From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Fri, 6 Jan 95 11:16:09 PST
To: Nathaniel Borenstein <cypherpunks@toad.com
Subject: Re: Remailer Abuse
Message-ID: <ab3346570002100465bb@[132.162.201.201]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:28 AM 01/06/95, Nathaniel Borenstein wrote:
>Again, this comes down to definitions of anonymity.  In this case, if
>you start from the silly assumption that the anonymous remailer actually
>keeps records that correlate messages to payment mechanisms, Doug is
>right, but barely.  To break the anonymity, you'd need collusion between
>the operator of the anonymous remailer AND First Virtual, because the
>former knows which account sent a message, and the latter knows who that
>account belongs to.  (And before you tell me that this sounds a lot like

While this might be secure enough for some people, it is important to note
that it definitely is less secure then the current free remailer net.
Currently, if I send my message through 10 remailers, many more then just
two of the operators need to cooperate in order to get my true identity.  I
think that at least 8 or 9 of them do, actually.
In a First Virtual payment-scheme remailernet, no matter how many remailers
I send my message through, any _one_ operator, together with First Virtual,
can burst my anon bubble.

I suppose this still might be enough security for some people.  After all,
penet is enough security for some people.  But I'd guess that most people
using cypherpunks remailers instead of Julf's penet remailer aren't going
to be willing to settle for it, because it doesn't give you very much more
security then penet.  My trust of Julf, who has an amazingly good
reputation on the net and furthermore isn't in the U.S. (and presumably
isn't subject to U.S. government coercion), certainly isn't any less then
my trust of First Virtual. And if I'm still sending through 10 remailers,
which I'd be doing for traffic analysis reasons, any _one_ of them,
together with FV, can compromise me.  Weakest link in the chain.  Which
means my risk _rises_ with increased remailer chain length. If I was
willing to accept that level of risk, I'd just use penet which is much more
convenient.

The First Virtual method does seem possible for Julf's remailer, since
users are pretty much already trust Julf completely, so the Julf+FV system
isn't any less secure then the just Julf system.   But it's just not
anonymous enough for cypherpunks-style remailers.