Quote from: astral on April 21, 2013, 02:17 pmIn a nube security guide here, it suggests to create Forum account name same as Tor Mail account name. Seems to me that that coupling adds an inter-dependency such that if Tor Mail itself, or the Tor Mail account, gets compromised, then you could be tracked to your account here.In a different topic here a nube asked about using same account for SR main site and for this forum. The answer was affirmative (do it if you want to), but it looks like the person answering was considering only convenience, not security.I have a similar concern about adding any real email addr to one's PGP key ID. It's definitely useful, for recognition purposes, to have an email addr in a publicy key used for non-anonymous purposes, but I certainly don't want to link my clearnet email addr with my Tor-purposed PGP keypair, and I wonder if it would add an inter-dependency risk (similar to that explained above) if my Tor-purposed PGP keypair is linked with my Tor Mail addr (by including it in the key ID).If there is no practical risk, I would prefer the convenience of using same account name in my GPG key, Tor Mail account, SR main site, SR forum. Could a Tor expert or anonymity expert advise please?Those are all good questions I wish people would ask more often. A +k for you.1. Use an email account, that you setup and access exclusively through Tor. Doesn't have to be Tormail. Such an account should be used exclusively for SR related communications. All communications should be PGP encrypted. Never communicate with somebody using it that you know in real life. We assume that Tormail and every other email provider is potentially a honeytrap by LE agents. So long as we don't use them for normal emails, and so long as we encrypt everything with PGP and access the service only with Tor, then we're good. If you don't want to use Tormail and you feel uncomfortable using a gmail/hotmail/yahoo webmail account in this way, then use an email service from one of America's buddies, such as the PRC or Russia.2. Put this real email you've setup, into your email field of your PGP public key when you create (or edit) it. This can be useful as a backup in the future if some hidden services are attacked. And widely publicize your PGP public key.3. Unlike the other person, I say DO NOT use the same username for your SR account as your SRF account username also. If you want to socialize you should be using a different username and style of writing/personality, and keep a SRF username separate for business only e.g. vendor feedback threads (and to prevent "username squatting" so people can't impersonate you so easily).4. Never ever use a clearnet email address that is your real email address, I only mention so because people have sent me PGP keys with their real names and email addresses in them before. Don't do that, I don't want them, follow the instructions 1,2,3.5. We assume that SR and SRF are in fact, hacked. So you should be using PGP for sensitive communications, your PMs are not necessarily private. Pretend they are as public as this message you're reading, and that shall give you the correct level of caution.