Ian & Stuart's Australian Mac: Not for Sale

home *** CD-ROM | disk | FTP | other *** search

/ Ian & Stuart's Australian Mac: Not for Sale / Another.not.for.sale (Australia).iso / fade into you / being there / Issues & Ideas / Anonymous remailers / Remailers / hh-soda-remailer-instructions < prev next >

Wrap

Text File | 1994-06-05 | 13KB | 352 lines

How to use the hh(tm) Usenet Posters and Anonymous Remailers by Eric Hollander Last modified April 25, 1994 This document describes some of the special features of the hh remailer. Because this remailer is essentially just a modification of the standard Cypherpunk's Remailer, I recomend that you also read soda.berkeley.edu:/pub/cypherpunks/remailer/hal's.remailer.gz. Introduction: = Where is this remailer running? The following sites run this remailer package, and will work according to the instructions below: remailer@soda.berkeley.edu I will describe the operations of this remailer using remailer@soda.berkeley.edu as the example, but all of the instructions below apply to all of the remailers on the above list. Just replace remailer@soda.berkeley.edu with one of the other account names. They are listed in order of inception, and probably also in order of stability. Increase your security by spreading your usage among them! = What does this remailer do? This remailer allows anyone who can send mail to post to Usenet newsgroups, and also to send mail to anyone else on the Internet. Both of these functions can be anonymous (the identity of the sender is hidden from the recipient) or non-anonymous (the identity of the sender is known to the recipient). = Why is this remailer different from the standard Cypherpunks remailers? The main difference between this remailer and the other Cypherpunk remailers is that this remailer allows posting to all Usenet newsgroups, either anonymously, or non-anonymously. It also has the regular remailer functions of forwarding mail, either anonymously or non-anonymously (nonymously?). The other minor difference is that this remailer adds a random time delay for anonymous mail and posting. How to use this remailer for anonymous posting and mailing: = A note about header fields This remailer/poster looks at the header of the mail you send it to decide what to do. Some mail programs don't allow easy editting of the header. If your program doesn't allow editting of the header, you can still use the remailer. To do this, send mail in the normal way, but start your message like this: :: Anon-Post-To: rec.fish leaving no blank lines before the :: and a blank line after the header field to be inserted. The remailer will consider the line after the :: to be a part of the header. All of the instructions bellow can be used with actual header fields or the :: format. = How do I use this remailer to anonymously post to Usenet? Send mail to remailer@soda.berkeley.edu (or one of the other remailers running this package) with a header like this: To: remailer@soda.berkeley.edu Anon-Post-To: rec.fish Subject: I flushed a fish on Friday On Friday, I did a terrible thing, so I'm posting this anonymously... This message will be posted to rec.fish, with nothing to indicate who was the original sender. Only the Subject field will be retained; everything else in the header will be discarded. = How do I post non-anonymously? Send mail like this: To: remailer@soda.berkeley.edu Post-To: rec.fish Subject: flushing fish How despicable of you to flush a fish! This will be posted to rec.fish non-anonymously; the From and Subject fields will be retained in the post. = Crossposting To crosspost, simply list the newsgroups, separated by commas, with no spaces, like this: Anon-Post-To: rec.fish,alt.ketchup Note that excessive crossposting is an abuse of the net. Some people have to pay for their news, and they don't want to read "how to make money fast" in rec.fish. = Testing I recomend that you post test messages to make sure you are using the remailer properly. Please post these messages to the appropriate test groups (alt.test, rec.test, etc). Also, if you post non-anonymously to a test group, many sites will send you mail confirming that they have received the post. To avoid this, put the word "ignore" in the subject line. = Anonymous mail This remailer is capable of sending anonymous mail. To send mail to foo@bar.com, send a message like this: To: remailer@soda.berkeley.edu Anon-Send-To: foo@bar.com Subject: Ronald Sukenick I think you should read something by Ronald Sukenick. and foo@bar.com will recieve the message, without knowing who sent it. = Non-anonymous mail forwarding This remailer supports non-anonymous mail forwarding. To use this feature, send mail like this: To: remailer@soda.berkeley.edu Send-To: foo@bar.com Subject: you know who I am This mail is from me! Responding to posts or mail: = Response blocks This is a very new feature, and this documentation is lagging behind the changes to the remailer. The remailer inserts a block at the end of anonymous posts and mail. This block is essentially just the sender's address, encrypted. This allows the recipient to respond to anonymous mail. All the recipient has to do is including the indicated block at the very beginning of his mail, send it to remailer@soda.berkeley.edu, and the anonymous sender will receive it. Note that the person replying to the block is not replying anonymously. This does not use a database. This feature is experimental; keep checking for changes to it. = Vulnerability of response blocks This feature now uses IDEA encryption, which is thought to be more secure than DES. However, this does not mean it's unbreakable. Also, if the machine that runs the remailer is compromised, the IDEA key is also compromised, and all return addresses encrypted with that key are compromised. I am currently trying to find solutions to this problem, such as expiring keys after a certain amount of time, but I am still looking for a saticefactory system. From the point of view of machine compromise, this is only slightly better than a remailer such as anon.penet.fi, which uses a database, and soda is not a secure machine. In other words, it would not be a good idea to post the plans to the stealth bomber through my remailer, but it's probably a good idea to post personals ads through it. For security needs in between those two, use your judgement. Miscelaneous usage issues: = Testing mail Please test the anonymous remailer functions before you use it "for real" by sending mail to yourself or a friend. = Chaining, encryption, and other issues These features are discussed in detail in soda.berkeley.edu:/pub/cypherpunks/remailer/hal's.remailer.gz. While you're looking at that file, you might also want to check out PGP in /pub/cypherpunks/pgp. If you haven't installed PGP on your machine yet, you should try it out. Advanced features: These features won't make any sense unless you are familiar with the basic operation of the remailer. Also, these features require the use of PGP. PGP is available by anon ftp from soda.berkeley.edu in pub/cypherpunks/pgp. NOTE THAT PGP IS EXPORT CONTROLLED. USERS OUTSIDE THE UNITED STATES OR CANADA, OR USERS WHO ARE NOT US OR CANADIAN CITIZENS, ARE PROHIBITTED FROM GETTING PGP FROM SODA. Once you have PGP on your system, test it out, read the documentation, make sure you understand the basic concepts of how it works, and then try it out on this remailer. Also, Hal's instructions provide a clearer description of encrypted remail requests. I highly recomend reading them. = Encrypted remail requests Like most of the traditional cypherpunks remailers, this remailer allows encrypted remail requests. To use this feature, create a file that looks like this: :: Anon-Post-To: rec.fish Subject: fillet of fish I like trout fillet... Then encrypt this file with the remailer's public key. remailer@soda.berkeley.edu's key is: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi27mNAAAAECAONCUi/9jdl0SXGhOhT4Vvgl9uOYLgbOjU5kMXEkpFQriCYC hWfNuhH8zESs9DFTMHCXUsXYrkkm/bHdhGheaHUABRO0LlRvbW15IHRoZSBUb3Vy aXN0IDxyZW1haWxlckBzb2RhLmJlcmtlbGV5LmVkdT4= =aoJM -----END PGP PUBLIC KEY BLOCK----- Then, send your message to remailer@soda, like this: To: remailer@soda Subject: this line is ignored :: Encrypted: PGP [your encrypted file here] The remailer will decrypt it and post it to the appropriate group. This feature also works with Anon-Send-To:. = Encrypted response This feature provides a level of security beyond that of almost any other remailer which is capable of response to anonymous messages. To use this feature, first choose a passphrase. This phrase will be used to encrypt messages sent back to you. The encryption will be single-key (IDEA) encryption, not PGP's normal public-private key encryption. The reason for this is that public key encryption is actually uneccessary in this use, and single-key encryption with this protocol does not require a database (such as anon.penet.fi's database mapping aliases onto addresses) increasing the security of anonymous users. To use this feature, create a file like this, where your-pass-phrase is the phrase you have selected: :: Anon-Post-To: rec.fish Subject: fillet of sole User-Key: your-pass-phrase I like it when they cook fish like this... Then, encrypt this file with the remailer's public key, and send it in as above. When a user responds to your post (or mail), his response will be encrypted with your-pass-phrase. You can read his response by saving it to a file and using PGP on it. PGP will ask you for a passphrase; enter yours, and you will see his response to your post (or mail). This feature allows both your posts, and the responses to your posts, to be securely encrypted, protecting your privacy in both directions. = Traffic Analysis This remailer is designed to ensure that mail does not go out in the order it is received in, to make it more difficult to link a sender to a recipient by looking at mail logs. This means that there will be some random delay in your mail and your postings. Legal and administrative issues: = Remailer abuse This remailer has been abused in the past, mostly by users hiding behind anonymity to harass other users. I will take steps to squish users who do this. Lets keep the net a friendly and productive place. = Make Money Fast, the Green Card Lottery, etc If you use my remailer or poster to transmit Make Money Fast or any similar chain letter that we have all seen far too many times, I will release your true identity to the Net and to your system administrators. You have been warned. = A note about keywords This remailer inserts keywords into the headers and tailers of all posts and remails. These headers contain phrases which would probably trigger automated net monitoring programs, rendering them less effective. This insertion is completely automatic and certainly does not constitute a statement of intent by anyone (especially the remailer operator) to do anything. = Future plans remailer@soda.berkeley.edu will soon be moving, probably to remailer@beer.berkeley.edu (I'd rather have a beer than a soda), and then possibly to remailer@anon.berkeley.edu. From there, the next step of offering an alias-based service should be pretty obvious. Keep reading these instructions. This remailer will soon be going through some big changes. I am currently working on an alias service, so users will be able to send mail and receive replies, anonymously, much like anon.penet.fi and the acs. This alias system will require the use of pgp encryption, for my security and the security of the users. I believe it will be the only alias system that uses encryption, making it suitable for users who need two-way communication but have security concerns. At some point I may actually prohibit non-encrypted mail from going through the remailer, but don't hold your breath. = If you have other questions or problems Send mail to remailer-operator@soda.berkeley.edu. = How to get the current version of this file Send mail to remailer@soda.berkeley.edu with the string "remailer-info" in the Subject: line. This would look like this: To: remailer@soda.berkeley.edu Subject: remailer-info The body of the message is ignored. Note that the string must be "remailer-info", exactly, not "remailer.info" or "remailer info" or "help". = Copyright This file is copyright 1994 Eric Hollander, all rights reserved. You are free to distribute this information in electronic format provided that the contents are unchanged and this copyright notice remains attached. = Disclaimer This remailer is not endorsed in any way by the University of California. I, Eric Hollander, take no responsibility for the content of posts or messages, and I take no responsibility for the consequences of using my remailer. For example, if you post anonymously, and someone manages to trace it back to you, I am not responsible. Also, I have no way of screening mail that goes through this remailer, so I am in no way responsible for the content of posts or mail going through. Also, note that this remailer is experimental. Its mode of operation is subject to change without notice. Users are advised to check these instructions and to do test messages often. = Problem resolution If someone is doing something inapropriate with this remailer, please send mail to the remailer operator, as soon as possible. The problem can only be solved if the operator is aware of it.