how should i use webmail with tor?

Actually, that isn't the whole truth Caspian. What isn't understood by most of the people writing these articles is that https can be faked with legitimate intermediate certificates forged onto fake end-site certificates, from what I've heard. That means full https MITM / masquerade. Perhaps Kyle has more to say about it.

 

Are you referring to the research regarding the weaknesses found in the MD5 hash algorithm?

 

No, sadly. I'll get more info on it.

 

Bruce Schneier on the potential security problems of web-based encrypted email:

 

There is a fourth more pressing point than all of Bruces. Webmail is regularly hacked. Every month. Multiple times per month. Hackers find ways to forge a session or use an active session to access mail outside of their permissions. This is the problem of webmail altogether. The mechanism that interacts between the interface and the backend mail server is typically the issue, IMHO.

 

And Bruce Schneier on Tor:

The comment below was posted in response to the Tor essay. If true, it supports what Steve is saying:

 

Dogbiscuit, nothing can magically encrypt everything. Unless if the final destination supports encryption ssh/https. So, vpn shouldn't be more secure then Tor if you really want to hide something. Who knows who's behind those vpn providers. Could be a number of things. Criminals, cops....

 

A VPN will be more secure from interference than tor because anyone can participate in Tor, making Tor traffic easy to access by an unlimited amount of absolute strangers/evil folks. A corporation will have to be the only entity on VPN exit traffic, and is significantly more likely to be less evil than strangers since they have a profit motive.

 

Sounds like fun but I can see a few problems and 'inevitabilities' in using a cantenna. In England they've made it illegal to use someone elses wifi dishonestly.
http://www.opsi.gov.uk/ACTS/acts2003/ukpga_20030021_en_13#pt2-ch1-pb20-l1g125
http://crave.cnet.co.uk/accessories/0,39101000,49292380,00.htm

I don't think this applies when you have permission from the person whos internet services your are borrowing, but something like war driving and any associated equipment (e.g cantenna) is potentially illegal now and the bobbies in England are not afraid to harass anymore

 

I dissagree. Nothing personal Steve. However, I am quite sure that semi-criminals or cops are running many of those VPN providers. On Tor at least circuits are rotating quite often. So, as long as you're not doing something extremelly bad, even if Man in The Middle successfully attacks me, who cares? If I follow the rules, and use Tor for what it is suppoused to be used.....I don't really care.

What I am trying to say, I would rather trust my ISP when doing something personal, instead of using some VPN's and allowing them to monitor my personal activities. I see those VPN offers in general too good to be true. There must be a catch.