[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A minor experimental result

One of the purposes of setting up remailers is to experiment with
them, see what kind of emergent behavior appears, see what kind of
flaws and obstacles arise, see how they break, etc.

Here's one: the compromise of my "anonymity" by one of the folks
running a remailer. (Who and where don't matter, just the phenomenon

I used a single bounce without any encryption to send a message and
got a query from the owner of the remailer saying "I couldn't help
looking through my remailer archives and noticing...." and requesting
more information from me!!

Hoist by my own petard!

Several lessons:

* Multiple bounces help, even without encryption, as then the remailer
sysop can't be sure who originated the message.

* Encryption is of course even more desirable, though a hassle
(especially for Mac users).

* Remailer sysops should make a point to _not_ look at their remailer
archives. In fact, they should discard them immediately (for their own
legal protection, and for slightly greater trust amongst users, though
this is a hazy area...).

(Recall that the "mix" on which our software-based remailers are
loosely patterned are "memoryless," i.e., the tamper-resistant modules
that implement the receive-decrypt-store-forward protocol have no
memory of the mapping between incoming and outgoing messages. In
fact, the outside world cannot possibly compromise the protocols to get
at this information.)  

So, my laziness in using only a single bounce, combined with the
curiosity of a remailer sysop, breaks the anonymity.

Neither surprising nor profound, but I thought you folks would like to know.

--Tim May

Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: by arrangement.