Yes, but this almost misses the point. Is it possible to detect ('for certain', within previously mentioned boundary conditions) that some has read it? This is a different problem from merely trying to retain secrecy. Remember, my brain is a little punch-drunk from all the Fight Club fighting. BUT, I believe that the fact that deeper TLAs desire to hide themselves from more run-of-the-mill operations might be exploited in an interesting way. Or at least force them to "commit" to officially surveiling you, thereby (one hopes) subjecting them to whatever frail tatters of the law still exist. A better example may be home security systems. If they're going to tempest you, I'd bet they'd prefer not to inform your local security company. They'd rather just shut down your alarm system and I bet this is easy for them. BUT, this fact may enable one to detect (with little doubt) such an intrusion, and about this I shall say no more... -TD
From: Ola Bini
To: Tyler Durden Subject: Re: Email Certification? Date: Thu, 28 Apr 2005 10:00:49 +0200 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
A
Can anyone figure out a way to determine if one's hotmail, etc...has been looked at or not?
Hi.
Email is more or less like sending a post card. Anyone inbetween can take a peek if they have the knowledge. (And not much knowledge is required). This is why cryptgraphic signing and encryption is preferable to communicate through EMail. So the answer to your question is: Always assume someone has looked at it.
Regards Ola
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32)
iD8DBQFCcJgxGTAxXnkBC3IRAs6NAJ9EJi8RwMWHF//Z3lgQz/FZ+UkdbwCbBZT5 L0mjFCQ3x+SYRjD6uatzCvY= =ef/B -----END PGP SIGNATURE-----
Yes, but this almost misses the point.
Is it possible to detect ('for certain', within previously mentioned boundary conditions) that some has read it? This is a different problem from merely trying to retain secrecy.
Remember, my brain is a little punch-drunk from all the Fight Club fighting. BUT, I believe that the fact that deeper TLAs desire to hide
Suggestion - you can do what advertisers do - encode a web bug image as part of some jucy html emails on a web server that you own and check your logs. (not sure if hotmail or whatever allows this, as I don't use their cruft.) Make sure that unlike a web bug you don't set the name so it looks like a web bug (i.e. don't call it 1x1.gif) and don't set the image size attributes on the IMG SRC tag to say 1x1. Instead make the file name into something that looks like it came from a digital camera and put it in a path that matches that cover story. ie: http://127.53.22.7/phightklub_files/2004-xmas-party-pix/JoeShmoeDrunkAndHigh... No guarantee that someone won't read the email as source and thus not grab the image too, but you can make it look like the content of the image is important to the message's content and jucy enough to make whomever you believe is spying on you want to fetch it. i.e. "Here's a picture of the party, you can clearly see he's got a crack pipe in his hand and his eyes are dialated. I'm thinkin' of reporting him to deh fedz, what do u think?" (I'm assuming that the feds are your threat model here, but you can vary this up with whatever threat model you think is appropriate. i.e. if you think your woman is spying on you, make it a fake email from your supposed mistress, something she'd want to open - i.e. subject "I'm gonna tell ur wife about us if you don't do X".) I'd also make sure that nothing on the webserver itself points to the directory where this lives so it can't be picked up by the search spiders/bots accidentally, and make sure that you don't allow the directory it lives in to have an auto-index. Then, watch the server logs like a paranoid hawk with a caffeine addiction problem and hope they bite, when they do, you know they've read the other emails. You also have to make sure that you don't accidentally open these emails yourself, or leave an open web browser with your account where someone can randomly snoop.) But of course, since you are using hotmail and you're about to receive this email, if your account is watched, guess what, you can no longer use this method. Oh well. Tyler Durden wrote: themselves from more run-of-the-mill operations might be exploited in an interesting way. Or at least force them to "commit" to officially surveiling you, thereby (one hopes) subjecting them to whatever frail tatters of the law still exist.
A better example may be home security systems. If they're going to
tempest you, I'd bet they'd prefer not to inform your local security company. They'd rather just shut down your alarm system and I bet this is easy for them.
BUT, this fact may enable one to detect (with little doubt) such an
intrusion, and about this I shall say no more...
participants (2)
-
sunder
-
Tyler Durden