How many sources actually use PGP? And how many people use PGP/GPG or S/MIME for email correspondence with sources?
MESO-Rx
Anabolic Steroids
Who uses PGP when corresponding with sources?
- Thread starter Millard
- Start date
Spyder
New Member
Moving forward I will be using tails every time and will be setting up an I2P email account which is a really wild concept. I2P for those of you who do not know what it is - is a kind of darknet which has it's own email. But you can send email across the darknet to the internet with no traces - everything gets stripped. Tails I have loaded on a thumb drive and just boot to it when I want to do my business. I encourage everyone to at least look at it for your safety.
Code:
https://tails.boum.org
Never used PGP for aas purchases, but I use it routinely for other stuff. I always thought it was funny how little paranoia there is around aas.
Tails (The Amnesiac Incognito Live System):
More info:
Browse Like Bond: Use Any Computer Without Leaving a Trace with Tails
https://tails.boum.org/
More info:
Browse Like Bond: Use Any Computer Without Leaving a Trace with Tails
https://tails.boum.org/
If you want to go beyond encrypting email, you can also encrypt voice and text messages too with some free apps. I've been playing with TextSecure and RedPhone. There are others. I'm not sure which are best.
https://whispersystems.org/
https://whispersystems.org/
Stretch
Subscriber
regular
New Member
Tails runs tor not i2p.
gee Millard- thanks for making me realize I put more into covering my tracks with BitTorrent than I do with aas. fuck. I feel like an idiot now.
Spyder
New Member
You should really read the information that was given to you before you comment on thread. Yes it is TOR but it can also access I2P.
regular
New Member
Which OS or nix distribution can't run i2p?
The fact that i2p can run on tails is not meaningful because i2p can run on every commonly used OS and distro I'm aware of. Tails has nothing more to do with i2p than any other distro or operating system. Tails is not "tor" but it routes all networking traffic over the tor network by default, the same way most other "anonymous" distros do.
Ipredia is a live distribution which automatically routes all traffic over i2p by default. So if someone's intent were to use a live distro which connects to i2p ipredia will serve that purpose.
IprediaOS | Ipredia
Have you ever used tails or i2p one time?
Last edited:
Spyder
New Member
I am not sure what you are trying to say or if you are just trying to spew a bunch of info about TOR and I2P, but if you read my original post I said that is what I will being using.
The point of running TAILS is that it is a nice and easy package to boot from any machine. Once booted I connect to TOR (this is done by default) and then I can surf pretty securely. When I want to send an email I startup I2P (and yes I run both at the same time but only when using email). The only reason at this time of running I2P is because of email and how it works.
Not sure if you use or looked into I2P and using email through I2P but I would say it is pretty slick and very secure. And the great part is that you can actually send an email from I2P email account to a normal email addresses. Stripping of headers etc...
The fact that you can run both from TAILS is the point!
ballsofsteel5000
New Member
Doesn't Tails come with an email client? Can anybody comment on its efficacy? If it works, that would be a good way for sources to easily communicate securely with customers, since Tails is so easy to install, and it isn't reasonable to expect every customer to be tech savvy (or, if you do do that, you can expect much less business).
regular
New Member
I use to use anonym.os. When tails was originally released I started using it instead. Tails use to be configured to force all traffic over the tor network only. Running tor and I2P at the same time seems like a weird idea. I wasn't aware tails is now pre-configured to accommodate i2p. I switched from tails to whonix a long time ago.
My point was that if you want to use I2P in a live environment there are live distros which run i2p by default without tor being in the way. Apparently tails has now been modified to handle I2P well. This didn't use to be the case and it's something I was unaware of when I originally posted.
I2P can run on most operating systems so I still don't understand the need for tails. Setting up I2P isn't hard.
In answer to your question, I've used i2p, susimail, and tormail. Tormail was slow and unreliable which made using it very unappealing.
Something that you should keep in mind when using these free proxies and services is you need to always distrust the operator of the service you are using. For example, people used tormail and trusted that service. Most people are lazy and do not use pgp to encrypt their emails. When the FBI took over tormail they captured all of the unencrypted email everyone sent. Same thing with the PM systems of seized tor services.
To use these services properly people need to operate from a position of distrust at all times. Meaning they need to encrypt everything prior sending it going over the wire. Very few people in the AAS community know how to use PGP or are too lazy to use it. I wrote a guide to using gpg and made it available. It was well received but I'm not sure how many people use it.
You may be familiar with proxies and might know about pgp but that doesn't help you if the person your emailing doesn't know how to use pgp or is unwilling to use pgp. It takes two to tango when it comes to encryption and there is a shortage of people in this community who are willing it use it.
The challenge is to create a system that is very easy for people to use or transparent. So far, countermail fits that bill pretty well. Countermail strips email headers, claims to not log ip addresses, and encrypts email both stored and sent by default. So it's actually much easier to promote the usage of countermail than it is to promote the usage of PGP. PGP + public proxy however is superior because you're not having to trust the operators of countermail.
What do you think is the easiest way to use PGP/GPG?
I've been trying some of the browser extensions like Mailvelope. Implementation is as easy as installing any other extension.
noah_k
New Member
I tend to use PGP with sensitive work and all, but sometimes I wonder if I'm too damn loose tongued where it counts, like on privates messages here. No such thing as a truly private message on a forum, right? Even if it was encrypted, the site would have the password. I know Millard's hands are as safe as safe goes and nobody gives an ass about my aas use, but still, stupid habits in retrospect. 
Last edited:
Great topic and looks like there are some pretty cool opportunities for all of us to be safer, with reasonable cost/effort.
My interest is more directed toward our popular sources. I am curious how many of them are using similar programs to secure member info and communications.
My interest is more directed toward our popular sources. I am curious how many of them are using similar programs to secure member info and communications.
:cricket:
ballsofsteel5000
New Member
There's an incredible amount of room for improvement on this front. The question is, who will step up and be the first of a new generation of sources that takes security a bit more seriously? That would include utilizing the bitcoin, I might add.
Last edited:
Similar threads
