Pseudonymous remailer


A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers, it assigns its users a user name, and it keeps a database of instructions on how to return messages to the real user. These instructions usually involve the anonymous remailer network itself, thus protecting the true identity of the user.
Primordial pseudonymous remailers once recorded enough information to trace the identity of the real user, making it possible for someone to obtain the identity of the real user through legal or illegal means. This form of pseudonymous remailer is no longer common.
David Chaum wrote an article in 1981 that described many of the features present in modern pseudonymous remailers.
The Penet remailer, which lasted from 1993 to 1996, was a popular pseudonymous remailer.

Contemporary nym servers

A nym server is a server that provides an untraceable e-mail address, such that neither the nym server operator nor the operators of the remailers involved can discover which nym corresponds to which real identity.
To set up a nym, you create a PGP keypair and submit it to the nym server, along with instructions to anonymous remailers on how to send a message to your real address. The nym server returns a confirmation through this reply block. You then send a message to the address in the confirmation.
To send a message through the nym server so that the From address is the nym, you add a few headers, sign the message with your nym key, encrypt it with the nym server key, and send the message to the nym server, probably routed through some anonymous remailers. When the nym server gets the message, it decrypts the message and sends it on to the intended recipient, with the From: address being your nym.
When the nym server gets a message addressed to the nym, it appends it to the nym's reply block and sends it to the first remailer in the chain, which sends it to the next and so on until it reaches your real address. It is considered good practice to include instructions to encrypt it on the way, so that someone doing in/out traffic analysis on the nym server cannot easily match the message received by you to the one sent by the nym server.
Existing "multi-use reply block" nym servers were shown to be susceptible to passive traffic analysis with one month's worth of incoming spam in a paper by Bram Cohen, Len Sassaman, and Nick Mathewson.