CDR: Re: -C-P- Re: would it be so much to ask..

Riad S. Wahby rsw at MIT.EDU
Tue Sep 19 23:21:49 PDT 2000


Asymmetric <all at biosys.net> wrote:
> As for my being naive as you claim in a second here, who is really being 
> naive here?  You think that just because the remailer doesn't maintain an 
> active database of nym mappings that it's immdiately impossible for it to 
> be reversed?  You implicitly trust anyone who says "here, use my remailer, 
> I guarantee it's anonymous?"  Get with the program.  One fucking line on a 
> console, in a firewall rule, anywhere along the way could fuck you into 
> losing your anonymity, unless the message was sent encrypted to the 
> remailer, and that's just to start with.

You should read up on Type 1 and Type 2 remailers.  Both involve
encryption.  In the case of Type 2 remailers, you only need to trust
one in the chain that you use in order to be sure that your identity
is securely hidden.

> I think that using a forged header is just as reliable as using an 
> anonymous remailer, and just as anonymous if done right.  There is no "port 
> 25" hack involved.  It's as simple as setting whatever email software you 
> use to use X as it's smtp server, and then entering a nonexistant return 
> address somewhere else.  At best, you'll be totally anonymous.  At worst, 
> as is the case with any remailer, some log somewhere could exist that a 
> connection to the server took place from w.x.y.z and may even contain the 
> to and from addresses used.  In general though, sysadmins are very stupid, 
> and seldom go to the trouble of logging this kind of information for 
> successful email messages.. typically only failures are logged.

Wrong again.  By default in versions of sendmail since 4.9, all sent
mails are logged right along with the failures--and this includes the
IP address from which the connection was made to the SMTP server.
Simply setting your SMTP server is not nearly enough.  If 'they' have
the IP address from which the mail was sent, 'they' have you.  As I
said above, please read up on Type 1 and Type 2 remailers before
making such outrageous claims.

> So what is more naive?  To assume the fact so plainly evident in everyones 
> face that the vast majority of sysadmins out there are lazy and stupid and 
> then just pick one at random and do as I suggested

Finding open relays that don't do logging is difficult at best.

> "anonymous remailers" that make an outright claim to be anonymous, but that 
> you have no way of verifying?

As I said above, in the case of the Type 2 remailer, you only have to
trust one server in the chain, and presumably you can find one that
you're likely to trust not to disclose information to the people from
whom you want to hide your identity.  In the case of a US national,
for example, post through a remailer in a country that the US doesn't
like much--there are plenty of those--and you're fine.  That, or trust
that, for example, the MIT LCS remailer is reasonably secure (and it
is--I know the person who runs it), and make sure it's in your chain.

> very good chance at hitting something

Again, I ask you to produce an example of an open relay that you are
reasonably sure does not do logging.

> I made a suggestion.  You people that responded so caustically maybe are 
> tired of hearing the same suggestion over and over again.  I'm tired of 
> getting spam that wastes my time, my bandwidth, space on my mail server, 
> and any other number of various and sundry resources.

So please filter, and don't complain.  Or unsubscribe.  It's the
responsibility of new readers to peruse the archives.  If you had done
so, you would not have angered those who have heard this argument 10^9
times.

> If I "whine" about getting spam... well so be it.  Just know that you all 
> whine about my messages, with far more useless messages, and far less 
> reason to be at all upset.

No.  The people of the list expect that you have gone over the
archives so that what you say is not repetitive and a waste of time
and bandwidth.  If a bit of time and bandwidth spent now can reinforce
the practice of archive reading before you post, then it is well
spent, and is, in the long run, a net savings of both bandwidth and
time.

--
Riad Wahby
rsw at mit.edu
MIT VI-2/A 2002

5105
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 3222 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20000920/3166a921/attachment.sig>


More information about the cypherpunks-legacy mailing list