Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[FYI] Reliable remailer Log & Feed Backup

4 views
Skip to first unread message

Nomen Nescio

unread,
Jul 13, 2001, 6:40:22 AM7/13/01
to

Yesterday I installed a SMTP server on my Windows system and to my
surprise Reliable performed flawlessly sending/receiving its load to
the system service.
So, now I can backup incoming and outgoing traffic going through the
remailer and make detailed log files.
IMO this is a serious flaw in Reliable's design, and should be
patched
as soon as possible.

Please consider all remailers working with Reliable pseudo-anonymous
or worse, not anonymous at all.

DrJohn.

--
On a clear disk you can seek forever..


Doc.Cypher

unread,
Jul 13, 2001, 7:41:05 AM7/13/01
to
-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 13 Jul 2001, Nomen Nescio <nob...@dizum.com> wrote:
>Yesterday I installed a SMTP server on my Windows system and to my
>surprise Reliable performed flawlessly sending/receiving its load to
>the system service.

Of course it did. Reliable does not care where the mail server it uses is
installed.

>So, now I can backup incoming and outgoing traffic going through the
>remailer and make detailed log files.

This is normal for any mail server software. If you run your own SMTP with
a remailer then you should go out of your way to disable logging.

>IMO this is a serious flaw in Reliable's design, and should be
>patched as soon as possible.

Why do you consider this a flaw? It is up to the operator of the remailer
to ensure *they* keep no logs. If using a 3rd party for SMTP/POP3 then you
cannot stop them from keeping logs.

>Please consider all remailers working with Reliable pseudo-anonymous
>or worse, not anonymous at all.

Nonsense. Why are you trying to spread FUD regarding remailers running on
one specific operating system? Please refer to the work in progress
Remailer Operators FAQ at http://lexx.shinn.net/faq/index.html specifically
http://lexx.shinn.net/faq/index.html#item_logging


Doc.
- --
The bigger the humbug, the better people will like it.
~ Phineas Taylor Barnum.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBO04r8sriC3SGiziTAQGKDgf6AuWx06HfIb7QTeqXe7qcmke0SV9Jsdef
SJ7o3UTgm3/vHzzkeuMHl4TRZ5njNfk7y0OSml1ooyqrC435/Y7/y9J7pPgSQ2NI
yXQ+B6U0trN2F3uLPLaiu88T7bZ9EwgNIeyicWKBeM96D6XN0oxn+JIbmsx6GwtJ
D8VBRDoURcTNsn6SADQPWI9CkJI7qduPcoHKwCv+XlDjYgEt7hz+4XDW7m/w9FKo
H7zPyjTtdcsqIqx03Mrpq2yuX8iR4tZn++R6f4WpuZ0juaYSXrcfMjUfWLWPN9jF
do+OgQMFICpffjBpD9JMltSx50lzaZTGmhM7pwa7XULA9CBBrGyd2Q==
=/v/C
-----END PGP SIGNATURE-----

Nomen Nescio

unread,
Jul 13, 2001, 9:40:05 AM7/13/01
to
On 13 Jul 2001 11:41, Doc.Cypher wrote..

>>Yesterday I installed a SMTP server on my Windows system and to my
>>surprise Reliable performed flawlessly sending/receiving its load
>>to the system service.

>Of course it did. Reliable does not care where the mail server it
>uses is installed.

IMO it should.

>>So, now I can backup incoming and outgoing traffic going through
>>the remailer and make detailed log files.

>This is normal for any mail server software. If you run your own
>SMTP with a remailer then you should go out of your way to disable
>logging.

>>IMO this is a serious flaw in Reliable's design, and should be
>>patched as soon as possible.

>Why do you consider this a flaw? It is up to the operator of the
>remailer to ensure *they* keep no logs. If using a 3rd party for
>SMTP/POP3 then you cannot stop them from keeping logs.

Remailer software should be 'intelligent' enough to prevent easy
exploitation. Now it is too simple to set up a remailer (Reliable)
for monitoring purposes only.

In my experiment I worked together with one (1) other remailer and we
were able to track down and identify most mail we sent through the
test setup, even though we routed the traffic through one (1) random
site in the remailer network.

Anybody can see what the result would be if we installed a few 'live'
remailers as part of the remailer network. We all seem to think that
remailer operators have nothing to do with the growing effort to deny
privacy/anonymity on the internet. Think again..

>>Please consider all remailers working with Reliable
>>pseudo-anonymous or worse, not anonymous at all.

>Nonsense.

Not at all. If we were not anonymous (proven and verified), the bulk
of remailer users certainly are not..

>Why are you trying to spread FUD regarding remailers running on one
>specific operating system?

You call it FUD, I call it reasonable doubt.

>Please refer to the work in progress Remailer Operators FAQ at
> http://lexx.shinn.net/faq/index.html
>specifically
> http://lexx.shinn.net/faq/index.html#item_logging

I've done that and more..

If something can be done, it's likely that it will be done.
Thing is, the people who are only interested in blowing the remailer
network wide open have an opportunity to do so..

Farout Admin

unread,
Jul 13, 2001, 10:18:51 AM7/13/01
to
-----BEGIN PGP SIGNED MESSAGE-----

In alt.privacy.anon-server, Nomen Nescio <nob...@dizum.com> wrote:

>Yesterday I installed a SMTP server on my Windows system and to my
>surprise Reliable performed flawlessly sending/receiving its load to
>the system service.

Yes, it works quite well. Many remailers run their own SMTP servers, I do
(Mercury/32). It's the easiest means of increasing throughput. Reliable
is simplex (sends or receives, not both). With Mercury, I'm now running
duplex (sends and receives at same time). There are many other advantages
to running my own SMTP.


>So, now I can backup incoming and outgoing traffic going through the
>remailer and make detailed log files.

This is new? Do you think your ISP could not do the same? All SMTP
servers can copy all traffic, keep logs, etc. A remailer could do this in
any case.

The remailer model is that one assumes the worst case. That's what the
encryption and chaining is all about.

Would you rather trust my ISP's SMTP server or Farout's own SMTP server?
Hint: you're not supposed to trust either of them.


>IMO this is a serious flaw in Reliable's design, and should be
>patched as soon as possible.

What? Tell me how Reliable is supposed to know anything more than the
server address it's configured to talk to. What function of Reliable do
you think needs patched?


>Please consider all remailers working with Reliable pseudo-anonymous
>or worse, not anonymous at all.

Do you really think the Mixmaster remailers are not running their own
servers?

You're getting back to the remailer model again. You are SUPPOSED to
assume the worst. You use strong encryption so I can't read it. You chain
your traffic so I don't know where it's comming from or going to. That's
what keeps you anonymous and secure. That's how it works.

>
>DrJohn.
>

- --
Farout Admin PGP-Key: 0x1A542807
PGP-Fingerprint: 9DCA ABB2 936D 5E62 06FD 2267 071E 8F0A
Finger: farout...@nym.alias.net
http://www.nuther-planet.net/farout/keys/admin-rsa.txt


-----BEGIN PGP SIGNATURE-----
Version: N/A

iQEVAwUBO07tV8FvBSQaVCgHAQEmEQf/Zba/4uP3POHcCXn5cQJLEqQnangaW7H4
q5F8aI/OjcF+eZa0x7kw4593w2VN5Ru/FeW41uQHLRqWIWUD+o/7vJLk+s5R7tjz
WiClXNDwH2zh43c64WWgmcBSP53hXJRhLfpoXGS+F5D+LM+XRDZhaE4LpBoqXyZg
23ZDPAr3IC5LkZrBDrBzeiZ91pbZ9jf/JeMYl9eGR2lgfGvW/KNBTypIOl5b0o1B
HPq8DRnNeJlb3c4SwtzFQ7B8mpXIVe8sjD029lZ/8R5aub+mRvd6vneikY9n4/wZ
2JzII6CZa49X7PbfPm7LiDrqvZlV6nZoQfigz6vTnuQZyXRd5zLvlQ==
=8mkq
-----END PGP SIGNATURE-----


Doc.Cypher

unread,
Jul 13, 2001, 12:24:06 PM7/13/01
to
-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 13 Jul 2001, Nomen Nescio <nob...@dizum.com> wrote:

>On 13 Jul 2001 11:41, Doc.Cypher wrote..
>
>>>Yesterday I installed a SMTP server on my Windows system and to my
>>>surprise Reliable performed flawlessly sending/receiving its load
>>>to the system service.
>
>>Of course it did. Reliable does not care where the mail server it
>>uses is installed.
>
>IMO it should.

How do you propose coding something like that? Anyway, as Farout Admin has
pointed out it isn't just the Windows remailers that run their own SMTP. If
you hadn't guessed, Dizum does too. So with your new-found paranoia, how
are you going to decide on a safe remailer to use for your trolling?

>>>IMO this is a serious flaw in Reliable's design, and should be
>>>patched as soon as possible.
>
>>Why do you consider this a flaw? It is up to the operator of the
>>remailer to ensure *they* keep no logs. If using a 3rd party for
>>SMTP/POP3 then you cannot stop them from keeping logs.
>
>Remailer software should be 'intelligent' enough to prevent easy
>exploitation. Now it is too simple to set up a remailer (Reliable)
>for monitoring purposes only.

It is - as pointed out - easy on any platform.

>In my experiment I worked together with one (1) other remailer and we
>were able to track down and identify most mail we sent through the
>test setup, even though we routed the traffic through one (1) random
>site in the remailer network.
>
>Anybody can see what the result would be if we installed a few 'live'
>remailers as part of the remailer network. We all seem to think that
>remailer operators have nothing to do with the growing effort to deny
>privacy/anonymity on the internet. Think again..

Your method of gathering data to analyse requires considerable cooperation
across the remailer network. Just adding in a couple of corrupt remailers
will not corrupt the entire system. You might be able to spot some messages
when your remailers are used alone or as start and end points, but it
simply doesn't break the system.

>>>Please consider all remailers working with Reliable
>>>pseudo-anonymous or worse, not anonymous at all.
>
>>Nonsense.
>
>Not at all. If we were not anonymous (proven and verified), the bulk
>of remailer users certainly are not..

Just how much test traffic did you analyse? Have you considered how
difficult it would be to identify one user out of hundreds or thousands?
Precisely what use do you expect to be able to put this information to?
After all, one disclosure that you've logged and your remailer is dead in
the water.

>>Why are you trying to spread FUD regarding remailers running on one
>>specific operating system?
>
>You call it FUD, I call it reasonable doubt.

FUD - Fear, Uncertainty, and Doubt. You targetted Reliable - only running
on Windows. The threat you identify is nothing new and is not restricted to
one operating system. Users should be aware of it and use the network
accordingly.

>>Please refer to the work in progress Remailer Operators FAQ at
>> http://lexx.shinn.net/faq/index.html
>>specifically
>> http://lexx.shinn.net/faq/index.html#item_logging
>
>I've done that and more..
>
>If something can be done, it's likely that it will be done.
>Thing is, the people who are only interested in blowing the remailer
>network wide open have an opportunity to do so..

Try it. You are extremely unlikely to get enough data to link posts with
people injecting messages into the remailer network.


Doc.
- --
The bigger the humbug, the better people will like it.
~ Phineas Taylor Barnum.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBO04r8sriC3SGiziTAQE9wwf+LcgQp0KSgMyEhT9NOwEwcgbtmRDbEEwt
iM4xSaaaxUAstXiJbglRa8LH0xW/l07+Suogf76/cBs/V3v5d3/5oQTR5P+Xhzes
YX8bEAAcLUwFDC55bxio0K4TzL3Ikzoc28cnT2VfenFnf8lGq5ErPfi77xhbF1/P
VlkcI1jVEUlMQAHXC0Nq4/WqAH0nPs06K/EVo564AXKAdpPVzckGRchj9siuzdoa
KxSYz298oFbzO8jgZIPvtt/2QriTPrnVkUW3fesSFh5BcBdQ1gOwjsdJ8Q0crIPm
btllF+arvAnsQ7QkQ0SsXIgRsDA+0IzwyPvWIV1pGfVppVWoRXJYSA==
=dvfU
-----END PGP SIGNATURE-----

The Painful Truth about Orange

unread,
Jul 13, 2001, 3:53:26 PM7/13/01
to
NOTICE: This message may not have been sent by the Sender Name
above. Always use cryptographic digital signatures to verify
the identity of the sender of any usenet post or e-mail.

On 13 Jul 2001, Anonymous...@See.Comment.Header (Farout Admin) wrote:

>You're getting back to the remailer model again. You are SUPPOSED to
>assume the worst. You use strong encryption so I can't read it. You chain
>your traffic so I don't know where it's comming from or going to. That's
>what keeps you anonymous and secure. That's how it works.

It is the same usual troll.

The one who refuses to understand that remailing is based on CHAINING.
The one who invented the "orange directive" to rule which borders packets
should respect on Internet.
The one who was a failure on Windows/Reliable and is a failure on Linux.
The one who claims his box to be secure and is unable to set the system
date.
The one who complains simultaneously being RBLed AND having quota
rejections.
The one who thinks he is at liberty to discard mail when he got his PMS.
The one who got his brains examined and they found a huge noisy fan but no
processor.
The one who is a liability to the community, not an asset.
The one who competes witg BOSCHLOO on stupidity.

The infamous ORANGE.

Thomas J. Boschloo

unread,
Jul 14, 2001, 11:55:14 AM7/14/01
to
The Painful Truth about Orange wrote:

> The one who invented the "orange directive" to rule which borders packets
> should respect on Internet.

Sorry, refresh my memory on this one. What was the 'orange directive'
again??

Thomas

> The one who thinks he is at liberty to discard mail when he got his PMS.

Ha ha, cool. 'his' PMS. Obviously you don't understand a lot of
high-school biology <grin>.
--
Andriod 18 - "You should listen to your friends Vegeta. After all it is
they who will have to scrape you from the ground after I have defeated
you".


0 new messages