   -------------------------------------------------------------------------

                       H E Y !   W E ' R E    H E R E !

   -------------------------------------------------------------------------


... but you don't know how to get in  touch? Well, OK then. But to those of you
that we gave our top  secret  contact  address  to  contact us, and you haven't
written back... OK, we realize that some  of you might have been cautious since
you never heard of us  before  PB  #21,  and  you  might  have thought it was a
strange type of joke! But we hope you'll  get in contact as soon as you realize
this is not (just) a joke magazine but a pretty seriously decent diskmag (Well,
we hope to be decent anyway!).

OK, you want good news or bad news first? .....


The BAD NEWS

We still haven't got a PO box! Look,  if  you think that's a bit of an annoying
thing, then so do I, but I don't have enough money for a PO box yet! I probably
will by about mid April though.

[NOTE- WE NOW HAVE A PO BOX! SEE 'READ_ME.TXT' FILE FOR MORE INFO!]


The GOOD NEWS

We might not have a physical PO  box,  but  we  do have an electronic one! Yes,
it's that amazing anonymous email server in Finland! If you've got access to an
email account then you can email PURE BOLLOCKS at the address:

        an18359@anon.penet.fi

    or even

        an18359%anon.penet.fi%uunet.uu.net@uk.ac.nsf

    (OK, it looks a bit long,  but  email  to  Finland is 7p/K from Britain, so
    it's cheaper this way!)

If you want to send us  files,  you  can  do  this  through email as well! Just
collect the files into an archive (arc, zip, lzh, or zoo) and use the uuencoder
in this issue to make a .UUE file  of  the archive. You can then transfer it to
your mail system and send it as the text part of your email message! If you are
sending us a file like that, please remember a few things:

1)  Send us advance warning of it!  For  example,  a  text file saying "Hi! The
    next message from me will be a file containing...."
2)  Please send your  .UUE  mail  message,  with  the  filename  as the subject
    heading. For example:

    To: an18359@anon.penet.fi
    From: .............
    Subject: FALCPLAY.UUE
    Text:  <uuencoded file...>

    This is so we know what are .UUE files and what are not!
3)  Please don't send us any files bigger than 720K! In fact, we advise you not
    to send big files unless you really have to!
4)  Don't send any illegal stuff through this  server  link! Quite a lot of the
    server is shut down thanks  to  some  people  sending UUencoded porno GIFFs
    through the system, amongst other hi-jinks.


If you  haven't  sent  mail  through  this  server  before,  it'll  generate an
anonymous id for yourself! For more info,  here's  the text file I got from the
server about the facilities.

               ------------------------------------------------

German text available from german@anon.penet.fi (deutsch@anon.penet.fi).
Italian text available from italian@anon.penet.fi (italiano@anon.penet.fi).


                      The anon.penet.fi Anonymous Server
                      ==================================

Yes, another anonymous  server.  Why?   Well,  several  well-known servers have
bitten the dust recently. And  most  of  them  have  served only a very limited
subset of newsgroups, and mail only to "registered", anonymous users.

Due to reasons too complicated to mention here  I wanted to set up an anonymous
server for the scandinavian user community. I got hold of a pre-release copy of
one of the server packages. As the version I got relied heavily on the advanced
features of MMDFII, I had to  modify  it  quite  a bit. While hacking around, I
removed the restriction of only  supporting  selected newsgroups. Within a week
of startup, the server had  been  discovered  by  transatlantic users, and more
recent stats show european users are definitely a minority.

So what does the anon server really  do?  Well, it provides a front for sending
mail messages and posting news items  anonymously.  As you send your very first
message to the server, it automatically allocates  you an id of the form anNNN,
and sends you a message containing  the  allocated  id.  This id is used in all
your  subsequent  anon   posts/mails.   Any   mail   messages   sent  to  your-
id@anon.penet.fi gets redirected to your  original,  real address. Any reply is
of course anonymized in the same  way,  so  the server provides a double-blind.
You will not know the true identity  of  any user, unless she chooses to reveal
her identity explicitly.

In the anonymization process  all  headers  indicating  the true originator are
removed,  and  an  attempt  is   made   to  remove  any  automatically-included
signatures, by looking for a line  starting  with  two dashes (--), and zapping
everything from there on. But if your signature starts with anything else, it's
your own responsibility to remove it from your messages.

There are two basic ways to use  the  system.  The  easiest way is by sending a
message to recipient@anon.penet.fi:

    To: alt.sex.bestiality@anon.penet.fi

    To: an9999@anon.penet.fi

    To: help@anon.penet.fi

Of course, in the case of mailing to a known user, you have to use addresses of
the form user%host.domain@anon.penet.fi, or the pretty obscure source addressin
g  construct  of  @anon.penet.fi:user@host.domain.  These  constructs  are  not
necessarily handled properly by all mail  systems,  so I strongly recommend the
"X-Anon-To:" approach in these cases. This  works  by  you sending a message to
"anon@anon.penet.fi", including a X-Anon-To: header line containing the desired
recipient. But this really has to be a  field in the message header, before the
first empty line in the message. So:

    To: anon@anon.penet.fi
    X-Anon-To: alt.sex.needlework,rec.masturbation

    To: anon@anon.penet.fi
    X-Anon-To: jack@host.bar.edu

Valid recipients in both cases  are  fully  qualified user addresses in RFC-822
format  (user@host.domain),   anon   user   id's   (anNNN),   newsgroup   names
(alt.sex.paperclips) or one of the  "special"  user  names of ping, nick, help,
admin and stat.

Sending to "ping" causes a short  reply  to be sent confirming (and allocating,
if needed) your anon id. "nick" takes  the  contents of the Subject: header and
installs it as your nickname. If you  have  a nickname, it appears in the From:
header in the anonymized message along  with  your anon id. "help" returns this
text, and stat gives some  statistics  about  the  system. Mail to "admin" goes
directly to me unanonymized, and can be used to report problems. If you want to
send mail to me anonymously, you can use "an0".

When crossposting  to  several  newsgroups,  you  can  list  several newsgroups
separated by commas as recipients,  but  this  only  works using the X-Anon-To:
header. References: headers do  work,  so  they  can  (and  should)  be used to
maintain reply threads.

Ah yes, please remember that the posting  takes  place at my local site, so you
can only post to groups that  are  received  at penet.fi. I get all "worldwide"
groups, but various exotic local groups  don't  make  it  here. I have gotten a
couple of comments about permitting  anonymous  postings to technical groups. I
can only answer that I believe very firmly  that it's not for me to dictate how
other people ought to behave. Somebody  might  have  a valid reason for posting
anonymously to a group  I  might  consider  "technical". But remember anonymous
postings are a privilege,  and  use  them  accordingly.  I  believe adult human
beings can behave responsibly. Please don't let me down.

As the server was originally intended to  be used by scandinavians, it includes
help files for various languages. This works  by using the language in question
as  the  address.  So  to  get  the   german  help  file,  send  a  message  to
german@anon.penet.fi (or deutch@anon.penet.fi).  Support  for  new languages is
added every now and then, when I find volunteers to do the translation. Any new
ones?

The user-id database is based on RFC822-ized forms of your originating address.
This may cause problems  for  some  users,  either  because  their  site is not
properly  registered  in  the  name  servers,  resulting  in  non-deterministic
addresses, or because their mail router doesn't hide the identity of individual
workstations, resulting in different  originating  addresses depending on which
workstation you mail from. Talk  to  your  administrator. If that doesn't help,
let me know, and I will make a manual re-mapping.

You might wonder about the sense of  using  a server out somewhere, as the song
goes, "so close to Russia,  so  far  from  Japan".  Well, the polar bears don't
mind, and the ice on the cables don't bother  too much :-) Well, in fact, as we
live in a wonderfully networked world,  the  major  delay is not going over the
atlantic, but my local connection to  the Finnish EUnet backbone, fuug.fi. Once
you reach a well-connected host,  such  as  uunet.uu.net, there's a direct SMTP
connection  to  fuug.fi.  My  connection  to  fuug.fi  is  currently  a  polled
connection over ISDN, soon to be  upgraded to on-demand-SMTP/NNTP. But for now,
expect a turn-around delay of 2-4 hours for trans-atlantic traffic.

Oh yes, then there's the question of confidentiality/security. The service runs
on one of the 386  boxes  in  my  back  room  at  home,  and the machine is not
directly accessible from the internet.  So  the  only  one  who  can get to the
database is myself. Well,  if  the  police  or  the  local Secret Service comes
knocking at my door, with a  court  order  to  hand  over the database, I might
comply. But then I might, of  course,  accidentally  delete the file instead of
copying it... And maybe possibly there could  be cases where, if somebody could
come up with really hard evidence of  activities  such as blackmail, I could be
persuaded...

Anyway, short of having everyone  run  a  public-key  cryptosystem such as PGP,
there is no way to  protect  users  from  malicious administrators. You have to
trust my personal integrity. Worse,  you  have  to  trust the administrators on
every mail routing machine on the  way,  as  the message only becomes anonymous
once it reaches my machine.  Malicious  sysadmins  and/or crackers could spy on
SMTP mail channels, sendmail queues and mail  logs.  But as there are more than
3000 messages being anonymized every day,  you  have  to be pretty perverted to
scan everything...

Another thing is mail failures. I've had  cases of mail routers doing the wrong
thing with % addresses, "shortcutting" the  path  to the destination site. This
could cause your mail to go to  the  final destination without ever touching my
server (and thus without getting anonymized). This  can be avoided by using the
X-Anon-To: method.

And if your return address bounces for some reason (nameservers down, temporary
configuration failures etc.), the original sender and/or postmasters on the way
might get error messages showing your  true  identity,  and maybe even the full
message.

There is at least one known way to discover  the anon id of a user. It involves
being able to falsify your real identity, so it  is not too easy to use, and it
doesn't reveal the real address lurking behind  an  anon id, but it can be used
to discover what anon id a  certain  user  is  using.  To fix this problem, the
server requires that you use a password when you try to mail to a non-anonymous
user.

First you have to set a  password  by mailing to password@anon.penet.fi, with a
message containing only your password. The password can be any string of upper-
or lowercase characters, numbers and spaces.

Once you have set your password, you must include it in all your messages, in a
"X-Anon-Password:" line. As with the X-Anon-To:  line,  it can be either a part
of the header or as the first non-empty line of the message text.

So your first message might look like this:

    To: password@anon.penet.fi

    XYZZY99998blarf

And your subsequent messages might look like something like this:

    To: anon@anon.penet.fi
    Subject: Test...
    X-Anon-To: foo@bar.fie
    X-Anon-Password: XYZZY99998blarf

If you find this is too much  of  a  hassle,  and don't care too much about the
confidentiality of your anon id, you can  set  the password to "none", in which
case the server doesn't require you to have a password.

If you suddenly discover that the server  requires a password for posting stuff
etc, somebody has managed to use your account and set a password. In that case,
contact admin@anon.penet.fi.

Crackers are just too clever.  Undoubtedly  somebody  is  going to come up with
some novel method....  Not much I can do about that...

If you intend to mail/post something that  might  cost you your job or marriage
or inheritance, _please_ send  a  test  message  first.  The  software has been
pretty well tested, but some mailers on  the  way (and out of my control) screw
things up. And if you happen to  find  a  problem, _please_ for the sake of all
the other users, _let me know asap_.

And  _please_  use  the  appropriate  test  newsgroups,  such  as  alt.test  or
misc.test. Yes, _you_ might get  excited  by  reading  2000  "This is a test.."
messages on alt.sex, but  I  warn  you  that  most  psychologists consider this
rather aberrant...

And  remember  this  is  a  service  that   some  people  (in  groups  such  as
alt.sexual.abuse.recovery) _need_. Please don't  do  anything stupid that would
force me to close down the service.  As  I  am running my own company, there is
very little political pressure anyone  can  put  on  me, but if somebody starts
using the system for  criminal  activities,  the  authorities  might be able to
order me to shut down  the  service.  I  don't  particularly  want to find out,
however...

If you think these instructions are  unclear  and  confusing, you are right. If
you come up with suggestions for improving  this text, please mail me! Remember
English is my third language... [You're not bad at it though! -EGBSS]

Safe postings!

 Julf

- - - ------------------------------------------------------------------- - - -
Johan Helsingius     Kuusikallionkuja 3 B  25   02210  Espoo  Finland     Yourp
net: julf@penet.fi   bellophone: int. +358 0400 2605  fax: int. +358 013900166
- - - ------------------------------------------------------------------- - - -

