CDR: Re: Anonymous Remailers

[dmolnar]

On Tue, 3 Oct 2000, Ryan McBride wrote:

>      Mixmaster can be installed in the low-maintenance 
>      `middleman' mode. In that mode, it will send mail to 
>      other remailers only, to avoid complaints about 
>      anonymous messages.
>                                       
> Obviously this isn't a perfect solution, but it helps somewhat. It's what
> I'm planning on doing until I can familiarize myself with the legal
> ramifications of running an "open" remailer.

It's a nice first step...it's just that if an adversary knows you
are running a middleman and has control over one of the hosts relaying
mail for your ISP, it may be able to 

	1. send mail ostensibly to a legitimate, remailer address
	via your "middleman" remailer

	2. intercept the message you send out at the captured mail
	relay

	3. change the header so the mail you thought was going to
	a remailer ends up in someone else's e-mail account. or
	maybe the e-mail account of the adversary so he can
	pose as an aggreived user.  

A contact to the ISP follows. You can try to convince your ISP that
"no, this shouldn't happen because I'm running as a middleman," 
but it's not clear how you could prove that you're under this kind of
attack. The threat here is an adversary who wants to see the remailer
go down, but is unwilling or unable to just mailbomb it. The
adversary succeeds after your ISP gets enough complaints about your
crappy remailer administration to pull the plug.


I'd have to go read the code to figure out whether a plaintext message
could be sent this way, or just a message actually encrypted to another
remailer. Might not be so bad if only encrypted messages go through, but
if an adversary can get plaintext messages through then you seem to have
the same possible exposure as if you were a public remailer. 
(though in real life, of course, it will be much less because who's
going to do this?)

-David