No Subject

Anonymous nowhere at
Mon Feb 22 23:18:19 PST 1993



> As was said, the doubleblind system is a great idea, but incomplete
> if you want to correspond to someone without revealing your anon id.

Well, I don't agree that doubleblind is a great idea.

For example, if at any time, Alice sends pseudonymously to Bob, Bob can
not reply directly: this would expose his identity at
Bob must reply through a remailer.

Note the irony -- Bob must take special steps to protect his pseudonym
because is acting affirmatively to conceal his actual
identity.  If Bob slips up and simply replies, he is exposed.


> (It's interesting that he also sent his message via one of the Cypherpunks
> remailers.  Maybe he thought they worked like the Penet remailer and
> he could break anonymity on those as well.)

Actually, I don't know why my message went through a Cypherpunks
remailer -- I didn't ask it to.  I don't know of any weaknesses in
the Cypherpunks remailers (other than extreme vulnerability to social

> Evidentally there is positive harm that can occur by automatically
> anonymizing all messages which pass through a remailer.  ... For
> anonymous posting and for mail to a non-anonymous address, it's more
> reasonable to assume that anonymization is desired.  ... But when
> sending a message to an anonymous address, it's not known whether the
> sender wants to be anonymized or not.

I think it's imperative that the sender use X-Anon-To to be
pseudonymous.  This is consistent with the principle of least

> It might seem that people should just be careful about what they
> send through Penet, but there are some problems with this.  What do
> you do if you get a message from an5877 at asking for
> advice on cryptography mailing lists?  If you reply, your questioner
> can figure out who the reply is coming from, and sees your Penet
> alias.  There is no way to prevent this from happening currently.

A Cypherpunks remailer can be used to conceal the correspondent's
pseudonymous identity.

> Also, I have seen proposals that anonymous ID's should be made less
> recognizable, so that instead of an5877 at we would have
> joe at  In such a situation it might be tedious to
> scrutinize every email address we send to (via replies, for example)
> to make sure it isn't a remailer where you have an anonymous ID.

It would be a real boon to make pseudonyms less prominent -- this
seems to have kicked over a hornet's nest on USENET (even though
pseudonyms have been quietly in use for years).  But were this the
case, scrutiny would be an understatement.

> All in all, I think some changes need to be made in how anonymous
> addresses are used and implemented in order to provide reasonable
> amounts of security.

I agree that more discussion is in order.  I'm especially concerned 
about the broader issues regarding anonymity through remailers.


Version: 2.1

To find out more about the anon service, send mail to help at
Due to the double-blind system, any replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at
*IMPORTANT server security update*, mail to update at for details.

More information about the cypherpunks-legacy mailing list