Life After Penet

The Remailer is dead, long live the remailer

by Dave Mandl

Of the many tools in the online privacy activist's kit, anonymous remailers are arguably the most powerful. Remailers are remote mail drops that "anonymize" e-mail and other Internet postings by removing the sender's address from a message and then sending it on, making it possible for whistle-blowers, dissidents, and others requiring anonymity to avoid revealing their true identities.

Of the dozens of anonymous remailers in the world, none has been more widely used than Penet, the Finland-based server run by Johan (Julf) Helsingius. Penet has helped everyone from human rights activists fearing reprisals to people recovering from sexual abuse to people with straight jobs who want to discuss their erotic peccadillos in public forums. Whole Usenet newsgroups dealing with highly sensitive or politically charged issues virtually owe their existence to Penet. But on August 30, after three years of operation, Julf's remailer was shut down.

Penet's troubles began when an enemy of the Church of Scientology used it to disseminate copyrighted church documents anonymously. The notoriously litigious church pressed charges, and a Helsinki court, ruling that e-mail wasn't entitled to the same protection as, say, phone calls, ordered Julf to reveal the perpetrator's real name. Julf appealed the ruling, but fearing that if he lost the case he ultimately might be forced to compromise the identities of more users, he decided to close Penet until the legal situation becomes clearer.

How disastrous is the loss of Penet (which handled a whopping 8000 messages a day)? Are other remailers prepared to take up the slack? And most important, are Julf's problems a portent of the obstacles awaiting anyone whose remailer becomes too successful?

By the strict standards of the cypherpunks, a loosely knit affinity group of the Net's most radical and technoliterate privacy advocates, Penet's security was actually on the flimsy side. Its Achilles' heel was the file--just begging to be subpoenaed--that linked users' real names to their Penet pseudonyms. Cypherpunk-run remailers, on the other hand, generally leave no trace of the sender's true identity. In addition, cypherpunk remailers can be "chained"--messages can be routed through several far-flung remailers before reaching their final destination, making message tracing all but impossible, even for the remailer operators.

So why was Penet used more than all other remailers combined? For one thing, because it was so easy to use. Cypherpunk remailers tend to require a bit more technical skill, some even requiring users to be conversant with UNIX or install fairly sophisticated software on their own machines. Penet was also favored for its reliability and stability. Other remailers have come and gone, but the Penet computer was always up, and its latency (the delay between the time it received a message and re-sent it) was always reasonable.

Penet's downfall was due less to its imperfect security than to its success. Because of the ubiquitousness of the Penet header on files posted anonymously to mailing lists and newsgroups, Julf got more than his share of unwanted attention. For example, the London Observer, in a rabid scare piece on the (imagined) scourge of kiddie porn on the Net, recently accused him by name of being a "key link in the international pedophile chain."

Other critics have simply cited the ease with which anonymous remailers can be used to harass people, illegally distribute classified information, or spread bootlegged graphics or music. True enough--except that these same problems plague the phone system and the U.S. Postal Service, and there haven't been many proposals to close them down. The rights to free speech and anonymity that have long been upheld in traditional media still aren't taken for granted on the Net, though cases like Julf's are forcing courts to resolve these issues once and for all.

As for the ease-of-use problem, there are glimmers of hope. For example, Oakland-based Community ConneXion now offers a World Wide Web interface that makes sending anonymous e-mail, encrypted and chained through up to 10 remailers, effortless. And the freeware Windows program Private Idaho is a major step toward simple point-and-click remailing.

One solution to dealing with both unreliability and the increasingly frequent legal and governmental threats is for remailers to charge a modest fee. This would give them the freedom to devote more time to supporting and improving their systems, and it would allow them to build up the financial resources to fend off attacks--whereas now, being unpaid amateurs, they have no choice but to buckle under even mild pressure.

As with other threats to privacy and freedom of speech on the Net, the attacks on Penet and other remailers appear to be backfiring. The need to protect people's identities in cyberspace is accepted by all but a small minority of government, corporate, and religious figures, who now find themselves in the uncomfortable position of facing a very pissed-off group of freedom-loving techies with time on their hands. And electrons are notoriously hard to corral.

Anonymous remailer FAQ:
Community ConneXion:
Private Idaho:

[Previously published in The Village Voice, late '96]

Back to Dave Mandl's home page
Back to writings index