no anon conversations?

An Metet anmetet at freedom.gmsociety.org
Fri Apr 30 12:32:03 PDT 2004 

On Fri, 2004-04-30 at 14:12, An Metet wrote:
> What technologies currently exist for receiving a/psuedononymous message?
> With Mixmaster, sending mail, posting news, and even blog posting are
> possible, However, receiving replies securely or, better, holding a private
> conversation is difficult or impossible. Best bet seems is to encrypt and
> spam somewhere very public? Ugly, ugly. No technological method, just a few
> "trust me" remailers. Other options?

A simple option is to use a free webmail account and access it via an
anonymizing proxy.  You can send mail that way too.  The great advantage
of this is that it does not brand you as an "anonymous mail user" and
thereby call attention to your activities.  You look like just another
of the millions of people who use such services.

For anonymizing proxies, do a google search on anonymous web surfing.
There are many more companies than anonymizer.com, although it is the
oldest and probably the best.  You can also begin experimenting with the
onion routing network at http://www.freehaven.net/tor.  This is like a
free version of the old ZKS Freedom network where you construct a path
through a number of forwarding nodes.  You could also combine these and
use TOR to access anonymizer.com and go from there to hotmail.com, etc.

There's a new proposal out called the Pynchon Gate from Len Sassaman and
Bram Cohen, http://www.freehaven.net/doc/pynchon-gate/.  Sassaman is
one of the main Mixmaster/Mixminion developers, and Cohen of course
has revolutionized the P2P file sharing scene this past year with his
BitTorrent.  These guys have a pretty good pedigree for getting stuff
done, and they claim to be in the process of implementing this new system.

The Pynchon Gate will use a crypto protocol called Private Information
Retrieval to let people receive messages anonymously.  The way PIR works,
all the incoming messages for all users are stored in a big database
which is replicated at several servers.  Recipients connect to each
server and download a packet of data, which is combined at the local
machine to reconstruct one incoming message.  However the algorithm is
such that each individual server learns nothing about which message is
being fetched, protecting the receiver's anonymity.

Here's a simple example of how it would work.  The method relies on
two properties of XOR:  XORing a value with itself yields zero; and the
result of XORing a random value with a predetermined pattern is still
a random value.

Suppose there are only two database servers, each holding 8 messages,
where the messages are all split or padded to be a standard size:

    M1 M2 M3 M4 M5 M6 M7 M8

Suppose you want to fetch M4.  Now you create a random 8-bit binary
string:

    1  0  1  0  0  0  0  1

Make a copy of that string and XOR in the bit position of the message
we want, in this the 4th bit:

    1  0  1  1  0  0  0  1

Note that because of the 2nd property of XOR listed above, both bit
strings are individually indistinguishable from random and neither by
itself gives any information about which bit was XOR'd.

Send the first bit string to the first server and the 2nd bit string to
the 2nd server.  Each server XOR's the messages corresponding to the 1
bits and returns the results, which will be the size of single standard
message:

    Server 1:  M1 xor M3 xor M8
    Server 2:  M1 xor M3 xor M4 xor M8

The recipient xors these two messages together:

    (M1 xor M3 xor M8) xor (M1 xor M3 xor M4 xor M8)

=   (M1 xor M1) xor (M3 xor M3) xor (M8 xor M8) xor M4

=   M4

The result is the required message.  Individually, each server saw a
random bit string and neither one by itself had any indication about which
message was being fetched, hence the recipient's anonymity was protected.
The same method can be generalized to larger numbers of servers, and
that is the intention with the Pynchon Gate system.

The privacy threat with this approach is that if the servers combine
their information, they can deduce which message the recipient was
fetching, by XORing all their bit strings together.  However, as long
as even one server is honest and refuses to go along with this, the
other servers can learn nothing about which message was being fetched.
This security guarantee is similar to that of a remailer chain, where
if they all colluded they could track user messages, but if at least
one is honest then privacy is protected.  Hence it is a good match for
users who rely on remailers.

It's not yet clear that this method can be really practical, can scale
to a reasonable number of users, resist flooding, and avoid leaking
information in terms of how many requests a given user makes in a
given period of time.  These are serious practical issues that need to
be solved.

But they do have one really good idea, which is that the user-end software
will be an agent that executes this protocol on a regular basis to
fetch messages, then makes them available to the mail client by acting
as a local POP server.  All modern mail clients let you set multiple
POP servers to be queried, so this should produce nearly transparent
integration to existing mail clients.  This concept might be copied for
other mail receiving methods in the future.

More information about the cypherpunks-legacy mailing list