1997-06-04 - Re: Who “invented” remailers?

Header Data

From: Hallam-Baker <hallam@ai.mit.edu>
To: tcmay@got.net (Tim May)
Message Hash: db081dc609b632aa780d924be8f2cff4511162e522f066e8c8930dcff1c0a05d
Message ID: <199706040344.XAA12280@muesli.ai.mit.edu>
Reply To: <v0310280cafba70127c0a@[]>
UTC Datetime: 1997-06-04 03:50:00 UTC
Raw Date: Wed, 4 Jun 1997 11:50:00 +0800

Raw message

From: Hallam-Baker <hallam@ai.mit.edu>
Date: Wed, 4 Jun 1997 11:50:00 +0800
To: tcmay@got.net (Tim May)
Subject: Re: Who "invented" remailers?
In-Reply-To: <v0310280cafba70127c0a@[]>
Message-ID: <199706040344.XAA12280@muesli.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain

> Well, in light of the comments recently from Rotenberg that we are just a
> bunch of armchair activists, and in light of comments I've received that my

... Well Tim you did sorta ask for that particular comment... but passing on

> We see this "they can probably track messages if they want to" view
> expressed often. Especially by people who haven't thought about the issue
> in detail, who perhaps just think it "only stands to reason" that the NSA
> or CIA could backtrack trace messages if they wished to.

The point I was making was rather different, I think the total volume
of PGP mail of all types is probably not a large enough fraction of the
trafic on the net to be secure. Taking any use of PGP as prima facie
evidence of subversive activity probably provides a reasonable cut.

If you want to take this offline I can discuss actual examples of 
countries that use this type of trafic analysis. The point is to
identify social networks. Anyone attempting to conceal their social
network is probably subversive.

Note that the type of government I'm talking about here is way beyond
the US in authoritarianism, much more like the USSR of old.

> While not accusing Phill of being one of these folks who is just
> speculating, I really encourage him to carefully look at this issue, to do
> some calculations of the mix entropy introduced with sites use mix fan-ins
> of sufficient size.

How many people in total do you have using the mixers? How many mixers
are there? 

> (Hint: 10 remailers each taking in 10 messages of the same rounded-off size
> give 10^10 possible routings to follow. Of course, there are not 10 billion
> messsages in all. But by the pigeonhole principle, in fact, it means any
> final output message could have been any of the input messages. If the
> remailers do not reveal input-output mappings ("collusion"), it is hard to
> imagine traffic analysis doing much.

Not if the principle applied is that any use of the mixer taints the 
person concerned.

> With 100 digital mixes, each taking in 100 messages before resending, there
> are more routings to track back than there are particles in the universe.
> Smoke that, CIA!

If the total usebase is bellow 10,000 then identifying which person 
received which message is probably not too necessary.