1994-01-28 - Re: REMAIL: Cover traffic

Header Data

From: nobody@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 588c73b145881711c6629df64b5fbfa1ab331f5d82ad40d0d375c372afce53ba
Message ID: <199401281604.IAA20078@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-01-28 16:07:56 UTC
Raw Date: Fri, 28 Jan 94 08:07:56 PST

Raw message

From: nobody@shell.portal.com
Date: Fri, 28 Jan 94 08:07:56 PST
To: cypherpunks@toad.com
Subject: Re: REMAIL: Cover traffic
Message-ID: <199401281604.IAA20078@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal <hfinney@shell.portal.com> writes:

(lots of neato diagrams...)

     Your diagrams do ignore the idea that the noise sources and 
bit-buckets can be the same addresses, so that real traffic between
the noise sources is completely masked. The value of this depends on the
number of noise sources.

>So, since the eavesdropper must monitor the whole network in order to
>follow messages even without cover traffic, I think it is fair to
>point out that adding cover traffic doesn't help much against an
>eavesdropper who can monitor the whole network.

     Not to put too fine a point on it, but what about the possibility of
unscrupulous remailer operators with incomplete knowledge? You want to
be protected on that all-important first hop. My guess is that most
messages sent thru remailers end up *posted* someplace, like here or
Usenet (or every mailing list in the country :). With low traffic volumes,
a mailer operator can see a rant show up on CPs, check his mail logs, and
say "hmm, <screwball@undergrad.frat> just used me for his first hop", and
actually have a reasonable probability that the two are connected.

     However, a bunch of people with gongs and whistles making noise in
the operator's ear will make this nearly impossible.

>The real solution, as suggested by the diagrams, is to have a large
>volume of true remailed messages in the network - messages which go to
>a wide variety of people.  Individual users can protect themselves to
>some extent by serving as cover-traffic generators and bit-bucket
>receivers; but this does not protect other users who are not able to
>perform these functions.

     Right! People who want more security will generate lots of noise. People
who don't use remailers at all can generate lots of noise. The bottom
line being that generating noise increases your security as an individual
a great deal and helps everybody else to boot.

In theory you're completely right Hal, but in practice I think there's
more to it.

faust's dog

Version: 2.3a