1997-06-04 - Re: Who “invented” remailers?

Header Data

From: Tim May <tcmay@got.net>
To: Hallam-Baker <hallam@ai.mit.edu>
Message Hash: bce7a1f054cee532ee9869f5672fad22c7d78739fe3ca5924c1c154695f0a28d
Message ID: <v0310280cafba70127c0a@[207.167.93.63]>
Reply To: <v03102807afba566172be@[207.167.93.63]>
UTC Datetime: 1997-06-04 01:32:19 UTC
Raw Date: Wed, 4 Jun 1997 09:32:19 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Wed, 4 Jun 1997 09:32:19 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Who "invented" remailers?
In-Reply-To: <v03102807afba566172be@[207.167.93.63]>
Message-ID: <v0310280cafba70127c0a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



At 5:27 PM -0700 6/3/97, Hallam-Baker wrote:
>OK I'll partially retract the anti-government ranters comment
>since Tim wants to be included in it :-) I think it was clear where
>the comment was aimed however...

Well, in light of the comments recently from Rotenberg that we are just a
bunch of armchair activists, and in light of comments I've received that my
articles are no longer "must reads" but are instead just "rants," and
becuase I am well known to not be a C++ programmer (though I do have
Smalltalk, Mathematica, and Scheme on my system...now _those_ are my kind
of languages!), I felt you were broadly critiquing most of the list as not
having done anything for the "cause of cryptography." (Whatever _that_
might be, if it is not remailers, message pools, data havens, and pushing
for true digital cash, etc.)

>It seems that Tim did not explore the less salubrious areas of the net
>but the closing down of Wizvax and the first anonymizing mailer was closely
>followed by another service whose name I forget but the name Kleinpaste
>certainly rings a bell. 1992 would be about the right time period as
>well. Elf Sternberg at Compuserve might well remember the rest of the story.

1991-92 was indeed the time of both major branches of the "remailers."
Somewhere in my Cyphernomicon are some quotes from Kleinpaste and Julf, and
the context of their work. Here's one quote from the chapter on remailers
(available at
http://www.oberlin.edu/~brchkind/cyphernomicon/cyphernomicon.contents.html):

 + Karl Kleinpaste was a pioneer (circa 1991-2) of remailers.
              He has become disenchanted:
             - "There are 3 sites out there which have my software:
                anon.penet.fi, tygra, and uiuc.edu.  I have philosophical
                disagreement with the "universal reach" policy of
                anon.penet.fi (whose code is now a long-detached strain
                from the original software I gave Julf -- indeed, by now
                it may be a complete rewrite, I simply don't know);
                ....Very bluntly, having tried to run anon servers twice,
                and having had both go down due to actual legal
                difficulties, I don't trust people with them any more."
                [Karl_Kleinpaste@cs.cmu.edu, alt.privacy.anon-server,
                1994-08-29]


I don't know if Karl has written any longer articles on his involvement
with anonymizing services.


>I agree that the Julf mailer had big problems operations wise but I fear
>that the current mixmaster setup is a bit too unweildy for naive use.
>Like PGP I tend to see it as an advert to the authorities that you are
>likely to be up to no good. The CIA can probably find the information they
>really want by simply tracking PGP messages on the net and doing trafic
>analysis, same goes for the mixmaster class servers and the problem
>remains that there is no response facility.

We see this "they can probably track messages if they want to" view
expressed often. Especially by people who haven't thought about the issue
in detail, who perhaps just think it "only stands to reason" that the NSA
or CIA could backtrack trace messages if they wished to.

While not accusing Phill of being one of these folks who is just
speculating, I really encourage him to carefully look at this issue, to do
some calculations of the mix entropy introduced with sites use mix fan-ins
of sufficient size.

(Hint: 10 remailers each taking in 10 messages of the same rounded-off size
give 10^10 possible routings to follow. Of course, there are not 10 billion
messsages in all. But by the pigeonhole principle, in fact, it means any
final output message could have been any of the input messages. If the
remailers do not reveal input-output mappings ("collusion"), it is hard to
imagine traffic analysis doing much.

(There are important issues, discussed by several of us several years ago,
and more recently by Wei Dai and Lucky Green, dealing with correlation
analysis of messages sent and messages received...esentially pattern
analysis. Perhaps you will say "Ah, this is what I was referring to."
Perhaps.)

Look, casual assertions that the CIA can trace messages through
multinational chains of encrypted remailers, most with strong mixing
(latency), are just that: casual assertions.

We all agree that more remailers are needed, that  more mechanistic
(Chaumian sealed boxes) are needed, etc.

With 100 digital mixes, each taking in 100 messages before resending, there
are more routings to track back than there are particles in the universe.
Smoke that, CIA!

--Tim May




>
>I had an idea for an anonymous contact server in the Julf mould that was
>resistant to the legal attack. No logs of email addresses would ever
>be kept, to retreive responses from the server one would have to send
>a retrieval request to it, possibly including a password.
>
>For one time uses this would be enough. But if you wanted to get more
>comprehensive deniability you could require use of encryption and
>send back all the messages recieved within a particular partition of
>the database. Its pretty difficult to get a good system that allows
>a two way communication to be sustained.
>
>
>The idea was inspired by the crypto-SPAM refusal list that I'm currently
>doing a beta test on, try:-
>
>http://etna.ai.mit.edu/SPAM/
>
>Just don't tell the censorware folks...
>
>
>	Phill


There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









Thread