[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Who subscribes to the list?
Matthew Ghio wrote:
> William H. Geiger III wrote:
> > >P.S. I'm sure none of you would be foolish enough to use penet-style
> > >remailers which do not encrypt the message headers.
> > Your point being??
>
>
> While I am sure most readers of this list are well aware that remailed
> messages which are not encrypted and chained are not secure, there is a
> class of users who are not yet aware of this fact. I was pointing out
> the relative ease with which their identities could be compromised by
> someone simply logging DNS traffic. In addition, there was some recent
> discussion over whether or not it was possible to obtain the subscriber
> list from cyberpass.net and algebra.com. Even if the subscriber list
> is not published, there is an alternative method to determine who
> subscribes to the list.
>
> There are, of course, other methods, such as Return-Receipt headers and
> embedded html tags, but tracking DNS traffic tends to be easy to do on
> a wide scale without alerting the subjects that you are investigating.
>
Another danger of using remailers without encryption is that it is very
easy to compromise one's identity due to little mistakes and malformed
messages.
- Igor.