Digital signatures – such as those created by PGP – are a way of confirming the identity (and unsullied content) of a message or file. They are the only way to go when you want to ensure both of those properties. There are times, however, when you don’t want someone to know your identity. (It doesn’t matter that sending a message anonymously prevents the recipient from directly replying. There are many ways of places a message for another person to see on the Internet (or any other network).)
Why would you ever want to send an anonymous note? Many forms of unpopular and controversial speech are worthy, yet would have real consequences for the sender if their identity were to be found out. At the founding of the USA anonymous political tracts electrified the would-be electorate. To this day the US courts have ruled that an identity does not have to be affixed to such materials, even if used in the heavily bureaucratized and paper-bound electoral process.
Self-help groups, such as Alcoholics Anonymous, have long relied on the anonymity of its members. On-line groups benefit from the same anonymity.
There are many other types of unpopular speech. Having an employer peruse your email and finding out that you’re a homosexual, recovering (or recidivist) drug user could easily lead to a quick termination of employment. (While I’ve heard the arguments for an employer to read through an employee’s email, I find them unpersuasive. An employee should be judged on job performance, and little else (in my humble opinion).)
Whistle-blowing (the revealing of an employer’s unethical and unsafe actions) is considered important enough by the U.S. Government to merit a toll-free hotline. Whistle-blowing via email should be just as easy and just as protected as using the telephone.
Anonymity is a two-edged sword, just like everything else of value. It’s another level of protection for the purveyor of electronic grafitti, harassment, and libel. Writers of ransom notes benefit from anonymity. Revealers of corporate secrets (such as the recent airing of several profitable “Church” of Scientology tracts) would be well-advised to use the chain of anonymous remailers.
What are anonymous remailers? “Vanilla” email machines record information about the sender of an email message. (That’s how you reply to the sender.) The Netsurfer Focus tried to explain anonymous remailers by saying:
Messages sent to these remailers for forwarding have the originating header stripped off and replaced with the address of the remailer.
Replies to the remailer are then forwarded back to the originator without revealing his identity. There are several dozen remailers on the Internet.
This is wrong.
Anonymous remailers – generally installed and maintained by
– strip off the original message headers and save no information about the sender. (These machines save very generic information for a short time, to aid the system administrator in judging the machine’s workload, and to frustrate those who would physically sieze the computer in order to look through its forwarding information.) There is no way to reply to someone who has sent email through an anonymous remailer. (Actually, it’s canonical to ship your email through several anonymous remailers, on the assumption that a chain of remailers can’t all be compromised by the black hats.
Julf’s anon.penet.fi does save the mapping between real email address and the pseudononymous one. If I send email addressed to you through Julf’s machine, you see it as having come from (for example) . If I don’t slip up somehow, you’ll never know my real email identity. You can, however, reply to my pseudononymous address as easily as you can to any other sender of email.
There are a variety of attacks against both anonymous and pseudononymous remailers.
The Church of Scientology, in an on-going attempt to stifle free discussion of its money-making sales of “religious works”, was successful in February of 1995 in convincing the Finnish police to force Julf to reveal the mapping between one pseudononymous user and their real email address. (Julf wisely decided that if he had no choice, revealing one address was better than revealing them all. He later said that the siezure by Finnish police had galvanized public support in that country in favor of remailers. I haven’t heard much recently about what’s going on and how Julf is faring.)
Attacks against anonymous remailers start with having a fake remailer staffed by the black hats (or compromised by them). Traffic analysis of the remailer – tracking incoming and outgoing mail and their sizes, can review the identity of seemingly anonymous messages. There are a variety of techniques used to improve the certainty of anonymity and to defend remailers from attacks, chief amongs them are holding mail for a random amount of time to deter traffic analysis. You can – as mentioned before – send mail through several anonymous remailers. This is known as “chaining”.
Since the Internet is a network of networks, your email may travel through many sites before reaching a remailer and having its headers stripped. For those monitoring your email, just sending to an anonymous remailer may be cause for suspicion. (Heck, even sending encrypted email may be cause for suspicion.) Your unencrypted email may be read by any sufficiently priviledged user at any site along the route, its headers examined at any site before the remailer. (Most “postmasters” treat email with the same respect accorded postal mail, but you should never, ever count on this.)
Have you found errors nontrivial or marginal, factual, analytical and illogical, arithmetical, temporal, or even typographical? Please let me know; drop me . Thanks!
1993-2006 by ,
via the Creative Commons License. Questions and comments? Send
to the Geek Times Webmaster. (Domain and web content hosting at .)