Remailers next generation?

[Paul Harrison]

It has been several years since any significant changes in
anonymous remailer technology were proposed.  Much of the
latter day thinking has been directed more to Democracy
Walls such as MN, freehaven, freenet as possible improvement
on good ole Usenet alt.anonymous.messages.

While it is still a bit premature, there are some intriguing
possibilities in the evolution of Sun's new offspring, JXTA.
In particular, the peergroup concept which allows for the
dynamic formation of a routing graph amongst anonymous
but authenticated nodes.  There is a core JXTA security
project which is supposedly finishing off an implementation
of the basic crypto components including some version of
key exchange and encrypted messaging (also toying with
some reputation extensions which _might_ be useful).

The basic JXTA node protocols use random id's, not IP
addresses, domain names, or other universal namespaces..
Off the top of my head it might easily be possible for a
remailers to participate in a JXTA peergroup, mixing messages
with peer-2-peer xfers before a message was emitted
through SMTP at the exit point.  Intermediate nodes would
not need to even have ICANN/IANA registered public
SMTP addresses, simply persistent peergroup nyms and public
keys.  The JXTA protocols allow for non-tcp/ip transports as
well, so an intermediate point might communicate using bluetooth,
or infrared.  Furthermore, by executing the transfers using a more
general purpose protocol than email it would be possible to
extend the remailer model to other communications channels
and exit via IM, IRC, Usenet or cellular SMS.  With a peergroup
infrastructure it would even be possible to devise some group
advertisement protocol where a remailer node or eavesdropper
_never_ knew to which specific address a message was
forwarded, only to what group of addresses.

As I said, JXTA is a pretty raw beast right at the moment, but
some of the groundwork is being set out which might make
cooperative anonymous communication possible with an even
lower public profile than SMTP and with a mixed mode of
transport which could further frustrate analysis.  There is even
an incipient (although deeply flawed from a 'punk perspective)
proposal to add a  micropayment service into the mix.

<http://www.jxta.org>

A peergroup based mail services does raise some interesting
trust metric challenges, though.  And -- until there is a broad
population
of JXTA users and traffic -- the cover is mighty thin compared with
smtp.