If I wanted an email to be essentially untraceable, say I was going to send a “whistle blowing” report on my boss (rather than anything illegal) what is the best way to do that. I know that I can easily create a false email account, but I worry about tracking the IP address.
Can I use TOR as my browser. Would that obscure my IP address?
The easiest way to do this would be to go to an internet cafe or library with public internet access. If for some reason you needed to use your own computer, you could use a proxy service or the Tor browser like you suggested.
In theory anything else could be tracked back to your computer given someone willing to invest sufficient time, effort and money into it.
Realistically as long as you didn’t use your work computer/e-mail, you would probably be fine. Also, you would need to make sure that the authority you are reporting to has a way of contacting you (as they may need more information).
Is the whistle-blowing for a serious enough infraction that it is worth the effort and possibly ruining somebody’s life, or are you just being vindictive? Could you just put a post it note on his desk and say “I know what you’re doing”?
Maybe it would be a good idea and go old school: Print out the report, drive to a big town nearby, buy envelopes and stamps there and send the document by (snail) mail.
It may only be a private complaint to a private person in management of a private company.
But be careful, you never know what might develop in the future, especially if somebody hires a lawyer .
Silly examples, but not impossible if somebody wants revenge:
Maybe your complaint could be turned against you-- as grounds for a civil lawsuit for defamation. Or maybe your complaint could be turned into grounds for a criminal suit for something that you aren’t aware of (say, stealing company property–did you ever take home a company document, or a “free sample” of something, or even just hijack a pack of paper from the supply room?)
I dont know anything about computer security. But I always work on the assumption that anything you type into a computer can be taken back out of the computer…if somebody is really,really determined to do it.
Send your untraceable email by driving to a library (not the branch nearest your office, or your house.)
Create a yahoo address with a reasonable name, so it won’t be ignored as spam.
And then periodically check the email account to see if somebody has contacted you—but check it only by physically going go back to the same library branch. If you get lazy and log into Yahoo from your computer at home , you’ve created a traceable link.
Depends on how much work you’re willing to put in, and what other resources you have available. If the OP posted from his place of work, then the company’s computer guys potentially already have a record of him visiting this site, and it wouldn’t take many clues to identify him as the OP of this particular thread.
There’s a couple of levels here. If it’s “We think dauerbach sent this letter, how do we prove it?”, then he’s screwed by things like posting here on the Dope. They can focus on all sorts of things that tie you to the letter.
If it’s “somebody at the company sent this letter, who was it?” then you’re much more protected.
And the difference between those two cases depends on how many people there are at the company. If the company is small enough or has enough resources, then they can go through the “We think _____ sent this letter” process for every employee.
Many libraries require patrons to sign up for a time slot to use their public-access terminals, often using their library card. And there may even be a record of which card-holders used which terminals.
In one city where I lived, for example, there was an automated sign-up process: You logged in at one specific terminal, where you get to see a grid showing all time slots, and which are available. You pick an available time slot. Then it prints out a slip showing your appointment time and which terminal you’re assigned to.
If your library makes any sort of record of who is using the terminals, you might want to find some other place to send your report.
The IP address of your computer isn’t attached to the email. So if you make a dummy gmail account, the only way for your work to find out* it was you is for them to get Google to tell them what IP addresses were used to log on to that account. They’re only likely to be able to do this if they get a court order, which doesn’t sound very likely, but if you want to be extra cautious, you can get a VPN service for a couple bucks to cover your IP address, or just log-in from a local Starbucks.
(and to state the obvious, don’t send the email account from work. Even than, you’d probably be safe, since if its a large work place there are probably a lot of people signed into gmail at any given time, but still, its not impossible they might compare the time of your log-on to the time the email was sent and figure it out.)