1993-02-23 - Re:

Header Data

From: Johan Helsingius <julf@penet.FI>
To: Anonymous <nowhere@bsu-cs.bsu.edu>
Message Hash: ead658ce8775bf58fe8d549e5293faa7f4c5428bd39ca3912ddfbc5de701d6bc
Message ID: <9302231011.aa20353@penet.penet.FI>
Reply To: <9302230715.AA11401@bsu-cs.bsu.edu>
UTC Datetime: 1993-02-23 09:12:12 UTC
Raw Date: Tue, 23 Feb 93 01:12:12 PST

Raw message

From: Johan Helsingius <julf@penet.FI>
Date: Tue, 23 Feb 93 01:12:12 PST
To: Anonymous <nowhere@bsu-cs.bsu.edu>
Subject: Re:
In-Reply-To: <9302230715.AA11401@bsu-cs.bsu.edu>
Message-ID: <9302231011.aa20353@penet.penet.FI>
MIME-Version: 1.0
Content-Type: text/plain

> Well, I don't agree that doubleblind is a great idea.

Neither do I. But many of the users of anon.penet.fi are
not very computer-and-email-literate, and they have been using other
services, providing double-blind. Unfortunate, but too late to change now...

What we can do is to provide better ways for those who *are* computer
literate enough to use extra headers etc.

> > Evidentally there is positive harm that can occur by automatically
> > anonymizing all messages which pass through a remailer.  ... For
> > anonymous posting and for mail to a non-anonymous address, it's more
> > reasonable to assume that anonymization is desired.  ... But when
> > sending a message to an anonymous address, it's not known whether the
> > sender wants to be anonymized or not.
> I think it's imperative that the sender use X-Anon-To to be
> pseudonymous.  This is consistent with the principle of least
> astonishment.

But in this case I feel the principle of least astonishment is overruled
by the principle of least risk of accidental exposure.

> > Also, I have seen proposals that anonymous ID's should be made less
> > recognizable, so that instead of an5877@anon.penet.fi we would have
> > joe@serv.uba.edu.  In such a situation it might be tedious to
> > scrutinize every email address we send to (via replies, for example)
> > to make sure it isn't a remailer where you have an anonymous ID.
> It would be a real boon to make pseudonyms less prominent -- this
> seems to have kicked over a hornet's nest on USENET (even though
> pseudonyms have been quietly in use for years).  But were this the
> case, scrutiny would be an understatement.

I think that hornet's nest needed to be kicked. But I am also
disappointed that not enough people defend the need for anonymity in
places like news.admin.policy.

I think pseudonyms *should* be prominent - as you have noticed, anon.penet.fi
adds an explicit warning at the end of every message.

> > All in all, I think some changes need to be made in how anonymous
> > addresses are used and implemented in order to provide reasonable
> > amounts of security.
> I agree that more discussion is in order.  I'm especially concerned 
> about the broader issues regarding anonymity through remailers.

Agree 100%.