Thinhose Nymserver (nym.thinhose.net)

nym.thinhose.net

Introduction

Welcome to the homepage of the Thinhose Nymserver. The following pages will walk you through how to create, use and maintain a pseudonym account on this service.

Prerequisites

In order to create and use your Nym, you're going to need a reasonably good understanding of either PGP or GnuPG. Good enough, that is, to create a key and sign/encrypt messages. Some understanding of how email messages are formatted would also be useful.

Nymserver PGP Key

First, download the public PGP key for the nymserver. It can be obtained HERE,
The key can be verified against a detached signature from the nymserver Operator SEC3.

The command to verify a detached signature is:

gpg --verify sig.asc key.asc

Creating a Nym

Let's call our nym alice. Create a new key pair for alice@nym.thinhose.net.
Ideally, make it an RSA key of 4096 bits. (If all users create keys of the same size & format it is harder to link messages.)
GnuPG Command: gpg --full-generate-key or, for older versions of GnuPG, gpg --gen-key.
Export your Public Key
This will extract the newly generated key from your keyring and store it in a text file. In the following example, I've named that file pubkey.txt
GnuPG Command: gpg --armor --export alice@nym.thinhose.net > pubkey.txt
Edit the pubkey.txt file
Insert on a new line, above your public key block, your chosen
Hsub password. Example:
```
++++++++++++++++++++++++++++++
hsub: 50NS8953gj76giF
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFzUfR0BEAC1FFj5myMBgM79yx8u6hoU+/qaMJgh+fwpov6x21592OZ7822r
3NzjvPdawyr1f+x+hbFYcGVVPHDAMbSzAU1TNjNAzvi1tUp033jfI1vYJd5cGi77
[...]

BPYgrRHiuIXYRbKL0WP2FDTr3ll5ybp6Q6IU5swRU0pTpcHteKmF9urALONCn2K6
q5VMCVpFxNsnFVxC0w15Qc+DZvdDvFaTGKo3lMFzdEGmAR+dOHi802BFjksPYqPg
HeS1FrDq
=G7wo
-----END PGP PUBLIC KEY BLOCK-----

++++++++++++++++++++++++++++++
```
Optional settings that can be added on individual lines below the "hsub:" setting include:

symmetric: aSTRONGpassWORDhere
symmetric: none [This is the default]
acksend: false [This tells Thinhose NOT to send you delivery confirmation emails]
acksend: true [This is the default. A delivery confirmation email is sent to you after every message you send]

If you prefer not to have a hashed subject line in AAM then exclude
the "hsub:" setting and put

subject: A unique subject here

in its place.

When the time comes to delete your Nym account you may use the single setting

delete: yes
Encrypt the pubkey.txt file
The pubkey.txt file must now be encrypted to the Nymserver. In the following example, the encrypted file will be created as pubkey.txt.asc
GnuPG Command: gpg --armor --encrypt --recipient config@nym.thinhose.net pubkey.txt
Email the encrypted file
The file must now be sent anonymously to config@nym.thinhose.net . The best way to do this is to use mixmaster. You may also wish to use your preferred Mixmaster client.
Mixmaster Command: mixmaster -tm config@nym.thinhose.net pubkey.txt.asc

That's it! The Nymserver decrypts the message, extracts your Nym's email address from the supplied Public Key and processes it. You will receive a confirmation message from the Nymserver in alt.anonymous.messages, encrypted to your key.

It's worth noting that your nym creation message above (pubkey.txt.asc) is the only time when you will NOT be expected to sign your message with your new Nym key. See section below "Sending Messages from your Nym" for a slightly different GnuPG command that you will use on all future outgoing messages to prove ownership of your Nym.

Receiving Messages for your Nym

Unlike a normal email account, messages for your Nym aren't delivered to you personally. Instead they are delivered to a common mailbox that you share with many other users of anonymity systems. This shared mailbox serves to delink incoming messages with their actual recipient.

The shared mailbox comes in the shape of a Usenet group called alt.anonymous.messages. In order to find your messages within this group, you'll need to download the entire content of the group and then attempt to decrypt all the messages in it. If the decryption succeeds, the message is your own.
Need to explain how to download and attempt to decrypt messages.

In addition to messages sent to your Nym by other users, you'll also receive information messages from the Nymserver about your configuration requests. Wherever possible the server will inform you about issues with your Nym or the changes you attempt to make to it. Once your key has been received by the server, it has the capability to send you encrypted messages.

Sending messages from your Nym

The most secure way to do this is to use the Remailer network.

Format your message like a normal email, with headers at the top, followed by a blank line and the content. This should look something like:
```
From: alice@nym.thinhose.net
To: recipient@email.address
Subject: Your Subject

The message goes here.
```
(These are a minimal set of headers. Other headers like Newsgroups: can be included.)

Sign the message using your Nym's Private Key and encrypt it for send@nym.thinhose.net . ASCII Armor must be used.

gpg --sign --encrypt --armor --recipient send@nym.thinhose.net --local-user alice@nym.thinhose.net message.txt

Paste the resulting encrypted PGP Message into your Remailer client and send it to send@nym.thinhose.net.
You will receive a confirmation in alt.anonymous.messages that your email has been forwarded to the recipient.
Optionally, if your recipient has a PGP key, you can hide your outgoing message's content from the Nymserver by first encrypting it to your recipient's public key.