[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Warning about exposing anon id
It seems that an anonymous remailer can operate in one of three ways -
it can reveal your psuedonym, it can reveal your identity, or it can
reveal nothing and simply give you a generaic "anonymous" identity.
Unfortunately each mode of operation is inapproprate as a default behavior:
- If it reveals your psuedonym, you could inadvertently expose map your
name to your psuedonym if you reply to a remailed message and include your
real identity.
- If it reveals your real identity, this could lead all sorts of obvious
problems with people who don't expect this behavior.
- If it simply strips out all identifying information and calls you some
generic anonymous name, this could lead to problems for people who expect
a reply to their messages.
I think the best solution is to require any message sent through a remailer
to include explicit instructions as to how it should be handled. For example,
require something like an "X-Identify:" field that would be used to select the
return address behavior, with options like "real-id", "psuedonym", or
"anonymous". Messages that don't include the field should bounce, probably
with some instructions as to how to fix the message to make it go through
properly.
-matt