Use cases

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
(added squizzy.de)
(Temporary E-mail accounts)
Line 26: Line 26:
 
* '''[http://mbx.cc mbx.cc]''' (for 15 minutes, session cookies required)
 
* '''[http://mbx.cc mbx.cc]''' (for 15 minutes, session cookies required)
 
* '''[http://mail2null.nl/ mail2null]''' (for 10 minutes, prolongable, session cookies required)  
 
* '''[http://mail2null.nl/ mail2null]''' (for 10 minutes, prolongable, session cookies required)  
* '''[http://www.squizzy.de/ Squizzy.de]''' (for 60 minutes, prolongable, session cookies required)  
+
* '''[http://www.squizzy.de/ Squizzy.de]''' (for 60 minutes, prolongable, session cookies required, small problems with UTF-8 characters)  
 
* '''[http://tempemail.co.za/ tempemail.co.za]''' (for 30 minutes, prolongable, session cookies required, problems with UTF-8 characters).
 
* '''[http://tempemail.co.za/ tempemail.co.za]''' (for 30 minutes, prolongable, session cookies required, problems with UTF-8 characters).
 
* '''[http://rentmail.org/ rentmail.org]''' (for 60 min, prolongable, session cookies required, 5 minutes delay because server uses greylisting)
 
* '''[http://rentmail.org/ rentmail.org]''' (for 60 min, prolongable, session cookies required, 5 minutes delay because server uses greylisting)

Revision as of 13:39, 8 March 2012

En2.png De2.png  Main Page (en) | Information for JonDonym users

Contents

Use cases for anonymous E-mail communication

If you are using one and the same address more then once in order to send or receive your E-mail, you are "creating" an identity with it. In the following you will find notes about web mail services as well as some web services designed to improve your privacy.

Remailer - Sending E-mails from disposable addresses

If you want to send E-mails, but do not want to reveal your identity to the addressee or a third party, the best thing is using an anon remailer. Some mixmaster remailer offer a web interface. If the addressee has a contact form on his web-site, of course, you may use rather that one.

  • awxcnx.de (browser must accept IFrames, attachments no longer supported)
  • Cotse

Temporary E-mail accounts

If you are registering on web-forums you often have to leave an E-mail address in order to get a confirmation. If you do not want to use your own E-mail address for it, you may use rather one of the following temporary accounts.

  • Anonbox provided by Chaos Computer Club (account will be deleted at the next day 24:00, password protection). AnonBox.net uses a SSL certificate signed by CAcert.org. Because this CA is not trusted by default by all web browsers you have to verify the fingerprint of the certificate.
SHA1: 91:28:CE:0A:01:1B:98:D0:AC:05:DC:1F:1D:CE:81:D3:06:6C:9A:F8
  • 10 Minute Mail (for 10 minutes, prolongable)
  • sector2.org (for 120 minutes, session cookies required)
  • mbx.cc (for 15 minutes, session cookies required)
  • mail2null (for 10 minutes, prolongable, session cookies required)
  • Squizzy.de (for 60 minutes, prolongable, session cookies required, small problems with UTF-8 characters)
  • tempemail.co.za (for 30 minutes, prolongable, session cookies required, problems with UTF-8 characters).
  • rentmail.org (for 60 min, prolongable, session cookies required, 5 minutes delay because server uses greylisting)

For using temporary E-mail accounts you have to open the website of of the provider first. You will see your temporary mail address or click on genrate temp. e-mail address. Do not close this site! Open a new browser tab and go to the forum or blog you need a registration. Fill the registration form and use the temp e-mail address. Go back to the temporary E-mail provider browser tab and wait for the confirmation message. Mostly you have to click on a link in the mail to finish the confirmation process. You have to enable cookies temporary.

JonDoFox supports the using of temporary e-mail accounts. You can choose a provider in the JonDoFox configuration. If you need a temporary e-mail address, click with the rigth mouse button in the input box and choose Get tempoerary e-mail. It will open a new browser tab in backgrounds an place the new generated e-mail address in the input form.

Hint: If your password was lost. there is now way to get a new password from the forum or blog for your account because the mail address is not valid any more.

Receiving E-mails to disposable addresses

You can use addresses from this PO boxes without any registration. The messages are stored for 6...12 hours and automatically deleted afterwards. You can read incoming messages in the webinterface of the provider. There is no password protection and (mostly) no way to delete messages manually. Everybody, who knows the pseudonym, can read the incoming messages. Be carefully.

E-mail accounts in one minute

There are many E-mail provider that allow you to set up a new account very quickly if required. Choose an E-mail address of the form anonymous1234abcd@provider.tld, that is "anonymous" + numbers + letters. If all JonDo users create addresses of this form, they are much less distinguishable. Please be aware that you do never access these accounts without using JonDo because otherwise your IP address is being revealed. Please note that almost all of these services need cookies for login.

  • DragonCrypt (Webmail, Javascript-free)
  • Cotse.net (secure US provider, e-amil address required for registration)
  • Hushmail (HTTPS/POP with SSL; needs JavaScript)
  • Secure - Mail.biz (Anonymous and data retention free mail accounts, no SMTP support for free accounts, premium accounts are full featured. Location: Romania)
  • aikQ Mail (Anonymous and data retention free mail accounts for 1,- Euro per month, Location: Germany)
  • SafeMail (HTTPS/POP with SSL; usable without JavaScript if you are choosing "User-Interface-NoScripts" below the password while logging in. A login history is saved. Location: Israel. )
  • VFEmail (HTTPS/POP with SSL, you need a disposable address for registration)
  • HotPop (no HTTPS; POP with SSL; only 8 character passwords; choose random answers on questions about personality)
  • Gawab (no HTTPS; POP with SSL you need to allow JavaScript for Gawab and Recaptcha for signup)
  • Vekjy.net (Anonymous e-mail accounts for 100 Bitcoins per month.)
  • Bordermail (no JavaScript, but also no HTTPS/POP)
  • Breakthru (no cookies, no JavaScript, but also no HTTPS/POP)

The JonDo help contains a short tutorial for using Mozilla Thunderbird with JonDonym.

Keep your E-mail communication

With Hushmail you can prevent the details of your E-mail communication being left behind on servers and/or computers of your communication partners. Above all this is useful if the addressees of your E-mails are using web accounts which are never deleted, like GoogleMail. At least the E-mail provider can trace your communication then. Therefore, act as follows:

  1. Set up an E-mail account (account A) in order to receive E-mails (do NOT use Hushmail now, as otherwise Hushmail would be able to observe your long-term communication, which is just what we want to prevent).
  2. Access account A regularly via JonDo using your E-mail program or your browser.
  3. Set up a new Hushmail account (account B) for every addressee who is sending you an E-mail to account A. You may now access this account via JonDo as well, as long as you need it.
  4. Answer the addressee only via account B. He is getting now a link. If he is clicking on it, he may write you back directly using the Hushmail web site (HTTPS-encrypted).
  5. Account B will be deleted automatically if you are not accessing it for three weeks. With it your communication is gone as well, unless your addressee has saved or printed the Hushmail web sites.

If your conversation partner is also using Hushmail, however, he keeps your messages. You should encrypt your messages using GPG additionally in order to make the access of a third party more difficult. Using the Firefox add-on FireGPG you can do the encryption and decryption in your Browser (unfortunately the developer of this add-on does not update it any more, it may became incompatible with Firefox 4). For OpenPGP encryption in webforms you may use the tools gpg4usb or Portable PGP for encryption and decryption. You have to use the clipboard to copy & paste the chiffre to the webform.

Webmail providers: Security and Privacy

JonDos recommendation for trusted mail providers you may find in our online help together with a tutorial How to use Mozilla Thunderbird with JonDonym. It is more comfortable and for JonDonym premium users less expensive to use an email client rather than the overloaded webinterfaces of some mail providers.

Provides a personal E-mail address, requires registration, most services also personal data. Most of them need cookies to login, as well as they do use JavaScript, but still work without too, with some minor or bigger limitations and annoyances. Even if the server pressures you to enable JS or "upgrade your browser", it may be able to work without. To use your account without JS make sure to always login with JS off, otherwise the server, when it finds JS available at one time, may switch into a JS-friendly mode that is difficult to get rid off again. Also it is possible that a service will require JavaScript on registration only (abuse prevention), but later work without. List of services (without pointing privacy issues): TheFreeCountry Forum thread: 4306 (German).

Yahoo

  • Only reading of emails is HTTPS encrypted. You will send emails without HTTPS encryption.
  • One of the earliest providers
  • Cookies: required
  • Javascript for yahoo.com and yimg.com required, additional for yahooapis.com for some functions.

GMail

  • All messages (incoming and outgoing) are indexed by Google. Informations from indexing are connected with other collected informations (search engine usage, websites with Google ads visited by the user....)
  • Deleted emails are not removed from the server, only marked as not visible.
  • Cookies: required (enable before login and disable and clear after logout, don't use Google search while logged in)
  • JS: not needed
  • Referrer: compatible with JonDoFox
  • Last test: 2010-02
  • Forum threads: 5002 (German)

Google cooperates with the CIA in the Future of Web Monitoring. The Electronic Privacy Information Center (EPIC) tries to get informations about a Google/NSA partnership, but did not get an answer.

GMX.de

  • Registration only possible with German IP address.
  • Only the Login process is / can be secured by HTTPS. Using the web interface you will send and read messages not HTTPS secured. The exit mix and all other serves behind the exit mix can read you communication, if no anonymization is used, even your Internet access provider can. POP3 and SMTP with your mail client can secured by TLS.
  • German language only, E-mail only for people living in Germany, Austria or Switzerland
  • JS: not needed
  • Cookies: in the past not needed (still true???)
  • Trouble with the standard SSL login, need to use non-SSL (persists or fixed???)
  • Last test: 2009
  • Forum thread: 5088 (German)

Web.de

  • Registration only possible with German IP address.
  • German language only, E-mail only for people living in Germany, Austria or Switzerland
  • Also web search and news portal (posting comments and viewing videos do need JS)
  • Cookies: required
  • Works with Firefox, but not Opera (?)
  • JS: Pressures the user to enable ("your browser is not supported"), but works mostly, still not fully, without
  • Access blocked from some free JonDo cascades (?)
  • Free of cost as long as it works for you, support is only by phone, 3 Euro/min
  • Last test: 2011-10

See also

More: Other_use_cases

Personal tools