[tor-talk] Thunderbird, GMail and Tor - is it safe?
Joe Btfsplk
joebtfsplk at gmx.com
Tue Aug 9 15:57:35 UTC 2011
On 8/9/2011 10:03 AM, Phillip wrote:
> Hi,
>
> My question is about the safety of using Thunderbird to send e-mail
> through Tor.
>
> A little background: I run a moderate capacity (~500-600 kb/s) Tor
> relay. I've configured my Thunderbird client to use the Tor network, as
> well as to not leak DNS resolves, and I've verified through test e-mails
> that they are being sent to the GMail server through a Tor exit node. My
> accounts are configured to use SSL/TLS for both IMAP and SMTP.
>
> I understand that once e-mail leaves the GMail servers, it's about as
> secure as sending an open post card.
>
> My question is whether the SSL/TLS connections between my e-mail client
> and the GMail server are being made through the Tor network, and whether
> using Tor in such a way exposes my otherwise unencrypted e-mail to a
> greater risk of being skimmed by, say, a potentially hostile Tor exit node?
>
> My goal is simply to anonymise my IP, which gets leaked gratuitously by
> Thunderbird, and to ensure that the e-mail gets to the GMail server as
> securely as if I was using the https web mail.
>
> Thanks in advance for any assistance!
>
> Cheers,
>
> Phillip
As I understand it, just sending unencrypted mail to an email provider
thru Tor, only masks your true IP address. This assumes you've set up
an acct w/ provider, WHILE USING TOR.
Once it hits (Gmail & many others') servers, they're going to scan
unencrypted mail, as well as mail sent to you. If your received mail is
unencrypted, providers will scan that.
You can use HTTPS connection & Tor to Gmail, which will hide your IP,
provide protection * between you & Gmail,* but if unencrypted, won't
keep them from scanning it.
Yes, I believe an exit node could scan unencrypted mail. I'm not sure
about when you use SSL between you & final destination. Others can
chime in (please correct any mistakes here).
Generally, it's not suggested to send sensitive, unencrypted info thru
Tor when using plain HTTP connection w/ a site.
One solution for you might be to use the popular "Enigmail" Tbird addon
(from AMO's site) to encrypt mail. You can read up on it at AMO &
Enigmail's home page - what's involved for you & recipients of your
mail. It's not that difficult.
More information about the tor-talk
mailing list