[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Basic questions from new user but...

Much appreciated!

Yes, can anyone suggest email providers that will protect privacy and still work easily with Tor (? that don't require j's). 

> Date: Wed, 9 May 2012 22:04:58 -0500
> From: joebtfsplk@xxxxxxx
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] Basic questions from new user but...
> On 5/9/2012 6:56 PM, Elena Johnson wrote:
> > I have a feeling other newbies might benefit. 3 questions below (if tor-talk is not appropriate for these questions, PLEASE let me know what the appropriate contact is) .
> >
> > I have read the FAQ's, much documentation, and searched the broader web but still have questions about browsing the internet with Tor (I'm using the whole Tor Browser Bundle):
> >
> > 1) Can I ANONYMOUSLY allow scripts for hotmail, gmail and yahoo mail using Tor browser?
> >        -  hotmail -  I can’t sign in, I get the message:
> >            "Windows Live ID requires JavaScript to sign in."
> >            If I allow the script, use https and HTML and sign in then,
> >                 I can use NoScript to go through a series of "allowing scripts" from the following,
> >                 but I still can't open the email
> >                      https://snt130.mail.live.com
> >                      https://secure.shared.live.com
> >                      https://secure.wlxrs.com
> >
> >         - gmail: Google requires scripts to create account (I WAS able to access HTML email
> >           without  scripts - very very useful and good, THANKS)
> >
> > 2) If I allow scripts ONE TIME, does that blow my anonymity for ALL TIME or just during that browsing session. In other words, is the info then stored somewhere that can be retroactively analyzed to reveal my IP address?
> >
> > -----------------------------------------------------
> > I had this experience on the Tor site:
> > - I'm going through the Tor FAQ page and try to link to:
> >
> >           irc channel
> >
> >           tor-talk@xxxxxxxxxxxxxxxxxxxx
> >
> >           help@xxxxxxxxxxxxxxxxx
> >
> >     -I'm assuming Tor is SAFE but for each of these, I get the MESSAGE:
> >
> >           "Load external content?
> >
> >           An external application is needed to handle:
> >
> >           mailto:help@xxxxxxxxxxxxxxxxx (etc.)
> >
> >           NOTE: External applications are NOT Tor safe by default and can unmask you!
> >
> >           If this file is untrusted, you should either save it to view while offline or in a VM,
> >
> >           or consider using a transparent Tor proxy like Tails LiveCD or torsocks."
> >
> >      - I'm guessing that YES! i can trust that I can use whatever
> > "external application" will allow me to access these Tor support
> > services, BUT I'M NOT ABSOLUTELY SURE. This leads to my third question:
> >
> > 3) Can I ANONYMOUSLY load "external content" using an "external application"? Does the answer depend on THE SITE I am browsing, the particulars of the "external application" needed, and the specific "external content"?
> >      
> Welcome!
> I'm not the foremost expert on Tor & external apps.  Others can chime in 
> or correct my suggestions.  You ARE using the Tor browser bundle - TBB - 
> aren't you?
> 1) If you really want privacy / anonymity, maybe Live Mail, Gmail 
> shouldn't be your choice - at least when using Tor.  The companies 
> behind them are noted for a lot of privacy invasions.  A lot of mail 
> providers seem to require js, but maybe others can suggest some (or 
> methods) that don't require it.  I'm quite sure some providers don't 
> require js.
> 2) AFAIK just for that session.  But, if it's for an email acct that you 
> tried to create anonymously thru Tor - IF - say Gmail, tied you to a 
> real IP address & provider, then you don't have much anonymity for that 
> acct from then on.  That's assuming anyone, including Gmail cares to 
> pursue it.  I'm assuming it warning you about accessing 
> help@xxxxxxxxxxxxxxxxx means using your mail client.  In their default 
> state, email clients CAN leak info about you.
> Which external content (type) & which application is it trying to use?  
> It does make a difference.  Yes, some can leak certain data.  Some apps 
> can be "torrified," to lesser or greater extents.  Instructions used to 
> be on the Tor documentation site for diff apps, but may have been 
> removed.  May also be wiki articles.
> 3) See ans. # 2.  It's an "it all depends" question that comes up 
> often.  It's not so much the site (unless they use advanced tracking 
> techniques & you have js enabled, etc.), as the external app being 
> used.  In general, heed the warning about loading external content, if 
> true anonymity is desired.   The application could matter because it 
> dictates the type of application needed.  Part of it depends on what 
> you're trying to conceal from whom.    NSA?  You may be screwed.  You'll 
> have to research IF the apps needed (& specific one you use) can be 
> torrified or leaks worse than another.  Probably look into Tails or 
> torsocks.
> I've probably created more questions, but the upshot is, you have to 
> educate yourself when it comes to using external apps & Tor.
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
tor-talk mailing list