[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor-only email

On 1 May 2008, at 10:02, Roger Dingledine wrote:

On Thu, May 01, 2008 at 09:47:50AM +0100, ?Andy Dixon wrote:
If anyone is interested, I need a few people to create an account,
and test the pop3,imap, smtp (internal only) and webmail.

Hi Andy,

A word of warning: pop3 and imap tend to communicate authentication
information in plaintext. Sending protocols like those over the open
Internet (whether using Tor or not) is generally a very risky thing to do.
Sending them over Tor may be even riskier.

(There are safe ways to do it, e.g. by making sure that your Tor clients
use a hidden service to transport their plaintext protocols, or making
sure they always exit from a relay that's on the same local network as
the destination. But you need to think carefully about these issues in
any case.)


Hi Roger,

The services are only configured as hidden Tor services at the moment, however I am thinking about going SSL so that email can be accessed from a 'normal' connection..

I'm sue that most people, if they wanted such a service, would probably prefer to use a web-based mail service purely for convenience..