Zagladajac do http://www.hyperreal.art.pl/cypher/remailer/nym.html>hyperreala znajdziecie polskojezyczne opracowania dotyczace pseudonimow.
The system is designed to prevent anyone, even the administrators of nym.alias.net, from finding out the real person behind any mail alias. If you use this service properly, an adversary will have to compromise multiple remailers operated by different people in order to find out your real identity.
For each mail alias or ``nym'' (short for pseudonym) on nym.alias.net, the server has on file a PGP public key, a reply block, and a few configuration parameters. The PGP public key is used to authenticate both configuration requests for your nym and outgoing messages you wish to send from your nym.alias.net address. Such messages should be sent to nym.alias.net anonymously, to avoid any connection between your real E-mail address and your pseudonym. The PGP key can also be used to encrypt any mail received for <yournym@nym.alias.net> before that mail is forwarded to you through the remailer network.
The reply block contains instructions for sending mail to your real E-mail address (or to a newsgroup such as alt.anonymous.messages if you want your mail delivered there). These instructions are successively encrypted for a series of so-called Type-1 remailers in such a way that each remailer can only see the identity of the next hop. To send you an E-mail message (after optionally encrypting it with your nym's PGP key), the server will prepend your reply-block to that message and feed the result directly to the Type-1 remailer <remail@anon.lcs.mit.edu>. [Note that this remailer is reserved for use by nym.alias.net aliases and people debugging their reply-blocks, so you shouldn't see it listed in any of the standard remailer lists.]
Thus, mail you send to nym.alias.net arrives anonymously through the remailer network. Mail you receive from nym.alias.net leaves the server with an encrypted reply block, and can be sent either directly to you or to a message pool such as the newsgroup alt.anonymous.messages. When used properly, therefore, nym.alias.net provides the convenience of an ordinary E-mail address with a strong assurance that your true identity will remain a secret.
If you use a unix system, there is a program called premail which creates and manages nym.alias.net pseudonyms for you. For more information on premail, see ftp://utopia.hacktic.nl/pub/replay/pub/remailer/premail. The nym.alias.net support in premail was contributed by the author of nym.alias.net, so if you report nym.alias.net-specific problems in premail you can CC <admin@nym.alias.net>.
If you use a DOS/Windows system, you can use a program called Potato to create nyms, decrypt incoming mail and send outgoing mail from your nym. See http://www.bigfoot.com/~potatoware for more information or to download Potato.
Another DOS/Windows program for managing nyms is called EasyNym, and is available from http://home.clara.net/j.davies/easynym/. Still another, DOS/Windows program for managing nyms is called Private Idaho. See http://www.eskimo.com/~joelm/pi.html for more information on Private Idaho. A newer version of Private Idaho (recommended) is available from http://home.sn.no/~balchen/igloo/pidaho/.
Please do not contact <admin@nym.alias.net> for help with Private Idaho or Potato, as the administrators of nym.alias.net do not use either software package or have access to the hardware and operating systems necessary to try them. If you have problems with these software packages, try asking for help in the newsgroup alt.privacy.anon-server. In addition, there are some unofficial nym.alias.net/PI instructions at http://www.dnai.com/~wussery/pgp.html may be of use, too.
This process is somewhat complicated, and can easily go wrong. For this reason it is recommended that you use one of the programs described in CLIENT SOFTWARE if you can. If you do create an alias manually and you run into problems while setting things up, skip to PROBLEMS AND SOLUTIONS at the end to see if you are making a common mistake.
An alternate, unofficial, and perhaps less technically daunting description of setting up a pseudonym can be found at http://www.stack.nl/~galactus/remailers/nym.html.
pgp -kg. PGP will ask you to enter a user ID for your public key. What you choose
for a user ID depends on how you intend to use your nym's PGP public key.
There are two approaches you can take:
A Test User <yournym@nym.alias.net>
If you do this, you will be able to submit your key to the PGP key servers and even make it available via finger at nym.alias.net (see the +fingerkey Nym-command below). Be aware, however, that publishing your nym's PGP key may put your privacy at risk. PGP does not protect the identities or fingerprints of keys on your private key ring; only the keys themselves are protected by a passphrase. If your nym's PGP key is publicly available, anyone with access to your secring.pgp file (or a backup of it) will be able to figure out if that public key belongs to you.
Thus, you should only publish your nym's PGP key if your secring.pgp file is secure, or if you have software such as premail (finger premail-info@nym.alias.net) that will encrypt entire PGP keyrings for a pseudonym account.
test
key. Do not sign your PGP key if you want to keep it secret. Do not submit it
to any key servers, give it out to people, or use it to sign messages that
aren't also sent to and encrypted for
<config@nym.alias.net> or <send@nym.alias.net>.
Note that even if you don't publish your nym's PGP key, you can have the nym.alias.net server sign your outgoing mail with its own PGP key. This can be used to guard against simple mail forgeries. Obviously, however, it is preferable to use your own PGP key if you can do so safely.
MYNAME = <you@your.email.address>
in the file $HOME/.pgp/config.txt (which you can create if it does not already exist). This explicitly tells PGP to use your regular PGP key rather than your nym key by default.
Once you have a PGP key for your pseudonym, you can extract it to a file, for instance by executing these commands from your shell:
pgp -fkxa "nym key ID" > tmpfile
On Unix systems, you may wish to make sure tmpfile cannot be read by any
other users. For this you can run the command umask 077 first.
Here and in the rest of this document, ``nym key ID'' is the user ID you chose for the PGP key you generated, or some unique substring of that key. If you chose option one above (publishing your nym key), then you can just use yournym@nym.alias.net as the nym key ID. Otherwise, you will need to use whatever user ID you did choose. Note that if the user ID you type contains any spaces, you will need to surround the whole thing with double quotes, as shown above. (You can surround it with double quotes anyway--it won't hurt anything.)
To create a reply block, first choose some passphrases for shared-key, conventional encryption with ``pgp -c''. Suppose you want your message encrypted first with your nym's public key, then with shared key ``passphrase_b'', then with shared key ``passphrase_a''. Create a remailer message like this:
:: Anon-To: you@your.email.address Latent-Time: +0:00 Encrypt-Key: passphrase_a
**
Here ``Latent-Time: +0:00'' will prevent any delay. You can and should use something longer or omit the Latent-Time header if you want more security. Note that if for passphrase_a you choose a passphrase with a space character in it, some remailers may require you to surround the passphrase with quotes (though other remailers may not understand the quotes).
You will need to encrypt the above message with a remailer's PGP public key. Note that the remailers used in this example do not exist any more. They are here only as examples. You can get an up to date list of remailers and their public keys from http://www.cs.berkeley.edu/~raph/remailer-list.html, or by fingering remailer-list@kiwi.cs.berkeley.edu. On this list, only remailers that have all three of the ``cpunk'', ``pgp'', and ``ek'' properties should be used for reply blocks. In addition, make sure the remailers you chose are listed in the statistics section lower down on the page (some of the remailers listed in the top section are no longer functional). You can add the PGP keys of all the remailers to your PGP public key ring by running:
finger pgpkeys@kiwi.cs.berkeley.edu | pgp -fka
Once you have selected a remailer, for example <remailer@utopia.hacktic.nl>, and have added that remailer's key to your PGP public keyring, encrypt the above message with that remailer's key. If the above were stored in a file rblock1, for instance, you would encrypt the message with the command:
pgp -eat rblock1 remailer@utopia.hacktic.nl
To yield a file called rblock1.asc with cyphertext like this:
-----BEGIN PGP MESSAGE----- Version: 2.6.2 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw== =Bla3 -----END PGP MESSAGE-----
Prepend to this the following header:
:: Encrypted: PGP
Finally add another set of remailer commands to send the above cyphertext to the remailer for which you just encrypted-- remailer@utopia.hacktic.nl in this example. The result should look like this:
:: Anon-To: remailer@utopia.hacktic.nl Latent-Time: +0:00 Encrypt-Key: passphrase_b :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6.2 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw== =Bla3 -----END PGP MESSAGE----- **
Note two things about this message. First, there must be a blank line
before the second ::. Second, you must add ** to the end of your message. Encrypt-Key: will cause everything below the **
to be encrypted. If you don't include it, remailers will either fail to
encrypt your mail or even discard it.
For greater security, you should now repeat this process some number of
times so that mail to your pseudonym travels through multiple remailers.
Pick another remailer from the list. Encrypt the entire above message from
and including the first :: up to and including the **, and add a new set of headers for sending to the second remailer you have
just picked. The result will look just like the above message, only with a
larger PGP portion and different
Anon-To: and Encrypt-Key: headers. For instance, if you chose the remailer <cpunk@remail.ecafe.org>, your reply block might now look like this:
:: Anon-To: cpunk@remail.ecafe.org Latent-Time: +0:00 Encrypt-Key: passphrase_c :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6.2 /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2 dHNr1NA6WWaIfV0pR+sluNWFxNYuTk0OFgtg8c0ABRG0Kzxjb25maWdAbnltLmFs aWFzLm5ldD4vPHNlbmRAbnltLmFsaWFzLm5ldD6JAJUDBRAxumL3RMG0dWLnx9EB AaRTA/4xIgNrem7Yay0/rFfXgoGHUhWsZVhAlQP1fVEIRYuYEC4Biodwx3nYL31r 9IcgBkm/DUddkfCUfroMr7wbm6GnYnrVLc4dZ9ACCjUVX7n5hvanc8/Efx0yE03l D+r9n5liz5X4vk65f+DIw1LykM9zTg/4GNwAENn6H5YTtg6Q+IkBFQMFEDG6YVlO hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw== =Bla3 -----END PGP MESSAGE----- **
The last remailer you encrypt for will be the first remailer your mail goes
through. The last Encrypt-Key: header will therefore be the first key with which your message is
encrypted, and the last with which you will need to decrypt received mail.
With this example reply block, you would need decrypt received mail first
with ``passphrase_a'', then ``passphrase_b'', then ``passphrase_c'', and
finally with your nym's private key.
From: A Test User <yournym@nym.alias.net>
And you wanted people who fingered your nym to see:
Mail Alias: yournym Name: A Test User PGP Public-Key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzGf6A8AAAEEAPknqWEUA8U4+l5TFkD5Fj0COten6bbIe5bBb/1MvI+w6mFl z06CPb2K/Z1fzjT48ZyxwYR+S3jU3Z96JEFRl99HYh3lTIUiBHW/XtwyefF0y61x qYkNuUpSFh9BDBFM7N3uVvaNbzLiFnqCpZLm5ZIfrLcla3qUgkTBtHVi58fRAAUR tDhsY3MgbWl4bWFzdGVyIGFkbWluaXN0cmF0b3IgPG1peC1hZG1pbkBhbm9uLmxj cy5taXQuZWRxPokAlQMFEDGf6ClEwbR1YufH0QEBX60D/jZ5MFRFIFA1VxTPD5Zj Xw2bvqJqFvlwLD5SSHCVfe/ka6ALuxZGFKD/pHpUAkfv1hWqAYsJpi0cf8HSdi23 bh5dUeLJnHHHDmd9d55MuNYI6WTi+2YoaiJOZT3C70oOuzVXuELZ+nZwV20yxe8y 4M3b0Xjt9kq2upbCNuHZmQP+ =jIEc -----END PGP PUBLIC KEY BLOCK-----
You could a create message like this:
Config: From: yournym Nym-Commands: create +acksend +fingerkey name="A Test User" Public-Key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzGf6A8AAAEEAPknqWEUA8U4+l5TFkD5Fj0COten6bbIe5bBb/1MvI+w6mFl z06CPb2K/Z1fzjT48ZyxwYR+S3jU3Z96JEFRl99HYh3lTIUiBHW/XtwyefF0y61x qYkNuUpSFh9BDBFM7N3uVvaNbzLiFnqCpZLm5ZIfrLcla3qUgkTBtHVi58fRAAUR tDhsY3MgbWl4bWFzdGVyIGFkbWluaXN0cmF0b3IgPG1peC1hZG1pbkBhbm9uLmxj cy5taXQuZWRxPokAlQMFEDGf6ClEwbR1YufH0QEBX60D/jZ5MFRFIFA1VxTPD5Zj Xw2bvqJqFvlwLD5SSHCVfe/ka6ALuxZGFKD/pHpUAkfv1hWqAYsJpi0cf8HSdi23 bh5dUeLJnHHHDmd9d55MuNYI6WTi+2YoaiJOZT3C70oOuzVXuELZ+nZwV20yxe8y 4M3b0Xjt9kq2upbCNuHZmQP+ =jIEc -----END PGP PUBLIC KEY BLOCK----- Reply-Block: :: Anon-To: remailer@utopia.hacktic.nl Latent-Time: +0:00 Encrypt-Key: passphrase_b :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6.2 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw== =Bla3 -----END PGP MESSAGE----- **
Note that the first line of this message was Config:. Any
message sent to config@nym.alias.net will be silently discarded
if the first line is not Config:!
Note that the From: line just contains the name ``yournym'', and nothing else. Do not put angle
brackets or anything else on your From line. (Though as a special case, From: yournym@nym.alias.net will work as long as it is not surrounded by angle brackets.)
Note also that your PGP key will not be visible via finger unless the key
user ID contains your nym E-mail address in angle-brackets. You can also
prevent your public key from being available via finger by omitting the +fingerkey from the Nym-Commands: line.
The above message must then be encrypted with the nym.alias.net public key, and signed by your nym's new private key. The nym.alias.net public key is listed here, and is also available by fingering or sending mail to <remailer-key@nym.alias.net>. You can run
finger remailer-key@nym.alias.net | pgp -fka
to add this key to your public keyring. You might then run
pgp -kvc nym.alias.net and verify that your copy of the public key has fingerprint B6 41 A7 85 4E A8 C7 6D DD 02 18 4E 4A A9 84 E3.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzGzy5AAAAEH/2JjaB4AuQff90Mejru+FVptG4/wPmwK7WteavNXJpYxWoRm SzxwNz70q4QCLKBR0QnzXqGeGtCB5IE4dIuPIkMiPvRv57rBaDe4qkzNkgwuZiH9 qGMsOSidCf+xaIJyL7RtljKuDSU8KH2OGIdwEpGa20U+9oXabWCpWwVvfJhgxPFF xhiFLeMzhEUgsVXxIn2ThD8AyHyTUXWd11nvvTeKt+y9qX+7fUDrn6HIl1lFmxQA RAOc83jjDNgWbanHWG9+1g8KFLkBrEdxJtNQeb/JMSZ122Dxda5CwtMnQGI0mCcr dHNr1NA6WWaIfV0pR+sluNWFxNYuTk0OFgtg8c0ABRG0Kzxjb25maWdAbnltLmFs aWFzLm5ldD4vPHNlbmRAbnltLmFsaWFzLm5ldD6JAJUDBRAxumL3RMG0dWLnx9EB AaRTA/4xIgNrem7Yay0/rFfXgoGHUhWsZVhAlQP1fVEIRYuYEC4Biodwx3nYL31r 9IcgBkm/DUddkfCUfroMr7wbm6GnYnrVLc4dZ9ACCjUVX7n5hvanc8/Efx0yE03l D+r9n5liz5X4vk65f+DIw1LykM9zTg/4GNwAENn6H5YTtg6Q+IkBFQMFEDG6YVlO TQ4WC2DxzQEBIvMH/jER9tiQcJG2NvkiOqcIeBSPLb15EPFMg1He3clRIz398ToH iv4oNKZEjVox3O0zowcUW0zfgtzhlMbudOwgoylCpCxVukuF1tsleoGlvDES0iA8 WdnYftt/rr3awf0j2pmLFbCmEDFaebuYgRXGe5yavaSjFDPzjFZqKwTYs5VnKOjP XjI0yrem4PXw6K5sOANJKaa6yFrHJ/58iqbV8Rl7p0qNwwIi1nDn5UgpDOFDqWMq sO9HUjRD2Y+Kmq6qlSg1gKV1hehZuAxHKtJAIZf+MPaI/sRbs79oN5GVwpmqoiZF vz6bLS+qs69kVwg2RQoY2BSAzyUeT+rw70YfLAc= =ekCY -----END PGP PUBLIC KEY BLOCK-----
When you have the nym.alias.net public key, you can encrypt and sign your configuration request with the command:
pgp -seat file config@nym.alias.net -u "nym key ID".
Once you have produced a PGP encrypted and signed message, mail it to <config@nym.alias.net> through some anonymous remailers. If the name you chose is available, this will create your mail alias. You can send mail to or finger <list@nym.alias.net> to get a list of pseudonyms already in use.
If your request is successful, you will get mail through your reply block acknowledging successful completion. In this acknowledgment, you may also be asked to confirm your reply block by sending mail to a particular confirmation address. This two step process in necessary at times to cut back on the number of nyms with bad reply blocks which are left for dead. A new account will be deleted if the reply block has not been confirmed in one week. Note that if you receive an acknowledgment which does not ask for confirmation, your mail alias will already be functional.
From: yournym To: mail2news@anon.lcs.mit.edu Newsgroups: alt.test Subject: ignore this nym test just a test
Note once againt that the From: line just contains the name ``yournym'', and nothing else. The contents of
the From line in outgoing mail will be set by the pseudonym server, based
on your account name and what you set with the name= Nym-Command. Do not put angle brackets around yournym or include anything else on the
From line. (Though as a special case, From: yournym@nym.alias.net
is also acceptable, as long as it is not surrounded by angle brackets.)
If this file is called testpost, encrypt and sign the file by running:
pgp -seat testpost send@nym.alias.net -u "nym key ID"
This will create a file called testkey.asc, which you can then mail (through other remailers) to <send@nym.alias.net> to post the above test message to the newsgroup alt.test.
If you used the +signsend Nym-Command when creating your nym, any mail you send through <send@nym.alias.net> will be PGP signed and dated by the nym.alias.net private key to certify
its authenticity. If you do not wish your mail to be signed, or if you have
published your alias's public key and wish to sign messages yourself with
that key, you can disable this default signing by sending a -signsend
configuration command as described below.
Regardless of your nym's configuration settings, you can also enable or
disable both signing and acknowledgment of outgoing mail on a per-message
basis. Do so by including in your encrypted and signed E-mail message a Nym-Commands: header with one or two of the
+signsend, -signsend, +acksend, or -acksend keywords.
Ordinarily the recipients of mail you send will be determined by the
To:, Cc:, and Bcc: headers of the message, which have the usual behavior. However,
occasionally you may wish to specify a list of recipients explicitly. This
may be useful, for instance, if you wanted to PGP-encrypt a message for
some recipients but not others. In such a case, you would need to mail two
copies of the message, one encrypted and one not. However, you might still
want the To: and
Cc: headers to reflect the full list of recipients.
You can explicitly specify the full list of recipients by listing them in a Hidden-To: header of your E-mail message. If a Hidden-To:
header is present in mail you send, that header will be removed and mail
will be sent to the users it lists regardless of any other headers in the
mail message.
Subject: and References: headers of your message correctly.
The subject of your message should be the same as the article to which you are replying, unless you are replying to the first message in a thread, in which case you should prepend ``Re: '' to the original subject.
To build a references header, copy the references header of the article to which you are replying, and append that article's Message-ID. If you are replying to the first article of a thread, it won't have a references header. In that case just use the article's Message-ID as your references header. Be sure to leave a space between Message-IDs in your references header.
For example, if replying to a message which includes these headers:
Subject: Re: anonymous remailers
References: <5dfqlm$m50@basement.replay.com>
Message-ID: <5dko56$1lv$1@news02.deltanet.com>
your reply should contain these headers:
Subject: Re: anonymous remailers
References: <5dfqlm$m50@basement.replay.com>
<5dko56$1lv$1@news02.deltanet.com>
[Note that an indented line in a message header indicates a continuation of the previous line.] If replying to the first message in a thread, with these headers:
Subject: Help with P.G.P
Message-ID: <5e96gi$opv@job.acay.com.au>
your reply should contain these headers:
Subject: Re: Help with P.G.P
References: <5e96gi$opv@job.acay.com.au>
The references header can be trimmed to include only IDs from messages that you have quoted from or are replying to.
Once again, the first line of the configuration message you send must be Config:, and the message will need to be both signed and encrypted with
pgp -seat message config@nym.alias.net -u "nym key ID"
as described above for sending mail. As an example, the following message, mailed to <config@nym.alias.net>, would set the reply block for <yournym@nym.alias.net>:
Config: From: yournym Reply-Block: :: Anon-To: remailer@utopia.hacktic.nl Latent-Time: +0:00 Encrypt-Key: passphrase_b :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6.2 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw== =Bla3 -----END PGP MESSAGE----- **
After changing your reply block, you will receive an acknowledgment through the new reply block. This confirmation may ask you to confirm your reply block, in which case you must reply to the acknowledgment message before your new reply block is put in place.
To delete your alias entirely, send encrypted and signed mail with simply the lines:
Config: From: yournym Nym-Commands: delete
(substituting your real alias name for yournym). After deleting your alias, you should receive PGP-signed mail explicitly acknowledging the deletion of that alias. An acknowledgment simply confirming generic successful completion of your request does not indicate that your alias has been deleted. You can also verify deletion of your nym by retrieving a list of all nyms through <list@nym.alias.net>.
You can give several commands using the ``Nym-Commands:'' header in a message to <config@nym.alias.net>. You can place several of these commands in a single Nym-Commands header, separated by spaces, or you can can put multiple ``Nym-Commands:'' headers in the same message. Valid commands are:
Nym-Commands: header in an outgoing mail message.
Having a nym.alias.net signature around another signature can prevent mail
readers from verifying the inside signature, so you should choose the -signsend option if you want to sign all messages yourself. (See GENERATING A PGP KEY FOR YOUR NYM for a note on the dangers of publishing your nym's PGP key.) This
configuration option can be overridden on a per-message basis by a Nym-Commands: header in an outgoing mail message.
Nym-Commands: -disable to
<config@nym.alias.net>.
From: lines contain a user's full name in addition to his/her E-mail address or
account name. To set up a name to be printed in all your outgoing messages,
like this:
From: Your Alias Name <yournym@nym.alias.net>
and to have that full name appear when your nym is fingered, you should send the corresponding name= Nym-Command in a configuration message. Note that the outer quotes are necessary even if your name does not contain any white space. If your full name name actually contains any quote or backslash characters, you must precede them with a backslash, as in, for instance:
Nym-Commands: name="Billy \"the kid\" Smith"
To delete your full name so that outgoing mail only shows your alias address and finger shows a full name of '???', send the command name="".
-acksend -signsend +cryptrecv -fixedsize -disable
-fingerkey name="" -nobcc
One side effect of this is, however, that if you PGP sign a test message and mail it in multiple times, it will only work the first time.
Note that signatures are only considered valid for a week. Thus, if mail comes to send@nym.alias.net more than a week after you signed it, that mail will be dropped.
Config: From: yournym Reply-Block: :: Anon-To: nobody@some.remailer.machine Latent-Time: +0:00 Encrypt-Key: key1 ** Reply-Block: :: Anon-To: you@your.email.address Latent-Time: +1:00r Encrypt-Key: key2 **
Will setup your alias to send one copy of each message you receive to <nobody@some.remailer.machine> immediately, and to send a second copy to <you@your.email.address> after up to one hour of random delay. Of course, in order for this to be useful, you should use more complex reply-blocks which chain through multiple remailers.
It may also make traffic analysis more difficult if you don't always use
the same remailer path. You can assign a probability to a reply block by
adding ``x=probability'' to the Reply-Block: line (where 'x' can be any single letter variable name). For example,
consider the following reply-block:
Reply-Block: p=0.75 :: Anon-To: nobody@some.remailer.machine Latent-Time: +0:00 Encrypt-Key: key1 ** Reply-Block: q=0.5 :: Anon-To: you@through.one.remailer Latent-Time: +1:00r Encrypt-Key: key2 ** Reply-Block: q=0.5 :: Anon-To: you@through.another.remailer Latent-Time: +1:00r Encrypt-Key: key3 **
3/4 of the time, a copy of a message you receive will immediately be mailed to <nobody@some.remailer.machine>. After some random delay (up to an hour), your message will be mailed either to <you@through.one.remailer> or to <you@through.another.remailer>. Multiple reply-blocks with the same probability variable are mutually exclusive. Thus since the q blocks are ``q=0.5'' and ``q=0.5'', and since 0.5 + 0.5 = 1.0, you are guaranteed to get a copy of all your mail. Generally speaking, you will probably want all the weights associated with a particular variable to add up to 1.0 unless the reply-block is just for cover traffic. Bizarre behavior may occur if your probabilities add up to more than one--use different probability letters if you want to receive multiple copies of mail.
While the idea of using many different reply-blocks with small probabilities may seem appealing for defeating traffic analysis, keep in mind that each reply block is traceable back to you. Suppose you have 10 reply blocks for your nym, each with probability 0.1. If those reply blocks become compromised, only one of the 10 will have to be uncovered to find out your real identity.
Encrypt-Key: headers), an observer on the network or at a remailer may be able to
determine which public key corresponds to which nym, and use this to track
messages. If you redirect your mail to news group alt.anonymous.messages
without conventionally encrypting it, observers will be able to determine
your nym's public key ID and observe how much mail you are getting.
For this reason, you should conventionally encrypt your mail in addition to public-key encrypting it. If you only want to use conventional encryption for received mail, you can disable RSA encryption by sending signed/encrypted mail with 'Nym-Commands: -cryptrecv' to <config@nym.alias.net>. There is a large benefit to using public-key encryption, however. If you only use conventional encryption and your reply-block is compromised, previously recorded messages to you will be able to be decrypted. With RSA-encrypted messages, there is no way for anyone but you to read your mail once it has left nym.alias.net.
With the +signsend option, nym.alias.net will sign all messages you send with its PGP key
(adding a disclaimer at the end of the message). This is primarily to
prevent simple mail forgery which is rendered even simpler by the fact that
the sendmail on nym.alias.net doesn't keep logs. If you care about the
authenticity of messages sent through your nym, however, you should
probably publish its PGP key, set the -signsend Nym-Command configuration option, and PGP-sign all your outgoing messages
yourself.
Be aware, however, that the identity of a key on your PGP private key ring is stored in cleartext (even though the key itself is protected by a passphrase). Thus, if you publish your nym's public key, anyone who can gain access to your PGP secret keyring (or a backup tape containing it) will find out the identity of your nym, even if that person does not know your passphrase! For this rather unfortunate reason, you are faced with a tradeoff between authenticity and secrecy.
One solution is to use software that keeps your nym's PGP keys on separate keyrings, and encrypts the entire keyrings. Premail is one software package that supports this. Send mail to or finger <premail-info@nym.alias.net> for more information on using premail with nym.alias.net.
If you need the very highest level of security, you should completely dissociate your identity from your pseudonym's reply block. Do this by forwarding your nym mail to a newsgroup rather than to your own E-mail address. Of course, retrieving messages from a newsgroup will be considerably more difficult than simply receiving mail, particularly as nym client software does not currently support newsgroups. Moreover, you may loose mail if you don't check for news often enough, as most news servers expire articles after a few days to a week.
If do you decide to forward your nym mail to a newsgroup, you should use alt.anonymous.messages, a group which exists precisely to carry reply messages to anonymous users. To set up a reply block pointing to this group, you must change the innermost portion of the reply block. Recall that one begins a standard reply block like this:
:: Anon-To: you@your.email.address Latent-Time: +0:00 Encrypt-Key: passphrase_a
A reply block that posts to usenet should start like this:
:: Anon-To: mail2news@anon.lcs.mit.edu Latent-Time: +0:00 Encrypt-Key: passphrase_a ## Subject: some sort of subject line is required Newsgroups: alt.anonymous.messages
[The ## marks tell remailers to paste headers into a mail message. The Newsgroups
and Subject headers are required for news postings.] The rest of the
procedure for creating the reply block is identical.
Note that while sending your mail to a newsgroup makes it virtually impossible to track you down from your reply block, you should keep in mind that news servers usually log which newsgroups and how many articles you read. Thus, someone with a pretty good idea of who you are may actually have an easier time tracking you down if you use alt.anonymous.messages than if you don't. Much depends on the particulars of the news server you use.
You can send mail to nym.alias.net through the same Type-1 remailers you use to create your reply blocks. However, a second, stronger, category of remailers known as Type-2 or mixmaster remailers ofters higher security. Type-2 remailers may be worth using, particularly if you have avoided trusting Type-1 remailers by pointing your reply block to a newsgroup. More information about mixmaster remailers is available from http://www.obscura.com/~loki/.
The mixmaster remailer <mix@anon.lcs.mit.edu> (short name ``lcs'') is on the same machine as nym.alias.net. You might want to add it to the end of your mixmaster chain when sending mail to nym.alias.net, as this should increase security without hurting reliability.
Note that the higher security mixmaster message format prevents Type-2 remailers from working in reply blocks.
Do not rely on this nym server to protect your identity. You should be relying far more heavily on the integrity of the remailers through which you chain your replies. The nym.alias.net service is provided in the hope that it will be useful, but the administrators can make no guarantees whatsoever that your identity will not be compromised.
That said, we will make a reasonable effort to keep the machine secure and to prevent your reply block from being compromised. However, your reply block, PGP key, and nym configuration information will all be backed up to tape in encrypted form, and could potentially be retrievable by the administrators even after you delete your account. The server also keeps (and backs up in encrypted form) two statistics about your nym: First it counts the amount of mail your alias has received in the current 24 hour period, so as to detect flooding attacks and alias loops with exponential message explosion (see the description of the -disable Nym-Command for more info). Second, the server stores the date of the last day on which you sent a PGP-signed message to <config@nym.alias.net> or <send@nym.alias.net>.
Nym.alias.net will not accept any mail messages larger than 1 Megabyte. In addition, your account will automatically be disabled if you send or receive more than about 10 Megabytes of mail in one day. Note, however, that this limit can be waived for individual aliases. If you wish to set up a middleman-style remailer, run an anonymous mailing list, or provide some other service to the community anonymously, you can contact <admin@nym.alias.net> pseudonymously to explain your intent and have the 10 Megabyte/day limit removed from your account.
In order to garbage-collect abandoned accounts or accounts with lost PGP keys, your nym will be deleted if you don't send any PGP-signed mail to <config@nym.alias.net> or <send@nym.alias.net> for a period of 120 days. You should receive several warning messages before this happens, however, as long as your reply-block is still valid. It is probably a good idea to update your reply-block every few months anyway, and simply doing this will guarantee that your nym never expires.
Nym.alias.net is the same machine as anon.lcs.mit.edu. Keep this in mind when choosing which remailers to chain through. (Using mix@anon.lcs.mit.edu as your last hop for mail to nym.alias.net is probably a good idea if and only if you you also chain through one more hop than you would otherwise have felt comfortable with.)
If you believe you have found a bug in the server software (and you definitely may have), please send anonymous, pseudonymous, or regular E-mail to <admin@nym.alias.net> reporting the problem. When reporting a bug, include as detailed an account of the problem as possible. In addition, if the bug involves configuration requests or outgoing messages, please include in your bug report the entire PGP cyphertext of a <config@nym.alias.net> or <send@nym.alias.net> message demonstrating the bug.
Investigating bugs often involves debugging server software with the particular message that caused the problem. Therefore, if you submit a bug report from your real E-mail address rather than from a pseudonym, you should create a new throw-away nym on which to demonstrate the problem. Otherwise you may reveal your pseudonym to the administrators of nym.alias.net.
pgp -seat message config@nym.alias.net -u "nym key ID"
This should produce a message with the first line:
-----BEGIN PGP MESSAGE-----
If instead you run pgp -eat ..., followed by pgp -sat ..., you will get something like this:
-----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP MESSAGE----- Version: 2.6.2 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA
The nym server cannot decode such configuration messages. They will be bounced.
pgp -seat
and sent to <config@nym.alias.net>. (You don't need to supply Public-Key or Nym-Commands section, as these
will already have been processed in your initial message.)
Config: From: yournym Reply-Block: :: Anon-To: remailer@utopia.hacktic.nl Latent-Time: +0:00 Encrypt-Key: passphrase_b :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6.2 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw== =Bla3 -----END PGP MESSAGE----- **
See the next section for ideas on what may have gone wrong with your reply block.
:: Encrypted: PGP
followed by a blank line before every PGP message in your reply block? Remailers won't decrypt PGP messages if the cyphertext is not preceeded by this.
Encrypt-Key: "multi word passphrase"
It might be safest not to use spaces in your conventional encryption keys, but to use another character for separating words.
Encrypt-Key: header to a remailer that does not support this functionality? Look for the ek property of remailers on http://www.cs.berkeley.edu/~raph/remailer-list.html.
Those remailers without that property will not be able to encrypt mail
using
pgp -c.
-----BEGIN PGP MESSAGE-----
lines are chopped off the beginning of the mail you receive.
-----BEGIN PGP MESSAGE----- lines as malformed message headers and discards them. To fix this, put a
blank line before every '**', '::' (except the first), and -----BEGIN PGP MESSAGE----- line as you are creating your reply block.
:: Anon-To: remailer@utopia.hacktic.nl :: Encrypted: PGP -----BEGIN PGP MESSAGE----- ...
There is exactly one blank line before the second '::', and exactly one
blank line before the -----BEGIN PGP MESSAGE-----.
If for some emergency reason you really need the administrators of nym.alias.net to do something to your account, you can send them a request if you clearsign it with your nym's PGP key.
Config:. Otherwise your message will be completely ignored.
When sending one or more reply-blocks to <config@nym.alias.net>, they must come at the end of the message after any Public-Key: or
Nym-Command: headers.