remailers-tla.htm Compromised Remailers, December 15, 2003
S
S
Mon Dec 15 15:16:17 PST 2003
Thank you for posting the "Compromised Remailers" article:
http://cryptome.org/remailers-tla.htm
Over the past year, many remailer users have noticed that the reliability of
the Mixmaster type II network has steadily degraded. Although it may well be
the result of TLA interference, the remailer community's statistical methods
of selecting a "reliable" remailer chain contribute significantly to the
network's degradation.
As a former employee of the United States Army Communications Command [USACC]
Headquarters, I was amazed to stumble upon the existence of a publicly
available communications medium permitting truly anonymous communication by
hampering the government's ability at "traffic analysis," or tracking an
email message from its source to its destination. One would have to be
foolish to believe that TLAs are not hard at work trying to pierce the veil
of anonymity afforded by the Mixmaster type II, and, the yet to be released,
type III remailers.
I ran tests in September, October & November, and provided the Mixmaster
developers & remail operators with the same results I've included below. My
testing was extremely simple: send a bunch of messages, and note which
messages arrived. [The same procedure an accountant would use in tracking a
financial transaction from its origin to its destination.]
What I found was that a handful of remailers accounted for virtually all of
the un-delivered email messages. Yet, these same remailers, that never
delivered my email messages to the "alt.anonymous.messages" news group, where
also listed as among the most reliable remailers in mixmaster stats used to
select remailer chains.
I've included my recommendations to improve the network's reliability in the
test results below.
-----------------------------------------------------------------------------
Mixmaster II Reliability Issues & Test Results
-----------------------------------------------------------------------------
The major issue currently plaguing the Mixmaster remailer network is the true
reliability of the LAST remailer in a chain. A considerable number of these
remailers habitually act like "Black Holes" for email messages destined for
"alt.anonymous.messages" and other news groups.
Unfortunately, most of these "Black Hole" remailers also happen to be listed
as among the most reliable remailers in mixmaster stats, with ratings ranging
from the upper 90's to 100; consequently, it's highly probable that messages
sent to newsgroups will frequently hit one of these demon remailers, never to
reach their intended recipient.
Over the past 2 months, I've sent & tracked over 5,124 email messages
consisting of either 4 or 6 copies of 1,220 unique messages, each routed
through 11 Mixmaster type II remailers, to the "alt.anonymous.messages" news
group.
---------------------------------------------------------------
Last Remailer Lost Msgs Delivered Msgs % Reliability
---------------------------------------------------------------
antani 63 0 0
cripto 65 0 0
hastio 41 0 0
george 31 7 18
paranoia 41 10 20
futurew 33 9 21
edo 27 9 25
starwars 54 29 35
itys 7 9 56
italy 7 10 59
bog 3 14 82
freedom 3 45 94
tonga 5 106 95
liberty 2 51 96
panta 3 69 96
bigapple 3 104 97
metacolo 3 99 97
bogg 1 52 98
dizum 2 106 98
jmbcv 1 59 98
frell 0 34 100
randseed 0 3 100
---------------------------------------------------------------
Sub-totals 395 825 68
---------------------------------------------------------------
Total 1,220
---------------------------------------------------------------
Surprisingly - at first - I found that sending messages through chains of
remailers rated, in mixmaster stats, at 98% or greater was FAR LESS reliable
than sending messages through remailers rated at 50% or greater. This is
because the "Black Hole" remailers were almost always rated, in mixmaster
stats, at 98% or greater reliability, while the remailers that were the most
successful at delivering my messages were usually rated, in mixmaster stats,
at reliability ratings of 90% or lower.
For those of you yelling, "it's the broken chains, dumbass!" I strongly
disagree. Messages sent through broken chains were more than twice as likely
to successfully reach the intended news group than were messages that failed.
--------------------------------------------
Messages Sent Through Broken Chains
(copies of the same message)
--------------------------------------------
Copies Lost Delivered
--------------------------------------------
4 13 31
3 40 92
2 94 218
1 154 325
--------------------------------------------
Sub Total 301 666
--------------------------------------------
Total 967
--------------------------------------------
Broken chains were somewhat reliable predictors only after all the "Black
Hole" remailers were removed from the remailer chains selected to send
messages. Even then, the broken chain stats were marginally reliable only on
the infrequent occasion that broken chains changed little from day to day.
The difference I found in the actual ability of a remailer to successfully
deliver email was completely at odds with the mixmaster remailer stats and
broken chain data, rendering them of little value in selecting a remailer
chain that insures a successful delivery.
The remailer network screams for a testing methodology that stresses the
success of actual messages delivered to their destination, as I've done in
this test. Basically, the network needs to be auditable, and the current
method of evaluating remailer reliability needs a complete re-think because
it's not working well, at all.
Additionally, Quality of Service standards need to be established and
maintained. Remailers that consistently fail to deliver messages need to be
removed from the network. I consistently achieved a 95% success ratio by
removing the remailers, listed above, that failed to deliver email messages
less than 94% of the time.
It would also be helpful for there to be better communication between
remailer operators.
Example: "Italy" abruptly stopped accepting mixmaster messages on the morning
of Monday, October 20, but did send an email, that morning, to the remops
mailing list announcing its action to permanently leave the mixmaster
network. At least two days later, italy was still listed as a working
mixmaster remailer, and not even listed as a broken chain for most remailers.
* When the "Black Hole" remailers were in the chain, but not the final
remailers, they were as reliable as the rest of the remailers. I found this
extremely puzzling. Thankfully, I'm not much of a conspiracy theorist...
* Fortunately, in 5 of the tests when "bogg" was randomly selected as one of
the last remailers, it posted all copies of each message to the
"alt.anonymous.messages" news group instead of only sending one copy. Thank
God for small favors. ;)
----------------------------------
Copies of Messages bogg posted
to "alt.anonymous.messages"
----------------------------------
Copies Messages
----------------------------------
4 5
3 8
2 10
1 1
----------------------------------
>From the first line: for 5 separate messages, all 4 copies of the messages
sent through "bogg" were posted to the "alt.anonymous.messages" news group.
As you can see from the bogg data, usually more than a single copy made it
through to the last remailer for the test cycles I noted.
Using bogg as an example, I feel comfortable "jumping to the conclusion" that
most of the "Black Hole" remailers, that failed to deliver messages to the
alt.anonymous.messages" news group, usually received more than one copy of
each message.
I hope this helps improve the reliability of a network I've come to rely upon
over the years...
Keep up the good work!
-----------------------------------------------------------------------------
Mixmaster II Reliability Issues & Test Results [Final Test]
-----------------------------------------------------------------------------
183 messages [4 copies] were sent through chains of 20 remailers with an
overall & final remailer reliability of 30% or greater. This was truly a
torture test that guaranteed every message an equal probability of crossing
a broken chain.
The results of this final test were in line with my earlier testing
conducted in September & October. In a nutshell: choosing a low reliability
for the remailers resulted in a greater number of messages reaching their
intended recipient, which, in both tests, was the "alt.anonymous.messages"
news group. This is because the "Black Hole" remailers were almost always
rated, in mixmaster stats, at greater reliability than remailers that were
the most successful at delivering my messages.
The Mixmaster network had an overall improvement of 4% over my earlier
testing, in which some batches of messages were sent through remailer chains
with reliabilities of 98%, while other batches were sent through remailer
chains with reliabilities of 50%. This time around, I used a reliability of
+30%.
I didn't bother tracking bad chain data this time around because I found
the data inconsequential in my earlier testing. In both earlier & present
testing, all messages had an equal probability of encountering a bad chain,
and a chain of 20 remailers, in this test, virtually guaranteed it.
Let me clarify the statement: "I found the bad chain data inconsequential
in my earlier testing." It's not that the data aren't necessary in choosing
a good chain. In fact, you can bet that the new Mixmaster client's ability
to avoid bad chains was primarily responsible for all the 100% ratings
in this testing cycle. [The developers really deserve a strong round of
applause for their improvements to the Mix client & bad chain data.]
The reason the bad chain data are inconsequential to the testing is that all
messages have an equal probability of encountering a bad chain that may
develop over the many hours, or days, it takes for the messages to navigate
20 remailers.
My recommendations are the same as I previously outlined in my earlier
test results, which I've included below...
Thanks again to all the developers & remops!
----------------------
November test results:
----------------------
(November 19, 20 & 21)
183 messages (4 copies of each)
-------------------------------------------------
Last Remailer | Sent | Arrived | % Reliability
-------------------------------------------------
antani 14 0 0
cripto 8 0 0
futurew 12 0 0
george 6 0 0
hastio 4 0 0
bunker 8 3 38
paranoia 16 14 88
bigapple 14 13 93
dizum 10 10 100
edo 12 12 100
freedom 5 5 100
frell 12 12 100
itys 15 15 100
metacolo 8 8 100
panta 15 15 100
randseed 9 9 100
starwars 9 9 100
tonga 6 6 100
-------------------------------------------------
Total 183 131 72
-------------------------------------------------
-----
More information about the cypherpunks-legacy
mailing list