As we’ve discussed in previous articles, anonymity is crucial in protecting the right of free speech. However, when email is sent, it is usually neither private nor anonymous. Almost anyone can read it and discover the sender’s identity. This article takes a look at anonymous emailing and the tools that can make this happen.
Using Email Remailers
Remailers are a typical way to send untraceable email. Remailers include services which receive the email from the sender, remove all original email headers, along with the information about the sender’s location and IP address. The email is then sent to the intended recipient.
A single remailer does not know the identity of sender, recipient, or message content, but this isn’t perfect. A high level of anonymity can be reached by placing more than one remailer in a chain and sending the message in an encrypted form.
Types of Remailers
There are a number of different remailers, but here are the four main ones:
A pseudonymous remailer removes the sender’s email address and replaces it with a pseudonym. The message is then sent to the intended recipient.
Cypherpunk remailers are also referred to as “Type I” remailers. This means that a single message is forwarded between a number of different systems before it reaches its final destination. The message has its identity stripped at each stage along the way through the Cypherpunk’s private key. Type I remailers do not create a database of identities.
The Type I protocol has the user constructing a chain of remailers, encrypting a message in a separate layer for each remailer. Each remailer publishes a PGP public key that users may then use for an encryption layer.
Mixmaster remailers are “Type II” remailers. They are the next step in remailer evolution. These remailers assume that every network connection is monitored. To secure email, mixmaster remailers create specific mechanisms to avoid monitoring. Such protective mechanisms include reordering and message padding. As such, Type II remailers are more resistant to traffic analysis, unreliable nodes and other similar attacks than Type I remailers.
Mixminion remailers, or “Type III” protocol remailers, rely on a mix network architecture to offer users strong anonymity, preventing monitoring and other privacy compromises. Servers (mixes) in the network receive, decrypt, reorder and retransmit messages towards their final destination. Each email sent through this protocol passes through several mixes, ensuring that no single mix can retrace message senders with their recipients.
From the previous sections, it is obvious that different types of remailers offer very different levels of anonymity. It’s important to look closely at operational standards, intent, locations and reliability records. The following is a list of criteria to consider when selecting an appropriate remailer:
- Class – Options include: two way vs. one way; encrypted message content vs. cleartext only; mixmaster style or one hop forwarding.
- Location – Certain jurisdictions will allow easier seizure of equipment, data, or operating records, so geographical mapping is essential.
- History – Certain operators have a history of maintaining/administering their hardware and/or software better than others.
- Security – It’s important to pay attention to security configuration issues. Certain operating systems have much worse security histories than others, even when properly configured, maintained and administered.
- Operator – Who is the operator of the remailer? Is it someone who can be trusted? Is it someone reliable and responsible?
- Privacy and operating policies – These should be stated in a clear, understandable manner. They should also be meticulously observed by the operator. Keep in mind that legal recourse has almost never been taken against operators, software developers or operating system suppliers.
- Software – Some remailer software is used by many and live tested, while others are not. It’s important to take a look at the reputation of the remailer software selected.
Keep in mind the following points when using remailers:
- Use client-based remailers, since the encryption process takes place on the local computer, rather than a remote server.
- Use secure connections for web remailers. Ensure that your web browser has 128-bit SSL encryption and connect to web remailers that use connections with SSL encryption.
- Use PGP for Type I remailers – a simple and efficient way to increase privacy.
- Use chaining. The email message you send will enter the remailer network at some point, so the first remailer operator will always know the identity of the sender. This operator will be able to determine as much as revealed in the email headers, but if the message is chained to another remailer with that remailer’s key, the first remailer and anyone monitoring its traffic will be unable to read the message.
It’s easy to see how the remailer method can be inconvenient, not to mention often unreliable. Another method to sending anonymous email is an A4Proxy. This doesn’t rely on regular email software clients, such as Outlook or Eudora. The A4Proxy works only with web browsers or download managers, such as GetRight. This however, still allows users to send email without revealing their IP addresses, through web-based email services. When users connect to their email service through A4Proxy, their IP addresses are hidden and withheld from the emails they send.
When senders use A4Proxy, the browser transmits all requests to the service, which redirects them to anonymous proxy servers in the database, then returns the pages received to the sender’s browser.
This article takes a look at the technology that allows emails to be sent pseudonymously and anonymously through remailers. There are four main categories of remailers: 1) Pseudonymous remailers; 2) Cypherpunk remailers; 3) Mixmaster remailers; and 4) Mixminion remailers. The article examines some criteria for selecting an appropriate remailer, as well as some tips for increasing privacy when using remailers. Finally, the article introduces A4Proxy, an alternative technology to remailers for sending emails anonymously.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:
- Applications of anonymity tools – communication and publishing (III.E.c.iii.1.)