[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Question for Job and others



On Wed, 2007-01-03 at 06:16, Job wrote:
> Hello George,
> 
> The way you describe it makes it sound a bit shady I think. 

That was my suspicion.

> My reasons 
> for wanting my emails to be anonymous is not because of harassment or 
> spam. Actually i wouldn't even know how to send spam.

I didn't think spam was an issue.

> The concern -for me-  is not one related to my ISP as I don't anything 
> to violate their policies or break laws and actually i am not using an 
> obscure email account (yet).
> I want to offer my future clients the option of contacting me and me 
> contacting them without for example the receivers spouse, family, 
> friends or boss being able to trace anything due to the nature of the 
> service I will provide as this is related to topics that are highly 
> personal. Unfortunately I cant elaborate on this too much due to the 
> exact same reasons. The most I can share with anyone at this point is 
> that its in the field of Psychology. 

This suggests to me some form of counseling or surveying as
possibilities. Whether it's along these lines or something else, what
you say suggests that you probably want privacy even more than
anonymity, though you may not have thought of these as separate.
Specifically I'm thinking of encryption via GnuPG or PGP. If a family
member or boss has access to your client's computer and can read your
communications, that might be more damaging to your clients than being
able to find out who you are.

Tor will encrypt your emails up to the exit node, but if you send your
emails as plain text, i.e., unencrypted, the exit node operator and any
administrator between the exit node and your client's computer could
theoretically read your emails. There is software designed to grab email
(and other content) off any transmission media, and make it readable in
real time. If your client sent any reply or information to you without
Tor and or encryption it could be readable anywhere on the return path,
and from the Tor exit node on if sent by Tor but not encrypted.

If you and your clients both used encrypted email, they would not need
to delete your emails immediately after reading them. If they did not
have their email client remember their password for the "current
session" or were careful always to close the email client anytime they
left their computer, no one who did not know their GnuPG password or
pass phrase could ever read your email. A technically inclined person
with access to your client's computer might be able to read the email
headers outside of the email program, but not any of the message
content.

"Clients" typically implies some form of payment. Pay Pal may provide
for anonymous payments; I have no idea. If not, virtually any other form
of payment would require your clients to know something about you that
would be traceable. Even with an arbitrary company name at a P.O. Box,
at least in the U.S. there are public records that allow business owners
to be traced.

Also, before I dealt with someone who claimed to be any form of
psychologist, I'd want proof and identification. Encryptions allows
identification documents to be digitally photographed, scanned, or video
taped, and sent securely.

Encryption very much furthers the goals you indicate, but cannot be used
without the active cooperation of the recipient, so it cannot be used to
harass someone else. At any point the recipient did not wish to see
further emails from you, he or she would merely need to delete your
public key from their key ring and they would not be able to read your
messages. They could delete them or save them unread until a suitable
time. Though setting up encryption requires a moderate effort on your
clients part, if the information is as sensitive as you suggest, I'd
think your clients would want to take advantage of this.

> This causes me to be able to offer 
> a level of service that from the receivers side is totally untraceable 
> or near untraceable( however, like i stated before, i DO want them to be 
> able to contact me too) That is also why i am not very concerned about 
> the traces left on my own computer as these are not accessible by the 
> significant others of the client. I want to make the barrier to take 
> that first step to get into contact as low as possible. 

This suggests to me that you want the clients to make the initial
contact. Perhaps you have, or will have, a website that describes you
and your services. I know I certainly would not trust, or reveal any
sensitive information, to someone who contacted me anonymously, and who
I cold not track down to verify who they were. If you and your clients
did not use encryption (with good passwords or phrases) and a client
made the mistake of saving the emails to and from you, this could cause
a problem. If the client went on a business trip without the PC, a
spouse or boss could read these and then impersonate the client. If the
spouse of boss were clever it's unlikely you would detect the deception.

> The anonymous 
> email is just part of the privacy I want to offer but since I am just 
> looking into the online anonymity option and I am new at Tor this seems 
> to be a good place to start and look for extra information.

It is. Since I've been reading this list I've learned a lot about
anonymity and privacy that go beyond pure Tor issues.

George Shaffer
-- 
Get my GnuPG public key from http://geodsoft.com/about/ or
use gpg --keyserver subkeys.pgp.net --recv-key A1A23194

Attachment: signature.asc
Description: This is a digitally signed message part