• Categories

  • Pages

  • Archives

Need An Email Vapor Trail? Disposable, Anonymous Email Addresses.

Sometimes you just want to read an article (and have to register), redeem a coupon or spy on the opposition. (One can play clean and hard and be creative!)

The gmail jig – that of creating new, temporary accounts for one-time or express purposes –  is up.  As soon as any of us now experienced email users see a gmail address from an unknown sender, we will either junk it or run back the sender info to identify its real originator.

So, what do you you if you absolutely, positively need to send a non-traceable email?

Fortunately, prescient program developers have filled in this gap and we now have reliable temporary anonymous email generator sites from which to dispatch our hidden sender messages.

Below are our favorite disposable email provider sites:

Guerrilla Mail

Disposable Temporary E-Mail Address:  Lasts for 60 minutes, either use a domain provided to you or create your own.

Hide My Ass – (Ok, our first test run was out of curiosity.  With a name like that…)

“When websites or persons you do not necessarily trust ask for your email address, give them one of our anonymous email addresses and hide your true email address and online identity.” – can last anywhere from 24 hours to 12 months (year) – “Hide behind one of our email address aliases and never have to reveal your real email address.” – “Need to register on a shady website? Stop spam emails from entering your real email inbox.”

SendAnonymousEmail 

“Every day over 60,000 free anonymous emails are sent from our servers, making us the world’s largest and most trusted anonymous email service” – It is a one time use email (obviously can be used multiple times using different anonymous emails)

Anonymize responsibly.

(Visit www.sjbn.co for great info on everything techno-related as it applies to domain searches, email identifiers and tagging.)

 

As always, stay safe.

8 Ways That You Can Be Legally Tracked

 fb sub

“But don’t they have to have probable cause to search my email or get my Facebook records?”  I can’t tell you how many phone calls we’ve received with that question  – and as we tell each caller, “We are not attorneys, judges or the court or the police department. But, uh, what happened?” (Who doesn’t want to hear a good story??)

(Anyhow, for the purpose of this article,  “they” means law enforcement.)

Here are the situations and the applicable laws:

1. Phone Records: Calls you have made and received

How they get it

Wiretapping is illegal without a judge’s warrant, however, police only require a subpoena from a court to obtain your phone scrolls (outgoing and incoming calls).

A warrant requires showing probable cause, a subpoena needs only to be relevant to an investigation, a much lesser standard of evidence.

Applicable law: 

Smith v. Maryland, a Supreme Court ruling in 1979, which found that the Constitution’s Fourth Amendment protection against unreasonable search and seizure doesn’t apply to a list of phone numbers.

2.  Location: Your phone is a tracking device

How they get it

Cell towers.

Applicable Law: 

The federal Electronic Communications Privacy Act (EPCA) cited by the police for these records dictates that the data must contain “specific and articulable facts” related to an investigation – again, that lesser standard of evidence.

3.  IP Addresses: Which computers you use

How they get it

Email providers such as Google, Yahoo, MS, etc.  amass tremendous amounts of data about our digital journeys. A warrant is needed to access some emails (see below), but not for the IP addresses of the computers used to log into your mail account or surf the Web. According to the ACLU, those records are kept for at least a year.

Applicable law:

U.S. v. Forrester, is a case involving two men trying to set up a drug lab in California.  Prosecutors successfully argued that tracking IP addresses was no different than installing a tracking device to a phone to track each number dialed by a given phone (which is legal).   Police only need a court to sign off on a subpoena certifying that the data they’re after is relevant to an investigation — the same standard as required for cell phone records.

4. Emails

How they get it

Prior to Sen, Leahy’s bill introduced earlier this year, only recent email required a warrant; email aged over 180 days required only a court subpoena related to an investigation.

Applicable Law

Once again, the ECPA comes into play.  The Leahy bill would require a warrant to get all emails regardless of age.

5. Email drafts: drafts are different

How they get it

Communicating through draft emails, à la David Petreaus and Paula Broadwell, seems sneaky. But drafts are actually easier for investigators to get than recently sent emails because the law treats them differently.

Applicable Law:

The ECPA distinguishes between communications — emails, texts, etc. — and stored electronic data. Draft emails fall into the latter, which get less protection under the law. Authorities needs only a subpoena for them. The Leahy bill would change that by requiring a warrant to obtain them.

6. Text messages: As with emails, so with texts

How they get it

Investigators need only a subpoena, not a warrant, to get text messages more than 180 days old from a cell provider — the same standard as emails.

Applicable Law: 

Currently being challenged in several states otherwise, the ECPA applies.

7. Cloud data: documents, photos, and other stuff stored online

How they get it

Authorities typically need only a subpoena to get data from Google Drive, Dropbox, SkyDrive, and other services that allow users to store data on their servers (aka, cloud storage).  EXCEPT: If that data is shared. (see below).

Applicable Law:

The ECPA defines cloud data the same way it does draft emails – as storage – making a warrant unnecessary. However, shared files, such as a collaboration through Google Docs is considered “communication” so a warrant is required.

8. Social media: Too new to tell

How they get it

Read your social network’s Terms of Service and Privacy Policy. (Stop laughing.) When it comes to sites like Facebook, Twitter and LinkedIn, the social networks’ privacy policies outline how cooperative they are in handing over users’ data to law enforcement. Facebook states it requires a judge’s warrant to disclose a user’s “messages, photos, videos, wall posts, and location information.” But it will supply basic information, such as a user’s email address or the user’s IP addresses under a subpoena.

Applicable Law:

Too soon to tell but we’re know that a Manhattan Criminal Court judge upheld a prosecutor’s subpoena for information from Twitter regarding an Occupy Wall Street arrest on the Brooklyn Bridge in 2011, marking the first time a judge allowed prosecutors to use a subpoena rather than a warrant to get the information.

Bottom Line: Assume that everything you write can and will, if necessary, be read by law enforcement so don’t do whatever it is that you haven’t done.

BNI Operatives: Situationally aware.

As always, stay safe and stop typing your life online.

How To Unsend Email

unsend

There is not one person reading this who has not wished for a way to unsend email. Although the mailmeisters would have had us believe that there was absolutely no way email can be retrieved once sent because , we have always known that the technology existed to save us from our snarky selves.

Without further ado (and before the powers-that-be take back the email take-back feature), how to unsend email:

IN GMAIL

Does Gmail’s Unsend do just what you think it does? Kinda sorta.

While you can’t actually go in to the receiver’s inbox and extract your snippy missive, you can pull it back within a few precious seconds as that sinking “oh no!” moment hits you.

  • Go to Settings in the drop down menu directly below your profile photo.
  • Click “Enable Undo Send,”  and then
  • Select the cancellation period from these options: five, 10, 20 or 30 seconds.
  • Save Changes.

(Why would anyone select anything other than 30 seconds??)

IN AOL

 

  • Select Mail | Sent Mail from the menu in AOL.
  • Highlight the message you want to pull back.
  • Click Unsend.

Which Emails You Can Unsend

Note that you can (effectively) unsend an email only if:

IN BROWSER

There are a few browser plug-ins that offer unsending features.  One of our favorites for its ease of use and effectiveness is Criptext.   At this time however,  it’s just for Chrome and Safari.

Enabling Criptext on an email encrypts the message and any attachments, tracks it so you know when it’s been opened, and gives you the option to “recall” it. Messages can also be set to expire after a certain amount of time.

UnSend.it is a similar service that works with more browsers and email services than Criptext. It offers all of Criptext’ features, except encryption. You will also need to configure your email service to run through UnSend’s servers.

Then you can send email and attachments to anyone. If you decide to unsend the email, just click a button in your email service. You can also track when someone opens the message or you can set it to self-destruct.

BNI Operatives: Situationally aware.

As always, stay safe.

 

 

 

New Business Personality Profiling APP. I Let Crystal Profile Me & My Clients.

drew dagostino

Find out what the internet knows about you and your friends with this creepily accurate website, blared the headline from Business Insider’s column, The Daily Dot on April 15, 2015.

Well, a headline like than is going to arouse my interest.  Reading through the article, I realized that this app – Crystal – actually focuses on evaluating the personality of business associates (co-workers and clients) and is driven through LinkedIn rather than a rate-your-pals type communication technology.  It’s ultimate use is to write your business emails. Now I am definitely curious.

What if you could get a psychic reading about everyone you work with? It could tell you how to talk to them, words to avoid, how short or long your emails should be. What they are good at, and what they aren’t. 

And what if they could see all of that information about you?

Crystal wants to change the frustrations and mysteries of work communications by giving you all the data you need to successfully correspond with friends and colleagues. In fact, your emails will be so good people will wonder if you can read their mind.

The software is like a psychic for online communication. It walks the line between innovative and super creepy, but it’s hard to deny it actually works.

Crystal gives you personality profiles on anyone you might be connected with online, including the best ways email them, how to approach conversations, and how you would work together in a professional setting. You can even get a Gmail extension to let Crystal analyze your emails and give you tips on what you’re doing wrong—it’s like spell check, but for the content of your email.

Now I’m hooked.  I ran myself (results below).

Clintonemail.com; The Emails and The Private Server Controversy.

hillary email main

The optics aside, (those of former Secretary of State Hillary Clinton forming a de facto separate central office of a government agency in her Chappaqua, NY home or elsewhere),  how private email operates has come to the forefront of the nation’s awareness, especially as most of us use a form of personal email.  Most private email operates through a hosting service (e.g., GoDaddy, Gmail, Yahoo Mail, etc.) on host servers.  Many buisnesses, however, or those requiring an extra layer of security and discretion, purchase and disseminate email via their own servers.  As is the case with Hillary Clinton and clintonemail.com as it relates to official Department of State (and other governmental agencies with which she emailed), she owns her server and it is physically located… where exactly?  Initial AP reports on March 4, 2015, stated that the Clinton server was located in her private home in Chappaqua, NY, but – and the MSM seriously dropped the ball here – there has been no independent confirmation of such.   The possibilities are very limited but they are:

  • It was, in fact, located in the Clinton home in Chappaqua, though no evidence has been provided that it was.
  • It was located in a private office somewhere near Chappaqua, although again there is no evidence to that extent.
  • It was hosted by an external hosting firm — based on network records, first at ThePlanet.com and then at Confluence Networks. There are strong indications that the actual hardware would be in Texas.

By way of explaining how private email (Part I/II) and servers (Part II) work, we will deconstruct the recent/current Hillary Clinton use of private email from her own server for official electronic communications brouhaha.

The Situation:

Hillary Clinton (or someone presumably on her behalf and direction) purchased a private domain, clintonemail.com, from GoDaddy, the world’s largest domain registrar.  All domain purchases come with at least one email address. (Most often,  that one initial email address is the owner’s identification@ that domain, e.g., jim@jimdesserts.com or a general email, info@jimsdesserts.)  The domain buyer can also purchase bulk email@that domain.    The registration is then either maintained publicly or privately (a fee based add-on).  The registration is viewed through WHOis.   From the WHOis site:

What’s in the WHOIS?
The WHOIS database is a searchable list of every single domain currently registered in the world. To find out who owns a particular domain name, all you have to do is type it into the box above.The Internet Corporation of Assigned Names and Numbers (ICANN) requires accredited registrars like GoDaddy.com to publish the registrant’s contact information, domain creation and expiration dates and other information in the WHOIS listing as soon as a domain is registered.
So everyone can see my information?
The short answer is, yes. The name, address and phone number you submit when you register your domain is publicly accessible by anyone at any time. This may be good news if you have a domain name you’d like to sell. Or it may be bad news if your name and contact info is collected by a spammer, hacker or other cyber-criminal.
How can I protect my privacy?
To keep your personal data from falling into the wrong hands, GoDaddy.com offers Private Registration through our partner, Domains By Proxy®. Instead of displaying your personal information in the WHOIS database for all to see, Domains By Proxy® will replace it with their own. The domain will still belong to you – except now, you and Domains By Proxy® will be the only ones who know it.
The Email Registration for Clintonemail.com:
Prior to March 4, 2015:  The clintonemail.com was publicly registered to an IP address that returned to the Clinton Chappaqua, NY home.  NOTE: That is the registration, not a physical confirmation of the actual server location. (Nonetheless, as a matter of respect for privacy rights, we don’t publish home addresses.)
On and after March 4, 2015: (from the WHOis database):
Domain Name: CLINTONEMAIL.COM
Registry Domain ID: 1537310173_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2015-01-29T00:44:01Z
Creation Date: 2009-01-13T20:37:32Z
Registrar Registration Expiration Date: 2017-01-13T05:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Reseller:
Domain Status:
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 12808 Gran Bay Parkway West
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.5707088780
Registrant Email: kr5a95v468n@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 12808 Gran Bay Parkway West
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32258
Admin Country: US
Admin Phone: +1.5707088780
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: kr5a95v468n@networksolutionsprivateregistration.comRegistrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Creation Date: 13-JAN-2009
Updated Date: 04-MAR-2015
Expiration Date: 13-JAN-2017

(Interesting note in the Clintonemail.com registration transfer after the matter became public, is that the domain is now registered privately with Network Solutions, LLC.  We believe this is an entirely cosmetic change as the association to GoDaddy is viewed as a less secure domain registrar when, in fact, GD domains are as secure as Network Solutions’ and so are the respective privacy settings.)

While some partisan-leaning people may try to state that HRC’s unusual private protocol is “no big deal”, well, yes it really is as we’ve seen how easily our Pentagon – and private-sector business, SONY – emails have been very successful hacked.

BNI Operatives: Situationally aware.
As always, stay safe.

Yahoo and Google Data Availability to Law Enforcement & For Legal Process

email magnifying glass

 

As we’ve surmised by now, Lois Lerner’s missing emails exist – somewhere.  There’s also now the availability of cloud hosting, a method of saving your email on the net that allows you 24/7  access from any remote location.  So, do you really know what happens to all of your subscription information, emails, attachments, etc., once you shut down an email account?  What if your information is requested by law enforcement or in anticipation of litigation?   What is the legal process in such a case?

We’ve conducted research into data retention by the two major service providers: Yahoo and Google:

YAHOO

yahoo data save

Compliance With Law Enforcement:    PRESERVATION

Will Yahoo! preserve information?

Yahoo! will preserve subscriber/customer information for 90 days. Yahoo! will preserve information  for an additional 90-day period upon receipt of a request to extend the preservation.   If Yahoo! does not receive formal legal process for the preserved information before the end of the  preservation period, the preserved information may be deleted when the preservation period expires.

 

GOOGLE

What kinds of data do you disclose for different products?

To answer that, let’s look at four services from which government agencies in the U.S. commonly request information: Gmail, YouTube, Google Voice and Blogger. Here are examples of the types of data we may be compelled to disclose, depending on the ECPA legal process, the scope of the request, and what is requested and available. If we believe a request is overly broad, we will seek to narrow it.

Gmail
Subpoena:

  • Subscriber registration information (e.g., name, account creation information, associated email addresses, phone number)
  • Sign-in IP addresses and associated time stamps

Court Order:

  • Non-content information (such as non-content email header information)
  • Information obtainable with a subpoena

Search Warrant:

  • Email content
  • Information obtainable with a subpoena or court order
YouTube
Subpoena:

  • Subscriber registration information
  • Sign-in IP addresses and associated time stamps

Court Order:

  • Video upload IP address and associated time stamp
  • Information obtainable with a subpoena

Search Warrant:

  • Copy of a private video and associated video information
  • Private message content
  • Information obtainable with a subpoena or court order
Google Voice
Subpoena:

  • Subscriber registration information
  • Sign-up IP address and associated time stamp
  • Telephone connection records
  • Billing information

Court Order:

  • Forwarding number
  • Information obtainable with a subpoena

Search Warrant:

  • Stored text message content
  • Stored voicemail content
  • Information obtainable with a subpoena or court order
Blogger
Subpoena:

  • Blog registration page
  • Blog owner subscriber information

Court Order:

  • IP address and associated time stamp related to a specified blog post
  • IP address and associated time stamp related to a specified post comment
  • Information obtainable with a subpoena

Search Warrant:

  • Private blog post and comment content
  • Information obtainable with a subpoena or court order

Note about general Gmail retention:  Even if you Purge your Trash email or shut down your gmail account, your email remains available for recovery for 20 days beyond when the mail is deleted or the account closed.

Please feel welcome to contact us with more specific questions regarding data retrieval from these two major service providers (and lesser used ISPs w/unique data product.)

BNI Operatives: Street smart; info savvy.

As always, stay safe.

 

 

Tactical Trainer, Christian Swann, on NSA-resistant Communication Encryption.

(This week, we bring you an informative article on protecting sensitive client data from our friend and one-woman whirlwind of accomplishments, Christian Swann (featured below): Christian is a writer, mom, edged and blunt tool instructor for law enforcement and the military, and a risk mitigation security and vulnerability assessment specialist.

christianswann

Be vigilant about protecting sensitive  client data with these tools.

 I wrote an article not long ago about protecting our personal and sensitive important information. As some of you are well aware, once your data is out there, it’s out there. From the first click of the “check out now” button, you are being traced, watched and analyzed. From how much you spend, where you shop, to your favorite products to your prime shopping time – you’re being tracked. But that’s just one aspect of this passive monitoring.   Big Brother (e.g. and fact, as we now all know,  the NSA) has the capability and may not only watching but also listening, recording and even transcribing your confidential client conversations.

What about when it’s not only your information that is being tracked, but your clients’ confidential information is at risk of also being recorded? As a risk and security director of a multi-million dollar company, it is one of the toughest questions and concerns I have. I’m in constant contact with high-profile clients and sensitive data.

The good news for lawyers, corporations and medical professionals, concerned about maintaining their duty of confidentiality is that there are tools and safeguards now to help them.

Legal and risk management specialists, such as myself, need to be very aware of the possibility (or now, probability) of  their communications being intercepted by empowered governmental agencies.  Given the ever-changing, nebulous status of agency data collection laws, legal professionals have to deal with the ambiguity of this usage of collected data –  while contending with the secretive nature of intelligence agency operations, as well as the U.S. Foreign Intelligence Surveillance Court that oversees surveillance warrants.

Lawyers –  and anyone for that matter – should assume all of their conversations are subject to covert surveillance an should  take steps to protect confidential information.

I can’t stress enough that all pertinent emails, electronic messages and communications should be encrypted. There is no shortage of available encryption hardware and software, and I highly recommend using an encryption service such as ZixCorp or the open-sourced TrueCrypt: (Warning: this is an open source method and may not be as stable as desired.) Platform-specific devices are also available, such as, Apple’s FileVault.

“One can also purchase self-encrypting hard drives such as the Seagate Secure and already-encrypted flash drives – e.g.,  IronKey from Imation Corp.  and encryption software such as Symantec Whole Disk Encryption and Sophos Ltd.’s Safeguard“, says Lina Maini of Beacon Network Investigations, LLC.

As for passwords, I recommend a more secure method of authentication, such as security tokens or USB tokens.

Perhaps apparently, I’m a big fan of firewalls, and encrypting everything networked – from email to any and all telecomm technology apps.   I’ve also become a huge fan of the company Silent Circle. One of my favorite features of Silent Circle’s service is the ability to program burn settings.  I.e., one I’ve  sent any type of message: email, text, audio, it is then encrypted and will burn itself at the pre-set time. I’ve chosen.

Many people forget that one a voice message, text or email  has bent sent, that data  has to go through a provider, e.g.,  Apple, and is then is transferred back to the end-user, therefore leaving data footprints that can be copied.

For professionals that mainly communicate via phone, relief from eavesdropping is on its way. This month: Spanish smartphone company GeeksPhone and software company Silent Circle launch Blackphone, an encrypted smartphone that protects phone calls, text messages, emails and Internet browsing. Using VPN technology, Blackphone promises to be an NSA-resistant phone.I’m looking forward to ours arriving soon.

You’re On Vacation: The Burglars Aren’t. Security Tips

how they break in

Latest stats released on home burglaries from the FBI: (Mid-Year 2013 report, last year available.)

– A burglary occurs every 8 seconds.

– Burglars spend an average of 8 to 12 minutes in the targeted homes.

– There are over 5,400 burglaries, per day. 

– 73.9% of all burglaries were on residential property.

– Of residential burglaries where a time was known, 65% were during the day.  (Data analysis yields a pattern by  burglars to target homes during the day and offices and commercial buildings at night.)

– 60.5% of burglaries are forcible entry.   (Burglaries are more often than not by forcible entries  – breaking windows, picking locks, kicking in doors, etc. – and are not crimes of opportunity.)

=========================

The school year is coming to a close (or may already have ended) and the hostage situation at the gas pumps aside, most families have planned vacations  this summer.   (The etymology of the word vacation itself : from the Latin root vac, is to render something/someone “empty” (vacuum, vacate, vacuous, etc. Somewhat ironic in the case of a home burglary during a family’s away time.)

In today’s Bulletin we are going to give you the standard “what to do to make your home look occupied while you are away” tips and a few more up-to-date security pointers.  (We suggest you copy, paste and print this list as you effect the helpful suggestions.)

Traditional Tips:

• Stop mail and newspapers, and ask a trusted neighbor to pick up any deliveries that might be made while you are gone.

• Place several lamps and radio/TV in various parts of your home to automatic timers, so they turn on and off at appropriate times. (Also vary the timers by the unit so that the living room light does not come on at exactly 7 p.m. every night…).

• Arrange to have the lawn maintenance performed while you are away.

• Don’t leave keys in obvious exterior places like in the mail box or under a flower pot or door mat. Leave your house key with a trusted neighbor/relative.

• Instruct your neighbors to report unusual activity to the police – and not to wait until they can contact you first. You may be holed up in a Carlsbad cavern for several nights or in a clinic following a run-in with the bulls in Pamplona.

• Have a neighbor park their car in your driveway overnight (and move it around from day-to-day).

• Don’t leave notes indicating your absence.

• Many security experts advise unplugging the electric garage door opener while you are away. We don’t. A burglar’s scanner can easily detect whether the device is activated. Simply place it too on a variable timer.

• Make sure all your door and window locks are working and in use.

• Turn off or turn down your telephone ringer. A phone ringing endlessly is a clue to a would-be burglar that no one is home. This is especially important if you are living in an apartment building where burglars may be more likely to hear your phone ringing. Call forward your incoming calls in your absence.

• Unless you have reason to believe your piping system is in bad shape and may burst in inclement weather, do not turn off your main water valve before you leave. Fortunately, technological advances in utility services now offer scanning options that don’t require exterior meters on houses – an inactive one a sure clue to a burglar that the home residents may be away.

Contemporary Tips:
• Be careful as to how specific your automatic email “away” responses from your email – business and personal – are set up. You might as well pay the ad rates in the NYT.   Forward your email to an assistant or whomever is covering while you are away or simply to yourself. (Yes, it’s annoying while on vacation.  No one said you had to read/respond to them.) – or –

• Have your email/snail mail forwarded to a virtual post office. They can hold, forward, scan or even read your email/mail to you. Big advantage: the forwarding is discreet and undetectable.

Generally, we tend to believe and trust in the good of the vast majority of people; being smart and proactive with your home and valuables while you are away helps many to  maintain to that standard.

BNI Operatives: Street Smart, info savvy.

As always, be safe.

%d bloggers like this: