Read True Names and the Opening of the Cyberspace Frontier for Free Online

waits outside and watches for her to leave, and picks up the tail. However, suppose she enters a large department store, along with many others, and emerges some time later with many others, wearing different clothes and generally not being recognizable. Bob has no idea of which person leaving the store is Alice, and so he must either give up the tail, or follow all of the people leaving the store. She repeats this process many times, each time becoming more and more “mixed” with others. With even a small number of such mixings, the number of paths Bob must follow can become astronomically high. Alice has thus used department store mixes to shake her tail.
    This is the way anonymous remailers or digital mixes work. An e-mail message is sent to a remailer, encrypted to the public key of the remailer operator or his machine. The contents of the message look essentially random to any observer (who might be tapping the lines, for example). The remailer operator decrypts the message, holds it for some period of time or until sufficient other messages have accumulated, adds any needed padding to make the message size not a correlatable factor, and sends the accumulated messages out to their next destinations. Very importantly, the messages he remails are usually encrypted by the originator to the next remailer’s public key, so any given remailer cannot read the contents of any message. Nor can any remailer in the chain modify the messages, or tag them in any way (as any modifications would make the message unreadable, undecipherable, by the next remailer in the chain). Using encryption at each stage completely obscures the mapping between origin and destination, to both the final recipient and to all of the remailers. The recipient receives only the “innermost” message, with all of the earlier stages progressively stripping off headers. Any given remailer can only open the envelope “addressed” (encrypted) to him, and cannot read the messages that remain in the text block he does see … all he can do is read the next destination, which is included in the clear. Think of envelopes within envelopes, each addressed to a particular remailer.
    The originator of a message decides on a chain of remailers he plans to use, encrypts and addresses his messages in reverse order, and then sends the resulting message to the first remailer, who decrypts it and sends the result to the next remailer in the chain, and so forth. If, for example, the originator picks five remailers, and each remailer waits until ten messages have been accumulated before forwarding the accumulated batch, then in theory there are upward of one hundred thousand possible routings to be followed. There are not usually this many messages, so the correlation problem is not quite this hard. But any attempt at tracing the message is still effectively thwarted, unless the various remailers collude or are instructed by authorities to report all of the mappings between arriving and departing messages. Using some offshore remailers is an effective bar to this latter attack. And some people publish regular lists of remailers, with the results of ping tests, latency time measurements, reliability, etc.
    The first Cypherpunks remailers were initially written in Perl and C by Eric Hughes and Hal Finney. They allowed e-mail to be sent to a remailer, have its origin stripped off, and then be remailed to a selected destination, including other remailers. They were first deployed in 1992, and by 1996 several dozen existed. These were used to anonymously publish (“liberate”) ciphers that had not previously been published, to publish secrets of the Church of Scientology, to disclose a few military and security secrets, and, not surprisingly, for flames, insults, and anonymous attacks. Ideally, no mapping is kept of who sent what mail, so court orders and lawsuits are ineffective in revealing the identities of those sending mail. Further,