[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: cfs & remailers



-----BEGIN PGP SIGNED MESSAGE-----

Bill O'Hanlon <[email protected]> wrote:

> In that case, even if I were to keep logs, all that anyone would know from
> a message is that a particular user used a remailer, or that a particular
> cleartext message had a certain remailer as its jumpoff point.  Not both.
> (Unless, of course, I'm in collusion with other remailer operators.  But
> that'salso a non-code issue.)

Collusion wouldn't be necessary.  If an interested party, such as 
a "TLA" were to follow the chain backwards, seizing the logs at 
each successive link, they could eventually find the originator 
of the message.  (This assumes that the logs were detailed enough 
to record each incoming and outgoing message, and match them up.)

> My personal situation is, I run a remailer on a home Unix machine 
> via a phone line UUCP feed.  I am the only user of this machine, 
> so I do not have to defend against users with local access.  My 
> efforts are intended to block the following foes: my service 
> provider and any node upstream of it, thieves/misguided law 
> enforcement types, and phone taps.  Encrypting something that I 
> receive in the clear over an insecure line isn't useful.

It is useful against after-the-fact snooping.  If they're 
monitoring you in advance, then no, it wouldn't be of much help.  
But let's say that someone were to anonymously post a portion of 
the classified Clipper algorithm to Usenet, with an indication 
that the rest was to follow in multiple installments.  There 
would be a very strong incentive for some TLA to attempt to trace 
and arrest this individual before the algorithm was further 
compromised, even if full-time monitoring of remailers wasn't 
already on their agenda.  If logs were not kept, or were securely 
destroyed often enough, then by the time the message came out in 
the clear, the data needed to trace through the early links in 
the chain would already be gone.

 -- "Diogenes II"

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLlLAQuRsd2rRFQ1JAQGutgQAmejmA2jS70yGUxT3dJrUnAkshdN28RHy
6pcndcbDsb7Ink4h0eAUMnGN7jxIok+1ltZQK4Lo+nFWCnerAmWd0mT5KihxkRb7
Yyl0cxYqpjD53uTHMZoIS7wyOy9SYPDX3qyNjzo4N6L5KQ1OaksZ+6kUAxVh07cO
UqhmI61ZUjE=
=R4sg
-----END PGP SIGNATURE-----