Silk Road forums
Discussion => Security => Topic started by: Sunray1000 on August 13, 2013, 11:58 pm
-
Using tor, go to an email provider and create a bogus account
Open and create a draft message and then send the person you want to receive it, the login details and they, again using tor login and read it.
I can't find a flaw with this method, is there one?
-
The problem is all the email providers require that you have javascript enabled to sign up. Considering what just happened it's probably not advisable to enable it just in order to sign up for an email account. If you find one that doesn't let me know. The only I found so far is safe mail.
-
Creating an email account under Tor is only half the battle. Staying proactive with PGP encryption is the other half. Unfortunately, it's too easy to incriminate yourself via email (unless all incoming/outgoing messages are encrypted), and with all of the US-based providers adding backdoors for the FBI/NSA, that's not a desirable or remotely secure option for long-term blackmarket communications. That's why there's such demand for a privacy-oriented, offshore email provider. Even then, a centralized email provider will never be able to provide 100% secure communications (as we have just witnessed with TorMail), so a decentralized email provider with client-side encryption is the only bulletproof option.
Here are some of the current email providers:
Safe-Mail (centralized, onshore): https://www.safe-mail.net/
Anonymous Speech (centralized, offshore, server-side encryption): https://www.anonymousspeech.com/
BitMessage (centralized, client-side encryption): https://bitmessage.org/wiki/Main_Page
Here are some of the upcoming email providers:
Mailpile (centralized, offshore, client-side encryption): http://www.mailpile.is/
Mega (centralized, offshore, client-side encryption): http://mashable.com/2013/08/12/kim-dotcom-mega-encrypted-email/
-
Even assuming you can easily create the account, if you can securely send them the username/password for the account, why are you not just sending the message through that secure method?
And if you can't send the username/password securely, you're probably not buying yourself anything.
-
I personally just used b@gmail.com. I wouldn't ever be in a situation where I would need to use a security email.