From: jim@bilbo.suite.com (Jim Miller)
To: cypherpunks@toad.com
Message Hash: 2ee77505a06a63aa73349ea39d8abd1e9c3fd446aa9f685a1e017dec2ce390a3
Message ID: <9401250202.AA12779@bilbo.suite.com>
Reply To: N/A
UTC Datetime: 1994-01-25 02:11:51 UTC
Raw Date: Mon, 24 Jan 94 18:11:51 PST
From: jim@bilbo.suite.com (Jim Miller)
Date: Mon, 24 Jan 94 18:11:51 PST
To: cypherpunks@toad.com
Subject: Re: REMAIL: Cover traffic
Message-ID: <9401250202.AA12779@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain
Hal writes:
> Several people have suggested that the remailers could send bogus
> messages amongst themselves in order to allow more "confusion and
> diffusion" of the other messages passing through the remailer network.
> The remailers could then batch up incoming messages fairly frequently
> and still have many messages in a batch.
>
> The problem with this that I see is that, looking at the remailer
> network as a whole, you still may have one message in and one message
> out a short while later. The fact that it was temporarily mixed up
> with a bunch of other messages doesn't help much if this message is the
> only one to leave the network. If the Opponent has the ability to
> monitor all traffic into and out of all nodes of the network (as he
> would have to do anyway to defeat remailers even without this cover
> traffic) then he will easily be able to find the messages which are not
> aimed at other remailers.
>
How about extending the "send bogus messages" idea all the way out to the
users of the remailer system? Part of the price of using the remailer
system is that you will occasionally receive a bogus message.
How might this work?
Assume remailers know the addresses of all (or most) of the other
remailers. In other words, assume a given remailers knows if an inbound
message came from another remailer, or came from a non-remailer address.
All inbound messages to a remailer from a non-remailer address would be
considered a "use" of that remailer. A remailer would maintain a list of
the addresses of "users" and would occasionally send bogus messages to a
randomly selected entry from its user list. Inclusion into the list would
be automatic. The list would be a large, but fixed sized FIFO, with old
entries dropping off the end automatically.
If the remailer system uses Digital Postage, then perhaps the bogus
message could be a token for a free Digital Stamp, good for one message.
I'm sure many will object to tracking the users of a remailer, but I don't
see how tracking can be prevented, other than by mutual agreement. Can we
use tracking to *increase* privacy?
Jim_Miller@suite.com
Return to January 1994
Return to “jim@bilbo.suite.com (Jim Miller)”