Er... Seems somebody has added an13556@anon.penet.fi to the mailing list, causing every message on the list to go through the server. This results in everyone sending to the list being allocated an anon id! Could you please change the address to be na13556@anon.penet.fi instead, thus avoiding the problem (yes, I've implemented the feature, but I don't want to announce it yet, as there are some implications I want to fix first...). Also a *WARNING*... an13556@anon.penet.fi now knows the anon id of everyone who have not set a password on anon.penet.fi, and have sent messages to the list recently. So if you have been allocated an id as a result of mailing to the list, you probably want to mail me and ask to be deleted from the anon database. Julf (admin@anon.penet.fi)
I have changed the subscription name in the list to the "na" form, so the immediate problem for cypherpunks is fixed. But this problem will persist. Many, if not most, mailing lists are running automated list software and the address given in the subscription request is the address added. Even if the administrator manually changes the entry, the old one can be added right back. Mailing list software could be changed to notice penet anonymous addresses, but don't hold your breath for that to be deployed soon. There are two problems with the current anon@penet design that I see as fundamental. The first, widely discussed and the proximate cause of the above problem, is automatic pseudonym generation. The second is ensured by the first and is subtler: the remailer does not allow multiple pseudonyms per incoming email address. Multiple pseudonyms allow compartmentalization and has two benefits. The first benefit is unlinkability. I have sometimes wanted to argue both sides of an issue, but refrained because that is too confusing for most to follow. (The semiotics of "consistency/ignorability" and "one mind/one opinion" are fascinating and, here, digressing.) I might also wish to argue in two completely different fora and not have these seen as the same person. For every reason you might want a pseudonym in the first place, you might also want a "pseudonym from your pseudonym," especially if you use it a lot. The second benefit of compartmented identities happens when the pseudonym is revealed, either by choice or by chance. There are many situations when a temporary identity might be desired; I leave it to others to list them. With the current single-pseudonym system, one revelation of identity reveals all others. When there is no particular benefit to being seen as the same identity, I would rather have multiple identities for exactly this reason. As far as implementations go, having multiple pseudonyms requires that a separate "request for pseudonym" be added, as well as a way to indicate from which pseudonym (or none of them) mail should be from. I would suggest bouncing mail to "an" style addresses unless a pseudonym has been declared; the bounce message would, of course, contain instructions on how to obtain a pseudonym or use the "na" form. Therefore, I would suggest that a second version of the pseudonymous system at penet do away with automatic generation and support multiple pseudonyms. Eric
For every reason you might want a pseudonym in the first place, you might also want a "pseudonym from your pseudonym," especially if you use it a lot.
A specific example: I am presently running a survey of drug prices, and suggested that respondents might wish to reply through penet. Unfortunately, I realized that I could not respond to these messages without blowing my penet pseudonym. Fortunately, I had never actually used it, so I could safely "blow it". At present, if I need another penet pseudonym, I guess I'll create it through mail games. But IWBNI there were a built-in way to do this -- particularly for those who aren't able to hack mailers, who are the ones who really need a service such a penet in the first place.
Eric
PGP 2 key by finger or e-mail Eli ebrandt@jarthur.claremont.edu
For every reason you might want a pseudonym in the first place, you might also want a "pseudonym from your pseudonym," especially if you use it a lot.
A specific example: I am presently running a survey of drug prices, and suggested that respondents might wish to reply through penet. Unfortunately, I realized that I could not respond to these messages without blowing my penet pseudonym. Fortunately, I had never actually used it, so I could safely "blow it". At present, if I need another penet pseudonym, I guess I'll create it through mail games. But IWBNI there were a built-in way to do this -- particularly for those who aren't able to hack mailers, who are the ones who really need a service such a penet in the first place.
Agree. And I *think* I have come up with a way to handle it "safely". Will do a test implementation RSN. Julf
I would suggest bouncing mail to "an" style addresses unless a pseudonym has been declared; the bounce message would, of course, contain instructions on how to obtain a pseudonym or use the "na" form.
This only works if the From: lines of postings show the "na" form, but this breaks the "historical" expectations of current users.
Therefore, I would suggest that a second version of the pseudonymous system at penet do away with automatic generation and support multiple pseudonyms.
I might even try to do it in the current version. I might have worked out a way that doesn't break too much of the current functionality. Julf
I 'm way behind on my cypherpunks mail.. I just hope this hasn't been recently discussed... How about implimenting an anonymous remailer where the return address is some sort of hash to the original id... maybe based on time or count of messages from that id, or something... Thus, two messages sent from the same person would have "differnt" return addresses... and you would never really keep an anonymous id... it would be constantly changing... but you could always be reached, even at your "previous" addresses... This would beg for some sort of pseudonym option, in case you wanted a stream of your messages to appear to come from the same person (granted with diff addresses). This could even be taken one step further, to include a small portion of your original message in any replies... but thats probably bit too much... :-) crude example: From: <Pseudonym> anonabcdefghijklmnopqrstuvwxyz0123456789@remailer.anon Subject: An idea ^^^^ Some weird has to return address From: <Pseudonym> anonabcdefghijkl0123456789zyxwtsrqponm@remailer.anon Subject: A second idea ^^^^ A new hash for a new mail message Am I just blowing hot air... or is this a worthwhile idea? --- Nick MacDonald | NMD on IRC i6t4@jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger
participants (4)
-
Eli Brandt -
Eric Hughes -
Johan Helsingius -
Nickey MacDonald