/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsNeed to post a message or send mail–without identifying
yourself? Anonymous remailers let you do this without leaving a trace
A remailer is computer service that privatizes your e-mail. This is in
sharp contrast to most Internet Service Providers and corporate e-mail
providers, which are terribly un-private.
Traditionally, a remailer allowed you to send electronic mail to a
Usenet news group or to a person without the recipient knowing your true
name or your e-mail address. Today, a new variety of web-based remailers
permit you to send mail using your real name (if you wish), while
protecting your e-mail records from the snooping eyes of your ISP.
In 1995, all popular remailers were free-of-charge. Today, a number of
services either charge user fees, or support themselves via advertisers.
Why would you use remailers?
Maybe you’re a
computer engineer who wants to express opinions about computer products,
opinions that your employer might hold against you. Possibly you live in a
community that is violently intolerant of your social, political, or
religious views. Perhaps you’re seeking employment via the Internet and
you don’t want to jeopardize your present job. Possibly you want to
place personal ads. Perchance you’re a whistle-blower afraid of
retaliation. Conceivably you feel that, if you criticize your government,
Big Brother will monitor you. Maybe you don’t want people spamming or
flaming your corporate e-mail address. In short, there are many legitimate
reasons why you, a law-abiding person, might use remailers.
How does a remailer work?
Let’s take an
imaginary example. Suppose that a battered woman, Susan, wants to post a
message crying out for help. How can Susan post her message and receive
responses confidentially? She might use a "pseudo-anonymous"
remailer run by André Bacard called the "Bacard.com" remailer.
(This remailer is fictitious!) If she wrote to me, my
"bacard.com" computer would strip
away Susan’s real name and
address (the header at the top of Susan’s e-mail), replace this data
with a dummy address (for example,
Susan’s message to the newsgroup or person of Susan’s choice. Also, my
computer would automatically notify Susan that her message had been
forwarded under her new identity,
Debbie responds to Susan. My computer will strip away Debbie’s real name
and address, give Debbie a new identity, and forward the message to Susan.
This process protects everyone’s privacy. This process is tedious for a
person but easy for a computer.
Are there many remailers?
The good news...
Yes, there are dozens of popular remailers.
The bad news... Remailers tend to come and go. First, they require
equipment and labor to set up and maintain. Second, a minority of
individuals who use remailers are a pain in the neck. These selfish
persons drive remailer operators into early retirement. Third, many
remailer owners tire of losing money.
I hope that we are entering an era of financially profitable remailers.
This profitability will permit better reliability and stability.
If you live and breathe computers, the best place to keep in touch with
the art and science of remailers is at the Usenet newsgroup
between a bite and a bit, I recommend you simply study the remailers found
at my Website.
Why are some remailers free, while others charge fees?
In the beginning,
all remailers were free to users (but not to the people who ran them!).
How could a remailer administrator charge people who wanted maximum
privacy? How could administrators ask for a credit card number or take
checks? Several years ago, there was no technical solution to these
problems.
In 1995, I wrote: "In the future, remailer operators might charge
for their services. Privacy is valuable. For example, offshore banking is
one of the world’s biggest businesses. It is easy to imagine Remailer,
ETC, a cyberspace company that goes beyond Mailbox, ETC (the existing
company that rents snail-mail boxes). For remailers to become commercial
on a big scale, anonymous payment systems such as DigiCash must become
popular."
My predictions came true. Today, many remailer operators charge fees
for the same reason that you go to work in order to pay for food, housing,
etc.
Why do people operate remailers, if not for money?
Why do I spend
hours writing FAQs? Why do some people volunteer to help others? Some
people set up remailers for their own personal usage, which they may or
may not care to share with the rest of us. Some persons are educators or
activists. Joshua Quittner, co-author of the high-tech thriller Mother’s
Day, interviewed Mr. Julf Helsingius
for Wired magazine. Helsingius, who ran the world’s most popular
remailer for three years until he retired in August 30, 1996, said:
"It’s important to be able to express certain views without
everyone knowing who you are. One of the best examples was the great
debate about Caller ID on phones. People were really upset that the person
at the receiving end would know who was calling. On things like
telephones, people take for granted the fact that they can be anonymous if
they want to and they get really upset if people take that away. I think
the same thing applies for e-mail. Living in Finland, I got a pretty close
view of how things were in the former Soviet Union. If you actually owned
a photocopier or even a typewriter there, you would have to register it
and they would take samples of what your typewriter would put out so they
could identify it later. That’s something I find so appalling. The fact
that you have to register every means of providing information to the
public sort of parallels it, like saying you have to sign everything on
the Net. We always have to be able to track you down".
What is the difference between a "pseudo-anonymous" and an
"anonymous" remailer?
Most people use the
expression "anonymous remailer" as shorthand for both types of
remailers. This causes confusion.
A pseudo-anonymous remailer is basically an account that you open with
a remailer operator. The fictitious Bacard.com (described above) is a
pseudo-anonymous remailer. This means that I, the operator, and my
assistants know your real e-mail address. Your privacy is as good as the
remailer operator’s power and integrity to protect your records. In
practice, what does this mean? Someone might get a court order to force a
pseudo-anonymous remailer operator to reveal your true identity. The
Finnish police forced Julf Helsingius to reveal at least one person’s
true identity.
The advantage of most pseudo-anonymous remailers is that they are
user-friendly. If you can send e-mail, you can probably understand
pseudo-anonymous remailers. The price you pay for ease of use is less
security.
Truly anonymous remailers are a different animal. The good news... They
provide much more privacy than pseudo-anonymous remailers do. The bad
news... They are much harder to use than their pseudo-anonymous cousins.
There are basically two types of anonymous remailers. They are called
"Cypherpunk remailers" and Lance Cottrell’s "Mixmaster
remailers". Note that I refer to remailers in the plural. If you want
maximum privacy, you should send your message through two or more
remailers. If done properly, you can insure that nobody (no
remailer operator or any snoop) can read both your real name and your
message. This is the real meaning of "anonymous". In practice,
nobody can force an anonymous remailer operator to reveal your identity,
because the operator has no clue who you are!
For 99 percent of the Internet public, the pseudo-anonymous remailers
at my Website are more than adequate.
Where are remailers headed?
Web-based remailers
are very popular. This trend was fueled, in part, by Microsoft’s and
Yahoo’s services. Web-based services enable you to check your e-mail via
the Internet wherever you might be, for example at a public library. For
security purposes, a movement is catching on to move remailers
"offshore", in particular to the Caribbean. The US Congress (and
its enforcers–the NSA, CIA, FBI, IRS, etc) is by far the world’s most
aggressive opponent of privacy. For many reasons, operating outside the
USA can increase privacy.
What makes an "ideal" remailer?
An
"ideal" remailer (a) is easy to use, (b) is operated by reliable
persons, (c) uses PGP or other high-level encryption, (d)
allows you to read your e-mail without forwarding it to your ISP, (e) is
owned and operated outside the USA, and (f) allows security experts and
computer enthusiasts to examine its computer source code.
Many top-rate remailers do not satisfy all these requirements.
However, these remailers are far superior to your ordinary ISP. So please
don’t go crazy looking for the "perfect" solution. Life is not
perfect.
If a remailer does not permit PGP (Pretty Good Privacy) or other strong
encryption, reasonable people might assume that the remailer administrator
enjoys reading forwarded mail.
What makes a responsible remailer user?
A responsible user:
(a) Sends text files of a reasonable length. Binary photo files of Pam
Anderson, or the Babe-of-the-month, can
take too much transmission time. (b) Transmits files selectively.
Remailers are not designed to send "You Can Get Rich"
chain letters or other junk mail.
Who are irresponsible remailer users?
Here is a quote
from one remailer administrator: "This remailer has been abused in
the past, mostly by users hiding behind anonymity to harass other users. I
will take steps to squish users who do this. Let’s keep the Net a
friendly and productive place. Using this remailer to send death threats
is highly obnoxious. I will reveal your return address to the police if
you do this."
Legitimate remailer administrators will not tolerate serious harassment
or criminal activity. Report any such incidents to the remailer
administrator.
Having said that, I must report that I receive e-mail such as this:
"Someone is using a f***ing remailer to call me a hateful person. I
want to get my f*** hands on that f***ing person and kill him for
spreading the vicious lie that I have a bad temper. Why won’t the
f***ing jerk who runs the remailer help innocent victims like me?"
As I implied earlier, it is not easy to run a remailer!
How safe are remailers?
For most low-security tasks, such as responding to personal
ads, pseudo-anonymous remailers with pass-code protection are undoubtedly
safer than using real e-mail addresses. However, all the best made plans
of mice and men have weaknesses. Suppose, for example, that you are a
government employee, who just discovered that your boss is taking bribes.
Is it safe to use a pseudo-anonymous remailer to send evidence to a
government whistleblower’s e-mail hot line? Here are a few points to
ponder:
- The person who runs your e-mail system might intercept your secret
messages to and from the remailer. This gives him proof that you
are reporting your corrupt boss. This evidence could put you in
danger. - Maybe the remailer is a government sting operation or a criminal
enterprise designed to entrap people. The person who runs this service
might be your corrupt boss’ partner. Warning: I have seen a
few remailers that strike me as suspicious. I cannot name these
services…you must decide for yourself who to trust. - Hackers can do magic with computers. It’s possible that civilian
or Big Brother hackers have broken into the remailer (unbeknownst to
the remailer’s administrator), and that they can read your messages
at will. - It is possible that Big Brother collects, scans, and stores all
messages, including pass-codes, into and out of the remailer. - If you use a US-based remailer, a US judge could subpoena your
records.
For these reasons, hard-core privacy people are leery of
pseudo-anonymous remailers. These people use Cypherpunk or Mixmaster
programs that route their messages through several anonymous remailers. In
addition, they use PGP encryption software for all messages.
Where Can I Learn More?
Go to Bacard’s
home page—www.
well.com/user/abacard/privacy.html
Copyright 1999 André
Bacard, author of the Computer Privacy Handbook ("The
Scariest Computer Book of the Year"). With permission of the author