Re: Scientologists may subpoena anonymous remailer records
Steve Reid writes:
When a person recieves a message from someone using an anonymous remailer, the return address will usually work, depending on the remailer. The return address is for an address on the remailer, and sending to that address, the remailer will forward the message back to the person who owns that anonymous address.
The problem with that, of course, is that the remailer has to keep a record of who owns each anonymous account, so that it can direct the replies to the anonymous person. These records could be siezed.
This is a very good reason to use one of the "alpha" pseudonym servers. These remailers in turn use other remailers to return the reply to the owner of the alias (crypted, of course). In this way, the server is operating in double-blind mode. However, the scariest thing about this is that the CoS was able to coerce the gov't in a foreign nation to get access to anon remailers. US remailers have always been suspect for just this reason, and I wait with bated breath to see whether or not the subpoena is issued. But if chaning outside the US won't even work, then the remailers aren't going to do a whole lot of good.
BTW, has anyone out there created an anonymous web forwarder? I'm sure there are a lot of people out there who don't like the idea of having their email address in the log files of dozens of web servers... Creating a simple web forwarder wouldn't be hard.
I've heard several people make this statement... Can anyone confirm that it is really possible to log the uid (username) of the person making the http request? I know they can get your ip address, but I'm skeptical of getting the username. me -- Michael Elkins <me@cs.hmc.edu> http://www.cs.hmc.edu/~me PGP key fingerprint = EB B1 68 32 3F B5 54 F9 6C AF 4E 94 5A EB 90 EC
-----BEGIN PGP SIGNED MESSAGE-----
"Michael" == Michael Elkins <me@muddcs.cs.hmc.edu> writes:
Michael> I've heard several people make this statement... Can anyone Michael> confirm that it is really possible to log the uid (username) Michael> of the person making the http request? I know they can get Michael> your ip address, but I'm skeptical of getting the username. There is no general rule, it depends on your system, your system administrator, your browser, .... If you use Unix, there is no way to know who is at the other end of a socket without using either: 1) finger- or rusers-like information, which is only a guess than may easily be defeated; 2) a "identity daemon", which is run on port 113 and may be queried by a host to which a connection is being made. This kind of identity daemon sometimes has an option which makes it look for a file in the user's home directory before answering ; if this file is present, then the user-id won't be disclosed. It is also very time-consuming for a WWW server to make such a TCP connection each time a request is made, it slows down the request a lot. Anyway, the use of a proxy may help you in that the user-id will probably "nobody". You stay anonymous, unless your proxy's manager keeps the logs. The other way to get your identity is... getting cooperation from yourself ! There was a bug in Netscape 2.0 which made it possible to make you send a mail without even realizing it when browsing some pages (using a form with a mailto: action and a piece of JavaScript to submit the form). Other browsers may well send your user-id and/or you real name across the network in a browser-defined header. This must be checked on a browser per browser basis, since each browser is free to add any header it wants. Sam - -- "La cervelle des petits enfants, ca doit avoir comme un petit gout de noisette" Charles Baudelaire -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAgUBMW0Pk4FdzKExeYBpAQGyWAP+LwubZ9+aqzaP7Lq44Lhlztshp0YPslVF yioq8BGlxotMlLEQHdOyVHfjUGnV7U9eUdeT5jWplKmhpEVgYiYlOtHKX8JOLDno X7dhCQG14Q8bQctlS7UQ5EV10sM5CaNN4G+Cx05iSZ8VY+aFScdRlS77EMovMKD4 Y1YC8P41RdY= =l4BE -----END PGP SIGNATURE-----
participants (2)
-
me@muddcs.cs.hmc.edu -
Samuel Tardieu