Anonymous Remailer - Using A Remailer

Using A Remailer

If the object is identity anonymity, nothing sent via a remailer can ever include identifying information in content available to an outside observer. Thus, "From: anon(At)remailer.net Hey dude, send me that new comic to 123 Maple Street, Wherever, Country, Postal Code. Thanx" is evidently entirely unsecure. Encrypting such a message with an adequately secure cryptosystem would help, and some remailers are set up to do so. In general cleartext messages are likely to include such information even if inadvertently, and user anonymity when sending cleartext messages is accordingly likely to be lost.

Less obviously, some software (e.g., recent versions of Microsoft Office components -- Microsoft Word, Microsoft Excel, etc.) includes (ordinarily invisible) identifying information in each formatted file it saves. The information might be name / organization / e-mail address (collected at 'product registration' and retained internally), or product copy serial number, or computer ID (e.g., CPU serial number, or interface hardware address (e.g., Ethernet MAC address, a unique in the world ID), or ... One software program that claims to remove such information from files notes that there are about 30 different kinds in Word format files. Those interested in anonymity should limit themselves to plain text messages (ASCII text only) produced by plain text editors (e.g., vi, emacs, Notepad, ...) as they don't include such hidden information. Alternatively, users should take great care to inspect files (e.g., text, images, sound files, ...) to ensure they contain no identifying information. Note however, that even byte-by-byte inspection will not necessarily uncover such information since it can be easily concealed by encryption, steganography, or simple unfamiliarity.

Anonymity, once lost, can almost never be regained as those interested in breaching it will often keep (and have often kept) records of such discoveries. Such records have typically had very long lives, particularly if those keeping them have long planning horizons (e.g., governments, or groups with social or political interests). For some opinions or speech, this may have, or come to have, serious consequences.

Not all anonymous remailers are identical, even when all work as intended. Close attention to operational standards and intent, locations, and reliability records is needed before choosing one. Among the criteria that should be considered are:

• Class: (two-way or one-way, encrypted message content or cleartext only, mixmaster style or one hop forwarding, ...)
• Location: Some offshore jurisdictions permit seizure of equipment, data, or operating records) Geographical Mapping
• History: Operators who maintain and administer hardware and software in better condition than others; paying particular attention to security configuration issues)
• Security: Some operating systems have worse security histories than others, even when properly configured, maintained, and administered)
• Operator: At worst, a remailer run by some infamous Secret Police Department. an operator may be ominously inattentive)
• Privacy and operating policies: If stated, better than not stated. If stated, sensible, and observed, better still. However, recourse (legal or otherwise) has almost never been available against operators, software developers, operating system suppliers, especially in cases of loss of anonymity and/or consequent damages, regardless of operating policies)
• Software: Some remailer software is widely used (and live tested), some is not.
• Record and reputation: Consult remailer statistics sites, and check (Google search, news group postings, blogs, ...

There is no way to ensure that a particular remailer server will never cause problems for its users (loss of identity or confidentiality). A remailer system not under one's own (expert level) control will always remain unknown.