André Bacard, Author of
Computer Privacy Handbook ("The Scariest Computer Book of the Year")
[Updated July 11, 1998]
[This article offers a nontechnical overview of "anonymous" and "pseudo-anonymous" remailers to help you decide whether to use these computer services to enhance your privacy. Links at <http://www.well.com/user/abacard/privacy.html> will connect you with technical data. I have written this especially for persons with a sense of humor. You may distribute this (unaltered) FAQ for non-commercial purposes.]
What is a remailer?
A remailer is computer service that privatizes your e-mail. A remailer allows you to send electronic mail to a Usenet news group or to a person without the recipient knowing your name or your e-mail address. In the first 1995 version of this FAQ, all popular remailers were free-of-charge. Today, a number of services charge fees.
Why would YOU use remailers?
Maybe you're a computer engineer who wants to express opinions about computer products, opinions that your employer might hold against you. Possibly you live in a community that is violently intolerant of your social, political, or religious views. Perhaps you're seeking employment via the Internet and you don't want to jeopardize your present job. Possibly you want to place personal ads. Perchance you're a whistle-blower afraid of retaliation. Conceivably you feel that, if you criticize your government, Big Brother will monitor you. Maybe you don't want people "spamming" or "flaming" your corporate e-mail address. In short, there are many legitimate reasons why you, a law abiding person, might use remailers.
How does a remailer work?
Let's take an imaginary example. Suppose that a battered woman, Susan, wants to post a message crying out for help. How can Susan post her message and receive responses confidentially? She might use a "pseudo-anonymous" remailer run by Andre Bacard called the "Bacard.com" remailer. (This remailer is fictitious!) If she wrote to me, my "bacard.com" computer would STRIP AWAY Susan's real name and address (the header at the top of Susan's e-mail), replace this data with a dummy address (for example, <firstname.lastname@example.org> and forward Susan's message to the newsgroup or person of Susan's choice. Also, my computer would automatically notify Susan that her message had been forwarded under her new identity <email@example.com>. Suppose that Debbie responds to Susan. My computer will STRIP AWAY Debbie's real name and address, give Debbie a new identity, and forward the message to Susan. This process protects everyone's privacy. This process is tedious for a person but easy for a computer.
Are there many remailers?
Remailers tend to come and go. First, they require equipment and labor to set up and maintain. Second, a minority of individuals who use remailers are a pain in the neck. These selfish persons drive remailer operators into early retirement. Third, many remailers produce zero revenue. Despite these problems, there are dozens of PUBLIC remailers. The best place to keep in touch with the Art & Science of Remailers is at the Usenet newsgroup <alt.privacy.anon-server>. [There are also a few specialized remailers that allow users to post only in specific Usenet groups. I will not discuss this latter type].
Why are some remailers free, while others charge fees?
In the beginning, all remailers were free to users (but not to the people who ran them!). How could a remailer administrator charge people who wanted maximum privacy? How could administrators ask for a credit card number or take checks? Several years ago, there was no technical solution to these problems.
In 1995, I wrote: "In the future, remailer operators might charge for their services. Privacy is valuable. For example, offshore banking is one of the world's biggest businesses. It is easy to imagine Remailer, ETC., a cyberspace company that goes beyond Mailbox, ETC. (the existing company which rents rents snail mail boxes). In order for remailers to become commercial on a big scale, anonymous payment systems such as DigiCash must become popular."
My predictions came true. Today, many remailer operators charge fees for the same reason that you go to work in order to pay for food, housing, etc.
Why do people operate remailers, if not for money?
Why does Andre Bacard spend hours writing FAQs? Why do some people volunteer to help others? Some people set up remailers for their own personal usage, which they may or may not care to share with the rest of us. Some persons are educators or activists. Joshua Quittner, co-author of the high-tech thriller Mother's Day, interviewed Mr. Julf Helsingius for Wired magazine. Helsingius, who ran the world's most popular remailer for three years until he retired in August 30, 1996, said:
"It's important to be able to express certain views without everyone knowing who you are. One of the best examples was the great debate about Caller ID on phones. People were really upset that the person at the receiving end would know who was calling. On things like telephones, people take for granted the fact that they can be anonymous if they want to and they get really upset if people take that away. I think the same thing applies for e-mail. Living in Finland, I got a pretty close view of how things were in the former Soviet Union. If you actually owned a photocopier or even a typewriter there you would have to register it and they would take samples of what your typewriter would put out so they could identify it later. That's something I find so appalling. The fact that you have to register every means of providing information to the public sort of parallels it, like saying you have to sign everything on the Net. We always have to be able to track you down".
What is the difference between a "pseudo-anonymous" and an "anonymous" remailer?
Most people use the expression "anonymous remailer" as short hand for both types of remailers. This causes confusion!
A "PSEUDO anonymous" remailer is basically an account that you open with a remailer operator. The fictitious Bacard.com (described above) is a PSEUDO-anonymous remailer. This means that I, the operator, and my assistants KNOW your real e-mail address. Your privacy is as good as the remailer operator's power and integrity to protect your records. Think of a PSEUDO anonymous remailer as a SOMEWHAT anonymous remailer. In practice, what does this mean? Someone might get a court order to force a PSEUDO anonymous remailer operator to reveal your true identity. The Finnish police forced Julf Helsingius to reveal at least one person's true identity.
The advantage of most PSEUDO-anonymous remailers is that they are user-friendly. If you can send e-mail, you can probably understand PSEUDO anonymous remailers. The price you pay for ease of use is less security.
Truly ANONYMOUS remailers are a different animal. The good news... They provide much more privacy than PSEUDO anonymous remailers. The bad news... They are much harder to use than their PSEUDO anonymous cousins.
There are basically two types of ANONYMOUS remailers. They are called "Cypherpunk remailers" and Lance Cottrell's "Mixmaster remailers". Note that I refer to remailers in the plural. If you want maximum privacy, you should send your message through two or more remailers. If done properly, you can insure that NOBODY (no remailer operator or any snoop) can read both your real name and your message. This is the real meaning of ANONYMOUS. In practice, nobody can force an ANONYMOUS remailer operator to reveal your identity, because the operator has NO CLUE who you are!
Cypherpunk and Mixmaster remailer families are too technical to describe in this short FAQ. Later in this FAQ, I list web sites where you can get full technical details.
What makes an "ideal" remailer?
An "ideal" remailer is: (a) Easy to use. (b) Run by a reliable individual whose system actually does what it promises. In addition, this person should have the computer expertise to take prudent steps to safeguard your privacy from civilian or government hackers. (c) Able to forward your messages in a timely manner. By "timely" I mean minutes or hours. (d) Holds your messages for a RANDOM time before forwarding them. This time lag makes it harder for snoops to link a message that arrives at, say, 3:00 P.M. with a message that leaves your machine at, say, 2:59 P.M. (e) Permits (better yet encourages!) PGP encryption software. If a remailer does NOT permit PGP (Pretty Good Privacy) or other strong encryption, reasonable people might assume that the remailer administrator enjoys reading forwarded mail.
What makes a responsible remailer user?
A responsible user: (a) Sends text files of a reasonable length. Binary files take too much transmission time. (b) Transmits files selectively. Remailers are NOT designed to send "You Can Get Rich" chain letters or other junk mail.
Who are irresponsible remailer users?
Here is a quote from one remailer administrator: "This remailer has been abused in the past, mostly by users hiding behind anonymity to harass other users. I will take steps to squish users who do this. Lets keep the net a friendly and productive place.... Using this remailer to send death threats is highly obnoxious. I will reveal your return address to the police if you do this."
Legitimate remailer administrators will NOT TOLERATE serious harassment or criminal activity. Report any such incidents to the remailer administrator.
Having said that, I must report that I receive e-mail such as this: "Someone is using a FU..ING remailer to call me a hateful person. I want to get my FU..ING hands on that FU..ING (obscenities deleted) person and kill him for spreading the vicious lie that I have a bad temper. Why won't the FU..ING jerk who runs the remailer help innocent victims like me?"
As I implied earlier, it is not easy to run a remailer!
How safe are remailers? [for paranoids only :-)]
For most low-security tasks, such as responding to personal ads, PSEUDO anonymous remailers with passcode protection are undoubtedly safer than using real e-mail addresses. However, all the best made plans of mice and men have weaknesses. Suppose, for example, that you are a government employee, who just discovered that your boss is taking bribes. Is it safe to use a PSEUDO anonymous remailer to send evidence to a government whistleblower's e-mail hot line? Here are a few points to ponder:
(a) The person who runs your e-mail system might intercept your secret messages to and from the remailer. This gives him proof that YOU are reporting your corrupt boss. This evidence could put you in danger.
(b) Maybe the remailer is a government sting operation or a criminal enterprise designed to entrap people. The person who runs this service might be your corrupt boss' partner.
Warning: I suspect that at least two PSEUDO anonymous remailers which have contacted me for an endorsement are "shady", if not "sting" operations. For legal reasons, I cannot name these services. Personally, I would use a PSEUDO anonymous remailer ONLY if the remailer operator publicly identifies himself (preferably with a photograph and biographical information) on his web page. My personal policy might stop me from using perfectly legitimate services, but so be it. You must decide for yourself who to trust.
(c) Hackers can do magic with computers. It's possible that civilian or Big Brother hackers have broken into the remailer (unbeknownst to the remailer's administrator), and that they can read your messages at will.
(d) It is possible that Big Brother collects, scans, and stores all messages, including passcodes, into and out of the remailer.
For these reasons, hard-core privacy people are leery of PSEUDO anonymous remailers. These people use Cypherpunk or Mixmaster programs that route their messages through several ANONYMOUS remailers. In addition, they use PGP encryption software for all messages.
Where Can I Learn More?
Go to Bacard's Home Page