What are some good anonymous email services?

Discussion in 'privacy technology' started by DesuMaiden, May 31, 2013.

Thread Status:
Not open for further replies.
  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Aside from hushmail, I don't know of any others. Apparently a forum I am trying to sign up for doesn't allow me to use hushmail so I wonder if there are other "anonymous" email services. Gmail doesn't count :p
     
  2. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    First of all, Hushmail is total garbage.

    Second, it depends on what you mean by "anonymous". I realize you claim "Gmail" doesn't count...but why? What exactly is tying you to a random Gmail account you create?

    Hop on a public WiFi, create a gmail account...I don't really see how you get much more anonymous than that.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Google recognition software can tell people apart by reading their emails, so it is not really anonymous, Outlook would be more preferable for that goal due to its EULA privacy.

    I moved from Google products like gmail to Yandex, because it is russian based, so FBI can not simply read any emails without a warrant, like they can in USA, better privacy.
     
  4. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    In using an open AP one would be attempting to prevent their email account/activity from being correlated with other activity via IP Address. However, one must also be conscious of other things which could be used to correlate information. For example, lets say someone uses Company X for the email account but they are also running an OS, browser, or some other software that contacts Company X servers for another purpose and passes a GUID to those servers. As part of a software update check, or URL check, or whatever. The user connects to an open AP and checks their email at a Company X website but, in the background and at/around the same time, their computer is passing a machine GUID to a Company X server. Some would downplay this risk based on an assumption that the company wouldn't attempt to correlate things via GUID and/or the user would be behind a NAT. Some might assume the opposite and/or throw out the possibility that the background phone home passes full and revealing email account related URLs to the other Company X server. Point is, that background check has some potential to degrade anonymity and theoretically might even be one of multiple factors in play (in addition to browser fingerprinting when checking a webmail account, for example).
     
  5. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Good post. Firewall rules may help in that regard. They didn't do that for Paula Broadwell though, it was strict IP correlation. But I agree, if it was wanted bad enough, they may have said, "hey, Microsoft..." :D A VPN would help here...more users from same IP, than a coffee shop probably. But that GUID thing is rough (IF IT EXISTS AS A TRACKING MECHANISM)...you could never use that OS from a "known" IP...

    PD
     
  6. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    That makes very little sense. Please explain how Google will identify me from a public wifi and a brand new account.

    The only place you lose out is if your message has to include personally identifying information...which is extremely rare (particularly for communications which you are looking to keep confidential anyway.)


    Better privacy from American eyes, maybe. What makes you think the Russian government is more respectful of your rights than the US government, I have no idea.

    And if you wish to avoid the "legally reading mail without a warrant" thing, just make sure to delete the message within 180 days.


    Not a problem with the proper security protocol...access through a privacy-enhanced browser which disables scripts, and a secure system environment that blocks any outside connection attempts.

    Or hell...use a computer in your local public library.
     
  7. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Right!

    According to this:

    https://www.wilderssecurity.com/showthread.php?t=347211

    It should work.

    To OP: if you're ok with revceiving emails only, not being able to send anything, just try yopmail.
     
  8. Electro Gypsy

    Electro Gypsy Registered Member

    Joined:
    Jul 2, 2013
    Posts:
    23
    Not only has it been publicly proven that individuals may be identified from anonymised data, your browsing fingerprint is enough to identify you without any 'technical' information like IP addresses: no two people will look at the same pages in the same order for the same length of time, so your browsing habits alone are enough to build up a profile that may be used to identify you online and, when correlated with technical data, IRL with time

    Can't provide any links at this time (I'll have to trawl through three to four years of Facebook posts to find them) but, if anyone is really desperate, I could try doing so - It'll take a while though

    El Reg would be a good place to start your own search though
     
  9. justpeace

    justpeace Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    48
    Location:
    127.0.0.1
    Several problems:

    Google often flags an IP address as potential abuse and requires phone verification.

    That can happen during signup or at login or when switching IP address for any reason.

    If I create an acount from an open AP, and I want to use it from an other location (VPN, Tor or proxy) the account will most likely be flagged and marked for phone verification.

    It's not truly anonymous, if all links in the chain can't be effectively anonymized.

    Phone verification destroys or at least undermines the anonymity layer, if the phone number used during signup can be traced back to a cell tower.
     
  10. justpeace

    justpeace Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    48
    Location:
    127.0.0.1
    There are two problems with anonymity and email.

    First, the signup must be anonymous done from another IP than one's owhn, or at least in a way offering plausible deniability.

    Creating the account from any connection own by one's close friend, family or workplace while logging in over Tor, VPN or proxy completely destroys all anonymity.

    Google is problematic because its abuse prevention does not allow anonymizing all steps.

    Second, if you want to use Gmail, you must in reality have a phone number.
    Of course, you could loan another's phone or buy a prepaid SIM card, but in the moment you insert the card into your phone, the carrier logs the
    IMEI and SIM card and may hand it over to law enforcement.

    If you happen to live in the European Union, telco providers are by law obligated to retain these data for minimum 6 months.
    If you live in the US, it's yet an unsettled legal question whether you have any expectation of privacy in these metadata, or if the third party doctrine means that anything held by your phone provider is ffree for the government to take without warrant or probable cause.

    Regardless where you live, hgoing to great length to use an email provider which wants to know everything about you but reserves the right to terminate your account for any reason may not be a good idea.

    I use Gmail, but only for mundane stuff.

    For anonymous communication, there are plenty better alternatives.

    Hushmail is good enough for anonymous use.

    A few years ago, some meth dealers were busted - but not in a way relevant to this thread.
     
  11. Electro Gypsy

    Electro Gypsy Registered Member

    Joined:
    Jul 2, 2013
    Posts:
    23
  12. Electro Gypsy

    Electro Gypsy Registered Member

    Joined:
    Jul 2, 2013
    Posts:
    23
    Why?

    How about Tor Mail?
     
  13. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I wouldn't divulge any information I considered sensitive via email these days, period. Nor assume that any of them were private/anonymous.

    I use Roundcube, and a handful of my friends sign ours just out of habit even though it's nothing important. Even doing that through 2 hops, I still don't delude myself into thinking it's untraceable.

    If I ever wanted to discuss anything that could land me behind bars I'd meet in person and whisper in their ear... or both learn to speak elvish, or create our own sign language or something.
     
  14. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    bout tormail , as long as your messages dont contain any IRL info that would compromise your anonymity its ok , or if you must communicate some relevant shipping info for example use a link based secure one time use pad like privatenote in conjunction with tormail :) and for short-time based temporary mails use something like 10 minute mail you can use privatenote with that as well if you so wish , tormail is more of a permanent/temporary email account depending on your needs but can be deleted by admin request anytime , 10 minute mail being a time based email account

    btw people recommendin hushmail better gtfo if they dont wanna get slapped ;)


    then i suppose this wouldnt work for you http://receive-sms-online.com/, lols , that way you can have a completely anonymous youtube account , or gmail whatever , i do use gmail but only for my official pseudononymous tech based contacts , it never saw a piece of IRL info including ip , just saying, would NEVER recommend gmail or any other than tormail for truly anonymous email, only downside is its in plaintext , no encryption offered , so use a one time use link based encrypted pad like privatenote for any IRL based info like shipping info, as said
     
    Last edited: Jul 4, 2013
  15. Electro Gypsy

    Electro Gypsy Registered Member

    Joined:
    Jul 2, 2013
    Posts:
    23
    Thanks :)


    Dunno so much 'bout that

    It's bad enough that my network provider has access to the data and I'm not at all sure I want some yet other unknown parties doing so as well - Which is why I haven't availed myself of third-party services that promise to encrypt the voice/text comms on my phone
     
  16. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    i see where youre comin from , well privatenote is used by alot of security oriented people as well as sellers and buyers it actually does what it says it does , once youve used the link the message is removed and unrecoverable , you should read the TOS then youll understand, and privatenote is web based not sms or phone based you seem to have mixed up something there , btw lemme clear that example about shipping info or other such things

    if being used then using privatenote for it , now some may say , shipping info ? but then your not anonymous to the buyer or seller no more , WRONG , that is if you know how to stay anonymous in the process such as if you setup a temporary rented cash payed mail box ,there not that expensive, a couple citys apart from your destination of course just to make sure , you know , video surveillance and such ;) , end of problem, dont ask me why anybody would go through all this just to be anonymous, theres many reasons to do so , people do it since the 80s , just abit more old fashioned , security nuts have been around for a long time , lols, as said this is just an example theres many more , for example just to keep stuff you dont want stored to that temporary email of yours out of it ,the list goes on and on with a bit of imagination
     
    Last edited: Jul 5, 2013
  17. justpeace

    justpeace Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    48
    Location:
    127.0.0.1
    Receive-sms.com is no solution.

    All the phone numbers have already been used to activate Google accounts.

    Hushmail is good for anonymity as long as you properly mask your IP address.

    If you set up the account anonymously, there is no info to hand over.

    Even an untrusted system which allows for anonymous use over Tor/VPN or hacked wifi is suitable for anonymous and private communication.

    But why waste time on email providers' privacy policies, when we have Bitmessage?

    Bitmessage is a trustless decentralized peer to peer system for anonymous communication.

    It really works.
     
  18. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    The only thing I disagree with is this. Unless you never, ever, ever, talk about IRL info in your encrypted emails...Hushmail can serve you a hacked applet, get your decryption key, and read your email to find out who you are. I would never use them. I think they are even worse than Gmail, Hotmail, etc... in that one expects that from the big providers and you can PGP (absolutely) anything that is private. Hushmail can basically crack their "version" of PGP...there is no privacy/security at all, IMO.

    PD
     
  19. justpeace

    justpeace Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    48
    Location:
    127.0.0.1
    How can they do that?

    Whether Hushmail's built-in encryption is trustworthy is a separate question from using the mail service
    anonymously via ToR.

    I would not even think of using any built-in encryption offered by any free email service.

    They can't serve you a bad applet, if you take adequate precautions such as :

    (1) Only access Hushmail's web interface over ToR from inside Whonix or another virtual machine.

    (2) Always disable Java and all leaky extentions/plugins.

    (3) Never rely on Hushmail's built-in encryption which you can't never audit, but only use your own local PGP encryption.

    (4) Always and only use their mobile web interface at http://m.hushmail.com without Javascript or Flash.

    (5) Shut down and wipe the virtuel partition and all browser data between each login.

    (6) Only use the virtual machine to access the email account anonymously.

    You don't need Java to use Hushmail's basic email service, only if you want to rely on their built-in encryption.

    Hushmail states in their ToS that they obey Canadian court orders, and in the meth dealer case for which they got flag in the privacy community, there was an actual investigation and court order.

    My point is that even if their Privacy Policy is worthless, it's really not necessary to trust them because their basic webmail service is still useful for sending and receiving anonymous email.


    My perspective is that Hushmail = Tormail with regard to anonymity. We don't know for certain who they are, and have no way of dispelling the possibility that the service is a honeypot.

    But does it make any difference?

    The hardcore users of ToR in most need of anonymity would and should never commit the blunders which got the former Hushmail users in trouble.

    If the meth dealers had used Hushmail over ToR, proxy and had rolled out their own PGP encryption, they would probably still be fre as a bird.
     
  20. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Well, you aren't really using "Hushmail" in your example, or put another way, you are in name only. And they are still pulling one over huge on 'normal' users. Your method could be used with any cloud email provider safely - which is great. But my comments on Hushmail as a company, are still valid, IMO.

    PD
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    No email service that uses SMTP over the open Internet is fully anonymous. The best is Tormail to Tormail. With Countermail to Countermail, only they can identify correspondents, but there are money trails. If you want real anonymity, in addition to encryption, the best option is using Quicksilver for mixnym nyms via Mixmaster remailers with alt.privacy.anonymous-messages as inbox.
     
  22. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Mirimir:

    I know this is an old post. Since Tormail went out with Freedom Hosting debacle I thought I would mention two services. First is OnionMail. Looks almost identical to the old Tormail and may in fact be from the same people. However there was only 500 free accounts and now they charge .18 btc. (http://iir4yomndw2dec7x.onion/). The second one is MailTor. My new favorite. Registrations are open. I have been using the site for awhile so it is not a complete fly by night. It serves the same purpose of the old Tormail. Address to address should be secure. Standard caveat. It is the darknet and you don't know who runs it. Good vehicle for going account to account using PGP (http://mailtoralnhyol5v.onion). Hope this helps people.

     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Cool :thumb: Thanks :)
     
  24. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Mail1Click is a free encryption email service with a simple and easy to use interface. Encryption and decryption automatically materializes in the background, there is no need to click on any special button but both parts have to be using Mail1Click to send and read encrypted emails. Data stored in the email server is kept secure using AES256-bit. - See more at: http://www.hacker10.com/computer-se...mail-service-mail1click/#sthash.xUtLQcWE.dpuf
     
Loading...
Thread Status:
Not open for further replies.