1993-02-23 - Re: Anon address attack…

Header Data

From: Johan Helsingius <julf@penet.FI>
To: Eli Brandt <ebrandt@jarthur.claremont.edu>
Message Hash: f80a4516b4dce4237198538146504ac0e0cb8dc6d6e6a585693bf6764a5d5657
Message ID: <9302230920.aa20039@penet.penet.FI>
Reply To: <9302230700.AA03047@toad.com>
UTC Datetime: 1993-02-23 08:21:49 UTC
Raw Date: Tue, 23 Feb 93 00:21:49 PST

Raw message

From: Johan Helsingius <julf@penet.FI>
Date: Tue, 23 Feb 93 00:21:49 PST
To: Eli Brandt <ebrandt@jarthur.claremont.edu>
Subject: Re: Anon address attack...
In-Reply-To: <9302230700.AA03047@toad.com>
Message-ID: <9302230920.aa20039@penet.penet.FI>
MIME-Version: 1.0
Content-Type: text/plain

> I was thinking of installing a trivial hack in my remailer, such that
> upon demand it adds some random (essentially unrepeatable) cruft to
> the From: line, placing it as a name field so as to have no
> addressing significance.  I believe penet assigns IDs based on this
> line, so chaining this to a penet-style remailer would provide
> "hit-and-run" anonymity -- even if the remailer wants nothing of the
> sort.  The social desirability of this could be questioned, but it
> certainly seems more secure to built pseudonyms on top of something
> like this (using PGP sigs to provide a solid identity) than through
> the presently-popular approach.  Comments?  (Julf?)

I think we should come up with a more socially acceptable solution.
Widespread use of hit-and-run abuse on the net would certainly lead to
actions against sites such as anon.penet.fi. Some method that preserves
a return path is needed for a *general* posting facility
(alt.whistleblowers etc. would be special cases). And... Please remember
anon.penet.fi has something like 13000 existing users. And most of them
have been using other anonymous posting hosts with the same
limitations/defaults as anon.penet.fi. So we can't change everything