Netcom remailers.
-----BEGIN PGP SIGNED MESSAGE----- Lucky me. I got my first complaint about my remailer today, as Eric Hollander told me I would eventually get. He says once a month Mr. Employee bashes Mr. Boss with his remailer 'cause Mr. Employee is too cheap for a stamp, and so he sends Mr. Employee a nasty warning from Mr. Remailer Operator. Me, no logs, yet, even assuming it wasn't just from another remailer. And the person didn't contact me, he contacted Netcom. Gee, maybe the guy made it up. No matter. It was an edu address, possibly a student. So now I get a terse, not too serious message from support@netcom.com mentioning "unsolicited mail" being against Netcom policy, so cut it out. I've blocked that outgoing address and sent the guy an explanation, and he hasn't responded to my asking what was up. I've added "Report Problems to qwerty@netcom.com." in my outgoing header too. But I have a question. I'm the quite type. I tend to ignore things like this, till say Netcom deletes my account, or at least demands an explanation. My question is, should this happen again, say tomorrow, should I tell support@netcom.com what's up? "I'm running an anonymous remailer, you know, like anon.penet.fi, the one that has 10,000 active users. Thus Netcom is now diverting CPU time to anyone who wants it." I wouldn't word it like THAT, but that's what they might truthfully assume. Sure would be nice if I could fully forge e-mail as coming from "nobody@nowhere.org". Alternatively I could just keep logs. Or I could just never log into qwerty again, and see how long it lasts ;-)! Hit and run remailer accounts. Centralized remailers on the internet. Bah! Nik (-=Xenon=-) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLVhO0wSzG6zrQn1RAQEBfwP/YnMjuyphc2O8onhEHT6jH3qyDp0YPzgd JFRrJzZI/ZOCnqtR6+zyjKqDtXCbY4GvR29vAyyXIFmG4kxfMNBRmRr4lwzUxf7G quguvzMRxdOFencHxToxaoXqZ/4/tBI5O472c1hOtdvuHaFTPP+JOLpg18Git5AR e74uFtB7I4U= =eZsb -----END PGP SIGNATURE-----
[Increasingly rant-like towards the end--ed.]
Sure would be nice if I could fully forge e-mail as coming from "nobody@nowhere.org". Alternatively I could just keep logs. Or I could just never log into qwerty again, and see how long it lasts ;-)! Hit and run remailer accounts.
The remailers already partially forge mail by not using the correct "From:" in the header. That's why they contacted netcom mgmt instead of you, because your name didn't appear in the mail. (Well, maybe in the out of band info). The problem is that every time you use the standard SMTP mechanism to get mail into a machine (regardless of where it comes from) 1. a log entry gets made on the receiving machine, and 2. a Received: field gets put in the header which contains the name of the originating machine. So to forge mail you have to first send mail to someone who doesn't log and who doesn't put Received: fields in. The upshot is that if you use Internet mail, you're stuck with this. If you want to send mail to people who only use Internet mail, then you're also stuck. It is certainly possible to use non-standard mail delivery services (they'd have to be written, even if lots of existing code could be moved) but the final leg of delivery to a standard Internet mailer is going to make a logfile entry and put in a Received: field. So you're right back where you started. Tough. That's the way it is. You want an network anonymous at the hardware level, go read some sci-fi. Putting the remailer hack on top of existing delivery mechanisms is more interesting than a custom system, in many ways, because the existing system, experimental as it is, has the capacity to reach far more people than a custom system would. In a wide area system which is not private by default, one way of getting privacy is to get someone else to put their name on it. That's what the remailers do. I call this "proxy privacy". If A sends anonymous mail, B stands in A's place as the technical sender of that mail; B is proxy for A. So whine, whine, somebody complained. The last hop, final delivery, for a remailer system is always going to come from some proxy. To send to arbitrary addresses, there _must_ be a proxy. Perhaps you wouldn't mind sending to other remailers, but just not to general public. And so you want to do good at no risk. "Maybe someone will find out, maybe I'll get in trouble". Sure anarchy is for sale, and you're buying it with the peace of mind from your good works, a semiotic coin purchasing relief of bad feelings, rather than donating your risk and exposure.
Centralized remailers on the internet. Bah!
Can you name any other network that has so much email connectivity than the Internet? Hmm? Compuserve, attmail, mcimail, delphi, aol, prodigy? They all use the internet as their gateway to non-customers. BITNET? UUCP? Fido? As anarchist as Fido is, it's only 20K-25K machine, a fraction of the internet size. Netware mail? Any of the LAN delivery services for PC's or Macs? These people haven't even discovered wide area networking for the most part. Look, Netware bought USL recently. The most successful PC networking company (one of Microsoft's only serious system-level competitors) purchased one of the two major branches of Unix. Can you guess why? Wide area networking. It already works--it _is_ the Internet. Netware is a LAN protocol; your mail won't leave the building. And fat lot of anonymity you're going to get there. Yeah, the internet technology is changing. ATM is coming. And guess what? People are already implementing internet protocols on top of it. The Internet is an idea implemented in software that can run, by design, on most any 2-way communications technology. Resilience by design. And you think the Internet isn't where it's at. Feh. Eric
participants (2)
-
hughes@ah.com -
qwerty@netcom.com