1993-02-23 - Re:

Header Data

From: Johan Helsingius <julf@penet.FI>
To: Anonymous <nowhere@bsu-cs.bsu.edu>
Message Hash: ce6687285f3ff51b04923f0102b330569267d9b69d2a3159c32694ad25d1d503
Message ID: <9302231817.aa23700@penet.penet.FI>
Reply To: <9302231537.AA28187@bsu-cs.bsu.edu>
UTC Datetime: 1993-02-23 20:35:15 UTC
Raw Date: Tue, 23 Feb 93 12:35:15 PST

Raw message

From: Johan Helsingius <julf@penet.FI>
Date: Tue, 23 Feb 93 12:35:15 PST
To: Anonymous <nowhere@bsu-cs.bsu.edu>
Subject: Re:
In-Reply-To: <9302231537.AA28187@bsu-cs.bsu.edu>
Message-ID: <9302231817.aa23700@penet.penet.FI>
MIME-Version: 1.0
Content-Type: text/plain

> > Neither do I. But many of the users of anon.penet.fi are
> > not very computer-and-email-literate, and they have been using other
> > services, providing double-blind. Unfortunate, but too late to change now..
 > .
> Can you elaborate on those other services?  The Finnish remailer is the
> only one I'm aware of.

The operating principles (and the early code) was copied from the
general service Karl Kleinpaste was running at godiva. There has been
two long-running servers serving some alt.* groups (alt.sex.*,
alt.sexual.abuse.recovery) for years.

> Also, I'm confused about these "not very computer-and-email-literate"
> users -- aren't they forced to use an X-Anon-Password header?

No. Not until now. And you can still post withaout it, and answer
anonymous mail without it, and of course set the password to "none", 
disabling passwords altogether.

> I'm surprised there hasn't been more ruckus about the default
> behavior.  There must be many folks whose identities have been
> inadvertantly exposed.

I know, looking at the error messages and missent mail, that there would
have been hundreds of persons exposed without the default double-blind.

> > What we can do is to provide better ways for those who *are* computer
> > literate enough to use extra headers etc.
> I don't think this will help.  With my mail environment, I have to go
> to lengths to send an anonymous message, concocting X-Anon-To and
> X-Anon-Password headers.  It's worth the effort, since this helps to
> preserve the secrecy of my pseudonymous identity.
> But the first time I mess up, and send an unfettered message to an
> anon.penet.fi client, I am unmasked.

No, once you set a password, the server won't let your message through
unless it's OK!

> And I still don't understand how the unfettered message gets past the
> X-Anon-Password filter.

Can you elaborate? I don't understand your question. Sorry, my english
isn't what it ought to be...

> > But in this case I feel the principle of least astonishment is overruled
> > by the principle of least risk of accidental exposure.
> I think the risk of accidental exposure is heightened by the default
> behavior of the Finnish remailer.  Maybe we're using the same words to
> describe different things.

I beg to disagree.

> > I think that hornet's nest needed to be kicked. But I am also
> > disappointed that not enough people defend the need for anonymity in
> > places like news.admin.policy.
> Some of us gave up on USENET policy long, long ago.  Personally, I stick
> to the alt.* groups.

Right. Unfortunately. Because had you followed the discussion in
news.admin.policy you would have realized thet sticking your head in the
bush isn't going to help.