1995-01-06 - Re: Remailer Abuse

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Message Hash: 01600e3d90b0aabf98915db595d5ddf3abdc6420683702a600e0638d0b097e25
Message ID: <199501061911.OAA08861@bwnmr5.bwh.harvard.edu>
Reply To: <Aj3HRaf0Eyt5ExIApP@nsb.fv.com>
UTC Datetime: 1995-01-06 19:19:04 UTC
Raw Date: Fri, 6 Jan 95 11:19:04 PST

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Fri, 6 Jan 95 11:19:04 PST
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: Remailer Abuse
In-Reply-To: <Aj3HRaf0Eyt5ExIApP@nsb.fv.com>
Message-ID: <199501061911.OAA08861@bwnmr5.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


nsb wrote:

| Excerpts from mail: 5-Jan-95 Re: Remailer Abuse db@Tadpole.COM (1180*)

| > Heh. An anonymous remailer paid for by credit card... there'd
| > have to be an additional level of indirection for it to work,

| Again, this comes down to definitions of anonymity.  In this case, if
 [...]
| two different countries.  For my part, I figure that if the government
| of Finland and the government of the US can actually agree that it's so
| important to force the sacrifice of anonymity in a given case that
| they're both willing to coerce companies under their jurisdiction, they
| will probably have a very good reason for doing so.   Maybe I'm too
| trusting, though.)

	Its also a matter of analysing your threats.  There may be
employees of one or more companies involved who might sell
information.  Then again, if you're selling plans of the B2 to the
Iraqis, the US & Norwegian governments might collude to track you
down, (and in the process, read a lot of other messages.)

| Excerpts from mail: 5-Jan-95 Re: Remailer Abuse wcs@anchor.ho.att.com (2028)

| > Beyond that, though, are some traffic analysis problems -
| > remailers require a fair bit of traffic to be useful, and unless
| > you receive a reasonable amount of encrypted traffic, 
| > and support encrypted email for purchasing remailer service
| > and other merchandise, an eavesdropper would have a fairly good source
| > of traffic data on your remailer users, especially since buying and using 
| > remailer service requires two messages within an hour or so.

| Well, I think low-volume remailers are always a bit vulnerable to
| traffic analysis attacks, aren't they?    One thing you could do is
| build a variable time-delay into the remailer, to make it harder to
| correlate messages coming in with those going out.  To take paranoia a
| step further, you could allow people to encrypt their mail TO an
| anonymous remailer with the remailer's public key, and let the remailer
| send it out unencrypted.

	Time delay does not guarantee mixing, which is the intent of
time delay schemes.  Might as well mix directly, since thats what
you're trying to accomplish.  Someone (I think it was Hal) wrote up a
message describing the math involved.  And I don't think encrypting
the various parts of a remailer chain is very paranoid; I don't
particularly trust the remail ops not to read my mail.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume





Thread