Archive-name: net-anonymity/part1 Last-modified: 1994/5/9 Version: 1.0 (c) Copyright 1994 L. Detweiler. Not for commercial use except by permission from author, otherwise may be freely copied. Not to be altered. Please credit if quoted. ANONYMITY on the INTERNET ========================= Compiled by L. Detweiler . Anonymizing ----------- <1.1> What are some known anonymous remailing and posting sites? <1.2> What are the responsibilities associated with anonymity? <1.3> How do I `kill' anonymous postings? <1.4> How is anonymous `whistleblowing' being explored? <1.5> Why is anonymity such a problem? <1.6> What is the history behind anonymous servers? History ------- <2.1> What happened with the Kleinpaste anonymous server? <2.2> What happened with the Clunie anonymous server? <2.3> What happened with the Helsingius server (hiatus, shutdown)? <2.4> What is the ``Helsingius-Kleinpaste Conflict''? <2.5> What did the (in)famous Helsingius user an8785 do (pre-Depew)? <2.6> What happened between (in)famous user an8785 and R. Depew? <2.7> What was the Depew-ARMM Censorship Incident? <2.8> What was the Second Depew-ARMM Fiasco? <2.9> What was Richard Depew's inspiration for ARMM? * * * ANONYMIZING =========== _____ <1.1> What are some known anonymous remailing and posting sites? Currently the most stable of anonymous remailing and posting sites is anon.penet.fi operated by julf@penet.fi for several months, who has system adminstrator privileges and owns the equipment. Including anonymized mail, Usenet posting, and return addresses (no encryption). Send mail to help@anon.penet.fi for information. Hal Finney has contributed an instruction manual for the cypherpunk remailers on the ftp site soda.berkeley.edu (128.32.149.19): pub/cypherpunks/hal's.instructions. See also scripts.tar.Z (UNIX scripts to aid remailer use) and anonmail.arj (MSDOS batch files to aid remailer use). Standard cypherpunk remailers allow unlimited chaining by including `::' characters in the message to denote nested headers. The intermediate host strips this from the message body and uses fields (particularly the to: destination) in the new message header. See the Finney manual for more information. ebrandt@jarthur.claremont.edu ----------------------------- Anonymized mail. Request information from above address. elee7h5@rosebud.ee.uh.edu ------------------------- Experimental anonymous remailer run Karl Barrus , with encryption to the server. Request information from that address. hal@alumni.caltech.edu ---------------------- Experimental remailer with encryption to server and return addresses. Request information from above address. hh@soda.berkeley.edu hh@cicada.berkeley.edu hh@pmantis.berkeley.edu ---------------------- Experimental remailer. Include header `Request-Remailing-To'. nowhere@bsu-cs.bsu.edu ---------------------- Experimental remailer allowing indefinite levels of chaining. Run by Chael Hall. Request information from above address. phantom@mead.u.washington.edu ----------------------------- Experimental remailer with encryption to server. `finger' site address for information. Notes ===== - Cypherpunk remailers tend to be unstable because they are often running without site administrator knowledge. Liability issues are wholly unresolved. Generally don't support return addresses. - So far, all encryption is based on public-key cryptography and PGP software (see the question on cryptography). - Encryption aspects (message text, destination address, replies) vary between sites. - Multiple chaining, alias unlinking, and address encryption are mostly untested, problematic, or unsupported at this time. _____ <1.2> What are the responsibilities associated with anonymity? Users ----- - Use anonymity only if you have to. Frivolous uses weaken the seriousness and usefulness of the capability for others. - Do not use anonymity to provoke, harass, or threaten others. - Do not hide behind anonymity to evade established conventions on Usenet, such as posting binary pictures to regular newsgroups. - If posting large files, be attentive to bandwidth considerations. Remember, simply sending the posting to the service increases network traffic. - Avoid posting anonymously to the regular hierarchy of Usenet; this is the mostly likely place to alienate readers. The `alt' hierarchy is preferred. - Give as much information as possible in the posting (i.e. references, etc.) Remember that content is the only means for readers to judge the truth of the message, and that any inaccuracies will tend to discredit the entire message and even future ones under the same handle. - Be careful not to include information that will reveal your identity or enable someone to deduce it. Test the system by sending anonymized mail to yourself. - Be aware of the policies of the anonymous site and respect them. Be prepared to forfeit your anonymity if you abuse the privilege. Be careful that you can trust the system operator. - Be considerate and respectful of other's objections to anonymity. - ``Hit-and-run'' anonymity should be used with utmost reservation. Use services that provide anonymous return addresses instead. - Be courteous to the system operator, who may have invested large amounts of time, be personally risking his account, or dedicating his hardware, all for your convenience. Operators --------- - Document thoroughly acceptable and unacceptable uses in an introductory file that is sent to new users. Have a coherent and consistent policy and stick to it. State clearly what logging and monitoring is occurring. Describe your background, interest, and security measures. Will the general approach be totalitarian or lassaiz-faire? - Formulate a plan for problematic ethical situations and anticipate potentially intense moral quandaries and dilemmas. What if a user is blackmailing someone through your service? What if a user posts suicidal messages through your service? Remember, your users trust you and use your service to protect their identities. - In the site introductory note, give clear examples of situations where you will take action and what these actions will be (e.g. warn the user, limit anonymity to email or posting only, revoke the account, 'out' the user, contact local administrator, etc.) - Describe exactly the limitations of the software and hardware. Address the bandwidth limitations of your site. Report candidly and thoroughly all bugs that have occurred. Work closely with users to isolate and fix bugs. Address all bugs noted below under ``(in)stability of anonymity''. - Document the stability of the site---how long has it been running? What compromises have occured? Why are you running it? What is your commitment to it? - Include a disclaimer in outgoing mail and messages. Include an address for complaints, ideally appended to every outgoing item. Consult a lawyer about your liability. - Be committed to the long-term stability of the site. Be prepared to deal with complaints and `hate mail' addressed to you. If you do not own the hardware the system runs on or are not the system adminstrator, consult those who do and are. - Be considerate of providing anonymity to various groups. If possible, query group readers. - Keep a uniformity and simplicity of style in outgoing message format that can be screened effectively by kill files. Ensure the key text `Anon' is somewhere in every header. - Take precautions to ensure the security of the server from physical and network-based attacks and infiltrations. Readers ------- - Do not complain, attack, or discredit a poster for the sole reason that he is posting anonymously, make blanket condemnations that equate anonymity with cowardice and criminality, or assail anonymous traffic in general for mostly neutral reasons (e.g. its volume is heavy or increasing). - React to the anonymous information unemotionally. Abusive posters will be encouraged further if they get irrationally irate responses. Sometimes the most effective response is silence. - Notify operators if very severe abuses occur, such as piracy, harassment, extortion, etc. - Do not complain about postings being inappropriate because they offend you personally. - Use kill files to screen anonymous postings if you object to the idea of anonymity itself. - Avoid the temptation to proclaim that all anonymous postings should be barred from particular groups because no `possible' or `conceivable' need exists. References ---------- See e.g. ftp.eff.org:/pub/academic/anonymity: > This article is an excerpt from an issue of FIDONEWS on individual > privacy and the use of handles. It accepts the need of a system > operator to know the name of a user; but suggests that the use of > a handle is analogous to a request to withhold the name in a > letter to the editor. The article concludes with a set of > guidelines for preserving the right to be anonymous. _____ <1.3> How do I `kill' anonymous postings? James Thomas Green : > Try putting this in your kill file: > > /Anon/h:j > /Anonymous/h:j > > This will search the headers of the messages and kill any that > contain `Anon' or `Anonymous' in them. Not perfect and won't > kill followups. Note that anonymous server operators have the capability to mask anonymous postings under which the above method will not work; so far this practice is not widespread, but it may become more common as a countermeasure to widespread anonymous filtering. _____ <1.4> How is anonymous `whistleblowing' being explored? Recently the idea of a newsgroup devoted to `whistleblowing' or exposing government and commercial abuses has received wide and focused attention, and group formation is currently underway. In the basic scenario the group would allow people to post pseudonymously using remailers, and even establish reputations based on their authentifiable digital signatures. The traffic may eventually reach reporters in the mainstream news media. deltorto@aol.com has volunteered to attack multiple aspects of this project, including distributing easy-to-read documentation on posting, anonymization, and encryption. A visible trend in the government initiated by the Clinton administration is encouraging many aspects of an `electronic democracy' or `modemocracy'. See ``White House lets you turn on your PC, tune in to politics,'' March 18 1993 New York Times. _____ <1.5> Why is anonymity such a problem? Anonymity so far has tended to further polarize existing distinctions in existing Usenet traffic. For example, serious uses such as sexual abuse counseling in newsgroups have increased. One psychotherapist reportedly objected to restrictions on anonymity because he was in the process of exploring it as a theurapeutic tool for his patients, and criticized people seeking restrictions on its availability. Many previously obscure aspects of Usenet and the internet have come under sharp scrutiny with the introduction of new capabilities for anonymity. Harrassment & Censorship ------------------------ Frivolous and harassing cases have increased with the introduction of widespread and accessable anonymity. Usenet readers seem to become most agitated and enraged when people use these services to post messages aimed at insulting or offending specifically the members of groups where they are posted. For example, a poster might describe ways of attacking cats on the cat-lovers group. (note however that these messages appeared long before the services through forging, but the servers tend to make it easier and almost encourage it). These instances tend to live on in the memories of the readers long after the original poster has been silenced from complaints (either simply leaving or being censored by local administrators in response to negative email). In this way, the services are particularly attractive to `sociopaths'. Perhaps somewhat unexpectedly, the most vocal public opposition is against anonymous posting, and anonymous remailing has generally avoided much controversy to date. Foreign Sites ------------- Although every global anonymous posting site to date has come under extremely severe fire from hordes of network administrators, i.e. enough to shut them down (semi-) permanently, still the longest running one (anon.penet.fi, located in Finland) is foreign, a situation which D. Clunie notes as particularly ironic in that foreign countries appear to be embracing a medium for freedom of speech more enthusiastically than and contrary to the general conservatism and opposition at U.S. sites. Another oft-noted irony (or to some, hypocrisy) arises with people who complain about news posters and anonymous sites, who generally prefer to do so `behind the scenes'; i.e. anonymously. In fact, the death of major sites (e.g. the Clunie and Helsingius servers) has left the operators concealing the identities of their attackers. Intrinsic Popularity -------------------- The existence and popularity of anonymous servers suggest they are filling a definite vacuum. Future news software may incorporate some of their mechanisms for untraceability. In fact, the proliferation of these servers can be interpreted as a remedying a deficiency in news software to easily post anonymous messages. The idea of routing messages to an intermediate, distant host simply to remove identifying headers and preserve anonymity, under fragile trust of the site operator, is clearly awkward, unwieldy, and unnecessary. That such tortuous paths are taken regularly by many users and maintained by dedicated and conscientious operators, despite enormous costs, chores, and headaches, suggests that the demand is strong, persistent, and permanent---a definite `need'. U.S. Taboos ----------- The anonymous server software itself can be run anywhere, but apparently extremely few system operators have the latitude to run anonymous services from their connection providers, and the atmosphere arising from U.S. agency policies and actions may be generally hostile to these services. These restrictions are generally somewhat informal and concealed, and fall mostly in the form ``if a lot of people complain then you aren't allowed to do it.'' The Internet started as a research network and the tension between 'serious' scientific aims and informal ones has raged endlessly since its inception. A global patchwork of network jurisdictions tends to favor both sides. Pressure can be applied to local sites that generally are weak in opposition to admonishments. On the other hand, messages can reach a given destination over a wide variety of paths where only one is necessary. Authentication Trends --------------------- However, the trend in some news software development has moved toward increasing user validation, suggesting a fundamental disparity in evolved designer and user expectations. In fact, Usenet reader and news administrator opinions have been consistently divided on the issue with those in the former category largely in favor of the services and unlimited use, while those in the latter often demanding limited availability or gradual, formal approaches to introduction (newsgroup readers vote on acceptance). New proposals to facilitate the use distinctions of `serious, authenticated articles' and `informal, unverifiable posts' have emerged, and future Usenet software may integrate these complementary uses more harmoniously by differentiating them more explicitly. _____ <1.6> What is the history behind anonymous servers? The functions of anonymous posting vs. anonymous remailing are closely intertwined but on the Internet followed independent lines of historical development. Anonymous mailing has always been intrinsic to the internet SMTP mechanisms (Simple Mail Transfer Protocol). Formalized anonymous remailer functions, including encryption mechanisms, apparently originate with the Cypherpunk group started in mid-1992. The function of anonymous remailers has been compared to a device called the `cheesebox' that was invented during the Prohibition era in the U.S. Phil Karn writes: ``The `cheesebox' was a popular means to thwart telephone call tracing. It connected two lines in the back of an uninvolved business. It was the conceptual predecessor of today's anonymous email remailer.'' Originally anonymous posting/reply services (also called Anonymous Contact Service, ACS), were introduced for individual, particularly volatile newsgroups, where anonymity is almost the preferred method of communication, such as talk.abortion and alt.sex.bondage. One of the first was one by Dave Mack started in ~1988 for alt.sex.bondage. Another early one was wizvax.methuen.ma.us run by Stephanie Gilgut (Gilgut Enterprises) but was disbanded due to lack of funds. The system provided anonymous return addresses. n7kbt.rain.com (John Opalko) took up the functions of this server, including reinstating the anonymous alias file. The group ``alt.personals has been chewing through servers like there's no tomorrow.'' (K. Kleinpaste) With the introduction of the Clunie and Helsingius servers, the complementary functions of remailing and posting were unified into single servers. The idea of pseudonymous posting (the capability for not just one-way communication but responses and two-way dialog) carried naturally over to email. The history of anonymous servers on the internet is strewn with characters and casualties, particularly with the unprecedented globally-serving type, which are revolutionary in some aspects and merely evolutionary (or even stationary) in others. Subsequent questions address specific aspects of the history of this type of anonymous server. HISTORY ======= _____ <2.1> What happened with the Kleinpaste anonymous server? Spurred by the disappearance of `wizvax' and interested in researching the idea, Karl Kleinpaste developed his own system from scratch in six hours. By this time the idea of extending the server to new, more `mainstream' groups was starting to emerge, and he explored the possibility partly at the specific request by multiple users for anonymity in other groups. ``The intended advantage of my system was specifically to allow multiple group support, with a single anon identifier across all. This was arguably the single biggest deficiency of previous anon systems.'' K. Kleinpaste posted a message on rec.nude asking users whether an anonymous service would be welcome there, and judged a consensus against it. K. Kleinpaste introduced what he calls a ``fire extinguisher'' to `squelch' or `plonk' abusive users in response to complaints, and used this in three cases. Nevertheless, after a few months of intense traffic he was eventually overwhelmed by the abuses of his server. ``Even as restricted as it was, my system was subjected to abuses to the point where it was ordered dismantled by the facilities staff here. Such abuses started right after it was created.'' K. Kleinpaste reestablished his server in ~April 1993 with a very large usage policy forbidding many uses. Mr. Kleinpaste frequently refers to `abusers' publicly and his guidelines for their removal or exposure. Thanks to Carl Kleinpaste for contributions here. _____ <2.2> What happened with the Clunie anonymous server? An innovative anonymous posting system with sophisticated functionality was set up in Oct. 1992 by D. Clunie that used PGP software for public-key cryptography in both directions (to/from) the server to achieve the highest degree of confidentiality seen so far. However, a major complaint originating from an unidentified but critical U.S. site (presumably one involved in the link) in ~Jan 1993 led to an ultimatum to D. Clunie, forcing him to shut down operation after only a few months. The letter alluded to a heavy volume of traffic associated with the anonymous server, potentially dominating the limited available communications bandwidth, and elevating its expense beyond the justifiable (the half circuit cost of the link is reportedly over $1 million per year). The pax.tpa.com.au site is based in Australia and the bandwidth of the AARNet Internet link for the entire continent at the time of the server operation was 500 megabits/sec, roughly half the capacity of local area network Ethernet connections. Nevertheless Mr. Clunie states that the ``small load on the server never approached `dominating the bandwidth','' branding that point of the complaint ``largely theoretical and unsupported by any statistics.'' A part of the letter is as follows (Mr. Clunie quotes the letter anonymously): > They allow people all over the internet to send mail through a > filter that replaces the user's real address with an anonymous > address on their machine. This results in additional traffic > (mail going from the US, to Australia, and back to the us, and > one more time around for replies) on the Pacific link which is > congested, and it's not clear what legitimate use an anonymous > mail forwarding facility would have. In other words, it loads up > the link, and hides people's identities so they can't be > responsible for what they say. Not the best situation to have. Commenting on the letter, D. Clunie wrote ``I can't complain about the traffic issue, though I take exception to the criticism of anonymous mail forwarding. I was not in a position to argue ... as my feed site was threatened with disconnection if the service was not terminated.'' Mr. Clunie later released his software into the public domain, and comments on the Helsingius server: Thanks to David Clunie for contributions here. _____ <2.3> What happened with the Helsingius server (hiatus, shutdown)? In ~Nov 1992, Johan Helsingius (julf@penet.FI) set up the most controversial anonymous site to date. anon.penet.fi is based on scripts and C code written by K. Kleinpaste and supports anonymized mail, posting, and return addresses. He initially wanted to confine the service to Scandinavian users but expanded it to worldwide accessability in response to 'lots' of international requests. Mr. Helsingius comments: > Due to the lawsuit-intensive climate in the US, many anonymous > services have been short-lived. By setting up anon.penet.fi in > Finland, I hoped to create a more stable service. J. Helsingius policy of allowing anonymous posting to every Usenet newsgroup has been met with strong and serious ideological opposition (e.g. by news adminstrators in news.admin.policy). Because of the relative newness and recent emergence of the medium, abuses by anonymous posters tend to have higher visibility than ``routine'' abuses. His total commitment to preservation of anonymity is also controversial. Despite piercingly irate and outraged complaints, and even the vocal opposition and verbal abuse of K. Kleinpaste and eminent news operators, J. Helsingius has largely avoided use of the ``fire extingisher'' and the ``group bouncer'' mechanisms that limit the scope of the service. As of ~March 1993 the anon.penet.fi site is best described as `inundated': it has registered over 13,000 users in its initial three months of operation, forwards ~3000 messages a day, and approximately 5% of all Usenet postings are anonymized through the site. The immense popularity is probably largely due to the capability for `global' anonymity which has allowed users to find creative uses in diverse areas not previously envisioned. Based on fast-moving dialogue and creative suggestions by members of the `cypherpunks' group, J. Helsingius has identified many security weaknesses and valuable new features for the service, and is currently in the process of code development and testing. He is planning on upgrading the IBM compatible 386 machine to a 486 soon to handle the voluminous load and is considering integrating a new system with very sophisticated functionality, including multiple email aliases, alias allocation control, public-key encryption, etc. Week-long Hiatus ---------------- Johan Helsingius was subject to extraordinary pressure to dismantle his server in ~Feb 1993. At one point K. Kleinpaste threatened publicly to organize a sort of vigilante group of irate news operators to send out revocation commands on all messages originating from the site. > I think I'm feeling especially rude and impolite. If it's good > for Johan, it's good for me. After all, he didn't ask the > greater Usenet whether universal anon access was a good idea; he > just did it. ... Yes, I'm a seriously rude pain in the ass now, > and I think I'll arm the Usenet Death Penalty, slightly modified, > not for strategic whole-site attack, but tactical assault, just > "an[0-9]*@anon.penet.fi" destruction. Only outside alt.*, too, > let's say. > > There are 2 newsadmins ready to arm the UDP. They've asked for my > code. I haven't sent it yet. Only one site would be necessary to > bring anon.penet.fi to a screeching halt. Anyone can implement > the UDP on their own, if they care to. Politeness and good sense > prevents them from doing so. I wonder how long before one form of > impoliteness brings on another form. J. Helsingius has also alluded to receiving threats of flooding the server. The server has crashed several times, at least once due to a saturation `mailbombing' through it by an anonymous user. Mr. Helsingius reports spending up to 5 hours per day answering email requests alone associated with the service's administration. In response to the serious threats such as that above he disabled global group access temporarily for one week and encouraged his users to defend the service publicly. But he has generally eschewed public debate on Usenet in general, preferring that his users publicize and defend it; and news.admin.policy in particular, stating that he considers it predominantly representative of the biased interests of news administrators interested in `centralized control'. Global Shutdown --------------- At the end of March 1993 Mr. Helsingius posted a solemn note on several newsgroups announcing the dismantling of anonymous posting service from his site (while retaining remailing features), stating that ``a very well-known and extremely highly regarded net personality managed to contact exactly the right people to create a situation where it is politically impossible for me to continue running the service.'' He also blamed a ``miniscule minority'' of ``immature and thoughtless individuals (mainly users from U.S. universities),'' for ``abuse of the network'' that ``caused much aggravation and negative feelings toward the service.'' He noted that at the time of shutdown the service was forwarding 3500 messages per day on the average from many thousands of users, with postings to 576 newsgroups, receiving complaints involving postings from 57 individuals. (anon.penet.fi statistics on number of actual users are controversial because of the site's `double-blind' system that automatically anonymizes replies to anonymous messages, possibly inflating the statistics with irregular or uncommitted users.) Mr. Helsingius voiced apologies to ``users on the network who have suffered from the abusive misuse of the server'' and the ``whole net community'' for ``keeping a far too low profile on the network, preferring to deal with the abuse cases privately instead of making strong public statements,'' regretting the lack of a ``publicly visible display of policy with regards to the abuse cases.'' At the same time, he noted that ``I am deeply concerned by the fact that the strongest opposition to the service... came from network administrators.'' Shortly after posting his public apology and shutdown notice Mr. Helsingius reported receiving over 350 messages of ``overwhelming support'' in favor of resuming the service and 6 against which have ``vastly improved my chances of resuming full operation''. Currently he has resumed service to a subset of newsgroups. He expressed his desire to re-establish the full service with sophisticated new features, commended efforts by other operators to start their own servers but warned of the policy of some to who ``feel the best way to deal with abusers is to expose them to the net'' in spite of his own stance that ``public stocks belong to the middle ages.'' Prominent system operator Jon Noring claimed to have traded email with the ``well-known and highly regarded net personality'' Mr. Helsingius cited as paramount in creating a politically hostile situation to the server. Mr. Noring posted some edited excerpts from `somebody': > Despite what you may have heard, I did not play a "major" role -- > I sent one mail message to Julf urging him to shut the service > down. I did what any other person with knowledge of the net > might do, too -- I cc'd the administrator of his service > provider. The shutdown occurred because of some interaction > between Julf and the admins -- probably aided by mail from other > objectors. I played no active role in the events. > > I am drowning in a backlog of work, so I can't go into all the > details here, nor am I particularly interested in entering into a > long debate -- the bandwidth is too low and my time is too > constrained. I do not believe we have the appropriate technology > to make an anonymous service work on the net. Furthermore, I > remain completely unconvinced that there is a legitimate need, > nor is the level of maturity in the user population sufficiently > level where it can be effectively used. It may only be a small > percentage of people who cause the problems, but that is true of > nearly everything in history. > > I am a firm believer in privacy, but that is not the same thing as > anonymity. Anonymity can be used to violate another's privacy. > For instance, in recent years, I have had harassing anonymous > notes and phone calls threatening XXX beause of things I have > said on the net... I have seen neighbors and friends come under > great suspicion and hardship because of anonymous notes claiming > they used drugs or abused children. I have seen too many > historical accounts of witch-hunts, secret tribunals, and pogroms > -- all based on anonymous accusations. I am in favor of > defeating the reasons people need anonymity, not giving the > wrong-doers another mechanism to use to harass others. > > ... any such service is a case of willingness to sacrifice some > amount of privacy of the recipients to support the privacy of the > posters. You will not find the recipients of anonymous mail > being the supporters of such a proposal. If the only people who > would support the idea are those who might use it, is it proper? The identity of `somebody' has never been publicly revealed to date due to the anonymity preserved by Noring, Helsingius, and others. Thanks to Johan Helsingius for contributions here. _____ <2.4> What is the ``Helsingius-Kleinpaste Conflict''? K. Kleinpaste and J. Helsingius were involved in a private and public schism based on their views of anonymous servers and the proper role of the operator in management an in many ways is illustrative of the underlying roots of controversy on the issue. J. Helsingius was generally in favor of no content-based restrictions on the server. K. Kleinpaste shut down his server because of strong revulsion at some of these uses. Mr. Helsingius increased his control over the server partly in response to highly-publicized `abuses' and uproar among administrators. Mr. Helsingius continues his strong commitment to preserving anonymity in all cases (once hinting in introductory material he would do so even in the face of a legal warrant), whereas Mr. Kleinpaste has expressed interest in publicly exposing users he identifies as abusers. The pair differ in their views on the proper role of the site administrator's responsibilities toward other site administrators, with Mr. Helsingius favoring a low-profile policy, minimal `official' publicity, and independence from other operators interested in imposing `centralized control'. Mr. Kleinpaste in contrast favors official announcements of server operations, publicity of offenses, and compromise on scope and function among the community consensus of news operators. The overall issue essentially addresses the role of the anonymous server operator and degree of control s/he should exercise, with Mr. Helsingius in favor of virtually no restrictions and minimal operator intervention, and Mr. Kleinpaste in favor of a wide variety of restrictions and penalties, perhaps developed with deference to consensus, but ultimately chosen and administered under the personal judgement of the site operator. The issue was historically intensified by Mr. Helsingius' modifications of Mr. Kleinpaste's software. The conflict is also to a large degree analogous to views on Usenet operation, with some in favor of an anarchic, free, decentralized system and others in favor of more regulated mechanisms to ensure `accountability' and penalize `abuse'. Karl_Kleinpaste@cs.cmu.edu (Karl Kleinpaste): > Funny, how beating the rest of the Usenet over the head with a > stick is OK if it's anon.penet.fi and universal anon access. But > somehow people on the other side of the same equation (not even > arguing to shut it off entirely, but rather just to have some > control applied to the abuses that manifest themselves) aren't > allowed to do that. > > Why is it that everybody else has to put up with the impoliteness > and insensitivity of the misuse of anon.penet.fi? Whose > definitions of "polite" and "sense" apply, and why? Why is > universal anon access considered to be within the realm of this > fuzzy concept of "politeness" in the first place? > > I think Johan has long since crossed the line into being a rude > bastard, and I told him so in private mail a little while ago. > > At this point, I deeply regret [a] having created an anonymous > system supporting >1 newsgroup and [b] having given the code to > Johan. I didn't copyright it, but I thought that some concept of > politeness and good sense might follow it to new > homes. Interesting that Johan's ideas of politeness and good > sense seem to have nearly no interesection with mine. I could > even cope with universal anon access _if_ Johan would be willing > to engage in abuse control, but somehow that seems to be outside > the range of reality... julf@penet.fi (Johan Helsingius): > There is no way for me to convey how sad and upset your message > made me. I do, to some extent, understand your feelings, but it > still feels really bad. Running the server requires getting used > to a lot of flames, but mindlessly abusive hate mail is so much > easier to deal with than something like this, as I do respect and > value your views and opinions to a high degree. No, I'm not > asking for sympathy, I just wanted you to know that I am really > giving your views quite a lot of weight. > > When I asked for the software, I was actually only going to > provide the service to scandinavian users. But a lot of people > requested that I keep the service open to the international > community. I now realize that I ought to have contacted you at > that point to ask how you feel about me using your stuff in such > a context. Again, I really want to apologise. And I will replace > the remaining few pieces of code thet still stem from your > system. Unfortunately there is no way to remove the ideas and > structure I got from you. > > Again, I am really sorry that the results of your work ended up > being used in a way that you don't approve of. And I will be > giving a lot of hard thought to the possibility of shutting down > the server alltogether. Outside of obvious enmity the debate has largely resulted in compromises on both sides, with Helsingius refining his initial universal-group and `hands off' policies and Kleinpaste re-establishing a server with documented procedures admitting and warning of subjectivity in the policy and potential consequences. _____ <2.5> What did the (in)famous Helsingius user an8785 do (pre-Depew)? In a highly controversial and publicized case in ~Feb 1993, the anonymous user `an8785' posted a supposed transcript of desperate crew dialogue during the Challenger shuttle disaster via anon.penet.fi to sci.astro. Despite that the transcript had been posted in the same place up to a year earlier (then non-anonymously) and actually originated not with the poster but a New York news tabloid, subsequent responses consisted largely of vociferous outrage at the poster's use of anonymity, reverberating through many newsgroups. One responder, who also posted anonymously through anon.penet.fi, claimed to be closely related to family members of the deceased astronauts, and quite shocked and devastated by the posting, although the responder's identity cannot be confirmed and the statement could have been invented by an8785's enemies to embarrass and humiliate an8785. The original poster, under the same anonymous handle, later conceded that the story ``seemed likely to have been fabricated,'' suggesting the plausible possibility that the original intent was not to provoke outrage but gauge reactions on the authenticity of the story (albeit crudely), free of personal risk from perceived association with the item. The ensuing commotion generated queries for the original article by late-entering readers. The anonymous user later posted deliberately offensive comments at his detractors, saying they were the kind that "couldn't see the humor in childhood leukemia" and should "get a life---get 7! ha ha!" (Thanks to an8785@anon.penet.fi for contributions here.) _____ <2.6> What happened between (in)famous user an8785 and R. Depew? an8785 posted the address of the supervisor of site operator R. Depew, inviting Usenet readers to register complaints in response to the latter's threat (later carried out) to issue commands to globally cancel anonymous messages on Usenet. Reaction was very hyper and divided as some commended an8785 for a `strictly factual post', others calling the posting a blatant example of anonymous cowardice, some suggesting that an8785's actions were directly analogous to the heated calls to pressure site operators of abusers pursued earlier by anonymity foes (as e.g. by Depew), others claiming the situation was wholly dissimilar, with still others remarking on the irony that Depew would be protected by anonymity, suggesting its prime use is the protection from accusations from other anonymous users, and finally R. Depew asserting that an8785's actions were illegal harrassment under U.S. laws and fanatically but unsuccessfully attempting to pry the secret of the individual's identity from J. Helsingius. In a somewhat bizarre coincidence and convergence of many historical elements, Mr. Depew at one point accused J. Helsingius, ``someone who would have a motive to cause me as much trouble as possible,'' of being an8785: > You (and most USENET readers) > > have seen the cowardly postings by "an8785" calling on readers to > contact the chairman of my department and the director of > computer services at my institution by mail or phone to complain > about me. > > You may also have seen (though it was easy to miss) a weak apology > from this same user, who, despite the apology, has refused to > cancel these deeply offensive postings which remain scattered > about in who-knows-how-many newsgroups. > > You have also seen a few posters challenge "an8785" to reveal his > identity. This person has *some* sense of honor... else he would > not have posted his weak apology... but his sense of > self-preservation clearly overrides his sense of honor. > > You may also have seen other posters calling upon Julf, > admin@anon.penet.fi to reveal the identity of this cowardly > anonymous poster. Has he complied? Of course not. Is he even > willing to show his face in this newsgroup to explain why? Of > course not. > > I have a strong suspicion as to the identity of "an8785". Someone > who would have a motive to cause me as much trouble as possible. > > Someone who would *know* that Julf would never reveal his > identity. J'accuse Johan Helsingius, aka "Ze Julf", of being none > other than the despicable "an8785". > > If Johan remains silent, my case is closed. > > The only evidence to the contrary that I will accept will be the > true identity of "an8785" > > Julf - I challange you to prove my accusation against you is false. In commenting on the posting Felix Gallo wrote ``Such brilliance has never before crossed the path of Usenet.'' Mr. Depew was not simply attempting to provoke a revelation from Julf by false accusations, but by genuine suspicion and conviction, as evidenced by a later post: > Fellow net-citizens. My "J'accuse" postings must have struck a > raw nerve. I present to you the following attempt to blackmail > me. > > Carefully note the time-frame that is mentioned. Anyone who has > used the anon-server knows that there is a long delay in relaying > messages if they go back-and-forth. The only way 10 minutes > could be possible were if it were a one-way trip. Who is the > only person for whom a one-way trip is possible? Mr. Helsingius disabled the an8785 account after the Depew address posting but continued to keep the identity secret. To this date the exact identity of an8785 is still a mystery with Mr. Helsingius preserving anonymity. See also the ``Depew ARMM'' questions. _____ <2.7> What was the Depew-ARMM Censorship Incident? In mid-March 1993 the news adminstrator Dick Depew, who had been writing disapproving notes on global anonymity on news.admin.policy specifically attacking Johann Helsingius' policy, announced that he had invented software dubbed ARMM, standing for Automatic Retroactive Minimal Moderation. As originally envisioned and designed, the program was to send out `cancel' messages targeting anonymous posts. Mr. Depew as a news administrator had the capability of sending `cancel' commands using mechanisms not available to regular Usenet users. Responding to Dave Hayes' and others' objections, Mr. Depew wrote: > I am testing a shell script to carry out "Automated Retroactive > Minimal Moderation" in response to Julf's (and your) suggestion > that the only way to control anonymous posting to groups that > don't want it is through moderation. It cancels articles posted > from anon.penet.fi. I've tested it on recycled postings with a > "local" distribution and it works nicely. I propose to arm > "ARMM" with an unrestricted distribution for the "sci" hierarchy > this weekend if Julf doesn't accept the proposed compromise or a > reasonable alternative by then. > > The best time to put out a fire is while it is still small. :-) One-time anonymous server operator D. Clunie voiced some of the most vehement and vocal opposition to carrying out the plan: > I really think you are getting carried away with a non-issue here, > and inflamming the situation is going to make you extremely > unpopular ... > > I think I will probably just turn off response to cancel messages > totally if you go ahead with this scheme, and I encourage other > news administrators to do the same ... they were a bad kludge in > the first place and still are. It seems to me they are rarely > used for other than controversial purposes like you are proposing > (I don't like other people's postings so I won't let anyone else > read them). Richard Depew : > Controversial, sure, but my reason for activating the Automated > Retroactive Minimal Moderation script, if Julf remains unwilling > to accept any compromise, is simply to demonstrate that the > status quo with regards to anonymous postings from a particular > site *can* be effectively enforced. > > You may not like my "Automated Retroactive Minimal Moderation" > script, but you must at least admit that it is simply an > automated version of moderation - a well-accepted practice in > newsgroups that want to keep an acceptable signal/noise ratio. > > There shouldn't be much controversy over this, but there will be > anyhow. :-) D. Clunie : > There should be and there will be ... you are way out of line here > Richard, regardless of how many smileys you tack on the end of > your message. Richard Depew : > No. It is Julf who is way out of line here... and has been for > four months, now. He has finally met someone who has gotten fed > up with his silly game, and is willing to call his bluff. Under the Depew scheme message cancellations were to be accompanied by a letter to the anonymous target containing Mr. Depew's views on the controversy of anonymous posting and justifications for his unilateral measure, with the overall effect of ``restoring the pre-Julf status quo.'' (This measure apparently was in response to objections from administrators that the cancelling scheme was concealed from the posters.) In the message Mr. Depew writes further: ``Rest assured that there is nothing personal in this. I have not read your postings, and I have no reason to believe that they were out of line in any way other than being anonymous.'' > Julf has not accepted the principle of compromise on the issue of > the default setting for his server for technical newsgroups. > Thus, ARMM, the "Automated Retroactive Minimal Moderation" > script, has been activated ... > > I apologize in advance for any inconvenience this may cause you. > My argument is with Julf and is about the default setting for > entire hierarchies; it is not with you or your particular > postings. After Mr. Depew started the program it proceeded to cancel two Usenet messages originating from the anon.penet.fi server. After Mr. Depew activated it, and in response to his threats, the controversial an8785 behind the Challenger story posted Mr. Depew's address of employment and the name and phone number of his supervisor (obtained from unidentified sources) and called for people to complain of his assault. While the previous outcry on news.admin.policy over anon.penet.fi policy was enough to enlarge traffic in the group many times, the first `Depew episode' triggered phenomenal outcry, condemnation, and character `assassination' against Mr. Depew in hundreds of messages, by many who had been `lurking' in the previous debate but, while doubtful of the true value of anon.penet.fi, were uniform and unequivocal in their intolerance for Mr. Depew's actions, frequently referred to as inherently destructive to the spirit of Usenet, and equivalent to `censorship' or `terrorism' via illegitimate (`forged') cancel commands. Many news operators expressed the intent to adjust their software to ignore any such directives. Mr. Depew objected to references of his intent or effect of `censorship' and sent email to posters stating that the subject ``RICHARD DEPEW imposes automated CENSORSHIP on the Net'' was libelous and asked them to cancel their articles. ``My "civil disobedience" had nothing to do with censorship. You have simply fallen for the lie of an anonymous slanderer.'' Some apologists such as J. Maynard defended Mr. Depew's actions and maintained that his approach was not unacceptable considering the circumstances and that the fault lay in inadequate `testing'. Catherine Anne Foulston wrote ``It's a form of vandalism, perhaps sabotage, and it's obnoxious, but it is not censorship.'' Nevertheless under the firestorm of outrage Mr. Depew withdrew the program after a very short time (less than several hours). Thanks to Richard Depew for contributions here. _____ <2.8> What was the Second Depew-ARMM Fiasco? Eerily and pathetically close to a date of April 1 1993 Mr. Depew employed a revised version of the ARMM program intended to kill and repost anonymous messages with reformatted headers and a notice ``Automated Retroactive Minimal Moderation (tm) by ARMM5. Press 'n' to skip.'' replacing the beginning of the message. Many news operators expressed grave concerns over this new scheme, and criticized him scathingly for breaking promises of leaving the overall concept alone. Mr. Depew decided to run the program only on his own postings to demonstrate its utility and harmlessness. After invoking the ARMM 2 version, however, the program quickly became trapped in an infinite loop of `readjusting' already-tampered messages, creating a new message to the news.admin.policy group every time. The barrage exploded to about 180 messages over a period of a few hours before Depew was contacted over the phone by some news administrators and he halted the program. Subject headers in each message grew after each iteration to the point that late messages in the thread tended to crash some newsreaders and possibly even some servers. Some readers compared the effect to the Morris Internet Worm incident although the scale (while global) was far less. In commemoration of the momentous event, perhaps best summarized as `painfully hilarious', Joel Furr wrote an entry for a future encyclopedia of Usenet history and hacker culture: > :ARMM: n. A USENET posting robot created by Dick Depew of Munroe > Falls, Ohio. Originally intended to serve as a means of > controlling posts through anon servers (see also {anon > servers}). Transformed by programming ineptitude into a monster > of Frankenstein proportions, it broke loose on the night of March > 31, 1993 and proceeded to spam news.admin.policy with something > on the order of 200 messages in which it attempted, and failed, > to cancel its own messages. This produced a recursive chain of > messages each of which tacked on: > > * another "ARMM:" onto the subject line > * a meaningless "supersedes" header line > * another character in the message id (producing message ids > several lines long) > * a ^L > > This produced a flood of messages in which each header took up > several screens and each message id got longer and longer and > longer and each subject line started wrapping around five or six > times. ARMM was accused of crashing at least one mail system > and inspired widespread resentment among those who pay for each > message they have downloaded. Included for posterity are a few sentiments from an involved analysis of the problem by Richard E. Depew : > You have undoubtedly noticed the flood of ARMM posts that I caused > last night. > > I offer my deepest apologies for this flood. I messed up badly. I > made mistakes in both implementation and testing. That was truly > bone-headed implementation error! > > I seem to have a real talent for spectacular screw-ups! > > I agree, though, that my fate is richly deserved. The net loony > bin seems to be the safest place for me right now. > > Thanks for your understanding. It was an honest mistake. Francisco X DeJesus : > Yes, I noticed. Everyone on USENET noticed. Even some people who > never read news heard the laughter of those who do and noticed. > > This whole deal is one of those things that's so sad, it's funny. > Like the story you posted of the driver going to make a wrong > turn and giving you the finger... you are that driver, and we are > all trying to tell you you are heading in the wrong direction. > However, unlike the driver in your story, you never turn, going > the wrong way onto oncoming traffic instead. Well, at least the > crash made the evening news and everyone will know your name now. _____ <2.9> What was Richard Depew's inspiration for ARMM? Experts are sharply divided on the issue of the true inspiration for ARMM, perhaps stemming largely from Mr. Depew's own convoluted, contradictory, imaginative accounts of his motivations. Mr. Depew at first wrote of developing the software in direct response to J. Helsingius' server: > Julf's anonymous server seems to me to be contributing to the > erosion of civility and responsibility that have been the > hallmarks of the more traditional parts of USENET. More than > that, Julf has refused to even discuss a compromise to his > position that all hierarchies should be open, by default, to his > server. > > I think it *is* important to demonstrate that USENET *does* have a > defense against a self-styled cyberpunk who refuses to cooperate > with the rest of the net. Whether USENET can find the *will* to > oppose him remains an open question. I simply intend a brief > demonstration of one defense mechanism. Later however increasingly Mr. Depew's postings came to reveal a basic preoccupation and fascination with the ARMM concept in itself, irrespective of any supposed violations of `netiquette' on the part of J. Helsingius. For example, in one long and rambling message he built up an extended metaphor between the presence of anonymous servers on Usenet with pathogenic viruses and a laboratory biology experiment: > I went into the lab to look for an anti-pathogen that would > inhibit the growth of the pathogen. I found one -- the Usenet > Death Penalty. This was clearly dangerous stuff, so I tried to > attenuate it -- to improve its therapeutic index. > > The UDP was designed to totally eradicate postings from a given > site from all of USENET. I didn't want to do that -- I only > wanted to protect the part I valued most highly -- the brain. So > I attenuated the UDP so it would only affect the "sci" hierarchy. Apparently alluding to the initial ARMM operation and the ensuing uproar, Mr. Depew wrote: > The clinical trial was successful, at least in temporarily > eradicating the pathogen from the patient's brain, but the > patient unexpectedly suffered a severe allergic reaction, so I > halted the test out of compassion. Nevertheless he remained visibly enamored with the intrinsic idea of cancelling or `filtering' posts. In fact, no posting originating from him has *ever* expressed unequivocally abandoning the project. As time passed after the incident his postings became increasingly abstract and in one supplied an extended, abstruse metaphor representing his overall experience: > Friends, > > While driving to work through heavy fog, I became engaged in a > little incident that struck a chord of recognition. > > Apparently the driver of the auto in front of me didn't see the > sign, perhaps because the fog was so thick. He stopped at the > bottom of the off-ramp with his left indicator still blinking, > and with his vehicle angled to the left as if he were *really* > intent on making a left turn into two lanes of oncoming traffic > in thick fog. > > Worried that a serious accident might result from this mistake, I > pulled up close to his rear bumper and honked my horn at him, > twice, and activated my *right* turn indicator. > > The driver looked into his rear-view mirror and "gave me the > finger". > > However, he must have subsequently noticed either my turn-signal > or the "one-way" sign, because he activated his right signal and > made a right turn, safely. > > Why am I posting this incident to news.admin.policy? Gee, I don't > know... perhaps I confused this group with > rec.autos.driving. :-) Finally, to the morbid embarrassment of a noted early cyberspatial period historian, Mr. Depew eventually wrote: > I have received many inquiries into the inspiration for the > Automated Retroactive Minimal Moderation script (ARMM), usually > of the form: > > "How the #### did you ever come up with such a hair-brained(sic) > idea?". > > I may have answered curtly, but I was secretly flattered at the > idea of having hair on top, again. It certainly beats > bunny-droppings! > > For the long answer to this question, I refer you to the FAQ on > privacy and anonymity compiled by "L.". "L." has done a > commendable job of recording both sides of the debate, and you'll > hardly notice that he so alphabetically-challenged that he can't > remember how to spell his first name. It's probably because he > just cribs from the rest of us. > > Astonishingly, this document has recorded the writings of my > muses! * * * This is Part 1 of the Anonymity FAQ, obtained via anonymous FTP to rtfm.mit.edu:/pub/usenet/news.answers/net-anonymity/ or newsgroups alt.privacy, alt.answers, news.answers every 21 days. Written by L. Detweiler . All rights reserved.