Tim said:
It would be nice if the operators of the current remailers made clear their archiving/record-keeping policies on remailer traffic.
Here's the policy paragraph from my remailer blurb: -------------------- Policy, security, and legal cruft: The remailer has the capability to log source and destination addresses, as well as full message text. This is presently turned off. If I need to debug some weirdness, though, I'll turn it on again. I cannot guarantee, for both technical and political reasons, that anonymous mail will be secure. In particular, I explicitly disclaim the security of messages which are in themselves harmful and illegal, such as extortion and libel. I will block mail from my remailer to any particular address upon request of its owner. I may request some form of verification, to thwart denial-of-service attacks based on this mail blocking. By sending a message through my remailer, you are trusting me, like it or not. I could be a sting operation, or a blackmailer gathering information -- it *will* happen eventually. If you do not trust me, ask someone you do trust to do the remailing. Please remember that anti-social behavior or truly excessive traffic through the remailer will probably cause my sysadmins to ask me to remove it. Thank you for being polite. Please ask me if you have any questions. ------------------------------ Addenda to the above: I do keep usage logs ("date >>log"), which perhaps I should mention. jarthur is not my machine (fortunately!), so it keeps mail logs and I can't do anything about it (unless we make the remailers avoid getting logged in the first place...). I'd like to run a personal linux box, but I really can't unless somebody would like to give me a second machine. The muttering about "disclaiming the security" of extortion threats is pretty much moot, because I can't do do any outing unless somebody says "I'm going to extort an upstanding citizen through your server; please turn logging on." Mail logs are a problem, because lots of machines keep them and most remops (uh, that coinage is a lose) can't fix this. I think that the user-mode orientation of the remailer package should extend to letting J. User install it and *have it be secure*, too. Really, anonymity with mail logs is security only through obscurity. I presume you can do socket coding in perl. It should be possible to have the remailer interpret mailings to "<keyword>@<machine>" to mean "open a socket to the remailer on <machine> and dump the message to it." The remailers do their own mail handling; all the transport system does is dump it in their laps. To fix logging on the final transmission to the recipient would require batching, which if most people get sufficient traffic (I don't) might be preferable to this whole mess. Eli ebrandt@jarthur.claremont.edu