Help me blow the whistle, not my career (TOR/anon email)
November 7, 2017 3:54 AM Subscribe
I need to use anonymous email to report something at work. (I've thought this through, it is the only viable option). Will TOR, on my personal tablet, effectively protect my IP address? Note: this device has been on work's guest network where I have to log in. So, if they save IP addresses/logins, and they wanted to look, they could match me up if TOR lets my IP through.
I know the best way is to use a burner device on an open wifi network in a location that doesn't narrow the user down to me. That's going to be tough for me, timing-wise. There's a window of time where I think this report will be listened to, and I need to hit that.
I'm also in need of an easy, free anonymous email address for this, preferably one that doesn't send IP address (even with TOR, another layer of security). It appears that Hushmail now requires another address to register, so I'm on the hunt for one that doesn't require the extra hoop of creating another burner address.
Any recommendations to help me do this without becoming the subject of an office interrogation? (Also note, this is serious enough to report, but nothing illegal/dangerous)
I know the best way is to use a burner device on an open wifi network in a location that doesn't narrow the user down to me. That's going to be tough for me, timing-wise. There's a window of time where I think this report will be listened to, and I need to hit that.
I'm also in need of an easy, free anonymous email address for this, preferably one that doesn't send IP address (even with TOR, another layer of security). It appears that Hushmail now requires another address to register, so I'm on the hunt for one that doesn't require the extra hoop of creating another burner address.
Any recommendations to help me do this without becoming the subject of an office interrogation? (Also note, this is serious enough to report, but nothing illegal/dangerous)
Any recommendations to help me do this without becoming the subject of an office interrogation?
Leaving aside the technology for a moment, you'd be surprised how easy it is to identify people from their textual idiolect - their choice of words and phrasing, their grammatical and punctuation quirks, the level of invention and emphasis in what they write. Have you ever read an anonymous AskMe and realised you know who it is by the writing style?
If you have a limited time to send this message, the problem will be worse because although it's possible to disguise the way you write, it involves going through every sentence and rephrasing it in a way that doesn't sound like you, which is very time-consuming. So you may want to carefully prepare this message in advance and save it as a draft on your tablet.
posted by Busy Old Fool at 4:08 AM on November 7, 2017 [12 favorites]
Leaving aside the technology for a moment, you'd be surprised how easy it is to identify people from their textual idiolect - their choice of words and phrasing, their grammatical and punctuation quirks, the level of invention and emphasis in what they write. Have you ever read an anonymous AskMe and realised you know who it is by the writing style?
If you have a limited time to send this message, the problem will be worse because although it's possible to disguise the way you write, it involves going through every sentence and rephrasing it in a way that doesn't sound like you, which is very time-consuming. So you may want to carefully prepare this message in advance and save it as a draft on your tablet.
posted by Busy Old Fool at 4:08 AM on November 7, 2017 [12 favorites]
I would recommend against using any personal devices. There's all kinds of information that can be gleaned from your device fingerprint. (eg. OS and version, browser version etc. - if somebody at work knows which tablet you're using, this is almost enough to identify you).
Seconding the library or a cafe with free wifi. Is your location really unique enough that library/cafe location + place of work would narrow it down to you? Or maybe use the data on your phone to create a local hotspot to connect to - you'll get a dynamic public IP which is probably not tied to a certain location, only to your phone provider.
As for email, would GuerillaMail maybe be ok? They're sending along your IP, but maybe that's ok if you're on another, public wifi network.
And for the love of everything holy, don't send out any attachments/Word documents and similar, as they're full of identifying metadata. Send out a plain-text email.
posted by gakiko at 4:42 AM on November 7, 2017 [4 favorites]
Seconding the library or a cafe with free wifi. Is your location really unique enough that library/cafe location + place of work would narrow it down to you? Or maybe use the data on your phone to create a local hotspot to connect to - you'll get a dynamic public IP which is probably not tied to a certain location, only to your phone provider.
As for email, would GuerillaMail maybe be ok? They're sending along your IP, but maybe that's ok if you're on another, public wifi network.
And for the love of everything holy, don't send out any attachments/Word documents and similar, as they're full of identifying metadata. Send out a plain-text email.
posted by gakiko at 4:42 AM on November 7, 2017 [4 favorites]
TOR is probably overkill here, unless you think you're under serious surveillance, or you think someone investigating this is likely to start getting a court to issue subpoenas to try to identify you. Generally, if you send email from the webmail interface of a service like Gmail, the service either doesn't report the originating IP, or it reports the originating IP as being the server at the mail service that handled your request.
For example, here are the full headers of an email I just sent to myself through Gmail's web interface:
MIME-Version: 1.0
Received: by 10.25.147.153 with HTTP; Tue, 7 Nov 2017 04:39:05 -0800 (PST) [NB: that IP address is for a Google mail server, not my IP]
Date: Tue, 7 Nov 2017 07:39:05 -0500
Delivered-To: **********@gmail.com
Message-ID:
Subject: test
From: *************@gmail.com
To: *************@gmail.com
Content-Type: multipart/alternative; boundary="001a114119ba40abb1055d63db81"
So as long as you use an anonymous address, don't write anything identifiable in content or style, and use the web interface on a device not controlled by your work over a connection not controlled by your work, you should be in the clear.
(This is a much harder problem if you're worried about someone getting a court involved and sending a subpoena to the email provider, or if you're worried about being actively surveilled by people willing to do unethical and/or illegal things to see what you're doing.)
posted by firechicago at 4:54 AM on November 7, 2017
For example, here are the full headers of an email I just sent to myself through Gmail's web interface:
MIME-Version: 1.0
Received: by 10.25.147.153 with HTTP; Tue, 7 Nov 2017 04:39:05 -0800 (PST) [NB: that IP address is for a Google mail server, not my IP]
Date: Tue, 7 Nov 2017 07:39:05 -0500
Delivered-To: **********@gmail.com
Message-ID:
Subject: test
From: *************@gmail.com
To: *************@gmail.com
Content-Type: multipart/alternative; boundary="001a114119ba40abb1055d63db81"
So as long as you use an anonymous address, don't write anything identifiable in content or style, and use the web interface on a device not controlled by your work over a connection not controlled by your work, you should be in the clear.
(This is a much harder problem if you're worried about someone getting a court involved and sending a subpoena to the email provider, or if you're worried about being actively surveilled by people willing to do unethical and/or illegal things to see what you're doing.)
posted by firechicago at 4:54 AM on November 7, 2017
If you want to make extra sure nobody can trace this to you personally, check out Tails.
Only you know what is and isn’t overkill for your risk profile, but that right there is some spy level shit.
posted by SaltySalticid at 5:03 AM on November 7, 2017 [3 favorites]
Only you know what is and isn’t overkill for your risk profile, but that right there is some spy level shit.
posted by SaltySalticid at 5:03 AM on November 7, 2017 [3 favorites]
The whole point of using TOR is that it conceals your IP address. Any service you use through TOR sees your traffic coming from the IP address of the TOR exit node, which could be anywhere in the world. Note that although services can't tell your original IP address, they can tell you're using TOR, because the IP addresses of exit nodes aren't secret.
| So, if they save IP addresses/logins, and they wanted to look, they could match me up if TOR lets my IP through.
The IP address of a device is more like a street address than a fingerprint - if you're using your tablet from your home network, you'll have a completely different IP address than if you're using it at a Starbucks down the road, or at work. Your tablet does have an ID like a fingerprint that uniquely identifies itself called a MAC address, but this isn't visible over the internet. Even tracking down a specific IP address to a specific physical location beyond "probably x town" is hard enough that the most common route is subpoenaing the relevant internet service provider. I know of no ISP that gives this information out without a court order.
Most of the stuff people are talking about here like device fingerprint also isn't really relevant as far as an email goes - an ad network could track your behaviour over multiple sites with a device fingerprint, but an email that you send contains none of that data. Again, that'd only really be a concern if you think it's likely that the email provider will be subpoenaed to find out who sent the email, and even then I don't think I've ever seen anyone identify a specific person from a device fingerprint. I guess it's about possible that they've saved a fingerprint from every device that ever connected to the work guest network and they could compare those to the subpoenaed records (if the email provider even saves a device fingerprint, and they could convince a court to compel the provider to release it), but this is really stretching credibility.
tl;dr: creating a new GMail account and sending an email with it through TOR from your own home will be more than sufficient to conceal your identity from anyone so long as you don't sign the email with your real name.
posted by spielzebub at 5:17 AM on November 7, 2017 [1 favorite]
| So, if they save IP addresses/logins, and they wanted to look, they could match me up if TOR lets my IP through.
The IP address of a device is more like a street address than a fingerprint - if you're using your tablet from your home network, you'll have a completely different IP address than if you're using it at a Starbucks down the road, or at work. Your tablet does have an ID like a fingerprint that uniquely identifies itself called a MAC address, but this isn't visible over the internet. Even tracking down a specific IP address to a specific physical location beyond "probably x town" is hard enough that the most common route is subpoenaing the relevant internet service provider. I know of no ISP that gives this information out without a court order.
Most of the stuff people are talking about here like device fingerprint also isn't really relevant as far as an email goes - an ad network could track your behaviour over multiple sites with a device fingerprint, but an email that you send contains none of that data. Again, that'd only really be a concern if you think it's likely that the email provider will be subpoenaed to find out who sent the email, and even then I don't think I've ever seen anyone identify a specific person from a device fingerprint. I guess it's about possible that they've saved a fingerprint from every device that ever connected to the work guest network and they could compare those to the subpoenaed records (if the email provider even saves a device fingerprint, and they could convince a court to compel the provider to release it), but this is really stretching credibility.
tl;dr: creating a new GMail account and sending an email with it through TOR from your own home will be more than sufficient to conceal your identity from anyone so long as you don't sign the email with your real name.
posted by spielzebub at 5:17 AM on November 7, 2017 [1 favorite]
Not an expert but I think your biggest hurdle is not so much hiding the IP address (which you must do, mind, but that's the easy part) as hiding other personally identifiable info like writing style, software and hardware fingerprints, etc.
What I'd do: go to a library or other place with public internet access, download Tor Browser to the library's computer (or carry the installation archive with you in a usb drive and run it from there), use TB to access GuerillaMail's site, type your message (or copy paste it from a text file in your usb drive; NO PDF, WORD, JPEG or anything other than plaintext), send.
posted by Bangaioh at 5:24 AM on November 7, 2017 [2 favorites]
What I'd do: go to a library or other place with public internet access, download Tor Browser to the library's computer (or carry the installation archive with you in a usb drive and run it from there), use TB to access GuerillaMail's site, type your message (or copy paste it from a text file in your usb drive; NO PDF, WORD, JPEG or anything other than plaintext), send.
posted by Bangaioh at 5:24 AM on November 7, 2017 [2 favorites]
but an email that you send contains none of that data
This is false, email clients and providers will definitely leak your IP address and other fingerprintable information like time-zone, etc in the email headers.
posted by Bangaioh at 5:29 AM on November 7, 2017
This is false, email clients and providers will definitely leak your IP address and other fingerprintable information like time-zone, etc in the email headers.
posted by Bangaioh at 5:29 AM on November 7, 2017
email clients and providers will definitely leak your IP address and other fingerprintable information like time-zone, etc in the email headers.
This varies quite a bit. Generally standalone clients (like Thunderbird, or the built-in mail client on your device) will send this information, but the web clients of email providers (so, if you go to gmail.com in your browser and type your email in there) will not.
posted by firechicago at 5:44 AM on November 7, 2017
This varies quite a bit. Generally standalone clients (like Thunderbird, or the built-in mail client on your device) will send this information, but the web clients of email providers (so, if you go to gmail.com in your browser and type your email in there) will not.
posted by firechicago at 5:44 AM on November 7, 2017
To fix the problems that Busy Old Fool mentions (and I agree, this is the biggest likely way to unmask you), consider using google translate to take your text and translate it to another language, and re-translate that back to English. You'll still have to deal with some issues (like my love of parenthesis). As an example the next paragraph is the same text, to Spanish, then Russian and back.
To solve the problems mentioned by Busy Old Fool (and I accept, this is the most likely way to expose it), think about using Google translate the text, translate it into another language and translate it into English. You still have to with some problems (for example, my love for parentheses). As an example, the next paragraph is the same text, in Spanish, then in Russian and vice versa.
You might need to correct some things where the translations have ruined meaning, but it definitely alters the feel, and word choices.
Beyond that, a lot of this depends upon the stakes. Are you looking at potential espionage or treason charges for doing this whistle blowing? If no, then I'd feel content to use a vpn or tor to sign up for a new email address and send via that. Ideally becasue some mail/web clients might leak things like browser/OS take a look at the email headers of the provider first. It looks like guerilla mail should be fine - it reports the sending IP address, but that will be disguised via TOR or vpn. Look for "disposable email account" - there's lots of accounts that will work for 10, 20 or 60 minutes and then poof, gone.
However, have you talked at work about VPN's, or TOR? Most of my co-workers know the VPN I use because I've recommended it when people have asked. If there was a critical email that came in from that VPN, I'd likely be one of 2-3 people immediately suspected.
The other thing to consider is who has the information that you're reporting?
Is the information possibly watermarked? I.E. you don't want to lose in the similar fashion of Reality Winner.
If you might be looking at espionage charges for doing the reporting, then you need significantly more security measures. USB boot disk for a laptop that you take to another city (ideally one you don't commonly go to), change your ethernet mac address to not be that of your hardware (depends upon the hardware and driver's if you can do this), login to free wifi (coffee shop), setup tor, send disposable email and leave and never come back.
posted by nobeagle at 8:17 AM on November 7, 2017 [2 favorites]
To solve the problems mentioned by Busy Old Fool (and I accept, this is the most likely way to expose it), think about using Google translate the text, translate it into another language and translate it into English. You still have to with some problems (for example, my love for parentheses). As an example, the next paragraph is the same text, in Spanish, then in Russian and vice versa.
You might need to correct some things where the translations have ruined meaning, but it definitely alters the feel, and word choices.
Beyond that, a lot of this depends upon the stakes. Are you looking at potential espionage or treason charges for doing this whistle blowing? If no, then I'd feel content to use a vpn or tor to sign up for a new email address and send via that. Ideally becasue some mail/web clients might leak things like browser/OS take a look at the email headers of the provider first. It looks like guerilla mail should be fine - it reports the sending IP address, but that will be disguised via TOR or vpn. Look for "disposable email account" - there's lots of accounts that will work for 10, 20 or 60 minutes and then poof, gone.
However, have you talked at work about VPN's, or TOR? Most of my co-workers know the VPN I use because I've recommended it when people have asked. If there was a critical email that came in from that VPN, I'd likely be one of 2-3 people immediately suspected.
The other thing to consider is who has the information that you're reporting?
Is the information possibly watermarked? I.E. you don't want to lose in the similar fashion of Reality Winner.
If you might be looking at espionage charges for doing the reporting, then you need significantly more security measures. USB boot disk for a laptop that you take to another city (ideally one you don't commonly go to), change your ethernet mac address to not be that of your hardware (depends upon the hardware and driver's if you can do this), login to free wifi (coffee shop), setup tor, send disposable email and leave and never come back.
posted by nobeagle at 8:17 AM on November 7, 2017 [2 favorites]
Is there some reason you don't just send your message in a letter?
posted by John Borrowman at 9:26 AM on November 7, 2017 [4 favorites]
posted by John Borrowman at 9:26 AM on November 7, 2017 [4 favorites]
When looking for privacy, I recommend ProtonMail as the email client. Based in Switzerland, encrypted, keeps no IP logs.
If the information is of the sort that would highly motivate the employer to find the whistleblower, don't use a personal device. Don't use anything connected with you.
If you have a narrow window of time to send the email, look for a web-based email that allows for scheduled sending of messages (unfortunately, ProtonMail doesn't offer this). Write it, then tell the program when to send it.
Finally: are you sure it's worth doing? I recall consulting with an attorney in a desperate quest to find a way to anonymously whistleblow on a previous employer. My information could've led to criminal charges, and would've affected the outcome of an ongoing civil case. The attorney told me there was no way law enforcement or opposing counsel could use my information without it being reliably sourced. In other words, if I wasn't willing to go on record, it was pointless.
I decided I'd rather not risk being blackballed in any future job search (reason for leaving current job: whistleblower is the kiss of death), so I gave up and held my tongue.
posted by Lunaloon at 11:07 AM on November 7, 2017
If the information is of the sort that would highly motivate the employer to find the whistleblower, don't use a personal device. Don't use anything connected with you.
If you have a narrow window of time to send the email, look for a web-based email that allows for scheduled sending of messages (unfortunately, ProtonMail doesn't offer this). Write it, then tell the program when to send it.
Finally: are you sure it's worth doing? I recall consulting with an attorney in a desperate quest to find a way to anonymously whistleblow on a previous employer. My information could've led to criminal charges, and would've affected the outcome of an ongoing civil case. The attorney told me there was no way law enforcement or opposing counsel could use my information without it being reliably sourced. In other words, if I wasn't willing to go on record, it was pointless.
I decided I'd rather not risk being blackballed in any future job search (reason for leaving current job: whistleblower is the kiss of death), so I gave up and held my tongue.
posted by Lunaloon at 11:07 AM on November 7, 2017
Maybe pop over to your local library (or one near your work), and create a new email from scratch there.
I'm a librarian. I'd suggest going to your nearest busy library after checking to make sure their privacy policy and actions will protect you. Potentially even going with a friend who could sign up. Many libraries are really serious about protecting partons privacy. Not all of them are. Keep in mind that many media outlets have secure drops set up for just this sort of communication (WA Post, Times). Other people have given good advice on the email thing, I would also double-suggest working on your noticeable typing style and verbiage if you are this concerned.
posted by jessamyn at 11:46 AM on November 7, 2017 [3 favorites]
I'm a librarian. I'd suggest going to your nearest busy library after checking to make sure their privacy policy and actions will protect you. Potentially even going with a friend who could sign up. Many libraries are really serious about protecting partons privacy. Not all of them are. Keep in mind that many media outlets have secure drops set up for just this sort of communication (WA Post, Times). Other people have given good advice on the email thing, I would also double-suggest working on your noticeable typing style and verbiage if you are this concerned.
posted by jessamyn at 11:46 AM on November 7, 2017 [3 favorites]
ProtonMail sent through Tor on public WiFi should cover your tracks pretty well, that's what I would use.
posted by julie_of_the_jungle at 12:28 PM on November 7, 2017
posted by julie_of_the_jungle at 12:28 PM on November 7, 2017
« Older Help me prepare for my internship in the US | How to think of myself as sexual again? Newer »
This thread is closed to new comments.
posted by hasna at 4:03 AM on November 7, 2017 [7 favorites]