From: nobody@shell.portal.com
Date: Wed, 29 Jun 94 18:27:36 PDT
To: cypherpunks@toad.com
Subject: Chained Remailing Strategy and Tactics
Message-ID: <199406300128.SAA25746@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


--------------------------

In order to preserve anonymity and thwart traffic analysis in 
chained remailings, it would seem useful to include a very BUSY 
remailer in the chain, and try to ensure that the message arrives 
at the busiest time of the day for that remailer, from a traffic 
standpoint.  Hitting a remailer at a slack time when, let's say, 
only one message arrives over a period of several hours would 
seem most unwise.

Can some of the major remailer operators make available some 
"sanitized" traffic stats of average traffic by hour and day of 
the week?  The vox.hacktic.nl remailer sounds useful in this 
regard, since it apparently uses a UUCP link, and batches up 
accumulated messages, both incoming and outgoing.  When are the 
"best" times for chained traffic to arrive there?

Can someone familiar with remailer software answer something?  
When a message is encrypted, using the "Encrypted: PGP" header, 
will everything after the end of the encrypted message itself be 
ignored?  I ask, because this seems like a good place to 
introduce "padding" into the message length to thwart detection 
of identical messages, assuming that such extraneous material 
wouldn't screw something up.

What's the best strategy for utilizing a given group of remailers 
in a chain?  Which ones would be most advantageous as the FIRST 
link in the chain, since this is the one link that has direct 
address to the originator's address.

How would "someone", hypothetically, follow the chain backwards?  
Let's say that a message traveled down the chain A -> B -> C.  
Couldn't someone with enough clout ask "C" where a certain 
message (based on header data) originated, find out it was 
relayed by "B", ask "B" for the source, etc. and trace it all the 
way back to the source?  What, if anything, would prevent that?

For the sake of argument, let's assume a worst-case scenario: a 
chained message to "president@whitehouse.gov" containing a 
seemingly credible threat to harm the President of the United 
States, or perhaps a chained message, ultimately posted to Usenet 
via a mail-to-news gateway, containing the first part, with more 
installments threatened, of certain highly classified U.S. 
military secrets.  IOW, a scenario where powerful agencies are 
motivated enough to invest considerable resources in tracking the 
culprit down.

While we might agree that in those two cases, the persons deserve 
to be caught, what's to prevent a President or other highly 
placed federal bureaucrat from MISusing those same resources on 
something less critical, such as tracking down and persecuting 
someone who anonymously posts "Clinton is a prick" or "Clipper 
sucks"?

----------------------------