Cryptography Reference
In-Depth Information
encrypting it with the necessary steps. The final product can be
handed off directly to an SMTP server or to another email package
like Eudora. The original product was just a shell for handling many
of the chores involved in choosing a path, handling the keys, and en-
crypting the message. The latest is more of a full-fledged tool.
You can get copies of the original software directly from
www.es-
kimo.com/joelm/pi.html
and versions of the latest from
www.itech-
.net.au/pi/
.
10.2.4 Web Remailers
A number of web sites offer remailers for reposting information.
Adding one level of anonymity is easy for web designers to in-
clude and many do. Some of the most popular are now pay ser-
vices. The Anonymizer (
http://www.anonymizer.com/
) offers tools
for both sending anonymous email and browsing the web anony-
mously. They deliberately keep few log files that might be used to
break the veil of secrecy. After the September 11,2001 attacks on the
World Trade Center and the Pentagon, the company made news by
offering to help anonymous tipsters turn in the terrorists. The site
argued that if the terrorists were ruthless enough to kill 5,000, they
would not hesitate to track down and kill anyone who turned them
in.
Many people use the free email services like Hotmail, Popmail,
Excite, or Netscape as pseudononymous drop boxes. These services
may work well for basic situations, but they often keep voluminous
log files that can reveal the identity of user. Some, like Microsoft's
Hotmail, are pushing new services such as the Passport in an effort
to assign fixed identities to people.
10.3 Remailer Guts
Designing the inside of a remailer is fairly easy. Most UNIX mail sys-
tems will take incoming mail and pass it along to a program that will
do the necessary decoding. Repackaging it is just a matter of rear-
ranging the headers and re-encrypting the information. This process
can be accomplished with some simple scripts or blocks of C code.
Moving this to any platform is also easy.
Designing better, smarter remailer systems is more of a challenge.
Here are some of the standard attacks that people might use to try to
follow messages through a web of remailers:
