1995-01-20 - Re: The Remailer Crisis

Header Data

From: rishab@dxm.ernet.in
To: cypherpunks@toad.com
Message Hash: 4cb6b2208edc9e05695f9d3b51ba5853c34e9474b286736fc5fbf65c1be9ffc4
Message ID: <gate.1uq0yc1w165w@dxm.ernet.in>
Reply To: N/A
UTC Datetime: 1995-01-20 22:23:56 UTC
Raw Date: Fri, 20 Jan 95 14:23:56 PST

Raw message

From: rishab@dxm.ernet.in
Date: Fri, 20 Jan 95 14:23:56 PST
To: cypherpunks@toad.com
Subject: Re: The Remailer Crisis
Message-ID: <gate.1uq0yc1w165w@dxm.ernet.in>
MIME-Version: 1.0
Content-Type: text/plain



Tim urges recently that we need to do something about the "remailer crisis."

I remember Sameer once mentioning that he could set up remailer-in-a-box 
accounts for possibly anonymous 'sponsors' who'd be the legal owners therefore
indemnifying Sameer (the tolerant sysadmin) of responsibility. I know he allows
'remail-to-yourself' blind-server accounts for $10 / meg or something. That's
probably a bit expensive for a sponsor of a public remailer (any stats on 
average remailer traffic?). I never did here any more from sameer or anyone
else about remailers-in-boxed-accounts. I for one would be willing to 'sponsor'
a remailer account on any system with a small fee - I can't run my own as my 
private site looks at the world through PPP.

I suggest that 'sponsored' remailers are a better way of making remailers
economically viable for people like Sameer, who are the real, if not nominal,
administrators. Though I hardly use remailers, those who do would probably
make better (and more easily executed) use of their money if they sponsor
remailer accounts on Cypherpunk ISPs like c2, rather than pay a (truenamed, 
legally vulnerable) operator for any single remailer.

Sameer's blind-server code can come in use to make any link between the 
sponsor and her sponsored account very hard to detect.

The advantages of sponsoring remailer-site operators to create remailing
accounts, rather than pay an individual remailer operator, are many:
1. innocent until proven guilty - presumably sponsors do use remailers a lot;
   but not necessarily. So the payment transaction can be via truename, rather
   than via some complicated anonymous means, and still leave the sponsor
   unimplicated
2. legal - an operator of a single remailer is vulnerable - technically, if
   not root, and legally otherwise. an administrator of a Cypherpunk ISP is
   not, and does not have the legal right to monitor a customer's traffic,
   and with blind-servers even detailed logging don't lead back to the
   owner of an account, the sponsor, from any _specific_ remailer (though
   a pool of sponsors exist for a pool of remailer account)
3. technical - it's not possible to ban a single remailer, as they may be 
   _many_ on a site. If the site is much more than just remailers, it's not
   really possible to ban the entire site.
4. traffic analysis - more remailers addresses will make traffic analysis
   harder, and chaining more fun - you could chain through multiple accounts
   on a single site with little loss in reliability (though you'll still want
   to go through more sites)
5. remailer explosion - more reliable remailers (due to the '-in-a-box', more 
   users, wider distribution
   

Comments?


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                "In between the breaths is
rishab@dxm.ernet.in                                  the space where we live"
rishab@arbornet.org                                        - Lawrence Durrell
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





Thread