Anonymous remailers are a virus spreading online! (Replies)

lmccarth at cs.umass.edu lmccarth at cs.umass.edu
Mon Feb 19 01:04:31 PST 1996


Leonard P. Levine wrote somewhere:
> My most serious question about anonymous remailers is this:  How can we
> be sure that the operator of such a remailer is not a federal or other
> governmental agent?  That person is trusted with our privacy and has
> all the data needed to identify a user.
> 
> If I were the Feds I would already have set up such a "sting"
> operation, the temptation is just too great.

You will be pleased to hear that this problem was anticipated at least 15
years ago (in David Chaum's paper on "digital mixes"). Briefly, the solution
is to use multiple layers of encryption to distribute trust among several
remailer operators. Before it is remailed, a message is encrypted with public
keys belonging to each of a sequence of remailers. As each remailer receives
a message, it removes the outer layer of encryption using its private key,
revealing another encrypted message and the next address to which it should
be sent. Cooperation of all the remailers in the chain is needed to link the
originating address to the message that is eventually delivered to a 
recipient. 

For a longer exposition on the current state of the art in deployed
mail anonymizers, see http://www.obscura.com/~loki/remailer/remailer-essay.html

Note that the availability of strong anonymity critically depends upon the
availability of strong cryptography. If the Department of the Treasury 
Automated Systems Division holds all the remailers' private keys, then it can
easily determine the originators of all anonymously remailed messages.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)






More information about the cypherpunks-legacy mailing list