Silk Road forums
Discussion => Security => Topic started by: murungu on November 28, 2011, 01:39 am
-
I have just created and account @tormail.net via thunderbird under cover of the tor network itself.
The tor network and tormail are unrelated, but use the same concept to move data.
Tormail have a very reassuring homepage, and there is no way any personal info is required when signing up.
But still, it's new-ish, it could be an elaborate sting... can any tormail users vouch for its authenticity?
You can mail me on my tormail addy jus to test it out... LOLZ.
-
You never know what may be a honeypot now days. I personally love tormail and use it and love that they do not require any personal info. One thing I say is just to be safe use pgp when transmitting sensitive info. You can never be too safe! I don't mind chatting casually over tromail but anytime I give an address or anything I make sure to PGP it.
-
What I don't understand if why you're going through the efforts of using tormail if you're having it linked to thunderbird on your computer... They get your computer they have access to your tormail, kinda defeats the purpose imo.
-
What I don't understand if why you're going through the efforts of using tormail if you're having it linked to thunderbird on your computer... They get your computer they have access to your tormail, kinda defeats the purpose imo.
Actually, I replied to this in a 'smartass' way and then realised you had a point! So apologies, Tommyhawk, I removed the offending reply... You're right, it's just that they (tormail) provided instructions to link thunderbird, and I just did it (it's been a long few days setting up 'stealth everything' AND navigating the joys of shit-coin trading, My brain's become stuck in join-the-never-ending-dots mode!
I'll remove thunderbird and use tormail from the source, the irony is, thunderbird proxy has failed and has wasted my whole morning trying to fix it anyway...
Now back to my shit-coin purchase travails. Thanks for pointing out the rather obvious, Tommyhawk!
-
You never know what may be a honeypot now days. I personally love tormail and use it and love that they do not require any personal info. One thing I say is just to be safe use pgp when transmitting sensitive info. You can never be too safe! I don't mind chatting casually over tromail but anytime I give an address or anything I make sure to PGP it.
Thanks for the pos info bupebuddy, Ah PGP! Just dealing with Symantec again (who bought PGP last year) gave me the cold sweats! I spent a day reluctantly trying to download their shit, and then gave up... luckily, I then found the Arcticsoft version of PGP, and I have installed, but not managed to test it -yet... here's hoping! I have 15 days to test it then they want $90, it had better be worth it! There is no up to date freeware PGP online, I spent a lot of time looking!
-
Tormail + Thunderbird + Enigmail + GPG should be pretty safe, and you can always install a portable version of Thunderbird on an encrypted USB drive or whatever. The main risk I see is in scripts that may be contained in emails and could cause Thunderbird to leak information. If you set your security settings carefully though, you should probably be fine.
-
Just dealing with Symantec again (who bought PGP last year) gave me the cold sweats! ...I then found the Arcticsoft version of PGP, and I have installed, but not managed to test it -yet... here's hoping! I have 15 days to test it then they want $90, it had better be worth it! There is no up to date freeware PGP online, I spent a lot of time looking!
Have you looked at Gnu Privacy Guard (a.k.a. GnuPG, or GPG) [ gnupg.org ]? It's free and open source, for *nix, Windows, and Mac.
-
Just dealing with Symantec again (who bought PGP last year) gave me the cold sweats! ...I then found the Arcticsoft version of PGP, and I have installed, but not managed to test it -yet... here's hoping! I have 15 days to test it then they want $90, it had better be worth it! There is no up to date freeware PGP online, I spent a lot of time looking!
Have you looked at Gnu Privacy Guard (a.k.a. GnuPG, or GPG) [ gnupg.org ]? It's free and open source, for *nix, Windows, and Mac.
I did, but was worried it would not 'talk' to PGP... So, do they inter-relate? I could not find a definitive 'yes' to that. Also I read it has some limitations and can be complex. I have enough complexity in my life, I'm here to escape that, not add to it! :D
-
ALWAYS use GPG. In this business, trust nobody.
-
I have had a careful look at some encrypted posts on the 'post your public key here thread'. It seems GPG (GnuPG) is in fairly wide use on SR, so I will adopt that, and see if it does what it does with a minimum of fuss. That way I can save the money I was going to spend on PGP, for some good shit! of course, I may still resort to buying PGP for convenience... I'll post my outcomes here.
Thanks to all who offered their ideas and info so far!
-
In the late 90s PGP created the OpenPGP standard, which basically makes software that implements it compatible with PGP. GPG is an open source OpenPGP implementation. So the short answer is, GPG is what you want.
-
I have just created and account @tormail.net via thunderbird under cover of the tor network itself.
Has anyone actually looked into how safe it is to use non-web email clients with Tor? I can imagine that Thunderbird leaks sensitive information (such as your original IP address) all over the place, but haven't spent much time auditing this myself.
-
Is it odd that I can only send a message maybe one time in 20 using their RoundCube webmail interface? I've never been able to add an attachment (a small text file) and almost every time I try to send a message I see "sending message failed"?
I don't want to use Thunderbird because I don't want my tormail.net settings stored somewhere. I'd rather keep using the webmail on a browser that doesn't save any data.
-
Is it odd that I can only send a message maybe one time in 20 using their RoundCube webmail interface?...I don't want to use Thunderbird because I don't want my tormail.net settings stored somewhere.
Have you tried the SquirrelMail web interface on TorMail? It hasn't failed me yet -- not that I use it all that much -- plus it doesn't reqire javascript (which can be a security concern).
-
I would definitely recommend SquirrelMail for accessing Tormail on the web if you are concerned about your privacy. It does not use javascript, which will be blocked in a secure Tor browser anyway because of its potential to leak information.
-
I have had a careful look at some encrypted posts on the 'post your public key here thread'. It seems GPG (GnuPG) is in fairly wide use on SR, so I will adopt that, and see if it does what it does with a minimum of fuss. That way I can save the money I was going to spend on PGP, for some good shit! of course, I may still resort to buying PGP for convenience... I'll post my outcomes here.
Thanks to all who offered their ideas and info so far!
advantages -is gnupg means opensource but not everything is going to be supported versus say symantec's PGP / any commercial product.
lots of coding going on.
generally free
disad -may wait some time for a solution if a bug arrives, but if its serious be a quick fix.
you may have to do some things from the command line = welcome to the linux world.
-
I have spent a lot of my spare time since I created this post looking at my comms options here on SR.
I found squirrelmail worked with attachments, roundcube failed.
I still have difficulty getting a smooth interface with free GPG4WIN with multiple cut n paste to the point where I'm losing track of the message process if someone interrupts me for a minute, not good! (This is because tormail has no way to openly interface with GPG4WIN so everything (messages and keys) have to be copied and pasted into Kleopatra for encyrption, then pasted into notepad and then into tormail, far out :(
I'm going to try arcticsoft PGP for a few days, if its easier, I'll pay $90 for it. Time is money!
However I have a hunch that tormail being a 'ghost' service will again be the issue.
Thinking about encryption, the only thing that I can see needs it are delivery addresses, surely ordering shit via tormail and SR should be security enough?
Let's face it, LE could harvest a LOT of info here just tracking these BB conversations, people slip up, boast, and also likely post drunk and or high here.
Not only that, but most if not all the discussions here focus on circumventing laws, offering or sourcing contraband which themselves (the discussions) are illegal in many jurisdictions!
So all the huffing and puffing about encrypting your actual drug bartering on an untraceable browser in a diffused 'cloud' site with an untraceable dealer is absurd IMO!
Same with tumbling bitcoin into multiple wallets. Bit coin is 'clean' its not illegal to trade it (yet) and your SR wallet is encrypted till the end of time.
I think if it makes ppl feel better, OK, but the overkill -given the systems already in place- is it really necessary?
All the software I'm evaluating on my system (to secretly order a pill or powder) is suspect in itself, it surely defeats the purpose of SR! Anyone care to rebut this thinking? (Be kind if you do!)
-
Seems to me the ultimate security measure would be to regularly sweep your system for trojan keyloggers. If someone has got into your system, all the wallets, tumblers, tors, and PGP toys in the world ain't worth shit.
A final thought, I operate Mac and PC, any mac users care to comment on their encryption tools? (Yes I will also go do a search for that, but just askin') :)
-
...Thinking about encryption, the only thing that I can see needs it are delivery addresses, surely ordering shit via tormail and SR should be security enough?
Let's face it, LE could harvest a LOT of info here just tracking these BB conversations, people slip up, boast, and also likely post drunk and or high here.
Not only that, but most if not all the discussions here focus on circumventing laws, offering or sourcing contraband which themselves (the discussions) are illegal in many jurisdictions!
So all the huffing and puffing about encrypting your actual drug bartering on an untraceable browser in a diffused 'cloud' site with an untraceable dealer is absurd IMO!
Same with tumbling bitcoin into multiple wallets. Bit coin is 'clean' its not illegal to trade it (yet) and your SR wallet is encrypted till the end of time.
I think if it makes ppl feel better, OK, but the overkill -given the systems already in place- is it really necessary?
All the software I'm evaluating on my system (to secretly order a pill or powder) is suspect in itself, it surely defeats the purpose of SR! Anyone care to rebut this thinking?...
Nope. We all get to choose our own path(s).
Plus, you'd have to pay for another five minutes [ youtube.com/watch?v=wdoGVgj1MtY ]. ;)
-
Plus, you'd have to pay for another five minutes [ youtube.com/watch?v=wdoGVgj1MtY ]. ;)
OK I'll settle for contradiction then.... since I didn't expect the Spanish Inquisition; just don't get me started on the life expectancy of parrots! ;D
-
I have been using TORmail for 3 months now, I always log in via squirrel mail and use PGP in my emails. I have not a single problem other than it being and taking long to send an email.
-
I have been using TORmail for 3 months now, I always log in via squirrel mail and use PGP in my emails. I have not a single problem other than it being and taking long to send an email.
Hello JackS,
I'm now convinced tormail using the squirrel interface is a top notch secure mailing service, but could you please elaborate on the PGP program you use?
That's where I'm having problems, I'm forced to cut n paste EVERYTHING via windoze notebook to send even a simple public key generated by kleopatra in GPG4WIN because it does not interface with the off-system tormail, I'm reluctant to use a Tormail Thunderbird interface because that resides in a hard drive and could incriminate me, and all the cutting and pasting is what turns me off the software. What are you using? Thanks.
-
Yeah, tormail--to me--is a bit of a pain, slow, all that...but some msgs I want to encrypt and are important enough to put up with it...but I use squirrelmail, works o.k....
-
Domain Name: TORMAIL.NET
Registrar: MONIKER
Registrant [3576098]:
Akim Japera whois@tormail.net
TorMail Webmail Service
P.O. Box 5870
Hargeisa
Somaliland
Phone: +252.20025181
;D ;D ;D ;D ;D ;D
Domain: tormail.net
IP Address: 94.249.139.7
IP Host: box10.host1free.com
Country: Germany (DE)
ISP: GHOSTnet GmbH
Organization: GHOSTnet GmbH
7 ghostnet.newcolo.kleyrex.net 193.189.82.100 Germany 150.052
8 box10.host1free.com 94.249.139.7 Germany 150.762
GHOSTnet GmbH
Kaiser-Friedrich-Promenade 65
D-61348 Bad Homburg v.d.H.
Tel: +49 6172 1850-25
Fax: +49 6172 1850-29
eMail: info@ghostnet.de
Internet: http://www.ghostnet.de
Gesellschaft: HRB 8637, Amtsgericht Bad Homburg v.d.H.
Ust-IdNr. DE 206 435 465
Geschaeftsfuehrer: Sebastian Grafmueller
-
Sites with longest running systems at GHOSTnet GmbH
GHOSTnet GmbH Network used in FRA07
Rank Site Average Max Latest OS Server
1 www.leechhat.com - 9 3 Linux Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch
2 www.multitrick.com - 37 38 Linux Apache/2.2.3 (CentOS)
3 usfxtrading.com - 24 13 Linux Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
4 like3x.net - 41 38 Linux Apache/2.2.3 (CentOS)
Domains hosted by : GHOSTnet GmbH
Total: 3
domain
das-solarboot.de
amb-allemagne.fr
make365.info
List of Top Sites Hosted by ISP: GHOSTnet GmbH
No. Domain Name Traffic Rank IP Address Web Title
1. autolink.cz.cc #669 94.249.143.6 Autolink
2. jphost.cz.cc #669 94.249.143.6 Jphost
3. planet-hosting.cw.cm #30,540 94.249.143.27 Planet-hosting
4. konversionskraft.de #45,605 217.69.162.183 Konversionskraft
5. host1free.com #59,172 217.69.173.120 Host1free
6. host1plus.com #67,006 217.69.173.120 Host1plus
7. desktops.org.ua #171,470 94.249.145.154 Desktops
8. big.org.ua #173,372 94.249.145.154 Big
9. abacf.eu #202,370 217.69.173.118 Abacf
10. cnscn.org #213,191 94.249.143.2 Cnscn
11. alpha-bionic.de #242,191 94.249.156.76 Alpha-bionic
12. qqwork8.com #267,659 94.249.143.5 Qqwork8
13. web-arts.com #325,958 217.69.173.130 Web-arts
14. zzxqw.com #340,275 94.249.143.2 Zzxqw
15. alchimagica.eu #347,147 217.69.173.118 Alchimagica
16. kmb-service.de #366,484 94.249.135.18 Kmb-service
17. conversion-camp.com #366,708 217.69.173.130 Conversion-camp
18. bigteo.net #394,666 94.249.143.2 Bigteo
19. homeads.de #412,495 94.249.155.3 Homeads
20. x2-hosting.de #422,163 94.249.144.236 X2-hosting
21. anuradhapurazone.info #430,331 94.249.143.5 Anuradhapurazone
22. voovq.com #432,336 94.249.143.2 Voovq
23. reputationobserver.com #442,067 94.249.142.40 Reputationobserver
24. files4gsm.de #464,994 94.249.145.234 Files4gsm
25. imagexhost.org #470,471 217.69.173.118 Imagexhost
26. rupai.net #477,723 94.249.143.2 Rupai
27. abacf.net #484,010 217.69.173.118 Abacf
28. dzidze.com #530,074 217.69.173.118 Dzidze
29. ma9a.com #542,052 217.69.173.118 Ma9a
30. zuhaltopal.org #545,345 217.69.173.118 Zuhaltopal
31. blogger-aktionen.de #551,281 94.249.155.51 Blogger-aktionen
32. kuheo.com #560,107 94.249.143.2 Kuheo
33. ms333.cn #585,201 94.249.143.5 Ms333
34. hkaixin.com #593,155 94.249.143.2 Hkaixin
35. kmb-anzeigenservice.de #594,242 217.69.160.174 Kmb-anzeigenservice
36. ghostsuche.de #596,246 217.69.160.174 Ghostsuche
37. manytablets.com #606,435 217.69.173.118 Manytablets
38. whostas.com #617,358 94.249.143.2 Whostas
39. sweet-belly.de #636,267 217.69.162.142 Sweet-belly
40. 5d6d.org.ru #682,812 94.249.143.2 5d6d
41. rapidgo.ir #683,314 217.69.173.118 Rapidgo
42. devno.com #696,123 94.249.155.4 Devno
43. ms9108.cn #708,704 94.249.143.5 Ms9108
44. panoramikistanbul.com #734,404 217.69.173.118 Panoramikistanbul
45. bethelptips.com #738,551 94.249.143.6 Bethelptips
46. tera-gaming.de #746,253 94.249.144.189 Tera-gaming
47. shanshanmao.com #761,517 94.249.143.2 Shanshanmao
48. abc4m.tk #791,248 94.249.139.4 Abc4m
49. bad-nauheim.de #797,626 217.69.161.85 Bad-nauheim
50. uufree.cn #819,276 94.249.143.2 Uufree
KleyReX Internet Exchange is operated by
GHOSTnet GmbH
Kaiser-Friedrich-Promenade 65
D-61348 Bad Homburg v.d.H.
Fon: +49 (0)6172 / 18 50 25
Fax: +49 (0)6172 / 18 50 29
eMail: info@ghostnet.de Web: www.ghostnet.de
HRB 8637, Amtsgericht Bad Homburg
USt-ID-Nr. DE 206 435 465
CEO: Sebastian Grafmüller
eMail: info@kleyrex.net Web: www.kleyrex.net