|
Home > Archive > Anonymous Servers > September 2006 > [OmniMix] New release 0.9.7.5
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[OmniMix] New release 0.9.7.5
|
|
| Christian Danner 2006-09-28, 7:14 am |
| Hi all!
I just uploaded OmniMix 0.9.7.5.
Besides bugfixes some relevant improvements within the nym section:
- The POP3 proxy server now allows independent polling of the external
mail and/or (nym related) news server.
- Ability to download a random number of 'dummy' postings from the
news server along with the valid nym messages (including a random
delay between the single downloads to counter time interval analyses).
- File export / import of nym account data (parameters and keys).
You'll find it at http://www.danner-net.de/om/omnimix097.zip.
Please consult the history file for further details.
Any comments and problems reports most appreciated.
Regards
Christian
--
OmniMix .. protect your privacy
http://www.danner-net.de/om.htm
| |
| Nomen Nescio 2006-09-28, 1:12 pm |
| Christian Danner wrote:
> - Ability to download a random number of 'dummy' postings from the
> news server along with the valid nym messages (including a random
> delay between the single downloads to counter time interval analyses).
This is a bad idea. All posts should be downloaded. Even with random
noise it would be possible to determine which posts belonged to a user
because posts with certain features would always be downloaded. All one
has to do is look for those types of posts. The weight and timing of
the noise is mostly irrelevant. Finding similar things in groups of a
few hundred or even a few thousand is trivial. Certainly far more
trivial than cracking the encryption and other methods used to provide
pseudonymous access, so a "selective" downloading of messages even with
random garbage is a pretty significant hit on your anonymity.
| |
| Christian Danner 2006-09-28, 7:14 pm |
| Hi!
Thanks a lot for your annotation.
Nomen Nescio <nobody@dizum.com> wrote:
>Christian Danner wrote:
>
>
>This is a bad idea. All posts should be downloaded.
ACK, that would be best. But how to realize it and download maybe
thousands of articles with an impatient email client waiting at the
inbound side of the proxy server?
> Even with random
>noise it would be possible to determine which posts belonged to a user
>because posts with certain features would always be downloaded. All one
>has to do is look for those types of posts. The weight and timing of
>the noise is mostly irrelevant. Finding similar things in groups of a
>few hundred or even a few thousand is trivial. Certainly far more
>trivial than cracking the encryption and other methods used to provide
>pseudonymous access, so a "selective" downloading of messages even with
>random garbage is a pretty significant hit on your anonymity.
May I ask, what kind of 'features' you are referring to? The only
characteristics I see are the exit remailer and usually an additional
m2n gateway. Moreover all target messages are esub and cast5 encrypted
like a lot of the others, which partially stay untouched, partly are
accessed. With every polling of the server OmniMix downloads a random
number of articles, no matter whether it found messages directed to
the user or not. That's why within most of the sessions not one
download is a 'real' one. As the subject and message-id, which come
with the overview data, already allow a reliable identification, they
aren't retrieved more than once (apart from the chance of a further
random access). So which data have you in mind, that might allow valid
statistical assessments?
Even without any 'noise' posting to a newsgroup would be more secure
than a replyblock directed to an email address, especially if you use
Tor to connect to the news server.
At best with OmniMix you have the following lines of defense:
- Type I remailer chain with multi-layer encryption
- Multiple news servers as potential message sources
- Random message download (admittedly of minor importance)
- Tor w/o using a hidden service
Isn't that sufficient?
As OmniMix doesn't cache any article and isn't able to predict, which
messages the connected mail clients request next, I see no alternative
to the current strategy. But I'm open to any proposal, which of course
has to be applicable with slow internet connections as well. If you
intend to take advantage of your broadband access, then simply set the
number of dummy downloads to a very high number, and it will
automatically be adjusted to the amount of available messages. But of
course that doesn't mean, that thereby all those messages are accessed
exactly once.
Kind regards
Christian
--
OmniMix .. protect your privacy
http://www.danner-net.de/om.htm
|
|
|
|
|