The problem here is that people are confusing anonymity and privacy; they are two very different things. Hushmail provides privacy, but does not provide anonymity. If one is engaged in potentially illegal activities, it is necessary to be *both* anonymous and private.
PGP, as the name implies, is Pretty Good Privacy--it provides an excellent level of privacy, but in and of itself, does not provide anonymity. Anonymity is provided by anonymous remailers, of which there are currently two classes: cypherpunk and mixmaster. (There is a third class, mixminion, but it is still in an immature stage of development.)
Another specialized type of remailer is the nymserver; as its name implies, nymservers allow one to use PGP/GPG to setup a pseudonym, where one can send/receive email securely.
If one uses a chain of mixmaster remailers to setup/use a nymserver account, this effectively breaks the link between your own IP address and that of the nymserver.
The nymserver operator, even were they to be subpoenaed, would not have your IP address to give to the authorities. All that the nymserver operator has to give to the authorities are:
1) My PGP public key, and 2) my reply block.
In my case, my PGP key is 4096-bits, or twice the size of the 2048-bit keys used by Hushmail. Frankly, neither 2048 nor 4096 keys will be vulnerable any time in the near future. My reply block is a PGP-encrypted, specially-formatted text file. The reply block tells a remailer where to direct any replies that are sent to my nymserver account.
My nymserver account has been setup to send all messages to an anonymous message pool. In practice, this usually is the Usenet newsgroup alt.anonymous.messages. (This is just a high-tech version of the "dead drop" used in espionage tradecraft.)
I'll explain the rationale behind this choice a little further down.
Unlike Hushmail, the nymserver does not have my private PGP key. My private PGP key only exists on my hardware, where it was initially generated. Brute-force password attacks against my private key are not possible, since an attacker cannot get access to my private key. The fact that your private key
is available to law-enforcement with Hushmail is why it is
so important to use a strong passphrase on your Hushmail accounts, if you must use Hushmail.
Here's how the process works:
i) Someone sends me an email message; the nymserver takes this message and encrypts it with my public key;
ii) The nymserver takes the encrypted message, prepends the reply block to it, and forwards it to the target remailer associated with the reply block.
iii) the target remailer decrypts my reply block, and carries out the instructions found inside.
Let's assume for a moment that the nymserver operator were to be served with a warrant under MLAT and forced to hand over my PGP public key and reply block. All they would have is a public key with an address of say,
[email protected] No clues to my real identity here. As for the reply block, it is encrypted to:
[email protected] over in the Netherlands. So the authorities would have to get their Dutch counterparts to get a warrant and approach the remailer operator over there to decrypt the reply block.
So the replay.com operator takes the reply block from the police and decrypts it., like they asked. Here is the decrypted reply-block that the authorities get for all their time and trouble:
::
Request-Remailing-To:
[email protected]
Encrypt-Key: blah_blah
Encrypt-Subject: dKBJDCd2tZqidpxiAJME9Q
##
Newsgroups: alt.anonymous.messages
Subject: I love paris in the the spring!
**
The Request-Remailing-To: line points to a mail2news gateway that posts to the Usenet group found in the Newsgroups: line, in this case alt.anonymous.messages.
The Encrypt-Key: directive tells the remailer to further encrypt the already-PGP- encrypted message with the symmetric IDEA cipher, using the string "blah_blah". The reason for this is to prevent any adversary from combing through the messages in alt.anonymous.messages looking for messages encrypted with my PGP public key.
Similarly, the Encrypt-Subject: directive, as the name implies, encrypts a hash of the message subject, thus ensuring that the Subject line showing up in alt.anonymous.messages changes constantly. This is to prevent an adversary sending say, 20 or 30 or 50 messages to my nym account and watching alt.anonymous.messages to see a spike the number of messages with a particular subject line.
In other words, these measures ensure that no attacker can determine which messages in the pool are mine by:
a) trying to see which messages are encrypted to my PGP public key; and
b) watching for messages with a particular subject line.
Now an investigator, who has obtained the decrypted reply block under warrant, _has_ sufficient information to determine which messages are mine in the anonymous message pool. Using a package like AAMfetch, they can insert the values found in the reply block and download all the traffic in the message pool associated with my nym account.
However, they still don't know who I am, or where I am located. They also still cannot read my messages, as they cannot break the PGP-encrypted messages.
In order to install a keylogger, they first have to be able to find you. The only way they could affect you without knowing who or where you are, would be to get you to carry out some action, for example, visit a trojaned web site, or trick you into installing some malware that would send your IP address, etc. to them.
For those interested in privacy, anonymity and techniques to accomplish this, I would recommend paying a visit to the Usenet newsgroup alt.privacy.anon-server. Dr. Who's FAQ is frequently posted there, and it is an excellent introduction to these subjects, particularly for Windows users. The latest version of Dr. Who's Encryption & Security FAQ (22.6.4) was posted on October 1st in alt.privacy.anon-server. The Message-ID: is: <
[email protected]>. I have verified his PGP signature on this particular version. (If it has expired with your newsserver, it may still be available through Google Groups.)
Here is a link to another tutorial:
http://www.iusmentis.com/technology/remailers/nym.html
Most of the information is accurate, although dated. In particular, nym.alias.net is NOT recommended any longer, as they haven't changed their public key in more than 10 years! (Nym.alias.net is/was a student project--it has been run by a succession of student admins over the years. It tends to be erratic, and heaven only knows how many copies of nym.alias.net's private key are floating around. Ten years ago it ws top-notch, today it is no longer recommended--there are other nymservers out there that are much better-administered.)
Finally, here's a link to a 96-page court document with respect to the MDMA bust and keylogger installation.
http://politechbot.com/docs/forrester.alba.dea.key.logger.070907.pdf
I could elaborate further, if anyone is interested. If anyone wants to email me, they can do so at:
[email protected]. I've already uploaded the public key for this account to the hushmail key server.
Fidel Castro <
[email protected]>
PGP-Key: 0x9703892
Fingerprint: CFF2 9E40 8C8B 8A03 14DB D51C 44A2 2578 0970 3892
Please Scroll Down to See Forums Below 
