Avoid Hushmail, Safe-mail, and Cyber-rights!

Well, I knew that because I don't have much bodybuilding knowledge to speak of...

I'm not offended in the least. Sometimes I wonder about being on the Internet as well. I've been reading about privacy, surveillance and the database state for almost 30 years now.

On the one hand, what keeps me optimistic to a degree is the knowledge that there are at least some effective tools to keep the state out of our private business. On he other hand, what depresses me is that almost no one wants to learn the truth of the matter, and make any effort to preserve their privacy from the long arm of the state.

As a British official put a year or two ago, "We're sleepwalking into a surveillance state."

Mirrorshades

I think alot of people don't know where to start or how to get into it and just end up ignoring it like you said.

Agreed. I'm willing to teach, if people are willing to learn.

There is no such thing as perfect security, but the tools and techniques I can teach you to use will put you light-years ahead of people who don't use them. Some of the terminology is complex, but I will try to explain things in plain English, to the best of my ability. If you don't understand something, just ask. (I'll be honest, I've been doing this for so many years I sometimes forget what it was like when I had to learn it.)

Now a little preamble, before I get into the thick of things... the first thing I am going to recommend is that people learn to use Tor. Tor is an acronym, which stands for "The Onion Router".

Tor was originally developed by the U.S. Naval Laboratories to secure their own communications. The code is now open- source, and can be downloaded, examined and used by anyone who wants to improve their privacy.

Tor has been sponsored (funded) by a variety of organizations, including:

- The Electronic Frontier Foundation (EFF)
- Human Rights Watch
- The National Science Foundation
- The Swedish International Development Cooperation Agency
- Google

You can read more about it here: https://www.torproject.org/about/overview.html.en

Tor works by relaying your communications through nodes run by volunteers scattered around the world. When you start Tor, the software gathers a list of currently available nodes and randomly selects a group of nodes (called a circuit) to route your traffic through.

When these nodes are selected, temporary encryption keys (session keys) are generated to encrypt your traffic as it transits the nodes. Once a particular circuit is torn-down (and this happens about every 10 minutes) the session keys are destroyed. Once destroyed, the traffic encrypted with those keys cannot be decrypted by anyone, as those session keys no longer exist.

Two of the Tor developers, Roger Dingledine and Jacob Appelbaum gave a presentation at the 28th Annual Chaos Communication Conference held from December 27th through December 30th, 2011 in Berlin. In their presentation, they described how dissidents in repressive regimes use Tor to protect themselves. Jacob Appelbaum related the following story:

Source: http://www.youtube.com/watch?v=DX46Qv_b7F4
(This video is a long one... about 85 minutes.)

Now that you have an idea of what Tor is, who uses it, who funded it, it's time for the rubber to hit the road -- to download it, and start using it.

What You Can Do Right Now

The first (and one of the best) things you can do is to download a copy of the Tor Browser Bundle. You can obtain a copy from:



Choose the Tor Browser Bundle that corresponds to your operating system version (i.e. Windows 32/64-bit, Mac OS X, Linux).

Save the downloaded file, and execute it. It will prompt you for a location to unpack the files to, e.g. a flash drive. Unpack these, and then run the Start Tor Browser executable.

You can see a video tutorial of the process at the following URL: http://www.youtube.com/watch?v=2Bm8f...S8fJfCtzef4wBY

When you have Tor up and running, you can go to the following page to setup a TorMail account: http://jhiwjjlqpyawmpjx.onion/

If you look closely, you'll notice the .onion address. This is a special, pseudo-top level domain, that is accessible only through the Tor network (in other words Tor must be up and running for you to even be able to load this page.)

TorMail is an example of what is known as a Tor hidden service. As the name implies, hidden services are hidden, so no one can tell where the server(s) are located. You may have heard that, back in October, a splinter group of Anonymous declared war on an alleged child pornography site called Lolita City. Despite their best efforts, Anonymous was not able to locate the site, except to say that it was located "roughly in the USA".

Once you have the Tor browser bundle installed, then navigate to the TorMail home page, and setup an account. It may take up to 5 minutes for your account to be established, before you are able to login.

Login to the account using the Squirrelmail interface -- I know the TorMail admins recommend RoundCube, but I think it a good idea not to use Java/Javascript if at all possible.


TorMail Pros and Cons

Pros:

Because TorMail is a hidden service, no one knows who the operators are, or where they are located. Accordingly, there is no one and nowhere for the authorities to go to when they want information on a particular email account.

The TorMail operators cannot determine who you are (or your location), as Tor prevents them from determining your IP address, the same as it does for anyone else.

Cons:

Because TorMail is a hidden service, no one knows who the operators are, or where they are located. For all anyone knows, TorMail could be a gigantic honeypot, setup to collect information on people who would like to remain anonymous.

Like any other email provider, the admins could certainly read the email of any user they wish to. That's where PGP/GPG comes in -- if your email is encrypted, then there is no way for them to read it.

Recommendations:

You can have as many TorMail accounts as you'd like; setup your first TorMail account so it isn't linked to any other ID that you use -- you will want to avoid using your usual ID. You'll also want to avoid even similar IDs; use something completely different -- people are creatures of habit, and the authorities know this. Pick something completely off-the-wall, something that people would never associate with you.

Practice compartmentalization: until you have PGP up and running, don't put anything in a TorMail email message that you might later come to regret.

Remember, TorMail is anonymous; it is NOT private unless you use PGP/GPG.

Once you've got your TorMail account setup, send me a PM here on the board, and let me know what it is, or email me at: Mirrorshades@TorMail.net

Mirrorshades, you just posted at AFboard too, i'm going to have to read your posts like 20x in order to understand....and preferably not when i'm tired at midnight...lol!

Thanks for all this information, this is an unbelievable amount of information you are sharing. Like shovel stated, you scare the heck out of me with all this knowledge, especially the history and math of everything you posted, that is phenomenal. I'm a complete idiot when it comes to computers outside of the basics, so if you continue to write, i'll continue to read.


****Please don't be a spammer

Thanks for the posts!

I post in a number of places...

That's all I can ask for. I would like to emphasize one thing, however: If you have a question, don't be afraid to ask. There is no such thing as a dumb question.

I hope they're not considered spam....

Mirrorshades