| I got a message from anon.penet.fi this morning: | | > You have sent a message using the anonymous contact service. ... | I have never sent any messages using the remailer. So whoever | is fiddling with the remailer is still doing it. Is it a coincidence | that I posted to this list for the first time a few days ago? No coincidence. For those that haven't figured it out yet, some less than clueful individual has subscribed a penet pseudonymous id to cypherpunks. Again. Then again, maybe it _was_ an intentional try at 'out'ing posters to cypherpunks. The perp will receive each post twice, once with the 'real' header via their normal subscription, and once with the 'anonymized' header via their penet subscription. When a message from a mailing list arrives at penet, addressed to a 'nym, penet anonymizes it and assigns a new 'nym for the address in the From: line. To me, this is obviously stupid when mailing lists are involved, causing automatic 'out'ing of folks who didn't know they were sending to a pseudonymous account. Might it be better for penet to fix the problem by more intelligent parsing on their end (using the Sender: line too?), rather than forcing the rest of the world to patch around their little security bug? Such patches include not attaching signatures and real names to any mailing list posts, making sure all your accounts have penet ids protected by passwords, not signing posts using PGP or RIPEM, and sending to lists only via anonymous remailers. A whole lot of bother for little gain... Basically, this penet problem makes Julf's service less than useless to anyone who wants their pseudonymous address to remain private.