On Thu, 10 May 2018 23:33:39 -0400 Steve Kinney <admin@pilobilus.net> wrote:
Back around 1999 or 2000 I documented what I believed to be an ongoing, successful attack agaisnt the Mixmaster remailer network.
First, I attempted to geolocate all the 'reliable' routers then active. I found a startling number of them in the State of Texas, suggesting one sponsor for all - therefore, capable of following the "bouncing ball" of high latency traffic in many chains.
I found others in IP ranges assigned to various countries, including ones with "mutually hostile" political and economic relations. So I created chains that crossed mutually hostile borders and started sending test messages. I sent several batches over a period of about a week. NONE ever came back to me, indicating high likelihood of deliberate interruption of that traffic - the global adversary at work.
Oh well. I must admit I haven't fully done my homework but as far I understand the system, it's supposed to work if at least one of the mixing nodes isn't compromised? Cheap intuition tells me that a low bandwith, 'high latency' system with long mixing chains has to be somewhat better than the likes of tor. Then again, I haven't done too much rigorous thinking on the matter so...
So there's nothing new about the "ha ha fuck you" nature of allegedly anonymized comms on the networks. The only real security afforded would be in the "my adversary does not want to openly disclose this capability if he can avoid it" category, which is thin cover indeed...
And they don't need to disclose anything anyway. The nsa can always tell the cops "the silk road server is here" and then the cops will come up with some 'parallel construction' fairy tale.
IMO physical opsec is the only guarantor of anonymity on the networks: Hit and run comms with a scrambled MAC address via open routers, with due attention to avoiding surveillance on the way in and out,
yeah...so it's something that the very vast majority of mortals can't do =/ and even if you can do that, it's mostly useful for sending one-off messages...
seems to be the only option where /real/ hazards from State sponsored terrorist reprisals are on the table.
:o/