[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can someone verify this conjecture for me?



> From: [email protected] (Russell Nelson)
> > It seems like it solves two separate problems: 1) foiling traffic
> > analysis, and 2) foiling a cheater remailer.  The problems are
> > separate, really, because if you really, really trust the remailer (as
> > many people do Julf), then 2) isn't a problem.  All you need to do is
> > solve 1.  Or, you can solve 1) by using a single remailer.  A
> > necessary but not sufficient step to foil traffic analysis is to strip
> > headers.

There are a couple of advantages of chaining multiple remailers.
One is that traffic analysis is an art, rather than a science,
and to really foil it, you've got to know how good it is, which is hard.
Long-term patterns may show up even though the traffic mixes
are pretty good in the short run, and if you can spread out the remailer
use and increase the traffic load, plus constantly sending encrypted
traffic between remailers, it does make the job harder.
If the Bad Guys can isolate their target to a few remailer users,
they can often find the real one by rubber-hose or a small number
of wiretaps at the user locations instead of the remailers;
that's impractical if there are thousands of potential users in
multiple countries across the remailer-chain.

Another is that if one good trustable remailer can foil traffic
analysis, then multiple remailers increases the chance that
at least one of them is good.  Sure, Julf's a good guy, but what
if the KGB has kidnapped his grandmother, or the CIA has planted
wiretaps inside his computer - will you know if it's compromised?

There's also the reliability issue - what if the Finnish Phone Company
decides Julf is using too much of their resources and cuts him off,
or the Mafia steals one of your police-informants' remailers,
or the California Public Utilities Commission declares email to be
a common carrier and insists on auditing all transactions?
Multiple remailer in a strongest-link chain reduce the risks.

		Bill