At 6:44 PM 8/11/93 -0700, Warren Keith Russell wrote:

I received a message from System Daemon telling me that I had sent a message using the anonymous contact service, allocating a code name, and explaining how I can be reached anonymously.

What does this mean? Sounds great, but I have no idea how I managed to send such a message!

Probably means someone sent a message to cypherpunks@toad.com using that service. The service then allocated an id to cypherpunks@toad.com and sent it mail. At 9:08 AM 8/12/93 -0700, hfinney@shell.portal.com wrote:

A few months ago, someone subscribed to the list through the Penet service, and it ended up revealing the Penet aliases of everyone who posted. Each post was delivered to that subscriber marked as being from the Penet alias corresponding to the poster. All it took was a parallel non-Penet subscription to break the anonymity provided by Penet.

Has this now happened again?

At the time, there was some discussion about using "an..." versus "na..." forms of the Penet aliases, one of which would avoid this revelation. Has that been taken care of?

Now the service requires a password, so we're safe (I hope). Stuff sent by an unsuspecting user through the list to penet will cause a bounce at penet saying something like 'are you new? set your password.' However, the way Julf set up the password setting/using is not totally secure. There is an option where you can set no password which an attacker would find useful. It wouldn't work for a mass disclosure though. The attacker would have to pick and impersonate each of his targets, and unless the attacker can intercept his victims' mail they will get stuff from penet giving them a clue that something's amiss. I suppose this is a worthy topic for this list: How do you have anonymity that allows replies and psuedonyms that can't be hacked by impersonation? One cheap way would be to not automatically include the poster's pseudonym in the recipient's copy - have it be totally anonymous like the cypherpunks remailers. Pseudonyms would be only for replies/return addresses. Actually, Julf's solution isn't too bad. Having your password in plain text on its way to the remailer is insecure, but Julf's remailer doesn't allow encryption, so you're vulnerable to a truly determined attack anyhow. Maybe Julf needs to bite the bullet and start using PGP.

Again, I'd like to find out who it is, have them removed, and have my new penet id cancelled. After all, this person now has email from me, with my penet id on it, with my name signed at the bottom. If I decide to use the penet remailer in the future, I don't want this person to have a binding between my penet id and my real name.

MArc

If you'd set a password you'd have no problem. If you got a bounce, you're OK. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi.