1996-06-11 - Re: Multiple Remailers at a site?

Header Data

From: Scott Brickner <sjb@universe.digex.net>
To: loki@obscura.com (Lance Cottrell)
Message Hash: 808388e4b735496b6ea4b46dcd127e2eca48af3f4a6c1c4394362fce05370e07
Message ID: <199606101858.OAA29866@universe.digex.net>
Reply To: <added28f0302100472cc@[206.170.115.3]>
UTC Datetime: 1996-06-11 02:50:24 UTC
Raw Date: Tue, 11 Jun 1996 10:50:24 +0800

Raw message

From: Scott Brickner <sjb@universe.digex.net>
Date: Tue, 11 Jun 1996 10:50:24 +0800
To: loki@obscura.com (Lance Cottrell)
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <added28f0302100472cc@[206.170.115.3]>
Message-ID: <199606101858.OAA29866@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Lance Cottrell writes:
>At 12:16 PM 6/6/96, Scott Brickner wrote:
><SNIP>
>>The discussion was about multiple remailers from multiple accounts on
>>the same machine.  The very existence of the remailer, independent of
>>issues like shuffling and chaining, is supposed to eliminate
>>identifying the originator by the content of the message.  Message
>>shuffling, delays, and chaining are entirely for the purpose of
>>reducing the information available to the traffic analyst.  If several
>>remailers are running on the same machine, they may be treated as if
>>there were only one remailer, for the purpose of traffic analysis.
>>Getting more traffic going through them just makes the analysts job
>>easier, because his statistical conclusions are stronger.
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>I don't think I am following you. My messages are a constant size signal (I
>send N messages through the remailer). More traffic increases the
>background signal and background noise. While the signal to noise of the
>background gets better, the actual amount of noise went up so the ratio of
>MY signal to the background noise went down. Perhaps I don't understand
>what you are saying.

The TA isn't just looking at your messages.  All traffic through the
remailer represents data.  The S/N ratio is constant whether the
machine has a single remailer or a dozen.  The total traffic through a
machine with a dozen remailers is likely to be higher, since the total
number of remailers world-wide is so small, and users are looking for
fairly random and fairly long chains.  This means that the TA's
statistical sample is a larger fraction of the population (of total
remailer traffic), so correlations identified are stronger.

>I think multiple remailers on a machine are less effective than a single
>remailer with the combined traffic of all the individual remailers, because
>the combined remailer does better reordering from a larger pool.

I agree totally.  The whole point is that multiple remailers on one
machine are a bad thing.  If it weren't for traffic analysis, we would
be happy even if there were only one remailer world-wide that we felt
was safe from subversion.  Adding more remailers to the same machine
doesn't improve protection from traffic analysis, and may slightly
weaken it (by attracting more traffic).

Therefore, multiple remailers on a single machine are a bad thing.





Thread