Re: BEST webmail SERVICE FOR REMAILER USE ?

[Nomen Nescio]

> en.wikipedia.org/wiki/Comparison_of_webmail_providers

> Which Webmail service:
> 1: is free
> 2: signup has no ID verification by SMS, email, phone etc
> 3: works with Tor (Tor exit nodes are not blocked by it)
> 4: allows an option for plain text emails to be sent
> 5: does not filter emails to remailers
> 6: ideally, does not use scripts (which could snoop)

> I found:
> m a i l .com is a fail, it loads extra software, and is soon
> suspended.
> y a h o o is a fail, does not like Tor exit nodes.
> l i v e or h o t m a i l avoided as it has MS on the box.
> h u s h m a i l is a fail, service often blocks the computer.
> e x c i t e is a fail, most emails to remailers are filtered,
> and the account soon stops working.
> p s e n d i t is a fail for the same reasons.
> f a s t m a i l .fm requires another email address first.
> a l t e r n a t i v e f u s e will not allow registration.
> i n b o x only works if exit node is in US.
> g a w a b is dead.
> g m a i l has not been tried.

> Please suggest a Webmail service, or if one of those I did
> mention is suitable, tell me and I will retry it. Thanks.

Not sure what you problem is with using remailers, but the
mixnym.net system works very well in keeping you anonymous. There
are several Win programs (QuickSilver AAM, AAMhSub) and scripts you
can use with this service.
If you are interested in looking into this system, inquire further
here.

[Kulin]

<snip>

> >> Please suggest a Webmail service, or if one of those I did
> >> mention is suitable, tell me and I will retry it. Thanks.
> >
> > Not sure what you problem is with using remailers

> There is not any problem with my using remailers.

> The concern is making sure that the message I send to the first
> remailer in the chain is anonymous and private.

> > the mixnym.net system works very well in keeping you anonymous.

> Not as well as my suggested way.

> A global-snoop monitoring the feed to mixnym.net, as well as my ISP,
> can see my IP address is sending email or post to mixnym. Just like
> if I used an SSH tunnel to an SMTP server.

This is not correct. You do not post directly to mixnym. You
send your email/post through the remailer system. When looking for
messages, you are supposed to download every alt.anonymous.messages
news article, headers and bodies.

> But when I use Tor and Webmail, all my ISP or the snoop could see
> would be some private web browsing of unknown nature. The global
> snoop who monitors feeds to remailers cannot see any more than the
> IP of the Webmail mailserver or the IP of the Tor exit node. The
> link backward to my IP is broken by Tor.

> I heard there is a way to use a tunnel or mixnym via Tor for even
> a better protection, but I do not know how. May be, I have to add
> something in Vidalia, but I do not know where ( under Provided
> Hidden Services or as a Proxy? ) or what to put in to the boxes.

I have tried many times to get this to work without success.

> Till then, all I need is a Webmail recommendation. Thanks.

I personally think that Webmail is absolutely the WORST route
anyone can take for anonymous communication.

[Nomen Nescio]

> NONE OF THOSE RMAILER FRONT ENDS IS WORTH A FUCK. BADLY
> WRITTEN, PROBABLY HAVE BACKDOORS AND NO GOOD SUPPORT.

Thank you intel, for trying to put us in fear concerning
remailers.
Cop and prosecutors can't resist getting notches on their guns.
Their egos and power mania are too out of control to corporately
keep a secret. If they had the ability to break
remailers/Tor/hsub/esub etc, that would have used it to capture
kiddie porners and terrorist already and exposed their ability to
break the system in the process. All this talk in recent articles
about one time pad randomness, although important, is rubbish.
Until there is quantum computing, the ability to scour through
quadrillions of possibilities will not be there. Then the way
around that is to send coded end messages that only can be
interpreted by the recipient. All their efforts to decrypt the
message will thereby be in vain.

Ex: (interpretation only known by recipient)
1st 2 digits = state you are in.
1st 2 digits minus the total of the numbers in the sent message
date * static 5 + (state number) = state you are located.

You are in GA:
Message date sent with message: 2012-03-22 = 12
12 * static 5 = 60
60 - 10(GA) = 50

State you are in (alphetic order)
AL-01 AK-02 AZ-03 AR-04 CA-05 CO-06 CT-07 DE-08
FL-09 GA-10 HI-11 ID-12 IL-13 IN-14 IA-15 KS-16
KY-17 LA-18 ME-19 MD-20 MA-21 MI-22 MN-23 MS-24
MO-25 MT-26 NE-27 NV-28 NH-29 NJ-30 NM-31 NY-32
NC-33 ND-34 OH-35 OK-36 OR-37 PA-38 RI-39 SC-40
SD-41 TN-42 TX-43 UT-44 VT-45 VA-46 WA-47 WV-48
WI-49 WY-50 DC-51

1st two number code of message is 50. You simply get the 60 as
above and sub 50 = 10 = GA.

If you absolutely need message protection, you must have
something set up with your agents, spies, and assassins other than
sending the message in the open. There must be a system that is in
the mind of the recipient only. No one can break a message is such
a case. If an agent disappears, the formula is immediately changed.

It is because of laziness that criminals and spies are undone and
caught.

[Nomen Nescio]

> > NONE OF THOSE RMAILER FRONT ENDS IS WORTH A FUCK. BADLY
> > WRITTEN, PROBABLY HAVE BACKDOORS AND NO GOOD SUPPORT.
>
> Thank you intel, for trying to put us in fear concerning
> remailers.

To be fair, there are plenty of good reasons to think that remailer
operators will keep records if the police request it (if they do not
do so already), and no reason to think that a remailer operator would
stand up to the police to protect the privacy of some stranger. That
is why remailers should be dispersed across multiple jurisdictions.

> Cop and prosecutors can't resist getting notches on their guns.

No arguing with that one; we are not talking about intelligence
agencies or vast efforts to keep operational capabilities secret when
it comes to a typical police force. They need to present arrest
numbers, not win a war.

> Their egos and power mania are too out of control to corporately
> keep a secret. If they had the ability to break
> remailers/Tor/hsub/esub etc, that would have used it to capture
> kiddie porners and terrorist already and exposed their ability to
> break the system in the process.

Actually, enough child pornographers have been caught despite their
use of proxies, remailers, Tor, etc. that some of the "big time" guys,
the really dangerous ones who abuse children for years on end, have
resorted to mailing encrypted DVDs to each other through the postal
system. Ironically, this low-tech method does more to protect their
privacy than sophisticated cryptographic systems like Tor, and it is
easier to use safely.

>All this talk in recent articles
> about one time pad randomness, although important, is rubbish.

One-time pads are rubbish to begin with -- far too difficult to use
correctly, and far too impractical for day to day cryptography. Are
you really going to obtain gigabytes of key material from some online
merchant just so you can securely shop there?

> Until there is quantum computing,

Even if there is quantum computing, we have cryptography systems that
can deal with quantum attacks (lattice-base crypto, random linear
codes, etc.). Nobody should worry about quantum computing; what we
should be worried about is the fact that there is no support for
post-quantum primitives in the PGP standard.

> the ability to scour through
> quadrillions of possibilities will not be there. Then the way
> around that is to send coded end messages that only can be
> interpreted by the recipient. All their efforts to decrypt the
> message will thereby be in vain.

..or just use a cryptosystem that is secure against quantum attacks.

> If you absolutely need message protection, you must have
> something set up with your agents, spies, and assassins other than
> sending the message in the open. There must be a system that is in
> the mind of the recipient only. No one can break a message is such
> a case. If an agent disappears, the formula is immediately changed.

This screams "violation of Kerchoff's law!" The security of the key
should be the only thing you worry about.

Really though, sending a message to an anonymous recipient is not a
hard thing to do. Encrypt the message, then broadcast it -- that is
precisely what alt.anonymous.messages does, that is what numbers
stations are doing, etc. Sender anonymity is a much harder and more
interesting problem to solve; there is little doubt as to who is
operating a 500kW numbers station located in Russia, depite it being
very difficult to determine who is listening.

> It is because of laziness that criminals and spies are undone and
> caught.

Indeed, and the recent Dreamboard bust demonstrates that. We can
infer that a large number of people were not caught because they were
using Tor, logging on from a public location (and not displaying
images on their screen -- I cannot believe how many people manage to
get caught looking at child pornography in public), and taking various
operational measures to protect their identity. Those who were caught
were leaking information about themselves by the messages they were
sending (e.g. pictures of children that were identified), because they
were using systems that were not very robust (VPNs or proxy servers),
because they were operating in the open (Dreamboard itself was not a
hidden service and the administrators knew each other's identities)
and so forth. They were not caught by a global surveillance system,
but by dedicated detectives who exploited various mistakes.

I have heard that Dreamboard was an usual bust, that the police
usually just go after the low-hanging fruit who do not even know how
to use VPNs or proxy servers, or any sort of cryptography. There are
so many people out there who commit serious crimes online while taking
no technical steps to avoid detection, and who are not caught simply
because of the length of the backlog of cases -- there are simply too
many people to arrest, and the police would rather keep their arrest
numbers high than spend time cracking security systems.