[tor-talk] Email provider for privacy-minded folk

Tue Feb 19 05:14:09 UTC 2013

On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
> Ummmmm.  I am the REAL mysteriousflyer at yahoo.com.  I guess it's super-duper easy for a person's user names and passwords to get hacked when accessing e-mail over Tor.  I also noticed that someone has been reading my gmails (since they were marked as read), so I changed my password over there and will never access gmail through Tor again.  Someone ALSO made a copy of my debit card and tried to use it in another state, but that may be coincidence.  Does anyone have any knowledge as to HOW a hacker may get this information?  Is it through an exit server?  I certainly never made any online purchases through Tor.
>
>
>
> On 2/11/2013 9:51 PM, Griffin Boyce wrote:
>> There are some good ones out there, but if you're using Tor to create the
>> account and login, you should know that many have started blocking Tor
>> users (or deactivating their accounts in the case of Yahoo). Size could
>> also be an issue, but if you're deleting them off the server on download,
>> then that problem goes away.
>>
>> ~Griffin
>>
>> On Mon, Feb 11, 2013 at 10:10 PM, Mysterious Flyer <
>> mysteriousflyer at yahoo.com> wrote:
>>
>>
Will the real Mysteriousflyer please stand up?  Maybe the list admins 
can trace the 1st mysteriousflyer & your emails, back to the origin & 
gain some knowledge.
I don't know about the dual use / acct hacking, but if you send 
unencrypted data through a Tor exit, a malicious relay operator could 
capture it.  This is & has been well documented for ages. "DON'T send 
any critical data, if not using secure connection (or encrypted file) 
through Tor."  Treat it like you would dealing w/ your bank - you 
wouldn't do business on a non secure connection (with the destination site).

Do you use gmail's https connection - both w/ Tor & w/out?  You should.  
If you don't, they could have gotten your PW, if using a regular browser 
or Tor Browser.

If you use gmail's (or any) https connection, it's no easier for an exit 
relay to steal your PW than anyone else, AFAIK.  It's still an encrypted 
connection.

But, as news stories point out, there are many ways for hackers / con 
men to get your PW other than running a Tor relay.  If your PW wasn't 
that strong, they could easily hack it using software.  I assume they 
didn't have your PW reset, but that's another way hackers do it - if 
they can guess security question answers, or they know you or something 
about you (or can look it up).

How would they make a copy of a debit card through Tor or your Gmail 
acct?  Do you keep a picture or all data of the card, unencrypted in 
your email acct?
Also, using a credit card is generally safer than debit cards. You're 
better protected by the contract of most CC companies.