I have a little free time coming up next week, so I am going to work on a story I’ve had backburnered since, well, forever. I won’t go into details about the whole tale, but part of it is about a woman who strikes up an acquaintance with a man through a message board like this one. They begin an email correspondence, and she begins to suspect that he is more – or at least other – than he appears. With the assistance of a tech-savvy friend she investigates, and the techie discovers that the suspicious fellow is attempting to obscure his identity using a method that might once have worked, but no longer does for various technical reasons. Thus I need a brief description of that method.
So we’re clear: I am NOT looking for a method of hiding one’s identity that actually works; such a thing is contrary to what I need. I need a method that either sounds good but is flawed, or would once have worked but no longer does. It’s a plot point that the Mysterious Fellow is, while clever, a bit technically behind the curve.
Change the “from” address on an e-mail so that it is supposedly from some other domain (i.e. location), e.g. make it look like it comes from bobama @ whitehouse.gov. Easy to do, looks OK at first glance, but checking the e-mail headers (that don’t normally appear by default) will very quickly show that the address is fishy.
Very briefly (because the story’s told from the POV of the non-techie), how does the techie go about finding that? I basically want to include an exchange of dialogue in which the techie begins to explain what she’s done and the distressed viewpoint character zones out.
Faking the From address doesn’t mean much in the context of a web based message board. You’ll need to think about the other side of the equation - the identity part. Let’s say your protagonist discovers her correspontent’s true email address is email@example.com. So what? Anyone can make an email address there, so unless they happened to give away their real name in the username part, all you’ve done is narrow it down to the few hundred million people who use yahoo mail. (Even if they did hint at a real name they could be faking that). An IP address might get you closer, but even so that will probably only tell you at most the ISP and city (and in many cases not even that).
Your hero will need something to match those things to. Maybe the email address matches that of someone she knows. Maybe the IP address is from the office where she works or a local university, or perhaps it matches the headers of an email she has previously received. Something like that. The method of hiding and discovery probably depends on that.
Searching for a username to the spoofed email on Google could tell you something. It’s actually easier to find me by my screen name than by my actual name, for instance. Or, as another for-instance, his hidden-actual-email could be on AOL. Look up profile and get more information. Plus. . .AOL? Really?
The not-so-clever trickster could use an email address from a provider in a different part of the country, not knowing that the email headers (normally hidden by default) would give him away.
If you sent mail using an old college email address from nyu.edu and told people you live in New York, they’d probably believe you. Or if you had an account with from a telco in a different part of the country, like Pacific Bell, people would believe that you lived in California when you could be anywhere else. Or you could get a free email address at gmx.co.uk and say you’re from England.
Viewing the message headers would show that the mail server received the original email from a certain IP address. IP geolocation is unreliable, but if you run a whois on an IP and find that it belongs to Pacific Bell and the person is emailing from firstname.lastname@example.org and telling you they’re from New York, something ain’t right.
It may not work if the originating IP is a national ISP. It needs to be a local company that only serves a certain area. And not all mail services show the originating IP so if you’re worried about realism, find one that does or just make one up.
However, email from Gmail or pacbell or gmx.co.uk only shows headers from thier server - the Gmail farm in Podunk, say. There is no indication who logged in from where with their web browser to compose that mail. The FBI might be able to supoena IP connection records from Gmail etc. The IP is not very private; it will tell the authorities usually whether a specific cable box or DSL phone line was the source, but Joe Plumber will not be able to get that info out of the provider. If the guy was really lucky, the addresses assigned changed, and it’s past the time when the records were kept. If he’s smart, it leads back to an overseas proxy relay, or (less smart but still anonymous) a local Starbucks.
Maybe it would be interesting to use Google? There’s the story of teachers looking for plagarism by putting phrases from student essays into Google and finding the source essay. Maybe the creepo has a few choice expressions that are unique enough (“you can’t get blood out of a turnip”, “I flattened him with the dazzle of my intellect”, or other unique stupididities). SHe googles them, finds the same expressions going back years on a chat site or twenty. Including - rants about local politicians, his street being dug up, the local Walmart coming to town, his annoying lemon of a car, whatever…
There was a thread a while ago someone here asked about sending anonymous email to their boss - well, browsing a few months of his posts, we could say where he went on his last vacation, his house problem, what area of what state he lived in, ethnicity of his wife, and his hobbies. Given the unique nature of his complaint against the boss (posting cartoons forbidden, let’s say) anyone googling that may find the post, identify the handle, and start digging.
We don’t realize how much personal information we release in dribs and drabs, and if it’s available for catalog on Google, or in zombie threads, it never goes away. Stuff your antagonist may have posted and forgotten about in psycho rants 10 years ago may still be online somewhere. “Big Brother of the Clouds” or something…
If the OP is looking for ways that used to work there might be something here. Back in the dark ages when we all had pet dinosaurs and dialup was the norm, there were times I’d make a long-distance call to some far-away state to appear to be coming from an IP nowhere near my real location. The IPs could be completely different as well- one access number would connect you to, say, a psi.net address, while another would give you a uu.net address.
Why I would do this isn’t important- but nothing nefarious, much closer to trolling than anything else.
What about changing the username on the email address from the one listed to the one on a message board? So if the username on the messageboard is Nefarious_Stranger but their email address on their profile listed is email@example.com, the techie figures out by googling Nefarious_Stranger@aol.com there’s links to… trouble!
So if you have an online persona and you make your Facebook URL http://facebook.com/onlinepersona then when someone goes to that URL they see your real name and usually your location, and anything else you’ve left public.