how should i use webmail with tor?

im confused about how i should be using webmail when im running tor.

most webmail seems to require javascript but this is a risk because it can give away your ip

what webmail services are ideal to use with tor and how should i use them

 

You absolutely 100% should NEVER use webmail with Tor, not for any reason.

 

what should i use then? how for example do i sign up to forums or websites anonymously if i cant access anonymous mail

 

If you don't mind those email accounts being compromised by hackers running tor exit nodes, no problem. A better solution is to just use Yopmail for such signups. No security, no real address.

 

i used mailinator for this one. is that the same type of service as yopmail.

how do people communicate with each other then when they use tor. i thought the purpose of tor was to help people like journalists, human rights campaigners etc be able to contact each other.

 

That may be it's purported goal, but that isn't what it does exactly. Really, you can surf anonymously to some degree, but trying to beinteractive anonymous with free services like tor will only expose your information to others, not hide it.

Anonymity Myth #6: Nobody can eavesdrop or tamper with your communications when you are anonymous.

 

Here is some Proof as to what Steve is saying, you should never use any personal Identifying information or personal accounts wile using Tor!

http://www.civiblog.org/blog/_archives/2007/11/15/3355919.html

yup after reading more on the subject, I would use XeroBanks services, but I cant afford it at the moment, it would make my internet bill $70 per month

 

Go the extra 16.7 miles and drop your ISP, or build your own cantenna.

 

Have you looked at the other service? http://shadowvpn.com/

 

LOL, I would be in a van down the street leeching unsecured WiFi before I Shxt where I sleep!

10 GB per month kinda sucks,and what the?

then they say

It just doesn't add up?

 

I keep my wifi open so that any passing folks can use it. I view it kind of like a Free Kittens box someone puts on their lawn. Please, take all you want, I have plenty.

 

OK Im going off topic, but it was fun

you know you can get a very nice laptop for 50 bucks from a crackhead that jacks to support his habits! LOL

Anyway take it easy duds!

 

Are you serious? LOL!

 

Well maybe you should get one of those and just drop by Steve's neighborhood for a free connection.

 

sure. and apparently I'm not the only one.

 

I like the way he puts it. It's the polite thing to do. But what about these stories that you hear about peole driving up to your home and using your connection to commit crimes?

 

Ok I couldnt stay away

yea, Im only 3 month's in on a triple package contract, only 9 more months to go, but I love my HIDEF & DVR, couldn't let it go ever, until I die!

Yes I can see where this would add extra security? Kind of, OK where do you have your secret laptop hidden LOL just kidding!

I think im going to be reading more of schneiers papers in the future!

 

nobody answered the above about mailinator. i take it that people on here dont or no longer use tor.

ive been reading some other posts and seen xerobank mentioned. what is this service?

could someone please give me the definitive step by step answer to " how to use and set up email securely on the web? "

 

It should be fine as long as you access webmail with SSL. Would be even better to encrypt the actual E-mails with GPG though (in addition to SSL to protect login details, of course). The only reason for not using Tor with Webmail is the risk of a malicious exit node, but with end to end encryption this is not really a risk.

 

I disagree. Webmail is inherently insecure. Tor is inherently untrustworthy. Mixing the two is a very bad idea. The exit node can even be deceptive if you are using an SSL connection, as demonstrated recently.

So even SSL is not safe on Tor.

 

Hi Steve,

Was wondering if you (Xerobank) still offer the cheaper service, eg., the one that was just around 10gb of data transfer and was around 10$ I believe ?
I remember reading about it here but a search on this forum isn't going to turn up much. Atleast not for me.

 

ShadowVPN

 

Wow that is pretty scary. And the guy that created it is giving this software away to people? Does Xerobank protect from this type of invasion?

 

As usual, XeroBank is not vulnerable to this attack.

 

That article is misleading because it only tells part of the story.

If https is used instead of http (or a bookmarked secure page) when first connecting to secure sites, then this particular attack is not possible. Even connecting through Tor, the connection should still be encrypted securely.

The MiM attack is possible because people expect to be able to transition securely between http and https. It's this assumption that's mistaken and allows the attack to take place. If you first connect through an insecure page, then you have no guarantee the connection is encrypted after transitioning to what seems to be a secure page, especially over Tor.

Connections to a secure site should always use https only (https://mail.google.com).