http://www.cnn.com/2001/TECH/internet/12/10/anonymous.e.mail.ap/index.html SAN JOSE, California (AP) -- For years, anonymous e-mail has been a choice tool for whistle-blowers, human rights activists and undercover sources looking to protect themselves while imparting vital information. Anonymous online communication could just as easily be used by terrorists to plot attacks or send threats. Yet little has changed since September 11 for users and operators of Internet-based anonymous e-mail servers, which launder messages by deleting identifying information, rendering them virtually untraceable. Now there are indications the servers have increased in number. While no evidence has been released linking such services to any criminal or terrorist conspiracy, experts fear governments could crack down on anonymous remailers -- or at least subject them to greater scrutiny. Law enforcement generally despises technology that leaves such cold trails, said Mark Rasch, former head of the Department of Justice's computer crimes unit and current vice president of cyberlaw at Predictive Systems. So far, U.S. and European authorities battling terrorism and cybercrime have apparently focused their surveillance elsewhere. The FBI and the National Security Agency, which monitors international telecommunications, declined to comment on what strategy, if any, they have for dealing with remailers. "There's a lot more concern about border security and banking records," said Mike Godwin, a policy fellow at the Center for Democracy and Technology. That's just fine with the people who operate remailers. They don't do it for money, but rather share a common ideal of protecting online privacy. Len Sassaman, an e-mail security consultant who runs a remailer as a hobby, thinks any attempts to crack down would lead to more cropping up around the world. [...]
This article is so deeply flawed as to be laughable. Part of the article is quoted below, with my comments/corrections in brackets. 'In 1993, the Finns developed an anonymous e-mail system that stripped off the identification of an e-mail's sender before forwarding it to the addressee. [No, Karl Kleinpaste developed the original software and deployed it in 1991-2. Julf H. took it over and modified it later. Not "the Finns," but "an American and then a Finn."] Anon.penet.fi was especially popular among devotees of Usenet newsgroups, text-based bulletin boards that preceded the World Wide Web. A major flaw was revealed in 1995, however, when the Church of Scientology learned of a user who used Anon.penet.fi to post internal church documents -- and contacted police. Because the single remailer relied on a database to match the sender's Internet address with the message, the courts simply ordered Hensingius to reveal the identity of the sender. He shut down the service in 1996. "That prompted a bunch of programmers to rethink how they wanted to do remailers," said Sassaman. Now, messages are bounced from machine to machine. In order to find the original sender, authorities would have to work through an entire chain of remailers, many likely located in different countries. " [The "prompted a bunch of programmers to rethink" comment has it all backwards. Chained remailers were deployed in 1992. The theory was known from Chaum's 1981 paper, and the flaws in the Kremvax/Kleinpaste/Julf/Penet type of approach were widely known: this was why chained remailers, in multiple jurisdictions, were deployed. Hal Finney wrote the first code for this, building on the Perl/Sendmail scripts Eric Hughes had already released.] [I don't expect detailed perfection in journalism, but this article scrambles the causal order substantially. We _knew_ of the severe limitations to "trust me"-based mail resenders long before, years before, the limitations were revealed. And, the reason the Scientologists were unable to track down the source of the NOTS docs is that the court order to reveal the author only produced the C2Net Cypherpunks-style source, which COULD NOT be traced back further!!!!! This is a slam dunk refutation of the author's chronology above. By the way, when C2Net decided to get out of the remailing business, they sold or otherwise transferred the technology to Lance Cottrell. Not to take anything away from Lance, but let's not let this kind of bad history go without correction.] --Tim May
On Tue, 11 Dec 2001, Tim May wrote:
[The "prompted a bunch of programmers to rethink" comment has it all backwards. Chained remailers were deployed in 1992. The theory was known from Chaum's 1981 paper, and the flaws in the Kremvax/Kleinpaste/Julf/Penet type of approach were widely known: this was why chained remailers, in multiple jurisdictions, were deployed. Hal Finney wrote the first code for this, building on the Perl/Sendmail scripts Eric Hughes had already released.]
The quoted portion is basically accurate (true to what I said), but I was talking about theoretical attacks at that point. I think I said something along the lines of: "The cypherpunks developed a system based on the ideas in Chaum's 1981 paper. Penet-style remailers were potentially vulnerable to hackers and court orders, which in fact ended up being the downfall of anon.penet.fi. These problems prompted them to build better remailers." I had this post up my screen when I was talking to him: http://www.inet-one.com/cypherpunks/dir.1997.05.29-1997.06.04/msg00310.html Penet was *in operation* prior to Eric and Hal's chained remailers, right? If not, then that's my error. --Len.
participants (3)
-
Anonymous via the Cypherpunks Tonga Remailer -
Len Sassaman -
Tim May