-----BEGIN PGP SIGNED MESSAGE----- lefty@apple.com (Lefty) says, lef> >For example, would you object to this: lef> > lef> >an4544@anon.penet.fi = XXXX lef> (etc.) lef> What you have supplied represents an invasion of privacy as well, lef> in my opinion. If you were to explain how you came by this lef> information, _that_ might be worth sharing, but simply presenting lef> a mapping of anonyms to truenyms is not. Gladly. The problem was described in comp.risks, volume 15, number 17, and I'll reproduce it below. Two of the i.d.'s above were posted in alt.test, with unusual signatures which Julf's software was unable to strip; the third person posted his anon i.d. in his .sig, apparently so that people could write him anonymously. These are protocol failures, resulting from an incomplete understanding of the anonymous posting procedure. Note that chop.ucsd.edu is also liable to this abuse, but Matthew Ghio's service is somewhat more resistant. === BEGIN QUOTED ARTICLE === Date: Thu, 21 Oct 1993 01:51:07 UTC From: an32153@anon.penet.fi Subject: Dangers of anonymous remailers Recently, I asked for information on Usenet, but wanted to remain anonymous, so I used an anonymous remailer to post. Most people have seen anonymous postings, and some people have probably replied to them. What many people probably never think about is the following text at the end of every post (that you will see at the end of my post):
Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned.
This means that if Bill replies to my anonymous posting, it will go through the remailer and become anonymized. If Bill has sent an anonymous message before, I will receive mail from him with his (permanent) anonymous id. If he puts in his signature at the end of his mail (which I always do when replying to a stranger), he will be giving me his anonymous id with his "real" id. I can then save this information in a database and cross-reference it with any anonymous postings. In fact, I have been doing just that. I use the "Insidious Big Brother Database" (bbdb) from within emacs, and it automatically inserts email senders into my database, and marks all net-news headers from people in my database. I do this just because I'm curious, not malicious. My database is encrypted, so only I can read it. I could be evil, though. I could post flame-bait in newsgroups like alt.sexual.abuse.recovery, save all the information from people that flame me, and then post the cross-references to alt.rush.limbaugh. Or I could do worse. Be careful to whom you reply. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCcAgUBLcrjsbhnz857T+PFAQGdWAQ3bgmHVNYLCkARHzocOHX3cdzG3K6h4P6/ FmsZspJRAzMLIn3/QBJ7qYcTtD01jT7SClbCqsilCce6rGfkn6ALgyWbU5KSJp1h /Gl4zjJHCPRBWHlh3hh1StSycuJp+VR2gZ6fOYnTEdCvVWkTx6oljPTbJUjnhTPP whAbyDPWXfntD4gf7m4R =HjbX -----END PGP SIGNATURE-----