1997-11-19 - Disposable Remailers

Header Data

From: nobody@REPLAY.COM (Anonymous)Nerthus <cypherpunks@cyberpass.net>
To: cypherpunks@cyberpass.net
Message Hash: f5922ee952838f1e8d9251e8242b2799af51a4ebbb796171f89fb01263ed70f8
Message ID: <199711191030.LAA17934@basement.replay.com>
Reply To: N/A
UTC Datetime: 1997-11-19 10:40:25 UTC
Raw Date: Wed, 19 Nov 1997 18:40:25 +0800

Raw message

From: nobody@REPLAY.COM (Anonymous)Nerthus <cypherpunks@cyberpass.net>
Date: Wed, 19 Nov 1997 18:40:25 +0800
To: cypherpunks@cyberpass.net
Subject: Disposable Remailers
Message-ID: <199711191030.LAA17934@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Jonathan Wienke wrote:
>Woodwose (who appears to have borrowed my last name for his "True Name")
>appears to have done a variation of this--except that if there are
>complaints about messages being sent from woodwose@mailexcite.com, I doubt
>anything will happen other than the woodwose account at mailexcite.com
>being closed.  Hence, his "disposable remailer" claim.  Any shmuck can log
>on and input a fake name, address, and demographic data to create a new
>account at hotmail, mailexcite, or juno.  In this way, as existing
>remailers are harassed out of existence, new ones can be created on a daily
>or hourly basis.  It would probably be interesting to find out how much
>info these outfits collect (cookies, etc.) that could be definitively
>linked to a True Name.

I played around with Hotmail recently, and I didn't pick up any new cookies 
in my cookies file.  The only distinguishing information that Hotmail seems 
to collect (aside from the demographic info you feed them when you open an 
account) is the IP address you log in from.  A public proxy is sufficient to 
shield your IP address.  I created the account from one IP address and sent 
the email during a separate session from another IP address.  The 
X-Originating-IP header showed only the second address.  I don't know if 
Hotmail keeps track of all IP addresses that access each account.

Question: can anyone suggest some information/studies regarding the security 
of public proxies?

Thanks.

Nerthus

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQEVAwUBNHJtpeFWwZe05jcJAQElEQf+MbBbTWtbiRnekJ9jIyyaTfDX3s2KV8Qm
jGERIyCBF1OcZ1l35ZMm0xGKOCpGAWOBZVs/1zHzgTKB6Pxk0UZIP8+2nRmS4Dqt
7AxXa4zufVl9xVgWirCab86MvmTIrDlOdga8YZKS2h4RzLPPvo/ZySUqgjUzH0g2
y2LzKGv5KqxkgY/rRIg95I9Doqwg0iRsN2ieVXqI9E//+ZByAQpopLIADcDus4Ez
UGFl6P1Ix8eLr2DBeg6nLRS84cTJs6MqAiQsHPaKUAHkS72bgv1t5lTxPcMtt6ah
NK5bJfs9HEY20RXtN2kASXBkGjAzC2LMNIZ0heqmJRB471AZ4j30lg==
=FOsD
-----END PGP SIGNATURE-----







Thread