Try to register an email address using a host that won't have you flagged as a malicious user should you use an account with that host to sign up for major company's services like Glassdoor. It's virtually impossible to use Tor to register an email address without activating JavaScript, and the email hosts that allow it are very sketchy, and my personal suspicions are that many of them are blatant honeypots.

Both Whonix and Tails are okay for the javascript attack vector.

Only TorBrowser by itself got escaped via JS.

(even then I only sparingly allow browser javascript on Whonix or Tails)

Sorry what? It's trivial to get an email address from legit email provider, create alias addresses, then sign up to something like Glassdoor using VPN. The only thing Glassdoor will know about you is your email address, which is not easily traced back to your real ID if you don't want it to be. Particularly for low level "crime" like negative reviews.

I said try doing it using Tor with JavaScript disabled, which is the safe way to use the Tor Browser. I said nothing about a VPN. A VPN will not save you from leaking identifying information from your device and browser, while the Tor Browser at least attempts to minimize such identifying information.

> "A VPN will not save you from leaking identifying information"

What identifying information? There is no identifying information other than IP address, email and anything else you volunteered when signing up.

Remember the context here. It's "toy company" grumpy about a negative review, and wanting Glassdoor to hand over what they know.

Have a guess what Glassdoor will hand over? Email address, IP, and whatever else you willingly gave to Glassdoor. They won't have any other information from "javascript" or whatever you are claiming is leaked from normal web browsers.

A company's pettiness can know no bounds, and a toy company is just as capable of hiring firms that specialize in de-anonymization as any other company is. The company itself also has billions of dollars of revenue and can hire experts in the field themselves.

Companies do not just log IP addresses and email addresses, there are billion dollar ad networks that have refined the game of tracking users across browsers and devices, and they certainly do not rely on just IP and email addresses.

Many companies keep extensive logs of analytics data that their customers generate that amount to much more than IP and email addresses. If a company is motivated enough, there really isn't anything stopping them from cross referencing their own logs and employees/users' identifying data with whatever Glassdoor, and any of its partner services they've integrated with, collected from their users.

And it isn't just JavaScript that leaks identifying information, most browsers do it by default. JavaScript just makes it stupidly convenient, more accurate and opens the door for novel methods for collecting identifying information.

How certain are you that in all jurisdictions where an (ex-)employer can get an injunction to force glassdoor to reveal the email address they wouldn't be able to get the legit email provider to reveal your true identity?

Create a gmail address from your local McDonald's wifi?

IP addresses aren't the only way to identify a user.

I also assume large free hotspot providers collect enough identifying information from their users for the purpose of aiding investigators and courts in identifying abuse of their networks. A subpoena could provide that info, and hotspot providers can choose to just hand over that info when requested.

Do you extend that to the VPN provider used to sign up to the email provider?

How far should companies battle to reveal the sources of mean reviews? Why not simply reply to those reviews with a counterbalancing response? It's not a big deal. I don't condone making fake reviews out of spite, or whatever is claimed in this case, but chasing reviewers through court action is petty.

One of the values on Zuru website is something about "think different" but what is thinking different about suing a negative reviewer?

So much bragging over there on the zurutoys.co/about-us pages, they talk themselves up big time. No environmental statement that I can see btw, just how amazing they are. Should environmental policies start imposing limits on how many plastic fish fidget spinners the world needs? If less quantities are made, their rarity provides value on the used/recycled market. May mean less rooms in mansion for company heads. Better for planet though.

Glassdoor provides the email `ilikebigbutts@gmail.com`, Google only have VPN/Public WiFi IPs for that account because I'm not an idiot who put my real details into the Google Account.

Not sure I see the problem. They gonna subpoena Starbucks to get the (now probably long deleted) security footage for the time the negative review was posted?

Google, Microsoft, etc make you provide a phone number to create an account, at least when you do it through Tor.

It's annoyingly hard to create a truly anonymous email account these days. Even more privacy-respecting providers like ProtonMail make you verify your account using a phone number or email address when signing up through Tor (though at least with ProtonMail they claim to not associate that information with your account, and you can bypass verification by upgrading to a paid account via a Bitcoin payment).