his two sites, and this, plus others who are more quietly making plans to shut down, I think the thread title "The Remailer Crisis" is more apt than ever.
As to potential liability, it is very likely to be vastly more than the examples Alex cites, of $1K or "even a $5k personal loss." Lawyers don't get out of bed in the morning for such insignificant sums.
Yet fully anonymous mailing has always been supported by the Post Office. You may put anything, or nothing, as the return address on an item to be mailed, and drop it in the dead of night into one of millions of conveniently provided bins located almost everywhere. All for the quite reasonable price of thirty-two cents. It is interesting that the above model doesn't seem to survive parallel translation across the manifold to the TCP/IP arena. One reason for this is that there is no Postal Equivalent of Usenet. If anonymously mailed items magically appeared as articles in tomorrow's paper, for instance, one might expect significant heat to be generated, as well as calls for the elimination of anonymous mailboxes, and the association of a valid ID with each item mailed. The other reason is that the network of anonymous Postal mailboxes is so vast, and specific individuals are not associated with particular mailboxes. There is no way for someone like Hal to have rhetorical responsibility, for instance, if the Unabomber plops his latest exploding package into a particular box.
It's one reason I won't run a remailer that can ever be traced back to me. (I also don't have a box on the Net and don't really trust running remailers on machines someone else has root to. And I'm not a Unix person. And....)
Of course, Unix people can send anonymous mail without the use of remailers. Spoof an Ident or an IP, stuff it in some kind person's sendmail port, and "Voila!", the mail is on its way. Perhaps we need a remailer that automates this process. Current remailers all identify the sender quite clearly with a message such as the following... "This message was mailed by an automatic posting service. The sender takes no responsibility for its contents, but if you want to sue someone for an unspeakable amount of money, my name is Hal." It is clear that this model for remailers fails miserably if any significant amount of legal heat is applied. Contrast this with a DC-Net of boxes which can covertly inject packets into the Net, in some untracable manner. Now we have no identifiable "Hal" to be harrassed, and no one for the Clams to aim their lawyers at. Perhaps we could also do something with Mobile Agents, which could carry an encrypted message and stuff it into the Net from some random location. We are certainly at the point where the notion of a "remailer" as an identifiable source of traffic run by a specific individual is about to bite the dust.
Ironically, "copyright violation" and "clam secrets" were not even on the list of "the Four Horsemen of the Infocalypse" that we thought would really put remailers under some extreme pressure. If the Scienotologists can shut down many of the remailers, imagine what the Horsemen will do!
I think it's time for a slight leap forward in the technology that is employed to provide the functionality formerly known as "remailing." A little increase in reliablity might not hurt either. My current success rate for getting something through a remailer chain is about 50%, and that's using Ralph's reliable remailer list as a guide. Time for a brainstorming session. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
Mike Duvos writes:
Contrast this with a DC-Net of boxes which can covertly inject packets into the Net, in some untracable manner. Now we have no identifiable "Hal" to be harrassed, and no one for the Clams to aim their lawyers at.
While this is a nice thought, it is incorrect. You can't "covertly inject packets into the Net, in some untraceable manner." The output of the DC net is simply a block of random-looking bits for each member of the net. Someone must XOR each of the blocks together before the message is readable. If the addressee is not personally watching the DC-net and assembling all the blocks looking for a message, someone else must do that and put it out on the Internet (via e-mail, usenet, IRC, etc...). That someone is the person who is going to take the heat for the massage. It is exactly the same situation as with current remailers: someone gets mail they don't like, they trace it back as far as possible (i.e., to the remailer operator). The last person holding the 'hot-potato' gets burned. Since it looks like the "everyone's a remailer" dream is not becoming a reality, the key to successful remailers is to make the *operators* untraceable as well. If you can't trace the operator, you can't hold them liable. We have discussed techniques for doing this before: cash paid accounts, using dialups (possibly from a public phone). The remailer must be a 'sacrificial cow' that can be snatched up by 'authorities' at any time. Because it takes considerable time, effort, and money to setup and run a remailer that is untraceable to the operator, there must be compensation. The solution is a typical cypherpunk one: Digital cash postage that is collected by the remailer, encrypted with a public key, and posted to alt.anonymous.messages. Our untraceable remailer operator sits back and collects the cash until the remailer is forcibly shut-down. Then he starts up a new one (assuming this is profitable). While I haven't actually had experience running a remailer, I can imagine that the hassle of initially setting up the remailer in an untraceable manner may actually be less than the hassle of dealing with complaints. The age of remailers with publically known operators is drawing to a close. Basically the only missing link is the digital postage. If we get that, then being an anonymous remailer operator could be the first cryptoanarchist job that basically anyone can get and where you can collect money completely untraceably and tax-free. To me that seems like a big step towards the future that many of us have been discussing for the past few years. A very exciting prospect. andrew
Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com> writes: Mike Duvos writes:
Contrast this with a DC-Net of boxes which can covertly inject packets into the Net, in some untracable manner. Now we have no identifiable "Hal" to be harrassed, and no one for the Clams to aim their lawyers at.
While this is a nice thought, it is incorrect. You can't "covertly inject packets into the Net, in some untraceable manner."
You can temporarily modify router tables, spoof IPs and idents, and leave few traces behind once the data has been transferred, particularly if the origin is some obscure foreign location.
The output of the DC net is simply a block of random-looking bits for each member of the net. Someone must XOR each of the blocks together before the message is readable.
Correct. But I was mentioning DC-Nets only in the context of a mechanism for permitting the dispersed parts of such a system to communicate with each other, without identification of a particular node as being responsible for a particular action.
If the addressee is not personally watching the DC-net and assembling all the blocks looking for a message, someone else must do that and put it out on the Internet (via e-mail, usenet, IRC, etc...). That someone is the person who is going to take the heat for the massage. It is exactly the same situation as with current remailers: someone gets mail they don't like, they trace it back as far as possible (i.e., to the remailer operator). The last person holding the 'hot-potato' gets burned.
The idea here was to have a large number of nodes, each capable of injecting data into the Net in a manner which cannot be easily traced back to an individual. These nodes would talk to each other using a mechanism which obscured both eavesdropping and traffic analysis of their communications, a DC-Net being one possible way of doing this.
Since it looks like the "everyone's a remailer" dream is not becoming a reality, the key to successful remailers is to make the *operators* untraceable as well. If you can't trace the operator, you can't hold them liable. We have discussed techniques for doing this before: cash paid accounts, using dialups (possibly from a public phone). The remailer must be a 'sacrificial cow' that can be snatched up by 'authorities' at any time.
You could get the same effect with an instant anonymous account that could be purchased with Ecash. You would buy it on the spot, send your mail, and forget about it. For all practical purposes, it would serve the same function as a remailer, and steps could be taken to obscure the identity of whoever had telnetted to it. Another possible approach is the "remailing packets" one. You could set up a packet remailer which could be used as a universal proxy server in some untouchable foreign location. If we had a "packet remailer in a box", these things could pop up all over the place, live a short time, and be nuked. Since the communication would be real-time, concerns over reliability and delivery would not exist in the same way they do for the current system of remailers.
Because it takes considerable time, effort, and money to setup and run a remailer that is untraceable to the operator, there must be compensation. The solution is a typical cypherpunk one: Digital cash postage that is collected by the remailer, encrypted with a public key, and posted to alt.anonymous.messages. Our untraceable remailer operator sits back and collects the cash until the remailer is forcibly shut-down. Then he starts up a new one (assuming this is profitable).
I don't think most people are going to pay to remail. Or, to put it another way, the types of traffic people will pay to remail are those no remailer operator will want to touch with a barge pole.
The age of remailers with publically known operators is drawing to a close. Basically the only missing link is the digital postage. If we get that, then being an anonymous remailer operator could be the first cryptoanarchist job that basically anyone can get and where you can collect money completely untraceably and tax-free. To me that seems like a big step towards the future that many of us have been discussing for the past few years. A very exciting prospect.
Perhaps. Time will tell. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
Mike Duvos <mpd@netcom.com> wrote:
Andrew Loewenstern <lowensa@il.us.swissbank.com> wrote:
While this is a nice thought, it is incorrect. You can't "covertly inject packets into the Net, in some untraceable manner."
You can temporarily modify router tables, spoof IPs and idents, and leave few traces behind once the data has been transferred, particularly if the origin is some obscure foreign location.
Sure, doing this will make your packets untraceable, but for how long? Changing router tables and spoofing IPs is going to attract unwanted attention fast. I don't think such active IP attacks are appropriate for a remailer running unattended. Perhaps you mean that individual users should do these kinds of things instead of using remailers? For untraceability, I would put my money on chained MixMasters over IP spoofing. Besides, with IPv6 you won't be able to do these things anymore, but remailers will still work.
The idea here was to have a large number of nodes, each capable of injecting data into the Net in a manner which cannot be easily traced back to an individual. These nodes would talk to each other using a mechanism which obscured both eavesdropping and traffic analysis of their communications, a DC-Net being one possible way of doing this.
It's a good idea but it doesn't work in the real life. You can't put a message in a public place (like UseNet) or send one to an unwitting e-mail recipient (such as a mailing list) in an untraceable manner, repeatedly over time. The last remailer is going to traceable. A DC-Net is great, but it isn't going to be useful to very many people if the only people you can send messages to are the other DC-Net participants. Yes, this has applications, but it is not a replacement for the remailers we have now and are starting to loose at an alarming rate.
Since it looks like the "everyone's a remailer" dream is not becoming a reality, the key to successful remailers is to make the *operators* untraceable as well. If you can't trace the operator, you can't hold them liable. We have discussed techniques for doing this before: cash paid accounts, using dialups (possibly from a public phone). The remailer must be a 'sacrificial cow' that can be > snatched up by 'authorities' at any time.
You could get the same effect with an instant anonymous account that could be purchased with Ecash. You would buy it on the spot, send your mail, and forget about it. For all practical purposes, it would serve the same function as a remailer, and steps could be taken to obscure the identity of whoever had telnetted to it.
But not every piece of mail sent through a remailer is 'hot' enough to get it shut down. The vast majority of traffic is harmless. Also, taking steps to obscure the identity of whoever had telnetted to it is hard, way too hard for the average user who wants to send remail securely. If the remailer op does it once to setup a remailer, then potentially a very large number of people can use the remailer until it gets busted. In the mean time the remailer op collects postage to compensate him for his effort. Also you later say that "I don't think most people are going to pay to remail." Well if people aren't going to pay to remail, why would they pay to open a disposable ecash account to send a piece of untraceable mail? How much will the cheapest account be? Probably less than what a remailer, which can handle hundreds of messages a day, running on the exact same account would charge. Then you say "Or, to put it another way, the types of traffic people will pay to remail are those no remailer operator will want to touch with a barge pole." Well duh. My message you are refuting (and suggesting that the alternative is IP spoofing) is entirely centered around the idea that the remailer operator remain untraceable is because the traffic could potentially be too 'hot' for the remail-op to manage. I guess you mean that the all the harmless traffic will disappear once you have to pay to play. Well, if the only remailers around are for-pay ones with untraceable operators because all the public ones got busted, people will pay. If people didn't want a high assurance of untraceability, people would just use Penet. I don't think remail postage is going to have to be expensive. It doesn't take long to pay for a $15 a month telnet-only account. If you charged only a dime each, it would only take 150 messages to pay for it. Over a month thats about 5 messages a day. Sounds reasonable to me. A 3 remailer chain would cost $0.30, less than snail mail...
Another possible approach is the "remailing packets" one. You could set up a packet remailer which could be used as a universal proxy server in some untouchable foreign location. If we had a "packet remailer in a box", these things could pop up all over the place, live a short time, and be nuked. Since the communication would be real-time, concerns over reliability and delivery would not exist in the same way they do for the current system of remailers.
Which untouchable foreign locations do you refer to? For all the talk of these glorious havens we don't have any remailers setup in them. The Netherlands isn't one of them. Neither is Germany or France for sure. You can't have these "pop up all over the place" if it has to pop up in an untouchable foreign location that doesn't exist. If you think people get the heebie jeebies about running a remailer that could possibly be used to carry threats or illegal pictures, just wait to you see their reaction when you tell them that people could use their packet remailer to hack other sites. While remailer traffic has a chance of getting constitutional protection (in this country obviously), there is no doubt that hacking machines is not protected. Buying an anonymous telnet-only account with cash, then using a CyberCafe or some other public Net terminal to setup the remailer sounds like a much more viable solution for a potential remail-op than flying to Micronesia. Or waiting patiently for people in these untouchable foreign locations to setup remailers. Also, I think it's time to stop expecting people to rush out and setup these things if they were easier to setup. People simply don't get enough benefit for the risk of running a remailer. A web server is harder to setup than Mixmaster but there are a lot more web sites. If remailer ops are going to be liable for content, then few people are going to want to do it, regardless of the difficulties involved of setting up the software. Also, people want an/pseud-onymity. Look at how many accounts the penet service has. As people realize that such services offer little assurance of untraceability, they will turn more and more to cypherpunk remailers. If the only way a remailer can stay up is if it charges then the market will decide if it is worth it. I think the market is there. andrew
On Tue, 21 May 1996, Timothy C. May wrote:
Keith Henson has been a friend of mine for the past dozen years (and I actually met him first in 1976), and he has kept me informed of his fight with the CoS. He's being sued for $100,000 by the CoS. (And they asked him a lot of questions about remailers, and who runs them. He didn't tell them much.)
I can't say whether they are likely to win their suit, or what the judgment might be. But make no mistake about it, if the CoS wins and Keith is ordered to pay....
Thanks for the encouraging words. As the mailers drop off, its seeming more and more likely that my mailer will need to be temporarily offed also. (I would like to stress temporarily.) Unfortunately, fewer remailers means that the mailers that are left will be bearing an exponentially increasing amount of risk, not to mention the increase in traffic levels overall. The suggestion of inverting the sense of destination blocking seems the most feasable on a short term level... and will most likely be the route that I take for the near future. The remailer at this account will remain up temporarily, pending further notice.
participants (4)
-
Andrew Loewenstern -
Ben Holiday -
mpd@netcom.com -
tcmay@got.net