Silk Road forums
Discussion => Security => Topic started by: slash on August 09, 2013, 02:33 pm
-
"Tor Mail consists of several servers, a Tor hidden service, and an incoming and outgoing internet facing mail servers.
These internet facing mail servers are relays, they relay mail in and out of the Tor network, the relays are purchased anonymously and not tracable to us.
The only thing stored on the hard drive of those servers is the Exim mail server, and the Tor software.
No emails or logs or anything important are stored on those servers, thus it doesn't matter if they are seized or shut down.
We are prepared to quickly replace any relay that is taken offline for any reason."
how true is that ?
-
At least the part about being prepared to "...quickly replace any relay that is taken offline..." isn't!
Too many people on here, much more knowledgeable than me in these matters say the service is burned and never use again. I am definitely following that advice. Even though I never sent any sensitive information from there, I always logged out AFTER deleting all emails from every single folder including trash.
-
Tormail consisted of two servers. One was an anonymously rented VPS that communicated directly over clearnet. It hosted the tormail.org/net web site and accepted emails from other clearnet email accounts that were addressed to @tormail.org/net. The other server was the hidden service that you connected to when you checked your email. The clearnet server was a proxy to the hidden service and didn't store emails. The hidden service stored the emails. The problem is that the hidden service turned out to be the Freedom Hosting server, which was seized by LE, so they got the server with the emails.
-
Thanks for the clarification astor, you sir are a scholar and a gentleman!
Tormail consisted of two servers. One was an anonymously rented VPS that communicated directly over clearnet. It hosted the tormail.org/net web site and accepted emails from other clearnet email accounts that were addressed to @tormail.org/net. The other server was the hidden service that you connected to when you checked your email. The clearnet server was a proxy to the hidden service and didn't store emails. The hidden service stored the emails. The problem is that the hidden service turned out to be the Freedom Hosting server, which was seized by LE, so they got the server with the emails.
-
thanks for the replies
one thing I dont get though is why would LE shut down tormail and other FH website as soon as they ve seized it?
surely the feds would have left it open for evidence of "ongoing criminal activities"
let me know what am I missing here please?
-
It looks like they did for a few days, but people found out about the exploit really fast, or we assume it was fast. We don't know how long the exploit was live on the site. After everyone knew about it, I guess they decided to shut down the server.
-
It looks like they did for a few days, but people found out about the exploit really fast, or we assume it was fast. We don't know how long the exploit was live on the site. After everyone knew about it, I guess they decided to shut down the server.
so the exploit was live on the site for sure?
or people just assumed on possibilities of exploit?
-
or perhaps the owner had some kind of destruct set up so after a couple of days of him being incarcerated it went into meltdown.. that's my hope anyway.
-
Tormail consisted of two servers. One was an anonymously rented VPS that communicated directly over clearnet. It hosted the tormail.org/net web site and accepted emails from other clearnet email accounts that were addressed to @tormail.org/net. The other server was the hidden service that you connected to when you checked your email. The clearnet server was a proxy to the hidden service and didn't store emails. The hidden service stored the emails. The problem is that the hidden service turned out to be the Freedom Hosting server, which was seized by LE, so they got the server with the emails.
Shouldn't it be common practice that people communicate solely via PGP using thunderbird or manual encryption for e-mails?
I see a lot of vendors using tormail as an alternative for SR discussion/transacting in the event that SR goes down (which it does). Yet, it seems like most people using these services are not encrypting their e-mail, which seems pretty silly considering the content and unknown server location :-\
-
Of course it should, but people get lazy ("this email doesn't have anything sensitive in it, so meh"), or some issue disrupts a busy vendor's workflow and they skip it (like what happened in the case of BlueGiraffe), or they don't have an add-on like Enigmail to automate it, so it takes too much time. People take shortcuts all the time, that's nothing new.