Re: Direct Socket to Remailer?
At 7:25 PM 9/1/95, ROBO Mixmaster Remailer wrote:
I've heard of telnetting to port 25 to send SEMI-untraceable e-mail. The procedure, quite frankly, sounds rather complicated.
Most of my mail that I don't want traced goes through the Mixmaster remailer network. I'm using Winsock-compatible software via a PPP connection. Is it possible, for example, to tell my mailer software to use the remailer itself, such as "remail.obscura.com" as the mail host, rather than "mail.myISP.com"? Will it work, at least for sending, without having an account at "obscura.com", or whatever remailer? Would that be less traceable than sending it through my ISP's mail host?
I don't think it would provide much more security, but it might keep you ISP from logging the mail. If you are using mixmaster@remail.obscura.com as your remailer, you are welcome to use it as the mail host for that mail. It is a slow connection so please do not use is as your regular mail host. You should try the telnet port 25 trick. It is amazingly simple (but not secure). Just "telnet some.machine.com 25" and type help. It will guide you through it. It is quite informative. -Lance ---------------------------------------------------------- Lance Cottrell loki@obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ----------------------------------------------------------
On Fri, 1 Sep 1995, Lance Cottrell wrote:
You should try the telnet port 25 trick. It is amazingly simple (but not secure). Just "telnet some.machine.com 25" and type help. It will guide you through it. It is quite informative.
Se sure to test it first, sometimes it records who *really* sent it as well as the "forged" return address. Test it by mailing to yourself and then look at all the headers. ||||||||||||email address: starrd@iia2.org or starrd@cinenet.net||||||||||| | Creator of the original | Get paid to upload | | Patriot's Archives \ shareware to BBSes and | | ftp: iia.org /pub/users/patriot \_____ the Internet! | | ftp: wuarchive.wustl.edu /pub/msdos_uploads/patriot\ Get file: | | For index of available files: descript.ion \ uploader.zip | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAN3FwAAAEEAOgWK9QJo3LIPXC+C/RHE+nmlddXPthC0hgLL7oKg7WPjYgk LrX7j0eUmb5e6t2sm/PkJ1wjk839fqjUmRPLD0mhPX6KsMB0DoecYbCKLrNUY1gP 7DZijj9e7fuPaHqhuY7K5rGjN4po4ZxGhEPQv32IjQLSza9nbU05aMuMG71tAAUR tB9EYXZpZCBXIFN0YXJyIDxzdGFycmRAaWlhMi5vcmc+iQCVAwUQMCnJQEY2REVK Mit9AQG9AAQAps4lKzeQ/OQyXbvxG4b5wWsvHEK/K+1L/tfG0+EmlEsDARaN2pBD cCslIKHjBa8al2BaTSsNjCUSHMgd+IWRp+nw2XJt/lRqpvTN5m7pPNAEQbSgCGwf 9kJ1IDPMokOw9XXAuGAqMQi9HogepNxp7JOdNphcJulHf9XbyCy/sig= =0Tlq -----END PGP PUBLIC KEY BLOCK-----
At 7:25 PM 9/1/95, ROBO Mixmaster Remailer wrote:
I've heard of telnetting to port 25 to send SEMI-untraceable e-mail. The procedure, quite frankly, sounds rather complicated.
You should try the telnet port 25 trick. It is amazingly simple (but not secure). Just "telnet some.machine.com 25" and type help. It will guide you through it. It is quite informative.
-Lance
Before you do it, make sure your ISP doesn't mind you telneting to port 25. VCU's computer dept. doesn't take to kindly to it. They're worried about people sending forged e-mail. (I was tempted to tell the guy when I got caught doing it that they should put a copy of PGP online for folks to use. But I just wanted my account re-instated.)
On Sun, 3 Sep 1995 Cybie@cris.com wrote:
Before you do it, make sure your ISP doesn't mind you telneting to port 25. VCU's computer dept. doesn't take to kindly to it. They're worried about people sending forged e-mail. (I was tempted to tell the guy when I got caught doing it that they should put a copy of PGP online for folks to use. But I just wanted my account re-instated.)
CMU's systems, for instance, are nice enough to explicitly warn you 'Mis-identifying the sender is an abuse of computing resources.' on their machines' port 25. I take this to imply that they don't take kindly to such use of their machines by students or non-students...but what they would do to a non-CMU student is not clear. Come to think of it, would there be legal issues involved in forging e-mail addresses? Can one have a reasonable expectation of identity in ordinary e-mail? Probably not. How about mail authenticated with PGP, RIPEM, Notes, or a similar system? We've seen key certification by VeriSign, among others...and, if we assume a certification structure which requires checking the True Name of the person, then we have a link between the key and the identity. All well and good. If we add key escrow to this certification structure, or require a True Name for *all* keys, then one could have 'identity escrow'...a situation in which pseudonymous keys can be created and distributed with certification that they really belong to a (presumably unique) True Name. In the example of a bank with anonymous officers, their identities might be held by another organization(oversight committee, industry certification authority, etc.), and revealed in the event of an investigation. Doesn't VeriSign already sign 'Personality Certificates'(sorry if not the right term) for pseudonymous IDs? Obviously, setting and enforcing limits on keys per person, should that be desirable, could be difficult. In the simplest case of one verified key and identity per person, an entity who can satisfy the verification process multiple times can be issued multiple keys. If there are a number of independent Certification Authorities, and assuming they don't cross-check, one could get as many keys as there are CAs. Lag time between, say, the Dhahran, Saudi Arabia office of the CA and the rest of the structure might also allow for two or more keys at once. There's probably a dozen different ways to fool a CA or group of CAs. Unfortunately, they're likely to be so difficult, and the penalties severe enough(e.g. permanent revocation of all keys with a particular CA), that few will use them. I wonder if this sort of "feature" is already on tap for a Government Certification Authority in the U.S.. If pseudonymity is offered at all(perhaps as a sort of compromise), it seems reasonable that any State-sponsored CA would insist on identity escrow. The next logical step, of course, would be to subordinate, discredit, or outlaw other CAs, in order to minimize the 'possibility' of 'evil criminals' using the 'national information infrastructure' for 'nefarious acts of impersonation'. Web-of-trust would probably still be legal. It would be absurdity to even attempt to outlaw it, as one would hope the example of PGP has shown. One might as well outlaw gossip. Unfortunately, web-of-trust is rarely as extensive(at least for me) than a full-blown certification hierarchy. It is certainly more work. In effect, the State would reserve to itself the ability to certify keys on a large scale, on its terms. Scary. On the other hand, it could also make for some very interesting situations...such as a pseudonymous identity, accredited by the State, able to participate in elections, enter into binding contracts, and telecommute to work. Again, making sure no one registers and votes twice might be a bit of work. Perhaps down the line, such an identity could run for office. The line 'I'm With Stupid' takes on a whole new meaning... David Molnar P.S. Andrew L : Yes, I'm the same person you knew in Houston! Have you received the mail I sent you? -Haynow
participants (4)
-
bigdaddy@ccnet.com -
Cybie@cris.com -
loki@obscura.com -
starrd@iia2.org