Tuesday, April 24, 2007

Email Issues and Security

There is an excellent post by Viviane over on the Carnival about a security problem with gmail. Please go read it, if you haven't already. Then come back and read this no matter what email client you use.

Most of us have more than one email account. At a minimum, I would guess that most bloggers have three: one for blogging, one for work, one for personal non-work/non-blog email. Most people probably have a "throw away" spam account also, used for registering for newspapers and the like online in order to manage the inevitable spam. In reality we probably all have more than that. Sexbloggers might also have a vanilla blog, many people might have a myspace or facebook page, plus we all have many old work or school email accounts.

Most of us know the usual advice about maintaining your anonymity while blogging: use an email address that you don't use for anything apart from blogging, one which isn't tied to your identity in any way.

But it's a huge pain to be logging in and out of multiple accounts all day long. It simply isn't feasible for most of us. So most of us probably set up our accounts to forward all email to a single account.

The specific problem Viviane has written about has to do with Google Mail. You can avoid that problem if you never enable the Google Mail function that allows you to reply "from" a different address. Always reply only from the address that the email was sent to--even if you use one account to read all your email.

This advice however is about email in general. Setting up a separate email account is not enough to maintain your anonymity. You need to avoid tying your blogging email to anything at all that connects with your offline identity, no matter how slight. This means never using that address for anything but blogging or things you are happy to have tied to your blog. Don't use it to comment on message boards, or to write amazon reviews, or for your flickr or photobucket account (if that also has non-blog things in it), or to register for your local newspaper online. Remember that email addresses are googleable, just like names are googleable. Don't use your blogging address for anything you wouldn't want people reading your blog to know about you, and don't ever use it in places where you would not want people reading it to also read your blog.

I have a friend who once responded to an anonymous harassing email from his own anonymous account. In about 30 seconds his anonymous harasser had googled his email address and found a review he had left on amazon 6 years ago which he had signed with his full name and his location. He had forgotten all about it, (and so had amazon; the information was available on the google cache page of an amazon site that wasn't even in english!)--but the internet has a memory.

The best advice I can give is to treat all your email accounts as though the 'worst case scenario' were to happen. Imagine someone hacked your email account. What would they know about you? Do you have forwarded emails from work or family in there, emails that would reveal your name?

The safest thing to do is to keep all your accounts separate. Delete everything incoming to your 'reading account' that wasn't addressed to it specifically. If you have mail auto-forwarded to a single account, never answer an email from anywhere but where it was addressed to.
Don't tie your accounts together by enabling any sort of "reply from" feature, even if you think doing so will only affect your email account. This recent problem with google mail shows that it's worth the extra time to login and logout of your various accounts in order to answer email. It's very annoying, but in this as in other internet security measures it's better to be safe than sorry.

Be safe,

cheers
O

9 Comments:

Blogger ArtfulDodger Had this to say...

An excellent "word to the wise", thanks or posting this O.

5:42 AM  
Anonymous Anonymous Had this to say...

*sigh* What a pain. So glad you guys have written about this. Thank you dear O.

5:56 AM  
Blogger Al Sensu Had this to say...

Agreed. And even with all thge precautions, those of us who are anonymous must prepare for the day we are outed. Here's an example of how it could have happened to me but didn't yet: As you know, when you send email or comments your IP address can be seen. That does identify where you are, but not who you are. Well, I once receievd a reply to a comment and in the metadata that was attached to my comment (thought not displayed on the blog) was a domain that I own. It is not hosted on my computer, and is not related to any email address I use. If anyone understands how this can happen, please share the info.

10:30 AM  
Blogger Viviane Had this to say...

Thanks for posting about this, O.

I think it's a good idea to egosurf, check your emails or logins, and see where they are showing up.

12:02 PM  
Blogger Redhead Fae Had this to say...

A) great info, thank you
B) damn, didn't know that link was NSFW

I'll be changing my accts now.

8:43 AM  
Blogger Naughty Girl xx Had this to say...

Wow, just checked out the resources under the SIC buttons!! Thanks so much for providing this info!! Really helpful - I'm new around here, so it's great to find info like this! xx

1:34 PM  
Anonymous Anonymous Had this to say...

Nice story as for me. I'd like to read more about that topic.
By the way look at the design I've made myself High class escort

9:11 AM  
Blogger Alexis Had this to say...

Yesterday I opened my OE and was amazed,because of some of my emails were lost no one knew how. I entered the Google and observed there a lot of tools,but no one of its couldn't help me. Luckily for me unexpectedly my friend called me up and advised - problems outlook express. To my great surprise the software solved my problem for a minute and without payment as I bore in mind. It helped my friend quite rapidly and he thanked me a lot.

4:19 AM  
Blogger electroncarl Had this to say...

Please like & Share this Facebook page with your friends to raise awareness about impending threats to our freedom of the internet and speech with CISPA, Secure IT & Precise Act.


http://www.facebook.com/pages/Stop-Internet-Censorship/351728308225116

6:19 PM  

Post a Comment

<< Home