From: ichudov@Algebra.COM (Igor Chudov @ home)
Date: Sat, 7 Jun 1997 09:26:27 +0800
To: ghio@temp0094.myriad.ml.org (Matthew Ghio)
Subject: Re: Who subscribes to the list?
In-Reply-To: <199706070111.SAA15372@myriad.alias.net>
Message-ID: <199706070117.UAA26367@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text



Matthew Ghio wrote:
> William H. Geiger III wrote:
> > >P.S. I'm sure none of you would be foolish enough to use penet-style
> > >remailers which do not encrypt the message headers.
> > Your point being??
> 
> 
> While I am sure most readers of this list are well aware that remailed
> messages which are not encrypted and chained are not secure, there is a
> class of users who are not yet aware of this fact.  I was pointing out
> the relative ease with which their identities could be compromised by
> someone simply logging DNS traffic.  In addition, there was some recent
> discussion over whether or not it was possible to obtain the subscriber
> list from cyberpass.net and algebra.com.  Even if the subscriber list
> is not published, there is an alternative method to determine who
> subscribes to the list.
> 
> There are, of course, other methods, such as Return-Receipt headers and
> embedded html tags, but tracking DNS traffic tends to be easy to do on
> a wide scale without alerting the subjects that you are investigating.
> 

Another danger of  using remailers without encryption is that it is very
easy to compromise one's identity due to little mistakes and malformed
messages.

	- Igor.