[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anon address attack...




> I was thinking of installing a trivial hack in my remailer, such that
> upon demand it adds some random (essentially unrepeatable) cruft to
> the From: line, placing it as a name field so as to have no
> addressing significance.  I believe penet assigns IDs based on this
> line, so chaining this to a penet-style remailer would provide
> "hit-and-run" anonymity -- even if the remailer wants nothing of the
> sort.  The social desirability of this could be questioned, but it
> certainly seems more secure to built pseudonyms on top of something
> like this (using PGP sigs to provide a solid identity) than through
> the presently-popular approach.  Comments?  (Julf?)

I think we should come up with a more socially acceptable solution.
Widespread use of hit-and-run abuse on the net would certainly lead to
actions against sites such as anon.penet.fi. Some method that preserves
a return path is needed for a *general* posting facility
(alt.whistleblowers etc. would be special cases). And... Please remember
anon.penet.fi has something like 13000 existing users. And most of them
have been using other anonymous posting hosts with the same
limitations/defaults as anon.penet.fi. So we can't change everything
overnight...

	Julf