An anonymous remailer is a
server
Server may refer to:
Computing
*Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients
Role
* Waiting staff, those who work at a restaurant or a bar attending customers and su ...
that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. There are
cypherpunk anonymous remailer A cypherpunk anonymous remailer is a Type I anonymous remailer that takes messages encrypted with PGP or GPG, or in some cases in plain text, and forwards them removing any identifying information from the header.
Sending a Cypherpunk Message
S ...
s,
mixmaster anonymous remailer
Mixmaster is a Type II anonymous remailer which sends messages in fixed-size packets and reorders them, preventing anyone watching the messages go in and out of remailers from tracing them. It is an implementation of a Chaumian Mix network.
Hist ...
s, and
nym server
A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers ...
s, among others, which differ in how they work, in the policies they adopt, and in the type of attack on the anonymity of e-mail they can (or are intended to) resist. ''Remailing'' as discussed in this article applies to e-mails intended for particular recipients, not the general public. Anonymity in the latter case is more easily addressed by using any of several methods of anonymous publication.
Types of remailer
There are several strategies that affect the anonymity of the handled e-mail. In general, different classes of anonymous remailers differ with regard to the choices their designers/operators have made. These choices can be influenced by the legal ramifications of operating specific types of remailers.
It must be understood that every
data packet
In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data; the latter is also known as the '' payload''. Control inform ...
traveling on the
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
contains the node addresses (as raw
IP bit strings) of both the sending and intended recipient nodes, and so no data packet can ''ever'' actually be anonymous at this level . In addition, all standards-based e-mail messages contain defined fields in their headers in which the source and transmitting entities (and Internet nodes as well) are required to be included.
Some remailers change both types of address in messages they forward, and the list of forwarding nodes in e-mail messages as well, as the message passes through; in effect, they substitute 'fake source addresses' for the originals. The 'IP source address' for that packet may become that of the remailer server itself, and within an e-mail message (which is usually several packets), a nominal 'user' on that server. Some remailers forward their anonymized e-mail to still other remailers, and only after several such hops is the e-mail actually delivered to the intended address.
There are, more or less, four types of remailers:
Pseudonymous remailers
A
pseudonymous remailer
A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers ...
simply takes away the e-mail address of the sender, gives a pseudonym to the sender, and sends the message to the intended recipient (that can be answered via that remailer).
Cypherpunk remailers, also called Type I
A
Cypherpunk remailer sends the message to the recipient, stripping away the sender address on it. One can not answer a message sent via a Cypherpunk remailer. The message sent to the remailer can usually be encrypted, and the remailer will decrypt it and send it to the recipient address hidden inside the encrypted message. In addition, it is possible to chain two or three remailers, so that each remailer can't know who is sending a message to whom. Cypherpunk remailers do not keep logs of transactions.
Mixmaster remailers, also called Type II
In
Mixmaster, the user composes an email to a remailer, which is relayed through each node in the network using
SMTP
The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typical ...
, until it finally arrives at the final recipient. Mixmaster can only send emails one way. An email is sent anonymously to an individual, but for them to be able to respond, a reply address must be included in the body of the email. Also, Mixmaster remailers require the use of a computer program to write messages. Such programs are not supplied as a standard part of most operating systems or mail management systems.
Mixminion remailers, also called Type III
A
Mixminion
Mixminion is the standard implementation of the Type III anonymous remailer protocol. Mixminion can send and receive anonymous e-mail.
Mixminion uses a mix network architecture to provide strong anonymity, and prevent eavesdroppers and other att ...
remailer attempts to address the following challenges in Mixmaster remailers: replies, forward anonymity, replay prevention and key rotation, exit policies, integrated directory servers and dummy traffic. They are currently available for the Linux and Windows platforms. Some implementations are open source.
Traceable remailers
Some remailers establish an internal list of actual senders and invented names such that a recipient can send mail to ''invented name'' AT ''some-remailer.example''. When receiving traffic addressed to this user, the server software consults that list, and forwards the mail to the original sender, thus permitting anonymous—though traceable with access to the list—two-way communication. The famous "
penet.fi
The Penet remailer () was a pseudonymous remailer operated by Johan "Julf" Helsingius of Finland from 1993 to 1996. Its initial creation stemmed from an argument in a Finnish newsgroup over whether people should be required to tie their real name ...
" remailer in Finland did just that for several years. Because of the existence of such lists in this type of remailing server, it is possible to break the anonymity by gaining access to the list(s), by breaking into the computer, asking a court (or merely the police in some places) to order that the anonymity be broken, and/or bribing an attendant. This happened to penet.fi as a result of some traffic passed through it about
Scientology
Scientology is a set of beliefs and practices invented by American author L. Ron Hubbard, and an associated movement. It has been variously defined as a cult, a business, or a new religious movement. The most recent published census data indi ...
. The Church claimed copyright infringement and sued penet.fi's operator. A court ordered the list be made available. Penet's operator shut it down after destroying its records (including the list) to retain
identity
Identity may refer to:
* Identity document
* Identity (philosophy)
* Identity (social science)
* Identity (mathematics)
Arts and entertainment Film and television
* ''Identity'' (1987 film), an Iranian film
* ''Identity'' (2003 film), ...
confidentiality
Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information.
Legal confidentiality
By law, lawyers are often required ...
for its users; though not before being forced to supply the court with the real e-mail addresses of two of its users.
More recent remailer designs use
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
in an attempt to provide more or less the same service, but without so much risk of loss of user confidentiality. These are generally termed
nym server
A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers ...
s or
pseudonymous remailer
A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers ...
s. The degree to which they remain vulnerable to forced disclosure (by courts or police) is and will remain unclear since new statutes/regulations and new
cryptanalytic
Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic s ...
developments proceed apace. Multiple anonymous forwarding among cooperating remailers in different jurisdictions may retain, but cannot guarantee, anonymity against a determined attempt by one or more governments, or civil litigators.
Untraceable remailers
If users accept the loss of two-way interaction, identity anonymity can be made more secure.
By not keeping any list of users and corresponding anonymizing labels for them, a remailer can ensure that any message that has been forwarded leaves no internal information behind that can later be used to break identity confidentiality. However, while being handled, messages remain vulnerable within the server (e.g., to
Trojan
Trojan or Trojans may refer to:
* Of or from the ancient city of Troy
* Trojan language, the language of the historical Trojans
Arts and entertainment Music
* ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...
software in a compromised server, to a compromised server operator, or to mis-administration of the server), and
traffic analysis
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, it can be performed even when the messages are encrypted. In general, the greater the number of messages observed ...
comparison of traffic into and out of such a server can suggest quite a lot—far more than almost any would credit.
The
Mixmaster strategy is designed to defeat such attacks, or at least to increase their cost (i.e., to 'attackers') beyond feasibility. If every message is passed through several servers (ideally in different legal and political jurisdictions), then attacks based on legal systems become considerably more difficult, if only because of '
Clausewitz
Carl Philipp Gottfried (or Gottlieb) von Clausewitz (; 1 June 1780 – 16 November 1831) was a Prussian general and military theorist who stressed the "moral", in modern terms meaning psychological, and political aspects of waging war. His mos ...
ian' friction among lawyers, courts, different statutes, organizational rivalries, legal systems, etc. And, since many different servers and server operators are involved, subversion of any (i.e., of either system or operator) becomes less effective also since no one (most likely) will be able to subvert the entire chain of remailers.
Random
In common usage, randomness is the apparent or actual lack of pattern or predictability in events. A random sequence of events, symbols or steps often has no :wikt:order, order and does not follow an intelligible pattern or combination. Ind ...
padding
Padding is thin cushioned material sometimes added to clothes. Padding may also be referred to as batting when used as a layer in lining quilts or as a packaging or stuffing material. When padding is used in clothes, it is often done in an attempt ...
of messages, random delays before forwarding, and encryption of forwarding information between forwarding remailers, increases the degree of difficulty for attackers still further as message size and timing can be largely eliminated as traffic analysis clues, and lack of easily readable forwarding information renders ineffective simple automated traffic analysis algorithms.
Web-based mailer
There are also web services that allow users to send anonymous e-mail messages. These services do not provide the anonymity of real remailers, but they are easier to use. When using a web-based anonymous e-mail or anonymous remailer service, its reputation should first be analyzed, since the service stands between senders and recipients. Some of the aforementioned web services log the users I.P. addresses to ensure they do not break the law; others offer superior anonymity with attachment functionality by choosing to trust that the users will not breach the websites Terms of Service (TOS).
Remailer statistics
In most cases, remailers are owned and operated by individuals, and are not as stable as they might ideally be. In fact, remailers can, and have, gone down without warning. It is important to use up-to-date statistics when choosing remailers.
Remailer abuse and blocking by governments
Although most re-mailer systems are used responsibly, the anonymity they provide can be exploited by entities or individuals whose reasons for anonymity are not necessarily benign.
Such reasons could include support for violent extremist actions, sexual exploitation of children or more commonly to frustrate accountability for 'trolling' and harassment of targeted individuals, or companies (The Dizum.com re-mailer chain being abused as recently as May 2013 for this purpose.)
The response of some re-mailers to this abuse potential is often to disclaim responsibility (as dizum.com does
), as owing to the technical design (and ethical principles) of many systems, it is impossible for the operators to physically unmask those using their systems. Some re-mailer systems go further and claim that it would be illegal for them to monitor for certain types abuse at all.
Until technical changes were made in the remailers concerned in the mid-2000s, some re-mailers (notably nym.alias.net based systems) were seemingly willing to use any genuine (and thus valid) but otherwise forged address. This loophole allowed trolls to mis-attribute controversial claims or statements with the aim of causing offence, upset or harassment to the genuine holder(s) of the address(es) forged.
While re-mailers may disclaim responsibility, the comments posted via them have led to them being blocked in some countries. In 2014, dizum.com (a
Netherlands
)
, anthem = ( en, "William of Nassau")
, image_map =
, map_caption =
, subdivision_type = Sovereign state
, subdivision_name = Kingdom of the Netherlands
, established_title = Before independence
, established_date = Spanish Netherl ...
-based remailer) was seemingly blocked by authorities in Pakistan, because comments an (anonymous) user of that service had made concerning key figures in Islam.
See also
*
Anonymity
Anonymity describes situations where the acting person's identity is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea he ...
**
Anonymity application
Anonymity describes situations where the acting person's identity is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea he ...
**
Anonymous blogging
An anonymous blog is a blog without any acknowledged author or contributor. Anonymous bloggers may achieve anonymity through the simple use of a pseudonym, or through more sophisticated techniques such as layered encryption routing, manipulation ...
**
Anonymous P2P
An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routi ...
** Anonymous remailer
***
Cypherpunk anonymous remailer A cypherpunk anonymous remailer is a Type I anonymous remailer that takes messages encrypted with PGP or GPG, or in some cases in plain text, and forwards them removing any identifying information from the header.
Sending a Cypherpunk Message
S ...
(Type I)
***
Mixmaster anonymous remailer
Mixmaster is a Type II anonymous remailer which sends messages in fixed-size packets and reorders them, preventing anyone watching the messages go in and out of remailers from tracing them. It is an implementation of a Chaumian Mix network.
Hist ...
(Type II)
***
Mixminion
Mixminion is the standard implementation of the Type III anonymous remailer protocol. Mixminion can send and receive anonymous e-mail.
Mixminion uses a mix network architecture to provide strong anonymity, and prevent eavesdroppers and other att ...
anonymous remailer (Type III)
**
Anonymous web browsing
*
Data privacy
Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
*
Identity theft
Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was co ...
*
Internet privacy
Internet privacy involves the right or mandate of personal privacy concerning the storing, re-purposing, provision to third parties, and displaying of information pertaining to oneself via Internet. Internet privacy is a subset of data privacy. Pr ...
*
Personally identifiable information
*
Privacy software
Privacy software is software built to protect the privacy of its users. The software typically works in conjunction with Internet usage to control or limit the amount of information made available to third parties. The software can apply encrypt ...
and
Privacy-enhancing technologies Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow User (computing), online users to protect the ...
**
I2P
The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a mix network) that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using ...
**
I2P-Bote
**
Java Anon Proxy
Java Anon Proxy (JAP) also known as JonDonym, was a proxy server, proxy system designed to allow browsing the World Wide Web, Web with revocable pseudonymity.
**
Onion routing
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is transmitted through a series of net ...
***
Tor (network)
Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to conc ...
*
Pseudonymity
A pseudonym (; ) or alias () is a fictitious name that a person or group assumes for a particular purpose, which differs from their original or true name ( orthonym). This also differs from a new name that entirely or legally replaces an individu ...
,
Pseudonymization Pseudonymization is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. A single pseudonym for each replaced ...
**
Pseudonymous remailer
A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers ...
(a.k.a. nym servers)
***
Penet remailer
The Penet remailer () was a pseudonymous remailer operated by Johan "Julf" Helsingius of Finland from 1993 to 1996. Its initial creation stemmed from an argument in a Finnish newsgroup over whether people should be required to tie their real name ...
*
Traffic analysis
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, it can be performed even when the messages are encrypted. In general, the greater the number of messages observed ...
*
Winston Smith Project The Winston Smith Project ( it, Progetto Winston Smith, or PWS) is an informational and operational project for the defence of human rights on the Internet and in the digital era. The project was started in 1999 as an anonymous association and it is ...
*
Mix network
Mix networks are routing protocols that create hard-to-trace communications by using a chain of proxy servers known as ''mixes'' which take in messages from multiple senders, shuffle them, and send them back out in random order to the next dest ...
References
Remailer Vulnerabilities* ''Email Security'',
Bruce Schneier
Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...
()
* ''Computer Privacy Handbook'', Andre Bacard ({{ISBN, 1-56609-171-3)
Anonymous file sharing networks
Internet Protocol based network software
Routing
Network architecture
Cryptography