A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers, it assigns its users a user name, and it keeps a database of instructions on how to return messages to the real user. These instructions usually involve the anonymous remailer network itself, thus protecting the true identity of the user.
Primordial pseudonymous remailers once recorded enough information to trace the identity of the real user, making it possible for someone to obtain the identity of the real user through legal or illegal means. This form of pseudonymous remailer is no longer common.
The Penet remailer, which lasted from 1993 to 1996, was a popular pseudonymous remailer.
Contemporary nym servers
A nym server (short for "pseudonym server") is a server that provides an untraceable e-mail address, such that neither the nym server operator nor the operators of the remailers involved can discover which nym corresponds to which real identity.
To set up a nym, you create a PGP keypair and submit it to the nym server, along with instructions (called a reply block) to anonymous remailers (such as Cypherpunk or Mixmaster) on how to send a message to your real address. The nym server returns a confirmation through this reply block. You then send a message to the address in the confirmation.
To send a message through the nym server so that the From address is the nym, you add a few headers, sign the message with your nym key, encrypt it with the nym server key, and send the message to the nym server, probably routed through some anonymous remailers. When the nym server gets the message, it decrypts the message and sends it on to the intended recipient, with the From: address being your nym.
When the nym server gets a message addressed to the nym, it appends it to the nym's reply block and sends it to the first remailer in the chain, which sends it to the next and so on until it reaches your real address. It is considered good practice to include instructions to encrypt it on the way, so that someone (or some organization) doing in/out traffic analysis on the nym server cannot easily match the message received by you to the one sent by the nym server.
Existing "multi-use reply block" nym servers were shown to be susceptible to passive traffic analysis with one month's worth of incoming spam (based on 2005 figures) in a paper by Bram Cohen, Len Sassaman, and Nick Mathewson.
- Data privacy
- Penet remailer
- Traffic analysis
- Chaum, David (February 1981). "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms" (PDF). Communications of the ACM. 24 (2). doi:10.1145/358549.358563.
- See The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval Len Sassaman and Bram Cohen and Nick Mathewson (November 2005). Sabrina De Capitani di Vimercati and Roger Dingledine (ed.). "The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval" (PDF). Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2005). ACM Press. doi:10.1145/1102199.1102201. Retrieved 2008-06-06.
- Bruce Schneier. Email Security. ISBN 0-471-05318-X.
- Bacard, Andre. Computer Privacy Handbook. ISBN 1-56609-171-3.