From: nobody@shell.portal.com
To: cypherpunks@toad.com
Message Hash: b3c0360cfc0be35e961d9d1a8b016a27e115a6b1613ab1df7baecef0b4fcd9ac
Message ID: <199402051120.DAA15779@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-02-05 11:20:09 UTC
Raw Date: Sat, 5 Feb 94 03:20:09 PST
From: nobody@shell.portal.com
Date: Sat, 5 Feb 94 03:20:09 PST
To: cypherpunks@toad.com
Subject: Encrypted Snail Remailer.
Message-ID: <199402051120.DAA15779@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Disclaimer: Please take this as a work of science fiction, a short
monologue by the character in a novel. It is meant to stimulate discussion
and to express concerns that have recently turned from vague to clear, in
my mind. I have great respect for the people out here, but I can not help
myself. I very much want a secure network of remailers, but I fear the
problem is the design, inflexible and non-private, of the internet itself.
This is dedicated to those such as Phil Zimmerman and Pr0duct Cypher,
individuals who seem to see the larger picture, that which involves
humanity, not just internet culture 1994.
-=New Secure Remailer Service Announcement=-
For discussion purposes only until I post my mailbox address and buy that
128/256MB drive ;-) !
Ultimate in remailer technology. Only slightly slower than many Cypher
remailers, but much less traceable. Up to 250MB at once. Encrypt your
message with the (possibly anonymous) public key of a friend or contact,
signing it with your anonymous secret key. Encrypt that, along with the
friend's postal address, with my public key. Put it on a new DOS or Mac
floppy, or 128/256MB Optical Disk, avoiding finger prints and DNA on the
postage stamp. Send it with a fake return address from a pubic mailbox to
my yet to be announced post office box. I will decrypt the forwarding
address on my PowerBook, not at home, and mail it from various Manhattan
street mailboxes, with no return address (or one you send me). I will then
securely overwrite the file from my hard disk. Of course, you can include
an anonymous encrypted return address as part of your message to the
recipient. The cost is $5 cash, plus $1/MB of encrypted message to cover
the CPU time.
Express mail would in fact be AS fast as the serious Cypher remailers, but
would cost you $20 since I have to pay in cash at a post office, or get a
money order to use FedEx, and then make up a fake return address if you
leave one out. Until a new generation of internet remailers are produced, I
make claim to my remailer service being much more secure. There is also no
need keeping logs to protect my liability, since no one knows that my
remailer was where it came from.
One of the most serious weakness of any internet remailer is that you tell
someone spying on the recipient exactly which remailer site a piece of mail
came from, as well as when. I asked about faking internet mail but was told
that this was "frowned upon" for internet mail. Too bad. REALLY too bad.
With mine, it could be any individual in NYC, and the time of day doesn't
mean much. It thus involves a lot more than a few keystrokes on the assumed
NSA internet logging database to trace it back to the sender. Fairly
obvious and fairly illegal spying on me and the other manual remailers out
there would be required, as well as opening mailboxes before the mailman
arrived. A TEMPEST attack on a PowerBook in public in different locations
just isn't going to happen very often. Bugging my PowerBook isn't possible
since I always carry it with me (and know what it's insides look like in
detail).
Secure encryption being available to the common man is what will change the
world. I'm not yet convinced that internet remailers will have a similar
influence unless they are able to resist the presence of full site-to-site
monitoring by the government and hackers, a thing which should thus be
assumed by their designers. Cryptoanarchy doesn't mean the internet. It
means encryption.
Given that snail mail encrypted remailing is already possible, the reason
for a new, secure remailer generation isn't really security but is speed,
convenience, flexibility, and cost. The same reasons for ANY use of the
internet. But current serious remailers are neither fast nor convenient,
and they don't have a BILLION messages going through them a day to mix your
secret messages into, like postal mail DOES. They tag mail as having BEEN
remailed as well. Even when ALL e-mail is encrypted you haven't done
anything for anonymity until all e-mail is also REMAILED, with no logs or
remailer sites appearing in the headers. E-mail is free now. Remailing
needs to be free too, or what advantage has it over snail mail, given that
it does the same thing? The only way I can see all mail being remailed,
assuming it is already all encrypted, is if every personal e-mail account
was itself a remailer. I don't see this happening unless the Cypherpunks
themselves write the software for the "data highway". Otherwise I will
never trust remailers since as I've said to others, I can't SEE the wires.
PGP is what's happening. Digital money too. But the INTERNET, even with
(centralized) remailers is just a Big Brother nationwide wiretap. So don't
use wires.
What is my liability, if I am a remailer and the authorities intercept a
message to a gangster? None, since they don't know I remailed it. Can any
internet remailer be so lucky? I could say I don't KNOW if I remailed it
(no logs), even if they find a return address as encrypted in my public
key; "Any one of dozens of Manhattan snail remailers could have sent it."
However, if your return address IS encrypted with my public key, law
enforcement can, most likely LEGALLY, demand my pass phrase. Of course
they'll only know the return address using the pass phrase and secret key
of the receiver.
Again though, this situation is BETTER security than internet remailers,
since the pass phrase for the remailer is in my head, not plain text in a
perl code. They can't secretly download my memory, or at least not YET ;-).
Breaking into your remailer site without a trace is conceivable though. I'd
find it similarly attractive but more rewarding than dumpster diving.
Commercial sites are easiest, especially small high tech companies.
Are these sites TEMPEST secure? Tempest based on simple radio receivers is
primitive compared to what modern spectroscopy could conceivably do, even
at a distance. I'd imagine ACTIVE spectrosopies could do much more or you
could actively induce a current in a given direction at a given frequency.
How about having your CPU mail me its secret key and pass phrase? Things
like this are only getting easier, fast. VERY fast. Another reason to not
trust fixed-location centralized remailers. I don't even like the idea of
personal accounts on a Unix machine. Every laptop should be an internet
node, and an encrypted remailer. Only when central remailers are no longer
there to attack will we have safe anonymity without using snail remailing.
Hell I can't even get more than three fucking e-mails in response when I
ask for INFORMATION about the existing remailers. I thank Eli and Hal, but
I guess the NSA doesn't hand out info on the dozen Cypherpunk remailers IT
is running. Zero knowledge (yup), reputations (lowsy or non existent except
for anon.penet.fi), information markets (selling remailer pass phrases and
sendmail logs), anonymous networks (snail mail only), collapse of
governments (yes, but not using the existing nationwide wiretap, er...
internet). Fuck, I'm sounding like Detweiler. But I'm ranting for MORE
cryptoanarchy.
Another internet-like standardization such as that of e-mail headers, has
very sadly crept into PGP itself, weakening it as the secure encryptor. PGP
2.3a still has no "random data block" output format, in which the ONLY way
to even KNOW it's a PGP message is to successfully decrypt it. I asked
about this on alt.security.pgp, generated little interest, but was told a
future version may have this option (just gossip). I say it should be the
STANDARD. Internet-like standards should NOT be the guiding force behind
CRYPTOGRAPHIC standards. Get the fuck off the internet, and write me a real
encryptor. How can steganography work if it's so easy to figure out if what
is extracted is an encrypted message? Given the upcoming non-voluntary
second generation Clipper, steg will have to become the norm.
And don't port PGP to the Mac and Windows, port it FROM them; over 100
million strong and growing. "Five to one baby." News of the revolution will
not be posted. Thanks for PGP. Thanks for the CPU. Like those Cypherpunk
T-shirts though! Boot up and slam dance. Kewl! Nice sig!
If my remailer, the ONLY acceptably secure encrypted remailer that exists,
catches on, I may add a modem feature, involving pay phones. I've already
written the needed secure code (none). And remember, security begins with
people, not technology, always has, always will.
-=Xenon=-
P.S. gosub disclaimer.
-----BEGIN PGP SIGNATURE-----
Version: 2.3
iQCVAgUBLVM1wwSzG6zrQn1RAQF8kwP/YetocN9urSgB4X9u70ZABFeLawEkwu56
jFDWZgDG+Z/81vFkVWTC7gvfDDB4Rjy0qeEhuq187zeRJ3fKCRPkkHz7swDV3V+o
RA9waKWz7tdxglkW98bJIKpC9rYp4lvtxPWgtAsLTs6b9tJqvXmp2S+OcjcyV6sE
gKI25vPg5Ww=
=zjED
-----END PGP SIGNATURE-----
Return to February 1994
Return to “nobody@shell.portal.com”
1994-02-05 (Sat, 5 Feb 94 03:20:09 PST) - Encrypted Snail Remailer. - nobody@shell.portal.com