Smart Computing ® Smart Computing ®
Top Subscribe Today | Contact Us | Register Now   
middle
Home | Tech Support | Q&A Board | Article Search | Subscribe & Shop   


A Beginner's Guide To Internet Anonymity Email This
Print This
View My Personal Library
Plugged In
October 1998 • Vol.9 Issue 10 		Add To My Personal Library

A Beginner's Guide To Internet Anonymity

E-mail privacy is a myth. The ability to visit World Wide Web sites without being tracked is sheer fantasy. Servers (computers sending data to networks) track the contents and destination of your E-mail messages and the Web sites you visit, and can develop some revealing profiles about you with this information. Encryption can protect the contents of your E-mail messages sometimes, but encryption can be broken, and browsing is not protected. (Encryption is the act of encoding a file to prevent unauthorized access to its contents.)

Despite this, anonymity on the Internet is possible—thanks to some remailers and proxy servers that obscure your identity and make it impossible to track E-mail
messages.

Sending E-mail anonymously or visiting Web sites—even subscription-based sites—anonymously is not just for paranoid people. Anonymous E-mail offers a safe way to express opinions that may be out-of-character, for human rights advocates to obtain information out of repressive nations, and for whistle-blowers to report information. It also lets job-seekers use the Internet without fear of reprisal from their current employers, can help prevent flames (hostile messages) from overloading corporate E-mail addresses, and offers a way to post messages to sensitive newsgroups (areas where users post text messages to each other) while protecting one's identity.

Along with sending E-mail messages anonymously, the ability to visit Web sites anonymously protects our privacy from information miners, which gather personal information and sell it to marketers.



How Anonymity Works.

Remailers are key in ensuring that E-mail is anonymous. As the term implies, remailers remail E-mail messages through several such services, obscuring the address of the sender and making pathways untraceable. Most remailers are free, operated by people who believe that anonymity helps ensure free speech.



The Anonymizer allows you to surf the World Wide Web and send E-mail messages anonymously.
When you send a message to a remailer, your E-mail address is removed as the message enters the remailer's server. Then the message is repackaged to be the same length as all the other messages the server sends. A remailer adds blank space to short messages and condenses long messages so they meet the remailer's set message size. Next, the message travels to another remailer, and then another. It may be routed through several remailers and several countries, making it virtually impossible to track.

The weakest point in this system is between your PC and the first remailer. Standalone systems minimize the risk by eliminating a network server (the computer that controls access and offers resources to other computers in an interconnected group) that others can monitor at your site without your knowledge. If you are truly paranoid, you will set up your own remailer for your messages and then further bury them by remailing messages for others. This prevents anyone monitoring you from determining which messages originated with you and which you were merely remailing. (It is also best to encrypt your messages.) Otherwise, using existing, reliable remailers is easier and still offers strong protection.

Some remailers, including Anonymizer (http://anonymizer.com) and Nymserver (http://www.nymserver.com), offer encrypted transmissions between your PC and the remailer. Others, including Nymserver, prevent newsgroups from archiving your communications. Depending upon the degree of anonymity desired, people may be able to address responses to your E-mail messages to a pseudonymous address, which the site then forwards to you.

To preserve anonymity, only respond to E-mail through an anonymous or pseudonymous account. Also, check with the remailer to see whether, or how, E-mail is forwarded. Some will send it to your real E-mail address, and others will send it to that address using your pseudonym, which may compromise your pseudonymity while alerting you of the site from which it came (a particular newsgroup, for example).

Depending upon the service you choose, you may use a Web site, E-mail messages via a proxy (an extra server that sits between an application such as an E-mail program and the regular server), or download specific software. Additionally, some services ask users to sign up for an account. Some allow free, public use without an account while others offer paid options, with speed as the distinguishing factor.



Levels Of Anonymity.

When everything works properly, true anonymity is untraceable, even by the government. Although anonymous remailers have been forced to turn over their records to law enforcement officials, this is only a list of clients—people who pay for the service—and, possibly, a list of the computers that have accessed the service. The names, however, do not link to any specific E-mail address. Pseudonymous remailers, however, have been forced to link at least one real person, a Scandinavian, to a pseudonym.



The LPWA Proxy gives users control over the information they provide to personalized sites on the World Wide Web.
The weakest link in the process is between your PC and the remailer, and requires users to trust the remailers to do their job of removing the headers from incoming messages to prevent them from being traced. They have no identifying marks, not even a date. For increased security, send your E-mail messages through at least two other remailers and encrypt them before they leave your computer. Most remailers provide the option of choosing which remailers and the number of remailers you want to use.

Anonymous remailers. Among anonymous remailers, there are two major types of encryption algorithms (a formula for performing a task) that further ensure anonymous communications. Mixmaster (Type II) remailers are generally the most secure way to send anonymous E-mail messages. This Unix (a high-level operating system) anonymity program resists almost all omnipotent attackers, and requires a user to download a special client program to do the encryption on the user's system. If anonymity is a life-and-death concern, you should use this option on your system. Otherwise, make sure you use it on your remailer's system. Cypherpunk (Type I) remailers also are excellent, as are the other major class of remailers. Like Mixmaster, they use strong encryption and chaining to thwart attacks. Most remailers support Cypherpunk and Mixmaster remailers.

Pseudonymous remailers. Pseudonymity is sufficient for most U.S. users, even though it can be traced by law enforcement officials and by the server. The remailer operator and staff will know the sender's real name and E-mail address. Therefore, law enforcement officials can force the remailer to reveal someone's true identity. With pseudonymity, users choose pseudonyms to replace their actual names. People receiving your E-mail messages, or viewing your postings in a newsgroup, would not know your real identity. They would know you by your pseudonym. (Some pseudonymity remailers also offer PGP [Pretty Good Privacy] "key escrow" encryption for even greater security.)

Pseudonyms are beneficial because they are persistent. As a result, you maintain the same identity in each of your communications and you can receive E-mail messages to your pseudonym. Once your pseudonym becomes respected, the suspicion that comes with anonymous communications disappears.



Remailers.

About two dozen public, free remailers are operating at any given time. They come and go, however, and a only few major players remain for years. Before you choose one, check them out for features, encryption, data filtering, and regular availability (or uptime). To obtain the latest 12-day statistics on Mixmaster, Cypherpunk, or Nym (pseudonymous) remailers, visit the Remailer list at http://www.publius.net/rlist.html. That site lists the remailer, E-mail address, configuration information, response times, and their "uptime" percentage.

Some major remailers that use Mixmaster, Cypherpunk, and PGP encryption are Anonymizer, Nymserver, Replay (http://replay.com), and Cracker (remailer@anon.efga.org).

Each remailer has its own requirements and features. For example, some remailers work with the free Juno E-mail program and PGP encryption, but not with the S/MIME encryption algorithm. Furthermore, anonymous E-mail messages sent through Juno must be encrypted with PGP, while pseudonymous E-mail messages have no such requirement.



How To Use Remailers.

There are two basic ways to use remailers without becoming one yourself. The easiest is simply to go to the remailer's Web site (if it has one) and enter your message. Some will ask you to select the number of remailers the message should go through, and others will let you select some additional remailers from a menu. When you finish, press Send. Web-based remailers are intuitive and are as easy as sending regular E-mail messages from your PC.

The other, more complicated way to send E-mail messages is through a proxy. You will need an account for this type of remailing. For example, if using the Cracker remailer, an anonymous remailer, open your usual E-mail program and fill out your E-mail form like this:



To: remailer@anon.efga.org
Subject: (anything)



Then, in the body of the message type:
Anon-To: (the recipient's address)
Latent Time: +1:00r



Adding Latent Time determines when the message will be sent. The "+1:00" means the message should be held one hour. The "r" means send the message at a random interval. The combination "+1:00r" means, "Send the message at a random time, but hold it no more than one hour."

Without latency, an electronic eavesdropper could learn the times you logged into the first remailer (the only one in the chain who might know your real identity) and link your messages to outgoing messages. Good remailers automatically refuse to accept the part of the message containing your actual E-mail address or name on your message—rather than accepting it and stripping it off later—as it enters the system so they have no way of knowing who you are.

To be safe, end your message with "cutmarks" that will cut off anything after it—typically any digital signature. The usual marking is two hyphens followed by a space. If you forget the space your digital signature will remain. Additionally, if you want to add a subject or other headings to your anonymous E-mail messages, type three plus signs before the header, but on the same line, such as this:



+++ Flyfishing reply



Pseudonymous E-mail using a proxy is sent in much the same way. For example, the process of sending pseudonymous mail using Nymserver (for which you need an account) follows.

From your E-mail program (such as Netscape Messenger or Microsoft Outlook Express), address the mail to anon@ anon.nymserver.com (Nymserver's proxy mailer). Next, enter a subject. Then, in the body of the message or in the header type:



X-Anon-Password: (insert your password for your Nymserver account)
X-Anon-To: (insert the recipient's address)
X-Anon-Name: (insert your alias, for example, Stargazer or Captain Nemo)


What The Recipient Sees.

When the message appears in the recipient's Inbox, the sender is "Anonymous." The only information on the page is the subject you typed, the date and time it was sent, "From: Anonymous" with a dummy E-mail address such as "remailer@htp .org," "To: (the recipient's address)," and your message. Truly anonymous communications have no header, so the sender cannot reply.

Pseudonymous communications, in contrast, contain more information because they let recipients reply to pseudonymous E-mail. So, recipients of pseudonymous communications will see something such as:

From: Angelhair <angelhair@clouds-publishing.com>
To: (the recipient's real address)
Subject: Welcome to Clouds


The recipient can reply to the sender, although the real identity of the sender is unknown. Some pseudonymous remailers will alert the sender that the message has been forwarded. Replies sent to the pseudonymous E-mail address also have their real identities and addresses striped away. They are given a new identity and then forwarded. That way, the privacy of everyone is protected.



Time Delay.

Regular E-mail, sent directly from your PC, typically is delivered within five minutes. Remailed messages, however, are delivered within one to two days.

Latency, the amount of time a message remains at the first remailer before being forwarded to a second remailer, ranges from five minutes at the Replay remailer (remailer@replay.com) to almost 10 hours at the Htp remailer (mixer@ htp.org). Usual latency is about one hour, although messages are sent at random intervals to minimize the ability to connect and then trace incoming and outgoing messages.



Anonymous Web Access.

Few sites offer the ability to browse the Web anonymously. The Anonymizer, for one, acts as the middleperson for users so any cookies or other identifying information is traceable only as far as the Anonymizer. (Web sites place cookies files on users' hard drives to identify the user at the next visit.)

To surf anonymously from the Anonymizer Web site, click Anonymizer Surfing. In the address box that appears, type the Web address you want to visit. Then, Anonymizer goes to the Web site, downloads the page, and transfers it to your PC. There is a built-in delay of 30 seconds per page for free access, so access is slower than when going directly from your PC, but the trail left on the server leads to the Anonymizer, not to you. Faster service is available for $15 per quarter, according to the Anonymizer Web site.

A more robust, free service, LPWA Proxy, is still a technology demonstration run by Lucent Technologies. This service gives users control over the identifying information they provide to the personalized Web sites they visit that require a password. (Such sites include the LA Times, Barnes & Noble's personalized book service, HotWired, and the Financial Times.) Notably, the proxy information for your name and password is different for every Web page you visit. Therefore, you have a consistent persona for each personalized site you visit that is unrelated to that of any other Web page you visit. All you must do is remember your password to Lucent. The proxy server recomputes each password for each site as needed, so your passwords can't be hacked from the Lucent computer.

This proxy provides aliases for E-mail that are different for each site you visit and forwards E-mail to you. Lucent's mail server adds the original E-mail address as a "CC:" header so it is tagged to the alias E-mail, letting the user associate the E-mail with the site. It also lets you filter E-mail messages, refusing all E-mail messages from a given site.

To use the LPWA proxy, go to http://lpwa.com:8000. Configure your browser to use the LPWA proxy automatically, following the simple instructions at the site for Netscape Navigator and for Microsoft Internet Explorer. Enter your user name, E-mail address, and your secret password. Tell the proxy to provide a pseudonym. Then, when you visit a Web site for which you must log in (such as a subscription-based service) at its login menu, type in certain escape codes listed at the LPWA site in the log-in boxes rather than your actual information name, password, and E-mail address. These escape codes will generate the proper user name, password, and E-mail address for that site. For example, type /u, and the proxy will generate a user name. Likewise, type /p to generate an alias password and /@ to generate an alias E-mail address. You will find complete, easy-to-use instructions at the LPWA proxy site.

All these details of anonymous Internet use can seem pretty involved. But for anyone serious about protecting privacy, the effort of ensuring anonymity outweighs the hassle of dealing with compromised security.

by Gail Dutton




Want more information about a topic you found of interest while reading this article? Type a word or phrase that identifies the topic and click "Search" to find relevant articles from within our editorial database.

Enter A Subject (key words or a phrase):
ALL Words (‘digital’ AND ‘photography’)
ANY Words (‘digital’ OR ‘photography’)
Exact Match ('digital photography'- all words MUST appear together)




Home     Copyright & Legal Information     Privacy Policy     Site Map     Contact Us

Copyright © 2010 Sandhills Publishing Company U.S.A. All rights reserved.