Emails alternatives to Tormail

Flattr this!

 

 

With Tormail gone there are still a few alternatives if you want to use an email service that will not reveal your location

Use an anonymizing service that provides email if possible, if not you should choose a traditional SMTP mail service that does not log IP addresses and whose mail servers are outside of your country. If you are using a mail service with servers located in the USA never leave messages on the server because there is a high risk that the server could be compromised or seized.

Even outside of the USA it is good practice to always download all your mail messages to your computer using a local mail client. Protecting your mail client by encrypting your computer is also recommended.

If you are using a mail service that allows access by Tor consider using the FoxyProxy addon for Thunderbird to route your email through the Tor network; if Tor is not an option you can use a good VPN like Private Internet Access instead.

Anonymizing Services with Integrated Email

Bitmessage – highly secure messaging service that can function like email by using the Bitmessage E-Mail Gateway

i2p – the second largest anonymizing network after Tor. Free to use and provides anonymous email either through an SMTP server or an internal, distributed email system called i2p-Bote. The i2p SMTP server can be reached through a webmail interface called ‘Susimail’ or an email client like Claws Mail.

All messages on i2p-Bote are encrypted end to end removing the need to use PGP or other privacy software, and since the user can configure variable hop relays i2p-Bote is arguably the most anonymous email service available, however, email can only be sent within the i2p network between users of i2p-Bote.

Freenet – anonymous network with decentralized data storage and anonymous Freemail email plugin. While Freenet provides an http interface for browsing freesites, unlike JonDo and i2p a proxy to browse the web is not available. Like i2p-Bote, Freemail only works within the Freenet network.

Mail Servers Outside of USATor Hidden Service

Lelantos Mail – a well regarded mail service on Tor hidden services with servers outside of the USA. A lifetime subscription is less than $35 in bitcoin. Use PGP for sensitive email. Similar to Tormail, you can be reached from the web at your <username@lelantos.org> email address. Find Lelantos mail on Tor at lelantoss7bcnwbv.onion.

SIGAINT – free mail service on Tor. Javascript not required and webmail only. URL is http://sigaintevyh2rzvw.onion

Mail Servers Located in USA

Riseup.net – a collective based in the US that provides online communication tools for people and groups working on liberatory social change. Requires application and approval or invitation codes. Free email service does not log IP’s or embed IP addresses in mail headers. Also provides a free VPN for members.

Riseup can also be reached over Tor, see the chart:

VFEMail – free and paid email provider with the option to use a Netherlands server. Gold ($30/year) and Platinum ($50/year) plans automatically obfuscate metadata, a valuable option. VFEmail can also be reached via TOR at 344c6kbnjnljjzlz.onion.

Mail Servers Located in Europe

ProtonMail – free, end-to-end encrypted email service based in Switzerland.

Autistici/Inventati – A/I is an Italian collective similar to riseup.net that is dedicated to providing a full range of free, privacy aware internet services including webhosting and email. No logging of IP addresses. Requires application and approval. Recommended.

OpenMailBox.org – free email service based in France accessible by webmail, IMAP or POP3. Strips IP from mail headers and does not log. The volume on the server that stores messages is encrypted with LUKS. Now includes 1 GB cloud storage with a free email account.

Bitmessage E-Mail Gateway – Bitmessage E-Mail Gateway is a free service located in Switzerland that allows users to send and receive email to/from bitmessage addresses and also from/to any other email address. You do not need an email address to register and can access your mail through a webmail interface, Thunderbird or Outlook. It also provides an innovative ‘localhost access’ feature that allows you to hide your IP from the server and sent emails. Using the localhost access option you can connnect anonymously to the server without using Tor or a VPN, giving you anonymous email cheap and easy right from your browser. Can be accessed over Tor at bitmailendavkbec.onion.

Vmail.me – Vmail.me is a free service located in France offering webmail with IMAP and POP3 access. IPs are stripped from mail headers but the service does keep IP logs.

RuggedInbox – 100% open source, 100% free and ad-based, Tor friendly, with and without javascript webmail available. VPS is located at an offshore location data center: VPSBG.eu, based in Bulgaria.
Have a look at the features page for more options. Service in beta.

Clearnet url: https://ruggedinbox.com/features.php
Darknet url: http://s4bysmmsnraf7eut.onion/features.php

Mail Servers Located in Middle East

Privat DE Mail – free EU based email service that does not log IP addresses with mail servers in Egypt. Email to Israel is blocked, which also blocks mail to and from Safe-Mail.net. Open registration. Uses a self-signed SSL certificate which can cause browser errors; install the ‘Skip Cert Error’ add-on to correct in Firefox or register with Internet Explorer instead.

If using Firefox once the ‘Skip Cert Error’ add-on is installed go to Add-ons Manager in Firefox > Extensions > Skip Cert Error 0.3.4 then click on ‘Options’ and add mail.privatdemail.net to the domain whitelist and you should be able to register.

Privat De Mail can also be accessed over Tor at ybfg5ma65ug63ipj.onion using the webmail interface or an email cliet like Claws Mail or Thunderbird.

Other Tor Hidden Service

Mail2Tor is a Tor Hidden Service that allows anyone to send and receive emails anonymously.
It is produced independently from The Tor Project.

For more information, or to signup for your free @mail2tor.com account (webmail, smtp, pop3 and imap access)
Please visit our tor hidden service at http://mail2tor2zyjdctd.onion
You will need to have Tor software installed on your computer to securely access Mail2Tor hidden services.

The Mail2Tor hidden service and SMTP/IMAP/POP3 are on a hidden server completely seperate from the relays.
The relays do not know (and do not need to know) the IP of the hidden service.
Because the communications between the relays and the “dark server” occur through the tor network, without using traditional internet protocols (ip).
This hidden server is not one of the Tor network nodes/public servers, whose IPs are known.
It is a private server that does not route traffic for tor users, but it is devoted exclusively to exchange data with Mail2Tor relays.
The entire contents of the relays are immediately deleted and it is not possible to “sniff” data because transmitted in encrypted way.

Sinbox – http://sinbox4irsyaauzo.onion

Sinbox is a secure online inbox for users of the Tor Network. It requires NO JavaScript or cookies and all messages sent through the system are encrypted using multi-layered encryption techniques.

Paid Email Providers

While our list recommends free or low cost email services, Proxomitron Forums also maintains a good list of paid Privacy Conscious Email Services

Promising Start Ups

Other privacy aware email startups in order they will probably be available:

Startmail – https://beta.startmail.com/

Mailpile – http://www.mailpile.is/

LEAP Encryption Access Project – https://leap.se/en/services/email

TAILS

TAILS is a live operating system that you can start on almost any computer from a USB drive and routes all your traffic through the Tor network. Because of the way TAILS is designed it leaves no traces of your internet activity on the host computer. Free i2p mail is integrated into TAILS as is the Claws Mail client. TAILS makes it easy to use free i2p mail. You can also setup Claws Mail to access your Lelantos Mail, Privat DE Mail or any other mail account accepting connection by Tor like Riseup.net or bitmessage.ch.

Always use PGP encryption for privacy

Using an email service that will not reveal your location in the mail headers provides anonymity but not privacy! For sensitive email, you should always encrypt your email with PGP unless you are using i2p-Bote or Bitmessage, both of which transparently encrypt your email for you. Consider all those Tormail users whose plain text emails were seized by the FBI when the server in Ireland used by Freedom Hosting was taken over

from here

E-Mail Tracking

Flattr this!

 

The usage of HTML emails offers many tracking features for the sender. By using such tracking features like webbugs the sender may get information about the time you opened the mail, your IP address, used software and a list of forwarded recipients.

The tracking features are not blocked at all by webinterfaces. Even if you see a message about blocked tracking elements the protections is not safe but only partially. You may use the E-Mail Privacy Test for testing the webinterface of your preferred email provider. Open the test page and send a mail to your mail account. Read the received message in a new browser tab (in most cases you will find it in the spam folder) and go back to the E-Mail Privacy Test page. You will see a list of not blocked tracking features (red marked):

E-Mail Tracking Elemente

 

The result depends on the configuration of your browser too, but JonDoFox can’t protect you against all possible email tracking features. We highly reommend the usage of Thunderbird + TorBirdy for email communication to stay privat.

from here

Mixmaster Remailer

Flattr this!

 

If you want to write an anonymous e-mail without valid reply address (may be for whistleblowing porposes), you do not need an e-mail account. You can use the remailer network Mixmaster. A mixmaster mail goes around the world over some random remailers to hide your traces an will achieve by the recipient within a fem hours.

  1. Mixmaster uses a Tor Hidden Service vor email delivery to the mixmaster network. You have to start Tor with “Vidalia (TorGUI)” first.The statistics about running remailers are updated at startup automatically.
  2. You will see an simple command interface. Press the key [m] to write an new mail.
     

    Mixmaster Start
  3.  

  4. At the next step you have to enter the recipient address and a subject of the message.
     

    Mixmaster 2
  5.  

  6. Now you can edit the message text, press the key [e].
     

    Mixmaster 3
  7.  

  8. It will open the editor. Important note: insert a blank line after the header lines with To: and Subject:. If the text was ready save the message and close the editor.
     

    Mixmaster 4
  9.  

  10. If the editor was closed you are back in the mixmaster interface. You may attach a file to the message, encrypt the message using OpenPGP and afterwards send the mail to the local mixmaster pool by pressing the key [m].
     

    Mixmaster 5
  11.  

  12. At least you have to send the messages from the local mixmaster pool to the remailers. Press the key [s] and quit mixmaster with [q].
     

    Mixmaster 6

 
from here

With Tor Mail gone, how will the Dark Web communicate?

Flattr this!

 

In the recent fall of Freedom Hosting, a hosting service used by much of the Dark Web, the list of casualties is long. One death in particular has already cast the widest shadow of all: Tor Mail is gone.

Long considered the most trustworthy and popular email service on the Dark Web, users have rapidly fled since Freedom Hosting, which maintained Tor Mail’s previously hidden servers, was compromised and destroyed, and its alleged owner, Eric Marques, was arrested in Ireland.  Now, many wonder if Tor Mail’s servers are sitting in a National Security Agency (NSA) office, their contents being read and documented at this very moment.

Dissidents, whistleblowers and journalists have long used Tor Mail. Edward Snowden and Julian Assange are major Tor cheerleaders. But alongside them are some of the most prominent pedophiles and most profitable drug dealers on Web. Nothing about Tor Mail’s demise is certain at this point. We don’t know if its servers have fallen into the hands of criminals or the U.S. government.

Here’s the catch: In theory, it shouldn’t even matter if an NSA agent is browsing through each email at this very moment. Smarter, more careful users of Tor Mail have never sent a clear text email. Software such as PGP (Pretty Good Privacy) takes 15 minutes to master and provides virtually unbreakable encryption, placing emails out of even the NSA’s reach. It’s a breeze. Any cybercriminal worth his weight in stinky California marijuana would take the time to use it, right?

Wrong.

“I post my PGP key everywhere and beg my customers to use it but the majority don’t….. including for some pretty big orders!,” wrote popular ecstasy vendor DrMDA.

“Something like 80 percent of SR users don’t use PGP,” wrote astor, a longtime Silk Roader.

Some vendors, such as prescription drug salesman RxKing, explicitly refuse to deal in PGP, saying it gives a false sense of security.

Sometimes it’s not laziness or complacency, it’s simply a giant mistake.

If you have ever purchased GHB (known as liquid ecstasy or, more commonly, the date rape drug) from the popular Silk Road vendor BlueGiraffe, you may have a bit of worrying to do

BlueGiraffe’s newly hired assistant—yes, top vendors have assistants and entire teams behind their operation—mistakenly emailed the address of every single customer he’s had in over a year of business in clear text. It’s not encrypted, it’s imminently readable, and it’s potentially in the hands of law enforcement right now. Keeping such records is against the rules on Silk Road.

“Though I will never meet any of you in person, you are like a great family that I love and care for very much,” wrote an extremely apologetic BlueGiraffe. “And I have done the worst thing and compromised your safety. I am so sorry.”

Now, despite easy-to-use technology that would have rendered them virtually immune to oversight, thousands of Tor Mail users are perspiring, wondering when the knock on their door will come.

The big question across the Dark Web is what will succeed Tor Mail. Here are the early contenders:

  • BitMessage is a decentralized, encrypted and peer-to-peer messenger. This program has seen a surge in popularity since the Snowden leaks.
  • TorChat is an easy-to-use anonymous messenger designed to fit nicely into the Tor environment. It has been widely used across the Dark Net spectrum since before Tor Mail’s fall.
  • PrivNote is a Clear Net messenger service that deletes notes once they’re read. Silk Road vendor RxKing prefers this service, but others refuse to use it, citing multiple security concerns.
  • SMS4TOR is a Tor-friendly version of PrivNote that has gained considerable traction thanks to its base a Tor hidden service.
  • I2P-Bote uses the I2P anonymizing software to provide a decentralized, encrypted, verified email service. The service is only in alpha and, due to its reliance on I2P, will probably not be widely adopted.
  • Privatdemail is an email service with a focus on privacy (as opposed to anonymity). Here’s a fun fact: You apparently can’t email Israel because the servers are located in an Arab country that forbids it. That policy will not inspire confidence, but even so, Privatdemail is already in use.
  • RiseUp is an email service built for “liberatory social change.” Users must apply and be approved for accounts, proving that they are activists fighting for positive change, which is whatever RiseUp’s founders deem it to be. In exchange, RiseUp keeps minimal logs, encrypts your data and defends your communications unlike many corporate email services.
  • Nym is a remailer that allows you to send encrypted emails without them being traced back to you, the sender.
  • Mixmail is a remailer similar to Nym but is much easier to use. It strips out identifying factors like an IP address, making a quick, anonymous email an easy proposition.
  • Jabber is a popular open-source, decentralized messaging system. It’s widely used by journalists already, particularly in the Middle East.
  • Tox.im is a currently-in-development tool that promises to allow encrypted and decentralized video and text chat reminiscent of Skype—only without Microsoft allowing the American government to listen in as they do.

Even when Tor Mail was the de facto king of Dark Web communication, it was not ubiquitous. Now that trust is in short supply, other services have seen an influx of users in the past week.

Many people have wondered if and when another simple and trustworthy Tor email service will pop up. It’s a major market opportunity that comes with serious risk. Hushmail, a Canadian service that was once upon a time the encrypted email darling of the Dark Web, came under immense pressure from the American government and eventually turned over clear text emails to law enforcement in 2007.

What comes next is anyone’s guess. The only sure thing is that any smart user wishing to maintain privacy ought never to fully trust any service and should always encrypt their communications. Anything less is asking for trouble.

from here

Privacy-Conscious Email Services

Flattr this!

 

On this page, you will find a listing of various email service providers.

Visit here to specific informations around their security and privacy (website refreshed every 30 minutes).

Anonymous Speech
Autistici/Inventati
Bitmessage E-Mail Gateway
Co-Mail
Cotse.net
Countermail
Fastmail.fm
Inbox.lv
MyKolab
Neomailbox
Openmailbox
Posteo
Privat DE Mail
RiseUP
Runbox
SAFe-mail
Swissmail
TorGuard E-mail
Unspyable
Vmail.me

from here

Recommended Mail Provider

Flattr this!

 

The following email providers are privacy-friendly and offer secure SSL encryption for POP3 and SMTP. The HTTPS encryption for some webinterfaces is not genuinely secure and email tracking features are not blocked at all if you were using webinterfaces. We recommed the usage of email clients like Mozilla Thunderbird for email communication to avoid this flaws. (The random order in the list isn’t an assessment.)

Provider Comment
neomailbox.com offers secure, anonymous e-mail accounts hosted in Swiss, sender IP hiding, for $3.33 per month, anonymous payment with Pecunix, secure HTTPS encryption for webinterface)
Posteo and aikQ German mail providers, servers located in Germany, accounts from 1 € per month, anonymous accounts possible, anonymous payment by letter, secure HTTPS encryption
Mailbox.org German mail provider, servers located in Germany, anonymous accounts from 1 € per month with calendar, addressbook, filesharing, OpenPGP encrypted mailbox and mail delivery only with SSL/TLS possible, sender IP hiding, anonymous payment by letter and Bitcoin, secure HTTPS encryption
JPBerlin German mail provider, political committed, servers located in Germany, accounts from 1 € per month, user address is used only for the bill and fakes are accepted as well, anonymous payment is possible by letter and Bitcoin, secure HTTPS encryption
runbox.com Runbox Solutions AS is a Norwegian limited company, server located in Norway, accounts for $1,66 per month, anonymous payments by postal letter possible, secure HTTPS encryption
VFEmail anonymous mail provider, free and premium, sender IP hiding for premium user, use a temporary e-mail address for registration and choose hosting in Netherlands, disposable addresses, secure HTTPS encryption
ETHICmail offshore corporation (Seycellen), operators are located in Gibraltar, servers located in Japan, Swiss, two accounts from $11.90 per month, emergency wipe of mailbox by SMS possible, secure HTTPS encryption
CryptoHeaven anonymous accounts from $60 per year, offshore corporation, servers located in Canada, flaws in HTTPS encryption
Private DE Mail supported with donations (not free as FreeBeer), free anonymous email accounts with POP3/IMAP/SMTP, operator unknown(!) and NOT listed on website, Tor hidden services for all protocols
XMAIL.net operated by Aaex Corp registrated at British Virgin Islands, server located in Canada, free version with POP3 but without SMTP, premium accounts from $10 per year, flaws in HTTPS encryption
MyKolab.com Swiss hosted groupware with addressbook, calendar and email, email accounts for 4.41 CHF per month with SMTP/IMAP/POP3, groupware accounts for 10 CHF per month, no third party ads used for webinterface, secure HTTPS encryption
Associazione-Investici, Nadir.org, AktiviX.org services for political activists, offers blogs and mailing lists too, you have to give a prove for your political activities but it is not required to give a real name

Due to the US PATRIOT Act (especially p. 215ff) and the fourth amendment to the FISA Amendments Act it is possible for US authorities to eavesdrop on the communication of non US citizens without warrant. According to the US authorities it is enough that the servers are located in the US. In the EC study Fighting cyber crime and protecting privacy in the cloud the authors are warning about political surveillance. That’s why we can recommend the following email providers only partially.

  • SecureNym (offers anonymous e-mail accounts, offshore corporation, servers located in US)
  • Fastmail.fm (free version without SMTP support, premium version full featured, server located in US)
  • Riseup.net (service for political activists, offers blogs and mailing lists too, servers located in US)

Security Notes: Information about long term communication partners can be used to feature out your real identity! If you need a highly anonymous e-mail account to do something – may be for whistleblowing – create a new mail account and use it only for this one job. Delete the account, if the job was done and never use it for other communication partners.

GMail and anonymisation services

User of GMail accounts may have problems using TorBirdy and anonymisation services like JonDonym. The Google account security team wrote an answer because of questions by the Tor community:

Hello,

I work for Google as TL of the account security system that is blocking your access.

Access to Google accounts via Tor (or any anonymizing proxy service) is not allowed unless you have established a track record of using those services beforehand. You have several ways to do that:

  1. With Tor active, log in via the web and answer a security quiz, if any is presented. You may need to receive a code on your phone. If you don’t have a phone number on the account the access may be denied.
  2. Log in via the web without Tor, then activate Tor and log in again WITHOUT clearing cookies. The GAPS cookie on your browser is a large random number that acts as a second factor and will whitelist your access.

Once we see that your account has a track record of being successfully accessed via Tor the security checks are relaxed and you should be able to use TorBirdy.

Hope that helps,

Google account security team

from here

We see the writing on the wall

Flattr this!

 

Last week the email provider Lavabit.com was closed. It was one of few secure email provider. It was used by Edward Snowden along with other privacy sensitive users. Ladar Levison (founder of Lavabit.com) did not say what it had been asked to do, only that it was legally prohibited from sharing the events leading to its decision. He don’t want to “become complicit in crimes against the American people.”. In an interview he said:

If you knew what I know about email, you might not use it either.

A second secure email service was closed last week too. Lavabit’s note has led to Silent Circle dropping its email service, saying “We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail now.”. In the opinion of Phil Zimmermann and other privacy activist working for Silent Circle there is no way to get email secure:

Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure.

Because of publications by NSA whistleblowers like Snowden, Binney, Bamford or Drake we get knowledge about vast surveillance programs. Email is one of the first targets for communication surveillance. It seems, there is no email privacy any more. You may re-think you communication behavior and don’t use email anymore as far as possible in future. Think about Jabber (XMPP), private messages in forums, TorChat… More ideas are welcome.

from here