CNN.com on Remailers

Tim May tcmay at got.net
Tue Dec 11 19:02:13 PST 2001 

This article is so deeply flawed as to be laughable. Part of the article 
is quoted below, with my comments/corrections in brackets.

'In 1993, the Finns developed an anonymous e-mail system that stripped 
off the identification of an e-mail's sender before forwarding it to the 
addressee.

[No, Karl Kleinpaste developed the original software and deployed it in 
1991-2. Julf H. took it over and modified it later. Not "the Finns," but 
"an American and then a Finn."]

Anon.penet.fi was especially popular among devotees of Usenet 
newsgroups, text-based bulletin boards that preceded the World Wide Web.

A major flaw was revealed in 1995, however, when the Church of 
Scientology learned of a user who used Anon.penet.fi to post internal 
church documents -- and contacted police.

Because the single remailer relied on a database to match the sender's 
Internet address with the message, the courts simply ordered Hensingius 
to reveal the identity of the sender. He shut down the service in 1996.

"That prompted a bunch of programmers to rethink how they wanted to do 
remailers," said Sassaman.

Now, messages are bounced from machine to machine. In order to find the 
original sender, authorities would have to work through an entire chain 
of remailers, many likely located in different countries.
"

[The "prompted a bunch of programmers to rethink" comment has it all 
backwards. Chained remailers were deployed in 1992. The theory was known 
from Chaum's 1981 paper, and the flaws in the 
Kremvax/Kleinpaste/Julf/Penet type of approach were widely known: this 
was why chained remailers, in multiple jurisdictions, were deployed. Hal 
Finney wrote the first code for this, building on the Perl/Sendmail 
scripts Eric Hughes had already released.]

[I don't expect detailed perfection in journalism, but this article 
scrambles the causal order substantially. We _knew_ of the severe 
limitations to "trust me"-based mail resenders long before, years 
before, the limitations were revealed. And, the reason the 
Scientologists were unable to track down the source of the NOTS docs is 
that the court order to reveal the author only produced the C2Net 
Cypherpunks-style source, which COULD NOT be traced back further!!!!! 
This is a slam dunk refutation of the author's chronology above. By the 
way, when C2Net decided to get out of the remailing business, they sold 
or otherwise transferred the technology to Lance Cottrell. Not to take 
anything away from Lance, but let's not let this kind of bad history go 
without correction.]

--Tim May

More information about the cypherpunks-legacy mailing list