[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor and Thunderbird: Outgoing Email Unsafe?



So if i use a web based email and use firefox with Tor to access it with my normal settings(the settings that I always use when i use the Internet) so not a totally separate profile.The receiver still wont be able to trace me right?

Well .. sort of. The problem is cookies from the likes of doubleclick. You run the risk of having them re-check an existing cookie and seeing your "real" IP as well as your TOR ip. Would somebody subpoena doubleclick because you sent your boss a shitty email? probably not, but then again, doubleclick sells your personal info to anyone that can cough up an account number.


on my own computer they have nothing to do with any info the receiver of email might be able to get from the header or whatever of the email i sent, am i correct?

Receiver of email, no .. but cookies are managed by 3rd parties (and bear in mind that many 3rd party cookies (yahoo, for example) are used for "customization" of your page and are also read during a mail session -- so you run the risk of Yahoo knowing your real IP as well as your TOR one by identifying the UID in the cookie, and what IP accessed it. You can use the same browser for regular and anonymous browsing, but only have one window/tab open, go to about:blank and clear cookies/cache/sessions, then fire up tor and do your email. When done, kill tor, close all but one window/tab, clear cookies/cache/sessions from the about:blank page, and resume "normal" activities.


The reason I suggested seperate Firefox profiles is you can have the "anonymous" one and a "regular" one open at the same time, since routing everything through TOR makes your highspeed connection more like dialup (there's always a trade-off...).

Some web based email services,like mail.com if i am not mistaken, give you the option to download a little prog that warns you when a new emailis in.
Does this affect my anonymity? I suppose it does as the server from mail.com will connect to my comp to tell me there is a new message. On the other hand, if I use tor enabled firefox wouldn't that connection also be anonymous?

Depends. If that little "program" has SOCKS v4a support, then it'll work fine with TOR. Most of them only support a HTTP proxy though, which TOR is not (although you can use it with other programs to make it work). I say this because I have personally assisted in investigations where something like weatherbug (which broadcasts a unique ID) has positively identified a user, despite their use of a proxy.


If you just want to send a few anonymous emails here and there, I'd look into one of the many "internet privacy appliances" that are boot-from-cdrom operating systems that are totally locked down and route everything through TOR.

~Mike.