Anonymous Servers - Question from an old-timer

Author

Question from an old-timer

Doodah

2007-09-13, 1:12 am

I used to have a nym and use Jack B. Nimble with the remailers. Can
someone tell me where to look for software that does the same things
but for XP?
Thank you!

Anonymous

2007-09-13, 7:11 am

On Wed, 12 Sep 2007 22:18:55 -0400, Doodah <doodah@inbox.com> wrote:

>I used to have a nym and use Jack B. Nimble with the remailers. Can
>someone tell me where to look for software that does the same things
>but for XP?
>Thank you!

www.quicksilvermail.net

http://mixmaster.sourceforge.net/faq.shtml

HTH

Nomen Nescio

2007-09-13, 7:11 am

On Wed, 12 Sep 2007, Doodah <doodah@inbox.com> wrote:
>I used to have a nym and use Jack B. Nimble with the remailers. Can
>someone tell me where to look for software that does the same things
>but for XP?
>Thank you!

That's easy. I use JBN on Win Xp Pro.. and Panta's mods for both JBN and
Reliable.

Cyberiade.it Anonymous Remailer

2007-09-13, 1:12 pm

In article <de7he3tvvqt5bv5fhndn0m9uqvvrm4pup3@4ax.com>
Doodah <doodah@inbox.com> wrote:
>
> I used to have a nym and use Jack B. Nimble with the remailers. Can
> someone tell me where to look for software that does the same things
> but for XP?
> Thank you!

You can still use JBN2 in XP if you like. The newest remailer software
is Omnimix, which would allow you to actually use your Forte Agent
software to send anonymous remailer messages, instead of some awkward
remailer client.
http://www.danner-net.de/om.htm

George Orwell

2007-09-13, 7:14 pm

On 13 Sep 2007, Cyberiade.it Anonymous Remailer
<anonymous@remailer.cyberiade.it> wrote:
>In article <de7he3tvvqt5bv5fhndn0m9uqvvrm4pup3@4ax.com>
>Doodah <doodah@inbox.com> wrote:
>
>You can still use JBN2 in XP if you like. The newest remailer software
>is Omnimix, which would allow you to actually use your Forte Agent
>software to send anonymous remailer messages, instead of some awkward
>remailer client.
>http://www.danner-net.de/om.htm

OM Blows Chunks. I've checked it out twice now and it's managed to shit
all over itself both times. I guess it's ok for people who don't run their
own servers, but it's too stupid to see my mail server, nntp server,
reliable, or mixmaster and just use what I've already got.. no it wants to
use all it's own shit instead which does nothing but XXXX everything up
royally.

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

Nomen Nescio

2007-09-14, 1:12 pm

> >> I used to have a nym and use Jack B. Nimble with the remailers. Can
>
> OM Blows Chunks. I've checked it out twice now and it's managed to shit
> all over itself both times. I guess it's ok for people who don't run their
> own servers, but it's too stupid to see my mail server, nntp server,
> reliable, or mixmaster and just use what I've already got.. no it wants to
> use all it's own shit instead which does nothing but XXXX everything up
> royally.

In alt.privacy, MID
< 881735b8dd37e4f455761ad4b74163f0@remaile
r.metacolo.com>, you made the
same stupid assertions but refused to go into detail. Why?

OmniMix is an integrated solution that for good reasons comes along
with its own Mixmaster, GnuPG and Tor instance and, as all proxies do,
integrates the necessary client/server pairs. It's stickware, which
doesn't need any installation at the host system. And all in all it
requires no more than 20 MB on your harddisk or flash drive. Nothing
gets "XXXXed up", as it doesn't depend on any preinstalled software
and not in the least alters your system.

OM is as stupid in "seeing" mail servers as any mail client in the
world. Enter your server's address, port and SSL encryption
parameters and OM will be able to forward mail to it.

As Mixmaster and Reliable versions differ in calling parameters and
output options, it isn't surprising that OM like JBN and QS is
committed to a specific remailer software, which for OM as well as QS
is Mixmaster 2.9. Speaking of GnuPG 1.4, which in contrast to OM
isn't multithreaded and doesn't serialize calls, you have to consider
that a separate instance controlled by a single client application is
the only way to avoid nasty concurrency issues. Or do you run several
GnuPG frontends simultaneously?

If you're interested in routing OmniMix traffic through an existing
Tor system, then enter its parameters at the MixTor and ConTor tab.
Host and port are sufficient if you don't want to control Tor from
within OM. But doing so means a considerable security risk, as it
allows an adversary to assign OM output to your further Tor activity.
That's why I decided to always run a separate Tor instance solely
dedicated to OmniMix.

If we can assist you in setting up OmniMix correctly, now it's time to
ask your questions.

Anonymous

2007-09-14, 7:12 pm

Nomen Nescio wrote:

> OM is as stupid in "seeing" mail servers as any mail client in the
> world. Enter your server's address, port and SSL encryption
> parameters and OM will be able to forward mail to it.

Hasn't it been established that OM's SMTP support is broken? That it
simply won't work with some serves because it can't negotiate extended
SMTP connections properly or something?

Or was that QS?

> As Mixmaster and Reliable versions differ in calling parameters and
> output options, it isn't surprising that OM like JBN and QS is
> committed to a specific remailer software, which for OM as well as QS
> is Mixmaster 2.9. Speaking of GnuPG 1.4, which in contrast to OM

None of these things is a necessity. For JBN it's a matter of the
software being abandoned aside from Panta's mods. It's essentially
unmaintained. For QS and OM the decision to stick with superseded
versions of core cryptographic software is a personal choice, and a
poor one at that.

> isn't multithreaded and doesn't serialize calls, you have to consider
> that a separate instance controlled by a single client application is
> the only way to avoid nasty concurrency issues. Or do you run several
> GnuPG frontends simultaneously?

Sometimes, yes.

> If you're interested in routing OmniMix traffic through an existing
> Tor system, then enter its parameters at the MixTor and ConTor tab.
> Host and port are sufficient if you don't want to control Tor from
> within OM. But doing so means a considerable security risk, as it

Having Tor's the control port open at all is more of a security risk
than not configuring OM to use it could ever be, as has so thoroughly
been demonstrated recently. In truth, OM's configuration and/or use of
Tor's control port has absolutely no effect what so ever on this
security risk.

> allows an adversary to assign OM output to your further Tor activity.
> That's why I decided to always run a separate Tor instance solely
> dedicated to OmniMix.

Impossible, especially on Windows boxes. There's no way you've
sandboxed a running instance of Tor for use only by OM, that can't be
trivially broken by any attacker with the sort of access they'd need to
try.

Nomen Nescio

2007-09-15, 1:11 pm

> > OM is as stupid in "seeing" mail servers as any mail client in the
>
> Hasn't it been established that OM's SMTP support is broken? That it
> simply won't work with some serves because it can't negotiate extended
> SMTP connections properly or something?
>
> Or was that QS?

I've no idea. AFAIK the only problem that came to light was an
incompatibility with Gmail, the reason of which was that Google didn't
keep to the standards. Read the thread starting with MID
<f90183d55b9c2fd37d06cf1efae83759@dizum.com>.

>
> None of these things is a necessity. For JBN it's a matter of the
> software being abandoned aside from Panta's mods. It's essentially
> unmaintained. For QS and OM the decision to stick with superseded
> versions of core cryptographic software is a personal choice, and a
> poor one at that.

Let's hope Mixmaster 3 soon allows to store converted messages to disk
for further external processing.

>
> Sometimes, yes.

Then be prepared for corrupted or deleted keyrings and keep backups
within reach. ;)

>
> Having Tor's the control port open at all is more of a security risk
> than not configuring OM to use it could ever be, as has so thoroughly
> been demonstrated recently. In truth, OM's configuration and/or use of
> Tor's control port has absolutely no effect what so ever on this
> security risk.

You can't blame OM for unpredictable Tor flaws. Now that those are
fixed, what kind of attack on a control port secured by a password of
sufficient length or a cookie are you thinking of?

OmniMix by default is set to cookie authentication, which means for a
successful authentication you have to have access to the locally
stored cookie file first. But what speaks against reconfiguring Tor
by altering the torrc file? Remove the 'ControlPort ...' line and no
one will any longer be able to contact the Tor controller.

@ Christian: AFAICS the port defaults (915x) currently don't
correspond to the torrc entries 925x.

>
> Impossible, especially on Windows boxes. There's no way you've
> sandboxed a running instance of Tor for use only by OM, that can't be
> trivially broken by any attacker with the sort of access they'd need to
> try.

Works well here under XP, one Tor instance for Firefox/Vidalia (ports
9050/9051) and one for OmniMix (ports 9150/9151). Where do you see
the risks you alluded to? Please tell us more about potential attacks
on such a configuration.

Christian Danner

2007-09-18, 1:12 pm

Nomen Nescio <nobody@dizum.com> wrote:

>@ Christian: AFAICS the port defaults (915x) currently don't
>correspond to the torrc entries 925x.

Many thanks for that hint. I've to confess you're right. It's fixed
now with OM socks/control port and the corresponding torrc values set
to 9150/9151.

Kind regards

Christian
--
OmniMix .. protect your privacy
http://www.danner-net.de/om.htm