From: Bill Stewart <bill.stewart@pobox.com>
To: Sprokkit Amhal <sprokkit@hotmail.com>
Message Hash: 46fda2e5fc7362c78bded33a0ae55c943ed94771931eb13329ba61d799ee7a2d
Message ID: <3.0.5.32.19980607021342.008b1370@popd.ix.netcom.com>
Reply To: <19980604193606.27765.qmail@hotmail.com>
UTC Datetime: 1998-06-07 19:59:22 UTC
Raw Date: Mon, 8 Jun 1998 03:59:22 +0800
From: Bill Stewart <bill.stewart@pobox.com>
Date: Mon, 8 Jun 1998 03:59:22 +0800
To: Sprokkit Amhal <sprokkit@hotmail.com>
Subject: Re: anonymous mailboxes
In-Reply-To: <19980604193606.27765.qmail@hotmail.com>
Message-ID: <3.0.5.32.19980607021342.008b1370@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
>On Thu, 4 Jun 1998, Sprokkit Amhal wrote:
>> anonymous email boxes, whereby a user can receive email and even a
>> traffic analysis attacker is unable to glean information about who
>> received what when. I forget exactly what ve called vis method...
One way to do pseudonymous email boxes is to use a web-based
mailbox server such as hotmail and pick up the mail through
anonymizers or onion routers. Obviously you need SSL for the
anonymizer connections, and for the mailbox connection as well,
and the name of the mailbox needs to be in the encrypted portion
of the SSL requests rather than in the sniffable URL parts.
The main threat is eavesdroppers watching the anonymizers
over a period of time, picking up patterns that may not show
during a single mail pickup. So you need enough anonymizers out there,
or enough cover traffic on a smaller number of anonymizers,
but it should basically be doable.
It also helps if you can send mail to the mailer using the web,
with SSL and chains of anonymizers to do it, to protect the sender,
but anonymous remailers can also solve that problem.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Return to June 1998
Return to ““Sprokkit Amhal” <sprokkit@hotmail.com>”