Nobody knows who runs the Tor Mail service. This is good because nobody can order them to give up information about you. However, it's also bad because you've no idea if it's being run by responsible people, a government agency, wikileaks, or just a few nosy kids. You should still definitely use PGP encryption if you're using it.
Speaking of, has a replacement for firepgp (an awesome Firefox pgp plugin from some years ago) ever cropped up? It was so idiot-proof it was beautiful, and had the project not closed down, I probably would have rallied friends and family to use it.
The problem is that it was not reasonably secure. As I understand the complaint, you can't integrate PGP into an extensible, skinnable interface securely. There's not firefox or OS support for making that kind of thing doable. You'd want to have some sort of OS and app support for being able to encrypt a message in a widget on a GUI layer above the browser and then transferring it in, so that PGP and Firefox never come into direct contact. Qubes OS has a rough mechanism for keeping different security-level apps separated, and identified via a colored window border. I wonder if something similar to this is the correct solution.
It's may be more secure than accidentally messing up because you were cut/pasting into a text box. A 0-day on firefox could extract your key which is bad. So could a keylogger + ftp that was installed via a 0-day on firefox if you were using an external application.
I don't think that the problem was that Firefox or the OS weren't secure enough. Afaik the problem was that FireGPG worked inline with the original page, and thus a hostile JS on the page could intercept the plaintext.
I think something like the "It's all text!"[1] addon with GPG enabled editor should be reasonably secure.
If you're using Thunderbird or mutt, it's really easy and there are several tutorials out there that will be helpful.
If you're using webmail (particularly Gmail), it's easy to do badly, and I'm not aware of a way to do it properly (short of manually encrypting everthing and copy/pasting it).
Actually it's a little harder still. For instance, when your browser makes requests in your behalf, it provides the destination server with a lot of information which can be used to identify you (at least temporarily)[1]. To get a better level of anonymity, one should at least use a combination of Tor and privoxy [2].
Your information is out of date. The Tor project no longer advises the use of privoxy, and advises all users to use The Tor Browser Bundle. This is specifically configured to make all Tor users look the same, precisely because of browser fingerprinting.
They say that Hushmail keeps your mail in plaintext. But does it?
From what I heard, they encrypt your mail even on their servers.
However what kills the service for me is the need to pay if you don't use it reguralry - and there is no way to pay for hushmail anonymously (read: with bitcoin).
It doesn't really matter whether they encrypt it on disk: the scenario here isn't that their disks get stolen, but that law enforcement makes them decrypt your mail. The only way to get in the way of that is to encrypt it yourself, see GPG etc.
Also: isn't a bitcoin transaction really difficult to anonymise, with the global transaction record available to the whole world?
Isn't the point of bitcoin to have anonymized transactions, even though their record is available? AKA. you can know someone bought something, but you can't identify the parties?
It's not fully anonymous. Say my friend gets some bitcoins completely anonymously by doing something illegal. And then sends them to me completely anonymously. And then I go and spend those same coins on something like web hosting which ends up having some link back to me, eg I accidentally log in to it without using Tor one time.
The police can then trace that hosting account back to me personally from my IP, and then ask me who sent those coins to me. Even if I refuse to tell them, they can still look at my various contacts/friends/family to see if any of them are likely to have committed the original crime, and investigate further.
You can even connect to the bitcoin network via Tor. The risk comes when you spend them. If there's any connection between you and the recipient of those coins, then you're potentially screwed.
> The police can then trace that hosting account back to me personally from my IP, and then ask me who sent those coins to me. Even if I refuse to tell them, they can still look at my various contacts/friends/family to see if any of them are likely to have committed the original crime, and investigate further.
Has that ever happened? If there's no way to verify that a transaction was made it would not hold up in court. In the US for stolen property it's possession that's what gets you in trouble. If the cops find you holding a laptop that was stolen the day before it doesn't matter if you paid some guy off Craigslist for it, you're in trouble (at least out your money, but if you can't prove you paid for it you're looking at a felony). What they won't do is investigate everyone in your address book (no probable cause).
Yes, it is not fully anonymous, but you can make it reasonably anonymous quite easily (infinitely more than any credit card). Just trade it for cash with someone you know in the first place, then send it to MtGox and back, then send it to something similar with online wallet and back, and the result is reasonably anonymous.
Also the default client does what it can to obfuscate all the transactions - with every outgoing transaction, the "change" goes back to you, but at completely different address. This causes that after a few transactions, it's basically untrackable.
There are some bitcoin launderers that can simplify it, but it should be clarified that much like PGP, anonymity/security is not just as simple as downloading a client and using it. You need to understand the model and its implications, or it's pretty easy to make links in the blockchain that'll give you away to an interested, resourceful party.
Bottom line: Do NOT think bitcoin is safe for your usage until you've done sufficient research to ensure that you're using it the correct way. Bitcoin is NOT private by default, it's up to you to protect the identities behind the transaction endpoints, including nearby txs. If you get bitcoins and then immediately send them to your brother's public address, or launder these only lightly, or use a MtGox address that is linked back to a scan of your driver's license somewhere in the laundering process, or if you buy your bitcoins from your brother and HE doesn't launder very well, or the guy from LocalBitcoins got curious and did a bunch of research before your exchange and the feds contact him because the coins came from an address tied to his identity, or something else like that happens, you are going to get caught if someone is interested in catching you.
It's more complicated than just downloading the client and waiting four days for the blockchain to download. :)
Hushmail is encrypted, but not anonymous. As you say, your details are tied to hushmail when you pay for it. Your account and data are all tied together.
Hushmail complies with validly formed legal requests - to the extent of crafting a backdoored version of their Java software and pushing out to the target user.
Some regions have laws compelling people to make the plaintext available.
Hushmail is useful for secret communications but only if you understand the limits.
Secrecy, privacy, and anonymity are trivially easy to break completely and hard to get right.
In germany some servers were collected by the police but relatively promptly returned once they figured out that they were tor exit nodes. Still, you're the first person that the police can get a handle on, so at least expect some questions once in a while.
I don't know about any other country, but you might just consider hosting the tor exit node in a country with more friendly laws and then use a VPN to connect there.
Indeed, you're probably protected by safe harbor/mere conduit laws in most jurisdictions, but you're still liable to become the subject of law enforcement investigations and have your equipment seized.
It can happen if you run an exit node, because your IP is visiting bad sites. If you run a relay node without exit, this should never happen because all you're doing is moving around encrypted packets to other Tor nodes.
come on. you know as well as i do that this is rare.
really, this is the height of technical cowardice. searching out exceptions for what is not only a good cause, but one that is statistically safe.
it happens regularly when tor is mentioned. there seems to be a certain kind of person that takes delight in looking for extreme examples to justify their own lack of moral fibre.
Wait, did you just suggest that I have a lack of morals because I referred to a link on the front page of HN? Kindly go fuck yourself.
Also, it doesn't matter if there's a one in a million chance that running a Tor exit will get you raided for child porn -- the vast majority of people will not take that risk to help others remain anonymous on the internet.
Do you mean as a relay or exit node? Exit nodes are the ones that take the heat.
I would be very surprised if you've run a Tor exit node for a considerable period of time without incident, even if it's just abuse notices from your upstream provider.
Not if you only set up a Tor node to be used as an internal relay within Tor network (you're doing a good job nonetheless), not as a tor exit (exit point to internet/clearnet). The latter ones are those that might get some heat. As long as it's an internal relay node only, traffic in/out is encrypted end-to-end, and I haven't heard of any problems in terms of law harassment etc.
Of course, I should have specified I was referring to exit nodes.
Without the exit nodes, the relay nodes are nothing; just a bunch of people playing hot potato with encrypted data and no one prepared to take the heat by attaching their details to it.
Is using something like iPredator [0] VPN secure enough for logging into a pseudonymous email account? If you never (ever) use a different IP address to log in to that account?
iPredator is using pptp which is very insecure. (The original authors of the protocol recommend that you shouldn't use it). It is also considered to be cryptographically broken as of last month. (http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protoc...)
(If you are using a VPN, you have to be aware that there is a lot of snake oil. Finding a good VPN provider is very difficult, and then purchasing the VPN anonymously is even more difficult.)
What about running my own e-mail from my residence or contained within a data center on a computer that I personally own (that is, not leased from the hosting provider) and connected to the Internet via a subscription in my own name? I'm rather curious about what legal areas this might fall into.
> connected to the Internet via a subscription in my own name
I thought the article was about anonymous e-mail. Anonymous as in, nobody can tell who you are, not even the Feds. Anything you paid for with your credit card is probably not going to meet that criterion.
Good point. I was more wondering about this as an alternative to purely anonymous e-mail in light of one of the reasons why people try to avoid having e-mail tied to them (government having a peek).
There was an article on HN a while back about a server removed from a DC by the feds; that's one risk.
If you have the server at your home sending emails, it will be trivial for law enforcement to figure out where you are and show up at your door with a warrant to sieze your computer.
Yes, I'd like to hear about what other people are doing for private email too. Anonymous is pretty special case. How is everyone protecting day-to-day communications?
Setting up GPG with a webmail, lets say Hushmail, completely d have been in the scope of that tutorial ... Description of "how install Tor Bundle" and blah blah blah are way too long, for such an incomplete result, man.
If I understand correctly, the key feature of OTR is its plausible deniability; the messages you send do not have a digital signature that a third party can use to verify their integrity, but the other party in the conversation is able to verify them.
Is that really going to hold up in court? Surely by the same token I could dismiss absolutely everything there is any record of me sending or receiving over HTTP because it could theoretically have been forged or tampered with in transit.
The most useful feature (of course, not a unique feature) of OTR is perfect forward secrecy. This means that, unlike GPG, you can lose your private key and not give up everything you have ever encrypted.
The plausible deniability stuff is probably not that useful in court, as you note.
If the 'plausible deniability' is not that useful in court, that means it isn't plausible deniability. It's better to say that OTR doesn't provide plausible deniability, even though it claims to, if that's what you believe. (I don't have an opinion either way.)
It's plausible deniability, but that alone isn't sufficient to avoid prosecution in most jurisdictions.
The standard in most jurisdictions is proof beyond reasonable doubt. I don't think the OTR plausible deniability would be considered reasonable doubt, especially if the content of the messages is corroborated by other evidence.
I always thought the term plausible deniability implied reasonable doubt, and that if it didn't, it wasn't plausible deniability. I mean, there's not much point in claiming something offers plausible deniability if it isn't a valid defense in court. Or is there?
Do you have an example from actual case law? All I have is Wikipedia:
"Plausible deniability is also a legal concept. It refers to lack of evidence proving an allegation. Standards of proof vary in civil and criminal cases. In civil cases, the standard of proof is "preponderance of the evidence" whereas in a criminal matter, the standard is "beyond a reasonable doubt." If an opponent lacks incontrovertible proof (evidence) of their allegation, one can "plausibly deny" the allegation even though it may be true."
However, deniability becomes less plausible when there's other evidence that makes deniability harder... i.e. Someone claims to have had a conversation with you, the logs of the conversation exists and that person can corroborate that the person on one end was them. Of course you can claim that someone was impersonating you, but what if later you had a recorded phone conversation referencing the OTR conversation, etc.
In and of itself, a piece of evidence is plausibly deniable. In the face or corroborating evidence, it may not be.
Alas, however, I do not have an example from actual case law.
EDIT: I knew I had seen some case law sort of related to this before and it was in re Boucher and US v. Fricosu. They are not directly related to "Plausible Deniability", rather they compelled defendents to decrypt their hard drives. Certainly in the Boucher case there was reason to believe that the contents of the drive were incriminating (the file names were the giveaway, I believe) so perhaps this does not fit in to the exact facts we are trying to recreate, but those are the only two cases that relate that I can recall.
Is plausible deniability an actual legal concept at all?
I see it used here and on other technical forums in topics like this, but aside from that I've only ever heard of it in political, not legal, contexts.
While OTR might encrypt contents, isn't there still an IP trail at either end plus all the providers in between? A list of associates of a drug dealer is probably more harmful than what was said.
What about Opera's FastMail.fm? They are not even based in US, so that might help. I see it's not free anymore though, but it also has no ads, so no tracking for that either.
They could've also used RetroShare for both encrypted chats and mail, and it should've been pretty anonymous as well since it's P2P. This is not something most people would be willing to do, but for someone like Petraeus, it could've been useful.
For most people using something like Jitsi for encrypted chats and video-calls is much more bearable, although you still have to watch-out where you sign-in from and where you create the account, so you'll probably have to follow the whole Tor browser part EFF mentioned in the beginning, if you want anonymity as well.
What about something like mixmaster[1]? Obviously more complex than using tor browser bundle with a webmail provider, but is it still viable for geeks? What are the risks?
Mixminion[1] is the next generation anonymous remailer that was designed to fix some problems with mixmaster. You might want to use that instead, if you can.
Probably easier and more secure to just boot in a tails live system (usb, cdrom). This system uses tor and has everything installed and configured to protect your privacy.
You still need to create an email account with a host who is at least semi-aware of the importance of privacy and cryptography (e.g., not Google). You can't make new Google Accounts from Tor nodes without additional verification (your phone number); same is likely to be true of all major email services.
Accessing your Gmail through Tor and thinking that makes you "anonymous" is just going to tell everyone that you failed at being sneaky.
>Accessing your Gmail through Tor and thinking that makes you "anonymous" is just going to tell everyone that you failed at being sneaky.
Thats a great slogan for a T-shirt :).
Oki, for a bit more seriousness... One could in theory create an account on google through tor, verify the account with a burn phone, and be rather unidentifiable. Its just kind of costly, so just bad guys with anonymous cash that can do this and not journalists.
Good suggestion. Also as a warning, don't (!) just use TOR as a proxy, through your everyday browser. Your everyday browser has probably enough configuration to be easily identifiable. That's why the torproject now emphasizes the use of the whole tor browser bundle.
I2P's mail system may be safer than this (certainly much more anonymous since you don't have to transfer any money at any point in the process), depending on the content of your mail and the level of trust you feel for the person running I2P's mail system.
summary: use Tor always, create separate email box at Hushmail and access this box via Tor only as even single access from real IP might reveal your identity, never use email providers without HTTPS://, use end-to-end encryption like GPG.
It seems to me that a government sponsored virus would look for a fingerprint for something like Tor. Whose to say the virus isn't a virus but rather a part of a retail product placed there in cooperation between industry and government.
If you want true security you need to use open products.
Here is the better [and shorter] version of this tutorial:
1. Download Tor
2. Signup and use tormail.org
3. Done.
I surprised eff.org didn't even mention tormail.org - this email forces you to use Tor, essentially forcing you to never make mistake of using non-Tor browser.
If one is using tor+pgp I don't think the venue really matters all that much. I'd personally use a pastebin-like place (public or .onion, doesn't really matter) than an email server. Anyone know if there's an active NNTP network in onion land?
Don't overlook the Google-related footnote at the end:
"Google keeps logs of IP addresses for 18 months, after which they keep logs of three-quarters of the IP address. Three-quarters of an IP address may be still enough to breach your pseudonymity in the case of an FBI investigation."
Contrast this with the explanation from Google's own Privacy FAQ[1]:
"We strike a reasonable balance between the competing pressures we face, such as the privacy of our users, the security of our systems and the need for innovation. We believe anonymizing IP addresses after 9 months and cookies in our search engine logs after 18 months strikes the right balance."
I'm quite surprised to learn that Google equates "anonymizing IP addresses" with "chopping off an octet". I suppose I'm a bit naive.
EFF didn't cite a source regarding the 3/4 claim in their article. I'd be curious where they got that information since it does conflict with their privacy policy.
I believe the chopping of the octet is separate to the anonymization, unless they haven't updated their docs:
What does it mean to anonymize the logs?
We will change some of the bits in the IP address in the logs as well as change the cookie
information. We're still developing the precise technical methods and approach to this, but we
believe these changes will be a significant addition to protecting user privacy.
After Google announced its log retention policy update in 2008, C. Soghoian asked
Google for details about the log sanitization process. He then published the following
response from Google [34]:
After nine months, we will change some of the bits in the IP address in
the logs; after 18 months we remove the last eight bits in the IP address
and change the cookie information (emphasis our own). It is dicult to
guarantee complete anonymization, but we believe these changes will make
it very unlikely users could be identied."
Under your Public WiFi heading, you should add a warning about surveillance cameras, POS credit card trails, and employee memories. These days, cameras are everywhere, and video storage has gotten very cheap. Assume investigators will visit each shop from which you surfed and act accordingly.
Best to buy your coffee at coffee shop A and do your surfing from near but not in coffee shop B.
Also, if, for instance, you are on a book tour to hype your biography of P4, be aware that, even if you follow WiFi best practices, you will still be leaving a geographic trail that investigators could find very interesting.
It makes me wonder why the government works so hard to get new powers of investigation. It seems easier to catch someone now than it ever has, despite the preponderance of new privacy tools. Using good old fashion police work like warrants, subpoenas, plea bargains, surveillance, etc, police can put together a lot of pieces that add up to a whole (I make a comment elsewhere in the thread about the problem of plausible deniability in the face or corroborating evidence). Why the hell do they need more tools?
Perhaps someone in law enforcement could shed some light on this. After all, I am looking at this from the outside.
Would like to give this a try, but I don't use Windows. Should it work on Linux? I imagine a lot of early adopters of such a system would not be using Windows...
110 comments
[ 5.8 ms ] story [ 170 ms ] threadI think something like the "It's all text!"[1] addon with GPG enabled editor should be reasonably secure.
[1] https://addons.mozilla.org/en-US/firefox/addon/its-all-text/
http://www.mailvelope.com/
If you're using Thunderbird or mutt, it's really easy and there are several tutorials out there that will be helpful.
If you're using webmail (particularly Gmail), it's easy to do badly, and I'm not aware of a way to do it properly (short of manually encrypting everthing and copy/pasting it).
Setting up the keys, though, is really easy on Linux: http://www.enigmail.net/documentation/gpgsetup.php#generate
[1] https://panopticlick.eff.org/ [2] http://www.privoxy.org/
Presumably you'd save anything important on a flash drive or something remote.
From what I heard, they encrypt your mail even on their servers.
However what kills the service for me is the need to pay if you don't use it reguralry - and there is no way to pay for hushmail anonymously (read: with bitcoin).
Also: isn't a bitcoin transaction really difficult to anonymise, with the global transaction record available to the whole world?
The police can then trace that hosting account back to me personally from my IP, and then ask me who sent those coins to me. Even if I refuse to tell them, they can still look at my various contacts/friends/family to see if any of them are likely to have committed the original crime, and investigate further.
You can even connect to the bitcoin network via Tor. The risk comes when you spend them. If there's any connection between you and the recipient of those coins, then you're potentially screwed.
Has that ever happened? If there's no way to verify that a transaction was made it would not hold up in court. In the US for stolen property it's possession that's what gets you in trouble. If the cops find you holding a laptop that was stolen the day before it doesn't matter if you paid some guy off Craigslist for it, you're in trouble (at least out your money, but if you can't prove you paid for it you're looking at a felony). What they won't do is investigate everyone in your address book (no probable cause).
Yes, it is not fully anonymous, but you can make it reasonably anonymous quite easily (infinitely more than any credit card). Just trade it for cash with someone you know in the first place, then send it to MtGox and back, then send it to something similar with online wallet and back, and the result is reasonably anonymous.
Also the default client does what it can to obfuscate all the transactions - with every outgoing transaction, the "change" goes back to you, but at completely different address. This causes that after a few transactions, it's basically untrackable.
It seems better to think in terms of "anonymous" and "not anonymous", The End.
Bottom line: Do NOT think bitcoin is safe for your usage until you've done sufficient research to ensure that you're using it the correct way. Bitcoin is NOT private by default, it's up to you to protect the identities behind the transaction endpoints, including nearby txs. If you get bitcoins and then immediately send them to your brother's public address, or launder these only lightly, or use a MtGox address that is linked back to a scan of your driver's license somewhere in the laundering process, or if you buy your bitcoins from your brother and HE doesn't launder very well, or the guy from LocalBitcoins got curious and did a bunch of research before your exchange and the feds contact him because the coins came from an address tied to his identity, or something else like that happens, you are going to get caught if someone is interested in catching you.
It's more complicated than just downloading the client and waiting four days for the blockchain to download. :)
Hushmail complies with validly formed legal requests - to the extent of crafting a backdoored version of their Java software and pushing out to the target user.
Some regions have laws compelling people to make the plaintext available.
Hushmail is useful for secret communications but only if you understand the limits.
Secrecy, privacy, and anonymity are trivially easy to break completely and hard to get right.
I don't know about any other country, but you might just consider hosting the tor exit node in a country with more friendly laws and then use a VPN to connect there.
More hassle than it's worth.
http://www.lowendtalk.com/discussion/6283/raided-for-running...
(and i find it frustrating that there's always someone - apparently with no experience - who suggests the very worst when people mention this)
http://news.ycombinator.com/item?id=4847468
really, this is the height of technical cowardice. searching out exceptions for what is not only a good cause, but one that is statistically safe.
it happens regularly when tor is mentioned. there seems to be a certain kind of person that takes delight in looking for extreme examples to justify their own lack of moral fibre.
Also, it doesn't matter if there's a one in a million chance that running a Tor exit will get you raided for child porn -- the vast majority of people will not take that risk to help others remain anonymous on the internet.
I would be very surprised if you've run a Tor exit node for a considerable period of time without incident, even if it's just abuse notices from your upstream provider.
Without the exit nodes, the relay nodes are nothing; just a bunch of people playing hot potato with encrypted data and no one prepared to take the heat by attaching their details to it.
[0] https://ipredator.se
A list of reasonable VPN providers is available here: http://torrentfreak.com/which-vpn-providers-really-take-anon...
(If you are using a VPN, you have to be aware that there is a lot of snake oil. Finding a good VPN provider is very difficult, and then purchasing the VPN anonymously is even more difficult.)
I thought the article was about anonymous e-mail. Anonymous as in, nobody can tell who you are, not even the Feds. Anything you paid for with your credit card is probably not going to meet that criterion.
If you have the server at your home sending emails, it will be trivial for law enforcement to figure out where you are and show up at your door with a warrant to sieze your computer.
Then they would message each other to go on OTR.
That's all you should send in an e-mail or text message, "go on OTR".
Is that really going to hold up in court? Surely by the same token I could dismiss absolutely everything there is any record of me sending or receiving over HTTP because it could theoretically have been forged or tampered with in transit.
The plausible deniability stuff is probably not that useful in court, as you note.
The standard in most jurisdictions is proof beyond reasonable doubt. I don't think the OTR plausible deniability would be considered reasonable doubt, especially if the content of the messages is corroborated by other evidence.
Do you have an example from actual case law? All I have is Wikipedia:
"Plausible deniability is also a legal concept. It refers to lack of evidence proving an allegation. Standards of proof vary in civil and criminal cases. In civil cases, the standard of proof is "preponderance of the evidence" whereas in a criminal matter, the standard is "beyond a reasonable doubt." If an opponent lacks incontrovertible proof (evidence) of their allegation, one can "plausibly deny" the allegation even though it may be true."
In and of itself, a piece of evidence is plausibly deniable. In the face or corroborating evidence, it may not be.
Alas, however, I do not have an example from actual case law.
EDIT: I knew I had seen some case law sort of related to this before and it was in re Boucher and US v. Fricosu. They are not directly related to "Plausible Deniability", rather they compelled defendents to decrypt their hard drives. Certainly in the Boucher case there was reason to believe that the contents of the drive were incriminating (the file names were the giveaway, I believe) so perhaps this does not fit in to the exact facts we are trying to recreate, but those are the only two cases that relate that I can recall.
I see it used here and on other technical forums in topics like this, but aside from that I've only ever heard of it in political, not legal, contexts.
Any lawyers able to shed light?
They could've also used RetroShare for both encrypted chats and mail, and it should've been pretty anonymous as well since it's P2P. This is not something most people would be willing to do, but for someone like Petraeus, it could've been useful.
For most people using something like Jitsi for encrypted chats and video-calls is much more bearable, although you still have to watch-out where you sign-in from and where you create the account, so you'll probably have to follow the whole Tor browser part EFF mentioned in the beginning, if you want anonymity as well.
* FastMail have their servers in New York City (as well as on Iceland).
* Opera Software do have an office in the US.
I have no idea to what extent that puts FastMail under US juristriction.
(Disclaimer: I work for Opera Software, but not on the FastMail team.)
[1]: http://www.debian-administration.org/articles/483
[1] - https://en.wikipedia.org/wiki/Mixminion
https://tails.boum.org/
Accessing your Gmail through Tor and thinking that makes you "anonymous" is just going to tell everyone that you failed at being sneaky.
Thats a great slogan for a T-shirt :).
Oki, for a bit more seriousness... One could in theory create an account on google through tor, verify the account with a burn phone, and be rather unidentifiable. Its just kind of costly, so just bad guys with anonymous cash that can do this and not journalists.
For more information:
http://browserspy.dk https://panopticlick.eff.org/
If you want true security you need to use open products.
I surprised eff.org didn't even mention tormail.org - this email forces you to use Tor, essentially forcing you to never make mistake of using non-Tor browser.
"Google keeps logs of IP addresses for 18 months, after which they keep logs of three-quarters of the IP address. Three-quarters of an IP address may be still enough to breach your pseudonymity in the case of an FBI investigation."
Contrast this with the explanation from Google's own Privacy FAQ[1]:
"We strike a reasonable balance between the competing pressures we face, such as the privacy of our users, the security of our systems and the need for innovation. We believe anonymizing IP addresses after 9 months and cookies in our search engine logs after 18 months strikes the right balance."
I'm quite surprised to learn that Google equates "anonymizing IP addresses" with "chopping off an octet". I suppose I'm a bit naive.
[1] http://www.google.com/policies/privacy/faq/
What does it mean to anonymize the logs?
We will change some of the bits in the IP address in the logs as well as change the cookie information. We're still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.
http://static.googleusercontent.com/external_content/untrust...
Edit: I think I'm wrong about this.
http://repository.cmu.edu/cgi/viewcontent.cgi?article=1058...
After Google announced its log retention policy update in 2008, C. Soghoian asked Google for details about the log sanitization process. He then published the following response from Google [34]:
After nine months, we will change some of the bits in the IP address in the logs; after 18 months we remove the last eight bits in the IP address and change the cookie information (emphasis our own). It is dicult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identied."
http://bernsteinbear.com/a-quest-for-anonymity
Best to buy your coffee at coffee shop A and do your surfing from near but not in coffee shop B.
Also, if, for instance, you are on a book tour to hype your biography of P4, be aware that, even if you follow WiFi best practices, you will still be leaving a geographic trail that investigators could find very interesting.
Perhaps someone in law enforcement could shed some light on this. After all, I am looking at this from the outside.
http://bitmessage.org
It works similar to Bitcon, is decentralized and does not rely on trusted third parties (e.g. for signing).
Whitepaper: http://bitmessage.org/bitmessage.pdf
(run: python2 pybitmessagemain.py)