Question for Job and others / was: Re: Tor and Thunderbird: Outgoing Email Unsafe?

George Shaffer George.Shaffer at comcast.net
Wed Jan 3 21:16:37 UTC 2007


On Wed, 2007-01-03 at 03:51, Ringo Kamens wrote:
> Giving somebody your IP address defeats the purpose of tor. They can
> use the IP address and cross-reference it to other databases to find
> your personal info in addition to (if you run MS or have bad security)
> hack you. Your anonymity is completely violated if you reveal your IP
> address. 

I understand the implications of revealing your IP address. That was not
what my question was really about. I said "Job, can you explain, in an
abstract manner, why it is important to you to send emails where the
recipient has no way to identify you, but you do not care about your ISP
or independent email provider being aware of your other activities,
except when you are contacting these special recipients, when you will
be using Tor?" 

What I found odd and was asking about was why Job was concerned that the
recipient of his email be unable to see his IP, when he said "I 
understand my ISP and mail.com will be able to trace me but not
receivers of emails as I am not sending any at that moment." which tends
to reverse the normal privacy concerns. Without the originating IP it's
essentially impossible to identify the ISP of an email sender, and the
ISP of the sender is likely to take meaningful action if the sender sent
really harassing or offensive emails or emails which violated the ISP's
terms of service. To me this looked like someone looking for a way to
send email, most privacy advocates would be uncomfortable defending.

Generally I think of email exchanges as mostly friendly or at least
informative. If the sender does not want the recipient (as opposed to
prying governments, ISPs, or other businesses that collect personal
information) to know who he or she is, that suggests some form of
unpleasantness may be involved.

> In addition, you referenced the such and such act which
> doesn't really have enough power (unless you harassed the president or
> something) to execute a search through tor in the first place. I'm not
> condoning illegal activities, but it's just how I see it.
> Ringo Kamens

Pretty much right. Since I thought Job might be looking for a way to
send harassing or similar emails I thought this was worth mentioning. An
annoying or mildly harassing email that otherwise might be perfectly
legal, may now, in the US, become illegal simply because the sender
attempts to hide his or her identity. I did not say I agreed with the
law or that it would be enforced in most circumstances. The FBI has and
will get involved when an email makes physical threats and appears to
have crossed state lines. Using Tor almost guarantees the latter.
Traditional investigative techniques are much more likely to be
productive in such a case, than trying to trace Tor's routing.

George Shaffer

-- 
Get my GnuPG public key from http://geodsoft.com/about/ or
use gpg --keyserver subkeys.pgp.net --recv-key A1A23194
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070103/34915a4f/attachment.pgp>


More information about the tor-talk mailing list