Jump to content
Not connected, Your IP: 18.219.253.199
AirVPN
greenclaydog

SIGAINT Tor Based Email Service Goes Dark Unexpectedly

By greenclaydog, ... in Off-Topic

Recommended Posts

greenclaydog    6

greenclaydog
Posted ...

So, SIGAINT has gone down, its clearnet address resolves to no server and the Tor link is timing out.

 

No warning or announcement from owner.

 

U.S government potentially seized them?

 

This isn't good.

Share this post

Link to post

greenclaydog    6

greenclaydog
Posted ...

This is why you shouldn't use all those short lived mail services for anything important.

To be fair, any of these services, clearnet or not could be short lived and compromised on a large scale.

 

As I understand it, GPG and PGP are secure no matter who owns the service, because the security is implemented with each individual email rather than placing blind trust in a service.

 

Share this post

Link to post

Kepler_452b    77

Kepler_452b
Posted ...

GPG and PGP emails are encrypted/decrypted only on your machine using public-key encryption. Your message simply becomes encrypted random bytes in a standard email usable with any email program. You can cut and paste if you don't want to use the automated email function.

Phill Zimmerman created PGP in 1991. The U.S. gov tried very very hard to shut it down, but failed. Later the code was transferred to a succession of private companies. Its currently owned by Symantec. It's now commercial proprietary code (red flag!). The last time I checked (few years ago) you could still download the basic PGP functionality from their website for free, but they didn't tell you that leaving the impression that only the pay code was available. I've never trusted Symantec because among other things they produced crap products. So I never use PGP anymore. Fortunately GPG was created to replace it; it's open source. I'd suggest using GPG over PGP.

Share this post

Link to post

Kepler_452b    77

Kepler_452b
Posted ...

From Wikipedia SIGAINT page:

 

In April 2015 a number of user accounts were compromised in what was speculated at the time was a government-sponsored deanonymization attack from 70 different exit nodes.[5][6] A SIGAINT administrator said that the hidden service was not hacked but malicious exit nodes had modified their clearnet page so that its link to the hidden service pointed to an imposter hidden service, effectively tricking users with a phishing attack that harvested login credentials.[1] SIGAINT has since added SSL to their gateway to protect against such attacks.[7]

The service is currently down. Both it's ".org" website and it's Onion link return error code 500.

 

I throw this in because it's interesting and to remind people what government resources are capable of: 70 different exit nodes!

Share this post

Link to post

greenclaydog    6

greenclaydog
Posted ...

GPG and PGP emails are encrypted/decrypted only on your machine using public-key encryption. Your message simply becomes encrypted random bytes in a standard email usable with any email program. You can cut and paste if you don't want to use the automated email function.

Phill Zimmerman created PGP in 1991. The U.S. gov tried very very hard to shut it down, but failed. Later the code was transferred to a succession of private companies. Its currently owned by Symantec. It's now commercial proprietary code (red flag!). The last time I checked (few years ago) you could still download the basic PGP functionality from their website for free, but they didn't tell you that leaving the impression that only the pay code was available. I've never trusted Symantec because among other things they produced crap products. So I never use PGP anymore. Fortunately GPG was created to replace it; it's open source. I'd suggest using GPG over PGP.

 

Definitely agree with you, i don't personally use either GPG or PGP but if anyone decides to use it, i would always go open source.

 

 

From Wikipedia SIGAINT page:

 

In April 2015 a number of user accounts were compromised in what was speculated at the time was a government-sponsored deanonymization attack from 70 different exit nodes.[5][6] A SIGAINT administrator said that the hidden service was not hacked but malicious exit nodes had modified their clearnet page so that its link to the hidden service pointed to an imposter hidden service, effectively tricking users with a phishing attack that harvested login credentials.[1] SIGAINT has since added SSL to their gateway to protect against such attacks.[7]

The service is currently down. Both it's ".org" website and it's Onion link return error code 500.

 

I throw this in because it's interesting and to remind people what government resources are capable of: 70 different exit nodes!

 

Sometimes we underestimate the power of the government and their resources. Events such as this serve to remind us of that. 

Share this post

Link to post

iwih2gk    93

iwih2gk
Posted ...

This is why you shouldn't use all those short lived mail services for anything important.

 

 

I found them to be quite good.  This issue is that they are/were NOT simply a free email service.  Their email was fast and accommodating of GPG, etc....   The issue is that they were running ads and promoting services that were "evil" in the site of Gov powers that be.  I am not certain they are gone for good, but should it come back up I would want to verify against their encryption key.  I never used their services.  I only used the hidden email server as a rendezvous point with associates.  No plain text, even on our subject lines.  Even if gone I don't have fears.  I liked them.

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

I cannot see anything good with using an email server that was mostly used for harassing, spam, DDoS, ransomware and drug markets.

They had zero added value in terms of privacy and security, and even SSL was added after an alleged exit nodes attack. Very "practical" approach.

Sure, you can choose to use it, but you should not be surprised if it will be taken down without notice like now as well. Same as TorMail in 2013.

Will not be surprised if they kept logs as well, or had some serious misconfigurations, which we will probably know in the near future.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

iwih2gk    93

iwih2gk
Posted ...

Sigaint is DOA, therefore:

 

I wanted to continue this thread with the next logical question.  I respect the opinions of those here.  I am actively looking for a PURE onion email server where the only thing I need is email.  Nothing special, except NO clearnet involved anywhere in the process on my  end.  I suppose it would be nice to have a clearnet alias where someone could send me a note on clearnet, knowing I would access it via onion.   As long as the email body works seamlessly with gpg I am good to go.  Looking for opinions.  I know lots are out there, but a mostly free simple mailbox to rendezvous with someone is my quest.

Share this post

Link to post

Keksjdjdke    35

Keksjdjdke
Posted ...

Sigaint is DOA, therefore:

 

I wanted to continue this thread with the next logical question.  I respect the opinions of those here.  I am actively looking for a PURE onion email server where the only thing I need is email.  Nothing special, except NO clearnet involved anywhere in the process on my  end.  I suppose it would be nice to have a clearnet alias where someone could send me a note on clearnet, knowing I would access it via onion.   As long as the email body works seamlessly with gpg I am good to go.  Looking for opinions.  I know lots are out there, but a mostly free simple mailbox to rendezvous with someone is my quest.

Protonmail supports incoming PGP/GPG messages and has a onion site. Also it has a free account option.

 

Onion

https://protonirockerxow.onion/

 

Information about their onion site.

https://protonmail.com/blog/tor-encrypted-email/

Share this post

Link to post

iwih2gk    93

iwih2gk
Posted ...

 

Sigaint is DOA, therefore:

 

I wanted to continue this thread with the next logical question.  I respect the opinions of those here.  I am actively looking for a PURE onion email server where the only thing I need is email.  Nothing special, except NO clearnet involved anywhere in the process on my  end.  I suppose it would be nice to have a clearnet alias where someone could send me a note on clearnet, knowing I would access it via onion.   As long as the email body works seamlessly with gpg I am good to go.  Looking for opinions.  I know lots are out there, but a mostly free simple mailbox to rendezvous with someone is my quest.

Protonmail supports incoming PGP/GPG messages and has a onion site. Also it has a free account option.

 

Onion

https://protonirockerxow.onion/

 

Information about their onion site.

https://protonmail.com/blog/tor-encrypted-email/

 

 

Thanks for the links.  I'll look them over.

Keksjdjdke and jean claud reacted to this

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...