An Analysis of Compromised Remailers

[Len Sassaman]

On Mon, 15 Dec 2003, John Young wrote:

> This came in response to Cryptome's posting of Len Sassman's
> comments on remailers.

(BTW, John -- while the threat originally started out as being about
compromised remailers, my comments had little to do with that title.
Perhaps "remailer security" would be a better index term for cryptome?)

> Over the past year, many remailer users have noticed that the reliability of
> the Mixmaster type II network has steadily degraded. Although it may well be
> the result of TLA interference, the remailer community's statistical methods
> of selecting a "reliable" remailer chain contribute significantly to the
> network's degradation.

There are conflicting opinions on that statement. For instance, have a
look at this threat on alt.privacy.anon-server:

http://groups.google.com/groups?selm=8eb77bbdadfd2a6d1b21efabc1e1e090%40firenze.linux.it&oe=UTF-8&output=gplain

So, on one hand we have the claim that remailer reliability is degrading
because of how we select reliable remailer chains, and on the other hand
there is the claim that the reliability is increasing, because TLAs are
the only entities competent to run reliable remailers. (Apparently, if you
believe this theory, you also believe I work for the FBI.)

The facts are that the remailer network's reliability has increased over
the past few years, largely due to the renewed development attention that
Mixmaster has received.


> I ran tests in September, October & November, and provided the Mixmaster
> developers & remail operators with the same results I've included below. My
> testing was extremely simple: send a bunch of messages, and note which

The tests below unfortunately do not provide any really useful data. What
is really being tested isn't the remailer reliability, but the "mail to
news gateway" reliability. It would be much more useful for the tester to
isolate which remailer/mail2news combinations are resulting in lost news,
and post that data instead.


--Len.