Peak-Muscle.com  

Welcome to the Peak-Muscle.com forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Come join us in on one of the best online fitness communities. We have 16,000 members that are likeminded towards a fitness, bodybuilding lifestyle. Registration is free and only takes but a few minutes. By joining our free community you will have access to communicate privately with other members (PM), respond to polls, upload content and access many other special features. You will be able to create threads to discuss and or create a fitness regimen. Or just bounce ideas off of some very knowledgeable members. So don't miss out. Registration is fast, simple and absolutely free so please, join our community today!

Register FAQ Members List Calendar Arcade Mark Forums Read
Go Back   Peak-Muscle.com > Off Topic > General discussion
User Name
Password

Reply
 
Thread Tools Display Modes
Old 02-23-2012, 02:51 PM   #1
P. Bateman
Vet
 
P. Bateman's Avatar
 

Join Date: Mar 2009
Posts: 1,113
P. Bateman is a jewel in the roughP. Bateman is a jewel in the roughP. Bateman is a jewel in the roughP. Bateman is a jewel in the rough
E-Mail service

Which secure E-Mail service should I go with?
__________________
“People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf.”
P. Bateman is offline   Reply With Quote
Old 02-23-2012, 06:17 PM   #2
chicken_hawk
Guest
 

Posts: n/a
Quote:
Originally Posted by P. Bateman View Post
Which secure E-Mail service should I go with?

Well, Mirrorshades is the one you really want to ask as his is the last word in my mind on this, but all I can do is repeat a little of what he has shared with me.

Most, so called secure emails are not secure at all and it all has to do with the way they are encrypted. Safe-mail, securenym, and anonspeach all fall into this category. The best things these places may have going for them is if they do not cooperate with the US.

He would also tell you that if you encrypt your emails using a PGP key than you could use any email and the DOD could never open it, but they would know it's you and because they are all tied to your IP addy.

So, the safer way would be to have an email account that masks your IP, such as Tormail. Yes, it primitive and slow, but your IP is always changing and no one can ever trace it to your living room, plus it's free! The if you were to add PGP encryption your solid.

I am using my Tor browser and have let my sources know I use tor and I feel very safe. Heck my browser says I am am in the Netherlands right now.

https://check.torproject.org/?lang=e...l=1&uptodate=0

Hawk
  Reply With Quote
Old 02-23-2012, 07:44 PM   #3
Shovel
VET
 
Shovel's Avatar
 

Join Date: Jul 2011
Location: USA
Posts: 2,772
Shovel is a splendid one to beholdShovel is a splendid one to beholdShovel is a splendid one to beholdShovel is a splendid one to beholdShovel is a splendid one to beholdShovel is a splendid one to beholdShovel is a splendid one to behold
Good question. Lol
I just use safemail still with privnote.
__________________
Semper Fi
Shovel is offline   Reply With Quote
Old 02-23-2012, 09:03 PM   #4
liftsiron
Administrator
 
liftsiron's Avatar
 

Join Date: Nov 2003
Location: Cimmeria
Posts: 18,384
liftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant future
I mostly use safe-mail.
__________________
ADMIN/OWNER@Peak-Muscle
liftsiron is offline   Reply With Quote
Old 02-24-2012, 07:38 AM   #5
bufbiker
Guest
 

Posts: n/a
I use safe-mail as well but hear they aer run by the Israeli Massad. Not sure if it's true or not. But it's worked for me for a while now.
  Reply With Quote
Old 02-24-2012, 08:25 AM   #6
gamba
Guest
 

Posts: n/a
I sign up to countermail and as soon as I'm due to pay (1 month late) I drop it and sign up with another account. This way I get a good encrypted email account for free...only downside is you need to change email addy every month.
  Reply With Quote
Old 02-24-2012, 08:25 AM   #7
chicken_hawk
Guest
 

Posts: n/a
I still have a safe-mail account from some time back, BUT the major problem with it is that securnym accounts will not let safe-mail through. So either go with securnym or anonymousspeech.

Hawk
  Reply With Quote
Old 02-24-2012, 10:58 AM   #8
P. Bateman
Vet
 
P. Bateman's Avatar
 

Join Date: Mar 2009
Posts: 1,113
P. Bateman is a jewel in the roughP. Bateman is a jewel in the roughP. Bateman is a jewel in the roughP. Bateman is a jewel in the rough
Thanks guys
__________________
“People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf.”
P. Bateman is offline   Reply With Quote
Old 02-25-2012, 09:55 AM   #9
Mirrorshades
Registered User
 

Join Date: Sep 2010
Posts: 39
Mirrorshades is on a distinguished road
Exclamation

Quote:
Originally Posted by P. Bateman View Post
Which secure E-Mail service should I go with?
First, I'll give you the short answer -- none of the commercial ones.

Now for the long answer.

What I would consider "secure" and what they consider "secure" are two entirely different things. You have to bear in mind that the commercial providers of "secure" emails have two goals in mind:

1) To stay in business; and

2) To (hopefully) make a profit.

Having their servers seized, and their business shut-down by the authorities, tends to prevent them from achieving goals 1) and 2).

Accordingly, almost all commercial services include language in their terms of service that prohibit illegal activities. (If they failed to do so, they potentially risk legal liability as accessories after the fact, if nothing else.) How far the services go, when suspected illegal activity comes to their attention differs widely. Some services merely shut-down accounts; others, like Hushmail, not only shut-down accounts, but they allegedly report suspected illegal activities to the RCMP/Interpol.

One thing common to almost all these service providers is that, when approached by the authorities with a warrant, they will roll-over on their users, no ifs, no ands, no buts.

Some, like Securenym, claim to vigorously fight any subpoenas they are presented with -- whether this is true or not I cannot say. My limited understanding of American law is that subpoenas can be challenged in court, whereas search warrants cannot. In any case, such challenges are expensive to mount, and most providers do not have the resources or deep pockets of a company like Google.

Even then, they can still lose. Twitter is just such a case in point. Twitter went to bat for 3 of its users caught-up in the Wikileaks investigation -- they fought the U.S. government subpoenas in the courts for 18 months, and still lost at the court of appeal.

So, at some point, they're going to cooperate with the authorities -- whether they do it voluntarily, or they are compelled to do so by the courts. None of this should come as no surprise whatsoever -- after all, they want to stay in business, and keep themselves out of jail.

So, we've established that they're going to cooperate with the authorities. What form will that cooperation take?

In general, you have to consider that they're going to hand over everything they have on you.: lock, stock, and barrel.

Usually that means:

1) Credit card number (in the case of a paid service)

Now, some services (like Securenym, and possibly others) claim to take steps to prevent association of your credit card number with any particular account. Needless to say, this is impossible to verify. What is fairly clear, however, is that there has to be some association between an email account and your credit card number for at least a period of time. If this wer not the case, then how would these companies handle charge- backs from the credit card companies?

2) IP addresses used to both setup/access the account

Harvesting of IP addresses is depressingly common. Even in the absence of other identifying information (e.g. credit card) your IP address, is enough to ascertain your ISP, Given the dates/times of your logins, your ISP can narrow down which of their customers was assigned that IP address at those particular dates and times. Your ISP will hand over your name, address, telephone number, etc.

3) Encryption keys (if any)

To the best of my knowledge, almost all or the services currently in existence, e.g. Hushmail, Safe-Mail, Anonymousspeech, Countermail, etc. all generate and store the encryption keys for you. If your "secure" email provider generates/stores the encryption keys, they can also capture your passphrase, if compelled to. With your private key, and your passphrase, they can decrypt all your email. This is what happened in the case of Tyler Stumbo and Hushmail.

4) Passphrase

This can be captured, if need be, to decrypt your emails.

5) Copies of stored emails, if any

6) Addresses stored in your address book.

Quite a haul, by any reckoning, isn't it?

I'm sure you would agree this has been a truly depressing read. The question is, what can be done about it? The answer is: quite a lot, actually.

It all depends how much you value your safety/freedom. Let me be blunt -- you can't buy safety from the authorities. Anyone who tells you that you can, is trying to scam you.

If you're willing to invest some time and effort, however, you can learn to use freely-available tools which will provide you with even better email security than many police forces themselves have. (I've gone through some of the various police emails as published by Anonymous, and I've been amused at just how woefully bad some of their security is. If you follow my instructions, you'll be far better off.)

As Hawk has already intimated, I'm currently advising that people use TorMail for an email account. While TorMail does not encrypt the email, it nevertheless is anonymous.

In an ideal world, you want both anonymity and encryption; if you can't have both, you want anonymity, more than encryption. Why?

Simple. If you're anonymous, you can't be raided by the authorities. TorMail is operated as a Tor hidden service -- this means that it can only be accessed by using the Tor anonymizing network. Why is this important?

1) Because you have to be running Tor to access TorMail, your real IP address is never exposed. The Tormail operators don't ask for any information other than email username and a password. There is nothing to link your TorMail address to your real ISP, or identity.

2) Because TorMail is operated as a Tor hidden service, the authorities have no idea where the server(s) are located, nor do they have any idea who the operators are. Accordingly, they can't find the servers to raid them; similarly, they can't locate the operators to put pressure on them.

So, how do you sign-up for a TorMail account?

First, you have to download and run the Tor Browser Bundle.

Go to the Tor homepage: https://www.torproject.org/

Click on the purple button that says, "Download Tor"

Choose the Tor Browser Bundle for your Operating System -- it is available for Windows, Mac and Linux.

Download the installer file to a folder. After the download is finished, run the executable to extract the files. One of the files will be an executable that will start Tor, and Aurora, a slightly stripped-down version of Firefox.

The browser will take you to the Torproject's page that will verify that Tor is running, and show you your IP address. This IP address will not be the same one as assigned to you by your ISP.

Next, you'll want to head over to the TorMail project homepage:
http://jhiwjjlqpyawmpjx.onion/

You'll notice that the address is not a regular address -- the .onion is a pseudo-top-level domain, accessible only through Tor.

Once you go there, just click on the link to setup an account, and you'll be asked for a username, password, and to solve a captcha. Your account will be ready to use in about 5 minutes.

When you go to login, I would use the Squirrelmail interface; although the site operators recommend RoundCube, RoundCube uses Java, and I see that as a security risk.

Here is a direct link to the Squirrelmail login:

http://jhiwjjlqpyawmpjx.onion/squirr.../src/login.php

Have fun!

Mirrorshades

Last edited by Mirrorshades; 02-26-2012 at 07:39 PM.. Reason: Added some additional information
Mirrorshades is offline   Reply With Quote
Old 02-26-2012, 08:20 PM   #10
Mirrorshades
Registered User
 

Join Date: Sep 2010
Posts: 39
Mirrorshades is on a distinguished road
Exclamation Some further thoughts on TorMail

I just wanted to re-iterate a couple of points...

When you communicate securely, you want to have two things:

1) To be anonymous; and

2) To have privacy.

Privacy and anonymity are NOT the same thing. Using TorMail, one is anonymous, but not private. The reason I say that, is because the admins of the TorMail service could, if they so chose, read (and copy) your email.

They could also access your address book, and see who you were writing to, and what you were writing about.

Now, mind, I'm NOT knocking the TorMail admins for this -- this is true of every email provider in existence today. Any admin can snoop on your email, if they are so inclined.

The way to stop that is to use encryption. If you use a nymserver, you can have all (incoming) email sent to you automatically encrypted. The authorities cannot decrypt your mail, because (unlike Hushmail and its various clones) only YOU have the private half of the key which is needed to decrypt the messages.

The nymserver also anonymizes the incoming email, so even the TorMail admins can't determine who sent you any email. Likewise, the Subject: lines can be encrypted, so they can't even learn anything about the email from the Subject: line.

When you decrypt the email, you'll be able to see the original, exactly as it was sent, with all the headers and all the other information intact.

I'm going to elaborate at this over the next couple of weeks -- I've been planning to give a tutorial on the use of encryption and nymservers for some time now, and I'm just about ready to proceed.

Although on the surface, it may appear complicated enough to make your head explode, you can make use of these tools if you can follow step by step instructions.

Mirrorshades
Mirrorshades is offline   Reply With Quote
Old 02-26-2012, 09:52 PM   #11
Darkness
Moderator
 
Darkness's Avatar
 

Join Date: Apr 2011
Location: The Nefarious AAS Underworld
Posts: 5,657
Darkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant futureDarkness has a brilliant future
Thanks Mirrorshades. Appreciate your expertise and insight. !!!
Darkness is offline   Reply With Quote
Old 02-27-2012, 08:55 AM   #12
rockinred
Vet
 
rockinred's Avatar
 

Join Date: Oct 2011
Location: BFE
Posts: 162
rockinred is on a distinguished road
Sounds like mirrorshades got this covered. Damn, that's some intense stuff. Thanks for the info.

I think if you are going to just need it for random use here and there...a place like 4seruremail is decent. A paid place is always going to be better than a non paid email that is suppose to be secure. If you need to be really secure than, mirrorshades got it down.
__________________
Work Hard...Train Hard...Play Hard!!!
rockinred is offline   Reply With Quote
Old 02-27-2012, 10:10 AM   #13
P. Bateman
Vet
 
P. Bateman's Avatar
 

Join Date: Mar 2009
Posts: 1,113
P. Bateman is a jewel in the roughP. Bateman is a jewel in the roughP. Bateman is a jewel in the roughP. Bateman is a jewel in the rough
Could we possibly make that a sticky?
__________________
“People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf.”
P. Bateman is offline   Reply With Quote
Old 02-27-2012, 01:43 PM   #14
liftsiron
Administrator
 
liftsiron's Avatar
 

Join Date: Nov 2003
Location: Cimmeria
Posts: 18,384
liftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant futureliftsiron has a brilliant future
Quote:
Originally Posted by P. Bateman View Post
Could we possibly make that a sticky?
OK!
__________________
ADMIN/OWNER@Peak-Muscle
liftsiron is offline   Reply With Quote
Old 02-29-2012, 12:43 AM   #15
MR. BMJ
Moderator
 

Join Date: Apr 2006
Posts: 3,209
MR. BMJ is a splendid one to beholdMR. BMJ is a splendid one to beholdMR. BMJ is a splendid one to beholdMR. BMJ is a splendid one to beholdMR. BMJ is a splendid one to beholdMR. BMJ is a splendid one to beholdMR. BMJ is a splendid one to beholdMR. BMJ is a splendid one to behold
Tyler Stumbo was that kid from Osaca labs IIRC, was caught in ORD.

Great post MS, i'm going to share this at a few boards, it's great info to have on hand and use.
MR. BMJ is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:42 AM.


Powered by: vBulletin Version 3.8.11
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.