email and uploading privacy questions

2 years ago
Let me be clear:
I don't need the messages themselves to be encrypted and unreadable. I just want to know my IP address or other data can't be linked to myself.

I can create an email address on say Microsoft Outlook (or others that don't require a phone number) from the TOR browser. If people send me emails to this address, and I only check it through TOR, is it possible to find out information about me (besides the content of my messages?). It seems to be this should be impossible.

If I host files on one of the many file hosting sites, again, only accessing and uploading through TOR, and someone downloads my files - Can they ever trace anything back to me? This also seems impossible.


2 years ago
Yes, if you can set up an email account through Tor without providing identifying information, and you only access it through Tor, you're safe.

Same story on the file thing, with one addition: You must also make sure the files themselves do not contain anything that could identify you. I guess that's obvious, but it needs to be said. Files such as JEPG images and MS Word documents contain metadata. This is of course mainly a concern if you created or edited the files yourself. If they came from a third party and you pass them on unmodified then of course they can't have your information in them.

2 years ago

I was also told that I need to do the following with TOR for more security. Is this necessary and in particular, when uploading files as I describe, would not doing the following mean my IP address, etc could be traced? I suspect the TOR browser by default is secure enough and that these steps are overkill.

Click the S then click "options" Therein you will see some tabs in the popup "Embeddings" and check "Forbid Java" "Forbid Adobe Flash" "Forbid other Plugins" "Forbid IFRAME"
Then Click "Ok"

Once you have done this..then at the Top Left you will see an Orange button with the words "TorBrowser"
Click "Options" then click "Content" Now..therein you will see a box next to "Enable Javascript" UNCHECK that Box. Then Click "Ok"

DAlso...Don't Forget to Click the "Forbid Scripts Globally" after clicking on the S ..... (That was a Good Catch @ ManInTheMirror, Thank You)a

2 years ago
Most of that does sound like overkill. Torbrowser should already block Java, Flash etc, and I'm not aware of any particular danger from iframes. But unless you you have extra layers of protection, like Tails or Whonix, I do think it's a really good idea to use "Forbid scripts globally", which disables Javascript. Javascript (not to be confused with Java) is theoretically safe, but it still gives a potential attacker a huge list of additional tricks they can try against you.

In other words, leaving scripts allowed won't let someone see your IP Address directly, but it leaves you more vulnerable to hacking which could in turn reveal your IP Address, among other things. Unfortunately blocking Javascript will also make many websites unusable.


You are not logged in. Login or register to reply on this thread.