Hello. To my knowledge no public listing of known anonymous servers has been compiled. I'd like to start one. This could possibly turn into a FAQ if response is good. I will put in this newbie-type introductory information at the end of this document for review. Please help me improve this by sending constructive/informative feedback, esp. sections flagged with (?). This all is very weak right now but with your help it could become very thorough and valuable. pax.tpa.com.au -------------- The most sophisticated anonymous posting system to my knowledge. Uses public key encryption for traffic in both ways (to/from) the server. No anonymous remailing capabilities yet but dclunie@pax.tpa.com.au, the administrator, says he's considering it. Had a serious bug recently fixed that caused a reassignment of previously allocated anonymous addresses. Located in Australia. anon.post.g@pax.tpa.com.au for anonymous USENET posting where `g' is the group anon.info@pax.tpa.com.au for information anon.subscribe@pax.tpa.com.au to subscribe to the mailing list acs@n7kbt.rain.com ------------------ no info (?). given to me by dclunie@pax.tpa.com.au godiva.nectar.cs.cmu.ed ----------------------- operated by Karl_Kleinpaste@cs.cmu.edu. Mentioned by julf@penet.fi in an introductory information. This person has posted code to alt.sources that implements anonymous server capabilities. (?) anon.penet.fi ------------- operated by julf@penet.fi. Both anonymous posting and remailing capabilities. (?) hh@pmantis.berkeley.edu ----------------------- no info (?). given to me by tcmay@netcom.com Anonymity and Identity on the Internet ====================================== Generally, identity is amorphous and almost nonexistent on the Internet for a variety of reasons. One is the inherent fluidity of "cyberspace" where people emerge and submerge frequently, and absences are not readily noted in the "community". You currently do not really have any great assurance that the messages you get in mail and the messages you see on USENET are from the people they appear to be from, nor do others have of you. Be careful not to be led astray; gullibility is perhaps the greatest crime here, and skepticism the most useful virtue. Neither are there currently good assurances of privacy in your personal email, and cases where it has been compromised are not uncommon. New encryption technologies are slowly gaining acceptance and penetration into systems that make possible digital encryption and authentication that will make the systems more trustworthy. These can also protect your identity and privacy by offering anonymous posting and mailing capabilities. USENET USENET is a worldwide decentralized news distribution system, adhering to Internet standards described in RFC977 (?). MAIL The characters that you are reading are almost certainly encoded in ASCII, the American Standard Code for Information Interchange that maps alphabetic and symbolic characters onto numeric codes and vice versa. Virtually every computer system uses this code, and if not, has ways of converting to and from it. When you write a mail message, it is being sent in ASCII, and since the standard is virtually universal, there is no intrinsic privacy. Anyone with access to hardware involved in forwarding the message can theoretically read it. Internet mail standards, described in RFC (?), are still evolving rapidly and not entirely orderly. For example, standards for mail address `munging' or `parsing' tend to vary slightly between sites and frequently mean the difference between finding addresses and bouncing mail. New standards are calling for uniform introduction of "privacy enhanced mail" (PEM) which uses encryption technologies to ensure privacy. The current internet mailing protocol is slightly anachronistic in that it was created when the system was somewhat obscure and not widespread, with only a fraction of the traffic it now sees. Today about (?) of internet traffic is mail, comprising about (?) messages. (Source: (?)) A person's mailing address is far from an identification of an individual. First, anyone with access to the account, e.g. they know the password, either legitimately or otherwise, can send mail with that address in the From: line. Secondly, as part of current mailing protocol standards, forging the From: line is a fairly trivial operation for many hackers. Much less forgable is the status and path information prepended to messages by intermediate hosts. Note that bounced messages go to postmasters at a given site in their entirety. This means that if you address mail with an incorrect address it has a good chance of being seen by a human other than the recipient. Theoretically people at any site in the chain of sites that forwards a given mail message over the Internet (about a half-dozen (?) on average, depending on the distances) could potentially compromise the privacy of that message and read it. In practice, this appears to be rare or unheard of. Something more common is instances of immature and unscrupulous system operators reading private mail at a local site, such as a university. The requirements and screening for getting a system administration job (and access to *all* information on a system) vary widely between sites and are sometimes frighteningly lax. ANONYMOUS MAILING ----------------- Some people find it useful to send anonymous mail to others. Examples of this include (?). Here the distinction should be made between sort of "hit and run" mail, where the sender does not want to carry on any further communication, and anonymized mail, where the recipient can respond but has no idea of the sender or origination of a message. The servers listed above allow for the latter type of communication. The former type is now largely confined to hackers who find it convenient for scurrilous threats or whatever, but probably has legitimate uses as well (?). Another category is people who want to appear to have regular but not traceable appearances, i.e. the userid and site origination do not obviously flag their mail as anonymous. Unfortunately, no set of standards is in place to handle the procedures for anonymous posting. Typically the approach is to set up an "anonymous server" that, when activated by email to its address, responds by allocating and supplying an "anonymous ID" that is unique to the person requesting it (based on his email address). This will vary for the same person for different machine address email originations. To send anonymous mail, the user sends email directed to the server containing the final destination. The server "anonymizes" the message by stripping of identification information and forwards the message, which appears to originate from the anonymous server only from the corresponding anonymous user id.