[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor-only email




On 1 May 2008, at 10:02, Roger Dingledine wrote:

On Thu, May 01, 2008 at 09:47:50AM +0100, ?Andy Dixon wrote:
If anyone is interested, I need a few people to create an account,
and test the pop3,imap, smtp (internal only) and webmail.

Hi Andy,

A word of warning: pop3 and imap tend to communicate authentication
information in plaintext. Sending protocols like those over the open
Internet (whether using Tor or not) is generally a very risky thing to do.
Sending them over Tor may be even riskier.

(There are safe ways to do it, e.g. by making sure that your Tor clients
use a hidden service to transport their plaintext protocols, or making
sure they always exit from a relay that's on the same local network as
the destination. But you need to think carefully about these issues in
any case.)

--Roger

Hi Roger,

The services are only configured as hidden Tor services at the moment, however I am thinking about going SSL so that email can be accessed from a 'normal' connection..

I'm sue that most people, if they wanted such a service, would probably prefer to use a web-based mail service purely for convenience..

Andy