Silk Road forums

Discussion => Security => Topic started by: meatwad on June 05, 2013, 09:20 pm

Title: Finally a New Hidden .Onion Email Service
Post by: meatwad on June 05, 2013, 09:20 pm
Mailtor.org -  http://bdom5vcb53z5hqz5.onion/ 

I stumbled across this while looking at a TOR directory that just lists the .onion address and no name for the website.

Can anyone vouch for this service?  It uses the same Roundcube Webmail that TORmail uses.  It seems like we finally have another legit TOR email service, but time will tell.
Is there a way to check the website source code, etc.,  to see if it has any malicious code in it?  Would any knowledgeable and skilled people like to lend a hand?
Title: Re: Finally a New Hidden .Onion Email Service
Post by: astor on June 05, 2013, 09:25 pm
Nice find! First test is to see if I can email my Tormail address. :)
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 05, 2013, 09:27 pm
I registered a random name with a new password.  Meatwad, register a random email and send me a message to dickbeans@mailtor.org

www.mailtor.org gives you the URL too by the way.

By the way Meatwad, you're lookin kinda yoked! 8)
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 05, 2013, 09:28 pm
By the way, always use GPG with this shit.  You never know who owns it and has access to your emails.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 05, 2013, 09:29 pm
I can't send an email or refresh to see new emails without javascript enabled. :'(

Astor, are you able to tell if this is a safe website to have javascript enabled? ???
Title: Re: Finally a New Hidden .Onion Email Service
Post by: astor on June 05, 2013, 09:30 pm
Confirmed to work, and astor wasn't already taken on this one. :)
Title: Re: Finally a New Hidden .Onion Email Service
Post by: astor on June 05, 2013, 09:31 pm
By the way, always use GPG with this shit.  You never know who owns it and has access to your emails.

Yeah, definitely. That applies to all email providers. You have no reason to trust Tormail more Mailtor or vice versa.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Tyrion Lannister on June 05, 2013, 09:32 pm
isn't tormail good enough?
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 05, 2013, 09:34 pm
By the way, always use GPG with this shit.  You never know who owns it and has access to your emails.

Yeah, definitely. That applies to all email providers. You have no reason to trust Tormail more Mailtor or vice versa.

Indeed.

isn't tormail good enough?

When it's working. ::)  Options are always nice.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: VersacePandaEgg on June 05, 2013, 09:39 pm
Meatwad, thanks for this!

I was looking into another email service since BST stated they were having problems with Tormail
Title: Re: Finally a New Hidden .Onion Email Service
Post by: meatwad on June 05, 2013, 09:51 pm
Yeah I just tried to send you an email JackNhoff but I cannot get past Noscript, even if I Allowed All Scripts Globally.   The option to allow that address is greyed out.....  I always used squirrelmail with TORmail, it was simple and you didnt have to allow Javascript for it to work :(
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Just Chipper on June 05, 2013, 10:09 pm
Great find Meatwad! I never liked the idea of everyone centralizing their email communication to one service. The more email Hidden Services the better IMO.

I can't seem to connect via POP3 or IMAP4 though. I hope the operator of this HS enables these protocols in the future. I don't like to use web-clients if at all possible.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: flwrchlds9 on June 05, 2013, 11:58 pm
squirrelmail! no java is great.

tormail is down a lot and has its domain show up in global block spam lists often.

would be useful if tormail or mailtor made a ton of alternate domains all pointing to same box. that is what we need.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: The-Truth on June 06, 2013, 12:06 am
Definately encrypt anything before this can be validate as it would be a great resource

good find
Title: Re: Finally a New Hidden .Onion Email Service
Post by: astor on June 06, 2013, 12:10 am
I can't seem to connect via POP3 or IMAP4 though. I hope the operator of this HS enables these protocols in the future. I don't like to use web-clients if at all possible.

Try sending an email to admin@mailtor.org and request it.

Also, did you try all the possible ports?
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Just Chipper on June 06, 2013, 12:28 am
Try sending an email to admin@mailtor.org and request it.

Also, did you try all the possible ports?

I did email admin requesting to open up a port for IMAP4. I will report back here if/when he opens up a port.

I tried all the default and SSL ports, no connection from any.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Mhaura on June 08, 2013, 04:56 am
This is awesome. Thanks!
Title: Re: Finally a New Hidden .Onion Email Service
Post by: FrequentFlyers on June 08, 2013, 07:40 am
Hey, Thanks for the info and links. It is always nice to have options.

It is upsetting when you need to access tormail, and it is offline so often..

Cheers!
Title: Re: Finally a New Hidden .Onion Email Service
Post by: DrChong on June 09, 2013, 09:32 am
It doesn't matter what onion mail service you use. You have to assume that they're all compromised and thus GPG is required no matter what in all communications. Tormail works fine.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Asal88 on June 09, 2013, 09:41 am
Looks interesting
Title: Re: Finally a New Hidden .Onion Email Service
Post by: modziw on June 09, 2013, 10:56 am
It doesn't matter what onion mail service you use. You have to assume that they're all compromised and thus GPG is required no matter what in all communications. Tormail works fine.


I always wonder why Tormail is there. Who is paying for it and why? Does anyone know?

Honeypot fears.

Modzi
Title: Re: Finally a New Hidden .Onion Email Service
Post by: mrmdma on June 09, 2013, 11:30 am
By the way, always use GPG with this shit.  You never know who owns it and has access to your emails.
I was just about to post the same. It is absolutely crucial to use encryption. Same with having intercourse with strangers, you can never know their backgrounds completely. Use protection.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Parabolic45 on June 10, 2013, 11:11 pm
subbing to see where this thread goes...im interested because of BST aswell
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 10, 2013, 11:16 pm
subbing to see where this thread goes...im interested because of BST aswell

You can use any email service and TOR.  Using a hidden service email service doesn't provide anymore anonymity for you.  It only provide anonymity for the server...
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Parabolic45 on June 11, 2013, 03:43 am
subbing to see where this thread goes...im interested because of BST aswell

You can use any email service and TOR.  Using a hidden service email service doesn't provide anymore anonymity for you.  It only provide anonymity for the server...

lol, I feel a bit foolish. Still trying to get my head around what's acceptable and what isnt. Thanks, jack. I appreciate you hanging around this forum and spreading knowledge; I've seen you across quite a few threads...
So, all I need to do is create a new email on any service and use it ONLY through Tor? Any specific recomendations? I'd prefer not to use gmail or yahoo...
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 11, 2013, 04:10 am
subbing to see where this thread goes...im interested because of BST aswell

You can use any email service and TOR.  Using a hidden service email service doesn't provide anymore anonymity for you.  It only provide anonymity for the server...

lol, I feel a bit foolish. Still trying to get my head around what's acceptable and what isnt. Thanks, jack. I appreciate you hanging around this forum and spreading knowledge; I've seen you across quite a few threads...
So, all I need to do is create a new email on any service and use it ONLY through Tor? Any specific recomendations? I'd prefer not to use gmail or yahoo...

Yes.  yahoo.com safe-mail.net  Anything really.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Just Chipper on June 11, 2013, 02:40 pm
You can use any email service and TOR.  Using a hidden service email service doesn't provide anymore anonymity for you.  It only provide anonymity for the server...

You're correct that it doesn't directly give you anymore anonymity. Although having the database for the emails on a server only accessible via Tor with SMTP relay Hidden services guarantees that if the relays are compromised the database server is not as the relay only has a hidden service and mapped IP. Therefore the database server remains location hidden. This way if you're using PGP They can't read your message, nor find the location of the email database server. This is what has allowed TorMail to exist as long as it has. Their relays go down often, and he simply spins up a new one on a different VPS, rinse and repeat.

TLDR: having your emails reside in a database only accessible via Tor is more secure than conventional email (yahoo, hotmail, etc) as these email database servers are publicly known.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: meatwad on June 11, 2013, 03:02 pm
So... has anyone actually been able to send an email with Mailtor?  When I tried about a week ago, the send button would not work.  Maybe it was because Noscript was blocking the site?
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Just Chipper on June 11, 2013, 04:01 pm
So... has anyone actually been able to send an email with Mailtor?  When I tried about a week ago, the send button would not work.  Maybe it was because Noscript was blocking the site?

Yes, I was able to send to TorMail and my own private mail server successfully. More than likely you're blocking the script to actually send the mail.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: fatoldsun on June 11, 2013, 04:16 pm
So... has anyone actually been able to send an email with Mailtor?  When I tried about a week ago, the send button would not work.  Maybe it was because Noscript was blocking the site?

Just received from @mailtor.org to @tormail.org so it looks like the two are talking to each other.

Just use PGP with it and Sam's your uncle.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 11, 2013, 07:15 pm
You can use any email service and TOR.  Using a hidden service email service doesn't provide anymore anonymity for you.  It only provide anonymity for the server...

You're correct that it doesn't directly give you anymore anonymity. Although having the database for the emails on a server only accessible via Tor with SMTP relay Hidden services guarantees that if the relays are compromised the database server is not as the relay only has a hidden service and mapped IP. Therefore the database server remains location hidden. This way if you're using PGP They can't read your message, nor find the location of the email database server. This is what has allowed TorMail to exist as long as it has. Their relays go down often, and he simply spins up a new one on a different VPS, rinse and repeat.

TLDR: having your emails reside in a database only accessible via Tor is more secure than conventional email (yahoo, hotmail, etc) as these email database servers are publicly known.

Yes, the servers cannot be gone through because the location is hidden but BST's server is not hidden...  They can go through BST's emails.  As you said, just encrypt your shit.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Parabolic45 on June 11, 2013, 07:39 pm
You can use any email service and TOR.  Using a hidden service email service doesn't provide anymore anonymity for you.  It only provide anonymity for the server...

You're correct that it doesn't directly give you anymore anonymity. Although having the database for the emails on a server only accessible via Tor with SMTP relay Hidden services guarantees that if the relays are compromised the database server is not as the relay only has a hidden service and mapped IP. Therefore the database server remains location hidden. This way if you're using PGP They can't read your message, nor find the location of the email database server. This is what has allowed TorMail to exist as long as it has. Their relays go down often, and he simply spins up a new one on a different VPS, rinse and repeat.

TLDR: having your emails reside in a database only accessible via Tor is more secure than conventional email (yahoo, hotmail, etc) as these email database servers are publicly known.

Yes, the servers cannot be gone through because the location is hidden but BST's server is not hidden...  They can go through BST's emails.  As you said, just encrypt your shit.

Isn't the case that they are no longer using PGP encryptions? They said on the onion that they were compromised
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 11, 2013, 07:49 pm
You can use any email service and TOR.  Using a hidden service email service doesn't provide anymore anonymity for you.  It only provide anonymity for the server...

You're correct that it doesn't directly give you anymore anonymity. Although having the database for the emails on a server only accessible via Tor with SMTP relay Hidden services guarantees that if the relays are compromised the database server is not as the relay only has a hidden service and mapped IP. Therefore the database server remains location hidden. This way if you're using PGP They can't read your message, nor find the location of the email database server. This is what has allowed TorMail to exist as long as it has. Their relays go down often, and he simply spins up a new one on a different VPS, rinse and repeat.

TLDR: having your emails reside in a database only accessible via Tor is more secure than conventional email (yahoo, hotmail, etc) as these email database servers are publicly known.

Yes, the servers cannot be gone through because the location is hidden but BST's server is not hidden...  They can go through BST's emails.  As you said, just encrypt your shit.

Isn't the case that they are no longer using PGP encryptions? They said on the onion that they were compromised

Your right.  So you can't use PGP with BST either way.  I don't buy bitcoins these days so I had no idea that they don't use PGP anymore.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: meatwad on June 11, 2013, 08:20 pm
I don't think that their PGP key was actually compromised as much as I think he removed the key voluntarily because of mounting pressure from the US GOVT.  I mean really, how hard is it to create a new key?
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Just Chipper on June 11, 2013, 08:33 pm
Yes, the servers cannot be gone through because the location is hidden but BST's server is not hidden...  They can go through BST's emails.  As you said, just encrypt your shit.

Oh I wasn't referring to BST, just Hidden Service email vs conventional in general.

Isn't the case that they are no longer using PGP encryptions? They said on the onion that they were compromised

Wow, that's just plain wreckless. I don't care how convenient they are, it's not worth sacrificing security.

I don't think that their PGP key was actually compromised as much as I think he removed the key voluntarily because of mounting pressure from the US GOVT.  I mean really, how hard is it to create a new key?

That doesn't make a whole lot of sense. You can decrypt the info, save it, and then give it to the regulating bodies when they request it. There's no justifiable reason to abandon PGP.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Parabolic45 on June 12, 2013, 03:28 am
I have not used BST yet but I am just curious if you do use their system would you even be sending any sensitive information to them? I thought if anything they would be the ones sending sensitive info...
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Jack N Hoff on June 12, 2013, 03:33 am
I have not used BST yet but I am just curious if you do use their system would you even be sending any sensitive information to them? I thought if anything they would be the ones sending sensitive info...

There is no sensitive information being sent or received other than maybe the amount to deposit to LocalTill.  Also, it doesn't matter if it is being sent or received.  Either way it's being transmitted.  It makes no difference whether it is to or from.
Title: Re: Finally a New Hidden .Onion Email Service
Post by: Parabolic45 on June 12, 2013, 04:03 am
I have not used BST yet but I am just curious if you do use their system would you even be sending any sensitive information to them? I thought if anything they would be the ones sending sensitive info...

There is no sensitive information being sent or received other than maybe the amount to deposit to LocalTill.  Also, it doesn't matter if it is being sent or received.  Either way it's being transmitted.  It makes no difference whether it is to or from.

yeah that makes perfect sense. I sort of just meant the nature of the transaction doesnt have anything revealing like what you'd need to encrypt on SR like an address. Either way, I kind of derailed the thread..thanks for the info, Jack!