On Mon, Aug 12, 2013 at 11:46 PM, Gordon Morehouse <gor...@morehouse.me> wrote:
> Edgar S: >> The function of Tormail I need that suggested solutions don't seem >> to have is the ability to receive and reply to clear text ordinary >> Email sent from a non-secure SMTP. I believe this better said as 'traditional email', since that may also use 'secure' tls transports or OpenPGP by users with no change. > I wish some trusted entity who has a bit of money and, um, gusto for a > fight, would set up an email service with a .onion entry point. The > EFF comes to mind, but they have plenty to do. I'm not sure what > other groups I'd trust. I never had any idea who was running Tormail. >> As a hosting venue for ... The idea of tormail was that they were not subject to legal process. Their proxy points into and out of the real world were. But it is yet untested whether in some places one can shut such an entire point down due to not being able to service a specific account. A curious mix of contract, common carrier, free speech, jurisdiction and so on. You may 'have an idea' who EFF or any other entity or jurisdiction is, but they are all subject to certain specific things. Those are very good fights to have and expose as well. And regardless of service model and who runs it, all public points are subject to tapping in the nearest upstream, no gain there. Some people did note tormail had a domain locked and supposedly got it back. And maybe they did move proxy servers sometimes too. They did have service issues and were not exactly mature/open but does that imply lack of trust? Who knows. 'Knowing them' should not imply trust either. That's why there is OpenPGP and other messaging protocols too. With standard email, I'd feel better with lots of little providers around the world, not just the big three. Ones that try these things. That way you could watch and see who does and says what up against what and all sorts of models could be tested. Right now most of the small market are legacy providers in this respect, notice how many still do not provide TLS and privacy oriented policies. Huge oppurtunities here. Besides, EFF and Tor are not in the business of running physical services carrying user data, much less storing it between transit. Ask torservers, noisebridge or start your own group :) > doesn't leak information in any of the myriad ways email can which > could serve to unmask a Tor user I do not like this 'leak'. SMTP header and operation is what it is by exact design, not by leaky bug. If MUA put the content of your disk into mail that would be a leak. User is 'unmasked' not by SMTP, but by their [improper or choiced] use of it. > This isn't gonna cut it. A Tormail replacement that's any good, > that's reliable, that's censorship-resistant, that's hardened > ... that will require professionals > to set it up. It's not going to fly on $random_email_provider + > hidden service and a tunnel, or whatever. You would be surprised how much a random tech fly can do. A fly that is given help with the legal/finance aspect becomes a powerful raptor. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
