What sort of information can an email and digital certificates reveal?

[superbuu]

When you send an email to someone, can they gather information about what computer were you using at the time? I mean I know they can know what browser, your ip address and whatnot, but could they be able to know if I sent it from my desktop or from my laptop for instance?

 

Also can digital certificates reveal any information? for instance a government certificate that they give you to access your social security number, taxes and stuff like that. Can they know from which computer im logged to the site that's using said certificate? Again, IP and browser is a given, I just want to know if they can know I used computer A or computer B, both using the same router (computer A a desktop, computer B a laptop via Wifi).

[aezakmi]

Quote

When you send an email to someone, can they gather information about what computer were you using at the time? I mean I know they can know what browser, your ip address and whatnot, but could they be able to know if I sent it from my desktop or from my laptop for instance?

Absolutely. mail providers and ISPs log and track every single computer that connects to their servers and store information like: IP and MAC (not apple mac but a different mac) Address, full hardware specs like motherboard and processor model and amount of memory installed, operating system, screen type and resolution, storage details including number and size of hard drives, location, 'basic' camera and microphone telemetry if you have those peripherals installed, network type and speed, router model and installed firmware version, type of wireless security if the router has wireless enabled, ports open and number of devices connected to the router

you shouldn't worry about certificates imo

[Crunchy Dragon]

The IPs of either computer will be different, which will show that you used a different computer.

[Tristerin]

17 minutes ago, superbuu said:

When you send an email to someone, can they gather information about what computer were you using at the time? I mean I know they can know what browser, your ip address and whatnot, but could they be able to know if I sent it from my desktop or from my laptop for instance?

 

Also can digital certificates reveal any information? for instance a government certificate that they give you to access your social security number, taxes and stuff like that. Can they know from which computer im logged to the site that's using said certificate? Again, IP and browser is a given, I just want to know if they can know I used computer A or computer B, both using the same router (computer A a desktop, computer B a laptop via Wifi).

Sounds like you need a VPN, to get away with...minor things.

 

If its major then you need to use other operating systems and talk to people smarter than I.

[LAwLz]

This is a pretty complicated question which requires more info than what you have provided.

 

 

11 hours ago, aezakmi said:

Absolutely. mail providers and ISPs log and track every single computer that connects to their servers and store information like: IP and MAC (not apple mac but a different mac) Address, full hardware specs like motherboard and processor model and amount of memory installed, operating system, screen type and resolution, storage details including number and size of hard drives, location, 'basic' camera and microphone telemetry if you have those peripherals installed, network type and speed, router model and installed firmware version, type of wireless security if the router has wireless enabled, ports open and number of devices connected to the router

you shouldn't worry about certificates imo 

Not necessarily. In most cases they don't have access to even half of the things you listed.

 

 

11 hours ago, Crunchy Dragon said:

The IPs of either computer will be different, which will show that you used a different computer. 

The IP will most likely appear the same to the mail provider and ISP.

Most people run NAT-overload so their external IP is the same for every computer on the inside network.

 

 

11 hours ago, Tristerin said:

Sounds like you need a VPN, to get away with...minor things.

A VPN would not protect him from this type of information leakage.

[mr moose]

12 hours ago, aezakmi said:

Absolutely. mail providers and ISPs log and track every single computer that connects to their servers and store information like: IP and MAC (not apple mac but a different mac) Address, full hardware specs like motherboard and processor model and amount of memory installed, operating system, screen type and resolution, storage details including number and size of hard drives, location, 'basic' camera and microphone telemetry if you have those peripherals installed, network type and speed, router model and installed firmware version, type of wireless security if the router has wireless enabled, ports open and number of devices connected to the router

you shouldn't worry about certificates imo

They can really only track the IP and client the email came from and who it's going to.   As for all the other things like your mac address, processor, motherboard etc. the email client would have to be scraping that data and seeding it in an email for them to get it.   To date I don't think any of the thousands of security analysts out there have discovered an email client that does this.  Happy to be proven wrong if one does exist though.

[LAwLz]

In most cases, for example when someone just sends an email through gmail or outlook in the online interface, this is what the recipient can collect:

 

• Your email address (although this field can be modified by the sender and is therefore not trustworthy).
• The recipients email address (as in, their own email address)
• The content of the mail.
• Which mail server delivered the mail (that is to say, if you sent it from gmail then they can see that the gmail server delivered it).
• When the mail was sent (although this field can be modified by the sender and is therefore not trustworthy).
• When the mail was received.

 

Your ISP can see:

• That you connected to a gmail server.
• When you connected to it.
• Your public IP address. (Note, not your local IP, not your MAC, or any other type of address. Just the public IP which is most likely the same for all computers on your network).
• How much data was transferred, but not what data.
• Roughly when you stopped browsing gmail.

 

Your email provider can potentially see:

• Your email address (to the email provider, this field is verified and trusted).
• The recipients email address.
• The content of the mail.
• When the mail was sent (to the email provider, this field is somewhat trusted since they can see when the email was sent to them).
• Your IP address
• Anything which can be collected through your browser. This includes things like browser version, OS version, language settings, and a few other things (although these are not trusted since they can be modified by the user)

 

 

12 hours ago, superbuu said:

Also can digital certificates reveal any information? for instance a government certificate that they give you to access your social security number, taxes and stuff like that. Can they know from which computer im logged to the site that's using said certificate? Again, IP and browser is a given, I just want to know if they can know I used computer A or computer B, both using the same router (computer A a desktop, computer B a laptop via Wifi). 

It depends on how you use the certificate.

If it's from some specific program then they might have a way of tracking various installs. But if it's just a webpage where you input it then no, in most cases they will not be able to tell if you used your laptop or desktop.

It's not impossible, but it requires some additional info which they most likely don't have access to. For example if you use Chrome on your laptop and Firefox on your desktop and they know that, they can make an educated guess that you're on your laptop if they see that you're connecting with Chrome.

[DeLorian]

Lawlz said pretty much everything you need to know. There are some steps you can take to strengthen your privacy online:

 

1. Open up a secure e-mail account like ProtonMail or Tutanota. They are encrypted and safe.

2. Use a premium no-log VPN like NordVPN or PIA. Your ISP will only see VPN traffic, but your whole connection will be encrypted.

3. Use custom user agents, there are extensions like Chrome UA Spoofer and such.

4. Use extensions like Privacy Badger, uBlock Origins and HTTPS everywhere.

5. Last but not least. Use Tails OS if you are really paranoid.

[mr moose]

Or you could just send the letter the old fashioned way:

 

 

no one will see which computer you used then.

Image result for newspaper letter of ransom 400 × 192.URL

[Sauron]

14 hours ago, superbuu said:

When you send an email to someone, can they gather information about what computer were you using at the time? I mean I know they can know what browser, your ip address and whatnot, but could they be able to know if I sent it from my desktop or from my laptop for instance?

No, they can't, and they can't know your IP either unless you both use self hosted e-mail... of course, your e-mail provider can know your IP address. @LAwLz pretty much covered it.

[Roamable]

Not sure I can add much to this topic, but I'm pretty sure PeerBlock is a nice bit of software along with a VPN as some others have suggested.

 

But yeah if you want secure, Windows isn't the way to go in 2018. 

[superbuu]

On 10/10/2018 at 8:00 PM, aezakmi said:

Absolutely. mail providers and ISPs log and track every single computer that connects to their servers and store information like: IP and MAC (not apple mac but a different mac) Address, full hardware specs like motherboard and processor model and amount of memory installed, operating system, screen type and resolution, storage details including number and size of hard drives, location, 'basic' camera and microphone telemetry if you have those peripherals installed, network type and speed, router model and installed firmware version, type of wireless security if the router has wireless enabled, ports open and number of devices connected to the router

you shouldn't worry about certificates imo

You are trolling right?

[superbuu]

On 10/10/2018 at 7:52 PM, James Evens said:

short question: why do you need to worry about law enforcement tracking you?

If you use windows one of your largest problem are srum dumps.

Im not doing anything illegal, I just own a couple hundred worth of bitcoin and I want to be sure it stays safe so im considering all scenarios.