[prev in list] [next in list] [prev in thread] [next in thread]
List: cypherpunks
Subject: Re: [tor-talk] Email provider for privacy-minded folk
From: Eugen Leitl <eugen () leitl ! org>
Date: 2013-02-20 11:47:47
Message-ID: 20130220114746.GL6172 () leitl ! org
[Download RAW message or body]
----- Forwarded message from Mr Dash Four <mr.dash.four@googlemail.com> -----
From: Mr Dash Four <mr.dash.four@googlemail.com>
Date: Tue, 19 Feb 2013 19:08:26 +0000
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Email provider for privacy-minded folk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;
rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23
Reply-To: tor-talk@lists.torproject.org
> IMO, only stupid idiot doesn't use https with gmail.
> That's why I think all talkings about gmail and beeing hacked is useless.
> Let him set "Use always https" in the gmail settings, then log out, log in, change \
> password and secure q/answer and that's all.
> This should be about Tor and Tor close stuff...
>
>
> Game's over.
>
Indeed! I also employ one additional measure, which, admittedly, may not
be to everyone's taste - I have all my
browser/system/email/everything-else-you-care-to-name root certificate
store wiped out clean!
If I have to access a specific (https) site or access a new email account
(by using secure pop/starttls, secure smtp or secure imap) I tend to get
the site's certificate well in advance via other means (not through tor,
obviously) and store it manually on my system for use by these programs.
That way, I know that if the "certificate unrecognised" error pops up there
is either 1) a new site I have never accessed before (most likely); or 2)
someone is trying to use spoof certificates.
The latter doesn't occur very often, though I've had this on a number of
(rare) occasions when a tor exit node for example (prior to being banned
in my torrc file and banished forever) tries to pretend to be my email
server and gets caught out with its pants down, quite literally... This
measure also prevents the likes of hacked/rogue CA's out there leaking
certificates to people/organisations who use them for various
criminal/unsavoury purposes.
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic