Silk Road forums
Discussion => Newbie discussion => Topic started by: vagin on October 08, 2013, 09:35 pm
-
Hey everyone,
Earlier this week, with the fall of our favorite marketplace and all the shit that's been going on, I've grown kind of worried about my security and privacy on the internet. Even with Tor, PGP, encrypted mail services and all, LE and governments around the world are working hard to destroy our means of private communication and business. I don't post much here (hence why I'm still a newbie. I prefer lurking around and reading your posts), but I still used Silk Road more than once for my supply needs. I'm writing this today to inform you about something that caught my attention today.
I was looking to register a safe-mail.net account to have a more secure email service. I checked a bit their website, which is very basic, nothing suspicious. Read their FAQ and all, and then decided to register. Just before ignoring the agreement (as I usually do because their long and boring), I decided to read it this time.
Here are some terms that baffled me:
PRIVACY: Safe-mail.net will not disclose information about you or your use of the Safe-mail.net system, unless Safe-mail.net believes that such action is necessary to comply with its legal requirements or process; enforce these terms; or protect the interests of Safe-mail.net, its members or others. You agree that Safe-mail.net may access your account, including its contents, for these reasons or for service or technical reasons. Please note that your Internet Protocol address is transmitted with each message sent from your account.
So, this should not be of concern to anyone using STRONG PGP (ie, more than 512 bit for the heck of it) and Tor to conceal their IP, but still very deceiving. This essentially means that if they want, they can just look up on SR all of the dealers addresses that are posted and audit them. Scary, but again, you're probably safe if you use strong PGP and some IP concealing software like Tor. BUT, according to their TOS, it is a violation of the agreement if you use a proxy or try to conceal your IP.
The other thing that got me worried is the fact that they are based in Israel, as per their TOS:
LIMITS AND LAW: You may not use Safe-mail.net in a way that is threatening, harmful, or invasive of the rights of other; for spamming, chain letters, pyramid schemes, junk mail, unsolicited advertising or bulk e-mail; or otherwise in a way that is damaging, offensive, or that creates a nuisance. Disguising the origin of transmitted content is prohibited. You agree to abide by all laws and regulations applicable to this agreement and use of the e-mail system. This agreement is made under and shall be construed according to the laws of the State of Israel and Israel's courts will have exclusive jurisdiction over any dispute related to the system or this agreement.
Now, this is intriguing and disturbing. The Mossad (Israeli Secret Services) are almost as bad as the NSA. They operate hand in hand and have mutual agreements about intelligence sharing. I honestly wouldn't trust an encrypted mail service from Israel. I'm not trying to spread false rumors, but think about it; it may very well be state-run and is obviously under the radar of the NSA and the Mossad. I say probably state run because it has changed owners multiple times over the years;
**** CLEARNET WARNING ****:
https://mailman.stanford.edu/pipermail/liberationtech/2012-February/003096.html
Other users around the web have already raised their concern about "encrypted" mail providers like hushmail and Cyber-Rights :
**** CLEARNET WARNING ****:
http://www.anabolic-enhancement.com/forum/showthread.php?t=15346
Also, take a look at this:
Safe-mail.net is one of several e-mail services that offer to provide secure, encrypted, web-based e-mail service to theuploaded-file-30871 general public. The idea seems to be that people who would not be willing to take the fairly short amount of time to learn to use PGP encryption would be able to secure their e-mail by trusting a third party, in this case the folks at Safe-mail.net.
We reject that idea on several grounds. First, the company that provides Internet services for hosting the Safe-mail.net system is Barak.net.il, based on our review of the domain registration for Safe-mail.net. Barak.net.il is one of three companies with a license from the Israeli government for providing similar Internet services, according to the English-language version of their web site, as we understand it. Perhaps it is merely a coincidence that Ehud Barak was once head of the Israeli Defense Forces intelligence branch.
Second, the Safe-mail.net system is “an IP trap.” Our anonymous friend indicates that your IP address is linked to your e-mail account. The user agreement indicates that it is a violation of the user agreement to employ an anonymous proxy or otherwise attempt to mask your true IP address. So, while no identifying information (name, address, phone) is requested when you set up an account, your IP address may be traced to your physical location, or at least to your specific Internet Service Provider, even if dynamic IP addresses are used. Thus, your location and possibly your identity would be exposed. Also, IP addresses are not stripped from e-mails you send from your Safe-mail account, so your recipients see this information. (And, of course, you may be tempted to identify yourself to your correspondents within your purportedly encrypted e-mails.)
Third, Safe-mail.net makes the usual disclosure that they may disclose your account activity, stored e-mails, and other information upon court order or law enforcement request. They make the unusual variation of this disclosure by stating that they may disclose these things whenever it is in their interest to do so. This vague contract clause should scare anyone who thinks about it even briefly. Given that Barak.net.il is licensed by the Israeli government, it would seem quite likely that the Israeli government could command that the data from all Safe-mail.net accounts be provided to the government, and it would clearly be in the best interests of Barak.net.il and conceivably, by extension, Safe-mail.net to make such disclosure. Then it would seem to become a question of whether you have reason to trust the Israeli government.
We found no details about the encryption algorithms used to provide for security with Safe-mail.net. An investigation of Israeli law suggests that there is a mandate that encryption have back doors or key escrow for use by Israeli authorities. So, again, it would appear to be a matter of whether you have reason to trust the Israeli government. We don’t have anything against the Israeli government that we don’t also hold against nearly all other governments worldwide.
It is widely known that Israeli security and intelligence services have cooperative relationships with the related services of other countries. For example, if a USA government agency wanted information on someone who happens to use a Safe-mail.net account, it seems logical to suppose that a request (formal or informal) might be made to the Israeli government.
While it is impossible to know whether or not Safe-mail.net accounts are “Mossad-transparent” or a kind of intelligence sting operation run by the Mossad, or others within the Israeli government, what is publicly stated about the system seems to be closely aligned with what one would expect to find in that case. We have no information presently at hand that would tend to disprove the hypothesis that Safe-mail.net is an intelligence sting operation.
There is always free meat in a bear trap. Be careful.
Source: **** CLEARNET WARNING ****
http://forums.steroid.com/anabolic-lounge-off-topic-discussion/216191-those-who-use-safe-mail-net.html
Anyways, just another reason why to always use PGP, especially with all the shit going on now.
Be safe
-
what free email providers would be alternatives, that would
a) allow a person to login using a tor relay
b) pgp encrypt all email content.
also the way I see it, if a lot of vendors/buyers use one service, it's going to light up on the tor network in the aftermath of the SR going down. anyone not practicing precautions could lead to larger vendors getting unwanted attention.
my 2 cents.