TorMail any users?

Discussion in 'privacy technology' started by NexusPrime, Oct 14, 2011.

Thread Status:
Not open for further replies.
  1. NexusPrime

    NexusPrime Registered Member

    Joined:
    Oct 14, 2011
    Posts:
    2
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That is really cool. I had not heard of it. I did try Torchat with a member here. It was really cool too, in my opinion. Worked quite well. I'll have to give tormail a try.

    Here is torchat in case someone wants to take a look. http://code.google.com/p/torchat/
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Thanks for the new additions.
     
  4. strongsword

    strongsword Registered Member

    Joined:
    Oct 16, 2011
    Posts:
    36
    Thanks for letting us know about this
     
  5. NormanN

    NormanN Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    67
    I just set up a Tormail account, thanks!


    NN
     
  6. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Seems strange that the Tor Project never considered this before...

    Have a look at tormail.com LOL, makes me wonder did Tor Mail have this domain before...

    The Tor Project should protect their name, so that anyone wanting to create something that uses the name Tor has to go through some channels...

    For now I'd be cautious trusting logging into this and using it... :doubt:
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I had assumed that the Tor Project was behind this.
     
  8. The_Scour

    The_Scour Registered Member

    Joined:
    Oct 18, 2011
    Posts:
    10
    Not really strange at all, Das, and totally understandable. No cause for concern or alarm.

    There are numerous implementations of Tor ie; JanusVM and Torchat that use the Tor protocol but are not formally maintained by the Tor Project.
    Yet they are excellent.

    This is not an application per se, but an implementation of a Tor Hidden Service that is used to transport email. It's a service.

    Tor Hidden Services provide excellent true anonymity. In theory, servers are not geo-locatable and traffic over Hidden Services are encrypted end-end. No real need to use SSL or TLS with Hidden Services.

    You sign up for a Tormail account through Tor and accessing a Hidden Service, thus your originating IP is absolutely unknown.

    I can totally understand why the Tor Project doesn't utilize this. Tor is the base code for applications. The Tor Project does not, itself
    run services or host content. I can see potential risks for the Tor Project owing to potential abuse complaints. Something I doubt they'd want to be exposed to.


    Another huge advantage to running Hidden Services is that there are no exit nodes. Thus the potential that an exit node can potentially snoop your traffic in transit is eliminated.

    Let's just say that Hidden Services host some of the most sensitive, controversial materal on the Intenet owing to it's high degree of anonymity for those who require it.

    The only thing that concerns me is that using webamil, there is no way to utilize PGP. Tor would take care of the anonymity end, while PGP would lockdown privacy.

    Yet I think it would be possible to set up the Tormail protocols using, say Thunderbird as a client, which would utilize Enigmail, thus giving the use the ability to use PGP with Tormail.

    Over the years, Tor mail services have come and gone.

    A new addition is always welcome and merits and definitely merits a closer look.
     
  9. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I am a TorMail user now. :ninja:
    I feel like a ninja :D
     
  10. The_Scour

    The_Scour Registered Member

    Joined:
    Oct 18, 2011
    Posts:
    10
    And well you should!!

    Congratulations.

    You're about as stealth as you can get.
     
  11. NormanN

    NormanN Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    67
    RE:: PGP

    Can't you either just attach a text file, or use the 'current window' option and encrypt? I know some web message boards mess with formatting...which fubars PGP, but maybe the RoundCube interface doesn't?

    NN

    The one thing I didn't like was it seemed they disallowed punctuation in the password creation...and maybe numbers. I had to resort to a GRC haystack method...which is just as good, but still...
     
  12. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I know that this is a Tor Hidden Service, I'm just saying for now be careful...

    Also whoever runs this is not respecting the Tor Projects policy about using the Tor name in this manner which they aren't suppose to... So then when you don't show your respect I also question this...

    Look at what Tor had to say about this;

    Yes, we're aware. We've sent them email asking to honor our trademark guidelines or rename.

    The thing is, who is this hidden service, who's running this, that we know about, not much you can certainly see, in fact nothing and then someone that doesn't respect Tor's name. :(

    Just because someone is running a Tor hidden service and broadcasting it on the internet doesn't mean there is any credibility in this, in fact this is a great way in which to be malicious, to the unsuspecting...
     
    Last edited: Oct 19, 2011
  13. The_Scour

    The_Scour Registered Member

    Joined:
    Oct 18, 2011
    Posts:
    10
    Yes, yes. All good points.

    Perhaps in the future, Das, you can be more specific when mentioning a quote, noting the source. That would be helpful.
    Thanks.

    The usual precautions must always be accounted for whenever we hand our traffic over to anyone. Anyone.
    You never know who's on the wire.

    Tormail would be similar in nature to Torchat, which is also not formally affiliated with the Tor Project.

    https://www.torproject.org/docs/trademark-faq.html.en


    The beauty of traffic over Hidden Services is that you are utterly unknown to the service. Your IP address is never revealed.
    It is important to keep this in mind. The service provides end to end encryption. No system is bulletproof, but Hidden services
    provide strong anonymity.

    For my own purposes, as I previously stated, I'd prefer to use it in combination with PGP.
     
  14. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I did mention the source I said Tor, but let's make that the 'Tor Project' I contacted them asking about this and that is what they told me...

    I'm not worried about IP anonymity, we're talking about an email service, who built this backend, that we are going to 'Communicate' through, I'd be more worried here about your transmission of data then an IP... ;)
     
  15. parsec

    parsec Registered Member

    Joined:
    Aug 2, 2011
    Posts:
    68
    Location:
    /local/galaxy_cluster/milky_way/sol_system/earth
    I wish i could try Tormail, however i can't open the page.. with vidalia installed.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I use it. It may be slow. Various Tor hidden sites have been slow or unresponsive in recent days. It seems that #opdarknet has been attacking Freedom Hosting sites since the 14th or so. They may be using SlowLoris, and there may be network impacts. If you want more about that, see #opdarknet press releases on Pastebin, discussion on talk.masked, posts to tor-talk, and google news.
     
  17. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I tried it the other day and couldn't get it to work. I created an account but could not send a test message to myself.
     
  18. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Well I signed up and did a test email to gmail, so let's review those email headers shall we... ;)

    Code:
    Delivered-To: [email]blahblahblah@gmail.com[/email]
    Received: by 10.229.79.14 with SMTP id n14cs1790qck;
            Mon, 24 Oct 2011 00:51:05 -0700 (PDT)
    Received: by 10.150.135.19 with SMTP id i19mr18644893ybd.99.1319442665327;
            Mon, 24 Oct 2011 00:51:05 -0700 (PDT)
    Return-Path: <tormailbox@tormail.net>
    Received: from server2.hudsonvalleyhost.com (server2.hudsonvalleyhost.com. [66.7.195.77])
            by mx.google.com with ESMTPS id g4si8672576ybi.50.2011.10.24.00.51.04
            (version=TLSv1/SSLv3 cipher=OTHER);
            Mon, 24 Oct 2011 00:51:04 -0700 (PDT)
    Received-SPF: pass (google.com: domain of [email]tormailbox@tormail.net[/email] designates 66.7.195.77 as permitted sender) client-ip=66.7.195.77;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email]tormailbox@tormail.net[/email] designates 66.7.195.77 as permitted sender) smtp.mail=tormailbox@tormail.net; dkim=pass header.i=@tormail.net
    Received: from exit-01a.noisetor.net ([173.254.216.66]:45504 helo=internal.tormail.net)
    	by server2.hudsonvalleyhost.com with esmtpsa (TLSv1:RC4-SHA:128)
    	(Exim 4.69)
    	(envelope-from <tormailbox@tormail.net>)
    	id 1RIFJJ-003pm9-7o
    	for [email]blahblahblah@gmail.com[/email]; Mon, 24 Oct 2011 03:51:05 -0400
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tormail.net; s=tm;
    	h=Message-Id:X-TorMail-User:Subject:To:From:Date:Content-Transfer-Encoding:Content-Type:MIME-Version; bh=fdkeB/A0FkbVP2k4J4pNPoeWH6vqBm9+b0C3OY87Cw8=;
    	b=AjKrlzAhwrjU0y/0SC3aXH5B7k7oLYWrG4h6q2iEvtV2ofoYSGWIlyEnYQUEVlaKrShUlWdF6svPCsUoesbrnpBXAao7EbMI6kKgbcsHIGvrnIjYrQ773tJi7K/pbXaROmxIg49LtrTiKysoUcW+DjdkfJohMd05Pigl/MTT/hI=;
    Received: from tormailbox by internal.tormail.net with local (Exim 4.63)
    	(envelope-from <tormailbox@tormail.net>)
    	id 1RIFJD-000PGY-Cy
    	for [email]blahblahblah@gmail.com[/email]; Mon, 24 Oct 2011 07:50:59 +0000
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8;
     format=flowed
    Content-Transfer-Encoding: 7bit
    Date: Mon, 24 Oct 2011 07:50:59 +0000
    From: tormailbox <tormailbox@tormail.net>
    To: <blahblahblah@gmail.com>
    Subject: Test
    X-Sender: [email]tormailbox@tormail.net[/email]
    X-TorMail-User: tormailbox
    Message-Id: <1RIFJD-000PGY-Cy@internal.tormail.net>
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - server2.hudsonvalleyhost.com
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - tormail.net
    X-Source: 
    X-Source-Args: 
    X-Source-Dir: 
    
    Test
    
    
    Well well well, what do you see guys? ---> server2.hudsonvalleyhost.com (66.7.195.77)

    To tell you the truth I'm not so sure we can call this much of anonymity. :(
     
  19. NormanN

    NormanN Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    67
    I noticed the same thing when I looked at my headers. The IP is out of Orlando, FL and belongs to: http://www.mhssc.org/ I'll leave it to the anon experts to chime in on if this is bad.

    NN
     
  20. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I'd be curious to know what that means.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    That's explained in "How Tor Mail Works". The internet facing mail servers are just relays.
     
  22. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks.
     
  23. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I didn't dig much, I was just saying that server2.hudsonvalleyhost.com looks like where the server(s) is being hosted is all...
     
  24. uxamma

    uxamma Lurker

    Joined:
    Nov 1, 2011
    Posts:
    1
    Personally, I would never trust a mail server whose contents are in the US or its allies, unless I could be assured the contents were encrypted to and from me -- and on the final destination server platter.

    I tried out Tor mail and found it incredibly slow... and in the end, failed to see how it is better than using full encryption on Gmail (a la GnuPG). Plus, I had to install Vidalia to use it, which I ended up not wanting to do.
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    You raise an important point. Once Tormail messages reach the internet facing mail servers, they are encrypted only if you encrypted them before sending, using GPG or whatever. Like Tor, Tormail focuses on anonymity, not privacy.

    Yes, Tor can be slow. It's been especially slow during OpDarknet's war on pedos.
     
Loading...
Thread Status:
Not open for further replies.