The inherent security of the technique is actually quite strong. The tooling is terrible and many other problems exist with AAM, but in general the idea of having a shared “inbox” is good for anonymity. There is no way to tell which message is intended for whom. Receiving messages is unlinked, which is obviously good for anonymity. Sending requires a different set of technologies to ensure that the message delivery is unlinked. Tor solves part of this problem.
AAM had serious limitations. Things fall down a bit with the underlying technology for newsgroups and PGP and so on not being designed for anonymity, “fail closed” security, or ease of use (and difficulty of misuse).
A bespoke system could work, but the limiting factor is selecting an “inbox” that is widely distributed and heavily used (the anonymity is directly correlated to how many people access the inbox/inbox container.)
# Case Study: YardBird’s group (mostly) escapes arrest
A similar method for secrecy was used by a CSAM group. It was penetrated by the police when they arrested a member who turned informant to reduce his sentence. The police monitored the group from inside for months (I remember it being over a year). Despite having complete access to all the communications and technical surveillance data and international cooperation between police forces, the majority of the group evaded arrest.
There was a set of operating rules that the group followed and everyone who did so escaped the net. I wrote about it in 2013 if anyone is interested in digging deeper into the story.
Some time ago I created a chat that uses the same principles, it's funny to have some ideas validated by something that has been around for over 20 years and that I didn't know existed.
Because your mom and your grandma went and got Facebook accounts, since it was easier to share baby photos that way. And then everyone just used that to chat with mom and we neglected the old systems.
There is an implicit assumption that average mom and grandma were out there using message groups. Either that or you are gate keeping moms and grandmas out of the internet. I am going to assume the former.
Myspace proved social networking worked. Facebook made it easy for non-techies and kicked off the status game. Instagram locked in the dopamine loop. TikTok perfected it.
The internet grew because it got commercialized, which also meant dumbing it down for non-technical people. Funny how that same growth created most of the wealth enjoyed by people posting on YC. Always makes me chuckle when I see good old days of the internet nostalgia here.
Facebook made it easy for non-techies and kicked off the status game.
That's all I was trying to say. trn was a bit of a learning curve for moms and grandmas. And they pulled the rest of us along into using Facebook and other social media and leaving USENET behind. No gatekeeping or whatever you're going on about here.
Over 40 more like. USENET was quite mature in the early 1980's.
Indecently, the decline in the popularity of USENET makes it much less useful for anonymous messages; it's much easier to conduct traffic analysis amongst relatively few users/nodes [1] than it was back in the mid-to-late 1990's when USENET was at its peak and every ISP provided a feed. These days you will stand out if you have (or request) a USENET feed. Back then, it was the norm to have one.
[1] Yes, traffic volumes have increased (primarily due to sharing binaries rather than text), but the number of active users/nodes has certainly declined.
Those flying the Jolly Rodger. Filter out the binary newsgroups (leaving only the text discussion groups) and the resulting load is a tiny fraction of that.
If you control the Usenet servers then you control what gets synchronized to your servers. If you filter out the binary groups they will never traverse your network connections to your servers.
I run a text-only Usenet server. As a sibling commenter says, you work out with your peers what you want to receive. I carry most of the text newsgroups, and according to my daily report I got about 3000 new messages yesterday totaling a bit over 9 MB.
I would like to see something like this that can scale to 100B+ messages per day (ie. A world scale messaging app), whilst still not revealing who is talking to who.
Clearly the 'send all messages to everyone' approach cannot.
But I wonder if there is an approach that can, with the added complexity that the users use mobile devices and care about battery life and bandwidth usage.
I suspect there is not a design that can still provide anonymity against an attacker who can see all network traffic, but if there is, I'd like to know about it!
“Deanonymising alt anonymous messages”
https://www.youtube.com/watch?v=l5JBMyxvuH8
The accompanying blog post is here:
https://ritter.vg/blog-deanonymizing_amm.html
The inherent security of the technique is actually quite strong. The tooling is terrible and many other problems exist with AAM, but in general the idea of having a shared “inbox” is good for anonymity. There is no way to tell which message is intended for whom. Receiving messages is unlinked, which is obviously good for anonymity. Sending requires a different set of technologies to ensure that the message delivery is unlinked. Tor solves part of this problem.
AAM had serious limitations. Things fall down a bit with the underlying technology for newsgroups and PGP and so on not being designed for anonymity, “fail closed” security, or ease of use (and difficulty of misuse).
A bespoke system could work, but the limiting factor is selecting an “inbox” that is widely distributed and heavily used (the anonymity is directly correlated to how many people access the inbox/inbox container.)
# Case Study: YardBird’s group (mostly) escapes arrest
A similar method for secrecy was used by a CSAM group. It was penetrated by the police when they arrested a member who turned informant to reduce his sentence. The police monitored the group from inside for months (I remember it being over a year). Despite having complete access to all the communications and technical surveillance data and international cooperation between police forces, the majority of the group evaded arrest.
There was a set of operating rules that the group followed and everyone who did so escaped the net. I wrote about it in 2013 if anyone is interested in digging deeper into the story.
https://grugq.github.io/blog/2013/12/01/yardbirds-effective-...