OPT: Re: Open 802.11b wireless access points and remailers (fwd)

Jim Choate ravage at einstein.ssz.com
Sun Jul 29 07:19:00 PDT 2001 


"Small World" network models resolve almost all of these issues...the
failure with all these models is the concept of 'root' (or more generaly
'heirarchy'). It's not needed.


---------- Forwarded message ----------
Date: Thu, 26 Jul 2001 01:52:53 -0400 (EDT)
From: dmolnar <dmolnar at hcs.harvard.edu>
Reply-To: cypherpunks at ssz.com
To: gbroiles at speakeasy.org
Cc: cypherpunks at lne.com
Subject: CDR: Re: Open 802.11b wireless access points and remailers

On Tue, 24 Jul 2001 gbroiles at speakeasy.org wrote:

> forbidden emails or browse hidden sites did that by going to public
> terminals in libraries or web cafes or [...] - now perhaps they'll do that
> at Starbucks or the mall, either for free or having paid cash for
> short-term access via 802.11b wireless.

I heard recently that Starbucks is piloting 802.11b access in selected
Manhattan locations. The issue is support, of course - they need to see if
they'll have to hire a sysadmin for every Starbucks before rolling it out.
I haven't taken my laptop and tried to verify this yet.

Matthew Skala had some material on his web page concerning "community
wireless" networks, as well, in which people offer free wireless
connectivity as a public service. Presumably this too would offer
opportunities for anonymous net access.

I would be less willing to trust a static box connected to one of these
networks, though. Once identified as a remailer, it seems that it might be
too easy to track it to its physical location, at which point it can be
borged or destroyed. After all, if it's going to be an active remailer, it
will be sending and receiving several messages each day. You might try
to get around this by developing a protocol in which there are many, many
remailers, each of which only speaks once in a very long while. I don't
know how easy or hard it is exactly to do this kind of tracking, however,
which makes it difficult to say what such a protocol would look like.

Perhaps mobile remailers might be more useful or more difficult to track
to their physical implementation. The only problem with a mobile remailer
is the question of "who's moving it?" (or what). I can imagine a mobile
remailer the size of a Walkman without too much difficulty; I can also
imagine that if I were to wear such a remailer and walk around in the
wrong kind of environment, I'd be asking for a "mugging." or worse. Now
that I think about it, it's not clear that wireless actually buys us more
than obscurity of physical location. The real win, as you point out, is
ease of access and ease of setup. Maybe less dependence on upstream
connections, as well, so you can get around the problem of ISPs shutting
down remailers for spam.

Plus mobile remailers seem to require either a global address space or
developing the notion of remailer confederations which allow dynamic leave
and join of remailer nodes. I recall that the notion of dynamic
collections of remailers came up in at least one previous discussion of
disposable remailers. I don't remember that too many conclusions were
reached, but it was a while abck.

One problem is that an adversary can show up with polynomially many of its
closest friends and have them all try to join a remailer confederation at
once. While the MIX protocol is theoretically OK as long as even one MIX
is honest, this may have bad implications for traffic analysis. Perhaps
one thing we could do would be to borrow Levien's advogato metric.

Let anyone who wants to start a remailer confederation. They form the root
set of the trust metric for that confederation. Anyone can join the
confederation's address space, but will start out with no trust links
between them and the root set. Nodes can rate each other, establishing
trust links. This way you can develop a trust metric / reputation system
local to that particular remailer confederation.

Now the issues are how the ratings are set up and maybe more important,
how routing of messages is influenced by the trust metric. Ratings could
be manual. We know how well that works from the PGP web of trust
experiment - and here life is harder since remops usually will not know
each other personally nor want to.

Another issue is dealing with nodes which leave the confederation. What if
all the confederation founders leave? what happens to the root set then?
Also, building up trust may require time, which makes this unsuitable for
nodes which want to pop in for 20 ins and then leave (say their owner is
on the freeway).

-David



 --
    ____________________________________________________________________

                Nature and Nature's laws lay hid in night:
                God said, "Let Tesla be", and all was light.

                                          B.A. Behrend

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage at ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------

More information about the cypherpunks-legacy mailing list