| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 23 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 52:22:16 |
| Calls: | 583 |
| Files: | 1,139 |
| D/L today: |
160 files (21,799K bytes) |
| Messages: | 111,542 |
From: RProcess <Use-Author-Address-Header@[127.1]>[end quoted plain text]
Subject: Traffic Analysis Capabilities
Date: 24 Nov 1999 00:00:00 UTC
X-Deja-AN: 552487985
Organization: mail2news@nym.alias.net
Mail-To-News-Contact: postmaster@nym.alias.net
Author-Address: rprocess <AT> nym <DOT> alias <DOT> net
X-Potato-URL: http://www.bigfoot.com/~potatoware/
Newsgroups: alt.privacy.anon-server,alt.privacy
Message-ID: <19991124130008.27216.qmail@nym.alias.net>
Path: archive.newsdeef.eu!mbox2nntp-alt.privacy.mbox.zip!not-for-mail
The following document is an analysis of what capabilities may exist
to read and trace remailer messages, and who has which capabilities.
Although "the NSA is reading my mail" is a favorite comment, I've seen
little public analysis which presents remailer users with information
on what algorithms may be better than others, and what techniques may
be more effective than others in reducing such traffic analysis and
snooping.
The cryptographic community scoffs at this kind of document, and with
good reason. It is akin to saying "there's a backdoor in PGP" and
providing no proof. The cryptographic community uses facts. But in >assessing an unknown security threat people whose lives or fortunes
depend on cryptography piece together what clues they have and develop >tentative working assumptions. For obvious reasons these tend to be >conservative.
Please understand that very few hard facts are available. The best >code-breaking agency in the world, the US National Security Agency
(NSA), is very good at containing leaks. My information is pieced
together from various comments made over the years by people in
cryptographic and signal intelligence circles, and is also based on >observations I have made of irregularities in remailer mail, leading
me to believe that a system is in place to analyze and interrupt
anonymous email.
It is not the goal of this document to prove or even hypothesize
anything to the reader, or to present facts or justifications. This
is simply a transcript of common assumptions various individuals and >organizations use when they want their mail to be genuinely anonymous
and secure from all parties. It is a recipe of sorts. Salt to taste.
ASSUMPTIONS - WHO CAN BREAK WHAT
NSA
1kbit RSA
Completely vulnerable if the public key is available with
minor expense. Messages without the public key can be cracked
with some greater expense depending on symmetric algorithm.
2kbit RSA / 1-2kbit DH
Some keys are weaker than others, a random aspect of creation.
Only the NSA can tell which keys are weak or strong to them.
(When the military needs a key, the NSA may provide one which
has tested to be strong.) Messages without public key
available may or may not be secure.
3kbit+ RSA / DH
Generally secure. Some weak keys may exist. For maximum
security do not distribute the public key.
IDEA
Generally weak but somewhat expensive (time-consuming) to
crack on a widespread basis.
3DES
Presumed unbreakable or very difficult to crack. Probably the
NSA's worst symmetric enemy.
CAST
No information.
Connectivity
The NSA logs all data through major internet hubs and other
assorted points for analysis.
Echelon links: http://www.echelon.wiretapped.net/
Notes
Shares some intelligence data with UK GCHQ, Australian DSD,
etc. Performs some services for Naval Intelligence, CIA, FBI,
other.
US Military Intelligence
Largely depends on the NSA for codebreaking and provision of
crypto services. Naval Intelligence is known to have some
independent codebreaking abilities of unknown extent.
CIA / Other US and Foreign Intelligence
US, European, and Australian intelligence largely depends on the
NSA for codebreaking. Focuses on passphrase theft, insider
access, backdoors, coercion. Extensive surveillance capabilities
on focused targets. Capabilities of Russian, Chinese, other
SIGINT are generally far less than the NSA, due to hardware and
other constraints. 2kbit RSA probably secure. 1kbit
questionable. 128bit symmetric cyphers secure.
FBI / IRS / Federal Level Law Enforcement / Drug Enforcement
Depends on the NSA for codebreaking in special circumstances. In
general the FBI cannot crack strong crypto and relies on
passphrase theft, surveillance, and coercion. Very limited
abilities against most anonymous remailer messages except where
they receive tip-offs from the NSA, which appears to be rare.
State and Local Law Enforcement
No codebreaking abilities. In special circumstances may use
extended surveillance. Occasional tip-offs from intelligence.
Corporate and Military-Industrial Corporations
Limited codebreaking abilities. 2kbit RSA is secure. 1kbit RSA
is questionable. IDEA/3DES secure.
Civilian Organizations and Individuals / Press
Very limited codebreaking abilities. 512kbit questionable. 1kbit
and higher secure. IDEA/3DES/128bit symmetric cyphers secure.
REMAILER MESSAGES AND REPLY-BLOCKS
MIXMASTER
Mixmaster messages are completely transparent to the NSA,
generally opaque to others. (3DES is secure, but 1kbit RSA keys
used by Mixmaster are routinely broken by the NSA.)
At the same time, Mixmaster presents a greater obstacle to other
organizations which rely on traffic analysis, due to the use of
fixed-size packets.
Mixmaster messages are generally 'left alone' (not interrupted or
deleted).
CYPHERPUNK
Cypherpunk messages are generally opaque to everyone except the
NSA. 1kbit keys are routinely broken by the NSA. Some 2kbit keys
are broken. Larger keys are generally secure.
Cypherpunk messages are somewhat easily traced by the NSA, due to
key availability combined with variations in message size, PGP
versions, and other statistical patterns. Cypherpunk messages
which cannot be traced or cracked, and random messages may be
deleted en route by likely automated systems.
Other non-NSA intelligence organizations may have limited success
in tracing basic and larger Cypherpunk messages with aren't
remixed, the greatest hindrance being access to data worldwide.
Law enforcement is not known to trace chained Cypherpunk messages.
REPLY-BLOCKS
Reply-blocks are routinely traced by the NSA. A given encrypted
reply-block does not vary with each message. Remixing has no
effect because of the transparency of Mixmaster messages. Using
Encrypt-Key at each remailer makes the task more difficult, but
message size gives clues, and IDEA is somewhat transparent, though
perhaps costly. Encrypt-3DES is more opaque.
The NSA will often delete new untraced reply-blocks until the
owner is established.
Other than the NSA, most remixed reply-blocks are secure. Non-
remixed reply-blocks which use ek/ekx at remailers may be traced
given access to the data.
http://www.skuz.net/potatoware/PSKB-003.html
Reply-blocks which do not use remix or ek/ekx are easily traced
given access to the data.
http://www.skuz.net/potatoware/PSKB-001.html
Non-NSA intelligence and federal law enforcement may have some
access to the data en route, but may not have software to perform
analysis. State and local law enforcement generally have access
to data at the ISP only.
The NSA is presumed to have the key to nym.alias.net and the
remailers at LCS. Thus all messages there are transparent.
(Beware of PGP timestamps in config requests. Use Alter-PGP
Timestamp in JBN or the NSA can immediately trace you by the time
on your signature.)
AVOIDANCE
Avoid Mixmaster and use inflated, delayed, and well-encrypted
Cypherpunk messages to avoid the NSA, but be prepared for high
message loss. Other than the NSA, use of remixed reply-blocks and
Mixmaster chains is generally more secure and reliable.
In general it is currently unlikely that a usable reply-block can
be constructed which cannot be traced by the NSA. Any successes
are deleted outright by a likely automated tracing system, or
large numbers of messages on which the trace is lost are deleted.
Encrypt-3DES combined with Cypherpunk remailers with large
(3kbit+) keys present the greatest difficulty to the NSA, but will
also incur the greatest losses. Use new remailers and remailers
which change their keys regularly.
Use 2kbit keys at the nym-server. Distribute 4kbit+ keys for
message correspondence. When feasible, do not upload your public
keys to key-servers or make them generally available.
What does it matter that the NSA reads your mail or traces your
identity? Maybe not much. You can imagine the sorts of things
they come across snooping data worldwide. They presumably focus
on things which threaten 'national security', their snooping
abilities, or other less legal interests. They provide tip-offs
to other intelligence agencies and law enforcement when it suits
their purposes, but don't confuse them with a police force.
Intelligence communities are themselves highly involved in drug
trafficking, etc. There's plenty of dirt. Unless you're doing
something highly provocative you probably won't gain much
attention from them.
Beyond the NSA and those they inform or perform services for, it
appears that careful use of remailers and strong crypto is highly
secure, the greatest threat being passphrase and data theft and
coercion.
SURVEILLANCE
Crypto users should make themselves aware of general methods of
passphrase and key theft.
Trojans - software which runs surreptitiously on your computer and
monitors your keystrokes and other data, transmitting it to other
locations. This software is also increasingly being used by
corporations to monitor the activities of employees. Do some
research and install a firewall to help avoid this.
http://www.skuz.net/potatoware/atguard.html
Passphrase Guessing - Use good or random passphrases. The NSA and
others can apply billions of word combinations in guessing
passphrases.
Passphrase FAQ:
http://www.stack.nl/~galactus/remailers/passphrase-faq.html
Van Eck Phreaking - All electrical devices emit radiation. Guns
aimed at your computer from hundreds of meters away (through
walls) can read what's displayed on your monitor, what keystrokes
you're typing, and other signals. Thus the NSA, CIA, etc. can
drive up to your house and steal your passphrases and possibly
your keys without entry.
This technology isn't limited to the NSA and CIA anymore. It is
becoming increasingly available to the FBI and others. In fact it
is estimated that within five years PC cards will be available to
let you spy on your neighbors.
http://www.newscientist.com/ns/19991106/newsstory6.html
The technology to shield computers against Van Ecking is called
TEMPEST. The NSA recently declassified documents on TEMPEST,
overtly in response to a FOIA request, but probably to encourage
businesses to sharpen their defenses.
A ton of information on TEMPEST is available at
http://www.eskimo.com/~joelm/tempest.html
(Joel McNamara is the original author of Private Idaho)
You can see pics of and buy TEMPEST shielded machines here:
http://www.meco.org/
From: RProcess <Use-Author-Address-Header@[127.1]>[end quoted plain text]
Subject: Re: Traffic Analysis Capabilities [x2] [x2]
Date: 26 Nov 1999 00:00:00 UTC
X-Deja-AN: 553146604
References: <19991125164021.11641.qmail@nym.alias.net>
Author-Address: rprocess <AT> nym <DOT> alias <DOT> net
Organization: mail2news@nym.alias.net
Mail-To-News-Contact: postmaster@nym.alias.net
X-Potato-URL: http://www.bigfoot.com/~potatoware/
Newsgroups: alt.privacy.anon-server,alt.privacy
Message-ID: <19991126024018.4804.qmail@nym.alias.net>
Path: archive.newsdeef.eu!mbox2nntp-alt.privacy.mbox.zip!not-for-mail
On 25 Nov 1999 16:40:21 -0000 , lcs Mixmaster Remailer <mix@anon.lcs.mit.edu> >wrote
On 24 Nov 1999 13:00:08 -0000 rprocess <AT> nym <DOT> alias <DOT> net wrote: >>
The NSA will often delete new untraced reply-blocks until the owner is >>>established.
Interception and deletion are two different matters. Delete the reply >>blocks from what? From the servers at EFGA or MIT upon which they're >>stored?
How does NSA carry this out? Wouldn't the operators of the servers in >>question
notice such activity? Wouldn't they care? Are they employed by, or >>otherwise
in the service of NSA?
What you've said there is tantamount to saying the NSA has a free hand at >>those
servers, which is no different than saying, ultimately, that the nym "system" >>is *run* by NSA. Which is fine by me - at least I'd be getting something >>worthwhile for my tax dollars for a change. But it doesn't speak very highly >>of the people at EFGA and MIT in which so many have placed their trust.
I would say it is more likely that the nym config request is deleted before >reaching the nym-server, or that mail sent via the reply-block is interrupted >or deleted before reaching its destination, by rogue remailers, and >apparently also by network interruption. That is the only model I've found >which adequately predicts observed behavior. I haven't seen evidence of >reply-blocks once established being deleted from the nym-server. That would >provide positive evidence of compromised security, which is very consistently >lacking. If you get past knee-jerk incredulity it is in fact quite logical, >moreso than assuming the NSA is taking only a passive role toward untracable >worldwide communication.
As for nan, MIT has a strong DOD presence, so security there is questionable. >In fact your tax dollars do at least partially fund nan. Although I have no >reason to doubt the sincerity of the operator of nan, he must sleep sometime. >The key has not been changed in over 3 years, which I consider problematic.
A key kept that long becomes a security threat, both in terms of theft and in >terms of archived mail which is vulnerable until the key is destroyed.
I don't think nan is run to be particularly invulnerable to the NSA.
My best crackpot theory (and this is just a wild guess), is that at least a >handful of the NSA's 38,000 employees have the full-time job of handling the >anonymous remailer system. If you had that much time and those resources, >imagine what counter-systems you would have developed over the years.
This snapshot of govt thinking was written in 1996: >http://www.eff.org/pub/Privacy/Anonymity/strassmann_anti-remailer.paper
The Context
By far the greatest threat to the commercial, economic and political >viability of the Global Information Infrastructure will come from
information terrorists. Information terrorism has ceased to be an amateur >effort and has migrated into the hands of well organized, highly trained >expert professionals. Information terrorist attacks can be expected to
become a decisive element of any combined threat to the economic and social >integrity of the international community. Nations whose life-line becomes >increasingly dependent on information networks should realize that there is >no sanctuary from information-based assaults. Commercial organizations, >especially in telecommunications, finance, transportation and power >generation offer choice targets to massive disruption.
Information terrorism, as a particularly virulent form of information >warfare, is a unique phenomenon in the history of warfare and crime. For the >last two hundred years the theory of warfare has been guided by >"force-exchange" equations in which the outcome was determined by the rate
of attrition of each opposing force. In information attacks these equations >do not apply because the attacker remains hidden and cannot be retaliated >against.
Since biblical times, crimes have been deterred by the prospects of >punishment. For that, the criminal had to be apprehended. Yet information >crimes have the unique characteristic that apprehension is impossible, since >even identification of the criminal is not feasible. Information crimes can >be committed easily without leaving any telltale evidence such as >fingerprints, traces of poison or bullets.
Changes Introduced By Anonymous Re-Mailers
The introduction of Anonymous Re-mailers into the Internet has altered the >capacity to balance attack and counter-attack, or crime and punishment. The >widespread use and easy access to acquiring the capacity to launch anonymous >messages and software has so far not received adequate attention from a >policy and legal standpoint. This topic is sufficiently technical that it
has been largely avoided by experts who have so far concentrated on debating >social, legal, political and economic consequences of the Global Information >Infrastructure. Yet, unless there is a thorough understanding of the >technologies that make the Anonymous Re-mailers sources of a pathological >danger, there is little hope that effective preventive measures and >safeguards can be put in place.
In many respects, the avoidance of technical discussions about some of the >pathological aspects of the Internet remind me of the state of medical >diagnosis prior to the recognition that bacteriology, prophylactics and >inoculation can be only applied following the acceptance of rigorous, >analytic and experimental disciplines.
Our Agenda
The purpose of this paper is to bring to the attention of policy-makers some >of the relevant facts about Anonymous Re-mailers. All of the material quoted >here comes from public sources which are easily accessible to anyone. The >wide-spread current uses of Anonymous Re-mailers should be sufficient
warning that this topic cannot be considered any more as something hidden, >confidential or inappropriate for public discussion.
We find many similarities in the initial denials to the threats from AIDS by >the medical and public health establishment. We are dismayed by the
avoidance of a candid assessment by public officials about the vulnerability >of the Global Information Infrastructure to destructive information >epidemics. The purpose of this paper is to increase the awareness of >potentially deadly risks that may inhibit the potential gains from the >creation of a global information community.
What Is A Re-Mailer?
A re-mailer allows anyone to post messages to newsgroups or to individuals >while remaining anonymous. The identity of the sender is hidden from the >recipient and remains practically untraceable.
An anonymous re-mailer is a program that runs on a computer somewhere on the >Internet. When you send mail to the re-mailer address, the re-mailer takes >your name and your address off of the mail message and forwards it to its >next destination. The recipient gets mail that has no evidence of where it >originally came from, at least not in the headers. You might give away your >secret identity in the body of the message, but that would be the sender's >own fault.
Anonymous re-mailers can be "chained" so that a message is passed on from
one anonymous re-mailer to another, in two or more separate anonymous "hops" >as a way of making physical tracing or monitoring increasingly difficult.
One of the most prominent anonymous re-mailers is <anon.penet.fi> is in >Finland. It is frequently used by the Russian (ex-KGB) criminal element. ><Anon.penet.fi> assigns a numeric identification to each address from which >it receives mail. Internet recipients can reply to that secret number. ><anon.penet.fi> will also assign to them another anonymous number, and then >forward the reply. This creates a double-blind situation where two people >could have an ongoing exchange and never know who the other person was. This >method of communication is favorite for engaging services of cybercriminals >and for authorizing payment for their acts through a third party.
<Anon.penet.fi> can be also used to post a message to Usenet as well. The >message can be read by thousands of people, and anyone can send an anonymous >reply to the secret Finnish identity. The readers of this paper can easily >avail themselves of these services without any special training. Detailed >instructions for the use of a remailer service are usually included in the >"help" software posted in the remailer's files. For example:
To get an anonymous re-mailer address follow the following
instruction. First, you should send mail to: <help@anon.penet.fi>.
You'll get back a nice help file automatically. Next, send mail to
<ping@anon.penet.fi>. This will allocate your number--from now on
you'll be something like <anXXXXXX@anon.penet.fi>, where XXXXXX is
your number. Once you have received your anonymous address you can
use it like your normal e-mail address.
These capabilities are not trivial, but a source of an exhaustive body of >software and communications know-how which can be learned best by consulting >one of the many tutorials about this topic, such as<ftp.csua.berkeley.edu: >/pub/cypherpunks/re-mailer/hal's.remailer.gz>:
Cyberpunk re-mailers allow a person to send mail with no trace of identity. >To use a re-mailer simply do the following:
* Add the header Request-Remailing-To: and sending to one of the
addresses listed below. These headers must be typed in exactly. Mail
without these headers is either rejected or delivered to the re-mailer
administrators.
* If you cannot add the required headers, place two colons (::) on the
very first line of your message, then on the next line type
Request-Remailing-To: and the address you want to send anonymously to.
* Skip a line, and then begin the message. By using this method you can
send the message through more than one re-mailer which will certainly
ensure that it will be anonymous.
* Many re-mailers only allow one recipient per message. A number of
standard Cyberpunk Re-mailers are available.
There is a wealth of easily accessible step-by-step instructional material >available on the Internet how to use re-mailers and how to evade >countermeasures or possibility of detection from any source. Re-mailer >operators are in frequent contact with each other and exhibit many of the >fraternal habits that previously were shared between amateur radio
operators. Some of the most interesting sources of information are:
AndrA Bacard's anonymous re-mailer FAQ is an excellent nontechnical >introduction.
For a different take on Net anonymity, see L.Detweiler's home page.
Tools
* Private Idaho is an anonymous re-mailer utility for Windows, supporting
PGP, the cypherpunks re-mailers, and Mixmaster, and the <alpha.c2.org>
alias server. It too automatically configures itself based on this
re-mailer list.
* <ChainMail> is a re-mailer chaining utility for Mac users, by Jonathan
Rochkind. To use it, you need Eudora, MacPGP, and applescript, in
addition to a number of applescript scripting additions.
* <Privtool> is a PGP-aware mailer that also supports Mixmaster.
* The Community ConneXion has put the Web-premail gateway on its SSL
server. That means that you can send anonymous email from the Web
without exposing your message in the clear on the connection between
your Web browser and the gateway.
* Sameer Parekh's NEXUS Berkeley / Community ConneXion has a web page set
up for sending anonymous mail from your Web client.
* Michael Hobbs has set up Web gateway to premail. Now you can send
anonymous email directly from your Web browser. Don't use this for
extremely sensitive stuff, though, because it isn't quite as secure as
running premail yourself (in particular, the connection between your
Web browser and the gateway is not encrypted).
* A good source for re-mailer information is the Anonymity, re-mailers,
and your privacy page compiled by "Galactus". This is also the best
place to look for information about anon.penet.fi.
* Matt Ghio's re-mailer list is available by fingering
re-mailer.help.all@chaos.taylored.com. This file also has all the
public keys for PGP-friendly re-mailers. Matt also has a pinging
service similar to this one, available by fingering
re-mailer-list@chaos.taylored.com.
* Chaos is having problems getting recognized on the Net. Try
re-mailer.help.all@204.95.228.28 and see if that works any better.
Newer information can be gotten by sending mail to
mg5n+re-mailers@andrew.cmu.edu.
* Help for the Alpha alias server (also available in a plain email
version. This is the best way to create an alias for anonymous replies
to mail. Not only is it the most cryptographically secure, but you get
to pick the alias nickname of your choice. The email addresses are of
the form <alias@alpha.c2.org>. Highly recommended.
* Usura's home page has a bunch of re-mailer related stuff on it,
including a help page on chaining re-mailers.
* The Armadillo re-mailer now has its own Web page.
* Crown re-mailer help and statistics.
* Ecafe re-mailer has its own Web page, including quickie info about how
to use the re-mailer without encryption or any other extras.
Other resources
* You want to send secure mail to someone, but don't know their key.
Where are you going to get it? Try the keyserver at MIT.
* Vince Cate's Cryptorebel and Cypherpunk page has pointers to lots of
cypherpunk resources.
* John Perry's jpunix page has info on his MX service for hidden
re-mailers, as well as cool links for Mixmaster and other stuff.
* Lance Cottrell's home page, which has his Chain script, the Mixmaster
re-mailer client (including Sun binaries!) as well as other cypberpunk
related topics.
* Vince Gambino's re-mailer page has a good collection of re-mailer help
files.
Where Do You Find Re-Mailers?
Computers that offer remailing capabilities are operated by individuals or >organizations as a public service, almost always at no charge because it >costs so little to set one up. They are available globally. We offer a >partial list of re-mailers:
$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp
special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash
ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp
hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp.
hash latent cut post ek reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp
hash latent cut ek ksub reord ?";
$remailer{"syrinx"} = "<syrinx@c2.org> cpunk pgp hash cut reord
mix post";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash
ksub";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent
ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp.
hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash
latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix
pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp
hash latent cut";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp.
hash latent cut ek";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix
hash latent cut ek reorder";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp
hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp
hash latent cut ek reord";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
Much of the knowledge about the characteristics of these
re-mailers is available from <remailer-list@kiwi.cs.berkeley.edu>
Role Of Encryption
For added protection, users of Anonymous Re-mailers tend to encrypt their >messages just in case one of the remailing links are compromised. PGP
(Pretty Good Privacy) encryption is favored because it is freely available >and easy to use. A typical digital signature would look like this:
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMPDy4WV5hLjHqWbdAQEqYwQAm+o313Cm2ebAsMiPIwmd1WwnkPXEaYe9
pGR5ja8BKSZQi4TAEQOQwQJaghI8QqZFdcctVYLm569I1/8ah0qyJ+4fOfUiAMda
Sa2nvJR7pnr6EXrUFe1QoSauCASP/QRYcKgB5vaaOOuxyXnQfdK39AqaKy8lPYbw
MfUiYaMREu4=
=9CJW
-----END PGP SIGNATURE-----
For responses the sender will choose a passphrase. This phrase will be used >to encrypt messages sent back to you. The encryption will be single-key >encryption, not PGP's normal public-private key encryption. The reason for >this is that public key encryption is usually not necessary in such cases. >Single-key encryption does not require a database (such as in the widely
used <anon.penet.fi> database for mapping aliases onto addresses), thus >increasing the security of communications among anonymous users.
When a recipient responds to the e-mail, his response will be encrypted with >the sender's pass-phrase. The sender can read the response by saving it to a >file and using PGP on it. PGP will ask for the passphrase, enter the
sender's reply, which will make it possible for the recipient to see the >response to the e-mail. This feature allows both parties to be securely >encrypted, protecting privacy and anonymity in both directions.
How Reliable Are The Re-Mailers?
The knowledge about the characteristics, reliability and trustworthiness of >re-mailers is widely distributed through various bulletin boards. These are >consulted by persons deeply immersed in Internet-related developments. There >is an agile and very active global community that keeps track of the average >latency time, uptime of frequently used re-mailers. They post their
findings, which in many cases is superior to what a commercial customer is >likely to find out about their own data center performance, or about the >service quality offered by Compuserve, America-On-Line of Prodigy. Here is
an excerpt from such a bulletin:
hacktic remailer@utopia.hacktic.nl **** ******* 7:10 99.85%
c2 remail@c2.org -.-++ ++-.-+ 2:10:42 99.83% >rmadillo remailer@armadillo.com +++++ ++++++ 37:03 99.69%
flame remailer@flame.alias.net ** * ******* 14:55 99.64%
mix mixmaster@remail.obscura.com _ _-__...-++ 17:40:48 99.21% >amnesia amnesia@chardos.connix.com -+ +--+--- 2:04:43 99.20%
ecafe cpunk@remail.ecafe.org ## ##-## #-- 1:26:54 99.06% >extropia remail@extropia.wimsey.com .- -.----_. 13:48:11 99.04% >replay remailer@replay.com + +** ***** 5:36 98.84% >shinobi remailer@shinobi.alias.net -- -- - - + 54:43 98.78%
spook remailer@valhalla.phoenix.net * ***** - * 35:07 98.36% >vishnu mixmaster@vishnu.alias.net ** #-*# 7:44 98.20% >bsu-cs nowhere@bsu-cs.bsu.edu # # ##.# 28:07 97.78% >gondolin mix@remail.gondolin.org - --_.---- 9:45:55 97.62%
wmono wmono@valhalla.phoenix.net ** * * 12:23 97.57% >hroller hroller@c2.org #*+### -.. # 1:37:24 96.71%
ford remailer@bi-node.zerberus.de ._...--._. 21:21:22 95.83% >portal hfinney@shell.portal.com ########*# 27:36 95.55% >alumni hal@alumni.caltech.edu # # * + 25:47 95.29%
penet anon@anon.penet.fi . -- -- 13:55:20 87.78%
rahul homer@rahul.net +* *+**+* # 4:34 93.71%
robo robo@c2.org #-## 5:59 27.86% >History key
# response in less than 5 minutes.
* response in less than 1 hour.
+ response in less than 4 hours.
- response in less than 24 hours.
. response in less than 2 days.
Specialization Of Services
The operators of various re-mailers are specialized in that they cater to >select communities of Internet dwellers. They offer unique services to >customers who are seeking different degrees of anonymity. Cognoscenti in the >field can readily identify remailers who offer meets diffferent tastes and >preferences. Here is an example of remailer characterizations:
<cpunk> A major class of remailers. Supports Request-Remailing-To:
field.
<eric> A variant of the cpunk style. Uses Anon-Send-To: instead.
<penet> The third class of remailers (at least for right now).
Uses X-Anon-To: in the header.
<pgp> Remailer supports encryption with PGP. A period after the
keyword means that the short name, rather than the full email
address, should be used as the encryption key ID.
<hash> Supports ## pasting, so anything can be put into the
headers of outgoing messages.
<ksub> Re-mailer always kills subject header, even in non-pgp
mode.
<nsub> Re-mailer always preserves subject header, even in pgp
mode.
<latent> Supports Matt Ghio's Latent-Time: option.
<cut> Supports Matt Ghio's Cutmarks: option.
<post> Post to Usenet using Post-To: or Anon-Post-To: header.
<ek> Encrypt responses in reply blocks using Encrypt-Key: header.
<special> Accepts only pgp encrypted messages.
<mix> Can accept messages in Mixmaster format.
<reord> Claims to foil traffic analysis by reordering messages.
<mon> Re-mailer has been known to monitor contents of private
email.
<filter> Re-mailer has been known to filter messages based on
content. If not listed in conjunction with <mon>, then only
messages destined for public
<alpha> Supports nyms according to the protocol used by
alpha.c2.org. This list will be featuring reliability and latency
measurements soon for these nymservers.
A fascinating example of specialization is a re-mailer service advertising >the capacity to defeat "traffic analysis" used by intelligence agencies. All >mail to each destination is first sent through <remail@sitename> which is a >standard "cypherpunk" re-mailer with PGP with a few added features. The >outgoing mail is not forwarded immediately upon receipt. Outgoing messages >are stored in a pool until five minutes after each hour, when all messages
in the pool are re-transmitted in a random order, ignoring the order in
which they came in. Each message from the re-mailer is sent through a random >path of other re-mailers in the re-mailernet. This usually involves between >five to 20 "hops" from one re-mailer to another. In each case care is taken >for at least one of the "hops" to be in a country with especially relaxed >laws concerning electronic messages. Such measures would greatly complicate >any tracing that may be contemplated by a law-enforcement agency.
Why Re-Mailers?
E-mail is as fast and casual as a voice phone call, but can be stored and >retrieved with infinitely greater efficiency than paper letters or taped >conversations. An e-mail message can be re-broadcast the world over, by >anyone who comes across a copy of the transmission. Parts of any message can >be extracted, edited and easily modified. Meanwhile, the e-mail address of >the originator remains a label of its origin. If the storage of that message >is not protected - and it rarely is - it can be accessed by anyone who takes >the trouble to rummage through any of the many archived computer records
that may have received such message. A casual e-mail exchange, with an >identifying address, can be then used to compromise the originator. As
e-mail traffic takes over an ever increasing share of personal >communications, inspection of e-mail traffic can yield more comprehensive >evidence than just about any wire-tapping efforts. E-mail-tapping is less >expensive, more thorough and less forgiving than any other means for >monitoring personal communications. Without protection of privacy, browsing >through e-mail archives would become the preferred way for gathering
evidence in law enforcement cases. It would also be used as the favorite >means for collecting incriminating statements by lawyers engaged in civil >litigation.
In casual e-mail exchanges it is easy to make an error. When the message is >archived it could be used to haunt a person for decades afterwards. A
message intended for a particular individual may be passed on to hundreds or >even thousands of others. Unless its origin is anonymous, all e-mail can be >traced through identifying addresses that preserve the name of the
originator - as well as the names of those who forwarded it - wherever the >message traversed. Unless a message is handled anonymously, a trace is left >about everyone who received it or passed it on. It would be like a letter >that not only identifies the name and address of its author, but also >fingerprints of anyone who ever touched it.
It is one of the fundamental strengths of the Internet that it offers an >almost universal capacity for free expression of ideas. A person's opinions >can be sent anywhere in the world in a matter of minutes, with the >originator's name displayed at the top. Is it consistent with the rights to >individual privacy and freedom of expression to have one's name clearly >associated with a message than may be easily disseminated to unintended >recipients?
The issues here are the rights to the freedom of speech and to the rights to >personal privacy. Having the right to free speech may work well in the case >of verbal expression, but it may cease to have its intended purpose in face >of retaliation that may take place decades later. In a system that >theoretically can have infinitely large memory and indefinitely long >remembrance, the freedom of expression and become abused and perverted by a >government that does not respect individual rights.
With the widespread acceptance of Internet-mediated communications it was >recognized that the simplest way of securing privacy is through anonymity. >That's how anonymous re-mailers came into being. Given the technical >characteristics of Internet, there is nothing to prevent anyone to set up a >private (or public) anonymous remailing service. Any attempt to prohibit or >regulate the use of anonymous re-mailers is technically unfeasible. In a >democratic society it becomes politically unacceptable to suppress remailers >as potential sources of criminal acts. Such absolute prohibitions would
never pass through a legislative process in a free society.
Conclusion
Anonymous re-mailers are here to stay. Like in the case of many virulent >diseases, there is very little a free society can do to prohibit travel or >exposure to sources of infection. The best one can do is to start treating >the pathologies inherent in the Internet in the same way as we have learned >to deal with infectious epidemics. That calls for constructing new >institutions and processes that are analogues to inoculation, immunization, >prophylactics, clean water supply, sewers, hygiene, early detection of >outbreaks of diseases, quarantine, the offices of health examiners, the >Center of Disease Control and the World Health Organization.
The introduction of most of these restrictive means, imposed mostly by >government, were often opposed by those who saw in public health injunctions >infringement of individual rights. In due course an informed electorate
found it expedient to accept most of the sanitary measures for disease >control a bargain that was well worth it.
The history of public health teaches us that suppression of any disease must >be preceded by a thorough understanding of its behavior, its method of >transmission and how it creates its own ecology. As in the case of smallpox, >yellow fever, flu epidemics, AIDS or malaria, it will take disasters before >the public may accept that some forms of restrictions on the electronic >freedom of speech and privacy may be worthwhile.
It was the purpose of this paper to explain the characteristics of anonymous >remailers as one of the potential sources of infectious threats to the >well-being of our information-based civilization. We trust that this will be >seen as a useful contribution to an already raging debate of how to find a >balance between the desirable and the dangerous.
Paul@Strassmann.com and William_Marlow@cpqm.saic.com will be pleased to >respond to identifiable commentators on the points of view expressed herein [end quoted plain text]
Why is the chatbot having a meltdown?