Use cases

From JonDonym Wiki
Revision as of 10:50, 3 February 2011 by Geko (Talk | contribs)
Jump to: navigation, search

En2.png De2.png


Use cases for anonymous E-mail communication

If you are using one and the same address more then once in order to send or receive your E-mail, you are "creating" an identity with it. In the following you will find notes about web mail services as well as some web services designed to improve your privacy.

Remailer - Sending E-mails from disposable addresses

If you want to send E-mails, but do not want to reveal your identity to the addressee or a third party, the best thing is using an anon remailer. Some mixmaster remailer offer a web interface. If the addressee has a contact form on his web-site, of course, you may use rather that one.

  • (browser must accept IFrames, attachments no longer supported)
  • Cotse

Temporary E-mail accounts

If you are registering on web-forums you often have to leave an E-mail address in order to get a confirmation. If you do not want to use your own E-mail address for it, you may use rather one of the following temporary accounts.

  • Anonbox provided by Chaos Computer Club (account will be deleted at the next day 24:00, passwort protection). uses a SSL certificate signed by Because this CA is not trusted by default by all webbrowser you have to verify the fingerprint of the certificate.
SHA1: 91:28:CE:0A:01:1B:98:D0:AC:05:DC:1F:1D:CE:81:D3:06:6C:9A:F8
  • 10 Minute Mail (only for 10 minutes, prolongable in steps of 10 minutes, needs Cookies and Javascript). For using 10MinuteMail you have to open the website of 10MinuteMail first. Enable Cookies and Javascript for this service. You will see your temporary mail address. Do not close this site! Open a new browser tab and go to the forum or blog you need a registration. Fill the registration form and use the e-amil address form 10MinuteMail. Go back to the 10MinuteMail browser tab and wait for the confirmation message. Mostly you have to click on a link to finish the confirmation process.

The Firefox add-on Bloody Vikings simplifies the using using of and 10minutemail.

Hint: If your password was lost. there is now way to get a new password from the forum or blog for your account because the mail address is not valid any more.

Receiving E-mails to disposable addresses

You can use addresses from this PO boxes without any registration. The messages are stored for 6...12 hours and automatically deleted afterwards. You can read incoming messages in the webinterface of the provider. There is no password protection and (mostly) no way to delete messages manually. Everybody, who knows the pseudonym, can read the incoming messages. Be carefully.

Pseudonymous inboxes for whistle-blowers

Journalists, bloggers and other whistle-blowers may use the PrivacyBox. After registration you will get a contact form (web page). Incoming messages may forwarded to an external e-mail account, I2P mail account or you can fetch it with your mail client using the POP3-SSL postbox.

E-mail accounts in one minute

There are many E-mail provider that allow you to set up a new account very quickly if required. Choose an E-mail address of the form anonymous1234abcd@provider.tld, that is "anonymous" + numbers + letters. If all JonDo users create addresses of this form, they are much less distinguishable. Please be aware that you do never access these accounts without using JonDo because otherwise your IP address is being revealed. Please note that almost all of these services need cookies for login.

  • Hushmail (HTTPS/POP with SSL; needs JavaScript)
  • Secure - (Anonymous and data retention free mail accounts.)
  • SafeMail (HTTPS/POP with SSL; usable without JavaScript if you are choosing "User-Interface-NoScripts" below the password while logging in. A login history is saved. )
  • VFEmail (HTTPS/POP with SSL, you need a disposable address for registration)
  • HotPop (no HTTPS; POP with SSL; only 8 character passwords; choose random answers on questions about personality)
  • Gawab (no HTTPS; POP with SSL you need to allow JavaScript for Gawab and Recaptcha for signup)
  • (Anonymous e-mail accounts for 100 Bitcoins per month.)
  • Bordermail (no JavaScript, but also no HTTPS/POP)
  • Breakthru (no cookies, no JavaScript, but also no HTTPS/POP)

The JonDo help contains a short tutorial for using Mozilla Thunderbird with JonDonym.

Keep your E-mail communication

With Hushmail you can prevent the details of your E-mail communication being left behind on servers and/or computers of your communication partners. Above all this is useful if the addressees of your E-mails are using web accounts which are never deleted, like GoogleMail. At least the E-mail provider can trace your communication then. Therefore, act as follows:

  1. Set up an E-mail account (account A) in order to receive E-mails (do NOT use Hushmail now, as otherwise Hushmail would be able to observe your long-term communication, which is just what we want to prevent).
  2. Access account A regularly via JonDo using your E-mail programm or your browser.
  3. Set up a new Hushmail account (account B) for every addressee who is sending you an E-mail to account A. You may now access this account via JonDo as well, as long as you need it.
  4. Answer the addressee only via account B. He is getting now a link. If he is clicking on it, he may write you back directly using the Hushmail web site (HTTPS-encrypted).
  5. Account B will be deleted automatically if you are not accessing it for three weeks. With it your communication is gone as well, unless your addressee has saved or printed the Hushmail web sites.

If your conversation partner is also using Hushmail, however, he keeps your messages. You should encrypt your messages using GPG additionally in order to make the access of a third party more difficult. Using the Firefox add-on FireGPG you can do the encryption and decryption in your Browser (unfortunately the developer of this add-on does not update it any more, it may became incompatible with Firefox 4). For OpenPGP encryption in webforms you may use the tools gpg4usb or Portable PGP for encryption and decryption. You have to use the clipboard to copy & paste the chiffre to the webform.

Webmail providers: Security and Privacy

JonDos recommendation for trusted mail providers you may find in our online help together with a tutorial How to use Mozilla Thunderbird with JonDonym. It is more comfortable and for JonDonym premium users less expensive to use an email client rather than the overloaded webinterfaces of some mail providers.

Provides a personal E-mail address, requires registration, most services also personal data. Most of them need cookies to login, as well as they do use JavaScript, but still work without too, with some minor or bigger limitations and annoyances. Even if the server pressures you to enable JS or "upgrade your browser", it may be able to work without. To use your account without JS make sure to always login with JS off, otherwise the server, when it finds JS available at one time, may switch into a JS-friendly mode that is difficult to get rid off again. Also it is possible that a service will require JavaScript on registration only (abuse prevention), but later work without. List of services (without pointing privacy issues): TheFreeCountry Forum thread: 4306 (German).


  • Only reading of emails is HTTPS encrypted. You will send emails without HTTPS encryption.
  • One of the earliest providers
  • JS: not needed
  • Cookies: ???
  • Referrer: ???
  • Forum thread: 4826 (German)


  • All messages (incoming and outgoing) are indexed by Google. Informations from indexing are connected with other collected informations (search engine usage, websites with Google ads visited by the user....)
  • Deleted emails are not removed from the server, only marked as not visible.
  • Cookies: required (enable before login and disable and clear after logout, don't use Google search while logged in)
  • JS: not needed
  • Referrer: compatible with JonDoFox
  • Last test: 2010-02
  • Forum threads: 5002 (German) 5007 (German)

Google cooperates with the CIA in the Future of Web Monitoring. The Electronic Privacy Information Center (EPIC) tries to get informations about a Google/NSA partnership, but did not get an answer.

  • Only the Login process is / can be secured by HTTPS. Using the web interface you will send and read messages not HTTPS secured. The exit mix and all other serves behind the exit mix can read you communication, if no anonymization is used, even your Internet access provider can. POP3 and SMTP with your mail client can secured by TLS.
  • German language only, E-mail only for people living in Germany, Austria or Switzerland
  • JS: not needed
  • Cookies: in the past not needed (still true???)
  • Trouble with the standard SSL login, need to use non-SSL (persists or fixed???)
  • Last test: 2009
  • Forum thread: 5088 (German)

  • German language only, E-mail only for people living in Germany, Austria or Switzerland
  • Also web search and news portal (posting comments and viewing videos do need JS)
  • Cookies: required
  • Works with Firefox, but not Opera (?)
  • JS: Pressures the user to enable, but works mostly, still not fully, without
  • Free as long as it works for you, support is only by phone, 3 Euro/min
  • Last test: 2010-03

See also

More: Other_use_cases

Personal tools