Silk Road forums
Discussion => Security => Topic started by: i push the kush on July 07, 2013, 09:55 pm
-
I am looking for a secure email site to use, TOR mail is fucked up and doesn't work with BST very well, I was using hushmail, but I didn't sign in within 3 weeks and my account got deactivated. So what email service do you use besides TORmail? Thanks
Regards,
i push the kush
-
Tormail is working fine for me. Hushmail is how the Farmer's Market guys got busted... so. Don't do that.
-
Tormail is working fine for me. Hushmail is how the Farmer's Market guys got busted... so. Don't do that.
Oh shit... didnt know that! But Blue Sky Traders asked me not to use Tormail and to use a different mail server...
-
Another hidden service based email provider is MailTor: bdom5vcb53z5hqz5.onion
Clearnet providers that allow registration over Tor: outlook.com, safe-mail.net
There may be others.
-
Another hidden service based email provider is MailTor: bdom5vcb53z5hqz5.onion
Clearnet providers that allow registration over Tor: outlook.com, safe-mail.net
There may be others.
Thank you!
-
You can register a yahoo account with TOR. I mean it's fucking Yahoo but it's TOR so basically you have options depending on what you need it for, if it's a one time burner email you can try www.mailinator.com.
:)
-
Tormail, so far so good!
-
Why is tormail fucked up?
-
@astor - thanks
I am not sure if this place has been widely tested for security, and it is not a full function email provider, but there is also anonymouse.org
-
I use tormail, But what would you say is he best clearnet email service?
-
Tormail is not "fucked up" for me. It is fucked up for Blue Sky Traders, they told me that I need to use a different email service because tormail doesn't work for them. I now have a mailtor account.
-
Tormail is not "fucked up" for me. It is fucked up for Blue Sky Traders, they told me that I need to use a different email service because tormail doesn't work for them. I now have a mailtor account.
I wonder if what is happening is if BST's email provider and/or ISP has blacklisted Tormail, and therefore BST cannot receive email sent from Tormail addresses?
Nightcrawler
-
In the tor bundle there is the checkbox option that your isp is against using tor, or something like isp must not know I use tor.
ISP's blocking the net are lame. I guess I'm lucky here since they only blocked the piratebay on some major isp's and that was because they were forced to do so after going to trial to explain that they don't want to. And that it's the beginning of blocking more and more.
The funny thing is that you can still use tor to get on the piratebay which made banning it completely useless.
-
https://www.safe-mail.net/
With all due respect, I don't consider Safe-Mail as safe. Here's why:
1. I've heard from sources I trust that Safe-Mail shares information with the authorities.
2. Safe-Mail is little better than Hushmail; the only real difference is that Hushmail uses PGP, and Safe-Mail uses S/MIME. Both services have access to one's private key(s).
3. I read some accounts by Safe-Mail users some while back, where Safe-Mail was having technical difficulties. Some users became alarmed when their accounts suddenly sported copies of emails that they had previously deleted. (Obviously, Safe-Mail must have restoared these from backups.)
If you MUST use a service like Safe-Mail, then you must ensure to use Tor to keep them from harvesting your IP addresses, and you also must ensure that all your email is PGP-encrypted BEFORE it ever hits the Safe-Mail servers.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
If you MUST use a service like Safe-Mail, then you must ensure to use Tor to keep them from harvesting your IP addresses, and you also must ensure that all your email is PGP-encrypted BEFORE it ever hits the Safe-Mail servers.
That's a given for any clearnet email provider. You'd be an idiot to do anything criminal with a clearnet email account and not use Tor + PGP.
They can still get metadata, like the email addresses you were communicating with and the dates / times of the emails, but the NSA probably already has that data.
The issue is, some services won't communicate with you when you have a Tormail address, or it might look suspicious if they know what it is. There are use cases for clearnet email providers, and Safe Mail is one of the few that allows you to register over Tor.
-
I use tormail, But what would you say is he best clearnet email service?
I'd say countermail. Been using it for awhile now for sending and receiving sensitive documents/conversations.
-
easypeasy is also a free webmail service that works with Tor and doesn't require verification.
-
Anyone use riseup.net ?
-
I requested a riseup.net account about two months ago, they have not reacted so far.
I have a problem similar to OPs'. It's not that I can't use TorMail, but I'm not very happy with it. Does anyone have reliable information on how TorMail processes their data? It's more difficult on the darkweb to decide whether something is legit or not than it is on the clearnet.
I'm just looking for a transparent alternative to TorMail. Anyone knows of a reliabe, legit provider with transparent data policies?
-
I requested a riseup.net account about two months ago, they have not reacted so far.
SInce Riseup was mentioned in one of the anti-Prism sites, the number of requests for accounts have exploded, thus leading to more delays than usual.
I have a problem similar to OPs'. It's not that I can't use TorMail, but I'm not very happy with it. Does anyone have reliable information on how TorMail processes their data? It's more difficult on the darkweb to decide whether something is legit or not than it is on the clearnet.
I'm just looking for a transparent alternative to TorMail. Anyone knows of a reliabe, legit provider with transparent data policies?
With all due respect, you're missing the point here. A provider's policies are irrelevant, for the most part. When the Feds come along and demand your data, the provider has two basic choices:
* Knuckle-under and hand-over your data; or
* Lawyer-up, and fight 'em in court
Sadly, even well-heeled companies with lots of lawyers like Microsoft and Yahoo! have chosen the first option. Companies like Twitter, which chose the second option, are far more rare. Even in Twitter's case, where it refused to hand over the data of users like Birgitta Jonsdottir, and fought the Feds in court for 18 months, they still lost in the end and had to hand over the data. Furthermore, most companies reserve the right to change their privacy policies with little (if any) notice to the userbase.
As long as you're using SquirrelMail (i.e. no Javascript) the TorMail administrator should not be able to find out who you are. In any case, regardless of which email provider you eventually end up using, your email should be both encrypted and anonymized, so the authorities can neither read your email nor collect metadata/conduct traffic analysis.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
Thanks for the info, Nightcrawler!
Maybe policy was the wrong word for it. I get your point that whatever a provider writes about his policies most probably becomes irrelevant in a worst-case scenario.
Ill try to explain it better. What Im looking for is a provider that gives you information on how the input data is processed (logins, meta, text, contacts). Not actually where and how data is stored etc...
I am very interested in encryption and data security, but Im also very new to the whole topic, so forgive me if Im asking bullshit :)