ANONYMOUS CONTACT SERVICE

an26436 at anon.penet.fi an26436 at anon.penet.fi
Thu Aug 12 17:18:16 PDT 1993 


At  6:44 PM 8/11/93 -0700, Warren Keith Russell wrote:

>I received a message from System Daemon telling me that I had sent a
>message using the anonymous contact service, allocating a code name, and
>explaining how I can be reached anonymously.
>
>What does this mean?  Sounds great, but I have no idea how I managed to
>send such a message!

Probably means someone sent a message to cypherpunks at toad.com using that
service. The service then allocated an id to cypherpunks at toad.com and sent
it mail. 

At  9:08 AM 8/12/93 -0700, hfinney at shell.portal.com wrote:
>
>A few months ago, someone subscribed to the list through the Penet service,
>and it ended up revealing the Penet aliases of everyone who posted.  Each
>post was delivered to that subscriber marked as being from the Penet alias
>corresponding to the poster.  All it took was a parallel non-Penet subscription
>to break the anonymity provided by Penet.
>
>Has this now happened again?
>
>At the time, there was some discussion about using "an..." versus "na..."
>forms of the Penet aliases, one of which would avoid this revelation.  Has
>that been taken care of?

Now the service requires a password, so we're safe (I hope). Stuff sent by
an  unsuspecting user through the list to penet will cause a bounce at
penet saying something like 'are you new? set your password.' However, the
way Julf set up the password setting/using is not totally secure. There is
an option where you can set no password which an attacker would find
useful. It wouldn't work for a mass disclosure though. The attacker would
have to pick and impersonate each of his targets, and unless the attacker
can intercept his victims' mail they will get stuff from penet giving them
a clue that something's amiss.

I suppose this is a worthy topic for this list: How do you have anonymity
that allows replies and psuedonyms that can't be hacked by impersonation? 

One cheap way would be to not automatically include the poster's pseudonym
in the recipient's copy - have it be totally anonymous like the cypherpunks
remailers. Pseudonyms would be only for replies/return addresses. 

Actually, Julf's solution isn't too bad. Having your password in plain text
on its way to the remailer is insecure, but Julf's remailer doesn't allow
encryption, so you're vulnerable to a truly determined attack anyhow.

Maybe Julf needs to bite the bullet and start using PGP.

>
>Again, I'd like to find out who it is, have them removed, and have my
>new penet id cancelled.  After all, this person now has email from me,
>with my penet id on it, with my name signed at the bottom.  If I
>decide to use the penet remailer in the future, I don't want this
>person to have a binding between my penet id and my real name.
>
>               MArc

If you'd set a password you'd have no problem. If you got a bounce, you're OK.

-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.

More information about the cypherpunks-legacy mailing list