[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Email provider for privacy-minded folk

On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
Ummmmm.  I am the REAL mysteriousflyer@xxxxxxxxxx  I guess it's super-duper easy for a person's user names and passwords to get hacked when accessing e-mail over Tor.  I also noticed that someone has been reading my gmails (since they were marked as read), so I changed my password over there and will never access gmail through Tor again.  Someone ALSO made a copy of my debit card and tried to use it in another state, but that may be coincidence.  Does anyone have any knowledge as to HOW a hacker may get this information?  Is it through an exit server?  I certainly never made any online purchases through Tor.

On 2/11/2013 9:51 PM, Griffin Boyce wrote:
There are some good ones out there, but if you're using Tor to create the
account and login, you should know that many have started blocking Tor
users (or deactivating their accounts in the case of Yahoo). Size could
also be an issue, but if you're deleting them off the server on download,
then that problem goes away.


On Mon, Feb 11, 2013 at 10:10 PM, Mysterious Flyer <
mysteriousflyer@xxxxxxxxx> wrote:

Will the real Mysteriousflyer please stand up? Maybe the list admins can trace the 1st mysteriousflyer & your emails, back to the origin & gain some knowledge. I don't know about the dual use / acct hacking, but if you send unencrypted data through a Tor exit, a malicious relay operator could capture it. This is & has been well documented for ages. "DON'T send any critical data, if not using secure connection (or encrypted file) through Tor." Treat it like you would dealing w/ your bank - you wouldn't do business on a non secure connection (with the destination site).

Do you use gmail's https connection - both w/ Tor & w/out? You should. If you don't, they could have gotten your PW, if using a regular browser or Tor Browser.

If you use gmail's (or any) https connection, it's no easier for an exit relay to steal your PW than anyone else, AFAIK. It's still an encrypted connection.

But, as news stories point out, there are many ways for hackers / con men to get your PW other than running a Tor relay. If your PW wasn't that strong, they could easily hack it using software. I assume they didn't have your PW reset, but that's another way hackers do it - if they can guess security question answers, or they know you or something about you (or can look it up).

How would they make a copy of a debit card through Tor or your Gmail acct? Do you keep a picture or all data of the card, unencrypted in your email acct? Also, using a credit card is generally safer than debit cards. You're better protected by the contract of most CC companies.
tor-talk mailing list