Information Leak On Email Forms?

Discussion in 'privacy problems' started by lucygrl, Dec 10, 2013.

Thread Status:
Not open for further replies.
  1. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    If I visit a website and fill in an email form on that website, how much information could someone gain about me? Do you think Tor would be enough to protect me, make me fully anonymous for something like this?
     
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,951
    Location:
    USA
    Information leak, and anonymity are two different things. Tor will make you anonymous only if you don't share personal information that can identify you, and you do not run applications that can be launched from your browser that then run outside the Tor network. Java, and flash plugins can comprise your anonymity. Information through your browser on the Tor network is encrypted until it exits the Tor network through an exit node. Once the information you have voluntarily given about yourself exits the Tor network it is no longer encrypted. So it's possibly that someone can use a packet sniffer to obtain the information you have given once that information leaves the Tor network through an exit Node. If you use a webmail provider that uses encryption then it can minimize the risk, but it does nothing to prevent someone with a search warrant to obtain the information you voluntarily gave to the webmail provider. This is the short answer, and there are other variables that can affect your anonymity like DNS leak, etc.. You can scan your DNS from this site to make sure that none of the DNS providers listed belong to your actual ISP. -http://www.dnsleaktest.com/- Also, make sure to read Tor's guide to make yourself anonymous on Tor's website.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    What's an email form?

    If you provide your email, an adversary might get the IP addresses that you've sent email from, either from the message headers, or by asking the email provider.

    If you want an email address to use with Tor, it must be an account that you get through Tor, and never use without using Tor.
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,951
    Location:
    USA
    I think their talking about webmail in general. You can use any webmail provider with Tor as long as they don't blacklist the Tor node you are using. I would suggest using an email provider that values privacy such as CounterMail, or Riseup Mail. Counter mail is a paid service though.
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    Form action="mailto:..."?

    Code:
    <!DOCTYPE HTML>
    <html>
    <head>
    <meta charset="utf-8">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" >
    <title>Email Form Test</title>
    <script type="text/javascript">
    function email()
    {
      var ef = document.getElementById("ef");
      ef.action = "mailto:" + ef.address.value + 
                  "?subject=" + ef.subject.value +
                  "&body=" + ef.body.value;
      ef.submit();
    }
    </script>
    </head>
    <body>
    <form id="ef" method="post" enctype="text/plain" onsubmit="email();">
    <table>
    <tr>
     <td>Destination Email Address:</td>
     <td><input id="address" type="email" value="invalid@invalid.invalid"
                required autofocus></td>
    </tr>
    <tr>
     <td>Subject:</td>
     <td><input id="subject" type="text" value="Email Form Test"></td>
    </tr>
    <tr>
     <td>Body:</td>
     <td><input id="body" type="text" value="Just testing..."></td>
    </tr>
    <tr>
     <td></td>
     <td><input type="submit" value="Submit"></td>
    </tr>
    </table>
    </form>
    </body>
    </html> 
    
     
  6. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Sorry, just to clarify my question better. Some websites you visit have an enquiry form where there are a few boxes and you for example type in your name, your email and your enquiry and press send. Now, im wondering what sort of information they could gather about me from that simple action of visiting their website and filling in that enquiry form. (I would not be using my real name or real email on the form).
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    They'd get your IP address and your browser fingerprint.
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    The IP part should be solved by using TOR. And by using TOR browser bundle, I'd say that browser fingerprint becomes less of an issue too. So, the only thing you should bother is to make sure that the throwaway email you will use is random enough so it can't be linked in any way to your real identity.
     
Loading...
Thread Status:
Not open for further replies.