Asymmetric <all@biosys.net> wrote:
As for my being naive as you claim in a second here, who is really being naive here? You think that just because the remailer doesn't maintain an active database of nym mappings that it's immdiately impossible for it to be reversed? You implicitly trust anyone who says "here, use my remailer, I guarantee it's anonymous?" Get with the program. One fucking line on a console, in a firewall rule, anywhere along the way could fuck you into losing your anonymity, unless the message was sent encrypted to the remailer, and that's just to start with.
You should read up on Type 1 and Type 2 remailers. Both involve encryption. In the case of Type 2 remailers, you only need to trust one in the chain that you use in order to be sure that your identity is securely hidden.
I think that using a forged header is just as reliable as using an anonymous remailer, and just as anonymous if done right. There is no "port 25" hack involved. It's as simple as setting whatever email software you use to use X as it's smtp server, and then entering a nonexistant return address somewhere else. At best, you'll be totally anonymous. At worst, as is the case with any remailer, some log somewhere could exist that a connection to the server took place from w.x.y.z and may even contain the to and from addresses used. In general though, sysadmins are very stupid, and seldom go to the trouble of logging this kind of information for successful email messages.. typically only failures are logged.
Wrong again. By default in versions of sendmail since 4.9, all sent mails are logged right along with the failures--and this includes the IP address from which the connection was made to the SMTP server. Simply setting your SMTP server is not nearly enough. If 'they' have the IP address from which the mail was sent, 'they' have you. As I said above, please read up on Type 1 and Type 2 remailers before making such outrageous claims.
So what is more naive? To assume the fact so plainly evident in everyones face that the vast majority of sysadmins out there are lazy and stupid and then just pick one at random and do as I suggested
Finding open relays that don't do logging is difficult at best.
"anonymous remailers" that make an outright claim to be anonymous, but that you have no way of verifying?
As I said above, in the case of the Type 2 remailer, you only have to trust one server in the chain, and presumably you can find one that you're likely to trust not to disclose information to the people from whom you want to hide your identity. In the case of a US national, for example, post through a remailer in a country that the US doesn't like much--there are plenty of those--and you're fine. That, or trust that, for example, the MIT LCS remailer is reasonably secure (and it is--I know the person who runs it), and make sure it's in your chain.
very good chance at hitting something
Again, I ask you to produce an example of an open relay that you are reasonably sure does not do logging.
I made a suggestion. You people that responded so caustically maybe are tired of hearing the same suggestion over and over again. I'm tired of getting spam that wastes my time, my bandwidth, space on my mail server, and any other number of various and sundry resources.
So please filter, and don't complain. Or unsubscribe. It's the responsibility of new readers to peruse the archives. If you had done so, you would not have angered those who have heard this argument 10^9 times.
If I "whine" about getting spam... well so be it. Just know that you all whine about my messages, with far more useless messages, and far less reason to be at all upset.
No. The people of the list expect that you have gone over the archives so that what you say is not repetitive and a waste of time and bandwidth. If a bit of time and bandwidth spent now can reinforce the practice of archive reading before you post, then it is well spent, and is, in the long run, a net savings of both bandwidth and time. -- Riad Wahby rsw@mit.edu MIT VI-2/A 2002 5105