[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Detweiler abuse again




[email protected] (Eric Hughes)  writes:
>
> >I'm not sure Eric's idea about connecting via sockets would eliminate all
> >possibilities of logging.  
> 
> I did not mean to imply this.  Using daemons would get rid of the
> _default_ loging that occurs on systems.  Changing logging from
> opt-out to opt-in would make a large practical difference right now.

  Using a remailer daemon on a well-known port (777, anyone?) would only
  result in defeating logging that is done via SMTP-agents like sendmail.
  It is still possible for the sysadmin on the host to do a TCP-wrapper
  log which logs the connection to the remailer from the originator.
  Again, this only provides IP address information, which makes it easy
  to hide if the originator comes from a machine like netcom or the well.

> This was exactly my point in a previous article.  An email address
> identifies both a machine and a user, where an IP connection (e.g.
> telnet) only reveals the machine.  Now if the sysadmin of the
> originating machine logs and shares information with the destination
> machine, the user can be identified.  But again, this is an opt-in
> monitoring system.

  Yes... also the remailer daemon could do opt-in monitoring of both ends
  of it's connections... Full accountability could be possible, but only
  with the complicity of everyone in the path...

 Jon Boone | PSC Networking | [email protected] | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C