[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Email provider for privacy-minded folk

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Email provider for privacy-minded folk
From: scarp <scarp@xxxxxxxxxxx>
Date: Tue, 19 Feb 2013 07:38:06 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 19 Feb 2013 02:41:27 -0500
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tormail.org; s=tm; h=Message-Id:X-TorMail-User:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date; bh=i3j8kaNpKo+mOmoVviI6bIQ7R7u2gLQQXfwjHvOa2II=; b=iQsY7VGUolouaaPCwWAJpyKFFeCV5QKlrHEm42vzpd9ro42NJOMhxaF9XxtuudXptvOE1cIQBYsae4RT57azzUzdPPFj8T5mZCUFUOkm3F1A5mVPwPh9ytyJ3tF3ci9taH322V+VMAs+R3tZGuBA4W3LieqRUeIDs9eb7RgEE5s=;
In-reply-to: <51230A21.2060209@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <51199139.4040400@xxxxxxxxxxx> <20130212031005.4362d118@xxxxxxxxx> <CAGKHomdw3Jx+SYN0A8_2aXp7oyCh+dEvE6KOc1304dFuR_NhSA@xxxxxxxxxxxxxx> <5119D746.6020804@xxxxxxx> <1361242860.94731.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <51230A21.2060209@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Joe Btfsplk:
> On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
>> Ummmmm.  I am the REAL mysteriousflyer@xxxxxxxxxx  I guess it's 
>> super-duper easy for a person's user names and passwords to get
>> hacked when accessing e-mail over Tor.  I also noticed that
>> someone has been reading my gmails (since they were marked as
>> read), so I changed my password over there and will never access
>> gmail through Tor again. Someone ALSO made a copy of my debit
>> card and tried to use it in another state, but that may be
>> coincidence.  Does anyone have any knowledge as to HOW a hacker
>> may get this information?  Is it through an exit server?  I
>> certainly never made any online purchases through Tor.
>> 
>> 
>> 
>> On 2/11/2013 9:51 PM, Griffin Boyce wrote:
>>> There are some good ones out there, but if you're using Tor to
>>> create the account and login, you should know that many have
>>> started blocking Tor users (or deactivating their accounts in
>>> the case of Yahoo). Size could also be an issue, but if you're
>>> deleting them off the server on download, then that problem
>>> goes away.
>>> 
>>> ~Griffin
>>> 
>>> On Mon, Feb 11, 2013 at 10:10 PM, Mysterious Flyer < 
>>> mysteriousflyer@xxxxxxxxx> wrote:
>>> 
>>> 
> Will the real Mysteriousflyer please stand up?  Maybe the list
> admins can trace the 1st mysteriousflyer & your emails, back to the
> origin & gain some knowledge. I don't know about the dual use /
> acct hacking, but if you send unencrypted data through a Tor exit,
> a malicious relay operator could capture it.  This is & has been
> well documented for ages. "DON'T send any critical data, if not
> using secure connection (or encrypted file) through Tor."  Treat it
> like you would dealing w/ your bank - you wouldn't do business on a
> non secure connection (with the destination site).
> 
> Do you use gmail's https connection - both w/ Tor & w/out?  You
> should. If you don't, they could have gotten your PW, if using a
> regular browser or Tor Browser.
> 
> If you use gmail's (or any) https connection, it's no easier for an
> exit relay to steal your PW than anyone else, AFAIK.  It's still an
> encrypted connection.
> 
> But, as news stories point out, there are many ways for hackers /
> con men to get your PW other than running a Tor relay.  If your PW
> wasn't that strong, they could easily hack it using software.  I
> assume they didn't have your PW reset, but that's another way
> hackers do it - if they can guess security question answers, or
> they know you or something about you (or can look it up).
> 
> How would they make a copy of a debit card through Tor or your
> Gmail acct?  Do you keep a picture or all data of the card,
> unencrypted in your email acct? Also, using a credit card is
> generally safer than debit cards. You're better protected by the
> contract of most CC companies. 
> _______________________________________________

When I read this I was thinking "hmm, if he was using https" then it's
unlikely that this could occur. I'm pretty sure that's the default
nowadays anyway, especially for authentication.

You can further tighten security by using two-factor authentication.

My guess would be they got the password some other way other than
posing as a malicious tor exit node.

- -- 
scarp | A4F7 25DB 2529 CB1A 605B  3CB4 5DA0 4859 0FD4 B313
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJRIyvZAAoJEF2gSFkP1LMT9KgP/iBWq79ccpWtz5bMqP5nQFfG
Hm3isqlaf8zNNIiAzaLAyUOxB/CQLtlPSwEnJznzy41/r1bzpwTwDRFgjBwoGDsy
B3RGJHI4ZSKJELP0nfOVBquBzhLG2KS0k/WeO9+7Z7zL7YleSXF7j+CzIH6xOxLJ
nTHy6n5CVLC+NdaNa45YpFS7RfTyPjJ5YoeaxgTBtXYvEko8nsuvbprsnIBcNVoY
+GydEatBCvZIivsKfO8oZHsk8TSefg76LNLORL+8AHniLGHyJQUVa1tR5JXtV/MT
pYYAR8uK2DdWh1mALBP+ZhVSIvEgxlHGuPxCJ50jS0N2ljYKxl6lQ/Mxe1OiaqIh
ZLGWw7HbrnxthSwOL6WcHq7wI03sl+8BY5W3DnBIsfpUatdYX+StImXpn7jbADPu
nO7cbLoQBMq/4tOayH6jTN/5ctXUWnu6yQmf1jJGXx9nnyClk4Bj0qwY60VRIcE6
TckNCjOJ9zeQi90xpe7iS5zPW6iIxR4y2MvXUwAjS9yCekYnJC6HV+KCo8kNe6x8
E6oaPzkifMM4pZRCmDBSWKAczJhkJvTzSLZ90mRamZcO3naRwQu9hI3d2Xbsydll
AlGBX5dpym/3BpEo92cM4IzYA9aHEdloeieTOrDaJkWT1h1rT1qIAXUnbJZs2ak8
aRQ5E6ea3yFUc7PwAE31
=tH1M
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Email provider for privacy-minded folk
  - From: adrelanos

References:
- [tor-talk] Email provider for privacy-minded folk
  - From: bvvq
- Re: [tor-talk] Email provider for privacy-minded folk
  - From: Mysterious Flyer
- Re: [tor-talk] Email provider for privacy-minded folk
  - From: Griffin Boyce
- Re: [tor-talk] Email provider for privacy-minded folk
  - From: Joe Btfsplk
- Re: [tor-talk] Email provider for privacy-minded folk
  - From: Mysterious Flyer
- Re: [tor-talk] Email provider for privacy-minded folk
  - From: Joe Btfsplk

Prev by Author: Re: [tor-talk] Email provider for privacy-minded folk
Next by Author: Re: [tor-talk] Email provider for privacy-minded folk
Previous by thread: Re: [tor-talk] Email provider for privacy-minded folk
Next by thread: Re: [tor-talk] Email provider for privacy-minded folk
Index(es):
- Author
- Thread