1993-02-23 - Re: Beware of anon.penet.fi message!

Header Data

From: an5877@anon.penet.fi (deadbeat)
To: cypherpunks@toad.com
Message Hash: ceb050af1311a07de95de188c16fa4f287800ff90e39d23dd944754b05f4f7b0
Message ID: <9302230604.AA04535@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1993-02-23 06:33:49 UTC
Raw Date: Mon, 22 Feb 93 22:33:49 PST

Raw message

From: an5877@anon.penet.fi (deadbeat)
Date: Mon, 22 Feb 93 22:33:49 PST
To: cypherpunks@toad.com
Subject: Re: Beware of anon.penet.fi message!
Message-ID: <9302230604.AA04535@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


This is a longer response to the warning posted by Xavier.

> Beware of the message about the security bug in the
> anon.penet.fi software!


> If you do as requested, and send your true email address to
> an5877@anon.penet.fi then he will see both your true email
> address and your anonymous address (if you have one - if you
> don't, you will be assigned one and he will see that).  Any
> future use you make of this anonymous server (say, to post
> anonymously) will appear under that same anonymous address - and
> this person will know your true email address that goes with
> it.

You got me.  

I meant only slight malice here:  I had intended to "expose" a few
email/anon associations to highlight the problem.  The problem became
apparent to me when I sent pseudonymous mail to a prominent person on
this list; his reply exposed his pseudonymous id at anon.penet.fi,
surely without his knowledge.

> an5877's message appears to be a trick, designed to collect
> anonymous/real address pairs.  Johan Helsingius should take
> action against this trickster.  Since he is learning other
> people's real addresses, perhaps it would be appropriate for his
> own real address to be revealed.

Now that would be a _very_ serious "bug" in the anon.penet.fi remailer
(or, more accurately, in its administration); I am confident Johan
Helsingius will reject this suggestion.

> But, this does point out that these systems which automatically
> assign anonymous addrsses have several security flaws.  Johan
> has already had to introduce a "password" feature to make it
> more difficult to send fakemail that appears to be from a
> particular email address through the server, thus revealing the
> corresponding anonymous address when it is delivered.

I think that merely masks the real problem.

> an5877's trick is a variant on one discussed in
> news.admin.policy where it is pointed out that you can mail to
> someone via anon.penet.fi and ask for information; when the
> return mail comes back it will be from that person's anonymous
> address.  So again you can pair up real and anonymous
> addresses.

I missed that discussion, or I wouldn't have wasted your (our) time.

> These are serious problems.  We need some discussion of how to
> avoid these simple tricks for defeating the anonymity while
> still having an easy-to-use system.

Any ideas?  For starters, I think the default behavior of anon.penet.fi
is badly broken.  But a more serious problem with anon.penet.fi and the
other remailers I am aware of is the necessity that we pseudonymous
clients have to rely on the integrity of their administrators to keep
our pseudonyms private.  In the face of social pressure, such as
Xavier's, that may be asking a lot.

> ::Xavier::


Version: 2.1

To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind system, any replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
*IMPORTANT server security update*, mail to update@anon.penet.fi for details.