Matthew Ghio wrote:
William H. Geiger III wrote:
P.S. I'm sure none of you would be foolish enough to use penet-style remailers which do not encrypt the message headers. Your point being??
While I am sure most readers of this list are well aware that remailed messages which are not encrypted and chained are not secure, there is a class of users who are not yet aware of this fact. I was pointing out the relative ease with which their identities could be compromised by someone simply logging DNS traffic. In addition, there was some recent discussion over whether or not it was possible to obtain the subscriber list from cyberpass.net and algebra.com. Even if the subscriber list is not published, there is an alternative method to determine who subscribes to the list.
There are, of course, other methods, such as Return-Receipt headers and embedded html tags, but tracking DNS traffic tends to be easy to do on a wide scale without alerting the subjects that you are investigating.
Another danger of using remailers without encryption is that it is very easy to compromise one's identity due to little mistakes and malformed messages. - Igor.