the last dying gasp of anonymity...
December 4, 2008 7:44 AM Subscribe
What can I do to keep my location being found from emails sent to me?
I have a project that will require people to send me emails. I do not want the people sending the emails to find my location. Presently, I'm set up so that the email senders will send an email to a gmail account that will automatically forward all messages to a hushmail account.
I might not be able to use tor for this. Will it be possible for people to find where I am?
I should note that I'm not involved in anything illegal, and that I know that senders will be able to use subpoenas to find me through legal channels. I'm just trying to make sure that people can't find me through hacker channels.
I have a project that will require people to send me emails. I do not want the people sending the emails to find my location. Presently, I'm set up so that the email senders will send an email to a gmail account that will automatically forward all messages to a hushmail account.
I might not be able to use tor for this. Will it be possible for people to find where I am?
I should note that I'm not involved in anything illegal, and that I know that senders will be able to use subpoenas to find me through legal channels. I'm just trying to make sure that people can't find me through hacker channels.
I hope you're not using some variation of your username here, as your location is in your profile.
posted by desjardins at 8:11 AM on December 4, 2008 [2 favorites]
posted by desjardins at 8:11 AM on December 4, 2008 [2 favorites]
Additionally... if you just read the emails in the Gmail web interface, the best they could do is find the IP address of the Gmail server when you reply, or if a tracking receipt is sent as long as you make sure that images are set to not be displayed by default. You just need to be wary of attachments.
posted by rocketpup at 8:14 AM on December 4, 2008
posted by rocketpup at 8:14 AM on December 4, 2008
Yeah, unless you're loading images in an email, (which sends a request to the server hosting the image, possibly revealing your IP address and thus, usually, your location) simply reading an email doesn't reveal anything to the original sender, whether it's through GMail or a traditional mail client. The servers holding your mail will know where you're coming from, but they won't ever report that data or make it available, and I'd consider GMail virtually "unhackable" in that respect.
posted by disillusioned at 9:39 AM on December 4, 2008
posted by disillusioned at 9:39 AM on December 4, 2008
Best answer: I dont think thats true. If there is an embedded image in those emails then the IP reported back will be his computer, not gmail's server.
Just opening his gmail account may be a risk. Who knows what pre-fetching javascript madness they may be running. This can be tested somewhat with wireshark.
Even hushmail may have this issue. Im not sure how it handles tracking images.
What you should do is get a shell account someplace and open your email with pine or some other text-only viewer. It cant load tracking images and even if there was some trick the only thing they would get is the IP of the server, as pine truly runs remotely while webmail runs locally.
You could probably just configure pine to use gmail's pop server. You can get free or super cheap shell accounts anywhere.
Also, sending mail will reveal your client IP and email server IP. Some services suppress the client IP, like gmail, but why even take a chance? Do it via the shell account via ssh.
Lastly, if I wanted your location I would probably just send you a link to something project related hosted on one of my servers with some unique identifier and look at your IP. Perhaps tor can help you out here.
posted by damn dirty ape at 9:51 AM on December 4, 2008 [1 favorite]
Just opening his gmail account may be a risk. Who knows what pre-fetching javascript madness they may be running. This can be tested somewhat with wireshark.
Even hushmail may have this issue. Im not sure how it handles tracking images.
What you should do is get a shell account someplace and open your email with pine or some other text-only viewer. It cant load tracking images and even if there was some trick the only thing they would get is the IP of the server, as pine truly runs remotely while webmail runs locally.
You could probably just configure pine to use gmail's pop server. You can get free or super cheap shell accounts anywhere.
Also, sending mail will reveal your client IP and email server IP. Some services suppress the client IP, like gmail, but why even take a chance? Do it via the shell account via ssh.
Lastly, if I wanted your location I would probably just send you a link to something project related hosted on one of my servers with some unique identifier and look at your IP. Perhaps tor can help you out here.
posted by damn dirty ape at 9:51 AM on December 4, 2008 [1 favorite]
Also, its worth mentioning that your IP isnt going to give anyone your home address. At best it will be traceable fuzzily to your state or region and perhaps your city.
posted by damn dirty ape at 10:03 AM on December 4, 2008
posted by damn dirty ape at 10:03 AM on December 4, 2008
"Who knows what pre-fetching javascript madness they may be running."
I do, actually. There is none.
Read the emails from gmail (which won't load remote images without specific permission), reply from within the gmail interface, and take of the tin-foil hat.
Also IP address =/= Home Address.
posted by toomuchpete at 11:30 AM on December 4, 2008 [3 favorites]
I do, actually. There is none.
Read the emails from gmail (which won't load remote images without specific permission), reply from within the gmail interface, and take of the tin-foil hat.
Also IP address =/= Home Address.
posted by toomuchpete at 11:30 AM on December 4, 2008 [3 favorites]
Who knows what pre-fetching javascript madness they may be running.
Anybody who cares enough to disable/watch javascript, or use the HTML only interface?
posted by jacalata at 12:58 PM on December 4, 2008
Anybody who cares enough to disable/watch javascript, or use the HTML only interface?
posted by jacalata at 12:58 PM on December 4, 2008
If you used a web proxy to connect to your web mail account, that might throw off the scent.
posted by JuiceBoxHero at 5:54 PM on December 4, 2008
posted by JuiceBoxHero at 5:54 PM on December 4, 2008
Try sending a few messages from the account you intend to use to a few recipients. From those recipients, get the full header of the message. You'll see at least one "Received:" line like the following:
Received: from ?192.168.123.101? (user-14ldxyz.cable.megacorpnet.com [69.186.12.138]) by mx.google.com with ESMTPS id b8sm2538470rvf.3.2008.
12.122.21.55.43 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 10 Dec 2008 20:55:44 -0800 (PST)
Read multiple Received lines from the bottom up. If you're able to note any identifiable information then the receiving end may be able to discern the origin of the message to some degree. In the example above, intentionally altered, one could use the ip address to find my city and if they were familiar enough or connected to the megacorpnet network they could locate my neighborhood.
Compare the Received lines of an email sent from a desktop client like Thunderbird and an email sent with a webmail application behind an anonymous proxy. Also, Google 'anonymous remailer' and experiment with emails sent through one of those.
posted by ezekieldas at 9:18 PM on December 10, 2008
« Older Can you help me find photographers with projects... | Help me find a quote/poem/proverb about friendship... Newer »
This thread is closed to new comments.
posted by zsazsa at 8:01 AM on December 4, 2008