[Mailman-Users] Re: [Mailman-Developers] adding anonymity features?

[Norbert Bollow]

> ps. I am an NGO activist in Indonesia, where the possible advantageous usage
> of this feature might be huge among many NGO/non-governmental/non-commercial
> group that exist.

Yanuar,
  if the intention is to have some protection from government
institutions, unscrupulous corporations or extremist religious
groups that might want to trace messages back to the sender -
that is difficult to achieve with an email-based system unless
everyone who participates in the discussion is technically
skilled enough to understand what they're doing when using a
chain of anonymous remailers.

Otherwise you have a big risk that the "anonymity features" give
a false feeling of security, nothing more.  As a very simple
example, your message which I received via the list had this
revealing Received: header.

Received: from gsb031.halls.umist.ac.uk ([130.88.169.31] helo=yanuar)
	by deluge.umist.ac.uk with smtp (Exim 3.22 #1)
	id 159leV-00074L-00; Tue, 12 Jun 2001 11:44:03 +0100

It would not be too difficult to trace the message back to you
with this information even if Mailman had removed your email
address from the From: header.

Of course you can have the mailing list server strip Received:
headers, but then you also have to worry about maillogs,
bounces, etc. etc.

It would be much easier to achieve truly anonymous exchange of
messages via a web-based system. Make sure that the webserver
does not log the IP numbers of incoming HTTP requests, and tell
everyone to connect to the webserver only via a service like
http://www.inetprivacy.com/a4proxy/ and you should be relatively
safe.

Greetings, Norbert.

-- 
Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59     Fax +41 1 972 20 69      nb at freedevelopers.net