-----BEGIN PGP SIGNED MESSAGE----- nobody@REPLAY.COM (Anonymous) wrote:
I've been reading about Cajones, and having logs demanded, and about traceability vs accountability and so forth here.
Do remailers keep a trace of whoever sends them mail? I sent this message from my desk to Replay and on to a mail2news gateway, can someone trace it back to my desk somehow? That would hardly be anonymous, would it. Sorry if this is/has been covered somewhere, but I can't seem to find a good nuts and bolts explanation of just how secure anonymous remailers are.
I suspect that if you polled remailer operators you'd find that some keep logs and some don't. I don't know about the Replay remailer. Perhaps Alex DeJoode (the operator of the Replay remailer) would care to comment. Nor can logs necessarily positively identify you. If kept, they would record when your message came in and when the post to usenet went out, but *PROBABLY* would not establish a conclusive link between the two. Many remailers maintain a "reordering pool" where forwarded messages do not necessarily get sent out in the order they were received. If you're concerned about backwards traceability via remailer logs, then encrypt and chain your posts through several remailers. If you do that, your identity is protected unless *ALL* of the remailers kept logs and their operators *ALL* cooperated in the effort to identify you. If even one of the remailers in the chain doesn't keep logs, then the trail back to you stops right there. IMO, any remailer operator that keeps logs is inviting trouble, but that's their choice. Some remailers are hosted on ISPs that automatically keep logs and it is quite beyond the remailer operator's control. If you sent this message directly to the replay.com remailer and didn't encrypt it, then anyone along the electronic path between you and the Replay remailer could have read it and known who posted it. If you PGP encrypted it, then it would take Alex DeJoode's cooperation to identify you, assuming he kept logs. If you had used encrypted chaining through at least three remailers, then no single person (except you) would know both the source and final destination of the message. The first remailer would know who sent it but not where it was headed. The second remailer would know neither. The third remailer would only know its destination (usenet) but not its source. - --- Finger <comsec@nym.alias.net> for PGP public key (Key ID=19BE8B0D) -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEUAwUBNJ6uGAbp0h8ZvosNAQHKjAf41cqbqQP6A+JXmZXJ9qpCg6nSL5760ZU8 CNv/TheuBvbsbGQ1bBi7zeWVtkCq+MK8XhTFKKLHw6sfyukgAaQY5toM5H+zHtaY ITCQyGheSngySv/jD8RYYKNtHfk/aCEl9v8MYfTmiBotYp6eiSim3HZyTsNPH41L wRnQc/90zcDmPe5sB6fJY0DxSywX+w7yyobwlCSvlTGWUeVVBntJY65RZysVwtHy YbFplCehw3ygJ20OK1fWJUpVvYFUlY56SdnxPvZPaPO/5vO+zO6UTqvKX2WRfc23 DdF4OE45Y0DeVKgUkIzI3YeMn4WbVC1xLf7HCSYtsxRfwTjVdcj6 =7IdA -----END PGP SIGNATURE-----