Nym creation and use for mere mortals

1.  INTRODUCTION

This document will help you manually establish and begin using a "nym" account. Joel McNamara's Windows program "Private Idaho," or "PI," automates the procedure. I've written this article for users who either can't or don't want to use PI. The manual method isn't really difficult and, I believe, helps to give you a good understanding of how remailers and nym servers work.

This is not a substitute for the official help file from the admin folks at nym.alias.net, which is available by sending blank email to <help@nym.alias.net>. Think of this article as a supplement. The official help file has been revised since I originally wrote this, and now contains just about everything you'd probably want to know. The newest version includes very clear and much-needed information on using newsgroups in reply blocks and posting follow-ups to newsgroup posts. My intent is not to replace or rewrite the official help file, but rather to explain things a little differently and (hopefully) simplify matters a bit.

2.  PREPARATION

There are a number of things you need to know and/or do before you establish a nym account:

  1. You need a working knowledge of "Pretty Good Privacy (PGP)." It must be installed and properly configured on your system. If you're not "PGP literate," stop now, learn it, then come back. PGP can be obtained from one of the following sites:
  2. You should have a basic knowledge of the "whys" of remailers and nyms. I'll give you some background, but this is more of a "how to" than a "why should I?" or "what is?"
  3. You'll establish your nym account on "nym.alias.net", which seems to be the fastest and most popular nym server.  These instructions, however, should also work for the "weasel.owl.de" nym server in Germany.
  4. You must choose a "nym" (pseudonym) for yourself. It must be one that isn't already being used by someone else. Get the most current list of nyms in use by sending email to <list@nym.alias.net> or by fingering the same address.
  5. Once you've chosen your nym you must create a new PGP key pair for it. The user ID of your new keys should be something like Your nym <yournym@nym.alias.net>. For example, if your chosen nym is "Bubba," your user ID should be Bubba <bubba@nym.alias.net>
  6. After creating your new key pair, extract the new public key to a text file using the pgp -kxa command. You'll have to send it to the nym server later, so get it ready to go first.
  7. Get the most current list of reliable remailers. When you establish your nym, you'll tell nym.alias.net which remailer(s) to use when sending your mail to you. You can change this information later if, for example, you experience problems with the remailer(s) you've chosen. Be aware, though, that the more remailers you use to send mail to or receive mail from the nym server, the more chance there is that one will be down and foul up the whole procedure.
  8. Get the PGP public keys for the remailers you want to use and for nym.alias.net. You can get those by following links on the web site mentioned above. Add them to your PGP pubring.
  9. Choose one or more "passphrases" for use during the procedure. They should be different from your PGP passphrase! When you create your request for a nym account, you'll use one of these passphrases for each remailer you want your return mail to come through. They'll be used by each remailer to add a layer of conventional encryption to the mail sent to you (ie, pgp -c).
  10. I strongly suggest that you use a DOS text editor or word processor when establishing and working with PGP and nyms. All your work must be in ASCII-text format. Many Windows word processors and email clients still add some proprietary formatting that screws things up. Word wrapping and carriage returns seem to be a common problem. Experimenting with your particular Windows program and PGP is the best way to determine if you have a problem or not.

3.  SOME BASIC BACKGROUND ON REMAILERS AND NYM SERVERS

  1. A remailer is simply that; it's a server that remails incoming email to another address. The addressee can be either the final destination or it can be another remailer. When you address your email to go through more than one remailer before it gets to the final destination, it's called "chaining." Remailers strip all identifying header information from your mail before remailing it. The more remailers in your "chain," the more difficult it is for someone to backtrack to you. Each remailer in the chain and the final recipient can only see that the email came from the previous remailer, usually with a return address like <anonymous@xxx.com> or <nobody@xxx.com>. It's up to you if you want to use only one remailer or chain more than one together.
  2. Unless you're suffering from terminal paranoia, most people will tell you that using more than two remailers is probably overkill. Further, it can drastically increase the amount of time it takes for the mail to get through to you. Using multiple remailers increases your security, but it also increases the potential for problems.
  3. A drawback to using only remailers is that recipients can't reply because they don't know who you are. That's usually not a problem for posts to newsgroups; people can simply post follow-up replies to the group. However, if you want someone to be able to reply directly to email you send anonymously, you should establish a nym account.
  4. A nym account is a free email "account" on the server at nym.alias.net. To establish your account, you send a specially formatted email to the server. This "creation request" message includes your PGP public key, a few passphrases the system can use for conventional encryption, and your "reply block." The reply block tells the server how to route mail back to you. Your creation request must be perfectly formatted; one misplaced period, one space too many somewhere, and your request will fail. You may receive an error message from the server, but you probably won't receive an explanation. This can be awfully difficult to troubleshoot, so be very careful and meticulous while formatting your creation request.
  5. Once you've established your account, the whole thing is simple. If you want to send an anonymous email or newsgroup post AND be able to receive a direct reply, use your nym account.
  6. Here's how the procedure works:

    NOTE: the last remailer you encrypt for is the one you send the email to! That remailer is the first link in the chain that will end at the recipient.

  7. The remailer receives the message, decrypts the first level of encryption, sees the address for the next remailer in the chain, remails it to that remailer, and so on, until the message arrives at nym.alias.net. There it's decrypted the final time. The server confirms that the message really came from you because you signed the original message with your secret key, and the server has your public key on file. Your message, now in its plaintext original form, is then sent to the recipient's address specified in the message body.
  8. The analogy here is Faberge eggs. One encrypted message (your original) inside of another, inside of yet another, etc. Each remailer can only decrypt its own portion and see what the next address is. Further, each remailer strips the previous remailer's return address before remailing to the next.
  9. When the recipient replies, the routing back to you is based on the reply block you've submitted. The recipient replies in plaintext to your nym account's address (eg, <bubba@nym.alias.net>). The server then checks the reply block it has for you on file, and encrypts the message using your public key. The messages is then sent to the first remailer in your reply block, and from there through the other remailers you specified (if any). After winding it's way through the remailers, you finally receive the still-encrypted message.
  10. Security is further enhanced because nym and the remailers can add a layer of conventional encryption at each hop. This is where those extra passphrases I mentioned earlier come into play. Without this conventional encryption, someone intercepting email from nym to you wouldn't be able to decrypt it, but they would be able to see who the message is for because PGP will return a "....can only be decrypted by...." error message.

    4.  CREATING YOUR NYM

    a. Assumptions and Givens -

    1. Your chosen nym is "bubba" and you've confirmed that it's available for use.
    2.  You've created a new PGP key pair with the user ID of "Bubba <bubba@nym.alias.net>"
    3. You've extracted your new nym's public key (using the command pgp -kxa) into a file you can paste into an email message.
    4. Your real email address is <realname@xyz.com>.
    5. You've downloaded the public keys for nym.alias.net and for the remailers you want to use, and you've added them to your PGP keyring.
    6. You've chosen to use only one passphrase and one remailer. The passphrase is "teafortwo," and your chosen remailer is <remailer@huge.cajones.com>.
    7. You're fluent in PGP <g>.

    b. Creating the Reply Block -

    1. Your reply block tells the nym server what your real email address is and how to route mail to you. It also tells the server what passphrase to use to conventionally encrypt all messages to you.
    2. Type the following EXACTLY as shown, but without the "EXAMPLE #x." Everything starts on the very first line of text and is all flush with the left margin. If you see a space, use a space. If you see a blank line, use one. That goes for everything you type:

      EXAMPLE #1 

      ::
Anon-To: realname@xyz.com
Encrypt-Key: teafortwo

      That's two colons on the first line. Save this as a text file called FILE1.TXT.

      A WARNING ABOUT BLANK LINES: Be sure to create all required blank lines by using the carriage return, NOT by simply moving the cursor. The "Common Problems" section of the help file from nym.alias.net mentions some reports of PGP headers being chopped off of encrypted messages. The messages arrive from nym through the remailers, but are missing the "-----BEGIN PGP MESSAGE-----" line, the "Version: " line, and the blank line that follows before the encrypted text. The help file also mentions that this may be caused by too many or too few blank lines somewhere in the reply block. Three readers have reported this problem to me. After troubleshooting, we discovered each time that the problem was caused by a missing hard carriage return to create a blank line. Inserting one (and only one!) hard carriage return in the correct places appears to be the solution.

    3. Encrypt FILE1.TXT using the public key for <remailer@huge.cajones.com>. The correct command line syntax is pgp -eat file1.txt remailer@huge.cajones.com

      That will give you a file called FILE1.ASC

    4. Your file should look something like this:

      EXAMPLE #2 

      -----BEGIN PGP MESSAGE-----
Version: 2.6.3i

hIwCL3nxiBW8n50BBACP8ez/ZDmCXUTAoYsahN+9ga7uCDbiiurxyIDvpR0syIWn
8+JKMijkgToK6hyY5l7Lda9UZdu4EUHYJ01OPywGDPt024otN4Ke91XLdYxialIj
qXrpCzWnOvVdv2wbs8TfPgLtqDlsTjmQ9v+QFNdvO10YBVe8NoM857K863dK36YA
AAKqjobhdiOoPErbUxG9ZXsQIMv+TrUC/05eDNpI46pjq4imFAa3uYHbknAFk1u1
56eFMEoomiqj6GjwNg==
=+yBT
-----END PGP MESSAGE-----
    5. Prepend the above text with:

      EXAMPLE #3 

      ::
Anon-To: remailer@huge.cajones.com
Encrypt-Key: teafortwo

::
Encrypted: PGP

      and leave a blank line between "Encrypted: PGP" and the encrypted text.

    6. At the end of the encrypted text, leave a blank line and then type:

      EXAMPLE #4 

      **

      That's two asterisks. These are very important! Your reply block must end in this double asterisk on the second line below the text. If you were going to have your mail sent through more than one remailer (this example uses only one!), you would only put the double asterisk at the very end of the complete reply block.

    7. Your text should now look like this:

      EXAMPLE #5 

      ::
Anon-To: remailer@huge.cajones.com 
Encrypt-Key: teafortwo 
 
:: 
Encrypted: PGP 
 
-----BEGIN PGP MESSAGE----- 
Version: 2.6.3i 
 
hIwCL3nxiBW8n50BBACP8ez/ZDmCXUTAoYsahN+9ga7uCDbiiurxyIDvpR0syIWn 
8+JKMijkgToK6hyY5l7Lda9UZdu4EUHYJ01OPywGDPt024otN4Ke91XLdYxialIj 
qXrpCzWnOvVdv2wbs8TfPgLtqDlsTjmQ9v+QFNdvO10YBVe8NoM857K863dK36YA 
AAKqjobhdiOoPErbUxG9ZXsQIMv+TrUC/05eDNpI46pjq4imFAa3uYHbknAFk1u1 
56eFMEoomiqj6GjwNg== 
=+yBT 
-----END PGP MESSAGE----- 
 
**

      Make sure that you have blank lines exactly as shown! There's a blank line between "Encrypt-Key: teafortwo" and the next double colon, there's one between "Encrypted: PGP" and the text itself, and there's one between the end of the text and the double asterisk.

    8. Save the above as a text file called FILE2.TXT. Your reply block is now finished.

    c. Creating the Creation Request -

    1. Start a blank page in your word processor and type the following, again starting on the first line and flush with the left margin:

      EXAMPLE #6 

      Config: 
From: bubba@nym.alias.net 
Nym-Commands: create +acksend +signsend name="Bubba" 
Public-Key:

      IMPORTANT NOTES:

      • It's critical that your "creation request" begin with "Config:" on the first line! The nym server will ignore any creation requests without it.
      • There are numerous "Nym-Commands: " you can use. Most deal with advanced features offered by the nym server, and all are clearly explained in the official help file. I've used only four for our example. "Create" tells the server that you are creating a new nym. "+acksend" enables the feature which will send you a confirmation every time the nym server forwards mail you have sent. "+signsend" enables the feature which will sign all messages with the nym server's PGP key, making forgery virtually impossible. "name= ," with the requested name in quotes, lets you set a name for yourself. With this feature enabled, mail you send will appear to come from "Bubba <bubba@nym.alias.net>." Without it, your mail will appear to come simply from "<bubba@nym.alias.net>."
      • Of the four "Nym-Commands: " I've shown, only "create" is really required.
      • The "Nym-Commands: " can all be on one line (separated by a space), or each can be on its own line. If you list them on individual lines, each line must begin with "Nym-Commands: ", followed by the command.

      EXAMPLE #6A 

      Nym-Commands: create 
Nym-Commands: +acksend 
Nym-Commands: +signsend 
Nym-Commands: name="Bubba"
    2. On the very next line (NO blank line this time!), insert the public key you extracted earlier for your new nym. It should now look like:

      EXAMPLE #7 

      Config: 
From: bubba@nym.alias.net 
Nym-Commands: create +acksend +signsend name="Bubba" 
Public-Key: 
-----BEGIN PGP PUBLIC KEY BLOCK----- 
Version: 2.6.3i 
 
mQCNAzCqHCEAAAEEALyo483O4RXzCKn/rGK6eSdZSrZITqqIoNgXn9i6idZhxnfu 
WO2CmPwm0LD4zSbh5ciMpHNKBO3yPgRlSG87rQK2NxsyQFNu0stH4AkfmtG7SS75 
uOGdkVYpPhk+NRFIk6FUePMspd96yQelNPznUMD8N+mmEcD5MS958YgVvJ+dAAUR 
tC5KYXkgU3RvdHpreSA8NGJkZWFpcm1nckA0dGhiZGVocS4xYWQuYXJteS5taWw+ 
pjVDLgRXAN5PKt956n9G+KX9xA4P7Ggd7sOR0dNIVS3XiXFCKsr+hqLFYxT3K71U 
IJWvJw== 
=/tvC 
-----END PGP PUBLIC KEY BLOCK-----
    3. On the very next line (again, no blank line!), type

      EXAMPLE #8 

      Reply-Block:
    4. The whole thing should now look like this:

      EXAMPLE #9 

      Config: 
From: bubba@nym.alias.net 
Nym-Commands: create +acksend +signsend name="Bubba" 
Public-Key: 
-----BEGIN PGP PUBLIC KEY BLOCK----- 
Version: 2.6.3i 
 
mQCNAzCqHCEAAAEEALyo483O4RXzCKn/rGK6eSdZSrZITqqIoNgXn9i6idZhxnfu 
WO2CmPwm0LD4zSbh5ciMpHNKBO3yPgRlSG87rQK2NxsyQFNu0stH4AkfmtG7SS75 
uOGdkVYpPhk+NRFIk6FUePMspd96yQelNPznUMD8N+mmEcD5MS958YgVvJ+dAAUR 
tC5KYXkgU3RvdHpreSA8NGJkZWFpcm1nckA0dGhiZGVocS4xYWQuYXJteS5taWw+ 
pjVDLgRXAN5PKt956n9G+KX9xA4P7Ggd7sOR0dNIVS3XiXFCKsr+hqLFYxT3K71U 
IJWvJw== 
=/tvC 
-----END PGP PUBLIC KEY BLOCK----- 
Reply-Block:
    5. Immediately after "Reply-Block:", append your reply block (the FILE2.TXT you saved before). The whole thing should now look like:

      EXAMPLE #10 

      Config: 
From: bubba@nym.alias.net 
Nym-Commands: create +acksend +signsend name="Bubba" 
Public-Key: 
-----BEGIN PGP PUBLIC KEY BLOCK----- 
Version: 2.6.3i 
 
mQCNAzCqHCEAAAEEALyo483O4RXzCKn/rGK6eSdZSrZITqqIoNgXn9i6idZhxnfu 
WO2CmPwm0LD4zSbh5ciMpHNKBO3yPgRlSG87rQK2NxsyQFNu0stH4AkfmtG7SS75 
uOGdkVYpPhk+NRFIk6FUePMspd96yQelNPznUMD8N+mmEcD5MS958YgVvJ+dAAUR 
tC5KYXkgU3RvdHpreSA8NGJkZWFpcm1nckA0dGhiZGVocS4xYWQuYXJteS5taWw+ 
pjVDLgRXAN5PKt956n9G+KX9xA4P7Ggd7sOR0dNIVS3XiXFCKsr+hqLFYxT3K71U 
IJWvJw== 
=/tvC 
-----END PGP PUBLIC KEY BLOCK----- 
Reply-Block: 
:: 
Anon-To: remailer@huge.cajones.com 
Encrypt-Key: teafortwo 
 
:: 
Encrypted: PGP 
 
-----BEGIN PGP MESSAGE----- 
Version: 2.6.3i 
 
hIwCL3nxiBW8n50BBACP8ez/ZDmCXUTAoYsahN+9ga7uCDbiiurxyIDvpR0syIWn 
8+JKMijkgToK6hyY5l7Lda9UZdu4EUHYJ01OPywGDPt024otN4Ke91XLdYxialIj 
qXrpCzWnOvVdv2wbs8TfPgLtqDlsTjmQ9v+QFNdvO10YBVe8NoM857K863dK36YA 
AAKqjobhdiOoPErbUxG9ZXsQIMv+TrUC/05eDNpI46pjq4imFAa3uYHbknAFk1u1 
56eFMEoomiqj6GjwNg== 
=+yBT 
-----END PGP MESSAGE----- 
 
**

      NOTE: We're almost done; hang in there ;-))

    6. Save all the above text as FILE3.TXT.
    7. PGP encrypt FILE3.TXT with the public key for <config@nym.alias.net> and sign it with your new nym key. The command line syntax is pgp -seat file3.txt config@nym.alias.net -u bubba
    8. You should now have a big, PGP-encrypted file called FILE3.ASC. This is your finished creation request. It's the file you send to the nym server to create your nym account.

    d. Sending Your Creation Request to <nym.alias.net> -

    1. You can upload FILE3.ASC to your email client and send it directly to <config@nym.alias.net>, or you can send it through one or more remailers first. I suggest using at least one remailer route for extra security and anonymity.
    2. To send your creation request through a remailer, prepend FILE3.ASC with:

      EXAMPLE #11 

      :: 
Request-Remailing-To: config@nym.alias.net

      and be sure to leave a blank line between that and the text.

      NOTE: Some remailers require "Anon-To:" instead of "Request- Remailing-To:" Most accept either. As you get more experience doing this you'll figure out which is which. The one we're using for this example, <remailer@huge.cajones.com>, accepts both.

    3. Your text should now look like this:

      EXAMPLE #12 

      :: 
Request-Remailing-To: config@nym.alias.net 
 
-----BEGIN PGP MESSAGE----- 
Version: 2.6.3i 
 
hIwCL3nxiBW8n50BBACP8ez/ZDmCXUTAoYsahN+9ga7uCDbiiurxyIDvpR0syIWn 
8+JKMijkgToK6hyY5l7Lda9UZdu4EUHYJ01OPywGDPt024otN4Ke91XLdYxialIj 
qXrpCzWnOvVdv2wbs8TfPgLtqDlsTjmQ9v+QFNdvO10YBVe8NoM857K863dK36YA 
AAKqjobhdiOoPErbUxG9ZXsQIMv+TrUC/05eDNpI46pjq4imFAa3uYHbknAFk1u1 
Vqh+/f9mKuAIO/5HBU8wGUL08yUdQGoSWVWl06mOX9OUd8KCc48ayBnojFJmUz1k 
yrO68XoMWpEZdgdMVnKhQH+oN6VE4v+yLecYwURK6I4Ro7mn7j6mZIWQSbJT/Gks 
W/YIh2+RRXakayokUqyUblTjzSkY6UaF6uljNb+Qzp9JxBBMKyNEZwdCj7xawZxf 
q1pfg2BnQ33NaQ2e1k+sLpd/5xrha2j5QzzQPksomyTIooRSYUF4n797j7B3G+AC 
56eFMEoomiqj6GjwNg== 
=+yBT 
-----END PGP MESSAGE-----

      NOTE: Your text will probably be much longer than the example.

    4. Save the above text as FILE4.TXT.
    5. Encrypt FILE4.TXT using the public key of your chosen remailer. DO NOT sign it! Using our example remailer, the command line syntax would be pgp -eat file4.txt remailer@huge.cajones.com

      This will yield a file called FILE4.ASC.

      NOTE: You could use any remailer, provided you have that remailer's public key. It's up to you. It does not have to be the same remailer you named in your reply block.

    6. Prepend FILE4.ASC with:

      EXAMPLE #13 

      :: 
Encrypted: PGP

      and again, leave a blank line between "Encrypted: PGP" and the text.

    7. Your text should now look like:

      EXAMPLE #14 

      :: 
Encrypted: PGP 
 
-----BEGIN PGP MESSAGE----- 
Version: 2.6.3i 
 
hIwCL3nxiBW8n50BBACP8ez/ZDmCXUTAoYsahN+9ga7uCDbiiurxyIDvpR0syIWn 
8+JKMijkgToK6hyY5l7Lda9UZdu4EUHYJ01OPywGDPt024otN4Ke91XLdYxialIj 
qXrpCzWnOvVdv2wbs8TfPgLtqDlsTjmQ9v+QFNdvO10YBVe8NoM857K863dK36YA 
AAKqjobhdiOoPErbUxG9ZXsQIMv+TrUC/05eDNpI46pjq4imFAa3uYHbknAFk1u1 
Vqh+/f9mKuAIO/5HBU8wGUL08yUdQGoSWVWl06mOX9OUd8KCc48ayBnojFJmUz1k 
yrO68XoMWpEZdgdMVnKhQH+oN6VE4v+yLecYwURK6I4Ro7mn7j6mZIWQSbJT/Gks 
W/YIh2+RRXakayokUqyUblTjzSkY6UaF6uljNb+Qzp9JxBBMKyNEZwdCj7xawZxf 
q1pfg2BnQ33NaQ2e1k+sLpd/5xrha2j5QzzQPksomyTIooRSYUF4n797j7B3G+AC 
56eFMEoomiqj6GjwNg== 
=+yBT 
-----END PGP MESSAGE-----
    8. Save the above as FILE5.TXT. THIS is the file you'll send.
    9. Upload FILE5.TXT into your email client and send it to <remailer@huge.cajones.com>

      NOTE: Don't use the angle brackets, of course <g>. No subject line is necessary; the remailer will remove it, anyway.

    e. Responding to the Confirmation Message -

    1. If you've done everything correctly, and the remailer(s) and nym server are up, within a few hours you'll receive an encrypted "confirmation message" from nym.alias.net.
    2. Decrypt the message, first using the passphrase you used for conventional encryption (in our example, "teafortwo"), then with your nym's secret key.
    3. The decrypted message will tell you that your creation request was successful, and ask you to reply to a specific address to activate your nym. The address will be something like:

      EXAMPLE #15 

      <confirm+aie7465hsykd78250037j@nym.alias.net>.

      NOTE: Your reply can be anything, even blank email. It's an automated procedure, and essentially serves to confirm that your reply block is functional. Your reply can be plaintext, encrypted, sent directly, sent through a remailer....it doesn't matter. Just reply.

    4. After you reply, you'll receive another message from nym.alias.net telling you that your nym account has been activated.

      Congratulations!

    5.  SENDING EMAIL FROM YOUR NYM ACCOUNT

    1. To send email from your new nym account, start the body of your text with:

      EXAMPLE #16 

      From: bubba 
To: <recipient's email address> 
Subject: <whatever> 
 
RE

      leave one blank line, then type your message.

      NOTE: Just like everything else, the above begins on the first line and is flush with the left margin.

    2. Save the file and then encrypt and sign it for the nym server. If you saved the file as MAIL.TXT, the command line syntax would be: pgp -seat mail.txt send@nym.alias.net -u bubba

      IMPORTANT NOTE: Notice that this time it's "send@nym..." instead of "config@nym..." You use "config@nym..." to set up or change your account. To send mail, you use "send@nym...." It's the same PGP public key, so no problem there.

    3. Prepend the resulting MAIL.ASC file with:

      EXAMPLE #17 

      :: 
Request-Remailing-To: send@nym.alias.net

      and again, leave a blank line between that and the encrypted text.

    4. Save the above as MAIL1.TXT.
    5. Encrypt MAIL1.TXT for the remailer you'll use. The command line syntax is: pgp -eat mail1.txt remailer@huge.cajones.com

      NOTE: Remember, DO NOT sign the mail to the remailer! You only sign the part of the message that nym.alias.net ends up with.

    6. Prepend the resulting MAIL1.ASC with:

      EXAMPLE #18 

      :: 
Encrypted: PGP

      And yet again, leave a blank line between that and the encrypted text.

    7. Save the above text as MAIL2.TXT.
    8. Upload MAIL2.TXT into your email client and send it to <remailer@huge.cajones.com>. If all goes well, your recipient will receive the mail shortly.

    6.  PUTTING IT ALL TOGETHER

    1. When you send mail this way, first it goes to the remailer. The remailer decrypts it and sees another internal encrypted message, including the instructions to remail it to <send@nym.alias.net>. It does this. When the nym server receives it, the message is decrypted. The nym server compares your From: line and PGP signature with the public key it has on file for you. When it's satisfied that the mail is really from you, it forwards the now decrypted plaintext to the address given on your To: line. The recipient gets a plaintext email that appears to come from "Bubba <bubba@nym.alias.net>."
    2. If the recipient wants to respond, he or she composes a normal reply to <bubba@nym.alias.net> and sends it. The nym server receives it, confirms that you have an account, encrypts the message using your public key, and signs it using its own key. The message is then encrypted again (conventionally, using pgp -ca) and sent to the first remailer you've specified in your reply block. Along the way back to you, the message passes through a layer of conventional encryption (using the passphrase you've specified in your reply block) at each remailer.
    3. Finally, you receive the message. What you receive appears to be an encrypted email from the final remailer in the chain. Download the message and use PGP to decrypt it.

      NOTE: At this point you might be tempted to download the message and use a Windows PGP frontend to decrypt it. We won't go into the pros and cons of frontends, but I can tell you that not all of them support conventional encryption. If yours does, fine. It will work. If yours doesn't, use PGP from the DOS command line.

    4. You'll have to go through one or more levels of conventional encryption using the "teafortwo" passphrase before you get to the actual message encrypted with your public key. In the examples we've used, you would have to decrypt the message twice using "teafortwo," and then with the real passphrase for your nym's key.

    7.  USING A NEWSGROUP IN YOUR REPLY BLOCK

    1. The reply block in the examples above specifies that mail to your nym will be forwarded to your real email address. However, you may not want to do it that way. For example, it's theoretically possible for an attacker to correlate your nym with your real address, thereby determining your identity. It would take a very well- connected, well-financed, knowledgeable, and determined attacker to do it, but it could be done. The text of your messages is still protected by PGP, but your identity is not. For a detailed discussion of some of the possible attacks on remailers, see Lance Cottrell's excellent essay, "Mixmaster and Remailer Attacks".
    2. One way to help protect your identity is to have nym.alias.net forward all mail to your nym to a newsgroup instead of your real email address. Your mail will appear in the newsgroup as simply another post. Anyone can download it, but only you can decrypt it. To do this, create the first part of your reply block as follows instead of the way shown in Example #1:

      EXAMPLE #19 

      :: 
Anon-To: mail2news@anon.lcs.mit.edu 
Encrypt-Key: teafortwo 
 
## 
Newsgroups: alt.anonymous.messages 
Subject: *** something you'll recognize ***

      Then simply follow all the other steps explained in paragraph 4 above to create your nym account.

    3. Which newsgroup you enter for "Newsgroups:" is up to you. The alt.anonymous.messages group is a good choice (the name says it all!), and anonymous posts there are "on topic."
    4. Your choice of a "Subject:" is critical. It should be something you'll easily recognize out of the many messages posted to alt.anonymous.messages each day, and something that doesn't give your identity away. Some people use a random string of numbers and letters. Others use key words and phrases only they can recognize. You might also consider setting the filters in your newsreader to ignore all messages that don't contain your subject. Be very careful about giving away clues to your identity. For example, if your nym is "Snow White," using "....and the Seven Dwarves" as your "Subject:" isn't a good idea.

      IMPORTANT NOTES:

      • The header "Newsgroups:" really is plural, even if you list only one group.
      • If you list more than one group, separate them with commas, but not with spaces. For example:

        CORRECT - Newsgroups: alt.anonymous,alt.anonymous.messages

        WRONG - Newsgroups: alt.anonymous, alt.anonymous.messages

      • You can use additional headers, such as "X-No-Archive: Yes", if you feel the need. "X-No-Archive: Yes" will help avoid your posts being archived by services such as DejaNews.
      • There are quite a few other gateways you can use for posting to newsgroups. I've used <mail2news@anon.lcs.mit.edu> for these examples because I use it myself, and have found it to be very quick and reliable. More detailed information on using mail2news gateways can be found at <http://students.cs.byu.edu/~don/mail2news.html>. For the help file from <mail2news@anon.lcs.mit.edu>, send email with the subject "help" to that address.

    8.  POSTING TO NEWSGROUPS WHEN USING YOUR NYM

    1. Posting to newsgroups with your nym is very similar to sending email. The only real differences are some additional headers inserted before the text of you message. Paragraph 5a above shows how to format an email message. The format for a newsgroup post is as follows:

      EXAMPLE #20 

      From: bubba 
To: mail2news@anon.lcs.mit.edu 
Newsgroups: <whatever> 
Subject: <whatever>

      Leave a blank line after the last header and then type your message.

    2. f you are replying to a post and want your reply to be threaded with the original message, you must also add a "References:" header. If your reply will be the first reply to the post, you should also add "Re:" before the original subject.

      EXAMPLE #21 

      From: bubba 
To: mail2news@anon.lcs.mit.edu 
Newsgroups: <whatever> 
References: <whatever> 
Subject: Re: <whatever>

      As always, leave a blank line and then type your message.

      NOTES:

      • To obtain the correct "Subject:", simply copy or cut-and-paste the "Subject:" line from the original post, and add the "Re:", if needed.
      • To obtain the "References:" entry, use the "Message-ID:" header (including the angle brackets) from the post you are replying to.
    3. Save the file and follow the instructions in paragraphs 5b through 5h above to encrypt and send.

    9.  HOW TO CONTACT ME

    If you feel the urge, send me some email. I'll answer as quickly as I can. If you have a question or run into a problem, try to give me as much detail as possible. If you're writing about this article, please reference the appropriate paragraph or example number. If you have any comments, suggestions, or constructive criticism, please get in touch.

    And finally, if you'd like me to reply with encrypted mail, send me your key. Don't make me scour the keyservers or your homepage or whatever. If I feel the need to confirm your key, I will. In the meantime, though, just send me the darned thing :-))

    My address is <jay@squirrel.owl.de>.  Here is my public key: 

    -----BEGIN PGP PUBLIC KEY BLOCK----- 
Version: 2.6.3ia 
 
mQCNAjNJRyEAAAEEAMJ6EyjaBxvq+LEwP7gPEBCT2r1JoaczSGdV0IQH//OzJb62 
WuHYOe9OTE4IBQJwAnpuFE6ddhu0RX3cMOtGr5eMMc9Il9JfGCBeAbLnAFX2TA9c 
Cpwyj08hdg9i963E7itnC6salYc9y6zhG99JhdY+NS1F5GJXVjiSuwSoAGVFAAUR 
tBtKYXkgU3RvdHpreSA8amxzQHBvYm94LmNvbT6JAJUCBRAzSUciOJK7BKgAZUUB 
AXTeA/0a5Kt396WobaD3q8bXVzKTGw77Uxc4vSZLG9uoPvESSeUUqUARoSf/cKub 
iTMsdsEFZF/I7w4xzhuToaG1A6n2WBKT46llPPdDJtOMT9gebBYqUA7uvhPGDivL 
Y0NMsmsOSLHg1jA3QSg0h+nL+pPMaVfvqzkUMCVcJYYFrh6Yww== 
=HKi6 
-----END PGP PUBLIC KEY BLOCK-----


    Last modified: 20 Jun 1998
    Author: Jay Stotzky <jay@squirrel.owl.de>
    Comments: galactus@stack.nl
    This document was generated with Orb v1.3 for OS/2.