1996-05-22 - Re: Long-Lived Remailers

Header Data

From: “E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>
To: tcmay@got.net
Message Hash: 9a65b310c9d318aae5750e82675b62b8a9bab084cd61d4495ad95eeae8745cae
Message ID: <01I4ZMFV9HH88Y5IL9@mbcl.rutgers.edu>
Reply To: N/A
UTC Datetime: 1996-05-22 11:51:44 UTC
Raw Date: Wed, 22 May 1996 19:51:44 +0800

Raw message

From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 19:51:44 +0800
To: tcmay@got.net
Subject: Re: Long-Lived Remailers
Message-ID: <01I4ZMFV9HH88Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 21-MAY-1996 05:37:17.56

>At 4:56 PM 5/20/96, Rev. Mark Grant, ULC wrote:
>>With regard to the problems of remailers being shut down when we want
>>long-lived addresses, wouldn't seperating the input and output be one
>>possibility? That is (like Hal's Alumni remailer) you'd send mail to
>>'remailer@anon.ai' and it would be forwarded via a disposable account
>>elsewhere. All messages would appear to come from 'disposable@foo.com' and
>>if that account was shut down a new one could be opened to replace it
>>while incoming mail simply backed up at the main remailer account.

>This is a very good idea.

	Agreed.

>Traffic analysis will be quite easy to do, of course, as all mail sent to
>the persistent address comes out of the "disposable@foo.com" address.
>Q.E.D.

	As has been pointed out since your message, one could logically have
multiple remailers all using the same output account for messages. Extensions
on this idea would be having them use it only for ones going to other than
another remailer, to prevent the traffic from being noticed (if lots of
traffic to remailers is coming out of one account, someone's going to
notice...). Several people could run such output accounts, sending encrypted
data on how to access the latest one(s) to (a subset of) remailer operators.
(I say a subset in order to stop the NSA from running a remailer and letting,
say, AOL know about each new output account on AOL. If some remailer or
group of remailers wasn't told about a new output account, and the output
account lasted statistically significantly longer (controlling for level of
output), then that'd be cause for suspicion.) Which one was used for any
given message through a particular remailer could be randomly chosen from
those that remailer knew.
	Another aspect of this is that it would spread out the cost of
operating the output account. One way to deal with this would be to have
the postage going to the output account owner instead of to the remailer, or
two items of postage (one to the remailer, one to the output account owner), or
three items of postage (one to the first remailer in the chain, one to the
last, and one to the output account).

>(Hal, to use him as the example, could start using his own choice of
>remailer hops to accomplish much the same result. We've talked about this
>for a long time, too. If I ran a remailer, I think I'd route *all* traffic
>leaving my site through at least one other remailer...kind of a "hot
>potato" effect. Of course, if _everyone_ did this, an infinite loop would
result. Lots of interesting twists, though, as messages could be set to
"leak out" of the loops.)

	Oh? What's this idea?
	-Allen





Thread