Anonymity Archives

Folded Note Could Be Unfolded Too Easily For Strong Anonymity

www.foldednote.com is another in the long list of web based services that offer some form of anonymous email messaging.  Theirs is somewhat different than most I’ve seen in that it involves a four step process and even allows the anonymous sender to recieve a reply.  All this while ostensibly remaining anonymous.  Of course, I decided to check it out.

Step one

You’re presented with a form where you enter the recipient’s email address and write your message (which is limited to 500 characters).  When you’re done, you click on “Review your note” which takes you to a page that allows you to preview the note and, if need be, continue editing.

I have to say that I also found it interesting that they actively prevent users from sending messages to themselves.  Fortunately I have plenty of secondary email addresses to use for testing the site.

Once you’re satisfied, you then need to enter your email address and solve a captcha.  This causes a confirmation to be sent to your email address.  The confirmation contains a link that you must use in order to sent the email.  I’ll give ’em one thing, their use of confirmation of the sender’s email combined with a captcha means that this system is like pantry moth traps for spammers so the site will definitely not be abused by spammers.

It also insures that they’ve got your email address because the system will not send your message unless it’s got yours confirmed by clicking the link in the confirmation email they send you.

Step two

The next thing that happens is that the recipient get an email from folded note saying that there’s a message waiting for them and gives them a link to click on to pick it up.  Once they click on the link they get the note presented on the folded note site.

Step three

At this point you have the option to rate the note, block the sender permanently or send a reply.  The reply can only be up to 200 characters long

Step four

Finally the sender gets to see the response if any.

The folded note site makes it clear in their terms of service that they’ll cooperate with law enforcement, court orders and the like.  Anyone using this system should make very certain not to trust it with anything important at all and certainly not anything illegal.  Remember, it makes a point of not only collecting, but confirming a real email address that can be used to reach you.

In addition to that there’s the usual reminder that because this is web based, they have your IP address in their server logs from the moment you connect.

In terms of the level of anonymity and security you get from this site, I would class it as little more than a toy that should never be used for anything serious or trusted with any real secrets.

Technorati Tags: review, anonymity, web mail, not anonymous, website review, anonymous email, weak anonymity, hotmail, anonymous email site, send anonymous email

I recently saw a message thread where somebody asked how they could set up an anonymous email address that they could use when signing up for sites that they didn’t want to give up any real personal or contact information.

The answer they were given was to sign up for a web email account at a place like Yahoo or Hotmail and that if things ever got dicey they could just stop checking that mailbox.

This kind of tactic will get you only very casual anonymity at best for several reasons.

1) Unless you always connect using TOR, they will have your IP address which, along with the time makes finding you trivial.

2) Most services like this require a primary email address in order to sign up for theirs.  It’s both for being able to recover lost passwords and in the event of any legal action involving email you’ve sent with their service they can and will cooperate with courts, lawyers and law enforcement and hand over anything they have on you.

3) The headers in emails sent from these services will include your IP address at the time the message was sent unless you only connect via TOR AND have Javascript disabled. IF you can get signed up without giving an email address that leads back to you, something that’s very hard to find these days.

This low level of anonymity is useful as a “throwaway” email address that you can use when signing up for sites that you suspect might spam you or sell your email address.  When the spam gets too bad, simply delete the account.

It is however, NOT sufficiently anonymous if you’re involved in anything (good or evil) that’s liable to attract attention from somebody’s lawyer(s) or some flavor of Law enforcement.

Technorati Tags: not anoymous, yahoo, send anonymous emai, yahoo mail, hotmail, anonymous email, weak anonymity, web mail

Anonymous Email Review – Webwizny

On the home page of Webwizny you will find a collection of free online tools that range from things like “Send your Xmas List to Santa”, Free Image Hosting and Downloading videos from YouTube, to finding out how old you are in days or analyzing the strength of a password and a few more.

One of those tools is “Send Anonymous Emails”.  It’s a simple form in which you fill in a fake “from” address, the address you’re sending the message to, an optional blind carbon copy that can be sent to another address and then the subject and body of the message.

While it does work, I think there’s a few things to consider before using this as anything more than having a bit of fun.  For example it would be fine if you wanted to send an email to convince somebody you were in the Outer Banks when actually you were in Atlantic city losing your shirt.  Of course, you could only get away with it if somebody didn’t decide to look closely at the email headers and do a bit of easy online detective work

I checked it out sending a test message to myself.  The test message arrived within seconds of being sent.  Fast delivery is good but from a security standpoint, some latency (delay) would be helpful to help disguise when it was sent.

The message headers contain enough standard information that would make tracing the email back to the server it came from easy.  From there it would be a simple matter of getting a court order for server logs to find out the time it was sent and the IP address of the sender.

While it’s labeled as anonymous email, that anonymity is only very casual at best.  A determined lawyer could very likely break that anonymity in a matter of hours.

A New Internet? No Thanks

There’s a piece on the NYTimes that’s asking the question “Do we need a new Internet?”  It’s going on and on about how this bunch of university science drones have this cracked idea that the entire internet system needs to be replaced with a new one.

Not very far into the article I saw this quote:

What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety.

If I had any doubts before I didn’t after seeing that.  NO.  We do NOT need Big Brother’s new internet.

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

–Benjamin Franklin, Pennsylvania Assembly: Reply to the Governor, November 11, 1755.—The Papers of Benjamin Franklin, ed. Leonard W. Labaree, vol. 6, p. 242 (1963).

I for one don’t intend to give up anything.

Technorati Tags: liberty, safety, new internet, privacy, freedom, benjamin franklin, internet, anonymity

Anonymous Email Review – Deadfake.com

Over the years I’ve seen a lot of sites that offer the visitor the ability to send emails that they promote as being anonymous.  Unfortunately, most of them offer very little if any actual anonymity at all.

Most of these sites tell the user that they make it possible to send an email that the recipient will not be able to find out who sent it when in fact, the email can be traced back to the server it came from and from there it’s a simple matter of a subpoena to get the website server logs and discover when the website form sent the message to the mail server, the IP address of the user that filled out the form and the date & time the form was sent.

Given the IP address and the timestamp, it’s almost trivial for somebody’s lawyer to take the steps needed to get their ISP to give up what user account was assigned that IP address at that time.  From there the person responsible for that user account gets contacted by the attorney and things may or may not get legal depending on the situation.

The so-called anonymous email services that many sites offer are good for very little more than to be used as toys, joking back and forth with friends, family and acquaintances that aren’t going to decide to haul your carcass into court and get legal on you.

Therefore I’m going to start doing reviews of these sites and explaining why I believe their services to not be nearly as anonymous as they look at first glance.  The first of these is deadfake.com.

Deadfake has a simple introduction that tells the visitor that they can use the site to send anonymous emails and make it look like it came from somebody else.  It appears to be intended for the sole purpose of playing pranks on people and having some fun with them.  As a point in their favor they do have a warning:

Don’t send any spam or other illegal things from this site. Email is never really fully anonymous (check the FAQ for more info). It’s also bad karma, and I will track you down and bite you.

Their FAQ also explains that this isn’t *really* anonymous and that it does add both an X-Mailer and X-Originating-Ip headers that contain all the information needed to identify the sender’s ISP and find the sender.

As a test, I went on to the “send fake mail” page and filled in the form to send myself a test message.  Once the message was done I filled in the captcha and hit “send now”.  Instead of being told that the message was sent, I was greeted with an error message:

Oops!

Sorry, there was some sort of problem while sending your message – please try again in a few minutes!

I tried again a few minutes later and then again a few hours later, each time getting the same error message.  That’s when I noticed a block of stats in the sidebar:

Stats

Total emails sent: 223291

…in last 24 hours: 0

I never did get deadfake to work and perhaps it’s just as well.  While a site like this can be fun to play around with sending your kid sister emails from Elvis and such, they can also be all too easily used by somebody who need to really anonymous, only to find out that their anonymity was very thin indeed.

Another thing that the site offers is a two page walk through that explains how to use a very simple nslookup command to identify a mail server to use and how to use telnet to connect to that server and send email from it.

I Strongly recommend AGAINST doing that.

For one thing, if you have a real need to be anonymous, you’ve blown it the second you open the telnet session.  The server logs will have your IP address and a timestamp of when you connected.  In short, you’re pwned before the message is even sent.

For another, while this technique CAN be used to send mail (I’ve done it myself with my own mail server just to prove I could), It requires that the mail server does not require authentication in order to send mail.  That kind of mail server is becoming a rare beast indeed these days as server admins take steps to keep from being an “open relay” that can be taken advantage of by spammers.

Another good reason not to use the telnet method is that there are plenty of sites whose legal departments will be all too glad to jump down your throat for unauthorized use of their servers and frankly, if such a case goes to court they’re going to win.  Save yourself the trouble and DON’T do it in the first place.

Yes, there ARE ways to have secure anonymity and send anonymous email that’s all but impossible to trace.  Deadfake.com isn’t one of them.

Technorati Tags: anonymous email, send anonymous email, anonymous email site, website review, anonymity, review

 Page 5 of 13  « First  ... « 3  4  5  6  7 » ...  Last »