How to combine business with pleasure (anonymity and privacy) in email
In this topic, I would like to give a short summary of how to set up a relatively anonymous and relatively private email correspondence system. Surely most of you will be aware of at least some points from what is written below, I just tried to “put the whole thing together.”
Just want to say about the word “relatively” in the first paragraph: no one can give absolute / protection / reliability / security in this world. You can pick up a keylogger, the police and special services absolutely free and democratic can for quite legitimate reasons insert “scutes” into the computer if you are suspected of serious crimes, etc.
If interested, then I ask under the cat.
1. Set up access to the Tor Network. There are several different packages that use the Tor - Tor Browser Bundle, Whonix, Tails, etc. You can argue for a long time which one is better, I chose Whonix .
')
And here's why: Whonix is ​​implemented as two Virtual Box virtual machines: Gateway, which wraps all traffic to Thor and Workstation, which can only talk with its gateway. This means, firstly, that any program on workstation by default works through Tor (at least in theory), and secondly, if you use javascript in the browser, then in case of a critical vulnerability (such as the one that occurred a few months ago) only virtual workstation will be “deanonymized” and the attacker will receive “very valuable” information such as IP 192.168.0.1 and Mac address 02: 00: 01: 01: 01: 01
I repeat, nobody gives a 100% guarantee, but it is still better than nothing.
2. So, we installed Whonix, now some additional sweets that we will need at the Workstation (hereinafter, if not specified separately, under the Workstation is meant the Whonix Workstation Virtual Box).
- Add the necessary keyboard layout (Zimbabwean, Guatemalan, North Korean, etc.): Start menu button -> Applications -> Settings -> System Settings -> input devices -> layout -> add yours and remove default one -> apply -> Done
- Optional step: Add Guest Addition. This step potentially reduces the security of Whonix-a, but it is very convenient to copy-paste from the main computer to the virtual machine and vice versa and work on the big screen.
sudo apt-get update && upt-get dist-upgrade
sudo apt-get install --no-install-recommends virtualbox-guest-dkms virtualbox-guest-utils
sudo apt-get install virtualbox-guest-x11
sudo init 6
Workstation reboot is required, as you can see. Default password: 'changeme' (without quotes)
- Install icedove email client - Thunderbird clone
sudo apt-get install icedove
- Install the enigmail extension for icedove
sudo apt-get install enigmail
- Chromium does not hurt (although not necessarily, just in case)
sudo apt-get install chromium-browser chromium-browser-l10n
- Undefined firefox, which in Whonix is ​​called iceweasel, also does not hurt, although, as in the case of Chromium, it is not necessary
sudo apt-get install iceweasel
The last two steps do not greatly reduce the level of security, because all traffic is wrapped in Thor via the Whonix gateway. However, use these browsers only when the main Tor Browser is for some reason not suitable. In principle, the standard Tor Browser included in Whonix should suffice, but if you cannot live without some extension, for example, Chromium or Iceweasel is at your service, do not forget to add 127.0.0.1:9150 to the network settings iceweasel just in case SOCKS proxy a for Chromium - - proxy-server = "127.0.0.1:9150" in the launch settings (in the terminal or shortcut settings). I still do not understand why this is necessary, and everything seems to work fine without these settings. Well, enable anonymous mode if you do not want to save cookies, history, temp files.
- Register an email account that meets the following conditions:
but. Registration / login via https
b. There is support for SMTP and IMAP / POP3
c. It is desirable that the email header-ah does not specify the IP address of the sender. Even if the address of the node of Torah is indicated there, then you do not need it. I can recommend openmailbox.org for this purpose. At least, when I checked the last time, the address was not indicated there.
Do not forget to enable JavaScript in the Tor Browser-e during registration - otherwise the registration is unlikely to work out. Usually the inclusion of javaScript is considered a dangerous moment, but in this case, as I already wrote, it does not look like a big problem due to the two-level implementation of Whonix.
- Create an appropriate account in icedove
- In icedove:
OpenPGP -> Key management -> Generate OpenPGP Key generate a pair of private-public pgp key
Account Settings -> Open PGP Security: set the key for the account and tick the appropriate places
Import the public keys of recipients: OpenPGP -> Key management -> File -> Import
- Done! Now you can send photos of cats to your beloved girl completely anonymously and privately - no one but you and your girlfriend will see these cats.
Or, as part of testing, you can send me: gpgtest@openmailbox.org
Public key:
----- BEGIN PGP PUBLIC KEY BLOCK -----
mQENBFPe01kBCADOsHAro2aaoo / NaTDQLggVtzidXKWVOnBF51WC + DuunOSunvlE
qg0EK5aOJrZYMABpVQpG6uxRW8vV2sUL7kQP78D + JpCxFmCk3T5J0y3l8vyK0l / j
ZYAg7f6YUuL7Tnn7r74dDTPkXz4Ca1xGZOzaPWfY / v / weHzUoLTCD26Rxu + 8u / pI
3BZPnrDBYzZso5RdNC65wvTg4dc0By9ujDlb76fpfs9zUEs5gaVHYRRIMu / deHwU
Piu9DYkdQEzhH80 / hSocBYqIrsESck4TFzLpvqH9QfOSaFhVgIkzHORA + 6H68pOX
Y8FAhlHC7C7pQo3RO3zBlD3 + c0L0P1EREMajABEBAAG0IkdwZyBUZXN0IDxncGd0
ZXN0QG9wZW5tYWlsYm94Lm9yZz6JAT0EEwEKACcFAlPe01kCGyMFCQlmAYAFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ1a0RRffjWoYO8wgAhO4CQUesD7EoCvPw
LTPY9Mc3p0zjrxcC8nJiqEdqA6vMRadqyQuExlfSZ3duiT9qCIXndb2bxwiC4F6q
SvrYuW1H5n2dtHmwNurgHPlAZVkLxRuYBInQU9x3wh2uBtSCeLHJlKFtixsKb + ZC
wGepu9Rev7xFFby5mfJ / gV7nPSHN8hvubdO88TezINN0mqxOzRYusE3vG1seOh78
bYiDLvWp6jSdrmD8Yvd75nBtt8EOHqP3IQ9 / y9k8CA5ujzX59qh5vcA7Al7xaSmp
xTze / ​​YEBfPBUyshKCs9V5cacvfAfk0KzoD9NO / yUVrTvxtEal7wBTWvfzQRQWJpc
yz / H37kBDQRT3tNZAQgA5e40XSpCU2iJpKv0ei / xVrJO / Bs6D7x08tjIFrOLcHJT
wLB3BiNnQVd5ZYUsIP4yBFUhx526XutXdL3Ic5aUFlDCboQ9m9s0IqNOQ0KCzsx5
Sdt3oixySw98sxoamu2 + 4pcYt86CoINafzVnhZfstMkb9CFUHfuJPhr / hrC9raMO
7V0JWmQQ3xXLYV1 + yxbiEUHY / 8OADWDFShQpEwdLqpTOnTail3ThzQ / a3wNiy833
ryZnra / LWfb0wSGFb0nXH5HdclUt0BWcF + aoFxlVgc0i8PQrL3VBZWx9OsvXx3eV
wWkoNN4WwdNheBbHknJXpC4L843B / NZ + dVgWmfM3FQARAQABiQElBBgBCgAPBQJT
3tNZAhsMBQkJZgGAAAoJENWtEUX341qG9PwH / 3LdIhK20NB5qiVVmtfKU8GLYEbT
x4diZIPYqqvululueWhQwwwoT + hNiNGfAIaGBjkz0 / cDNT9sZDraXkEkOlv73tG4
3P / bl4bmi0HOEG0yQtQxRfJy7bcdi5rpdzFQHWqjPKa8puA6U1MZ7q3h4DF9zBjn
ua9IwGMk2HhE / 7anupL12EGV2p3k4ZfwNzFljzdpg5 + QBG9ke16Coz81KBf4BD + c
iNf95DWj4MnghiTqLwXMmLkDSoOaCZUnqgO + 5ohYIYuvHt6ETsb0n9GfvyHYpd + t
ILjNnuwcEM0lFCa7uTxubW8 / vzVZbY2SmT68EzN7K / 5bwBZZNOpEZvTNLhw =
= eyg /
----- END PGP PUBLIC KEY BLOCK -----
Just want to say about the word “relatively” in the first paragraph: no one can give absolute / protection / reliability / security in this world. You can pick up a keylogger, the police and special services absolutely free and democratic can for quite legitimate reasons insert “scutes” into the computer if you are suspected of serious crimes, etc.
If interested, then I ask under the cat.
1. Set up access to the Tor Network. There are several different packages that use the Tor - Tor Browser Bundle, Whonix, Tails, etc. You can argue for a long time which one is better, I chose Whonix .
')
And here's why: Whonix is ​​implemented as two Virtual Box virtual machines: Gateway, which wraps all traffic to Thor and Workstation, which can only talk with its gateway. This means, firstly, that any program on workstation by default works through Tor (at least in theory), and secondly, if you use javascript in the browser, then in case of a critical vulnerability (such as the one that occurred a few months ago) only virtual workstation will be “deanonymized” and the attacker will receive “very valuable” information such as IP 192.168.0.1 and Mac address 02: 00: 01: 01: 01: 01
I repeat, nobody gives a 100% guarantee, but it is still better than nothing.
2. So, we installed Whonix, now some additional sweets that we will need at the Workstation (hereinafter, if not specified separately, under the Workstation is meant the Whonix Workstation Virtual Box).
- Add the necessary keyboard layout (Zimbabwean, Guatemalan, North Korean, etc.): Start menu button -> Applications -> Settings -> System Settings -> input devices -> layout -> add yours and remove default one -> apply -> Done
- Optional step: Add Guest Addition. This step potentially reduces the security of Whonix-a, but it is very convenient to copy-paste from the main computer to the virtual machine and vice versa and work on the big screen.
sudo apt-get update && upt-get dist-upgrade
sudo apt-get install --no-install-recommends virtualbox-guest-dkms virtualbox-guest-utils
sudo apt-get install virtualbox-guest-x11
sudo init 6
Workstation reboot is required, as you can see. Default password: 'changeme' (without quotes)
- Install icedove email client - Thunderbird clone
sudo apt-get install icedove
- Install the enigmail extension for icedove
sudo apt-get install enigmail
- Chromium does not hurt (although not necessarily, just in case)
sudo apt-get install chromium-browser chromium-browser-l10n
- Undefined firefox, which in Whonix is ​​called iceweasel, also does not hurt, although, as in the case of Chromium, it is not necessary
sudo apt-get install iceweasel
The last two steps do not greatly reduce the level of security, because all traffic is wrapped in Thor via the Whonix gateway. However, use these browsers only when the main Tor Browser is for some reason not suitable. In principle, the standard Tor Browser included in Whonix should suffice, but if you cannot live without some extension, for example, Chromium or Iceweasel is at your service, do not forget to add 127.0.0.1:9150 to the network settings iceweasel just in case SOCKS proxy a for Chromium - - proxy-server = "127.0.0.1:9150" in the launch settings (in the terminal or shortcut settings). I still do not understand why this is necessary, and everything seems to work fine without these settings. Well, enable anonymous mode if you do not want to save cookies, history, temp files.
- Register an email account that meets the following conditions:
but. Registration / login via https
b. There is support for SMTP and IMAP / POP3
c. It is desirable that the email header-ah does not specify the IP address of the sender. Even if the address of the node of Torah is indicated there, then you do not need it. I can recommend openmailbox.org for this purpose. At least, when I checked the last time, the address was not indicated there.
Do not forget to enable JavaScript in the Tor Browser-e during registration - otherwise the registration is unlikely to work out. Usually the inclusion of javaScript is considered a dangerous moment, but in this case, as I already wrote, it does not look like a big problem due to the two-level implementation of Whonix.
- Create an appropriate account in icedove
- In icedove:
OpenPGP -> Key management -> Generate OpenPGP Key generate a pair of private-public pgp key
Account Settings -> Open PGP Security: set the key for the account and tick the appropriate places
Import the public keys of recipients: OpenPGP -> Key management -> File -> Import
- Done! Now you can send photos of cats to your beloved girl completely anonymously and privately - no one but you and your girlfriend will see these cats.
Or, as part of testing, you can send me: gpgtest@openmailbox.org
Public key:
----- BEGIN PGP PUBLIC KEY BLOCK -----
mQENBFPe01kBCADOsHAro2aaoo / NaTDQLggVtzidXKWVOnBF51WC + DuunOSunvlE
qg0EK5aOJrZYMABpVQpG6uxRW8vV2sUL7kQP78D + JpCxFmCk3T5J0y3l8vyK0l / j
ZYAg7f6YUuL7Tnn7r74dDTPkXz4Ca1xGZOzaPWfY / v / weHzUoLTCD26Rxu + 8u / pI
3BZPnrDBYzZso5RdNC65wvTg4dc0By9ujDlb76fpfs9zUEs5gaVHYRRIMu / deHwU
Piu9DYkdQEzhH80 / hSocBYqIrsESck4TFzLpvqH9QfOSaFhVgIkzHORA + 6H68pOX
Y8FAhlHC7C7pQo3RO3zBlD3 + c0L0P1EREMajABEBAAG0IkdwZyBUZXN0IDxncGd0
ZXN0QG9wZW5tYWlsYm94Lm9yZz6JAT0EEwEKACcFAlPe01kCGyMFCQlmAYAFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ1a0RRffjWoYO8wgAhO4CQUesD7EoCvPw
LTPY9Mc3p0zjrxcC8nJiqEdqA6vMRadqyQuExlfSZ3duiT9qCIXndb2bxwiC4F6q
SvrYuW1H5n2dtHmwNurgHPlAZVkLxRuYBInQU9x3wh2uBtSCeLHJlKFtixsKb + ZC
wGepu9Rev7xFFby5mfJ / gV7nPSHN8hvubdO88TezINN0mqxOzRYusE3vG1seOh78
bYiDLvWp6jSdrmD8Yvd75nBtt8EOHqP3IQ9 / y9k8CA5ujzX59qh5vcA7Al7xaSmp
xTze / ​​YEBfPBUyshKCs9V5cacvfAfk0KzoD9NO / yUVrTvxtEal7wBTWvfzQRQWJpc
yz / H37kBDQRT3tNZAQgA5e40XSpCU2iJpKv0ei / xVrJO / Bs6D7x08tjIFrOLcHJT
wLB3BiNnQVd5ZYUsIP4yBFUhx526XutXdL3Ic5aUFlDCboQ9m9s0IqNOQ0KCzsx5
Sdt3oixySw98sxoamu2 + 4pcYt86CoINafzVnhZfstMkb9CFUHfuJPhr / hrC9raMO
7V0JWmQQ3xXLYV1 + yxbiEUHY / 8OADWDFShQpEwdLqpTOnTail3ThzQ / a3wNiy833
ryZnra / LWfb0wSGFb0nXH5HdclUt0BWcF + aoFxlVgc0i8PQrL3VBZWx9OsvXx3eV
wWkoNN4WwdNheBbHknJXpC4L843B / NZ + dVgWmfM3FQARAQABiQElBBgBCgAPBQJT
3tNZAhsMBQkJZgGAAAoJENWtEUX341qG9PwH / 3LdIhK20NB5qiVVmtfKU8GLYEbT
x4diZIPYqqvululueWhQwwwoT + hNiNGfAIaGBjkz0 / cDNT9sZDraXkEkOlv73tG4
3P / bl4bmi0HOEG0yQtQxRfJy7bcdi5rpdzFQHWqjPKa8puA6U1MZ7q3h4DF9zBjn
ua9IwGMk2HhE / 7anupL12EGV2p3k4ZfwNzFljzdpg5 + QBG9ke16Coz81KBf4BD + c
iNf95DWj4MnghiTqLwXMmLkDSoOaCZUnqgO + 5ohYIYuvHt6ETsb0n9GfvyHYpd + t
ILjNnuwcEM0lFCa7uTxubW8 / vzVZbY2SmT68EzN7K / 5bwBZZNOpEZvTNLhw =
= eyg /
----- END PGP PUBLIC KEY BLOCK -----
Source: https://habr.com/ru/post/232053/
All Articles