[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Email provider for privacy-minded folk

On 2/19/2013 7:07 PM, Mysterious Flyer wrote:
OK, more information on the circumstances:

1.  The whole reason I started up with all this "privacy" and "anonymous" stuff was because someone had hacked my gmail account, and was trying to ruin my life.  I happen to know from their IP address that they work at Google in San Jose.
2.  I used a dedicated Tor Mail account to open the anonymous "Torrified" Yahoo account, and then only ever used the Yahoo account to post to this forum.
3.  I have to admit that I got lazy with my passwords.
4.  I only use Google through https, but you know that gets unencrypted at the exit node, right?  Or am I wrong about that?
5. I use Keyscrambler whenever I'm online, and I have AdAware.  I sometimes download free trials of other anti-malware programs, just to make sure that AdAware is doing a good job.
6. I use an unsecured wireless network at home because we're too lazy to set up a password.  We set one up once, but then got new computers and it was hard, K?  We live in a very spaced-out area, so our nearest neighbor is too far away to hop on our connection.  Our nearest neighbor has TWO secured connections at his own house.  One of them is named "Black Ops", which is funny.  I doubt the neighbor with two connections is hopping on to mine.

I have my suspicions about Tor Mail.  Do any of you think that someone got access to my Yahoo account by hacking into the Tor Mail account that was used to set it up?  I was using this little algorithm to make passwords, which probably would have easily been guessed if a person had my user name and password from the one Tor Mail account.

I noticed that my back-up account to the Yahoo account had been changed from "xxxx@xxxxxxxxxxx" to "xxx@xxxxxxxxxxx".  I also can't for the life of me seem to remember my password to the dedicated Tor Mail account that was used to set up the dedicated Yahoo account.  Was the password changed at Tor Mail, or did I just plumb forget it?

I have gotten conflicting information on whether or not it is EVER safe to access e-mail through Tor.  I have read that your Google cookie can be stolen through Tor, even when you aren't on Google.  Is that true?

So I am thinking there are two possibilities:
1.  My hater has been spying on my this whole time, even though I thought they were gone, and they are good at spying.
2.  This is a new person (not the hater) who got at me through Tor Mail, and they just posted the posing post as way to make fun of me because they think it's funny.

I doubt the debit card thing is related.  Someone probably stole my numbers through a swipe-logging device at a gas station.

Based on the information above, can anyone provide any further insight that has not already been given?

The REAL mysterious flyer.

OK, much of this has nothing to do w/ Tor or Tor browser, per se. I don't run "this joint," so I can't tell you what / what not to discuss here. Much of the situation would perhaps be better discussed on a privacy forum. Wilder's Security forum has a good section. Another is on Neowin - the internet security forum.

But, several things you describe *could* be the root of some of your problems. 1) As mentioned, Tor Mail isn't associated w/ Tor Project. Beside, JUST using tor mail, by itself, has little to do w/ anonymity, AFAIK - from reading about them. 2) From what you describe, Tor probably isn't your problem. It's your security practices (or lack there of). :( It also sounds like you might open an email attachment (when NOT expecting it), click on links in email - even just to "unsubscribe." All those can load malware on your system. Sometimes, it's very difficult to detect, once on your system. To be anonymous w/ email, you must open an acct using Tor & NEVER use anything else to access it. You can use their webmail & it should be fine, if you're not doing stupid things w/ Tor / TBB.

If you used a BU email acct (for PW reset or what ever) w/ the Tor - Yahoo acct, & if you EVER accessed the BU (tor mail) acct from your real IP address, then the anonymity of the Tor Yahoo acct was blown.

No one can get lazy w/ PWs & not have problems, sooner or later (I assume you meant: not strong, not completely random, not very long). Especially on high traffic / high target sites like google or email providers. If that's the case, your former hacker probably knew things about you. That & good PW cracking software is likely how he got your PW. Use a PW manager & generate STRONG, random PWs, not something that involves any of your personal data, email acct names, etc.

I get the feeling that there's more to "your hater" story than you let on (& more than ANYone here wants to hear). ;)

Unless you're using a GOOD method to replace all characters. All the simple, easy ways to replace say, letters of your email acct, are used in PW cracking software. If you feel you MUST memorize it, use methods endorsed by security experts. Just best NOT to start w/ personal data, that someone could know / guess / search for. It still needs to be > or = 15 chars: upper / lower case letter, #s, special characters. Twenty to 25 chars is MUCH better, for safety from PW cracking software. Use a PW mgr that autotypes - like Password Safe or Keepass - both free, open source. Have portable versions. Get them on Sourceforge.net

3) NO! If using an https connection, that security / encryption has NOTHING to do w/ Tor. TOR ENCRYPTION ends at the exit relay. HTTPS (SSL / TLS) encryption does not. Unless, someone / some site imitates or hacks the site you were trying to reach, & then usually you'd see a "Security Warning" from the browser, about being unable to verify the security certificate. Most people just ignore those, w/o checking out the situation.

Even if someone stole an email provider's cookie, it wouldn't do them any good because they're not using it on the same machine (AFAIK). That's the least of your worries.

If someone hacked you before & knows something about you (or knows you), you need to COMPLETELY beef up your security methods on ALL online accts. Now, if you have more questions about email safety, PWs, general security, I suggest going to sites like I mentioned, or others. Most of your questions / issues have already been answered there.
tor-talk mailing list