qwerty-remailer@netcom.com writes:
Perry wrote, "However, make no mistake that Netcom can and will cooperate with the police if you use your remailer in a way that the government doesn't like, so it seems that the security afforded isn't that good."
So you aren't interested unless you can commit serious felony crimes using a given remailer? I would be happy if criminals stayed away from my remailer. What do you mean by "security"? And if the police find out a personally owned machine was involved, I couldn't imagine them not just swooping in at midnight and taking it away at gunpoint. I hope those privately owned machines don't have logs ;-). In my mind, the whole secret to gaining privacy is not attracting attention in the first place. Using a remailer DOES allow a person to communicate anonymously with someone else, in two directions. If a party has enough power to tap Netcom, then sendmail logs or no sendmail logs, they will find you.
It seems that most (if not all) of netcom's unix machines are SunOS based. If that is the case, by installing NIT in the kernel, one would be able to grab all of the packets that flow across that ethernet (192.100.81) This includes your remailer mail. The "cost" to set this up would be the risk of being caught and the time and trouble to come up with root on one of their sun machines. Aside from the obvious legal risks, there are ethical considerations to keep in mind. While I personally would not attempt such a thing, there are many out there who feel otherwise. I won't hack into mail.netcom.com to demonstrate that it is possible to figure out who used your remailer. But, if one of the admins from netcom wants to send me their syslogs, I'll do my best to put together a correlation.
and, "Besides, $20 is a paltry sum for the amount of work involved."
Think of it as a trophy, which I'm sure most understood. I'm not offering you a job.
Yes, but the trophy is hardly worth the effort. Even though it wouldn't cost $50,000 in terms of actual equipment or time, it might well take such a sum to cause Perry to take the risk of being caught. Unless the netcom folks are real slouches, I would think that they would notice that their kernel had been re-compiled and the machine rebooted. Good luck not being detected... Of course, there is always the off chance that they already have NIT compiled into the kernel... Jon Boone | PSC Networking | boone@psc.edu | (412) 268-6959 PGP Public Key fingerprint = 23 59 EC 91 47 A6 E3 92 9E A8 96 6A D9 27 C9 6C