VPN- Does logging into personal emails and accounts compromise your anonymity?

Discussion in 'privacy technology' started by dialxdrop, Sep 21, 2010.

Thread Status:
Not open for further replies.
  1. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    A question I've always wondered is if I were to connect to a VPN service to get an "anonymous" ip address, can I still log into my personal email, banking accounts with the new ip address?

    For example:
    Real IP address: 201.24.xx.xx
    VPN IP address: 66.76.xx.xx

    Let's say I went on google and made a bunch of searches. Normally, all the searches would be registered under the VPN's ip address so they would not be tied to you. (Unless the VPN provider was monitoring- but let's ignore that)

    Now, let's say you use Thunderbird email application and it is always connecting to your real personally identifiable email addresses and you would connect to them with the same VPN IP address.


    My Question is this:

    In that situation, would your "anonymous" google searches be linked to your email accounts? (Since they would be using the same IP address at the same time.)

    If that's the case, then wouldn't the solution be to separate personally identifiable activities from your anonymous activities with different ip addresses?
     
  2. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    If you send an email while using your anonymous VPN, it'll almost certainly log the IP address in a header. If it's a personal email, the ISP and recipient will know that IP, and what time you were using it. That's not good.

    With browsing, there are risks from cookies and website logs. You may think that you have cookies handled, and then get 0-dayed.

    I keep each identity -- the VPN account (if any) it uses, its email client, its browser, and whatever -- on its own machine(s). Most of those are VMs. Some are VMs with VPNs that only connect via other VPNs.
     
  3. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35
    Yes I understand this is the safest way and what I currently use. For example I would use my regular identity and emails with my IP address on my host machine, and on my VM I would connect to VPN and use my anonymous identity. This setup is similar to what you are talking about, correct?


    Yes I also understand this, that if you were to use the same browser and mixed in your anonymous and personal activities, your anonymity can become compromised because of cookies and other browser related fingerprints.

    In terms of this type of vulnerability, all you would have to do is use a separate browser for each identity and from what I understand there should be no way of linking the browsers and activities of each.

    But that doesn't solve the problem of both browsers or thunderbird sharing the same ip address and the same time stamps as you've mentioned.


    So basically what you are saying is that this time stamp issue is a real threat and can basically compromise your anonymity?
    Even if you were to split up all your browsers, cookies etc properly?

    Or are you just saying never to log into any personal accounts while connected to a VPN period?
     
  4. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Yes.

    Well, there are Flash cookies.

    Read some email headers, in full-reveal mode. For POP email, the first "received from" header shows the sending IP address and the time sent.

    What matters is your IP address when the email was sent.

    Yes, that too. And vice versa. I never even read Wilders as my real identity, or as any of my other pseudonyms.
     
  5. redcell

    redcell Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    126
    If you're in top secret organization, you may wish to consider other privacy layers besides VPN.

    First, your base (primary) connection. If your primary connection is your true home, then sooner or later you will be traced no matter how smart. That's why there's such thing called wardriving. I'm not too sure about US laws. But I read somewhere that it's not illegal to connect to an unsecured open wifi connection.

    Second, VPN. A reliable and discreet one. Good if you got it free somewhere. But if it's paid one via Paypal, your credit card etc. Sooner or later it comes back to you.

    Third, anonymous proxies (SOCKS, HTTP etc) and tunneling softwares. These (on top of your base con + VPN) will ensure extra privacy... or should I say "plausible privacy".

    Fourth, the most important of all - hard evidence from your computer. You must at least safeguard it with drive encryption.
     
  6. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35

    Hierophant, okay so I think I understand the reasoning why you want to keep all your separate identities and activities as separate from your real ID and ip address as possible by using a VM and VPN connection inside and all activities inside the VM to minimize any chances of leaks (Flash cookies, etc etc.)

    Now what if you had a separate VPN account which you used primarily for your real ID and accounts, and activities etc? (Real email addresses,web activities etc etc.) And you would never use this VPN account for any of your other identities/activities. The purpose of this VPN account would be to insulate an additional layer of privacy of your real identity and activities from your ISP and anyone else researching about you.

    Now it should be safe using this separate VPN account primarily for just privacy reasons, correct? Even if it is attached to your real identity and accounts? (As long as you never use any other of your identities or activities on this account?)

    For ex. a hypothetical scenario,
    A) VPN account 1: Host computer will be connected to VPN service A, and you will log into your real email addresses, bank accounts, credit card accounts etc.

    B) VPN account 2: Your VM will connect to your VPN service B, and you will keep this VPN and IP address 100% separate from your real identity and activities.

    Am I accurate in my assessment? I'd imagine a lot of people use VPN for other reasons than creating separate identities like for security and privacy reasons etc....
     
    Last edited: Oct 4, 2010
  7. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35

    Yes these are other aspects of other anonymity layers such as trying to find a good VPN company (which is thoroughly discussed and debated...) and methods of how to maximize anonyminity (Wireless to VPN, prepaid stick to VPN, VPN to VPN, or VPN to TOR etc etc) but I'm going to create a separate thread to map this entire thing out.....
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Bingo -- This is exactly what I do. I have come across very few who actually do this or even want to. Something very important if you proceed with this: Be absolutely sure you get a clean/dedicated IP for VPN account #1. This isn't easy, but you can do it. Most services will lump you in with everyone else and that means sharing an IP with people doing stupid stuff that gets the IP banned or put on "risk lists." That means when you go to do your banking you end up with a security flag. Go to Amazon and you'll get an email saying they have reason to believe there was an attempt to hack into your account and they'll lock it. PayPal will be pure misery. The whole idea is for this to be YOUR real IP and you don't want your name to be sullied by "your" IP being used for abusive purposes. I can't stress this enough - it's very important.

    Good luck!

    Edit: With VPN #2 you can play around. You can experiment with providers, use one for a month and another for three then yet another for a month and so on. But with VPN #1, find a good, solid provider willing to assign you a dedicated IP that's "clean" with no adverse history.
     
  9. dialxdrop

    dialxdrop Registered Member

    Joined:
    Sep 21, 2010
    Posts:
    35

    K Great, thanks I'll look into this...

    BTW, let's say I find that one company that claims to give me a dedicated IP address, but how will I know if they are telling the truth? Is there a way to find out? Ex: would I just create an amazon, paypal accts etc. to find out?

    And also, Let's say going back to that hypothetical scenario:
    Can I connect directly to VPN #1 with my real IP? And then when I need to use my VPN #2 can I connect it from my VPN #1 connection?
     
    Last edited: Oct 4, 2010
  10. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    @dialxdrop

    I don't bother with a VPN for my true identity. The problems that LockBox noted are much more likely than being hacked. If someone steals your credit account number, just report the card stolen.

    For "chaining" VPNs, you'll need to run VPN1 on a physical machine, and VPN2 on a VM running on that physical machine. The operator of VPN1 sees your true IP address, so there's no point being super paranoid re anonymous payment. However, the operator of VPN2 only sees your VPN1 IP address, so you'd better have paid cash or whatever.

    BTW, I've tried running one VM inside another, with no joy (so far). Hints would be appreciated :)
     
Loading...
Thread Status:
Not open for further replies.