|
Home > Archive > Anonymous Servers > April 2006 > Hushmail via Anonymizer = 100% anonymous?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Hushmail via Anonymizer = 100% anonymous?
|
|
| http@spamhole.com 2006-03-31, 12:11 am |
| Technical question -
If you launch Anonymizer, then lauch the HushMail site via the
Anonymizer website, are your emails 100% un-traceable (back to you) ?
Hushmail claims that your actual IP can never be linked back to you via
emails you send, but who really knows? With an "overlay" of
Anonymizer, I would tend to think you are 100% secure, or damn near.
Comments?
| |
| Peindexer 2006-03-31, 12:11 am |
|
<http@spamhole.com> wrote in message
news:1143508840.495835.37780@j33g2000cwa.googlegroups.com...
> Technical question -
>
> If you launch Anonymizer, then lauch the HushMail site via the
> Anonymizer website, are your emails 100% un-traceable (back to you) ?
>
> Hushmail claims that your actual IP can never be linked back to you via
> emails you send, but who really knows? With an "overlay" of
> Anonymizer, I would tend to think you are 100% secure, or damn near.
>
> Comments?
>
Java script on or off ?
| |
| TwistyCreek 2006-03-31, 12:11 am |
| On 27 Mar 2006, http@spamhole.com wrote:
>Technical question -
>
>If you launch Anonymizer, then lauch the HushMail site via the
>Anonymizer website, are your emails 100% un-traceable (back to you) ?
>
>Hushmail claims that your actual IP can never be linked back to you via
>emails you send, but who really knows? With an "overlay" of
>Anonymizer, I would tend to think you are 100% secure, or damn near.
>
>Comments?
Because of the way the web functions, I do not believe it is posible to be
100% anonymous using the web.
Use JBN or QS if you want true anonymity.
| |
| Borked Pseudo Mailed 2006-03-31, 12:11 am |
| http wrote:
> Technical question -
>
> If you launch Anonymizer, then lauch the HushMail site via the Anonymizer
> website, are your emails 100% un-traceable (back to you) ?
No. Absolutely not.
Anonymizer has your IP address at the very least, and Hush has theirs as
well as any acoount info you gave them, which even if bogus partitions you
as an identifiable, single user.
There is a clear path back to at the very least you IP address, which your
ISP could easily translate into a real name and billing address.
> Hushmail claims that your actual IP can never be linked back to you via
> emails you send, but who really knows? With an "overlay" of Anonymizer, I
> would tend to think you are 100% secure, or damn near.
Even acceptably secure methods like remailers and Tor aren't "100%
secure". The Internet wasn't designed for any sort of anonymity, in fact
it's more or less designed for exactly the opposite. It's absolutely
imperative that data flows both ways for it to function at all. That means
that just like modern encryption, your security depends on it being more
difficult than it's worth for an attacker to try and compromise.
Anonymizer and Hush could be easily compromised by law enforcement or a
clever intruder. A warrant or some flaw in a script somewhere could be all
it takes. And we know how common both are. ;) OTOH, multiple layers of
"blind" encryption like those used in Onion Routing and Mix protocols make
compromise mathematically unfeasible.
All that being true, how much security do you really need? Are you hiding
from the law? Then you're better off staying as far away from any computer
as you can. But if all you need is to be clear of your garden variety
spammer or Internet kook, then just about anything at all that hides your
IP and email address would be good enough. Assuming of course the method
you choose isn't run by spammers or kooks itself. ;-)
| |
| Thomas J. Boschloo 2006-03-31, 12:11 am |
| -----BEGIN PGP SIGNED MESSAGE-----
http@spamhole.com wrote:
> Technical question -
>
> If you launch Anonymizer, then lauch the HushMail site via the
> Anonymizer website, are your emails 100% un-traceable (back to you) ?
Not if you created the account non-anonymously. In fact, when you access
your hushmail account just once without anonymous http, you are compromised.
You also assume that the hushmail Java code has no instructions that can
retrieve your ip. The only way to fully avoid this is to make sure your
own computer doesn't know its own ip address (or inspect and compile the
source yourself). I am not sure this is at all possible.
> Hushmail claims that your actual IP can never be linked back to you via
> emails you send, but who really knows? With an "overlay" of
> Anonymizer, I would tend to think you are 100% secure, or damn near.
>
> Comments?
They probably just mean that on sending mail the hushmail server acts
like a simple penet.fi type anonymous server. History has proven that
not to work.
Be cautious,
Thomas
- --
Robert Heinlein: "When in danger or in doubt, run in circles, scream and
shout"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRCmcNAEP2l8iXKAJAQE+RQMeO3+7SuTW
EkE7FRp1dsnf9ToDFswLPwHE
q7OvmXlPuZ9YfStpvy5kCej7W69XUs/S8e5I4p0v66p1vf1xtzv9U0DTuW/k7/nr
jb+l3YfvONBsi+mzMfbd/fo/bpZrP66G7CS0Ng==
=m4V6
-----END PGP SIGNATURE-----
| |
| Sufic Hokidmin 2006-03-31, 12:11 am |
|
"Thomas J. Boschloo" <nospam@hccnet.nl> wrote in message
news:44299bb5$0$11070$e4fe514c@news.xs4all.nl...
> -----BEGIN PGP SIGNED MESSAGE-----
>
> http@spamhole.com wrote:
>
> Not if you created the account non-anonymously. In fact, when you access
> your hushmail account just once without anonymous http, you are
> compromised.
>
> You also assume that the hushmail Java code has no instructions that can
> retrieve your ip. The only way to fully avoid this is to make sure your
> own computer doesn't know its own ip address
HA! that is a good one. you are funny.
| |
| George Orwell 2006-03-31, 12:11 am |
| Sufic Hokidmin wrote:
>
> HA! that is a good one. you are funny.
No, actually that's pretty good advice. A fine argument for your PC
residing behind a NAT or other boundary device so that all it knows is
its "192" address.
| |
| Stephen K. Gielda 2006-03-31, 12:11 am |
| In article < d3947b148fa498fb67e43c7f95803149@mixmast
er.it>,
nobody@mixmaster.it says...
> Sufic Hokidmin wrote:
>
>
> No, actually that's pretty good advice. A fine argument for your PC
> residing behind a NAT or other boundary device so that all it knows is
> its "192" address.
>
>
It's also important that program registrations, OS settings, etc. not
contain any identifiable information. From common tricks like looking
up netbios name to getting Office registration and other settings from
the registry. Anything that runs on your local machine will have access
to certain things that can id you.
/steve
--
Cotse.Net Privacy Service
Your Shield From The Internet
http://www.cotse.net
| |
| Solayman 2006-03-31, 12:11 am |
|
"Stephen K. Gielda" <steve@packetderm.com.bogus> wrote in message
news:MPG.1e94111cf78285339896f8@news.newsreader.com...
> In article < d3947b148fa498fb67e43c7f95803149@mixmast
er.it>,
> nobody@mixmaster.it says...
> It's also important that program registrations, OS settings, etc. not
> contain any identifiable information. From common tricks like looking
> up netbios name to getting Office registration and other settings from
> the registry. Anything that runs on your local machine will have access
> to certain things that can id you.
>
> /steve
> --
> Cotse.Net Privacy Service
> Your Shield From The Internet
> http://www.cotse.net
seems like anybody can read all the cookies too, is that true ?
| |
| George Orwell 2006-03-31, 12:11 am |
| Solayman wrote:
>
> "Stephen K. Gielda" <steve@packetderm.com.bogus> wrote in message
> news:MPG.1e94111cf78285339896f8@news.newsreader.com...
>
> seems like anybody can read all the cookies too, is that true ?
Cookies, cached images and "web bugs", even certain HTML elements if your
setting are right (at defaults I believe). All these and more.
That's why it's important to be absolutely nit picking when it comes to
configuring and using your software. Or even better, to have different
software installed for anonymous and non-anonymous use. A copy of Firefox
for "regular" web browsing, and a copy of Opera for anonymous browsing
that you NEVER use without Tor/Privoxy or whatever it is you choose to use.
This is where *nix really shines. Most distributions come with several
"lesser known" browsers installed by default. Konqueror is a good, solid
browser for anonymous use, and there's always Lynx which eliminates a lot
of the problems by being text only to begin with.
| |
| Michael Schierl 2006-04-01, 1:41 pm |
| George Orwell <nobody@mixmaster.it> wrote:
>
>No, actually that's pretty good advice. A fine argument for your PC
>residing behind a NAT or other boundary device so that all it knows is
>its "192" address.
Does not help, even with Java. Java by default allows applets to do
connections to the original server (if you configured a proxy, they
can decide to use it or try it without). So if the applet opens a
connection to hushmail's server (and uses it to send some token like
the username), the server will know the client's external IP address
although the client himself does not.
Michael
--
My PGP Key: User ID: Michael Schierl <schierlm@gmx.de>
Key ID: 0x58B48CDD Size: 2048 Created: 26.03.2002
Fingerprint: 68CE B807 E315 D14B 7461 5539 C90F 7CC8
http://home.arcor.de/mschierlm/mschierlm.asc
| |
| Borked Pseudo Mailed 2006-04-02, 7:00 pm |
| Michael Schierl wrote:
> George Orwell <nobody@mixmaster.it> wrote:
>
>
> Does not help, even with Java. Java by default allows applets to do
> connections to the original server (if you configured a proxy, they can
> decide to use it or try it without). So if the applet opens a connection
You're grasping at straws. Adding meaningless issues to cloud the fact
that if a machine only knows it's local IP that's all it can hand over
when interrogated. If Java manages to hand over that information in some
other way it's a different problem entirely and needs to be dealt with in
some other way. Like firewalling against unknown or unnamed applications
creating their own connections for example. <shrugs>
> to hushmail's server (and uses it to send some token like the username),
> the server will know the client's external IP address although the client
> himself does not.
>
> Michael
| |
| http@spamhole.com 2006-04-18, 12:11 am |
|
How about accessing Hushmail via Anonymizer launced via USB drive,
attached to a PC in a public library or univeristy computer center?
This would resolve any "your computer can be identified" issues.....at
least to the point of linking it to me.
| |
| Borked Pseudo Mailed 2006-04-18, 12:11 am |
| http wrote:
>
> How about accessing Hushmail via Anonymizer launced via USB drive,
> attached to a PC in a public library or univeristy computer center?
>
> This would resolve any "your computer can be identified" issues.....at
> least to the point of linking it to me.
No. Not even close.
1. Public access points are WAY insecure. They're heavily monitored, and
you're part of their local network.
2. Anonymizer knows who you are, at least as far as your IP address goes.
They have a physical location.
3. Hush knows you're coming from Anonymizer.
That combination means there can be a clear and easy to follow path right
back to you and your machine. Sorry, that's NOT covered under the
definition of anonymous.
The closest you're going to get to being unidentifiable is to make the
path back to you impossible to follow. The only way to do that that we're
aware of right now is to use Mixmaster or Tor. They use nested encryption
to make various points along the way ignorant of traffic source,
destination, or both. In theory at least there is no path to follow, and
thus no debate at ALL about "what if the University...", as I'm sure some
people will start suggesting. ;-)
| |
|
|
TOPIC: Hushmail via Anonymizer = 100% anonymous?
== 1 of 1 ==
Date: Sun, Apr 16 2006 8:20 am
From: Borked Pseudo Mailed
http wrote:
>How about accessing Hushmail via Anonymizer launced via USB drive,
> attached to a PC in a public library or univeristy computer center?
>This would resolve any "your computer can be identified" issues.....at
> least to the point of linking it to me.
Using a browser from an USB drive will stop the browser in that computer
from having a copy of your
internet browsing history, but there will be a machine (router?) that will
log all your activities
and will keep a copy of your browsing history, by using Hushmail you will
be able to fool any
evesdroping on the emails you are reading, the network administrator will
not know what the emails say as
everything is encrypted, but he will know you are visiting hushmail, were
you to use Hotmail, the network
administrator could also read your emails if he felt like it.
I have used Hushmail in the past from public computers for this reason,
and the problem number one I find
with it is that it requires you to install a Java applet which needs
administrator privileges to be
installed in the computer you are using. If you want to access encrypted
email on public computers
I reccomend you go for a service that work without extra installations and
still encrypt the communication,
some I know of:
https://www.fastmail.fm,https://www...w.mailvault.com
I have used Opera on USB too http://www.usb-opera.com, this browser is not
supported officially by Opera
be very careful, I can tell you for sure that Opera on USB will leave
tracks behind, sometimes it writes
the cookies on the guest computer instead of the USB drive.
In order to be untrackable in a public computer you must avoid using a
login name and password
attached to you, in my experience using a public Wifi hotspot with a
laptop helps,internet cafes too, but you name
libraries and universities, I do not know in your country but in the UK
universities and libraries all require me
to show my membership card with my name and address on it, you could of
course try and register with a fake name and
address if it wasnt illegal, anonymity is extremly hard to accomplish,
identity theft is much more viable.
For example in order to register with a library in the United Kingdom you
will need a recent bank statement with
your name an address on it,with a printer colour any kid can make a
credible bank statement from some little bank or building society,
scanning your domestic phone bill and changing the name and address with
photoshop or Gimp and then printing it it is easily accomplised too, and
can be used to open fake internet library accounts, busy hours
are always the best to do this.
The best part of using fake documents to open a library account is that
they do not copy them so if things get ugly it would be impossible for the
library to proof you falsified anything as they don't keep copies.
About a month ago an Islamic terrorist was arrested in the UK with a fake
Italian passport, he had used this passport
to open a library account and it appears that he downloaded a Bomb making
manual from the library computers too, the
guy was caught not because of his internet activities but because of some
other investigation.
It is sickening to think about all the taxpayers money being wasted down
the drain by UK libraries in internet filters
that manage to block the CNN by accident but can't do a thing against
little know sites distributing bomb making manuals
somebody is getting very rich out of scaremonging people adn telling them
how safe they will be by using their useless
filters,the last time I read about the internet filter companies profits
it had doubled in the last year.
|
|
|
|
|