Tim's message brings up a point I've been wanting to mention. The prototype remailer software keeps log files of all messages passed through it. There are different reasons why people running the software might wish to have these logs. One purpose is for debugging; the remailers don't produce much in the way of error messages and the log files can be useful for tracking down errors. A few weeks ago, for example, one user was having difficulty sending messages through my remailer, and he posted here about it. I was able to confirm that his messages had come in and been sent out. However, another possible reason is for the case of abusive messages. I had one message go through that appeared to be directed towards the sender's boss, and was rather unfriendly in tone. The remailers give the outgoing messages the superficial appearance of having come from me. This message wasn't that bad, but there's nothing to stop someone from sending a really vicious, racially or sexually harrassing message, and I am very concerned that I could get in trouble for that. What I've generally done is to delete the log files every few days, usually after a quick perusal to see if there are any messages which the recipient might object to. Sometimes if I see a message which is of an illegal format so that it didn't get sent, (like forgetting the ":" in "Request-Remailing-To:") I'll send a message to the sender telling him what he did wrong. I feel that people who run remailers should set their own policies as far as the confidentiality of the messages they forward. Running a remailer can be somewhat risky in the current climate and the operators can legitimately seek whatever level of protection they are comfortable with. However, I think it would be good if the users of the remailers could get some information about what the privacy policies are. Maybe some remailers will simply not keep logs; maybe others will keep logs but not look at them unless a specific circumstance arises, and so on. Eric Hollander has been creating a list of remailers; perhaps he could solicit this kind of information from the operators and publish it along with the remailer addresses and keys. Hal 74076.1041@compuserve.com Distribution: CYPHERPUNKS >INTERNET:CYPHERPUNKS@TOAD.COM
Eric Hollander has been creating a list of remailers; perhaps he could solicit this kind of information from the operators and publish it along with the remailer addresses and keys.
(Hey, everybody send your remailer information in!) I have been deleting the logs every so often, unread since I debugged the remailer. If someone asks me if their message made it, I'll look at them. If someone gives me evidence of blackmail or the like, I'll look at them. Otherwise, to the bit bucket they go. As usual, you should encrypt your message if you want it to be secure. This is a multi-user system. Furthermore, I may read the remail logs from time to time as I tweak the software. (eg add PGP, if I can fix the "keygen error"...) It may be worth pointing out that this gives me a plausible reason to stonewall if someone comes asking about something *I* sent through my remailer.
Hal
Eli ebrandt@jarthur.claremont.edu
Since it is possible to archive, I think we should all operate under the assumption that archiving is being done. And if we are operating under that assumption, there is nothing wrong with archiving. This is why multiple, encrypted, and possibly overseases boucnes are so important. The security of remailing doesn't depend on trusting the operators. It relies on there being at least one operator who won't reveal show his logs. If one of your bounces happens to be through your own remailer, you can gaurantee this. e
participants (3)
-
Eli Brandt
-
Eric Hollander
-
Hal