[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems with the Remailer System



Graham Toal writes:

> The trouble with the cypherpunk remailers is there isn't a single
> one of them I'd trust.  The overwhelming credo of the sort of person
> I've met in this area is that they want extreme absolute privacy
> for *themselves* but sneak and spy on everything they possibly
> can about everyone else.  (Oops - that sounds bad - I don't specifically
> mean the people who run cypherpunk remailers; I mean people who're
> obsessive about secrecy in general and hackers in particular.  Secretive
> hackers being the worst.)

I agree that more robust, more automated (less human intervention),
reputation-based remailers are needed. And the inevitable "abuse" of
remailers (such as with death threats,  mail bombs to newsgroups,
etc.) needs to be treated differently, in the long term, than by
compromising the security. (A Chaumian mix would have no manual system
for overriding security of course.)

Having said this, we're just beginning to learn about the practical
problems of remailers: the flakiness, the scheduling of multiple,
slightly incompatible remailers, and the reactions to abuse. This
learning process is what we expected, I think.

> And you can take it as read that every remailer will be logged by the
> Black Hats too.  Only double-blinded *encrypted* remailing is going
> to have any chance of maintaining secrecy, and then only if you go
> out of your way to explicitly chain round dozens of remailers in the
> hope of finding *one* that isn't compromised.  (And that, only if all
> the remailers are regularly spoofing traffic between themselves to foil
> traffic analysis)

I agree with Graham that several things are needed:

- more consistency and reliability, to make use of chains of remailers
acceptably convenient

(In my opinion, digital postage, with a _profit motive_ attached to
the operation of remailers, will ultimately make for less flakiness,
greater reliability, and an incentive to deploy more remailers and
then keep them up and running in a consistent way.)

- encryption through each remailer, for several reasons

- off-shore sites, out of the main jurisdictions (U.S., mainly), so
that some of the remailer hops can be located outside the domain of
any one nation's law enforcement powers

- padding, latency, background traffic, etc., to make traffic analysis
much harder

I think some of these things are happening, what with new software
from Karl Barrus, Sameer Parekh, and others, but there's a long way to go.


--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."