Re: Announce: "secret-admirers" mail list
It's cute, but it won't wash. The problem is that a list like this doesn't provide any Obscurity to its users unless there are a large number of subscribers. One reader out of a thousand is slightly Obscure. One reader out of three just isn't. Adding large numbers of posters to the list doesn't help, though you could use it as a dead drop for those NYTimes subscriptions and egroups subscriptions if you wanted. A gateway from alt.anonymous.messages might be fun anyway. Back when people read Usenet on their own machines, instead of getting it from an ISP via NNTP clients, Usenet groups gave readers Pretty Good Obscurity. That might still be the case at universities or companies that maintain their own news feeds, but there aren't a lot any more, especially since a full newsfeed takes multiple T1s full-time. At 08:39 AM 12/13/00 -0500, BMM wrote:
I would like to announce the "secret-admirers" mail list.
The "secret-admirers" list is intended to function in a manner similar to the well-known Usenet newsgroup "alt.anonymous.messages". This newsgroup serves as a dead drop for communications in which the recipient wishes to remain unknown.
While access to a Usenet news server is unavailable in many environments, the ubiquity and flexibility of e-mail may be advantageous for the following reasons:
- Penetration: More people having access to (pseudo|ano)nymizing tools is generally a good thing. - Pool Size: Higher utilization of the message pool may frustrate traffic analysis. The list may be gatewayed back into alt.anonymous.messages or vice versa. CDR-like nodes for redistribution may be established to reduce load on individual nodes. - Filtering: E-mail filtering tools are widely available, allowing recipients to draw only pertinent messages from the pool by filtering on tokens which have been negotiated out-of-band or by the public key to which a message has been encrypted.
The mail list is unmoderated and accepts messages from any submitter. Submissions may be sent to "secret-admirers@minder.net" or "sa@minder.net".
TO SUBSCRIBE to the list, send a message with "subscribe secret-admirers" in the body to majordomo@minder.net. The more subscribers, the better, even if procmail just sends it to /dev/null.
TO UNSUBSCRIBE from the list, send a message with "unsubscribe secret-admirers" to majordomo@minder.net.
A digest of this list is available. This list is not currently archived.
Thanks,
-Brian
-- bmm@minder.net 1024/8C7C4DE9
Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
The list is gatewayed from/to alt.anonymous.messages, which provides a bit more cover. I agree that it would be more useful as an extension of a.a.m than standalone. Thanks, -Brian On Wed, 13 Dec 2000, Bill Stewart wrote:
It's cute, but it won't wash. The problem is that a list like this doesn't provide any Obscurity to its users unless there are a large number of subscribers. One reader out of a thousand is slightly Obscure. One reader out of three just isn't. Adding large numbers of posters to the list doesn't help, though you could use it as a dead drop for those NYTimes subscriptions and egroups subscriptions if you wanted.
A gateway from alt.anonymous.messages might be fun anyway. Back when people read Usenet on their own machines, instead of getting it from an ISP via NNTP clients, Usenet groups gave readers Pretty Good Obscurity. That might still be the case at universities or companies that maintain their own news feeds, but there aren't a lot any more, especially since a full newsfeed takes multiple T1s full-time.
Regarding anonymous Usenet reading (vs. posting), what kind of logging do most nntpd's perform ? I've never had the opportunity to setup nntp daemon softwarez so I have nada idea as to the level of default logging that they perform by default, or how they can be tweaked further. Is it possible to log HEAD and BODY requests for individual articles in individual newsgroups along with a userid on the clients end ? Worse, can the ip address of the client newsreader software be logged along with its individual nntp commands ? What I'm thinking about is that there might be a massive potential for piercing a users anonymity through the examination of such logs, but since I don't know what kind of logging the major news server packages perform by default I don't know how much of a threat this type of scenario would be. Any news gurus out there ? Forgive me for the amateurish sound of this message, I think that these issues are sort of germane the larger set of anonymity issues associated with usenet.
On Sat, Dec 16, 2000 at 12:26:45PM -0500, madmullah wrote:
Regarding anonymous Usenet reading (vs. posting), what kind of logging do most nntpd's perform ?
I've never had the opportunity to setup nntp daemon softwarez so I have nada idea as to the level of default logging that they perform by default, or how they can be tweaked further.
By default they perform all the default logging....
Is it possible to log HEAD and BODY requests for individual articles in individual newsgroups along with a userid on the clients end ? Worse, can the ip address of the client newsreader software be logged along with its individual nntp commands ?
Yes, it can be. I used to have a script which parsed nntpd logs to watch an individual's browsing (individual host that is). With access to the dialup/radius database, the ISP could match the IP to the account and thus to the real name. The same info can be obtained for email on an ISP via POP/IMAP logging combined with the sendmail logs (and looking at the emails in the queue to get the content). Fortunately most ISPs don't have the time to do this just for fun, unfortunately a lot of them would do it if requested to do so by police. Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5
-- At 11:24 AM 12/16/2000 -0800, Eric Murray wrote:
Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading.
My newsreader, like most people's newsreaders, automatically downloads those newsgroups I am interested in full, in the background. Therefore there is no way anyone can no which particular message of "alt.anonymous.messages" I have read. Alt.anonymous.messages is completely effective. It does not provide mere obscurity, but rather supplies true security. To determine who I am communicating with, and what I was saying, the adversary would need to compromise my firewalled computer. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG /HoDeqkrstPjC1zLMA8ggxmk0U1w1LZHGpo0tSFB 4iW+dQFuOF/JostNZWllHlMlU7zV8knH3Xv+7VKOz
On Sat, Dec 16, 2000 at 04:00:38PM -0800, James A. Donald wrote:
-- At 11:24 AM 12/16/2000 -0800, Eric Murray wrote:
Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading.
My newsreader, like most people's newsreaders, automatically downloads those newsgroups I am interested in full, in the background. Therefore there is no way anyone can no which particular message of "alt.anonymous.messages" I have read.
Interesting. I didn't know that newsreaders did that. None of my newsreaders do, but then I use rn or trn and not the newsreaders built into browsers, which I assume is what you mean by "most people's". Yes, if you always download all of a.a.m then there's no way to do traffic analysis unless your opponent can control your news feed and selectively delete or modify messages in the newspool, and that's a lot more work than looking at the download logs.
Alt.anonymous.messages is completely effective.
Not completely- it wouldn't work for people with newsreaders like trn which don't always grab everything from the subscribed newsfroups. Simple to fix, but something to be aware of. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5
On Sat, Dec 16, 2000 at 04:00:38PM -0800, James A. Donald wrote:
-- At 11:24 AM 12/16/2000 -0800, Eric Murray wrote:
Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading.
My newsreader, like most people's newsreaders, automatically downloads those newsgroups I am interested in full, in the background. Therefore there is no way anyone can no which particular message of "alt.anonymous.messages" I have read.
Interesting. I didn't know that newsreaders did that. None of my newsreaders do, but then I use rn or trn and not the newsreaders built into browsers, which I assume is what you mean by "most people's".
I believe that most download all of the headers, and then only download the articles one is interested in--at least the "Online" newsreaders do it this way.
Not completely- it wouldn't work for people with newsreaders like trn which don't always grab everything from the subscribed newsfroups. Simple to fix, but something to be aware of.
Trn (and IIRC slrn) can be configured to read from the local spool. If one is using Linux, there is also leafnode, a "small site" news server that gets it's feed via NNRP (the news reader protocol) as opposed to NNTP. It is fairly trivial to set up, and can be cron'd to grab all the articles in a newsgroup at regular intervals, and expire the messages from disk in short order. -- A quote from Petro's Archives: ********************************************** "Despite almost every experience I've ever had with federal authority, I keep imagining its competence." John Perry Barlow
-- At 02:24 AM 12/17/2000 -0800, petro wrote:
I believe that most download all of the headers, and then only download the articles one is interested in--at least the "Online" newsreaders do it this way.
That is the default, but the settings can be changed for one newsgroup, or all of them. You should do this for the newsgroups you are particularly interested in, for the sake of convenience, and for those newsgroups were logging could cause you embarrassment. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG V67BeHiP9lyUN6mI1ELFbcXfLdJgZSp3avO3hKe7 4Z8a2Cx+RNvdnJr00fMpkATXo11egKTl8xShvSjD/
-- At 04:20 PM 12/16/2000 -0800, Eric Murray wrote: On Sat, Dec 16, 2000 at 04:00:38PM -0800, James A. Donald wrote: At 11:24 AM 12/16/2000 -0800, Eric Murray wrote:
Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading.
James A. Donald:
My newsreader, like most people's newsreaders, automatically downloads those newsgroups I am interested in full, in the background. Therefore there is no way anyone can know which particular message of "alt.anonymous.messages" I have read.
At 04:20 PM 12/16/2000 -0800, Eric Murray wrote:
Interesting. I didn't know that newsreaders did that.
I use Agent. If you do not use such a newsreader, you should probably use the "secret-admirers" list, to ensure that no one can tell which particular message you care about. If, however, you use a newsreader like Agent to download all of alt.anonymous.messages, as I do, you get the same security, and greater obscurity. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG D4D8Ck83IFj+/qa3eqIHud9NAAUPg5/K0N6dWb1O 4+p5eC9ANt2j9BVvAyA+VHgEr+sl7n0EiST9AFodH
At 11:24 AM 12/16/2000 -0800, Eric Murray wrote:
Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading.
Sorry to entering this thread so late but I had to bite on these comments. I have been in and out of the ISP business for the last 5 years. In my last real job I was responsible for a tech support team. Tech support personnel in ISPs are typically an entry level position with only slightly better starting wages. I couldn't get most of the techs to read what I wanted them to read and I would be surprised if any of them did any snooping. You spend most of the time on the phone with 12 O'clock flashers, people who live with every appliance in their house flashing 12:00. A lot of calls are from Outlook Express users who receive a 2 MB graphics file and are pissed off when they can't download it in 30 seconds with their 33.6 kbps modem. Outlook Express doesn't give you any progress indication. They call and want you to read their mail to them over the phone. A few calls like this you just don't ever want to look at anyone's mail any more. News servers don't tend to keep logs, you look at a newsgroup and there are 3000 messages in the group, that would be 3000 lines in a log file. We would turn that one off real fast. Mailservers...?? Ever looked at a "messages" log on a Sendmail server? Even with GREP there ain't no way to get useful information there. The log files are probably on a 5-week rotation so after 5 weeks their gone. Dialup access logs tend to be kept so we can pursue the hackin bastards plus some ISPs use them for billing. Sorry, no love lost for hackers after you have called a few and attempted to talk to them. Everyone is in denial, " I didn't do that". Web access logs are usually kept for a while but without a stats package they are mostly gibberish. I would bet most hosting companies don't keep logs unless the customer pays extra for a stats package. I wouldn't worry about most ISP invading your privacy. Most of them are too busy getting calls from 12:00 O'clock flashers and, my personal favourite, the caller who blamed us for uploading porn onto their computer. Raymond D. Mereniuk Raymond@fbn.bc.ca History of a Telco, A Fairy Tale http://www.fbn.bc.ca/telcohis.html
On Tue, Dec 19, 2000 at 12:39:58AM -0800, Raymond D. Mereniuk wrote:
At 11:24 AM 12/16/2000 -0800, Eric Murray wrote:
Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading.
Sorry to entering this thread so late but I had to bite on these comments. I have been in and out of the ISP business for the last 5 years. In my last real job I was responsible for a tech support team.
[..]
I wouldn't worry about most ISP invading your privacy. Most of them are too busy getting calls from 12:00 O'clock flashers and, my personal favourite, the caller who blamed us for uploading porn onto their computer.
You missed the begining of this thread. The threat isn't from the ISP personnel, who like you say are too busy to spy. It's from law enforcement who get access (through subpoenas or simply asking for it) to the logs that the ISP's been keeping. They could then do traffic analysis on your a.a.m reading. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5
Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading.
Sorry to entering this thread so late but I had to bite on these comments. I have been in and out of the ISP business for the last 5 years. In my last real job I was responsible for a tech support team. Tech support personnel in ISPs are typically an entry level position with only slightly better starting wages. I couldn't get most of the techs to read what I wanted them to read and I would be surprised if any of them did any snooping.
I fired 2 of my original 8 staff members for browsing the mailbox of users. I Know several people who work in both the Big national ISP and the small mom and pop ISP at a tech level, to a CEO level. I KNOW that, security notwithstanding, email browsing across the server isn't that uncommon of an occurrence. Ian Briggs
At 04:00 PM 12/16/00 -0800, James A. Donald wrote:
My newsreader, like most people's newsreaders, automatically downloads those newsgroups I am interested in full, in the background. Therefore there is no way anyone can no which particular message of "alt.anonymous.messages" I have read.
Agent or Free Agent can be set to do this, and it may make sense for newsgroups where articles are short, but I certainly wouldn't run in that mode for a newsgroup that had large postings that I didn't want all of. The binary program newsgroups are a good example of this - article bodies are often 64 times as large as the headers, if they stick to 64KB, or much larger if they don't, unlike text oriented groups where they may be 4 times as large, so downloading the entire contents on modems is really slow.
Alt.anonymous.messages is completely effective. It does not provide mere obscurity, but rather supplies true security. To determine who I am communicating with, and what I was saying, the adversary would need to compromise my firewalled computer.
The adversary might have a good idea who's actively downloading the group from a number of major isps. That doesn't mean they'll know who's reading it from random-isp.ru or direct off the spool at random.edu.au, but if they really care, they can get a good idea how many people are reading the group, even if they don't know which articles you read. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
-- At 04:00 PM 12/16/00 -0800, James A. Donald wrote:
Alt.anonymous.messages is completely effective. It does not provide mere obscurity, but rather supplies true security. To determine who I am communicating with, and what I was saying, the adversary would need to compromise my firewalled computer.
At 10:48 PM 12/17/2000 -0800, Bill Stewart wrote:
The adversary might have a good idea who's actively downloading the group from a number of major isps. That doesn't mean they'll know who's reading it from random-isp.ru or direct off the spool at random.edu.au, but if they really care, they can get a good idea how many people are reading the group, even if they don't know which articles you read.
The main thing they will discover is that a lot of people are reading and posting. This makes the information that one particular person is posting and reading not very useful. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG QwmsBPfy58qWPZWmR4qXZSs3cPuVXmkgnE//bq80 4QqXBGe1FmmaA+VkDuH4uyezo0M1bqUp5F44ZJM2U
On Sat, 16 Dec 2000, madmullah wrote:
Regarding anonymous Usenet reading (vs. posting), what kind of logging do most nntpd's perform ?
Servers probably by default log whetever authentication is required to access them, ie. an IP address where there's an ACL by IP or a username where a USERAUTH is required.
I've never had the opportunity to setup nntp daemon softwarez so I have nada idea as to the level of default logging that they perform by default, or how they can be tweaked further.
The News administrator may log as much or as little as he chooses. This is why others have suggested one read read news from a server or one has control over. A caching proxy configured correctly would be the next best thing.
Is it possible to log HEAD and BODY requests for individual articles in individual newsgroups along with a userid on the clients end ? Worse, can the ip address of the client newsreader software be logged along with its individual nntp commands ?
What I'm thinking about is that there might be a massive potential for piercing a users anonymity through the examination of such logs, but since I don't know what kind of logging the major news server packages perform by default I don't know how much of a threat this type of scenario would be.
Managing a news feed is neat experience to have done once, but I don't think I'd want to make a career out of it. Popular server packages go a long way toward reducing the administrative burden, including allowing the administrator to tweak logging up or down as he deems appropriate.
Any news gurus out there ? Forgive me for the amateurish sound of this message, I think that these issues are sort of germane the larger set of anonymity issues associated with usenet.
Thanks, -Brian
On Sat, Dec 16, 2000 at 05:17:31PM -0500, BMM wrote:
On Sat, 16 Dec 2000, madmullah wrote:
Regarding anonymous Usenet reading (vs. posting), what kind of logging do most nntpd's perform ?
Managing a news feed is neat experience to have done once, but I don't think I'd want to make a career out of it.
Any news gurus out there ? Forgive me for the amateurish sound of this message, I think that these issues are sort of germane the larger set of anonymity issues associated with usenet.
Many many years ago, before the net became the ubiquitous popular medium it mutated into in the mid 90's, I ran USENET as a part time hobby for the various companies I worked for in that era. And yes I found out one could learn quite a bit more than one wanted to know from the logs I routinely kept. Was eye opening indeed to discover who in the office read particular niche interest groups and who posted to what... I don't know what a modern ISP typically keeps as far as logs, but I do know the available packages allow quite detailed logging. I think one can obviously assume that any postings are completely logged, and in such a manner as to make it trivial to retrieve all those from one user (but this is possible anyway via Deja). Logs of specific articles or newsgroups read are readily possible, but unlikely to be routinely kept unless someone is nosey and looking for dirt. A request for articles from an unusual newsgroup might trigger a detectable log entry, since some USENET spools only spool groups that people using them read...
Thanks,
-Brian
-- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
At 11:25 PM 12/13/00 -0800, Bill Stewart wrote:
A gateway from alt.anonymous.messages might be fun anyway. Back when people read Usenet on their own machines, instead of getting it from an ISP via NNTP clients, Usenet groups gave readers Pretty Good Obscurity. That might still be the case at universities or companies that maintain their own news feeds, but there aren't a lot any more, especially since a full newsfeed takes multiple T1s full-time.
Ahh, but one can remain anonymous in reading the Usenet feed if one subscribes to one of the satellite broadcast services (often used by ISPs in developing nations where bandwidth is expensive). steve
participants (10)
-
Bill Stewart -
BMM -
Dave Emery -
Eric Murray -
James A. Donald -
madmullah -
Nomen Nescio -
petro -
Raymond D. Mereniuk -
Steve Schear