[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Replacement for Tormail
On Mon, Aug 12, 2013 at 11:46 PM, Gordon Morehouse <gordon@xxxxxxxxxxxx> wrote:
> Edgar S:
>> The function of Tormail I need that suggested solutions don't seem
>> to have is the ability to receive and reply to clear text ordinary
>> Email sent from a non-secure SMTP.
I believe this better said as 'traditional email', since that may also
use 'secure' tls transports or OpenPGP by users with no change.
> I wish some trusted entity who has a bit of money and, um, gusto for a
> fight, would set up an email service with a .onion entry point. The
> EFF comes to mind, but they have plenty to do. I'm not sure what
> other groups I'd trust. I never had any idea who was running Tormail.
>> As a hosting venue for ...
The idea of tormail was that they were not subject to legal process.
Their proxy points into and out of the real world were. But it is yet
untested whether in some places one can shut such an entire point
down due to not being able to service a specific account. A curious
mix of contract, common carrier, free speech, jurisdiction and so on.
You may 'have an idea' who EFF or any other entity or jurisdiction
is, but they are all subject to certain specific things. Those are very
good fights to have and expose as well.
And regardless of service model and who runs it, all public points
are subject to tapping in the nearest upstream, no gain there.
Some people did note tormail had a domain locked and
supposedly got it back. And maybe they did move proxy
servers sometimes too.
They did have service issues and were not exactly mature/open
but does that imply lack of trust? Who knows. 'Knowing them'
should not imply trust either. That's why there is OpenPGP and
other messaging protocols too.
With standard email, I'd feel better with lots of little providers
around the world, not just the big three. Ones that try these
things. That way you could watch and see who does and says
what up against what and all sorts of models could be tested.
Right now most of the small market are legacy providers in
this respect, notice how many still do not provide TLS and
privacy oriented policies. Huge oppurtunities here.
Besides, EFF and Tor are not in the business of running
physical services carrying user data, much less storing
it between transit. Ask torservers, noisebridge or start your
own group :)
> doesn't leak information in any of the myriad ways email can which
> could serve to unmask a Tor user
I do not like this 'leak'. SMTP header and operation is what it is
by exact design, not by leaky bug. If MUA put the content of your
disk into mail that would be a leak. User is 'unmasked' not
by SMTP, but by their [improper or choiced] use of it.
> This isn't gonna cut it. A Tormail replacement that's any good,
> that's reliable, that's censorship-resistant, that's hardened
> ... that will require professionals
> to set it up. It's not going to fly on $random_email_provider +
> hidden service and a tunnel, or whatever.
You would be surprised how much a random tech fly can do. A fly that
is given help with the legal/finance aspect becomes a powerful raptor.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk