Keeping the identity of a secret admirer... secret
May 25, 2011 11:17 AM   Subscribe

How anonymous is my anonymous gmail account?

There are some previous askme questions on this, but they seem to be a few years old... and/or are a bit over my head.

In short, does correspondence through a throwaway gmail account reveal (especially to someone techie) anything about my IP address, web service provider, computer model, state/region/country, etc.? And if so, is there a relatively simple way to avoid this? Does working through a Chrome "incognito" window make any difference?

I am only concerned about what the recipient of emails to/from this account can detect, not any larger online privacy matters.

(And by the way, this is just for a fun birthday surprise, not international espionage, but the recipient has mad tech skills and I'd like to make it work if I can).

Thank you!
posted by argonauta to Computers & Internet (21 answers total) 13 users marked this as a favorite
 
I'm no techie, but the simplest answer to me seems to be to create the account and send the email from a public library near (or not near) to you....
posted by tivalasvegas at 11:29 AM on May 25, 2011


It should be pretty anonymous barring a court order.

A gmail message won't reveal anything about your IP address, ISP or other personal information. Chrome incognito won't increase the privacy of the message delivery. It might prevent someone with access to your computer from discovering the account.

If the recipient has mad tech skills and is deliberately trying to figure out who the sender is, beware of following any links they send in response-- they could send you to a website they control and log your IP address and browser information that way.
posted by justkevin at 11:31 AM on May 25, 2011 [1 favorite]


I know this isn't really what you're asking, but I once had a student e-mail me from an anonymous gmail account saying that I should know there were people cheating on an exam I'd given.

But he made the mistake of putting in his real name when gmail asked. So it really wasn't anonymous at all.

So, you know, don't make that mistake.
posted by madcaptenor at 11:35 AM on May 25, 2011 [8 favorites]


In the message headers, it will include the IP address of the originating machine. It is trivial for a decent techie to identify the city and state of origin. It will also be easy to identify what ISP was used (cable company, verizon, etc). If the recipient has other email from you and is interested enough to compare, he can probably determine that it is the same IP address you used for other messages

You could make sure you always send your messages from public WiFi hotspots, which would only allow him to determine the city/state. If you want to be more sneaky, you need to use a proxy service.
posted by Lame_username at 11:36 AM on May 25, 2011


It should be pretty anonymous barring a court order.

A gmail message won't reveal anything about your IP address, ISP or other personal information
I just pulled an email from a gmail correspondant at random and examined the headers. It included this:

Received: from PaulLaptop (pool-71-179-xx-xxx.bltmmd.fios.verizon.net [71.179.xx.yyy]) by mx.google.com with ESMTPS

My friend who sent it is indeed named Paul and it was presumably his laptop. I'm pretty confident if I quizzed him he would say he uses Verizon FIOS in the Baltimore MD area.
posted by Lame_username at 11:39 AM on May 25, 2011


Your friend didn't use the gmail web interface, he used google's SMTP servers.

The web interface does not pass along the sender's IP. The SMTP service does.
posted by toomuchpete at 11:40 AM on May 25, 2011 [3 favorites]


Lame_username: In the message headers, it will include the IP address of the originating machine.

Actually, if you send from Gmail's web interface, it will not. Gmail is notorious for not including the original sender's IP address. If you send with an SMTP client such as a mail app on a phone or computer, it will include your IP, however.

On preview, what toomuchpete said.
posted by zsazsa at 11:41 AM on May 25, 2011 [1 favorite]


Mine just has this:

MIME-Version: 1.0
Received: by 10.236.60.230 with HTTP; Wed, 25 May 2011 11:27:00 -0700 (PDT)
Date: Wed, 25 May 2011 13:27:00 -0500
Delivered-To: xxx@gmail.com
Message-ID:
Subject: does gmail attach IP addresses?

10.236.60.230 is not my IP, probably a google server. So yes, Gmail's web interface does not send any identifying information.

posted by wayland at 11:43 AM on May 25, 2011


If you send email from a desktop app (Thunderbird, Apple Mail, etc) that you use to interface with gmail, it will indeed include your IP. But using the service through a browser window and you won't include IP info.

I'm intrigued by Lame_username's discovery, though.
posted by NoiselessPenguin at 11:43 AM on May 25, 2011


It's somewhat overkill, but you could ignore all of the details of what Gmail does with IP addresses and the sorts of tricks justkevin mentioned by doing everything related to this account through TAILS. Basically you burn it to a CD or put it on a USB drive, boot from it, and it automatically anonymizes all of your network traffic through the Tor anonymous proxy network. It also leaves no trace on the machine you run it on, and you don't have to do any setup to get Tor working or make any changes to your computer.
posted by burnmp3s at 11:48 AM on May 25, 2011 [14 favorites]


justkevin writes "If the recipient has mad tech skills and is deliberately trying to figure out who the sender is, beware of following any links they send in response-- they could send you to a website they control and log your IP address and browser information that way."

Also if your mail client automatically loads non attached images (do any clients still do that?) your IP address will be revealed to the image server.
posted by Mitheral at 12:47 PM on May 25, 2011


I checked my own outgoing GMail messages (sent with the web interface), and my IP address was nowhere in them. Lame_username's friend was using SMTP, as mentioned.

One thing I didn't know about, though: My Google account's email address was included in the headers, even though I'd sent the email as "from" another email address. Something to be aware of...
posted by neckro23 at 12:48 PM on May 25, 2011


I don't know what SMTP and google interface are, but would any of it matter if I created and sent a throwaway gmail from a public library? Wouldn't they just know at most that it came from that library?
posted by ThatCanadianGirl at 1:19 PM on May 25, 2011


0.236.60.230 is not my IP, probably a google server

Yep - 230.60.236.10.in-addr.arpa name = yhcu66.prod.google.com.

So yeah, if you use the web interface and the account doesn't have your real name or anything, I don't see how the recipient could find out anything useful.

(Obviously Google has some info on your IP, etc but you seem only concerned with the end recipient)
posted by wildcrdj at 3:31 PM on May 25, 2011


Er, unless they think to look at AskMetafilter, see this question, and know your account name....
posted by wildcrdj at 3:31 PM on May 25, 2011


It depends on what you mean by anonymous.
A court order can make Google release IP and other information about your posts.

Think a public library is safe? Ever notice the video cams in and around the building? Think about that.

Think an open WiFi is safe? Did you know that the router you connect to and a bunch of others down the line will store your computer's MAC address in the IP packet? Did you know that your MAC address is unique to your computer? Did you know that your open WiFi router can store that information for months or longer? Think about that.

Think TOR is safe? Did you know that anyone can be a TOR node? Did you know that anyone who is a TOR node can read a good bit the information passed to and from their node? The encryption between nodes is crackable by law enforcement agencies. Think about that.

The safest that I can think of involves a MAC address spoofer, single use open WiFi and bouncing your packets between 2 or 3 open anonymizers (and/or securely compromised machines). You'll need to do all that when you first sign up for the Gmail account as well.
posted by Poet_Lariat at 3:34 PM on May 25, 2011


Nothing is ever really anonymous like that. Unless you have mad hacker skillz, maybe, which you don't. I don't see your IP address or any of that when you send it to me. Your hacker buddy might or might not be able to, depending on the extent of those tech skills you mentioned.
posted by J. Wilson at 4:55 PM on May 25, 2011


Poet Lariat, the OP described in the question the threat model s/he wants protection against and it seems clear that s/he can be anonymous using a gmail account web interface for his/her purposes.

Your answer accirately addresses the difficulties of a different threat model.

The only other issues I'd raise are that the OP should change writing style slightly and choose a difficult security question.
posted by Busy Old Fool at 12:20 AM on May 26, 2011


Poet_Lariat. "Did you know that the router you connect to and a bunch of others down the line will store your computer's MAC address in the IP packet?"

No, they won't, there's no space in the IP headers for them to do so :)

The data packet on the local network will include both your MAC and IP address of course, which I suspect might be what you meant!

IIRC, the Russian spies arrested in the US last year were caught partially because the MACs of their laptops turned up again and again in the vicinity of known Russian embassy staff who were being tailed by the US security services — they were exchanging data over coffee-shop wifi networks.
posted by pharm at 6:39 AM on May 26, 2011


Thanks so much, everyone. It went great -- and now I've learned a little something, too!
posted by argonauta at 5:18 AM on June 4, 2011 [1 favorite]


No, they won't, there's no space in the IP headers for them to do so.

(Only true for IPv4. With IPv6 the last chunk of the address is usually the same as the MAC of the computer in question.)
posted by pharm at 5:54 AM on June 13, 2011


« Older Point A (architect) to point B (working for...   |   Should we buy the fire house? Newer »
This thread is closed to new comments.