[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MTS transparency and anonymity
On Mon February 28 2005 10:07, Tony Finch wrote:
> So given that obfuscating the From: field does not provide proper
Let's be clear about terms:
lack of a From field is not obfuscation; it is anonymity
a field with a null addr-spec ("<>") is not obfuscated; it is
another sort of anonymity
changing "dot@xxxxxxxx" to "dotNOSPAM@xxxxxxxx" or "dot@xxxxxxxxxxxxxxx"
or equivalent is obfuscation
using a valid address belonging to somebody else is not obfuscation,
it is impersonation
using a made-up addr-spec guaranteed to belong to nobody, e.g.
postmaster@xxxxxxxxxxx, might qualify as obfuscation
using a loopback indications such as "localhost" or equivalents is
> - if you can trace the message's sender, you can probably
> identify its author
I disagree with the premise. There are ways for an anonymous
author to arrange for a sender to send a message w/o knowing
the author's identity (some sort of drop-box, for example).
> - why can't people just use pseudonymity instead?
It's unclear exactly what you mean -- "George Orwell" is
a pseudonym (for the late Eric Arthur Blair) -- but
while something like that might be usable in a display name
(phrase associated with an angle-addr or group), it doesn't
seem applicable to the addr-spec.
> Mixmaster messages are encrypted with the remailer's public key. The
> remailer decrypts the message using its private key and sends it on,
> with a new message header (thus with no trace back to the message's
> origin). This can be repeated via a number of hops in order to make
> tracing the message more difficult, since tracing requires a compromise of
> the anonymity provided by all the remailers.
Tracing back (given a sufficient quantity of guns and/or lawyers
or wiretaps) seems feasible (with the proviso that it traces senders,
not necessarily authorship). It's unclear what you mean by "a new
message header"; if you mean eliminating transport trace fields,
that's one thing, if you mean Subject, Comments, From, To, Cc, Date,
and other originator fields that are an integral part of the message,
then the message integrity is essentially destroyed (N.B. body
content is unnecessary in a message; the entire message may consist
exclusively of header fields).
> All of the crypto keys belong to recipients, not senders.
So a message to multiple recipients isn't possible (as opposed
to multiple messages, each to a single recipient)?