From: abacard@crl.com (Andre Bacard) Newsgroups: alt.privacy.anon-server Subject: Anonymous Remailer FAQ Date: 15 Jun 1995 11:08:30 -0700 Organization: CRL Dialup Internet Access (415) 705-6060 [Login: guest] Lines: 239 Message-ID: <3rpsuu$jft@crl5.crl.com> NNTP-Posting-Host: crl5.crl.com X-Newsreader: TIN [version 1.2 PL2] *** Frequently Asked Questions About Anonymous Remailers *** by Andre Bacard, Author of "Computer Privacy Handbook" [FAQ Version June 13, 1995] ============================================================ This article offers a nontechnical overview of anonymous remailers to help you decide whether to use these computer services to enhance your privacy. I have written this especially for persons with a sense of humor. You may distribute this (unaltered) FAQ for non-commercial purposes. =========================================================== What is an anonymous remailer? An anonymous remailer (also called an "anonymous server") is a free computer service that privatizes your e-mail. A remailer allows you to send electronic mail to a Usenet news group or to a person without the recipient knowing your name or your e-mail address. Why would YOU use remailers? Maybe you're a computer engineer who wants to express opinions about computer products, opinions that your employer might hold against you. Possibly you live in a community that is violently intolerant of your social, political, or religious views. Perhaps you're seeking employment via the Internet and you don't want to jeopardize your present job. Possibly you want to place personal ads. Perchance you're a whistle-blower afraid of retaliation. Conceivably you feel that, if you criticize your government, Big Brother will monitor you. Maybe you don't want people "flaming" your corporate e-mail address. In short, there are legitimate reasons why you, a law abiding person, might use remailers. How does a remailer work? Let's take an example. A popular Internet remailer is run by Johan Helsingius, President of a Helsinki, Finland company that helps businesses connect to the Internet. His "an@anon.penet.fi" addresses are common in controversial news groups. Suppose you read a post from a battered woman crying out for help. You can write her at . Helsingius' computer will STRIP AWAY your real name and address (the header at the top of your e-mail), replace this data with a dummy address, and forward your message to the battered woman. Helsingius' computer will notify you of your new anonymous address; e.g., . You can use Helsingius' free service to forward letters to anyone, even to persons who do not use his service. His computer sends each user detailed instructions about his system. Are there many remailers? Currently, there are roughly a dozen active, PUBLIC remailers on the Internet. (Undoubtedly, there are PRIVATE remailers that restrict who may use them.) Remailers tend to come and go. First, they require equipment and labor to set up and maintain; second, they produce zero revenue. Why are remailers free? There is a simple answer. How can remailer administrators charge people who want maximum privacy? Administrators can't ask for a Visa number or take checks. Why do people operate remailers, if not for money? People set up remailers for their own personal usage, which they may or may not care to share with the rest of us. Joshua Quittner, co-author of the high-tech thriller MOTHER'S DAY, interviewed Mr. Helsingius for WIRED magazine. Helsingius said: "It's important to be able to express certain views without everyone knowing who you are. One of the best examples was the great debate about Caller ID on phones. People were really upset that the person at the receiving end would know who was calling. On things like telephones, people take for granted the fact that they can be anonymous if they want to and they get really upset if people take that away. I think the same thing applies for e- mail." "Living in Finland, I got a pretty close view of how things were in the former Soviet Union. If you actually owned a photocopier or even a typewriter there you would have to register it and they would take samples of what your typewriter would put out so they could identify it later. That's something I find so appalling. The fact that you have to register every means of providing information to the public sort of parallels it, like saying you have to sign everything on the Net. We always have to be able to track you down." What makes an "ideal" anonymous remailer? An "ideal" anonymous remailer is: (a) Easy to use. (b) Run by a reliable individual whose system actually does what it promises. In addition, this person should have the computer expertise to take prudent steps to safeguard your privacy from civilian or government hackers. (c) Able to forward your messages in a timely manner. By "timely" I mean minutes or hours. (d) Holds your messages for a RANDOM time before forwarding them. This time lag makes it harder for snoops to link a message that arrives at, say, 3:00 P.M. with a message that leaves your machine at, say, 2:59 P.M. (e) Permits (better yet encourages!) PGP encryption software. If a remailer does NOT permit PGP (Pretty Good Privacy), reasonable people might assume that the remailer administrator enjoys reading forwarded mail. What makes a responsible remailer user? A responsible user: (a) Sends text files of a reasonable length. Binary files take too much transmission time. (b) Transmits files selectively. Remailers are NOT designed to send "You Can Get Rich" chain letters or other junk mail. Who are irresponsible remailer users? Here is a quote from one remailer administrator: "This remailer has been abused in the past, mostly by users hiding behind anonymity to harass other users. I will take steps to squish users who do this. Lets keep the net a friendly and productive place.... Using this remailer to send death threats is highly obnoxious. I will reveal your return address to the police if you do this." Legitimate remailer administrators will NOT TOLERATE harassment or criminal activity. Report any such incidents to the remailer administrator. How safe are anonymous remailers? [for paranoids only :-)] For most low-security tasks, such as responding to personal ads, remailers are undoubtedly safer than using real e-mail addresses. However, all the best made plans of mice and men have weaknesses. Suppose, for example, that you are a government employee, who just discovered that your boss is taking bribes. Is it safe to use an anonymous remailer to send evidence to a government whistleblower's e-mail hot line? Here are a few points to ponder: (a) The person who runs your e-mail system might intercept your secret messages to and from the anonymous remailer. This gives him proof that YOU are reporting your corrupt boss. This evidence could put you in danger. (b) It is possible that the anonymous remailer is a government sting operation or a criminal enterprise, designed to entrap people. The person who runs this service might be your corrupt boss' partner. (c) Hackers can do magic with computers. It's possible that hackers have broken into the remailer (unbeknownst to the remailer's administrator) and that they can read your messages at will. Hard-core privacy people do not trust individual remailers. These people write programs that send their messages through several remailers. This way only the first remailer knows their real address, and the first remailer cannot know the final destination of the e-mail message. In addition, they PGP encrypt all messages. Where can I learn more? Go to the Usenet news group ALT.PRIVACY.ANON-SERVER. Pay special attention to posts by Raph Levien, "The Remailer Guru." Where can I get a list of current remailers? Raph Levien [see above] generously runs a remailer pinging service which collects details about remailer features and reliability. To read Levien's data, finger: . There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html In addition, Raph Levien regularly posts his "List of Reliable Remailers" at ALT.PRIVACY.ANON-SERVER. Anything else I should know? YOUR privacy and safety could be in danger! Prolific bank, credit and medical databases, e-mail monitoring, and computer matching programs are just a few factors that threaten every law abiding citizen. In short, our anti-privacy society can serve criminals and snoops computer data about YOU on a silver platter. If you want to PROTECT your privacy, I urge you to support groups such as the Electronic Frontier Foundation and the Electronic Privacy Information Center . Andre, have you written other privacy-related FAQs? I'm circulating an (1) Anonymous Remailer FAQ, (2) E-Mail Privacy FAQ, and (3) (Non-Technical) PGP FAQ for Novices. To get these FAQs, send me this e-mail: To: abacard@well.com Subject: Help Message: [Ignored] [You'll find these FAQs, plus much more, at my web site at http://www.well.com/user/abacard] ================================================================= abacard@well.com Bacard wrote "The Computer Privacy Stanford, California Handbook" [Intro by Mitchell Kapor]. http://www.well.com/ Published by Peachpit Press, (800) user/abacard 283-9444, ISBN # 1-56609-171-3. =================================================================