[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Remailer Software Sites/Comparison
-----BEGIN PGP SIGNED MESSAGE-----
Wei Dai writes:
> Can anyone give an overview of the remailer packages that are currently
> available? What features and differences do they have, and where to get
> them?
Raph Levien's Remailers WWW page has links to most of the material on
the remailer software of which I'm aware:
http://http.cs.berkeley.edu/~raph/remailer-list.html
The remailer-help file from [email protected] gives an ftp directory
from which one may ultimately obtain Lance Cottrell's Mixmaster code, after
following an export control process which I assume resembles MIT's method of
distributing PGP. Lance sent out a first draft of instructions on the
mixing (including packet splitting & recombination) features of Mixmaster to
the list a few months ago, which I enclose below. Mixmaster is the latest
and most sophisticated of the remailer packages I've seen, so I'd
recommend it to anyone looking to install a new remailer in North America.
- -L. Futplex McCarthy
===== forwarded message follows ===============
Date: Sun, 20 Nov 1994 17:07:02 -0800
To: [email protected], [email protected]
Subject: 1st Draft Mixmaster chaining instructions
Sender: [email protected]
Precedence: bulk
X-Status:
[...]
Here is the first draft of the instructions for using Mixmaster to
build remailer messages. I am posting it to give a flavor of what the
program does, and to request comments, both on the features and on
the clarity of the help file itself.
Instructions for using Mixmaster to create type 2 remailer messages.
I assume that you have either compiled Mixmaster, or that you have acquired
a precompiled copy.
While you do not need PGP to use Mixmaster, it is useful for key
management, and is required if you desire security of the content of the
message you are sending (which will be visible to the last remailer).
Theory and purpose of remailers:
The purpose of anonymous remailers (hereafter simply remailers), is to
provide protection against traffic analysis. Traffic analysis is the study
of who you are communicating with, when, and how often. This reveals more
than you might expect about your activities. It will indicate who your
friends and colleagues are (and they can be told apart by looking at the
times you contact them). What your interests are, from which catalog
companies you contact, and which ftp and WWW sites you visit. Traffic
analysis can even reveal business secrets, e.g. your frequent contact with
a rival could give hints of an impending merger.
Remailers protect your email from traffic analysis. The original remailers
did this by removing all headers, except the subject line, from any message
you sent to them and then forwarding them a destination of your choice. The
recipient of such a message would not know who had sent it.
The addition of encryption to this scheme gave significant protection from
attackers who simply look at passing messages for to and from fields.
Passing a message through several remailers in a row is much better, but
still vulnerable to an attacker who can watch messages go into and out of
each remailer.
Two more elements are required: messages must be reordered within the
remailer before being forwarded (this is being done by a few of the old
style remailers), and all messages must be indistinguishable. This last is
the primary improvement with the type 2 remailer, Mixmaster.
Using type 2 remailers:
The trend towards ever more complicated remailer message formats has been
clear for some time. Several programs have been written to automatically
build messages which will be remailed by several remailers. This process is
called chaining.
With type 2 remailers it is no longer possible to create these messages by
hand. Mixmaster takes a message you wish to send, a list of remailers to
chain it through, and a final destination, and builds the packet which the
remailers will use. For simplicity I will first describe the interactive
use of Mixmaster, then I will discuss how it can be controlled through
command line arguments.
Interactive use of Mixmaster:
If you run Mixmaster with no arguments, you will be prompted for all the
required information.
First you will be asked to specify the final destination of the message.
This is the full email address where you want your message delivered.
Remember that the message is being sent by the last remailer in the chain,
so you must specify the full internet address (e.g.
[email protected]), you may not use local mail aliases. You may enter
multiple recipients on separate lines. Hit return on a blank line to stop
entering destinations. You must have at least one.
Next you will be asked to enter any headers you want to have inserted
before the message. These are those lines at the beginning of email
messages, like From: [email protected], or Subject: Party invitation.
If you want your message to have a subject when it is delivered, you must
enter a line
Subject: your subject here.
Note that Subject must be capitalized, with the : and space as shown.
A subject header can be added by using the -s command line argument.
When you are done entering headers, hit return (it is OK to have zero headers).
You will now be presented with a list of remailers through which you can
chain your messages. The order in which you choose them is the order in
which they will be traversed by your message. You may choose up to 20 of
them, but remember that the reliability and speed of the chain diminish as
the number of remailers in the chain increases. Four is a reasonable number
of remailers to use. It is fine to use a given remailer more than once in
your chain. Press return on a blank line to stop entering remailers.
Finally you will be asked what file you want to send. This must be an ASCII
file. You may either enter the name of an existing file, or you may choose
to enter the message directly by typing "stdin" as the file name. This is
intended for use by scripts. There are no editing capabilities when using
stdin. Enter the end of file character (EOF is ^D) when you are done
entering the file.
Mixmaster will now build the type 2 remailer packet, and send it to the
first remailer in the chain.
Command line arguments to Mixmaster:
Mixmaster [-c] [in.filename] [-f] [-s "subject"] [-o "outfile"] [-to
[email protected]] [-l 3 2 6 ...]
-c this indicates that chaining rather than remailer functions are
desired. It is a NOP since chaining is the default operation.
"filename" if a filename is given, then this will be used as the input
file. As in the interactive mode, you may choose "stdin". No filename will
be prompted for.
-f filter mode. All prompts suppressed, but input still accepted as
described in the interactive section. The remailer list must be specified
on the command line.
-s "subject" Adds a subject line to the message. The user should NOT
include Subject: in this string. Mixmaster will not prompt for other
headers if -s is used.
-o "outfile" Specify an output file rather than sending the message to
the first remailer automatically. If outfile is "stdout", then the remailer
packet will be printed to stdout.
-to [email protected] specifies the final destination of the message. Only one
destination can be specified. Mixmaster will not prompt for other
destinations if -to is used.
-l 4 3 5 ... Specifies the list of remailers to chain through. This must
be the last argument on the command line. A maximum of 20 remailers may be
specified. Mixmaster will not prompt for other remailers if -l is used.
- --------------------------------------------------
Lance Cottrell who does not speak for CASS/UCSD
[email protected]
PGP 2.6 key available by finger or server. Encrypted mail welcome.
Home page http://nately.ucsd.edu/~loki/
Home of "chain" the remailer chaining script.
[...]
- ---
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service
iQBFAwUBLx97BioZzwIn1bdtAQEMvQF/RlnlugSboXC/+LtZoyfVm4Blc4/do0re
59XYOo7Vs/AQRWLZU4iM8h65axpr7G3f
=VW+M
-----END PGP SIGNATURE-----