Silk Road forums

Discussion => Security => Topic started by: Sunray1000 on August 13, 2013, 11:58 pm

Title: Security email suggestion
Post by: Sunray1000 on August 13, 2013, 11:58 pm
Using tor, go to an email provider and create a bogus account

Open and create a draft message and then send the person you want to receive it, the login details and they, again using tor login and read it.

I can't find a flaw with this method, is there one?
Title: Re: Security email suggestion
Post by: StaticTension on August 14, 2013, 03:16 am
The problem is all the email providers require that you have javascript enabled to sign up. Considering what just happened it's probably not advisable to enable it just in order to sign up for an email account. If you find one that doesn't let me know. The only I found so far is safe mail.
Title: Re: Security email suggestion
Post by: kwantum on August 14, 2013, 03:54 am
Creating an email account under Tor is only half the battle. Staying proactive with PGP encryption is the other half. Unfortunately, it's too easy to incriminate yourself via email (unless all incoming/outgoing messages are encrypted), and with all of the US-based providers adding backdoors for the FBI/NSA, that's not a desirable or remotely secure option for long-term blackmarket communications. That's why there's such demand for a privacy-oriented, offshore email provider. Even then, a centralized email provider will never be able to provide 100% secure communications (as we have just witnessed with TorMail), so a decentralized email provider with client-side encryption is the only bulletproof option.

Here are some of the current email providers:

Safe-Mail (centralized, onshore): https://www.safe-mail.net/
Anonymous Speech (centralized, offshore, server-side encryption): https://www.anonymousspeech.com/
BitMessage (centralized, client-side encryption): https://bitmessage.org/wiki/Main_Page

Here are some of the upcoming email providers:

Mailpile (centralized, offshore, client-side encryption): http://www.mailpile.is/
Mega (centralized, offshore, client-side encryption): http://mashable.com/2013/08/12/kim-dotcom-mega-encrypted-email/
Title: Re: Security email suggestion
Post by: ECC_ROT13 on August 14, 2013, 04:05 am
Even assuming you can easily create the account, if you can securely send them the username/password for the account, why are you not just sending the message through that secure method?

And if you can't send the username/password securely, you're probably not buying yourself anything.
Title: Re: Security email suggestion
Post by: cyberscour on August 14, 2013, 07:07 am
I personally just used b@gmail.com. I wouldn't ever be in a situation where I would need to use a security email.