[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Email provider for privacy-minded folk
> Joe Btfsplk:
>> On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
>>> Ummmmm. I am the REAL mysteriousflyer@xxxxxxxxxx I guess it's
>>> super-duper easy for a person's user names and passwords to get
>>> hacked when accessing e-mail over Tor. I also noticed that
>>> someone has been reading my gmails (since they were marked as
>>> read), so I changed my password over there and will never access
>>> gmail through Tor again. Someone ALSO made a copy of my debit
>>> card and tried to use it in another state, but that may be
>>> coincidence. Does anyone have any knowledge as to HOW a hacker
>>> may get this information? Is it through an exit server? I
>>> certainly never made any online purchases through Tor.
>>> On 2/11/2013 9:51 PM, Griffin Boyce wrote:
>>>> There are some good ones out there, but if you're using Tor to
>>>> create the account and login, you should know that many have
>>>> started blocking Tor users (or deactivating their accounts in
>>>> the case of Yahoo). Size could also be an issue, but if you're
>>>> deleting them off the server on download, then that problem
>>>> goes away.
>>>> On Mon, Feb 11, 2013 at 10:10 PM, Mysterious Flyer <
>>>> mysteriousflyer@xxxxxxxxx> wrote:
>> Will the real Mysteriousflyer please stand up? Maybe the list
>> admins can trace the 1st mysteriousflyer & your emails, back to the
>> origin & gain some knowledge. I don't know about the dual use /
>> acct hacking, but if you send unencrypted data through a Tor exit,
>> a malicious relay operator could capture it. This is & has been
>> well documented for ages. "DON'T send any critical data, if not
>> using secure connection (or encrypted file) through Tor." Treat it
>> like you would dealing w/ your bank - you wouldn't do business on a
>> non secure connection (with the destination site).
>> Do you use gmail's https connection - both w/ Tor & w/out? You
>> should. If you don't, they could have gotten your PW, if using a
>> regular browser or Tor Browser.
>> If you use gmail's (or any) https connection, it's no easier for an
>> exit relay to steal your PW than anyone else, AFAIK. It's still an
>> encrypted connection.
>> But, as news stories point out, there are many ways for hackers /
>> con men to get your PW other than running a Tor relay. If your PW
>> wasn't that strong, they could easily hack it using software. I
>> assume they didn't have your PW reset, but that's another way
>> hackers do it - if they can guess security question answers, or
>> they know you or something about you (or can look it up).
>> How would they make a copy of a debit card through Tor or your
>> Gmail acct? Do you keep a picture or all data of the card,
>> unencrypted in your email acct? Also, using a credit card is
>> generally safer than debit cards. You're better protected by the
>> contract of most CC companies.
> When I read this I was thinking "hmm, if he was using https" then it's
> unlikely that this could occur. I'm pretty sure that's the default
> nowadays anyway, especially for authentication.
> You can further tighten security by using two-factor authentication.
> My guess would be they got the password some other way other than
> posing as a malicious tor exit node.
Or he just ignored the SSL warning like so many people do.
tor-talk mailing list