Two points: military personal should be particularly aware of this problem, and users with needs for anonymity should be certain to check out the options provided by the Anonymizer. --MW Is Web-Based Mail Bad for Your Anonymity? by Steve Silberman 5:03am 26.Feb.98.PST It's the kind of scare story, posted from an anonymous address, that makes the rounds of computer security mailing lists and newsgroups. This time, however, the scenario was so simple as to be highly plausible. The post - made last week to the Cypherpunks mailing list - began ominously: "I just had my online pseudonym outed to my company's VP of marketing, with potentially serious internecine political consequences." The author explained that, like many people, he maintains two separate email addresses: a work account, and an alternate account on a remote server at the local college. For the latter, the author employs a pseudonym. This, he says, allows him to speak his mind about political views, as well as his disdain for his employer's use of unsolicited bulk emailings - spam - without fear of reprisal. The author's cover was blown, he said, the day he used Netscape Mail on his workstation to fetch a message mailed by his company to his account on the college server. So where was the leak? Like more and more email programs, Netscape Messenger - along with Outlook Express, Eudora 4.0 and many free Web-based mail services such as Hotmail - offers users the ability to send and receive not only text messages, but fully-rendered Web pages, in all their graphical glory. If a user has both Eudora 4.0 and Internet Explorer, for instance, Eudora will borrow IE's HMTL-rendering capabilities to display Web pages sent in mail messages. The mail targeted by the company to the author's pseudonymous address was written in HTML, and contained a standard image tag. When Netscape opened the mail and rendered the page, the tag sent a call to the company's Web server to fetch the image, which left a tell-tale footprint - the IP address of the author's machine - on his employer's logs. Busted! As software designers aim for a seamlessly integrated desktop - with multiple email accounts, the Web, and local file access all a click away - the tools you select for everyday tasks are more important than ever. "This isn't really a mail security issue," observes Eric S. Raymond, author of a remote mail-retrieval utility called fetchmail. "Email security is nonexistent anyway unless you use a strong end-to-end encryption method like PGP, but that wouldn't have helped here. The issue was an unintended side effect of having an intelligent agent read your mail and go off to the Web to get a piece of information. If he'd been using a [text mail] program like Elm or Pine or Mutt, he wouldn't have gotten bitten." Cryptography consultant Bruce Schneier, author of E-Mail Security: How to Keep Your Electronic Messages Private, points out that exchanging text-only messages and exchanging HTML entail different levels of information exchange between sender and recipient. "HTML is a robust protocol designed to make things run smoothly, therefore it passes a lot of information behind the scenes. That's why it's useful," he says. Reading Web pages with an HTML-enabled mail program doesn't leave any more of a trail behind you than surfing through a site - but it doesn't leave any less of one, either. You may not even know when you're on the Web when you read your mail with a Web-enabled program. Several online publications - including Wired News - are available in email form, via options such as Netscape In-Box Direct. The text portion of the publication is sent to your in-box, but images may be siphoned from a remote server when you open the message. Clicking on links may take you out on the Web while you still think you're reading mail on your own hard drive. For Simson Garfinkel, author of Web Security and Commerce, the lessons to be gleaned from this incident are not about text vs. HTML mail software, but about workplace rights. "This individual was using his computer at work, and he thought that because he was reading personal mail on another ISP, his computer was not subject to his employer's scrutiny. Employees have no rights to privacy in this country," Garfinkel says. "If you want to maintain a digital pseudonym, don't read your personal mail at work."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:05:48 PDT