[Mailman-Users] Re: [Mailman-Developers] adding anonymity features?
nb at thinkcoach.com
Tue Jun 12 16:04:13 CEST 2001
> ps. I am an NGO activist in Indonesia, where the possible advantageous usage
> of this feature might be huge among many NGO/non-governmental/non-commercial
> group that exist.
if the intention is to have some protection from government
institutions, unscrupulous corporations or extremist religious
groups that might want to trace messages back to the sender -
that is difficult to achieve with an email-based system unless
everyone who participates in the discussion is technically
skilled enough to understand what they're doing when using a
chain of anonymous remailers.
Otherwise you have a big risk that the "anonymity features" give
a false feeling of security, nothing more. As a very simple
example, your message which I received via the list had this
revealing Received: header.
Received: from gsb031.halls.umist.ac.uk ([220.127.116.11] helo=yanuar)
by deluge.umist.ac.uk with smtp (Exim 3.22 #1)
id 159leV-00074L-00; Tue, 12 Jun 2001 11:44:03 +0100
It would not be too difficult to trace the message back to you
with this information even if Mailman had removed your email
address from the From: header.
Of course you can have the mailing list server strip Received:
headers, but then you also have to worry about maillogs,
bounces, etc. etc.
It would be much easier to achieve truly anonymous exchange of
messages via a web-based system. Make sure that the webserver
does not log the IP numbers of incoming HTTP requests, and tell
everyone to connect to the webserver only via a service like
http://www.inetprivacy.com/a4proxy/ and you should be relatively
Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb at freedevelopers.net
More information about the Mailman-Users