September 01, 2004

• Did anyone else see the link and think "crabs"?
• Did anybody else see the link and think this question merited a serious response? I'd nuke the account you think's being spied on. Just kill it and no more worries, turning your head inside out, second-guessing, putting together little chronologies, etc.
• Wolof is right. If there is any possibility that someone can access the account, dump it immediately and email your contacts with a new address ASAP.
• I don't think someone reading your e-mail would be considered identity theft. And if you haven't already changed your password, then I highly recommend that you stop using the Internet.
• Agreed with all the stuff above - well, that which was polite, anyway - I say dump it, even if it's your prize "I got my name first" Gmail account. It's just not worth the hassle. Having said that - could we have some more details of why you think this has happened? Without wanting any personal info, what sort of events make you think you've been infiltrated in the private region? What steps have you taken to check this theory/prevent it happening again? What kind of email are we talking here (webmail, POP/SMTP, does it come from a domain you own, what?) But, yeah. Dump it. Run away from it as though the very hounds of hell were snapping at your heels.
• Thanks everyone for the suggestions. The account is dumped. I will get another soon enough. Some personal emails were sent from my account to a girl that I had started dating. I didn't send them as she wouldn't appreciate the correspondence I was having with another girl. Soon after, many emails started disappearing. All very private (including the one where the perpetrator owned up to the spying). I have learned a lot about what people are capable of doing. People I thought had a shred of decency.
• My sympathies. Make sure all accounts you use have different passwords, because if someone learns the password to one account, they may try it on others. And always log out of your web-based mail accounts when you're finished. Those are things we should do, but I for one have many bad internet habits. I don't suppose you know how the person found out your password, but that would help you to prevent it in future.
• Rex, that sucks. You have my sympathies. if I'm reading between the lines correctly, it sounds like you're using web-based mail. You might want to consider switching to POP3, downloading your mail to your computer with a program like Eudora or Outlook Express, and setting your e-mail program to delete messages automatically off the server after download. That way, even if somebody hacks into the server, they'll only have access to the e-mail you got since you last checked it. Webmail might be your only option for practical or economic reasons, but if not, it's worth considering a switch. Also, FYI, I've usually heard the phrase identity theft used to describe something a little different--it involves people opening up credit card accounts and so forth in your name, then plundering them and leaving you with the bad credit rating. I hope you'll forgive me for being so pedantic when you're suffering an incredibly crappy and stressful experience, but if you use the phrase "identity theft" when, say, reporting this to your ISP, it might cause some confusion. Good luck!
• "Some personal emails were sent from my account to a girl that I had started dating. I didn't send them as she wouldn't appreciate the correspondence I was having with another girl." hmmm...so in other words you got caught doing something you probably shouldn't have been doing...not to be mean, but there is such a thing as karma... definitly not identity theft...
• you got caught doing something you probably shouldn't have been doing Yeah, I was fucking six or seven girls and then one of the sluts stole my keycard and bought herself a hijab.
• That blank space up there is an opportunity for karma to enter. A "kar-park", if you will.
• wolof, what's a hijab? rex: similar situation for me just before my husband and i split. he figured out the password to my hotmail account, changed the password and hijacked it. he started sending messages, posing as me, to my various friends, trying to solicit information. talk about havoc! (i know, i know, hotmail is evil, blah blah -- but i've had the account SINCE HOTMAIL BEGAN so i'm kind of fond of it.) finally, FINALLY, i persuaded him to turn it back over to me, and i changed the password to something he couldn't determine. whew. people who care about you do some really shitty things sometimes. my sympathies.
• whatdidido: hmmm...so in other words you got caught doing something you probably shouldn't have been doing... That's not only being reading too much into what rxreed said, but also irrelevant. Even if you are the scum of the earth, you are entitled to your privacy. (Barring certain specific instances where the state's interests trumps your right to privacy.)
• -being
• SideDish: Hijab
• When I discoverd than an ex had a keylogging program, to see if he was reading my email I sent ambiguous mail to myself as an old flame. (yay helo!) When the ex kept hinting around to see what I had been doing on nights I had "dates" with the old flame, I knew what was up. The saddest part of the story is that I didn't confront him about it: I wrote him a long letter and left it in my postponed message box. I suspect it was one of the girls, and I would have had a little fun before closing the account. If a girl is that psycho, she probably isn't much fun in the long term.
• Long ago, my wife's ex configured my wife's email program to send him a draft of every message that she sent. In .mailrc, the command was something like set record="|mail -s wife paranoidmotherfucker". This was back in the day when email meant interacting with a Unix shell prompt. He was a paranoid motherfucker. Eventually her employer's IT organization found this and corrected it.
• frecklefaerie- while it seems like it could be fun, i have chosen to drop the account. identity theft is indeed the wrong phrasing, maybe invasion of privacy or intrusion or harassment. anyway, it doesn't matter, i have no interest in interacting with this person again. i am sad to hear that this has happened to others. so... is the consensus = no webmail, and only use a pop/smtp acct with super-duper-encryption, etc?
• Your best line of defense is a strong password.. at least 8 characters long, not all numbers or letters, good mix of both numbers, letters, and punctuation, something you can remember but would be hard to find out or wouldn't make much sense to others, etc. I never use anything that's even english personally - I tend to just mash the keyboard, and whatever it comes up with sticks after a few dozen uses. You won't ever stop a brute-force attack but you'll make it very hard, and for the most part it's about making your password such a PITA to guess that it's not worth the attacker's time to bother with it. Personally, for important stuff I use a 10-20 digit password whereas everything else gets an 8, and I try not to share them if at all possible. And never put anything in for a security question - there I just mash the keyboard until there's no more room left to type things. No good to have a strong password and then your mother's maiden name for the security question; you can google stuff like that. You might also want to start signing your email with PGP or GPG too.
• If you have trouble keeping track of multiple passwords, consider using a program like Password Safe. It allows you to store username/password combinations and you don't even to have the passwords displayed within it in plain text. You can right click on an entry and copy your password to the clipboard and then paste it into the password field. Of course, this requires you to remember the password that you use to lock the vault and to be able to keep people from getting ahold of that password. As for webmail verses POP mail, while there are plenty of arguments against webmail, I'd say it's still more secure than POP mail. The odds of someone gaining access to the system where your webmail is stored is considerably lower than gaining access to your ISP or POP3 provider. And it's a lot easier to bruteforce a POP3 password since most of them don't have the 3 to 5 strikes and you're temporarily out attribute that pretty much all webmail providers now feature. With a semi-decent password (ie, at least one letter of each case and at least one number or punctuation mark) it would probably take years to bruteforce a webmail account that put your account on hold for 15 minutes after 5 unsuccessful login attempts. Once again, though, if you don't know how to protect yourself from attempts to steal your password, your mail provider could be the Internet equivalent of Fort Knox and you'd still be wide open.