This is not a new thing. It was me who just realised it a couple of days ago. If you are using an email client software like Thunderbird or Outlook then you might have revealed your location, or at least your IP address, unintentionally. Here's how.
For those who might not be familiar with technical jargons, these might help:
- IP address - A set of digits assigned to your computer when you connect to a network to distinguish you from other people. Just like usual addresses, normally we are assigned "local" IP addresses in schools or workplaces. This means you and your friends might be behind one IP address of your organisation's internet connection.
- Internet Service Provider (ISP) - Those companies you pay for you internet connection. Leading ones here in Thailand are TOT, True, and 3BB.
Just like normal postal service, email was designed to have a level of traceability. Every email contains some "routing information" in its header. Here's how it looks:
And this is no secret. If you use Gmail you can view the header by selecting "Show original" menu.
There should be a similar option (might sound like "view source) in other email services as well. I'm too lazy to capture screenshots from all.
So, let's look at what happens when you use an email software:
- You open the software and type in the receipients and some text.
- You press "Send".
- The software connects to a mail server of whatever service you use.
- The software logs in with your username and password, encrypted or not depending on your configuration.
- The software sends out your email.
At the point that the software connects to the server, your IP address is sent along. It can be found in the email's header like this one.
From above, I sent an email from Thunderbird and my IP address was included. You can see both my local IP address (192.168.1.40) and my house's IP address (58.9.xxx.xxx). I can even tell which ISP I use. You might try looking for the word "Received" in your or your friend's email header.
The IP address together with the time can be used to determine my account information of the internet connection I use, and that can be uncomfortable. So let's see what we can do about that.
- Use a web-based interface: When we use Gmail or Hotmail from the website, we are working on their servers. Our IP addresses in the header would be those of the servers instead.
- Use a proxy server, or a VPN: This is a bit more advanced and can be a whole new entry. For now I recommend you to consult Google.
There might be some more ways to protect your privacy. If anyone has anything to share you are more than welcome.