From: JMKELSEY@delphi.com
To: cypherpunks@toad.com
Message Hash: 72f977876f6e7c12cc5fa343be0caaab9aa23c6c2aa5f29d43dcfcf2fdf4dac7
Message ID: <01I7GBFL287694F9CD@delphi.com>
Reply To: N/A
UTC Datetime: 1996-07-24 21:36:31 UTC
Raw Date: Thu, 25 Jul 1996 05:36:31 +0800
From: JMKELSEY@delphi.com
Date: Thu, 25 Jul 1996 05:36:31 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <01I7GBFL287694F9CD@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
[ To: cypherpunks ## Date: 07/19/96 08:13 pm ##
Subject: Message pools ]
>Date: Wed, 17 Jul 1996 23:19:59 -0700
>From: Bill Stewart <stewarts@ix.netcom.com>
>Subject: Re: Message pools _are_ in use today!
>>2. The authorities already have identified a suspect, call him "Bob," and
>>wish to know if he reading (and perhaps decrypting) messages to "Alice."
>>As several of us have noted, #1 is tough--real tough. The authorities would
>>have to contact 10,000 or more ISPs who have local newsfeeds and subpoena
>>their logs of who read which newsgroups...assuming such logs are even kept
>Getting everybody is tough. Getting a lot of the potential suspects,
>however, isn't as tough as it looks - the vast majority of home Internet
>users are on AOL, Compuserve, Prodigy, UUNet, Netcom, or (RSN) AT&T.
>Anonymous Message Pool users are a bit more likely to use niche-market ISPs,
>especially under pseudonyms, but if the number of users increases
>significantly there'll still be a reasonable proportion on the big carriers,
>which are probably more cooperative and probably keep more complete logs.
There are two other factors.
1. If you're trying to figure out who anonymously posted the ``All
faggots must die'' message on alt.sex.motss, you have a very large
number of potential suspects. However, if you're trying to figure
out who anonymously posted the ``how to manufacture nerve gas''
post, your suspect list is quite a bit smaller. The condition for
technical information about cryptography or computer security is
similar.
2. It may be that the way you test your suspects is parallelizable
enough that you can do a ``dictionary attack,'' in which you go down
a list of people who you might suspect of posting something for one
reason or another, and test the hypothesis that each of them
actually did post it. Suppose I have such a test which can rule out
75% of my suspect list. This becomes a useful tool--especially if I
can track multiple posts by the same user and rule out more and more
of my suspect list as more and more messages are posted.
I wouldn't count on even heavily-chained anonymous remailer messages
to protect my identity from moderately wealthy and determined
attackers, if I did many anonymous posts. Writing style and topic
alone may narrow the suspect list down to a manageable number.
># Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
># http://www.idiom.com/~wcs
--John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMfZezUHx57Ag8goBAQGe+AP/fYWAfHmFwVdYvoQjAtcIAH5csUb2pWQi
GYfsluIY1Wn2sPTxf+2GoVvfmwRlhAgwGtOTav83tsP8KN6uB6MJTe3NO67gL7Cx
W1U7yNgC0Ebuyoxr4Hi4p3d0s57wroscy15O7/XgZ3Fcu+yi0lSoJOML86hipCUc
plb/XsYBLLE=
=sEbh
-----END PGP SIGNATURE-----
Return to July 1996
Return to “Paul Foley <mycroft@actrix.gen.nz>”