Secure Email
Email is an inherently insecure method of communication, and it’s very easy for people to spy on who you’re communicating with and what you’re saying. Follow the basic tips below if you want your email to be anonymous or encrypted (coded so that only you and the intended recipient can read it).
Anonymous Email
While there are number of ways to send anonymous email, many of them require a certain degree of technical savvy and are best left to those who feel confident and knowledgeable in such areas. Fortunately, there are simpler, if slightly less secure ways. Please keep in mind, though, that email is such an inherently insecure medium that unless you REALLY know what you’re doing, you should never trust your life or freedom to it. There are better ways to send those kinds of messages. These tips are meant for more casual anonymous emailers.
The simplest method is to sign up for a free email account from Hushmail, which does not ask for any personal information when you sign up. Depending on the level of security you require, consider changing accounts frequently (for more information about Hushmail, see “Encrypted Email” below).
Always access an anonymous account through a proxy server (we recommend Tor if you have your own computer), so that your computer’s IP address cannot be detected. Keep in mind, however, that Tor does NOT automatically encrypt your data. Unless you have a secure connection (i.e., it says https:// in your browser’s address bar) NEVER send passwords or other identifying info over a proxy server.
If you must use a public computer, make sure it’s not one that you have to sign into (like on a college network) — someone elsewhere in the network may be peeking at what you are doing, and you don’t want it traced to you personally. Likewise, be aware that if there are cameras in the area were you are working, these may be later used to localize you to a specific computer. Of course, always implement the level of security appropriate to what you are doing — sending a prank email and calling someone a poop head is not likely to get federal agents scanning the security cameras at every Kinko’s within 50 miles of where they think the email came from.
Remember that any email that is meant to be anonymous should not include information in it that makes it easier to identify you, such as your name or location. Also remember that if you want to send an anonymous email to Root Force, you can add extra security by encrypting it (see below).
If you have been sending anonymous email or doing anonymous web browsing at a public computer, always clear the browser’s history, cookies and cache when you’re done. If you don’t know what these terms mean, trust us when we say you want to erase them. If you’re using Firefox as your web browser, simply go to Tools –> Options –> Privacy and select “clear personal data.” Please don’t use Internet Explorer. But if you must, you can delete your cookies, cache and history under Tools –> Options. Other browser setups should be similar.
Encrypted Email
Any email you send is like a postcard — it’s incredibly easy to read for anyone who knows how. Thwart eavesdroppers by using public key encryption. If you have GPG or PGP on your computer, you can send us anonymous email using our public key, here. If you want to be anonymous, remember NOT to sign your message or encrypt it to your own public key.
For those who don’t have their own computers or don’t want to go through the admittedly complex process of learning GPG/PGP, there is thankfully a simpler option: If you create a Hushmail account, you can write us an encrypted email without having to install anything on your computer. Hushmail is an Internet privacy company that offers free email with the capability of encrypting email to PGP and other Hushmail users.
Please note, however, that in the past Hushmail has cooperated with law enforcement investigations, and that you should adjust your expectations of privacy and anonymity accordingly.
To send us an encrypted email, first go to Hushmail’s website and click “Sign up for secure free email.” If you plan on only using this email address this once, you can automatically generate an email address (it will look something like auto168893
hushmail.com). We recommend that you create a new random Hushmail account each time you want to submit something new if you want it to be anonymous. If you plan to keep using the email address and receiving messages at it, you can pick your own login name.
After you create a new Hushmail account, sign in by going to Hushmail’s website, typing your email address in the box on the left side of the screen and clicking “Sign In.” If you are using a free account, it will ask you to upgrade. Click the link to continue without upgrading, and then enter your passphrase.
One you have signed in, at the top of the page click the “Compose” link. Enter rootforceriseup(dot)net in the “To” field, and type your message. Before you send it, click the “Message Options” tab. Make sure “Encrypt Message” is checked.
That’s it! Make sure you click “Quit” on the top of the Hushmail page when you are done to sign out.
To learn more about computer security and how to encrypt your messages, visit http://security.resist.ca and http://help.riseup.net/security.