[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) Gov't run anon servers



I have run two remailers for about three years now, and I have never been
contacted in any way by law enforcement or government people in relation
to the operation of the remailers, or of any mail which has been sent
through them.  I get a fair number of complaints by private individuals,
but I have never heard anything from the government.

However, if I were a computer-savvy law enforcement agent, and I wanted
to track messages through one of my remailers, I would try a
technological approach.  I would first break the key for my remailer.
That is trivial.  The passphrase is in PLAINTEXT in the script file
which runs the remailer!.  It has to be.  That is true of all automated
remailers.  Anyone who can break into the remailer server and acquire
root permission can find the remailer secret key.  My keys have been
unchanged for three years.  Surely some enterprising hackers have
stolen the keys by now.

(That is why my keys are only < 512 bits.)

Then the LEA has to insert mail-monitoring software somewhere either in
the remailer system or on some connection to it.  That is probably more
difficult and may require cooperation from a system manager somewhere.  I
don't really know how hard it would be.  But breaking the key is the easy
part.

Hal