1996-06-16 - Instructions for using nym.alias.net

Header Data

From: Help Message <nobody@nym.alias.net>
To: cypherpunks@toad.com
Message Hash: fdbad9f5d7124a26c36de0d5d7d6be99476acad7c1a73825b2e08f51f907f00e
Message ID: <199606161445.KAA10373@anon.lcs.mit.edu>
Reply To: <199606161444.KAA10366@anon.lcs.mit.edu>
UTC Datetime: 1996-06-16 18:57:39 UTC
Raw Date: Mon, 17 Jun 1996 02:57:39 +0800

Raw message

From: Help Message <nobody@nym.alias.net>
Date: Mon, 17 Jun 1996 02:57:39 +0800
To: cypherpunks@toad.com
Subject: Instructions for using nym.alias.net
In-Reply-To: <199606161444.KAA10366@anon.lcs.mit.edu>
Message-ID: <199606161445.KAA10373@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


WARNING:  This site is still in "alpha" state, and may have
          bugs. Please test it, but do not rely on it for truly
          sensitive pseudonyms until it has been tested for a while.
          Please report all bugs and problems to <admin@nym.alias.net>
          so that we can fix them.


* SETTING UP A MAIL ALIAS:

To set up an anonymous mail alias on nym.alias.net, you must first
generate a new PGP public/private key pair for use with your mail
alias.  Do this by running "pgp -kg".  You will be asked to choose a
user-id for your new key.  When you are prompted for the user-id, type
something not very descriptive that gives no indication of either your
real identity, the alias name you will choose, or even the
nym.alias.net machine.

Unlike your regular PGP key, you should make an effort to keep your
remailer public key relatively secret, and you should not use it for
any other purpose.  Do not sign it, and do not submit it to any key
servers or give it out to anyone.  To make sure you don't accidentally
sign other messages with your pseudonym's private key, you should
probably choose a new passphrase for your remailer key.  You may also
wish to put a line like:
  MYNAME = <your.real@e-mail.address>
in the file $HOME/.pgp/config.txt (which you can create if it
does not already exist).

Once you have a PGP key for your pseudonym, extract it to a file (for
instance with "pgp -fkxa 'key ID' > tmpfile".

Next, create a reply block for yourself.  First choose some
passphrases for conventional encryption.  Suppose you want your
message encrypted first with your public key, then with shared key
"passphrase_b", then with shared key "passphrase_a".  Create a
remailer message like this ("Latent-Time: +0:00" will prevent any
delay--use something longer for more security.)

 ::
 Request-Remailing-To: you@your.email.address
 Latent-Time: +0:00
 Encrypt-Key: passphrase_a

 **

PGP encrypt this with a remailer's public key (you can get remailer
information from fingering remailer-list@kiwi.cs.berkeley.edu, and you
can get the keys by running "finger pgpkeys@kiwi.cs.berkeley.edu | pgp
-fka").  This will yield a message like this:

 -----BEGIN PGP MESSAGE-----
 Version: 2.6.2

 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg
 /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2
 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA
 AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB
 cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp
 vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw==
 =Bla3
 -----END PGP MESSAGE-----

Prepend to this the following header:

 ::
 Encrypted: PGP

And finally add a command to send to the remailer you chose, yielding
a response block for one remailer:

 ::
 Anon-To: remailer@utopia.hacktic.nl
 Latent-Time: +0:00
 Encrypt-Key: passphrase_b

 ::
 Encrypted: PGP

 -----BEGIN PGP MESSAGE-----
 Version: 2.6.2

 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg
 /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2
 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA
 AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB
 cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp
 vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw==
 =Bla3
 -----END PGP MESSAGE-----

 **

For greater security, you should repeat this process so that mail to
your pseudonym travels through multiple remailers.  You can simply
encrypt the entire above message with another remailer's public key,
and insert the new cyphertext in a message similar to the example one
above.

Now, to set up a pseudonym on nym.alias.net, you need to mail four
things to config@nym.alias.net:  The pseudonym you wish to use, a
"create" command, your remailer public key, and the response block.
The reply-block must always come last in your mail message.  Thus, if
you wanted to choose the alias <test@nym.alias.net>, you would could a
message like this:

 Config:
 From: test@nym.alias.net
 Nym-Commands: create +acksend name="Full Name of Nym Test User"
 Public-Key:
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: 2.6.2
 
 mQCNAzGf6A8AAAEEAPknqWEUA8U4+l5TFkD5Fj0COten6bbIe5bBb/1MvI+w6mFl
 z06CPb2K/Z1fzjT48ZyxwYR+S3jU3Z96JEFRl99HYh3lTIUiBHW/XtwyefF0y61x
 qYkNuUpSFh9BDBFM7N3uVvaNbzLiFnqCpZLm5ZIfrLcla3qUgkTBtHVi58fRAAUR
 tDhsY3MgbWl4bWFzdGVyIGFkbWluaXN0cmF0b3IgPG1peC1hZG1pbkBhbm9uLmxj
 cy5taXQuZWRxPokAlQMFEDGf6ClEwbR1YufH0QEBX60D/jZ5MFRFIFA1VxTPD5Zj
 Xw2bvqJqFvlwLD5SSHCVfe/ka6ALuxZGFKD/pHpUAkfv1hWqAYsJpi0cf8HSdi23
 bh5dUeLJnHHHDmd9d55MuNYI6WTi+2YoaiJOZT3C70oOuzVXuELZ+nZwV20yxe8y
 4M3b0Xjt9kq2upbCNuHZmQP+
 =jIEc
 -----END PGP PUBLIC KEY BLOCK-----
 Reply-Block:
 ::
 Anon-To: remailer@utopia.hacktic.nl
 Latent-Time: +0:00
 Encrypt-Key: passphrase_b

 ::
 Encrypted: PGP

 -----BEGIN PGP MESSAGE-----
 Version: 2.6.2

 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg
 /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2
 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA
 AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB
 cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp
 vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw==
 =Bla3
 -----END PGP MESSAGE-----

Note that the first line of this message was "Config:".  ANY MESSAGE
SENT TO <config@nym.alias.net> WILL BE SILENTLY DISCARDED IF THE FIRST
LINE IS NOT "Config:"!

This message must then be encrypted with the nym.alias.net public key,
and signed by your new remailer public key.  The nym.alias.net public
key is listed here (pipe it to "pgp -fka" to add it to your public
key ring):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzGzy5AAAAEH/2JjaB4AuQff90Mejru+FVptG4/wPmwK7WteavNXJpYxWoRm
SzxwNz70q4QCLKBR0QnzXqGeGtCB5IE4dIuPIkMiPvRv57rBaDe4qkzNkgwuZiH9
qGMsOSidCf+xaIJyL7RtljKuDSU8KH2OGIdwEpGa20U+9oXabWCpWwVvfJhgxPFF
xhiFLeMzhEUgsVXxIn2ThD8AyHyTUXWd11nvvTeKt+y9qX+7fUDrn6HIl1lFmxQA
RAOc83jjDNgWbanHWG9+1g8KFLkBrEdxJtNQeb/JMSZ122Dxda5CwtMnQGI0mCcr
dHNr1NA6WWaIfV0pR+sluNWFxNYuTk0OFgtg8c0ABRG0Kzxjb25maWdAbnltLmFs
aWFzLm5ldD4vPHNlbmRAbnltLmFsaWFzLm5ldD6JAJUDBRAxumL3RMG0dWLnx9EB
AaRTA/4xIgNrem7Yay0/rFfXgoGHUhWsZVhAlQP1fVEIRYuYEC4Biodwx3nYL31r
9IcgBkm/DUddkfCUfroMr7wbm6GnYnrVLc4dZ9ACCjUVX7n5hvanc8/Efx0yE03l
D+r9n5liz5X4vk65f+DIw1LykM9zTg/4GNwAENn6H5YTtg6Q+IkBFQMFEDG6YVlO
TQ4WC2DxzQEBIvMH/jER9tiQcJG2NvkiOqcIeBSPLb15EPFMg1He3clRIz398ToH
iv4oNKZEjVox3O0zowcUW0zfgtzhlMbudOwgoylCpCxVukuF1tsleoGlvDES0iA8
WdnYftt/rr3awf0j2pmLFbCmEDFaebuYgRXGe5yavaSjFDPzjFZqKwTYs5VnKOjP
XjI0yrem4PXw6K5sOANJKaa6yFrHJ/58iqbV8Rl7p0qNwwIi1nDn5UgpDOFDqWMq
sO9HUjRD2Y+Kmq6qlSg1gKV1hehZuAxHKtJAIZf+MPaI/sRbs79oN5GVwpmqoiZF
vz6bLS+qs69kVwg2RQoY2BSAzyUeT+rw70YfLAc=
=ekCY
-----END PGP PUBLIC KEY BLOCK-----

Create the message to nym.alias.net with the command:
   pgp -seat file config@nym.alias.net -u 'remailer key ID'.
Once you have produced a PGP encrypted and signed message, mail it to
<config@nym.alias.net> (preferably through some anonymous remailers
for maximum security).  If the name you chose is available, this will
create your mail alias.  You can send mail to <list@nym.alias.net> to
get a list of pseudonyms already in use.


* SENDING MAIL FROM YOUR PSEUDONYM

Once you have created a mail alias, you will automatically receive
mail sent to that alias (encrypted with the public key you mailed it).
To send mail from that alias, simply create a mail message, encrypt it
with the nym.alias.net public key, sign it with your remailer key, and
mail it to <send@nym.alias.net>.  Thus, for example, create a file
with (substituting the name you chose for "test"):

 From: test
 To: mail2news@anon.lcs.mit.edu
 Newsgroups: alt.test
 Subject: ignore this nym test

 just a test

If this file is called "testpost", and your remailer public key ID is
"xx testkey", run the command:
   pgp -seat testpost send@nym.alias.net -u 'xx testkey'
This will create a file called "testkey.asc", which you can then mail
to <send@nym.alias.net> to post the above test message to the
newsgroup alt.test.

Any mail you send through send@nym.alias.net will be PGP signed and
dated by the nym.alias.net private key to certify its authenticity.
If you do not wish your mail to be signed, or if your alias has its
own PGP key, you should simply send mail through ordinary remailers
(setting the From: address to be that of your nym) and shouldn't need
to go through send@nym.alias.net.


* CHANGING OR DELETING YOUR MAIL ALIAS

To change either your public, your response block, or the parameters
of your alias, you can simply send another message to
<config@nym.alias.net> as you did to set up the the alias initially
(only without the "Nym-Commands: create" command).  Once again, the
message will have to be both signed and encrypted with
   pgp -seat message -u 'xx testkey'
as described above for sending mail.

To delete your alias entirely, send encrypted and signed mail with
simply the lines:

 From: test
 Nym-Commands: delete

(substituting your real alias name for test).  After deleting your
alias, you should receive PGP-signed mail explicitly acknowledging the
deletion of that alias.  An acknowledgment simply confirming generic
"successful execution" of your request does not indicate that your
alias has been deleted.

There several commands you can give using the "Nym-Commands:" header
in a message to <config@nym.alias.net>.  You can place several on on
line, separated by spaces, or you can place multiple "Nym-Commands:"
headers in the same message.  Valid commands are:

+acksend/-acksend
  Enable/disable an automatical acknowledgment each time a message is
  successfully remailed for your alias through <send@nym.alias.net>.

+cryptrecv/-cryptrecv
  Enable/disable automatic encryption with your public key of messages
  received for your alias.  If public-key encryption is disabled, you
  absolutely must conventionally encrypt your messages if you wish to
  preserve your privacy (conventional is a good idea anyway--see the
  section on security).

+fixedsize/-fixedsize
  When you send the +fixedsize Nym-Command, all messages you receive
  will be padded to exactly the same size (roughly 10K).  This padding
  will take place outside the public key encryption, and so will only
  be useful if you also use shared-key encryption.  If you do used
  shared-key encryption, however, (and you really should), having all
  your messages be the same size will make it significantly harder for
  anyone to do traffic analisys on mail to your nym.

+disable/-disable
  One of the most effective forms of attack on a pseudonymous remailer
  such as this is to flood the system with messages for a particular
  destination.  Moreover, because this alias software does not know a
  message's final destination, it is possible that some joker could
  point an alias at itself (maybe even using two reply-blocks to
  create exponentially increasing levels of traffic).  To protect
  against this, if you receive more than 256 messages in one day, your
  alias will be disabled and further mail to you it will bounce.  You
  will receive mail notifying you of the situation if this happens to
  you.  At this point, you can re-enable your alias by sending a
  message with "Nym-Command: -disable" to <config@nym.alias.net>.

name="My \"Alias\" Name"
  To set up a name to be printed in all your outgoing messages, like
  this:
     From: My "Alias" Name <aliasname@nym.alias.net>
  You can set it with the name= Nym-Command.  Note the outer quotes
  are necessary even if your name does not contain any white space.
  Any quotes and backslashes in your name must be escaped with a
  backslash.

create
  This command must be given when creating a new alias.

delete
  This command deletes your alias and wipes your response block.  As
  described above, you should receive PGP-signed mail explicitly
  acknowledging the deletion of your alias.  An acknowledgment simply
  confirming generic "successful execution" of your request does not
  indicate that your alias has been deleted.


* REPLAY

The remailer keeps a replay cache, and will not accept the same
message twice unless each copy has been separately signed.  Thus, it
is safe to send multiple copies of outgoing E-mail messages through
very long remailer chains, if you are worried about one copy not
getting through.  Whether one or more copies actually make it through,
only one copy will go out.

One side effect of this is, however, that if you PGP sign a test
message and mail in the same message multiple times, it will only work
the first time.

Note that signatures are only considered valid for a week.  Thus, if
mail comes to send@nym.alias.net more than a week after you signed it,
that mail will be dropped.


* MULTIPLE REPLY BLOCKS

Sometimes anonymous remailers can be unreliable, and you would like to
receive two copies of all your messages through two independent
remailer chains.  Alternatively, perhaps you want to send one copy of
each E-mail message you receive to the bit bucket through a long
series of anonymous remailers.  You can assign multiple reply blocks
to your nym by prefixing each with "Reply-Block:" at the end of a
message to <config@nym.alias.net>.  For example, the following message
to <config@nym.alias.net>:

 Config:
 From: test
 Reply-Block:
 ::
 Anon-To: nobody@some.remailer.machine
 Latent-Time: +0:00
 
 Reply-Block:
 ::
 Anon-To: your.real@email.address
 Latent-Time: +1:00

Will setup your alias to send one copy of each message you receive to
"nobody@some.remailer.machine" immediately, and to send a second copy
to "you.real@email.address" after up to one hour of random delay.  Of
course, in order for this to be useful, you should use more complex
reply-blocks which chain through multiple remailers.

It may also make traffic analysis more difficult if you don't always
use the same remailer path.  You can assign a probability to a
remailer block by adding "p=probability" to the remailer block (where
'p' can be any single letter variable name).  For example, consider
the following reply-block:

 Reply-Block: p=0.5
 ::
 Anon-To: you@through.one.remailer
 Latent-Time: +1:00

 Reply-Block: p=0.5
 ::
 Anon-To: you@through.another.remailer
 Latent-Time: +1:00

 Reply-Block: q=0.75
 ::
 Anon-To: nobody@some.remailer.machine
 Latent-Time: +0:00

3/4 of the time, a copy of a message you receive will immediately be
mailed to nobody@some.remailer.machine.  After some random delay, your
message will be mailed to either "you@through.one.remailer" or to
"you@through.another.remailer".  Multiple reply-blocks with the same
probability variable are mutually exclusive.  Thus since the p blocks
are "p=0.5" and "p=0.5", and since 0.5 + 0.5 = 1.0, you are guaranteed
to get a copy of all your mail.  Generally speaking, you will probably
want all the weights associated with a particular variable to add up
to 1.0 unless the reply-block is just for cover traffic.  Bizarre
behavior may occur if your probabilities add up to more than one--this
is not recommended.

While the idea of using many different reply-blocks with small
probabilities may seem appealing for defeating traffic analysis, keep
in mind that each reply block is traceable back to you.  Suppose you
have 10 reply blocks for your 'nym, each with probability 0.1.  If
those reply blocks become compromised, only one of the 10 will have to
be uncovered to find out your real identity.


* SECURITY

If you care about the secrecy of your identity, then the only truly
secure way of of protecting it is by pointing all your response blocks
to usenet newsgroups.

The most important thing to realize about the privacy of your messages
is that anyone can determine your PGP public key ID from looking at an
encrypted message.  That means if you don't conventionally
super-encrypt mail, an observer on the network or at a remailer may be
able to determine which public key corresponds to which nym, and use
this to track messages.  If you redirect your mail to news group
alt.anonymous.messages, observers will be able to determine your
public key ID and observe how much mail you are getting.

For this reason, you should conventionally encrypt your mail in
addition to public-key encrypting it.  If you only want to use
conventional encryption for most mail, you can disable RSA encryption
by sending signed/encrypted mail with 'Nym-Commands: -cryptrecv' to
<config@nym.alias.net>.  There is a large benefit to using public-key
encryption.  If you only use conventional encryption and your
reply-block is compromised, then previously recorded messages sent to
you will be able to be decrypted.  With RSA-encrypted messages, there
is no way for anyone but you to read the message once it has left
nym.alias.net.


* POLICY

Any use of this alias service for illegal purposes is strictly
prohibited.

Do not rely on this nym server to protect your identity.  You should
be relying far more heavily on the integrity of the remailers through
which you chain your replies.  The nym.alias.net service is provided
in the hope that it will be useful, but the administrators can make NO
GUARANTEES WHATSOEVER that your identity will not be compromised.

That said, we will make a reasonable effort to keep the machine secure
and to ensure that your reply block never gets backed up to tape or
otherwise copied.  Note, however, that your PGP public key will get
backed up to tape, and so will likely be available for a while even
after you delete your Nym.  The server also keeps, not backed up, two
additional pieces of information on your nym:  First it counts the
number of messages your alias received in the current 24 hour period,
so as to detect flooding attacks and alias loops with exponential
message explosion (see the description of the -disable Nym-Command for
more info).  Second, the server stores the date of the last day on
which you sent a PGP-signed message to config@nym.alias.net or
send@nym.alias.net.  This is to help garbage-collect inactive accounts
with lost PGP keys at some later point should that become necessary.

Nym.alias.net is the same machine as anon.lcs.mit.edu.  Keep this in
mind when choosing which remailers to chain through.  (In other words,
using mix@anon.lcs.mit.edu as your last hop for mail to nym.alias.net
is probably a good idea if and only if you you also chain through one
more hop than you would otherwise have felt comfortable with.)


* E-MAIL ADDRESSES

<admin@nym.alias.net>
  The address to contact if you are having any problems with
  nym.alias.net.

<help@nym.alias.net>
  Sending mail to this address gets you a copy of this help file.

<remailer-key@nym.alias.net>
  Get the PGP public key for nym.alias.net.

<list@nym.alias.net>
  The address to contact for a list of all taken pseudonyms.

<config@nym.alias.net> 
  The address to which to send configuration messages.  All messages
  to this address must be PGP encrypted and signed with "pgp -seat".
  In addition, THE FIRST LINE OF PGP-SIGNED TEXT IN A MESSAGE TO
  config MUST BE "Config:".  Otherwise your message will be completely
  ignored.

  When sending one or more reply-blocks to <config@nym.alias.net>,
  they must come at the end of the message after any Public-Key: or
  Nym-Command headers.

<send@nym.alias.net>
  To send mail from your alias address, PGP encrypt and sign the
  message with "pgp -seat", and mail it to this address.





Thread