Stegdetect 0.4 released and results from USENET search available

Bill Stewart bill.stewart at
Fri Dec 28 17:47:29 EST 2001

At 01:59 PM 12/28/2001 -0800, David Honig wrote:
>A.A.M + PGP = covert radio transmitter which sends coded messages.  Obviously
>interesting, so you direction-find to defeat the anonymity.

And Perry replied:
>[Moderator's note: And how would you possibly do that? --Perry]

Back in the old days, it was easy - Usenet messages carried a
bang-path route to the original sender.  You could forge parts of it
easily enough, as the Kremvax hoax demonstrated,
but the only real untraceability was because there were lots of
pre-Honey-Danber UUCP sites which would accept incoming messages
from unknown senders.  These days, most of them are gone -
you're really depending on how long sites keep logfiles.

[Moderator's note: That's not the point. You can post without any
authentication via many web sites, or over the net via accounts you
can get with little or no identification in a dozen countries, which
you can log in to anonymously from web cafes, airport kiosks,
etc. around the world. If you decide not to be found, you won't be
found. --Perry]

Reader anonymity depends a lot on how many people actually read A.A.M,
and on how many sites keep NNTP logs - it probably a lot fewer readers
than the largest binary porn spam groups, but a lot also depends on
how many small ISPs around the world still spool their own news
rather than buying access from news services.  It's certainly harder
to trace than senders.

So tracing a single transmission may be hard, but tracing an ongoing pattern
is easier, unless there's a trusted Usenet site in some
country where you don't have jurisdiction problems.
That means that A.A.M + PGP is fine for an occasional
"Attack at Dawn" message, but not necessarily for routine traffic.

So it helps to add an extra step - posting the anonymous message
through a web2news gateway through an anonymizer,
or a mail2news gateway from a webmail account from a cybercafe,
or mail2news through an open relay somewhere in the world
(since open relays are usually people who haven't bothered
configuring their mail systems, and are less likely to keep logs
unless that's the default, plus you can spread your messages
among lots of different relays.)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list