[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: random remailers




I've been thinking about random remailing paths for a while now, and I
must admit that I don't know if it's on the balance a positive or
negative thing.  My view is: give the user the option.

The positive points:

Traffic analysis *MAY* be more difficult.  If you are receiving a
large quantity of traffic, it won't all follow the same path, so it
won't show up as a big spike in traffic between any two hosts.  On the
other hand, it will all need to converge on you anyway.  You just need
to hide the incoming traffic with bogus outgoing traffic.  If you
intend to receive a large amount of anonymous mail, it would be wise
to run a popular remailer.

New remailers get up to speed faster.  With the remailer network
handling the addition of new remailers automatically, an announcement
of a new remailer could result in sufficient cover traffic quickly.
If you have to wait for PEOPLE to decide to use the new remailer, it
will ramp up much more slowly.  On the other hand, cover traffic could
be handled randomly, even with real messages always being staticly
routed by people.

Negative points:

Your messages travel through more hosts, increasing the likelihood of
having them encounter a compromised host.  This is more pronounced
since it is difficult to evaluate the reputations of hosts when you
have only indirect control of their selection.  On the other hand, we
would like our systems to be immune to the compromise of even a
moderately large portion of the remailers.

A difficult question to be sure.  That's why I advocate giving the
choice to the user.

-eric messick