From: Charlie Comsec <comsec@nym.alias.net>
Date: Tue, 23 Dec 1997 03:21:48 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer Logs (and Accountability)
In-Reply-To: <199712221346.OAA03091@basement.replay.com>
Message-ID: <19971222190006.27998.qmail@nym.alias.net>
MIME-Version: 1.0
Content-Type: text/plain




-----BEGIN PGP SIGNED MESSAGE-----

nobody@REPLAY.COM (Anonymous) wrote:
 
> I've been reading about Cajones, and having logs demanded, and
> about traceability vs accountability and so forth here.
>  
> Do remailers keep a trace of whoever sends them mail?  I sent
> this message from my desk to Replay and on to a mail2news gateway,
> can someone trace it back to my desk somehow?  That would hardly
> be anonymous, would it.  Sorry if this is/has been covered somewhere,
> but I can't seem to find a good nuts and bolts explanation of
> just how secure anonymous remailers are.

I suspect that if you polled remailer operators you'd find that some
keep logs and some don't.  I don't know about the Replay remailer.  Perhaps
Alex DeJoode (the operator of the Replay remailer) would care to comment.  Nor 
can logs necessarily positively identify you.  If kept, they would record when 
your message came in and when the post to usenet went out, but *PROBABLY* 
would not establish a conclusive link between the two.  Many remailers 
maintain a "reordering pool" where forwarded messages do not necessarily get 
sent out in the order they were received.

If you're concerned about backwards traceability via remailer logs, then
encrypt and chain your posts through several remailers.  If you do that,
your identity is protected unless *ALL* of the remailers kept logs and their
operators *ALL* cooperated in the effort to identify you.  If even one of the
remailers in the chain doesn't keep logs, then the trail back to you stops
right there.

IMO, any remailer operator that keeps logs is inviting trouble, but that's
their choice.  Some remailers are hosted on ISPs that automatically keep logs
and it is quite beyond the remailer operator's control.

If you sent this message directly to the replay.com remailer and didn't
encrypt it, then anyone along the electronic path between you and the
Replay remailer could have read it and known who posted it.  If you
PGP encrypted it, then it would take Alex DeJoode's cooperation to identify
you, assuming he kept logs.  If you had used encrypted chaining through at 
least three remailers, then no single person (except you) would know both
the source and final destination of the message.  The first remailer would
know who sent it but not where it was headed.  The second remailer would know
neither.  The third remailer would only know its destination (usenet) but not
its source.

- ---
Finger <comsec@nym.alias.net> for PGP public key (Key ID=19BE8B0D)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEUAwUBNJ6uGAbp0h8ZvosNAQHKjAf41cqbqQP6A+JXmZXJ9qpCg6nSL5760ZU8
CNv/TheuBvbsbGQ1bBi7zeWVtkCq+MK8XhTFKKLHw6sfyukgAaQY5toM5H+zHtaY
ITCQyGheSngySv/jD8RYYKNtHfk/aCEl9v8MYfTmiBotYp6eiSim3HZyTsNPH41L
wRnQc/90zcDmPe5sB6fJY0DxSywX+w7yyobwlCSvlTGWUeVVBntJY65RZysVwtHy
YbFplCehw3ygJ20OK1fWJUpVvYFUlY56SdnxPvZPaPO/5vO+zO6UTqvKX2WRfc23
DdF4OE45Y0DeVKgUkIzI3YeMn4WbVC1xLf7HCSYtsxRfwTjVdcj6
=7IdA
-----END PGP SIGNATURE-----