Do You Hate Captchas?

OF COURSE YOU DO!

Well, Youtube really needs to fix theirs and Urgo6667 of youtube orbit and SocialBlade fame is trying to get their attention on the matter. You can help by watching this video, commenting on it, giving it a thumbs up on youtube and sharing it with others that hate captchas! If we work together, we CAN get youtube’s attention and get them to effect a positive change!!

This kind of tactic has worked before and it can work again!

Technorati Tags: spam, captcha, YouTube, stupid, partners, hard, captchas, annoying, urgo6667, anti, urgo, read

Folded Note Could Be Unfolded Too Easily For Strong Anonymity

www.foldednote.com is another in the long list of web based services that offer some form of anonymous email messaging.  Theirs is somewhat different than most I’ve seen in that it involves a four step process and even allows the anonymous sender to recieve a reply.  All this while ostensibly remaining anonymous.  Of course, I decided to check it out.

Step one

You’re presented with a form where you enter the recipient’s email address and write your message (which is limited to 500 characters).  When you’re done, you click on “Review your note” which takes you to a page that allows you to preview the note and, if need be, continue editing.

I have to say that I also found it interesting that they actively prevent users from sending messages to themselves.  Fortunately I have plenty of secondary email addresses to use for testing the site.

Once you’re satisfied, you then need to enter your email address and solve a captcha.  This causes a confirmation to be sent to your email address.  The confirmation contains a link that you must use in order to sent the email.  I’ll give ’em one thing, their use of confirmation of the sender’s email combined with a captcha means that this system is like pantry moth traps for spammers so the site will definitely not be abused by spammers.

It also insures that they’ve got your email address because the system will not send your message unless it’s got yours confirmed by clicking the link in the confirmation email they send you.

Step two

The next thing that happens is that the recipient get an email from folded note saying that there’s a message waiting for them and gives them a link to click on to pick it up.  Once they click on the link they get the note presented on the folded note site.

Step three

At this point you have the option to rate the note, block the sender permanently or send a reply.  The reply can only be up to 200 characters long

Step four

Finally the sender gets to see the response if any.

The folded note site makes it clear in their terms of service that they’ll cooperate with law enforcement, court orders and the like.  Anyone using this system should make very certain not to trust it with anything important at all and certainly not anything illegal.  Remember, it makes a point of not only collecting, but confirming a real email address that can be used to reach you.

In addition to that there’s the usual reminder that because this is web based, they have your IP address in their server logs from the moment you connect.

In terms of the level of anonymity and security you get from this site, I would class it as little more than a toy that should never be used for anything serious or trusted with any real secrets.

Technorati Tags: web mail, hotmail, weak anonymity, website review, not anonymous, review, anonymous email site, send anonymous email, anonymity, anonymous email

Anonymous Email Review – Deadfake.com

Over the years I’ve seen a lot of sites that offer the visitor the ability to send emails that they promote as being anonymous.  Unfortunately, most of them offer very little if any actual anonymity at all.

Most of these sites tell the user that they make it possible to send an email that the recipient will not be able to find out who sent it when in fact, the email can be traced back to the server it came from and from there it’s a simple matter of a subpoena to get the website server logs and discover when the website form sent the message to the mail server, the IP address of the user that filled out the form and the date & time the form was sent.

Given the IP address and the timestamp, it’s almost trivial for somebody’s lawyer to take the steps needed to get their ISP to give up what user account was assigned that IP address at that time.  From there the person responsible for that user account gets contacted by the attorney and things may or may not get legal depending on the situation.

The so-called anonymous email services that many sites offer are good for very little more than to be used as toys, joking back and forth with friends, family and acquaintances that aren’t going to decide to haul your carcass into court and get legal on you.

Therefore I’m going to start doing reviews of these sites and explaining why I believe their services to not be nearly as anonymous as they look at first glance.  The first of these is deadfake.com.

Deadfake has a simple introduction that tells the visitor that they can use the site to send anonymous emails and make it look like it came from somebody else.  It appears to be intended for the sole purpose of playing pranks on people and having some fun with them.  As a point in their favor they do have a warning:

Don’t send any spam or other illegal things from this site. Email is never really fully anonymous (check the FAQ for more info). It’s also bad karma, and I will track you down and bite you.

Their FAQ also explains that this isn’t *really* anonymous and that it does add both an X-Mailer and X-Originating-Ip headers that contain all the information needed to identify the sender’s ISP and find the sender.

As a test, I went on to the “send fake mail” page and filled in the form to send myself a test message.  Once the message was done I filled in the captcha and hit “send now”.  Instead of being told that the message was sent, I was greeted with an error message:

Oops!

Sorry, there was some sort of problem while sending your message – please try again in a few minutes!

I tried again a few minutes later and then again a few hours later, each time getting the same error message.  That’s when I noticed a block of stats in the sidebar:

Stats

Total emails sent: 223291

…in last 24 hours: 0

I never did get deadfake to work and perhaps it’s just as well.  While a site like this can be fun to play around with sending your kid sister emails from Elvis and such, they can also be all too easily used by somebody who need to really anonymous, only to find out that their anonymity was very thin indeed.

Another thing that the site offers is a two page walk through that explains how to use a very simple nslookup command to identify a mail server to use and how to use telnet to connect to that server and send email from it.

I Strongly recommend AGAINST doing that.

For one thing, if you have a real need to be anonymous, you’ve blown it the second you open the telnet session.  The server logs will have your IP address and a timestamp of when you connected.  In short, you’re pwned before the message is even sent.

For another, while this technique CAN be used to send mail (I’ve done it myself with my own mail server just to prove I could), It requires that the mail server does not require authentication in order to send mail.  That kind of mail server is becoming a rare beast indeed these days as server admins take steps to keep from being an “open relay” that can be taken advantage of by spammers.

Another good reason not to use the telnet method is that there are plenty of sites whose legal departments will be all too glad to jump down your throat for unauthorized use of their servers and frankly, if such a case goes to court they’re going to win.  Save yourself the trouble and DON’T do it in the first place.

Yes, there ARE ways to have secure anonymity and send anonymous email that’s all but impossible to trace.  Deadfake.com isn’t one of them.

Technorati Tags: anonymous email site, review, send anonymous email, website review, anonymous email, anonymity