[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


At  6:44 PM 8/11/93 -0700, Warren Keith Russell wrote:

>I received a message from System Daemon telling me that I had sent a
>message using the anonymous contact service, allocating a code name, and
>explaining how I can be reached anonymously.
>What does this mean?  Sounds great, but I have no idea how I managed to
>send such a message!

Probably means someone sent a message to [email protected] using that
service. The service then allocated an id to [email protected] and sent
it mail. 

At  9:08 AM 8/12/93 -0700, [email protected] wrote:
>A few months ago, someone subscribed to the list through the Penet service,
>and it ended up revealing the Penet aliases of everyone who posted.  Each
>post was delivered to that subscriber marked as being from the Penet alias
>corresponding to the poster.  All it took was a parallel non-Penet subscription
>to break the anonymity provided by Penet.
>Has this now happened again?
>At the time, there was some discussion about using "an..." versus "na..."
>forms of the Penet aliases, one of which would avoid this revelation.  Has
>that been taken care of?

Now the service requires a password, so we're safe (I hope). Stuff sent by
an  unsuspecting user through the list to penet will cause a bounce at
penet saying something like 'are you new? set your password.' However, the
way Julf set up the password setting/using is not totally secure. There is
an option where you can set no password which an attacker would find
useful. It wouldn't work for a mass disclosure though. The attacker would
have to pick and impersonate each of his targets, and unless the attacker
can intercept his victims' mail they will get stuff from penet giving them
a clue that something's amiss.

I suppose this is a worthy topic for this list: How do you have anonymity
that allows replies and psuedonyms that can't be hacked by impersonation? 

One cheap way would be to not automatically include the poster's pseudonym
in the recipient's copy - have it be totally anonymous like the cypherpunks
remailers. Pseudonyms would be only for replies/return addresses. 

Actually, Julf's solution isn't too bad. Having your password in plain text
on its way to the remailer is insecure, but Julf's remailer doesn't allow
encryption, so you're vulnerable to a truly determined attack anyhow.

Maybe Julf needs to bite the bullet and start using PGP.

>Again, I'd like to find out who it is, have them removed, and have my
>new penet id cancelled.  After all, this person now has email from me,
>with my penet id on it, with my name signed at the bottom.  If I
>decide to use the penet remailer in the future, I don't want this
>person to have a binding between my penet id and my real name.
>               MArc

If you'd set a password you'd have no problem. If you got a bounce, you're OK.

To find out more about the anon service, send mail to [email protected]
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to [email protected]