[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Beware of anon.penet.fi message!
- To: [email protected]
- Subject: Re: Beware of anon.penet.fi message!
- From: [email protected] (deadbeat)
- Date: Mon, 22 Feb 1993 23:46:32 -0500
- Organization: Anonymous contact service
-----BEGIN PGP SIGNED MESSAGE-----
David,
> As was said, the doubleblind system is a great idea, but incomplete
> if you want to correspond to someone without revealing your anon id.
Well, I don't agree that doubleblind is a great idea.
For example, if at any time, Alice sends pseudonymously to Bob, Bob can
not reply directly: this would expose his identity at anon.penet.fi.
Bob must reply through a remailer.
Note the irony -- Bob must take special steps to protect his pseudonym
because anon.penet.fi is acting affirmatively to conceal his actual
identity. If Bob slips up and simply replies, he is exposed.
Hal,
> (It's interesting that he also sent his message via one of the Cypherpunks
> remailers. Maybe he thought they worked like the Penet remailer and
> he could break anonymity on those as well.)
Actually, I don't know why my message went through a Cypherpunks
remailer -- I didn't ask it to. I don't know of any weaknesses in
the Cypherpunks remailers (other than extreme vulnerability to social
engineering).
> Evidentally there is positive harm that can occur by automatically
> anonymizing all messages which pass through a remailer. ... For
> anonymous posting and for mail to a non-anonymous address, it's more
> reasonable to assume that anonymization is desired. ... But when
> sending a message to an anonymous address, it's not known whether the
> sender wants to be anonymized or not.
I think it's imperative that the sender use X-Anon-To to be
pseudonymous. This is consistent with the principle of least
astonishment.
> It might seem that people should just be careful about what they
> send through Penet, but there are some problems with this. What do
> you do if you get a message from [email protected] asking for
> advice on cryptography mailing lists? If you reply, your questioner
> can figure out who the reply is coming from, and sees your Penet
> alias. There is no way to prevent this from happening currently.
A Cypherpunks remailer can be used to conceal the correspondent's
pseudonymous identity.
> Also, I have seen proposals that anonymous ID's should be made less
> recognizable, so that instead of [email protected] we would have
> [email protected]. In such a situation it might be tedious to
> scrutinize every email address we send to (via replies, for example)
> to make sure it isn't a remailer where you have an anonymous ID.
It would be a real boon to make pseudonyms less prominent -- this
seems to have kicked over a hornet's nest on USENET (even though
pseudonyms have been quietly in use for years). But were this the
case, scrutiny would be an understatement.
> All in all, I think some changes need to be made in how anonymous
> addresses are used and implemented in order to provide reasonable
> amounts of security.
I agree that more discussion is in order. I'm especially concerned
about the broader issues regarding anonymity through remailers.
DEADBEAT
-----BEGIN PGP SIGNATURE-----
Version: 2.1
iQBFAgUBK4mrrvFZTpBW/B35AQE+PQGAh69FcaATFD05lIuhqqK8ZMmV+8xNi/LN
7kxDSgFgB9J/A9rRgAL6S1Ux2ojU4opP
=RGlc
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
To find out more about the anon service, send mail to [email protected].
Due to the double-blind system, any replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to [email protected].
*IMPORTANT server security update*, mail to [email protected] for details.