[tor-talk] Email provider for privacy-minded folk

Jim Jimmymac at copper.net
Tue Feb 19 06:51:58 UTC 2013


Mysterious Flyer wrote:
> Ummmmm.  I am the REAL mysteriousflyer at yahoo.com.  I guess it's super-duper easy for a person's user names and passwords to get hacked when accessing e-mail over Tor.  I also noticed that someone has been reading my gmails (since they were marked as read), so I changed my password over there and will never access gmail through Tor again.  Someone ALSO made a copy of my debit card and tried to use it in another state, but that may be coincidence.  Does anyone have any knowledge as to HOW a hacker may get this information?  Is it through an exit server?  

Joe Btfsplk already discussed the ability of exit nodes to sniff 
unencrypted traffic.  I would also point that the attacker didn't 
necessarily use Tor to crack your email account(s).

Just as a data point  which may or may not be relevant for your case, 
last  year I advised *two* friends that I suspected their email accts 
had been compromised.  I was getting spam under their user names.  While 
I am aware that it is trivial to spoof "From" addresses, in both cases 
there were details about the emails that made me suspect they came from 
the actual accts rather than merely spoofed headers.  In both cases my 
friends checked and indeed their accts. had been compromised.  Neither 
person had any idea how their acct. got compromised and I am reasonably 
sure neither had ever used Tor.  Both swore they had not been phished. 
One had a Hotmail acct. and I think the other used mail.com.  My point 
is that attacks against email accts. w/o using Tor to do it is 
apparently commonplace, something that seems to be confirmed in that 
"Abuse at Scale PDF that a Google employee linked to from this list a 
while back.

Jim


More information about the tor-talk mailing list