[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor and Thunderbird: Outgoing Email Unsafe?
So if i use a web based email and use firefox with Tor to access it with
my normal settings(the settings that I always use when i use the
Internet) so not a totally separate profile.The receiver still wont be
able to trace me right?
Well .. sort of. The problem is cookies from the likes of doubleclick.
You run the risk of having them re-check an existing cookie and seeing
your "real" IP as well as your TOR ip. Would somebody subpoena
doubleclick because you sent your boss a shitty email? probably not, but
then again, doubleclick sells your personal info to anyone that can
cough up an account number.
on my own computer they have nothing to do with any info the receiver of
email might be able to get from the header or whatever of the email i
sent, am i correct?
Receiver of email, no .. but cookies are managed by 3rd parties (and
bear in mind that many 3rd party cookies (yahoo, for example) are used
for "customization" of your page and are also read during a mail session
-- so you run the risk of Yahoo knowing your real IP as well as your TOR
one by identifying the UID in the cookie, and what IP accessed it. You
can use the same browser for regular and anonymous browsing, but only
have one window/tab open, go to about:blank and clear
cookies/cache/sessions, then fire up tor and do your email. When done,
kill tor, close all but one window/tab, clear cookies/cache/sessions
from the about:blank page, and resume "normal" activities.
The reason I suggested seperate Firefox profiles is you can have the
"anonymous" one and a "regular" one open at the same time, since routing
everything through TOR makes your highspeed connection more like dialup
(there's always a trade-off...).
Some web based email services,like mail.com if i am not mistaken, give
you the option to download a little prog that warns you when a new
emailis in.
Does this affect my anonymity? I suppose it does as the server from
mail.com will connect to my comp to tell me there is a new message. On
the other hand, if I use tor enabled firefox wouldn't that connection
also be anonymous?
Depends. If that little "program" has SOCKS v4a support, then it'll work
fine with TOR. Most of them only support a HTTP proxy though, which TOR
is not (although you can use it with other programs to make it work). I
say this because I have personally assisted in investigations where
something like weatherbug (which broadcasts a unique ID) has positively
identified a user, despite their use of a proxy.
If you just want to send a few anonymous emails here and there, I'd look
into one of the many "internet privacy appliances" that are
boot-from-cdrom operating systems that are totally locked down and route
everything through TOR.
~Mike.