1993-03-27 - REMAIL: “Stealth” Remailers

Header Data

From: edgar@spectrx.Saigon.COM (Edgar W. Swank)
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 11cfdb872268f184dbce3341e94d7227f50ff3440b0dc12c768e6da134adff87
Message ID: <y6q31B8w165w@spectrx.saigon.com>
Reply To: N/A
UTC Datetime: 1993-03-27 15:44:22 UTC
Raw Date: Sat, 27 Mar 93 07:44:22 PST

Raw message

From: edgar@spectrx.Saigon.COM (Edgar W. Swank)
Date: Sat, 27 Mar 93 07:44:22 PST
To: Cypherpunks          <cypherpunks@toad.com>
Subject: REMAIL:  "Stealth" Remailers
Message-ID: <y6q31B8w165w@spectrx.saigon.com>
MIME-Version: 1.0
Content-Type: text/plain


In the wake of the forced demise of penet.fi, Dave del Torto

    >>> The anonymous service at anon.penet.fi has been closed down.

    This is a dark day indeed.  The forces of Repression are upon us
    yet again.

    OK, where do we set up the next one?  I guess the solution here is
    to have a floating set of difficult-to-detect anon remailers and
    switch between them regularly.

I have an idea for making remailers more difficult to find. This
applies only to systems where the remailer operator owns the
system, such as at wimsey.com.  (But a "system" can be just
a PC/XT with hard disk and modem - maybe under $1000).

Where the remailer operator controls the system, it's easy to
"forge" net headers. The problem is that once you send mail,
other systems are going to add "Received:" lines to the net
headers that point back to you.  I don't know how to stop this
once the mail leaves your control.

But it should be possible to add -extra- "Received:" headers,
indicating you received the message from some system "behind" you.
Should the "net police" trace an "offensive" message back to you,
you can point to the added net headers and say, "Oh, but this came
from -him-, not -me-; -I'm- just an innocent forwarder (not remailer)
of this message.  That SOB down at the end there must be running one
of those infernal remailers; Go get him!!"  By the way, these phony
added headers should all have -real- system names.

It's fairly easy to trace messages along the "mainline" internet,
because those are all "hard-wired" leased lines.  But there's another
class of system called UUCP which sends and receives messages over the
- -switched- network (ordinary dialup telephone lines).  Many of the
mainline systems accept UUCP accounts, so UUCP systems usually have
the same internet connectivity as the mainline systems for E-mail.
(They can't do FTP and Telnet).  Furthermore, UUCP systems can allow
other systems UUCP accounts, creating long chains over the dial-up
net.  Furthermore, a UUCP system can be set up with a minimal
investment in hardware.

A single hardware system can be -many- different UUCP "systems" by
just dialing into different UUCP "accounts".  A good strategy
is to accept mail for remailing at one well-publicized UUCP
address, but -never- use that same account for -sending- remailed
mail. Just use one of several -other- UUCP accounts for that,
adding phony "From:" and "Received:" net headers as explained above.

Be generous in accepting UUCP accounts from other systems; don't take
too much trouble verifying the registration info they give you.  Once
they've been on a while, start using their names in the phony
"Received:"  headers you generate.

Well, I'm not an expert on either the net or the "Waffle" software
used to run small UUCP systems (like this one).  But perhaps the
above ideas will prove useful to those of you who are.

Version: 2.2


edgar@spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Silicon Valley, Ca