Date: Sun, 31 Jul 94 14:18:48 GMT From: Jim Dixon <jdd@aiki.demon.co.uk> I got a message from anon.penet.fi this morning: > You have sent a message using the anonymous contact service. > You have been allocated the code name an118709. This is a direct result of the following: Date: Sun, 31 Jul 94 08:32:24 PDT From: Majordomo@toad.com Subject: Majordomo results >>>> who cypherpunks Members of list 'cypherpunks': . . . an111447@anon.penet.fi So, anything that you send to cypherpunks also goes to this loser, who then can associate your two identities. Since your an*@anon.penet.fi address was just allocated, you have not been compromised very badly. It's possible that this person is simply ignorant rather than malicious. Subscribing as na111447@anon.penet.fi would have given the subscription anon.penet.fi-level security without compromising other users of that service. The people with the most exposure are those who use anon.penet.fi but who do not use the X-Anon-Password feature. If you use a password and send a message to cypherpunks, you should get a message from anon.penet.fi saying that you forgot to use your password when you sent the message, but the loser will not get the (un)anonymized version of your cypherpunks message. Of course, there's marginal security even with the password feature as the password is transmitted as plaintext. Rick

| I got a message from anon.penet.fi this morning: | | > You have sent a message using the anonymous contact service. ... | I have never sent any messages using the remailer. So whoever | is fiddling with the remailer is still doing it. Is it a coincidence | that I posted to this list for the first time a few days ago? No coincidence. For those that haven't figured it out yet, some less than clueful individual has subscribed a penet pseudonymous id to cypherpunks. Again. Then again, maybe it _was_ an intentional try at 'out'ing posters to cypherpunks. The perp will receive each post twice, once with the 'real' header via their normal subscription, and once with the 'anonymized' header via their penet subscription. When a message from a mailing list arrives at penet, addressed to a 'nym, penet anonymizes it and assigns a new 'nym for the address in the From: line. To me, this is obviously stupid when mailing lists are involved, causing automatic 'out'ing of folks who didn't know they were sending to a pseudonymous account. Might it be better for penet to fix the problem by more intelligent parsing on their end (using the Sender: line too?), rather than forcing the rest of the world to patch around their little security bug? Such patches include not attaching signatures and real names to any mailing list posts, making sure all your accounts have penet ids protected by passwords, not signing posts using PGP or RIPEM, and sending to lists only via anonymous remailers. A whole lot of bother for little gain... Basically, this penet problem makes Julf's service less than useless to anyone who wants their pseudonymous address to remain private.