Here is a message from RProcess to Frog after Frog outed people. Who is RProcess? He has written three remailer clients (Potato, JBN 1 and 2) and a Windows remailer (Reliable), all the backbone of what the remailer system consists of today. Especially of interest is RProcess saying how he admires remops who shut down their remailer rather than let it be abused. Is that not what Sassaman did with Randseed after the terrible 9/11 attack? And is this not what frog has ranted and railed about since then, calling Sassaman a coward? --------- http://groups.google.com/groups?q=rprocess+replies+to+frog-admin&hl=en&lr =lang_en&ie=UTF-8&newwindow=1&safe=off&selm=ce68b1eae11942c81d5036163df46 c54%40anonymous.poster&rnum=1 Tiny URL: http://tinyurl.com/k9fk From: An Metet (Use-Author-Supplied-Address-Header@[127.1]) Subject: rprocess replies to frog-admin Newsgroups: alt.privacy.anon-server Date: 2002-02-15 11:30:33 PST On 7 Feb 2000, Frog-Admin wrote in alt.privacy.anon-server: > I caught an abuser (trivial traffic analysis): > > Azerty received 100 * messages 160 K initially > giving 100 * identical messages 60 K on arrival with 14*gif (batman) each. > In-between, transparent-remix generated a few hundreds messages each hop > > [removed].com > azerty > noisebox > frog > [removed].net > that was the scheme > > here are the headers: incoming and last hop > I DO NOT PROMOTE ABUSE NOR PROTECT DOS ATTACKERS > [...] I've expressed a few thoughts on why handling abuse this way is a mistake before, but I will repeat myself. Ultimately this is up to you and your users of course. IMO remailer operators should NEVER publish private mail sent through their server. Reasons include: 1) You may think you are SURE this person is abusing the remailer in this case. However you don't know if the email address was forged; the apparent sender may be under attack. If that is the case you have just shined a very bright light proclaiming in large letters that he/she may be a remailer user. That alone is more than many remailer users want publicly announced. 2) You are setting a precedent for remailers to publish private data and logs when they have problems. Other operators with less experience, less sound judgement, or even malicious intent may copy and promote this behavior, employing this technique in error against users who they think are abusing their remailers. Examples include: a) It is not uncommon for mail servers and remailers to experience problems which can look like abuse. For example Replay once had a problem where sent mail wasn't deleted from the spool, so every message got sent thousands of times. Many people thought they were under a personal DoS attack or were being mail-bombed. It was just a software glitch. b) An operator of an old winsock remailer (I don't recall the name) once received a message that was large (about 500K). He decided he was being attacked because his (at the time unpublished) maximum was 30K. He published the message with headers to newsgroups including this one, including both the sender and decrypted recipient, as you have done. This may have been before your time, but those who were here no doubt remember the flames. The user was irate that his mail was published as were many users; the operator was berated publicly and privately and received death threats; the remailer was mail-bombed; the operator closed the remailer and instead began writing viruses which published peoples' documents to usenet. All this because of an operator who thought it okay to publish what he was SURE was abuse, and a (formerly anonymous) remailer user who did not know the remailer had a 30K limit. c) New users of remailers sometimes misconstrue the acceptable use policies of remailers, are misinformed of their genuine purpose, or make technical mistakes (such as thinking a 3 gig file is no problem) which results in abuse-like behavior. d) An inexperienced operator once published original headers (to a mailing list) when his beta copy of Reliable jammed when sending to a particular address. He somehow thought this was an intentional attack on the part of the user because the user sent a message to that same address once per week. (The point here is not that the operator was inexperienced or even that he jumped to an unwarranted and rather bizarre conclusion, but that the habit of publishing user information in cases of 'abuse' can jeopardize someone's security.) 3) You allow those who would attack remailers to create an atmosphere where operators are routinely publishing user information, sharing user information, attempting to track users, log users, etc. This in turn (rightfully) undermines the well-deserved trust remailers operators have accrued for their hard work of providing strong anonymity. Already IMO some remailers (running Freedom and Mixmaster, not Reliable AFAIK) do far too much logging in attempts to thwart SPAM, and at least some of the unreliability of the remailer network is due to misapplied and ill-conceived abuse filtering. On the latter thought, I remember you mentioning that you have modified Reliable to perform some logging (which you apparently used to trace this message through three remailers, two of which you run), and I think it would be helpful and correct if you detailed these changes for your users. I think your users should be informed of such modifications as it is their security you are silently jeopardizing. I also think that your not immediately making it clear from the outset that you ran both Azerty and Frog was at the very least a serious error of judgement. In cases of *carefully verified* abuse, I think the proper procedure is to attempt to contact the sender, giving him or her the chance to defend or explain the apparent abuse, and modify their behavior. Failing that notify the sender's ISP. I consider it very bad form to publish mail to newsgroups and even the remops list (which is public). This plays into the hands of abusers and undermines the integrity of the remailer system, which depends on operators NOT sharing information. Remailers do suffer abuse. I personally have admired operators who shut down their remailer or reduced its capabilities after sustained abuse or complaints, rather than degrading its security and the integrity of the entire network. I hope you will reconsider your policy of publishing and monitoring user information. - END - I intend to place more archived posts on this site. They just might make a few things clearer to some of the newer users of apas. Bluejay at cotse dot net (Find your own way out of here.) :)