A Condensed History of Anonymous Remailers

Matt ฿
ChainRift Research
Published in
4 min readJan 25, 2019


When you think about it, the weakest link in your privacy is likely your online activity. A transaction or conversation can easily take place (without much effort put into keeping it confidential) in the meatspace, but replicating it in cyberspace can prove significantly more difficult if you want to prevent that data from being spied on.

Consider, for instance, the act of sending a letter – it’s not overly hard to do anonymously, provided you keep it clear of fingerprints (and a return address, obviously). Dump it in a public mailbox and that should be that. With email, it isn’t quite that simple.

Enter remailers.

This isn’t by any means new technology. You can trace the inception of the concept all the way back to the early cypherpunks: David Chaum, widely revered as the father of digital cash, first presented the idea in his 1981 paper Untraceable Electronic Mail, Return Addresses and Digital Pseudonyms:

“A technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication — in spite of an unsecured underlying telecommunication system. The technique does not require a universally trusted authority. One correspondent can remain anonymous to a second, while allowing the second to respond via an untraceble return address.”

Various iterations of the idea followed. Earlier ones (such as the Penet remailer) functioned by taking incoming emails, cleaning them of any identifiers, and submitting them to their destination (with a server-determined ID attached to the message). This allowed for a two-way communications channel, as one could then respond to the original sender by routing through the pseudonym.

Though hugely popular at the time (accruing ~700,000 users in its heyday), the fatal flaw in Penet was its reliance on a central server, which maintained a list of original senders and their pseudonymous IDs. This made it a target for malicious parties and authorities that sought to deanonymise users of the service (legal pressure had, at one point, strong-armed the operator into turning over identities).

The Cypherpunk Spin

Hal Finney’s involvement with the cypherpunks greatly predates Bitcoin. In fact, alongside Eric Hughes, Finney is credited with the creation of the first cryptographically based anonymous remailer, which offers numerous remedies to the somewhat weak security of the pseudonymous one described above, with two major improvements – reliance on a distributed network of nodes (as opposed to a single server) and encryption to prevent any single point of failure or opportunities for eavesdropping.

With multiple servers thrown into the mix, efforts by law enforcement would be incredibly difficult, as each node would only be aware of the sender and receiver it was immediately connected to. Moreover, these could be dispersed across different jurisdictions.

With a Cypherpunk (Type I) remailer, the user composes a message and destination within a specified format, before encrypting the text with the remailer’s public key and sending it to them via email. For greater privacy, it’s recommended that additional hops are added in by layering a message in such a way that it’s passed through multiple remailers before reaching the target.

This method was particularly popular on the Cypherpunk Mailing List for obfuscating the origin of messages (see our recent piece on Blacknet). Given the nature of these remailers, however, communications could only be made one-way if reply blocks were not used.

Mixmaster and Mixminions

Though the Type I remailer is about as lightweight as they come (all a participant requires is a text editor and some form of PGP software), others are more sophisticated and necessitate the use of a specialised program to bring to life Chaum’s proposed mix network.

Mixmaster (Type II) was created by Lance Cottrell under the assumption that all nodes on the network are compromised. It strives to eliminate opportunities for traffic analysis (something that progenitors were susceptible to if an attacker was dedicated enough) – it achieved this chiefly through the incorporation of features like distributing messages in fixed-size packets and delaying sending. Like the Cypherpunk remailer, Mixmaster did not enable replies, so reply blocks were necessary. These are risky, though, as they can be reused — an attack vector that an adversary could exploit.

Mixminion (Type III) came to fruition to resolve some of the issues still present in Mixmaster.

The Mixminion Project aims to deploy a cleaner remailer design in the same spirit as Mixmaster, with the goals of expanding deployment, documenting our design decisions and how well they stand up to all known attacks, and providing a research base for experimental features.

Alongside improvements like key rotation, directory servers and replay protection, Mixminion brought to the table Single-Use Reply Blocks (or SURBs), making replies indistinguishable from other messages and therefore granting superior privacy by leveraging their anonymity set.

The right to privacy isn’t something to be legislated and given, but something to be taken and defended. Though the software discussed may seem somewhat dated by today’s standards, the importance of remailers in the ideological battle for online anonymity cannot be understated.

Cover art by the author.



Matt ฿
ChainRift Research

Bitcoin, privacy and cypherpunk stuff www.itsmattbit.ch