Silk Road forums

Discussion => Security => Topic started by: murungu on November 28, 2011, 01:39 am

Title: Can Tormail be trusted?
Post by: murungu on November 28, 2011, 01:39 am
I have just created and account @tormail.net via thunderbird under cover of the tor network itself.

The tor network and tormail are unrelated, but use the same concept to move data.

Tormail have a very reassuring homepage, and there is no way any personal info is required when signing up.

But still, it's new-ish, it could be an elaborate sting... can any tormail users vouch for its authenticity?

You can mail me on my tormail addy jus to test it out... LOLZ.
Title: Re: Can Tormail be trusted?
Post by: Bupebuddy on November 28, 2011, 02:08 am
You never know what may be a honeypot now days.  I personally love tormail and use it and love that they do not require any personal info.  One thing I say is just to be safe use pgp when transmitting sensitive info.  You can never be too safe!  I don't mind chatting casually over tromail but anytime I give an address or anything I make sure to PGP it.
Title: Re: Can Tormail be trusted?
Post by: Tommyhawk on November 28, 2011, 02:15 am
What I don't understand if why you're going through the efforts of using tormail if you're having it linked to thunderbird on your computer... They get your computer they have access to your tormail, kinda defeats the purpose imo.
Title: Re: Can Tormail be trusted?
Post by: murungu on November 28, 2011, 02:45 am
What I don't understand if why you're going through the efforts of using tormail if you're having it linked to thunderbird on your computer... They get your computer they have access to your tormail, kinda defeats the purpose imo.

Actually, I replied to this in a 'smartass' way and then realised you had a point! So apologies, Tommyhawk, I removed the offending reply... You're right, it's just that they (tormail) provided instructions to link thunderbird, and I just did it (it's been a long few days setting up 'stealth everything' AND navigating the joys of shit-coin trading, My brain's become stuck in join-the-never-ending-dots mode!
I'll remove thunderbird and use tormail from the source, the irony is, thunderbird proxy has failed and has wasted my whole morning trying to fix it anyway...
Now back to my shit-coin purchase travails. Thanks for pointing out the rather obvious, Tommyhawk!
Title: Re: Can Tormail be trusted?
Post by: murungu on November 28, 2011, 03:00 am
You never know what may be a honeypot now days.  I personally love tormail and use it and love that they do not require any personal info.  One thing I say is just to be safe use pgp when transmitting sensitive info.  You can never be too safe!  I don't mind chatting casually over tromail but anytime I give an address or anything I make sure to PGP it.
Thanks for the pos info bupebuddy, Ah PGP! Just dealing with Symantec again (who bought PGP last year) gave me the cold sweats! I spent a day reluctantly trying to download their shit, and then gave up... luckily, I then found the Arcticsoft version of PGP, and I have installed, but not managed to test it -yet... here's hoping! I have 15 days to test it then they want $90, it had better be worth it! There is no up to date freeware PGP online, I spent a lot of time looking!
Title: Re: Can Tormail be trusted?
Post by: DrBenway on November 28, 2011, 03:13 am
Tormail + Thunderbird + Enigmail + GPG should be pretty safe, and you can always install a portable version of Thunderbird on an encrypted USB drive or whatever. The main risk I see is in scripts that may be contained in emails and could cause Thunderbird to leak information. If you set your security settings carefully though, you should probably be fine.
Title: Re: Can Tormail be trusted?
Post by: CrunchyFrog on November 28, 2011, 04:51 am
Just dealing with Symantec again (who bought PGP last year) gave me the cold sweats! ...I then found the Arcticsoft version of PGP, and I have installed, but not managed to test it -yet... here's hoping! I have 15 days to test it then they want $90, it had better be worth it! There is no up to date freeware PGP online, I spent a lot of time looking!
Have you looked at Gnu Privacy Guard (a.k.a. GnuPG, or GPG) [ gnupg.org ]?  It's free and open source, for *nix, Windows, and Mac.
Title: Re: Can Tormail be trusted?
Post by: murungu on November 28, 2011, 05:38 am
Just dealing with Symantec again (who bought PGP last year) gave me the cold sweats! ...I then found the Arcticsoft version of PGP, and I have installed, but not managed to test it -yet... here's hoping! I have 15 days to test it then they want $90, it had better be worth it! There is no up to date freeware PGP online, I spent a lot of time looking!
Have you looked at Gnu Privacy Guard (a.k.a. GnuPG, or GPG) [ gnupg.org ]?  It's free and open source, for *nix, Windows, and Mac.

I did, but was worried it would not 'talk' to PGP... So, do they inter-relate? I could not find a definitive 'yes' to that. Also I read it has some limitations and can be complex. I have enough complexity in my life, I'm here to escape that, not add to it! :D
Title: Re: Can Tormail be trusted?
Post by: g4bb3r on November 28, 2011, 05:58 am
ALWAYS use GPG. In this business, trust nobody.
Title: Re: Can Tormail be trusted?
Post by: murungu on November 28, 2011, 08:37 am
I have had a careful look at some encrypted posts on the 'post your public key here thread'. It seems GPG (GnuPG) is in fairly wide use on SR, so I will adopt that, and see if it does what it does with a minimum of fuss. That way I can save the money I was going to spend on PGP, for some good shit! of course, I may still resort to buying PGP for convenience... I'll post my outcomes here.

Thanks to all who offered their ideas and info so far!
Title: Re: Can Tormail be trusted?
Post by: DrBenway on November 28, 2011, 09:30 am
In the late 90s PGP created the OpenPGP standard, which basically makes software that implements it compatible with PGP. GPG is an open source OpenPGP implementation. So the short answer is, GPG is what you want.
Title: Re: Can Tormail be trusted?
Post by: supersecretsquirrel on December 05, 2011, 12:40 pm
I have just created and account @tormail.net via thunderbird under cover of the tor network itself.

Has anyone actually looked into how safe it is to use non-web email clients with Tor? I can imagine that Thunderbird leaks sensitive information (such as your original IP address) all over the place, but haven't spent much time auditing this myself.
Title: Re: Can Tormail be trusted?
Post by: cantankerous on December 06, 2011, 12:44 am
Is it odd that I can only send a message maybe one time in 20 using their RoundCube webmail interface? I've never been able to add an attachment (a small text file) and almost every time I try to send a message I see "sending message failed"?

I don't want to use Thunderbird because I don't want my tormail.net settings stored somewhere. I'd rather keep using the webmail on a browser that doesn't save any data.
Title: Re: Can Tormail be trusted?
Post by: CrunchyFrog on December 06, 2011, 02:28 am
Quote from: cantankerous
Is it odd that I can only send a message maybe one time in 20 using their RoundCube webmail interface?...I don't want to use Thunderbird because I don't want my tormail.net settings stored somewhere.
Have you tried the SquirrelMail web interface on TorMail?  It hasn't failed me yet -- not that I use it all that much -- plus it doesn't reqire javascript (which can be a security concern).
Title: Re: Can Tormail be trusted?
Post by: DrBenway on December 06, 2011, 03:19 am
I would definitely recommend SquirrelMail  for accessing Tormail on the web if you are concerned about your privacy. It does not use javascript, which will be blocked in a secure Tor browser anyway because of its potential to leak information.
Title: Re: Can Tormail be trusted?
Post by: TravellingWithoutMoving on December 06, 2011, 03:38 pm
I have had a careful look at some encrypted posts on the 'post your public key here thread'. It seems GPG (GnuPG) is in fairly wide use on SR, so I will adopt that, and see if it does what it does with a minimum of fuss. That way I can save the money I was going to spend on PGP, for some good shit! of course, I may still resort to buying PGP for convenience... I'll post my outcomes here.

Thanks to all who offered their ideas and info so far!

advantages -is gnupg means opensource but not everything is going to be supported versus say symantec's PGP / any commercial product.
lots of coding going on.
generally free

disad -may wait some time for a solution if a bug arrives, but if its serious be a quick fix.
you may have to do some things from the command line = welcome to the linux world.

Title: Re: Can Tormail be trusted?
Post by: murungu on December 07, 2011, 03:03 am
I have spent a lot of my spare time since I created this post looking at my comms options here on SR.
I found squirrelmail worked with attachments, roundcube failed.

I still have difficulty getting a smooth interface with free GPG4WIN with multiple cut n paste to the point where I'm losing track of the message process if someone interrupts me for a minute, not good! (This is because tormail has no way to openly interface with GPG4WIN so everything (messages and keys) have to be copied and pasted into Kleopatra for encyrption, then pasted into notepad and then into tormail, far out :(

I'm going to try arcticsoft PGP for a few days, if its easier, I'll pay $90 for it. Time is money!
However I have a hunch that tormail being a 'ghost' service will again be the issue.

Thinking about encryption, the only thing that I can see needs it are delivery addresses, surely ordering shit via tormail and SR should be security enough?

Let's face it, LE could harvest a LOT of info here just tracking these BB conversations, people slip up, boast, and also likely post drunk and or high here.

Not only that, but most if not all the discussions here focus on circumventing laws, offering or sourcing contraband which themselves (the discussions) are illegal in many jurisdictions!

So all the huffing and puffing about encrypting your actual drug bartering on an untraceable browser in a diffused 'cloud' site with an untraceable dealer is absurd IMO!

Same with tumbling bitcoin into multiple wallets. Bit coin is 'clean' its not illegal to trade it (yet) and your SR wallet is encrypted till the end of time.

I think if it makes ppl feel better, OK, but the overkill -given the systems already in place- is it really necessary?
All the software I'm evaluating on my system (to secretly order a pill or powder) is suspect in itself, it surely defeats the purpose of SR!  Anyone care to rebut this thinking?   (Be kind if you do!)

Title: Re: Can Tormail be trusted?
Post by: murungu on December 07, 2011, 03:23 am
Seems to me the ultimate security measure would be to regularly sweep your system for trojan keyloggers. If someone has got into your system, all the wallets, tumblers, tors, and PGP toys in the world ain't worth shit.

A final thought, I operate Mac and PC, any mac users care to comment on their encryption tools? (Yes I will also go do a search for that, but just askin') :)
Title: Re: Can Tormail be trusted?
Post by: CrunchyFrog on December 08, 2011, 04:47 am
Quote from: murungu
...Thinking about encryption, the only thing that I can see needs it are delivery addresses, surely ordering shit via tormail and SR should be security enough?

Let's face it, LE could harvest a LOT of info here just tracking these BB conversations, people slip up, boast, and also likely post drunk and or high here.

Not only that, but most if not all the discussions here focus on circumventing laws, offering or sourcing contraband which themselves (the discussions) are illegal in many jurisdictions!

So all the huffing and puffing about encrypting your actual drug bartering on an untraceable browser in a diffused 'cloud' site with an untraceable dealer is absurd IMO!

Same with tumbling bitcoin into multiple wallets. Bit coin is 'clean' its not illegal to trade it (yet) and your SR wallet is encrypted till the end of time.

I think if it makes ppl feel better, OK, but the overkill -given the systems already in place- is it really necessary?

All the software I'm evaluating on my system (to secretly order a pill or powder) is suspect in itself, it surely defeats the purpose of SR!  Anyone care to rebut this thinking?...
Nope.  We all get to choose our own path(s).

Plus, you'd have to pay for another five minutes [ youtube.com/watch?v=wdoGVgj1MtY ].  ;)
Title: Re: Can Tormail be trusted?
Post by: murungu on December 08, 2011, 11:56 am

Plus, you'd have to pay for another five minutes [ youtube.com/watch?v=wdoGVgj1MtY ].  ;)

OK I'll settle for contradiction then.... since I didn't expect the Spanish Inquisition; just don't get me started on the life expectancy of parrots!  ;D
Title: Re: Can Tormail be trusted?
Post by: JackS on December 08, 2011, 11:39 pm
I have been using TORmail for 3 months now, I always log in via squirrel mail and use PGP in my emails. I have not a single problem other than it being and taking long to send an email.
Title: Re: Can Tormail be trusted?
Post by: murungu on December 09, 2011, 01:02 am
I have been using TORmail for 3 months now, I always log in via squirrel mail and use PGP in my emails. I have not a single problem other than it being and taking long to send an email.
Hello JackS,
I'm now convinced tormail using the squirrel interface is a top notch secure mailing service, but could you please elaborate on the PGP program you use?

That's where I'm having problems, I'm forced to cut n paste EVERYTHING via windoze notebook to send even a simple public key generated by kleopatra in GPG4WIN because it does not interface with the off-system tormail, I'm reluctant to use a Tormail Thunderbird interface because that resides in a hard drive and could incriminate me, and all the cutting and pasting is what turns me off the software. What are you using? Thanks.
Title: Re: Can Tormail be trusted?
Post by: phubaiblues on December 09, 2011, 04:17 am
Yeah, tormail--to me--is a bit of a pain, slow, all that...but some msgs I want to encrypt and are important enough to put up with it...but I use squirrelmail, works o.k....
Title: Re: Can Tormail be trusted?
Post by: TravellingWithoutMoving on December 09, 2011, 08:22 pm
Domain Name: TORMAIL.NET
Registrar: MONIKER

Registrant [3576098]:
        Akim Japera whois@tormail.net
        TorMail Webmail Service
        P.O. Box 5870
        Hargeisa
        Somaliland
        Phone: +252.20025181

 ;D ;D ;D ;D ;D ;D

Domain:    tormail.net
IP Address:    94.249.139.7
IP Host:    box10.host1free.com
Country:   Germany   (DE)
ISP:   GHOSTnet GmbH
Organization:   GHOSTnet GmbH

7    ghostnet.newcolo.kleyrex.net    193.189.82.100    Germany    150.052
8    box10.host1free.com    94.249.139.7    Germany    150.762

GHOSTnet GmbH
Kaiser-Friedrich-Promenade 65
D-61348 Bad Homburg v.d.H.

Tel: +49 6172 1850-25
Fax: +49 6172 1850-29

eMail: info@ghostnet.de
Internet: http://www.ghostnet.de
Gesellschaft: HRB 8637, Amtsgericht Bad Homburg v.d.H.
Ust-IdNr. DE 206 435 465
Geschaeftsfuehrer: Sebastian Grafmueller
Title: Re: Can Tormail be trusted? -additional sites @ghostnet Gmbh
Post by: TravellingWithoutMoving on December 09, 2011, 09:06 pm
Sites with longest running systems at GHOSTnet GmbH
GHOSTnet GmbH Network used in FRA07
Rank    Site    Average    Max    Latest    OS    Server
1    www.leechhat.com    -    9    3    Linux    Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch
2    www.multitrick.com    -    37    38    Linux    Apache/2.2.3 (CentOS)
3    usfxtrading.com    -    24    13    Linux    Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
4    like3x.net    -    41    38    Linux    Apache/2.2.3 (CentOS)

Domains hosted by : GHOSTnet GmbH
Total: 3
domain
das-solarboot.de
amb-allemagne.fr
make365.info


List of Top Sites Hosted by ISP: GHOSTnet GmbH
No.    Domain Name    Traffic Rank    IP Address    Web Title
1.   autolink.cz.cc   #669   94.249.143.6   Autolink
2.   jphost.cz.cc   #669   94.249.143.6   Jphost
3.   planet-hosting.cw.cm   #30,540   94.249.143.27   Planet-hosting
4.   konversionskraft.de   #45,605   217.69.162.183   Konversionskraft
5.   host1free.com   #59,172   217.69.173.120   Host1free
6.   host1plus.com   #67,006   217.69.173.120   Host1plus
7.   desktops.org.ua   #171,470   94.249.145.154   Desktops
8.   big.org.ua   #173,372   94.249.145.154   Big
9.   abacf.eu   #202,370   217.69.173.118   Abacf
10.   cnscn.org   #213,191   94.249.143.2   Cnscn
11.   alpha-bionic.de   #242,191   94.249.156.76   Alpha-bionic
12.   qqwork8.com   #267,659   94.249.143.5   Qqwork8
13.   web-arts.com   #325,958   217.69.173.130   Web-arts
14.   zzxqw.com   #340,275   94.249.143.2   Zzxqw
15.   alchimagica.eu   #347,147   217.69.173.118   Alchimagica
16.   kmb-service.de   #366,484   94.249.135.18   Kmb-service
17.   conversion-camp.com   #366,708   217.69.173.130   Conversion-camp
18.   bigteo.net   #394,666   94.249.143.2   Bigteo
19.   homeads.de   #412,495   94.249.155.3   Homeads
20.   x2-hosting.de   #422,163   94.249.144.236   X2-hosting
21.   anuradhapurazone.info   #430,331   94.249.143.5   Anuradhapurazone
22.   voovq.com   #432,336   94.249.143.2   Voovq
23.   reputationobserver.com   #442,067   94.249.142.40   Reputationobserver
24.   files4gsm.de   #464,994   94.249.145.234   Files4gsm
25.   imagexhost.org   #470,471   217.69.173.118   Imagexhost
26.   rupai.net   #477,723   94.249.143.2   Rupai
27.   abacf.net   #484,010   217.69.173.118   Abacf
28.   dzidze.com   #530,074   217.69.173.118   Dzidze
29.   ma9a.com   #542,052   217.69.173.118   Ma9a
30.   zuhaltopal.org   #545,345   217.69.173.118   Zuhaltopal
31.   blogger-aktionen.de   #551,281   94.249.155.51   Blogger-aktionen
32.   kuheo.com   #560,107   94.249.143.2   Kuheo
33.   ms333.cn   #585,201   94.249.143.5   Ms333
34.   hkaixin.com   #593,155   94.249.143.2   Hkaixin
35.   kmb-anzeigenservice.de   #594,242   217.69.160.174   Kmb-anzeigenservice
36.   ghostsuche.de   #596,246   217.69.160.174   Ghostsuche
37.   manytablets.com   #606,435   217.69.173.118   Manytablets
38.   whostas.com   #617,358   94.249.143.2   Whostas
39.   sweet-belly.de   #636,267   217.69.162.142   Sweet-belly
40.   5d6d.org.ru   #682,812   94.249.143.2   5d6d
41.   rapidgo.ir   #683,314   217.69.173.118   Rapidgo
42.   devno.com   #696,123   94.249.155.4   Devno
43.   ms9108.cn   #708,704   94.249.143.5   Ms9108
44.   panoramikistanbul.com   #734,404   217.69.173.118   Panoramikistanbul
45.   bethelptips.com   #738,551   94.249.143.6   Bethelptips
46.   tera-gaming.de   #746,253   94.249.144.189   Tera-gaming
47.   shanshanmao.com   #761,517   94.249.143.2   Shanshanmao
48.   abc4m.tk   #791,248   94.249.139.4   Abc4m
49.   bad-nauheim.de   #797,626   217.69.161.85   Bad-nauheim
50.   uufree.cn   #819,276   94.249.143.2   Uufree

KleyReX Internet Exchange is operated by

GHOSTnet GmbH
Kaiser-Friedrich-Promenade 65
D-61348 Bad Homburg v.d.H.
Fon: +49 (0)6172 / 18 50 25
Fax: +49 (0)6172 / 18 50 29
eMail: info@ghostnet.de Web: www.ghostnet.de

HRB 8637, Amtsgericht Bad Homburg
USt-ID-Nr. DE 206 435 465
CEO: Sebastian Grafmüller

eMail: info@kleyrex.net      Web: www.kleyrex.net