tormail

[skofan]

so, ive seen all this arguing about unsecure e-mail adresses, some providers not being able to contact others, some collaborating with law enforcement etc.
but not once have i seen a source use tormail, is there a reason for this?

if not, then here, a little bit about tormail.

Tor Mail is a Tor Hidden Service that allows anyone to send and receive email anonymously.
This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

For more information, or to signup for your free @tormail.org account, which includes webmail, smtp, pop3, imap access,
Please visit our Tor hidden service at http://jhiwjjlqpyawmpjx.onion/
You will need to have Tor installed on your computer to access Tor hidden services.


Notice to Officials - Abuse Complaints

This web site is just an informational web page.
None of Tor Mail's mail systems are hosted on this server, or on any server that you can find the IP address.
Siezing or shutting down this web site will have no effect on Tor Mail's services.

Tor Mail consists of several servers, a Tor hidden service, and an incoming and outgoing internet facing mail servers.
These internet facing mail servers are relays, they relay mail in and out of the Tor network, the relays are purchased anonymously and not tracable to us.
The only thing stored on the hard drive of those servers is the Exim mail server, and the Tor software.
No emails or logs or anything important are stored on those servers, thus it doesn't matter if they are seized or shut down.
We are prepared to quickly replace any relay that is taken offline for any reason.

The Tor Mail hidden service and SMTP/IMAP/POP3 are on a hidden server completely seperate from the relays, the relays do not know the IP of the hidden service.
Tor Mail does not co-operate with anyone attempting to identify or censor a Tor Mail user.

Tor Mail's goal is to provide completely anonymous and private communications to anyone who needs it.
We are anonymous and cannot be forced to reveal anything about a Tor Mail user.

You can only sign up and access Tor Mail via our Tor Hidden Service, we do not ask for any identifying information such as name or address, our service is free so we do not have billing information and tor hidden services cannot see your IP so we have no way to identify any user.

We have no information to give you or to respond to any subpeona's or court orders.
Do not bother contacting us for information on, or to view the contents of a Tor Mail user inbox, you will be ignored.

 

[thinkanabolic2]

Tormail should be the standard of anyone trying to do business who puts security and anonymity at the forefront. These vendors are behind, this is the next step in securing customer communication.

 

[Kamala]

I've been doing a lot of re-thinking regarding safe-mail lately...... I'm really starting to think it isn't safe at all. Basically your putting your faith in Israel not co-operating with LE.

 

[skofan]

I've been doing a lot of re-thinking regarding safe-mail lately...... I'm really starting to think it isn't safe at all. Basically your putting your faith in Israel not co-operating with LE.

Safe-mail.net will not disclose information about you or your use of the Safe-mail.net system, unless Safe-mail.net believes that such action is necessary to comply with its legal requirements or process

there's only a few things safe about safe-mail.
its encrypted, and signup is anonymous.

they still cooporate with law enforcement, your ip adress is broadcast with each message, and im not sure if they delete their backlog of messages.

by no means is tormail completely safe, but i dont know of any other free options that deliver as much security for the end user.

 

[prnscrn]

Some sources do use tormail, but here is one problem that comes to mind. Tor and tormail can be super slow at times and almost useable at other times.
This might be one reason why most sources don't use it exclusively.

 

[regular]

Tormail should only be used in conjunction with gpg/pgp. I strongly advise you to not send clear text over tormail.

 

[MANWHORE]

AOL mail is the safest, by far

 

[prnscrn]

Tormail should only be used in conjunction with gpg/pgp. I strongly advise you to not send clear text over tormail.

Good point. So one needs to be using Tor+VPN to have anonymity along with encryption. If one could access the VPN via Tor, then in that case only encrypted VPN packets would be exiting Tor. Hopefully, using this method would help with accessing tormail more safely along with using pgp.

And now my point about the speed issue is worse, slow VPN and slow Tor. Dialup time anyone?

 

[thinkanabolic2]

I haven't found tor speeds to be unbearable. Sure they are rough, but overall its still manageable. I've used VPN+Tor before, works well. I can't remember the name of the service, but there is a free VPN that gives you about 1GB a month or something, more than what you would need for something like this. I think it was GhostVPN.

An approach like this combined with Tormail and PGP encryption means no one is getting their info traced back. If a source gets busted the customer is safe, or vice versa. Its just a smart practice in a game like this.

The beauty of Tormail is the servers are spread out just like the actual Tor network, there is no single IP address nor is there any information as to who owns or operates the servers. If the Feds wanted to force their way into someone's Tormail (if they knew they were using it), I don't think they would know who or what to go to.

Hear that vendors? An email service that of which there is no single person or entity to approach for brute force entry. Lets say somehow they gain access to the account through acquiring the password or something. Then they have to deal with encrypted messages of which they don't have the PGP/GPG keys for.

This is a no brainer for sources, looking for a vendor to step their game up and take the next step as to what should be the future of safe and smart vendor communications.

 

[DieYoungStrong]

So now I need to do the research of a polypharmacist and be a computer software engineer. It's getting awefully tough to do a cycle nowadays

 

[Stretch]

Its no different than any other part of commerce.

The consumer is in control and you vote with your wallet.

There are sources that use TOR and more sources will begin to use TOR as soon as consumers refuse to order from sources who don't.

We make the rules. Sources will adapt to what we demand.

 

[shamrockbear1]

I used a vpn before and they claim they don't record you ip address. And the servers are off shore in country that don't cooperate with us. In theory the come. The vpn is the ip address sounds removable I think of you use a vpn. And mutemail or securenym off shore email servers and they don't record your ip..... I think this pretty untraceable I have a mobile vpn on my phone shows my internet usage in another city.... I highly doubt anyone is go to go after a vpn and then What they have to figure out where u are with No ip logs

 

[shamrockbear1]

Sorry about the typos android keyboards suck!

 

[tgrusso78]

I agree with using tormail/gpg or pgp. I did a bitcoin write-up, I may do a tor and gpg writeup as well. We'll see how motivated I am after the gym today.

edit - although I'm fairly certain there already exist many texts as well as youtube videos on the subjects.

 

[kalibudz]

I was using tormail for a while but abandoned it because it was always going down and was inaccessable. and people should definatly use PGP with this mail because from what I hear hackers hang out a sniff on the nodes

 

[JonnySak]

Just use a standard email provider and only access it via tor. And ofcourse encrypt all sensitive messages with public-private keys.

 

[regular]

Good point. So one needs to be using Tor+VPN to have anonymity along with encryption. If one could access the VPN via Tor, then in that case only encrypted VPN packets would be exiting Tor. Hopefully, using this method would help with accessing tormail more safely along with using pgp.

And now my point about the speed issue is worse, slow VPN and slow Tor. Dialup time anyone?

Using tor in conjunction with a VPN would elevate someone's anonymity but it seems redundant and unnecessary to me.

The problem with routing sensitive information unencrypted over tor is the tor network is a really dirty place where lots of data which is appealing to law enforcement is transmitted. There is much speculation that a good number of tor exit nodes are monitored and/or directly controlled by law enforcement agencies around the world.

No one knows who controls tormail. It could be controlled by the FBI directly or it could be a private company who runs it with DARPA funding just as much as it could be an activist who will never surrender your information under any circumstances. There's no way to know who is pulling the levers behind the curtain.

Because we don't know who is controlling the exit nodes or tormail service we're using we must assume they are being controlled by someone with malicious intent. For that reason the best practice would be to guard ourselves by encrypting sensitive communications prior to passing them over the wire. IE use PGP/GPG to encrypt the message then connect to tor then login to tormail then transmit your encrypted communication. Anything short of this and you're rolling the dice by trusting several layers anonymous people.

Tor is a great tool but it has limitations. Those limitations must be understood to use it in a safe manner.

 

[prnscrn]

I do agree with everything you are saying about Tor. No one knows who is controlling it or monitoring the exit nodes. I was just suggesting another method, Tor+VPN, that could be used to keep the data encrypted at the exit nodes. By using PGP, you are only keeping the Tormail safe and not your entire Tor session. VPNs main purpose is to carry data in a secure encrypted manner using a private tunnel from one point to another and not for anonymity, however, VPNs are being marketed as an anonymity service.

One member suggested using VPN + Tor instead of Tor + VPN. There is a difference here if you start VPN first and then use Tor (VPN+Tor) or using Tor to access a VPN (Tor+VPN). The order is important because it depends on who you want seeing the encrypted data. I will try to explain the 2 different methods.

The first method is connecting to a VPN first then accessing Tor, (VPN+Tor). Using this method, keeps the ISP from knowing that you are using Tor and there is a reason why you would want to do this.

Some people believe that when an ISP sees a Tor connection from a user that it causes a red flag. They feel the ISP's have an automated script which logs users Tor connection with time, date, and the amount of bandwidth they used. This Tor user file may be sent to the government through back channels. Who knows??? Also, it is quite likely that using Tor frequently is enough to get a track and trace for all your internet traffic. By using (VPN + Tor) we eliminate this possible problem because the ISP only sees encrypted data to a VPN and no Tor connections. Using this connection method doesn't keep the rogue Tor exit nodes from snooping on your data.

The second method is starting Tor first and then accessing the VPN (Tor+VPN). This will prevent a rogue Tor exit node from sniffing/snooping/spying on your data because it is encrypted via VPN, but doesn't keep the ISP from seeing your TOR connection.

Here is one example on how to do it:

1. Start Tor

2. Connect to the Tor network.

3. Go to your OS's settings, preferences, and launch network settings

4. Select VPN and add the VPN you want to use

5. Connect to VPN.

You have now connected to the VPN through Tor. The VPN sees Tor's exit nodes IP (so still anonymous) and the Tor exit node can NOT see your data as it is encrypted via VPN (AES-256 bit hopefully).

These are just two ways to make Tor usage safer and hopefully clears up some confusion on my previous post.