Privacy tools and discussion for Debian GNU/Linux Users.

Sometimes its necessary to send a message that cannot be traced back to you. For example whistleblowing on illegal activities at your employer or reporting police/government abuses. When that happens you can safely use an Anonymous Remailer to protect your identity. This paper will discuss how to use a Type II Anonymous Remailer. For this, we will use the Mixmaster packages and you will see how easily it can be done.

Due to the complex handling of the message data by Mixmaster servers, it is necessary to install and use dedicated software applications for sending messages. On Debian, installation is simple with apt-get.

root@host:~ apt-get install mixmaster
Reading package lists... Done
Building dependency tree... Done
Recommended packages:
  postfix mail-transport-agent
The following NEW packages will be installed:
  mixmaster
0 upgraded, 1 newly installed, 0 to remove and 51 not upgraded.
Need to get 0B/247kB of archives.
After unpacking 745kB of additional disk space will be used.
Reading package fields... Done
Reading package status... Done
Retrieving bug reports... Done
Preconfiguring packages ...
Selecting previously deselected package mixmaster.
(Reading database ... 108365 files and directories currently installed.)
Unpacking mixmaster (from .../mixmaster_3.0b2-2_amd64.deb) ...
Setting up mixmaster (3.0b2-2) ...
Not starting Mixmaster Daemon: remailer mode not enabled in /etc/mixmaster/remailer.conf.
root@host:~ 

For other systems, the Mixmaster source packages can be found at: Mixmaster Download Page

The first step to using Mixmaster is to retrieve the necessary public keys for encryption. For infrequent users, this should be done before every use. For frequent users, there are applications called Pingers that can automated their regular retrieval and updating.

root@host:~ mixmaster-update mixmaster-update --verbose
Getting http://stats.melontraffickers.com/rlist2.txt
Getting http://stats.melontraffickers.com/mlist2.txt
Getting http://stats.melontraffickers.com/pubring.mix
Getting http://stats.melontraffickers.com/rlist.txt
Getting http://stats.melontraffickers.com/mlist.txt
Getting http://stats.melontraffickers.com/pgp-all.asc
root@host:~ 

While Mixmaster can be integrated into several Email clients (such as Mutt), my personal experience is that this is a bad idea. Several times during testing, I sent messages prior setting the Mixmaster configuration by accident due to personal habits working with my prefered Email client. Therefore I recommend that everyone use the Mixmaster-Filter application to compose and send messages to avoid unintentionally sending messages directly. When you open Mixmaster-Filter in a console or xterm, it looks like this:

Mixmaster 3.0b2

    0 outgoing messages in the pool.



                         m)ail
                         p)ost to Usenet
                         r)ead mail (or news article)
                         d)ummy message
                         s)end messages from pool
                         e)dit configuration file
                         q)uit

To send a message, select the Mail option to compose the message, and it ask who the message is for and the subject like so:

Send message to: someone@feraga.com
Subject: Testing Mixmaster-filter

After that, it will proceed to further options:

Mixmaster 3.0b2 - sending mail

c)hain: *,*,*,*                             (reliability:   n/a  )
r)edundancy:   1 copies

d)estination: someone@feraga.com
s)ubject: Testing Mixmaster-filter

pgp encry)ption: no







                  e)dit message           f)ile      q)uit w/o sending

The first step is to compose our message, and by pressing 'e', it will open your default editor (in my case Vim), like so:

To: someone@feraga.com
Subject: Testing Mixmaster-filter

This is a test of the Mixmaster-Filter Remailer.

Compose your message, save/quit the editor and it will return to the Mixmaster-Filter options page where we can now select the servers to chain our message through. For simple messages you can leave the default in place and it will route the message through 4 randomly selected messages, although its generally a good idea to select reliable servers yourself. By pressing 'c', we can enter the chain selection dialog.

Select remailer chain:


a bigapple      -*****#**#** 100.00%    v deuxpi        +*+*********  73.42%
b lcs                 ****** 100.00%    w antani        ++++++++*+++  72.80%
c tonga         +***+*****+* 100.00%    x cyberiad      ************  72.67%
d twisty        ************ 100.00%    y metacolo      +***********  72.54%
e zerofree      ***#*#****** 100.00%    z banana        -+*+***+*+**  71.68%
f bikikii       --+++++++-++ 100.00%    A bird          +*+**++++++*  70.63%
g dizum         -++**+******  99.70%    B hermes        ++++++++++++  70.52%
h dingo         ++*+********  99.45%    C george        ************  67.59%
i panta         ++++++++++++  99.14%    D citrus        ++++++++++++  65.67%
j anon          +++++++***+*  98.90%    E kalel               ******  65.34%
k starwars      ++++++++++++  98.71%    F bunker        ++-+++-+++-+  37.44%
l kroken        +**+++**+**+  98.52%
m eelbash       -***********  98.11%
n cthulu        ++++++++++++  97.67%
o hastio        --***+*++**+  96.77%
p vger          *++++*+++**+  89.25%
q cside         +++++++++++*  80.95%
r borked             +******  76.40%
s paranoia      ************  76.16%
t pboxmix       +***********  76.13%
u austria       ************  75.89%
*  select at random                                       (reliability:     95.82%)
Chain: bikikii,cthulu,bigapple,twisty

From this dialog, we can see the reliability of the various remailers and select them by picking the letter to their left. For example to pick the 'bikikii' remailer, I would press 'f'. For security reasons, its a good idea to never select less that 3 servers although you can choose more if you like. As you select remailers for your chain, it will display the anticipated reliability of the whole chain in the bottom left. For this chain, we have a 95.82%. To delete a remailer from the chain, simply use the delete key. When you are satisfied with your chain, press <ENTER> to return to the main dialog, which will now look like this:

Mixmaster 3.0b2 - sending mail

c)hain: bikikii,cthulu,bigapple,twisty (reliability:  95.82%)
r)edundancy:   1 copies

d)estination: someone@feraga.com
s)ubject: Testing Mixmaster-filter

pgp encry)ption: no



m)ail message      e)dit message         f)ile          q)uit w/o sending

If the chain of remailers that we selected has a low redundancy, we can select 'r' to send multiple copies to insure delivery, however this not generally needed. If you have PGP installed and have the Public key for the host you are sending to, you can select the PGP option however as the messages are already encrypted during transmission between the remailers, this option is a little overkill. Last to add the message to the send queue, press 'm', and we will return to the Mixmaster-Filter main menu.

Mixmaster 3.0b2

    1 outgoing message in the pool.

                         m)ail
                         p)ost to Usenet
                         r)ead mail (or news article)
                         d)ummy message
                         s)end messages from pool
                         e)dit configuration file
                         q)uit

          Chain: bikikii,cthulu,bigapple,twisty

If you have more messages to send, you can do so by selecting 'm' for each and entering the necessary information. When you have all the messages you wish to send ready, press 's' to send them all and then 'q' to quit.