[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remailer Abuse

To: [email protected] (Nathaniel Borenstein)
Subject: Re: Remailer Abuse
From: Adam Shostack <[email protected]>
Date: Fri, 6 Jan 95 14:11:20 EST
Cc: [email protected] (Cypherpunks Mailing List)
In-Reply-To: <[email protected]>; from "Nathaniel Borenstein" at Jan 6, 95 7:28 am
Sender: [email protected]

nsb wrote:

| Excerpts from mail: 5-Jan-95 Re: Remailer Abuse [email protected] (1180*)

| > Heh. An anonymous remailer paid for by credit card... there'd
| > have to be an additional level of indirection for it to work,

| Again, this comes down to definitions of anonymity.  In this case, if
 [...]
| two different countries.  For my part, I figure that if the government
| of Finland and the government of the US can actually agree that it's so
| important to force the sacrifice of anonymity in a given case that
| they're both willing to coerce companies under their jurisdiction, they
| will probably have a very good reason for doing so.   Maybe I'm too
| trusting, though.)

	Its also a matter of analysing your threats.  There may be
employees of one or more companies involved who might sell
information.  Then again, if you're selling plans of the B2 to the
Iraqis, the US & Norwegian governments might collude to track you
down, (and in the process, read a lot of other messages.)

| Excerpts from mail: 5-Jan-95 Re: Remailer Abuse [email protected] (2028)

| > Beyond that, though, are some traffic analysis problems -
| > remailers require a fair bit of traffic to be useful, and unless
| > you receive a reasonable amount of encrypted traffic, 
| > and support encrypted email for purchasing remailer service
| > and other merchandise, an eavesdropper would have a fairly good source
| > of traffic data on your remailer users, especially since buying and using 
| > remailer service requires two messages within an hour or so.

| Well, I think low-volume remailers are always a bit vulnerable to
| traffic analysis attacks, aren't they?    One thing you could do is
| build a variable time-delay into the remailer, to make it harder to
| correlate messages coming in with those going out.  To take paranoia a
| step further, you could allow people to encrypt their mail TO an
| anonymous remailer with the remailer's public key, and let the remailer
| send it out unencrypted.

	Time delay does not guarantee mixing, which is the intent of
time delay schemes.  Might as well mix directly, since thats what
you're trying to accomplish.  Someone (I think it was Hal) wrote up a
message describing the math involved.  And I don't think encrypting
the various parts of a remailer chain is very paranoid; I don't
particularly trust the remail ops not to read my mail.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume

References:
- Re: Remailer Abuse
  - From: Nathaniel Borenstein <[email protected]>

Prev by Date: Re: Remailer Abuse
Next by Date: Re: SysAdmin of the year
Prev by thread: Re: Remailer Abuse
Next by thread: Re: Remailer Abuse
Index(es):
- Date
- Thread