1993-07-25 - Re: forged mail

Header Data

From: hfinney@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 46ee9c8ff14d0df8fe838d2049b30ceccded3b1cd2837a0b4503302a8f050473
Message ID: <9307242018.AA01350@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1993-07-25 00:03:51 UTC
Raw Date: Sat, 24 Jul 93 17:03:51 PDT

Raw message

From: hfinney@shell.portal.com
Date: Sat, 24 Jul 93 17:03:51 PDT
To: cypherpunks@toad.com
Subject: Re: forged mail
Message-ID: <9307242018.AA01350@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Peter Breton <pbreton@cs.umb.edu>

>   Actually, forging mail at the machine you're on en route to the remailer
> protects you against:
> 
> 1) Anyone who can snoop the message headers on the way to the remailer
> ("Tra la la. Let's keep a little list of everyone using those remailers...")
> 
> 2) A corrupt remailer operator.

It's not so much a matter of "corrupt" remailer operators.  The remailer
scripts on the cypherpunks FTP site are distributed with automatic logging
of the text of ALL remailed messages by default.  This is intended for
debugging purposes, but some of the remailers still operate in this mode.

This could perhaps provide some protection against liability for operators
of remailers, because they can trace back the source of an abusive message
that was sent through their remailers.  However, it obviously seriously
impairs user privacy.

The only logs my remailers (on hfinney@shell.portal.com and
hal@alumni.caltech.edu) keep are the date and time when they did an operation.
No record is kept of any message header or content which would allow re-
construction of sender information.  The date/time stamps just give me a
general idea of how much my remailer is used.

However, Eric Hughes has pointed out that most Unix systems can be configured
to keep logs of all incoming and outgoing mail.  Such logs could be used to
reconstruct input/output pairs, by observing that a particular message sent
to me was followed by a particular outgoing message a few seconds later.  I
have not been able to determine whether such logs are kept on the machines
I use (the directories which would hold them are protected) but it's safest
to assume that they are.

I think a better solution to the problem than trying forged mail is to use
a chain of cypherpunks remailers, some of which are user-owned and -operated
and which (I think) have policies of not keeping content logs.  The monthly
postings of remailer lists include information on which machines are user-
owned, although no information is listed presently about logging.

Since the whole point of a remailer is to lose incoming-to-outgoing
correspondence, it seems to me that logging should be minimized, otherwise
there is little point to running a remailer.

Hal Finney 
hfinney@shell.portal.com





Thread