From: Johan Helsingius <julf@penet.fi>
Date: Sat, 23 Oct 93 12:08:26 PDT
To: Matt Blaze <mab@crypto.com>
Subject: Re: Warning about exposing anon id
In-Reply-To: <9310231826.AA08908@crypto.com>
Message-ID: <199310231907.AA11705@mail.eunet.fi>
MIME-Version: 1.0
Content-Type: text/plain



> It seems that an anonymous remailer can operate in one of three ways -
> it can reveal your psuedonym, it can reveal your identity, or it can
> reveal nothing and simply give you a generaic "anonymous" identity.

There is one more option - use two separate sets of anon id's. This is the
way anon.penet.fi Mk II is going to operate.

> - If it simply strips out all identifying information and calls you some
> generic anonymous name, this could lead to problems for people who expect
> a reply to their messages.

Yeah. This problem is solved by the aforementioned "double" id approach...

> I think the best solution is to require any message sent through a remailer
> to include explicit instructions as to how it should be handled.  For example
 > ,
> require something like an "X-Identify:" field that would be used to select th
 > e
> return address behavior, with options like "real-id", "psuedonym", or
> "anonymous".  Messages that don't include the field should bounce, probably
> with some instructions as to how to fix the message to make it go through
> properly.

No way. 75% of my users just can't deal with the extra headers. I frequently
get messages like:

	"Dear Sir. I not understand you help. I not read English.
	I chinese. Send chinese help."

 Julf