Remailers: Send Emails without Registration
From Whonix
Introduction[edit]
An anonymous remailer is: [1]:
... a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. There are Cypherpunk anonymous remailers [archive], Mixmaster anonymous remailers [archive], and nym servers [archive], among others, which differ in how they work, in the policies they adopt, and in the type of attack on anonymity of e-mail they can (or are intended to) resist.
In Whonix-Workstation ™, remailers can be used over Tor. The goal is access to a cheap tool that can send messages without registration, rather than offering more anonymity for (web) messages than Tor can provide.
In theory, remailers are high latency networks that should provide more security than using low latency networks like Tor in isolation; see Anonymity Network for further details. However, the unfortunate reality is there are no known high latency networks which meet the following criteria at the time of writing (2019):
- Development: active development is indicated by regular:
- developer commits addressing bugs, maintenance and design improvements
- press releases and blog posts
- forum/mailing list activity
- Infrastructure: users have reliable access to multiple servers.
- User Base: a significant population regularly utilizes remailers for (pseudo)-anonymous messages.
In practice, the dearth of users and servers means it is safest to assume that remailers provide little to no additional anonymity. Whonix developers would welcome a rebirth of high latency networks and an active, sizable user/developer community, but this is an unlikely outcome in the near-medium term.
Remailer Tips[edit]
Table: Remailer Recommendations
Domain | Recommendation |
---|---|
Message Encryption |
|
Remailer Chain |
|
Remailer Software/Interface |
|
Remailer Test |
|
Remailer Attacks[edit]
If remailers are not careful, various attacks are possible when attempts are made to send mail/messages.
Table: Remailer Threats [3]
Threat | Description |
---|---|
Adversary Threat Model |
|
Man-in-the-Middle Attack |
|
Reordering |
|
Replay Attack | |
Size and Distinguishability |
|
Trivial Attacks |
|
Mixmaster: Tor Remailer[edit]
This option is now deprecated. Mixmaster is dead upstream and has been permanently removed from Debian [archive].
Mixmaster remailers do several things: [3]
- They send a message to another e-mail address or post it to a news group.
- They accept encrypted messages with instructions for processing hidden inside the encrypted envelope.
- They strip all mail headers.
- They add new headers such as subject lines.
- They remove some information from the end of the message.
- They encrypt part of a message using a key specified in the message.
Interested readers are still free to peruse the Mixmaster documentation. Historical tests with this software were successful -- when utilizing one remailer, mail/messages took between 10-120 minutes before arriving in the recipient's inbox.
Third Party Web Interface[edit]
As noted earlier, Tor Browser can be paired with a third party web interface. However, this configuration is less secure and should be used with care because the server administrator is capable of snooping on cleartext as it is typed or pasted.
Mixmaster[edit]
- German Privacy Foundation (awxcnx) email
- German Privacy Foundation (awxcnx) usenet [archive]
- Webmixmaster paranoici (clearnet SSL) [archive]
- W3- Anonymous Remailer (clearnet) [archive]
Note: The Cotse.net clearnet SSL [archive] mixmaster public usenet interface has been taken offline due to repeated abuse by botnets. It is now only possible to pay for a subscription to the service.
Unknown[edit]
- Anonymouse (clearnet, German website) [archive]
- send-email.org (clearnet) [archive]
- NGZ-Server.de (clearnet, SSL) [archive]
Cypherpunk Remailer[edit]
Note: Readers are welcome to correct any inaccuracies in this section.
The Wikipedia Cypherpunk anonymous remailer [archive] article and list of Cypherpunk remailer services [archive] suggests these services utilize Mixmaster. Online, associated help files [8] also explain that it is safer to use Mixmaster, since Cypherpunk remailers just provide an email based interface.
Since the full list of type I and type II remailer servers [9] reveals that most type I (Cypherpunk) are also type II (Mixmaster) servers, it does not appear necessary to learn and document how Cypherpunk remailers work. In fact, it does not appear to be an actual alternative, since Cypherpunk remailers cannot be used if Mixmaster is non-functional for some reason. This option would also defeat the purpose of this wiki entry (sending mail without registration), since it still requires a mail provider.
Footnotes / References[edit]
- ↑ https://en.wikipedia.org/wiki/Anonymous_remailer [archive]
- ↑ Those who believe remailer chains will improve anonymity are free to disregard this advice and create a path length of their choosing.
- ↑ 3.0 3.1 https://mason.gmu.edu/~afinn/html/tele/components/anonymous_remailers.htm [archive]
- ↑ This can be averted by exchanging public keys in person and on disk, downloading public keys over a secure website, or using a digital signature certificate from a qualified company.
- ↑ Or experience network outages.
- ↑ By including a random ID number for each hop.
- ↑ Tracing a message forward requires an adversary to capture the message and then send many copies to the first remailer. When multiple, identical messages emerge from the remailer and move to the next hop, the 'bump' in remailer traffic reveals the route it took.
- ↑ Broken link: http://www.cypherpunks.to/remailers/help.txt [archive]
- ↑ https://remailer.paranoici.org/rlist2.html [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Want to get involved with Whonix ™? Check out our Contribute page.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.