======================================================================== Subject: APAS Anonymous Remailer Use [FAQ 1/8]: Overview ======================================================================== This is the first of eight parts of a list of frequently-asked questions (FAQ) and their answers regarding anonymous remailer use. The newsgroup containing the most discussion of anonymous remailers is (APAS). Consequently, this FAQ is the "APAS FAQ for Remailer Users," or the APAS user FAQ. Champerty wrote the original APAS user FAQ with the help of Stray Cat. Thanks also go out to Thomas Boschloo, Michael T. Shinn, Lord Running Clam, and all the regulars in APAS. Computer Cryptology (CC) now maintains the FAQ, using CVS to track changes since Champerty's leaving. CC thanks Frog-Admin for review of changes to part 5; Redbird for FAQ 4.8; Ahab, Saddle, and Doc.Cypher for FAQ 7.3; and Boris 'pi' Piwinger, Stefan Wagner (Narnia Admin) and Jochen Wersdörfer for assistance with FAQ 4.10. This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: APAS Anonymous Remailer Use [FAQ 1/8]: Overview 2: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server 3: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics 4: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details 5: APAS Anonymous Remailer Use [FAQ 5/8]: Statistics 6: APAS Anonymous Remailer Use [FAQ 6/8]: Software 7: APAS Anonymous Remailer Use [FAQ 7/8]: Nyms 8: APAS Anonymous Remailer Use [FAQ 8/8]: Troubleshooting ---------------------------------------------------------------------- Subject: APAS Anonymous Remailer Use [FAQ 1/8]: Overview This document is the overview. ------------------------------ Subject: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server 1: [FAQ 2.1] What is this newsgroup about? 2: [FAQ 2.2] Are there any rules I should know about? ------------------------------ Subject: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics 1: [FAQ 3.1] What is an anon server or anonymous remailer? 2: [FAQ 3.2] Who runs these remailers and why? 3: [FAQ 3.3] What is a Cypherpunk Remailer? 4: [FAQ 3.4] How do I get the key for a particular remailer? 5: [FAQ 3.5] How can I get all the keys for all the remailers? 6: [FAQ 3.6] What is a Mixmaster Remailer? ------------------------------ Subject: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details 1: [FAQ 4.1] Which remailers are good? Reliable? Secure? 2: [FAQ 4.2] How can I find more information about a remailer? 3: [FAQ 4.3] What is chaining? And what is a middleman? 4: [FAQ 4.4] Won't the first remailer in the chain know who I am? 5: [FAQ 4.5] Can't the last remailer's remop read my message? 6: [FAQ 4.6] How do I chain cypherpunk remailers? 7: [FAQ 4.7] Can I use mail2news gateways to post anonymously? 8: [FAQ 4.8] How do I know which newsgroups a gateway carries? 9: [FAQ 4.9] What's different about mail2news_nospam vs mail2news? 10: [FAQ 4.10] When replying to a message, how do I thread my post? 11: [FAQ 4.11] Which remailers permit my own "From:" header? 12: [FAQ 4.12] Where do I find public SMTP servers (open relays)? ------------------------------ Subject: APAS Anonymous Remailer Use [FAQ 5/8]: Statistics 1: [FAQ 5.1] What are stats pages? 2: [FAQ 5.2] How are stats Versions 1 and 2 different? 3: [FAQ 5.3] Where can I find stats pages? 4: [FAQ 5.4] Why are there dead remailers on the stats pages? ------------------------------ Subject: APAS Anonymous Remailer Use [FAQ 6/8]: Software 1: [FAQ 6.1] Do you recommend that I learn PGP (Pretty Good Privacy)? 2: [FAQ 6.2] Which remailer client should I choose? ------------------------------ Subject: APAS Anonymous Remailer Use [FAQ 7/8]: Nyms 1: [FAQ 7.1] How is a nym different from anon. posting? 2: [FAQ 7.2] How do I get a particular nym server's key? 3: [FAQ 7.3] Why do alt.anonymous.messages subjects look random? 4: [FAQ 7.4] Why are nyms such a bitch to set up? 5: [FAQ 7.5] How can I ensure nym creation goes smoothly? ------------------------------ Subject: APAS Anonymous Remailer Use [FAQ 8/8]: Troubleshooting 1: [FAQ 8.1] It's hours later! Why hasn't my test post arrived? 2: [FAQ 8.2] Why didn't my email/post make it through? ------------------------------ End of faq.1 Digest ******************* ======================================================================== Subject: APAS Anonymous Remailer Use [FAQ 2/8]: alt.privacy.anon-server ======================================================================== This is the second of eight parts of a list of frequently-asked questions (FAQ) and their answers regarding anonymous remailer use. The newsgroup containing the most discussion of anonymous remailers is (APAS). This part of the FAQ welcomes newcomers to that newsgroup. This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: [FAQ 2.1] What is this newsgroup about? 2: [FAQ 2.2] Are there any rules I should know about? ---------------------------------------------------------------------- Subject: [FAQ 2.1] What is this newsgroup about? APAS is an unmoderated, non binary, low volume newsgroup for the discussion of all things related to anonymity on the 'Net but especially related to anonymous remailers. In the past year or so discussions have widened to include those relating to new anonymizing services that exist outside of the traditional anonymous remailer network. I am speaking of services like Zero Knowledge's Freedom software, COTSE, Hushmail and Anonymizer to name a few. Incidentally, there are also newsgroups called alt.anon-server and alt.privacy.anon.server (a dot instead of a dash). 'Not much to see in those groups. This is where you want to be if you're interested in anonymous email and newsgroup posts. This is also the place where the authors of anonymous remailer software (QuickSilver author Richard Christman, for example) can provide advice and support for their products. ------------------------------ Subject: [FAQ 2.2] Are there any rules I should know about? Be aware that many here will post anonymously. But it certainly is not a requirement. Be forgiving of repeat anonymous posts. This results from remailer clients that have been configured to deliver messages through two (or more) mail-to-news gateways (see #4.1) so as to ensure reliable delivery. Don't send test messages to APAS. (Indulge me for a second while I repeat that one.) Don't send test messages to APAS! Try alt.test or misc.test instead please. These tests groups can also provide valuable information since many others will test remailer chains (see #4.3) there! Finally, Usenet etiquette is always appreciated here: Lurk before you post. No binary attachments. No HTML. Don't type in all caps. Don't give a troll a thread. And one I'm still working on: pause before hitting that send button. Posting an angry, hurried response will often leave you wishing you hadn't said what you said. Furthermore, an increasing number of news servers will not accept cancels. So cool off, sleep on it, and THEN post if you still feel the need. ------------------------------ End of faq.2 Digest ******************* ======================================================================== Subject: APAS Anonymous Remailer Use [FAQ 3/8]: Remailer Basics ======================================================================== This is the third of eight parts of a list of frequently-asked questions and their answers regarding anonymous remailer use. This part introduces anonymous remailers. This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: [FAQ 3.1] What is an anon server or anonymous remailer? 2: [FAQ 3.2] Who runs these remailers and why? 3: [FAQ 3.3] What is a Cypherpunk Remailer? 4: [FAQ 3.4] How do I get the key for a particular remailer? 5: [FAQ 3.5] How can I get all the keys for all the remailers? 6: [FAQ 3.6] What is a Mixmaster Remailer? ---------------------------------------------------------------------- Subject: [FAQ 3.1] What is an anon server or anonymous remailer? An anonymous remailer is a computer which has been configured to run remailer software. This software is a specialized kind of email server software. Unlike the average email server which goes to great lengths to log all incoming/outgoing traffic and add identifying and traceable info to its outgoing mail (in the form of headers) remailer software ensures that outgoing mail has been STRIPPED CLEAN of any identifying information! Thus the name 'anonymous' remailer. The remailer performs certain automated tasks which include retrieving mail, decrypting/processing that mail (only mail that is properly encrypted and formatted), obeying the directives within the message and, finally, delivering - remailing - the finished product to a second party in anonymized form. When received by that second party it will reveal only that it was sent from an anonymous source (usually the remailer's name and email address). The IP address shown will be the IP address of the remailer machine. Ideally, no logs are kept by the remailer software. This ensures both the anonymity of the user and protects the operator from liability. (See Mike Shinn's work in progress FAQ For Remailer Operators .) The process is not completely automated since a human operator is required - called a remailer operator, or RemOp - to ensure that traffic is running smoothly, that PGP and Mixmaster encryption keys are kept updated, that complaints of abuse are dealt with, and also that users and fellow operators are kept up to speed on any changes to the remailer's configuration. APAS is the place where such updates are posted. They are also posted to the Remailer Operator's Mailing List (Blank email to remailer-operators-request@anon.lcs.mit.edu for details on how to subscribe.) There is also an archive of the Remop's List . You can even post to the list from this Web page! (Thanks Mike Shinn.) That's basically how a remailer works. Some anonymous remailers can send both email and newsgroups posts. And most will require newly arrived messages to be encrypted. More about that later. See also: Andre Bacard's Remailer FAQ and William Knowles' overview of anonymity on the 'Net . ------------------------------ Date: 07 July 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 3.2] Who runs these remailers and why? Summary: Determine for yourself the remailer operators' character. Some documents will refer to the "traditional remailer network". This refers to the remailers listed on the many stats pages (see FAQ 5.1) available on the Web. These are run, mostly, by individuals like those in APAS, who value free speech, especially anonymous speech, and want to provide a free service to those you need to communicate anonymously. Keep in mind that there is no way to know the real motivation a remailer operator has unless you know them personally, and even then you may not know the full story. Since anyone with the technical ability and network connectivity can operate a remailer, there are endless possibilities as to the real motivations behind offering such a service to the public at large. Always floating around the APAS rumor mill are accusations that one or more remailers are really being run by intelligence agencies, law enforcement agencies, and even terrorist organizations and other criminal types. Of course no credible evidence is ever presented to back up these accusations so they are mostly dismissed as trolling. But if one takes the devil's advocate position, there is never any evidence presented to refute these rumors either; that is, it is entirely possible they could be true. One way to learn more about individual remops might be to visit their home pages, some of which are here in alphabetical order: __Remailer Web Pages__ Austria Cracker Dizum Farout Lefarris (en Français) Narnia (mostly German) Noisebox Randseed Riot Senshi Shinn SubZer0 Cmeclax __Nym Servers__ NYM.ALIAS.NET Nym Server ANON.XG.NU Nym Server Redneck Nym Server (middleman) (Submit other Web page URLs to CC .) Learning to use the traditional remailer network takes some time and effort. And this time and effort pays off handsomely by providing the user with a highly secure method to communicate privately and anonymously. But many privacy-minded folks (and their ranks are increasing daily!) are looking for an easier and less time-intensive approach. Some are even willing to pay for it. To satisfy this niche there have arrived many new products and services that provide various combinations of anonymous email, newsgroup posting and Web-surfing with varying degrees of anonymity. To describe and evaluate these services is, for now, beyond the scope of this FAQ. I have provided URLs for some of these services below. I have categorized them into two groups: free of charge and fee-based. Noteworthy amongst these is the fee-based Freedom Software by the Montreal-based Zero Knowledge Systems (ZKS). Launched in December 1999, Freedom is a 'privacy system' not unlike the traditional remailer network . It allows users to send email, post to newsgroups, chat and surf the Web in total privacy without having to trust third parties with their personal information. Freedom users create multiple digital identities - "nyms" - with which their online activities are associated. All data packets Freedom users send are encrypted and routed through a global privacy infrastructure called the Freedom Network, which is hosted by participating ISPs and other independent server operators. A 30-day free trial is available. The package has been criticized for not being open-source. But that is changing. The source code of the kernel module of the Linux version of Freedom has been released; and the release of the Windows version source code is "coming soon"; _Free of Charge_ GILC Web-Based Remailer Hushmail Safeweb Zixmail Anonymouse COTSE Somebody.net ANON.XG.NU's Web-Based Remailer Chicago _Fee-Based_ ZKS Freedom SkuzNET's The Internet Mail Network Mailanon IDcide For an interesting discussion of the pros and cons of anonymous speech check out this link from LCS.MIT.EDU: (I'm looking for more links of this nature: political, legal perspectives on remailers. If you know of any please pass them on to CC .) ------------------------------ Subject: [FAQ 3.3] What is a Cypherpunk Remailer? Also referred to as a Type I, this is a remailer that accepts messages encrypted with its publicly available PGP key. PGP is Pretty Good Privacy, the well-respected public-key encryption program which is widely available and, with a few exceptions, freeware. Users encrypt their clear-text, outgoing message with the Cypherpunk remailer's public key. This can be done with any text editor like Notepad and a properly installed version of PGP. There is a particular message format to follow, one that the remailer software can understand: ============ :: Anon-To: news.reporter@nbc.com Latent-Time: +0:00 ## Subject: My Company Dumps Toxic Waste I'm writing this anonymously because I don't want to lose my job. My company has, for the past three years... ============ The above message is cut and paste into PGP and encrypted with the chosen remailer's key, say gretchen@neuropa.net ============ -----BEGIN PGP MESSAGE----- Version: PGP 2.6x hQCMA8asoPEC0e2BAQP9GqR2aXNOstRq8eJW2QVubioR0gO7Ue0AOL/rFdnxXknC YPpe2X2TKlcvd961+lhe9w2Y8vo3JcBYYBifTJRwmMjnXLagCU4Mhh0VZtk/QXMZ /FLeJWi67qsb45a2mNw0/Q8eXHKfOQyHcmEQ7cg/bq4Xz6LusfxBHF8zsojVOgal 8RVRtr9drjBlOzJvWxaq7LrKidME6q0tM7pRiLN5dvVBon2NKlmpJI6vAFjyi8ma f5Bg6Zor+PMxcm3EmuWbjLEiOu5USrTgU4OiaC7PHF9INxwXuKmdNz/JprgOc0c6 6s6RvbOo6rsvlwqPKw== =ICz/ -----END PGP MESSAGE----- ============= Finally, the user has to append a directive to the top of the encrypted message, making it look like this: ============ :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: PGP 2.6x hQCMA8asoPEC0e2BAQP9GqR2aXNOstRq8eJW2QVubioR0gO7Ue0AOL/rFdnxXknC YPpe2X2TKlcvd961+lhe9w2Y8vo3JcBYYBifTJRwmMjnXLagCU4Mhh0VZtk/QXMZ /FLeJWi67qsb45a2mNw0/Q8eXHKfOQyHcmEQ7cg/bq4Xz6LusfxBHF8zsojVOgal 8RVRtr9drjBlOzJvWxaq7LrKidME6q0tM7pRiLN5dvVBon2NKlmpJI6vAFjyi8ma f5Bg6Zor+PMxcm3EmuWbjLEiOu5USrTgU4OiaC7PHF9INxwXuKmdNz/JprgOc0c6 6s6RvbOo6rsvlwqPKw== =ICz/ -----END PGP MESSAGE----- ============ The user then mails the above encrypted message (double colons and all) NOT to the intended recipient but instead to the remailer's address: . This arrives at the remailer where it is eventually processed, decrypted and mailed to appearing to have come from "Anonymous" . Most remailers are not purely Cypherpunk but will accept both Cypherpunk and Mixmaster messages. Keep in mind too that there are currently only a few Cypherpunk (Type I) remailers that will accept non-PGP messages and their numbers are dwindling. See also: This tutorial with pictures and step by step instructions . Read some history about how Cpunk remailers first came about . Visit this link at LCS.MIT.EDU about remailers and their importance . ------------------------------ Date: 24 October 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 3.4] How do I get the key for a particular remailer? Summary: Send remailer an email message with "Subject: remailer-key". That's easy! Send a blank email message to the remailer with "remailer-key" (without the quotation marks) as the subject line. The reply from the remailer should contain its PGP (perhaps both RSA and DH/DSS) and Mixmaster keys. If you can't get a reply to a remailer-key request it's likely you won't get any mail through that remailer either! ------------------------------ Date: 02 March 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 3.5] How can I get all the keys for all the remailers? Summary: Get them individually; see question 3.4. There are some stats maintainers who will maintain an up-to-date collection of all the current remailer keys. Here are a few places to download all the keys, starting with the newest: Computer Cryptology's Database Frog's Thesaurus Data OR OR Trex is out-of-date and Peter removed it. As Weasel used to say, "*Get [the keys] yourself from each remailer!* I mean it!" Frog's Web page agrees that collecting information and/or remailer keys second hand is a bad idea. The most secure (but not the fastest) way to do this is to send individual requests to all the remailers according to your needs: Subject: remailer-key Subject: remailer-conf Subject: remailer-help Subject: remailer-stats If you nevertheless permit your client to refresh keys from keyrings on the Web, lists of the known key sources likely to be more current than this FAQ are here: Frog's MetaStats OR OR The following URLs might be current--check the date of this FAQ. (The links come from Computer Cryptology's List of Known Stats Sources, and .) efga ; farout ; ; shinn ; subzer0 ; turing ; Use of these URLs depends on the remailer client. For example, for the Mixmaster keys, one might need pubring.mix and, perhaps, type2.lis depending on the Mixmaster version. Examples illustrating how to place these in various clients are on these Web pages: Client Configurations for DUMMIES Stats - Configuration (JBN2 only) Consider the comments in question 5.4 before using the following URLs: lefarris xganon ; These may be out of date! ------------------------------ Subject: [FAQ 3.6] What is a Mixmaster Remailer? Also known as a Type II remailer, this kind of remailer accepts messages in the Mixmaster format. It doesn't use a PGP key but instead it uses it's own Mix key which looks like something like this: -----Begin Mix Key----- 08daa0412580b473b0405a27b6eb72f6 258 AATLm+Il10etAgaOBsAMfggFXi2ghiyypIkZkqhh W0Ef6LvDNLdPZ94Gu4QgPDD+q13JyRwmU/TvTgIk SBGxv9dUH3J22BEg600vD9lWOcFiq3ApjUuxS76T Zf+lGTINOIs+zkAmrojqueQfHFxBE0rMembno8jg VHlOpyeHRfJNIQAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB -----End Mix Key----- Mixmaster uses a message format based on RSA and Triple-DES encryption. Messages are multiply encrypted and formatted so as to appear identical to other Mixmaster messages . Messages are sent through chains of Mixmaster remailers. Each remailer removes one layer of encryption, and forwards the message. When the final remailer delivers the decrypted message to the recipient, it is impossible to find out where it came from even if part of the remailer chain is compromised. Mixmaster remailers improve on Cypherpunk remailers by making traffic analysis much more difficult. It does this by making all incoming and outgoing messages the same size (28.1kb) and by re-ordering messages before delivery - so that traffic coming in cannot be associated necessarily with traffic going out. The building of a Mixmaster message cannot be done with a text editor! Special client software is required. See also Mixmaster FAQ . ------------------------------ End of faq.3 Digest ******************* ======================================================================== Subject: APAS Anonymous Remailer Use [FAQ 4/8]: Remailer Details ======================================================================== This is the fourth of eight parts of a list of frequently-asked questions and their answers regarding anonymous remailer use. This part answers more questions about remailers. This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: [FAQ 4.1] Which remailers are good? Reliable? Secure? 2: [FAQ 4.2] How can I find more information about a remailer? 3: [FAQ 4.3] What is chaining? And what is a middleman? 4: [FAQ 4.4] Won't the first remailer in the chain know who I am? 5: [FAQ 4.5] Can't the last remailer's remop read my message? 6: [FAQ 4.6] How do I chain cypherpunk remailers? 7: [FAQ 4.7] Can I use mail2news gateways to post anonymously? 8: [FAQ 4.8] How do I know which newsgroups a gateway carries? 9: [FAQ 4.9] What's different about mail2news_nospam vs mail2news? 10: [FAQ 4.10] When replying to a message, how do I thread my post? 11: [FAQ 4.11] Which remailers permit my own "From:" header? 12: [FAQ 4.12] Where do I find public SMTP servers (open relays)? ---------------------------------------------------------------------- Subject: [FAQ 4.1] Which remailers are good? Reliable? Secure? The "good" and "reliable" remailers are the ones that work for you and have the feature set you need or want. The "secure" remailers are the ones operated by those who do not monitor the traffic passing through them AND have good security policies in place on their networks and machinery to prevent their remailer from being penetrated by unauthorized parties and subsequently compromised. Since you can never know for yourself how "secure" any one individual remailer is, you should always use encrypted chains of remailers (see #4.3) to send your messages. So long as all the remailers in your chain have not been compromised or their operators are not cooperating amongst themselves, then your traffic will be reasonably secure. Advanced topics relating to traffic analysis of the remailer network that may allow adversaries to deduce the source and destination of individual messages is, for now, beyond the scope of this FAQ. However, it is almost certain that these activities do take place to some degree. It is for this reason that you we have advanced remailer protocols such as Mixmaster, and proposals for other up-and-coming network scenarios (like WOF , RadioClash , Publius , Freenet ) to reduce the effectiveness of traffic analysis. ------------------------------ Subject: [FAQ 4.2] How can I find more information about a remailer? Send a blank email to the remailer address with "remailer-conf" (no quotes) as the subject line. In addition to this you can also send a blank email with "remailer-help" (no quotes) as the subject. Visit the remailer's Web page if one exists. And pay attention to APAS for any announcements or policy changes from the remailer's operator. ------------------------------ Subject: [FAQ 4.3] What is chaining? And what is a middleman? Before chaining one's messages one must have an understanding of middleman remailers. A middleman remailer ("middle" in its cap string) is one that always adds another hop to any message that is not already en route to another remailer. Example: If you send a message to recipient through middleman remailer Georgia Cracker ), Gacracker will send it to say, , with instructions to deliver to . This behavior demonstrates what is known as smart middleman. All Reliable remailers that are running in middleman mode are smart.Check the remailer-conf file to be certain just what kind of middleman behavior to expect. Now, back to chaining. Chaining is using more than one remailer to send your encrypted message. Basically, you send a message to remailer A with instructions to send it to remailer B, which in turn finds instructions to send it to remailer C, and so on, until the final recipient receives the message. The intention is to obfuscate the origin of the email and/or (with the help of encryption) the content of the message body. At any given point on it's route, such a message will reveal only where it came from and where it is going. If the message was not chained (only one remailer was used) then that remailer operator or a successful traffic analyst can know the true source AND destination of the message. Not good. ------------------------------ Subject: [FAQ 4.4] Won't the first remailer in the chain know who I am? Well, yes. He knows as much about you as can be revealed from your email headers, i.e. the original source of the message. But if your message is chained (as described above) to another remailer AND ENCRYPTED with that remailer's key, then the first remailer (and anyone snooping his traffic) cannot read your message. All they will see is an encrypted message (with no subject line) that is heading to some other remailer. Since your message must enter the remailer network somewhere, that first remailer operator can always know where the message is really coming from. It is for this reason that chained messages should always be encrypted and not sent in the clear through remailers that will accept clear text messages (Noisebox Remailer or Xganon for example). There is absolutely no security in sending an unencrypted chained remailer message. Using remailers without encryption (whether it's PGP or Mixmaster) is like a police officer choosing to leave his bullet-proof vest at home in his closet! ------------------------------ Subject: [FAQ 4.5] Can't the last remailer's remop read my message? Absolutely, if he wanted to. But all he knows is the message contents, where it is going, and the fact he got the message from another remailer. He will not know the original source of the message. If that is more than you want to reveal than you need to encrypt to your final recipient instead of sending a plain text correspondence. Of course, this isn't always feasible. The final recipient would need to have PGP on his computer, you would have to exchange public keys or a conventional password beforehand. It's really up to you the user to decide just how much security you require for a particular message and take the necessary precautions. ------------------------------ Date: 8 Aug 2001 14:32:06 -0000 From: Doc.Cypher Subject: [FAQ 4.6] How do I chain cypherpunk remailers? Message-ID: <20010808143206.22587.qmail@gacracker.org> Summary: Encrypt each Anon-To within the previous remailer's message. [For a step-by-step explanation of remailing with cypherpunk remailers, see FAQ 3.3. For an explanation of chaining, see the post below, or follow John Hull's example: An explanation is also in the help file from almost any remailer (under the heading "REMAIL REQUEST: CYPHERPUNK CHAIN" for most Reliable remailers). Send a blank email message to a remailer with "remailer-help" (without the quotes) as the subject, or see Frog's Thesaurus Data . -CC] -----BEGIN PGP SIGNED MESSAGE----- On Wed, 8 Aug 2001, Anonymous wrote: [SNIP] >Now I want to use a chain of remailers? How do I do this? I'm >guessing I should somehow encrypt the message using all the keys of >the remailers in the chain? And if I send the message to the first >remailer in the chain, how do I let that remailer know to send it to >the next one? If someone could either tell me how to do this, or >direct me toward an information source explaining this, I'd >appreciate it. Chaining messages is achieved by repeating the encryption steps. Taken as an example, chaining through two remailers thus, You -> A -> B -> Recipient You start off with your message and prefix with :: Anon-To: ## Subject: You then encrypt this with the key of the remailer B, and prefix it with :: Anon-To: :: Encrypted: PGP You take this and encrypt it with the key of remailer A, and prefix with :: Encrypted: PGP and now send it to remailer A. What happens then is that remailer A takes the message, decodes it, and sends it to remailer B. Remailer B decodes it and sends it to the recipient. Doc. - -- The bigger the humbug, the better people will like it. ~ Phineas Taylor Barnum. http://vmsbox.cjb.net/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBO3By8sriC3SGiziTAQH4Cwf+JSwjLQcPtVbNAOKB28NBdA+yLLWYflmB bjpH3nzDyV0TUEEiRH7gdancM8CuMk4n+5D+hWCHIyFoaR93/BuGdft9s8xuPi8M nzSzPO4pFht8NTzhkkrn9iUcJWgh+fFNfBvWtjDCLs6qdxoQwTUI9N0ioceAlK1S vk78pYdZ9srxCEr5sCyuAR56wRq0Sa81SDePOcYz48FrRR51Zdoe/cu3Hu4AYeY5 wpC5J59U0BIVb9xnt9zBR7I3aQZArFffZ2G6vdEHDnVulY5hpXjenEgUCUjFH+da bCD6dCOVtPxYvFbo9mmMY6spiDwfeaOXzniFdFvqdrbADycW2s7qiw== =3VgO -----END PGP SIGNATURE----- ------------------------------ Date: 05 August 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 4.7] Can I use mail2news gateways to post anonymously? Summary: M2N gateways forward email messages to Usenet postings. Although they are not anonymous remailers, mail-to-news (mail2news or M2N) gateways are an important part of the remailer network. They forward email messages to Usenet, permitting posting of messages or (in some cases) binaries to certain newsgroups. (See FAQ 4.8 for instructions on determining which newsgroups are available.) Be warned that these gateways by themselves do not make messages anonymous. Their administrators *will* keep logs. It is the remailers that strip off the identifying information from your message, *not* the M2N gateway. The gateway only delivers to a newsgroup. See the official help file M2N gateways by sending a blank email to with the subject "help" (no quotes). It is when you use an anonymous remailer in combination with a mail-to-news gateway that anonymous newsgroup posts are possible. There are actually two methods of posting anonymously to Usenet: via an "Anon-Post-To:" directive or via an "Anon-To:" directive. Note that in most cases remailers with "post" in their cap strings actually forward to a M2N gateway rather than posting via NNTP, so these methods are often equivalent. Method #1 Below is a template for the first method. Send the following email message to a remailer that supports anonymous newsgroup posting ("post" in the cap string). :: Anon-Post-To: misc.test ## Subject: This is a boring test Start your message here. Method #2 Below is a template for the second method. Send the following email message to a Cypherpunk remailer ("cpunk" in the cap string). :: Anon-To: mail2news@dizum.com (or any other mail2news gateway) ## Subject: Is Gretchen Down? Newsgroups: alt.privacy.anon-server X-No-Archive: yes (this line is optional) Start your message here. Both of these methods will work. Pay attention to the cap strings. Many remailers are PGP-only ('pgponly" in the cap strings). So before sending to those remailers you will have to encrypt the above with the remailer's pgp key. Here are some other mail2news gateways you can use: * See FAQ 4.8 for an explanation of the significance of the "nospam" gateways. *Note that is an alias for . The preferred address is . See this Web-Based Mail2News Interface for a quick-and-dirty way to post anon to Usenet. See also for help with Dizum's mail2news gateway (formerly known as ). ------------------------------ Subject: [FAQ 4.8] How do I know which newsgroups a gateway carries? For : To receive a list of all newsgroups send mail to with Subject "groups" (no quotes). For : Same method as above. Or you can finger for a full listing of groups. For : It offers the same capability. Unfortunately, the last time I checked the list of groups it sends back is incomplete and inacurate. It's safe to assume, however, that like the other two gateways Dizum supports between 10,000-25,000 newsgroups from all the major hierarchies. You can also include an egrep-style regular expression on the subject line. For instance, Subject: list comp\.unix would list only newsgroups whose names begin "comp.unix". Subject: list .*linux would list all newsgroups whose names contain the substring "linux". Subject: list alt.*(security|privacy) would list all newsgroups beginning "alt" and containing either the word "security" or the word "privacy". Subject: list .*\.test$ would list all newsgroups ending ".test". ------------------------------ Date: 9 Mar 2001 19:10:43 -0000 From: Redbird Subject: [FAQ 4.9] What's different about mail2news_nospam vs mail2news? Message-ID: <20010309191043.24928.qmail@gacracker.org> Summary: No-spam gateways change headers to hinder address collection. [edited by turing+apas-user-faq@eskimo.com (Computer Cryptology)] On Fri, 9 Mar 2001, Nomen Nescio wrote: > What's the difference between these two?: > mail2news_nospam@anon.lcs.mit.edu and mail2news@anon.lcs.mit.edu The first is the no-spam variant of the same mail2news gateway. How does the no-spam variant work? The address of my nym account is redbird@redneck.gacracker.org. If I had addressed my send request for this message to mail2news@anon.lcs.mit.edu, my nym account address would have appeared in the From header. An address collector would be able to find it easily, and I might end up receiving spam e-mail. Instead I've addressed my send request to the no-spam variant, mail2news_nospam@anon.lcs.mit.edu, and my message should include the following From header: From: Redbird This header is added by the mail2news gateway. The following portion of it is standard: . And it instructs the person reading it to use the Author-Address header (see below). The only thing that will vary is the name preceding it, and this is determined by whatever precedes the @ in the real nym account address. For example, if the real nym account address were ruth@redneck.gacracker.org, the From header would read as follows: From: Ruth My message should also include the following "Author-Address" header: Author-Address: Redbird nym alias net This header is also added by the mail2news gateway and is the means by which it provides my real address to anyone who might wish to reply to this message by e-mail. There are no-spam variants for all three mail2news gateways: mail2news@anon.lcs.mit.edu mail2news_nospam@anon.lcs.mit.edu mail2news@dizum.com mail2news_nospam@dizum.com mail2news@mixmaster.shinn.net mail2news_nospam@mixmaster.shinn.net Redbird ------------------------------ Subject: [FAQ 4.10] When replying to a message, how do I thread my post? There are two ways to thread your messages into a discussion. You can do it manually, or take advantage of features in JBN to automate the process. I'll explain the hard way first... * In JBN, open your book which you intend to post with. * Enter "Re: Remailers Suck!" (or whatever the relevant subject is) into the "Subject: " field. * Find the message you want to followup and copy the message ID. (example <3e125abb862940edf80aa2a5a276790f@anonymous.poster> ) Take this and put "References: " in the additional headers box under the subject. * Copy bits you want to keep from the original message, you can paste these into the book by right-clicking and selecting "Paste As Quote". * Don't forget the "Newsgroups:" header! :) You should be able to manage this easily provided you can get the message ID out of your newsreader. Now, the easy way involves getting the entire message **and headers** into the clipboard. This is the part that depends on which newsreader you use. With XNews, for example, make sure all headers are displayed within the message and then right-click and select "Copy All". With the entire message (and most importantly the headers) on the clipboard, select the book you will use to construct a reply, select "Follow-Up Clipboard (Ctrl-U)" from the "Message" drop-down menu. You can then quote the entire message and edit as appropriate. It is really simple once you've managed it a couple of times. One point to watch out for! If replying to a message in a long thread, you may want to trim excess References elements from the headers. Remailers (esp those that use Mixmaster software) don't take kindly to long headers or badly wrapped headers. Summary: All you really need is the message ID of the post you are replying to. ------------------------------ Date: 16 August 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 4.11] Which remailers permit my own "From:" header? Summary: Only a few remailers permit custom "From:" headers. [Thanks are due to Boris 'pi' Piwinger for reports, Stefan Wagner (Narnia Admin) and Jochen Wersdörfer for mentioning their remailers, and Farout-Admin for posting regular updates.] A more up-to-date and complete answer to this question is available in the following table: As of the date of this FAQ, tests indicate the following remailers permit the user to specify part or all of the "From:" header line (either the entire address or the nickname only) in the final headers [1]: farout frog2 italy2* narnia* segfault shinn* squirrel *Note that italy2, narnia, and shinn add a disclaimer (either in the header of the body of the message) when the message has a custom "From:" header. The intent of this warning is to reduce forgery complaints. [1] See the Reliable User's Manual for further information: ------------------------------ Subject: [FAQ 4.12] Where do I find public SMTP servers (open relays)? Relaying mail through the servers of a third party is, at best bad Internet etiquette and, at worst, theft of service. This is not just my view but the view of Internet users and service providers worldwide. Many of the larger ISPs, in a preventative move to stop their own customers from spamming others, have blocked customer's connections to any smtp servers but their own. Open relays, in the vast majority of cases, will not hide the origin of your message. Your IP address is visible and all traffic is logged. Still not deterred? Okay. Here's one method of finding an open relay: + Visit newsgroup and scan through the posts there looking for any spam reports that mention open relay, hijack, or relay-rape. + Take the mail servers you find in "sightings" and plug them, one by one, into the form at . + If your tests indicate that a particular email server is still an open relay then your search is over. Insert the mail server's address in place of your ISP's SMTP server in your email client's configuration. ------------------------------ End of faq.4 Digest ******************* ======================================================================== Subject: APAS Anonymous Remailer Use [FAQ 5/8]: Statistics ======================================================================== This is the fifth of eight parts of a list of frequently-asked questions and their answers regarding anonymous remailer use. This part is all about remailer statistics (stats). It has changed to provide a more complete list of stats sources and to indicate how current those sources are in opinion of the maintainer. This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: [FAQ 5.1] What are stats pages? 2: [FAQ 5.2] How are stats Versions 1 and 2 different? 3: [FAQ 5.3] Where can I find stats pages? 4: [FAQ 5.4] Why are there dead remailers on the stats pages? ---------------------------------------------------------------------- Date: 02 March 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 5.1] What are stats pages? Summary: Stats pages have estimates of remailer reliability and latency. Stats pages are a snapshot of the current status of the traditional remailer network. They list the remailers the maintainer of that stats page is "pinging", those remailers' capabilities and limitations, and how well those remailers are replying to those pings. From this data, remailer uptime and latency can be deduced. Keep in mind that the results shown on different stats pages often vary widely and that the stat page you are looking at shows the results as seen from the remailer doing the pinging. Network conditions between this remailer and the others can and will influence the results. For example, a stats source (pinger) temporarily without mail access will list all pinged remailers as having low reliability (assuming that Web access is present). In fact, it is the pinger itself whose reliability has declined. Refreshing stats from such a pinger may result in the remailer client complaining that there are not enough remailers. Other things that will influence the results are not having the current key(s) for a remailer on the pinger's keyring. Often key changes are made and announced, but a stats page maintainer might miss this, or his remailer isn't automatically updating with new keys and purging old keys. If possible (i.e., if the stats source provides them), check the keyrings. With new remailers coming on line all the time and others departing the network after only a brief appearance, it can be very difficult to maintain an accurate list of exactly which remailers are really online. Also, when a remailer joins or leaves the network, the uptime and latency stats for that remailer will not respond instantaneously. Stats are an analysis of data taken over several days and presented as a moving average. Some stats pages are in question 5.3. Elcaro posts his Remailer Reliability Statistics daily in APAS. This guy is a stats maniac! His stats offer: * 1 Hop Remailer Check for a day and the last week * MultiHop(1-4) Remailer Check for a day * Position Check for the MultiHop Check for a day each remailer giving Success/Failure/Total/Percentage for every position * Position Check for the MultiHop Check Summary for the last week * Arc Analysis for Last 7 Days Success/Failure/Total/Percentage ------------------------------ Date: 02 March 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 5.2] How are stats Versions 1 and 2 different? Summary: Different clients read different stats. There isn't a really big difference between them. Version 2 is somewhat more detailed and uses different symbols than Version 1 to represent the measurements of Latency, History and Uptime. Here's a typical Version 1 stats format and here's a typical Version 2 . These are in HTML. You may also download TXT versions of each. The file names may vary (rlist, rlist.txt, remailer-list, etc...), but here are the recommended file names: Filename Remailer-Type Format Stats-Version rlist Cypherpunk Plain Text 1 rlist.html Cypherpunk HTML 1 rlist2 Cypherpunk Plain Text 2 rlist2.html Cypherpunk HTML 2 mlist Mixmaster Plain Text 1 mlist.html Mixmaster HTML 1 mlist2 Mixmaster Plain Text 2 mlist2.html Mixmaster HTML 2 Further information on stats formats comes from RProcess' Specification and RFC for Remailer Stats Version: 2.b . Most users need only consider which stats version their client will read. Here is a summary of the recommended version. Further comments are below. Software Recommended Version Recommended Format JBN1 1 HTML JBN2 2 Plain Text Mixmaster 1 HTML? Quicksilver 1 Plain Text Private Idaho 1 HTML Reliable 2 HTML Jack B. Nymble v.2 and Reliable v.1.0.5 JBN2 and Reliable 1.0.5 can read both types of stats. Pick a format that you like and stick with it. Quicksilver Quicksilver reads only Version 1 stats in TXT format (e.g., mlist.txt and rlist.txt). Mixmaster The operator of Cmeclax Remailer, , confirms that, as far as he can tell, "...Mixmaster 2.9 doesn't understand Version 2 [stats]. I tried it a while ago, and it had no reliability data when I made chains." Jack B. Nymble v.1 Frog-Admin says that JBN1 only reads version 1 stats. In that operator's experience, JBN1 works better with HTML files than with plain text files. Private Idaho As for Private Idaho, there are lots of different variations of this older program. But it's safe to assume that most of them require Version 1 stats in HTML format (e.g., remailer.htm) and won't work with Version 2. Other Clients Be aware that some of the older client software like Potato, Decrypt and Mixmaster 2.0.4 cannot read Version 2 Stats. ------------------------------ Date: 02 March 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 5.3] Where can I find stats pages? Summary: Various URLs may point to stats pages. First, consider where you might find stats pages that are no longer useful. RProcess packaged JBN2 and Reliable when different stats pages were active. The included stats lists are no longer current. Next, there are several indexes to stats sources (pingers). Starting with the newest, below are the indexes available on the date shown above. lefarris "Les autres remailers" OR weasel "Anonymous Remailer Stats, Meta-Stats and other Information" frog "All Pingers' Index" OR OR As of the date of this question, the following pingers (in alphabetical order) are accurate and current or up-to-date--according to frog (see above) and turing, at least: austria efga farout frog helferlein senshi shinn subzer0 turing The following stats sources produce lists significantly different from the stats sources above. The cmeclax page, for example, says "Note: I am behind a modem, so my latency figures include my own latency as well as those of the pinged remailers. Use these stats only to decide what remailer to put after or before me." Consider the comments in question 5.4 before using the others. cmeclax lefarris publius In addition to the pages above, active remailers with stats pages include the following that are CURRENTLY OUT OF DATE, but may someday return because the remailer still operates: bruble2 gretchen xganon Check the date of this FAQ and of the stats pages! The three above are NOT UP-TO-DATE as of the date of this writing. ------------------------------ Date: 02 March 2001 12:00 Z From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 5.4] Why are there dead remailers on the stats pages? Summary: Stats pages may go out of date when remailer network changes. This happens because the keeper of that stats page is either not aware that the dead remailers have officially left the network, or is behind on maintaining his stats pages. Often stats pages are maintained by remailer operators and their other remailer duties will take priority over updating their stats pages. Unfortunately, a poorly maintained stats site will often lead to problems for remailer users when they plug those URLs into programs like Jack B. Nymble, Private Idaho or QuickSilver and receive configuration error messages. The problem will repeat itself every time your stats are updated and the site with the stale keys is polled. One attempt to provide information on the problem described above is found in Computer Cryptology's Comparison tables: Further information is available at Frog's MetaStats Page . Two comparisons between stats sources can help in selecting pingers to include in a remailer client's list. First, the "Last update" time indicates if the values are current. Second, a comparison of the remailers each stats source list can indicate if the problem described above is occurring. For example, imagine a particular stats source lists many remailers at 0.00% reliability ("uptime"), is the only pinger to list several remailers, and doesn't list a dozen remailers that the majority of other pingers include. That stats source is probably out of date, even if the "Last update" time is current. For further consideration, the cells in Computer Cryptology's Comparison shade to indicate suspected error values or outliers, i.e., values far from the average of other stats sources. The details are on those pages. Similarly, Frog's "All Pingers' Index Page" rates pingers as up to date versus poorly or not maintained. These ratings express the opinion of the operator. ------------------------------ End of faq.5 Digest ******************* ======================================================================== Subject: APAS Anonymous Remailer Use [FAQ 6/8]: Software ======================================================================== This is the sixth of eight parts of a list of frequently-asked questions and their answers regarding anonymous remailer use. This part answers the question, "Which software should I use?" This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: [FAQ 6.1] Do you recommend that I learn PGP (Pretty Good Privacy)? 2: [FAQ 6.2] Which remailer client should I choose? ---------------------------------------------------------------------- Subject: [FAQ 6.1] Do you recommend that I learn PGP (Pretty Good Privacy)? Yes. Absolutely. There are many excellent tutorial pages on the Web with links pointing you to the version that's right for you. A really excellent tutorial for newcomers is here . The latest stable version is PGP is 6.5.8 Thankfully there are many places to download PGP . Desktop Security, Personal Privacy or Freeware versions; all these are recommended although they are rather bloated (7-11 megs). Whatever version you choose, it must be capable of creating and working with RSA keys since this is what remailer software and nym server software use for the most part. Check out this excellent Web site for the lowdown on which versions support RSA keys, Diffie-Hellman keys or both. Earlier command line versions of PGP are very popular with remailer users. PGP 2.6.3i-win32 has become something of a standard for Windows users. It is small, "rock" stable and seems to "play well with others". 'An excellent companion to any remailer client. See also Tom McCune's very readable FAQ about PGP ; and another PGP tutorial ; ------------------------------ Subject: [FAQ 6.2] Which remailer client should I choose? Get comfortable with using PGP encryption by itself. Find a friend who uses it and exchange keys. Then, get yourself a remailer client. As for which one to choose: well... the short answer: Quicksilver or Jack B. Nymble. The long answer: I have listed a handful of remailer tools below. There are a handful of others (Anonpost, Crusader, John Doe...) I've chosen to highlight the ten programs below because they are the ones that are readily available on the Internet and free of charge. However, I would add a word of warning before trying these programs: To my knowledge there currently does not exist a remailer client that functions "out of the box". All remailer clients (especially the ones that are no longer maintained) require a certain amount of tinkering and configuring to make them work with the current crop of remailers and stats URLs. Just so you know... I highly recommend QuickSilver because it is one of the only programs out there that is actively being maintained and developed. If you've spent any amount of time in APAS you'll have seen many Quicksilver updates announced there. JBN is great too. And you'll find answers to your JBN questions simply by lurking here in APAS. For Windows: QuickSilver Finally, Mixmaster made easy! This free program is the newest of the remailer clients. It's a Mixmaster email client program. It can send anonymous email and post anon articles to newsgroups via Mixmaster remailer chains. QS, itself, doesn't possess any encryption capabilities. Instead, it serves as a GUI "front end" to Ulf Möller's Mixmaster 2.9beta. Recently, QS author Richard Christman has written a PGP-plugin for Quicksilver. So now it's not only a Mixmaster client. It's a Cypherpunk remailer client as well! Jack B. Nymble 2 (From the User's Manual:) "Jack B. Nymble 2 (or JBN) is a feature-rich Windows email client which facilitates the use of anonymous remailers for anonymous email and newsgroup posting. It includes ease of access and automation for beginning users, as well as sophisticated control of remailer messages for more advanced users. Support is included for PGP encrypted messages, Mixmaster messages, attachments, and MIME mail. JBN2 also includes support for nym mail and nym account reply-block creation (see #7.1-#7.4), centralized queuing and sending via SMTP, POP3 retrieval, NNTP retrieval, and automated nym mail decryption. It also includes a mini web browser used for downloading remailer reliability statistics, keys, and web pages. Support is included for PGP versions 5.5.3x and 6.x, in addition to DOS version 2.6.x. Mixmaster 2.0.4 is also fully supported." Also, excellent documentation and help files can be found at the Potatoware Homepage . Private Idaho P.I. is an email client for Windows which simplifies the creation and the sending of anonymous remailer messages. It also simplifies the creation of nym accounts and the sending/receiving and decryption of nym messages. It is available in both 16-bit and 32-bit versions. A properly installed version of PGP is required. Additionally, Mixmaster messages can also be created and sent if Mixmaster is installed on your computer. The author, Joel McNamara, no longer maintains this program and it's age is showing.Trying to make PI do what you want it to do is probably more trouble than it's worth. If you want to give it a go I would recommend the 16-bit version by Ian Lynagh with source code available. See also this excellent page of FAQs related to Private Idaho and Thanatop's tutorial on Remailers, Nyms and Private Idaho . Potato and Decrypt Potato is a freeware DOS remailer client which operates well in Windows. This software prepares anonymous messages which are then mailed using your email client. Decrypt is a mail decryption utility provided with Potato, available as a separate application. These programs are early creations of RProcess the author of both JBN and the Reliable Remailer - a popular remailer server for Win95/98. Mixmaster For DOS users there is Mixmaster v 2.0.4. For DOS/Windows users Mixmaster 2.9beta is what you want.These are the two versions that are most commonly used. Mixmaster can be used by itself as a client or as remailer. But for Windows users we suggest using one of the excellent GUI clients mentioned above in concert with Mixmaster. For Mac: Mixfit (aka Macmixmaster) A Mac Mixmaster Client. Like Potato this program does not mail the Mixmaster message that it has created. You must cut and paste it into your favorite email client. For more Mac encryption and security-related downloads try here and here ; For a variety of interesting email-related software including a Mac Remailer(!) called AnonAIMouS try here ; For Unix/Linux: Mixmaster Mixmaster for the Unix/Linux OS. The same executable can be used as a client or as a remailer. The remailer can be installed on any *nix account that can receive mail. Non-remailer messages will be delivered as usual. If you have root access, you may want to create a new user (e.g.,`remailer') and install Mixmaster under that user id. The iInstall script provides a simple way to set up the remailer. As a remailer Mixmaster can be configured to additionally accept and process Cypherpunk remailer messages. In fact, this is the way most remailers run today: as a hybrid of Cpunk and Mix. Premail Premail is an older but still useful program written by Raph Levien for use with remailers. It fully supports the creation of Cypherpunk and Mixmaster messages. Perhaps most useful is its ability to create and manage nym accounts with good security and easy commands. In addition to being a remailer client, Premail supports PGP and S/MIME for standard secured Internet e-mail. It works with mh, elm, Mutt and newer versions of Netscape. It requires Perl to be installed on your computer. The RemOp of the now defunct Septic Remailer warns: "Premail breaks when fed mail to a nym which has been signed with something other than PGP 2.6.x." See also . SendNym A brand new program by oldhack@nym.xg.nu It takes the place of Sendmail in relation to your mail client and facilitates the use of nyms by sending simple nym commands to your mail client, allowing users to easily switch between sending through their nym or sending through their regular e-mail account. It will not create a nym for you. This must be done manually by the user before using Sendnym. It supports Usenet posting,and random chain selection (through Mixmaster.) Sendnym has been successfully tested on Linux 2.2.17 . It requires: a *nix system with Sendmail, Perl and Mixmaster installed. Also, your mail client must allow you to configure the name and location of Sendmail (e.g. Pine). Mailcrypt Although not a remailer client, Mailcrypt is an Emacs interface to PGP and GnuPG encryption with features for encrypting and decrypting email and news. See also this page for more anonymous remailer clients including the no-longer-maintained Anonpost, Easynym etc... ------------------------------ End of faq.6 Digest ******************* ======================================================================== Subject: APAS Anonymous Remailer Use [FAQ 7/8]: Nyms ======================================================================== This is the seventh of eight parts of a list of frequently-asked questions and their answers regarding anonymous remailer use. This part introduces nyms. This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: [FAQ 7.1] How is a nym different from anon. posting? 2: [FAQ 7.2] How do I get a particular nym server's key? 3: [FAQ 7.3] Why do alt.anonymous.messages subjects look random? 4: [FAQ 7.4] Why are nyms such a bitch to set up? 5: [FAQ 7.5] How can I ensure nym creation goes smoothly? ---------------------------------------------------------------------- Subject: [FAQ 7.1] How is a nym different from anon. posting? A nym account is like a forwarding email address except that it offers the additional feature of anonymity. Not even the nym server operator knows who you are! You set up an account with one of the three nym servers (see #3.2 and #7.2) by sending a config message. In it you provide a newly created PGP public key for your chosen nym (say, boozehound@redneck.gacracker.org), some configuration options (like +signsend, -fingerkey, +nobcc, etc...) and finally a reply block so the nym server can send any replies back to you through a chain of remailers of your own choosing, or if you prefer, to a newsgroup like alt.anonymous.messages or alt.anonymous. Nyms are different than just sending through anonymous remailers. When posting through a simple remailer or chain of remailers there is no way for anyone to reply to your message via e-mail unless you include a repliable address such as a Hotmail account in the body of the message, or signature. Additionally, most remailers do not allow any type of From: header to be posted, so your message will appear to come from 'Anonymous', 'Anonymous Sender' or similar. When posting through a nym account, the reply-able nym address remains intact in the message headers. Reply-able AND anonymous! Setting up a nym can be done manually (with PGP and a text editor) or through software like JBN or Private Idaho. Either way you should read up on the process before trying your hand at it. Here are some very good tutorials about nym creation: Nym creation and use for mere mortals Using JBN: Also: ------------------------------ Date: 21 Mar 2001 06:21:16 GMT From: turing+apas-user-faq@eskimo.com (Computer Cryptology) Subject: [FAQ 7.2] How do I get a particular nym server's key? Message-ID: <999h8s$b99$1@eskinews.eskimo.com> Summary: Nym servers have separate addresses for keys. [This text is the original FAQ entry updated with a summary of the thread with "Subject: Re: ... keys for ...?", particularly the post with Message-ID above.] The method used for remailers--sending an email message to the remailer address with "Subject: remailer-key"--won't work with the config and send addresses of nym servers. These addresses (e.g., or ) will reject any plaintext message or any encrypted message that does not begin with "Config:" (cf ). Each of the nym servers has a separate email address that responds to remailer-key requests. Send a blank email message to an address like this: The addresses used to check the keys on the CC site are as follows on the date of this FAQ: nym redneck xgnym2 (Check for changes.) Consider when choosing a nym server: hasn't changed it's nym key since 1996! Draw your own conclusions about whether this key might have been compromised since that time. uses it's own to send outgoing nym mail and that remailer is middle. N.A.N and send through their respective local remailers, and both these are NOT middle. ------------------------------ Date: Tue, 10 Apr 2001 18:58:46 GMT From: hung@plainmail.com (Saddle) Subject: [FAQ 7.3] Why do alt.anonymous.messages subjects look random? Message-ID: Summary: Some subjects are encrypted MD5 hashes of the real subject. [The text below is a summary of posts by "Ahab", Saddle and Doc.Cypher from the thread "RANDOM STRINGS" containing the "Message-ID:" above.] On Mon, 9 Apr 2001, "Public " wrote: > Most of the messages in are PGP encrypted > but what are the random strings of numbers and letters which appear > in the subject line? Some people configure their nym accounts to have incoming email messages delivered to newsgroup (AAM) instead of to an email address. To find their messages among the many in AAM without disclosing their identity, the "Subject:" line contains information encrypted to a key only they know. This process is automated if you use Jack B Nymble (JBN). A freeware DLL (PSESUB32.DLL) called the Esub plugin adds encrypted subject scanning support to JBN versions 2.1.d and later, and Esub support to Reliable versions 1.0.1 and later: RProcess included the Esub plugin with JBN2.1.4. An more detailed explanation is in the Reliable User's Manual: According to the Reliable User's Manual, the "random" strings of numbers and letters which appear in the "Subject:" line are encrypted MD5 hashes of the final "Subject:" line. That is, the remailer client calculates an MD5 hash from the "Subject:" line(which might be, e.g., "ATTN: Dave") in the final or hash headers (below the "##"). This MD5 hash that results from this calculation is likely to be unique to that particular "Subject:" line. The remailer client then encrypts the MD5 hash using conventional (symmetric) encryption, specifically IDEA. The encryption and decryption key is the passphrase given for the "Encrypt-Subject:" directive. ------------------------------ Subject: [FAQ 7.4] Why are nyms such a bitch to set up? Actually they aren't a bitch to set up. The difficulties usually begin when automatic client software is being used with dead remailers, stale remailer keys, remailer chains that are broken, or other factors that could be determined in advance by the user if he took the time to verify that these things were not going to be problems before trying to start setting up a nym. That is to say: + If you use stale remailer keys, the remailers will not be able to process your message. + If you use dead remailers, either when sending to nym, or in your reply block chain, then your nym will not be setup at all, or even worse, it will appear in the list as created but not work and not return any clues as to why not. + If you test your reply block before trying to use it with a nym, and it does not work for you, there is no way it will work for the nymserver either. But since you didn't bother to create it by hand and test it yourself you have no way of knowing whether it works or not. Now you can see you have a list of possible problems that may be working alone or in combination against you. But since you didn't verify each one to be non-problematic in and of itself, you have no way to know why your nym isn't established or not working. This is the "bitch" and it is of your own creating. Of course, automatic nym creation software knows nothing about the current state of the remailer network, which remailers have changed keys recently, which remailers have problems chaining to other remailers, etc. So by using it without independently verifying what it is doing for you, you place yourself at its mercy. Don't blame the software since it rarely if ever makes technical errors when creating nyms. ------------------------------ Subject: [FAQ 7.5] How can I ensure nym creation goes smoothly? Here is a list of things you should do before attempting to assemble a nym creation message, whether by hand or using creation client software: + Verify that each remailer you intend to use is working. Check the stats pages to see how they are doing. + Look at the broken chains reports. Don't use remailer chains that are known to be broken. + Make sure you have the current remailer keys. + Send yourself at least one message through each remailer you intend to use. If you don't get them back find out why and fix the problem. + Once you are sure each remailer you intend to use is working individually, decide on which ones you will use in your chain to send your nym creation message into the nym server. Construct a chained remailer message using these remailers with your own address as the recipient and send it off. If it comes back, that chain is verified to be working for you. If not, find out why or select another chain and test again. + Repeat the above for the remailers you will be using for your reply block chain. If they are the same as the ones you use above, you are done testing. NOW you can create your nym using automatic client software and at least you'll know that if the nym doesn't work the problem lies between the nym server and the first remailer in your reply block chain, or some enhanced nym feature you selected to use is tripping the process up somehow. Avoid using these at first until you get a working nym, even if it is only a throwaway test nym. Then move on to the more complex configurations. ------------------------------ End of faq.7 Digest ******************* ======================================================================== Subject: APAS Anonymous Remailer Use [FAQ 8/8]: Troubleshooting ======================================================================== This is the eight and final part of a list of frequently-asked questions and their answers regarding anonymous remailer use. This part discusses troubleshooting. This FAQ is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in these message digests, the maintainer assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This FAQ is provided for information only; reference to a Web page does not constitute endorsement of that page's content. The following topics are in this FAQ: 1: [FAQ 8.1] It's hours later! Why hasn't my test post arrived? 2: [FAQ 8.2] Why didn't my email/post make it through? ---------------------------------------------------------------------- Subject: [FAQ 8.1] It's hours later! Why hasn't my test post arrived? While it is true that remailer traffic is sometimes unreliable one must realize that a remailer isn't just a mail server. Mail must not only be delivered but it must be delivered securely and anonymously. Latency (delay before delivery) is part of the anonymizing process like it or not. For starters, every remailer has some existing latency (depending on numerous factors including load, processor power, type of Internet connection, etc...) Users can specify a latency directive (Latent-Time: +0:00) to override the normal built in latency of the remailers. Users may also add MORE delay to their messages if they wish by adding, for example, Latent-Time: +2:30. This would cause an additional 2 hr and 30 min delay before delivery. Also, many remailers use features like reordering ('reord' in the cap string) and RATE/POOLSIZE which may delay messages even further , all in the name of defeating traffic analysis and increasing anonymity. Still, there are other reasons why your email or post might be unnaturally delayed: + Your message may in fact have been posted to Usenet but either hasn't arrived at your news server yet, or might not arrive for any number of possible Usenet related problems. Usenet propagation is not instantaneous. Poorly connected servers can take days to receive messages, if they get them at all. You might check on the Deja archives [http://www.deja.com/usenet] and see if they got the post, or try another server if you have access to one. + You may have chosen a remailer that is not online full time (dial-up account). These remailers may collect mail once an hour, once a day or perhaps only in the evening hours. ------------------------------ Subject: [FAQ 8.2] Why didn't my email/post make it through? + Your message may have just been lost in the network for any number of reasons. It does happen. The system isn't 100% reliable. + You are using broken chains or stale remailer keys. + Your source address or domain is being blocked by the first remailer in your chain. + Your destination address, domain, or newsgroup is being blocked by the last remailer in your chain. + The Usenet group you are posting to is not available on the news server or gateway being used by the last remailer in your chain. + You are trying to crosspost to too many newsgroups and the final remailer in your chain discarded the message. Send a blank email to the remailer with 'remailer-conf' as the subject to determine how many newsgroups the remailer allows you to cross-post to. Spammers abuse the cross posting option so operators are cutting back to 3 or 4 cross posts to deter the spammers. + You have too many addresses in the To, Cc, or Bcc headers and the final remailer in your chain discarded the message. + You attempted to send an anonymous message to a nym that is configured to either reject Bcc messages (directive +nobcc) or not accept any mail at all. + Your e-mail recipient is filtering out messages from anonymous remailers. + You are simply having a bad day. 'Better luck tomorrow! RProcess, the author of JBN2 and the Reliable Remailer, has systematically examined why so many anon messages seem to disappear. His conclusions [http://www.bigfoot.com/~potatoware/PSKB-035.html] are quite provocative. ------------------------------ End of faq.8 Digest *******************