Pay per use remailers and remailer reliability tracking.

Thu Dec 20 22:54:41 PST 2001

Quoting Steve Schear <schear at lvcm.com>:
> 
> I don't run a mixmaster because:
>  - its not been easy to get running
>  - it uses SMTP ports which are filtered on my AT&T cable system.  The 
> remailer reference lists need to include port number references so users on 
> these "restricted" ISPs can participate.  Since the traffic is encrypted it 
> might make sense for operators to choose port numbers used by P2P 
> applications which currently encrypt traffic (I believe Morpheus does).
>  - it didn't run under Windows (until the other day)

[admittedly, I'm very biased, since I have more of a network engineering/admin
point of view than a normal end-user cypherpunk point of view]

I'm wary of doing things which violate internet standards and generally
complicate application design to support:
1) Windows users trying to run servers
2) People running reliable servers on filtered networks (just get a tunnel
if you really care)

I don't see there being a huge need for middleman/remix-only nodes.  There is 
a huge need for well-configured, production-grade exit hosts with testicular 
fortitude and a bad attitude.  Are there *any* documented cases of people 
subpoenaing more than one layer deep in a remailer net?  Or even actively
fucking with a single remailer who simply says "I keep no logs" successfully
enough to do any more than shut him down? (mixmaster, not penet)

Things like the hotmail exit code are foiled these days by the "prove you 
are a real human or a turing-test-complete AI to open an account"

Relying on services which are in violation of terms of service (running a 
remailing server on a consumer dialup or cablemodem with a no-servers
policy, abusing stupid web email providers to take the heat) is not a 
good way for high-visibility, high-abuse postions of the network to 
operate, if reliability is key (as it is for non-abusive remailer users).

Until there is evidence otherwise, I think 5-10 well-administered, 
professionally maintained remailers, run by reasonably well known
organizations, with sufficient legal firepower to defend themselves,
running a codebase which is as reliable as a standard MTA, with best-efforts
spam and abuse prevention, would provide a better service to users than 100
99% reliable remailers running on cablemodems which can be incapacitated
by a single email to noc at home.net or blown power supply or whatever.  

Simultaneously raise the bar in some ways (require better network, 
maintenance, etc.) but lower it in the ways which influence TCO for a 
professional organization (install and maintenance admin time).

Provide a way to inject messages into the system without identifying the
user as "member of the set of remailer users"; put up a web interface
accessible via a quality anonymizing proxy, or pick up encrypted messages
from USENET, or encourage dummy traffic from end users (put a nice web 
anonymizer and/or SSL web server with general-interest content right next
to the remailer, ideally, for plausible deniability, and use JS or java or 
something so normal browsing sessions and remailer-interaction sessions are
similar).

> There needs to be an automated way to anonymously and securely determine if 
> your messages have gotten stuck at a particular remailer.

Given the level of latency and standard deviation for messages, I'm not
sure if this would provide a reasonable level of quality of service, using
today's remailer population.

-- 
Ryan Lackey [RL7618 RL5931-RIPE]	ryan at havenco.com
CTO and Co-founder, HavenCo Ltd.	+44 7970 633 277 
the free world just milliseconds away	http://www.havenco.com/
OpenPGP 4096: B8B8 3D95 F940 9760 C64B  DE90 07AD BE07 D2E0 301F