dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2966

bradleyd
I can't spel
Premium Member
join:2000-10-15
Up yours!

bradleyd

Premium Member

Is Yahoo email anonymous?

A coworker of mine is adamant about using an online email account (such as Yahoo) claiming he is anonymous (more so than with an email client).

What are the facts on this?

Thanks,
Brad

cacroll
Eventually, Prozac becomes normal
Premium Member
join:2002-07-25
Martinez, CA

cacroll

Premium Member

said by bradleyd:

A coworker of mine is adamant about using an online email account (such as Yahoo) claiming he is anonymous (more so than with an email client).

What are the facts on this?

Thanks,
Brad


Does he have a computer with both a browser and an email client installed? Have him email you a test message from each. Look at the headers in each message. Two good tutorials on reading headers:
»www.stopspam.org/email/h ··· ers.html
»www.cs.uu.nl/wais/html/n ··· faq.html (and find "Tracing an e-mail message").

If your computers are behind a NAT router, both the email sent from the client, and from Yahoo, will show the same originating IP address. If you're on a network with public IP addresses (as in a large corporation that doesn't NAT), the Yahoo message will point straight to his computer.

Other than the IP address, you can be anonymous, using Yahoo. But the IP address will point straight to you.
B04
Premium Member
join:2000-10-28

B04 to bradleyd

Premium Member

to bradleyd

Seriously?

Anonymous in what way?

Clearly, he's tied himself to a static e-mail address -- every time he uses it he's making a history in several places: at Yahoo's servers, with every advertising company that served cookies and ads during his session, with every mail server that carried his messages, with every recipient of his messages, and on every computer and web browser from which he accesses his account.

And Yahoo has the ability to record EVERY time he does this, and every IP address from which he does.

And his ISP has the ability to record EVERY time he accesses Yahoo's mail server.

Not to mention that none of his communication is encrypted.

So what's anonymous about it?

The only difference between normal e-mail and what he's doing is that there's no obvious link between fool@yahoo.com and fool@hisisp.com (unless Yahoo also includes originating IP addresses in outbound e-mail, which I think it does). That, and the fact that by using web mail he's creating a long paper trail of identification with Ad Agencies and the other entities I mention above...

Anyone else?

-- B

spamd
Premium Member
join:2001-04-22
Cherry Valley, IL

1 recommendation

spamd to bradleyd

Premium Member

to bradleyd
Not sure what you mean by anonymous but, you can login through https (ssl). This would be more secure than a email client such as outlook, only if the login is not secure. Also note that if a user is using the web based email, you can still read his email through his temp internet files if he doesn't delete them regularly.

sechs
Premium Member
join:2001-07-19
Wrong Coast

sechs to bradleyd

Premium Member

to bradleyd
Yahoo tags e-mails with the source IP address. The receiver can open up the headers and see this.

bradleyd
I can't spel
Premium Member
join:2000-10-15
Up yours!

1 recommendation

bradleyd

Premium Member

thanks all...this is exactly the info I've been trying my best to explain to him (n my own lame way). He's on dial-up and doesn't use a client...although I'm sure he has one installed (ie: Outlook Express).

I've been trying my best to get him to use a firewall, updated AV, etc. with little to no success. He kind of lives in a fantasy world that no one will bother him on dial-up.

Thanks again.

Brad

koma3504
Advocate
Premium Member
join:2004-06-22
Granbury, TX

1 edit

koma3504

Premium Member

said by bradleyd:

I've been trying my best to get him to use a firewall, updated AV, etc. with little to no success. He kind of lives in a fantasy world that no one will bother him on dial-up.

Thanks again.

Brad
True A hacker might not bother because it would be a slow connection.

But He has no protection from all the Bot's,Trojans;
And Millions of Infected Computers that their sole;
Purpose is to infect other machines.
That are floating around.

Reminds me one time when i was working on a gateway.
Although im on dsl the Computer Owner of the gateway.
Was going to be using Dial-up.
As soon as i dial up to internet i got hammerd hard.

Fobulous
Premium Member
join:2002-08-14
Missouri City, TX

1 recommendation

Fobulous to bradleyd

Premium Member

to bradleyd
Ok this is interesting. I did a test from my Yahoo Account and sure enough i was able to see the org ip being traced to my office.

but when i sent an email from Gmail..the only orginal IP is from Google..

jbob
Reach Out and Touch Someone
Premium Member
join:2004-04-26
Little Rock, AR
·Comcast XFINITY
Asus GT-AX6000
Asus RT-AC66U B1

jbob

Premium Member

Yes the originating IP is always shown. That is curious about GMail though. One other thing to try is to go to your web based email site through an ananomous proxy site. That should hide your systems IP address and only the the proxy sites IP addy. Just remember there are always records and even though your IP address might not be shown it is still being logged somewhere. I can be acquired through legal means but is not readily available through normal channels. Even with Gmail, I'll bet your real IP address is logged in the Google system.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to bradleyd

Premium Member

to bradleyd

Re: your friend on dialup

You might let your friend know that I've cleaned two dialup PCs in the last two weeks that were infected with trojans and mailers - one with Sober.q . Awhile back I came across a writeup on a trojan that was specifically tailored to dialup users. Can't recall the name though .

There's a fertile field for backdoor writing identity thieves in the dialup world. So many think they're safe just because they "only dial in".

bradleyd
I can't spel
Premium Member
join:2000-10-15
Up yours!

bradleyd

Premium Member

Re: Is Yahoo email anonymous?

Thanks...I'll pass the info onto him.

Funny thing, he seems really unconcerned with any of it. Just plain disinterested.

Oh, well...I'm trying to get through.

Best,
Brad
B04
Premium Member
join:2000-10-28

B04

Premium Member

said by bradleyd:

Funny thing, he seems really unconcerned with any of it. Just plain disinterested.

Oh, well...I'm trying to get through.
WHY?

-- B

C
@aqualys.net

C to Fobulous

Anon

to Fobulous
Speaking of Yahoo privacy, doesn't Yahoo also know what password you used for your email account? I wonder if Google is the same.

koma3504
Advocate
Premium Member
join:2004-06-22
Granbury, TX

1 edit

koma3504 to bradleyd

Premium Member

to bradleyd
said by bradleyd:

Thanks...I'll pass the info onto him.

Funny thing, he seems really unconcerned with any of it. Just plain disinterested.

Oh, well...I'm trying to get through.

Best,
Brad
People Like that should never be on the internet.
Kinda like my Moto One should have a license to be on the internet.

Much like a hamn operator does.
Drivers license.
Motorcycle license
CDl license to drive Commercially

All these have direct impact on other Citizens.

TechyDad
Premium Member
join:2001-07-13
USA

TechyDad to bradleyd

Premium Member

to bradleyd
On dial up, the risk of infection from a dialer program is much greater. These change your dial-up access number. Often, the altered number is in another country. The user typically won't notice anything (beyond, perhaps, a slower connection speed) until they get their bill and see the huge fees they've racked up.

For broadband users, dialer programs aren't as big an issue unless you have a modem connected to your PC (which I'd guess is the minority of broadband users).

Fobulous
Premium Member
join:2002-08-14
Missouri City, TX

Fobulous to C

Premium Member

to C
said by C:

Speaking of Yahoo privacy, doesn't Yahoo also know what password you used for your email account? I wonder if Google is the same.
if they use a script for their mail server they can, and since they host your mail they can always reset your password, we do email hosting here as well and we have a script that can check the current passwords.

Hall
MVM
join:2000-04-28
Germantown, OH

Hall to bradleyd

MVM

to bradleyd
said by bradleyd:

Funny thing, he seems really unconcerned with any of it. Just plain disinterested.

Oh, well...I'm trying to get through.
Stop wasting your time and efforts... Let him learn the hard way. Eventually you'll get to tell him "I told you so....".

ravencajun
Premium Member
join:2004-08-12
Houston, TX

ravencajun to bradleyd

Premium Member

to bradleyd
I feel trying to educate people is always a good thing and is beneficial to all pc users. The less informed are the ones that get the nasty stuff that then spreads to all. Each person we can educate and help clean up their act will clean up much more than just their pc. Especially those with our names in their addy books!

So congrats on your efforts! Keep up the good work.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to koma3504

Member

to koma3504
said by koma3504:
said by bradleyd:

I've been trying my best to get him to use a firewall, updated AV, etc. with little to no success. He kind of lives in a fantasy world that no one will bother him on dial-up.

Thanks again.

Brad
True A hacker might not bother because it would be a slow connection.

But He has no protection from all the Bot's,Trojans;
And Millions of Infected Computers that their sole;
Purpose is to infect other machines.
That are floating around.

Reminds me one time when i was working on a gateway.
Although im on dsl the Computer Owner of the gateway.
Was going to be using Dial-up.
As soon as i dial up to internet i got hammerd hard.

Dialup dynamic etc ips are no deffence. A script kiddie would use a dial up connection for one of his bots just as fast as a broadband. Basically even though dialup is extreamly slow it can still do damage. Put 20 diaul hosted bots against a 1 meg cable or dsl con and you will at the very least saturate the broadbands connection. 30 dial up bots would probably know the same 1mb con off totaly. Sure they prefer broad band but they will take any they can get. As for dynamic ip that wont make a bit of diffrence. The bot will still go to the irc chanel and wait for the orders.
Nanaki

Nanaki (banned) to C

Member

to C
said by C:

Speaking of Yahoo privacy, doesn't Yahoo also know what password you used for your email account? I wonder if Google is the same.
Nope they sure dont. Can they get it if needed probably so.Would they do it not very likly.
Nanaki

Nanaki (banned) to TechyDad

Member

to TechyDad
said by TechyDad:

On dial up, the risk of infection from a dialer program is much greater. These change your dial-up access number. Often, the altered number is in another country. The user typically won't notice anything (beyond, perhaps, a slower connection speed) until they get their bill and see the huge fees they've racked up.

For broadband users, dialer programs aren't as big an issue unless you have a modem connected to your PC (which I'd guess is the minority of broadband users).
Mostly true about dialers on broad band. But if you buy any thing online with cc a dialer could capture that cc number and use it to create a account on a porn site.

As for dialers not being a big isue on broad band. Find say any 3 dialers and install them on 3 megs down cable and watch what happens. My brother had 3 running on his computer at one point and it completly saturate my downstream bandwidth. Wen from 500KB (as seen through browsers download meters) to a measly 10KB.
A single porn dialer can makes dozens of connections and pull large pages and banner adds to generate hits for a web site.

cacroll
Eventually, Prozac becomes normal
Premium Member
join:2002-07-25
Martinez, CA

cacroll

Premium Member

said by Nanaki:
said by TechyDad:

On dial up, the risk of infection from a dialer program is much greater. These change your dial-up access number. Often, the altered number is in another country. The user typically won't notice anything (beyond, perhaps, a slower connection speed) until they get their bill and see the huge fees they've racked up.

For broadband users, dialer programs aren't as big an issue unless you have a modem connected to your PC (which I'd guess is the minority of broadband users).
Mostly true about dialers on broad band. But if you buy any thing online with cc a dialer could capture that cc number and use it to create a account on a porn site.

As for dialers not being a big isue on broad band. Find say any 3 dialers and install them on 3 megs down cable and watch what happens. My brother had 3 running on his computer at one point and it completly saturate my downstream bandwidth. Wen from 500KB (as seen through browsers download meters) to a measly 10KB.
A single porn dialer can makes dozens of connections and pull large pages and banner adds to generate hits for a web site.


A dialer is a program that hijacks your dial-up modem, makes long distance phone calls, and tries to rip you off using the automated billing relationships used by the telco network.

You can have hijacks of various types - but if they don't involve a dial-up modem, they're not really dialers.

You ought to take your brothers computer away from him, til he gets some common sense.

I'm just been reading Aggressive, Mass-Mailed Sober.p Worm Poised To Smack Users.

"He's accumulated a number of machines," said Alperovitch, but he wouldn't hazard even an estimate as to the size of the network of infected machines, also called a "botnet."

Some security experts have been talking about licensing computer use, and I'm starting to agree with them. Your brother should have his license suspended.

koma3504
Advocate
Premium Member
join:2004-06-22
Granbury, TX

4 edits

koma3504

Premium Member

Re: cacroll

cacroll See Profile
I'm just been reading Aggressive, Mass-Mailed Sober.p Worm Poised To Smack Users.

Some security experts have been talking about licensing computer use, and I'm starting to agree with them. Your brother should have his license suspended.
Id like to read that License thing but looking on the site above i dont see it.

Is it
on Tech Web

Thanks




† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay
ku^uipo_keleneka ®

Anonymous_
Anonymous
Premium Member
join:2004-06-21
127.0.0.1

Anonymous_ to Nanaki

Premium Member

to Nanaki

Re: Is Yahoo email anonymous?

said by Nanaki:
said by koma3504:
said by bradleyd:

I've been trying my best to get him to use a firewall, updated AV, etc. with little to no success. He kind of lives in a fantasy world that no one will bother him on dial-up.

Thanks again.

Brad
True A hacker might not bother because it would be a slow connection.

But He has no protection from all the Bot's,Trojans;
And Millions of Infected Computers that their sole;
Purpose is to infect other machines.
That are floating around.

Reminds me one time when i was working on a gateway.
Although im on dsl the Computer Owner of the gateway.
Was going to be using Dial-up.
As soon as i dial up to internet i got hammerd hard.

Dialup dynamic etc ips are no deffence. A script kiddie would use a dial up connection for one of his bots just as fast as a broadband. Basically even though dialup is extreamly slow it can still do damage. Put 20 diaul hosted bots against a 1 meg cable or dsl con and you will at the very least saturate the broadbands connection. 30 dial up bots would probably know the same 1mb con off totaly. Sure they prefer broad band but they will take any they can get. As for dynamic ip that wont make a bit of diffrence. The bot will still go to the irc chanel and wait for the orders.
what if i had 7.8mbps?
RobertLudlum
join:2005-01-20
656456

RobertLudlum to B04

Member

to B04
I'm pretty sure there are webmail services that do not attach the originating ip to the headers, so in a sense you can remain annoymous to the sender.

But your isp still records the communication. You can work around this by logging in with Tor I guess..

TechyDad
Premium Member
join:2001-07-13
USA

TechyDad to Nanaki

Premium Member

to Nanaki
As cacroll See Profile pointed out, what you're talking about isn't really a dialer. It's more of a trojan/keylogger which is a different threat entirely. A dialer distinguishes itself by altering your dial-up settings to go through another number. Typically, this number is in another country and generates revenue for the hacker behind the dialer program.

You connect to your dial-up connection as you normally do, not realizing that you're making an international call. Then you get the bill and the hacker cackles fiendishly while twirling his handlebar moustache. Ok, maybe not that last part. Since a broadband connection doesn't rely on dial-up settings, a dialer program is mostly harmless.

Of course, once you allow any malware on your computer, you open the door for other forms of malware. That dialer program could come with a keylogger also which would be quite capable of capturing your personal information. It could also contain a trojan that would turn your computer into a spam or DDoS zombie.

D
@dynamic.qsc.de

D to bradleyd

Anon

to bradleyd
use hushmail.

Criches6
@144.70.x.x

Criches6 to bradleyd

Anon

to bradleyd
Brad you should know being a former spy you are never safe. Although several federal courts have passed laws protecting ISPs from having to give up their clients this does not protect him from getting hacked.

Chriss 33V
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to TechyDad

Member

to TechyDad
said by TechyDad:

As cacroll See Profile pointed out, what you're talking about isn't really a dialer. It's more of a trojan/keylogger which is a different threat entirely. A dialer distinguishes itself by altering your dial-up settings to go through another number. Typically, this number is in another country and generates revenue for the hacker behind the dialer program.

You connect to your dial-up connection as you normally do, not realizing that you're making an international call. Then you get the bill and the hacker cackles fiendishly while twirling his handlebar moustache. Ok, maybe not that last part. Since a broadband connection doesn't rely on dial-up settings, a dialer program is mostly harmless.

Accualy many dialers can and will do both. One he had tried to crerate a new connection under dialup/networking. The connection it made was a dialup the number it had was some 1900 number. There has never been a diaul up modem in that computer.

Billusa
join:2000-03-08
Dallas, TX

Billusa to RobertLudlum

Member

to RobertLudlum
The only truly anonymous webmail is a service such as Hushmail.com, where nothing identifiable gets passed through in the header to the receiving end, and Hush does not release said to anyone. You can also encrypt it if you want to.