Silk Road forums
Discussion => Security => Topic started by: cindylove on September 22, 2013, 10:49 am
-
Hello,
I was a user of tormail, but since they've shut down, I'm looking for a reliable and secure alternative that I can access via tor without compromising my identity. Any suggestions? Thanks.
-
Please don't lambaste me if I'm totally off here, but one option is to use Thunderbird.
-- Set it up so that it connects using Tor's SOCKS5 proxy
-- When you first use Thunderbird it asks you if you want a new e-mail address at gandhi.net or some other place
-- Sign up for that
-- Install the Enigmail plug-in for easy GPG usage
-- Go to town, only using digitally signed and encrypted e-mails with a 4096-bit RSA key pair used only for this e-mail address
I must admit I haven't signed up for any of these services so I don't know exactly what information they request during registration. But if you can completely bullshit them, this would be a decent alternative.
-
Please don't lambaste me if I'm totally off here, but one option is to use Thunderbird.
-- Set it up so that it connects using Tor's SOCKS5 proxy
-- When you first use Thunderbird it asks you if you want a new e-mail address at gandhi.net or some other place
-- Sign up for that
-- Install the Enigmail plug-in for easy GPG usage
-- Go to town, only using digitally signed and encrypted e-mails with a 4096-bit RSA key pair used only for this e-mail address
I must admit I haven't signed up for any of these services so I don't know exactly what information they request during registration. But if you can completely bullshit them, this would be a decent alternative.
Thanks but I'd prefer an online service I can access through tor. For security reasons, I'll be accessing the account using Tails (without persistence) so I'd have to set up thunderbird each and every time which isn't practical.
-
Safe-mail.net??
-
safe mail is a target. choose a non-usgov controlled provider, like a relatively unknown webmail.
-
suggestions? Tormail was a god send and not just for SR. It was more a useful tool for so many things.
-
well, with TOR down it'd have to be something off net, right?
-
tormail never seemed so secure.. too many 'secure email works like a PRO' products have come and gone bruised and bloodied...
To avoid the pitfalls you will inevitably encounter with any email service, look at using innovative combinations of communication methods. spam4.me fills one part of the communication requirements quite nicely when used appropriately. There are numerous ways to tie these fire and forget emails with some other means of exchanging data to ensure secure communication and keep prying eyes away by operating in a manner they are not equipped to monitor
-
safe mail is a target. choose a non-usgov controlled provider, like a relatively unknown webmail.
Isn't SAFe-mail controlled by Israel?
-
The issue is that SAFe-mail is a high value target which likely either is a passthrough to Israeli intelligence and the NSA, or is a high value target / honeypot just screaming "BREAK INTO ME" to aforementioned spook services
Use something innocuous
-
spam4.me fills one part of the communication requirements quite nicely when used appropriately.
spam4.me is an incredible resource! Thanks for mentioning this. However, are mails sent from a spam4.me address usually sent straight to Junk folders?
-
Id say drop the .onion mailbox alltogether. theres been to much heat on anonymous email in the last 6 months
stick to something like yahoo, gmail, aol etc.
much love_mcrad!
-
Well not to come back and sound ungrateful for information, but nothing here sounds like tormail 2.0. Specifics to why I was interested in tormail was simple. For the gray area business (non drug related) I wanted to start it would require a set up of having an offshore head office that received emails. These emails would need to come from onshore clients (and sent to them as well) from the onshore office, but the onshore office needs to communicate with the offshore office.
Now gmail and all that could be used for this. the msgs between on shore and off shore offices could easily be encrypted. But even with encryption there is still a clear msg being sent from office a to office b. that is a slight issue. Just in the sense of office b has a clear on shore location and internet service it wouldn't take anyone long to check into it's IP and email address. Likewise can be said from customers. It COULD (as in possibly) cause them to become the subject of interest. It also requires more technical knowledge to use pgp.
Bare in mind what i'm talking about isn't illegal. It would have an actual store front. But having people email in and having those emails not only being able to be read (assume the avg person won't/can't use pgp, though this isn't the largest problem as no sensitive information is passed) but it will have clear identifiers on it linking the person to the company.
So again I ask what is a reasonable alternative to tormail? as no sensitive information is passed I simply require email that doesn't provide a persons IP and is simple enough that the avg computer retard can use it.
-
bitmessage.ch which has a hidden service at bitmailendavkbec.onion
It's a gateway for Bitmessage which you don't ever have to use if you don't want to. Steve Gibson said Bitmessage is not ready for primetime. SR's resident crypto experts kmf and astor both ripped into it as well. But as far as an e-mail service goes it's just like Tormail. You setup an account and then access it with Thunderbird using Torbirdy and Enigmail/GPG. Very very easy and it's not likely to get shutdown anytime soon because its adoption is still relatively low (but growing fast). The only catch is that your e-mail address is a complicated 30 something character jumble. Not a big deal if you're already using GPG and Tor but still. Always use your copy and paste functions. Problem solved.
-
Hello,
I was a user of tormail, but since they've shut down, I'm looking for a reliable and secure alternative that I can access via tor without compromising my identity. Any suggestions? Thanks.
I've recently found that mailinator works pretty well..you don't even have to sign up for an email, just type whatever email you want in wherever requires an email and it creates it for you.
-
Thankyou Baraka. I'm very unfamiliar with bitmsg but it appears I will have to do some looking into it.
OTR chat might also work. I'm unfamiliar with it as well but saw someone mention it.
To be honest after a little consideration I don't require persons to contact the business using ip masking mail. I don't think I really care if their ip is found or not. no sensitive information and a legit business so there is no major harm. It is best that they aren't identified but even if people are it doesn't matter. I personally need the anonymous email (or way to communicate) as I don't want the offshore location being connected to the onshore. Even then there is no sensitive info, more just a way to keep separation.
-
pigeons
-
Id say drop the .onion mailbox alltogether. theres been to much heat on anonymous email in the last 6 months
stick to something like yahoo, gmail, aol etc.
much love_mcrad!
Sure there has been heat on anonymous email providers in the past 6 months, but that is no reason to be steering people to the most vulnerable, easily surveilled services in existence.
Lavabit founder Ladar Levison had it right, when he advised people to avoid U.S.-based email services. This goes double, when one considers the pathetically poor adoption of encryption to protect one's email traffic. It has been estimated that upwards of 80% of people on here do not use PGP even communicating their shipping addresses to vendors. Its usage for email is even lower.
This is simply some of the worst advice I've ever seen handed-out here.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
lol +1
Unlike Google, Yahoo actually allows you to setup an account via Tor. But I bet they'll eventually either sell those anonymous accounts down the river or just suddenly axe them all one day. Exactly like Tormail. Yandex in Russia is another large provider which allows the same. But if you listen to the chatter over there you'll know that they have Tor users in their gunsights as well. Maybe even more than here. It doesn't look good on either side of the world. That's for damn sure. >:(
The moral of the story? Don't trust any large providers or even any providers which don't offer a hidden service over Tor.
Sure there has been heat on anonymous email providers in the past 6 months, but that is no reason to be steering people to the most vulnerable, easily surveilled services in existence.
Lavabit founder Ladar Levison had it right, when he advised people to avoid U.S.-based email services. This goes double, when one considers the pathetically poor adoption of encryption to protect one's email traffic. It has been estimated that upwards of 80% of people on here do not use PGP even communicating their shipping addresses to vendors. Its usage for email is even lower.
This is simply some of the worst advice I've ever seen handed-out here.
Nightcrawler
-
This all depends on your threat model, for encrypting communications a provider with imap support with thunderbird enigmail torbirdy is the best, but then you are relying on others to send with pgp and not just expose your communications through plaintext messages. If that is not possible, then you will need to find a hidden service email provider and trust them. The last resort is to use a clearnet provider with tor and hope they dont start attacking you, but then again it doesnt matter as everything that passes through the internet eventually makes its way into government databases, especially email.
So in short, mandatory pgp with audience + obscure clearnet email provider OR Tor-only hidden-service provider + forgoe pgp (due to lack of adoption by audience).
There was a service called Torbox that did tor only emails, and URSSmail that did tor to clearnet but last time i tried them neither seemed to work.
URSSmail
http://f3ljvgyyujmnfhvi.onion/
-
There was a service called Torbox that did tor only emails, and URSSmail that did tor to clearnet but last time i tried them neither seemed to work.
Ditto. I setup a couple of separate accounts on TorBox a few days apart and they both failed. I haven't tried URSSmail but now definitely won't.
-
Lot of good info, thanks all.
-
http://lelantoss7bcnwbv.onion/index.html
havent tried them yet, but planing. Seems to be an alternative to tormail, just paid one
-
Can you pay anonymously? I wouldn't mind paying, but I want to use bitcoin.
-
seems there's enough consensus here to establish that:
1. mail serving companies are shit and are all going to be insecure
2. the 'secure' ones are just painting a big red X on themselves for law enforcement to target
3. another means of communication other than just email, even when encrypted, is ideal
so....
tormail was not a good way to communicate
there are precious few secure ways to communicate
and may be none depending on your level of tech saviness..