JULF AT THE DOOR
by Chris Stamper
September 3, 1996
For three and a half years -- a millennium by the Internet's calendar --
Julf Helsingius' anonymous remailer made Internet privacy commonplace.
On Friday, thousands of anonymity-seeking netniks found their mail
returned: User unknown. Helsingius had walked off the job.
The last straw was an article in the August 25 edition of the British
Observer that accused Helsingius of being "the Internet middle man who
handles 90 percent of all child pornography." Helsingius denies the
"That's something I will enjoy suing them for," says Julft. Helsingius
had already been contemplating pulling the plug on his remailer service
after repeatedly fighting with the Church of Scientology, which wanted
access to his user logs; the Observer article "definitely made the
The article relied heavily on information from "an FBI adviser on child
abuse and pornography" named Toby Tyler. A call to Washington told us
there was no one from the FBI with the same name as the hero of an
obscure Disney movie.
"I don't see why someone would use a made-up name like that," says Karen
messages anonymously. The sender's address was automatically stripped
out and the messages were sent to their destinations bearing an
anonymous ID from anon.penet.fi. That ID was used as a return address,
which protected users' true names.
"With my server people could talk without their neighbors or employers
finding out what their problems are," says Helsingius. "The natural
users are victims of abuse." Whistle-blowers, political refugees,
victims of abuse and other folks who legitimately feared reprisals were
among the users of the service. (For regular anon.penet.fi users,
Helsingius is providing a forwarding service for contacting people known
only through anonymous addresses.)
But the server's user-friendliness turned out to speed its undoing.
Several thousand messages went out daily and the attention brought
critics. Usenet bot creator Dick Depew said the server brought nuisance
spam posts and tried to robo-censor it. Then things got nasty in
February 1995, when the Church of Scientology got Finnish police to
demand the name of an opponent who was using the server to post to
While Helsingius never granted anyone access to his logs, the server was
beginning to show stress fractures. Since the machine stored every
user's original e-mail address -- which was how the anonymous ID was
able to forward mail to a real user -- authorities could, theoretically,
gain the true identities of people using anon.penet.fi. That system
disturbs many cypherpunks, who argue that it only creates the potential
"He had a very public location, so people became comfortable," says John
Gilmore, a cypherpunk and cofounder of the Electronic Frontier
Foundation. "He didn't provide real privacy. He provided the illusion of
privacy. His strategy was to record whose anonymous ID matched up with
whose and tried to keep it secret. It's a stupid way to run it. It's
like waving a red flag."
Newer, more sophisticated remailers solve many of the problems
underlying anon.penet.fi. For more security, the Cypherpunk and
Mixmaster remailers send messages with all headers stripped. This means
the messages aren't traceable. The humongous downside is that no one can
But since the servers don't collect data on who sent what, Gilmore says
they are safer. "The right way to protect people's privacy is to never
collect information in the first place," he says. "That way there's no
chance of it coming out somewhere."
(If you aren't too worried about someone ultimately discovering your
true identity and want a pseudonymous mail service that lets you reply
to anonymous posts the way anon.penet.fi did, go to alpha.c2.org.)
Helsingius says he has no plans to start a new and improved service. "If
the legal situation changes in Finland there might be a possibility, but
I want to sit back and see if the other servers will pick up the load,"