1993-10-22 - Re: Warning about exposing anon id

Header Data

From: freeman@MasPar.COM (Jay R. Freeman)
To: cypherpunks@toad.com
Message Hash: 1e6206841064088469bd116a5d549106d38a09e6f9641e4a8f60c70594315cb0
Message ID: <9310222118.AA17944@cleo.MasPar.Com>
Reply To: N/A
UTC Datetime: 1993-10-22 21:18:19 UTC
Raw Date: Fri, 22 Oct 93 14:18:19 PDT

Raw message

From: freeman@MasPar.COM (Jay R. Freeman)
Date: Fri, 22 Oct 93 14:18:19 PDT
To: cypherpunks@toad.com
Subject: Re:  Warning about exposing anon id
Message-ID: <9310222118.AA17944@cleo.MasPar.Com>
MIME-Version: 1.0
Content-Type: text/plain



A very interesting warning, and an interesting conceptual loophole, if I
understand it correctly.  What I think I understand is, that if I reply
to an anonymous message, the remailer will create and maintain an anonymous
ID for me, of the form "an12345", which it will use for all subsequent
messages that I send through it.

If so, then the gotcha is this:  Suppose I am not interested in anonymity.
I read a message that looks interesting, and reply to it -- both to the
originator and to the newsgroup.  The remailer gives me an "anonymous" ID
which is promptly compromised because the same text went out both with
my name on it and with the anonymous ID attached.  But who cares -- as
I stipulated, at the time I was not interested in anonymity, and may not
even have realized that the message I was replying to was posted via an
anonymous remailer.

BUT suppose that six months from now I suddenly turn paranoid (or realist --
which term you choose depends on your world view), and decide I would like
to use the anonymous mailer.  Now I send messages to and through it, but
the mailer already has an "anonymous" ID for me -- the one long since
compromised -- so it keeps using it.

Sounds to me like an interesting way for a user to compromise anonymity
without it really being anybody's fault.  I hope this problem is
explained in the remailer documentation (which I haven't sent for -- at
the moment I am not interested in anonymity), and that there is an
easy way for a user to request a new anonymous ID.

A fair fraction of the readers of this list will probably be saying
"caveat emptor" or words to that effect, but I suggest that it would be
a desirable property of a service offering any kind of anonymity, to
lead users -- especially novices -- away from trivial beginner's mistakes.

                                  -- Jay Freeman





Thread