[tor-talk] Tor and the free email providers was: Re: anyone created an acct on GMX using Tor?

antispam06 at sent.at antispam06 at sent.at
Fri Aug 3 18:08:02 UTC 2012


On Fri, Aug 3, 2012, at 16:31, Joe Btfsplk wrote:
> Thanks for all replies.  I'm responding to antispam06's reply, only 
> because it was last of several.  Because the issue is more complex than 
> I thought, GMX is no longer the sole focus.  Overall, the info should 
> benefit *lots* of users, IMHO.

Only thing is that many people don't read the archives. Myself included.
Anyway, I changed the subject as it no longer has anything to do with
the initial post.
 
> On 8/3/2012 3:39 AM, antispam06 at sent.at wrote:
> > On Thu, Aug 2, 2012, at 23:19, Joe Btfsplk wrote:
> >> So, big surprise, lots of people are using Tor addresses & then doing
> >> crap to give it (certain addresses, anyway) a bad name & get blacklisted.
> >>
> > I guess that is an example of taking things out of context. A lot of
> > people give ISPs a bad name. A lot of people give countries a bad name.
> Absolutely - never said or hinted Tor was only network or service being 
> abused.  But I'm talking about using Tor to sign up for email.
> GMX probably blacklisted (many?) Tor IP addresses simply because several 
> users tried signing up w/ same IP over time.  I tried several - hrs / 
> days apart, after clearing everything in latest TBB, AFAIK; getting new 
> identity / IP address.  RE-jected!

Yes. You are right. Yet, a lot of people do read the arhives. And
lamenting about bad guys going over Tor might fuel some ill intentioned
positions. I'm not for censorship. Far from it. But I'd say to limit the
comments in that direction to the already existing warnings about entry
points, bridges and exit points. This is purely speculation and I have
no study to back me up, but I'm quite sure Tor is truly a pain in the
rear for those wrongdoers. Which paints a depressive picture, as people
in child pornography are only a few. And those few are enough of a scare
to confiscate hardware, close down servers and so on. Two centuries ago,
giving the evil eye to the local priest would lead to live evisceration
and other wonderful not so medical interventions. Today knees begin to
tremble to a question like „so you don't want to protect the children?”.
People have died in order to have enough freedom to have naturist
communities, yet two bit stars talk about the shame of a naked elbow at
17 and step by step the society goes back to those days of the Middle
Ages.

I'd say eagerness does not help in these situations. Try it 5 months
from now. Or forget it altogether. Because I've been in communities that
rejected anything other than say a gmail.com account. So, unless you
really need it, just mark it down on some webpage as unfriendly and
that's all. I just discovered a couple of hours ago that
opensubtitles.org is far from open and it blocks at least two Tor exits.
But in the last 6 months the only one service I stumbled upon who
blocked Tor was startpage.

As for the precise answer to your questions, sometimes even they don't
know. Automated scripts which go wild. And it's hard to teach them they
have to redo a configuration. They'd rather tweak it and tweak it some
more till it breaks for good.

> > As for your certainty: I do have accounts from all mentioned services
> > (Gmail, Yahoo, Gmx) and everything was done over Tor.
> Good to know, but how?  How'd you create Gmail acct w/ Tor & not give 
> mobile #?  How did you get GMX to accept a Tor address (got lucky?).  
> I'm not arguing. Obviously, I'm not as experienced / crafty / lucky as 
> some, so looking for HOW folks *recently* created email accts w/ various 
> providers, using Tor - or other "anonymous" ways.  I haven't tried - 
> every - provider w/ Tor & would prefer not to spend days.  I've learned 
> a lot from responses (as will others, not so experienced using Tor for 
> this).

Hahaha

Experience and craft have little in common with opening a free
web-something account. And I think luck it's hard to prove in real life.
Within the computer generated world luck has even less meaning. I see it
as not one's luck, but other one's carelessness.

> How long ago did you (or others) create them; have providers since 
> changed methods;  how long / how much effort did it take; what 
> techniques were used?  Did some just get lucky on a couple of tries w/ 
> NON blacklisted Tor IPs, or did it take days & dozens of Tor addresses, 
> using all techniques you mentioned?

Just digging for a path to a server would simply lock other paths. You
and anyone with an issue should contact the administrators. After all
there is no right to have a Gmx account.

Anyway to satisfy your curiosity they were all made in the past 12
months or so when I needed. Apart from one issue with Lavabit solved
with two changes of exit nodes, everything went smooth. I still have
ergonomy issues. Even after tweaking Firefox, Wordpress gave me a long
time SSL timeout two out of three times roughly. Google services gave me
for a while failed logins. Never filed bug reports for those or wrote
the owners of a site as I could not pinpoint the origin of the problem.
In the last months Wordpress has been changing the interface to make it
more facebookish. Some of the issues were solved with less restrictive
NoScrip. Some, like the status or reader are unusable. If only I my
knowledge would allow me to do some forensics!

I'm pretty sure there is no technique involved. Although some sites are
really stupidly designed when it comes to error reporting. Just try to
use a 60 character password with spaces and signs like the slash. Some
even tell the two pasted password instances do not match! Others will
quietly reload.

> > Why not go through an open WiFi? ... How about going through another 
> > computer? And I don't mean using proxy software.
> I suppose WiFi is a possibility, but I don't frequent WiFi spots. 

Why? You have Tor. You know how to use TBB. Why not enjoy the free
stuff? See also that not only tor bridges are helpful to the community,
but also an open Wifi. From a paranoid point of view it's better to have
an open router with limited traffic, than an encrypted one. Routers are
easy to crack and a badly chosen password woud make the law catch you
with your pants down as the next porn downloader. An open router means
anybody could have done it.

> Correct me if wrong, but if logging on in the "clear" *vs* using Tor, 
> they can get more info about your machine, that can possibly identify it 
> later?

Anything that goes through radio is public. And anybody within the
radius can read the traffic. For that one uses VPN. Or HTTPS. Or Tor.
Actually, they are all SSL derivates in my case.

Second, who is they?

Third a firewall can block most fingerprinting.

Fourth: you are in a public place. Who cares about fingerprinting when a
security camera or a guy with a GPS enabled photo camera can take
pictures of you and your desktop?

> You mention using ANOTHER machine & so did GMX "support," after they 
> replied, that (one) Tor address I used was blacklisted.

Yes. But we don't mean the same. Gmx meant going online in another
place. I meant going through another place.

> Does that - possibly - mean that for any user in this scenario, even 
> using *Tor* for registering (& failing 1st few attempts), a provider 
> collected enough info to ID my PC again, even if use another address 
> (Tor or not)?  This topic is no longer JUST about GMX.

If they are able to push software to run on your machine, most probably,
Tor or not. If using the same browser and enable than disable Tor
button, some traces might remain there even if there is a an active team
and community to look for this kind of issues.

If I get things right, right now the Tor team has a priority of getting
people to connect to their targets. Many governments today are actively
blocking Tor. And even more government agencies are doing their best to
track the activity of marked individuals. Keeping your privacy once you
get on the desired server is less of a concern to the Tor team. People
have been warned. Yet they want to see silly cat movies and the last
night TV show so they enable Flash. Or they go on Facebook and let
people in real life identify them. Or give their real phone number to
Google. And so on. In short: Tor helps you go to a net cafe or park and
publish data about the evil company. It does not protect you from using
the company email to give the link to your site.
 
> Using others computers to create an acct that might be used for whistle 
> blowing (w/o Tor or proxy - or what DID you mean?) ... not sure about 
> that one.

I don't understand that part.
 
> I understand most providers will (certainly can) scan unencrypted 
> email.  But, if sending whistle blower or msgs to neighbors w/ junk 
> cars, won't be sending encrypted ones.
> I just don't want them to trace me.  Not trying to outwit LEA here, even 
> though it'd be nice not to have mail scanned.

Correction: they do not scan the email. They store it. For undisclosed
periods of time. That suggest as the closest date sometime near for ever
and ever.


More information about the tor-talk mailing list