Silk Road forums
Discussion => Security => Topic started by: mito on January 12, 2012, 12:56 am
-
Can I use gmail inside Tor to avoid my real IP to be inserted in email headers?
I read that gmail will always include your real IP in email headers, regardless of Tor.
This is because a Java app within gmail is extracting your real IP........
-
Yes, set noscript to allow scripts globally and allow cookies. You can load the HTML version that way but if you want the full look, enable java.
-
Yes, set noscript to allow scripts globally and allow cookies. You can load the HTML version that way but if you want the full look, enable java.
wait, you're saying to disable scripts globally and not allow java, right?
I don't mind using basic html, all I want is to avoid my public Ip showing up in email header.
-
No, I'm saying start up a Tor session specifically to access Gmail, then allow scripts globally and allow cookies. You don't need to enable java. When your done, restart Tor and put your security procedures back in place. Accessing Gmail is not a crime and if your session is independent from any other activity it would be hard to connect the 2. I'm assuming since its Gmail, your using it for innocuous purposes?
-
^^^ Sorry, but I am still confused.
In order to prevent Gmail from grabbing you real IP and putting it in the email header, don't you have to disable Scripts globally?
-
Actually, gmail is known for NOT including your IP in the headers, even when used at surface web level. Try it for yourself. Send a test email to a non-gmail address of yours, and then check the headers. Your actual IP never appears in them.
This is why a lot of scammers have taken to using gmail. So when they lie and say they are in London when they are actually in Nigeria, you can't see their original IP to verify. Whether or not gmail is logging your IP, is another story. But your mail recipients are not seeing it.
-
If you're worried about privacy in your e-mails, you shouldn't be using gmail at all. Go register an account with tormail or lavabit.
-
I wouldn't trust Tormail..
-
As long as you're encrypting your messages you can use whatever email service you want. Please guys, read up on PGP.
-
I wouldn't trust Tormail..
What's wrong with tormail?
-
so lavabit is the way to go? ???
-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+1 What Horizons said
Please please please do not use GMail for any sensitive information even if it does/doesn't reveal your IP you have a history of connecting to that account from your real IP so it's already tagged as 'yours'. Please use tormail or a suitable alternative and always use tor for everything as well as https everywhere. Noscript is also a good additional tool.
Thanks,
SecuritySolution
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQGcBAEBAgAGBQJPELL5AAoJEKhBWjky5wQCSf4L/R3TNKNr/FAy4yGjGEm75F2j
Y2d5N+owufKbZyu31Alky+VPyhKjOK0gdPDDzHYyJFOqk0OTgQe5er5wId7eWkwq
7Sp64ZeZ6rMR/znggJUNHghBykmjSyi6HDXRrFB879uRoe1iJNjyTD71oQw1FGDE
gCtIef/UFiBlXWAE/ZpW01gd1FCU0UTW04Pl1VMD4ormrtnIFic8cR34B/2EQmgv
mclOYaEJJPiO5MkFNZp1PkU0QZCHBJ28dSF2P/kNnx1UyKg8eipFgHp+jH1JPQmp
8m3lUnIeS8h0w8VDpiog1BljCp8zSTN3eRMEHds8ZmM/h2V9OXlUrQDI1NUCPbT7
2QYbAJPnpwrTBf1Tts2FVkGxt2YqnAweRuE07L1zd4oki75ieKirunOGLT2ljZWX
FZDLmXOyneh2E/glatB+LaXLAyTdGFWLwyQM++FMDNOsRxfd1fiKwTo/3CrcTQCh
6/2NIaQyC2IrNBovpwlBPXllDh/BDtwdL4117noLyw==
=Bhpf
-----END PGP SIGNATURE-----
-
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+1 What Horizons said
Please please please do not use GMail for any sensitive information even if it does/doesn't reveal your IP you have a history of connecting to that account from your real IP so it's already tagged as 'yours'. Please use tormail or a suitable alternative and always use tor for everything as well as https everywhere. Noscript is also a good additional tool.
Thanks,
SecuritySolution
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQGcBAEBAgAGBQJPELL5AAoJEKhBWjky5wQCSf4L/R3TNKNr/FAy4yGjGEm75F2j
Y2d5N+owufKbZyu31Alky+VPyhKjOK0gdPDDzHYyJFOqk0OTgQe5er5wId7eWkwq
7Sp64ZeZ6rMR/znggJUNHghBykmjSyi6HDXRrFB879uRoe1iJNjyTD71oQw1FGDE
gCtIef/UFiBlXWAE/ZpW01gd1FCU0UTW04Pl1VMD4ormrtnIFic8cR34B/2EQmgv
mclOYaEJJPiO5MkFNZp1PkU0QZCHBJ28dSF2P/kNnx1UyKg8eipFgHp+jH1JPQmp
8m3lUnIeS8h0w8VDpiog1BljCp8zSTN3eRMEHds8ZmM/h2V9OXlUrQDI1NUCPbT7
2QYbAJPnpwrTBf1Tts2FVkGxt2YqnAweRuE07L1zd4oki75ieKirunOGLT2ljZWX
FZDLmXOyneh2E/glatB+LaXLAyTdGFWLwyQM++FMDNOsRxfd1fiKwTo/3CrcTQCh
6/2NIaQyC2IrNBovpwlBPXllDh/BDtwdL4117noLyw==
=Bhpf
-----END PGP SIGNATURE-----
perfectly said. I would add, never use any emails leave it to corporates executives.
-
You don't have to directly log into the gmail web interface you can setup thunderbid/clawsmail to download and send messages through gmail
True nobody can trust tormail because who knows who's running it, but at least it's a hidden service so no exit point profiling, and if you've encrypted everything there's nothing to find
You can use i2pmail but the postmaster is a notorious nazi if they catch your public address somewhere advertising drugs or something illegal they'll ban your account. Solution here would be to load privacybox.de on top of your i2pmail account (or tormail) then you ensure everything that goes there is encrypted with your key, and nobody knows what your real address is you can freely advertise
-
Gmail is shit. Google makes money by digging your info! Avoid at all costs! Even Facebook you should avoid!
Last time I tried to use gmail with TOR, they asked a bunch of confirmations (captchas, cellphone number for sms confirmation).
-
Gmail is shit. Google makes money by digging your info! Avoid at all costs! Even Facebook you should avoid!
Last time I tried to use gmail with TOR, they asked a bunch of confirmations (captchas, cellphone number for sms confirmation).
- facebook -it can be / is easily used to profile people since the user does all the work for them creating the links person to person, info stored per person, essentially
its easier to see how a person is related to another; you can use all the security measures you like at some point in the link your "friends" are using gmail/yahoo etc
email accounts which again they will access should they need to using the proper channels, and photos with descriptions specifying names , so whilst the dumb user
thinks its all so 'neat' publishing and networking, LE have less work to do and are smiling all the way to the bank -you're helping them build their intelligence systems?!