[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: disposable remailers (was Re: Eternity Uncensorable?)




-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 8 Aug 1997, Adam Back wrote:

> Andy Dustman <[email protected]> writes:
> > 
> > Back to the subject: Disposable remailers. It seems the juno remailer
> > software would be good for this. I'm not sure what the sign-up requirement
> > are, but it's free. I was also thinking about web-based free mail
> > services, such as Hotmail and Rocketmail. Receiving mail means having to
> > parse some HTML, which from the looks of things is do-able but not
> > trivial. Sending mail might be easier to implement.
> 
> Sending mail is your problem alright.  It's where you get hit by
> spammers etc.

Ah, but if you only send through the disposable address, who cares? The
actually remailer address should never get seen (except on remailer lists,
of course). You could probably get away with never reading any incoming
mail, so spammers are not a problem.

> Wasn't there an email forgery web page around for a while.  The idea
> was that you filled in the details of who you wanted to send to, what
> address you wanted it to appear you had sent it from, and paste your
> message in this form box.  It did some kind of crude sendmail forgery
> for you.

Hmmm. Someone has recently been forging mail to appear to be from cracker
through something like this (very bad forgery, headers are all wrong).

> > Which brings up an interesting idea for an exitman/middleman remailer: Use
> > a nym or commercial ISP to receive the mail, use throwaway free mail
> > accounts for delivery (maybe even just plaintext delivery). Hotmail, at
> > least, inserts an X-Originating-IP:  header, though.  
> 
> No problem -- run it through www.anonymizer.com first :-)

Sure, Lance won't mind, right? At least, not if we subscribe... ;) Maybe
we need a network of anonymizing web proxy servers... 

> > I expect others do the same. So put your remailer output on a ZIP
> > disk or floppy and run your delivery on whatever public or
> > semi-public access machine you happen to get your hands on, once or
> > twice a day.
> 
> You'd not want to use the same public access account regularly.

I'm not thinking of an account so much as maybe a PC in a university
computer cluster. Pick one and go. At a big university there should be
several clusters around campus.

> I think the connecting to the web based interface of one of those free
> web gateways via www.anonymizer.com web based interface has potential.

It does, but I know The Anonymizer blocks some sites, at their request.

> How much trouble can you get in with ISPs for forging email?  Do they
> care?

Mindspring cares. My ISP was absorbed by them about two weeks after I
signed up. They say in their terms of service that impersonating someone
else is forbidden, but they specifically allow the use of anonymous
remailers and nicknames. I assume this means forging is frowned upon,
unless you are impersonating someone who doesn't exist, I guess.

Andy Dustman / Computational Center for Molecular Structure and Design / UGA
    To get my PGP public key, send me mail with subject "send file key".
For the ultimate anti-spam procmail recipe, send me mail with subject "spam"
"Encryption is too important to leave to the government."  -- Bruce Schneier
http://www.ilinks.net/~dustman    mailto:[email protected]      <}+++<


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEPAwUBM+qADROPBZTHLz8dAQHJBwfQim/nARDmP1GQq/hV9duWoO+lRF4bE+D5
RoAibhsZUpyR1vBu754PX2OOAPIjVq+i0UkdFm17bn40zZz9FnJRo/RRead0JdYm
GVO0KSll1AkJsZCtCIWLwIrrwlFKfRehhBJsfLqSat0XF9sI5L8V8npg4bng4hOm
zmTLtbgaRM7wd25hm6Ld4EdCNRyz9BK/2jt1VBemo1X8mKMDgAbk9APn4V4t5u0A
KgN6Btpl+aYs5IUgPRz1D7gFPCcsNWz1JmB/hbdS+r4NL5+/6i/+f/0v7kwmlNMa
P7fQjiIa+/fq8ZMdKfUAwPN0R0VxYT09kC0gtPQU5pkxHQ==
=jH4c
-----END PGP SIGNATURE-----