This story originally appeared on PCMag
Not long ago, the sharing economy seemed to take over. Privacy was dead, and no one cared. But that was a pre-Snowden era. Now, for some, the need to go truly anonymous is more important than ever.
What do you do if you want to set up an email address that is completely secret and nameless, with no obvious connection to you whatsoever without the the hassle of setting up your own servers?
This goes beyond just encrypting messages. Anyone can do that with web-based email like Gmail by using a browser extension like Secure Mail by Streak. For desktop email clients, GnuPG (Privacy Guard) or EnigMail is a must. Web-based ProtonMail promises end-to-end encryption with zero access to the data by the company behind it, plus it has apps for iOS and Android.
But those don’t hide who sent the message.
Here are the services you should use to create that truly nameless, unidentifiable email address. But be sure to use your powers for good.
First step: Browse anonymously
Your web browser is tracking you. It’s that simple. Cookies, and so-called unstoppable “super cookies” know where you’ve been and what you’ve done and they’re willing to share. Sure, it’s mostly about serving you targeted ads, but that’s not much consolation for those looking to surf in private.
Your browser’s incognito/private mode can only do so much — sites are still going to record your IP address, for example.
If you want to browse the web anonymously (and use that private time to set up an email), you need not only a virtual private network, but also the Tor Browser, a security-laden, Mozilla-based browser from the Tor Project. If you don’t know about Tor, it’s what used to be called The Onion Router; it’s all about keeping you anonymous by making all the traffic you send on the internet jump through so many servers, people on the other end can’t begin to know where you really are. It’ll take longer to load a website than it would with Firefox or Chrome, but that’s the price of vigilance.
The free Tor Browser is available in 16 languages, for Windows, macOS, and Linux. It’s self-contained and portable, meaning it’ll run off a USB flash drive if you don’t want to install it directly. Even Facebook has a Tor-secure address to protect the location of users — and let users get access in places where the social network is illegal or blocked, like China. An estimated 1 million people use it. There is also a version for getting Tor access to Facebook on Android devices.
Tor is not perfect and won’t keep you 1,000 percent anonymous. The criminals behind the Silk Road, among others, tried that and failed. But it’s a lot more secure than openly surfing. It took law enforcement agencies with a lot of resources to get those bad guys.
Second step: Anonymous email
You can set up a relatively anonymous Gmail account, you just have to lie like a bathroom rug. That means creating a full Google account, but not providing Google your real name, location, birthday, or anything else it can use when you sign up (while using a VPN and the Tor Browser, naturally).
You will eventually have to provide Google some other identifying method of contact, such as a third-party email address or a phone number. With a phone, you could use a burner/temp number; use an app like Hushed or Burner or buy a pre-paid cell phone and lie through your teeth when asked for any personal info. (Just know that even the most “secure” burner has its limits when it comes to keeping you truly anonymous.)
As for that third-party email, there are anonymous email services you can use, so why use Gmail at all? The Electronic Frontier Foundation (EFF) says it’s smart to use a different email provider from your personal account if you crave anonymity — that way you’re less likely to get complacent and make a compromising mistake.
Note that you also should use an email service that supports secure sockets layer (SSL) encryption. That’s the basic encryption used on a web connection to prevent casual snooping, like when you’re shopping at Amazon. You’ll know it’s encrypted when you see HTTPS in the URL, instead of just HTTP. Or a lock symbol shows up on the address bar or status bar. The big three webmail providers (Gmail, Yahoo Mail, and Outlook.com) all support HTTPS. Get the HTTPS Everywhere extension for Firefox, Chrome, Opera, and on Android, to ensure that websites default to using the protocol.
That’s great for web surfing, but neither HTTPS nor VPN is enough to stay hidden when emailing. You know that.
Pseudonyms in email (like email@example.com) aren’t enough, either. Just one login without using Tor means your real IP address is recorded. That’s enough for you to be found (if the finder can get your provider to give up some records). It’s how General David Petraeus got nailed.
The point is, once you’ve gone this far, there’s no reason to go back. Use a truly anonymous web-based mail service; here are some of the best.
Recommended by the EFF and others, Hushmail’s entire claim to fame is that it’s easy to use, doesn’t include advertising, and has built-in encryption between members. Of course, to get all that, you have to pay for it, starting at $49.98 per year for 10GB of online storage; a free version offers 25MB of storage. Access it on the web or iOS.
Businesses can use Hushmail starting at $3.99 per user/month for nonprofits (going up to $5.99 for small businesses and $9.99 for legal and healthcare entities), plus a one-time $9.99 setup fee for everyone (though then you need to obfuscate your info for the Whois database).
Note that Hushmail has turned over records to the feds before, and its terms of service state you can’t use it for “illegal activity,” so it’s not going to fight court orders. But at least it’s honest about it up front.
Guerrilla Mail provides disposable, temporary email. Technically, the address will exist forever, and never be used again. Any messages received at the address, accessible at guerrillamail.com, only last one hour. You get a totally scrambled email address that’s easily copied to the clipboard. There’s an option to use your own domain name as well, but that’s probably not keeping you under the radar.
Guerrilla Mail is the perfect way to create an email address to sign up for a different, more permanent-yet-anonymous email address, or to send a quick, anonymous email instantly — no signup required. You can even attach a file if it’s less than 150MB in size, or use it to send someone your excess bitcoins. Coupled with the Tor browser, Guerilla Mail makes you practically invisible. It’s also available on Android.
Mailinator’s free, disposable email has a slick interface, but you probably don’t even need it. Whenever you’re asked for an email, just make up a name and stick @mailinator.com at the end. Then visit the site, enter the name, and you’ll see if it’s received any messages. No signup though you can sign in with a Google account.
Here’s the problem. If someone else comes up with the same name, then you both get access to the messages received. There are no passwords. There’s also no sending possible. Its FAQ states if you get an email from Mailinator, it’s a guaranteed forgery. This one is for quick service signups only, and only with the most obfuscated, obscure you can come up with. Of course, you can pay $29/month if you want to get a 10MB storage inbox that is private just for you.
You don’t get interfaces as simple as this very often. With no signup required, you enter the email name you want for an @pidmail.com address you can hand out. The messages sent to it immediately show up. It’s that simple, though it’s not for sending messages. You can reserve the address of your choice with a password, again at no cost to you.
Email On Dek
There’s a two-step process to getting a free email for receiving messages at Email On Deck, but only because step one is a CAPTCHA to make sure you’re a human being, not a web-based robot. It randomly assigns you an obfuscated email address (like “firstname.lastname@example.org”). You can click a button to get assigned another, but they’re all temporary. You don’t want to use this service if you plan to ever use the address assigned beyond, say, an hour or two.
TorGuard is another global VPN service, which goes for around $9.95/month to start. The service also provides a separate Anonymous Email, with service from free (10MB offshore storage) all the way up to $49.95/year for unlimited storage. They all have secure G/PGP encryption of mail and no ads. For more, see PCMag’s full review.
TrashMail.com isn’t just a site, but also a browser extension for Google Chrome and Firefox, so you don’t even have to visit the site. Create a new email from a number of domain options, and TrashMail.com will forward it to your regular address for the lifespan of the new address, as determined by you. The only limit is how many forwards you can get; to go unlimited, you pay $12.99 a year. The site provides a full address manager interface so create as many addresses as you like to stay anonymous and ubiquitous.
ProtonMail over Tor
Maybe saving the best for last: ProtonMail is a nice service with servers in Switzerland (a country that appreciates secrecy) that provides fully encrypted messages. Anyone can get an account for free that holds 500MB of data and up to 150 messages per day, or pay 4 euros per month to get the advanced features.
Encryption is one thing, but anonymity comes with the ProtonMail’s specific support for Tor via an onion site it set up at protonirockerxow.onion. It also provides full instructions on how to set up Tor on your desktop or mobile phone. Having anonymous users is so important to ProtonMail, it doesn’t require any personal info when you sign up. It even supports two-factor authentication.