|
Home > Archive > Anonymous Servers > April 2006 > Proposal For A Simple Nym
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Proposal For A Simple Nym
|
|
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Could you fellows and gals give me your opinion as to the necessity
for and practicality of the following nym possibility?
My rationale for suggesting this is the apparent instability of
nymservers, the difficulty that some people have setting them up,
and the inconvenience of accessing the messages from aam.
I'd add the impossibility (from my trials of about 15 of them), of
subscribing to a web-based email service if you want to use
Tor/Privoxy, want to have javascript turned off, and want to proxy
https as well as http - in other words the impossibility of using
one of these services anonymously. If somebody knows of one - a
full-fledged web email service - that can be used that way, please
let us know about it, since it would remove the need for this nym.
My suggestion is for a nym that is created upon receipt of
a request via anonymous email. Something simple like a message to a
config address with a body consisting of:
create: mypublicnym
myaddr: myrealnym
Any message to mypublicnym@nymserver.com will be remailed to
myrealnym@6url.com or some such place which accepts any email and keeps it
around for x hours or days.
I like 6url.com myself because it keeps the mail for 30 days.
The person who created the nym will go to one of those places using
tor/privoxy and download his messages.
There's no encryption of the nym message, unless the sender
encrypts it, so anyone who discovers the existence of myrealnym can
go to 6url.com and read the message.
If the lack of encryption is unacceptable, then this isn't for you.
If it is acceptable, then it seems you have an easily-accessible
from address that can't be traced to you.
My spam and flood filters would pretty much ensure that myrealnym
would not be inundated with crap.
The weakest point is using tor/privoxy to go to 6url.com and
download the messages. But since the message may have been sitting
there for days, there is plenty of latency. I'm not sure, but think
there is no great exposure in doing the download: Nobody knows who
you are or where the message is ending up.
The nym server would be a simple script; the only thing kept would
be a text database containing the list of mypublicnym,myrealnym
pairs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFETkRuEC+g9Qawm6QRAhciAJwPMOTDtbFx
RkuL0qgjYODR0SZVRgCfYojL
1ViHfeDOTLi48gyHtjKYcGw=
=/jXX
-----END PGP SIGNATURE-----
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't know how I overlooked it in the earlier tests, but I managed
just now to sign up for a yahoo email account and was able to send and
receive from it, while using tor/privoxy, no javascript, http/https
proxied.
So please forget the suggestion (unless redirecting the 'from' address is
worth doing).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFETmUkEC+g9Qawm6QRAjB+AJ9iBG5EMq4R
vk3Mkf1bndmWnPYsnACeJo9r
2j8XNawXaD1FXJJddiz+uWc=
=DrBX
-----END PGP SIGNATURE-----
| |
| TwistyCreek 2006-04-27, 6:54 am |
| admin <admin@eelbash.org> wrote:
>
> Could you fellows and gals give me your opinion as to the necessity
> for and practicality of the following nym possibility?
>
> My rationale for suggesting this is the apparent instability of
> nymservers, the difficulty that some people have setting them up,
> and the inconvenience of accessing the messages from aam.
You don't seem to understand the anonymity that nyms provide. Using
Tor to access a web based email provider comes nowhere near the anonymity
provided by a nym server.
| |
| Borked Pseudo Mailed 2006-04-27, 6:54 am |
| In article <pan.2006.04.25.15.48.34.445638@eelbash.org>
admin <admin@eelbash.org> wrote:
>
> Could you fellows and gals give me your opinion as to the necessity
> for and practicality of the following nym possibility?
Another post to add to my "Eelbash's stupid ideas" folder. At this
rate, I'll need to get a bigger hard drive.
| |
| George Orwell 2006-04-27, 6:54 am |
| TwistyCreek wrote:
> admin <admin@eelbash.org> wrote:
>
> You don't seem to understand the anonymity that nyms provide. Using Tor to
> access a web based email provider comes nowhere near the anonymity
> provided by a nym server.
Not technically true. Neither one is anonymous, they're pseudonymous.
They're account based systems that make you stand out from the crowd all
by themselves, but mathematically too difficult to circumvent to make an
attack practical. There is no "degree of anonymity" even with pseudonymous
accounts, you either are, or you are not. To say one is better than the
other, one OR the other has to be provably broken.
What they are is similar but different. Each method has it's strengths and
weaknesses. Remailers add latency to thwart traffic analysis, which is one
of Tor's weaknesses, but Tor's dynamic chains all but eliminate replay
attacks. Something remailer Nym accounts are known to be vulnerable to.
There's ton's of little nuances. Web based accounts mean your mail is
stored on a remote machine, while remailer usage means that software is
stored on yours. Encrypting your mail hides the content, while keeping
your software on an encrypted volume hides ITS presence. It really is six
one way, half a dozen the other. Etc..... etc....... etc. 
What the debate becomes in the end is a question of which method best
suits your needs. If your traffic content itself is ultra critical you
might gravitate towards remailers and encrypting everything manually. If
being "detached" from the fact that you're even sending encrypted messages
is a pressing concern because you live in some place where that sort of
thing can get you jailed or worse, then you're probably better off using a
web based email account and Tor.
And yes, there's an infinite number of "what if" scenarios that might tip
the scales in either direction......
|
|
|
|
|