[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Email provider for privacy-minded folk
Indeed! I also employ one additional measure, which, admittedly, may not
be to everyone's taste - I have all my
browser/system/email/everything-else-you-care-to-name root certificate
store wiped out clean!
IMO, only stupid idiot doesn't use https with gmail.
That's why I think all talkings about gmail and beeing hacked is useless.
Let him set "Use always https" in the gmail settings, then log out, log in, change password and secure q/answer and that's all.
This should be about Tor and Tor close stuff...
If I have to access a specific (https) site or access a new email
account (by using secure pop/starttls, secure smtp or secure imap) I
tend to get the site's certificate well in advance via other means (not
through tor, obviously) and store it manually on my system for use by
these programs. That way, I know that if the "certificate unrecognised"
error pops up there is either 1) a new site I have never accessed before
(most likely); or 2) someone is trying to use spoof certificates.
The latter doesn't occur very often, though I've had this on a number of
(rare) occasions when a tor exit node for example (prior to being banned
in my torrc file and banished forever) tries to pretend to be my email
server and gets caught out with its pants down, quite literally... This
measure also prevents the likes of hacked/rogue CA's out there leaking
certificates to people/organisations who use them for various
tor-talk mailing list