Notice in this post how the man says Cheshire hurried to his page to cover his butt by changing it. Which other remops do you know who use X-No-Archive to hide any trace of their posts in apas? Cheshire does. Always has. ================== http://www.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&newwindow=1&safe=off&selm=WLDNFUB236712.037037037%40nuther-planet.net&rnum=4 From: Anonymous (anonymous@nuther-planet.net) Subject: Re: EELBASH has compromised it's users and should be blocked or shut down Newsgroups: alt.privacy.anon-server Date: 2000/07/05 "Nemo" wrote... > Pretty strong statement, isn't it. I never even went that far with Frog, > although I did suggest he stop for a while. However, I hope to present a > persuasive argument to do just that. > > The Charge: > > The admin of eelbash has censored posted based solely on content, not on > any real threat to or abuse of the remailer itself (such as mailbombing). > In addition has performed traffic analysis on his users, used that > information to (try to) tie two identities to the same person, ... I do not object to the charge but I am implicitly accusing every remailer of doing the same thing. That is, either I assume the monitoring and traffic analysis (and use the remailers in a way to avoid being identified) or I do not need remailers at all. I could instead start using throw-away news accounts that are not managed by my ISP. This would be a much more reliable solution. > ... and > published information that is private; available only to the remailer admin > himself. In doing so, he has given third parties enough information to > trace those messages past his remailer to where they came from (either > their origin, of the remailer in the chain before eelbash). This is where eelbash truly screwed up. > In effect, the admin of eelbash has totally stripped away the anonymity > (with respect to eelbash) of two of his users, one of which could be > totally innocent of what the admin believes he may have done. > > The Evidence: [A lot of valid stuff snipped] > The messages in question were blocked, and the page at > http://members.xoom.com/eelbashw/psycho.html has been censored in a > hurried fashion, so we cannot see what the messages actually were. (side note: How could somebody *censor* his own page?) > As for what should be done; At a bare minimum, all remailers should remove > eelbash from their remailer lists, so that messages using the rand-hop, > remix-to, or encrypt-to directives do not inadvertently go through eelbash. > In addition, perhaps all messages destined for eelbash be automatically > chained through 1 more random remailer for added protection to those who > are using chains of only two remailers with eelbash the last remailer. Chaining through one additional, randomly chosen remailer provides questionable value. How do you make sure remailers avoid selecting the people saviors, orange and green, that instead pass the messages to the bit bucket? > The big question, whether one should block traffic to eelbash, is a > difficult one. The downside is that it will result in lost mail and broken > reply blocks. One could argue that users should be free to chain through > whatever remailers they want; a smart user could still use eelbash securely > by chaining through at least 3 remailers before eelbash. > > However, this must be weighed against the threat to remailer users who > don't regularly read this newsgroup and would not know of eelbash-admin's > actions. ... Users who do not regularly read apas are either asking for trouble or they use remailers as a novelty, not necessity. > What is more important, maintaining the integrity of the remailer > network with regards to protecting anonymity or just delivering the mail? Both are important. Creating additional network fault lines, such as eelbash versus orange/green, is impacting reliability, which, in turn, drives casual users away. If this type of reaction is left unchecked, or even encouraged then sooner or later the remailer network will be used exclusively by "hard-core" remailer users that are willing to put up with the instability. The security will go down the drain because traffic analysis will become much easier to perform. The remailer security is extremely dependent on the volume. We lose the volume, we lose the security (no matter how well we are isolated from eelbash-like remops.) > The only answer I can give is what I would do if I ran a remailer. When > faced with abuse whether real or imagined, the remop should do the minimum > necessary to ensure such abuse does not threaten the remailer (which does > not always mean stopping the alleged abuse). Eelbash-admin had the means > to stop what he saw as abuse without compromising anyone anonymity. He > could have just blocked the messages. Instead he chooses to circumvent the > very mechanisms that ensure his users' anonymity and publish information > that compromises two users. > > The Admin of eelbash violated a sacred trust, to protect the anonymity of > his users. When newbies ask what is the best way to email or post > anonymously, they are often told that this remailer network is the > strongest and the best out there. Many times, I've told people that to > date nobody, no government, law-enforcement, corporate, or religious entity > has been able to discover the identity of someone using the remailers > properly. .... How do you know that? Or is it just an assumption? > .... I used to be able to say that, before the Frog fiasco and now > eelbash. .... I am not sure which "Frog fiasco" you are refering to: either the floods or not disclosing frog/azerty relationship. In case of the former, actions that the frog operator took probably saved the remailer. You yourself admit that a remop can take (as minimal as possible) steps "to ensure such abuse does not threaten the remailer". I believe there is no question whether this particular threat was real or not. Where is widow these days? In case of the latter, it was a mistake but call it a "fiasco"? Do you really believe that no two presently running remailers are sharing an operator? > ... Now I can't, and that's wrong. I think you should never have said it in the first place. Cases where people have been traced across remailers are known. Making an assumption (or even a claim) that all of them made obvious mistakes is dangerous. > Think about that for a minute. Why bother worrying about whether the NSA > can track messages when the only real compromises to date have come from > the remailer operators themselves. ... Again, how do you know that? > ...Is this the new threat model? > > Ultimately, the remailer system is based on trust. You trust that at least > one remailer will play by the rules. Eelbash-admin's actions undermine > that trust and in doing so tarnishes the reputation of all remailers. I do *not* "trust that at least one remailer will play by the rules". All I assume is that not all remailers in my chains are sharing data with each other. Specifically, I do assume that every single one of them is reading my messages, performing traffic analysis, etc. They just do not do it all together. > It is for this reason that I encourage remailer operators to block eelbash. > We can no longer afford to turn a blind eye to this mindset of "anonymity > as long as nobody complains"; it must be extinguished before it becomes > commonplace. I agree that this behavior must not be tolerated as it is ultimately endangering the entire remailer community. On the other hand, I believe that your sentence, remailer death, is not warranted for eelbash is a new remop that is still learning the ropes. If I ask myself what ultimately causes more harm, whether occassional spill by new remailers or permanent loss of a remailer then I say it is the latter that is bothering me more. From eelbash remop's reactions it is clear he "got the message" so I propose to give him another chance. I do not have a problem (in fact, I recommend) a death penalty should this happen again to the same remop. > PS. I wish I could say I was drunk when I typed this, but I can't. I > really am this long winded :( P.S. I feel the same :*( > -- > Nemo -:- nemo@redneck.gacracker.org