HOW TO USE THE ANON SERVER AT ANON.PENET.FI Draft 1.0 Copyright (C) 1994 Homer Wilson Smith Redistribution rights granted for non commercial purposes. The anon server is used to create an anon id for you and to send your mail to other people or newsgroups with all your original headers stripped off your file and your anon id and anon headers put in their place, along with your chosen nickname if you choose to set one. For example, assume you have been granted an19187 as your anon id, and you send a file to joe@cornell.edu. Your mail would come to him with an19187@anon.penet.fi as the sending address (yours) and as the reply-to address. Your anon id, an19187@anon.penet.fi in this case, becomes a permanently valid email address in the internet domain. That means that anyone can send mail to an19187@anon.penet.fi and it will come directly to you. What actually happens is the mail is sent to an19187@anon.penet.fi, where the anon server looks up who an19187 is, and replaces the anon id with your true id, and then remails it to you. The anon server serves two purposes. The first is to allow normal people to send mail to anonymous people via their anon id's. The second is to allow people to send mail anonymously themselves to anyone whether they are anonymous or not. Thus there are four possible transactions that can take place. SENDER ----> RECEIVER 1.) real-id ----> real-id 2.) real-id ----> anon-id 3.) anon-id ----> real-id 4.) anon-id ----> anon-id 1.) real-id ---> real-id There is no reason for people to send mail from a real-id to a real-id via the server as they can do this with standard e-mail. Thus when you send from a real-id to a real-id the server ASSUMES that you wish YOUR mail to be anonymous and it gives you an anon-id if you don't already have one and sends your mail on with your new anon-id in the place of your real-id to the real-id of the intended recipient. Thus #1 becomes the same as #3. 2.) real-id ---> anon-id If you send from a real-id to an anon-id, the server looks up who the anon-id recipient is and replaces that person's anon-id with their real-id and sends the mail on to them. However the server ALSO replaces YOUR real-id with your anon-id, or if you don't have one yet it will ASSIGN you one and inform you that it has done so. Thus the first time you respond to an anon-id you will be given an anon-id yourself. Thus 2. becomes the same as 4. This may sound like a nuisance for the sender who may only wish to send something to an anonymous person, and not be anonymous himself. But it prevents the anonymous receiver from replying by mistake DIRECTLY to the sender and thus giving away their own secret id. By forcing all senders to have anon ids before their mail is passed on to other ids, this protects the identity of the recipient from their own stupid mistakes. They HAVE to respond to the sender VIA THE SERVER, so their own real address is always stripped off and replaced with their anon id, guaranteeing their security. This means that if you send mail to a person with an anon-id, the anon-id recipient will not know who is sending him mail, unless you identify yourself explicitly. Now you may have no real desire to be anonymous, so your first inclination may be to just tell the person who you are. But if sometime later you wish to actually USE your anon id anonymously, that person will know what it is. This might be a security break for you, so when you respond to anon postings, make sure you stay anon yourself. Unless you are utterly SURE you will never want to use your own anon id anonymously. 3.) anon-id ---> real-id 4.) anon-id ---> anon-id Since anyone sending mail to the server to be passed on is automatically given an anon-id, 3 and 4 are actually the normal modes of operation. You can send mail to any real-id address or to any anon-id address or to any newsgroup on usenet. Your mail will get there with your anon-id in the header for them to respond it. PASSWORDS There is an inherent problem with anon servers in that people can find out what anon-id you are using IF they know your real-id. They can NOT take an anon-id and find out what real-id belongs to it, but they CAN take a real-id and find out what anon-id you are using. This is called "sniffing" the server. This is how it works. Both the news and mail systems use protocols that anyone can tap into with a little knowledge. The documentation for doing this is widely available and understandable by anyone with the drive to understand and use it. Thus, for example, anyone can feed a posting directly to the news port and give the posting any headers he wants to. In this way he can send a posting to any newsgroup that has some other name than his own as the Sender. He can fabricate a totally anonymous name, or he can put someone else's real-id, thereby making everyone think the posting came from someone it didn't. This might seem outrageous, but its true, and always has been true, and probably will continue to be true for a long time. The same thing goes for mail which works just like news except that it uses a different protocol. Thus any one can feed the mail port a file destined for someone else, and place an anonymous name and return address in the From: header or even the real-id of anyone they want to. This is called forging, because they mail file comes to you looking like it came from someone it didn't. There is clearly a lot of room for mischief here, but also for safe anonymous mailing, in case you want to contact someone and you really don't want to be traced. So I can forge a mail file 'from you' and send it TO ME via the anon server. Its really coming from me, but it SAYS its coming from you. When the server gets the mail file 'from you', it looks up your anon-id and places it in the reply-to: header and then sends it on to me. When I get it, I can see your anon-id in the reply-to: header. If you don't actually have an anon-id, the server will allocate you one, and inform you it has done so, which will allow you to know that someone has successfully sniffed your anon-id, even though it is brand new, being itself created in the act of sniffing. If you do already have an anon-id, the server will merely pass the mail file on back to me with you anon-id in the reply-to: header and you will never know you have been sniffed. This is clearly a security break. The answer to this is to provide for the use of a PASSWORD. Once you get an anon-id, you can set a password at the server. Then any mail coming from you must have that password or the server will reject it back to you. Since there is no way I can know your password, if I try to send a mail file to the server forged 'from you' and it doesn't have the correct password, the server will reject the mailfile sending it BACK TO YOU NOT ME, so you will know exactly who tried to sniff you. However passwords are a pain in the butt, and often non anon people just want to respond to an anon-id, and they don't want to be bothered with getting a password for themselves, even though they are by default given an anon-id when their first mail file comes into the server. So if you merely respond to an anon-id for the first time, you will be given an anon-id but no password. Your mail will get through to the anon-id you sent it to and they will be able to send back to you via your new anon-id and no password will be needed by you. HOWEVER AS LONG AS YOU HAVE AN ANON-ID WITHOUT A PASSWORD, THEN YOUR ANON-ID IS SNIFFABLE IF SOMEONE THINKS YOU MIGHT HAVE ONE AND THEY KNOW YOUR REAL-ID. So if you have gotten an anon-id by whatever means you should set a password unless you really don't care. Remember that you might START caring some time down the road, and by that time someone may have long since sniffed your anon-id and you would never know it. If you are notorious on the net, be sure someone will do it. If you set your password, you will find out if someone tries, and they won't get squat on you. If you send a posting through the server to a REAL-ID instead of an anon-id, the server assumes you really want to be anonymous, so it will insist that you set a password FIRST before accepting your anon posting to the real-id. Once you have set a password, you MUST use it for ALL postings both to real-ids and to anon-ids. HOW TO GET AN ANON ID. There are seven accounts at anon.penet.fi that you should be aware of and facile with. They are explained below. 1.) help@anon.penet.fi These first 4 help you with 2.) admin@anon.penet.fi administration of your anon-id. 3.) stat@anon.penet.fi 4.) ping@anon.penet.fi 5.) nick@anon.penet.fi These 3 allow you to use 6.) password@anon.penet.fi the server. 7.) anon@anon.penet.fi real-id@anon.penet.fi anon-id@anon.penet.fi newsgroup@anon.penet.fi 1.) help@anon.penet.fi Sending any mail to this address will return to you online help, which is confusing and barely readable, hence this writeup. However they do have it in many languages, so in case English is not your language, you can probably get a copy in your own language. 2.) admin@anon.penet.fi Mail to this address will go directly to the system administrator of the server, Johan Helsingus who is one brave dude. He is overwhelmed with mail about the server so don't bother him unless it is really really necessary. You should inform him of any problems you find with the server, but it might be nice to tell him he doesn't have to ack you. 3.) stat@anon.penet.fi Mail to this address will return you a short listing of various interesting statistics about the server, which you should all try at least once just to get a feel for it. 4.) ping@anon.penet.fi Mail to this address will return to you a short file telling you what your anon-id is if you have one and will allocate you one if you don't. It won't tell you what your password is, and you don't need your password to get the info. If someone tries to forge mail 'from you' to the ping address, the return answer will go to YOU not the forger, so you will know that someone tried to sniff you. Ping by the way is a computer term meaning to send a signal to another machine to get a response back to see if the other machine is alive. 5.) nick@anon.penet.fi Mail to this address will assign you a nickname and will ALSO assign you an anon-id if you don't already have one. If you don't already have a password set, you won't need your password to change your nickname, but someone can forge a change to your nickname if they want to. PLACE YOUR DESIRED NICKNAME IN THE SUBJECT: LINE OF THE MAIL YOU SEND TO NICK@ANON.PENET.FI 6.) password@anon.penet.fi Mail sent to this address will set your password for the first time and allocate you an anon-id if you don't already have one. Until you set your password for the first time, someone can forge a mailfile 'from you' and set a password for you. After your password has been set, you will need to USE your password you change it. A.) To set it the first time, the password you want to set is the first and only line of the message text of the file that you send. It can be any length, upper or lower case letters and numbers and symbols. B.) To change it you will need to use the password to change it, using the X-Anon-Password: (your password here) as the first non-blank line after the headers. For example, mail password@anon.penet.fi (other headers:) X-Anon-Password: Old Password New Password 7.) anon@anon.penet.fi real-id@anon.penet.fi anon-id@anon.penet.fi newsgroup@anon.penet.fi A.) anon@anon.penet.fi The safest way to send mail to the server is to send your mail or posting to anon@anon.penet.fi. Then inside the file you place in the headers, anywhere before the first blank line which marks the end of the headers, where you want to send it to like so: mail anon@anon.penet.fi (other headers:) X-Anon-To: joe@cornell.edu X-Anon-Password: secret (blank line marking end of headers.) Text of your message. You can place real-ids, anon-ids and newsgroup names in the X-Anon- To line. You can also string them together, with commas and no spaces. You can crosspost by placing more than one newsgroup on the line, again separated with commas and NOT SPACES. X-Anon-To: joe@cornell.edu,an19187,alt.clearing.technology B.) real-id@anon.penet.fi If you find the X-Anon-To: approach to be clumsy you can use a short cut, but it is not guaranteed to work properly, and has possible security risks. Suppose you wanted to send to joe@cornell.edu. You would use, mail joe%cornell.edu@anon.penet.fi (notice the % sign) (other headers:) X-Anon-Password: secret Your text. There is a danger with using this form because some mailers have been known to bypass the double name, and send it directly to joe@cornell.edu which will give you way. C.) anon-id@anon.penet.fi If you are sending to a known anon-id like an19187 you can just send it like normal. Don't forget password line if needed. mail an19187@anon.penet.fi This is the way most reply's will go out, as an19187@anon.penet.fi will be the return address that the server placed in your mail header to let you know who sent you the mail in the first place. D.) newsgroup@anon.penet.fi To send to Usenet newsgroups, merely place the name of the newsgroup in the address like so, (don't forget password line if needed.) mail alt.clearing.technology@anon.penet.fi So that's it. It can seem pretty complicated, mainly due to the extra security precautions which are the result of the fact that the internet is was never designed to be secure in the first place. If you have any questions about this document, or criticisms, or something is not clear, or should be added or dropped please inform me, as I hope to improve on it as time goes on. I make no guarantees as to its correctness, and only playing around with the server will let you know if things really work the way I said they do. NO ANON SERVER IS 100 PERCENT SAFE! EVEN IF IT IS, IT ISN'T. SO USE WITH CARE AND GOOD ETHICS. Homer Wilson Smith