Necessity Still Breeds Ingenuity - Archive of SQUALL MAGAZINE 1992-2006

Netrogressive

West Mercia Police And The Anonymous Remailer

Squall 10, Summer 1995, pg. 39.

The benefits of the Internet as an alternative and impersonal form of communication have reached the boys in blue. An Independent article (13.5.95) discusses West Mercia Police Force as the first to go on-line.

The Web site (http://www.demon.co.uk/westmerc/index.html) has lots of facts and figures on crime in the region, a Policing Charter (of course!) and Operation Bumblebee. What caught my attention, however, was the facility to e-mail tip-offs to the Rozzas anonymously!

Chris Gale, who set up the Web site said: “When we receive the mail, it will appear to have come from someone whose e-mail address is just ‘unknown’.”

Using an Anonymous Remailer in Finland, e-mail can be sent to any address with the true identity of the sender removed. The procedure is fairly complicated but, in a nutshell, after initially e-mailing the remailer (daemon@anon.penet.fi), the user receives an anonymous user name and sets up a password. From then on, each time the user wishes to send “anony-mail”, he or she sends it via this system.

‘How safe is this method? Is it really guarantied to protect the sender’s identity? Well, the short answer is no. After e-mailing the Remailer for general information on security issues it states: “Short of having everyone run a public-key cryptosystem such as ‘PGP* (encrypting or coding software), there is no way to protect ‘users from malicious administrators. You have to trust my personal integrity.” This system has been running for a year and seems well-used.

Concern amongst would-be grasses, or anyone wishing to communicate anonymously, may be less about the administrator and more about eavesdropping hackers or police forces tapping in.

There are two problems. If the Remailer service is raided, the true identities of users are at risk. Clever users/hackers can mimic the anonymous user identities and fool e-mail recipients who believe the mail they have received to be authentic.

The bottom line appears to be that if your message is really confidential, and may cost you your freedom or life, either use encryption software or use a homing pigeon!

PGP = Pretty Good Privacy - a fairly popular encryption program, although ILLEGAL in the UK!