Jari Aalto -- AT poboxes.com <ssjaaa@uce-die.uta.fi> wrote:
| Anon.penet.fi was *NOT* an anonymous remailer, though. It was a "pseudonym | server". The fact that it maintained a database by which posts could be | "traced back to a real address" is the main reason why it's no longer in | operation.
You give wrong inmpression about PENET; which was after all, the first anonymnous service. There are levels of anonymity. For penet strory, refer to this:
http://www2.thecia.net/users/rnewman/scientology/anon/penet.html
I'm not knocking the anon.penet.fi experiment. We've all learned a lot from it. Let's not forget those lessons. The same attack has been tried on two different remailers. In 1996, the anon.penet.fi remailer was the subject of an attack by the Co$. As part of that attack, the remailer's database which linked the "anonymous" accounts to their actual holders. The operator valiantly defended the integrity of that database, and it was not compromised. But the potential was certainly there. This year, Jeff Burchell's "Huge Cajones Remailer" came under attack. Alleging "abuse" involving that remailer, Gary Burnore and Belinda Bryan of DataBasix demanded that Jeff turn over ALL his logs to them. Fortunately, Jeff wisely kept no such logs. Even though the remailer was eventually harassed out of existence, the privacy of its users was preserved because the information the attackers demanded simply wasn't there to demand. That's a wise idea for the same reason that retail merchants remove the cash from their cash registers when they're closed, leaving the cash drawers unlocked. There's less temptation to stage an attack if you know in advance that you won't get what you're seeking (the identity of someone you'd like to silence, for example) by staging such an attack. Any operator that keeps identifying information is inviting litigation, or worse. If you're an ISP and are making money, then perhaps that risk is justified. But you can't expect a volunteer operator of a free remailer to take such a risk for nothing. You're right. For those who only need a superficial level of "anonymity" and don't really care if their identity is eventually revealed publicly, some of the alternatives such as Hotmail would perhaps suffice. But that's a decision best left to the user, and not to be mandated by others with a lesser stake in the consequences. --