In this day and age, most people are exchanging the pen and paper for a computer with a word processing progamme. Nowadays, the alternative to sending messages via snail mail is the use of the Internet to send electronic mail. Sometimes people wish to remain anonymous when sending messages. This comes in handy for various reasons, whether for privacy protection, to avoid embarrassment of any sort, or to voice an opinion without fear of direct retaliation from another party. This is done through use of remailers, which, in essence, are machines that send the message on to the final party and remove any traces tracking it back to the sender. However, since the remailer does know the source of the message and its destination and content, anonymity may be compromised. So, unless two or more remailers are used, those nasty emails you write that annoyingly opinionated jerk on your favorite “Sopranos” message board could be linked back to you.

There are two sorts of anonymous remailers in widespread use. The first is the anon.penet.fi style, the second is the cypherpunk style. The anonymous remailer at anon.penet.fi is immensely popular, with over 160,000 users over its lifetime, and probably tens of thousands of messages per day. Its main advantage is that it’s so easy to use. The cypherpunks mailers, which provide much better security, are becoming more popular, however, as there is more awareness of them.

The user of the anon.penet.fi system first needs to get an anonymous id. This is done either by sending mail to somebody who already has one (for example, by replying to a post on Usenet), or sending mail to ping@anon.penet.fi. In either case, penet will mail back the new anon id, which looks like an123456@anon.penet.fi. If an123456 then sends mail to another user of the system, then this is what happens:

  1. The mail is transported to anon.penet.fi, which resides somewhere in the vicinity of Espoo, Finland.
  2. These steps are carried out by software running on anon.penet.fi. Penet first looks up the email address of the sender in its database, then replaces it with the numeric code. All other information about the sender is removed.
  3. Then, penet looks up the number of the recipient in the same database, and replaces it with the actual email address.
  4. Finally, it sends the mail to the actual email address of the recipient.

There are variations on this scheme, such as posting to Usenet (in which step 3 is eliminated), but that’s the basic idea.

Where anon.penet.fi uses a secret database to match anon id’s to actual email addresses, the cypherpunks anonymous remailers use cryptography to hide the actual identities. Let’s say I want to send email to a real email address, or post it to Usenet, but keep my identity completely hidden.

To send it through one anonymous remailer, this is what happens.

  1. I encrypt the message and the recipient’s address, using the public key of the anonymous remailer of my choice.
  2. I send the email to the anonymous remailer.
  3. When the anonymous remailer gets the mail, it decrypts it using its private key, revealing as plaintext the message and the recipient’s address.
  4. All information about the sender is removed.
  5. Finally, it sends it to the recipient’s email address.

If one trusts the anonymous remailer operator, this is good enough. However, the whole point of the cypherpunks anonymous remailers is that you don’t have to trust any one individual or system. So, people who want real security use a chain of anonymous remailers. If any one anonymous remailer on the “chain” is honest, then the privacy of the message is assured.

To use a chain of anonymous remailers, I first have to prepare the message, which is nestled within multiple layers of encryption, like a Russian matryoshka doll. Preparing such a message is tedious and error prone, so many people use an automated tool such as my premail package.

Anyway, after preparing the message, it is sent to the first anonymous remailer in the chain, which corresponds to the outermost layer of encryption. Each anonymous remailer strips off one layer of encryption and sends the message to the next, until it reaches the final anonymous remailer. At this point, only the innermost layer of encryption remains. This layer is stripped off, revealing the plaintext message and recipient for the first time. At this point, the message is sent to its actual recipient.

Anonymous remailers exist in many locations. A typical message might go through Canada, Holland, Berkeley, and Finland before ending up at its final location.

Aside from the difficulty of preparing all the encrypted messages, another drawback of the cypherpunk anonymous remailers is that they don’t easily allow responses to anonymous mail. All information about the sender is stripped away, including any kind of return address. However the new alias servers promise to change that. To use an alias server, one creates a new email address. Mail sent to this new address will be untraceably forwarded to one’s real address.

To set this up, one first encrypts one’s own email address with multiple layers of encryption. Then, using an encrypted channel, one sends the encrypted address to the alias server, along with the nickname that one would like. The alias server registers the encrypted address in the database. The alias server then handles reply mail in much the same way as anon.penet.fi, except that the mail is forwarded to the chain of anonymous remailers.

For maximum security, the user can arrange it so that, at each link in the chain, the anonymous remailer adds another layer of encryption to the message while removing one layer from the email address. When the user finally gets the email, it is encrypted in multiple layers. The matryoshka has to be opened one doll at a time until the plaintext message hidden inside is revealed.

One other point is that the anonymous remailers must be reliable in order for all this to work. This is especially true when a chain of anonymous remailers is used – if any one of the anonymous remailers is not working, then the message will be dropped. This is why I maintain a list of reliable anonymous remailers. By choosing reliable anonymous remailers to start with, there is a good chance the message will finally get there.

Alternative Guide

Here are the detailed steps required to create and send an anonymous email:

  1. Find and choose at least two functional and reliable remailers. Not all remailers are always online or functional, but it is possible to investigate the reliability of a remailer before using it.
  2. Get the public PGP (Pretty Good Privacy) keys of the remailers. This will allow the message to be encrypted for anonymity and privacy. It is important to know the public keys of both remailers. To do this, either the program PGP Home 9.0 or GnuPG (Gnu Privacy Guard) must be installed. They can be used to download the PGP keys for the remailers.
  3. Open Notepad. Any other plain text editor available will also work.
  4. On the first line type “::”.
  5. Enter “Anon-To:” followed by the recipient’s email address. Leave one line blank then begin typing the message.
  6. Save the file to the Desktop as “mail.txt.”
  7. On Windows, select ‘Run’ from the Start menu and type “cmd” and press Enter. On other platforms, open a command prompt.
  8. Use “cd” to go to your Desktop directory. This is what it looks like on windows, “cd c:Documents and SettingsmenonDesktop”.
  9. Type in “gpg-ea-r [last remailer address] remail.txt.”. Replace [last remailer address] with the email address of the last remailer in the chain. If two are being used, the last one is the second remailer’s address. For example, to send an anonymous email through remailer@aarg.net then through anon@paranoici.org, type in “gpg-ea-r anon@paranoici.org mail.txt”.
  10. Press Enter. GnuPG should ask for verification that the message is encrypted to an unverified key. Type “y” and Press Enter.
  11. Open the encrypted mail.txt file in Notepad. The file might be named “mail.txt.asc” or simply “mail.asc.” Type “::” in the first line and press Enter.
  12. Type “Anon-To:” followed by email address of the last remailer in the chain. The next to last remailer needs to send the message to the last remailer. This is the email address for which the message was encrypted.
  13. Leave one line blank, type in “::” and press Enter, then type Encrypted: PGP”. Be sure that there is another empty line before the encrypted message starts.
  14. Save the file as “mail.txt” again and overwrite the existing file.
  15. Go back on the command line and type “gpg-ea-r [next but last remailer address] mail.txt”. Replace this [next but last remailer address] with the email address of the next but last remailer in the chain.
  16. GnuPG should ask for verification that the message is encrypted to an unverified key. Type “y” and press Enter. This should overwrite the existing “mail.asc” file. Open the file again and enter “::” at the top, followed, in the next line, by “Encrypted: PGP”, and leave one line blank, again, before the message starts.
  17. Press CTRL-A (or ALT-A depending on the platform) to select the entire text, then CTRL-C or ALT-C to copy.
  18. Create a new message in the email service and address it to the first remailer in the chain. Then paste the text in the message and send.

Following these instructions should send the message to the remailers before it reaches the recipient of the message, without tracing it back to the sender.

Current Anonymous Remailers

One anonymous remailer of note is the W3 Anonymous Remailer provided by the George Mason Society and the Global Internet Liberty Campaign.

To see a comprehensive list on anonymous remailers, point your web browser tohttp://anon.efga.org/Remailers.

To find out about the Cypherpunks anonymous email server and client, visit Anonymous.to remailers tutorial