[liberationtech] mail2tor.com hidden service
ITechGeek
itg at itechgeek.com
Sat Jan 3 03:32:41 PST 2015
As Zaki points out, never trust plain text identifying information over tor
(well the transport is good and secure, you never know what the exit nodes
or in this case hidden service are doing w/ the information transgressing
their systems).
I only use any tor email service for website accounts where I have no plans
to connect to the website over anything other than tor and once in a while
I use them for email exchanges w/ individuals, but I generate a GPG key
specific to that account.
What I consider a workaround for people who can't set-up a good install of
GPG is https://www.mailvelope.com/
I would consider that at least semi secure (or at least as secure as your
browser). I haven't used it in a while, but when I did it was Chrome only
and seemed easy enough (and haven't had too many questions in the past).
If you need one way secure, you can try out
http://s.hanewin.net/contact/en.htm / http://www.hanewin.net/encrypt/ (I've
been meaning to try setting up one of those myself). Uses the same core as
mailvelope and likewise I wouldn't consider it fully secure.
-----------------------------------------------------------------------------------------------
-ITG (ITechGeek)
ITG at ITechGeek.Com
https://itg.nu/
GPG Keys: https://itg.nu/contact/gpg-key
Preferred GPG Key: Fingerprint: AB46B7E363DA7E04ABFA57852AA9910A DCB1191A
Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook:
http://fb.me/Jbwa.Net
On Thu, Jan 1, 2015 at 7:06 PM, zaki at manian.org <zaki at manian.org> wrote:
> Plaintext over Tor to email accounts are probably not safe.
>
> We've seen a major round of this where the Feds seize a hosted anonymous
> email account and then email plain texts appear in indictments. Perhaps the
> most famous is the TorMail & Charlie Shrem case.
>
>
> http://www.forbes.com/sites/runasandvik/2014/01/31/the-email-service-the-dark-web-is-actually-using/
>
>
>
> On Thu, Jan 1, 2015 at 12:01 AM, Richard Brooks <rrb at g.clemson.edu> wrote:
>
>> Does anyone have any info about this hidden service?
>>
>> I've been using it to set up temporary accounts to
>> exchange info as a pgp work-around for people having
>> trouble working with pgp keys. I assume the content
>> can be read by whoever runs the site, but they won't
>> know who I am.
>>
>> If the other side uses the hidden service, too. The mails
>> can be read but the service won't know who either side is.
>>
>> Any faults in this logic?
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20150103/26fab8cb/attachment.html>
More information about the liberationtech
mailing list