Privacy in Web-Based E-mail
Given the way that the gov’t can discover your personal information–name and address–from your IP, if you care about privacy, then you should care about how your IP is revealed. Now this can be done in many ways regarding web browsing, but how about web-based e-mail? I’ve looked at Gmail and Yahoo!, and Yahoo! puts your client PC’s IP address in the e-mail headers; Gmail does not. Yahoo! makes this clear in their “privacy” policy:
Yahoo! Mail includes IP addresses in outgoing mail message headers, as specified by standard Internet protocol.
And I’ve verified this through some e-mail tests. So if you send e-mail to a government address–whether it’s fake, spoofed, a honeypot, what-not–through Yahoo! Mail, then you’re basically telling the recipient who you are in real life. Even anyone with easily Google-able tools on the Internet, can find out your general location and information on your ISP.
Update: Hotmail also passes your IP address in the headers, too. (It’s passed as “X-Originating-Ip.”) So watch out for Yahoo! and Hotmail.