Date: Sun, 31 Jul 94 14:18:48 GMT From: Jim Dixon <jdd@aiki.demon.co.uk> I got a message from anon.penet.fi this morning: > You have sent a message using the anonymous contact service. > You have been allocated the code name an118709. This is a direct result of the following: Date: Sun, 31 Jul 94 08:32:24 PDT From: Majordomo@toad.com Subject: Majordomo results >>>> who cypherpunks Members of list 'cypherpunks': . . . an111447@anon.penet.fi So, anything that you send to cypherpunks also goes to this loser, who then can associate your two identities. Since your an*@anon.penet.fi address was just allocated, you have not been compromised very badly. It's possible that this person is simply ignorant rather than malicious. Subscribing as na111447@anon.penet.fi would have given the subscription anon.penet.fi-level security without compromising other users of that service. The people with the most exposure are those who use anon.penet.fi but who do not use the X-Anon-Password feature. If you use a password and send a message to cypherpunks, you should get a message from anon.penet.fi saying that you forgot to use your password when you sent the message, but the loser will not get the (un)anonymized version of your cypherpunks message. Of course, there's marginal security even with the password feature as the password is transmitted as plaintext. Rick