[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: remailer hashcash spam prevention




At 11:19 PM 12/13/97 GMT, Adam Back wrote:
>> If there is in fact a requirement that the sender generate the hashcash,
>> then I am not sure this will work.  A nym reply block possibly does not
>> lead to an exit address, but rather to another reply block.  In fact, this
>> should always be the case.  
>
>I am not sure I understand the comment above.  Why should a reply
>block always point to another reply block?
...
>To point the whole reply block back to another newnym address adds
>additional protection but I would have thought most people use only
>one reply block.

If a person sends email from the source that also houses his nym identity,
then all of the eggs are in one basket.  A nym that points to another nym,
that perhaps points somewhere else like hotmail is needed.  Using only one
nym is about as safe as not using encryption.  It's fine for most purposes,
but can be broken.

I have gotten telephone requests from police, attorney general prosecutors,
private detectives, and others that ask for the identity of a remailer user
to be identified.  These are refused.  But I don't play games.  My response
is always I don't know, but if I did, I wouldn't tell you.

The attack on a single reply block is simple.  If the remailer machine is
seized, or if a VALID court order is received, we would turn the name over.
 (if anything about the request is incorrect, then we would refuse the
request and do so legally)  If we pull up the nym [email protected] and
discover it is [email protected] then the anonymity is over.  If however it
points to MrHash@anotherremailer then the identity is preserved a little
bit longer.  The only way to breach this is to seize all remailers at the
same time.

Better security would be had by having a public nym that receives email,
and a private nym that delivers email.

  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:[email protected]  
     http://www.efga.org/            run PGP 5.0 for my public key