-----BEGIN PGP SIGNED MESSAGE----- [ To: cypherpunks ## Date: 07/19/96 08:13 pm ## Subject: Message pools ]
Date: Wed, 17 Jul 1996 23:19:59 -0700 From: Bill Stewart <stewarts@ix.netcom.com> Subject: Re: Message pools _are_ in use today!
2. The authorities already have identified a suspect, call him "Bob," and wish to know if he reading (and perhaps decrypting) messages to "Alice."
As several of us have noted, #1 is tough--real tough. The authorities would have to contact 10,000 or more ISPs who have local newsfeeds and subpoena their logs of who read which newsgroups...assuming such logs are even kept
Getting everybody is tough. Getting a lot of the potential suspects, however, isn't as tough as it looks - the vast majority of home Internet users are on AOL, Compuserve, Prodigy, UUNet, Netcom, or (RSN) AT&T. Anonymous Message Pool users are a bit more likely to use niche-market ISPs, especially under pseudonyms, but if the number of users increases significantly there'll still be a reasonable proportion on the big carriers, which are probably more cooperative and probably keep more complete logs.
There are two other factors. 1. If you're trying to figure out who anonymously posted the ``All faggots must die'' message on alt.sex.motss, you have a very large number of potential suspects. However, if you're trying to figure out who anonymously posted the ``how to manufacture nerve gas'' post, your suspect list is quite a bit smaller. The condition for technical information about cryptography or computer security is similar. 2. It may be that the way you test your suspects is parallelizable enough that you can do a ``dictionary attack,'' in which you go down a list of people who you might suspect of posting something for one reason or another, and test the hypothesis that each of them actually did post it. Suppose I have such a test which can rule out 75% of my suspect list. This becomes a useful tool--especially if I can track multiple posts by the same user and rule out more and more of my suspect list as more and more messages are posted. I wouldn't count on even heavily-chained anonymous remailer messages to protect my identity from moderately wealthy and determined attackers, if I did many anonymous posts. Writing style and topic alone may narrow the suspect list down to a manageable number.
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com # http://www.idiom.com/~wcs
--John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMfZezUHx57Ag8goBAQGe+AP/fYWAfHmFwVdYvoQjAtcIAH5csUb2pWQi GYfsluIY1Wn2sPTxf+2GoVvfmwRlhAgwGtOTav83tsP8KN6uB6MJTe3NO67gL7Cx W1U7yNgC0Ebuyoxr4Hi4p3d0s57wroscy15O7/XgZ3Fcu+yi0lSoJOML86hipCUc plb/XsYBLLE= =sEbh -----END PGP SIGNATURE-----
On Wed, 24 Jul 1996, JMKELSEY@delphi.com wrote:
I wouldn't count on even heavily-chained anonymous remailer messages to protect my identity from moderately wealthy and determined attackers, if I did many anonymous posts. Writing style and topic alone may narrow the suspect list down to a manageable number.
There is an easy way to defeat psycholinguistic analysis techniques used by LEA's to profile perps. Buy a translation program, (such as Globalink's Spanish Assistant) use the program to translate the text to Spanish, (or any other language) and then use the program to translate the foreign language text back to English. The baselines of word choice, grammatical structure, etc. will be shifted to reflect the biases of the program rather than the biases of the writer. As an example, I will use the entire text of this message as a demonstration. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB [Begin Spanish Translation] En Casa, 24 Jul 1996, JMKELSEY@ [delphi.com] escribió: "no hago cuento con mensajes del [remailer] iguales muy-encadenado anónimos proteger mi identidad de asaltadores algo adinerados y determinados, si hacía muchos postes anónimos. Estilo de la escritura y tema solo estrecharía la lista del sospechoso a un número manejable." Hay una manera fácil derrotar técnicas del análisis del [psycholinguistic] usó por LEA perfilar [perps]. Compra una traducción programa, (tal como el Spanish Assistant de Globalink) usa el programa traducir el texto a español, (o cualquier otro idioma) y entonces usa el programa traducir el texto del idioma extranjero retrocede a inglés. El [baselines] de opción de la palabra, estructura gramática, etc. se cambie reflejar los sesgos del programa en lugar de los sesgos del escritor. Como un ejemplo, usaré el texto entero de este mensaje como una demostración. Jonathan Wienke ¡" 1935 bajará en historia! ¡Por la primera vez una nación civilizada tiene registro del arma lleno! Nuestras calles serán más seguras, nuestro policía más eficaz, y el mundo seguirá nuestra primacía en el futuro!" --Adolf Hitler " 46. El EE.UU. gobierno declara una prohibición en la posesión, venta, transportación, y transfiere de todo arma de fuego no-deportivos. .Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --Las 29 Palmas Combaten [http] del Estudio de los Brazos:// www.ksfo560.com/ Personalidades/ Palms.htm ¿1935 Alemania= 1996 EE.UU.? Huella digital importante= 30 F9 85 7F D2 75 4B C6 AC 79 87 3D 99 21 50 CB [Begin English Translation of Spanish Text] At home, 24 Jul 1996, JMKELSEY@[ [delphi.com]] he/she/it/you wrote: "I don't make have messages of the[ [remailer]] equal very-chained anonymous letter protect my identity of attackers something wealthy persons and certain, if I/he/she/it/you did many anonymous posts. Style of the writing and alone topic would take in the list of the suspect to a governable number." There is an easy way defeat technical of the analysis of the[ [psycholinguistic]] he/she/it/you used for I/he/she/it/you READ profile[ [perps]]. You/he/she/it buy a translation you/he/she/it program, (as the Spanish Assistant of Globalink) you/he/she/it use the program translate the text to Spanish, (or any another language) and you/he/she/it then use the program translate the text of the foreign language you/he/she/it go back to English. The[ [baselines]] of option of the word, grammatical structure, etc. I/he/she/it/you am changed to reflect the biases of the program instead of the biases of the writer. Like an example, I will use the text I find out this message like a demonstration. Jonathan Wienke " 1935 will lower in history! For the first time a civilized nation has registration of the full weapon! Our streets will be surer, our more effective police, and the world will continue our primacy in the future!" --Adolf Hitler " 46. The USA gobierno declara una prohibición en la posesión, venta, transportación, y transfiere de todo arma de fuego no-deportivos. .Consider [the following statement]: I [would fire] U.S [upon]. [citizens who refuse or resist confiscation of firearms banned by] U.S [the]. [government]." --The 29 Palms Combat[ [http]] of the Study of the Arms:// www.ksfo560.com/ Personalities/ Palms.htm 1935 Germany= 1996 USA? Important fingerprint= 30 F9 85 7F D2 75 4B C6 AC 79 87 3D 99 21 50 CB [Begin Follow-Up Comments] Obviously, the technique is crude, (translation software on autopilot works in mysterious ways) but it ought to be used by anyone wishing to anonymously communicate. To really work properly, the original message should be worded so that the translator program understands all of the words in the message (none of the words are bracketed and left untranslated). Otherwise, an analysis of untranslated words can be made. The subject matter, etc. can still be studied, but at least most conventional profiling techniques are rendered orders of magnitude more difficult by this process. Perhaps this could be a value-added fee-for-service option for remailer operators? (Using ecash for payment, of course.)
JonWienk@ix.netcom.com wrote: [Begin English Translation of Spanish Text] At home, 24 Jul 1996, JMKELSEY@[ [delphi.com]] he/she/it/you wrote: "I don't make have messages of the[ [remailer]] equal very-chained anony= mous=20 letter protect my identity of attackers something wealthy persons and cer= tain,=20 if I/he/she/it/you did many anonymous posts. Style of the writing and al= one=20 topic would take in the list of the suspect to a governable number." John Young obviously uses this technique regularly :-) -- Paul Foley <mycroft@actrix.gen.nz> --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- "Who cares if it doesn't do anything? It was made with our new Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..."
At 10:08 PM -0700 7/25/96, JonWienk@ix.netcom.com wrote:
On Wed, 24 Jul 1996, JMKELSEY@delphi.com wrote:
I wouldn't count on even heavily-chained anonymous remailer messages to protect my identity from moderately wealthy and determined attackers, if I did many anonymous posts. Writing style and topic alone may narrow the suspect list down to a manageable number.
There is an easy way to defeat psycholinguistic analysis techniques used by LEA's to profile perps. Buy a translation program, (such as Globalink's Spanish Assistant) use the program to translate the text to Spanish, (or any other language) and then use the program to translate the foreign language text back to English. The baselines of word choice, grammatical structure, etc. will be shifted to reflect the biases of the program rather than the biases of the writer. As an example, I will use the entire text of this message as a demonstration.
You are using two code books for double encoding. This is the kind of problem analysts solve while brushing their teeth. All the analyst has to do is determine your translation programs (easy to do since they have such obvious anomalies) and create reverse code books. The malapropisms are so obvious that there should be little difficulty aggregating the longest phrases that make up one codebook entry. David
participants (4)
-
David Sternlight -
JMKELSEY@delphi.com -
JonWienk@ix.netcom.com -
Paul Foley