[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Anonymous?




-----BEGIN PGP SIGNED MESSAGE-----

[email protected] (Lefty) says,

lef> >For example, would you object to this:
lef> >
lef> >[email protected]  = XXXX
lef> (etc.)

lef> What you have supplied represents an invasion of privacy as well,
lef> in my opinion.  If you were to explain how you came by this
lef> information, _that_ might be worth sharing, but simply presenting
lef> a mapping of anonyms to truenyms is not.

Gladly.  The problem was described in comp.risks, volume 15, number 17,
and I'll reproduce it below.  Two of the i.d.'s above were posted in
alt.test, with unusual signatures which Julf's software was unable to
strip; the third person posted his anon i.d. in his .sig, apparently so
that people could write him anonymously.  These are protocol failures,
resulting from an incomplete understanding of the anonymous posting
procedure.  Note that chop.ucsd.edu is also liable to this abuse, but
Matthew Ghio's service is somewhat more resistant.

=== BEGIN QUOTED ARTICLE ===

Date: Thu, 21 Oct 1993 01:51:07 UTC
From: [email protected]
Subject: Dangers of anonymous remailers

Recently, I asked for information on Usenet, but wanted to remain
anonymous, so I used an anonymous remailer to post.  Most people have
seen anonymous postings, and some people have probably replied to them.
What many people probably never think about is the following text at the
end of every post (that you will see at the end of my post):

> Due to the double-blind, any mail replies to this message will be anonymized,
> and an anonymous id will be allocated automatically. You have been warned.

This means that if Bill replies to my anonymous posting, it will go
through the remailer and become anonymized.  If Bill has sent an
anonymous message before, I will receive mail from him with his
(permanent) anonymous id.  If he puts in his signature at the end of his
mail (which I always do when replying to a stranger), he will be giving
me his anonymous id with his "real" id.  I can then save this
information in a database and cross-reference it with any anonymous
postings.

In fact, I have been doing just that.  I use the "Insidious Big Brother
Database" (bbdb) from within emacs, and it automatically inserts email
senders into my database, and marks all net-news headers from people in
my database.  I do this just because I'm curious, not malicious.  My
database is encrypted, so only I can read it.  I could be evil, though.

I could post flame-bait in newsgroups like alt.sexual.abuse.recovery,
save all the information from people that flame me, and then post the
cross-references to alt.rush.limbaugh.  Or I could do worse.

Be careful to whom you reply.


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCcAgUBLcrjsbhnz857T+PFAQGdWAQ3bgmHVNYLCkARHzocOHX3cdzG3K6h4P6/
FmsZspJRAzMLIn3/QBJ7qYcTtD01jT7SClbCqsilCce6rGfkn6ALgyWbU5KSJp1h
/Gl4zjJHCPRBWHlh3hh1StSycuJp+VR2gZ6fOYnTEdCvVWkTx6oljPTbJUjnhTPP
whAbyDPWXfntD4gf7m4R
=HjbX
-----END PGP SIGNATURE-----