I meant only slight malice here: I had intended to "expose" a few email/anon associations to highlight the problem. The problem became apparent to me when I sent pseudonymous mail to a prominent person on this list; his reply exposed his pseudonymous id at anon.penet.fi, surely without his knowledge.
I think this would be fixed by the "X-Anon-Anonymize: no" (or whatever) hack. But for reasons I have outlined in the earlier round of discussions, it can't be the default. Comments?
an5877's message appears to be a trick, designed to collect anonymous/real address pairs. Johan Helsingius should take action against this trickster. Since he is learning other people's real addresses, perhaps it would be appropriate for his own real address to be revealed.
Now that would be a _very_ serious "bug" in the anon.penet.fi remailer (or, more accurately, in its administration); I am confident Johan Helsingius will reject this suggestion.
Definitely. I might block someone from using the server, but never (ok, "never say never") expose somebody.
But, this does point out that these systems which automatically assign anonymous addrsses have several security flaws. Johan has already had to introduce a "password" feature to make it more difficult to send fakemail that appears to be from a particular email address through the server, thus revealing the corresponding anonymous address when it is delivered.
I think that merely masks the real problem.
It fixes *one* problem. I really appreciate suggestions for other solutions.
These are serious problems. We need some discussion of how to avoid these simple tricks for defeating the anonymity while still having an easy-to-use system.
Any ideas? For starters, I think the default behavior of anon.penet.fi is badly broken.
There has been a lot of discussion about this, and I'm afraid it's too late to change the *default* behavior now...
But a more serious problem with anon.penet.fi and the other remailers I am aware of is the necessity that we pseudonymous clients have to rely on the integrity of their administrators to keep our pseudonyms private. In the face of social pressure, such as Xavier's, that may be asking a lot.
True. And that's why PGP-based stuff & remailer chains is the way to go for "hard" anonymity. But for posting to general newsgroups, we also need a system with working return paths. This doesn't seem possible with current remailer chain systems. Julf (admin@anon.penet.fi) P.S. In case I forgot to announce it, as you could see from the message I'm replying to, PGP stuff doesn't get stripped at anon.penet.fi anymore.....