In a challenging article posted 12:33 PM 9/1/96 -0500, ichudov@algebra.com (Igor Chudov) wrote:

Yes, subject says it all. anon.penet.fi was a whole lot worse than cypherpunks remailers. It provided clueless users with no real security, because it stored return addresses and did not use chaining and encryption.

From what I know of remailer history, the main original goal of the cypherpunks-style remailer was to provide security against traffic analysis by eavesdroppers, rather than to

There are different reasons people use remailers, different amounts of security they need, and different levels of security that the remailers can provide. Anon.penet.fi was a Good Thing. It got a few hundred thousand people thinking about remailers, and why they want them, and thinking they were good tools. It helped the public learn that anonymity is useful for real people, and helped the public learn that they can't always believe an email message is from the "person" on the From: line, and that email and news postings aren't always authentic just because they come out of a computer :-) One way to provide privacy is through heavy mathematics; for some people, and some threats, you need that. Another way to provide privacy is through a trusted operator who's willing to put up with a lot of crap to provide the service. For many people, that's enough - not for people worried about eavesdroppers and overthrowing governments, but enough for people talking about their attitudes toward work and sex and drugs who don't want their email traced by their employers, nosy neighbors, or local vice cops. And part of this security is the willingness to close down a popular service when it's security is threatened. One feature that's really needed for many remailer applications is reply addresses. Doing that securely with cypherpunks-style remailers is hard; doing it securely with trusted-sysop remailers is much easier, and even then there were occasional bugs, and plain surprises. In general, anything that knows the return path is vulnerable; if the person sending the reply knows the destination address, which doesn't apply to many of the applications, the remailer system in between can be secure, but otherwise you're not "truly secure" - only "pretty good". Knowing what the users really want to do helps you do it more securely. prevent the recipient from knowing the sender's address, though everybody pretty quickly realized that the latter was an interesting feature, especially coupled with posting to Usenet. Learning the differences between what people will really do with 2-way remailers as opposed to 1-way remailers can be done better with an easy-to-use 2-way remailer like penet.fi which can get 500,000 (possibly duplicated) users than with moderately complicated systems like alpha.c2.org or the really complicated things that may be needed to get better security.

Maybe closing of anon.penet.fi will spur real interest from the unwashed alt.sex.* masses to the truly secure remailers. Who knows; maybe the most effective way to fund "truly secure" (bwah-hah-ha) remailers will turn out to be to carry phone sex advertising :-) Or maybe somebody will build a decent digicash interface to a remailer, which will help get digicash going now that everybody who uses remailers will be looking for a new home.

# Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # <A HREF="http://idiom.com/~wcs"> Reassign Authority!