Anonymous Email – Step one: You need PGP

One of the topics that I’ve been planning to cover here involves how to send anonymous email because I want to talk about how to blog anonymously and in order to do that, you need to be able to send email that cannot be traced back to you.

Before I go any further I want to make it clear that while I believe that it’s important for people to be able to use tools like this, I want to say that if all you want to do is say something nasty to somebody without them knowing that it was you then you’re far better off skipping this whole subject.  There is something of a learning curve involved in this and there’s no sense in spending the time and effort to learn something if all you’re going to do is be offensive or harrass people.  You’d be better off venting your frustrations in some other way.

There are plenty of reasons besides anonymity related issues for using PGP encryption and / or signing.  Text and files can be encrypted to be kept safe from prying eyes, text messages and binary files can be digitally signed to assure that they haven’t been tampered with and to assure where they come from.  If a signed message or file has been altered, then the signature will not be valid.

The signature makes you certain of where something came from because only the person who owns the key should know the passphrase for that key which means that nobody else can send a message signed with my key because I’m the only one who knows the passphrase.  Another thing the signature tells you is when something was signed because the date and time is included in the signature.

PGP, or the freeware, open-source GnuPG software is actually pretty easy to install and use.  You can download a freeware version of PGP.  It’s an older version but the advantage is that it’s free and will serve most purposes nicely.

I want to say that GnuPG is an open source freeware package that is up to date and can be obtained from their download page.  GPG Shell is a freeware windows friendly front end for GPG.  GPG is the more current software and for most purposes it is what I use.  However the anonymity tools I’ll be talking about in upcoming entries are designed to work with certain versions of PGP, version 6.5.8 being the best overall choice.

There are those who would say that it’s not a good idea to use older versions of software and try to talk you into getting version 8 or 9.  Don’t let ’em talk you into it.  You’d just be spending a lot of money on something that the software I’m going to cover cannot use.

I have both PGP 6.5.8 and GPG 1.4.7.  They don’t conflict with each other nor do they take up excess amounts of space.

A few years ago I wrote a series of tutorials about how to install and use PGP.  The introduction page also has some links on it for some useful pages to help new users learn how to use it.

Technorati Tags: , , , , ,

I recently saw a message thread where somebody asked how they could set up an anonymous email address that they could use when signing up for sites that they didn’t want to give up any real personal or contact information.

The answer they were given was to sign up for a web email account at a place like Yahoo or Hotmail and that if things ever got dicey they could just stop checking that mailbox.

This kind of tactic will get you only very casual anonymity at best for several reasons.

1) Unless you always connect using TOR, they will have your IP address which, along with the time makes finding you trivial.

2) Most services like this require a primary email address in order to sign up for theirs.  It’s both for being able to recover lost passwords and in the event of any legal action involving email you’ve sent with their service they can and will cooperate with courts, lawyers and law enforcement and hand over anything they have on you.

3) The headers in emails sent from these services will include your IP address at the time the message was sent unless you only connect via TOR AND have Javascript disabled. IF you can get signed up without giving an email address that leads back to you, something that’s very hard to find these days.

This low level of anonymity is useful as a “throwaway” email address that you can use when signing up for sites that you suspect might spam you or sell your email address.  When the spam gets too bad, simply delete the account.

It is however, NOT sufficiently anonymous if you’re involved in anything (good or evil) that’s liable to attract attention from somebody’s lawyer(s) or some flavor of Law enforcement.

Technorati Tags: anonymous email, send anonymous emai, hotmail, yahoo, weak anonymity, yahoo mail, web mail, not anoymous

Matterhorn Remailer Back Up

I recently posted about the Matterhorn remailer being down.  This morning I found an announcement in alt.privacy.anon-server that it’s been restored to normal operation.

It does however, have a new mixmaster key.  The best way to get the new key is to send an email to remailer AT rip DOT ax DOT lt with the subject line: remailer-key

Technorati Tags: type 2, anonymity, remailer, anonymous, cypherpunk, anonymous email, mixmaster, type 1

Matterhorn Remailer Down

I just ran across a post on alt.privacy.anon-server from yesterday announcing that the Matterhorn anonymous remailer is down, apparently due to a hard drive failure.  Since the operator is out of the country it’s likely to be months before it’s restored to operation.

What I thought was a completely non-thought out answer to that post was somebody suggesting that they just give instructions to somebody with physical access to the machine it runs on so that they could get it going again.

Obviously this is a bad idea.  Why?  Because a remailer is a security application and the only way that it can STAY that way is if ONLY the operator has the passphrases needed to access the machine and the PGP keys for the remailer program itself.  Having anyone else do anything with it means giving those passphrases to them in order for them to be able to do it.  It’s right up there with sharing your personal PGP/GnuPG key passphrase.  You just don’t do it… ever.

Why can’t people see really obvious things like this?

Technorati Tags: pgp, passphrase, anonymous, remailer, security, encryption

In Most Cases, You Only THINK You’re Anonymous

Entirely too many people think that just because they use a nick, pen name or handle (call it what you will.  It’s an alias) on a forum that what they say on that forum is anonymous.  This is in fact very much not the case.

Even if, when you sign up for the forum, you use a throwaway email address and false information in the registration form, your identity is at best only very thinly shielded.  There are 178 anonymous posters on topix.com who are in the process of finding out the truth of this.

According to a news report, the story begins about a year ago when a woman accused a couple of sexually assaulting her along with another man.  This is when people who believed that they were anonymous started posting comments on topix.com

The vast majority of those comments were extremely offensive (not to mention unprintable, I can’t help wondering why moderators at topix did not at least remove the worst of the comments and / or ban the users who posted them).

Last month the couple was found not guilty of the charges.  Unfortunately, this didn’t mean anything to the people posting their anonymous comments.  While the courts had found these people not guilty, the posters on topix apparently had them convicted and sentenced.  Thus the flood of vile comments continued.

Here’s where those 178 posters get to find out that they are not as anonymous as they thought they were.  A judge has ordered topix to hand over any potentially identifying information about the posters and gave them until March 6, 2009 to comply.  Since a representative from topix was quoted in the story saying that topics cooperates with the courts, it can only be assumed that they will most likely comply.

When they hand over this information it’s going to include the date, time and IP address of each poster at the time their comments were posted.  With that information, it’s a simple matter to consult with their ISPs (via court order if need be) and discover what user account was assigned to a particular IP address at the time a comment was made.  ISPs of course know when a user is connected and what IP address is assigned to them for that connection.  This ties the anonymous poster to the real world human responsible for the account used.  From there, lawsuits will issue forth.

I believe in anonymity and the right of people to be anonymous if they so choose.  However the other side of that coin is that if people think they’re anonymous, there are those who will abuse that anonymity.  Then again, as I’ve shown, they weren’t really anonymous in the first place.  They only assumed they were.

The lesson to learn here is that no matter what you do on the Internet, there is a very real chance it will return to haunt you someday.

Also, real, strong anonymity IS possible however most people don’t want to learn the things that are needed in order to accomplish it.  They generally think it’s too hard (it isn’t) or too much work (it isn’t) or requires a ton of sophisticated technical knowledge (it doesn’t) or they just don’t have the brains to comprehend much more than logging onto a forum someplace and issuing forth vile accusations and cruel, often libelous “opinions”.

The truth is that out of those of us who DO have a clue about true anonymity, only a vocal minority abuse it.  People who really want or need to be anonymous are, by definition, not in the habit of drawing attention to themselves.  They’re anonymous for a reason.  The last thing they want is to draw attention to themselves by pulling cruel, vile, asinine stunts like those posters did on topix.

Those idiots will no doubt get what they deserve.

Technorati Tags: Alias, Pen Name, Isps, vile comments, Truth, Anonymous Comments, Anonymous Posting, Email Address, offensive comments, harrasment, News Report, False Information, Anonymous Posters, Date Time, persecution, Registration Form, tarrant county, online persecution, Topix

 Page 2 of 5 « 1  2  3  4  5 »