While I am reading “Security Is Hard, But That Doesn’t Mean You Should Ignore It on techcrunch”, I found a link to an interesting article “Don’t be a Petraeus: A Tutorial on Anonymous Email Accounts”.
A little bit background: David Petraeus is the former CIA Director who resigned after his affair with Paula Broadwell was discovered by the FBI. How did FBI find out about the affair? In short, by looking at their email records. Here’s how the affair was discovered:
“Broadwell and Petraeus used pseudonymous webmail accounts to talk to each other. That was a prudent first step, but it was ineffectual once the government examined Google’s logs to find the IP address that Broadwell was using to log into her pseudonymous account, and then checked to see what other, non-pseudonymous, accounts had been used from the same IP address. Under current US law, much of this information receives inadequate protection, and could be obtained from a webmail provider by the FBI without even requiring a warrant.”
Contrary to what most of us falsely believes, our emails content is not a real secret. Email providers may give up metadata about your messages–the IP addresses you’ve been logging in from, the times you’ve logged into your webmail, and the email addresses of the people with whom you’ve been corresponding. They may even give up the contents of your messages to law enforcement,
Therefore, in order to achieve real anonymous online communication, here’s what the article suggest:
1. Use the Tor Browser Bundle when setting up and accessing your webmail account.You must always use Tor. If you mess up just once and log into the pseudonymous account from your real IP address, chances are that your webmail provider will keep linkable records about you forever.
2. Ensure that you do not give your webmail provider any information that is linked to your real world identity.
3. Set up a new webmail account, ideally with a provider that you do not otherwise use. Use a provider that allow the use of Tor and HTTPS, for instance, HushMail.
4. As an added precaution, you may want to use public wifi at an Internet cafe or a library whenever you connect.
5. Make sure that your messages never contain any information that may give your identity away if you wish to remain anonymous.
6. Encrypt your email correspondence using OpenPGP if you don’t want anyone to have access to your content.
For normal/law-abiding people like we are, it’s unlikely that we will need to protect our emails against the investigation of the government. But it’s always good to know that our emails aren’t actually anonymous. If you ever want to put something that you don’t want anybody else to know, follow the steps above.
Links:
http://techcrunch.com/2012/12/01/security-is-hard-lets-go-shopping/
http://en.wikipedia.org/wiki/Petraeus_scandal
https://www.eff.org/deeplinks/2012/11/tutorial-how-create-anonymous-email-accounts