CDR: Re: Anonymous Remailers

[Sampo A Syreeni]

On Thu, 5 Oct 2000, Ralf-Philipp Weinmann wrote:

>> One variation of the original proposal would be to only allow egress to
>> addresses known to lay in a jurisdiction different from the one in which the
>> remailer resides. I know, the problem is nontrivial with all the dotcom
>> addresses and such around. Does doing a DNS lookup and working on IP
>> addresses help?
>
>Nope. Unfortunately it does not. Deriving the geographical location from
>an IP address and a DNS name is not always feasible.

But actually the problem, here, is less one of pinpointing the location than
of trying to ensure that the location is far enough away. I think some
careful thinking in terms of the current BGP aggregation scheme should help
at least a little.

>which could be reversed to get to the geographical location, however it will
>not always be readily apparent how it works.

How about trying to automate this process? Using the remailer IPs and
possibly some others as well known geographical 'beacons' and utilizing
routing aggregation to get parts of the address space that are sure to be
close to the remailer and hence 'dangerous'. I think geographical
information at the level of nations is at least somewhat reflected in the
allocation of IP addresses - it wouldn't seem sensible to allocate IP
addresses for two different countries from a single pool.

>What one could do however is have the remailer pass on every message which
>has a recipient address that is *known to be in a jurisdiction that is different
>from the remailers*.

And pass those that are known to be in the same.

>You will not be able to reach each and every target then, but at least it's
>better than nothing.

If this sort of egress filtering (or any variant of the original scheme
proposed) seems useful, why not develop some protocol/uniform data format to
acknowledge the limitations of a given remailer. Type 2 remailers even have
the necessary public key infrastructure in place to sign such extra data.

>On the other hand I remember that the Curch of Scientology was able to
>have an impact on anon.penet.fi despite the fact that this remailer was outside
>of US jurisdiction. Maybe we have to come up with a list of "incompatible"
>jurisdiction systems to avoid this sort of thing from happening again.

The anon case was perhaps a bit different - provided that a remailer is well
maintained, cpunk remailer maintainers can display that no data is retained
on where different messages originated or were posted to. I do not think
even CoS could have shut anon.penet.fi down.

Sampo Syreeni <decoy at iki.fi>, aka decoy, student/math/Helsinki university