Date: 23 Jul 2003 10:22:43 -0000 Message-ID: <20030723102243.21910.qmail@gacracker.org> From: Doc.Cypher Author-Address: doc_cypher redneck gacracker org Subject: The relationship between Frog-Admin and "Le Troll" Cc: mail2news@freedom.gmsociety.org, remops@freedom.gmsociety.org Encryption: None/PGP-Signed, Key-ID=0x90FA3967 X-To-Post-Anon: http://www.eskimo.com/~turing/remailer/FAQ/ X-To-Use-Pseudonyms: http://vmsbox.cjb.net/nymservers/nym-help.html X-Nym-Public-Key: http://vmsbox.cjb.net/cgiplus-bin/finger?user=doc_cypher@redneck.gacracker.org X-Website: http://vmsbox.cjb.net Newsgroups: alt.privacy.anon-server Administrative-Comment: Send comments to Mail-To-News-Contact: postmaster@nym.alias.net -----BEGIN PGP SIGNED MESSAGE----- [CC'd to remops list.] For as long as I've been involved/interested in remailers, there have been problems that can best be characterised as Denial of Service attacks. The most noticeable of these has been the near-continual flooding of alt.privacy.anon-server. The impact of this particular DoS is particularly concerning. Those new to remailers will be put off, or driven to a filtered newsfeed where their views and opinions may be manipulated. Many people have suggested that Frog-Admin and the abuser are one and the same. A not-unreasonable conclusion to come to when you add up the following points: o Similarity of writing style. o Same list of "enemies". (The usual list of frog-critical folks.) o Apparent preference for Windows. o Likelyhood of the abuser being a remop. o Determination of both characters to dominate. o Frog-Admin's "highly questionable" approach to abuse. o Cessation of floods when frog remailer is offline. o Usage of French text in some attacks. o Frog services being biggest beneficiary of the DoS attack. Naturally, there is no conclusive evidence, just compelling circumstancial evidence. That's the double-edged nature of remailers being clearly illustrated. Even if Frog-Admin and the abuser are separate entities, there has been a history of actions ranging from questionable to despicable by Frog-Admin... 1. Logging. Anyone who has perused Frog's website, or one of the mirrors of it, will find a number of odd things. First, the rambling "No Log Fallacy" page that I can't currently locate... "If *no_log* was the founding principle of remailers, it would not work. Whether the remop *himself* keeps logs or not is *totally* irrelevant, because quite a few *other* people *MAY* keep logs and some actually *DO*:" So, rather than - like every other remailer operator - keep no logs of the mail in/out of the remailer and clearly state such, Frog admin publishes this rather confusing waffle. If a remop's ISP kept logs, it would only be of connection sources, times, and volumes. Retaining any further information would quickly become unmanageable. The whole point of a remop not keeping logs is that there is nothing to be siezed. A legal system attack on the remailer is pointless, consequently, it is more likely to be left alone by organisations such as the Church of Scientology. Does he keep logs? Well, if you check out http://groups.google.com/groups?selm=A4JW7XYC37819.5609490741@Gilgamesh-frog .org you'll discover he admits to rummaging through failed messages. That's the public admission, what goes on in private? Your guess is as good as mine. Next on the suspicious things about Frog's page is the "web counter". This displays the same graphic every time without any actual count, and appears on all the mirror pages (yes, linked back to frogadmin.yi.org). Just what is the point of having a graphic at all? Why put this on mirror pages? Basically, why collect more information about your users than you absolutely have to? 2. Censorship. Now onto Frog's news service. Offering a flood-free news service is an admirable goal, but then using it to censor your critics, or any mention of their names, is not in keeping with what most hold to be the principles of remailing. Perhaps best written as, "I will defend to the death your right to say anything noncritical about me"? 3. Handling of abuse. The current attack on uiuc isn't the first time Frog-Admin has used his remailer as a weapon when he couldn't get his way. Some time back he did precisely the same thing with RoadRunner's abuse address. So, you can conclude that placing the email address of any enemy is in his "scripted policies". How can any frog supporter find that acceptable. Unless of course they support frog for providing them with an abuse-friendly remailer that allows custom message ids to make Xover filtering impossible. 4. Outing of abuse suspects. Contrast Frog-Admin's approach with that of any other remailer operator. He's proud to have "outed" 5 alleged abusers. Nobody comes close to that. Other remops quietly block sources of abuse, or take it up with the abuser's ISP. They don't go trumpeting in public that they caught someone. They don't go putting the abuser's ISP abuse address in their headers when the ISP refuses to terminate the suspect's account. Frog-Admin has repeatedly been asked to moderate this approach to abuse, even now, with more than a dozen remops source and destination blocking him, he is unrepentant. Ignorance, Arrogance, and Incompetence indeed. I thought an ex-boss who was French and nicknamed "Napoleon" was bad, Frog takes the whole pack of biscuits. 5. Traffic Analysis. We all know Frog-Admin has carried out traffic analysis in the past. One of the guiding principles of the remailer network is to try and foil this. What on Earth is one of the *operators* doing trying it himself. That was when he ran Azerty. Still listed on his web pages, so he makes no secret about the time he was caught running 2 remailers. Is he doing it now? Perhaps. Take a look at Riot Admin's geographical mapping project and decide for yourself, where else could Frog-Admin have a remailer? 6. Attacks on developers of Privacy software. Frog-Admin has publically tried to discredit Richard Christman, developer of QuickSilver. Len Sassaman and Peter Palfrader, the people working on Mixmaster. All that's left is for him to publically attack Mixminion. I have no doubt he will if he can't figure out ways to subvert it or carry out traffic analysis of the messages. 7. Unbelievable Stats. During the flood of aam last month, a massive number of messages were emerging from the frog remailer. Frog-Admin even points this out himself in his accusation that Peter Palfrader was responsible. Did the latency of his remailer change? No. It remained at an unbelievable 1 or 2 minute value. Really, you can't expect much in the way of privacy with that. Just how much reordering does his remailer do, and still get values like that? Or, as I suspect, are pings given special treatment? It would certainly help ensure his remailer is chosen as often as possible. Yes, whilst other remailers showed *days* in latency, frog reported minutes. In closing, I really have no idea exactly what Frog-Admin hopes to gain with his antics, but I have never seen the remailer community divided like this. I wish more remops would block him, but that is their decision, not mine. Doc. - -- OpenVMS: Eight out of ten hackers prefer *other* operating systems. [New Key - Get via finger] http://deathrow.vistech.net/BOFH/doc/ -----BEGIN PGP SIGNATURE----- Version: N/A iQEVAwUBPx3B8nzQ2lmQ+jlnAQFb8QgAhaV6Kz+kIuEPl9BGxdCJshG2B56OL4+Q /SVZCXWI4JinHRUMyNY+a8ojTIX5F5qBZAfFehE8xAdjGbIEaNV5hu0gGHnfSN26 OzVmuFJDRf/hx82WqbJ88T+4LpZST/6OEjlLKsUxoMbe9T+46p53mg28qShOmPRL YYDt7FhSGOr9RBzjAm2bSpvQKzBdnn3YQBpnvJMFJeVyW8xXJTVe2JmFUK7eTSFm cyAqVRlQrh3Ah/AT6vg1N1RWkgZH9ehiDPGBdRR3+7Is3lW+BLlTdu9MimB0PR2F HxHgV5tsqIBmG54CpvDLm6t/+xrs9rqm66X8heTwqSgGlqUWNIZ58w== =nIQ6 -----END PGP SIGNATURE-----