Delivery-Date: Sat, 14 Jun 2014 12:41:22 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id 5FE011E0A2C
	for <archiver@seul.org>; Sat, 14 Jun 2014 12:41:20 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D8EFF2FCF6;
	Sat, 14 Jun 2014 16:41:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B097E2FD54
 for <tor-talk@lists.torproject.org>; Sat, 14 Jun 2014 16:28:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1G9cRWQBNw2n for <tor-talk@lists.torproject.org>;
 Sat, 14 Jun 2014 16:28:18 +0000 (UTC)
Received: from mout.gmx.com (mout.gmx.com [74.208.4.200])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 97BDB2FD53
 for <tor-talk@lists.torproject.org>; Sat, 14 Jun 2014 16:28:18 +0000 (UTC)
Received: from [127.0.0.1] ([99.190.181.188]) by mail.gmx.com (mrgmxus002)
 with ESMTPSA (Nemesis) id 0LiT2w-1WJUFn2CMO-00cfTO for
 <tor-talk@lists.torproject.org>; Sat, 14 Jun 2014 18:28:15 +0200
Message-ID: <539C781E.3010906@gmx.com>
Date: Sat, 14 Jun 2014 11:28:14 -0500
From: Joe Btfsplk <joebtfsplk@gmx.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAD7XWq9WkaYHP48iRD583FnH_XBZU_YJ-MvDjwF8AvejK6tOnA@mail.gmail.com>
 <CAD2Ti29MifFq0M6w8_ujTdUVAwoZauzviPCyCQDuex6FVdL8oA@mail.gmail.com>
 <539C1E23.3070806@googlemail.com>
 <CAD7XWq_7t-N8-cgbKBfN8WwWT0H7S3UE5pehHhyOUKQLwboz_Q@mail.gmail.com>
 <CAD7XWq-QUupZJ1H9uoKLwxgyB5W8jvU16DkYidPFFMRA5GM9qA@mail.gmail.com>
In-Reply-To: <CAD7XWq-QUupZJ1H9uoKLwxgyB5W8jvU16DkYidPFFMRA5GM9qA@mail.gmail.com>
X-Provags-ID: V03:K0:sLaWpLPjkaKNtNKENp5B3vkuuH9R/AVUmP3gIz8vG2O7qcAOci6
 tAGgujHE8GuVMmeJeufDcbo6iHJs4eM8Acp8v9rfkek9e4NS8icAUs5yWOxLUL7LV+SEtSW
 lCan0PQe4DcUusZK8/uPJp2ggw7Yvc9wJ0pYMZM+R8BaCostq4g7osI9Eknsbm6KBQHbfA5
 Rs5FWpo39MxbpvmdsCXaQ==
Subject: Re: [tor-talk] Sending email from Tor browser
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 6/14/2014 6:33 AM, Chen Cecilia Zhang wrote:
> and the strange thing is : I tried to test the email sending from Tor and
> without Tor browser, and the IP address shows in the "original email" from
> gmail are the same....
>
> Will anyone help explain how come? thansks
>
>
> On Sat, Jun 14, 2014 at 4:22 AM, Chen Cecilia Zhang <
> chenceciliazhang@gmail.com> wrote:
>
>> No software to compose email, as you mentioned, just normal email account
>> such as yahoo.
>>
>> The reason i wonder is even the email was composed within tor browser, but
>> the email was actually sent 1 month later, will that show the actual IP
>> address?
>>
>>
>> On Sat, Jun 14, 2014 at 3:04 AM, Sebastian G. <bastik.tor> <
>> bastik.tor@googlemail.com> wrote:
>>
1st, it would be much better to use a more "private" & security 
conscious provider than the likes of Gmail or Yahoo.
Like Unseen.is or some others.  I wouldn't depend on claims by any, that 
they "can secure email from all security / law enforcement agencies."

Was the IPa shown in the email header the same as your Tor exit IPa, or 
your ISP's assigned address?
If using TBB & no addons or plugins that could possibly reveal your IPa, 
it shouldn't be possible for even Gmail to see your real IPa.
If you did use TBB (correcly) & your *real* IPa showed up in the email 
header, something's wrong.

Some email providers don't even include your IPa in the header - like 
Unseen.is, VFEmail & several others.
Unseen.is or any others aren't necessarily the magical answer to all 
email security & privacy issues.  For instance, at one time, Unseen 
claimed "end to end" strong encryption *between* Unseen users - if using 
their webmail.  You can read their disclosure on the latest "modified" 
PGP encryption they provide.

I pointed out to them that the encryption, while *on their servers* may 
be very good, there was still a hole in that strong encryption, in 
between their server & users' computers.  That part of the communication 
was "only" SSL / TLS encryption - which some Snowden documents indicated 
the NSA *had broken* (I believe - my head is killing me today).  That 
one gap essentially made their encryption process no better than many 
other providers, (a chain is only as strong as its weakest link).    
Except mail on their servers was stored encrypted, which kept them from 
reading it.

Since then, they developed their own desktop client, allowing users to 
encrypt msgs locally before sending.  I haven't used it yet, so can't 
comment on that client, or whether retrieving messages with the client 
maintains "strong" encryption between their server & users' computers 
(stronger than SSL / TLS).  I assume that now w/ the local client & 
users encrypting messages before sending, that the private keys are 
generated & stored on users' computer rather than on their server.

For free accounts - using webmail, the private keys were stored on their 
server (may still be, if using webmail).  Now there's an alternative to 
webmail.  But that also requires trusting their client & the encryption 
software / algorithm.

Here is a comparison of some of the more "privacy conscious" providers:
http://thesimplecomputer.info/free-webmail-for-better-privacy

When considering Simple Computer's information (or any other), *check 
with the providers* for final details.  Providers' policies & technology 
used can change at any time.

For instance, Simple Computer's comment:  "Unseen does not plan to 
support Internet Explorer for chat & video, and the current Tor Browser 
Bundle (3.6.1) is built on Firefox 24 ESR which lacks features in its 
JavaScript engine to work properly with Unseen," is *not true* anymore 
(AFAIK).  I use TBB w/ Unseen's webmail.  Months ago, there were some 
temporary problems in using their site with TBB, but after I reported 
them, Unseen made changes on their side that seem to have fixed it.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

