Friday, November 30, 2012

Webmail Privacy: Is true anonymity possible?

EFF ran a blog post describing how-to on sending and receiving Webmails anonymously.  With the CIA director David Petraeus resigning over leaked personal Webmail, I read through the how-to steps thinking that I might consider keeping personal data, such as correspondence with my wife and my medical doctor.  But after a half way into it I realized that it was just way too restrictive for me.

Alas, price of leaking secret communication can be high.
Source: http://www.cbsnews.com/8301-250_162-57547958/cia-director-david-petraeus-resigns/
The deal breaker for me was the fact that I had to use Tor Browser Bundle all the time.  Even if I made a mistake of logging on to the anonymous Webmail account, Webmail provider could have logged my IP, identify my access point and locate me using ISP record down to my home address.


But after thinking about it for a while, it occurred to me that email is the wrong paradigm for sharing secret information because it sends a copy to the recipient.  In order to truly stay secret, I have to ask the other person to log in to the anonymous Webmail account using Tor so that sender and recipient can leave a message for each other on this anonymous account.

Obviously email is not the right tool for off-the-record communication.  Then what would such a tool look like?

I think it's an interesting question to ask.  Given how much personal information is stored in the Webmail, it is also worthwhile to ask how data is protected by service providers.

Is there anyone who thought about this problem?

No comments:

Post a Comment