[Mailman-Users] Re: [Mailman-Developers] adding anonymity features?

Norbert Bollow nb at thinkcoach.com
Tue Jun 12 16:04:13 CEST 2001

> ps. I am an NGO activist in Indonesia, where the possible advantageous usage
> of this feature might be huge among many NGO/non-governmental/non-commercial
> group that exist.

  if the intention is to have some protection from government
institutions, unscrupulous corporations or extremist religious
groups that might want to trace messages back to the sender -
that is difficult to achieve with an email-based system unless
everyone who participates in the discussion is technically
skilled enough to understand what they're doing when using a
chain of anonymous remailers.

Otherwise you have a big risk that the "anonymity features" give
a false feeling of security, nothing more.  As a very simple
example, your message which I received via the list had this
revealing Received: header.

Received: from gsb031.halls.umist.ac.uk ([] helo=yanuar)
	by deluge.umist.ac.uk with smtp (Exim 3.22 #1)
	id 159leV-00074L-00; Tue, 12 Jun 2001 11:44:03 +0100

It would not be too difficult to trace the message back to you
with this information even if Mailman had removed your email
address from the From: header.

Of course you can have the mailing list server strip Received:
headers, but then you also have to worry about maillogs,
bounces, etc. etc.

It would be much easier to achieve truly anonymous exchange of
messages via a web-based system. Make sure that the webserver
does not log the IP numbers of incoming HTTP requests, and tell
everyone to connect to the webserver only via a service like
http://www.inetprivacy.com/a4proxy/ and you should be relatively

Greetings, Norbert.

Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59     Fax +41 1 972 20 69      nb at freedevelopers.net

More information about the Mailman-Users mailing list