greenclaydog 6 Posted ... So, SIGAINT has gone down, its clearnet address resolves to no server and the Tor link is timing out. No warning or announcement from owner. U.S government potentially seized them? This isn't good. Quote Share this post Link to post
zhang888 1066 Posted ... This is why you shouldn't use all those short lived mail services for anything important. 2 iwih2gk and OpenSourcerer reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
greenclaydog 6 Posted ... This is why you shouldn't use all those short lived mail services for anything important.To be fair, any of these services, clearnet or not could be short lived and compromised on a large scale. As I understand it, GPG and PGP are secure no matter who owns the service, because the security is implemented with each individual email rather than placing blind trust in a service. Quote Share this post Link to post
Kepler_452b 77 Posted ... GPG and PGP emails are encrypted/decrypted only on your machine using public-key encryption. Your message simply becomes encrypted random bytes in a standard email usable with any email program. You can cut and paste if you don't want to use the automated email function.Phill Zimmerman created PGP in 1991. The U.S. gov tried very very hard to shut it down, but failed. Later the code was transferred to a succession of private companies. Its currently owned by Symantec. It's now commercial proprietary code (red flag!). The last time I checked (few years ago) you could still download the basic PGP functionality from their website for free, but they didn't tell you that leaving the impression that only the pay code was available. I've never trusted Symantec because among other things they produced crap products. So I never use PGP anymore. Fortunately GPG was created to replace it; it's open source. I'd suggest using GPG over PGP. Quote Share this post Link to post
Kepler_452b 77 Posted ... From Wikipedia SIGAINT page: In April 2015 a number of user accounts were compromised in what was speculated at the time was a government-sponsored deanonymization attack from 70 different exit nodes.[5][6] A SIGAINT administrator said that the hidden service was not hacked but malicious exit nodes had modified their clearnet page so that its link to the hidden service pointed to an imposter hidden service, effectively tricking users with a phishing attack that harvested login credentials.[1] SIGAINT has since added SSL to their gateway to protect against such attacks.[7]The service is currently down. Both it's ".org" website and it's Onion link return error code 500. I throw this in because it's interesting and to remind people what government resources are capable of: 70 different exit nodes! Quote Share this post Link to post
greenclaydog 6 Posted ... GPG and PGP emails are encrypted/decrypted only on your machine using public-key encryption. Your message simply becomes encrypted random bytes in a standard email usable with any email program. You can cut and paste if you don't want to use the automated email function.Phill Zimmerman created PGP in 1991. The U.S. gov tried very very hard to shut it down, but failed. Later the code was transferred to a succession of private companies. Its currently owned by Symantec. It's now commercial proprietary code (red flag!). The last time I checked (few years ago) you could still download the basic PGP functionality from their website for free, but they didn't tell you that leaving the impression that only the pay code was available. I've never trusted Symantec because among other things they produced crap products. So I never use PGP anymore. Fortunately GPG was created to replace it; it's open source. I'd suggest using GPG over PGP. Definitely agree with you, i don't personally use either GPG or PGP but if anyone decides to use it, i would always go open source. From Wikipedia SIGAINT page: In April 2015 a number of user accounts were compromised in what was speculated at the time was a government-sponsored deanonymization attack from 70 different exit nodes.[5][6] A SIGAINT administrator said that the hidden service was not hacked but malicious exit nodes had modified their clearnet page so that its link to the hidden service pointed to an imposter hidden service, effectively tricking users with a phishing attack that harvested login credentials.[1] SIGAINT has since added SSL to their gateway to protect against such attacks.[7]The service is currently down. Both it's ".org" website and it's Onion link return error code 500. I throw this in because it's interesting and to remind people what government resources are capable of: 70 different exit nodes! Sometimes we underestimate the power of the government and their resources. Events such as this serve to remind us of that. Quote Share this post Link to post
iwih2gk 93 Posted ... This is why you shouldn't use all those short lived mail services for anything important. I found them to be quite good. This issue is that they are/were NOT simply a free email service. Their email was fast and accommodating of GPG, etc.... The issue is that they were running ads and promoting services that were "evil" in the site of Gov powers that be. I am not certain they are gone for good, but should it come back up I would want to verify against their encryption key. I never used their services. I only used the hidden email server as a rendezvous point with associates. No plain text, even on our subject lines. Even if gone I don't have fears. I liked them. Quote Share this post Link to post
zhang888 1066 Posted ... I cannot see anything good with using an email server that was mostly used for harassing, spam, DDoS, ransomware and drug markets.They had zero added value in terms of privacy and security, and even SSL was added after an alleged exit nodes attack. Very "practical" approach.Sure, you can choose to use it, but you should not be surprised if it will be taken down without notice like now as well. Same as TorMail in 2013.Will not be surprised if they kept logs as well, or had some serious misconfigurations, which we will probably know in the near future. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
iwih2gk 93 Posted ... Sigaint is DOA, therefore: I wanted to continue this thread with the next logical question. I respect the opinions of those here. I am actively looking for a PURE onion email server where the only thing I need is email. Nothing special, except NO clearnet involved anywhere in the process on my end. I suppose it would be nice to have a clearnet alias where someone could send me a note on clearnet, knowing I would access it via onion. As long as the email body works seamlessly with gpg I am good to go. Looking for opinions. I know lots are out there, but a mostly free simple mailbox to rendezvous with someone is my quest. Quote Share this post Link to post
Keksjdjdke 35 Posted ... Sigaint is DOA, therefore: I wanted to continue this thread with the next logical question. I respect the opinions of those here. I am actively looking for a PURE onion email server where the only thing I need is email. Nothing special, except NO clearnet involved anywhere in the process on my end. I suppose it would be nice to have a clearnet alias where someone could send me a note on clearnet, knowing I would access it via onion. As long as the email body works seamlessly with gpg I am good to go. Looking for opinions. I know lots are out there, but a mostly free simple mailbox to rendezvous with someone is my quest.Protonmail supports incoming PGP/GPG messages and has a onion site. Also it has a free account option. Onionhttps://protonirockerxow.onion/ Information about their onion site.https://protonmail.com/blog/tor-encrypted-email/ Quote Share this post Link to post
iwih2gk 93 Posted ... Sigaint is DOA, therefore: I wanted to continue this thread with the next logical question. I respect the opinions of those here. I am actively looking for a PURE onion email server where the only thing I need is email. Nothing special, except NO clearnet involved anywhere in the process on my end. I suppose it would be nice to have a clearnet alias where someone could send me a note on clearnet, knowing I would access it via onion. As long as the email body works seamlessly with gpg I am good to go. Looking for opinions. I know lots are out there, but a mostly free simple mailbox to rendezvous with someone is my quest.Protonmail supports incoming PGP/GPG messages and has a onion site. Also it has a free account option. Onionhttps://protonirockerxow.onion/ Information about their onion site.https://protonmail.com/blog/tor-encrypted-email/ Thanks for the links. I'll look them over. 2 jean claud and Keksjdjdke reacted to this Quote Share this post Link to post