Anonymous Emails

Lesson 1.1 – Anonymous emails

The process of “getting anonymous” is circular.  You are “known” today, so your process will be to gather bits of anonymity and use them to get more anonymous.  I’m not going to go into detail right now (will cover soon) but just know that you will go through several iterations until you are able to freely visit websites or communicate and there will be no definite trail linking your activities to you.

For today, here is how to get yourself an anonymous email or identity.  There are many ways, and websites, this is just one way.  We will first try to get an email using a fake recovery mail.  If that doesn’t work, we’ll use a disposable email to feed into the mail service we really want.

1) If you already have a VPN, you’re ahead of the game.  Do everything via VPN.  If you have Tor, use that.  If you aren’t using VPN or Tor, then let’s just proceed for now to practice.

2) Most email providers require you to provide a recovery mail when you sign up.  Interestingly, there are many providers that do NOT validate whether the mail you give them is actually real or not.  Unseen is one of those providers.  Caution – if you forget your password, there will be absolutely no way for you to get recovery into your inbox.  Caveat Emptor.

3) First, try to sign up at the provider you ultimately want the email from by providing a bogus email like jim@nomail.com.  If that works, great, you’re done!  Go to step 7.  If not, proceed with the next step.

4) Go to this site:  http://www.10minutemail.com.  There are many other sites that have disposable emails.  We chose this one because it has a tight privacy policy.  We detected no javascript execution, and our ad-blocker blocked ad trackers without losing any site functionality.  Privacy Policy below….

Welcome to 10 Minute Mail

10MinuteMail.com does NOT keep logs or records of your personal data including, but not limited to, your IP address, your incoming e-mail, and your outgoing e-mail.

Your privacy is very important to us.

A temporary cookie is used to allow the service to deliver the e-mail to the right person, but will expire when you close your browser.

5) Create a disposable email, copy it, then go to the site you really want the email from, like gmail or yahoo.  Many “regular” email services require a valid email in order to get one of their emails.

5a) Update on 8/53/14:  We see that Gmail is requiring SMS or Cell verification.  We are looking at techniques to spoof SMS verification.  As of right now, this lesson does not work for Gmail until we find a way for google to accept a false SMS verification.

6) Use the 10 minute mail as the contact or recovery email for the other email service that you really want.

7).  Done.  You now have a relatively untraceable email from gmail, yahoo, unseen, etc.  I say “relatively untraceable” because there are techniques we’ll talk about later that will truly break up any trail back to you…but again, this is an iterative process.

8)  Keep your emails clean…the hardest part of this isn’t tech, it is personal discipline to never pollute an anonymous “identity” with your personal business.

8)  Keep your emails clean…the hardest part of this isn’t tech, it is personal discipline to never pollute an anonymous “identity” with your personal business.

Yes, that was intentional.  Start compartmentalizing, right now.

LESSON ID=> 0002

Advertisements
6 comments on “Anonymous Emails
  1. Some1 says:

    Hotmail will allow you to create an email without verifications, but eventually will block your use of the account for alleged “suspicious activity” and require a cell phone number for the purpose of verification of the account. In my case, I had never used the service to send an email, but was locked out due to incoming spam email. Needless to say, I abandoned the account.

    As for spoofing SMS, the easiest solution I have found is to drop $10 on a burn phone and use it once (away from your home/business/family/etc.) to start the account, then ditch the phone.

    Administrator: the email associated with this reply was randomly generated by the web service DoNotTrackMe, which is masking an email address I no longer use. I am also browsing via a double VPN: log into one service, then log into a second separate one.

  2. ffio says:

    some1 – thanks for the info. I had considered the burner phone as a solution, but wanted to try to find an online solution as well. Ultimately your solution is the best one. The downside is that it requires extra effort, so we were searching for a spoofing method that many would more quickly implement at the keyboard. Most folks may not go the extra mile…but they should.

    As for the DoNotTrackMe, it seems similar to 10minutemail, but I like what you did there. You didn’t even bother getting a permanent anonymous address, just use disposables immediately. I suspect this email section may expand into a collection of techniques, so H/T to you and we’ll include it. And you’re obviously already way up there with the double VPN. We’ll combine that with Tor or Whonix later on.

    Thanks for reading and sending in excellent suggestions.

    ~ffio

  3. Jeff says:

    What do you think about bitmessage? Accounts can be created without personal info being required.

    • ffio says:

      Hi Jeff – I think bitmessage is very interesting. I only came across it recently, when I found it from someone who posted on WRSA about page…http://westernrifleshooters.wordpress.com/about/. Poster was “somebody”, search for “bitmessage” on the page.

      We tested it briefly, was easy to set up and use. Steve Gibson, of http://grc.com, liked the concept, but was not impressed by it, says it has weaknesses. He did a podcast, audio transcript is below. The real meat about btm is about 3/4 into the transcript.

      https://www.grc.com/sn/sn-420.pdf

      He does mention that someone was able to de-anonymize IP’s, but he is encouraged in that others have said essentially “good idea, but I am working on something to make it better”.

      So i think for now, btm is in a wait and see status. It is only v0.4.2, at least the version I downloaded not too long ago. If you have any different opinion or experience, we’d like to hear about it.

      Thanks for reading and commenting.

      ffio

  4. Stones says:

    Which would be more preferable, using TOR on a personal computer, or using a public computer (say at a library) without TOR?

    • ffio says:

      Hi Stones, great question. Here is how your risks stack up.

      If you haven’t read Lesson 0017, Privacy & Anonymity Concepts, it may help to understand the risks and difference below.

      Tor is a known quantity, and can give you a high degree of anonymity when used properly. A public library “may” give you some physical anonymity, but you don’t own the machine (key loggers?), you may be asked to sign in at the desk and leave an ID (or there are cameras), and if you can’t use Tor, then your online presence is not anonymous. If you’re lucky, you can use secure browsing to do what you want to do, and perhaps webmail with encryption. So, you may get Privacy (Encryption), but not Anonymity. You’re not associated with your home location, but you don’t control the security in the public location either. There are too many unknowns in this scenario for me.

      If I had to choose one of your options, I’d take Tor on my own machine every time. I own the hardware, I own the location, I own the network, and I will be more likely to pay attention to my personal discipline. The easier something is for you to do, the more you will do it and maintain OPSEC. Hiking across town is not as easy as booting up at home.

      If the concern is around leaving traces of your activity on your home laptop, I’d say you have more control to prevent or erase those traces at home than you do on a public computer. TAILS (or any other Linux distribution that runs in RAM) is an option here as well.

      I hope this helps. Please feel free to follow up if you have further questions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s