[e-privacy] Anonymous Emails

[nimonyev]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ciao a tutti, è la prima volta che scrivo ma vi seguo ormai da un po' di
tempo. Volevo dire la mia relativamente a privacy e anonimato in rete.
So bene che il discorso è tutt'altro che semplice ma credo che uno dei
motivi principali per cui le persone non se ne preoccupi troppo è anche
perchè gli strumenti che è possibile utilizzare per ottenerle sono molto
poco conosciuti e spesso perchè troppo difficili da utilizzare per un
utente comune. Senza voler approfondire e andando direttamente al punto
volevo fare una lista dei software e dei metodi che utilizzo io e che
sono tra i più user-friendly, accessibili a tutti. Naturalmente accetto
consigli ed opinioni.

- - Per la navigazione semi-anonima io utilizzo spesso dei proxy cgi, che
sono molto comodi e facili da utilizzare, nonché molto più veloci, in
genere, di Tor, e facilissimi da mettere in cascata.
Il mio preferito si trova qui: http://anonymizer.su, ma ne esistono una
valanga. Per chi non li conoscesse sono sostanzialmente dei siti web con
una form che consente di inserire l'indirizzo di un altro sito, e ci
fanno da proxy mascherando il nostro IP dal sito di destinazione.
Naturalmente se li si vuole mettere in cascata basta reinserire nella
form l'indirizzo stesso del proxy, et voilà, abbiamo una catena di proxy
che è sicuramente più sicura di un proxy singolo.

- - Per la mail devo dire che le email temporanee come
http://mytrashmail.com (da accedere sempre tramite proxy) sono comode
quando ci sono da fare operazioni uniche, tipo ricevere conferma di
iscrizione per un account o cose simili.

- - Per le mail personali utilizzo Mozilla Thunderbird con l'estensione
Enigmail che consente di utilizzare in modo semplicissimo GPG (è
necessario aver installato GPG naturalmente, che suggerisco di
installare su Windows tramite il pacchetto preconfezionato GnuPG for
Windows http://www.gpg4win.org/, che contiene anche altre utilità come
una tray con strumenti per la gestione delle chiavi, un plugin per
Outlook, un client di posta ecc...).

- - Per un grado di sicurezza superiore, infine, e per le mail anonime,
suggerisco QuickSilver http://quicksilvermail.net/,un software che
sfrutta remailer Mixmaster per far passare le nostre mail attraverso una
catena di nodi, in modo che non sia possibile risalire al mittente
originario della mail.

Tutti questi strumenti sono ovviamente free e/o open source.

mandrivo at hushmail.com wrote:
> Vi segnalo questa guida, forse non c'è nulla di nuovo, ma conviene 
> leggerla. Ciao.
> 
> Anonymous Emails
> 
> Low-grade anonymous email can effectively be achieved by creating a 
> Yahoo or gmail account and only accessing it through Tor. BEWARE 
> however, that many webmail services will append your IP to the mail 
> headers. So be absolutely sure to never send any messages (or even 
> log in) without using Tor.
> 
> Worse still, the mainstream webmail services typically offer other 
> services that "conveniently" allow you to share the same 
> account/cookie between them. For this reason, if you opt to use a 
> major webmail service, you need to be careful with things like 
> entering your street address/zip code into their corresponding 
> mapping services, or for that matter, ever using a yellow pages. 
> Careful and judicious use of various cookie control mechanisms or 
> throwaway computing is required. It is also rumored that hotmail 
> will pull your browser time info and place it on emails, thus 
> narrowing your geographical location.
> 
> If you desire more anonymity with less hassle, you have a couple of 
> options. HushMail and MailVailt provide limited free accounts that 
> automatically support GPG. HushMail unfortunately uses some kind of 
> hokey Java interface, and I have difficulty getting it to reliably 
> work on many OS/browser combos. Also, note that some Java 
> implementations may not pass your connections through your proxy 
> settings, which would may mean that Tor is not sufficient 
> protection. Check netstat to be sure. MailVault does not use Java, 
> and thus is fully Tor-friendly. It's also lighter and quicker. 
> However, I would not rely on mailvault OR hushmail (or any other 
> provider) to ensure your email is private. While both of these 
> companies are outside of the USA (which at least should provide 
> protection against a National Security Letter), they still could 
> fall prey to some other coercive tactic. If you need a high level 
> of assurance of secrecy, you must manage your own GPG key using a 
> front end or plugin to your mail client.
> 
> Your last option for anonymous mail is to use a proper mix network. 
> However, these networks require a good deal of configuration and 
> setup to join, and once you do, they are only one way. There are 
> two main anonymous remailer networks in existence, MixMaster and 
> MixMinion MixMinion is designed to succeed MixMaster, but it is 
> still in development and thus has debug logs, etc in place that can 
> be confiscated and used to betray anonymity. There are web gateways 
> available to use, but again they are only one way.
> 
> It is also possible to set up a return path, or Nym through certain 
> mix networks. Hushmail provides nym service as part of their paid 
> accounts, and Panta Rhei maintains a list of NymServers as well.
> 
> If you only need a throwaway email address for or for signing up 
> for a google groups or other forum account, you can use 
> Mailinator.com or pookmail.com. Note that these temporary mailboxes 
> have no passwords. Also don't forget to use Tor or some other IP 
> obfuscater
> Note
> 
> If you use a webmail account, you should expect that your email is 
> NOT PRIVATE. According to the ECPA, after 180 days it becomes 
> possible to demand email from a server without a warrant, and for 
> non-criminal matters. This means all that has to happen is a civil 
> attorney decides they want to see your email because they might 
> have a reason to sue you, so they write a subpoena demanding all 
> email older than 180 days from your provider, and it is theirs.
> 
> A few interesting anonymity/privacy mailing services have also 
> arisen lately because of this loophole. StealthMessage, Self 
> Destructing Email and MailJedi all provide "self-destruct" 
> capabilities for email, so that you don't have to worry about 
> messages you send sitting in someone's inbox to be discovered 
> later. StealthMessage for some reason does not work for me, 
> however. It also requires Javascript and is pretty clunky.
> 
> Once again, I would not rely on any of these services to actually 
> destroy your mail or otherwise keep it private, especially in the 
> case of subpoena, National Security Letter, or coercive tactics. If 
> you need this level of assurance, you must manage your own GPG key 
> using a front end or plugin to your mail client. 
> 
> 
> 
> Concerned about your privacy? Instantly send FREE secure email, no account required
> http://www.hushmail.com/send?l=480
> 
> Get the best prices on SSL certificates from Hushmail
> https://www.hushssl.com?l=485
> 
> _______________________________________________
> e-privacy mailing list
> e-privacy at firenze.linux.it
> https://lists.firenze.linux.it/mailman/listinfo/e-privacy
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRZOoYvtxzak2JfUGAQIfLgf+P96UDmjkNDnULYFLeoDV90YAtaBRADz3
VFxaGZPh3lKHCXcZkvSEFtrSarajIc8TLB+Ix/zy/kCQMBZ3NJVyOiLGux996Q1Q
49AnFyuBt3Mwz7TMoCdiTzOaK4COI7MUyh0epkowoqhgO8vXdrJjtCyaqLruRmql
btmAkpvikLQcADpOmAdWoqpm+HawTuTLqIsas1H495VMeGTvqF4cX+4PaPAqMUIW
4UCQmVD8BavEbGBMP2tbR49tMbm3JBds0P50/8Pq/1FDQQKpy4MOia4BJ9NKR5Hl
aGzJlyr/Kt4g8LWUhcNYRdGyhHny+JS3YmwGqScUvy6A+qJghJ3N+g==
=naZ0
-----END PGP SIGNATURE-----