Cypherpunks, pay per use remailers, and the good ol' days

[Declan McCullagh]

On Wed, Aug 08, 2001 at 10:01:57PM -0400, Declan McCullagh wrote:
> Yet some form of PPU remailer could exist today: A remailer would find a 
> cookie and an encrypted-to-PPU-public-key credit card in the body of the 
> message it receives. It would then debit a credit card for, say, $3 and 
[...]
> The usual objection to such a system would be that the feds would impose 
> pressure on the banking system (or credit card companies would do it 
> themselves) and prevent remailer ops from securing merchant accounts. That 
> may be true, but remailers at least today aren't seen as a serious threat. 
> They could get away with it for a while.

Thinking through this a little bit more, such a system wouldn't work
well given today's technology. It would allow an attacker to know 
with a high degree of certainty the truename (cardname) of someone 
and link that with an encrypted message. By unwrapping it down the
chain with subpoenas and court orders, it would be possible to 
get at least the last To: line if not the final text.

Such a situation could be avoided by remailers that use temporary
(changing by the minute, say) keys so that a court order wouldn't 
be able to succeed in the same way as above. But then that has
the problem of getting the keys to the users of the remailer --
not a terribly difficult thing; given a small # of remailers, all
could be queried in a second or two. A website that collated
the temporary keys (signed by a permanent one) would be a nice service.

Naturally you'd have to trust that at least one remailer was honest --
but you already do that, right?

-Declan