[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Receiving Messages Anonymously




Receiving anonymous messages is still an open problem.  The solutions
we have so far are cumbersome to operate.  They also depend on a chain
of machines remaining up and reliable for a long time, which is
expensive.

A quick solution is to use the list to send anonymous messages.  It is
inexpensive to tell if a message is encrypted for a key you control so
it is cheap to find messages you can read.

The nice thing about this solution is that it is quite difficult to
make a complete list of cypherpunk recipients given the multi-rooted
"tree" structure of the list.  There are leaves in many countries.
Even if every wire were tapped and tracked, it would be hard to
guarantee that people were not moving list traffic around on
diskettes.

To make filtering easy for people, I would suggest adding an
"X-Private-Message" field to the header.  For PGP messages, the
contents of this field could be "PGP-Key-Id:0xDEADBEEF".  (New formats
can be invented as new protocols are invented.)

Some people will object to this new form of "noise" message.  It
should be easy for somebody to set up a subsetted version of the list
which pre-filters the private messages.  (Although, how anybody can
read the raw list without a filter of their own is a mystery to me.)

A good reason to receive the complete list is that it conceals the
fact that you are receiving (or not receiving) anonymous messages.  If
you think you might ever in the future receive an anonymous message,
this will allow you to do so without revealing it.

This scheme could be attacked by actively intervening with the
propagation of the list and supplying people with different messages
depending on which branch of the "tree" they are on.  This could be
used successively to narrow the list of "suspects" receiving a certain
message.

There are two ways to prevent this.  One is to receive the list from
more than one source and compare the messages received.  If many
people are doing this, which is likely since each has a strong
motivation to detect this attack, then the first attempts should be
detected immediately.  The other method is to have a trusted person
post a signed list of message ids and checksums that have come down
the wire every day.

(Acknowledgement: This is probably a rehash of BlackNet.)

Peter