The Petraeus case is a strong example of the kind of invasion of privacy Internet privacy advocates point to. Rightly or wrongly, Petraeus lost his job when an investigation managed to attach his identity to personal matters he conducted online.
The rest of us can learn from his mistakes to keep truly private emails private.
Petraeus and his paramour had set up anonymous email accounts to exchange messages. However, a quick comparison of which other email accounts are accessed from the same IP addresses revealed the identities of the account holders. Law enforcement can conduct this kind of search without so much as a warrant.
The Electronic Frontier Foundation — which has often gone head-to-head with Google over privacy matters — has put out a primer on how users can avoid such collateral damage to their careers.
To keep an “anonymous” email address from being linked to a real identity, EFF recommends setting up a Hushmail account, which uses all HTTPS servers. Hushmail won’t know who the user is, but to protect the content of the emails, users must employ OpenPGP encryption.
EFF suggests using the Tor Browser Bundle to access the account. Using the account even once without the Tor Browser Bundle running will link the user’s IP address, and probably his or her identity, to the anonymous email address.
Even with Tor active, users should stick to HTTPS websites. And they should avoid using any plug-ins, such as RealPlayer, which can coax out the IP address.
Ironically, the Tor software was designed for use by the U.S. military.
Photo: D. Myles Cullen via Wikimedia Commons