[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
> > A few rules of thumb result from even cursory examination
> > of the likely environment:
> > 5. Ultimately, the only way the remailers will provide
> > what might be described as Pretty Good Security will
> > be when we have software that maintains a regular
> > or random rate of messages to and from the remailer
> > cloud, a stream into which the meaningful messages
> > can be inserted with no visible change in traffic.
> > Until then, the best we can do is try to keep traffic
> > levels up, and to send and receive frequently enough
> > to frustrate end-to-end traffic analysis.
> Well, the existing remailer net doesn't make "Pretty Good" anonymity very
> feasible. I'd think something based on the general idea behind Crowds.
> (Furthermore, most remailer structures still can't erase some other security
> concerns --
> 1: remailers acutally can be hacked or physically compromised
> 2: clients really can be screwed
> 3: etc.
> To help solve the first, you'd want a two-box setup doing remailing, with the
> security-critical stuff loaded on a box not directly connected to the Net with
> something 140-1ish to make tampering harder, a secure OS, etc. -- or, of
> course, you can scrap all that to get really big remailer count.
As long as you do not see the box and do not control its manufacture,
I see no reason why you should have ny more trust in it.
> To help solve the second problem, there needs to be a better web-of-trust
> setup -- that is, one which applies to code as well as keys. Those who wish to
> verify code get a .sig-verifying program from a trusted source then use a WoT
> to authenticate various facets of the program necessary for security.
> A solution to the third problem is expected RSN.)
> > 6. Don't send anything that can have grave consequences.
> Remember the consequences to an adversary who uses its secret decoder ring,
> though: the more plausible it becomes that a certain source is being used for
> intelligence-gathering, the more likely it is that that source will promptly
> begin to run dry as the spied-upon realize that Something Got Broke. My
> advice, however, agrees with that of the other Anonymous. That is, unless
> you've really thought things out, think of an remailed message as merely
> .sigless, not anonymous.
> > 7. Take names. Always take names. Some day...
> > FUDBusterMonger
> > It Ain't FUD til I SAY it's FUD!