> > NONE OF THOSE RMAILER FRONT ENDS IS WORTH A FUCK. BADLY
> > WRITTEN, PROBABLY HAVE BACKDOORS AND NO GOOD SUPPORT.
>
> Thank you intel, for trying to put us in fear concerning
> remailers.
To be fair, there are plenty of good reasons to think that remailer
operators will keep records if the police request it (if they do not
do so already), and no reason to think that a remailer operator would
stand up to the police to protect the privacy of some stranger. That
is why remailers should be dispersed across multiple jurisdictions.
> Cop and prosecutors can't resist getting notches on their guns.
No arguing with that one; we are not talking about intelligence
agencies or vast efforts to keep operational capabilities secret when
it comes to a typical police force. They need to present arrest
numbers, not win a war.
> Their egos and power mania are too out of control to corporately
> keep a secret. If they had the ability to break
> remailers/Tor/hsub/esub etc, that would have used it to capture
> kiddie porners and terrorist already and exposed their ability to
> break the system in the process.
Actually, enough child pornographers have been caught despite their
use of proxies, remailers, Tor, etc. that some of the "big time" guys,
the really dangerous ones who abuse children for years on end, have
resorted to mailing encrypted DVDs to each other through the postal
system. Ironically, this low-tech method does more to protect their
privacy than sophisticated cryptographic systems like Tor, and it is
easier to use safely.
>All this talk in recent articles
> about one time pad randomness, although important, is rubbish.
One-time pads are rubbish to begin with -- far too difficult to use
correctly, and far too impractical for day to day cryptography. Are
you really going to obtain gigabytes of key material from some online
merchant just so you can securely shop there?
> Until there is quantum computing,
Even if there is quantum computing, we have cryptography systems that
can deal with quantum attacks (lattice-base crypto, random linear
codes, etc.). Nobody should worry about quantum computing; what we
should be worried about is the fact that there is no support for
post-quantum primitives in the PGP standard.
> the ability to scour through
> quadrillions of possibilities will not be there. Then the way
> around that is to send coded end messages that only can be
> interpreted by the recipient. All their efforts to decrypt the
> message will thereby be in vain.
..or just use a cryptosystem that is secure against quantum attacks.
> If you absolutely need message protection, you must have
> something set up with your agents, spies, and assassins other than
> sending the message in the open. There must be a system that is in
> the mind of the recipient only. No one can break a message is such
> a case. If an agent disappears, the formula is immediately changed.
This screams "violation of Kerchoff's law!" The security of the key
should be the only thing you worry about.
Really though, sending a message to an anonymous recipient is not a
hard thing to do. Encrypt the message, then broadcast it -- that is
precisely what alt.anonymous.messages does, that is what numbers
stations are doing, etc. Sender anonymity is a much harder and more
interesting problem to solve; there is little doubt as to who is
operating a 500kW numbers station located in Russia, depite it being
very difficult to determine who is listening.
> It is because of laziness that criminals and spies are undone and
> caught.
Indeed, and the recent Dreamboard bust demonstrates that. We can
infer that a large number of people were not caught because they were
using Tor, logging on from a public location (and not displaying
images on their screen -- I cannot believe how many people manage to
get caught looking at child pornography in public), and taking various
operational measures to protect their identity. Those who were caught
were leaking information about themselves by the messages they were
sending (e.g. pictures of children that were identified), because they
were using systems that were not very robust (VPNs or proxy servers),
because they were operating in the open (Dreamboard itself was not a
hidden service and the administrators knew each other's identities)
and so forth. They were not caught by a global surveillance system,
but by dedicated detectives who exploited various mistakes.
I have heard that Dreamboard was an usual bust, that the police
usually just go after the low-hanging fruit who do not even know how
to use VPNs or proxy servers, or any sort of cryptography. There are
so many people out there who commit serious crimes online while taking
no technical steps to avoid detection, and who are not caught simply
because of the length of the backlog of cases -- there are simply too
many people to arrest, and the police would rather keep their arrest
numbers high than spend time cracking security systems.