Anonymous and safe emailing

Back to index
Anonymous Email - Safe and Secure Emailing Tutorial (source)

Anonymous/secure emailing
Anonymous remailers (sending an email without data sender)
Warnings for anonymous emailing
PGP/ encrypting e-mail

Hushmail is a free email-service that offers anonymous and secure communications to its
users. It does not require you to provide your name and other personal information, or you can
provide false information.
Hushmail users can send emails to each other without fear that their messages are being
intercepted and being read by third-parties. Hushmail uses an encryption process which is
done completely automatically. The privacy aspect only works when sending messages
between Hushmail accounts (https://www.hushmail.com)
To become a member of Hushmail ánd to be able to use its service you need to have java enabled.

If you're using Internet Explorer: It's best nót to use Internet Explorer. For it's encryption-engine
is just not reliable enough.
I suggest you add Hushmail to your "Trusted sites" before becoming a member.
(The security-level isn't set so high here):
a)Open Internet Explorer.
b)Click "Security" and then "Trusted sites".
-Click "Custom level" and choose at option: "Permission for Java" > High safety.
-Click "Sites". In the field: "Add this Web site to the zone:" you typ: https://*.hushmail.com/*

If you're using Opera or Netscape: Enable Java before using Hushmail. Don't forget to disable it after.

ANONYMOUS REMAILERS (sending an email without data sender):
(source)

There are websites that provide you with an email template which you
fill out in the same way as with a regular email account. These web sites
then forward your mail to the destination of your choice. The mail could
then be theoretically traced back to the web remailer that you used, but
not to your computer.
-nonymouse.com/anonemail.html (Not encrypted) -www.gilc.org/speech/anonymous/remailer.html (More secure than the first,: Chains several anonymous remailers together) (Not encrypted)
-https://riot.eu.org/anon/remailer/html.en (Chains several anonymous remailers together): (Also uses SSL encryption to scramble your data during transmission from your computer
to the server. Third parties cannot determine the contents of your email)
WARNINGS FOR ANONYMOUS EMAILING
Never send an MS Office document
Never send an MS Office document to any destination when you're concerned about privacy.
(Every MS Office document has a unique code which can be traced.) Always use an alias for
yourself and your machine. MS Word includes user info in your documents. So make sure this
info is not specific to you.
Copy the contents into a text editor (notepad) and send the txt. file. Or copy and paste it
into the body of an e-mail. (source)

Don't view HTML email from unknown sources
-If you read email or Usenet through a browser, marketers can place a cookie identifying you to them by
spamming you with HTML pages containing a URL with a unique code (source).
-HTML pages can contain an image tag, which can sent a call to a Web server to fetch the image. This way it can
leave your IP address on the Web server logs (source).

USE PGP (source)(free download from: www.pgpi.org)
Best to choose a recent version. In version 4.0 and earlier some bugs have been found.
Watch out using pgpdisk of the commercial version 6.0 (read): General information/ What does pgp do:
-PGP encrypts your email so that only the intended recipients can read them.
-You can digitally sign messages so that the recipient can verify that
the information within it has not been tampered with in any way.
-In the proces, 2 complementary keys are used to maintain secure communications.
A private key (yours) and a public key (for the people you communicate with).

NOTE: When you want to send someone an encrypted message, you use that
person's public key to encrypt the message.
When you receive an encrypted message you use your own private key to decrypt
the message.

BEFORE INSTALLING PGP:
-Install PGP on a machine which is not accessible to other users. -A 2048 bit key (standard) should keep your secrets safe at least until 2020 against very highly funded and knowledgable adversaries (Best not to use a 1024-bit key). -Your pass phrase should be at least 12 characters long, using a random combination of letters and digits. -After downloading the program make sure you're not connected to the Internet before you start Installing.: WORKING WITH PGP:
1)Make a private (secret) and a public key:
-Open PGP (Click the PGP-lock in the taskbar and choose "PGPkeys").
-Click "Keys" >"New key" (Click next).
-Choose to give up your real name and emailaddress or fictitious data
-Make up a password

2)Give your public key (this is just a block of text) to others:: -Open up a texteditor (notepad) and give it a suitable name
-Open PGP and choose "PGPkeys"
-Use your right-mousebutton to click the key you choose and click option: "Copy"
-Go back to the texteditor and choose: "Paste"
a)Give your public key on a disk to the recipients of your email (If you do forget about step 3)
b)Distribute your public key: email it to the people you want to have it or sent it to a public
keyserver.

3)Check your public keys by checking the "unique fingerprint" on it: (choose one)
a)Call the person and have them read their keys "fingerprint". To be sure,
also ask them for the key size and its key ID. (This can be checked by clicking
the right-mousebutton on the key of your choice and choosing "Key Properties")
b)-Open "PGPkeys". -Click the public key of the person you want to check.
-Click "Keys >"Properties".
-Compare the content of the "Fingerprint text box" with the original fingerprint.
c)If you don't know the person very well then the only resource is to exchange keys
face-to-face and ask for some proof of identity.

4)Signing someone's public key:: (When you sign a user ID, make sure it is signed by the key's owner.)
-Use the right-mousebutton to click the Public key of your choice, then Click: "Sign".
-Enter your password.

5)Using someone's public key to encrypt a message:
a)IMPORT THE PUBLIC KEY:: Click "Keys" > "Import" and select the key.
Click in the "Select key(s)" screen: "Import".
TYPE A MESSAGE TO ENCRYPT:: Open a texteditor and type your message. Then save the message
(For example in My Documents).
ENCRYPT THE MESSAGE:: -Right-mouseclick the message you want to encrypt (in My Documents).
Click: "PGP" > "Encrypt".
Doubleclick the right person's public key (If you want to wipe the original
check the "Wipe Original" field.) (Click OK).

ABOUT PGP:
-The fact that the entire source code for the free versions of PGP is available makes it just about impossible for there to be some hidden trap door. The source code has been examined by countless individuals and no such trap door has been found. To make sure that your executable file actually represents the given source code, all you need to do is to compile the program yourself and use the resulting executable. -Key signatures can't be forged. There are currently no methods to create a fake signature for a user ID on someone's key. To create a signature for a user ID, you need the signatory's secret key.: WARNINGS:
-Make sure you're never connected to the Internet when you use your private key or when you're typing your password. I'd recommend installing a good firewall and then to: Engage Internet Lock. This also prevents a potential keylogger from logging your password and then hitting the Internet to sent the password to "X". -Only use a texteditor like notepad, never use Word or other Office documents to type a text you want to encrypt (They will make backups) -Don't ever put your public key disk in someone else's machine so they can add their key. Nor should you put a copy of your secret keyring in someone else's machine so you can sign their public key. -It is possible to create a public key with the same fingerprint as an existing one, thanks to a design misfeature in PGP 2.x when signing RSA keys. But the fake key will not be of the same length. -Don't use the PGP file wipe option. In most cases it doesn't work the way it should (read)