Jump to content

Anonymous remailer

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Ww (talk | contribs) at 17:28, 9 April 2004. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

An anonymous remailer is a server computer which receives messages with embedded instructions on where to send them next, and which forwards them without revealing where they orignally came from. There are Cypherpunk anonymous remailers, Mixmaster anonymous remailers, and nym servers, among others.

Types of remailers

There are several strategies which contribute to making the email so handled more or less anonymous. In general, different classes of anonymous remailers differ regarding the choices their designers/operators have made. It should noted that every data packet traveling on the Internet contains the node addresses (as raw IP bit strings) of both the sending and intended receipient nodes, and so can never be anonymous at this level. However, if the IP source address is changed, there will be no easy way to trace the originating node (and so the originating entity for the packet). In addition, all standards-based email messages contain defined fields in which the source and transmitting entities (and Internet nodes as well) are required to be included.

Some remailers change both types of addresses, and the list of forwarding nodes, as the email passes through, in effect, substituting a 'fake source address'. The 'source address' for that packet then becomes the emailer server itself, and for the email message (usually several packets) a nominal 'user' on that server. Other remailers forward their anonymized email to still other servers, and only after several such hops is the email actually delivered to the intended address.

traceable remailers

Some remailers establish a list of actual senders and invented names such that a receipient can send mail to the invented name AT some_remailer.net. When receiving an email addressed to this user, the server consults that list, and forwards the mail to the original sender, thus permitting anonymous -- though traceable under some conditions -- two way communication. The famous "penet.fi" remailer in Finland did just that for several years. Unfortunately, because of the existence of such lists in this type of remailing server, it is possible to ask a court (or merely the police in some places) to order that the anonymity be broken. Just this happened to the operator of the Penet.fi remailer system as a result of some traffic about Scientology, and he shut it down after destroying its records in order to retain identity confidentiality for its users.

More recent versions use cryptography in an attempt to provide more or less the same service, but without so much risk of loss of user confidentiality. These are generally termed nym servers or pseudonymous remailers. The degree to which they remain vulnerable to forced disclosure (by courts or police) remains unclear, since new statutes/regulations and new cryptanalytic developments proceed apace.

Untraceable remailers

If users accept the loss of two-way interaction possiblity, identity anonymity can be made more secure.

By not keeping any list of users and corresponding anonymizing labels, a remailer can ensure that any message which has been forwarded leaves no internal information behind which can later be used to break identity confidentiality. However, messages being forwarded remain vulnerable within the server (eg, to Trojan Horse software in a compromised server or to a compromised server operator), and traffic analysis comparison of traffic into and out of the server can suggest quite a lot -- far more than nearly all would credit.

The mixmaster strategy is designed to defeat such attacks, or at least to increase their cost beyond feasiblity. If every message is passed through several servers (ideally in different jurisdictions), then legal system based attacks become considerably more difficult. And, since many different servers, and server operators, are involved, subversion of either becomes less effective.

Random padding of messages, and encryption of forwarding information between forwarding remailers, increases the degree of difficulty for attackers still further, and make ineffective simple automated traffic analysis algorithms.

Reasons for using an anonymous remailer

In an era of spam and junk email and identity theft, email access by just anyone can be actually problematic. If maintained, anonymity shields users from such problems; remailers can help. Bulletin board and news group postings of controversial opinon can (and have) attracted unwelcome attention both official and private. In some cases, that attention has been dangerous -- criminal or politically. Anonymous remailers can assist in preventing this as well.

Opponents of anonymity (eg, anonymous remailers) suggest that anonymity allows illegal or dangerous activity (eg, terrorism, drug runing, pedophiliac attacks against children, ...) to occur. The inference intended to be drawn is that, without anonymity, these things would not occur, or would be less likely to do so. This is a questionable inference since, prior to the practical availability of anonymity to many, all of these things did occur. Little actual evidence has been produced to show that their incidence has increased as a result of anonymity. There have been several prominent attempts to claim they have, in the press and otherwise; few have included credible evidence.

In addition, many object to anonymity because it facilitates such things as advocacy of unpopular positions (eg, religious, political, social, sexual, economic, artistic, ...). For societies in which central control of such speech and activity has existed, anonymity actually does present a problem today. Anonymity dvocates suggest that the actual problem is less how to centrally control speech and thought, but whether it should be controlled at all.

For societies in which free speech and thought is claimed to be an important value, the problem is rather different. To the extent that anonymity (and anonymous remailers) are used to exercise free speech, neither should be an issue at all. For those in such societies who are opposed to free speech and thought (or to merely 'some kinds' of speech and thought), anonymity (and anonymous remailers) will be a problem, just as they are in more explictly controlling cultures. Again, anonymity dvocates suggest that the actual problem is less which kind of free speech to abridge, but whether any should be controlled at all.

These issues are unresolved, perhaps unresolvable, and remain controversial. 'Technical solutions' to date have been kludges and less than successful.

Using a remailer

If the object is identity anonymity, nothing sent to an emailer can ever include identifying information in clear text. Thus, "From: anon At: remailer.net Hey dude, send me that new comic to 123 Maple Street, Wherever, Country, Postal Code. Thanx" is particulary clueless.

Less obviously, some software (eg, recent versions of Microsoft Word) includes (hidden) identifying information in each formatted file it handles. Those interested in anonymity should limit themselves to plaintext messages produced by plaintext editors (eg, vi (or a clone), emacs, pico, ...; each is available for most operating systems) as they don't include such hidden information. Alternatively, users should take great care to inspect files (images, sound files, ...) to ensure contain no identifying information. Note however, that even byte-by-byte inspection will not necessarily uncover such information since it can be easily concealed by encryption or steganography.

Choosing a remailer

Not all anonymous remailers are identical, even when all works as intended. Close attention to the operating standard and intent, location, and reliability record is needed before choosing one. Among the criteria which should be considered are:

  • class (eg, two way vs one way, encrypted message content vs cleartext only, ...)
  • location (eg, some jurisdictions allow easier seizure of equipment or records than do others)
  • history (eg, some operators maintain/administer their hardware and software better than others)
  • security (eg, some operating systems have much worse security histories (and so futures?) than others)
  • operator (eg, a remailer run by the some infamous Secret Police Department will be less than desirable)
  • privacy and operating policies (eg, if stated, better than otherwise; if stated, sensible, and observed, better still)
  • software used (eg, some remailer software is widely used, some is not)
  • record and reputation (eg, see statistics sites, and check around (Google search, news group postings, blogs, ...)

There is no way to ensure that a particular remailer server will never cause problems for its users (eg, loss of identity confidentiality). A remailer system not under one's own expert level control will always remain to some extent unknown.

Remailer statistics

Since the release of Echolot, (An automated remailer pinger application written by Peter Palfrader), the number of accurately maintained statistics sources has increased considerably. A complete list of all pingers can be obtained from http://www.noreply.org/allpingers/. A consolidated view of current remailer statistics based on all available stats sources is available at http://www.noreply.org/meta/.

See also

pseudonymous remailer

Retrieved from "https://en.wikipedia.org/w/index.php?title=Anonymous_remailer&oldid=3123584"