_________ SWAT MAGAZINE ISSUE TWENTY: AUGUST 1999 __________ / \___________________________________________/ \ / ANONYMOUS REMAILERS \ / By Netw0rk Bug bug@netw0rk.freeserve.co.uk \ ---------------------------------------------------------------------- What is an anonymous remailer? This FAQ answer was originally written by Raph Levien: An anonymous remailer is a system on the Internet that allows you to send e-mail or post messages to Usenet anonymously. There are two sorts of remailers in widespread use. The first is the anon.penet.fi style, the second is the cypherpunk style. The remailer at anon.penet.fi is immensely popular, with over 160,000 users over its lifetime, and probably tens of thousands of messages per day. Its main advantage is that it's so easy to use. The cypherpunks mailers, which provide much better security, are becoming more popular, however, as there is more awareness of them. The user of the anon.penet.fi system first needs to get an anonymous id. This is done either by sending mail to somebody who already has one (for example, by replying to a post on Usenet), or sending mail to ping@anon.penet.fi. In either case, penet will mail back the new anon id, which looks like an123456@anon.penet.fi. If an123456 then sends mail to another user of the system, then this is what happens: 1. The mail is transported to anon.penet.fi, which resides somewhere in the vicinity of Espoo, Finland. 2. These steps are carried out by software running on anon.penet.fi. Penet first looks up the email address of the sender in its database, then replaces it with the numeric code. All other information about the sender is removed. 3. Then, penet looks up the number of the recipient in the same database, and replaces it with the actual email address. 4. Finally, it sends the mail to the actual email address of the recipient. There are variations on this scheme, such as posting to Usenet (in which step 3 is eliminated), but that's the basic idea. Where anon.penet.fi uses a secret database to match anon id's to actual email addresses, the cypherpunks remailers use cryptography to hide the actual identities. Let's say I want to send email to a real email address, or post it to Usenet, but keep my identity completely hidden. To send it through one remailer, this is what happens. 1. I encrypt the message and the recipient's address, using the public key of the remailer of my choice. 2. I send the email to the remailer. 3. When the remailer gets the mail, it decrypts it using its private key, revealing as plaintext the message and the recipient's address. 4. All information about the sender is removed. 5. Finally, it sends it to the recipient's email address. If one trusts the remailer operator, this is good enough. However, the whole point of the cypherpunks remailers is that you don't _have_ to trust any one individual or system. So, people who want real security use a chain of remailers. If any one remailer on the "chain" is honest, then the privacy of the message is assured. To use a chain of remailers, I first have to prepare the message, which is nestled within multiple layers of encryption, like a Russian matryoshka doll. Preparing such a message is tedious and error prone, so many people use an automated tool such as my premail package. Anyway, after preparing the message, it is sent to the first remailer in the chain, which corresponds to the outermost layer of encryption. Each remailer strips off one layer of encryption and sends the message to the next, until it reaches the final remailer. At this point, only the innermost layer of encryption remains. This layer is stripped off, revealing the plaintext message and recipient for the first time. At this point, the message is sent to its actual recipient. Remailers exist in many locations. A typical message might go through Canada, Holland, Berkeley, and Finland before ending up at its final location. Aside from the difficulty of preparing all the encrypted messages, another drawback of the cypherpunk remailers is that they don't easily allow responses to anonymous mail. All information about the sender is stripped away, including any kind of return address. However the new alias servers promise to change that. To use an alias server, one creates a new email address (mine is raph@alpha.c2.org). Mail sent to this new address will be untraceably forwarded to one's real address. To set this up, one first encrypts one's own email address with multiple layers of encryption. Then, using an encrypted channel, one sends the encrypted address to the alias server, along with the nickname that one would like. The alias server registers the encrypted address in the database. The alias server then handles reply mail in much the same way as anon.penet.fi, except that the mail is forwarded to the chain of anonymous remailers. For maximum security, the user can arrange it so that, at each link in the chain, the remailer adds another layer of encryption to the message while removing one layer from the email address. When the user finally gets the email, it is encrypted in multiple layers. The matryoshka has to be opened one doll at a time until the plaintext message hidden inside is revealed. One other point is that the remailers must be reliable in order for all this to work. This is especially true when a chain of remailers is used -- if any one of the remailers is not working, then the message will be dropped. This is why I maintain a list of reliable remailers. By choosing reliable remailers to start with, there is a good chance the message will finally get there. 32. What are the addresses of some anonymous remailers? The most popular and stable anonymous remailer is anon.penet.fi, operated by Johan Helsingus. To obtain an anonymous ID, mail ping@anon.penet.fi. The server at anon.penet.fi does it's best to remove any headers or other information describing its true origin. You should make an effort and try to omit information detailing your identity within such messages as quite often signatures not starting with "--" are including within your e-mail, this of course is not what you want. You can send messages to: anXXX@anon.penet.fi Here you are addressing another anonymous user and your E-Mail message will appear to have originated from anon.penet.fi. alt.security@anon.penet.fi Here you are posting an anonymous message to a whole Usenet group and in this case to alt.security which will be posted at the local site (in this case Finland). ping@anon.penet.fi If you send a message to this address you will be allocated an identity (assuming you don't already have one). You can also confirm your identity here as well. You can also set yourself a password, this password helps to authenticate any messages that you may send. This password is included in your outgoing messages, to set a password send E-Mail to password@anon.penet.fi with your password in the body of your text e.g.: To: password@anon.penet.fi Subject: TN0_rUlEz For more information on this anonymous server send mail to: help@anon.penet.fi Anonymous Usenet posting is frowned upon by other users of Usenet groups claiming their opinions are worthless. This is because they believe anonymity is used to shield ones self from attacks from opponents, while on the other hand it can be used to protect ones self from social prejudice (or people reporting ones opinions to ones superiors). Also if you are thinking this is a useful tool to use to hid against the authorities then think again, as there was a famous case where a Judge ordered the administrator of the server to reveal the identity of a poster. ---------------------------------------------------------------------- Written By Netw0rk Bug for SWATEAM www.swateam.org JULY'99 If you have any questions or comments then don't hesitate to mail me at " bug@netw0rk.freeserve.co.uk " I would like to hear from anyone, no matter what they have to say. ----------------------------------------------------------------------