Send a message without revealing yourself.
This is a surprisingly common situation.
It’s also easy to get caught even if you take steps to stay hidden.
I’ll review some approaches and some risks.
Become a Patron of Ask Leo! and go ad-free!
Sending anonymous email
From a location other than your work or home, use a completely fake email account created for this purpose. While this doesn’t absolutely guarantee that you won’t be found out, it significantly increases the odds in your favor. Consider, though, whether your anonymous email will even be seen or read, and perhaps consider alternatives.
Sending an anonymous email
You’ve got a classic whistleblower problem. You’re someone working in an organization who needs to safely, securely — and most important of all, anonymously — inform someone about a problem at that organization. If you’re found out as the source, you risk retribution, termination, or worse.
Clearly, you should not do this from a computer at work.
Regardless of what “anonymizing” technologies you use, it’s likely your activity can still be traced if you’re at work. The organization could have many technologies in place, including but not limited to spyware, that allows them to identify which computer was used to send an email and potentially even who was at the computer at the time.
Your home is not anonymous
It is also clear that you should not use your personal email.
In fact, you shouldn’t do this on your home computer at all.
While email messages rarely include the IP address of their origination, there’s enough information in email headers you don’t normally see to allow email to be traced to the location it came from.
It’s not always easy, might require your ISP, and often requires law enforcement, but it’s possible that any email sent from your home could be traced. So what to do?
Hiding your email address
Probably the easiest thing to do is to hide your email address.
The right way to solve the problem is to set up a brand-new free email account, using Gmail, Outlook.com, or other popular free services. An interesting option is ProtonMail, which is billed as “secure email based in Switzerland”. Encryption is baked into ProtonMail, and that it originates in Switzerland may make some of the legal approaches to discovering who you are more difficult.
When you set up the account, use completely bogus information. Use none of your personal information; make sure the name is fake, the recovery information is fake, and everything else associated with that account is fake.
Home is where the danger lives
Once again, don’t set it up from home, because your home IP address could be associated with the account. That could allow you to be discovered, particularly if law enforcement gets involved.
Go to a library — or any place not your home or company — that has a public computer you can use without identifying yourself. Set up the account and send your email from there.
There’s still no guarantee
There’s still risk. All we’ve really done is stack the deck in favor of not being discovered.
For example, if you use a public computer at a library, it’s conceivable there are security cameras recording your presence. If they can tell your message was sent at 10:30 a.m. on Tuesday, they could go back and look at security cameras to see you sitting at the computer.
But the bottom line remains:
- Use a different computer.
- Use a different account.
- Make sure all the account information is fake.
That’s the best you can do. What happens next depends on the specifics of the situation and how important those you’re trying to contact feel your information is.
Will they see the email?
I assume that the content of your message makes it clear you have something legitimate to say.
However, it’s important to understand they may not pay attention. They may get these all the time and ignore them out of hand, or they may assume that if you’re not willing to be identified, you lack legitimacy. They may even think it’s just another spam message.
There are many, many reasons your anonymous note may not have its intended effect.
Do this
My honest recommendation? Send a letter. A physical, put-it-in-the-mail, anonymous letter.1
This bypasses all the technology that could thwart your attempts to communicate or be used to trace back to you.
It’s also possible a physical letter might get more attention and stand a better chance of achieving the desired results.
Podcast audio
Related Video
Footnotes & References
1: Use a printer other than your own — again, perhaps one at the library — as there are rumors of printed pages being tagged with the ID of the printer that was used. And maybe take the letter to an out-of-town post office to mail it.
Leo, you wrote (in relevant part):
“…They may even think it’s just another spam message..”
It’s actually rather worse than that: their E-Mail program may think it’s just another spam message, and chuck it into the spam folder — or even just delete it altogether!
It’s well worth remembering that although most E-Mail headers are normally hidden from the users, all E-Mail headers exist, exactly and precisely, for the purpise of governing E-Mail servers and programs in their dispisition of E-Mail messages. In short, the E-Mail program can (and does) see every single header, “hidden” or not! If it looks like your message cannot be tied to any legitimate source, the company’s E-Mail program may very well be configured to consider it as spam — and treat it accordingly.
Leo, you wrote:
“My honest recommendation? Send a letter. A physical, put-it-in-the-mail, anonymous letter.”
The term you want, Leo, is “Snail Mail.” 🙂
And — let’s just be properly extreme — allow me to expand upon that recommendation.
When you write that letter:
1.a.Wear gloves whenever you handle the paper or envelope.
b. Discard the remaining paper and envelopes, and use gloves when doing so.
2. DON’T lick the stamp! (Ever hear of DNA?) Use a moistened sponge, or a stamp with “peel-&-stick” adhesive… but, again, wear gloves.
3. And don’t lick the ENVELOPE, either, dimwit! The same options are available for envelope flaps as for stamps — moist sponge or peel-&-stick.
4.a. If you write anything by hand, only use block letters. Never user your own handwriting, be it print or cursive.
b. Throw away the pen… with gloves.
5. This is obvious, and I include it merely for completeness: Don’t sign your name, and most ESPECIALLY, don’t sign your name! (Like, duh?)
And, oh yes —
6. Dispose of the gloves, preferably by burning them and stirring the ashes.
There! I daresay even James Bond couldn’t do much better than that!
Hope all this helps. 🙂
I imagine one could be rather devious in choosing the fake name!?
Mr Rascal: Look up “printer steganography”, “machine identification code”, printer secret or yellow dots, or other similar terms. Since the 1980s printers encode identification information (serial number) on every printed page hidden within the pixels. And when they track down your printer, they can confirm your printer printed the page by the unique depressions that printer rollers leave on a page. Just because you can’t see it it doesn’t mean it’s not there.
As for hand written pages, don’t use any type of ink pen. They can be traced.
Anytime you want to do something clandestinely you need to ask this question: Am I willing to spend more time and money doing this than then other guy trying to identify me.
How about using a VPN on home computer when creating the new email account with fake info and sending the email? The IP address and any traffic between mail server and home computer should be totally hidden unless I am missing something about how VPNs work?
The email may still have traces of information that could be linked to your home computer. You’re also trusting that the VPN service doesn’t keep logs, or won’t expose those logs to law enforcement.
Proton Mail is a good service for sending anonymous, encrypted emails. However Proton does not encrypt the message header. I use Tutanota.com. They encrypt the header and of course the body of the message, plus their service includes an encrypted address book and encrypted calendar, all either free with a restricted tool set or 1 Euro per month for full service. Any message sent to another Tutanota user is end-to-end encrypted automatically and they provide a method of sending an end-to-end encrypted message to anyone. They’re based in Germany.