8.5.1. The Basic Idea of Remailers
- Messages are encrypted, envelopes within envelopes, thus
making tracing based on external appearance impossible. If
the remailer nodes keep the mapping between inputs and
outputs secret, the "trail" is lost.
8.5.2. Why is untraceable mail so important?
+ Bear in mind that "untraceable mail" is the default
situation for ordinary mail, where one seals an envelope,
applies a stamp, and drops it anonymously in a letterbox.
No records are kept, no return address is required (or
confirmed), etc.
- regional postmark shows general area, but not source
mailbox
+ Many of us believe that the current system of anonymous
mail would not be "allowed" if introduced today for the
first time
- Postal Service would demand personalized stamps,
verifiable return addresses, etc. (not foolproof, or
secure, but...)
+ Reasons:
- to prevent dossiers of who is contacting whom from being
compiled
- to make contacts a personal matter
- many actual uses: maintaining pseudonyms, anonymous
contracts, protecting business dealings, etc.
8.5.3. How do Cypherpunks remailers work?
8.5.4. How, in simple terms, can I send anonymous mail?
8.5.5. Chaum's Digital Mixes
- How do digital mixes work?
8.5.6. "Are today's remailers secure against traffic analysis?"
- Mostly not. Many key digital mix features are missing, and
the gaps can be exploited.
+ Depends on features used:
- Reordering (e.g., 10 messages in, 10 messages out)
- Quantization to fixed sizes (else different sizes give
clues)
- Encryption at all stages (up to the customer, of course)
- But probably not, given that current remailers often lack
necessary features to deter traffic analysis. Padding is
iffy, batching is often not done at all (people cherish
speed, and often downcheck remailers that are "too slow")
- Best to view today's remailers as experiments, as
prototypes.
By Tim May, see README
HTML by Jonathan Rochkind