[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Email provider for privacy-minded folk

Mysterious Flyer wrote:
Ummmmm. I am the REAL mysteriousflyer@xxxxxxxxxx I guess it's super-duper easy for a person's user names and passwords to get hacked when accessing e-mail over Tor. I also noticed that someone has been reading my gmails (since they were marked as read), so I changed my password over there and will never access gmail through Tor again. Someone ALSO made a copy of my debit card and tried to use it in another state, but that may be coincidence. Does anyone have any knowledge as to HOW a hacker may get this information? Is it through an exit server?

Joe Btfsplk already discussed the ability of exit nodes to sniff unencrypted traffic. I would also point that the attacker didn't necessarily use Tor to crack your email account(s).

Just as a data point which may or may not be relevant for your case, last year I advised *two* friends that I suspected their email accts had been compromised. I was getting spam under their user names. While I am aware that it is trivial to spoof "From" addresses, in both cases there were details about the emails that made me suspect they came from the actual accts rather than merely spoofed headers. In both cases my friends checked and indeed their accts. had been compromised. Neither person had any idea how their acct. got compromised and I am reasonably sure neither had ever used Tor. Both swore they had not been phished. One had a Hotmail acct. and I think the other used mail.com. My point is that attacks against email accts. w/o using Tor to do it is apparently commonplace, something that seems to be confirmed in that "Abuse at Scale PDF that a Google employee linked to from this list a while back.

tor-talk mailing list