APAS Anonymous Remailer Use [FAQ 1/8]: Overview

0 views
Skip to first unread message

Computer Cryptology

unread,
Jun 2, 2003, 3:00:05 PM6/2/03
to
Posted-By: auto-faq 3.3 (Perl 5.004)
Archive-name: privacy/anon-server/faq/use/part1
Changes: 1.14 2001/08/16 15:52:11
Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 1/8]: Overview

This is the first of eight parts of a list of frequently-asked
questions (FAQ) and their answers regarding anonymous remailer use.
The newsgroup containing the most discussion of anonymous remailers is
<alt.privacy.anon-server> (APAS). Consequently, this FAQ is the "APAS
FAQ for Remailer Users," or the APAS user FAQ.

Champerty wrote the original APAS user FAQ with the help of Stray Cat.
Thanks also go out to Thomas Boschloo, Michael T. Shinn, Lord Running
Clam, and all the regulars in APAS. Computer Cryptology (CC) now
maintains the FAQ, using CVS to track changes since Champerty's
leaving. CC thanks Frog-Admin for review of changes to part 5;
Redbird for FAQ 4.8; Ahab, Saddle, and Doc.Cypher for FAQ 7.3; and
Boris 'pi' Piwinger, Stefan Wagner (Narnia Admin) and Jochen
Wersdörfer for assistance with FAQ 4.10.

This FAQ is provided "as is" without any express or implied
warranties. While every effort has been taken to ensure the accuracy
of the information contained in these message digests, the maintainer
assumes no responsibility for errors or omissions, or for damages
resulting from the use of the information contained herein. This FAQ
is provided for information only; reference to a Web page does not
constitute endorsement of that page's content.

The following topics are in this FAQ:

1: APAS Anonymous Remailer Use [FAQ 1/8]: Overview
2: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server
3: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics
4: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details
5: APAS Anonymous Remailer Use [FAQ 5/8]: Statistics
6: APAS Anonymous Remailer Use [FAQ 6/8]: Software
7: APAS Anonymous Remailer Use [FAQ 7/8]: Nyms
8: APAS Anonymous Remailer Use [FAQ 8/8]: Troubleshooting

----------------------------------------------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 1/8]: Overview

This document is the overview.

------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server

1: [FAQ 2.1] What is this newsgroup about?
2: [FAQ 2.2] Are there any rules I should know about?


------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics

1: [FAQ 3.1] What is an anon server or anonymous remailer?
2: [FAQ 3.2] Who runs these remailers and why?
3: [FAQ 3.3] What is a Cypherpunk Remailer?
4: [FAQ 3.4] How do I get the key for a particular remailer?
5: [FAQ 3.5] How can I get all the keys for all the remailers?
6: [FAQ 3.6] What is a Mixmaster Remailer?


------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details

1: [FAQ 4.1] Which remailers are good? Reliable? Secure?
2: [FAQ 4.2] How can I find more information about a remailer?
3: [FAQ 4.3] What is chaining? And what is a middleman?
4: [FAQ 4.4] Won't the first remailer in the chain know who I am?
5: [FAQ 4.5] Can't the last remailer's remop read my message?
6: [FAQ 4.6] How do I chain cypherpunk remailers?
7: [FAQ 4.7] Can I use mail2news gateways to post anonymously?
8: [FAQ 4.8] How do I know which newsgroups a gateway carries?
9: [FAQ 4.9] What's different about mail2news_nospam vs mail2news?
10: [FAQ 4.10] When replying to a message, how do I thread my post?
11: [FAQ 4.11] Which remailers permit my own "From:" header?
12: [FAQ 4.12] Where do I find public SMTP servers (open relays)?


------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 5/8]: Statistics

1: [FAQ 5.1] What are stats pages?
2: [FAQ 5.2] How are stats Versions 1 and 2 different?
3: [FAQ 5.3] Where can I find stats pages?
4: [FAQ 5.4] Why are there dead remailers on the stats pages?


------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 6/8]: Software

1: [FAQ 6.1] Do you recommend that I learn PGP (Pretty Good Privacy)?
2: [FAQ 6.2] Which remailer client should I choose?


------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 7/8]: Nyms

1: [FAQ 7.1] How is a nym different from anon. posting?
2: [FAQ 7.2] How do I get a particular nym server's key?
3: [FAQ 7.3] Why do alt.anonymous.messages subjects look random?
4: [FAQ 7.4] Why are nyms such a bitch to set up?
5: [FAQ 7.5] How can I ensure nym creation goes smoothly?


------------------------------

Subject: APAS Anonymous Remailer Use [FAQ 8/8]: Troubleshooting

1: [FAQ 8.1] It's hours later! Why hasn't my test post arrived?
2: [FAQ 8.2] Why didn't my email/post make it through?


------------------------------

End of faq.1 Digest
*******************

Computer Cryptology

unread,
Jun 2, 2003, 3:00:09 PM6/2/03
to
Posted-By: auto-faq 3.3 (Perl 5.004)
Archive-name: privacy/anon-server/faq/use/part2
Changes: 1.8 2001/03/25 14:41:23

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server

This is the second of eight parts of a list of frequently-asked


questions (FAQ) and their answers regarding anonymous remailer use.
The newsgroup containing the most discussion of anonymous remailers is

<alt.privacy.anon-server> (APAS). This part of the FAQ welcomes
newcomers to that newsgroup.

This FAQ is provided "as is" without any express or implied
warranties. While every effort has been taken to ensure the accuracy
of the information contained in these message digests, the maintainer
assumes no responsibility for errors or omissions, or for damages
resulting from the use of the information contained herein. This FAQ
is provided for information only; reference to a Web page does not
constitute endorsement of that page's content.

The following topics are in this FAQ:

1: [FAQ 2.1] What is this newsgroup about?


2: [FAQ 2.2] Are there any rules I should know about?

----------------------------------------------------------------------

Subject: [FAQ 2.1] What is this newsgroup about?

APAS is an unmoderated, non binary, low volume newsgroup for the
discussion of all things related to anonymity on the 'Net but
especially related to anonymous remailers. In the past year or so
discussions have widened to include those relating to new anonymizing
services that exist outside of the traditional anonymous remailer
network. I am speaking of services like Zero Knowledge's Freedom
software, COTSE, Hushmail and Anonymizer to name a few.

Incidentally, there are also newsgroups called alt.anon-server and
alt.privacy.anon.server (a dot instead of a dash). 'Not much to see in
those groups. This is where you want to be if you're interested in
anonymous email and newsgroup posts.

This is also the place where the authors of anonymous remailer
software (QuickSilver author Richard Christman, for example) can
provide advice and support for their products.

------------------------------

Subject: [FAQ 2.2] Are there any rules I should know about?

Be aware that many here will post anonymously. But it certainly is not
a requirement. Be forgiving of repeat anonymous posts. This results
from remailer clients that have been configured to deliver messages
through two (or more) mail-to-news gateways (see #4.1) so as to ensure
reliable delivery.

Don't send test messages to APAS.

(Indulge me for a second while I repeat that one.)

Don't send test messages to APAS!

Try alt.test or misc.test instead please. These tests groups can also
provide valuable information since many others will test remailer
chains (see #4.3) there!

Finally, Usenet etiquette is always appreciated here: Lurk before you
post. No binary attachments. No HTML. Don't type in all caps. Don't
give a troll a thread. And one I'm still working on: pause before
hitting that send button. Posting an angry, hurried response will
often leave you wishing you hadn't said what you said.

Furthermore, an increasing number of news servers will not accept
cancels. So cool off, sleep on it, and THEN post if you still feel the
need.

------------------------------

End of faq.2 Digest
*******************

Computer Cryptology

unread,
Jun 2, 2003, 3:00:12 PM6/2/03
to
Posted-By: auto-faq 3.3 (Perl 5.004)
Archive-name: privacy/anon-server/faq/use/part3
Changes: 1.12 2001/10/25 01:18:12

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics

This is the third of eight parts of a list of frequently-asked
questions and their answers regarding anonymous remailer use. This
part introduces anonymous remailers.

This FAQ is provided "as is" without any express or implied
warranties. While every effort has been taken to ensure the accuracy
of the information contained in these message digests, the maintainer
assumes no responsibility for errors or omissions, or for damages
resulting from the use of the information contained herein. This FAQ
is provided for information only; reference to a Web page does not
constitute endorsement of that page's content.

The following topics are in this FAQ:

1: [FAQ 3.1] What is an anon server or anonymous remailer?


2: [FAQ 3.2] Who runs these remailers and why?
3: [FAQ 3.3] What is a Cypherpunk Remailer?
4: [FAQ 3.4] How do I get the key for a particular remailer?
5: [FAQ 3.5] How can I get all the keys for all the remailers?
6: [FAQ 3.6] What is a Mixmaster Remailer?

----------------------------------------------------------------------

Subject: [FAQ 3.1] What is an anon server or anonymous remailer?

An anonymous remailer is a computer which has been configured to run
remailer software. This software is a specialized kind of email server
software. Unlike the average email server which goes to great lengths
to log all incoming/outgoing traffic and add identifying and traceable
info to its outgoing mail (in the form of headers) remailer software
ensures that outgoing mail has been STRIPPED CLEAN of any identifying
information! Thus the name 'anonymous' remailer.

The remailer performs certain automated tasks which include retrieving
mail, decrypting/processing that mail (only mail that is properly
encrypted and formatted), obeying the directives within the message
and, finally, delivering - remailing - the finished product to a
second party in anonymized form. When received by that second party it
will reveal only that it was sent from an anonymous source (usually
the remailer's name and email address). The IP address shown will be
the IP address of the remailer machine.

Ideally, no logs are kept by the remailer software. This ensures both
the anonymity of the user and protects the operator from liability.
(See Mike Shinn's work in progress FAQ For Remailer Operators
<http://mixmaster.shinn.net/faq/index.html>.)

The process is not completely automated since a human operator is
required - called a remailer operator, or RemOp - to ensure that
traffic is running smoothly, that PGP and Mixmaster encryption keys
are kept updated, that complaints of abuse are dealt with, and also
that users and fellow operators are kept up to speed on any changes to
the remailer's configuration. APAS is the place where such updates are
posted. They are also posted to the Remailer Operator's Mailing List
(Blank email to remailer-oper...@anon.lcs.mit.edu for
details on how to subscribe.) There is also an archive of the Remop's
List <http://lexx.shinn.net/mailman/listinfo/remops>. You can even
post to the list from this Web page! (Thanks Mike Shinn.)

That's basically how a remailer works. Some anonymous remailers can
send both email and newsgroups posts. And most will require newly
arrived messages to be encrypted. More about that later. See also:
Andre Bacard's Remailer FAQ <http://www.andrebacard.com/remail.html>
and William Knowles' overview of anonymity on the 'Net
<http://www.c4i.org/erehwon/anonymity.html>.

------------------------------

Date: 07 July 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 3.2] Who runs these remailers and why?
Summary: Determine for yourself the remailer operators' character.

Some documents will refer to the "traditional remailer network". This
refers to the remailers listed on the many stats pages (see FAQ 5.1)
available on the Web. These are run, mostly, by individuals like
those in APAS, who value free speech, especially anonymous speech, and
want to provide a free service to those you need to communicate
anonymously. Keep in mind that there is no way to know the real
motivation a remailer operator has unless you know them personally,
and even then you may not know the full story.

Since anyone with the technical ability and network connectivity can
operate a remailer, there are endless possibilities as to the real
motivations behind offering such a service to the public at large.
Always floating around the APAS rumor mill are accusations that one or
more remailers are really being run by intelligence agencies, law
enforcement agencies, and even terrorist organizations and other
criminal types. Of course no credible evidence is ever presented to
back up these accusations so they are mostly dismissed as trolling.
But if one takes the devil's advocate position, there is never any
evidence presented to refute these rumors either; that is, it is
entirely possible they could be true.

One way to learn more about individual remops might be to visit their
home pages, some of which are here in alphabetical order:

__Remailer Web Pages__
Austria
<http://www.tahina.priv.at/~cm/stats/>
Cracker
<http://anon.efga.org/>
Dizum
<https://ssl.dizum.com/help/remailer.html>
Farout
<http://www.nuther-planet.net/farout/>
Lefarris (en Français)
<http://www.citeweb.net/arris/>
Narnia (mostly German)
<http://www.trumpkin.Narnias-Door.com/remailer/>
Noisebox
<http://noisebox.remailer.org/remailer/>
Randseed
<http://melontraffickers.com>
Riot
<http://www.riot.eu.org/anon/>
Senshi
<http://private.addcom.de/SenshiRemailer/>
Shinn
<http://mixmaster.shinn.net/>
SubZer0
<http://www.press.nu/leiurus/subzer0/>
Cmeclax
<http://lexx.shinn.net/cmeclax/>

__Nym Servers__
NYM.ALIAS.NET Nym Server <http://www.publius.net/n.a.n.html>
ANON.XG.NU Nym Server <http://anon.xg.nu/>
Redneck Nym Server (middleman) <http://anon.efga.org>

(Submit other Web page URLs to CC <turing+apa...@eskimo.com>.)

Learning to use the traditional remailer network takes some time and
effort. And this time and effort pays off handsomely by providing the
user with a highly secure method to communicate privately and
anonymously. But many privacy-minded folks (and their ranks are
increasing daily!) are looking for an easier and less time-intensive
approach. Some are even willing to pay for it. To satisfy this niche
there have arrived many new products and services that provide various
combinations of anonymous email, newsgroup posting and Web-surfing
with varying degrees of anonymity.

To describe and evaluate these services is, for now, beyond the scope
of this FAQ. I have provided URLs for some of these services below. I
have categorized them into two groups: free of charge and fee-based.
Noteworthy amongst these is the fee-based Freedom Software by the
Montreal-based Zero Knowledge Systems (ZKS). Launched in December
1999, Freedom is a 'privacy system' not unlike the traditional
remailer network . It allows users to send email, post to newsgroups,
chat and surf the Web in total privacy without having to trust third
parties with their personal information. Freedom users create multiple
digital identities - "nyms" - with which their online activities are
associated. All data packets Freedom users send are encrypted and
routed through a global privacy infrastructure called the Freedom
Network, which is hosted by participating ISPs and other independent
server operators. A 30-day free trial is available.

The package has been criticized <http://cryptome.org/zks-v-tcm.htm>
for not being open-source. But that is changing. The source code of
the kernel module of the Linux version of Freedom
<http://opensource.zeroknowledge.com/> has been released; and the
release of the Windows version source code is "coming soon";

_Free of Charge_
GILC Web-Based Remailer
<http://www.gilc.org/speech/anonymous/remailer.html>
Hushmail <http://www.hushmail.com>
Safeweb <http://www.safeweb.com>
Zixmail <http://www.zixmail.com>
Anonymouse <http://anonymouse.is4u.de/>
COTSE <http://www.cotse.com/home.html>
Somebody.net <http://somebody.net/>
ANON.XG.NU's Web-Based Remailer <http://anon.xg.nu/remailer.html>
Chicago <http://xenophon.r0x.net/cgi-bin/mixnews-user.cgi>

_Fee-Based_
ZKS Freedom <http://www.freedom.net>
SkuzNET's The Internet Mail Network <http://www.theinternet.cc/>
Mailanon <http://www.mailanon.com/>
IDcide <http://www.idcide.com>

For an interesting discussion of the pros and cons of anonymous speech
check out this link from LCS.MIT.EDU:
<http://www.lcs.mit.edu/anniv/speakers/presentation?id=041399-15>

(I'm looking for more links of this nature: political, legal
perspectives on remailers. If you know of any please pass them on to
CC <turing+apa...@eskimo.com>.)

------------------------------

Subject: [FAQ 3.3] What is a Cypherpunk Remailer?

Also referred to as a Type I, this is a remailer that accepts messages
encrypted with its publicly available PGP key. PGP is Pretty Good
Privacy, the well-respected public-key encryption program which is
widely available and, with a few exceptions, freeware. Users encrypt
their clear-text, outgoing message with the Cypherpunk remailer's
public key. This can be done with any text editor like Notepad and a
properly installed version of PGP. There is a particular message
format to follow, one that the remailer software can understand:

============
::
Anon-To: news.r...@nbc.com
Latent-Time: +0:00

##
Subject: My Company Dumps Toxic Waste

I'm writing this anonymously because I don't want to lose my job.
My company has, for the past three years...
============

The above message is cut and paste into PGP and encrypted with the
chosen remailer's key, say gret...@neuropa.net

============
-----BEGIN PGP MESSAGE-----

Version: PGP 2.6x
hQCMA8asoPEC0e2BAQP9GqR2aXNOstRq8eJW2QVubioR0gO7Ue0AOL/rFdnxXknC
YPpe2X2TKlcvd961+lhe9w2Y8vo3JcBYYBifTJRwmMjnXLagCU4Mhh0VZtk/QXMZ
/FLeJWi67qsb45a2mNw0/Q8eXHKfOQyHcmEQ7cg/bq4Xz6LusfxBHF8zsojVOgal
8RVRtr9drjBlOzJvWxaq7LrKidME6q0tM7pRiLN5dvVBon2NKlmpJI6vAFjyi8ma
f5Bg6Zor+PMxcm3EmuWbjLEiOu5USrTgU4OiaC7PHF9INxwXuKmdNz/JprgOc0c6
6s6RvbOo6rsvlwqPKw==
=ICz/
-----END PGP MESSAGE-----
=============

Finally, the user has to append a directive to the top of the
encrypted message, making it look like this:

============
::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: PGP 2.6x

hQCMA8asoPEC0e2BAQP9GqR2aXNOstRq8eJW2QVubioR0gO7Ue0AOL/rFdnxXknC
YPpe2X2TKlcvd961+lhe9w2Y8vo3JcBYYBifTJRwmMjnXLagCU4Mhh0VZtk/QXMZ
/FLeJWi67qsb45a2mNw0/Q8eXHKfOQyHcmEQ7cg/bq4Xz6LusfxBHF8zsojVOgal
8RVRtr9drjBlOzJvWxaq7LrKidME6q0tM7pRiLN5dvVBon2NKlmpJI6vAFjyi8ma
f5Bg6Zor+PMxcm3EmuWbjLEiOu5USrTgU4OiaC7PHF9INxwXuKmdNz/JprgOc0c6
6s6RvbOo6rsvlwqPKw==
=ICz/
-----END PGP MESSAGE-----
============

The user then mails the above encrypted message (double colons and
all) NOT to the intended recipient but instead to the remailer's
address: <gret...@neuropa.net>. This arrives at the remailer where it
is eventually processed, decrypted and mailed to
<news.r...@nbc.com> appearing to have come from "Anonymous"
<nob...@neuropa.net>.

Most remailers are not purely Cypherpunk but will accept both
Cypherpunk and Mixmaster messages. Keep in mind too that there are
currently only a few Cypherpunk (Type I) remailers that will accept
non-PGP messages and their numbers are dwindling.

See also:

This tutorial with pictures and step by step instructions
<http://anon.xg.nu/shotsof.htm>.

Read some history about how Cpunk remailers first came about
<http://cryptome.org/zks-v-tcm.htm>.

Visit this link at LCS.MIT.EDU about remailers and their importance
<http://www.lcs.mit.edu/impact/perspect/perspective?name=9901>.

------------------------------

Date: 24 October 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 3.4] How do I get the key for a particular remailer?
Summary: Send remailer an email message with "Subject: remailer-key".

That's easy! Send a blank email message to the remailer with
"remailer-key" (without the quotation marks) as the subject line. The
reply from the remailer should contain its PGP (perhaps both RSA and
DH/DSS) and Mixmaster keys. If you can't get a reply to a
remailer-key request it's likely you won't get any mail through that
remailer either!

------------------------------

Date: 02 March 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 3.5] How can I get all the keys for all the remailers?
Summary: Get them individually; see question 3.4.

There are some stats maintainers who will maintain an up-to-date
collection of all the current remailer keys. Here are a few places to
download all the keys, starting with the newest:

Computer Cryptology's Database
<http://www.eskimo.com/~turing/cgi-bin/db.cgi>

Frog's Thesaurus Data
<http://www.privacyresources.org/frogadmin/Thesaurus/Thesaurus.html> OR
<http://www.chez.com/frogadmin/Thesaurus/Thesaurus.html> OR
<http://members.nbci.com/frogadmin/Thesaurus/Thesaurus.html>

Trex is out-of-date and Peter removed it. As Weasel used to say,
"*Get [the keys] yourself from each remailer!* I mean it!" Frog's
Web page agrees that collecting information and/or remailer keys
second hand is a bad idea. The most secure (but not the fastest) way
to do this is to send individual requests to all the remailers
according to your needs:

Subject: remailer-key
Subject: remailer-conf
Subject: remailer-help
Subject: remailer-stats

If you nevertheless permit your client to refresh keys from keyrings
on the Web, lists of the known key sources likely to be more current
than this FAQ are here:

Frog's MetaStats
<http://www.privacyresources.org/frogadmin/MetaStats/index.html> OR
<http://www.chez.com/frogadmin/MetaStats/index.html> OR
<http://members.nbci.com/frogadmin/MetaStats/index.html>

The following URLs might be current--check the date of this FAQ. (The
links come from Computer Cryptology's List of Known Stats Sources,
<http://www.eskimo.com/~turing/remailer/stats/db//rlists.txt> and
<http://www.eskimo.com/~turing/remailer/stats/db//mlists.txt>.)

efga <http://anon.efga.org/Remailers/TypeIList/pubring.asc>
<http://anon.efga.org/Remailers/type2.list> ;
<http://anon.efga.org/Remailers/pubring.mix>
farout <http://www.nuther-planet.net/farout/keys/rsa-dss.asc>
<http://www.nuther-planet.net/farout/keys/type2.lis> ;
<http://www.nuther-planet.net/farout/keys/pubring.mix
frog <http://www.privacyresources.org/frogadmin/Keys/dsskeys.asc>
<http://www.privacyresources.org/frogadmin/Keys/type2.lis> ;
<http://www.privacyresources.org/frogadmin/Keys/pubring.mix>
shinn <http://mixmaster.shinn.net/stats/rsa-pubring.asc>
<http://mixmaster.shinn.net/stats/type2.list> ;
<http://mixmaster.shinn.net/stats/pubring.mix>
subzer0 <http://www.press.nu/leiurus/subzer0/pubring.asc>
<http://www.press.nu/leiurus/subzer0/type2.lis> ;
<http://www.press.nu/leiurus/subzer0/pubring.mix>
turing <http://www.eskimo.com/~turing/remailer/keys/remailers.asc>
<http://www.eskimo.com/~turing/remailer/keys/type2.lis> ;
<http://www.eskimo.com/~turing/remailer/keys/pubring.mix>

Use of these URLs depends on the remailer client. For example, for
the Mixmaster keys, one might need pubring.mix and, perhaps, type2.lis
depending on the Mixmaster version. Examples illustrating how to
place these in various clients are on these Web pages:

Client Configurations for DUMMIES
<http://www.privacyresources.org/frogadmin/Configs/index.html>
Stats - Configuration (JBN2 only)
<http://www.eskimo.com/~turing/remailer/stats/db/JBN.html>

Consider the comments in question 5.4 before using the following URLs:

lefarris
<http://pages.globetrotter.net/arris/cles/rsa-dhdss.asc>
<http://pages.globetrotter.net/arris/cles/type2.lis ;
<http://pages.globetrotter.net/arris/cles/pubring.mix>
xganon <http://anon.xg.nu/list/pubring.asc>
<http://anon.xg.nu/list/type2.list> ;
<http://anon.xg.nu/list/pubring.mix>

These may be out of date!

------------------------------

Subject: [FAQ 3.6] What is a Mixmaster Remailer?

Also known as a Type II remailer, this kind of remailer accepts
messages in the Mixmaster format. It doesn't use a PGP key but instead
it uses it's own Mix key which looks like something like this:

-----Begin Mix Key-----
08daa0412580b473b0405a27b6eb72f6
258
AATLm+Il10etAgaOBsAMfggFXi2ghiyypIkZkqhh
W0Ef6LvDNLdPZ94Gu4QgPDD+q13JyRwmU/TvTgIk
SBGxv9dUH3J22BEg600vD9lWOcFiq3ApjUuxS76T
Zf+lGTINOIs+zkAmrojqueQfHFxBE0rMembno8jg
VHlOpyeHRfJNIQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

Mixmaster uses a message format based on RSA and Triple-DES
encryption. Messages are multiply encrypted and formatted so as to
appear identical to other Mixmaster messages . Messages are sent
through chains of Mixmaster remailers. Each remailer removes one layer
of encryption, and forwards the message. When the final remailer
delivers the decrypted message to the recipient, it is impossible to
find out where it came from even if part of the remailer chain is
compromised.

Mixmaster remailers improve on Cypherpunk remailers by making traffic
analysis much more difficult. It does this by making all incoming and
outgoing messages the same size (28.1kb) and by re-ordering messages
before delivery - so that traffic coming in cannot be associated
necessarily with traffic going out.

The building of a Mixmaster message cannot be done with a text editor!
Special client software is required.

See also Mixmaster FAQ
<http://www.obscura.com/~loki/remailer/mixmaster-faq.html>.

------------------------------

End of faq.3 Digest
*******************

Computer Cryptology

unread,
Jun 2, 2003, 3:00:17 PM6/2/03
to
Posted-By: auto-faq 3.3 (Perl 5.004)
Archive-name: privacy/anon-server/faq/use/part4
Changes: 1.16 2001/11/29 14:58:31

Posting-Frequency: monthly
A list of the recent changes to the FAQ list will appear
next week.
A how-to-find-the-FAQ article appears every Wednesday.
URL: http://www.eskimo.com/~turing/remailer/FAQ/

Subject: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details

This is the fourth of eight parts of a list of frequently-asked
questions and their answers regarding anonymous remailer use. This
part answers more questions about remailers.

This FAQ is provided "as is" without any express or implied
warranties. While every effort has been taken to ensure the accuracy
of the information contained in these message digests, the maintainer
assumes no responsibility for errors or omissions, or for damages
resulting from the use of the information contained herein. This FAQ
is provided for information only; reference to a Web page does not
constitute endorsement of that page's content.

The following topics are in this FAQ:

1: [FAQ 4.1] Which remailers are good? Reliable? Secure?


2: [FAQ 4.2] How can I find more information about a remailer?
3: [FAQ 4.3] What is chaining? And what is a middleman?
4: [FAQ 4.4] Won't the first remailer in the chain know who I am?
5: [FAQ 4.5] Can't the last remailer's remop read my message?
6: [FAQ 4.6] How do I chain cypherpunk remailers?
7: [FAQ 4.7] Can I use mail2news gateways to post anonymously?
8: [FAQ 4.8] How do I know which newsgroups a gateway carries?
9: [FAQ 4.9] What's different about mail2news_nospam vs mail2news?
10: [FAQ 4.10] When replying to a message, how do I thread my post?
11: [FAQ 4.11] Which remailers permit my own "From:" header?
12: [FAQ 4.12] Where do I find public SMTP servers (open relays)?

----------------------------------------------------------------------

Subject: [FAQ 4.1] Which remailers are good? Reliable? Secure?

The "good" and "reliable" remailers are the ones that work for you and
have the feature set you need or want. The "secure" remailers are the
ones operated by those who do not monitor the traffic passing through
them AND have good security policies in place on their networks and
machinery to prevent their remailer from being penetrated by
unauthorized parties and subsequently compromised.

Since you can never know for yourself how "secure" any one individual
remailer is, you should always use encrypted chains of remailers (see
#4.3) to send your messages. So long as all the remailers in your
chain have not been compromised or their operators are not cooperating
amongst themselves, then your traffic will be reasonably secure.

Advanced topics relating to traffic analysis of the remailer network
that may allow adversaries to deduce the source and destination of
individual messages is, for now, beyond the scope of this FAQ.
However, it is almost certain that these activities do take place to
some degree. It is for this reason that you we have advanced remailer
protocols such as Mixmaster, and proposals for other up-and-coming
network scenarios (like WOF <http://www.bigfoot.com/~potatoware/wof/>,
RadioClash <http://piratech.net/radioclash/>, Publius
<http://www.cs.nyu.edu/~waldman/publius/>, Freenet
<http://freenet.sourceforge.net/>) to reduce the effectiveness of
traffic analysis.

------------------------------

Subject: [FAQ 4.2] How can I find more information about a remailer?

Send a blank email to the remailer address with "remailer-conf" (no
quotes) as the subject line. In addition to this you can also send a
blank email with "remailer-help" (no quotes) as the subject. Visit the
remailer's Web page if one exists. And pay attention to APAS for any
announcements or policy changes from the remailer's operator.


------------------------------

Subject: [FAQ 4.3] What is chaining? And what is a middleman?

Before chaining one's messages one must have an understanding of
middleman remailers. A middleman remailer ("middle" in its cap
string) is one that always adds another hop to any message that is not
already en route to another remailer. Example: If you send a message
to recipient <my_co...@entrust.com> through middleman remailer
Georgia Cracker <rema...@gacracker.org>), Gacracker will send it to
say, <rema...@dizum.com>, with instructions to deliver to
<my_co...@entrust.com>.

This behavior demonstrates what is known as smart middleman. All
Reliable <http://www.bigfoot.com/~potatoware/reli/> remailers that are
running in middleman mode are smart.Check the remailer-conf file to be
certain just what kind of middleman behavior to expect. Now, back to
chaining.

Chaining is using more than one remailer to send your encrypted
message. Basically, you send a message to remailer A with instructions
to send it to remailer B, which in turn finds instructions to send it
to remailer C, and so on, until the final recipient receives the
message. The intention is to obfuscate the origin of the email and/or
(with the help of encryption) the content of the message body. At any
given point on it's route, such a message will reveal only where it
came from and where it is going. If the message was not chained (only
one remailer was used) then that remailer operator or a successful
traffic analyst can know the true source AND destination of the
message. Not good.

------------------------------

Subject: [FAQ 4.4] Won't the first remailer in the chain know who I am?

Well, yes. He knows as much about you as can be revealed from your
email headers, i.e. the original source of the message. But if your
message is chained (as described above) to another remailer AND
ENCRYPTED with that remailer's key, then the first remailer (and
anyone snooping his traffic) cannot read your message. All they will
see is an encrypted message (with no subject line) that is heading to
some other remailer. Since your message must enter the remailer
network somewhere, that first remailer operator can always know where
the message is really coming from. It is for this reason that chained
messages should always be encrypted and not sent in the clear through
remailers that will accept clear text messages (Noisebox Remailer or
Xganon for example).

There is absolutely no security in sending an unencrypted chained
remailer message. Using remailers without encryption (whether it's PGP
or Mixmaster) is like a police officer choosing to leave his
bullet-proof vest at home in his closet!

------------------------------

Subject: [FAQ 4.5] Can't the last remailer's remop read my message?

Absolutely, if he wanted to. But all he knows is the message contents,
where it is going, and the fact he got the message from another
remailer. He will not know the original source of the message. If that
is more than you want to reveal than you need to encrypt to your final
recipient instead of sending a plain text correspondence. Of course,
this isn't always feasible. The final recipient would need to have PGP
on his computer, you would have to exchange public keys or a
conventional password beforehand. It's really up to you the user to
decide just how much security you require for a particular message and
take the necessary precautions.


------------------------------

Date: 8 Aug 2001 14:32:06 -0000
From: Doc.Cypher <doc_c...@redneck.gacracker.org>
Subject: [FAQ 4.6] How do I chain cypherpunk remailers?
Message-ID: <2001080814320...@gacracker.org>
Summary: Encrypt each Anon-To within the previous remailer's message.

[For a step-by-step explanation of remailing with cypherpunk
remailers, see FAQ 3.3. For an explanation of chaining, see the post
below, or follow John Hull's example:

<http://saddle.yoll.net/anon/handrolling.html>

An explanation is also in the help file from almost any remailer
(under the heading "REMAIL REQUEST: CYPHERPUNK CHAIN" for most
Reliable remailers). Send a blank email message to a remailer with
"remailer-help" (without the quotes) as the subject, or see Frog's
Thesaurus Data
<http://www.privacyresources.org/frogadmin/Thesaurus/Thesaurus.html>.
-CC]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 8 Aug 2001, Anonymous <rema...@remailer.xganon.com> wrote:

[SNIP]

>Now I want to use a chain of remailers? How do I do this? I'm
>guessing I should somehow encrypt the message using all the keys of
>the remailers in the chain? And if I send the message to the first
>remailer in the chain, how do I let that remailer know to send it to
>the next one? If someone could either tell me how to do this, or
>direct me toward an information source explaining this, I'd
>appreciate it.

Chaining messages is achieved by repeating the encryption steps.
Taken as an example, chaining through two remailers thus,
You -> A -> B -> Recipient

You start off with your message and prefix with


::
Anon-To: <recipient@somewhere>

##
Subject: <some text>

<MESSAGE>


You then encrypt this with the key of the remailer B, and prefix it with


::
Anon-To: <Remailer-B@somewhere>

::
Encrypted: PGP

<PGP MESSAGE>


You take this and encrypt it with the key of remailer A, and prefix with


::
Encrypted: PGP


and now send it to remailer A.

What happens then is that remailer A takes the message, decodes it, and
sends it to remailer B. Remailer B decodes it and sends it to the
recipient.


Doc.
- --
The bigger the humbug, the better people will like it.
~ Phineas Taylor Barnum. http://vmsbox.cjb.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBO3By8sriC3SGiziTAQH4Cwf+JSwjLQcPtVbNAOKB28NBdA+yLLWYflmB
bjpH3nzDyV0TUEEiRH7gdancM8CuMk4n+5D+hWCHIyFoaR93/BuGdft9s8xuPi8M
nzSzPO4pFht8NTzhkkrn9iUcJWgh+fFNfBvWtjDCLs6qdxoQwTUI9N0ioceAlK1S
vk78pYdZ9srxCEr5sCyuAR56wRq0Sa81SDePOcYz48FrRR51Zdoe/cu3Hu4AYeY5
wpC5J59U0BIVb9xnt9zBR7I3aQZArFffZ2G6vdEHDnVulY5hpXjenEgUCUjFH+da
bCD6dCOVtPxYvFbo9mmMY6spiDwfeaOXzniFdFvqdrbADycW2s7qiw==
=3VgO
-----END PGP SIGNATURE-----

------------------------------

Date: 05 August 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 4.7] Can I use mail2news gateways to post anonymously?
Summary: M2N gateways forward email messages to Usenet postings.

Although they are not anonymous remailers, mail-to-news (mail2news or
M2N) gateways are an important part of the remailer network. They
forward email messages to Usenet, permitting posting of messages or
(in some cases) binaries to certain newsgroups. (See FAQ 4.8 for
instructions on determining which newsgroups are available.)

Be warned that these gateways by themselves do not make messages
anonymous. Their administrators *will* keep logs. It is the
remailers that strip off the identifying information from your
message, *not* the M2N gateway. The gateway only delivers to a
newsgroup. See the official help file M2N gateways by sending a blank
email to <mail...@anon.lcs.mit.edu> with the subject "help" (no
quotes). It is when you use an anonymous remailer in combination with
a mail-to-news gateway that anonymous newsgroup posts are possible.

There are actually two methods of posting anonymously to Usenet: via
an "Anon-Post-To:" directive or via an "Anon-To:" directive. Note
that in most cases remailers with "post" in their cap strings actually
forward to a M2N gateway rather than posting via NNTP, so these
methods are often equivalent.

Method #1
Below is a template for the first method. Send the following email
message to a remailer that supports anonymous newsgroup posting
("post" in the cap string).

::
Anon-Post-To: misc.test

##
Subject: This is a boring test

Start your message here.

Method #2
Below is a template for the second method. Send the following email
message to a Cypherpunk remailer ("cpunk" in the cap string).

::
Anon-To: mail...@dizum.com (or any other mail2news gateway)

##
Subject: Is Gretchen Down?
Newsgroups: alt.privacy.anon-server
X-No-Archive: yes (this line is optional)

Start your message here.

Both of these methods will work. Pay attention to the cap strings.
Many remailers are PGP-only ('pgponly" in the cap strings). So before
sending to those remailers you will have to encrypt the above with the
remailer's pgp key.

Here are some other mail2news gateways you can use:

<mail...@anon.lcs.mit.edu> *
<mail2new...@anon.lcs.mit.edu>
<mail...@dizum.com>
<mail2new...@dizum.com>
<mail...@freedom.gmsociety.org>
<mail2new...@freedom.gmsociety.org>

See FAQ 4.8 for an explanation of the significance of the "nospam"
gateways.
*Note that <mail...@nym.alias.net> is an alias for
<mail...@anon.lcs.mit.edu>. The preferred address is
<mail...@anon.lcs.mit.edu>.

See this Web-Based Mail2News Interface <http://forward.to/mail2news>
for a quick-and-dirty way to post anon to Usenet. See also
<https://ssl.dizum.com/help/mail2news.html> for help with Dizum's
mail2news gateway (formerly known as <mail...@zedz.net>).

------------------------------

Subject: [FAQ 4.8] How do I know which newsgroups a gateway carries?

For <mail...@anon.lcs.mit.edu>:
To receive a list of all newsgroups send mail to
<mail...@anon.lcs.mit.edu> with Subject "groups" (no quotes).

For <mail...@mixmaster.shinn.net>:
Same method as above. Or you can finger <gro...@mixmaster.shinn.net>
for a full listing of groups.

For <mail...@dizum.com>:
It offers the same capability. Unfortunately, the last time I checked
the list of groups it sends back is incomplete and inacurate. It's
safe to assume, however, that like the other two gateways Dizum
supports between 10,000-25,000 newsgroups from all the major
hierarchies.

You can also include an egrep-style regular expression on the subject
line. For instance,

Subject: list comp\.unix

would list only newsgroups whose names begin "comp.unix".

Subject: list .*linux

would list all newsgroups whose names contain the substring "linux".

Subject: list alt.*(security|privacy)

would list all newsgroups beginning "alt" and containing either the
word "security" or the word "privacy".

Subject: list .*\.test$

would list all newsgroups ending ".test".

------------------------------

Date: 9 Mar 2001 19:10:43 -0000
From: Redbird <red...@redneck.gacracker.org>
Subject: [FAQ 4.9] What's different about mail2news_nospam vs mail2news?
Message-ID: <2001030919104...@gacracker.org>
Summary: No-spam gateways change headers to hinder address collection.

[edited by turing+apa...@eskimo.com (Computer Cryptology)]
On Fri, 9 Mar 2001, Nomen Nescio <nob...@dizum.com> wrote:
> What's the difference between these two?:
> mail2new...@anon.lcs.mit.edu and mail...@anon.lcs.mit.edu

The first is the no-spam variant of the same mail2news gateway.

How does the no-spam variant work?

The address of my nym account is red...@redneck.gacracker.org. If I
had addressed my send request for this message to
mail...@anon.lcs.mit.edu, my nym account address would have appeared
in the From header. An address collector would be able to find it
easily, and I might end up receiving spam e-mail.

Instead I've addressed my send request to the no-spam variant,
mail2new...@anon.lcs.mit.edu, and my message should include the
following From header:

From: Redbird <Use-Author-Address-Header@[127.1]>

This header is added by the mail2news gateway. The following portion
of it is standard: <Use-Author-Address-Header@[127.1]>. And it
instructs the person reading it to use the Author-Address header (see
below). The only thing that will vary is the name preceding it, and
this is determined by whatever precedes the @ in the real nym account
address. For example, if the real nym account address were
ru...@redneck.gacracker.org, the From header would read as follows:

From: Ruth <Use-Author-Address-Header@[127.1]>

My message should also include the following "Author-Address" header:

Author-Address: Redbird <AT> nym <DOT> alias <DOT> net

This header is also added by the mail2news gateway and is the means by
which it provides my real address to anyone who might wish to reply to
this message by e-mail.

There are no-spam variants for all three mail2news gateways:

mail...@anon.lcs.mit.edu
mail2new...@anon.lcs.mit.edu

mail...@dizum.com
mail2new...@dizum.com

mail...@mixmaster.shinn.net
mail2new...@mixmaster.shinn.net

Redbird

------------------------------

Subject: [FAQ 4.10] When replying to a message, how do I thread my post?

There are two ways to thread your messages into a discussion. You can
do it manually, or take advantage of features in JBN to automate the
process. I'll explain the hard way first...

* In JBN, open your book which you intend to post with.

* Enter "Re: Remailers Suck!" (or whatever the relevant subject is)
into the "Subject: " field.

* Find the message you want to followup and copy the message ID.
(example <3e125abb862940ed...@anonymous.poster> )
Take this and put "References: <msg-id>" in the additional headers box
under the subject.

* Copy bits you want to keep from the original message, you can paste
these into the book by right-clicking and selecting "Paste As
Quote".

* Don't forget the "Newsgroups:" header! :)

You should be able to manage this easily provided you can get the
message ID out of your newsreader.

Now, the easy way involves getting the entire message **and headers**
into the clipboard. This is the part that depends on which newsreader
you use. With XNews, for example, make sure all headers are displayed
within the message and then right-click and select "Copy All".

With the entire message (and most importantly the headers) on the
clipboard, select the book you will use to construct a reply, select
"Follow-Up Clipboard (Ctrl-U)" from the "Message" drop-down menu. You
can then quote the entire message and edit as appropriate. It is
really simple once you've managed it a couple of times.

One point to watch out for! If replying to a message in a long thread,
you may want to trim excess References elements from the
headers. Remailers (esp those that use Mixmaster software) don't take
kindly to long headers or badly wrapped headers.

Summary: All you really need is the message ID of the post you are
replying to.

------------------------------

Date: 16 August 2001 12:00 Z
From: turing+apa...@eskimo.com (Computer Cryptology)
Subject: [FAQ 4.11] Which remailers permit my own "From:" header?
Summary: Only a few remailers permit custom "From:" headers.

[Thanks are due to Boris 'pi' Piwinger for reports, Stefan Wagner
(Narnia Admin) and Jochen Wersdörfer for mentioning their
remailers, and Farout-Admin for posting regular updates.]

A more up-to-date and complete answer to this question is available in
the following table:

<http://www.nuther-planet.net/farout/misc/FromHead.html>

As of the date of this FAQ, tests indicate the following remailers
permit the user to specify part or all of the "From:" header line
(either the entire address or the nickname only) in the final headers
[1]:

farout
frog2
italy2*
narnia*
segfault
shinn*
squirrel

*Note that italy2, narnia, and shinn add a disclaimer (either in the
header of the body of the message) when the message has a custom
"From:" header. The intent of this warning is to reduce forgery
complaints.

[1] See the Reliable User's Manual for further information:
<http://www.theinternet.cc/potatoware/reli/UserMan.htm#Final>
<http://www.theinternet.cc/potatoware/reli/UserMan.htm#finFrom>

------------------------------

Subject: [FAQ 4.12] Where do I find public SMTP servers (open relays)?

Relaying mail through the servers of a third party is, at best bad
Internet etiquette and, at worst, theft of service. This is not just
my view but the view of Internet users and service providers
worldwide. Many of the larger ISPs, in a preventative move to stop
their own customers from spamming others, have blocked customer's
connections to any smtp servers but their own.

Open relays, in the vast majority of cases, will not hide the origin
of your message. Your IP address is visible and all traffic is logged.

Still not deterred? Okay. Here's one method of finding an open relay:

+ Visit newsgroup <news://news.admin.net-abuse.sightings> and scan
through the posts there looking for any spam reports that mention open
relay, hijack, or relay-rape.

+ Take the mail servers you find in "sightings" and plug them, one by
one, into the form at
<http://vancouver-webpages.com/cgi-bin/nph-chkspam>.

+ If your tests indicate that a particular email server is still an
open relay then your search is over. Insert the mail server's address
in place of your ISP's SMTP server in your email client's
configuration.

------------------------------

End of faq.4 Digest
*******************

Reply all
Reply to author
Forward
0 new messages