THOSE HACKERS BUSY MAKING HEADLINES during the past few weeks will get caught. That’s a psychological certainty – hackers do this kind of thing for the publicity, and someone soon will brag too much. But what those hackers did well was cover their tracks, and that’s difficult when you’re using the Internet.
Despite promises to the contrary, the Internet is not secure and much of the information you transmit and receive leaves traces. Online retailer CD Universe had its user database hacked not long ago, and the malefactors made off with user info that included credit card numbers. Right now the best approach is to treat online commerce with care, keeping records of what you buy and with what credit instrument – and keeping up with news of Internet intrusions.
But what about your own anonymity? On the Internet, as the cartoon goes, nobody knows you're a dog. But your web browser may be sharing more details about you than you’d care to reveal. Especially if you’re pursuing interests to which you’re not keen on having your name attached.
Long before its popularity exploded, the Internet already had a service called Usenet, which is a group of message areas that allow people to trade comments on subjects of particular interest. The most popular message areas are grouped under “alt,” for alternative, and “rec,” for recreational, and some of the most popular groups in the alt realm have to do with sex. Over 350 are listed, including alt.sex.bondage, alt.sex.exhibitionism and alt.sex.masturbation (and its spell-checker-less cousin, -masturbation, which is almost as active), -necrophilia, -prostitution, -bestiality, even -senator.exon and -teddy.ruxpin. Suppose you’d like to contribute to one such site – how do you do it anonymously?
Not long ago, as the public started to really discover Usenet, you'd see messages in those alt.sex.whatever conferences signed with names like "an2345@anon.penet.fi." At the bottom of the message was a warning that any response would also be posted anonymously. This was a remailing service run by a fellow in Finland – Johan Helsingius – who offered the free service to anyone wishing to post anonymously. He was inspired, he said, by his exposure to the nearby Soviet Union's repressive atmosphere.
So he sheltered, among others, the sex-minded. Ironically, it was religion that brought him down: early in 1995, the Church of Scientology, maniacally chasing a disgruntled message- poster, persuaded Finnish police to seize Helsingius's computer and information, so to protect his 200,000 anonymous users, he revealed the name of the anti-Scientologist. Subsequent, and incorrect, rumors of objectionable pictures going through anon.penet.fi convinced Helsingius to give up the service late last year.
Remailers have nevertheless proliferated, some of them run as public services by freedom-minded hackers. A remailer removes your true identity from an Internet message and substitutes either a randomly-chosen pseudonym or the name of your choice. But the remailer remembers who you are, so that any response to your mail will reach you – although it, too, will be rendered anonymous.
The simplest means of protection is simply going with a pseudonym. That's what anon.penet.fi offered – your identity was discoverable within its database. True anonymity means that nobody knows who you are, which only allows one-way communication. Then there's encryption, which lets you encode the message before you send it, and requires that the recipient have the key to decode it.
Actually, the world's biggest pseudononymous remailer is America Online. You can establish up to seven screen names on one account, making it easy to establish another identity. You just have to trust AOL never to reveal it.
A hierarchy of remailers offers varying levels of security. The anon.penet.fi service was only a little more secure than plain old e-mail, search warrants notwithstanding. Somewhat better was another pseudononymous server, alpha.c2.org, which also shut down in the face of user abuse.
There's a safer class of remailer, called Type I, or cypherpunk, that allows you to encrypt your message (and therefore include your real name) for direct mail to a chosen recipient. Type I is susceptible to security breaches, but the Type II level closes that hole with the Mixmaster technique, requiring its own special kind of server.
Out in Berkeley, Raph Levien montiors remailers constantly and posts the results. To see who's up and who's down, check out his web site. [No longer available.] Another good info site is from AndrĂ© Bacard, author of The Computer Privacy Handbook (www.andrebacard.com/remail.html). [Now it’s Bacard’s blog.]
Keeping in mind, then, that your remailer is as trustworthy as the person running it, here are a few of the easier ways to get yourself started.
Sign up for a free remailer account with Nymserver [No longer available.] The web site takes you through the application process, and you'll be happily posting to alt.sex.strip-clubs (or wherever) within minutes.
The Anonymizer service (www.anonymizer.com) insists that the Internet does know if you're a dog. To prove it, click "See what information you're revealing," and you'll find out choice bits of info about yourself. Use the Anonymizer service, and most of your Internet wandering can be kept secret.
Also check out Hotmail (www.hotmail.com) [Now owned by Microsoft] for an easy-to-use, free service that gives you web-based e-mail and, therefore, the identity of your choice.
Fee-based remailers are also out there. Mailanon [No longer available] gives a free one-week trial, then charges $5 per month for its service. Right now it has a tough battle against the free services, some of which insist that taking money from users compromises their anonymity.
Even though you're only using your remailer to innocently explore hobbies and interests,
there's a lot of interest from law enforcement and the government. Regular threats against the President show up anonymously on the White House computer network, and some high-profile pranks have been committed online with remailer help. Also, not all service providers welcome anonymous identities; Netcom, for one, bans the use of remailers over its network.
For more complete anonymity, which will also cover Web browsing, AT&T labs is working on a privacy approach that uses the anonymity of crowds; in fact, it’s called Crowds, and works by bringing together disparate users and presenting individual Web requests as group requests – giving the other side too much info (look for more Crowds data here). [No longer available.]
And Lucent Corporation’s Personalized Web Assistant, dubbed ProxyMate, lets you come up with a pseudonym for every Web site you visit, which is remembered by those sites (much as your user name is remembered now). You can try a trial version of ProxyMate by signing up at [No longer available].
At the heart of Internet messaging is the commendable belief in personal freedom and freedom of expression. It’s good to see that we've still got a lot of support in the online community.
– Metroland Magazine, 6 March 2000
No comments:
Post a Comment