Date: Thu, 11 Sep 2003 11:45:03 -0500
From: Bob Alberti <alberti@xxxxxxxxxxxx>
Subject: RE: [IP] Identifying your posters
To: dave@xxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There are as many ways to create anonymous posts as there are ways to skin a
cat. If one is concerned about such things and not already maintaining
anonymous free e-mail accounts then one is truly negligent.
Asking a list admin to massage even a portion of the posts across a list is
not only inexcusably lazy, but reckless: if the list admin makes a mistake
your identity may be revealed.
And not only is it likely that our list admin has better things to do than
anonymize posts, but he is opening himself up to liability everytime he
agrees to modify someone else's post. Should he risk a lawsuit for damages
following an insufficiently-anonymized post that leads to a termination?
If the list admin wishes to provide an anonymous posting channel, I suggest
a simple web-based submission form, that does not collect identity, which he
could then review before deciding whether to post to the list. If the list
admin were confident that his form collected no identifying information then
he could be confident that his anonymizing would not fail. Non-expert
posters would have only his word that the form collected no identifying
information, but then that is the case on every form on the Web.
If a USER wishes to post anything anonymously anywhere on the web, then I
suggest they begin by finding a web cafe, since all posts can be
theoretically be traced back to you at your ISP. (In practice of course this
is unlikely, but then good paranoia does not yield to mere reason.) Once
you've got an anonymous access point selectred, search Google for phrases
such as "anonymous remailer" and "anonymous proxy" and you're on your way.
Bob Alberti, CISSP, President Sanction, Inc.
Phone: (612) 486-5000 ext 211 PO Box 583453
http://www.sanction.net Mpls, MN 55458-3453
Most security breaches are 'inside jobs': how secure are your HR files?
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBP2CmjMdfCzls9EBAEQIB3wCdEgxFGlt+1Io4ZeQfDvW4MqOt9MkAn0bN
DvSbEEUOPOJaAjlpaTlIZrHt
=zhQe
-----END PGP SIGNATURE-----