On Lu, 09 dec 19, 17:44:37, Keith Bainbridge wrote: > On 7/12/19 10:55 am, Keith Bainbridge wrote: > > Have had a couple of questions that have gotten me thinking deeply, > > primarily about whose/what safety I am really trying to protect. My best > > answer is personal, physical safety of my family. > > I have pondered over all you pros and cons of encryption, and figured it > isn't worth much if there is enough info in the headers to locate me 'on the > ground'.
If you are using SMTP to your mail server (Gmail, ISP, etc.) the IP address is recorded in the headers. This should not be the case with webmail[1], but the provider does have your IP address[2]. If you don't trust the provider with that information you must use something like Tor. Do note that Tor is not 100% either[4] (nothing is) and many providers don't accept connections via Tor. [1] Because your connection to the webmail server is not part of the SMTP "path". [2] Depending on your ISP, it may be more or less easy to determine your (aproximate) location from it[3]. You should assume that a determined entity with sufficient skill and resources will be able to get close enough. [3] E.g. a simple geolocate for my current IP address shows me in a different city. [4] It's probably good enough to hide your location from mass surveillance or a casual attacker (e.g. a "common" stalker). It's probably not sufficient if you are a disident in a totalitarian country (e.g. Romania pre-1989). Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
signature.asc
Description: PGP signature
