a retort + a comment + a question = [RANT]

Adam Back aba at dcs.ex.ac.uk
Mon Nov 11 14:58:10 PST 1996 


SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil writes:
>  mark m wrote:
>  >In order for anonymous remailers to be completely anonymous, only one 
>  >remailer in the chain has to be trustworthy.  If a message is chained 
>  >through N remailers and N-1 of those remailers are run by spooks, the 
>  >anonymity of the message depends on the remaining remailer.
>      
>  well, actually, the first remailer has to be the trustworthy one.  you 
>  send a msg to the first with your "real" address, and if the spook is 
>  there, voila! so...  i understand your point, but still, it has to be 
>  the first one.

The first remailer doesn't necessarily have to be trustworthy; it
depends what it is you are trying to hide.

If you are trying to hide the fact that you are sending mail via
remailers, then to some extent the first remailer matters.  But
presumably, if you are sending to remailers, watching all the email
you send would be the obvious way to see if you are using remailers.

Your options to hide the fact that you are sending to remailers would
be to forward your mail (encrypted) to someone else who does use
remailers.  Or perhaps a hypothetical system in which you
steganographically encode your to be remailed message to a newsgroup
which is scanned by the your entry remailer.

If on the other hand you are trying to conceal who you are sending to,
and you don't send to many messages, using mixmaster you would retain
some anonymity even if all bar one remailer were run by the spooks.
As mixmaster remailers have uniform packet sizes, and reordering of
messages, it's not going to be obvious which message coming from the
trustworthy remailer is yours.

Flooding attacks on remailers are when the spook run remailers try to
keep the trustworthy remailer fairly loaded with email, so that the
non-spook traffic shows up.  In the worst case, only your message
would be non-spook traffic in a given reorder batch, and you would
lose all anonymity.

Adam
--
RSA in perl:
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

More information about the cypherpunks-legacy mailing list