[tor-talk] Measuring on-line anonymity

Mirimir mirimir at riseup.net
Wed Aug 15 15:20:03 UTC 2018

On 08/15/2018 06:34 AM, Nathaniel Suchy wrote:
> Someone recommended that email was a more "anonymous" protocol. That really
> depends. Most email servers, by default, forward the client IP Address in
> headers. Make sure you are using Tor Browser with webmail or TorBirdy in
> Thunderbird if you want to use email "anonymously". Going to add at best
> email is a pseudonymous protocol. At some point there is an identity,
> ideally it's not linkable to you in real life but...

Yes, of course. And yes, pseudonymity <> anonymity. But pseudonymity is
useful sometimes, when you need to tell plausible lies. Not that Mirimir
is all that plausible, of course. But that's intentional.

> Gmail for example
> almost always requires you register from a residential IP Address and
> verify a phone number - I won't even call Gmail pseudonymous, it's directly
> linkable to you. The prepaid burner phone argument is silly - anyone
> remember: https://muckrock.s3.amazonaws.com/foia_files/7-3-14_MR6608_RES.pdf
> ?

Sure, but why would anyone use Gmail? There's CounterMail, Tutanota,
ProtonMail and ScryptMail. Even VFEmail and cock.li have .onion servers.

I do agree that the burner phone stuff is silly. I mean, surveillance
video. License plate tracking. Phone tracking. Plus the need to travel
long distances before using, to fuzz geolocation.

The hosted SIM approach seems far better. Region-scale blacklisting is
possible, of course, to mitigate bot abuse. But it's a large planet.

> On Tue, Aug 14, 2018 at 8:28 PM, Mirimir <mirimir at riseup.net> wrote:
>> On 08/14/2018 04:48 PM, panoramix.druida wrote:
>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>> El 14 de agosto de 2018 8:17 PM, Mirimir <mirimir at riseup.net> escribió:
>>>> On 08/13/2018 07:52 PM, panoramix.druida wrote:
>>>>> Hi, is there a way to measure the level of anonymity on a system?
>>>> Sure. There's some literature. Check out
>>>> https://www.freehaven.net/papers.html.
>>> Thanks, lots of good stuff!!!
>> Yeah, it's a _great_ resource.
>>>>> Ricochet is way better to protect anonymity. I don’t need a phone
>> number, not even a name, I just use the onion service hostname. With
>> Richochet I am anonymous all the time unless I identify myself.
>>>>> Email may not be as good as Signal for end to end encryption (even
>> with pgp), but it can be way better for anonymity. For instance, this email
>> account was created using Tor in Protonmail, and there are other mail
>> providers that allow me to this. If I always use Protonmail with Tor, it is
>> very hard for Protonmail to learn who am I and where I live, doing that
>> with Signal is harder. However with Ricochet is way easier.
>>>> Well, there's a huge metadata issue with email. Using .onion webmail
>>>> mitigates much of it. But everyone needs to watch their OPSEC, to avoid
>>>> deanonymization.
>>>> And why do you say that deanonymization is way easier with Ricochet?
>>>> It's all via .onion instances. But I gather that Tor Project no longer
>>>> actively supports the work.
>>> What I meant is that is easier to stay anonyumouse on a system like
>> Ricochet.
>> OK, got it.
>> --
>> tor-talk mailing list - tor-talk at lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list