CDR: Re: Disposable remailers

Sean Roach roach_s at intplsrv.net
Sat Oct 7 10:24:45 PDT 2000 

At 04:34 PM 10/6/2000, despot wrote:

>Perhaps this idea would work on low volume remailers. An iButton
>could be loaded with an applet to perform public key crypto, and
>thus, a sort of mixmaster remailer could be constructed. But, the
>memory constraints on iButtons (I believe 134K is the max
>currently available) and their slow speed may even rule this out
>for a low-volume remailer. And, as Bill mentioned, latency and
>reordering would not be feasible. Without those features, the
>amount of anonymity is reduced.

If the net is sufficiently large, then the remailers can be considered to 
be registers, each holding one message for a random length of time, and 
allow reordering just by that alone.  Of course, for this to work, traffic 
analysis has to be defeated in another way.  Probably in ZKS's planned, but 
last I checked, not implemented, constant activity among nodes.

Of course, the more traffic, the easier it will be for the intranets where 
these things are set up to locate them, and take them down.

> > I'm envisioning that the code would announce itself to some set
>of
> > web servers so that people can know where to find a few of these
> > transient remailers when they wanted to send some messages.
>
>Problems occur if the locations of these tini remailers are spread
>through such means. If the addresses are posted to a web site,
>tracking down such remailers would be simple, quick, and as
>thorough as the list of the remailers.

An alternative might be the method that gnutella uses.  Each remailer 
connects one time to a web page put up by the installer.  That web page has 
a limited number of URL's, mostly of other remailers also put up by that 
same installer, or that installers gang, (substitute cell, orginazition, 
liberation front, family, user's group, etc).  A few are shared by mundane 
means among cells probably through alt.anonymous.messages, or 
similar.  This allows the remailers to be linked across parties.  Each 
remailer keeps as many remailers in memory as it can, not to exceed a set 
number, for the safety of the others, and not to drop below another number, 
set based on practical use of the remailer.  (As an example, if a node only 
remembers 1 other, it no longer is useful for anything but an input or 
output node.  If it only remembers 2, all it can do is pass a message from 
one to the next.)  All this is kept in volatile memory.
The nodes ping each other on a regular basis, if a node fails to respond to 
a ping, that node is written off.  Perhaps the next general cover traffic 
includes information that such-n-such node appears to be compromised.  If a 
node receives NO pings, then it might also write itself off, and blank memory.

If extra nodes are occasionally inserted into the system by hailing known 
nodes and "topping off" their "neighbor list", then well hidden nodes can 
continue to be used, even after all the original neighboring nodes have 
been revealed and deactivated.  This could even be done through the node 
network.

If a minimum of 3 neighbors is set, and a maximum of 7, and if each URL 
requires 8+8+8+8+16 bits to store an address, then each remailer needs 
18-42 bytes extra in which to store addresses.  The URL for the web page 
can fill this memory for the first run, and would allow for, beyond the 
URL, 12-36 characters in the address.  Actually, message space could also 
be used to store this boot address, and therefore, shouldn't be a problem 
at all.  It could even be stored as a standard non-ip-number URL.  (Say 
www.geocities.com/hollywood/rodeo/1324/weblist, please note that if this 
url is functional, I don't know it.)

After setup, the node should forget everyone but it's neighbors, to protect 
them, anyway.


> > Also, due to the small memory footprint, it doesn't look
> > like a lot of messages can be stored locally, so there's
> > not a lot of room for latency and message re-ordering.

As I said above, if the latency is random, and the traffic suficient, 
re-ordering will just be a matter of one message taking a different, and 
longer, route than another, but by artifically increasing traffic, or even 
traffic increasing on it's own, you reduce the expected lifespan of the node.


>Use of these tini remailers should really only be done in a
>remailer-chained message. Of course, the chain would need to
>include one or more non-tini remailers. This way, even if all tini
>remailers are monitored, you still have a remailer that provides
>some level of obfuscation through latency and reordering.
>
>But, this disposable remailer idea is solid. As a quick example
>scheme, if there were some sort of remailer protocol that
>functioned like routing protocols, as disposable remailers came
>online, they could announce themselves to other remailers.
>Pseudorandom hopping from one disposable remailer to another could
>occur in a remailer-chained message, instead of manually
>encrypting a message for a chain of remailers. The sender could
>encrypt the message for the gateway and final non-disposable
>remailers and then specify a hop count. The first non-disposable
>remailer would decrypt one layer of encryption, decrement the hop
>count, pick pseudorandomly a disposable remailer to pass this
>message to, encrypt this message and pass it on. When the hop
>count hits one, the message is just forwarded to the final
>non-disposable remailer in the chain, which would then decrypt the
>final layer of encryption and passes it on to the recipient. Of
>course, this example is just something I pulled out of my
>ass...read up on more advance schemes if interested.
>
>The dynamic property of such a scheme would be ideal for
>disposable remailers. As they are discovered and removed, the
>system would compensate. With cheap cost, simple set up, and ease
>of hiding, disposable remailers could be brought online faster
>than they are taken down. And, if placed anonymously, there will
>no one to be held responsible for the devices.
>
>So, are small devices like tini's the ideal form of the future
>remailer? Is some sort of distributed, dynamic remailer scheme
>based on small devices the way to go? The stable remailer running
>on a box is subject to all sorts of legal issues, isp problems,
>etc. These covert, anonymous remailers have a great deal more
>freedom.
>
>On a side note, what other throw-away internet-ready devices would
>be of interest? Motion detectors? Access control devices? Door
>locks?
...
All of the above.  Take home that I-coffee pot, add a tini, take it back to 
the store and apologize that you already had one that you're new inlaws 
gave you.  Same with the door lock, then apologize that your apartment 
super won't let you install it after all.  An extra level of obfuscation is 
thus created in that dupes install the very remailers that you 
rigged.  They are far less likely, as homeowners living in an electronic 
age, to realize there is more traffic going over thier connection than they 
bargained for.

Big brother becomes unwitting courier for the underground.

Or did you mean in addition to disposible remailers, instead of ways to 
hide, distribute them?

Good luck,

Sean Roach

More information about the cypherpunks-legacy mailing list