baumbach@atmel.com (Peter Baumbach) raise the problem with the anon.penet.fi remailer: he sends email to someone who does not have an ID on the server. They reply, causing the server to automatically allocate them an ID. He now knows their anonymous ID. This can also happen if somebody `accidentally' responds to a message directed to their `cleartext identity' (not sent through the server) anonymously through the server. Since no one else has posted on this yet I will. The short answer is that you can tell them to use your address `na[x]' and their anonymous identity won't be revealed, and if they are using the server they might know that (is it stated in the introduction material? it sure should be). The collective list psyche realized this was a problem in an epiphany about 6 months ago (due credit, I recall it was Deadbeat who brought it to everyone's attention). It was a very lively exchange because J. Helsingius was also involved simultaneously. (In fact, I'd call it one of the few great testaments to cypherpunk prowess.) The problem is rooted in two circumstances: (1) the server was mainly intended for posting to newsgroups at its origination, where the automated anonymizing (J. Helsingius' term: `automated double blinding') makes sense. If someone posts to a newsgroup anonymously, it is harmless and perhaps beneficial for replies to that posting to be automatically anonymized. (2) however, a major use of the server is email-to-email mail, so to speak. in this case the scenario raised by Deadbeat in the past & Baumbach recently reveals the pitfalls in the `feature'. the automated anonymizing feature, implemented with the best of intentions, has come back to haunt J. Helsingius rather rudely--it is perhaps the greatest weakness of the server, other than the corrected `forge-without-passwords' aspect (where someone can forge an email message from: address and possibly determine anonymous-to-identity mappings through trial and error if no passwords are used). J. Helsingius has announced grand visions for the amazing, spectacular, and impending Mark II server that will incorporate full encryption (user keys mappings and a server key), along with a new default in which replies to anonymous email will not be automatically anonymized. Arriving `sometime in the fall'. If anyone wants it sooner, donate a hard drive or something to this great living cypherpatriot, who has personally monitored contributed to the list for suggestions and maintenance over many months span. There are multitudes of treacherous pitfalls to anonymity, far more complex than the mere simplicity of keeping a password secret, and it requires almost superhuman attention, precision, and cleverness to avoid them all. It is like juggling multiple identities. In fact, the studies on multiple personality disorder are very fascinating in this light. Under an anonymous identity, one must respond as if certain knowledge is known and other aspects are *not* known. This reminds me of cases of MPD in which one personality can drive a car, and the other cannot, for example. Analogously, if I revealed in some anonymous message that I knew some secret or private aspect of one of my other identities, `the jig is up'. In fact, it would be very useful to try to enumerate all the various pitfalls of maintaining an anonymous identity. One trick might go like this: carry on a conversation with a person anonymously. Then, suppose one has a pretty good guess of the person's identity. Send the next snippet in the dialogue to the cleartext identity of your suspect. If s/he responds as if nothing was different in the conversation, carrying it on further, using the anonymous ID or even the regular one, you have it nailed. If you get the response `what are you talking about?' the test was inconclusive. This shows the absolute importance of looking to *whom* a message you received was addressed to! was it to *you* or to *you* or to ... Ah--anonymity is such a delicate facade, and it is an apt symbolism on multiple levels when the only difference between silent secrecy and horrifying exposure teeters precariously [as if] on the order of the two typed keystrokes `na'! p.s. I would like to know if there is a way to (1) automatically get traffic statuses from anon.penet.fi, and (2) get a list of supported newsgroups.