From senator-bedfellow.mit.edu!bloom-beacon.mit.edu!panix!news.eecs.umich.edu!newsxfer.itd.umich.edu!newsxfer2.itd.umich.edu!newsfeed.internetmci.com!in1.uu.net!nntp.inet.fi!news.funet.fi!news.csc.fi!news.eunet.fi!anon.penet.fi Thu Mar 7 18:27:22 1996 Message-ID: <171319Z06031996@anon.penet.fi> Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!panix!news.eecs.umich.edu!newsxfer.itd.umich.edu!newsxfer2.itd.umich.edu!newsfeed.internetmci.com!in1.uu.net!nntp.inet.fi!news.funet.fi!news.csc.fi!news.eunet.fi!anon.penet.fi Newsgroups: alt.sex.voyeurism,alt.sex.exhibitionism,alt.sex.swingers From: an257610@anon.penet.fi X-Anonymously-To: alt.sex.voyeurism,alt.sex.exhibitionism,alt.sex.swingers Organization: Anonymous forwarding service Reply-To: an257610@anon.penet.fi Date: Wed, 6 Mar 1996 17:10:13 UTC Subject: Anonymous Remailer FAQ Lines: 247 Xref: senator-bedfellow.mit.edu alt.sex.voyeurism:31437 alt.sex.exhibitionism:38222 alt.sex.swingers:21031 *** Frequently Asked Questions About Anonymous Remailers *** by Andre Bacard, Author of "Computer Privacy Handbook" [FAQ Updated October 25, 1995] [Links at http://www.well.com/user/abacard] ================================================================= This article offers a nontechnical overview of "anonymous" and "pseudo-anonymous" remailers to help you decide whether to use these computer services to enhance your privacy. I have written this especially for persons with a sense of humor. You may distribute this (unaltered) FAQ for non-commercial purposes. ================================================================= What is a remailer? A remailer is computer service that privatizes your e-mail. A remailer allows you to send electronic mail to a Usenet news group or to a person without the recipient knowing your name or your e-mail address. To date, all popular remailers are free-of-charge. Why would YOU use remailers? Maybe you're a computer engineer who wants to express opinions about computer products, opinions that your employer might hold against you. Possibly you live in a community that is violently intolerant of your social, political, or religious views. Perhaps you're seeking employment via the Internet and you don't want to jeopardize your present job. Possibly you want to place personal ads. Perchance you're a whistle-blower afraid of retaliation. Conceivably you feel that, if you criticize your government, Big Brother will monitor you. Maybe you don't want people "flaming" your corporate e-mail address. In short, there are many legitimate reasons why you, a law abiding person, might use remailers. How does a remailer work? Let's take an example. A popular Internet remailer is run by Johan Helsingius, President of a Helsinki, Finland company that helps businesses connect to the Internet. His "an@anon.penet.fi" addresses are common in controversial news groups. Suppose you read a post from a battered woman crying out for help. You can write her at . Helsingius' computer will STRIP AWAY your real name and address (the header at the top of your e-mail), replace this data with a dummy address, and forward your message to the battered woman. Helsingius' computer will notify you of your new anonymous address; e.g., . You can use Helsingius' free service to forward letters to anyone, even to persons who do not use his service. His computer sends each user detailed instructions about his system. Are there many remailers? Currently, there are a couple dozen PUBLIC remailers that anyone can use free-of-charge. [There are also a few specialized remailers that allow users to post only in specific Usenet groups. I will not discuss this latter type]. Remailers tend to come and go. First, they require equipment and labor to set up and maintain; second, they produce zero revenue. Why are remailers free? There is a simple answer. How can remailer administrators charge people who want maximum privacy? Administrators can't ask for a credit card number or take checks. In the future, remailer operators might charge for their services. Privacy is valuable. For example, offshore banking is one of the world's biggest businesses. It is easy to imagine Remailer, ETC., a cyberspace company that goes beyond Mailbox, ETC. (the existing company which rents rents snailmail boxes). Already, Community ConneXion in Berkeley rents ANONYMOUS home pages and offers ANONYMOUS e-mail accounts. In order for remailers to become commercial on a big scale, anonymous payment systems such as DigiCash must become popular. There are other issues, pro and con, beyond the scope of this FAQ. Why do people operate remailers, if not for money? People set up remailers for their own personal usage, which they may or may not care to share with the rest of us. Joshua Quittner, co-author of the high-tech thriller Mother's Day, interviewed Mr. Helsingius for Wired magazine. Helsingius said: "It's important to be able to express certain views without everyone knowing who you are. One of the best examples was the great debate about Caller ID on phones. People were really upset that the person at the receiving end would know who was calling. On things like telephones, people take for granted the fact that they can be anonymous if they want to and they get really upset if people take that away. I think the same thing applies for e- mail." "Living in Finland, I got a pretty close view of how things were in the former Soviet Union. If you actually owned a photocopier or even a typewriter there you would have to register it and they would take samples of what your typewriter would put out so they could identify it later. That's something I find so appalling. The fact that you have to register every means of providing information to the public sort of parallels it, like saying you have to sign everything on the Net. We always have to be able to track you down". What is the difference between a "pseudo-anonymous" and an "anonymous" remailer? Note: Most people use the expression "anonymous remailer" as short hand for both types of remailers. This causes confusion! A "PSEUDO-anonymous" remailer is basically an account that you open with a remailer operator. Anon.penet.fi (described above) is a PSEUDO-anonymous remailer. This means that Julf, the operator, and his assistants KNOW your real e-mail address. Your privacy is as good as Julf's power and integrity to protect your records. Think of a PSEUDO-anonymous remailer as a SOMEWHAT anonymous remailer. In practice, what does this mean? Someone might get a court order to force a PSEUDO-anonymous remailer operator to reveal your true identity. The Finnish police forced Julf to reveal at least one person's true identity. The advantage of most PSEUDO-anonymous remailers is that they are user-friendly. If you can send e-mail, you can probably understand PSEUDO anonymous remailers. The price you pay for ease of use is less security. Truly ANONYMOUS remailers are a different animal. The good news... They provide much more privacy than PSEUDO anonymous remailers. The bad news... They are much harder to use than their PSEUDO anonymous cousins. There are basically two types of ANONYMOUS remailers. They are called "Cypherpunk remailers" and Lance Cottrell's "Mixmaster remailers". Note that I refer to remailers in the plural. If you want maximum privacy, you should send your message through two or more remailers. If done properly, you can insure that NOBODY (no remailer operator or any snoop) can read both your real name and your message. This is the real meaning of ANONYMOUS. In practice, nobody can force an ANONYMOUS remailer operator to reveal your identity, because the operator has NO CLUE who you are! Cypherpunk and Mixmaster remailer families are too technical to describe in this short FAQ. You can get links to technical details by checking the Anonymous Remailer FAQ at my web site: from http://www.well.com/user/abacard What makes an "ideal" remailer? An "ideal" remailer is: (a) Easy to use. (b) Run by a reliable individual whose system actually does what it promises. In addition, this person should have the computer expertise to take prudent steps to safeguard your privacy from civilian or government hackers. (c) Able to forward your messages in a timely manner. By "timely" I mean minutes or hours. (d) Holds your messages for a RANDOM time before forwarding them. This time lag makes it harder for snoops to link a message that arrives at, say, 3:00 P.M. with a message that leaves your machine at, say, 2:59 P.M. (e) Permits (better yet encourages!) PGP encryption software. If a remailer does NOT permit PGP (Pretty Good Privacy), reasonable people might assume that the remailer administrator enjoys reading forwarded mail. What makes a responsible remailer user? A responsible user: (a) Sends text files of a reasonable length. Binary files take too much transmission time. (b) Transmits files selectively. Remailers are NOT designed to send "You Can Get Rich" chain letters or other junk mail. Who are irresponsible remailer users? Here is a quote from one remailer administrator: "This remailer has been abused in the past, mostly by users hiding behind anonymity to harass other users. I will take steps to squish users who do this. Lets keep the net a friendly and productive place.... Using this remailer to send death threats is highly obnoxious. I will reveal your return address to the police if you do this." Legitimate remailer administrators will NOT TOLERATE harassment or criminal activity. Report any such incidents to the remailer administrator. How safe are remailers? [for paranoids only :-)] For most low-security tasks, such as responding to personal ads, PSEUDO anonymous remailers with passcode protection are undoubtedly safer than using real e-mail addresses. However, all the best made plans of mice and men have weaknesses. Suppose, for example, that you are a government employee, who just discovered that your boss is taking bribes. Is it safe to use a PSEUDO anonymous remailer to send evidence to a government whistleblower's e-mail hot line? Here are a few points to ponder: (a) The person who runs your e-mail system might intercept your secret messages to and from the remailer. This gives him proof that YOU are reporting your corrupt boss. This evidence could put you in danger. (b) Maybe the remailer is a government sting operation or a criminal enterprise designed to entrap people. The person who runs this service might be your corrupt boss' partner. (c) Hackers can do magic with computers. It's possible that civilian or Big Brother hackers have broken into the remailer (unbeknownst to the remailer's administrator), and that they can read your messages at will. (d) It is possible that Big Brother collects, scans, and stores all messages, including passcodes, into and out of the remailer. For these reasons, hard-core privacy people are leary of PSEUDO anonymous remailers. These people use Cypherpunk or Mixmaster programs that route their messages through several ANONYMOUS remailers. This way only the first remailer knows their real address, and the first remailer cannot know the final destination of the e-mail message. In addition, they PGP encrypt all messages. Remailer Technical Info and Software You can link up to technical remailer material, including the software, by visiting the Anonymous Remailer FAQ at my Web site [address below]. Andre, have you written other privacy-related FAQs? I'm circulating an (1) Anonymous Remailer FAQ, (2) E-Mail Privacy FAQ, (3) (Non-Technical) PGP FAQ for Novices, and (4) ALPHA.C2.ORG Remailer FAQ. To get these FAQs, Visit my WEB site: http://www.well.com/user/abacard Or send me this e-mail: To: abacard@well.com Subject: Help Message: [Ignored] ====================================================================== abacard@well.com Bacard wrote "The Computer Privacy Stanford, California Handbook" [Intro by Mitchell Kapor]. http://www.well.com/user/abacard Published by Peachpit Press, (800) Enjoy your privacy... 283-9444, ISBN # 1-56609-171-3. ======================================================================= --****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION*** Your e-mail reply to this message WILL be *automatically* ANONYMIZED. Please, report inappropriate use to abuse@anon.penet.fi For information (incl. non-anon reply) write to help@anon.penet.fi If you have any problems, address them to admin@anon.penet.fi