"Google keeps logs of IP addresses for 18 months, after which they keep logs of three-quarters of the IP address. Three-quarters of an IP address may be still enough to breach your pseudonymity in the case of an FBI investigation."
Contrast this with the explanation from Google's own Privacy FAQ:
"We strike a reasonable balance between the competing pressures we face, such as the privacy of our users, the security of our systems and the need for innovation. We believe anonymizing IP addresses after 9 months and cookies in our search engine logs after 18 months strikes the right balance."
I'm quite surprised to learn that Google equates "anonymizing IP addresses" with "chopping off an octet". I suppose I'm a bit naive.
What does it mean to anonymize the logs?
We will change some of the bits in the IP address in the logs as well as change the cookie
information. We're still developing the precise technical methods and approach to this, but we
believe these changes will be a significant addition to protecting user privacy.
Edit: I think I'm wrong about this.
After Google announced its log retention policy update in 2008, C. Soghoian asked
Google for details about the log sanitization process. He then published the following
response from Google :
After nine months, we will change some of the bits in the IP address in
the logs; after 18 months we remove the last eight bits in the IP address
and change the cookie information (emphasis our own). It is dicult to
guarantee complete anonymization, but we believe these changes will make
it very unlikely users could be identied."
I surprised eff.org didn't even mention tormail.org - this email forces you to use Tor, essentially forcing you to never make mistake of using non-Tor browser.
Add Tor and encryption on top of that and there is almost no chance of government interference, unless you're a terrorist / subversive.
Then they would message each other to go on OTR.
That's all you should send in an e-mail or text message, "go on OTR".
Is that really going to hold up in court? Surely by the same token I could dismiss absolutely everything there is any record of me sending or receiving over HTTP because it could theoretically have been forged or tampered with in transit.
The plausible deniability stuff is probably not that useful in court, as you note.
The standard in most jurisdictions is proof beyond reasonable doubt. I don't think the OTR plausible deniability would be considered reasonable doubt, especially if the content of the messages is corroborated by other evidence.
Do you have an example from actual case law? All I have is Wikipedia:
"Plausible deniability is also a legal concept. It refers to lack of evidence proving an allegation. Standards of proof vary in civil and criminal cases. In civil cases, the standard of proof is "preponderance of the evidence" whereas in a criminal matter, the standard is "beyond a reasonable doubt." If an opponent lacks incontrovertible proof (evidence) of their allegation, one can "plausibly deny" the allegation even though it may be true."
In and of itself, a piece of evidence is plausibly deniable. In the face or corroborating evidence, it may not be.
Alas, however, I do not have an example from actual case law.
EDIT: I knew I had seen some case law sort of related to this before and it was in re Boucher and US v. Fricosu. They are not directly related to "Plausible Deniability", rather they compelled defendents to decrypt their hard drives. Certainly in the Boucher case there was reason to believe that the contents of the drive were incriminating (the file names were the giveaway, I believe) so perhaps this does not fit in to the exact facts we are trying to recreate, but those are the only two cases that relate that I can recall.
I see it used here and on other technical forums in topics like this, but aside from that I've only ever heard of it in political, not legal, contexts.
Any lawyers able to shed light?
FUUUUUU... did they just advocate for people to use Hushmail? The same proprietary, for-profit organization that when contacted by the FBI they present the user with a decoy login screen so they can capture your password in the clear and then decrypt your entire history to hand over to the feds?
Nobody should be using hushmail in 2012, not after multiple court cases that have detailed exactly what hushmail has done for the feds. Hushmail has sold their users out so many times I can't count. It's useless cloud encryption nonsense.
If you really want to send an anonymous email, you use mixmaster, torrified. Period.
If you need a method to be contacted by people who are clueless you then sign up to privacybox.de a free service provided by the German Privacy Foundation and you upload your public PGP key and have it forwarded to a tormail account. Reply through mixmaster encrypted
If you're really paranoid you have mixmaster post encrypted emails to alt.anonymous.messages and skip centralized email servers like tormail all together
This is how send email torrified with Jondo live privacy CD, or just install mixmaster on your own linux/bsd computer and use full disc encryption + pgp.
Screw the EFF after reading that tutorial. It should be burned to the ground and an entire new organization built if this article is their best advice.
It works similar to Bitcon, is decentralized and does not rely on trusted third parties (e.g. for signing).
(run: python2 pybitmessagemain.py)
I run Gliph and am happy to answer questions about the level of anonymity you can achieve if anyone has any.
Your website copy does not inspire confidence in your ability to properly implement cryptography software.
> For us crypto-ignoramuses, what's wrong with what you quoted?
First off, it is very easy to get cryptography wrong. I wouldn't trust most people with being able to implement cryptography software correctly.
Buzzwords like AES and SSL are used to convey a sense of security. Their 256-bit SSL uses AES-256 to encrypt data in transit. While using AES-256 to encrypt a file doesn't mean it is secure. The mode of operation is very important. The following wikipedia page has a picture that was probably encrypted with something like AES-256. I will let you guess what the original picture was.
Another issue not discussed is key management. To encrypt the files with AES-256 they need to have the key. If someone breaks into their server, the server will have the key and the files. It becomes easy to break the security.
Also, the gli.ph https certificate will expire in less than two weeks. You may want to renew.
 - https://en.wikipedia.org/wiki/Mixminion
If you want true security you need to use open products.
They could've also used RetroShare for both encrypted chats and mail, and it should've been pretty anonymous as well since it's P2P. This is not something most people would be willing to do, but for someone like Petraeus, it could've been useful.
For most people using something like Jitsi for encrypted chats and video-calls is much more bearable, although you still have to watch-out where you sign-in from and where you create the account, so you'll probably have to follow the whole Tor browser part EFF mentioned in the beginning, if you want anonymity as well.
* FastMail have their servers in New York City (as well as on Iceland).
* Opera Software do have an office in the US.
I have no idea to what extent that puts FastMail under US juristriction.
(Disclaimer: I work for Opera Software, but not on the FastMail team.)
I think something like the "It's all text!" addon with GPG enabled editor should be reasonably secure.
If you're using Thunderbird or mutt, it's really easy and there are several tutorials out there that will be helpful.
If you're using webmail (particularly Gmail), it's easy to do badly, and I'm not aware of a way to do it properly (short of manually encrypting everthing and copy/pasting it).
Setting up the keys, though, is really easy on Linux: http://www.enigmail.net/documentation/gpgsetup.php#generate
Best to buy your coffee at coffee shop A and do your surfing from near but not in coffee shop B.
Also, if, for instance, you are on a book tour to hype your biography of P4, be aware that, even if you follow WiFi best practices, you will still be leaving a geographic trail that investigators could find very interesting.
Perhaps someone in law enforcement could shed some light on this. After all, I am looking at this from the outside.
For more information:
Accessing your Gmail through Tor and thinking that makes you "anonymous" is just going to tell everyone that you failed at being sneaky.
Thats a great slogan for a T-shirt :).
Oki, for a bit more seriousness... One could in theory create an account on google through tor, verify the account with a burn phone, and be rather unidentifiable. Its just kind of costly, so just bad guys with anonymous cash that can do this and not journalists.
Without the exit nodes, the relay nodes are nothing; just a bunch of people playing hot potato with encrypted data and no one prepared to take the heat by attaching their details to it.
(and i find it frustrating that there's always someone - apparently with no experience - who suggests the very worst when people mention this)
really, this is the height of technical cowardice. searching out exceptions for what is not only a good cause, but one that is statistically safe.
it happens regularly when tor is mentioned. there seems to be a certain kind of person that takes delight in looking for extreme examples to justify their own lack of moral fibre.
Also, it doesn't matter if there's a one in a million chance that running a Tor exit will get you raided for child porn -- the vast majority of people will not take that risk to help others remain anonymous on the internet.
I would be very surprised if you've run a Tor exit node for a considerable period of time without incident, even if it's just abuse notices from your upstream provider.
I don't know about any other country, but you might just consider hosting the tor exit node in a country with more friendly laws and then use a VPN to connect there.
More hassle than it's worth.
I thought the article was about anonymous e-mail. Anonymous as in, nobody can tell who you are, not even the Feds. Anything you paid for with your credit card is probably not going to meet that criterion.
If you have the server at your home sending emails, it will be trivial for law enforcement to figure out where you are and show up at your door with a warrant to sieze your computer.
From what I heard, they encrypt your mail even on their servers.
However what kills the service for me is the need to pay if you don't use it reguralry - and there is no way to pay for hushmail anonymously (read: with bitcoin).
Hushmail complies with validly formed legal requests - to the extent of crafting a backdoored version of their Java software and pushing out to the target user.
Some regions have laws compelling people to make the plaintext available.
Hushmail is useful for secret communications but only if you understand the limits.
Secrecy, privacy, and anonymity are trivially easy to break completely and hard to get right.
Also: isn't a bitcoin transaction really difficult to anonymise, with the global transaction record available to the whole world?
Yes, it is not fully anonymous, but you can make it reasonably anonymous quite easily (infinitely more than any credit card). Just trade it for cash with someone you know in the first place, then send it to MtGox and back, then send it to something similar with online wallet and back, and the result is reasonably anonymous.
Also the default client does what it can to obfuscate all the transactions - with every outgoing transaction, the "change" goes back to you, but at completely different address. This causes that after a few transactions, it's basically untrackable.
Bottom line: Do NOT think bitcoin is safe for your usage until you've done sufficient research to ensure that you're using it the correct way. Bitcoin is NOT private by default, it's up to you to protect the identities behind the transaction endpoints, including nearby txs. If you get bitcoins and then immediately send them to your brother's public address, or launder these only lightly, or use a MtGox address that is linked back to a scan of your driver's license somewhere in the laundering process, or if you buy your bitcoins from your brother and HE doesn't launder very well, or the guy from LocalBitcoins got curious and did a bunch of research before your exchange and the feds contact him because the coins came from an address tied to his identity, or something else like that happens, you are going to get caught if someone is interested in catching you.
It's more complicated than just downloading the client and waiting four days for the blockchain to download. :)
It seems better to think in terms of "anonymous" and "not anonymous", The End.
The police can then trace that hosting account back to me personally from my IP, and then ask me who sent those coins to me. Even if I refuse to tell them, they can still look at my various contacts/friends/family to see if any of them are likely to have committed the original crime, and investigate further.
You can even connect to the bitcoin network via Tor. The risk comes when you spend them. If there's any connection between you and the recipient of those coins, then you're potentially screwed.
Has that ever happened? If there's no way to verify that a transaction was made it would not hold up in court. In the US for stolen property it's possession that's what gets you in trouble. If the cops find you holding a laptop that was stolen the day before it doesn't matter if you paid some guy off Craigslist for it, you're in trouble (at least out your money, but if you can't prove you paid for it you're looking at a felony). What they won't do is investigate everyone in your address book (no probable cause).
A list of reasonable VPN providers is available here:
(If you are using a VPN, you have to be aware that there is a lot of snake oil. Finding a good VPN provider is very difficult, and then purchasing the VPN anonymously is even more difficult.)
Hushmail? Seriously? They have no qualms with cooperating with authorities at the drop of a hat.
Presumably you'd save anything important on a flash drive or something remote.