[set
where, how is it stored, for how long?]
Specific location will depend on the browser and implementation. There
may be guidance in the RFC but I can't remember the specifics. You
could check https://tools.ietf.org/html/rfc6797 and the chrome/firefox
implementations to get the exact
Seems like there's a bit of confusion regarding what a bad exit node can
and can't do here.
For many sites, you can trivially strip the SSL connection request as
the exit node, downgrading it to vulnerable plaintext just by using
ssl-strip. There'd be no cert warning, but smart users will
On 2/21/2013 4:58 PM, survivd wrote:
Seems like there's a bit of confusion regarding what a bad exit node can
and can't do here.
For many sites, you can trivially strip the SSL connection request as
the exit node, downgrading it to vulnerable plaintext just by using
ssl-strip. There'd be no
On Tue, 19 Feb 2013 18:51:55 -0800 (PST)
Mysterious Flyer mysteriousfl...@yahoo.com wrote:
Yes, thank you. That is EXACTLY what I was looking for. I was
thinking that the Tor Project ought to have a list of super-trusted
hidden services, as well as a list of known violators.
We're not
On 2/11/2013 9:51 PM, Griffin Boyce wrote:
There are some good ones out there, but if you're using Tor to create the
account and login, you should know that many have started blocking Tor
users (or deactivating their accounts in the case of Yahoo). Size could
also be an issue, but if you're
On Mon, 18 Feb 2013 23:51:58 -0700
Jim jimmy...@copper.net wrote:
Mysterious Flyer wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's super-duper
easy for a person's user names and passwords to get hacked when accessing
e-mail over Tor. I also noticed that someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Joe Btfsplk:
On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's
super-duper easy for a person's user names and passwords to get
hacked when accessing e-mail over Tor. I also noticed
scarp:
Joe Btfsplk:
On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's
super-duper easy for a person's user names and passwords to get
hacked when accessing e-mail over Tor. I also noticed that
someone has been reading my gmails
On Mon, Feb 18, 2013 at 10:01 PM, Mysterious Flyer
mysteriousfl...@yahoo.com wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's
super-duper easy for a person's user names and passwords to get hacked when
accessing e-mail over Tor. I also noticed that someone has been
On 2/19/2013 2:11 AM, adrelanos wrote:
scarp:
On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's
super-duper easy for a person's user names and passwords to get
hacked when accessing e-mail over Tor. I also noticed that
someone has
IMO, only stupid idiot doesn't use https with gmail.
That's why I think all talkings about gmail and beeing hacked is useless.
Let him set Use always https in the gmail settings, then log out, log in,
change password and secure q/answer and that's all.
This should be about Tor and Tor close
Griffin Boyce:
On Mon, Feb 18, 2013 at 10:01 PM, Mysterious Flyer
mysteriousfl...@yahoo.com wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's
super-duper easy for a person's user names and passwords to get hacked when
accessing e-mail over Tor. I also noticed that
IMO, only stupid idiot doesn't use https with gmail.
That's why I think all talkings about gmail and beeing hacked is useless.
Let him set Use always https in the gmail settings, then log out, log in,
change password and secure q/answer and that's all.
This should be about Tor and Tor close
In all the multiplicity of good ideas here, here's a A Tutorial on
Anonymous Email Accounts from the Electronic Frontier Foundation -
https://www.eff.org/deeplinks/2012/11/tutorial-how-create-anonymous-email-accounts
and two, related, wiki subject pages at World University and School,
which is
not already been given?
Signed,
The REAL mysterious flyer.
From: Joe Btfsplk joebtfs...@gmx.com
To: tor-talk@lists.torproject.org
Sent: Tuesday, February 19, 2013 12:36 PM
Subject: Re: [tor-talk] Email provider for privacy-minded folk
On 2/19/2013 12:21 PM
On Tue, 19 Feb 2013 17:07:54 -0800 (PST)
Mysterious Flyer mysteriousfl...@yahoo.com wrote:
[...]
2. I used a dedicated Tor Mail account to open the anonymous Torrified
Yahoo account, and then only ever used the Yahoo account to post to this
forum.
[...]
I have my suspicions about Tor
Joe Btfsplk:
On 2/19/2013 12:21 PM, adrelanos wrote:
Griffin Boyce:
I hate to call shenanigans on this, but it seems extremely
unlikely that someone would hack your email account and then
use it to post to the Tor mailing list. Or any mailing list.
Confirmed.
What do you mean by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Mysterious Flyer:
OK, more information on the circumstances:
1. The whole reason I started up with all this privacy and
anonymous stuff was because someone had hacked my gmail account,
and was trying to ruin my life. I happen to know from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
k e bera:
On Tue, 19 Feb 2013 17:07:54 -0800 (PST) Mysterious Flyer
mysteriousfl...@yahoo.com wrote:
[...] 2. I used a dedicated Tor Mail account to open the
anonymous Torrified Yahoo account, and then only ever used the
Yahoo account to post
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Mysterious Flyer:
From k e bera keb at cyblings.on.ca : Only to comment on the
Tor Mail points, and i think Andrew mentioned it on this list
before, Tormail.org is not affiliated with Tor Project.
Furthermore, they are listed on this page:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
scarp:
As for torguard.net I'm not quite sure what they are inferring by
the usage of 'tor' in the name, as I don't believe it would use Tor
for anything. To me it just looks like a anonymous VPN provider,
one which was reviewed by TorrentFreak:
On 2/19/2013 7:07 PM, Mysterious Flyer wrote:
OK, more information on the circumstances:
1. The whole reason I started up with all this privacy and anonymous stuff
was because someone had hacked my gmail account, and was trying to ruin my life. I happen to know
from their IP address that
online purchases through Tor.
From: Joe Btfsplk joebtfs...@gmx.com
To: tor-talk@lists.torproject.org
Sent: Tuesday, February 12, 2013 5:46 AM
Subject: Re: [tor-talk] Email provider for privacy-minded folk
On 2/11/2013 9:51 PM, Griffin Boyce wrote:
There are some
On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's super-duper
easy for a person's user names and passwords to get hacked when accessing
e-mail over Tor. I also noticed that someone has been reading my gmails (since
they were marked
Mysterious Flyer wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's super-duper easy for a person's user names and passwords to get hacked when accessing e-mail over Tor. I also noticed that someone has been reading my gmails (since they were marked as read), so I changed my
Hi,
On 13.02.2013 22:47, Joe Btfsplk wrote:
One item is how long providers retain mail, after you delete it. Some
don't store at all; - to hrs / days / months / indefinitely.
It is unlikely that any mail provider wipes/shreds mails on deletion and
while they go through the various processing
On 13.02.2013 22:47, Joe Btfsplk wrote:
I suppose even providers offering encryption of files while on their
server (like Lavabit), could read the mail just before it was encrypted
/ decrypted, since they are doing the encrypting.
Even if they encrypt maildirs on their servers and unlock only
Moritz Bartl:
On 13.02.2013 22:47, Joe Btfsplk wrote:
I suppose even providers offering encryption of files while on their
server (like Lavabit), could read the mail just before it was encrypted
/ decrypted, since they are doing the encrypting.
Even if they encrypt maildirs on their servers
k e bera wrote:
Hoping to be helpful, i transcribed that PDF to the tor wiki:
https://trac.torproject.org/projects/tor/wiki/doc/EmailProviderComparison
Thanks for transcribing that!
I realize you are only the transcriber, but if I understand the table
correctly I see some errors/ambiguities
Hi,
On 14.02.2013 11:42, adrelanos wrote:
What if Hushmail (or any other mail provider) had recommended the user
to install a browser add-on to do encryption locally?
Could they get forced to convince the user to install a malicious
browser add on, on request by law enforcement?
Most likely.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Moritz Bartl:
Hi,
On 14.02.2013 11:42, adrelanos wrote:
What if Hushmail (or any other mail provider) had recommended the
user to install a browser add-on to do encryption locally? Could
they get forced to convince the user to install a
On 2/14/2013 4:42 AM, adrelanos wrote:
Moritz Bartl:
On 13.02.2013 22:47, Joe Btfsplk wrote:
I suppose even providers offering encryption of files while on their
server (like Lavabit), could read the mail just before it was encrypted
/ decrypted, since they are doing the encrypting.
Even if
On Tue, Feb 12, 2013 at 11:41 PM, Maxim Kammerer m...@dee.su wrote:
On Wed, Feb 13, 2013 at 6:05 AM, Griffin Boyce griffinbo...@gmail.com
wrote:
This is an oft-overlooked point about Riseup. They never did approve me
for an account. I'm sketchy. ;P
Don't say... Do you approve of “a
Il 12/02/2013 21:21, Joe Btfsplk ha scritto:
I went read a LOT on their site. One problem is, they say it may take
1 day or 10 to answer a support request. They're all volunteers.
That's fine. Except if the support issue is your acct is locked, not
because of your actions, 10 days is a
Hi tor-talk,
Thanks for the information about email providers.
Obviously, I currently use Lavabit but this email, and activity it's
used with, is kept separate from my real life. My real life email
has been on GMail for a long time, which is what needs to change. Two
things I really like
On 12/02/2013 3:04 PM, grarpamp wrote:
The rest are just shopping items, but when you do find one, consider
sending them a donation and a note about why you chose them once
in while.
I hope I didn't sound as though I was looking for a free meal in my
original posting when I said that a free
On 12/02/2013 3:15 PM, Joe Btfsplk wrote:
Here's an article someone pointed out on email providers privacy; if
allow signing up w/ Tor, etc.: the_simple_computer
http://www.thesimplecomputer.info/articles/email-for-privacy.html
They all have + -, depending on needs. For many, if read TOS
On 13/02/2013 7:21 AM, Joe Btfsplk wrote:
I didn't see if they offer aliases (or disposable addresses).
The link you provided in your first response
(http://www.thesimplecomputer.info/articles/email-for-privacy.html) says
Autistici offer 5 aliases. I didn't read any confirmation of this on
://blog.jpunix.net
From: Ted Smith te...@riseup.net
Sent: Tuesday, February 12, 2013 11:11 PM
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Email provider for privacy-minded folk
On Tue, 2013-02-12 at 11:23 -0600, Joe Btfsplk wrote:
On 2/12/2013 8
On 12.02.2013 01:47, bvvq wrote:
* Privacy-conscious (don't parse my emails to target advertisements to
users)
Email was not born in an era when privacy was any concern. In a way,
privacy was using the email as only few knew how to use it. That means
plain text connections. That means a
I use riseup as well. They have always been great for me, including when
I've had a minor problem or two -- such as when emails from a list for
freelance writers were accidentally marked as spam. That ticket was
fixed right away. The only trouble I have with riseup is the 2 MB limit
for outbound
Hi guys girls,
I'm the person behind /the_simple_computer/, nice to see the site making
the rounds here.
To address a few concerns some people brought up, Autistici took 2 days
to approve my account. I sent them some questions after the account was
made and the replies were always in my inbox
On Wed, 2013-02-13 at 13:14 -0700, the_simple_computer wrote:
3. Autistici and
Riseup are two companies worth donating to, imo but especially if
you're
using their service.
This is a nitpick, but riseup.net isn't a company. Riseup Labs
(http://riseuplabs.org/) is a registered (donations
How truly important is webmail for you all?
Can you use your client and survive with a provider that only offers:
IMAP over SSL
Submission with STARTTLS
(and maybe legacy SMTP over SSL)
(and maybe legacy POP3 over SSL)
If the server enforces message expiry and deletes
oldest messages, what
On 2/13/2013 3:58 AM, bvvq wrote:
On 12/02/2013 3:15 PM, Joe Btfsplk wrote:
Here's an article someone pointed out on email providers privacy; if
allow signing up w/ Tor, etc.: the_simple_computer
http://www.thesimplecomputer.info/articles/email-for-privacy.html
They all have + -, depending on
On 2/13/2013 2:14 PM, the_simple_computer wrote:
Hi guys girls,
I'm the person behind /the_simple_computer/, nice to see the site making
the rounds here. ...
...
If anyone spots any errors in the email article or something that
doesn't align with their observations (grammar nazis also
On 2/13/2013 3:47 PM, Joe Btfsplk wrote:
On 2/13/2013 3:58 AM, bvvq wrote:
On 12/02/2013 3:15 PM, Joe Btfsplk wrote:
Here's an article someone pointed out on email providers privacy; if
allow signing up w/ Tor, etc.: the_simple_computer
On Wed, 13 Feb 2013 22:22:22 -0600
Joe Btfsplk joebtfs...@gmx.com wrote:
Sorry, but when I tried the download from Bayfiles, clicking on the big,
orange download button, it tries to d/l iLividSetupV1.exe instead ( I
can't seem to get around it). It actually transferred me to another
site
On 02/12/2013 01:47 AM, bvvq wrote:
I would like to change.
You may try VFEmail https://www.vfemail.net/
For a one-time payment of $15 you get an good service. Use an anonymous
prepaid credit card to stay anonymous. Free service works well with
SMTP, POP and IMAP too but contains ads and
On Tue, 12 Feb 2013 11:47:53 +1100
bvvq beveryveryqu...@lavabit.com wrote:
Hi tor-talk,
I'm not sure where else to ask this question so I give my apologies if
this is off-topic. Please feel free to suggest a better list/forum/website.
I've had a personal email account with GMail since it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I rather like tormail, because the provider can't hand over any
information even if they wanted to. You access it via a .onion so the
actual locations of the remailers is unknown.
None of Tor Mail's mail systems are hosted on this server, or on
On Tue, 2013-02-12 at 10:13 +0100, Karsten N. wrote:
On 02/12/2013 01:47 AM, bvvq wrote:
I would like to change.
You may try VFEmail https://www.vfemail.net/
For a one-time payment of $15 you get an good service. Use an anonymous
prepaid credit card to stay anonymous. Free service works
Il 12/02/2013 10:42, Roman Mamedov ha scritto:
In the past I used http://www.autistici.org/en/services/mail.html
I recommend autistici.org if you are in Europe, it's based in Italy.
Reliable service with strong privacy mind, good italian/english
communication with users in case of outages and
On 2/12/2013 8:41 AM, Ted Smith wrote:
I use riseup.net -- I trust their promise not to store any logs, I
know they'll never block Tor, and they don't have any ads in their web
interface. That said, if you're financially stable in a first-world
country, you should probably throw some bitcoins
On 12.02.2013 17:09, Jan Reister wrote:
Il 12/02/2013 10:42, Roman Mamedov ha scritto:
In the past I used http://www.autistici.org/en/services/mail.html
I recommend autistici.org if you are in Europe, it's based in Italy.
Reliable service with strong privacy mind, good italian/english
On 2/12/2013 12:47 PM, Moritz Bartl wrote:
On 12.02.2013 17:09, Jan Reister wrote:
Il 12/02/2013 10:42, Roman Mamedov ha scritto:
In the past I used http://www.autistici.org/en/services/mail.html
I recommend autistici.org if you are in Europe, it's based in Italy.
Reliable service with
Joe Btfsplk joebtfs...@gmx.com wrote:
Hello,
Though I don't use them - yet, Lavabit is more serious about privacy,
has reasonable storage (nothing as large as gmail).
I have had good luck with Lavabit as well, but according to people on
another list, they've started restricting accounts
On Tue, 2013-02-12 at 11:23 -0600, Joe Btfsplk wrote:
On 2/12/2013 8:41 AM, Ted Smith wrote:
I use riseup.net -- I trust their promise not to store any logs, I
know they'll never block Tor, and they don't have any ads in their web
interface. That said, if you're financially stable in a
Hi tor-talk,
I'm not sure where else to ask this question so I give my apologies if
this is off-topic. Please feel free to suggest a better list/forum/website.
I've had a personal email account with GMail since it was invite-only,
but lately I've read a few stories about Google's use of our
Hello bvvq:
Gmail is horrid. The only way I can think of to get Google of my
path is to encrypt all the e-mails I send through them. The only
problem is that I can't get anyone I know to download the software
they would need to decrypt. I'm pretty sure the only way around all
that is to get a
There are some good ones out there, but if you're using Tor to create the
account and login, you should know that many have started blocking Tor
users (or deactivating their accounts in the case of Yahoo). Size could
also be an issue, but if you're deleting them off the server on download,
then
* Privacy-conscious (don't parse my emails to target advertisements to
Anonymous-/encryption-type services offered by HushMail or Safe-Mail
That rules out gmail, yahoo, hotmail/live.
Few services will state they don't, and statements are no guarantee.
Privacy (OpenPGP, etc) is your
On 2/11/2013 6:47 PM, bvvq wrote:
Hi tor-talk,
I'm not sure where else to ask this question so I give my apologies if
this is off-topic. Please feel free to suggest a better
list/forum/website.
I've had a personal email account with GMail since it was invite-only,
but lately I've read a
On 2/11/2013 9:51 PM, Griffin Boyce wrote:
There are some good ones out there, but if you're using Tor to create the
account and login, you should know that many have started blocking Tor
users (or deactivating their accounts in the case of Yahoo). Size could
also be an issue, but if you're
On 2/11/2013 10:04 PM, grarpamp wrote:
* Privacy-conscious (don't parse my emails to target advertisements to
Anonymous-/encryption-type services offered by HushMail or Safe-Mail
That rules out gmail, yahoo, hotmail/live.
Few services will state they don't, and statements are no guarantee.
65 matches
Mail list logo
