On Wed, 2007-01-03 at 06:16, Job wrote: > Hello George, > > The way you describe it makes it sound a bit shady I think. That was my suspicion. > My reasons > for wanting my emails to be anonymous is not because of harassment or > spam. Actually i wouldn't even know how to send spam. I didn't think spam was an issue. > The concern -for me- is not one related to my ISP as I don't anything > to violate their policies or break laws and actually i am not using an > obscure email account (yet). > I want to offer my future clients the option of contacting me and me > contacting them without for example the receivers spouse, family, > friends or boss being able to trace anything due to the nature of the > service I will provide as this is related to topics that are highly > personal. Unfortunately I cant elaborate on this too much due to the > exact same reasons. The most I can share with anyone at this point is > that its in the field of Psychology. This suggests to me some form of counseling or surveying as possibilities. Whether it's along these lines or something else, what you say suggests that you probably want privacy even more than anonymity, though you may not have thought of these as separate. Specifically I'm thinking of encryption via GnuPG or PGP. If a family member or boss has access to your client's computer and can read your communications, that might be more damaging to your clients than being able to find out who you are. Tor will encrypt your emails up to the exit node, but if you send your emails as plain text, i.e., unencrypted, the exit node operator and any administrator between the exit node and your client's computer could theoretically read your emails. There is software designed to grab email (and other content) off any transmission media, and make it readable in real time. If your client sent any reply or information to you without Tor and or encryption it could be readable anywhere on the return path, and from the Tor exit node on if sent by Tor but not encrypted. If you and your clients both used encrypted email, they would not need to delete your emails immediately after reading them. If they did not have their email client remember their password for the "current session" or were careful always to close the email client anytime they left their computer, no one who did not know their GnuPG password or pass phrase could ever read your email. A technically inclined person with access to your client's computer might be able to read the email headers outside of the email program, but not any of the message content. "Clients" typically implies some form of payment. Pay Pal may provide for anonymous payments; I have no idea. If not, virtually any other form of payment would require your clients to know something about you that would be traceable. Even with an arbitrary company name at a P.O. Box, at least in the U.S. there are public records that allow business owners to be traced. Also, before I dealt with someone who claimed to be any form of psychologist, I'd want proof and identification. Encryptions allows identification documents to be digitally photographed, scanned, or video taped, and sent securely. Encryption very much furthers the goals you indicate, but cannot be used without the active cooperation of the recipient, so it cannot be used to harass someone else. At any point the recipient did not wish to see further emails from you, he or she would merely need to delete your public key from their key ring and they would not be able to read your messages. They could delete them or save them unread until a suitable time. Though setting up encryption requires a moderate effort on your clients part, if the information is as sensitive as you suggest, I'd think your clients would want to take advantage of this. > This causes me to be able to offer > a level of service that from the receivers side is totally untraceable > or near untraceable( however, like i stated before, i DO want them to be > able to contact me too) That is also why i am not very concerned about > the traces left on my own computer as these are not accessible by the > significant others of the client. I want to make the barrier to take > that first step to get into contact as low as possible. This suggests to me that you want the clients to make the initial contact. Perhaps you have, or will have, a website that describes you and your services. I know I certainly would not trust, or reveal any sensitive information, to someone who contacted me anonymously, and who I cold not track down to verify who they were. If you and your clients did not use encryption (with good passwords or phrases) and a client made the mistake of saving the emails to and from you, this could cause a problem. If the client went on a business trip without the PC, a spouse or boss could read these and then impersonate the client. If the spouse of boss were clever it's unlikely you would detect the deception. > The anonymous > email is just part of the privacy I want to offer but since I am just > looking into the online anonymity option and I am new at Tor this seems > to be a good place to start and look for extra information. It is. Since I've been reading this list I've learned a lot about anonymity and privacy that go beyond pure Tor issues. George Shaffer -- Get my GnuPG public key from http://geodsoft.com/about/ or use gpg --keyserver subkeys.pgp.net --recv-key A1A23194
Attachment:
signature.asc
Description: This is a digitally signed message part