CNN.com on Remailers
Tim May
tcmay at got.net
Tue Dec 11 19:02:13 PST 2001
This article is so deeply flawed as to be laughable. Part of the article
is quoted below, with my comments/corrections in brackets.
'In 1993, the Finns developed an anonymous e-mail system that stripped
off the identification of an e-mail's sender before forwarding it to the
addressee.
[No, Karl Kleinpaste developed the original software and deployed it in
1991-2. Julf H. took it over and modified it later. Not "the Finns," but
"an American and then a Finn."]
Anon.penet.fi was especially popular among devotees of Usenet
newsgroups, text-based bulletin boards that preceded the World Wide Web.
A major flaw was revealed in 1995, however, when the Church of
Scientology learned of a user who used Anon.penet.fi to post internal
church documents -- and contacted police.
Because the single remailer relied on a database to match the sender's
Internet address with the message, the courts simply ordered Hensingius
to reveal the identity of the sender. He shut down the service in 1996.
"That prompted a bunch of programmers to rethink how they wanted to do
remailers," said Sassaman.
Now, messages are bounced from machine to machine. In order to find the
original sender, authorities would have to work through an entire chain
of remailers, many likely located in different countries.
"
[The "prompted a bunch of programmers to rethink" comment has it all
backwards. Chained remailers were deployed in 1992. The theory was known
from Chaum's 1981 paper, and the flaws in the
Kremvax/Kleinpaste/Julf/Penet type of approach were widely known: this
was why chained remailers, in multiple jurisdictions, were deployed. Hal
Finney wrote the first code for this, building on the Perl/Sendmail
scripts Eric Hughes had already released.]
[I don't expect detailed perfection in journalism, but this article
scrambles the causal order substantially. We _knew_ of the severe
limitations to "trust me"-based mail resenders long before, years
before, the limitations were revealed. And, the reason the
Scientologists were unable to track down the source of the NOTS docs is
that the court order to reveal the author only produced the C2Net
Cypherpunks-style source, which COULD NOT be traced back further!!!!!
This is a slam dunk refutation of the author's chronology above. By the
way, when C2Net decided to get out of the remailing business, they sold
or otherwise transferred the technology to Lance Cottrell. Not to take
anything away from Lance, but let's not let this kind of bad history go
without correction.]
--Tim May
More information about the cypherpunks-legacy
mailing list