[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor-compatible secure email systems

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tor-compatible secure email systems
From: glymr <glymr_darkmoon@xxxxxxx>
Date: Wed, 13 Sep 2006 00:07:29 +1000
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 12 Sep 2006 10:08:14 -0400
In-reply-to: <1158061483.11637.270719949@webmail.messagingengine.com>
References: <1158061483.11637.270719949@webmail.messagingengine.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.5 (Windows/20060719)

Just what exactly is insecure about being 100% vigilant about never
accessing any random (eg hotmail, gmail, yahoo mail) mail server with tor?

Well the main problem is in password recovery. Unfortunately most ...
well any website ... has not got best practise cryptographic techniques
for ensuring secure access. But without a backup email service, you are
kinda screwed.

Have a look at mixminion. I've not managed to figure it out. I don't
think of anonymity as being absolute. I personally don't think that
letting your real ip address to various places now and then absolutely
compromises you. The biggest problem of all comes from mail sending. You
can't send via smtp from tor, because tor does not permit port 25
traffic on exits, thanks to spam.

oh yes, i just want to back up my statement about anonymity of ip. i
have intermittently run a tor server. i'd love to see it proven at any
stage that it was me or some random fool who i let through on my open
proxy ;)

Total Privacy wrote:
> Hello or-talkers! 
> 
> I see your activity had gone up rapidly since last time. 
> Probably good, I suppose. 
> 
> Well... what I´m up to right now, is looking for the very 
> ultimate secure email system that´s fully compatible with 
> Tor and don´t require cookies, javascript and other things 
> that somehow may be insecure in any way and may expose (or 
> collect) the real IP of the user. 
> 
> Preferable it should be a webmail, offering full end-to-end 
> encryption (no open email storage at the server) and free 
> accounts sign up. 
> 
> Once upon a time, the hushmail had it (however with Java 
> etc) but when I recently checked the site, they still want 
> javascript and now offer antivirus checks of the content. 
> How can that be possible if end-to-end encryption? Figure... 
> 
> There are others (for example cyber-rights, safe-mail and 
> fastmail) but so far I´ve not discovered one that don´t 
> require javascript (at least when sign up) except fastmail, 
> who had been almost perfect if it not storage the emails 
> unencrypted. 
> 
> About the usual garbage (hotmail, yahoo etc) I should not 
> even mention it here. 
> 
> So, if anybody knows a webmail system that at least offer 
> SSL full sessions, not storage it in open (readable for any 
> snoops in the staff, or someone simple hacking the server), 
> not in any circumstances demand javascript or whorse, and 
> have a free account version, then please tell about it. 
> 
> Thanks in advance! 
> "TP" 
> 
> 
> 
>

Follow-Ups:
- Re: Tor-compatible secure email systems
  - From: Kelly Byrd

References:
- Tor-compatible secure email systems
  - From: Total Privacy

Prev by Author: Re: Protecting exit-nodes by GeoIP based policy
Next by Author: Re: Tor-compatible secure email systems
Previous by thread: make win 2003 server use my tor server - newbie question
Next by thread: Re: Tor-compatible secure email systems
Index(es):
- Author
- Thread