Silk Road forums

Discussion => Security => Topic started by: Aoth14 on November 20, 2011, 02:56 am

Title: Communication standards, encrypted 'free-mail' safe?
Post by: Aoth14 on November 20, 2011, 02:56 am
 Hello all, new user trying to learn the ropes of S.R.   Right now I am trying to learn about pgp/gpg usage, and even though it appears the private message system is the most commonly used means of communication between vendors and patrons, I have one still standing simple question;

Are free email accounts like hotmail,yahoo and g-mail considered ok to use for SR business, assuming you are properly applying pgp/gpg techniques?

example: You can sign up with hotmail,etc using a Tor browser, and enter your desired identity/location/info. As long as you always use Tor to log in, and always encrypt messages if passing on revealing info, then your physical location or actual identity has no attachment to that email address or any correspondence to/from said email account?

Correct me if my thinking is flawed, and any advice is much appreciated. I'd like to get a safemail or tormail account,but I figured they will someday soon suffer extra attention/pressure like Hushmail did?


                                  Again, thanks for any tip/advice/pointers, aoth14

Title: Re: Communication standards, encrypted 'free-mail' safe?
Post by: CrunchyFrog on November 20, 2011, 07:00 am
If you're using encrypted messaging then no one but you and the recipient will know *what* is being said -- assuming your corespondent isn't LE, prone to blabbing, or practicing poor data security.  Knowing *who* is saying it is a different matter.

If your mail provider requires a regular ISP mail address, non-Tor IP address, or other personally identifiable information during sign up -- as do Hotmail and Safemail, IIRC -- then it's possible to know who you are.  (The same applies to your correspondent and her mail provider.)

I like to be as certain as possible (on my end) that no "interested third party" can know what is being said *or* who is saying it.  For that reason I use Tor Mail [ jhiwjjlqpyawmpjx.onion ]; it's the only provider I know of that requires neither an ISP mail address, non-Tor IP, nor javascript (an anonymity concern) to register and use their service.  I suppose Tormail *could* be pressured to stop providing it's service (on the clearnet side) but could never reveal who any of it's users are.
Title: Re: Communication standards, encrypted 'free-mail' safe?
Post by: cache on November 21, 2011, 07:20 am
+1
Javascript in particular can expose your IP, and pretty much every webmail provider requires JS to register or access the account. Tormail is the way forward.
Title: Re: Communication standards, encrypted 'free-mail' safe?
Post by: Bob Arctor on November 21, 2011, 08:36 am
+2
CrunchyFrog explained it very well.
Title: Re: Communication standards, encrypted 'free-mail' safe?
Post by: cheeseturd on November 21, 2011, 07:37 pm
i used tormail and made an account. then i downloaded thunderbird portable and installed it to the same encrypted drive as tor. tormail FAQ tells how to set up thunderbird to work thru tor network
Title: Re: Communication standards, encrypted 'free-mail' safe?
Post by: Spedly on November 22, 2011, 01:00 am
Cheeseturd is right. Go to tormail.net and use that for your Silk Road business instead of email on the ClearNet.
Title: Re: Communication standards, encrypted 'free-mail' safe?
Post by: phubaiblues on November 22, 2011, 05:40 am
None of this is written in stone, just my opinion:

I was pretty excited about my email, but actually find I rarely need to use email, for anything concerning SR.  What's the point?  I use the built in messaging system on the main site, with pgp when needed/available.

On the forums--here--again, I just use the built in messaging setup, sometimes with pgp, usually just for practice.

If for some unforseen reason, I actually would have to use email with someone, I use tormail, tho it is a bit slow, same as Tor here.  With PGP, tho, it's safe enough.