home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ASME's Mechanical Engine…ing Toolkit 1997 December
/
ASME's Mechanical Engineering Toolkit 1997 December.iso
/
edu_comp
/
privacy.exe
/
PRIVACY.TXT
< prev
Wrap
Text File
|
1993-06-21
|
37KB
|
796 lines
L. Detweiler: Privacy/Anonymity on the Internet - FAQ
Sat, 30 Jan 1993 06:14
- - -
IDENTITY, PRIVACY, AND ANONYMITY on the INTERNET
(c) 1993 L. Detweiler. Not for commercial use except by permission
from author, otherwise in the public domain. Not to be altered.
Please credit if quoted.
PRELIMINARIES
=============
Hello. I think many would benefit from this creation, compilation,
and condensation of information from various sources regarding
privacy, identity, and anonymity on the internet. I'm committed to
keeping this up-to-date WITH strong feedback. Why should YOU help?
- Without feedback, this will eventually die with a whimper.
- If you find this information useful or informative, you can
repay the favor by sending me suggestions, recommendations, and
clarifications.
- No item is too small or too trivial for me to look at!
- Don't assume others will fill in something that is `well known'!
- I've put in hours on this, can you put in a few seconds?
- I can't be everywhere and know everything!
- items with '(?)' are specifically areas that are weak and need either
expert opinion or simple input.
- If you are a strong, reliable, or regular contributor I will give you
credit.
I hope to eventually make this a FAQ available on news.answers. Until then
copies can be obtained from me via email. Please do not post this to
newsgroups, but instead let me know where you think it would be relevant.
Unfortunately these topics are spread out over many newsgroups.
Thanks!
ld231782@longs.lance.colostate.edu
CHANGE HISTORY
==============
1/29/93 v0.2 (current)
"identity" and "privacy" sections added. "anonymity" expanded. remailer
addresses removed due to lack of information and instability. Posted
to sci.crypt.
1/25/93 v0.1
originally posted to the cypherpunks mailing list on 1/25/93 as a call
to organize a list of anonymous servers.
QUESTIONS
=========
(Search for <#.#>.)
IDENTITY
--------
<1.1> What is `identity' on the internet?
<1.2> Why is identity (un)important on the internet?
<1.3> How does my email address identify me and my background?
<1.4> How can I find out more about somebody with a given email address?
<1.5> Why is identification unstable and largely nonexistent on the internet?
<1.6> What is the future of identification on the internet?
PRIVACY
-------
<2.1> What is `privacy' on the internet?
<2.2> Why is privacy (un)important on the internet?
<2.3> How private/secure is my account?
<2.4> How private/secure is my email?
<2.5> How do I provide more/less information to others on my identity?
<2.6> Who is my sysadmin? What does s/he know about me?
<2.7> Why is privacy unstable and nonexistent on the internet?
<2.8> What is the future of privacy on the internet?
ANONYMITY
---------
<3.1> What is `anonymity' on the internet?
<3.2> Why is `anonymity' (un)important on the internet?
<3.3> How can anonymity be protected on the internet?
<3.4> How do I send anonymous mail?
<3.5> How do I post anonymously?
<3.6> Why is anonymity unstable and nonexistent on the internet?
<3.7> What is the future of anonymity on the internet?
* * *
IDENTITY
========
_____
<1.1>
What is `identity' on the internet? (email address)
Generally, today people's `identity' on the internet is primarily
determined by their email address in the sense that this is their
most unchanging 'face' in the electronic realm. This is your login
name qualified by the complete address domain information, for
example ``ld231782@longs.lance.colostate.edu''. People see this
address when receiving mail or reading USENET posts from you and in
other situations where programs record usage. Some obsolete forms
of addresses (such as BITNET) still persist.
In email messages, additional information on the path that a message
takes is prepended to the message received by the recipient. This
information identifies the chain of hosts involved in the
transmission and is a very accurate trace of its origination. This
type of identify-and-forward protocol is also used in the USENET
protocol to a lesser extent. Forging these fields requires
corrupted mailing software at sites involved in the forwarding and
is very uncommon. Not so uncommon is forging the chain at the
origination point, so that all initial sites in the list are faked
at the time the message is created. Tracing these messages can be
difficult or impossible when the initial faked fields are names of
real machines and represent real transfer routes.
_____
<1.2>
Why is identity (un)important on the internet?
The concept of identity is closely intertwined with communication,
privacy, and security, which in turn are all critical aspects of
computer networks. For example, the convenience of communication
afforded by email would be impossible without conventions for
identification. But there are many potential abuses of identity
possible that can have very severe consequences, with massive
computer networks at the forefront of the issue, which can
potentially either exacerbate or solve these problems.
Verifying that an identity is correct is called "authentication",
and one classic example of the problems associated with it is
H.G.Well's "War of the Worlds" radio broadcast that fooled segments
of the population into thinking that an alien invasion was in
progress. Hoaxes of this order are not uncommon on Usenet and
forged identities makes them more insideous. People and their
reputations can be assaulted by forgery.
However, the fluidity of identity on the internet is for some one of
its most attractive features. Identity is just as useful as it is
harmful. A professor might carefully explain a topic until he finds
he his talking to an undergraduate. A person of a particular
occupation may be able to converse with others who might normally
shun him. Some prejudices are erased, but, on the other hand, many
prejudices are useful! A scientist might argue he can better
evaluate the findings of a paper if he knows more about the authors.
Likewise, he may be more likely to reject it based on unfair or
irrelevant criteria.
Identity is especially crucial in establishing and regulating
"credit" (not necessarily financial) and "ownership" and "usage".
Many functions in society demand reliable and accurate techniques
for identification. Heavy reliance will be placed on digital
authentication as global economies become increasingly electronic.
Many government functions and services are based on identification,
and law enforcement frequently hinges on it. Hence, employees of
many government organizations push toward stronger identification
structures. But when does identification invade privacy?
The growth of the internet is provoking social forces of massive
proportions. Decisions made now on issues of identity will affect
many future users, especially as the network becomes increasingly
global, universal, widespread, and entrenched; and the positive or
adverse affects of these actions, intended and inadvertent, will be
literally magnified exponentially.
_____
<1.3>
How does my email address identify me and my background?
Your email address may contain information that influences people's
perceptions of your background. The address may `identify' you as
from a department at a particular university, an employee at a
company, or a government worker. It may contain your last name,
initials, or cryptic identification codes independent of both. In
the US some are based on parts of social security numbers. Others
are in the form 'u2338' where the number is incremented in the order
that new users are added to the system.
Standard internet addresses also can contain information on your
broad geographical location or nationhood. However, none of this
information is guaranteed to be correct or be there at all. The
fields in the domain qualification of the username are based on
rather arbitrary organization, such as (mostly invisible) network
cabling distributions. The only point to make is that early fields
in the address are more specific (such as specific computer names or
local networks) and the later ones the most general (such as
continental domains).
Gleaning information from the email address is sometimes an inspired
art or an inconsistent and futile exercise. For more information,
see the FAQs on email addresses (?) and known geographical
distributions.
examples:
jamison@csd4.csd.uwm.edu
User named 'jamison' with university identified by uwm, probably in the
computer science department.
fred@inode.com
User named 'fred' at the commercial company identified as 'inode'.
microman@black.ox.ac.uk
An alias 'microman' for someone in the United Kingdom, possibly Oxford.
_____
<1.4>
How can I find out more about somebody with a given email address?
One simple way is to send email to that address, asking. Another
way is to send mail to the postmaster at that address, although the
postmaster's job is more to help find user ID's of particular users.
The sysadmin (i.e. "root@address") may also be able to supply
information. Users with related email address may have information.
However, all of these methods rely on the time and patience of
others so use them minimally.
One of the most basic tools for determining identity over the
internet is the UNIX utility 'finger'. The basic syntax is:
finger user@here.there.everywhere
This utility uses communication protocols to query the computer
named in the address for information on the user named. The
response is generated completely by the receiving computer and may
be in any format. Possible responses are as follows.
- A message `unknown host' meaning some aspect of the address is
incorrect, two lines with no information and '???'
- A message 'In real life: ???' in which case the receiving
computer could not find any kind of a match on the username. The
finger utility may return this response in other situations.
- A listing of information associated with multiple users. Some
computers will search only for matching user IDs, others will
attempt to find the username you specified as a substring of all
actual full names of users kept in a local database.
- At some sites 'finger' can be used to get a list of all users on
the system with a "finger @address". In general this is often
considered weak security, however, because "attackers" know valid
user ID's to "crack" passwords.
More information on the fields returned by finger is given below.
More information on finger and locating people's email addresses is
given in the email FAQ.
_____
<1.5>
Why is identification unstable and largely nonexistent on the
internet?
Generally, identity is an amorphous and almost nonexistent concept
on the Internet for a variety of reasons. One is the inherent
fluidity of `cyberspace' where people emerge and submerge
frequently, and absences are not readily noted in the `community'.
Most people remember faces and voices, the primary means of casual
identification in the 'real world'. The arbitary and cryptic
sequences of letters and digits comprising most email addresses are
not particularly noticeable or memorable and far from a unique
identification of an individual, who may use multiple accounts on
multiple machines anywhere in the world.
Currently internet users do not really have any great assurances
that the messages in email and USENET are from who they appear to
be. A person's mailing address is far from an identification of an
individual. First, anyone with access to the account, e.g. they
know the password, either legitimately or otherwise, can send mail
with that address in the From: line. Secondly, as part of current
mailing protocol standards, forging the From: line is a fairly
trivial operation for many hackers. Much less forgable is the
status and path information prepended to messages by intermediate
hosts. However, in general, while possible, forgeries are fairly
rare on most newsgroups and in email.
Besides these pathological cases there are simple problems with
today's internet protocols affecting identification on the internet.
Internet mail standards, described in RFC (?), are still evolving
rapidly and not entirely orderly. For example, standards for mail
address `munging' or `parsing' tend to vary slightly between sites
and frequently mean the difference between finding addresses and
bouncing mail (in other words, between identifying and contacting
someone and not). Also, domain names and computer names are changed
at sites. Addresses cannot be resolved when certain critical
computers crash, such as the receiving computer or computers
involved in resolving names into addresses. A whole slew of
problems is associated with the "nameservers" in the latter
category; if they are not updated they will not find name addresses,
and even the operation of what constitutes "updating" has different
interpretations at different sites.
The current internet mailing and addressing protocols are slightly
anachronistic in that they were created when the network was
somewhat obscure and not widespread, with only a fraction of the
traffic it now sees. Today a large proportion of internet traffic
is email, comprising millions of messages.
_____
<1.6>
What is the future of identification on the internet?
Some new technologies and standards are introducing facial images
and voice messages into mail and these will improve the sense of
community that comes from the familiarity of identification.
However, they are not currently widespread, require large amounts of
data transfer, standardized software, and make some compromises in
privacy.
Promising new cryptographic techniques may make 'digital signatures'
and 'digital authentication' common (see below). Also, the trend in
USENET standards is toward greater authentication of posted
information. On the other hand, advances in ensuring anonymity
(such as remailers) are forthcoming. See below.
PRIVACY
=======
_____
<2.1>
What is "privacy" on the internet?
Generally, while "privacy" has multiple connotations in society and
perhaps even more on the internet, in cyberspace most take it to
mean that you have exclusive use and access to your account and the
data stored on it and directed to it (such as email) and you do not
encounter arbitrary restrictions or searches. In other words,
others may obtain data associated with your account, but not without
your permission. These ideas are probably both fairly limiting and
liberal in their scope in what most internet users consider their
private domains. Some users don't expect or want any privacy, some
expect and demand it.
_____
<2.2>
Why is privacy (un)important on the internet?
This is a somewhat debatable and inflammatory topic, arousing
passionate opinions. On the internet, some take privacy for granted
and are rudely surprised to find it tenuous or nonexistent. Most
governments have rules that protect privacy (such as the illegal
search and seizure clause of the U.S. constitution, adopted by
others) but have many that are antithetical to it (such as laws
prohibiting secret communications or allowing wiretapping). These
rules generally carry over to the internet with few specific rules
governing it. However, the legal repercussions of the global
internet are still largely unknown and untested (i.e. no strong
legal precedents and court cases). The fact that traffic passes
past international boundaries frequently complicates and discourages
its regulation.
_____
<2.3>
How private/secure is my account?
By default, not very. There are a multitude of factors that may
reinforce or compromise aspects of your privacy on the internet.
First, your account must be secure from other users. The universal
system is to use a password, but if it is "weak" (i.e. easy to
guess) this security is significantly diminished. Frighteningly,
certain users of the system, particularly the administrator,
generally have unlimited access regardless of passwords, and may
grant that access to others. This means that they may read any file
in your account.
Furthermore, not universally known, UNIX systems keep fairly
extensive accounting records of when and where you logged in, what
commands you execute, and when they are executed (in fact, login
information is public). Potentially, every keystroke you type could
be intercepted by someone else. System administrators make
extensive backups that are completely invisible to users which may
record the states of an account over many weeks. Erased files can,
under some operating systems, be undeleted. Some software
exacerbates these problems. For example, the widespread Xwindow
system is extremely insecure; anyone with an account on server
machine can disrupt the display or read it electronically. There
are no protections from this type of access (even the "access
control" xhost command can be evaded by regular users). Generally,
you should expect little privacy on your account.
Be aware of the rights associated with your files and directories in
UNIX. If the 'x' right on your parent directory is off for users,
groups, or other, these users cannot gain information on anything in
your directories. Anything less may allow others to read or delete
files in your home directory. By default most accounts are readable
only to the owner, but the initial configuration varies between
sites based on administrator preference. The default file mode
specifies the initial rights associated with newly created files,
and can be set in the shell. Consult man pages on "chmod".
Indepedent of malevolent administrators are fellow users, a much
more commonly harmful threat. There are multiple ways to help ensure
that your account will not be accessed by others, and compromises
can often be traced to failures in them:
- Choose a secure password. Change it periodically.
- Make sure to logout.
- Do not leave a machine unattended for long.
- Make sure no one watches you when you type your password.
- Avoid password references in email.
- Be conservative in the use of the .rhost file.
Be wary of situations where you think you should supply your
password. There are only several basic situations where UNIX
prompts you for a password: when you are logging in to a system or
changing your password. Situations can arise in which prompts for
passwords are forged by other users, especially in cases where you
are talking to them (such as Internet Relay Chat). Also, be aware
that forged login screens are one method to illegitimately obtain
passwords.
_____
<2.4>
How private/secure is my email?
By default, not very. The characters that you are reading are
almost certainly encoded in ASCII, the American Standard Code for
Information Interchange that maps alphabetic and symbolic characters
onto numeric codes and vice versa. Virtually every computer system
uses this code, and if not, has ways of converting to and from it.
When you write a mail message, by default it is being sent in ASCII,
and since the standard is virtually universal, there is no intrinsic
privacy.
`Theoretically' people at any site in the chain of sites with access
to hardware and network media that forwards a given mail message
over the Internet (globally about a half-dozen (?) on average,
depending on the distances) could potentially compromise the privacy
of that message and read it. Technologies exist to "tap" magnetic
fields given off by electrical wires without detection. In reality
these breaches are generally unlikely and rare, with disturbing but
isolated incidents known. Something more common is instances of
immature or unscrupulous system operators reading private mail in
the "spool files" at a local site (i.e. the ultimate source or
destination of the message), such as a university.
Note that bounced messages go to postmasters at a given site in
their entirety. This means that if you address mail with an
incorrect address it has a good chance of being seen by a human
other than the recipient.
Typically new user accounts are always set up such that the local
mail directory is private, but this is not guaranteed and can be
overridden.
Most of these potential compromises in privacy can be avoided with
the use of strong cryptography, which has its own set of caveats
(for example, unscrupulous administrators may still be a threat if
the encryption site is shared or not local).
_____
<2.5>
How do I provide more/less information to others on my identity?
The public information of your identity and account is mostly
available though the UNIX utility "finger" described above. You
have control over most of this information with the utility "chfn",
the amount varying between sites. You can provide unlimited
information in the .plan file which is copied directly to the
destination during the fingering. Your signature is determined by
the environment variable SIGNATURE, and USENET signatures are
usually kept in the .signature file in your home directory. Many
people put disclaimers in these signatures that don't protect their
identity but dissociate it from parent organizations as a
precaution.
Providing less information is more difficult and involved. One
approach is to ask your system adminstrator to change or delete
information about you (such as your full name). You may be able to
obtain access on a public account or one from someone unrelated to
you personally. You may be able to remotely login (via modem or
otherwise) to computers that you are not physically near. There are
tactics for hiding or masking your online activities but nothing is
foolproof. Consult man pages on the 'chmod' command and the default
file mode. Generally, files on a shared system have good safeguards
within the user pool but very little protection is possible from
corrupt system administrators.
To mask your identity in email or on USENET you can use different accounts. More
untraceable are new "anonymous posting" and remailing services that are very
recently being established. See below.
_____
<2.6>
Who is my sysadmin? What does s/he know about me?
The requirements and screening for getting a system administration
job (and access to all information on a system) vary widely between
sites and are sometimes frighteningly lax, especially at
universities. Many UNIX systems at universities are largely managed
by undergraduates with a background in computing and often
"hacking". In general, commercial and industrial sites are more
strict on qualifications and background, and government sites are
extremely strict.
The system adminstrator (root user) knows what commands you used
and at what times. S/he may have a record of files on your account
over a few weeks. S/he can monitor when you send email or post
USENET messages, and potentially read either. S/he may have access
to records indicating what hosts you are using, both locally and
elsewhere.
As punishment or whatever, your system can revoke certain
"privileges" such as emailing, USENET posting or reading certain
groups, file transferring, remote communications, or generally any
subset of capabilities available from your account. This all is
completely at the discretion of the local administrator and under
the local procedures followed at the site (which are generally
rather arbitrary).
_____
<2.7>
Why is privacy unstable and nonexistent on the internet?
For the numerous reasons listed above, privacy should not be an
expectation with current use of the internet. Furthermore, large
parts of the internet are funded by the U.S. NSF (National Science
Foundation) which places certain restrictions on its use (such as
prohibiting commercial use). Some high-level officials in this and
other government agencies may be opposed to emerging techniques to
guarantee privacy (such as encryption and anonymous services).
However, traffic is generally completely unimpeded on the internet
and only the most egregious offenders are pursued. Currently
significant portions of USENET traffic, and less so internet
traffic, are comprised of digitized images from copyrighted
material, including amounts labelled "pornographic" by many.
In some cases "abusive" posters to USENET are given admonitions from
their system administrators as urged by others on the "net".
However, some argue that this is also used as a questionable means
of attacking or silencing "harmless crackpots". Currently there
are virtually no guidelines for restricting use to any internet
services and local administrators are free to make arbitrary
decisions. Perhaps the most common example of are the widespread
occurrences of university administrators refusing to carry some
portion of USENET newsgroups labelled as "pornographic". The
"alternative" hierarchy in the USENET system, which has very few
restrictions on propagation, is frequently targeted (although this
material may appear anywhere).
_____
<2.8>
What is the future of privacy on the internet?
Some argue that the internet currently has an adequate or
appropriate level of privacy. Others will argue that as a prototype
for future global networks it has woefully inadequate safeguards.
The internet is growing to become a completely global, international
superhighway for data, and this traffic will inevitably entail data
such as voice messages, postal mail, and many other items of
extremely personal nature. Computer items that many people consider
completely private (such as their local hard drives) will literally
be inches from global network connections. Also, sensitive
industrial and business information is exchanged over networks
currently and this volume may conceivably merge with the internet.
Most would agree for these widespread uses, no significant
mechanisms are currently in place to ensure much security. New
standards are calling for uniform introduction of "privacy enhanced
mail" (PEM) which uses encryption technologies to ensure privacy, so
that privacy protection is automatic, and may significantly improve
safeguards.
Some government agencies are opposed to unlimited privacy in
general, and believe that it should lawfully be forfeited in cases
of criminal conduct (e.g. court-authorized wiretapping). However,
powerful new technologies to protect privacy on computers are
becoming increasingly popular, provoking some to say that "the cat
is out of the bag" and the "genie can't be put back in the bottle".
In less idiomatic terms, they believe that the spread of strong
cryptography already underway will be socially and technically
unstoppable. To date, no feasible system that guarantees both
secure communication and government oversight has been proposed (the
two goals are largely incompatible). The same technology that can be
extremely destructive to privacy (such as with surreptitious
surveilance) can be overwhelmingly effective in protecting it (e.g.
with encryption).
ANONYMITY
=========
_____
<3.1>
What is `anonymity' on the internet?
Simply stated, anonymity is the absence of identity, the ultimate in
privacy. However, there are several variations on this simple theme.
A person may wish to be consistently identified by a certain
pseudonym and establish a reputation under it in some area,
providing pseudo-anonymity. A person may wish to be completely
untraceable for a single one-way message (a sort of "hit-and-run").
Or, a person may wish to be openly anonymous but carry on a
conversation with others. A user may wish to appear as a "regular
user" but actually be untraceable. Sometimes a user wishes to hide
who he is sending mail to (in addition to the message itself). All
of these uses are feasible on the internet but are currently tricky
to carry out in practice, because of all the tracking mechanisms
inherent to operating systems and network protocols. Officials of
the NSF and other government agencies may be opposed to any of these
uses because of the potential for abuse. Nevertheless, the inherent
facelessness of large networks will always guarantee a certain
element of anonymity.
_____
<3.2>
Why is 'anonymity' (un)important on the internet?
Anonymity is another powerful tool that can be beneficial or
problematic. It may be the case that many strong benefits from its
use will be discovered that were unforeseen and unpredicted, because
true anonymity has been historically very difficult to establish.
One could use it to make personal statements to a colleage that
would sabotage a relationship if stated openly. One can use it to
pass information and evade any threat of direct retribution. For
example, whistleblowers on government abuses (economic, social, or
political) can bring issues to light without fear of stigma and
retaliation. Sensitive, personal, potentially damaging information
is often posted to some USENET groups, a risky situation where
anonymity would allow conversations to be carried on completely
independent of the identities of the participants. Some police
departments run phone services that allow anonymous reporting of
crimes; such uses would be straightforward on the network.
Unfortunately, extortion and harassment become more insideous with
assurances of anonymity.
_____
<3.3>
How can anonymity be protected on the internet?
The chief means, as alluded to above, are masking identities in
email and posting. However, anonymous accounts may be effective as
well, but this use is generally not officially supported and even
discouraged. The nonuniformity in the requirements of obtaining
accounts at different sites and institutions makes anonymous
accounts generally difficult to obtain to the public at large.
Many communications protocols are inherently detrimental to
anonymity. Virtually every protocol in existence currently contains
information on both sender and receiver in every packet. New
communications protocols will likely develop that guarantee much
higher degrees of secure anonymous communication.
_____
<3.4>
How do I send anonymous mail?
One approach has been to set up an "anonymous server" that, when
activated by email to its address, responds by allocating and
supplying an "anonymous ID" that is unique to the person requesting
it (based on his email address). This will vary for the same person
for different machine address email originations. To send anonymous
mail, the user sends email directed to the server containing the
final destination. The server "anonymizes" the message by stripping
of identification information and forwards the message, which
appears to originate from the anonymous server only from the
corresponding anonymous user id. This is the "extended" use of
anonymity or pseudonymity mentioned above. Currently the most
stable of this type of site is probably anon.penet.fi operated by
julf@penet.fi for several months. Send mail to help@penet.fi for
information. Make sure to test the system at least once by e.g.
sending anonymized mail to yourself. Make sure no signature data
slips through.
Another more "fringe" approach is to run a "cypherpunk" remailer
from a regular user account. No root system privileges are
required. The user runs a process on a machine that anonymizes mail
sent to him with certain characteristics (fields in the header). One
has been implemented as a PERL script running on UNIX. There are
several of these in existence currently but are highly unstable;
they may be in operation outside of system administrator knowledge.
The remailers don't generally support pseudonymity. Generally the
user of the remailer has to disavow any responsibility for the
messages forwarded through his system, although actually may be held
responsible regardless.
Both of these approaches have several disadvantages. The anonymous
server approach requires maintaining a mapping of anonymous ID's to
real addresses that must be maintained indefinitely. One
alternative is to allow "deallocation" of aliases at the request of
the user, but this has not been implemented yet. Traffic to any of
these sites could conceivably be monitored, necessitating the use of
cryptography for basic protection. Local administrators can shut
them down either out of caprice or under pressure from government
agencies. Unscrupulous providers of the services can monitor the
traffic that goes through them. Most remailers currently keep logs
that may be inspected.
Currently the most direct route to anonymity involves using SMTP
protocols to submit a message directly to a server with arbitrary
field information. This practice, not uncommon to hackers, is
generally viewed with hostility by most system administrators.
Information in the header routing data and logs of network port
connection information may be retained that can be used to track the
originating site. In practice, this is generally infeasible and
rarely carried out. Some administrators on the network will contact
local administrators to request a message be tracked and its writer
admonished or punished more severely (such as revoking the account),
all of this actually happening occasionally but infrequently.
_____
<3.5>
How do I post anonymously?
For this use anonymous servers have been established as well with
all the associated caveats above (monitored traffic, capricious or
risky local circumstances, logging). anon.penet.fi operated by
julf@penet.fi can be used here too; mail to help@penet.fi for
information. Make sure to test the system at least once by e.g.
anonymous posting to misc.test. Make sure no signature data slips
through.
Another direct route involves using NNTP protocols to submit a
message directly to a newserver with arbitrary field information.
This practice, not uncommon to hackers, is also generally viewed
with hostility by most system administrators, and similar
consequences can ensue.
_____
<3.6>
Why is anonymity unstable and nonexistent on the internet?
As noted, many factors compromise the anonymity currently available
to the general internet community, and these services should be used
with great caution. To summarize, the technology is in its infancy
and current approaches are unrefined, unreliable, and not completely
trustworthy. No standards have been established and troubling
situations of loss of anonymity and bugs in the software are
prevalent. (For example, one anonymous remailer reallocated
already allocated anonymous addresses. Others passed signature
information embedded in messages unaltered.) Source code is being
distributed, tested, and refined for these systems, but standards
are progressing slowly and weakly. The field is not likely to
improve without official endorsement and action by network
agencies. The whole idea is still viewed with suspicion and
distrust by many on the internet and seen as illegitimate or
favorable to criminality.
A very sophisticated anonymous posting system was recently set up by
dclunie@pax.tpa.com.au that used cryptography in both directions
(to/from) the server for the highest degree of confidentiality seen
so far. However, it was running on a public access account, and he
had to shut it down after receiving requests and conditions
apparently ultimately originating from NSF representatives.
_____
<3.7>
What is the future of anonymity on the internet?
The future of anonymous services on the internet at this time is
highly uncertain and fraught with peril. Nevertheless, its
widespread introduction and use may be inevitable and its
implementation could carry significant and unforeseen social
repercussions. However, if its use is continued to be generally
regarded as subversive it may be confined to underground.
--
ld231782@longs.LANCE.ColoState.EDU
-- 14:14 --sci.crypt-- 1 MORE --help:?--Bot--