[tor-talk] Sending email from Tor browser
Joe Btfsplk
joebtfsplk at gmx.com
Sat Jun 14 16:28:14 UTC 2014
On 6/14/2014 6:33 AM, Chen Cecilia Zhang wrote:
> and the strange thing is : I tried to test the email sending from Tor and
> without Tor browser, and the IP address shows in the "original email" from
> gmail are the same....
>
> Will anyone help explain how come? thansks
>
>
> On Sat, Jun 14, 2014 at 4:22 AM, Chen Cecilia Zhang <
> chenceciliazhang at gmail.com> wrote:
>
>> No software to compose email, as you mentioned, just normal email account
>> such as yahoo.
>>
>> The reason i wonder is even the email was composed within tor browser, but
>> the email was actually sent 1 month later, will that show the actual IP
>> address?
>>
>>
>> On Sat, Jun 14, 2014 at 3:04 AM, Sebastian G. <bastik.tor> <
>> bastik.tor at googlemail.com> wrote:
>>
1st, it would be much better to use a more "private" & security
conscious provider than the likes of Gmail or Yahoo.
Like Unseen.is or some others. I wouldn't depend on claims by any, that
they "can secure email from all security / law enforcement agencies."
Was the IPa shown in the email header the same as your Tor exit IPa, or
your ISP's assigned address?
If using TBB & no addons or plugins that could possibly reveal your IPa,
it shouldn't be possible for even Gmail to see your real IPa.
If you did use TBB (correcly) & your *real* IPa showed up in the email
header, something's wrong.
Some email providers don't even include your IPa in the header - like
Unseen.is, VFEmail & several others.
Unseen.is or any others aren't necessarily the magical answer to all
email security & privacy issues. For instance, at one time, Unseen
claimed "end to end" strong encryption *between* Unseen users - if using
their webmail. You can read their disclosure on the latest "modified"
PGP encryption they provide.
I pointed out to them that the encryption, while *on their servers* may
be very good, there was still a hole in that strong encryption, in
between their server & users' computers. That part of the communication
was "only" SSL / TLS encryption - which some Snowden documents indicated
the NSA *had broken* (I believe - my head is killing me today). That
one gap essentially made their encryption process no better than many
other providers, (a chain is only as strong as its weakest link).
Except mail on their servers was stored encrypted, which kept them from
reading it.
Since then, they developed their own desktop client, allowing users to
encrypt msgs locally before sending. I haven't used it yet, so can't
comment on that client, or whether retrieving messages with the client
maintains "strong" encryption between their server & users' computers
(stronger than SSL / TLS). I assume that now w/ the local client &
users encrypting messages before sending, that the private keys are
generated & stored on users' computer rather than on their server.
For free accounts - using webmail, the private keys were stored on their
server (may still be, if using webmail). Now there's an alternative to
webmail. But that also requires trusting their client & the encryption
software / algorithm.
Here is a comparison of some of the more "privacy conscious" providers:
http://thesimplecomputer.info/free-webmail-for-better-privacy
When considering Simple Computer's information (or any other), *check
with the providers* for final details. Providers' policies & technology
used can change at any time.
For instance, Simple Computer's comment: "Unseen does not plan to
support Internet Explorer for chat & video, and the current Tor Browser
Bundle (3.6.1) is built on Firefox 24 ESR which lacks features in its
JavaScript engine to work properly with Unseen," is *not true* anymore
(AFAIK). I use TBB w/ Unseen's webmail. Months ago, there were some
temporary problems in using their site with TBB, but after I reported
them, Unseen made changes on their side that seem to have fixed it.
More information about the tor-talk
mailing list