/tech/ - Technology

Where proprietary software comes to die

Posting mode: Reply

Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images


Email Anonymous 07/19/2016 (Tue) 03:36:37 [Preview] No. 5867
Is there a free email service that is better for privacy?

Like one headquartered in Iceland or something. I'm currently looking at openmailbox but registration was closed last time I checked.


Anonymous 07/19/2016 (Tue) 05:47:32 [Preview] No. 5868 del
>>5867

The only way to ensure that your email is private is to use PGP.

Also, I don't know why people hold up Iceland as someplace where their data will be safe. Iceland is a tiny island nation of ~350,000 people, and they don't even have a military. They depend entirely on the U.S. for defence. They're NATO's bitch. I suppose if the Philippines wants some data from them they might say "lol" (or whatever the Icelandic equivalent is), but if the US, the UK, or probably even Russia asks for data from them, they'll be rushing to provide it, if not through open legal processes, then through back channels.

It's best to accept that email is for what office memos were for 30 years ago, and for getting shipping notices from Amazon and stuff like that. If you want to communicate privately, use a different technology.


Anonymous 07/19/2016 (Tue) 08:21:11 [Preview] No. 5870 del
Runbox is in Norway which has slightly different rules concerning internet stuff. Runbox is also an ISP as well as a webhost but no VPN/VPS. If you want reliable email service, go with Runbox or Fastmail, but if you want to be cheap, go with Ghostmail and expect shit to not work well as intended. I think if you pay for a Runbox email and request to have your email to be in their Norway server and not cache the mail so that once something's deleted, it's completely securely indefinitely deleted off of their server, that can be arranged free of charge which I have asked them to do that. For low tier shit, use Tutanota or cock.li but both are untrustworthy but marginally better than (((ProtonMail))). I haven't used Openmailbox and I was never interested in it. If you want to use an email via tor, sigaint may or may not be compromised, you never know for sure. Using your own self hosted server is probably worse except if it's in the local network though that would be separate from the internet. Getting your own VPS, buy a cheap shit domain, set up your mail server, that might be relatively preferred. I've read bad stuff concerning PGP but I don't know about it now, neither do I recall the proper configuration of PGP and ssh stuff. For "privacy", don't use your real name, don't use your ID that traces back to you, don't use email. For relative privacy, the use of PGP is required.


Anonymous 07/19/2016 (Tue) 09:41:09 [Preview] No. 5873 del
You should run your own e-mail server. It's the only way.


Anonymous 07/19/2016 (Tue) 11:34:49 [Preview] No. 5874 del
You should stop using email if you want privacy. It's the only way.


Anonymous 07/19/2016 (Tue) 14:47:26 [Preview] No. 5875 del
Stop using email.
Get a sigaint address for extreme cases.


Anonymous 07/19/2016 (Tue) 16:08:30 [Preview] No. 5876 del
>>5867
>Is there a free email service that is better for privacy?
No

Use GPG
use wwwcocklicdexedh.onion or sigaintevyh2rzvw.onion

>>5874
>>5875
>Stop using email.
alternatives?


Anonymous 07/19/2016 (Tue) 21:56:49 [Preview] No. 5877 del
Anyone know of any squirrelmail providers? Or just any others that don't require javascript.

Looking for anonymity and easy remote accessibility here, so paid providers are out of the question and hosting my own isn't going to cut it.

>>5876
Bit message , retroshare, pond and i2p-bote are a few that come to mind. prism-break.org and privacytools.io should list a few. But at that point why not just use Tox and be done with it?
The whole point of still using email these days is its global use, mostly for setting up accounts and confirmations.


Anonymous 07/19/2016 (Tue) 22:43:02 [Preview] No. 5878 del
i2p has integrated email, making an address after setting it up is a cakewalk.


Anonymous 07/20/2016 (Wed) 01:02:31 [Preview] No. 5880 del
>>5978
Got a guide?


Anonymous 07/20/2016 (Wed) 02:16:54 [Preview] No. 5881 del
(133.29 KB 1080x1528 1468652418345.jpg)
>>5869
>>5873

No. Hosting your own email does not make your email private. OpenSMTPD and OpenBSD do not make your email private.

Host remotely (VPN or dedicated server) OpenSMTPD on OpenBSD. Who can read your email?

-Anyone with physical access to the machine. Even if you use FDE, the disk encryption key is in memory while the machine is running.
-Anyone with administrative access to the machine (in the case of a VPN).
-Law enforcement with a valid warrant or NSL (in jurisdictions where those are even necessary)
-Sufficiently motivated and funded intelligence agencies
-Crackers

Host locally. OpenSMTPD on OpenBSD. First of all, good luck. Most ISPs block port 25. If you have a dynamic IP, it's going to be a pain, too. Plus many email providers will have your IP range blacklisted. You will likely not be able to even get this working reliably. But, let's say you do. Who can read your email?

-Same as above. Some of these categories of threats may be mitigated if you keep the machine under lock-and-key and you're nominally the only one with physical access. But you're still susceptible to a warrant, to crackers, etc.

Now, it gets even more fun from here. Let's say you have a setup like either of the above.

Scenario 1: You send an email to someone whose server doesn't use TLS for SMTP (there are LOTS of these). Your email is in plaintext in transit. The NSA has it. If it has gone international, other intelligence agencies have it. Law enforcement has it if they want it. Whoever admins the server you sent your email to can read it. Any bored network op between you and the server you're sending to can read it.

Scenario 2: You send an email to someone whose server uses TLS, but isn't a major provider. Your email is probably safe in transit from Joe Sixpack the network op. Whether the NSA or other intelligence agencies can get at it depends on how broken the CA system is and whether the private keys for the certificates involved have been compromised at some point. So your email is possibly safe from mass surveillance in transit. But it's sitting in plaintext on the destination server. The server admin can read it. Law enforcement agencies and intelligence agencies can get it if they want. If the remote system is compromised by a cracker, they can get it, too.

Scenario 3: You send an email to someone at Gmail, Yahoo, or Hotmail/Outlook (protip: that's most people). I know Google uses TLS for email now, Yahoo and MS probably do too. Yay. But hundreds of people at those companies can read your email if they want. And the American government now has a copy.

So let's put the "hurr host your own" maymay to bed. There are valid reasons to host your own email, but hosting your email does not make it private. Email was not designed to be private, and any system designed to make email private is hacky and bolted on.

The most widely deployed way to make email private is PGP, which is painful to use (and is, thus, not used widely), does not provide forward security, and does not mitigate the tons of metadata that go along with email.

EMAIL IS NOT PRIVATE.

If you want to communicate privately, use Pond, Ricochet, Signal, Tox, XMPP/OTR, or I2P-Bote.

Or if you're the kind of person who likes to pour hot wax on your genitals and sound your urethra, use PGP and try to persuade others to use it too.


Anonymous 07/20/2016 (Wed) 19:25:14 [Preview] No. 5889 del
>>5885

No shit.

http://www.merriam-webster.com/dictionary/privacy

I'm not going to assume that English isn't your first language. I'm just going to assume you're a moron.

I'll simplify it for you, since you're not very bright.

Is your email stored or transmitted in plain text?

Then it's not private.

How do you make your email private?

PGP.

But PGP sucks, because it's bolted on to email, because email was never intended to be private. Use something else.

Well, using something other than email for private communication is my general advice.

My specific advice to you is to kill yourself. Then you don't have to worry about any of this stuff.

Seriously. Die in a fire.


Anonymous 07/21/2016 (Thu) 08:26:01 [Preview] No. 5892 del
Someone post a guide for i2p/email


Anonymous 07/21/2016 (Thu) 12:43:39 [Preview] No. 5896 del
Forgive me for my ignorance but I though you can't reach normal email addresses thorugh i2p bote. Am I correct ?


Anonymous 07/21/2016 (Thu) 15:04:43 [Preview] No. 5898 del
>>5881
What about remailers?


Anonymous 07/22/2016 (Fri) 15:33:36 [Preview] No. 5911 del
Email services are generally the wrong place to look for privacy.
From my experience, the only people you'll be using it with are those who don't care about their (and your) privacy and won't use GPG.
All your messages will also be stored on their end of the communication, which usually is GMail anyways, so there's no real point in trying to make email more private.
See also: http://secushare.org/PGP

BUT if you want to communicate privately with someone who cares about their anonymity as well, take a look at this comparison of asynchronous messengers: http://secushare.org/comparison#sec-4


Anonymous 07/26/2016 (Tue) 03:57:28 [Preview] No. 5936 del
How about running your own mailserver as a tor hidden service?


Anonymous 07/26/2016 (Tue) 09:48:04 [Preview] No. 5937 del
>>5936

You're confusing anonymity and privacy.

Setting up your email server as a Tor hidden service addresses none of the above concerns.


Anonymous 07/27/2016 (Wed) 15:40:41 [Preview] No. 5948 del
>>5881
Setting up own mailserver with mandatory TLS for internal mail only is good. I mean, have all your recipients use your mailserver. Tor/i2p - as you wish. Works just great for scenarios like "family".
Someone may just install whatever software is trendy now, but mail is most supported.


Anonymous 07/27/2016 (Wed) 21:24:03 [Preview] No. 5952 del
>>5948

>Setting up own mailserver with mandatory TLS for internal mail only is good.

I've set up Postfix, exim and OpenSMTPD before, and I don't recall any of them using TLS for delivery to localhost. Is that even possible?

If you're referring to one's email client using TLS to communicate with the server, then that's fine. The mails are still stored unencrypted in various places, but at least they're not transmitted in plaintext to the server. Your proposed setup does not replace PGP.

>I mean, have all your recipients use your mailserver.

LOL.

Yeah, good luck with that.


Anonymous 07/30/2016 (Sat) 06:01:53 [Preview] No. 5981 del
You can send encrypted emails with tutanota that can't be read unless you give the receiver a password and it's free. IDK if the company can read your emails though.


Anonymous 07/30/2016 (Sat) 19:46:39 [Preview] No. 5993 del
>>5952
PGP is pretty much better (for IM OTR is better, because PGP is not without problems like lack of deniable authentication or perfect forward secrecy). But not everyone knows how to use PGP. And if you can make people connect to your very own server securely, plaintext at server is not a concern.

>Yeah, good luck with that
Done already.

>>5981
I don't trust much all those JS-based security products. Use any service you can use anonymously and for free, with mail being encrypted at your computer with GPG (GNU-ine OpenPGP implementation). If you wanna go metadata free - use own server over Tor hidden service.

Also, there's Ricochet.


Anonymous 08/01/2016 (Mon) 04:24:25 [Preview] No. 6004 del
>>5993

>And if you can make people connect to your very own server securely, plaintext at server is not a concern.
>plaintext at server is not a concern.

Only if your threat model does not account for intelligence agencies, law enforcement, your hosting company's admins, anyone with physical access to the server, flaws in the CA system (are you quite sure the private keys of every CA haven't quietly been turned over to the U.S. gov't?), or crackers.

Of course, if your threat model doesn't include any of those as potential adversaries, I don't know why you'd bother setting up your own mail server anyway. Just use gmail.

>Done already.

I don't believe you, unless your circle of correspondents is limited to a couple of similarly autistic friends or family members.

That's irrelevant anyway, as the vast majority of people will not be able to convince significant numbers of their friends and family members to use their private server. So, while your "solution" may work for you, it's laughable advice to give to 99% of the rest of the world.


Anonymous 08/01/2016 (Mon) 11:16:08 [Preview] No. 6011 del
>>6004
>le not NSA-proof, use gmail
fuck off


Anonymous 08/01/2016 (Mon) 17:02:03 [Preview] No. 6014 del
>>6011

>le 'i have no answer so i'm going to pick one adversary from the list and apply the "le" maymay to it'

Apart from your blatant and laughable cherrypicking and memery, I'd ask if you really think that the NSA is the only intelligence agency in the world, but nothing you say is worth anything, so I don't care what your answer would be.

Kill yourself.

>>>/suicide/


Endwall 08/01/2016 (Mon) 20:59:56 [Preview] No. 6016 del
Check out my tor hidden service email server. Send me mail!!

$ torsocks telnet tmg3kli67jlbcduh.onion 25

endwall@tmg3kli67jlbcduh.onion


Endwall 08/02/2016 (Tue) 08:11:28 [Preview] No. 6025 del
$ torsocks pacman -S swaks perl-net-ssleay

$ nano message.txt

$ torsocks swaks --server tmg3kli67jlbcduh.onion --to endwall@tmg3kli67jlbcduh.onion --from sender@returnaddress.onion --helo "returnaddress.onion" --tls --body notes.txt

My server works !!


Anonymous 08/02/2016 (Tue) 12:21:36 [Preview] No. 6029 del
>>6016
Congratz...
>tmg3kli67jlbcduh.onion
It is down


Anonymous 08/02/2016 (Tue) 12:57:32 [Preview] No. 6031 del
>>6029
I actually liked the name tmg3kli67jlbcduh:
tell me g 3k li 67 j lbc duh


Endwall 08/02/2016 (Tue) 18:36:22 [Preview] No. 6036 del
Try it again. My computer was offline. I need to setup another fulltime computer for hidden services. This is just proof of concept right now.


Endwall 08/03/2016 (Wed) 01:04:33 [Preview] No. 6041 del
So far no takers...
I'm going to try to leave my computer on tonight to see if anyone drops me email, or logs in.


Endwall 08/03/2016 (Wed) 12:18:05 [Preview] No. 6045 del
I got some email. Thanks for the tips. System works.


Anonymous 08/07/2016 (Sun) 01:23:44 [Preview] No. 6107 del
I am writing an smtp server. Right now it functions completely inside i2p, may add inter-operation with tor soon.

http://git.psi.i2p/psi/bdsmail/
http://git.psii2pdloxelodts.onion/psi/bdsmail/

I am aiming for it to be as 0 config as humanly possible so that people actually use it.

pop me an email I AM LONELY D:


Anonymous 08/07/2016 (Sun) 01:25:47 [Preview] No. 6108 del
let's try this email instead


Anonymous 08/07/2016 (Sun) 01:30:11 [Preview] No. 6109 del
>>6107
127.0.0.1:2525 for smtp
127.0.0.1:1110 for pop3
your email address is whatever@youraddr.b32.i2p
it will print to stdout


Anonymous 08/08/2016 (Mon) 11:02:00 [Preview] No. 6137 del
Can someone please teach me how to install i2p and make a i2p mailbox that works on clearnet as well?

t. Loonix newbie

I already done some extensive researching but most results are not what I am looking for


Anonymous 08/08/2016 (Mon) 12:11:27 [Preview] No. 6139 del
>>6137
mail.i2p via susimail, it does work with clearnet. It is not secure, that's just a i2p-available mailserver.


Anonymous 08/08/2016 (Mon) 12:13:24 [Preview] No. 6140 del
>>6107
Why not bote?


TP~* 08/12/2016 (Fri) 22:42:46 [Preview] No. 6209 del
>>You should stop using email if you want privacy. It's the only way.

Exactly

Instant Messaging // end-to-end encryption.


Anonymous 08/13/2016 (Sat) 10:39:34 [Preview] No. 6233 del
>>6209
>Instant Messaging // end-to-end encryption.
HAHAHAHAHAHAHAHAHAHAHA

I like your jokes.


Anonymous 08/15/2016 (Mon) 17:41:50 [Preview] No. 6270 del
TP is back everyone!


Anonymous 08/16/2016 (Tue) 11:55:11 [Preview] No. 6296 del
i2p mail works, kinda.


Anonymous 08/16/2016 (Tue) 12:17:49 [Preview] No. 6298 del
>TP ?


Anonymous 08/17/2016 (Wed) 05:57:03 [Preview] No. 6348 del
>>5870
>For low tier shit, use Tutanota or cock.li but both are untrustworthy but marginally better than (((ProtonMail)))

What's wrong with Proton?


Anonymous 08/21/2016 (Sun) 15:22:51 [Preview] No. 6429 del
>>5867
https://www.openmailbox.org/tos

Registration looks open now, or am I looking at the wrong service right now?


Endwall 08/23/2016 (Tue) 00:27:48 [Preview] No. 6443 del
I just got some encrypted email to my hidden service smtp server telling me to turn off tls on the mail server. Is this a good idea? I use a 4096 bit RSA self signed certificate generated with openssl. My feeling is that this bumps up the security of tor which is using 1024 bit RSA certificates. OK what are the pros and cons of having tls on my mail server behind tor? Discuss.


Anonymous 08/23/2016 (Tue) 03:57:25 [Preview] No. 6452 del
>>6443

How is your mail server configured for TLS? Is it optional or required?

If you require TLS for smtpd->smtpd connections from other mail hosts, you may simply not be receiving mail from other hidden service mail hosts that don't bother with a cert. That may have prompted the person's email.

I'm not sure your cert realistically provides any more privacy, because if someone can break the encrypted Tor route to your mailserver, they can MITM the connection with their own self-signed cert, correct?

I suppose your setup would protect against a passive adversary that could eavesdrop on Tor secured connections, but has no interest in being a MITM.

Better yet, stop using email for communication that's intended to be private.


Endwall 08/23/2016 (Tue) 04:11:04 [Preview] No. 6453 del
It's required on my server. And if you then encrypt your message with my public key 4096 bit RSA...How could that go wrong?


Anonymous 08/23/2016 (Tue) 07:09:30 [Preview] No. 6454 del
>>6453

>And if you then encrypt your message with my public key 4096 bit RSA.

Are you referring to a PGP key now?


Endwall 08/23/2016 (Tue) 08:32:32 [Preview] No. 6455 del
Yeah. TOR+TLS+PGP how does that fail?


Anonymous 08/23/2016 (Tue) 21:09:16 [Preview] No. 6467 del
>>6443
Do not "turn off TLS", leave it as option. Also stop requiring HELO.

Simple session like
MAIL FROM:anonymous
RCPT TO:endwall
DATA
ur a faget
.

is metadata free as possible and simpliest to support. Asking to provide own hostname (HELO) or ciphers supported (mandatory TLS) harms privacy.

And TLS won't do much not because self-signed cert (there are email clients that can store selfsigned cert), but because if Tor is compromised, it is pretty much over. And that is not a case yet.


Anonymous 08/23/2016 (Tue) 21:19:03 [Preview] No. 6468 del
>>6455

Depends. What's your threat model?

>>6467

>And TLS won't do much not because self-signed cert (there are email clients that can store selfsigned cert)

We're not talking about email clients, we're talking about SMTP servers talking to each other. Which SMTP servers store self-signed certs?


Endwall 08/23/2016 (Tue) 21:57:26 [Preview] No. 6469 del
>helo harms privacy
OK I can budge on the mandatory helo but not on the mandatory tls. I don't check the helo against anything at the momment so you can put anything there right now. Its just an extra access control feature for me to turn on if someone starts trying to abuse my server.

>And TLS won't do much not because self-signed cert (there are email clients that can store selfsigned cert), but because if Tor is compromised, it is pretty much over. And that is not a case yet.

I'm in the I don't assume anything about tor threat model. I'm in the 1024 bits is too low model, 3 hops is too short model. TLS with 4096 bit RSA adds a who cares if tor is compromised layer to my security. If tor is secure then great, and if it is not, then who cares TLS has me covered. Encrypting the messages you send me with 4096 RSA pgp adds another layer, the suck a lemon layer.

If a man in the middle impersonates my certificate, then they get an encrypted message that they can't decode or answer, and the conversation will fall apart after one or two more messages.

endfix.cf + endmail.sh can + torrc settings, allows you to set up the exact server I'm running in around 3 mins. Everyone should set one up. Then trade their hidden service .onion domains. That way you can communicate anonymously and psudo-anonymously. Get burned? then , delete your .onion hostname and private key and start over.


Endwall 08/23/2016 (Tue) 22:24:03 [Preview] No. 6470 del
endfix.cf
https://github.com/endwall2/endtools/blob/master/endfix.cf
endmail.cf
https://github.com/endwall2/endtools/blob/master/endmail.sh

I can play with the sender, and recipient restrictions to block everyone but a select group of senders and recievers, and same with the helo restrictions. It's a template, theres stuff to do. Good suggestion though about the mandatory helo.


Anonymous 08/23/2016 (Tue) 22:40:29 [Preview] No. 6471 del
>>6470
At other side, requiring TLS removes that metadata bit of "uses/does not use encryption". The only problem is just slightly harder to use if not done via specially crafted software. I mean talking to server, with mandatory TLS that would involve openssl s_client or something like that.

Offtopic: how did you registered on github? I've been trying to, but not hard enough, Github was banning my accounts. I am not human enough...


Endwall 08/23/2016 (Tue) 22:42:11 [Preview] No. 6472 del
in the ### TLS ENCRYPTION ### section of endfix.cf you can change

smtpd_tls_security_level = encrypt

to
smtpd_tls_security_level = may

to get optional tls, and then with helo go to
### OTHER CONFIGS### and change
smtpd_helo_required = yes
to
smtpd_helo_required = no

to get optional helo.


Endwall 08/23/2016 (Tue) 22:43:35 [Preview] No. 6473 del
>>6471

upload your git and then email them from an email account and say hey I'm a human. I had to do that to get access. They responded within 24 hours.


Endwall 08/23/2016 (Tue) 22:49:01 [Preview] No. 6475 del
Send me mail with endmail.sh

It uses swaks. Try it out. If everyone set up a smtp hidden email server using endfix.cf ( i omited the master.cf file, but I can add that too if neccessary, and also my dovecot.conf files) , and then send email to each other using endmail.sh

I have my own out in the open email server for my regular communications with "normies", I've put on smtpd_tls = may for that account. But if you're using tor to send email to hidden services, you might as well go all the way. I've made it easy enough.


Anonymous 08/23/2016 (Tue) 23:30:15 [Preview] No. 6476 del
>>6475
I believe that protocols should be useable by humans via primitive tools like netcat. But that swaks seems to be useful and not departing from manual netcatting too far...

openssl s_client -ign_eof removes most of s_client unusual stuff like renegotiating at uppercase R...


Endwall 08/23/2016 (Tue) 23:34:37 [Preview] No. 6477 del
I got the email. Did you send that with endmail.sh? Super easy to use.

It should be TOR since it's an acronym, but I'll call it as they like it, Tor. I'm easy going on that account.


Anonymous 08/23/2016 (Tue) 23:36:28 [Preview] No. 6478 del
>>6477
Sorry, have not used your script. Just finally understood that quirk of s_client going crazy.

Gotta play with swaks later.


Endwall 08/23/2016 (Tue) 23:39:40 [Preview] No. 6479 del
Here is my order of trust

Tor << TLS 1.2 +RSA 4096 < gpg RSA 4096

I think the communication problem is solved if you want it to be. Also do your key generation and decrypts on an air gapped computer, and sneaker net your messages for decrypts. That is the ultimate. I'm not that hard core right now I use a computer that's networked for it. But if it was that important I would do it that way.


Endwall 08/23/2016 (Tue) 23:49:05 [Preview] No. 6480 del
You should write an openssl s_client script and post it in >>>/endsoft/ .


Anonymous 08/24/2016 (Wed) 00:11:45 [Preview] No. 6481 del
>>6480
I had that idea. But I suspect it is better to not suffer from NIH syndrome and use swaks (or something similar).

More helpful could be composing and encrypting message within sending script.
I am trying to understand how to use nano's "--noread" option. Writing message to disk is harmful, it is better to pass it directly to gpg and then to swaks.


Endwall 08/24/2016 (Wed) 01:24:27 [Preview] No. 6482 del
A script could be setup to do this

$ gpg -e -s -u "Local User" -r "Recipient"

Type message press CTRL-D at the end of the message.

pipe into torsocks swaks.
Something like that. It sounds doable.


Endwall 08/24/2016 (Wed) 01:38:55 [Preview] No. 6483 del
It worked

$ gpg -a -e -s -u LocalUser -r Recipient | torsocks swaks --server blah.onion --from Anonymous --to endwall --helo Whatever --tls --h-Subject "Re:" --body -


Endwall 08/24/2016 (Wed) 02:08:47 [Preview] No. 6484 del
Not signing is more anonymous

$ gpg -a -e -r Endwall | torsocks swaks --server tmg3kli67jlbcduh.onion --from anonymous --to endwall --helo hi --tls -h-Subject "Re:" --body -

Type your message with enter for break lines and end with CTRL-D.

Try it out. Of course you need to import my public key first.


Endwall 08/24/2016 (Wed) 02:15:06 [Preview] No. 6485 del
I still think its better to generate the keys and do the encryption on an air gapped computer and sneaker net / transfer by floppy disk the encrypted messages, and public keys, to a networked computer. Its better to assume that there is already keylogging going on on your networked computer.


Anonymous 08/24/2016 (Wed) 02:24:49 [Preview] No. 6486 del
>FLOPPY DISC
wat


Anonymous 08/24/2016 (Wed) 03:04:20 [Preview] No. 6488 del
>USB
STUXNET


Endwall 08/24/2016 (Wed) 06:35:31 [Preview] No. 6493 del
I've placed configuration files for unbound dns server and dovecot pop3/imap server on The Endware hidden service.

http://42xlyaqlurifvvtq.onion/content/

These should be able to slot right in to the /etc/unbound/ directory and /etc/dovecot/conf.d and /etc/dovecot/ directories and start the servers. The dovecot files come from a CentOS rpm and the unbound configuration was adapted from reading online. Let me know if they aren't working.

You will have to change the ipv4 addresses in unbound.conf to fit your network. Run a dovecot + postfix mail server combo. Run postfix on port 25 as
an smtp hidden service, using endfix.cf, and authenticate/ log in using dovecot by imap or pop3.


Anonymous 08/24/2016 (Wed) 09:25:22 [Preview] No. 6498 del
>>6493
>unbound DNS server
>DNS
>server
b..but I use Tor, I don't use DNS other than that provided by DNSPort or tor-resolve...


Endwall 08/24/2016 (Wed) 17:57:27 [Preview] No. 6508 del
>>6498
Well no one is forcing you to use it... but try endbound.conf
https://github.com/endwall2/endware/blob/master/endbound.conf


Anonymous 09/01/2016 (Thu) 18:50:08 [Preview] No. 6600 del
>>6508
-----BEGIN PGP MESSAGE-----

hQIMA4+CmcGphSl/AQ//XNnqj1nje3VRTDnt2egM1a6rdsolHXRclbBBC1vRFrY9
5YYrlsPMeu0wSBdRoe+4nZCAn+G7l31gTaDbPtVFTcSEcFy+FtPIcENkyaKNCcH4
7hZvKH1LScBsatANYk7nwvuF2ybVXJ2zV6LPlBjB4uY4hlTaGFp6tJqmt3gW35pJ
DVvETBYlCJcPptjpZNWMcm06jCcGFlQmQkJXAwW75S6xCWhrpmcChIoHTQMryfu3
kVpfgrGmCEvgnC59wiydvv3HAu2qEvvxOQ/io/951WiPAE/40hz+3B06d6dLRv7X
yjZ3zo4FgrwA4X6ByZx78aPgtwgWzszpQUl1r3qh67RTojKSM94hTpduPpEAn2OL
OaHXgeXvKezu8jAvxYyofHx4dRVb6LnH0Ir5abMd6kw4JuYRNzhJY9Q2TtIFdCzD
JJ7WtmKiwAWJ4ZkV5S028IxakTNEv1QPCpIFWiwNqQ2m8+5RKjaZ3vIPF3EUzk7c
aMvked10HNMtL8RALR0OBOZOJ1CNrduniDSjqQLTWQTzupcgnCW64SkFD0etocrf
CDeKw+tm1tZoXI6fyBgl7AS5GAsfhHwgZfqikB0MCIdmzVudT6jwsw74plreJk5T
GrAZNKybsdooZrD9ZhUJO/TZlt8aISvu6+hxKs3gsPbn389/HyRNMGCCz+NxI2nS
mAH5Cko4aCD+esxYXxdy2aEnS4vSxyY85/J/L0L76HawtzCDCPAyOZ7u8NAap1rw
oTVM0xownvDeIW9wzQ1Z5dfzgBDRpBporiTVedJkV3UGM4jufe40wacYhNJlC19Z
KYYmge6aRdT2QZGl8cfjHH45P5UU8AYI5Z2SwL/a5Kwu08LU45NBY40JB4/TFacV
3dAw8gJcvwuP
=mSvq
-----END PGP MESSAGE-----


Endwall 09/02/2016 (Fri) 04:04:29 [Preview] No. 6606 del
This time my computer was actually turned off as I was away at school. I need to setup a dedicated computer for the hidden mail server as I'm currently running it on my desktop which is a no no. But as a proof of concept it was a success. I have to clean up my room and setup a new server dedicated to this task. For now just send it to riseup. I'll do something about the html later. Thanks.


Anonymous 09/02/2016 (Fri) 07:02:00 [Preview] No. 6607 del
>>6606
Do you have a cell phone? If so, you have all your server needs met. For a TOR daemon and SMTPd its all you need.


Anonymous 09/02/2016 (Fri) 12:14:54 [Preview] No. 6609 del
>riseup
You can't send to that mememail without authentication. Or can you?


Endwall 09/02/2016 (Fri) 13:34:37 [Preview] No. 6610 del
>>6607

I got rid of my cell phone 2 years ago. But that's a good idea. A non gps tracking non microphoned pocket computer that connects to cellphone network and is always on. That could work.

>>6609

I've had no problem getting mail sent to riseup. It should work.


Endwall 09/03/2016 (Sat) 08:20:58 [Preview] No. 6617 del
>>6600
>>6606

Actually first try my mail server if it's down then send it to my proton mail or to my riseup. I'm going to try to leave this computer (the hidden smtp mail server) up in text mode whenever I'm not using it for web browsing and youtube video viewing. It's a little more stable these days since the latest kernel updates. I'm using links in the console with tmux right now. I actually am liking it. The webserver should be up all the time as it is hosted on a dedicated headless computer. I'll set up a dedicated hidden service for both servers once I have the time/resources. But yeah try sending the mail to my hidden service first, I'll check it when I get home. Use endmail.sh. Set up your own hidden service smtp server with endfix.cf and uncomment the hidden service settings in your torrc for port 25. If you get it to work email me your hidden service address and I'll send a test mail back.


Endwall 09/03/2016 (Sat) 08:28:15 [Preview] No. 6619 del
>>6617
I meant I'll set up a dedicated server for both hidden services (http and smtp).


Anonymous 09/03/2016 (Sat) 19:52:35 [Preview] No. 6625 del
>>6610
You can desolder and remove GPS and mic&speakers from any phone, like mines in this post, and get any computer with a USB, EtherNet/NIC, or SATA 4G/LTE module. They can still triangulate your location, so be sure to proxy-VPN a static gateway IP address. SBCs welcome


Endwall 09/04/2016 (Sun) 01:21:25 [Preview] No. 6627 del
I think having a rasberry pi with an encrypted solid state drive or encrypted usb thumb drive to host the mail would work best. Need a firewall. Install tor and an smtp daemon, Postfix or OpenSMTPd,
run tor I'd do everything with wired ethernet. Wifi is a disaster.

Personally I'd rather just have the server at home, and set up an openVPN tunnel into that network, to check the mail remotely by imap. That seems like the most sensible way to do it.


Anonymous 09/04/2016 (Sun) 07:07:49 [Preview] No. 6629 del


Anonymous 09/14/2016 (Wed) 17:52:33 [Preview] No. 6744 del
>>5892
Their website has multiple guides for different Operating Systems.
https://geti2p.net/


Anonymous 09/15/2016 (Thu) 22:28:42 [Preview] No. 6755 del
>>6627


Is openvpn audited?


Anonymous 09/25/2016 (Sun) 19:03:12 [Preview] No. 6831 del
Is there a point in using sigaint without pgp if eventually personal information is revealed ?


Anonymous 09/26/2016 (Mon) 18:21:11 [Preview] No. 6838 del
>>6831
what the fuck i am reading

Use GPG. If key is not compromised, no messages for unintended recipients. It's not like every pgp message gets compromised just because it can.

Perfect Forward Secrecy and Deniable Authentication are nice things, but PGP lacks them. Still better than just defeatist "lelel encryption can be broken, let's chat in facebook"-tier crap.


Anonymous 09/26/2016 (Mon) 18:33:46 [Preview] No. 6839 del
>6838
Sorry for triggering you. Using sigaint without pgp came into mind when thinking about alternatives for people that can't into pgp.


Anonymous 09/26/2016 (Mon) 21:13:07 [Preview] No. 6844 del
>>6839
Nope, that's retarded. Getting started with GPG is not that hard. While random mailserver cannot be trusted for anything other than mailing owner of that server.


Anonymous 09/27/2016 (Tue) 09:40:58 [Preview] No. 6854 del
>>6844
But but, muh mom can't into pgp.


Anonymous 09/27/2016 (Tue) 17:20:01 [Preview] No. 6864 del
>>6854
Give your mom mail client with automatic GPG usage and passwordless key. Claws-Mail works in that way, not sure about Thunderbird/forks.


Anonymous 09/27/2016 (Tue) 18:15:40 [Preview] No. 6865 del
>>6864
Thanks sempai. Will do.


bump Anonymous 01/19/2017 (Thu) 15:24:13 [Preview] No. 7871 del
hey endwall, your email server is not accessible.

Does someone else run Tor hidden service SMTP server? Also, what's up with Tor posting captcha?


Endwall 01/20/2017 (Fri) 04:17:09 [Preview] No. 7878 del
Try again. I set the mail server up on my main desktop (with my gui) as a test. I turn my computer off when I go to school. I was planning on migrating the mail server to a dedicated tor server computer but never got around to it. No one emails me anyways. I'll leave my computer on in text mode tomorrow, so you can send me something. I really think this is the answer, I mean not withstanding all the other security problems with computers.

Air gap with private key and public key ring for recipients-> encode message -> port encrypted message by floppy disc to transmision computer -> Send encrypted mail to tor mail server.

Recieve mail to tor mail server -> port encrypted message by floppy to airgapped decryption computer running in text mode. decrypt message read, in sealed room with multiple locks -> destroy traces of communication (reboot).

I think this would do it. That way you never type on the online computer, and only type and encrypt and decrypt on the air gapped computer. If both counterparties do this it should work.

Unfortunately I'm not currently doing this, my private key is also on my workstation. One day I'll impliment this strategy, probably this summer. If everyone did this protocol that would mess the NSA up big time. It wouldn't matter if your workstation was compromised, they still wouldn't get the message.


Anonymous 01/21/2017 (Sat) 09:02:00 [Preview] No. 7880 del
>7878

What about keeping your master key on an airgapped system and using subkeys instead of using floppy disks back and forth? You could avoid using floppies (an attack vector, albeit an uncommon one) altogether.


Endwall 01/21/2017 (Sat) 22:06:06 [Preview] No. 7881 del
No one emailed me on Friday.

I'll leave it up in text mode for the next two days and then return to my normal operations until i build my tor only mail server.

>>7880

You still want to do the decrypts and encrypts on an airgap . Assume any computer connected to the internet has keylogging.

So if you want to use subkeys fine get a third computer. Two air-gapped computers and an online transmission computer.
Decrypt and Encrypt on the transmission computer means you may have given the content away. Coppying 100Kb text files back and forth and using jails is more safe than plugging in an RJ45 cable and typing on your keyboard.

Do it my way and you're home free. They'll need physical access to your full disk encrypted system or a virus that exfiltrates bit by bit. If you only copy the encrypted text file to the A:\ drive and write a checksum or some other verification method, and have reasonabley good security on your physical location I think this is the best way.


Anonymous 03/05/2017 (Sun) 12:28:56 [Preview] No. 8155 del
How are ProtonMail and Tutanota?


##9RCX0m 03/06/2017 (Mon) 06:40:34 [Preview] No. 8156 del
>>8155
Why even use them at this point? Tutanota is Deutschland, until the Germans uncuck themselves, jurisdictional wise, if the US or any other FVEY nation asks to get one email address and their inbox, they're more likely to oblige to their requests, sort of like how cock.li got cucked by the Romanian government. Protonmail is controlled by Jews. https://protonmail.com/support/knowledge-base/protonmail-israel-radware/ https://cryptome.org/2015/11/protonmail-ddos.htm

For the time being, the only free email service I'd use is bitmessage.ch, sigaint.org, unseen.is, and cock.li. I won't recommend paid email services, but I would say that a couple of them is only worth it if you buy in bulk then stop using it after it runs out as you try to move on to any newer or better free or paid email service. Also, never forget about auti.st, and email services of the various hidden/decentralized networks like Tor, 12p, Zeronet, etc.


Anonymous 04/02/2017 (Sun) 22:35:01 [Preview] No. 8219 del
>>8156
this is bait. who cares whether network traffic is routed through Israel? they could just have well got a jew to sit in Switzerland and intercept at any point there without public record. All traffic on the internet is already routed through like 20 untrustworthy hops in the first place (and those are only the entities visible to you. there is more routing in between which you can't even see)


Anonymous 04/02/2017 (Sun) 22:39:35 [Preview] No. 8220 del
>>8156
>unseen.is
>can't sign up without providing recovery email
trash


Anonymous 04/02/2017 (Sun) 22:46:13 [Preview] No. 8222 del
>>8156
>Protonmail
>requires antispam check to sign up
>email (only available under certain circumstances, your IP, time of day, who knows?)
>SMS (>owning a phone)
>Donate (lol)
>lol no captcha option
trash


Anonymous 04/02/2017 (Sun) 22:47:22 [Preview] No. 8223 del
>>8156
>bitmessage.ch
>Obligatory fields to fill out
>Your contact address
trash


Anonymous 04/02/2017 (Sun) 22:47:56 [Preview] No. 8224 del
>>8155
>tutanota
>please wait 48 hours before you can use your new account
trash


Anonymous 04/02/2017 (Sun) 23:06:02 [Preview] No. 8225 del
>>8222
okay, so i went through the entire process of receiving an sms to verify my account and then it just says "email or phone are already used".
double trash


Anonymous 04/02/2017 (Sun) 23:09:36 [Preview] No. 8226 del
>>5867
>openmailbox
>registration closed
>comments go back to december 2016 saying reg closed
>but reg is open for their trendy mobile-first solution which gives a @openmailboxbeta.com email address

also we should mention teknik.io, which also has registration closed



Top | Return | Catalog | Post a reply