iNet Guide

Anonymous Remailers.

Anonymous remailers allow anyone to post messages to newsgroups or to individuals while remaining anonymous. The identity of the sender is hidden from the recipient and remains practically untraceable.

An anonymous remailer is a program that runs on a computer somewhere on the Internet. When you send mail to the remailer address, the remailer takes your name and your address off of the mail message and forwards it to its next destination. The recipient gets mail that has no evidence of where it originally came from, at least not in the headers. (You might give away your identity in the body of the message, but that would be your own fault.)

But why would anyone want to use an anonymous remailer? This is a frequently asked question! The following is a compilation of answers to the above provided by some famous privacy concerned net.citizens.

"It's important to be able to express certain views without everyone knowing who you are. One of the best examples was the great debate about Caller ID on phones. People were really upset that the person at the receiving end would know who was calling. On things like telephones, people take for granted the fact that they can be anonymous if they want to and they get really upset if people take that away. I think the same thing applies for e-mail."

- Johan Helsingius, administrator of world famous anon.penet.fi remailer.

(Unfortunately anon.penet.fi remailer is now closed. The operator, Julf Helsingius, was forced by authorities to reveal the name of a user. Facing a legal challenge to the security of his remailer's list, Helsingius closed down his service.)

"Maybe you're a computer engineer who wants to express opinions about computer products, opinions that your employer might hold against you. Possibly you live in a community that is violently intolerant of your social, political, or religious views. Perhaps you're seeking employment via the Internet and you don't want to jeopardize your present job. Possibly you want to place personal ads. Perchance you're a whistle-blower afraid of retaliation. Conceivably you feel that, if you criticize your government, Big Brother will monitor you. Maybe you don't want people "flaming" your corporate e-mail address. In short, there are legitimate reasons why you, a law abiding person, might use remailers."

- Andre Bacard, The Computer Privacy Guru and the author of the well-known Computer Privacy Handbook.

"If telephone calls can be anonymous, snail mail can be anonymous, why not email?"

-Suranga Manage

Let's consider why someone cannot become 'anonymous' by changing "Name" and "From" fields in his mail client. An email goes through several SMTP servers before it finally reaches its recipient. Each SMTP server adds its name and timestamp to every email that passes through it. Therefore by examining the headers of an email, the IP Address of the original sender can be exposed.

There are two main types of remailers, "pseudo-anonymous" and "anonymous". Pseudo-anonymous remailers receive your message, strip off your address and "received" headers and replace these with anonymous ones. These anonymous ones are then keyed to your real address, which is kept on a list, and sends you success notification. If anyone sends a reply to the message the remailer will receive the answer, match the anonymous address with your real address on the list, and forward the message to you. This type of remailer is easier to use, but you must to trust your remailer operator not to reveal the list that matches your address with the anonymous one. anon.penet.fi was the most popular pseudo-anonymous remailer, but it has now closed down. nym.alias.net is one of the most popular pseudo-anonymous remailers currently operating. Send a blank email to help@nym.alias.net to receive a complete help file.

An anonymous remailer does not reveal your name to anyone. The two main types of secure anonymous remailers are Cypherpunk and Mixmaster, also known as Type I and Type II. A Cypherpunk remailer simply strips email headers that may reveal the identity of the sender (similar to pseudo anonymous remailers) from the message, but do not include return addresses. The main drawback to this type is that you cannot receive any replies.

Let us send a few anonymous Emails through the Cypherpunk remailer, remailer@replay.com.

Example 1 Say "hello" to danray@usa.net anonymously.


>From: your@email.com
>To: remailer@replay.com
>Subject: Anonymous Hello
>Anon-To: danray@usa.net
>
>Hello
Note that a new header "Anon-To" is inserted. In order to do this your mail client must support "Edit Headers". Although a few mail clients, such as Pegasus Mail allow editing of headers, most mail clients do not. Example 2 describes how to cope with mail clients that do not support the editing of headers.

Example 2 Say "hello again" to danray@usa.net anonymously.


>From: your@email.com
>To: remailer@replay.com
>Subject: Another Anonymous Hello
>
>::
>Anon-To: remailer@replay.com
>
>Hello again
If you can't add headers to your mail, you must place two colons on the very first line of your message, and then the "Anon-To" line. Follow that with a blank line, and then begin your message. Note that the mail client places the blank line between "Subject" and two colons when it actually sends the mail.

If the recipient suspects you, he can compare the times that the emails were sent with the times that you were logged in. However, instructing the remailer to delay the message, by using the "Latent-Time" header can prevent this.

Example 3 Say "hello" to danray@usa.net anonymously, after waiting 2 hours.


>From: your@email.com
>To: remailer@replay.com
>Subject: Hello, It's not me, I have logged out
>
>::
>Anon-To: danray@usa.net 
>Latent-Time: +2:00
>
>Hello, It's not me, I logged out 2 hours ago. ;-)
You can even post to news groups with anonymous remailers. Example 1 Post "hello world" to alt.test news group anonymously.

>From: your@email.com
>To: remailer@replay.com
>Subject: Anonymous Hello world to alt.test
>
>::
>Anon-Post-To: alt.test
>
>Hello world
Some Cypherpunk remailers have WWW interfaces, visit http://www.replay.com/remailer/

Remailers are not guaranteed to be active around the clock. Therefore it is worthwhile selecting a reliable remailer from Raph Levien's "List of Reliable Remailers" located at http://www.cs.berkeley.edu/~raph/remailer-list.html

Sending a message via a Mixmaster remailer involves using a program to create your message and send it. Once you install the program the writing and sending is easy. The program acts as a client so you don't have to write all of instructions and do the encryption yourself. New versions of Mixmaster allow you to select a random list of Mixmaster remailers to chain your message through. Hard-core privacy people are not satisfied with individual remailers; they send their mail through a chain of remailers. This way only the first remailer knows the real address, and the first remailer cannot know the final destination of the email message. However if one remailer in the chain is not active, your mail will not be delivered, so remember to select a chain of active remailers from Raph Levien's list.

A full discussion of Mixmaster remailers is beyond the scope of this article. Moreover, Mixmaster remailers have their own documentation to assist setting up Mixmaster accounts. You can select a Mixmaster remailer from Raph Levien's List and send a blank email to retrieve help.

 

Suranga Manage
smanage@yahoo.com
Jan 02, 1999

Copyleft 1997-98 by Suranga Manage.

[ Net Guide | Home ]