Note: This page is historical.

Current pages about Yenta are here. Please look at those pages first.

Yenta is still under active development, but this particular page is not. If you're interested in current research papers about Yenta, or obtaining a copy of Yenta, please start here instead.

This page is one of many that were written in late 1994 and early 1995, and are being preserved here for historical purposes. If you're viewing this page, you probably found it via an old link or are interested in the history of how Yenta came to be. These pages have not been actively maintained since 1995, so you'll find all sorts of older descriptions which may not match the current system, citations to old papers and old results, and so forth.

How to make anonymity work better

One way to make anonymity work better, in the face of agents that communicate directly in the presence of malevolent other users, might be to employ random reforwarding of the messages.

This amounts to having each agent choose whether to randomly forward a message to one of its peers, or deliver it to its destination. Presumably, the actual message contents (including its original sender) are encrypted in a way that only the receiver can read, and not the intermediate hops. This helps to ensure that an IP-address attack cannot succeed, and is similar to the techniques used by the Cypherpunk remailers.

Since we are implicitly assuming that whatever the agents are communicating is personal enough to protect with good anonymity and/or cryptography,, it is convenient that random reforwarding can also aid in foiling a perennial problem of communication in the face of malevolence, namely traffic analysis.

In particular, if a given user's agent has a large number of potential "first-hop" neighbors, and if most of those can be presumed at least moderately trustworthy (e.g, only a statistically small number of them are motivated to backtrace the connection by IP address), the actual amount of traffic data leaked is relatively small. [A policy of communicating random data to peer agents, to be thrown away after decryption in most cases, would be even greater protection, but is presumably not enough of a threat for most users---though conceivably this could be configurable by how willing individual users are in tolerating the overhead.]

Lenny Foner
Last modified: Sat Dec 10 14:55:07 1994