home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Mac Magazin/MacEasy 16
/
Mac Magazin and MacEasy Magazine CD - Issue 16.iso
/
Online
/
ya-nw-211
/
Docs
/
Remailer Docs
/
FAQ for ANON.PENET.FI
< prev
next >
Wrap
Internet Message Format
|
1995-10-09
|
17KB
Path: news.wwa.com!gail.ripco.com!madison.tdsnet.com!chi-news.cic.net!newsfeed.internetmci.com!howland.reston.ans.net!news.nic.surfnet.nl!tuegate.tue.nl!turtle.stack.urc.tue.nl!not-for-mail
From: galactus@stack.urc.tue.nl (Arnoud "Galactus" Engelfriet)
Newsgroups: alt.anonymous,alt.privacy.anon-server,alt.anonymous.messages
Subject: **** FAQ for ANON.PENET.FI (updated) *****
Followup-To: poster
Date: 8 Oct 1995 22:22:14 +0100
Organization: Usenet Central Administration
Lines: 345
Message-ID: <608dw4uYO5WL084yn@stack.urc.tue.nl>
NNTP-Posting-Host: turtle.stack.urc.tue.nl
Xref: news.wwa.com alt.anonymous:3699 alt.privacy.anon-server:3944 alt.anonymous.messages:3479
-----BEGIN PGP SIGNED MESSAGE-----
Archive-name: unofficial-penet-faq
Last-modified: 07/10/1995
The unofficial anon.penet.fi FAQ
by Galactus
This document is the result of several months of answering questions on
alt.anonymous, alt.privacy.anon-server and alt.anonymous.messages, most
of which were related to the anon.penet.fi anonymous contact service.
A lot of people appear to have problems with mailing or posting using
the service, and I hope that this document will be helpful in answering
some of their questions or solving some of their problems.
If you see a mistake, spelling or grammar error, or an incorrect answer
in this FAQ, or if you have suggestions and/or comments, feel free to
tell me about it. You can contact me in e-mail at galactus@stack.urc.tue.nl.
DISCLAIMER
This document does not explain what the service is, nor is it a replacement
for the instructions in the help file. It only answers some questions and
addresses some common problems that people have with penet.
To make reading this document easier, all questions have the word "Subject: "
in front of them. Most newsreaders have an option to scan for this string
automatically. In rn, trn and strn, press ^G. For other readers, scan
for "^Subject: " (line starting with "Subject: ") or consult the manual.
TABLE OF CONTENTS
New stuff (Read This!)
What is anon.penet.fi and how do I use it?
How do I set up a password?
How do I use my password?
When I post to penet, I get the error "No such newsgroup"
My newsreader doesn't have a "To: " field, how do I post anonymously?
Can't I just use my anon address and nickname in my newsreader's setup?
Why can't I post to local.foobar?
How do I maintain a "thread" when posting to Usenet?
What does an "inews error" mean?
Why doesn't my post show up?
How come I can't post to alt.binaries groups?
How come my message was only partially posted?
How do I cancel an anonymous message I posted?
* How do I contact someone without anonymizing myself?
* How do I see if someone mailed me at my anon ID or real address?
Can someone find out my real address if I use penet?
Can someone find out my anonymous ID?
How secure is anon.penet.fi anyway?
Did any hackers etc. ever gain access to the database?
This FAQ is also availabe on the World Wide Web at
<URL:http://www.stack.urc.tue.nl/~galactus/remailers/penet.html>
========
Subject: New stuff (Read This!)
The initial FAQ has been around for some time now, and I have made some
changes since the last time I changed anything. You'll find a line with
"Last-modified" (in dd/mm/yy format) at the top, and all changed or added
topics are indicated with a "*" in the table of contents.
(Thanks to Adam Back for his suggestions)
========
Subject: What is anon.penet.fi and how do I use it?
If you don't know what "anon.penet.fi" (or just penet for short) is,
then read their help file first. You can retrieve their help file by
sending Internet e-mail to help@anon.penet.fi. The contents of your
message doesn't matter, the mail robot will send the help file to the
address in the From: line immediately.
Again, READ THE HELP FILE. Read it again, if you don't get it the first
time. Then test the service, by sending yourself anonymous e-mail.
If you encounter a problem with the service, and it is not addressed in the
help file or this FAQ, then post it to alt.privacy.anon-server or
alt.anonymous. If you don't want to discuss the problem in public, e-mail
me or the anonymous administrator (an1@anon.penet.fi). I do not have access
to the server, so if there is a problem with the way your account is set
up, then you MUST contact the anon admin to solve the problem.
========
Subject: How do I set up a password?
Setting up a password is highly recommended. Without one, someone can
discover what anon ID you were assigned, and if you want to post to
Usenet you *must* have a password installed.
The password that you want to use may only consist of letters and
digits. Put it on the *first* line of the body of a message to
password@anon.penet.fi, and make sure you remember it *exactly* as it
is written down in that message. Also, check that there are no spaces,
tabs or other special characters before or after the password.
========
Subject: How do I use my password?
You use the password by including a header, named X-Anon-Password:,
in the message you send to anon.penet.fi. Either put this header
between the other e-mail headers (if you can) or on the first line
of the body. Put the password after that header, with ONE space
between the ":" and the password. Make sure there are no spaces, tabs
or other special characters after the password.
Spelling the header correctly is important. Only the following variants
are accepted:
X-Anon-Password: foobar123
x-anon-password: foobar123
X-ANON-PASSWORD: foobar123
========
Subject: When I post to penet, I get the error "No such newsgroup"
This is because anon.penet.fi is a service that operates entirely in
e-mail. You MUST e-mail your message to the server, who will anonymize
it for you and post it in Finland. The message will then travel back
to your site, where you can read it.
The server in Finland has no way to intercept traffic between you and
your news server, so it cannot anonymize things you send to your news
server directly. And besides, all the addresses are E-mail addresses,
not newsgroup names. This explains the error message.
========
Subject: My newsreader doesn't have a "To: " field, how do I post anonymously?
You don't, at least not with your newsreader. As stated in the help
file, penet operates *entirely* in e-mail. You must send Internet e-mail
to the server for it to work properly.
If you want to followup anonymously, then it may be possible to do this
from within your newsreader. Hit "Reply to author in private e-mail",
and change the address to which the e-mail should be sent to
"name.of.newsgroup@anon.penet.fi", and compose your message. Don't forget
to include your password. Check the section below on "threading" for
more detailed information.
========
Subject: Can't I just use my anon address and nickname in my newsreader's
setup?
This is actually faster than sending everything in e-mail to penet, as
well as more convenient, since you can now followup and reply just like
you would normally do. There are three disadvantages to this approach:
1) If you want to followup non-anonymously, you will have to change the
setup again.
2) Your contract with your Internet provider may have a clause against
putting anything but your real address in your From line.
3) Using information from the header, others can determine where you are
posting from, and sometimes even your username on that system. Netcom,
for example, puts a "Sender: " header with your real username in every
message that gets posted. So make a test post first, if you want to
use this approach.
========
Subject: Why can't I post to local.foobar?
This group is most likely not available in Finland, so the server there
cannot post your message. Check your spelling, it might just be a typo
on your part.
This "restriction" applies to most of the regional newsgroups in the USA
(ba.*, ca.* etc), as well as groups that only exist on your server (like
netcom.general, ibmnet.general, etc).
A possible solution is to cross-post with a world-wide group, but you
should only do this if the message is appropriate for the world-wide
group as well.
========
Subject: How do I maintain a "thread" when posting to Usenet?
It is not sufficient to simply use the same subject line as the post
you are following up to. On Usenet, a newsreader can determine the
exact "location" of a message in a discussion by the use of the References:
header. This header contains all the Message-ID's of the articles prior
to this one.
A simple way to followup anonymously is the following:
* Choose "Reply in e-mail"
* Change the value of the "To: " field to "anon@anon.penet.fi"
* Change the "Newsgroups: " header to "X-Anon-To: ", and leave the value
intact.
* Include the X-Anon-Password header, and compose your followup.
* Send the e-mail message.
Now, the message goes to anon.penet.fi, where it will be anonymized and
posted to the newsgroups you listed in the X-Anon-To header. The advantage
of this method is that most newsreaders will include a correct References:
header in an e-mail reply you send.
If this doesn't work, you can still reconstruct the header by hand. However,
this will only work if you can include it between the other headers, you
can't put it in the body, like you can do with X-Anon-Password and X-Anon-To.
Copy the References: header from the message you are replying to in your
reply. Put the Message-ID of the message you are replying to at the end of
this header (make sure that the line doesn't wrap), separated from the others
with a space. That's all you need.
========
Subject: What does an "inews error" mean?
This error occurs when the server in Finland cannot post to the group
you specified. Either it does not exist, in Finland, or the group is
moderated. In the latter case, you should submit it to the moderator
in e-mail. You can of course anonymize that, although not all moderators
will approve anonymous posts.
========
Subject: Why doesn't my post show up?
That's Usenet. When you send your message to penet, it gets anonymized
over there, and posted on the local news server, in Finland. The post
then has to make its way back to your server, which may be on the other
end of the world. This may take from 4 hours to four days, and it's
even possible that your article *never* makes it to your site, because
a server between you and penet is 'down' and is unable to accept
articles, or pass them on to others. The rule of thumb is: If you receive
an "ack" from penet, then the message *was* posted, and it will most
likely show up on your server in the near future.
========
Subject: How come I can't post to alt.binaries groups?
Those groups have been blocked, because people used anon.penet.fi to
post uuencoded binaries to those newsgroups. The volume of those posts
was so big that the admin needed to block posting access to those groups.
Certain other groups (5 at the moment) are also blocked at penet, usually
after a decision in the group about this.
========
Subject: How come my message was only partially posted?
The most likely explanation here is that you started a line with two
dashes ("--"), for example to separate two chapters, or to underline
a title. Since most people start their .signature with two dashes, the
anon server has been set up to ignore everything after a line with two
dashes, to prevent the accidental inclusion of someone's .signature
(with usually the person's *real* e-mail address in it) in an anonymous
message.
Solution: use asterisks or equal-signs instead of dashes.
========
Subject: How do I cancel an anonymous message I posted?
In theory, you should contact the anon admin and ask her to cancel it
for you. However, this is very impractical. One way to do it would be
to change the setup of your newsreader so that the E-mail address is
your anonymous address and your "Real Name" is your anon nickname. Then
go to the article and press the "Cancel" key or button.
A cancel will only work if the From: line of the cancel message matches
the From: line of the message it must cancel.
========
Subject: How do I contact someone without anonymizing myself?
Normally, if you mail someone at penet, your real address will be replaced
with your anon ID before it is sent on to the person you're mailing. In
some cases, you might not want this. To avoid this anonymization, you should
change the 'an' at the beginning of the address to 'na'.
Example: an34@anon.penet.fi becomes na34@anon.penet.fi.
========
Subject: How do I see if someone mailed me at my anon ID or real address?
Although it may seem that there is no difference, there is a world of
difference here. When I mail to 'an34@anon.penet.fi', I only know the
anon ID, but when I mail to 'joe%foobar.com@anon.penet.fi', or I use
'X-Anon-To: joe@foobar.com', I don't know the anon ID. In the latter case,
Joe should reply to my anon address without anonymizing himself, or I will
know his anon ID.
In your message from anon.penet.fi you will find a header called
'X-Anonymously-To: ', followed either by your anon ID or your real address.
In the latter case, reply non-anonymously. (See above for details).
========
Subject: Can someone find out my real address if I use penet?
Not without your help. Apart from accidentally putting your real address
in the message (or in a signature that doesn't start with "--"), the
only real trick is to mail you with the 'na' method, hoping that you don't
notice that the sender is not anonymized. If you reply to such a message,
it goes *directly* to the sender, who can then connect your address with
the anon number.
========
Subject: Can someone find out my anonymous ID?
If you don't have a password installed, YES. An attacker could forge
e-mail FROM you TO him, via anon.penet.fi. Since there is no password
installed, the message will be processed as a real message from you,
and the server will replace your real address with your anon ID. The
attacker knows the contents of the message (after all, he wrote it),
so he can easily make the connection. Installing a password prevents
this from happening, as the attacker can't know your password, so his
forgeries will be rejected.
========
Subject: How secure is anon.penet.fi anyway?
Not very secure. All messages to penet are sent in the clear, and
any sysadmin between your site and penet can read what you are e-mailing.
This would allow such an admin to know your password, and perhaps your
anon ID as well, if he also monitored the messages that came back from
penet, or if he used the above attack (which now works, since he knows
the password).
Anon.penet.fi was never designed for maximal security or anonymity. For
'everyday anonymity' it is good enough. If you really want to be
anonymous, use a Cypherpunk or Mixmaster remailer.
========
Subject: Did any hackers etc. ever gain access to the database?
NO. At one time, the American "Church of Scientology" managed to convince
Interpol to send the Finnish police after Julf, to obtain the address of
one of his anonymous users. Their warrant allowed them to take the entire
database, but they left with only the one address they had come for. This
caused quite an uproar in Finland, and it is very unlikely that this will
happen again.
The server has been tested with the "SATAN" net analysis tool, and no
security holes were found. No hacker attacks have ever been reported,
and because the server is hidden, it is unlikely that a burglar will be
able to obtain the database.
However, there is one big BUT here. All Internet e-mail messages to and
from penet are sent in the clear. This means that *any* sysadmin between
your site and penet can see what you're sending to the server (including
your password!), and if he also sees what's coming back he can find out
your anonymous identity. It doesn't take a hacker to get someone's ID,
just someone with a net sniffer.
========
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAgUBMHbXtjyeOyxBaho1AQG+2gQAjiltQbTfwKrZ2Dv+r8yP97DStq4V8qM+
ApcMP+6ovJGL2+vThJRVV8UhfejilqZp1E1cauYTGN5xZLEMleHOnw8c6/+PitQO
UzmPz8TkZRBqbKxs/+KjAfuCSSUKtOmVjgKLkVAC3VPNxvySNKU47Es2azxFWH1W
WfIMtEQRr/o=
=yvOR
-----END PGP SIGNATURE-----
--
****** To find out more about PGP, send mail with subject HELP PGP to me ******
E-mail: galactus@stack.urc.tue.nl - PGP encrypted please - Mail for info < >
Keyprint: DD FC 6F 05 C5 1C 86 B2 E7 3B 6A BD 06 CF E8 4E - ID 416A1A35 > <
"I'm the best there is at what I do. Though what I do isn't very nice!" ||