[OT-ish] How big is the UK 'net?

Peter Fairbrother zenadsl6186 at zen.co.uk
Fri, 28 Jun 2002 14:37:15 +0100 

David Wagner wrote:

> Peter Fairbrother  wrote:
>> As some of you know, I've been working on computational anonymity for email
>> for a while. I am wondering what a practical limit for per-user bandwidth
>> would be, and if anyone could advise, off-list if appropriate.
>> 
>> I have now (in theory) got the traffic down to a few 100MB per customer per
>> day, that's for 1 million customers sending up to 40 emails per day each. :)
> 
> I suspect that might be a tough sell, given the existence of anonymous
> remailers that support similar functionality much more cheaply.
> What's wrong with the existing anonymous remailer (Mixmaster) approach?

When they commence Pt3 of RIPA Plod will be able to demand all remailers's
RSA keys, and Mixmaster will be b***xx*d, at least in the UK. I wouldn't
like to bet much on GAK not spreading.

There are effective attacks on Mixmaster, especially at the present low
traffic levels. Mixmaster also leaks traffic volume data. PA gives anonymity
even if there are only two users - you can't tell if they're sending
messages to each other.  :)

> What's the killer advantage of the new scheme that will make it be
> compellingly better than existing technology?

No need to trust anyone.

If you onion-skin through remailers you have to trust that at least one of
Big Steve's remailer, The Safeweb remailer, or Sven's remailer is
well-implemented, unwatched, unbroken and uncompromised.

Commercial organisations who might want anonymity aren't going to trust a
network of strange-geek/rebel/anarchist/paranoid-nutcase types they don't
know, and I don't see why the man in the street would either.

Using PA it doesn't matter if the single central server is compromised,
anonymity is not lost. It doesn't even matter if the server is being run by
FBI, CIA, MI5 and Al-Qaida* combined, anonymity is still not lost.

> Type II remailers seem
> pretty good for most people's threat models, and the price is right...

I suspect many people's threat models are undergoing a sea-change about now,
following the repressive laws introduced in the wake of WTC, the EU
decision, and the "snooper's charter" fuss. In fact I suspect a whole lot of
people are getting their very first threat model about now.

I further suspect that many people think Mixmaster-y things are worth what
they pay for them. It's not quite the same thing as PA, but people will pay
10p for a text message to a mobile.

Anyway, I'm still trying to get the traffic requirements and the cost of PA
down much further.


-- Peter Fairbrother

* I was going to say MI6, but MI5 are more likely to partner with Al-Qaida.