Anonymously Yours -- How to Launder Your E-mail

You don't have to wait for cryptography to secure complete anonymity on the Net. All you need is the address of a remailer. You say you don't want to be identified?
In Orson Scott Card's classic sci-fi thriller Ender's Game, two key characters participate in a futuristic version of Usenet political discussion groups, posting messages of such pith and powerful reasoning that they sway the collective thought process of an entire planet. But none of the readers of the compelling electronic missives written by "Demosthenes" and "Locke" know the authors' true identities: They have used technology to obscure the electronic trail by which the messages travel. So no one knows that the two most influential writers in that society are a brother and sister - ages 12 and 10, respectively. Can you send messages and post to the far reaches of the Net today with the same assurance of anonymity? Breakthroughs in modern cryptography indicate that one day it will be universal and simple, but some people have decided not to wait. They are a small, semi-organized band of cypherpunks and privacy freaks who are the keepers of the far fringe of anonymity: They are the people who run "remailers." A remailer is a free service allowing you to send an electronic message without the otherwise mandatory return address. Thus you can "launder" an e-mail letter by detouring it through a remailer before it reaches its ultimate destination. When your posting arrives, the recipient will have no idea where it comes from - and it will be impossible to find out. Basically, remailers work the way you think they might. You send a message to a remailer. The operator automatically strips off the telltale header from the message and passes along only the content. Doesn't that require you to invest a lot of trust in the remailer operator? Sure, too much - if you use only one remailer. But there's a remedy. Seekers of anonymity don't rely on a single service, but commonly use special remailer-chaining software to shoot a message through a series of remailers - often hitting some remailers more than once. Only the first remailer sees the real return address. You don't have to trust that first operator - your ultimate secrets will be safe if the second operator is trustworthy. Or the third. Or fourth. Only conspiracy theorists will believe the scenario that all remailer operators are turncoats. (Some experimenters have bounced a message through a hundred remailers!). Worried about the first guy reading the message and linking it to you? There's a fix for that. Using a public-key cryptography program like Phil Zimmermann's Pretty Good Privacy (see "Crypto Rebels," Wired 1.2, p.54), the chaining technique can also reasonably assure the sender that nobody in the remailer system has the ability to read the message until it is so deep into the system that its origins have long been obscured. This is done by encrypting the message with the public key of the final remailer on the chain. In that case, the message can only be read by the operator of that remailer (who has the specific private key that will decipher the message) - and none of the operators at earlier stops can read the mail. You can get even tighter security by putting that final message in another public-key-encrypted package, to be deciphered by the penultimate remailer who gets the message. And so on, envelopes within envelopes, until the message's privacy is virtually assured. "It's like getting a tape of microphone hiss," says Eric Hughes, founder of the Cypherpunk mailing list, describing what earlier remailer operators can see of an encrypted message. There are currently about twenty remailers operating, but they come and go, especially since many network providers have problems accommodating them. Anonymity is scary stuff. Quite reasonably, administrators worry about terrorists claiming credit for bombings or kidnappers posting random notes (the very reason the National Security Agency gives to justify its Clipper Chip standard - see "Don't Worry, Be Happy," page 92). Even in their experimental infancy, remailers have had an effect on Net culture. On one hand, there's been an outburst of harassing or simply idiotic flames that have no return headers. On the other hand, there's now a way for victims of sexual crimes or whistle-blowers to send mail and messages with the assurance of privacy. At this point, however, probably the most important role that remailers play is to launch a necessary dialogue on the issue of anonymity in a digital society. What are the benefits and the risks? Even if we don't want it, can we stop it? For more information on remailers, including a current list, you can download information from the ftp archive at soda.berkeley.edu. Use them wisely.