1994-12-11 - Re: Remailing Services Questions

Header Data

From: “L. McCarthy” <lmccarth@ducie.cs.umass.edu>
To: cypherpunks@toad.com
Message Hash: 0b3dfc75a1a1fefa27d44da8328c131fc4314020e17dfd8b4da4ee49d7b10a2b
Message ID: <199412112321.SAA25454@bb.hks.net>
Reply To: N/A
UTC Datetime: 1994-12-11 23:17:03 UTC
Raw Date: Sun, 11 Dec 94 15:17:03 PST

Raw message

From: "L. McCarthy" <lmccarth@ducie.cs.umass.edu>
Date: Sun, 11 Dec 94 15:17:03 PST
To: cypherpunks@toad.com
Subject: Re: Remailing Services Questions
Message-ID: <199412112321.SAA25454@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

Anonymous writes:
> If you can, please also let us know if there is a way for us to subscribe
> via an anonymous remailer to an address we designate, like for instance
> with the command
> 
>       subscribe special@address.here
> 
> where the special address given is obviously different from the one in the
> header of the subscription message (which would merely be a remailer).

Could you explain this a bit more ?  I'm not sure what you're asking.

> Does anyone know more about Sameer's C2-services?
> In the interest of widespread usage, please post a summary to the entire
> cypherpunks-list.   Also urge others to copy, forward and post elsewhere.

First, here's an excerpt from http://www.c2.org:80/services/:

- - --- begin included text -----------------------------------------------------

Fully blind anonymity 
   If you want to protect your privacy and still have mail go to your normal
   mailbox (either at work, at school, or through any other way you get internet
   mail), you can sign up for the blind anonymous server. You can set up an
   alias with us and mail to your alias will get to you, even though we have
   *no* idea who you are or where mail to you ends up going. This is available
   for only $10 for about every five megs of traffic which goes through the
   system. When you sign up you will get about one meg of free traffic. Also
   available is a Blind Server Client to make things easier. 

- - --- end included text -------------------------------------------------------

I reproduce below the current contents of 
http://www.c2.org/services/blindserver.html:

- - --- begin included text -----------------------------------------------------

The Blind Anonymous Server


by Sameer Parekh <sameer@c2.org> Copyright 1994 

Introduction

I hatched up the Blind Anon Server because of Eric Hughes's comments about the
safety in ignorance. I wanted to run an anon server, maybe similar to Julf's
remailer, but I did *not* want to know the connection between anon-ids and real
IDs. I still wanted it to be easy to use so that someone who wanted to send mail
to an anonymous person need only send it to a standard mail address, instead of
using Hal's remailer return address block, which is an incredible pain to use. 

The system I have hatched up is relatively secure. If you take the proper steps
to secure your identity from me, even if I were keeping complete logs, I would
still know nothing of your true identity and if my records were subpoenaed, I
could freely hand over the contents of my records without any worry that the
privacy of my users will be violated. 

The system requires all commands to be pgp signed. Thus you will create a
public/private keypair for your anonymous identity, and all administrative
commands to the list regarding this identity must be signed by that key. You can
send list commands from any address-- an anon remailer, a friend's address,
Julf's remailer, whatever.. and as long as it is signed by your identity's key,
all will be well. 

If you don't want to deal with every detail of the server, you can just use the 
blind client program that's been written to make using the server much easier. 

Setup

First you have to create your alias on the anonymous server. Creating the alias
is easy, but setting it up to work right takes a bit of effort and bookkeeping
on your part. (Maybe I'll write a client which can take care of all the
bookkeeping.) 

Create a pgp keypair with a User ID of the form "Psuedonym
<alias@omega.c2.org>". Send your public key to admin@omega.c2.org with the
subject line, "addkey". This will create for you an anonymous id which can be
accessed via "alias@omega.c2.org". You should only send one key to the server in
any single addkey request. 

You have to choose an account name which hasn't been used before. In order to
get the list of all account names which have been used and are not available,
send a message with the subject "sendused address" to admin@omega.c2.org and the
list of unavailable names will be sent to address, with the body of your request
tacked on to the top, so you can use a remailer for the "address" and the body
can be an encrypted mailing block-- you need not reveal your identity to me in
any case. 

Starting an account gives you 1000 credits. 

Now if you would like to send a message to someone from your newly formed alias,
you can send a signed message to the administration address (admin@omega.c2.org)
with the "mailmessage" command. For example: 

::mailmessage
To: barney@black.net
Subject:  here's the plans to the stealth bomber
Keywords: bomber

        Here's the plans...
- - --END OF MESSAGE--

The message will be sent out from omega.c2.org just as if you had sent it out
using a standard mail program from omega.c2.org. 

Then comes the more complex part. You have to tell my anonserver how mail to
your alias will actually get to you. There are various levels of security which
you can use. Because the remailernet is not very reliable, the idea is that you
setup a number of paths which mail can get to you through, so that if one path
goes down you can still use the other paths to get mail. You can either
configure it so that mail to you goes through every path (for reliability with
less security) or one path chosen at random (more secure but less reliable). 

To add a path to your list of paths, you must send a signed message to the list,
with the lines 

::addpath firsthop
PATH INFORMATION GOES HERE
- - --END OF PATH--

The firsthop is the first hop along the path between my anon server and you. It 
can be your address, in which case there is a good deal of reliability, but you
get absolutely no good security. The "path information" is what gets tacked onto
the top of the body before the message gets sent to the first hop. Suppose your
firsthop was Hal's remailer, hfinney@shell.portal.com.. You would have something
like: 

::addpath hfinney@shell.portal.com
::
Encrypted: PGP

- - -----BEGIN PGP MESSAGE-----
Version: 2.3a

hEwCKlkQ745WINUBAfwPrO+z9LMBz7boyyC7gUqX/QCEZkXmJCeZYoskgtH5qqbi
y4mYUL5a0ApbzrhPs8ULkPnW2c4Pfr1AfYSSgvrzpgAAAEvJtPOuQsW8IVQfl+iW
CAr2gd5jax+t75qbux5U/RRxlbsq4cOeGrO/i/6Km6m71Vsdj0rquEQBvREnXxdj
81YsBM9QlFNxQAB8rrQ=
=Ylli
- - -----END PGP MESSAGE-----
- - --END OF PATH--

That pgp message is encrypted for Hal's remailer. When Hal's remailer gets the
message, it will have this block on the front of the body. Hal's remailer can
then decrypt it.. Maybe on the inside of this block you can put: 

::
Anon-Send-To: 

So then there's only one remailer on the chain between myserver and your real
address. For more security you can embed *another* hop to another remailer with
another encrypted address block. This can continue for as long as you want. The
longer the path, the more secure, but the less reliable. 

Once the path has been added, you will be sent mail (through the anon server)
encrypted with your key (all mail to your alias will be sent out encrypted with
your key) with the pathnumber that your command created. Store this path number
in a safe place, because you will need to use it when you test all your paths
for reliability. 

You can create multiple paths in this fashion. The remailer defaults to "spray"
mode-- this means that mail to your alias will be sent through *each* of your
paths. This adds reliability at the expense of security. (It makes traffic
analysis easier.) 

If you would like to turn off spray mode, send a command to admin@omega.c2.org: 

::randmode

To turn spray mode on: 

::spraymode

You can actually use this spray mode for more than just an anon-server. If you'd
like to create a mailing list, you can generate a keypair, distribute to
everyone on the mailing list the secret key, and everyone can send into the anon
server a path to themselves. Using spray mode, mail to the address will go out
to every path. This of course means that anyone can subscribe or unsubscribe
(Removing paths is described below) people to/from the list. 

The Credit Scheme

When you startup an account, you get 1000 credits. When mail is sent out along
one of the paths, credit is deducted from the account-- 1 credit per 512 bytes
of traffic. Note that if you are in spray mode credits are deducted for every
path which is active for your alias. 

If your account does not have enough credit, when a message comes in you will
get mail detailing the size of the message that was lost and the amount of
credits you have in your account. (Size is listed in 512 byte blocks) 

More credits will be added to your account upon receipt of payment for
additional credits to your account. The one thousand credits is in general
enough to take care of occasional mail using the 'nym. Only if you use the 'nym
heavily should you expect to run out of credits. 

Removing paths

If a certain path which you have active flakes out and becomes ineffective, you
need some way of turning that path off so you're not paying for it in spray
mode, and so you don't lose mail in random mode. That's what the disablepath
command is for. To run the disablepath command you simply send the command
(signed, as always) to admin@omega.c2.org: 

::disablepath pathnumber

Pathnumber, here, is the number of the path which was assigned when you created
that path. Hence it is useful for you to keep good records of your active and
disabled paths. 

It is possible to reenable a path once it has been disabled. In order to do this
you need to remember the path number and the remailer that it's associated with.
To recover a path you just send: 

::recoverpath firsthop pathnum

And the path with the number pathnum is reactivated, with the firsthop that you
give it in the recover command. 

Path Verification

You will likely want to keep tabs such that you know when a given path flakes
out on you. For this reaon the "regping" option is available. This command lets
you tell the system how often you want the anon-server to send a message through
every path of yours, with the pathnumber in the message (encrypted, of course)
so that you can keep tabs on which paths are flaking out on you. 

To set your ping frequency, use the regping command: 

::regping frequency

Where frequency can be none, hourly, daily, weekly, or monthly. Remember that
you are still being charged for these testpings. The system defaults to weekly. 

To get a list of all your active paths, use the command "showpaths". This
command will send out a listing of the pathnumber and first hop of each of your
active paths: 

::showpaths

Defeating Traffic Analysis

The system works in concert with remail@c2.org, which does the work to defeat
traffic analysis. All mail to each path is first sent through remail@c2.org for
added difficulty in traffic analysis. 

remail@c2.org is a standard cypherpunks remailer with PGP with a few added
features. All outgoing mail is not delivered immediately upon receipt. Outgoing
messages are stored in a pool until five minutes after each hour, when all
messages in the pool are delivered in a random order, ignoring the order in
which they came in. 

Every minute there is also a chance that a random uuencoded message is injected
into the remailernet. Each message injected into the remailer net is sent
through a random path of the remailers in the remailernet, usually between five
and 20 hops. 

- - --- end included text ------------------------------------------------------

> Last, I support the idea of a while ago that the remailer-operators mailing
> list should be open for public subscription so all those interested can get
> on and follow what is happened there.  But how do we subscribe?
> Let us know, Sameer!

remailer-operators is a Majordomo-managed list. Send mail to majordomo@c2.org
with "subscribe remailer-operators" in the body to subscribe to the list.
The list address is (surprise) remailer-operators@c2.org.

Hope this helps. I don't know anything about the Extropia message pool, sorry.

- - -L. Futplex McCarthy; PGP key by finger or server  "We've got computers, 
we're tapping phone lines; I know that that ain't allowed" --Talking Heads

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLuuINWf7YYibNzjpAQHhywP/W7F29XQGxxQ5m6trH4XgHaocfoSVr5h2
zSgjucQ3RkvNk++n8lX4LFKnqrd6s8tXoWm/dqKtUjLEOfP3lgLua3quh2x8PSSm
zzjklsrrdhCxKo5wwaacgaq1DtUP2AjTHhxjh9OFmuiI7tqw/N0Br9RyuGyKYxdt
LSvzP6e9+xA=
=BszC
- -----END PGP SIGNATURE-----
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLuuJeioZzwIn1bdtAQEXNAF/Q5ziXcXXBxdnV7bbNqZGMV8f9kJhD+d2
nfdNgEqH1183JG5AyMokIdsCqaEeM5qd
=IKyL
-----END PGP SIGNATURE-----





Thread