Anonymous e-mail accounts
The reasons as to why using e-mail accounts together with JonDonym may be:
- You have to use unsave networks like WLAN at the airport or hotel and need
a secure connection to your mail provider.
- Avoid interconnections between your e-mail identity and other data colletions.
- You would like to have a data retention free email account. (IP addresses of JonDonym mixes are useless for data retention.)
- You do not want to disclose your location to recipients and mail providers to avoid tracking of your movements.
- You would like to use a pseudonym without linkability to your real identity (anonymous email account).
If you would like to have an anonymous email account, please create a new
account first. Choose an E-Mail address of the form firstname.lastname@example.org,
that is "anonymous" + numbers + letters. If all JonDo users create addresses of this form,
they are much less distinguishable. You can use JonDo+JonDoFox to create the account
in the web interface of the new provider.
Recommended Mail Provider
The following email providers are privacy-friendly and offer secure SSL encryption for POP3 and SMTP. The HTTPS encryption for some webinterfaces is not genuinely secure. We recommed the usage of email clients like Mozilla Thunderbird for email communication to avoid this flaws.
- neomailbox.com (offers secure, anonymous e-mail accounts hosted in Swiss for $3.33 per month, anonymous payment with Pecunix or Liberty Reserve, secure HTTPS encryption for webinterface)
- Posteo.de and aikQ.de (German mail providers, servers located in Germany, accounts from 1 € per month, anonymous accounts possible, anonymous payment by letter, secure HTTPS encryption of webinterface)
- VFEmail (anonymous mail provider, free and premium, use a temporary e-mail address for registration, unlimited disposable addresses per account, secure HTTPS with up2date browsers)
- runbox.com (Runbox Solutions AS is a Norwegian limited company, server located in Norway, accounts for $1,66 per month, serious flaws in HTTPS encryption of webinterface)
- CryptoHeaven (anonymous accounts from $60 per year, offshore corporation, servers located in Canada, serious flaws in HTTPS encryption of webinterface)
- XMAIL.net (operated by Aaex Corp registrated at British Virgin Islands, server located in Canada, free version with POP3 but without SMTP, premium accounts from $10 per year, flaws in HTTPS encryption of webinterface)
- Associazione-Investici, Nadir.org and AktiviX.org (services for political activists, offers blogs and mailing lists too)
Due to the US PATRIOT Act (especially p. 215ff) and the fourth amendment
to the FISA Amendments Act it is possible for US authorities to
eavesdrop on the communication of non US citizens without warrant. According to the US authorities it is enough that the servers
are located in the US. In the EC study Fighting cyber crime and protecting privacy in the cloud the authors are warning about political
surveillance. That's why we can recommend the following email providers
- SecureNym (offers anonymous e-mail accounts, offshore corporation, servers located in US)
- S-Mail (accounts from $4,50 pro Monat, servers located in US)
- Fastmail.fm (free version without SMTP support, premium version full featured, server located in US)
- Zoho.com (useful for more than one mail account with own mail domain like familie or small office)
- Riseup.net (service for political activists, offers blogs and mailing lists too, servers located in US)
Security Notes: Information about long term communication partners
can be used to feature out your real identity! If you need a highly anonymous e-mail
account to do something – may be for whistleblowing – create a new mail
account and use it only for this one job. Delete the account, if the job was done and
never use it for other communication partners.
Configuration of Mozilla Thunderbird
Using an email client like Mozilla Thunderbird is more comfortable for anonymous email accounts
than using the overloaded webinterfaces of some mail providers. Using OpenPGP or S/MIME encryption
for your email communication is possible and well supported.
The most easy way of configuration uses the add-on TorBirdy. The add-on will enable all required security settings, disable the account creation wizard and configure the proxy settings. To install the add-on you have to open the add-on manager ("Tools -> Add-ons"), go to the search section and enter "TorBirdy" in the search box. If TorBirdy was found you may install it and restart Thunderbird. For OpenPGP encryption you may install the add-on Enigmail too.
Afterwards you can choose the anonymisation services Tor or JonDo in the statusbar (bottom left corner).
Create a mail account
After installation of TorBirdy you may configure your mail accounts. Because of a serious bug in Thunderbird you can not use the account creation wizard. The wizard is disabled by TorBirdy. You have to configure the POP3 server for incoming mails and the SMTP server for outgoing mails by hand.
You may find the settings for the POP3 server on the website of your mail provider. Enabled SSL encryption.
You may find the settings for the SMTP server for outgoing emails on the website of your mail provider too. Because of spam protection all premium exit mixes block port 25. You can use port 465
(SMTP-SSL) or port 587 (submission) for sending emails with Thunderbird. Please check whether
your mail provider offers these possibilities and replace the settings like shown below.
TorBirdy enforces secure SSL/TLS connections to all mail servers but not all email provider support genuinely secure SSL/TLS encryption. Yahoo!, Cotse and AOL don't support Secure Renegotiation. This is a well known bug in the SSL protocol for years. It is possible for an attacker to decrypt your username and password.
If you were not able to connect to the mail server, you may use the OpenSSL library to check the SSL connection or you may ask the JonDonym community in our forum for a check:
> openssl s_client -connect smtp.aol.com:465
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
If Secure Renegotiation was NOT supported you can't use TorBirdy with this mail provider. Choose another mail provider is our recommedation in this case.
GMail and anonymisation services
User of GMail accounts may have problems using TorBirdy and anonymisation services like JonDonym. The Google account security team wrote an answer because of questions by the Tor community:
I work for Google as TL of the account security system that is blocking
Access to Google accounts via Tor (or any anonymizing proxy service) is not
allowed unless you have established a track record of using those services
beforehand. You have several ways to do that:
- With Tor active, log in via the web and answer a security quiz, if any
is presented. You may need to receive a code on your phone. If you don't
have a phone number on the account the access may be denied.
- Log in via the web without Tor, then activate Tor and log in again
WITHOUT clearing cookies. The GAPS cookie on your browser is a large random
number that acts as a second factor and will whitelist your access.
Once we see that your account has a track record of being successfully
accessed via Tor the security checks are relaxed and you should be able to
Hope that helps,
Google account security team
Restrictions for the Dresden (JAP) anonymisation servers
After careful consideration we have decided to restrict the size of downloads over the Dresden (JAP) mixes a little. The reason is to allow a more fair use of scarce resources of our servers especially for users who simply want to surf the Web. more...