[tor-talk] Email provider for privacy-minded folk
Mr Dash Four
mr.dash.four at googlemail.com
Tue Feb 19 19:08:26 UTC 2013
> IMO, only stupid idiot doesn't use https with gmail.
> That's why I think all talkings about gmail and beeing hacked is useless.
> Let him set "Use always https" in the gmail settings, then log out, log in, change password and secure q/answer and that's all.
>
> This should be about Tor and Tor close stuff...
>
>
> Game's over.
>
Indeed! I also employ one additional measure, which, admittedly, may not
be to everyone's taste - I have all my
browser/system/email/everything-else-you-care-to-name root certificate
store wiped out clean!
If I have to access a specific (https) site or access a new email
account (by using secure pop/starttls, secure smtp or secure imap) I
tend to get the site's certificate well in advance via other means (not
through tor, obviously) and store it manually on my system for use by
these programs. That way, I know that if the "certificate unrecognised"
error pops up there is either 1) a new site I have never accessed before
(most likely); or 2) someone is trying to use spoof certificates.
The latter doesn't occur very often, though I've had this on a number of
(rare) occasions when a tor exit node for example (prior to being banned
in my torrc file and banished forever) tries to pretend to be my email
server and gets caught out with its pants down, quite literally... This
measure also prevents the likes of hacked/rogue CA's out there leaking
certificates to people/organisations who use them for various
criminal/unsavoury purposes.
More information about the tor-talk
mailing list