Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

APAS Anonymous Remailer Use [FAQ 1/8]: Overview

1 view

Skip to first unread message

Computer Cryptology

unread,

May 2, 2003, 3:00:03 PM5/2/03

Posted-By: auto-faq 3.3 (Perl 5.004)
Archive-name: privacy/anon-server/faq/use/part1
Changes: 1.14 2001/08/16 15:52:11
Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 1/8]: Overview

This is the first of eight parts of a list of frequently-asked
questions (FAQ) and their answers regarding anonymous remailer use.
The newsgroup containing the most discussion of anonymous remailers is
<alt.privacy.anon-server> (APAS). Consequently, this FAQ is the "APAS
FAQ for Remailer Users," or the APAS user FAQ.

Champerty wrote the original APAS user FAQ with the help of Stray Cat.
Thanks also go out to Thomas Boschloo, Michael T. Shinn, Lord Running
Clam, and all the regulars in APAS. Computer Cryptology (CC) now
maintains the FAQ, using CVS to track changes since Champerty's
leaving. CC thanks Frog-Admin for review of changes to part 5;
Redbird for FAQ 4.8; Ahab, Saddle, and Doc.Cypher for FAQ 7.3; and
Boris 'pi' Piwinger, Stefan Wagner (Narnia Admin) and Jochen
Wersdörfer for assistance with FAQ 4.10.

This FAQ is provided "as is" without any express or implied
warranties. While every effort has been taken to ensure the accuracy
of the information contained in these message digests, the maintainer
assumes no responsibility for errors or omissions, or for damages
resulting from the use of the information contained herein. This FAQ
is provided for information only; reference to a Web page does not
constitute endorsement of that page's content.

The following topics are in this FAQ:

1: APAS Anonymous Remailer Use [FAQ 1/8]: Overview
2: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server
3: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics
4: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details
5: APAS Anonymous Remailer Use [FAQ 5/8]: Statistics
6: APAS Anonymous Remailer Use [FAQ 6/8]: Software
7: APAS Anonymous Remailer Use [FAQ 7/8]: Nyms
8: APAS Anonymous Remailer Use [FAQ 8/8]: Troubleshooting

----------------------------------------------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 1/8]: Overview

This document is the overview.

------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server

1: [FAQ 2.1] What is this newsgroup about?
2: [FAQ 2.2] Are there any rules I should know about?

------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics

1: [FAQ 3.1] What is an anon server or anonymous remailer?
2: [FAQ 3.2] Who runs these remailers and why?
3: [FAQ 3.3] What is a Cypherpunk Remailer?
4: [FAQ 3.4] How do I get the key for a particular remailer?
5: [FAQ 3.5] How can I get all the keys for all the remailers?
6: [FAQ 3.6] What is a Mixmaster Remailer?

------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details

1: [FAQ 4.1] Which remailers are good? Reliable? Secure?
2: [FAQ 4.2] How can I find more information about a remailer?
3: [FAQ 4.3] What is chaining? And what is a middleman?
4: [FAQ 4.4] Won't the first remailer in the chain know who I am?
5: [FAQ 4.5] Can't the last remailer's remop read my message?
6: [FAQ 4.6] How do I chain cypherpunk remailers?
7: [FAQ 4.7] Can I use mail2news gateways to post anonymously?
8: [FAQ 4.8] How do I know which newsgroups a gateway carries?
9: [FAQ 4.9] What's different about mail2news_nospam vs mail2news?
10: [FAQ 4.10] When replying to a message, how do I thread my post?
11: [FAQ 4.11] Which remailers permit my own "From:" header?
12: [FAQ 4.12] Where do I find public SMTP servers (open relays)?

------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 5/8]: Statistics

1: [FAQ 5.1] What are stats pages?
2: [FAQ 5.2] How are stats Versions 1 and 2 different?
3: [FAQ 5.3] Where can I find stats pages?
4: [FAQ 5.4] Why are there dead remailers on the stats pages?

------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 6/8]: Software

1: [FAQ 6.1] Do you recommend that I learn PGP (Pretty Good Privacy)?
2: [FAQ 6.2] Which remailer client should I choose?

------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 7/8]: Nyms

1: [FAQ 7.1] How is a nym different from anon. posting?
2: [FAQ 7.2] How do I get a particular nym server's key?
3: [FAQ 7.3] Why do alt.anonymous.messages subjects look random?
4: [FAQ 7.4] Why are nyms such a bitch to set up?
5: [FAQ 7.5] How can I ensure nym creation goes smoothly?

------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 8/8]: Troubleshooting

1: [FAQ 8.1] It's hours later! Why hasn't my test post arrived?
2: [FAQ 8.2] Why didn't my email/post make it through?

------------------------------

End of faq.1 Digest
*******************

Computer Cryptology

unread,

May 2, 2003, 3:00:05 PM5/2/03

Posted-By: auto-faq 3.3 (Perl 5.004)

Archive-name: privacy/anon-server/faq/use/part2
Changes: 1.8 2001/03/25 14:41:23

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server

This is the second of eight parts of a list of frequently-asked

questions (FAQ) and their answers regarding anonymous remailer use.
The newsgroup containing the most discussion of anonymous remailers is

<alt.privacy.anon-server> (APAS). This part of the FAQ welcomes
newcomers to that newsgroup.

The following topics are in this FAQ:

1: [FAQ 2.1] What is this newsgroup about?

2: [FAQ 2.2] Are there any rules I should know about?

----------------------------------------------------------------------

Subject: [FAQ 2.1] What is this newsgroup about?

APAS is an unmoderated, non binary, low volume newsgroup for the
discussion of all things related to anonymity on the 'Net but
especially related to anonymous remailers. In the past year or so
discussions have widened to include those relating to new anonymizing
services that exist outside of the traditional anonymous remailer
network. I am speaking of services like Zero Knowledge's Freedom
software, COTSE, Hushmail and Anonymizer to name a few.

Incidentally, there are also newsgroups called alt.anon-server and
alt.privacy.anon.server (a dot instead of a dash). 'Not much to see in
those groups. This is where you want to be if you're interested in
anonymous email and newsgroup posts.

This is also the place where the authors of anonymous remailer
software (QuickSilver author Richard Christman, for example) can
provide advice and support for their products.

------------------------------

Subject: [FAQ 2.2] Are there any rules I should know about?

Be aware that many here will post anonymously. But it certainly is not
a requirement. Be forgiving of repeat anonymous posts. This results
from remailer clients that have been configured to deliver messages
through two (or more) mail-to-news gateways (see #4.1) so as to ensure
reliable delivery.

Don't send test messages to APAS.

(Indulge me for a second while I repeat that one.)

Don't send test messages to APAS!

Try alt.test or misc.test instead please. These tests groups can also
provide valuable information since many others will test remailer
chains (see #4.3) there!

Finally, Usenet etiquette is always appreciated here: Lurk before you
post. No binary attachments. No HTML. Don't type in all caps. Don't
give a troll a thread. And one I'm still working on: pause before
hitting that send button. Posting an angry, hurried response will
often leave you wishing you hadn't said what you said.

Furthermore, an increasing number of news servers will not accept
cancels. So cool off, sleep on it, and THEN post if you still feel the
need.

------------------------------

End of faq.2 Digest
*******************

Computer Cryptology

unread,

May 2, 2003, 3:00:06 PM5/2/03

Posted-By: auto-faq 3.3 (Perl 5.004)

Archive-name: privacy/anon-server/faq/use/part3
Changes: 1.12 2001/10/25 01:18:12

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics

This is the third of eight parts of a list of frequently-asked
questions and their answers regarding anonymous remailer use. This
part introduces anonymous remailers.

The following topics are in this FAQ:

1: [FAQ 3.1] What is an anon server or anonymous remailer?

2: [FAQ 3.2] Who runs these remailers and why?
3: [FAQ 3.3] What is a Cypherpunk Remailer?
4: [FAQ 3.4] How do I get the key for a particular remailer?
5: [FAQ 3.5] How can I get all the keys for all the remailers?
6: [FAQ 3.6] What is a Mixmaster Remailer?

----------------------------------------------------------------------

Subject: [FAQ 3.1] What is an anon server or anonymous remailer?

An anonymous remailer is a computer which has been configured to run
remailer software. This software is a specialized kind of email server
software. Unlike the average email server which goes to great lengths
to log all incoming/outgoing traffic and add identifying and traceable
info to its outgoing mail (in the form of headers) remailer software
ensures that outgoing mail has been STRIPPED CLEAN of any identifying
information! Thus the name 'anonymous' remailer.

The remailer performs certain automated tasks which include retrieving
mail, decrypting/processing that mail (only mail that is properly
encrypted and formatted), obeying the directives within the message
and, finally, delivering - remailing - the finished product to a
second party in anonymized form. When received by that second party it
will reveal only that it was sent from an anonymous source (usually
the remailer's name and email address). The IP address shown will be
the IP address of the remailer machine.

Ideally, no logs are kept by the remailer software. This ensures both
the anonymity of the user and protects the operator from liability.
(See Mike Shinn's work in progress FAQ For Remailer Operators
<http://mixmaster.shinn.net/faq/index.html>.)

The process is not completely automated since a human operator is
required - called a remailer operator, or RemOp - to ensure that
traffic is running smoothly, that PGP and Mixmaster encryption keys
are kept updated, that complaints of abuse are dealt with, and also
that users and fellow operators are kept up to speed on any changes to
the remailer's configuration. APAS is the place where such updates are
posted. They are also posted to the Remailer Operator's Mailing List
(Blank email to remailer-oper...@anon.lcs.mit.edu for
details on how to subscribe.) There is also an archive of the Remop's
List <http://lexx.shinn.net/mailman/listinfo/remops>. You can even
post to the list from this Web page! (Thanks Mike Shinn.)

That's basically how a remailer works. Some anonymous remailers can
send both email and newsgroups posts. And most will require newly
arrived messages to be encrypted. More about that later. See also:
Andre Bacard's Remailer FAQ <http://www.andrebacard.com/remail.html>
and William Knowles' overview of anonymity on the 'Net
<http://www.c4i.org/erehwon/anonymity.html>.

------------------------------

Date: 07 July 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 3.2] Who runs these remailers and why?
Summary: Determine for yourself the remailer operators' character.

Some documents will refer to the "traditional remailer network". This
refers to the remailers listed on the many stats pages (see FAQ 5.1)
available on the Web. These are run, mostly, by individuals like
those in APAS, who value free speech, especially anonymous speech, and
want to provide a free service to those you need to communicate
anonymously. Keep in mind that there is no way to know the real
motivation a remailer operator has unless you know them personally,
and even then you may not know the full story.

Since anyone with the technical ability and network connectivity can
operate a remailer, there are endless possibilities as to the real
motivations behind offering such a service to the public at large.
Always floating around the APAS rumor mill are accusations that one or
more remailers are really being run by intelligence agencies, law
enforcement agencies, and even terrorist organizations and other
criminal types. Of course no credible evidence is ever presented to
back up these accusations so they are mostly dismissed as trolling.
But if one takes the devil's advocate position, there is never any
evidence presented to refute these rumors either; that is, it is
entirely possible they could be true.

One way to learn more about individual remops might be to visit their
home pages, some of which are here in alphabetical order:

__Remailer Web Pages__
Austria
<http://www.tahina.priv.at/~cm/stats/>
Cracker
<http://anon.efga.org/>
Dizum
<https://ssl.dizum.com/help/remailer.html>
Farout
<http://www.nuther-planet.net/farout/>
Lefarris (en Français)
<http://www.citeweb.net/arris/>
Narnia (mostly German)
<http://www.trumpkin.Narnias-Door.com/remailer/>
Noisebox
<http://noisebox.remailer.org/remailer/>
Randseed
<http://melontraffickers.com>
Riot
<http://www.riot.eu.org/anon/>
Senshi
<http://private.addcom.de/SenshiRemailer/>
Shinn
<http://mixmaster.shinn.net/>
SubZer0
<http://www.press.nu/leiurus/subzer0/>
Cmeclax
<http://lexx.shinn.net/cmeclax/>

__Nym Servers__
NYM.ALIAS.NET Nym Server <http://www.publius.net/n.a.n.html>
ANON.XG.NU Nym Server <http://anon.xg.nu/>
Redneck Nym Server (middleman) <http://anon.efga.org>

(Submit other Web page URLs to CC <turing+apa...@eskimo.com>.)

Learning to use the traditional remailer network takes some time and
effort. And this time and effort pays off handsomely by providing the
user with a highly secure method to communicate privately and
anonymously. But many privacy-minded folks (and their ranks are
increasing daily!) are looking for an easier and less time-intensive
approach. Some are even willing to pay for it. To satisfy this niche
there have arrived many new products and services that provide various
combinations of anonymous email, newsgroup posting and Web-surfing
with varying degrees of anonymity.

To describe and evaluate these services is, for now, beyond the scope
of this FAQ. I have provided URLs for some of these services below. I
have categorized them into two groups: free of charge and fee-based.
Noteworthy amongst these is the fee-based Freedom Software by the
Montreal-based Zero Knowledge Systems (ZKS). Launched in December
1999, Freedom is a 'privacy system' not unlike the traditional
remailer network . It allows users to send email, post to newsgroups,
chat and surf the Web in total privacy without having to trust third
parties with their personal information. Freedom users create multiple
digital identities - "nyms" - with which their online activities are
associated. All data packets Freedom users send are encrypted and
routed through a global privacy infrastructure called the Freedom
Network, which is hosted by participating ISPs and other independent
server operators. A 30-day free trial is available.

The package has been criticized <http://cryptome.org/zks-v-tcm.htm>
for not being open-source. But that is changing. The source code of
the kernel module of the Linux version of Freedom
<http://opensource.zeroknowledge.com/> has been released; and the
release of the Windows version source code is "coming soon";

_Free of Charge_
GILC Web-Based Remailer
<http://www.gilc.org/speech/anonymous/remailer.html>
Hushmail <http://www.hushmail.com>
Safeweb <http://www.safeweb.com>
Zixmail <http://www.zixmail.com>
Anonymouse <http://anonymouse.is4u.de/>
COTSE <http://www.cotse.com/home.html>
Somebody.net <http://somebody.net/>
ANON.XG.NU's Web-Based Remailer <http://anon.xg.nu/remailer.html>
Chicago <http://xenophon.r0x.net/cgi-bin/mixnews-user.cgi>

_Fee-Based_
ZKS Freedom <http://www.freedom.net>
SkuzNET's The Internet Mail Network <http://www.theinternet.cc/>
Mailanon <http://www.mailanon.com/>
IDcide <http://www.idcide.com>

For an interesting discussion of the pros and cons of anonymous speech
check out this link from LCS.MIT.EDU:
<http://www.lcs.mit.edu/anniv/speakers/presentation?id=041399-15>

(I'm looking for more links of this nature: political, legal
perspectives on remailers. If you know of any please pass them on to
CC <turing+apa...@eskimo.com>.)

------------------------------

Subject: [FAQ 3.3] What is a Cypherpunk Remailer?

Also referred to as a Type I, this is a remailer that accepts messages
encrypted with its publicly available PGP key. PGP is Pretty Good
Privacy, the well-respected public-key encryption program which is
widely available and, with a few exceptions, freeware. Users encrypt
their clear-text, outgoing message with the Cypherpunk remailer's
public key. This can be done with any text editor like Notepad and a
properly installed version of PGP. There is a particular message
format to follow, one that the remailer software can understand:

============
::
Anon-To: news.r...@nbc.com
Latent-Time: +0:00

##
Subject: My Company Dumps Toxic Waste

I'm writing this anonymously because I don't want to lose my job.
My company has, for the past three years...
============

The above message is cut and paste into PGP and encrypted with the
chosen remailer's key, say gret...@neuropa.net

============
-----BEGIN PGP MESSAGE-----

Version: PGP 2.6x
hQCMA8asoPEC0e2BAQP9GqR2aXNOstRq8eJW2QVubioR0gO7Ue0AOL/rFdnxXknC
YPpe2X2TKlcvd961+lhe9w2Y8vo3JcBYYBifTJRwmMjnXLagCU4Mhh0VZtk/QXMZ
/FLeJWi67qsb45a2mNw0/Q8eXHKfOQyHcmEQ7cg/bq4Xz6LusfxBHF8zsojVOgal
8RVRtr9drjBlOzJvWxaq7LrKidME6q0tM7pRiLN5dvVBon2NKlmpJI6vAFjyi8ma
f5Bg6Zor+PMxcm3EmuWbjLEiOu5USrTgU4OiaC7PHF9INxwXuKmdNz/JprgOc0c6
6s6RvbOo6rsvlwqPKw==
=ICz/
-----END PGP MESSAGE-----
=============

Finally, the user has to append a directive to the top of the
encrypted message, making it look like this:

============
::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: PGP 2.6x

hQCMA8asoPEC0e2BAQP9GqR2aXNOstRq8eJW2QVubioR0gO7Ue0AOL/rFdnxXknC
YPpe2X2TKlcvd961+lhe9w2Y8vo3JcBYYBifTJRwmMjnXLagCU4Mhh0VZtk/QXMZ
/FLeJWi67qsb45a2mNw0/Q8eXHKfOQyHcmEQ7cg/bq4Xz6LusfxBHF8zsojVOgal
8RVRtr9drjBlOzJvWxaq7LrKidME6q0tM7pRiLN5dvVBon2NKlmpJI6vAFjyi8ma
f5Bg6Zor+PMxcm3EmuWbjLEiOu5USrTgU4OiaC7PHF9INxwXuKmdNz/JprgOc0c6
6s6RvbOo6rsvlwqPKw==
=ICz/
-----END PGP MESSAGE-----
============

The user then mails the above encrypted message (double colons and
all) NOT to the intended recipient but instead to the remailer's
address: <gret...@neuropa.net>. This arrives at the remailer where it
is eventually processed, decrypted and mailed to
<news.r...@nbc.com> appearing to have come from "Anonymous"
<nob...@neuropa.net>.

Most remailers are not purely Cypherpunk but will accept both
Cypherpunk and Mixmaster messages. Keep in mind too that there are
currently only a few Cypherpunk (Type I) remailers that will accept
non-PGP messages and their numbers are dwindling.

Computer Cryptology

unread,

May 2, 2003, 3:00:08 PM5/2/03

Posted-By: auto-faq 3.3 (Perl 5.004)

Archive-name: privacy/anon-server/faq/use/part4
Changes: 1.16 2001/11/29 14:58:31

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details

This is the fourth of eight parts of a list of frequently-asked
questions and their answers regarding anonymous remailer use. This
part answers more questions about remailers.

The following topics are in this FAQ:

1: [FAQ 4.1] Which remailers are good? Reliable? Secure?

2: [FAQ 4.2] How can I find more information about a remailer?
3: [FAQ 4.3] What is chaining? And what is a middleman?
4: [FAQ 4.4] Won't the first remailer in the chain know who I am?
5: [FAQ 4.5] Can't the last remailer's remop read my message?
6: [FAQ 4.6] How do I chain cypherpunk remailers?
7: [FAQ 4.7] Can I use mail2news gateways to post anonymously?
8: [FAQ 4.8] How do I know which newsgroups a gateway carries?
9: [FAQ 4.9] What's different about mail2news_nospam vs mail2news?
10: [FAQ 4.10] When replying to a message, how do I thread my post?
11: [FAQ 4.11] Which remailers permit my own "From:" header?
12: [FAQ 4.12] Where do I find public SMTP servers (open relays)?

----------------------------------------------------------------------

Subject: [FAQ 4.1] Which remailers are good? Reliable? Secure?

The "good" and "reliable" remailers are the ones that work for you and
have the feature set you need or want. The "secure" remailers are the
ones operated by those who do not monitor the traffic passing through
them AND have good security policies in place on their networks and
machinery to prevent their remailer from being penetrated by
unauthorized parties and subsequently compromised.

Since you can never know for yourself how "secure" any one individual
remailer is, you should always use encrypted chains of remailers (see
#4.3) to send your messages. So long as all the remailers in your
chain have not been compromised or their operators are not cooperating
amongst themselves, then your traffic will be reasonably secure.

Advanced topics relating to traffic analysis of the remailer network
that may allow adversaries to deduce the source and destination of
individual messages is, for now, beyond the scope of this FAQ.
However, it is almost certain that these activities do take place to
some degree. It is for this reason that you we have advanced remailer
protocols such as Mixmaster, and proposals for other up-and-coming
network scenarios (like WOF <http://www.bigfoot.com/~potatoware/wof/>,
RadioClash <http://piratech.net/radioclash/>, Publius
<http://www.cs.nyu.edu/~waldman/publius/>, Freenet
<http://freenet.sourceforge.net/>) to reduce the effectiveness of
traffic analysis.

------------------------------

Subject: [FAQ 4.2] How can I find more information about a remailer?

Send a blank email to the remailer address with "remailer-conf" (no
quotes) as the subject line. In addition to this you can also send a
blank email with "remailer-help" (no quotes) as the subject. Visit the
remailer's Web page if one exists. And pay attention to APAS for any
announcements or policy changes from the remailer's operator.

------------------------------

Subject: [FAQ 4.3] What is chaining? And what is a middleman?

Before chaining one's messages one must have an understanding of
middleman remailers. A middleman remailer ("middle" in its cap
string) is one that always adds another hop to any message that is not
already en route to another remailer. Example: If you send a message
to recipient <my_co...@entrust.com> through middleman remailer
Georgia Cracker <rema...@gacracker.org>), Gacracker will send it to
say, <rema...@dizum.com>, with instructions to deliver to
<my_co...@entrust.com>.

This behavior demonstrates what is known as smart middleman. All
Reliable <http://www.bigfoot.com/~potatoware/reli/> remailers that are
running in middleman mode are smart.Check the remailer-conf file to be
certain just what kind of middleman behavior to expect. Now, back to
chaining.

Chaining is using more than one remailer to send your encrypted
message. Basically, you send a message to remailer A with instructions
to send it to remailer B, which in turn finds instructions to send it
to remailer C, and so on, until the final recipient receives the
message. The intention is to obfuscate the origin of the email and/or
(with the help of encryption) the content of the message body. At any
given point on it's route, such a message will reveal only where it
came from and where it is going. If the message was not chained (only
one remailer was used) then that remailer operator or a successful
traffic analyst can know the true source AND destination of the
message. Not good.

------------------------------

Subject: [FAQ 4.4] Won't the first remailer in the chain know who I am?

Well, yes. He knows as much about you as can be revealed from your
email headers, i.e. the original source of the message. But if your
message is chained (as described above) to another remailer AND
ENCRYPTED with that remailer's key, then the first remailer (and
anyone snooping his traffic) cannot read your message. All they will
see is an encrypted message (with no subject line) that is heading to
some other remailer. Since your message must enter the remailer
network somewhere, that first remailer operator can always know where
the message is really coming from. It is for this reason that chained
messages should always be encrypted and not sent in the clear through
remailers that will accept clear text messages (Noisebox Remailer or
Xganon for example).

There is absolutely no security in sending an unencrypted chained
remailer message. Using remailers without encryption (whether it's PGP
or Mixmaster) is like a police officer choosing to leave his
bullet-proof vest at home in his closet!

------------------------------

Subject: [FAQ 4.5] Can't the last remailer's remop read my message?

Absolutely, if he wanted to. But all he knows is the message contents,
where it is going, and the fact he got the message from another
remailer. He will not know the original source of the message. If that
is more than you want to reveal than you need to encrypt to your final
recipient instead of sending a plain text correspondence. Of course,
this isn't always feasible. The final recipient would need to have PGP
on his computer, you would have to exchange public keys or a
conventional password beforehand. It's really up to you the user to
decide just how much security you require for a particular message and
take the necessary precautions.

------------------------------

Date: 8 Aug 2001 14:32:06 -0000
From: Doc.Cypher <doc_c...@redneck.gacracker.org>
Subject: [FAQ 4.6] How do I chain cypherpunk remailers?
Message-ID: <2001080814320...@gacracker.org>
Summary: Encrypt each Anon-To within the previous remailer's message.

[For a step-by-step explanation of remailing with cypherpunk
remailers, see FAQ 3.3. For an explanation of chaining, see the post
below, or follow John Hull's example:

<http://saddle.yoll.net/anon/handrolling.html>

An explanation is also in the help file from almost any remailer
(under the heading "REMAIL REQUEST: CYPHERPUNK CHAIN" for most
Reliable remailers). Send a blank email message to a remailer with
"remailer-help" (without the quotes) as the subject, or see Frog's
Thesaurus Data
<http://www.privacyresources.org/frogadmin/Thesaurus/Thesaurus.html>.
-CC]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 8 Aug 2001, Anonymous <rema...@remailer.xganon.com> wrote:

[SNIP]

>Now I want to use a chain of remailers? How do I do this? I'm
>guessing I should somehow encrypt the message using all the keys of
>the remailers in the chain? And if I send the message to the first
>remailer in the chain, how do I let that remailer know to send it to
>the next one? If someone could either tell me how to do this, or
>direct me toward an information source explaining this, I'd
>appreciate it.

Chaining messages is achieved by repeating the encryption steps.
Taken as an example, chaining through two remailers thus,
You -> A -> B -> Recipient

You start off with your message and prefix with

::
Anon-To: <recipient@somewhere>

##
Subject: <some text>

You then encrypt this with the key of the remailer B, and prefix it with

::
Anon-To: <Remailer-B@somewhere>

::
Encrypted: PGP

You take this and encrypt it with the key of remailer A, and prefix with

::
Encrypted: PGP

and now send it to remailer A.

What happens then is that remailer A takes the message, decodes it, and
sends it to remailer B. Remailer B decodes it and sends it to the
recipient.

Doc.
- --
The bigger the humbug, the better people will like it.
~ Phineas Taylor Barnum. http://vmsbox.cjb.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBO3By8sriC3SGiziTAQH4Cwf+JSwjLQcPtVbNAOKB28NBdA+yLLWYflmB
bjpH3nzDyV0TUEEiRH7gdancM8CuMk4n+5D+hWCHIyFoaR93/BuGdft9s8xuPi8M
nzSzPO4pFht8NTzhkkrn9iUcJWgh+fFNfBvWtjDCLs6qdxoQwTUI9N0ioceAlK1S
vk78pYdZ9srxCEr5sCyuAR56wRq0Sa81SDePOcYz48FrRR51Zdoe/cu3Hu4AYeY5
wpC5J59U0BIVb9xnt9zBR7I3aQZArFffZ2G6vdEHDnVulY5hpXjenEgUCUjFH+da
bCD6dCOVtPxYvFbo9mmMY6spiDwfeaOXzniFdFvqdrbADycW2s7qiw==
=3VgO
-----END PGP SIGNATURE-----

------------------------------

Date: 05 August 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 4.7] Can I use mail2news gateways to post anonymously?
Summary: M2N gateways forward email messages to Usenet postings.

Although they are not anonymous remailers, mail-to-news (mail2news or
M2N) gateways are an important part of the remailer network. They
forward email messages to Usenet, permitting posting of messages or
(in some cases) binaries to certain newsgroups. (See FAQ 4.8 for
instructions on determining which newsgroups are available.)

Be warned that these gateways by themselves do not make messages
anonymous. Their administrators *will* keep logs. It is the
remailers that strip off the identifying information from your
message, *not* the M2N gateway. The gateway only delivers to a
newsgroup. See the official help file M2N gateways by sending a blank
email to <mail...@anon.lcs.mit.edu> with the subject "help" (no
quotes). It is when you use an anonymous remailer in combination with
a mail-to-news gateway that anonymous newsgroup posts are possible.

There are actually two methods of posting anonymously to Usenet: via
an "Anon-Post-To:" directive or via an "Anon-To:" directive. Note
that in most cases remailers with "post" in their cap strings actually
forward to a M2N gateway rather than posting via NNTP, so these
methods are often equivalent.

Method #1
Below is a template for the first method. Send the following email
message to a remailer that supports anonymous newsgroup posting
("post" in the cap string).

::
Anon-Post-To: misc.test

##
Subject: This is a boring test

Start your message here.

Method #2
Below is a template for the second method. Send the following email
message to a Cypherpunk remailer ("cpunk" in the cap string).

::
Anon-To: mail...@dizum.com (or any other mail2news gateway)

##
Subject: Is Gretchen Down?
Newsgroups: alt.privacy.anon-server
X-No-Archive: yes (this line is optional)

Start your message here.

Both of these methods will work. Pay attention to the cap strings.
Many remailers are PGP-only ('pgponly" in the cap strings). So before
sending to those remailers you will have to encrypt the above with the
remailer's pgp key.

Here are some other mail2news gateways you can use:

<mail...@anon.lcs.mit.edu> *
<mail2new...@anon.lcs.mit.edu>
<mail...@dizum.com>
<mail2new...@dizum.com>
<mail...@freedom.gmsociety.org>
<mail2new...@freedom.gmsociety.org>

See FAQ 4.8 for an explanation of the significance of the "nospam"
gateways.
*Note that <mail...@nym.alias.net> is an alias for
<mail...@anon.lcs.mit.edu>. The preferred address is
<mail...@anon.lcs.mit.edu>.

See this Web-Based Mail2News Interface <http://forward.to/mail2news>
for a quick-and-dirty way to post anon to Usenet. See also
<https://ssl.dizum.com/help/mail2news.html> for help with Dizum's
mail2news gateway (formerly known as <mail...@zedz.net>).

------------------------------

Subject: [FAQ 4.8] How do I know which newsgroups a gateway carries?

For <mail...@anon.lcs.mit.edu>:
To receive a list of all newsgroups send mail to
<mail...@anon.lcs.mit.edu> with Subject "groups" (no quotes).

For <mail...@mixmaster.shinn.net>:
Same method as above. Or you can finger <gro...@mixmaster.shinn.net>
for a full listing of groups.

For <mail...@dizum.com>:
It offers the same capability. Unfortunately, the last time I checked
the list of groups it sends back is incomplete and inacurate. It's
safe to assume, however, that like the other two gateways Dizum
supports between 10,000-25,000 newsgroups from all the major
hierarchies.

You can also include an egrep-style regular expression on the subject
line. For instance,

Subject: list comp\.unix

would list only newsgroups whose names begin "comp.unix".

Subject: list .*linux

would list all newsgroups whose names contain the substring "linux".

Subject: list alt.*(security|privacy)

would list all newsgroups beginning "alt" and containing either the
word "security" or the word "privacy".

Subject: list .*\.test$

would list all newsgroups ending ".test".

------------------------------

Date: 9 Mar 2001 19:10:43 -0000
From: Redbird <red...@redneck.gacracker.org>
Subject: [FAQ 4.9] What's different about mail2news_nospam vs mail2news?
Message-ID: <2001030919104...@gacracker.org>
Summary: No-spam gateways change headers to hinder address collection.

[edited by turing+apa...@eskimo.com (Computer Cryptology)]
On Fri, 9 Mar 2001, Nomen Nescio <nob...@dizum.com> wrote:
> What's the difference between these two?:
> mail2new...@anon.lcs.mit.edu and mail...@anon.lcs.mit.edu

The first is the no-spam variant of the same mail2news gateway.

How does the no-spam variant work?

The address of my nym account is red...@redneck.gacracker.org. If I
had addressed my send request for this message to
mail...@anon.lcs.mit.edu, my nym account address would have appeared
in the From header. An address collector would be able to find it
easily, and I might end up receiving spam e-mail.

Instead I've addressed my send request to the no-spam variant,
mail2new...@anon.lcs.mit.edu, and my message should include the
following From header:

From: Redbird <Use-Author-Address-Header@[127.1]>

This header is added by the mail2news gateway. The following portion
of it is standard: <Use-Author-Address-Header@[127.1]>. And it
instructs the person reading it to use the Author-Address header (see
below). The only thing that will vary is the name preceding it, and
this is determined by whatever precedes the @ in the real nym account
address. For example, if the real nym account address were
ru...@redneck.gacracker.org, the From header would read as follows:

From: Ruth <Use-Author-Address-Header@[127.1]>

My message should also include the following "Author-Address" header:

Author-Address: Redbird <AT> nym <DOT> alias <DOT> net

This header is also added by the mail2news gateway and is the means by
which it provides my real address to anyone who might wish to reply to
this message by e-mail.

There are no-spam variants for all three mail2news gateways:

mail...@anon.lcs.mit.edu
mail2new...@anon.lcs.mit.edu

mail...@dizum.com
mail2new...@dizum.com

mail...@mixmaster.shinn.net
mail2new...@mixmaster.shinn.net

Redbird

------------------------------

Subject: [FAQ 4.10] When replying to a message, how do I thread my post?

There are two ways to thread your messages into a discussion. You can
do it manually, or take advantage of features in JBN to automate the
process. I'll explain the hard way first...

* In JBN, open your book which you intend to post with.

* Enter "Re: Remailers Suck!" (or whatever the relevant subject is)
into the "Subject: " field.

* Find the message you want to followup and copy the message ID.
(example <3e125abb862940ed...@anonymous.poster> )
Take this and put "References: <msg-id>" in the additional headers box
under the subject.

* Copy bits you want to keep from the original message, you can paste
these into the book by right-clicking and selecting "Paste As
Quote".

* Don't forget the "Newsgroups:" header! :)

You should be able to manage this easily provided you can get the
message ID out of your newsreader.

Now, the easy way involves getting the entire message **and headers**
into the clipboard. This is the part that depends on which newsreader
you use. With XNews, for example, make sure all headers are displayed
within the message and then right-click and select "Copy All".

With the entire message (and most importantly the headers) on the
clipboard, select the book you will use to construct a reply, select
"Follow-Up Clipboard (Ctrl-U)" from the "Message" drop-down menu. You
can then quote the entire message and edit as appropriate. It is
really simple once you've managed it a couple of times.

One point to watch out for! If replying to a message in a long thread,
you may want to trim excess References elements from the
headers. Remailers (esp those that use Mixmaster software) don't take
kindly to long headers or badly wrapped headers.

Summary: All you really need is the message ID of the post you are
replying to.

------------------------------

Date: 16 August 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 4.11] Which remailers permit my own "From:" header?
Summary: Only a few remailers permit custom "From:" headers.

[Thanks are due to Boris 'pi' Piwinger for reports, Stefan Wagner
(Narnia Admin) and Jochen Wersdörfer for mentioning their
remailers, and Farout-Admin for posting regular updates.]

A more up-to-date and complete answer to this question is available in
the following table:

<http://www.nuther-planet.net/farout/misc/FromHead.html>

As of the date of this FAQ, tests indicate the following remailers
permit the user to specify part or all of the "From:" header line
(either the entire address or the nickname only) in the final headers
[1]:

farout
frog2
italy2*
narnia*
segfault
shinn*
squirrel

*Note that italy2, narnia, and shinn add a disclaimer (either in the
header of the body of the message) when the message has a custom
"From:" header. The intent of this warning is to reduce forgery
complaints.

[1] See the Reliable User's Manual for further information:
<http://www.theinternet.cc/potatoware/reli/UserMan.htm#Final>
<http://www.theinternet.cc/potatoware/reli/UserMan.htm#finFrom>

------------------------------

Subject: [FAQ 4.12] Where do I find public SMTP servers (open relays)?

Relaying mail through the servers of a third party is, at best bad
Internet etiquette and, at worst, theft of service. This is not just
my view but the view of Internet users and service providers
worldwide. Many of the larger ISPs, in a preventative move to stop
their own customers from spamming others, have blocked customer's
connections to any smtp servers but their own.

Open relays, in the vast majority of cases, will not hide the origin
of your message. Your IP address is visible and all traffic is logged.

Still not deterred? Okay. Here's one method of finding an open relay:

+ Visit newsgroup <news://news.admin.net-abuse.sightings> and scan
through the posts there looking for any spam reports that mention open
relay, hijack, or relay-rape.

+ Take the mail servers you find in "sightings" and plug them, one by
one, into the form at
<http://vancouver-webpages.com/cgi-bin/nph-chkspam>.

+ If your tests indicate that a particular email server is still an
open relay then your search is over. Insert the mail server's address
in place of your ISP's SMTP server in your email client's
configuration.

------------------------------

End of faq.4 Digest
*******************

Computer Cryptology

unread,

May 2, 2003, 3:00:10 PM5/2/03

Posted-By: auto-faq 3.3 (Perl 5.004)

Archive-name: privacy/anon-server/faq/use/part5
Changes: 1.10 2001/03/25 14:41:27

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 5/8]: Statistics

This is the fifth of eight parts of a list of frequently-asked
questions and their answers regarding anonymous remailer use. This
part is all about remailer statistics (stats). It has changed to
provide a more complete list of stats sources and to indicate how
current those sources are in opinion of the maintainer.

The following topics are in this FAQ:

1: [FAQ 5.1] What are stats pages?

2: [FAQ 5.2] How are stats Versions 1 and 2 different?
3: [FAQ 5.3] Where can I find stats pages?
4: [FAQ 5.4] Why are there dead remailers on the stats pages?

----------------------------------------------------------------------

Date: 02 March 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 5.1] What are stats pages?
Summary: Stats pages have estimates of remailer reliability and latency.

Stats pages are a snapshot of the current status of the traditional
remailer network. They list the remailers the maintainer of that stats
page is "pinging", those remailers' capabilities and limitations, and
how well those remailers are replying to those pings. From this data,
remailer uptime and latency can be deduced.

Keep in mind that the results shown on different stats pages often
vary widely and that the stat page you are looking at shows the
results as seen from the remailer doing the pinging. Network
conditions between this remailer and the others can and will influence
the results.

For example, a stats source (pinger) temporarily without mail access
will list all pinged remailers as having low reliability (assuming
that Web access is present). In fact, it is the pinger itself whose
reliability has declined. Refreshing stats from such a pinger may
result in the remailer client complaining that there are not enough
remailers.

Other things that will influence the results are not having the
current key(s) for a remailer on the pinger's keyring. Often key
changes are made and announced, but a stats page maintainer might miss
this, or his remailer isn't automatically updating with new keys and
purging old keys. If possible (i.e., if the stats source provides
them), check the keyrings.

With new remailers coming on line all the time and others departing
the network after only a brief appearance, it can be very difficult to
maintain an accurate list of exactly which remailers are really
online. Also, when a remailer joins or leaves the network, the uptime
and latency stats for that remailer will not respond instantaneously.
Stats are an analysis of data taken over several days and presented as
a moving average.

Some stats pages are in question 5.3.

Elcaro posts his Remailer Reliability Statistics daily in APAS. This
guy is a stats maniac! His stats offer:

* 1 Hop Remailer Check for a day and the last week

* MultiHop(1-4) Remailer Check for a day

* Position Check for the MultiHop Check for a day each remailer
giving Success/Failure/Total/Percentage for every position

* Position Check for the MultiHop Check Summary for the last week

* Arc Analysis for Last 7 Days Success/Failure/Total/Percentage

------------------------------

Date: 02 March 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 5.2] How are stats Versions 1 and 2 different?
Summary: Different clients read different stats.

There isn't a really big difference between them. Version 2 is
somewhat more detailed and uses different symbols than Version 1 to
represent the measurements of Latency, History and Uptime. Here's a
typical Version 1 stats format
<http://mixmaster.shinn.net/stats/remailer-list.html> and here's a
typical Version 2 <http://www.neuropa.net/%7Egretchen/rlist2.html> .
These are in HTML. You may also download TXT versions of each. The
file names may vary (rlist, rlist.txt, remailer-list, etc...), but
here are the recommended file names:

Filename Remailer-Type Format Stats-Version
rlist Cypherpunk Plain Text 1
rlist.html Cypherpunk HTML 1
rlist2 Cypherpunk Plain Text 2
rlist2.html Cypherpunk HTML 2
mlist Mixmaster Plain Text 1
mlist.html Mixmaster HTML 1
mlist2 Mixmaster Plain Text 2
mlist2.html Mixmaster HTML 2

Further information on stats formats comes from RProcess'
Specification and RFC for Remailer Stats Version: 2.b
<http://www.skuz.net/potatoware/PSKB-032.html>. Most users need only
consider which stats version their client will read. Here is a
summary of the recommended version. Further comments are below.

Software Recommended Version Recommended Format
JBN1 1 HTML
JBN2 2 Plain Text
Mixmaster 1 HTML?
Quicksilver 1 Plain Text
Private Idaho 1 HTML
Reliable 2 HTML

Jack B. Nymble v.2 and Reliable v.1.0.5
JBN2 and Reliable 1.0.5 can read both types of stats. Pick a format
that you like and stick with it.

Quicksilver
Quicksilver reads only Version 1 stats in TXT format (e.g., mlist.txt
and rlist.txt).

Mixmaster
The operator of Cmeclax Remailer, <cme...@ixazon.dynip.com>, confirms
that, as far as he can tell, "...Mixmaster 2.9 doesn't understand
Version 2 [stats]. I tried it a while ago, and it had no reliability
data when I made chains."

Jack B. Nymble v.1
Frog-Admin says that JBN1 only reads version 1 stats. In that
operator's experience, JBN1 works better with HTML files
than with plain text files.

Private Idaho
As for Private Idaho, there are lots of different variations of this
older program. But it's safe to assume that most of them require
Version 1 stats in HTML format (e.g., remailer.htm) and won't work
with Version 2.

Other Clients
Be aware that some of the older client software like Potato, Decrypt
and Mixmaster 2.0.4 cannot read Version 2 Stats.

------------------------------

Date: 02 March 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 5.3] Where can I find stats pages?
Summary: Various URLs may point to stats pages.

First, consider where you might find stats pages that are no longer
useful. RProcess packaged JBN2 and Reliable when different stats
pages were active. The included stats lists are no longer current.

Next, there are several indexes to stats sources (pingers). Starting
with the newest, below are the indexes available on the date shown
above.

lefarris "Les autres remailers"
<http://www.citeweb.net/arris/stats/index.htm> OR
<http://pages.globetrotter.net/arris/stats/index.htm>
weasel "Anonymous Remailer Stats, Meta-Stats and other Information"
<http://anon.noreply.org/stats/index.html>
frog "All Pingers' Index"
<http://www.privacyresources.org/frogadmin/Pingers.html> OR
<http://www.chez.com/frogadmin/Pingers.html> OR
<http://members.nbci.com/frogadmin/Pingers.html>

As of the date of this question, the following pingers (in
alphabetical order) are accurate and current or up-to-date--according
to frog (see above) and turing, at least:

austria <http://www.tahina.priv.at/~cm/stats/>
efga <http://anon.efga.org/Remailers/>
farout <http://www.nuther-planet.net/farout/stats/>
frog <http://www.privacyresources.org/frogadmin/Main.html>
helferlein
<http://www.helferlein.net/mixmaster/>
senshi <http://private.addcom.de/SenshiRemailer/>
shinn <http://www.mit.edu:8001/finger?rl...@mixmaster.shinn.net>
<http://www.mit.edu:8001/finger?ml...@mixmaster.shinn.net>
subzer0 <http://www.press.nu/leiurus/subzer0/>
turing <http://www.eskimo.com/~turing/remailer/stats/>

The following stats sources produce lists significantly different from
the stats sources above. The cmeclax page, for example, says "Note: I
am behind a modem, so my latency figures include my own latency as
well as those of the pinged remailers. Use these stats only to decide
what remailer to put after or before me." Consider the comments in
question 5.4 before using the others.

cmeclax <http://lexx.shinn.net/cmeclax/>
lefarris
<http://pages.globetrotter.net/arris/stats/>
publius <http://www.publius.net/>

In addition to the pages above, active remailers with stats pages
include the following that are CURRENTLY OUT OF DATE, but may someday
return because the remailer still operates:

bruble2 <http://www.angelfire.com/pe/rijto/remailer/>
gretchen
<http://www.neuropa.net/~gretchen/>
xganon <http://anon.xg.nu/list/>

Check the date of this FAQ and of the stats pages! The three above
are NOT UP-TO-DATE as of the date of this writing.

------------------------------

Date: 02 March 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 5.4] Why are there dead remailers on the stats pages?
Summary: Stats pages may go out of date when remailer network changes.

This happens because the keeper of that stats page is either not aware
that the dead remailers have officially left the network, or is behind
on maintaining his stats pages. Often stats pages are maintained by
remailer operators and their other remailer duties will take priority
over updating their stats pages.

Unfortunately, a poorly maintained stats site will often lead to
problems for remailer users when they plug those URLs into programs
like Jack B. Nymble, Private Idaho or QuickSilver and receive
configuration error messages. The problem will repeat itself every
time your stats are updated and the site with the stale keys is
polled.

One attempt to provide information on the problem described above is
found in Computer Cryptology's Comparison tables:

<http://www.eskimo.com/~turing/remailer/stats/db/rlist.html>
<http://www.eskimo.com/~turing/remailer/stats/db/mlist.html>

Further information is available at Frog's MetaStats Page
<http://www.privacyresources.org/frogadmin/MetaStats/index.html>.

Two comparisons between stats sources can help in selecting pingers to
include in a remailer client's list. First, the "Last update" time
indicates if the values are current. Second, a comparison of the
remailers each stats source list can indicate if the problem described
above is occurring. For example, imagine a particular stats source
lists many remailers at 0.00% reliability ("uptime"), is the only
pinger to list several remailers, and doesn't list a dozen remailers
that the majority of other pingers include. That stats source is
probably out of date, even if the "Last update" time is current.

For further consideration, the cells in Computer Cryptology's
Comparison shade to indicate suspected error values or outliers, i.e.,
values far from the average of other stats sources. The details are
on those pages.

Similarly, Frog's "All Pingers' Index Page"
<http://www.privacyresources.org/frogadmin/Pingers.html> rates pingers
as up to date versus poorly or not maintained. These ratings express
the opinion of the operator.

------------------------------

End of faq.5 Digest
*******************

Computer Cryptology

unread,

May 2, 2003, 3:00:11 PM5/2/03

Posted-By: auto-faq 3.3 (Perl 5.004)

Archive-name: privacy/anon-server/faq/use/part6
Changes: 1.8 2001/03/25 14:41:27

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 6/8]: Software

This is the sixth of eight parts of a list of frequently-asked
questions and their answers regarding anonymous remailer use. This
part answers the question, "Which software should I use?"

The following topics are in this FAQ:

1: [FAQ 6.1] Do you recommend that I learn PGP (Pretty Good Privacy)?

2: [FAQ 6.2] Which remailer client should I choose?

----------------------------------------------------------------------

Subject: [FAQ 6.1] Do you recommend that I learn PGP (Pretty Good Privacy)?

Yes. Absolutely. There are many excellent tutorial pages on the Web
with links pointing you to the version that's right for you. A really
excellent tutorial for newcomers is here
<http://home.mpinet.net/pilobilus/EZ_PGP.htm> .

The latest stable version is PGP is 6.5.8
<ftp://ftp.zedz.net/pub/crypto/pgp/pgp60/> Thankfully there are many
places to download PGP <http://www.cryptography.org/getpgp.htm> .
Desktop Security, Personal Privacy or Freeware versions; all these are
recommended although they are rather bloated (7-11 megs). Whatever
version you choose, it must be capable of creating and working with
RSA keys since this is what remailer software and nym server software
use for the most part. Check out this excellent Web site for the
lowdown on which versions support RSA keys, Diffie-Hellman keys or
both. <http://rmarq.pair.com/pgp/#chart>

Earlier command line versions of PGP are very popular with remailer
users. PGP 2.6.3i-win32 <ftp://ftp.pgpi.com/pub/pgp/2.x/pc/windows/>
has become something of a standard for Windows users. It is small,
"rock" stable and seems to "play well with others". 'An excellent
companion to any remailer client.

See also Tom McCune's very readable FAQ about PGP
<http://www.McCune.cc/PGPpage2.htm> ; and another PGP tutorial
<http://www.skuz.net/pgp4dummies/> ;

------------------------------

Subject: [FAQ 6.2] Which remailer client should I choose?

Get comfortable with using PGP encryption by itself. Find a friend who
uses it and exchange keys. Then, get yourself a remailer client.

As for which one to choose: well... the short answer: Quicksilver or
Jack B. Nymble.

The long answer: I have listed a handful of remailer tools below.
There are a handful of others (Anonpost, Crusader, John Doe...) I've
chosen to highlight the ten programs below because they are the ones
that are readily available on the Internet and free of charge.
However, I would add a word of warning before trying these programs:

To my knowledge there currently does not exist a remailer client that
functions "out of the box". All remailer clients (especially the ones
that are no longer maintained) require a certain amount of tinkering
and configuring to make them work with the current crop of remailers
and stats URLs. Just so you know...

I highly recommend QuickSilver because it is one of the only programs
out there that is actively being maintained and developed. If you've
spent any amount of time in APAS you'll have seen many Quicksilver
updates announced there. JBN is great too. And you'll find answers to
your JBN questions simply by lurking here in APAS.

For Windows:

QuickSilver <http://quicksilver.skuz.net/>
Finally, Mixmaster made easy! This free program is the newest of the
remailer clients. It's a Mixmaster email client program. It can send
anonymous email and post anon articles to newsgroups via Mixmaster
remailer chains. QS, itself, doesn't possess any encryption
capabilities. Instead, it serves as a GUI "front end" to Ulf
Möller's Mixmaster 2.9beta.

Recently, QS author Richard Christman has written a PGP-plugin for
Quicksilver. <ftp://skuz.net/pub/quicksilver/> So now it's not only a
Mixmaster client. It's a Cypherpunk remailer client as well!

Jack B. Nymble 2 <http://www.bigfoot.com/~potatoware/jbn2/index.html>
(From the User's Manual:) "Jack B. Nymble 2 (or JBN) is a feature-rich
Windows email client which facilitates the use of anonymous remailers
for anonymous email and newsgroup posting. It includes ease of access
and automation for beginning users, as well as sophisticated control
of remailer messages for more advanced users. Support is included for
PGP encrypted messages, Mixmaster messages, attachments, and MIME
mail. JBN2 also includes support for nym mail and nym account
reply-block creation (see #7.1-#7.4), centralized queuing and sending
via SMTP, POP3 retrieval, NNTP retrieval, and automated nym mail
decryption. It also includes a mini web browser used for downloading
remailer reliability statistics, keys, and web pages. Support is
included for PGP versions 5.5.3x and 6.x, in addition to DOS version
2.6.x. Mixmaster 2.0.4 is also fully supported."

Also, excellent documentation and help files can be found at the
Potatoware Homepage <http://www.bigfoot.com/~potatoware> .

Private Idaho <http://www.eskimo.com/~joelm/pi.html>
P.I. is an email client for Windows which simplifies the creation and
the sending of anonymous remailer messages. It also simplifies the
creation of nym accounts and the sending/receiving and decryption of
nym messages. It is available in both 16-bit and 32-bit versions. A
properly installed version of PGP is required. Additionally, Mixmaster
messages can also be created and sent if Mixmaster is installed on
your computer. The author, Joel McNamara, no longer maintains this
program and it's age is showing.Trying to make PI do what you want it
to do is probably more trouble than it's worth. If you want to give it
a go I would recommend the 16-bit version by Ian Lynagh
<http://www.lynagh.demon.co.uk/pidaho/> with source code available.

See also this excellent page of FAQs related to Private Idaho
<http://www.dnai.com/~wussery/pgp.html> and Thanatop's tutorial on
Remailers, Nyms and Private Idaho <http://www.skuz.net/Thanatop/> .

Potato and Decrypt <http://www.bigfoot.com/~potatoware/pot/index.html>
Potato is a freeware DOS remailer client which operates well in
Windows. This software prepares anonymous messages which are then
mailed using your email client. Decrypt is a mail decryption utility
provided with Potato, available as a separate application. These
programs are early creations of RProcess the author of both JBN and
the Reliable Remailer <http://www.bigfoot.com/~potatoware/reli/> - a
popular remailer server for Win95/98.

Mixmaster <http://www.thur.de/home/ulf/mix/>
For DOS users there is Mixmaster v 2.0.4. For DOS/Windows users
Mixmaster 2.9beta is what you want.These are the two versions that are
most commonly used. Mixmaster can be used by itself as a client or as
remailer. But for Windows users we suggest using one of the excellent
GUI clients mentioned above in concert with Mixmaster.

For Mac:

Mixfit (aka Macmixmaster)
<http://www.geocities.com:80/SiliconValley/Byte/6176/macmixmaster.html>
A Mac Mixmaster Client. Like Potato this program does not mail the
Mixmaster message that it has created. You must cut and paste it into
your favorite email client.

For more Mac encryption and security-related downloads try here
<ftp://erg.ucd.ie/Public/Macintosh/Cryptography/> and here
<http://www.shopmiami.com/prs/fritz/macpgp.htm> ; For a variety of
interesting email-related software including a Mac Remailer(!) called
AnonAIMouS try here
<http://download.uni-hd.de/ftp/pub/mac/info-mac/comm/inet/mail/> ;

For Unix/Linux:

Mixmaster <http://www.thur.de/home/ulf/mix/>
Mixmaster for the Unix/Linux OS. The same executable can be used as a
client or as a remailer. The remailer can be installed on any *nix
account that can receive mail. Non-remailer messages will be delivered
as usual. If you have root access, you may want to create a new user
(e.g.,`remailer') and install Mixmaster under that user id. The
iInstall script provides a simple way to set up the remailer.

As a remailer Mixmaster can be configured to additionally accept and
process Cypherpunk remailer messages. In fact, this is the way most
remailers run today: as a hybrid of Cpunk and Mix.

Premail <ftp://dl.xs4all.nl/pub/mirror/munitions/network/email/>
Premail is an older but still useful program written by Raph Levien
for use with remailers. It fully supports the creation of Cypherpunk
and Mixmaster messages. Perhaps most useful is its ability to create
and manage nym accounts with good security and easy commands. In
addition to being a remailer client, Premail supports PGP and S/MIME
for standard secured Internet e-mail. It works with mh, elm, Mutt and
newer versions of Netscape. It requires Perl to be installed on your
computer.

The RemOp of the now defunct Septic Remailer warns: "Premail breaks
when fed mail to a nym which has been signed with something other than
PGP 2.6.x."

SendNym
<http://www.driveway.com/web/share.jsp?sid=57794b91.bacca&name=%3DIntern
et&dwSession=vapp03-7be21aa956ea322b&view==0>
A brand new program by old...@nym.xg.nu It takes the place of
Sendmail in relation to your mail client and facilitates the use of
nyms by sending simple nym commands to your mail client, allowing
users to easily switch between sending through their nym or sending
through their regular e-mail account. It will not create a nym for
you. This must be done manually by the user before using Sendnym. It
supports Usenet posting,and random chain selection (through
Mixmaster.)

Sendnym has been successfully tested on Linux 2.2.17 . It requires: a
*nix system with Sendmail, Perl and Mixmaster installed. Also, your
mail client must allow you to configure the name and location of
Sendmail (e.g. Pine).

Mailcrypt <http://www.nb.net/~lbudney/linux/software/mailcrypt.html>
Although not a remailer client, Mailcrypt is an Emacs interface to PGP
and GnuPG <http://www.gnupg.org> encryption with features for
encrypting and decrypting email and news.

See also this page <http://www.worldnet-news.com/software.htm> for
more anonymous remailer clients including the no-longer-maintained
Anonpost, Easynym etc...

------------------------------

End of faq.6 Digest
*******************

Computer Cryptology

unread,

May 2, 2003, 3:00:14 PM5/2/03

Posted-By: auto-faq 3.3 (Perl 5.004)

Archive-name: privacy/anon-server/faq/use/part7
Changes: 1.11 2001/04/20 15:47:36

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 7/8]: Nyms

This is the seventh of eight parts of a list of frequently-asked
questions and their answers regarding anonymous remailer use. This
part introduces nyms.

The following topics are in this FAQ:

1: [FAQ 7.1] How is a nym different from anon. posting?

2: [FAQ 7.2] How do I get a particular nym server's key?
3: [FAQ 7.3] Why do alt.anonymous.messages subjects look random?
4: [FAQ 7.4] Why are nyms such a bitch to set up?
5: [FAQ 7.5] How can I ensure nym creation goes smoothly?

----------------------------------------------------------------------

Subject: [FAQ 7.1] How is a nym different from anon. posting?

A nym account is like a forwarding email address except that it offers
the additional feature of anonymity. Not even the nym server operator
knows who you are! You set up an account with one of the three nym
servers (see #3.2 and #7.2) by sending a config message. In it you
provide a newly created PGP public key for your chosen nym (say,
booze...@redneck.gacracker.org), some configuration options (like
+signsend, -fingerkey, +nobcc, etc...) and finally a reply block so
the nym server can send any replies back to you through a chain of
remailers of your own choosing, or if you prefer, to a newsgroup like
alt.anonymous.messages or alt.anonymous.

Nyms are different than just sending through anonymous remailers. When
posting through a simple remailer or chain of remailers there is no
way for anyone to reply to your message via e-mail unless you include
a repliable address such as a Hotmail account in the body of the
message, or signature. Additionally, most remailers do not allow any
type of From: header to be posted, so your message will appear to come
from 'Anonymous', 'Anonymous Sender' or similar. When posting through
a nym account, the reply-able nym address remains intact in the
message headers. Reply-able AND anonymous!

Setting up a nym can be done manually (with PGP and a text editor) or
through software like JBN or Private Idaho. Either way you should read
up on the process before trying your hand at it. Here are some very
good tutorials about nym creation:

Nym creation and use for mere mortals
<http://www.stack.nl/~galactus/remailers/nym.html>

Using JBN:
<http://www.skuz.net/potatoware/jbn2/JBNH-en.htm#NymBookCreate>

Also:
<http://mixmaster.shinn.net/nym/index.html>
<http://anon.xg.nu/nym_doc.html>

------------------------------

Date: 21 Mar 2001 06:21:16 GMT
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 7.2] How do I get a particular nym server's key?
Message-ID: <999h8s$b99$1...@eskinews.eskimo.com>
Summary: Nym servers have separate addresses for keys.

[This text is the original FAQ entry updated with a summary of the
thread with "Subject: Re: ... keys for <con...@nym.xganon.com> ...?",
particularly the post with Message-ID above.]

The method used for remailers--sending an email message to the
remailer address with "Subject: remailer-key"--won't work with the
config and send addresses of nym servers. These addresses (e.g.,
<con...@nym.xganon.com> or <con...@mail.xganon.org>) will reject any
plaintext message or any encrypted message that does not begin with
"Config:" (cf <http://anon.xg.nu/nym_doc.html>). Each of the nym
servers has a separate email address that responds to remailer-key
requests. Send a blank email message to an address like this:

<remail...@your.favorite.nymserver>

The addresses used to check the keys on the CC site are as follows on
the date of this FAQ:

nym <remail...@nym.alias.net>
redneck <remail...@redneck.gacracker.org>
xgnym2 <remail...@nym.xganon.com>

(Check <http://www.eskimo.com/~turing/remailer/keys/nym-key.lis> for
changes.)

Consider when choosing a nym server:

<NYM.ALIAS.NET> hasn't changed it's nym key since 1996! Draw your own
conclusions about whether this key might have been compromised since
that time.

<REDNECK.GACRACKER.ORG> uses it's own <rema...@gacracker.org> to send
outgoing nym mail and that remailer is middle.

N.A.N and <NYM.XGANON.COM> send through their respective local
remailers, and both these are NOT middle.

------------------------------

Date: Tue, 10 Apr 2001 18:58:46 GMT
From: hu...@plainmail.com (Saddle)
Subject: [FAQ 7.3] Why do alt.anonymous.messages subjects look random?
Message-ID: <td6lu4d...@corp.supernews.com>
Summary: Some subjects are encrypted MD5 hashes of the real subject.

[The text below is a summary of posts by "Ahab", Saddle
<hu...@plainmail.com> and Doc.Cypher from the thread "RANDOM STRINGS"
containing the "Message-ID:" above.]

On Mon, 9 Apr 2001, "Public <Anonymous_Account>" <rema...@xganon.com>
wrote:
> Most of the messages in <alt.anonymous.messages> are PGP encrypted
> but what are the random strings of numbers and letters which appear
> in the subject line?

Some people configure their nym accounts to have incoming email
messages delivered to newsgroup <alt.anonymous.messages> (AAM) instead
of to an email address. To find their messages among the many in AAM
without disclosing their identity, the "Subject:" line contains
information encrypted to a key only they know.

This process is automated if you use Jack B Nymble (JBN). A freeware
DLL (PSESUB32.DLL) called the Esub plugin adds encrypted subject
scanning support to JBN versions 2.1.d and later, and Esub support to
Reliable versions 1.0.1 and later:

<http://www.skuz.net/potatoware/esubplug.html>

RProcess included the Esub plugin with JBN2.1.4.

An more detailed explanation is in the Reliable User's Manual:

<http://www.theinternet.cc/potatoware/jbn2/JBNR-en.htm#dirEncryptSubject>

According to the Reliable User's Manual, the "random" strings of
numbers and letters which appear in the "Subject:" line are encrypted
MD5 hashes of the final "Subject:" line. That is, the remailer client
calculates an MD5 hash from the "Subject:" line(which might be, e.g.,
"ATTN: Dave") in the final or hash headers (below the "##"). This MD5
hash that results from this calculation is likely to be unique to that
particular "Subject:" line. The remailer client then encrypts the MD5
hash using conventional (symmetric) encryption, specifically IDEA.
The encryption and decryption key is the passphrase given for the
"Encrypt-Subject:" directive.

------------------------------

Subject: [FAQ 7.4] Why are nyms such a bitch to set up?

Actually they aren't a bitch to set up. The difficulties usually begin
when automatic client software is being used with dead remailers,
stale remailer keys, remailer chains that are broken, or other factors
that could be determined in advance by the user if he took the time to
verify that these things were not going to be problems before trying
to start setting up a nym. That is to say:

+ If you use stale remailer keys, the remailers will not be able to
process your message.

+ If you use dead remailers, either when sending to nym, or in your
reply block chain, then your nym will not be setup at all, or even
worse, it will appear in the list as created but not work and not
return any clues as to why not.

+ If you test your reply block before trying to use it with a nym, and
it does not work for you, there is no way it will work for the
nymserver either. But since you didn't bother to create it by hand and
test it yourself you have no way of knowing whether it works or not.
Now you can see you have a list of possible problems that may be
working alone or in combination against you. But since you didn't
verify each one to be non-problematic in and of itself, you have no
way to know why your nym isn't established or not working. This is the
"bitch" and it is of your own creating.

Of course, automatic nym creation software knows nothing about the
current state of the remailer network, which remailers have changed
keys recently, which remailers have problems chaining to other
remailers, etc. So by using it without independently verifying what it
is doing for you, you place yourself at its mercy. Don't blame the
software since it rarely if ever makes technical errors when creating
nyms.

------------------------------

Subject: [FAQ 7.5] How can I ensure nym creation goes smoothly?

Here is a list of things you should do before attempting to assemble a
nym creation message, whether by hand or using creation client
software:

+ Verify that each remailer you intend to use is working. Check the
stats pages to see how they are doing.

+ Look at the broken chains reports. Don't use remailer chains that
are known to be broken.

+ Make sure you have the current remailer keys.

+ Send yourself at least one message through each remailer you intend
to use. If you don't get them back find out why and fix the problem.

+ Once you are sure each remailer you intend to use is working
individually, decide on which ones you will use in your chain to send
your nym creation message into the nym server. Construct a chained
remailer message using these remailers with your own address as the
recipient and send it off. If it comes back, that chain is verified to
be working for you. If not, find out why or select another chain and
test again.

+ Repeat the above for the remailers you will be using for your reply
block chain. If they are the same as the ones you use above, you are
done testing.

NOW you can create your nym using automatic client software and at
least you'll know that if the nym doesn't work the problem lies
between the nym server and the first remailer in your reply block
chain, or some enhanced nym feature you selected to use is tripping
the process up somehow. Avoid using these at first until you get a
working nym, even if it is only a throwaway test nym. Then move on to
the more complex configurations.

------------------------------

End of faq.7 Digest
*******************

Computer Cryptology

unread,

May 2, 2003, 3:00:15 PM5/2/03

Posted-By: auto-faq 3.3 (Perl 5.004)

Archive-name: privacy/anon-server/faq/use/part8
Changes: 1.7 2001/03/25 14:41:29

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 8/8]: Troubleshooting

This is the eight and final part of a list of frequently-asked
questions and their answers regarding anonymous remailer use. This
part discusses troubleshooting.

The following topics are in this FAQ:

1: [FAQ 8.1] It's hours later! Why hasn't my test post arrived?

2: [FAQ 8.2] Why didn't my email/post make it through?

----------------------------------------------------------------------

Subject: [FAQ 8.1] It's hours later! Why hasn't my test post arrived?

While it is true that remailer traffic is sometimes unreliable one
must realize that a remailer isn't just a mail server. Mail must not
only be delivered but it must be delivered securely and anonymously.
Latency (delay before delivery) is part of the anonymizing process
like it or not.

For starters, every remailer has some existing latency (depending on
numerous factors including load, processor power, type of Internet
connection, etc...) Users can specify a latency directive
(Latent-Time: +0:00) to override the normal built in latency of the
remailers. Users may also add MORE delay to their messages if they
wish by adding, for example, Latent-Time: +2:30. This would cause an
additional 2 hr and 30 min delay before delivery.

Also, many remailers use features like reordering ('reord' in the cap
string) and RATE/POOLSIZE which may delay messages even further , all
in the name of defeating traffic analysis and increasing anonymity.

Still, there are other reasons why your email or post might be
unnaturally delayed:

+ Your message may in fact have been posted to Usenet but either
hasn't arrived at your news server yet, or might not arrive for any
number of possible Usenet related problems. Usenet propagation is not
instantaneous. Poorly connected servers can take days to receive
messages, if they get them at all. You might check on the Deja
archives [http://www.deja.com/usenet] and see if they got the post, or
try another server if you have access to one.

+ You may have chosen a remailer that is not online full time (dial-up
account). These remailers may collect mail once an hour, once a day or
perhaps only in the evening hours.

------------------------------

Subject: [FAQ 8.2] Why didn't my email/post make it through?

+ Your message may have just been lost in the network for any number
of reasons. It does happen. The system isn't 100% reliable.

+ You are using broken chains or stale remailer keys.

+ Your source address or domain is being blocked by the first remailer
in your chain.

+ Your destination address, domain, or newsgroup is being blocked by
the last remailer in your chain.

+ The Usenet group you are posting to is not available on the news
server or gateway being used by the last remailer in your chain.

+ You are trying to crosspost to too many newsgroups and the final
remailer in your chain discarded the message. Send a blank email to
the remailer with 'remailer-conf' as the subject to determine how many
newsgroups the remailer allows you to cross-post to. Spammers abuse
the cross posting option so operators are cutting back to 3 or 4 cross
posts to deter the spammers.

+ You have too many addresses in the To, Cc, or Bcc headers and the
final remailer in your chain discarded the message.

+ You attempted to send an anonymous message to a nym that is
configured to either reject Bcc messages (directive +nobcc) or not
accept any mail at all.

+ Your e-mail recipient is filtering out messages from anonymous
remailers.

+ You are simply having a bad day. 'Better luck tomorrow!

RProcess, the author of JBN2 and the Reliable Remailer, has
systematically examined why so many anon messages seem to disappear.
His conclusions [http://www.bigfoot.com/~potatoware/PSKB-035.html] are
quite provocative.

------------------------------

End of faq.8 Digest
*******************

0 new messages