On Sun, 18 Oct 2015 18:37:55 +0000, Steve Crook wrote:
> This happens because the default INN behaviour is to include identifying
> headers. It takes a Perl script to strip them out of the message prior
> to posting. If the Perl script breaks for any reason (usually when Perl
> gets upgraded), the headers don't get modified/removed.
Thanks Steve for explaining. I have been horrified, at times, to find that
three servers which didn't "normally" reveal the true NNTP posting host
revealed it in some headers (es, mixmin, & mozilla).
At least now I know how it can happen.
Thank you for that explanation.
> I'm only aware of
newsguy.com and
tornevall.net adopting this behaviour
> but there may be others. It's their choice I guess but it makes it
> impossible for other NSP's to use EMP filters on posts originating at
> those services.
I don't know what an EMP filter is but a search brings up something called
"cleanfeed" which may be related.
I'm guessing what you mean is that those NNTP servers who change the
hash for both the user account and for the nntp server make it harder
for folks like you to filter out spammers based on their hashed user
account and hashed nntp server IP address.
That's a fair drawback, to you. To us, it's the same drawback though,
in that an unchanging hash makes it *easier* to identify us, which is
a privacy issue (to me anyway).
Paolo's server, aioe, uses the same "IP hash" all the time = BAD.
Roman's server, albasani, I think changes both IP & username hashes = GOOD.
Likewise with solani = GOOD.
Ray's server, es, I think, uses the same IP & username hashes all the time = BAD.
Jesse's server, blueworld, I think, changes both IP & username hashes = GOOD.
I think your server, mixmin, repeats the same "IP hash" all the time.
Is that information (on your server) correct?
> I'd strongly suggest that none of them grant you anonymity. They munge
> headers so that readers can't tell where a post originated. That really
> is the limit of the privacy they afford.
That's all "I" want.
Basic privacy.
If I post a question about, oh, let's say my medical condition of AIDs or
a reaction I had when I used too much Viagra (or whatever), I just don't
want my kids' kids to figure out it was me, a dozen years from now.
Privacy is something you have to actively seek every day.
> Post something that attracts the attention of <insert local law enforcement
> here> and you'll be extremely vulnerable. If you want real anonymity,
> use Tor (and use it well) or use Remailers.
I'm not talking at all about criminal acts. I'm just talking about basic
everyday privacy. All I want is my conversation not to be tracked to me
today, tomorrow, or next year by some script kiddie who can cull nntp
headers en masse, off of the net.
Mostly what I'm asking about are really two things that are in our headers:
1. Username privacy (which you don't have an issue with since you don't require it)
2. NNTP posting host privacy (which you put in your headers with static hashes)
I really don't understand how the "encryption" part protects privacy, so,
I'm not specifically asking about that (although it "must" be a good thing).
I did just now try port 563 on aoio and it failed, so, it's not so simple
to get port 563 working on at least aioe's server
nntp.aioe.org:563 but
I didn't try 443 so maybe I got the port number or server name wrong
(because 119 worked fine afterward).