 will you do it? Good afternoon. We are getting ready to start here. I am Len Sassaman, otherwise known as Rabbi. I've spoken in the past couple of depth cons about various remailor operator and remailor technology issues and one thing that always overwhelms me is the number of just general questions and answers we get it during the Q&A session about topics that I hadn't anticipated in my talk. So this year we're going to do something a little different. We basically have a panel here of a few of the prominent remailor operators and we're going to introduce them, tell a little about our backgrounds and then take questions from the audience. You guys are going to hear this this session here. A little bit about my background. I've been a cyberpunk crypto researcher-ish person for about ten years now. I've only recently gotten into anonymous remailors that actually was a due to a depth con talk from a few years ago where one of my fellow panelists presented about her experiences with anonymous remailors which finally inspired me to stop just being a user and actually get into operating them. I had followed the discussions about remailor development for many years but never really realized how challenging and interesting a field this was. Aside from the technical aspects there are a lot of operational aspects that really complicate the job of running a remailor and we'll talk about that a little today too. With me today is Robin Wagner a longtime remailor operator and now a lawyer specializing in anonymity, that sort of privacy issues. Ryan Lackie is next to her. Ryan has the distinction of having had a an extra jurisdictional area to run a remailor was able to field certain abuse issues differently than the rest of us. He's now doing Metacolo which is a company that does multiple extra jurisdictional colos. Mike Shin the operator of the not only a remailor operator and a longtime remailor operator from the early to mid 90s I believe but also runs the remailor operators list which he'll tell you more about where the various remailor operators many of whom don't actually like each other or agree with each other gather to discuss the operational aspects of the regular network and finally at the end Peter Palperter who is assisting me with development on the mixed master the non-material software he is also one of the remailor operators fairly low-key doesn't make it known that he's running a remailor but has been for some time. So I've been running a remailor since mid 2000 in mid to late 2001 took over the the maintainer and development role for mixed master which was unmaintained for several years. So now I am actually continuing to run my remailor and working on the software development side of it which poses two entirely different set of challenges but it has been rewarding. I've dealt a lot with various abuse issues law enforcement relationship challenges user advocacy aspects and simply technological and logistical problems with various other people who have been trying to attack the remailor network in number of different ways which we can talk about if you're interested in. I'm going to hand this over now to my other panelists who will introduce themselves and then we'll find out what you guys want to hear about. Robin. Okay so I significantly prefer noise I'm supposed to kill you now using my real name. I'm very sorry. I just like it better. Yes. So I gave a talk at Defcon 8 on anonymous remailors I was absolutely terrified when I gave the talk I'm a little less terrified now I'm also now an attorney which makes this all very interesting because when I talked to Defcon 8 I could just blather on and say well I think this is the case and mumble mumble and I'm an attorney so I have to tell you well what I'm about to say may or may not constitute legal advice and here's a disclaimer and don't ask me any incriminating questions during the panel because it would be bad and there's all these things that come with being an attorney but the side effect of being an attorney is I'm an attorney and I get to work on anonymous remailor things and that's really cool. It's especially cool to me because while I run an anonymous remailor which I did since the mid 90s like Mike Shin I never really had any problems which was really sad to me as a law student because I was already I was like please someone give me a subpoena please please Mr. Fed come knock on my door I'm ready and they never came they all went to Lenn instead so I guess all I can say right now is I am hoping that Sunday we will actually have an anonymous remailor case because we we keep designing these systems saying well if it ever you know happened we think maybe the logs if we don't keep logs okay well that's great you know it's subpoena proof we just make all this stuff up but we've never really had an actual court case that's actually gone anywhere using the current technology we just kind of make it up as we go along so I will hand it over to Ryan now saying if there are any feds in the audience maybe give us a year and then well hypothetically I'd really like a lawsuit hi I'm Ryan Lackey I've run a remailor since 2000 and been a user since pennant days in a long time ago and among other things I started Haven Co ran a remailor there without the approval of anyone else in the company which was very interesting and I'll tell you more about it on Sunday and now I run another remailor I have some data centers and other places around the world and do pretty much the same thing and I haven't really had any problems running a remailor the worst thing it's happened to me has been there were some IRA people that were sending bomb threats and they sent notices to the city of London police and then the city of London police contacted me all a flutter asking me to figure out how this person sent the message and I had lots of civil complaints but like companies and lawsuits and stuff and the things that cause the most complaints are legitimate uses of the remailor like this boss is stealing money from the company and somebody reports it that's the kind of thing that gets the legal cases that I've seen or the legal threats not the like really offensive stuff like I'm going to kill and dismember your children or whatever so yeah I will turn this over now to Mike Shin I think this microphone works yeah so I'm like Shin I've been running a remailor since I guess the mid 90s we were trying to figure out when I gotta love you noise it's so hilarious to have you on the panel I have been sued a few times but they never go to trial thanks to our good friends of the ACLU and Epic who have been fine enough to represent me in the few cases where this has happened and it's always corporations it's never bomb threats it's never anyone getting killed or being threatened to be killed it's this employee said this bad thing about my company so that's pretty much been my experiences so far although I will mention at least one time I've been subpoenaed by the federal government for a bomb threat thanks to our good friend the Patriot Act so we do tend to get a few lawsuits occasionally I have actually been subpoenaed or sent a notice that I was supposed to appear in federal court but I was out of the country at the time so I sort of told them to fuck themselves and then the trial was over and I came back to the country and it's all cool yeah unlike the rest of us that live in the United States we actually had to respond to that and the answer is simply what it always is we don't have any logs and this is the way the remailor works and so far we've never ended up with a case that went to trial everyone always walks away including I have to at least say something positive about the the feds so far the federal agents that I've been approached by have all sort of responded positively to the fact that well this is the way the technology works and we don't have any evidence to help you and they have walked away they've said all right well we understand that so for what it's worth even though the Patriot Act says they can get a lot of information the technology seems to work well enough that they're willing to walk away with nothing and I will turn this over to Peter who is one of the developers on Mixmaster and he also happens to run a remail thanks Mike yeah I've been running a remailor since I think 2002 no 2000 and well it doesn't it isn't in the US it's located in Germany even though I'm Austrian I've never ever had any problems partly because I'm a coward and run in middleman mode yeah that's how it does I think Len took over maintenance of Mixmaster two years ago and I've joined him shortly later main mainly doing maintenance work because the old code was ugly it's ugly but it didn't work as well as it could be and I think we've done a good job to make it even more stable not to drop any other message yeah I've also written a binger which basically is a directory server for anonymous remailors which collects information about which remers are out there and make statistics on how reliable they are which then in turn use our clients use to make up their chains and although there has have been several implications of fingers before I think mine is the best partner because yeah I mean 60% market share is something yeah a lot of people think Peter's finger is the best and I'm one of those people yeah just milk subpoenas for a minute there I actually gotten a I've gotten a nice subpoena once too but it was given to me several days after the court of parents stated on the penis so I was able to just shrug and not go to New York most federal agents are actually really understanding of the technology and understand that no operators are not the enemy that they're running the service and they are they can be as helpful as they can be and that's about it I have had some problems with FBI agents who don't particularly know much about computers or websites or modems or even what that internet thing is and that becomes problematic when they start hearing lots of techno babble and think you're just lying to them so it's always helpful if you're talking to law enforcement to be speaking to someone who can understand what you're telling them but yeah for the most part this isn't really a talk about abuse though we can discuss it but most part the abuses we get are either some corporations upset about a whistleblower or there's been a flame war on use net and somebody else somebody called somebody else at doodoo head which would have been acceptable under use net flame war etiquette except the thing is the remailer and that is just not acceptable and usually the people complaining or web TV or a well users I don't know that's really indicative of anything but it's a trend I've noticed so do we have any questions from the audience at this point and do we have a wireless mic testing testing that's not your question is it the question was did bomb-based sapphire respond to this talk and the answer is no but it's pretty tasty it's it's the choice of remailer operators everywhere well there's a rumor that the original mixed master code was written highly under the influence of Bombay sapphire but Peter and I have managed to bring it out of the drunken state that it was in and make it much more reliable and workable now we have a question in the front do you have any problems with spam thank you okay I have given remailer talks probably four or five maybe six times now and every time I turn questions over to the audience the first question is the first abuse question is a spam question it's not about death threats it's not about kitty porn trafficking it's not about all these other abuse things that really don't happen it's about spam apparently spam is the most egregious thing that anyone could do on the internet with remailers and I like that because that's the worst thing you can do they were pretty well off but no we're not having problems with spam thankfully we're not we're not well we won't ever have problems with spam yeah there's problems with use net spam certainly coming through and use net trolls but the way mixed master works you don't general or way remailers in general work you're not going to get a bunch of messages sent out through the system it'll be somewhat rate limited by virtue of being somewhat slow and there being easier ways to send spam and it's only really worthwhile if you're sending it to a mailing list or to a mail it's just sort of multi-person distribution system like a use net forum another issue with spam is that the way an enemy systems work you need to behave like everyone else using the system if you do anything significantly different than what everybody else is doing you don't get anonymity you will stand out so if you're spamming use net with just one message and that reaches a lot of people you can do it it works and it's done if you're spamming via email and you're sending more than a few messages you will stand out because the majority of users are not sending lots and lots of messages this also applies to sending large files question about trafficking wears and so forth the same answer is spent you don't get anonymity with our system because you behave differently somebody watching the links can see that you are sending lots and lots of messages into the network and that at some point lots and lots of messages are coming out and they can correlate that we did actually have a problem recently where there was a Cuban expatriate mailing list that was sending mail primarily by the remailer network which is awesome and it's like exactly why everyone wants to have a remailer and I don't know who it was but somebody posted to the mailing list that the remailer operators use for operational communications saying somebody must be spamming from this address because they're sending lots of messages through our network and then the Cuban guy mailed like a couple of days later to the list saying oh it's a completely legitimate list we're doing this for this purpose and everyone felt pretty bad so there are problems in some cases with abuse requests or what looks like abuse not really being abuse and yeah yeah there have been problems with remailer operators that are less familiar with what their job really is trying to police and expose abusers and actually messing up one of our esteemed colleagues the the so-called frog admin entered this scene by doing just that stealthily running a second remailer in addition to his own and doing traffic analysis on people and out of the legitimate user luckily the Cuban case they were not using the remailer network for the purpose of anonymity but they were using it to sidestep censorship methods put in place by Cuba that would prevent them sending directly from their own IP so actually exposing them didn't really do them any damage but it could have that's a lesson that you know operators really need to take the heart do you have any knowledge of or experience with anyone but a remailer operator ever doing a traffic analysis attack on the on a remailer or is the existence of such an adversaries of our purely fair rate I've personally seen well I ran a remailer on a network that I assumed had upstream traffic analysis and the cool thing is a lot of the remailers now are using start TLS or inter SMTP protection so as long as you're running the remailer on a server that has a lot of other mail going through it you're actually fairly protected from being able to tell that traffic is even going to the remailers there's basically the state of the network now is there's between 20 and 50 remailers that that are reliable and public on the internet and you could you can get some information leaked just from the stats they release but as long as you remain within the parameters of sending one message every few days you're probably in a set of people that's internally an undistinguishable of I don't know like maybe a hundred thousand people or so per period of time and that's pretty reasonable I think I personally if I were trying to run it if I were trying to use a remailer if I thought it was actively under investigation already and my personal local upstream was tapped I'd be pretty wary of it because being as one out of a hundred thousand net users is a substantial reduction in the population of net users so I might use something like a hotmail to send it or some other thing to inject the message are already encrypted into the network but I think a lot of the most vulnerable traffic analysis of users is really on the the first hop from their local owner land and that's where the wiretap orders on users that are already under investigation would be placed and since we've seen that most of the serious abuse the things that people take seriously are like corporate abuse reporting a lot of people are kind of dumb and send mail to the remailer network from the office network so if there's like three employees at your company and you mail a remailer from your company and they get mail from another remailer threatening a boss or something it's pretty obviously the person on the local network who talked to the one of the known set of 20 or 50 remailers so you have to be sort of careful on the first hop into the remailer network thankfully there's a lot of ways to get around that using free web services that do email or using web forms or anything else that uses start to a less or ssl to another address yeah if you're worried about traffic analysis one really clever way to sort of eliminate that issue is run a remailer because if you're running a remailer lots people are sending traffic through your box so send your message from your box and you've got plenty of cover traffic that tends to be a method that's overlooked by a lot of users but the software thanks to Len and Peter and many other people's efforts is very easy and approachable now it's very easy to run it so if you're concerned about traffic analysis run a remailer it's the simplest way to protect yourself from from somebody figuring out what you're doing and there are configuration settings through your remailer where it can only really be used as a middleman for traffic and you would never have any abuse complaints it wouldn't even be apparent to anyone outside the remailer operator community that you're running a remailer and you should be fine you can run on a low-end modem and you'll be fine middleman means that mail is only delivered to other remailers you you are a remailer in the middle of the chain not delivering to end users so if there's ever an abuse that goes through your remailer it's never delivered by your remailer so no one can see they came from you and you don't get the complaints yeah middleman is probably best described as a stealth remailer you're completely out of the loop no message will ever come from your box so no one will ever sue you until the revolution comes and they track down all the remailer operators around the world and kill them and then you must take up arms my brothers and fight against them all I think this is a slightly related question I'm aware of a couple experiences where people link you know have websites that link you or introduce you into a remailer and I just think it's important for people to remember that you know the remailer is only one step and if they can track back and subpoena the person you know who had the link if that link is being logged by the sending message then you don't have any security either I don't know that I said that very clearly but if you could elaborate that be great yeah one thing to keep in mind with the type two network and even the old type one network and and the I'm not even going to mention the type three because that code is still being written three rocks though that's good yeah it is good although we're still debugging it so technically you shouldn't trust the anonymity but with the type two network what you want to do with response to her very valid point is you always want to make sure that you're chaining a message which simply means that you're sending your message through more than one remailer you never want to send a message through one remailer you never know the person operating the remailer may be incompetent they may be keeping logs they may have an agenda they might want to keep logs and we know some people who do that and the bottom line is when you're using the remailer network the premise that you want to stick with from start to finish is trust no one trust none of the links you want to add as many boxes through as many jurisdictions as you can so that you're able to defend against the attack she just talked about you someone will sue and you don't know how that box is being run the security of the remailer system is based on the premise that you pick a chain and at least one of the nodes in that chain is honest or at least that all the nodes in the chain aren't going to collude if you've picked two dishonest nodes but they're dishonest for different reasons that aren't going to talk to each other you're about as safe as if one of them really is honest and that's why you want to run your own remailer because the best way to create a chain is hop through your own box you know your box hasn't been compromised that's the best way to build a chain and I'm I really must implore this to everyone in the room if you really want to do this run a remailer in middle mode that's the simplest easiest lowest cost way of protecting grand anonymity run middleman I hope you've locked down your box bikes and saying that at that time now we're going to have like a thousand people join the remops list join the remops list I've got a question mostly about pinger but one of the problems is when there's 20 or 50 remailers out there obviously picking from that chain is extremely important and the way the attack of diluting the number of remailers by setting up 115 myself is something we keep talking about I don't obviously we don't have 150 remailers it's not that popular but when there's a system like pinger that says ah these are the trusted blessed remailers don't you think that adds a certain danger and have you thought about ways of trying to moderate the possibility of somebody outside gaming pinger there are a lot of open issues with how chains are selected how remailers are selected they go far beyond whether someone's actually doing any kind of attack against the directory servers though that of course makes it worse this is all not very well understood but we suspect it's bad again against a global adversary who can watch the entire network and observe all the traffic there are several statistical attacks that can be done against different people based on which chains they routinely pick or which pinger sites they're going to the rank which remailers at which reliability slot and really it all comes back to you need to behave just like everyone else in the network or you may stand out but the other side of that is most people certainly not everyone but probably most people are not concerned about this global adversary who can monitor the entire network and calculate useful data out of the noise most people are concerned about their boss or their spouse or reporting information they know about McDonald's chicken farm abuses or maybe even lower funded governments that don't have these kind of monetary capabilities but yes we strive to be secure against the global adversary we do not actually meet that because of a lot of these things that I assume people in certain people who have the ability to be a global adversary probably have much more research on that than public does yeah if land if I can add to that it's an excellent point that brought that land brings up you need to sort of ascertain what the threat is that you're trying to defend against if you use the military standard and sort of categorize things for information warfare threats you've got the unstructured threats which is most people that we would call crackers essentially somebody without a budget a lot of time then you've got your unstructured threat which is organized crime corporations people with assets but not necessarily significant assets they don't have the ability to build in a global surveillance network and the last category is your national assets so if you're dealing with China or Cuba you're trying to send messages into a country that has significant and tremendous economic and human resources to spend on figuring out where your message came from you've got to do a lot more to defend so if you're just going to publish a vulnerability in something and you don't want somebody to know that you figured it out you're one of the developers of the software you know the threat is the corporation what can they really do to figure out where you came from the network is probably secure enough but if you're talking about the United States of America the threats pretty high and keep in mind what it is that you're doing if you're publishing a vulnerability in Microsoft software and the US government doesn't care and we all know they don't care because they don't patch their software so they don't care but if it's something else like you're trying to undermine the government of China they do have significant assets so you need to plan accordingly so paranoia is a good thing but in measure I'd be more afraid of a board network administrator for a major backbone than any national government but yeah well if you're it and it's an excellent point you bring up about pingers fortunately thanks to the effort of lots of people not to mention Peter sitting next to me here who I think makes the best pinger there is echo lot run your own pinger run your own pinger and run your own remailer and stress this enough run your own remailer if you really really really need to defend your communications you should run your own remailer because you know that you control that box to the extent to which you know you control that box right and of course that how well do you think you control that box so if you're clueful and you can really really really crank the screws down on that box you're much better off than you are when you're just looking at a network that you know how well do we defend our boxes you shouldn't trust any of us yeah that's the whole point and of course running your own pinger does make you different everybody else too and you're open to those tax again as well but I don't think that on your own remailer I also don't think that the panacea either but the board network administrator is a threat but not a threat against the mixed master network I don't think given there's just too much data and boredom only motivates one so far what I wonder what the remailer operators here think the biggest threat to the remailer operator network is if we have a question here that I want to get to but we'll get back to you I was I was here actually at Defcon eight when you gave that talk and you didn't seem that nervous and it was a great talk and you explained why the system has anonymity and it's just possible but not everyone in this room also heard that talk and maybe you want to spend a few minutes explaining why you have circles within circles and why this is a pretty sophisticated anonymity system I mean I thought maybe you remember from that back after there the law information hasn't gone into your head if Robin remember I think there are several thousand people like in the last couple of weeks that also realize why we need strong anonymity from corporations on the internet like the RIA lawsuits I'll actually let Len answer this since he's currently the lead of the mixed master project I think it's actually more appropriate for him to answer Len okay mixed nets in 60 seconds so you want to send an anonymous message you don't want the source address to be viewable to the person who receives it so first thought is send it through a third party proxy alright somebody watching the network they're just sending this traffic through third party proxy can see that you're sending it and where it's going to so the next step you add encryption there you encrypt the third party somebody watching that link doesn't know where it's going to go and then out of pops at the other end and hopefully they haven't put two and two together chances are they can put two and two together so what you want to do then is you want to have other people using that third party proxy and you want the messages to come in and leave in a different order so messages come in they're mixed around with other messages and they come out at different times so as long as there is a critical mass of traffic you can't distinguish one from another you have another problem here though you have to trust that proxy if that proxy is evil or subpoenaable keeps logs incompetent and they've been hacked and so forth you're back to square one they can monitor things going through and you're good you don't have anonymity so what you do then is you chain remailers you take your message and you encrypt it you set it up so that it's to be delivered to the end user and you encrypt that to proxy D then you take that blob encrypted to proxy C take that blob encrypted to proxy or node B take the last one encrypted to node A then when you send it in node A ships it away it says hey this is for node B sends it on to node C ships it away and so forth so any individual node knows where it's coming from where it's going to at next and previous hops doesn't know final destination or point of origin all right that still has an attack against it because people are sending messages of different sizes and you can watch messages go through and figure out who's got what message based on just the sizes of the messages so you want to make sure that all the messages are uniform they are split to a fixed size if they're too small they're padded everything going through is the same size that's very quickly mixed master there is another issue here where messages come in and they sit in a message pool which fills up to a certain size before messages are flushed this is done to prevent an attack where one can flood a node with lots of his own messages and one of the message he wants to watch and then when all the messages come out he just throws out his messages and knows this one message he can't see is the one he wants to follow so that's a very high level general description of the type of system we're talking about here does anyone have me that's the how but it's still not really the why and in a nutshell the why is you know back in the day before DNA and fingerprinting if I wanted to send a letter to Len and didn't want him to know who it came from I wrote it out maybe I even cut things out of the newspaper whatever I put it in an envelope and I dropped it in the mail and current email without you know anonymous emailers does not provide that there is a very nice trail of you know which server every single email went through so I don't really care why I might want to have an anonymous message to line the point is I should be able to and that's I guess the three-second version of why yeah the irony is if you want to send anthrax to the United States Congress you can do that anonymously but with email you can't no one ever sent a bomb through a remailer true and it's an excellent point that you bring up there Len we're talking about speech there's a fundamental difference between what you can do through a remailer and what you can do through the mail all we can do is push speech that's it it's just content we can't send you anthrax we can't send you a bomb all we can do is tell you your feet stink or whatever it is you want to say and ultimately it's only speech it's not action well you can also send commands to your bots running throughout the world to like detonate nuclear weapons and stuff through the remailer we don't want to tell anybody that yes no but it's a good point the bottom line is all we can send is data so for the feds in the room Ryan apparently has boxes that control nuclear weapons throughout the world yes everyone keeps talking about this man right here Len there's a guy up here who's got a question but yeah what's the question hey we have a question here so I'll okay Len you want to go first or okay go ahead let me tie two of the things together somebody mentioned the recording industry subpoenas I work at the electronic frontier foundation we're give them money give them money take a bow really seriously take a bow we really appreciate what you do so we are worried obviously and a lot of these you know we are working on that issue but it raises an interesting point which is that as I understand it mixed master is designed for and optimized to email traffic a lot of the traffic that requires anonymity today in the network is not necessarily email traffic and it's not necessarily HTTP traffic in fact it's not necessarily any particular higher-level protocol traffic so my question is to what extent are the lessons that you all have learned with mixed master useful to create a generic TCP proxy and in particular a generic distributed network TCP privacy and anonymity yeah well let's just say we at the EFF are looking to develop a product like that yeah and we love to see it in here yes download the source from it's been done before not to interrupt land at all but zks actually started it commercially and nobody used it so hopefully thanks to our friends at the RIAA that might change well it's probably a good thing that nobody use the ks because there's two fundamental different architectures for anonymity systems high latency systems and low latency systems if you need to have your message content whatever get through the network in a quick manner you face an entirely different set of challenges than if you're dealing with high latency systems if I send a message and it takes several hours to get through the email or network before it gets posted to a mailing list I really don't care email is a low latency system if I'm browsing the web and it's going to take me a couple hours to get CNN I care and I'm not going to use it this all comes back to what will users use a security system which doesn't have users fails at being secure because it doesn't actually provide security to anyone with anonymity systems that point is even more important because if you don't have users you don't have an anonymity set the anonymity set is the number of people in a group that all behave the same and can blend with each other less users plus anonymity set a better likelihood that an attacker is going to figure out who you are so you we can't have a high latency web browsing system with the low latency systems it is much more difficult to beat the type of attacker that we strive to beat in Mixmaster is there a use for this sort of thing certainly is Mixmaster the way to go probably not depending on what you want to do if you're talking about transferring large bits of data that don't need to get somewhere very fast yes it could be as long as there were enough different users doing this that they blended because right now you could use Mixmaster to send 30 meg files but would you stand out yes you would because you're pumping in lots and lots of little messages because it's all split down to the same size and out at the other end pops out this big message an attacker just treats the network as a black box and can correlate this now lots of people were doing that it would be different but also they can count the number of packets you're going in and estimate what size the message is going to be when it comes out so the moral is you really need to look like everybody else yeah you can play games like trickling in pieces over time so it looks like they're sending lots of little messages but it gets much trickier that way there's yeah let me let me add to that the bottom line is you've got to keep in mind who the threat is so we're talking about national threats if we're talking about pushing lots of data through the Mixmaster network versus the United States of America yeah your host I'm sorry but you are your host unless you really really really and I can't stress this enough really really really really know what you're doing unfortunately we don't have enough experience with dealing with that threat but we do have experience dealing with corporate threats they do not have the ability to look at the entire network or a corporate threat like the RAA some AA ending association yes or the MPAA they all end in AA not the automobile association you would probably want to look at the whole network you probably want to look at on your routing that is the most promising a low latency system right now and you're all going to crush our boxes now with all of your bars or whatever you're going to push through our boxes but by the way the structured threat the corporations can't penetrate the network thankfully they're not good at it they can sue the crap out of the people that are running the remailers and they do do that that was my next point if you start running on your routing and it becomes you know you overlay Napster on top of it it doesn't matter if it protects the users if the nodes can suit out of existence yes that's why you all need to run remailers or you mentioned offshore did I did I mention that already please start running remailers please because there's only what do we have right now 30 some odd remailers that's 20 for the whole world that's it there are 20 people on the entire planet earth that are running remailers there's that most of them are the remailer operators are in this room yeah they're pretty much I if a bomb fell on this room the network would collapse I can't you not I haven't all the pingers that work would be gone the list would be gone I have an important point to add to that which is that more remailers in our network at this point is detrimental to the anonymity while that may be counterintuitive you need to have a balance of users to nodes that the number of users using any individual node is not diluted enough that you can pick out individual traffic so really 50 remailers for the amount of traffic we get right now is too many but there needs to be a critical mass of remailers so that shutting them all down simultaneously is not something that can really happen and I have to add though most of them are in the United States which is unfortunate that's not true right now yeah yeah so there's about a quarter to a third in the U.S. even more than that unfortunately keep in mind most of those operators don't want to tell you where they live most of the remailers are the majority remailers are in the U.S. and Germany if we lost the U.S. and Germany right now would be which is not hard to do we could lose the U.S. and be fine seeing as how Germany has a log and certain types of speech Germany is also more private privacy friendly I concur yeah but keep in mind the bottom line is we don't have enough diversity in the network the people that I think would do the most good for the remailer network would be people building applications on top of anonymity that would bring a large number of users and a large amount of interest to the network not necessarily people running service that is key getting more users is the key point once we have more users then we have the strong anonymity then we can start like we currently learning from what we have I mean keep in mind we've got a lot of people that are trying to build infrastructures for anonymity and they aren't looking at the anonymous remailer network we've been doing this for a long long long time we've been attacked we've been sued a lot and this young man right here because I got answers question but the bottom line is you know we've got to learn from what we've already done we've figured out most of the attacks that we're going to run into and most of them are structured attacks so this man right here has a question so it was mentioned earlier that you have not had a problem with spam in any sense but have you had a problem with viruses at all or anything like that personally spam no viruses yes viruses well the biggest problem actually is html content thanks to the wonderful male user agents that everyone runs called outlook not to bash Microsoft which I think is unfair but speaking to the largest volume of users out there they use outlook it's html mail so it's a tax against that and we see a tremendous volume of those sorts of attacks against those users no not really because the network isn't very good for that now it's it's not a good network that the latency is too low and it's too hard to use the network hi um going back to what you're saying about needing more users one of the things that I think would bring more users on would be more NIMS service possibly or make oh god yes absolutely right the only problem is the NIMS servers right now essentially rely on type one technology right there are a lot of there's a lot of work being done we're fixing that how to improve NIMS servers type three will introduce new ways of doing them servers and services will be more reliable and easier to use currently what we have in places they prove a concept that isn't really ready for prime time since you'd like to have more people using the network and what kind of clients are available I think I used something a long time ago called private Idaho is there any other clients that you would suggest my bird Idaho was not really ideal right now that a lot of the code that runs on windows is not as actively maintained as the code that runs on Unix if you're running a Unix client for your mail you can easily just use the mixed master binary to do all your stuff for you and it integrates well with a lot of male user agents like mutt the one that sucks but sucks less or pine or other miscellaneous male user agents yeah the geek factors high yeah the geek factors high I mean if you're really worried about your anonymity not to blow Len and Peter's horn here but you need to kind of stick with the Unix code unfortunately right now the windows code is not as actively maintained well there is one so private Idaho isn't maintained anymore there was Jack B nimble and Jack nimble too which were written by somebody who went by a pseudonym known as our process and he disappeared without any explanation we don't know what happened to a backcoat isn't maintained anymore there is a windows client called quicksilver which is actively maintained and is a gooey overlay on top of mixed master on OS 10 mixed master runs natively yeah quicksilver is very good for for the windows platform but if you're really paranoid you're gonna have to stick with the latest mixed master code if you're not quicksilver uses 29 beta 12 is that it right now there are no security problems with that it's just like I think it's great paranoid if you're not that paranoid there are like web forms that will submit to the remote network and will give you a reasonable amount of anonymity especially for just sending test messages that are not that reliable make sure if you're using the web remailers that they have SSL support and you understand that means that the web interface could be logging the message the IP address and where it was going right in order to get full security to do the encryption operations on your trusted machine using the web interface you're trusting the web interface are there any legal questions here for the lawyer on the panel maybe if you could go into the Patriot Act a little bit more and maybe it's a big lot of Patriot Act and like when they subpoenaed you and they invoke that like what do they say exactly what do you want to know from experience or do you want to hear from a lawyer what you should say yeah from experience the answer is hey guess what I don't have any logs from the lawyer the answer is call my attorney right the unfortunate hunting answer is if you're curious about the Patriot Act please see Cindy Cohen's talk tomorrow right Cindy please stand up Cindy is a marvelous EFF attorney talking about the Patriot Act tomorrow that's the AFF row right there folks everyone give them a round of applause and the other talking tomorrow please stand up Miss Wendy Seltzer yeah and by the way this young lady rules thank God for them to the man that keeps saying to get more of these out there why why don't you tell us why the ISPs dislike you won't allow him on their systems all the hosts won't allow them on their system they'll throw you off so how are you gonna get more well if you want my two cents the why the ISPs do it I can only infer I don't know having run actually yeah actually he might be the better person answered the question having run an ISP your margins are pretty small and remailor operators sort of if they cause one complaint you don't make any money off of that dial up customer for the next year so it's really just a pure practical these people cost you money and are slightly annoying and potentially liability people don't really understand the potential liability for the ISPs because it's not really defined yet and they're just afraid so they are on the side of protecting their revenue having also been the ISP business it does not make economic sense to allow remailors to run on DSL lines and so forth that there's still a low cost service however ISPs are perfectly happy to let you run your remailor if you're a Kolo customer or a T1 customer or anyone who's paying it's going to get a mount for bandwidth then the cost per abuse case isn't an issue but if you're going to run a remailor my suggestion well this is what I did I set up my remailor in middleman mode and ran it for a month there were no problems there of course because I wasn't there weren't any abuse complaints and I was not exceeding my traffic I made sure that everything was was fine then I went to the abuse department and I said hey I set up this remailor I'm running it I'm going to turn it on in full mode if you ever get any abuse complaints the headers say to send abuse to me but if ever they get them to you guys just form to me I'll take care of them right away they said thanks for telling us we'll do that once or twice a year I get somebody complaining to the ISP usually because they got called a do-do head on use that and the abuse department of the ISP forwards it on to me and I handle it and it's not a problem if you go and surprise your ISP by setting up a remailor and they get this abuse complaint and it's something particularly nasty that's forwarded they may just shut you down because they don't know what's going on they think you might be doing the abuse and so forth but having a dialogue with your ISP is important they are usually friendly to the sort of thing the ISP community is very open to this yeah the key Len is right the key is if you've got an ISP you want to call the help desk get elevated to you know tier two or tier three get to the colorful people and tell them what you're doing I've done that and it works bottom line is your ISP may not agree with it so if you're worried about abuse go middleman that goes back to my point of if you're worried about traffic analysis run a middleman run it through your box you know you control that okay we're out of time here so I'm going to ask our panelists to sum up their thoughts on their experiences running remailors and then we will wish you good day Robin the quick thing I can add about ISPs what I did was I was a university student at a state university state universities are bound by this thing called the First Amendment I checked into the AUP at my university and it basically said we're not really going to censor you because that would be against the First Amendment so as long as what you're doing isn't illegal you can do whatever you want to so I ran a remailer and anytime there were any kind of complaints I said not my department First Amendment and surprisingly they said okay now I'm sure this was helped by being a law student and being very persistent but if any of you are actually interested in running a remailer and our state university students with good AUPs please talk to me I have lots of experience in this last two points number one if you run a remailer they'll shut not keep logs any logs rule number two do not edit any content ever feel free to ask me later why yeah my experience in running remailers basically is roughly the same but I usually run the ISP that's running the remailer so it makes it kind of fun to deal with abuse complaints because you get to like laugh at people the the thing that I think is going to help the remailer network the most is there's going to be some NIMS server improvements coming along pretty soon I have a paper at a conference where I'm sort of working on a NIMS server that's going to be really good and if real applications for the remailer network emerge where you're doing mailing list software that uses remailers or you're doing various forms of computer software that interact over the remailer network that would be awesome we'll build up the traffic volume greatly and then more people want to remail run remailer networks and everyone will be happy and now that we have a real threat from the MRA and MPAA as opposed to the sort of vague government threat people have much more incentive to actually use this technology so hopefully the next three or four years are going to be like the last three or four years only actually happen yeah I have to just add to that actually I sat on and founded the committee at the university I worked at that actually created the AUP and I can't stress that's enough if you're a university student look into your AUP if your AUP will allow you to do it run a remailer a lot of universities are very positive and supportive of that and ours was probably because of me but no no short measure due to everyone else and the fact that we actually codified it and a lot of universities are very supportive of that if you're a user everyone in this room is use the network every single person that sends anything through the network helps everyone else even if it's just a dummy message if it's nothing if it's just junk you are helping everybody else that has something important to say through the network and you know what we don't have enough remailer operators we lose them Len is right if we have a lot of remailer operators we end up with a problem but we don't have enough good long-term operators well my remail is running in a university network as well and I did ask them and all they told me is well we cannot allow you to run a remailer which was good enough for me because I didn't forbid me to run a remailer and so it's been running for three years and I hope it stays that way so just as a brief closing note those of you who are interested in being users and please be users if you're going to say I don't need anonymity we're the kind of users you want because this needs to be a legitimate network for legitimate use go to mixmaster.sf.net grab the code if you run Unix or os10 or linux if you want a windows client you can go to scuzz.net skuz.net dot net slash quicksilver and download the quicksilver client which is a somewhat difficult to learn ui but a good interface to mixmaster that'll get you started using it and please anyone who has any questions about this or any further interest we are around during DEF CON find one of us we're more than happy to help one of the best things for the remailer network is evangelism as Mike said his university was pro-remailer because of him that's largely what happens somebody comes in and makes this an advocacy point and you can turn this institution into being a pro anonymity pro-remailer community whereas they wouldn't have been otherwise so thank all of you for coming thank those of you who want to help for helping and have a good day