1993-09-08 - Re: the Pitfalls and the Pendulum of Anonymity

Header Data

From: Johan Helsingius <julf@penet.fi>
To: “L. Detweiler” <ld231782@longs.lance.colostate.edu>
Message Hash: 41ffee59174ba377ca994809c3fa704a07290d809601ebc331c14fa2aff0cc76
Message ID: <199309081331.AA18760@mail.eunet.fi>
Reply To: <9309080324.AA21869@longs.lance.colostate.edu>
UTC Datetime: 1993-09-08 13:41:56 UTC
Raw Date: Wed, 8 Sep 93 06:41:56 PDT

Raw message

From: Johan Helsingius <julf@penet.fi>
Date: Wed, 8 Sep 93 06:41:56 PDT
To: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Subject: Re: the Pitfalls and the Pendulum of Anonymity
In-Reply-To: <9309080324.AA21869@longs.lance.colostate.edu>
Message-ID: <199309081331.AA18760@mail.eunet.fi>
MIME-Version: 1.0
Content-Type: text/plain

> Since no one else has posted on this yet I will.  The short answer is
> that you can tell them to use your address `na[x]' and their anonymous
> identity won't be revealed, and if they are using the server they might
> know that (is it stated in the introduction material? it sure should be).

It shure should be in the help file. But the whole help file needs
to be rewritten. I'm running as fast as I can!

> (1) the server was mainly intended for posting to newsgroups at its
> origination, where the automated anonymizing (J. Helsingius' term:
> `automated double blinding') makes sense.

I hate the automatic anonymizing myself, but for historical reasons that
had to be done. Can be fixed in the next reincarnation of the server
if documented clearly enough.

> (2) however, a major use of the server is email-to-email mail, so to
> speak. in this case the scenario raised by Deadbeat in the past &
> Baumbach recently reveals the pitfalls in the `feature'.

Right. There is a solution, but it has to wait for MK II.

> the automated anonymizing feature, implemented with the best of
> intentions, has come back to haunt J. Helsingius rather rudely--it is
> perhaps the greatest weakness of the server, other than the corrected
> `forge-without-passwords' aspect (where someone can forge an email
> message from: address and possibly determine anonymous-to-identity
> mappings through trial and error if no passwords are used).


> J. Helsingius has announced grand visions for the amazing, spectacular,
> and impending Mark II server that will incorporate full encryption
> (user keys mappings and a server key), along with a new default in
> which replies to anonymous email will not be automatically anonymized.

Right. Amazing, spectacular - maybe, but impending... Sigh...

> p.s. I would like to know if there is a way to (1) automatically get
> traffic statuses from anon.penet.fi,


> and (2) get a list of supported newsgroups.

No. Simply to reduce bandwith - the list is something like 4000 groups