[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
message pools revisited
Someone once said that a system of remailers is as strong as its
STRONGEST link.
"As long as even ONE remailer in the chain is trustworthy, hiding the
connection between incoming and outgoing messages, your anonymity is
preserved."
While I agree with this in principal, I'm still not satisfied. I
want a remailer system that is secure from eavesdropping and traffic
analysis even if ALL remailers are untrustworthy.
You might ask why I am not satisfied with current remailer designs.
My unease stems mostly from irrational fears and distrust of the
people running the remailers. I don't personally know any of the
people who are running remailers. How can I be sure they are not
colluding? How can I be sure their machines haven't been penetrated
by the Bad Guys? It may be true that the remailer system is as
strong as its STRONGEST link, but how do I know where that strongest
link is? As long as there is any doubt, I'm not satisfied. Others
may feel the same, and refrain from using remailers.
With sufficient traffic, messages exchanged via a message pool are
secure from eavesdropping and traffic analysis, even if the message
pool is untrustworthy. The problem is, the message pool schemes I'm
familiar with (admittedly, not that many) don't scale up well.
One kind of message pool works like a mailing list. People subscribe
to the message pool by sending the message pool server their e-mail
address (and perhaps also a public-key). A member of the message
pool sends an anonymous message by encrypting it with the recipient's
public key and sending it to the message pool server. The message
pool server sends a copy of the encrypted message to every member of
the message pool service. Only the person who has the corresponding
private key will be able to decrypt the message. All other members
of the pool will get garbage. One benefit of this type of message
pool is that the messages come to you. You don't have to go and get
them. Also, if an encrypting remailer is a member of the message
pool service, then members can "route" messages through it to
non-members.
Another kind of message pool works like a BBS system. A person
sends a message by encrypting it with the recipient's public key and
sending it to the message pool server. The message pool server adds
the message to a pool of messages it maintains. Messages stay in the
pool for a finite time, and then are deleted. People periodically
downlaod the current set of unexpired messages from the pool and see
if they can decrypt any of them. If they find a message they can
decrypt, then the message was meant for them. The advantage to this
scheme is that there is no concept of a "member".
Some time last year, before I joined the cypherpunks mailing list, I
posted a message to sci.crypt suggesting that people create a news
group called "alt.crypt.messages" so people could exchange messages
anonymously. Some people said this was a good idea. Others said
that it was suggested before by others (it had). Still others said
it wouldn't work because people wouldn't carry the news group because
they wouldn't be able to know what kind of stuff was being sent
through it.
I think it is time to ask again. Do people think it would be a good
idea to create a news group for exchanging anonymous messages?
Alternatively, perhaps some cypherpunks with free time would like to
code up a simplified distributed message pool service modeled after
USENET. You would need servers to distribute the messages and
front-end "reader" apps to simplify searching for messages destined
for you. Any takers?
[email protected]