[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Sending email from Tor browser



On 6/14/2014 6:33 AM, Chen Cecilia Zhang wrote:
and the strange thing is : I tried to test the email sending from Tor and
without Tor browser, and the IP address shows in the "original email" from
gmail are the same....

Will anyone help explain how come? thansks


On Sat, Jun 14, 2014 at 4:22 AM, Chen Cecilia Zhang <
chenceciliazhang@xxxxxxxxx> wrote:

No software to compose email, as you mentioned, just normal email account
such as yahoo.

The reason i wonder is even the email was composed within tor browser, but
the email was actually sent 1 month later, will that show the actual IP
address?


On Sat, Jun 14, 2014 at 3:04 AM, Sebastian G. <bastik.tor> <
bastik.tor@xxxxxxxxxxxxxx> wrote:

1st, it would be much better to use a more "private" & security conscious provider than the likes of Gmail or Yahoo. Like Unseen.is or some others. I wouldn't depend on claims by any, that they "can secure email from all security / law enforcement agencies."

Was the IPa shown in the email header the same as your Tor exit IPa, or your ISP's assigned address? If using TBB & no addons or plugins that could possibly reveal your IPa, it shouldn't be possible for even Gmail to see your real IPa. If you did use TBB (correcly) & your *real* IPa showed up in the email header, something's wrong.

Some email providers don't even include your IPa in the header - like Unseen.is, VFEmail & several others. Unseen.is or any others aren't necessarily the magical answer to all email security & privacy issues. For instance, at one time, Unseen claimed "end to end" strong encryption *between* Unseen users - if using their webmail. You can read their disclosure on the latest "modified" PGP encryption they provide.

I pointed out to them that the encryption, while *on their servers* may be very good, there was still a hole in that strong encryption, in between their server & users' computers. That part of the communication was "only" SSL / TLS encryption - which some Snowden documents indicated the NSA *had broken* (I believe - my head is killing me today). That one gap essentially made their encryption process no better than many other providers, (a chain is only as strong as its weakest link). Except mail on their servers was stored encrypted, which kept them from reading it.

Since then, they developed their own desktop client, allowing users to encrypt msgs locally before sending. I haven't used it yet, so can't comment on that client, or whether retrieving messages with the client maintains "strong" encryption between their server & users' computers (stronger than SSL / TLS). I assume that now w/ the local client & users encrypting messages before sending, that the private keys are generated & stored on users' computer rather than on their server.

For free accounts - using webmail, the private keys were stored on their server (may still be, if using webmail). Now there's an alternative to webmail. But that also requires trusting their client & the encryption software / algorithm.

Here is a comparison of some of the more "privacy conscious" providers:
http://thesimplecomputer.info/free-webmail-for-better-privacy

When considering Simple Computer's information (or any other), *check with the providers* for final details. Providers' policies & technology used can change at any time.

For instance, Simple Computer's comment: "Unseen does not plan to support Internet Explorer for chat & video, and the current Tor Browser Bundle (3.6.1) is built on Firefox 24 ESR which lacks features in its JavaScript engine to work properly with Unseen," is *not true* anymore (AFAIK). I use TBB w/ Unseen's webmail. Months ago, there were some temporary problems in using their site with TBB, but after I reported them, Unseen made changes on their side that seem to have fixed it.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk