To: cypherpunks@toad.com H>A few months ago, someone subscribed to H>the list through the Penet service, H>and it ended up revealing the Penet H>aliases of everyone who posted. Each H>post was delivered to that subscriber H>marked as being from the Penet alias H>corresponding to the poster. All it took H>was a parallel non-Penet subscription H>to break the anonymity provided by Penet. H> H>Has this now happened again? Funny you should mention this. Maybe someone else just subscribed via penet since my morning post to cypherpunks was bounced back to *me* from penet (as well as being posted normally). The bounce was caused because penet was reading the originating address as *my* address (not cypherpunks) and since I have been using a penet password and my message did not contain the password, it was not forwarded. I have noticed that some postings show up here from cypherpunks and some from the address of the original poster. I suppose different mailing situations cause different results. Maybe all penet users on the list should activate passwords on penet.fi. Penet may search back along the chain of addresses for any familiar address to check against it's list of password-enabled addresses. Duncan Frissell H> H>At the time, there was some discussion H>about using "an..." versus "na..." H>forms of the Penet aliases, one of which H>would avoid this revelation. Has H>that been taken care of? H> H>Hal Finney H>hfinney@shell.portal.com H> H> --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy