1997-11-29 - Re: Non Logging News Servers? Try #2

Header Data

From: Anonymous <anon@anon.efga.org>
To: mail2news@basement.replay.com
Message Hash: 8e14d9cf1ffe229ca04ea2e8fb16b67081ee6e969f239eb8850c627044fc4016
Message ID: <e349157902e951f835e046e65101d325@anonymous.poster>
Reply To: <0cc751b9ffaf2c1afd6a2289b4873895@anonymous.poster>
UTC Datetime: 1997-11-29 04:16:11 UTC
Raw Date: Sat, 29 Nov 1997 12:16:11 +0800

Raw message

From: Anonymous <anon@anon.efga.org>
Date: Sat, 29 Nov 1997 12:16:11 +0800
To: mail2news@basement.replay.com
Subject: Re: Non Logging News Servers? Try #2
In-Reply-To: <0cc751b9ffaf2c1afd6a2289b4873895@anonymous.poster>
Message-ID: <e349157902e951f835e046e65101d325@anonymous.poster>
MIME-Version: 1.0
Content-Type: text/plain



lcs Remailer Administrator <mix-admin@nym.alias.net> wrote:

> The unfortunate reality is that almost all news servers log, and there
> is no way to tell if you don't actually have an account on the server.
> There may be privacy conscious ISPs that actually promote the fact
> that they don't log, but I don't know of any to recommend.
> 
> The point of putting that in the help file was also to make people
> realize there is a trade-off.  Posting to news groups might not
> actually be the safest solution.  Basically, if you are more worried
> about the remailer operators, alt.anonymous messages is probably the
> best place to send messages.  However, if you are more worried about
> your employer/ISP than about the remailer operators, then it probably
> makes more sense just to have an ordinary e-mail reply block.

One solution to this problem is to run your own personal news server
like "souper" that gathers ALL new news article in a certain NG and
stores them locally for off-line reading.

If you're consistently pulling news messages for the
alt.anonymous.messages NG off of a certain server, it could be
reasonably inferred that you are the intended recipient of at least
SOME of those messages.  But if you use a client that invariably
grabs all the new messages each time, it would be rather difficult
to determine which messages you are interested in.

To avoid traffic analysis, use a software program to pull the
messages for you.  If you do it manually, even if you try to pull
them all, you will undoubtedly read and save them in a certain
order, or spend more time reading certain ones that will betray your
interest in certain messages.

As for employers, any of them that are sophistocated enough to be
monitoring NNTP connections and creating a profile of your reading
habits probably also have their own firewall and news server.  IOW,
if they run their own news server and carry a certain NG, then
they'd have a hard time objecting to your reading it.

It would probably be wise to assume a worst-case scenario and only
deviate from it when you're sure it's safe to do so.  For example,
suppose you used a pseudonym to publish an article that was critical
of the current Ayatollah in Iran, or perhaps deemed offensive to
Islam in general, and you were sentenced to death in absentia ... if
they can find and identify you.  (Sort of an anonymous Salmon
Rushdie.)  Start out assuming you need that level of security and go
from there.  But if someone has gone to the trouble of setting up a
'nym, then he probably perceives a need for more than just a casual
level of security.

--






Thread