[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Communications Policy (fwd)
After sending the attached message to Johan Helsingius, I decided it
might be of general interest to the Cypherpunks list. It's a message I
sent out in December, originally, and which got debated.
Johan's concern about my "accusations" suggests there may be enought
newcomers to the list to justify republication of posts.
--Tim
From: tcmay (Timothy C. May)
Subject: Re: Communications Policy
To: [email protected] (Johan Helsingius)
Date: Thu, 21 Jan 93 9:49:00 PST
> > e-mail system kept by sysadmins. Sort of like the archives being kept
> > by some of the so-called anonymous remailers!)
>
> Hmmmm.... I find the accusation about anonymous remailers pretty strong.
> If you have proof of stuff like that happening, or even reasonable cause
> for suspicions, I feel the accusations and names of the sites should be
> published as widely as possible. That is the only way we can stop
> such unethical behavior.
Johan,
Attached below is the message I sent to the Cypherpunks list in
December, about remailers keeping logs. As I said in my message today
to the list, there was a debate about this, and an admission by
several remailers that they keep archives.
From: [email protected] (Timothy C. May)
Message-Id: <[email protected]>
Subject: A minor experimental result
To: [email protected]
Date: Sun, 13 Dec 92 22:49:45 PST
One of the purposes of setting up remailers is to experiment with
them, see what kind of emergent behavior appears, see what kind of
flaws and obstacles arise, see how they break, etc.
Here's one: the compromise of my "anonymity" by one of the folks
running a remailer. (Who and where don't matter, just the phenomenon
itself.)
I used a single bounce without any encryption to send a message and
got a query from the owner of the remailer saying "I couldn't help
looking through my remailer archives and noticing...." and requesting
more information from me!!
Hoist by my own petard!
Several lessons:
* Multiple bounces help, even without encryption, as then the remailer
sysop can't be sure who originated the message.
* Encryption is of course even more desirable, though a hassle
(especially for Mac users).
* Remailer sysops should make a point to _not_ look at their remailer
archives. In fact, they should discard them immediately (for their own
legal protection, and for slightly greater trust amongst users, though
this is a hazy area...).
(Recall that the "mix" on which our software-based remailers are
loosely patterned are "memoryless," i.e., the tamper-resistant modules
that implement the receive-decrypt-store-forward protocol have no
memory of the mapping between incoming and outgoing messages. In
fact, the outside world cannot possibly compromise the protocols to get
at this information.)
So, my laziness in using only a single bounce, combined with the
curiosity of a remailer sysop, breaks the anonymity.
Neither surprising nor profound, but I thought you folks would like to know.
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: by arrangement.