At 01:59 PM 12/28/2001 -0800, David Honig wrote: >A.A.M + PGP = covert radio transmitter which sends coded messages. Obviously >interesting, so you direction-find to defeat the anonymity.
And Perry replied: >[Moderator's note: And how would you possibly do that? --Perry] Back in the old days, it was easy - Usenet messages carried a bang-path route to the original sender. You could forge parts of it easily enough, as the Kremvax hoax demonstrated, but the only real untraceability was because there were lots of pre-Honey-Danber UUCP sites which would accept incoming messages from unknown senders. These days, most of them are gone - you're really depending on how long sites keep logfiles. [Moderator's note: That's not the point. You can post without any authentication via many web sites, or over the net via accounts you can get with little or no identification in a dozen countries, which you can log in to anonymously from web cafes, airport kiosks, etc. around the world. If you decide not to be found, you won't be found. --Perry] Reader anonymity depends a lot on how many people actually read A.A.M, and on how many sites keep NNTP logs - it probably a lot fewer readers than the largest binary porn spam groups, but a lot also depends on how many small ISPs around the world still spool their own news rather than buying access from news services. It's certainly harder to trace than senders. So tracing a single transmission may be hard, but tracing an ongoing pattern is easier, unless there's a trusted Usenet site in some country where you don't have jurisdiction problems. That means that A.A.M + PGP is fine for an occasional "Attack at Dawn" message, but not necessarily for routine traffic. So it helps to add an extra step - posting the anonymous message through a web2news gateway through an anonymizer, or a mail2news gateway from a webmail account from a cybercafe, or mail2news through an open relay somewhere in the world (since open relays are usually people who haven't bothered configuring their mail systems, and are less likely to keep logs unless that's the default, plus you can spread your messages among lots of different relays.) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]