how should i use webmail with tor?

Discussion in 'privacy technology' started by magenta, Feb 19, 2009.

Thread Status:
Not open for further replies.
  1. magenta

    magenta Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    20
    im confused about how i should be using webmail when im running tor.

    most webmail seems to require javascript but this is a risk because it can give away your ip

    what webmail services are ideal to use with tor and how should i use them
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    You absolutely 100% should NEVER use webmail with Tor, not for any reason.
     
  3. magenta

    magenta Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    20
    what should i use then? how for example do i sign up to forums or websites anonymously if i cant access anonymous mail
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    If you don't mind those email accounts being compromised by hackers running tor exit nodes, no problem. A better solution is to just use Yopmail for such signups. No security, no real address.
     
  5. magenta

    magenta Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    20
    i used mailinator for this one. is that the same type of service as yopmail.

    how do people communicate with each other then when they use tor. i thought the purpose of tor was to help people like journalists, human rights campaigners etc be able to contact each other.
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
  7. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Here is some Proof as to what Steve is saying, you should never use any personal Identifying information or personal accounts wile using Tor!

    http://www.civiblog.org/blog/_archives/2007/11/15/3355919.html

    yup after reading more on the subject, I would use XeroBanks services, but I cant afford it at the moment, it would make my internet bill $70 per month :doubt:
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Go the extra 16.7 miles and drop your ISP, or build your own cantenna. :D
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Have you looked at the other service? http://shadowvpn.com/
     
  10. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    LOL, I would be in a van down the street leeching unsecured WiFi before I Shxt where I sleep! ;)

    10 GB per month kinda sucks,and what the?

    then they say

    It just doesn't add up?
     
    Last edited: Feb 19, 2009
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I keep my wifi open so that any passing folks can use it. I view it kind of like a Free Kittens box someone puts on their lawn. Please, take all you want, I have plenty.
     
  12. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    OK Im going off topic, but it was fun

    you know you can get a very nice laptop for 50 bucks from a crackhead that jacks to support his habits! LOL

    Anyway take it easy duds!
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Are you serious? LOL!
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Well maybe you should get one of those and just drop by Steve's neighborhood for a free connection.:D
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    sure. and apparently I'm not the only one.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I like the way he puts it. It's the polite thing to do. But what about these stories that you hear about peole driving up to your home and using your connection to commit crimes?
     
  17. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Ok I couldnt stay away
    yea, Im only 3 month's in on a triple package contract, only 9 more months to go, but I love my HIDEF & DVR, couldn't let it go ever, until I die!

    Yes I can see where this would add extra security? Kind of, OK where do you have your secret laptop hidden LOL just kidding!

    I think im going to be reading more of schneiers papers in the future!
     
    Last edited: Feb 19, 2009
  18. magenta

    magenta Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    20
    nobody answered the above about mailinator. i take it that people on here dont or no longer use tor.

    ive been reading some other posts and seen xerobank mentioned. what is this service?

    could someone please give me the definitive step by step answer to " how to use and set up email securely on the web? "
     
  19. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    It should be fine as long as you access webmail with SSL. Would be even better to encrypt the actual E-mails with GPG though (in addition to SSL to protect login details, of course). The only reason for not using Tor with Webmail is the risk of a malicious exit node, but with end to end encryption this is not really a risk.
     
  20. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I disagree. Webmail is inherently insecure. Tor is inherently untrustworthy. Mixing the two is a very bad idea. The exit node can even be deceptive if you are using an SSL connection, as demonstrated recently.

    So even SSL is not safe on Tor.
     
  21. PokerFacehatinspam

    PokerFacehatinspam Registered Member

    Joined:
    Feb 16, 2009
    Posts:
    3
    Hi Steve,

    Was wondering if you (Xerobank) still offer the cheaper service, eg., the one that was just around 10gb of data transfer and was around 10$ I believe ?
    I remember reading about it here but a search on this forum isn't going to turn up much. Atleast not for me.
     
  22. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
  23. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Wow that is pretty scary. And the guy that created it is giving this software away to people? Does Xerobank protect from this type of invasion?
     
  24. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    As usual, XeroBank is not vulnerable to this attack.
     
  25. Dogbiscuit

    Dogbiscuit Guest

    That article is misleading because it only tells part of the story.

    If https is used instead of http (or a bookmarked secure page) when first connecting to secure sites, then this particular attack is not possible. Even connecting through Tor, the connection should still be encrypted securely.

    The MiM attack is possible because people expect to be able to transition securely between http and https. It's this assumption that's mistaken and allows the attack to take place. If you first connect through an insecure page, then you have no guarantee the connection is encrypted after transitioning to what seems to be a secure page, especially over Tor.

    Connections to a secure site should always use https only (https://mail.google.com).
     
    Last edited by a moderator: Mar 4, 2009
Loading...
Thread Status:
Not open for further replies.