On 9/19/2015 11:45 AM, Roger Blake wrote:
On 2015-09-19, Don Y wrote:
Do you avoid contact with EVERYONE who has a gmail account? Are you
sure someone hasn't forwarded one of your messages to someone else
who does?? Are you sure MyISP.com isn't subcontracting their mail
services to Google??

My ISP for email is myself. :-)

Then your MAC address is exposed -- uniquely identifying your machine
(at least to your upsteam connections).

I use a variety of different email
addresses for different people and different purposes. (I'll use
one-time throwaways on free services sometimes just to sign up
for something and then don't use that account ever again.

I use a variety of "disposable" email addresses simply because I
don't want to keep a server on-line *and* want to be able to
shed an address if someone that I've entrusted it with "slips up"
and shares it (or has their account hacked). Knowing who I've
given each address to allows me to know how it may have "leaked"
and who I should hold accountable.

I use guerilla mail for onetime contact (e.g., craigslist is
notorious for email harvesting; let them harvest an email
address that no longer works! : )

I spent a fair bit of time, deacades ago, trying to get my name
removed from "reputable" mailing lists. Ever since, I've opted
to just use a specific address for each such list and just
terminate the account when I no longer want to receive mail
from them.

It's not perfect, but I don't just hand information over willingly.
Someone is going to have to do some digging and analysis.

Have you avoided every web site that uses scripts supplied from
other domains (googleadservices, ackamai, etc.)? Does your IP
address change frequently? MAC address? Do you alter the fingerprint
of your web browser with each HTTP request? Do you ever click
on links (which provide referrer tracebacks)? Does your ISP share
information with others (warrants, voluntarily, etc.) without
your consent?

I use a browser armored to the hilt where I control who can run scripts
and what other domains can be contacted.

This makes your browser appear more unique! Given your range of IP
addresses and browser "uniqueness", you can probably be easily
identified (though not "named"). When I surf the web, my browser
is locked down hard -- no script, no flash, etc. When SWMBO uses
the same machine/IP to browse the web, her browser is more
"typically" configured. I.e., anyone watching (e.g., google searches)
knows that there are (at least) two different users, here.

I use a foreign-based VPN service
that offers quite a few exit points and keeps no logs. Yes, I have an
addon that randomly changes the browser fingerprint.

Again, that makes you stand out. You want to resemble Average Joes
if you want to be harder to "identify".

My ISP has no idea
what goes through my home connection beyond initiation of the VPN tunnel.
They have no information to share.

Likewise, look at the credit card transactions on those days and times
and you can further confirm the "evidence" from the phone record.

Another good reason to pay in cash.

Preaching to the choir, here! I paid my *tuition* in cash (though
decades ago, it was only a few $K / semester; OTOH, a few $K might
well be equivalent to today's rates!).

But, this sort of "profiling" also has worked in my favor. I
purchased my first two computers for ~$8,000/ea and charged
them. The guy at the store was flabbergasted when he phoned
in the credit charge: "They didn't even want to *talk* to you (to
verify your identity)!" Someone else making such a big purchase
might have stood out as "unusual"...