[Comp.Sci.Dept, Utrecht] Note from archiver<at>cs.uu.nl: This page is part of a big collection of Usenet postings, archived here for your convenience. For matters concerning the content of this page, please contact its author(s); use the source, if all else fails. For matters concerning the archive as a whole, please refer to the archive description or contact the archiver.

Subject: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics

This article was archived around: 2 Jun 2003 19:00:12 GMT

All FAQs in Directory: privacy/anon-server/faq/use
All FAQs posted in: alt.privacy.anon-server, alt.privacy
Source: Usenet Version

Posted-By: auto-faq 3.3 (Perl 5.004) Archive-name: privacy/anon-server/faq/use/part3 Changes: 1.12 2001/10/25 01:18:12 Posting-Frequency: monthly A list of the recent changes to the FAQ list will appear next week. A how-to-find-the-FAQ article appears every Wednesday. URL: http://www.eskimo.com/~turing/remailer/FAQ/
Subject: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics This is the third of eight parts of a list of frequently-asked questions and their answers regarding anonymous remailer use. This part introduces anonymous remailers. This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: [FAQ 3.1] What is an anon server or anonymous remailer? 2: [FAQ 3.2] Who runs these remailers and why? 3: [FAQ 3.3] What is a Cypherpunk Remailer? 4: [FAQ 3.4] How do I get the key for a particular remailer? 5: [FAQ 3.5] How can I get all the keys for all the remailers? 6: [FAQ 3.6] What is a Mixmaster Remailer? ---------------------------------------------------------------------- Subject: [FAQ 3.1] What is an anon server or anonymous remailer? An anonymous remailer is a computer which has been configured to run remailer software. This software is a specialized kind of email server software. Unlike the average email server which goes to great lengths to log all incoming/outgoing traffic and add identifying and traceable info to its outgoing mail (in the form of headers) remailer software ensures that outgoing mail has been STRIPPED CLEAN of any identifying information! Thus the name 'anonymous' remailer. The remailer performs certain automated tasks which include retrieving mail, decrypting/processing that mail (only mail that is properly encrypted and formatted), obeying the directives within the message and, finally, delivering - remailing - the finished product to a second party in anonymized form. When received by that second party it will reveal only that it was sent from an anonymous source (usually the remailer's name and email address). The IP address shown will be the IP address of the remailer machine. Ideally, no logs are kept by the remailer software. This ensures both the anonymity of the user and protects the operator from liability. (See Mike Shinn's work in progress FAQ For Remailer Operators <http://mixmaster.shinn.net/faq/index.html>.) The process is not completely automated since a human operator is required - called a remailer operator, or RemOp - to ensure that traffic is running smoothly, that PGP and Mixmaster encryption keys are kept updated, that complaints of abuse are dealt with, and also that users and fellow operators are kept up to speed on any changes to the remailer's configuration. APAS is the place where such updates are posted. They are also posted to the Remailer Operator's Mailing List (Blank email to remailer-operators-request@anon.lcs.mit.edu for details on how to subscribe.) There is also an archive of the Remop's List <http://lexx.shinn.net/mailman/listinfo/remops>. You can even post to the list from this Web page! (Thanks Mike Shinn.) That's basically how a remailer works. Some anonymous remailers can send both email and newsgroups posts. And most will require newly arrived messages to be encrypted. More about that later. See also: Andre Bacard's Remailer FAQ <http://www.andrebacard.com/remail.html> and William Knowles' overview of anonymity on the 'Net <http://www.c4i.org/erehwon/anonymity.html>. ------------------------------ Date: 07 July 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 3.2] Who runs these remailers and why? Summary: Determine for yourself the remailer operators' character. Some documents will refer to the "traditional remailer network". This refers to the remailers listed on the many stats pages (see FAQ 5.1) available on the Web. These are run, mostly, by individuals like those in APAS, who value free speech, especially anonymous speech, and want to provide a free service to those you need to communicate anonymously. Keep in mind that there is no way to know the real motivation a remailer operator has unless you know them personally, and even then you may not know the full story. Since anyone with the technical ability and network connectivity can operate a remailer, there are endless possibilities as to the real motivations behind offering such a service to the public at large. Always floating around the APAS rumor mill are accusations that one or more remailers are really being run by intelligence agencies, law enforcement agencies, and even terrorist organizations and other criminal types. Of course no credible evidence is ever presented to back up these accusations so they are mostly dismissed as trolling. But if one takes the devil's advocate position, there is never any evidence presented to refute these rumors either; that is, it is entirely possible they could be true. One way to learn more about individual remops might be to visit their home pages, some of which are here in alphabetical order: __Remailer Web Pages__ Austria <http://www.tahina.priv.at/~cm/stats/> Cracker <http://anon.efga.org/> Dizum <https://ssl.dizum.com/help/remailer.html> Farout <http://www.nuther-planet.net/farout/> Lefarris (en Franšais) <http://www.citeweb.net/arris/> Narnia (mostly German) <http://www.trumpkin.Narnias-Door.com/remailer/> Noisebox <http://noisebox.remailer.org/remailer/> Randseed <http://melontraffickers.com> Riot <http://www.riot.eu.org/anon/> Senshi <http://private.addcom.de/SenshiRemailer/> Shinn <http://mixmaster.shinn.net/> SubZer0 <http://www.press.nu/leiurus/subzer0/> Cmeclax <http://lexx.shinn.net/cmeclax/> __Nym Servers__ NYM.ALIAS.NET Nym Server <http://www.publius.net/n.a.n.html> ANON.XG.NU Nym Server <http://anon.xg.nu/> Redneck Nym Server (middleman) <http://anon.efga.org> (Submit other Web page URLs to CC <turing+apas-user-faq@eskimo.com>.) Learning to use the traditional remailer network takes some time and effort. And this time and effort pays off handsomely by providing the user with a highly secure method to communicate privately and anonymously. But many privacy-minded folks (and their ranks are increasing daily!) are looking for an easier and less time-intensive approach. Some are even willing to pay for it. To satisfy this niche there have arrived many new products and services that provide various combinations of anonymous email, newsgroup posting and Web-surfing with varying degrees of anonymity. To describe and evaluate these services is, for now, beyond the scope of this FAQ. I have provided URLs for some of these services below. I have categorized them into two groups: free of charge and fee-based. Noteworthy amongst these is the fee-based Freedom Software by the Montreal-based Zero Knowledge Systems (ZKS). Launched in December 1999, Freedom is a 'privacy system' not unlike the traditional remailer network . It allows users to send email, post to newsgroups, chat and surf the Web in total privacy without having to trust third parties with their personal information. Freedom users create multiple digital identities - "nyms" - with which their online activities are associated. All data packets Freedom users send are encrypted and routed through a global privacy infrastructure called the Freedom Network, which is hosted by participating ISPs and other independent server operators. A 30-day free trial is available. The package has been criticized <http://cryptome.org/zks-v-tcm.htm> for not being open-source. But that is changing. The source code of the kernel module of the Linux version of Freedom <http://opensource.zeroknowledge.com/> has been released; and the release of the Windows version source code is "coming soon"; _Free of Charge_ GILC Web-Based Remailer <http://www.gilc.org/speech/anonymous/remailer.html> Hushmail <http://www.hushmail.com> Safeweb <http://www.safeweb.com> Zixmail <http://www.zixmail.com> Anonymouse <http://anonymouse.is4u.de/> COTSE <http://www.cotse.com/home.html> Somebody.net <http://somebody.net/> ANON.XG.NU's Web-Based Remailer <http://anon.xg.nu/remailer.html> Chicago <http://xenophon.r0x.net/cgi-bin/mixnews-user.cgi> _Fee-Based_ ZKS Freedom <http://www.freedom.net> SkuzNET's The Internet Mail Network <http://www.theinternet.cc/> Mailanon <http://www.mailanon.com/> IDcide <http://www.idcide.com> For an interesting discussion of the pros and cons of anonymous speech check out this link from LCS.MIT.EDU: <http://www.lcs.mit.edu/anniv/speakers/presentation?id=041399-15> (I'm looking for more links of this nature: political, legal perspectives on remailers. If you know of any please pass them on to CC <turing+apas-user-faq@eskimo.com>.) ------------------------------ Subject: [FAQ 3.3] What is a Cypherpunk Remailer? Also referred to as a Type I, this is a remailer that accepts messages encrypted with its publicly available PGP key. PGP is Pretty Good Privacy, the well-respected public-key encryption program which is widely available and, with a few exceptions, freeware. Users encrypt their clear-text, outgoing message with the Cypherpunk remailer's public key. This can be done with any text editor like Notepad and a properly installed version of PGP. There is a particular message format to follow, one that the remailer software can understand: ============ :: Anon-To: news.reporter@nbc.com Latent-Time: +0:00 ## Subject: My Company Dumps Toxic Waste I'm writing this anonymously because I don't want to lose my job. My company has, for the past three years... ============ The above message is cut and paste into PGP and encrypted with the chosen remailer's key, say gretchen@neuropa.net ============ -----BEGIN PGP MESSAGE----- Version: PGP 2.6x hQCMA8asoPEC0e2BAQP9GqR2aXNOstRq8eJW2QVubioR0gO7Ue0AOL/rFdnxXknC YPpe2X2TKlcvd961+lhe9w2Y8vo3JcBYYBifTJRwmMjnXLagCU4Mhh0VZtk/QXMZ /FLeJWi67qsb45a2mNw0/Q8eXHKfOQyHcmEQ7cg/bq4Xz6LusfxBHF8zsojVOgal 8RVRtr9drjBlOzJvWxaq7LrKidME6q0tM7pRiLN5dvVBon2NKlmpJI6vAFjyi8ma f5Bg6Zor+PMxcm3EmuWbjLEiOu5USrTgU4OiaC7PHF9INxwXuKmdNz/JprgOc0c6 6s6RvbOo6rsvlwqPKw== =ICz/ -----END PGP MESSAGE----- ============= Finally, the user has to append a directive to the top of the encrypted message, making it look like this: ============ :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: PGP 2.6x hQCMA8asoPEC0e2BAQP9GqR2aXNOstRq8eJW2QVubioR0gO7Ue0AOL/rFdnxXknC YPpe2X2TKlcvd961+lhe9w2Y8vo3JcBYYBifTJRwmMjnXLagCU4Mhh0VZtk/QXMZ /FLeJWi67qsb45a2mNw0/Q8eXHKfOQyHcmEQ7cg/bq4Xz6LusfxBHF8zsojVOgal 8RVRtr9drjBlOzJvWxaq7LrKidME6q0tM7pRiLN5dvVBon2NKlmpJI6vAFjyi8ma f5Bg6Zor+PMxcm3EmuWbjLEiOu5USrTgU4OiaC7PHF9INxwXuKmdNz/JprgOc0c6 6s6RvbOo6rsvlwqPKw== =ICz/ -----END PGP MESSAGE----- ============ The user then mails the above encrypted message (double colons and all) NOT to the intended recipient but instead to the remailer's address: <gretchen@neuropa.net>. This arrives at the remailer where it is eventually processed, decrypted and mailed to <news.reporter@nbc.com> appearing to have come from "Anonymous" <nobody@neuropa.net>. Most remailers are not purely Cypherpunk but will accept both Cypherpunk and Mixmaster messages. Keep in mind too that there are currently only a few Cypherpunk (Type I) remailers that will accept non-PGP messages and their numbers are dwindling. See also: This tutorial with pictures and step by step instructions <http://anon.xg.nu/shotsof.htm>. Read some history about how Cpunk remailers first came about <http://cryptome.org/zks-v-tcm.htm>. Visit this link at LCS.MIT.EDU about remailers and their importance <http://www.lcs.mit.edu/impact/perspect/perspective?name=9901>. ------------------------------ Date: 24 October 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 3.4] How do I get the key for a particular remailer? Summary: Send remailer an email message with "Subject: remailer-key". That's easy! Send a blank email message to the remailer with "remailer-key" (without the quotation marks) as the subject line. The reply from the remailer should contain its PGP (perhaps both RSA and DH/DSS) and Mixmaster keys. If you can't get a reply to a remailer-key request it's likely you won't get any mail through that remailer either! ------------------------------ Date: 02 March 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 3.5] How can I get all the keys for all the remailers? Summary: Get them individually; see question 3.4. There are some stats maintainers who will maintain an up-to-date collection of all the current remailer keys. Here are a few places to download all the keys, starting with the newest: Computer Cryptology's Database <http://www.eskimo.com/~turing/cgi-bin/db.cgi> Frog's Thesaurus Data <http://www.privacyresources.org/frogadmin/Thesaurus/Thesaurus.html> OR <http://www.chez.com/frogadmin/Thesaurus/Thesaurus.html> OR <http://members.nbci.com/frogadmin/Thesaurus/Thesaurus.html> Trex is out-of-date and Peter removed it. As Weasel used to say, "*Get [the keys] yourself from each remailer!* I mean it!" Frog's Web page agrees that collecting information and/or remailer keys second hand is a bad idea. The most secure (but not the fastest) way to do this is to send individual requests to all the remailers according to your needs: Subject: remailer-key Subject: remailer-conf Subject: remailer-help Subject: remailer-stats If you nevertheless permit your client to refresh keys from keyrings on the Web, lists of the known key sources likely to be more current than this FAQ are here: Frog's MetaStats <http://www.privacyresources.org/frogadmin/MetaStats/index.html> OR <http://www.chez.com/frogadmin/MetaStats/index.html> OR <http://members.nbci.com/frogadmin/MetaStats/index.html> The following URLs might be current--check the date of this FAQ. (The links come from Computer Cryptology's List of Known Stats Sources, <http://www.eskimo.com/~turing/remailer/stats/db//rlists.txt> and <http://www.eskimo.com/~turing/remailer/stats/db//mlists.txt>.) efga <http://anon.efga.org/Remailers/TypeIList/pubring.asc> <http://anon.efga.org/Remailers/type2.list> ; <http://anon.efga.org/Remailers/pubring.mix> farout <http://www.nuther-planet.net/farout/keys/rsa-dss.asc> <http://www.nuther-planet.net/farout/keys/type2.lis> ; <http://www.nuther-planet.net/farout/keys/pubring.mix frog <http://www.privacyresources.org/frogadmin/Keys/dsskeys.asc> <http://www.privacyresources.org/frogadmin/Keys/type2.lis> ; <http://www.privacyresources.org/frogadmin/Keys/pubring.mix> shinn <http://mixmaster.shinn.net/stats/rsa-pubring.asc> <http://mixmaster.shinn.net/stats/type2.list> ; <http://mixmaster.shinn.net/stats/pubring.mix> subzer0 <http://www.press.nu/leiurus/subzer0/pubring.asc> <http://www.press.nu/leiurus/subzer0/type2.lis> ; <http://www.press.nu/leiurus/subzer0/pubring.mix> turing <http://www.eskimo.com/~turing/remailer/keys/remailers.asc> <http://www.eskimo.com/~turing/remailer/keys/type2.lis> ; <http://www.eskimo.com/~turing/remailer/keys/pubring.mix> Use of these URLs depends on the remailer client. For example, for the Mixmaster keys, one might need pubring.mix and, perhaps, type2.lis depending on the Mixmaster version. Examples illustrating how to place these in various clients are on these Web pages: Client Configurations for DUMMIES <http://www.privacyresources.org/frogadmin/Configs/index.html> Stats - Configuration (JBN2 only) <http://www.eskimo.com/~turing/remailer/stats/db/JBN.html> Consider the comments in question 5.4 before using the following URLs: lefarris <http://pages.globetrotter.net/arris/cles/rsa-dhdss.asc> <http://pages.globetrotter.net/arris/cles/type2.lis ; <http://pages.globetrotter.net/arris/cles/pubring.mix> xganon <http://anon.xg.nu/list/pubring.asc> <http://anon.xg.nu/list/type2.list> ; <http://anon.xg.nu/list/pubring.mix> These may be out of date! ------------------------------ Subject: [FAQ 3.6] What is a Mixmaster Remailer? Also known as a Type II remailer, this kind of remailer accepts messages in the Mixmaster format. It doesn't use a PGP key but instead it uses it's own Mix key which looks like something like this: -----Begin Mix Key----- 08daa0412580b473b0405a27b6eb72f6 258 AATLm+Il10etAgaOBsAMfggFXi2ghiyypIkZkqhh W0Ef6LvDNLdPZ94Gu4QgPDD+q13JyRwmU/TvTgIk SBGxv9dUH3J22BEg600vD9lWOcFiq3ApjUuxS76T Zf+lGTINOIs+zkAmrojqueQfHFxBE0rMembno8jg VHlOpyeHRfJNIQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB -----End Mix Key----- Mixmaster uses a message format based on RSA and Triple-DES encryption. Messages are multiply encrypted and formatted so as to appear identical to other Mixmaster messages . Messages are sent through chains of Mixmaster remailers. Each remailer removes one layer of encryption, and forwards the message. When the final remailer delivers the decrypted message to the recipient, it is impossible to find out where it came from even if part of the remailer chain is compromised. Mixmaster remailers improve on Cypherpunk remailers by making traffic analysis much more difficult. It does this by making all incoming and outgoing messages the same size (28.1kb) and by re-ordering messages before delivery - so that traffic coming in cannot be associated necessarily with traffic going out. The building of a Mixmaster message cannot be done with a text editor! Special client software is required. See also Mixmaster FAQ <http://www.obscura.com/~loki/remailer/mixmaster-faq.html>. ------------------------------ End of faq.3 Digest *******************