[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: [email protected]

H>A few months ago, someone subscribed to 
H>the list through the Penet service,
H>and it ended up revealing the Penet 
H>aliases of everyone who posted.  Each
H>post was delivered to that subscriber 
H>marked as being from the Penet alias
H>corresponding to the poster.  All it took 
H>was a parallel non-Penet subscription
H>to break the anonymity provided by Penet.
H>Has this now happened again?

Funny you should mention this.  Maybe someone else just subscribed via 
penet since my morning post to cypherpunks was bounced back to *me* from 
penet (as well as being posted normally).  The bounce was caused because 
penet was reading the originating address as *my* address (not 
cypherpunks) and since I have been using a penet password and my message 
did not contain the password, it was not forwarded.

I have noticed that some postings show up here from cypherpunks and some 
from the address of the original poster.  I suppose different mailing 
situations cause different results.

Maybe all penet users on the list should activate passwords on penet.fi.  
Penet may search back along the chain of addresses for any familiar 
address to check against it's list of password-enabled addresses.

Duncan Frissell

H>At the time, there was some discussion 
H>about using "an..." versus "na..."
H>forms of the Penet aliases, one of which 
H>would avoid this revelation.  Has
H>that been taken care of?
H>Hal Finney
H>[email protected]

 ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy