Tuesday, April 24, 2007

Email Issues and Security

There is an excellent post by Viviane over on the Carnival about a security problem with gmail. Please go read it, if you haven't already. Then come back and read this no matter what email client you use.

Most of us have more than one email account. At a minimum, I would guess that most bloggers have three: one for blogging, one for work, one for personal non-work/non-blog email. Most people probably have a "throw away" spam account also, used for registering for newspapers and the like online in order to manage the inevitable spam. In reality we probably all have more than that. Sexbloggers might also have a vanilla blog, many people might have a myspace or facebook page, plus we all have many old work or school email accounts.

Most of us know the usual advice about maintaining your anonymity while blogging: use an email address that you don't use for anything apart from blogging, one which isn't tied to your identity in any way.

But it's a huge pain to be logging in and out of multiple accounts all day long. It simply isn't feasible for most of us. So most of us probably set up our accounts to forward all email to a single account.

The specific problem Viviane has written about has to do with Google Mail. You can avoid that problem if you never enable the Google Mail function that allows you to reply "from" a different address. Always reply only from the address that the email was sent to--even if you use one account to read all your email.

This advice however is about email in general. Setting up a separate email account is not enough to maintain your anonymity. You need to avoid tying your blogging email to anything at all that connects with your offline identity, no matter how slight. This means never using that address for anything but blogging or things you are happy to have tied to your blog. Don't use it to comment on message boards, or to write amazon reviews, or for your flickr or photobucket account (if that also has non-blog things in it), or to register for your local newspaper online. Remember that email addresses are googleable, just like names are googleable. Don't use your blogging address for anything you wouldn't want people reading your blog to know about you, and don't ever use it in places where you would not want people reading it to also read your blog.

I have a friend who once responded to an anonymous harassing email from his own anonymous account. In about 30 seconds his anonymous harasser had googled his email address and found a review he had left on amazon 6 years ago which he had signed with his full name and his location. He had forgotten all about it, (and so had amazon; the information was available on the google cache page of an amazon site that wasn't even in english!)--but the internet has a memory.

The best advice I can give is to treat all your email accounts as though the 'worst case scenario' were to happen. Imagine someone hacked your email account. What would they know about you? Do you have forwarded emails from work or family in there, emails that would reveal your name?

The safest thing to do is to keep all your accounts separate. Delete everything incoming to your 'reading account' that wasn't addressed to it specifically. If you have mail auto-forwarded to a single account, never answer an email from anywhere but where it was addressed to.
Don't tie your accounts together by enabling any sort of "reply from" feature, even if you think doing so will only affect your email account. This recent problem with google mail shows that it's worth the extra time to login and logout of your various accounts in order to answer email. It's very annoying, but in this as in other internet security measures it's better to be safe than sorry.

Be safe,

cheers
O