Discussion:
anyone created an acct on GMX using Tor?
(too old to reply)
Joe Btfsplk
2012-07-31 20:45:05 UTC
Permalink
Has anyone successfully created a GMX email acct using Tor? It won't
work for me - just get " Sorry, cannot process registration at this time."
At lst, it wouldn't let me copy / paste PW twice - 2nd box showed diff #
of asterisks & gave PWs don't match error. That session timed out on me.

I set my exit nodes to use US exits & GMX seems to recognize I'm in the
U.S. (which I am).
Cleared all cookies & cache, created new Tor identity & got new IP
address. Went back & tried again & typed simple PW that met minimum
criteria.

Still the "cannot process registration..." No explanation why. If it
was because I mis typed the captcha, it didn't say so.

If it's worked for others (& maybe they could shed some light), I'll
just wait & try much later. Thanks.
Flo
2012-07-31 21:13:56 UTC
Permalink
I looks like as they blocked the most Tor exits and also a lot of people
trying to make an account at GMX, and they block IPs after 3 created
accounts per day...
Has anyone successfully created a GMX email acct using Tor? It won't
work for me - just get " Sorry, cannot process registration at this time."
At lst, it wouldn't let me copy / paste PW twice - 2nd box showed diff
# of asterisks & gave PWs don't match error. That session timed out on
me.
I set my exit nodes to use US exits & GMX seems to recognize I'm in
the U.S. (which I am).
Cleared all cookies & cache, created new Tor identity & got new IP
address. Went back & tried again & typed simple PW that met minimum
criteria.
Still the "cannot process registration..." No explanation why. If it
was because I mis typed the captcha, it didn't say so.
If it's worked for others (& maybe they could shed some light), I'll
just wait & try much later. Thanks.
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Joe Btfsplk
2012-07-31 23:56:55 UTC
Permalink
Post by Flo
I looks like as they blocked the most Tor exits and also a lot of
people trying to make an account at GMX, and they block IPs after 3
created accounts per day...
Has anyone successfully created a GMX email acct using Tor? It won't
work for me - just get " Sorry, cannot process registration at this time."
At lst, it wouldn't let me copy / paste PW twice - 2nd box showed diff
# of asterisks & gave PWs don't match error. That session timed out on
me.
I set my exit nodes to use US exits & GMX seems to recognize I'm in
the U.S. (which I am).
Cleared all cookies & cache, created new Tor identity & got new IP
address. Went back & tried again & typed simple PW that met minimum
criteria.
Still the "cannot process registration..." No explanation why. If it
was because I mis typed the captcha, it didn't say so.
If it's worked for others (& maybe they could shed some light), I'll
just wait & try much later. Thanks.
Thanks Flo. If what you say is correct, maybe the only way to create an
acct is be one of the 1st 3 on a given day. I'll need to figure out the
time zone of their server, set my clock for ~ 11:50 PM, their time &
voila :D Seriously, I don't know if it can be done. Maybe if one was
persistent about changing IP addresses, clearing cookies / cache,
waiting a while... Lot of work, unless there's an easier way.
Joe Btfsplk
2012-07-31 22:50:42 UTC
Permalink
Post by Joe Btfsplk
Has anyone successfully created a GMX email acct using Tor? It won't
work for me - just get " Sorry, cannot process registration at this time."
At lst, it wouldn't let me copy / paste PW twice - 2nd box showed diff
# of asterisks & gave PWs don't match error. That session timed out
on me.
I set my exit nodes to use US exits & GMX seems to recognize I'm in
the U.S. (which I am).
Cleared all cookies & cache, created new Tor identity & got new IP
address. Went back & tried again & typed simple PW that met minimum
criteria.
Still the "cannot process registration..." No explanation why. If it
was because I mis typed the captcha, it didn't say so.
If it's worked for others (& maybe they could shed some light), I'll
just wait & try much later. Thanks.
Sent GMX support a request about registration issues. Got auto response
Post by Joe Btfsplk
*Registration Issues*
If you receive an error message during registration stating that "Your
registration could not be processed at the moment. Please try again
later. If the error persists, please contact us.", it is possible that
your IP address has been blacklisted.
This usually happens when the system notices that several accounts
have been created from a certain IP or IP address range (such as in an
office or organization which just uses one public IP for the whole
network).
You would help us further investigating your case by sending us /your
IP address (go to www.whatismyipaddress.com for more information/
Now, I changed the IP address before trying to register again, after it
failed. But my guess is, so many people try registering w/ Tor & there
are only so many exit nodes / IP addresses, that after a while, the same
IP address must get used repeatedly.

I suppose I could keep changing IP address & trying - ad infinitum -
seems like a LONG, unsure process. Any suggestions?
jed c
2012-08-01 00:26:39 UTC
Permalink
This is a wacky idea. No harm in trying though. How about trying something like hidemyass through tor? I know it doesnt really provide anonymity, but maybe it will mask your location long enough to open an account. If you can open the account then reset your password after setup.
From: Joe Btfsplk <joebtfsplk at gmx.com>
Subject: Re: [tor-talk] anyone created an acct on GMX using Tor?
To: tor-talk at lists.torproject.org
Date: Tuesday, July 31, 2012, 3:50 PM
On 7/31/2012 3:45 PM, Joe Btfsplk
Post by Joe Btfsplk
Has anyone successfully created a GMX email acct using
Tor?? It won't work for me - just get " Sorry, cannot
process registration at this time."
Post by Joe Btfsplk
At lst, it wouldn't let me copy / paste PW twice - 2nd
box showed diff # of asterisks & gave PWs don't match
error.? That session timed out on me.
Post by Joe Btfsplk
I set my exit nodes to use US exits & GMX seems to
recognize I'm in the U.S. (which I am).
Post by Joe Btfsplk
Cleared all cookies & cache, created new Tor
identity & got new IP address.? Went back &
tried again & typed simple PW that met minimum
criteria.
Post by Joe Btfsplk
Still the "cannot process registration..."? No
explanation why. If it was because I mis typed the captcha,
it didn't say so.
Post by Joe Btfsplk
If it's worked for others (& maybe they could shed
some light), I'll just wait & try much later.?
Thanks.
Sent GMX support a request about registration issues.?
Got auto response that included this (which explains problem
Post by Joe Btfsplk
*Registration Issues*
If you receive an error message during registration
stating that "Your registration could not be processed at
the moment. Please try again later. If the error persists,
please contact us.", it is possible that your IP address has
been blacklisted.
Post by Joe Btfsplk
This usually happens when the system notices that
several accounts have been created from a certain IP or IP
address range (such as in an office or organization which
just uses one public IP for the whole network).
Post by Joe Btfsplk
You would help us further investigating your case by
sending us /your IP address (go to www.whatismyipaddress.com
for more information/
Now, I changed the IP address before trying to register
again, after it failed.? But my guess is, so many
people try registering w/ Tor & there are only so many
exit nodes / IP addresses, that after a while, the same IP
address must get used repeatedly.
I suppose I could keep changing IP address & trying - ad
infinitum - seems like a LONG, unsure process.? Any
suggestions?
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Joe Btfsplk
2012-08-01 01:48:48 UTC
Permalink
Post by jed c
This is a wacky idea. No harm in trying though. How about trying something like hidemyass through tor? I know it doesnt really provide anonymity, but maybe it will mask your location long enough to open an account. If you can open the account then reset your password after setup.
Thanks, it's an idea. Don't know that web proxies use different
addresses for different users, anymore than Tor does. Worth a shot.

In their auto response that said the "we can't process your request
right now" error being from many users sharing one address, they used
example of an office or organization that uses one address for whole
network. I know they & other providers are trying to prevent spammers,
fraud, etc. I'm none of those, but they don't know me from Adam, even
if I tell them I'm using Tor.

A lot of sites & services don't like Tor users because they can't tell
if you like privacy / anonymity or are up to no good. I guess GMX has
caught up w/ Gmail & others, making it hard to create accts using Tor.
antispam06
2012-08-01 06:25:46 UTC
Permalink
Post by Joe Btfsplk
A lot of sites & services don't like Tor users because they can't tell
if you like privacy / anonymity or are up to no good. I guess GMX has
caught up w/ Gmail & others, making it hard to create accts using Tor.
I see this clich? repeated over and over. How can they tell if I am up
to no good without any anonymity? If my IP4 is made out of 3 odd numbers
and one even I'm 3/4 an odd person? Do they ask the local astrologer to
approve the subscription and without geolocation the man can't do well
his job? The local which has a thing against people she can't poroperly
identify? Does the cyber terrorist lack the skills to use some zombie
machine outhere?

Privacy is for everyone. But privacy does not fit well in their business
plan. I imagine the PS: Oh! And one more thing Mr Spammer. We have a
number of accounts who's origin we don't know. But, hey, who cares,
right? Everybody buys your product! Right?
Juan Cristian
2012-08-01 11:32:02 UTC
Permalink
After seing these posts I went ahead & tried to register w/o Tor & find the same errors (& many more red-herring errors from poor validation javascript on the registration page) - The only things I have that might be interfering with the process are request policy, which blocks all cross-domain requests on a page, and which I opened up for the GMX registration page, and a hosts file with loopbacks for most annoying ad services, which I also temporarily removed. Nothing doing - after 5 attempts I still get the same validation error:
"1. Your registration could not be processed at the moment. Please try again later. If the error persists, please contact us."
Seems like bad architecture, sloppy validation, or a combination of th two at work here more than actual security...
Post by jed c
This is a wacky idea. No harm in trying though. How about trying something like hidemyass through tor? I know it doesnt really provide anonymity, but maybe it will mask your location long enough to open an account. If you can open the account then reset your password after setup.
Thanks, it's an idea. Don't know that web proxies use different addresses for different users, anymore than Tor does. Worth a shot.
In their auto response that said the "we can't process your request right now" error being from many users sharing one address, they used example of an office or organization that uses one address for whole network. I know they & other providers are trying to prevent spammers, fraud, etc. I'm none of those, but they don't know me from Adam, even if I tell them I'm using Tor.
A lot of sites & services don't like Tor users because they can't tell if you like privacy / anonymity or are up to no good. I guess GMX has caught up w/ Gmail & others, making it hard to create accts using Tor.
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Joe Btfsplk
2012-08-01 14:47:50 UTC
Permalink
Post by Juan Cristian
"1. Your registration could not be processed at the moment. Please try again later. If the error persists, please contact us."
Seems like bad architecture, sloppy validation, or a combination of th two at work here more than actual security...
Post by jed c
This is a wacky idea. No harm in trying though. How about trying something like hidemyass through tor? I know it doesnt really provide anonymity, but maybe it will mask your location long enough to open an account. If you can open the account then reset your password after setup.
I'm not married to idea of using GMX & Tor. So if others have
suggestions for free email service that works w/ Tor or is actually
reasonably anonymous (I'm not trying to outwit NSA, here), I could go
that route vs beating my head against a GMX wall.

Juan / Jed, I tried running Tor through several well known web proxies.
Even though proxies had options to allow / disable scripts," when I
allowed scripts, GMX still showed message, "Please enable JS & try
again." NOTE: I've used Tor / TBB & some of same proxies directly w/
Firefox, & never gotten a "Please enable javascript" message from any
site, AFAIK.

Tried a few proxies - some SSL, some not. Some proxies showed (or
allowed choosing) a U.S. location, so that wasn't the issue. Tor is
also using US exits.

Also entered GMX.com & the proxy's domain on NoScript white list. No
change after reloading GMX / proxy page in TBB. GMX still gave "enable
javascript..."

Then as test, tried just Firefox 14 thru the proxies, that HAD options
to enable JS (I did). Same result - GMX still thinks JS is disabled.
It's really only page I've gotten that message using proxies, but...
never tried creating an email acct - * in last few yrs * - using Tor or
a proxy . Between each try, I deleted cookies, closed pages, cleared
cache, got new IP (when using Tor).
adrelanos
2012-08-01 19:01:48 UTC
Permalink
Post by Joe Btfsplk
I'm not married to idea of using GMX & Tor. So if others have
suggestions for free email service that works w/ Tor or is actually
reasonably anonymous (I'm not trying to outwit NSA, here), I could go
that route vs beating my head against a GMX wall.
riseup and tormail do neither ban registration nor usage over Tor.
antispam06
2012-08-01 19:19:26 UTC
Permalink
Post by adrelanos
Post by Joe Btfsplk
I'm not married to idea of using GMX & Tor. So if others have
suggestions for free email service that works w/ Tor or is actually
reasonably anonymous (I'm not trying to outwit NSA, here), I could go
that route vs beating my head against a GMX wall.
riseup and tormail do neither ban registration nor usage over Tor.
fastmail.fm, yandex, and some others. Just search the archives of this
list. Lavabit.com does block some exits, but new identity does help.
Maybe nobody wrote them about Tor.
Praedor Tempus
2012-08-01 15:21:15 UTC
Permalink
You could take a look at safe-mail.net.? They don't give you any guff if you are using tor.




________________________________
From: Joe Btfsplk <joebtfsplk at gmx.com>
To: tor-talk at lists.torproject.org
Sent: Tuesday, July 31, 2012 9:48 PM
Subject: Re: [tor-talk] anyone created an acct on GMX using Tor?
Post by jed c
This is a wacky idea. No harm in trying though. How about trying something like hidemyass through tor? I know it doesnt really provide anonymity, but maybe it will mask your location long enough to open an account. If you can open the account then reset your password after setup.
Thanks, it's an idea.? Don't know that web proxies use different addresses for different users, anymore than Tor does.? Worth a shot.

In their auto response that said the "we can't process your request right now" error being from many users sharing one address, they used example of an office or organization that uses one address for whole network.? I know they & other providers are trying to prevent spammers, fraud, etc.? I'm none of those, but they don't know me from Adam, even if I tell them I'm using Tor.

A lot of sites & services don't like Tor users because they can't tell if you like privacy / anonymity or are up to no good.? I guess GMX has caught up w/ Gmail & others, making it hard to create accts using Tor.
Jerzy Łogiewa
2012-08-01 20:04:49 UTC
Permalink
I have 1 idea for this

Why cannot tor be used in such a way: as a home user, i am willing to let tor users use my connection for a few sites. gmail gmx and other mail sites for example.

Can we have some option that lets home tor users share their connections in some limited way?

Good for registrations, I think!

--
Jerzy ?ogiewa -- jerzyma at interia.eu
Post by jed c
This is a wacky idea. No harm in trying though. How about trying something like hidemyass through tor? I know it doesnt really provide anonymity, but maybe it will mask your location long enough to open an account. If you can open the account then reset your password after setup.
Thanks, it's an idea. Don't know that web proxies use different addresses for different users, anymore than Tor does. Worth a shot.
In their auto response that said the "we can't process your request right now" error being from many users sharing one address, they used example of an office or organization that uses one address for whole network. I know they & other providers are trying to prevent spammers, fraud, etc. I'm none of those, but they don't know me from Adam, even if I tell them I'm using Tor.
A lot of sites & services don't like Tor users because they can't tell if you like privacy / anonymity or are up to no good. I guess GMX has caught up w/ Gmail & others, making it hard to create accts using Tor.
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
adrelanos
2012-08-01 20:47:44 UTC
Permalink
Post by Jerzy Łogiewa
I have 1 idea for this
Why cannot tor be used in such a way: as a home user, i am willing to let tor users use my connection for a few sites. gmail gmx and other mail sites for example.
Can we have some option that lets home tor users share their connections in some limited way?
Good for registrations, I think!
There are options. Provide a free SSH, VPN or proxy. Or for simplicity
provide a web based proxy such as hidemyass is using. That's called cgi
proxy and I think I've seen free open source implementations.

Then allow only a few outgoing sites. You can also allow only Tor users
to connect (and show non-Tor users a notice).

Be prepared for abuse, you can not know if they user your IP for
registration, bomb thread or other kinds of abuse.

You can post your suggestion into the Tor trac as well. Don't expect any
or fast progress. Before they ever implement such stuff they check for
anonymity issues and they require loads of research before they add
something. In meanwhile you are probable better of providing the cgi
proxy I suggested.

But if you ask me, forget about "gmx and others" and use "riseup and
others" and GPG or e-mail alternatives.

That said, home users are probable a better help for the Tor project if
they volunteer a bridge, relay, documentation, translation, code, and so
on, see torproject.org volunteer site.
Joe Btfsplk
2012-08-01 21:41:28 UTC
Permalink
Post by Jerzy Łogiewa
I have 1 idea for this
Why cannot tor be used in such a way: as a home user, i am willing to let tor users use my connection for a few sites. gmail gmx and other mail sites for example.
Can we have some option that lets home tor users share their connections in some limited way?
Good for registrations, I think!
I'm no expert, but seems this would require Tor becoming a P2P network,
which requires in some manner, transmitting IP addresses to each other.
However, Tor IP addresses aren't exclusive to any one user at any given
time. Your idea is that Tor network would cloak the true identity of
one user from another?

Since Tor users often have enough trouble accessing some sites now, how
would using others addresses provide any more success or anonymity?
Besides, now one can get a new IP address w/ a click, or specify exit
nodes in specific countries. As I see it, the problem is some sites
don't like TOR EXITS, which they can identify & that multiple users are
coming from the same address.
adrelanos
2012-08-01 18:56:50 UTC
Permalink
Post by jed c
This is a wacky idea. No harm in trying though. How about trying something like hidemyass through tor? I know it doesnt really provide anonymity, but maybe it will mask your location long enough to open an account. If you can open the account then reset your password after setup.
If you connect to Tor first, then visit hidemyass or similar and then
register, if you do that only once, I see no problem with that as long
you only use it for registration and not entering identifying data.

Note that hidemyass or similar will know the whole content of the
transmission because it's a web based proxy. Therefore change your
secret answer, alternate e-mail and passwords after setting up the account.

The question remains if after account creation you will have less
trouble over Tor or if hidemyass or similar isn't blocked for
registration as well.
Joe Btfsplk
2012-08-01 21:04:19 UTC
Permalink
Post by adrelanos
If you connect to Tor first, then visit hidemyass or similar and then
register, if you do that only once, I see no problem with that as long
you only use it for registration and not entering identifying data.
Note that hidemyass or similar will know the whole content of the
transmission because it's a web based proxy. Therefore change your
secret answer, alternate e-mail and passwords after setting up the
account. The question remains if after account creation you will have
less trouble over Tor or if hidemyass or similar isn't blocked for
registration as well.
Gotten several suggestions - thanks for all. Point: Being ABLE to sign
up w/ an email provider via Tor * & * that provider being trustworthy
(not selling your address, scanning contents to sell for advertising [if
don't encrypt messages] are 2 entirely different things. Like doctor,
mechanic recommendations, I always prefer them from actual clients /
users (preferably > 1) that have used them > 1x & been satisfied.

Jed: ** "What am I looking for?" ** Mostly anonymity & untraceability
- for all * practical * purposes. Not to evade LEAs. But... if need to
send whistle blower type email - or - some (polite) ones to neighbor w/
car up on blocks, I want NO way they can trace it, short of LEA becoming
involved. Though sending truthful whistle blower messages isn't
unlawful, people w/ power have powerful connections. Both examples are
real scenarios for me.

If those requirements help anyone w/ suggestions of providers they've
personally used - or read enough unbiased, technical reviews to be
reasonably sure a provider has a very good reputation, that's better
than, "I've heard of these - give them a look."

GMX may not be even close to a good choice for these purposes. However,
was NEVER able to get past them claiming JS was off, using Tor, Tor & a
proxy, just a proxy - even though proxies had option to allow JS - &
even if whitelisted their site in NoScript. However, some of other
suggested providers may be better choices, assuming they're not spammers
in sheep's clothing.

Thanks Praedor, adrelnos, antispam06 - for other email provider names.
Will check out. Heard of safe-mail a long time - don't know anyone
personally that's used it.
Tor mail - I remember some discussion here about ? some issue about
their policy? question of servers location? who runs it? Can't remember.
adrelanos
2012-08-01 21:45:33 UTC
Permalink
Post by Joe Btfsplk
Post by adrelanos
If you connect to Tor first, then visit hidemyass or similar and then
register, if you do that only once, I see no problem with that as long
you only use it for registration and not entering identifying data.
Note that hidemyass or similar will know the whole content of the
transmission because it's a web based proxy. Therefore change your
secret answer, alternate e-mail and passwords after setting up the
account. The question remains if after account creation you will have
less trouble over Tor or if hidemyass or similar isn't blocked for
registration as well.
Gotten several suggestions - thanks for all. Point: Being ABLE to sign
up w/ an email provider via Tor * & * that provider being trustworthy
(not selling your address, scanning contents to sell for advertising [if
don't encrypt messages] are 2 entirely different things. Like doctor,
mechanic recommendations, I always prefer them from actual clients /
users (preferably > 1) that have used them > 1x & been satisfied.
[...]
Post by Joe Btfsplk
If those requirements help anyone w/ suggestions of providers they've
personally used - or read enough unbiased, technical reviews to be
reasonably sure a provider has a very good reputation, that's better
than, "I've heard of these - give them a look."
Got it. Good point. There has been very few research done on that subject.

Always makes sense to use a trustworthy mail provider as an activist
instant of a non-trustworthy. Even if you use GPG. They can still try a
targeted attack on your browser of tell who is communicating with whom
and sell some metadata like when you logged in etc.

Riseup has been recommend by (imho) trustworthy and honest people.

Tormail is anonymously run, could be run by evil or honest people. Who
knows. 50/50 chance I'd say. If they are honest, they can not be forced
into cooperating with an adversary. In that case they were even better
than Riseup. Or they are already run by your adversary and then you are
left with the protections provided by Tor (and gpg).

On the other hand riseup hosts servers in US, thus they are subject to
US laws.

Other then using a well motivated and known mail provider you could try
a different approach. If your whistleblow is about country X, use a mail
provider in country Y. Any countries (almost) in war with each other are
are good choice and unlikely to share any intelligence. And even then,
it could be pointless, if the server security in that country is poor.

Due to lack of theoretical research and practical tests or stories the
perfect decision for the best resistant mail provider is more than
difficult.
grarpamp
2012-08-02 02:17:25 UTC
Permalink
Post by adrelanos
Riseup has been recommend by (imho) trustworthy and honest people.
RiseUp is that place that makes you fill out *why* you want
one of their free accounts, your activism. What do you guys put in there?
Can you just leave it blank? Or say 'not applicable',
no reason, unspecified. Do you have to say 'anonymous',
research, education, personal use? Or tell them of
your love of dogs?

I'm happy with other comon non-gmail free providers. RiseUp
is cool/important so I'd not use them unless I had to and could
donate.


If you do not use the invite method, please tell us about your
activism. Do not include acronyms or personally identifiable
information. This information will be destroyed as soon as your
account is approved.
wait for us to approve your request.
antispam06
2012-08-02 19:44:13 UTC
Permalink
Post by grarpamp
Post by adrelanos
Riseup has been recommend by (imho) trustworthy and honest people.
I'm happy with other comon non-gmail free providers. RiseUp
is cool/important so I'd not use them unless I had to and could
donate.
I had the same feeling when I first heard of them. While I tell my
friends that they could use Tor for anything, say checking their Yahoo
mail on an open Wifi, and that helps both generate harmless traffic on
Tor and tell Yahoo some people value their privacy at the same time.
With Riseup it's about using it when needed. Also keep in mind there are
alternatives to Riseup, and I don't think of FB or Google, yet there are
no alternatives to Tor at the moment.

Cheers
Joe Btfsplk
2012-08-02 21:19:55 UTC
Permalink
Post by grarpamp
Post by adrelanos
Riseup has been recommend by (imho) trustworthy and honest people.
RiseUp is that place that makes you fill out *why* you want
one of their free accounts, your activism. What do you guys put in there?
Can you just leave it blank? Or say 'not applicable',
no reason, unspecified. Do you have to say 'anonymous',
research, education, personal use? Or tell them of
your love of dogs?
I'm happy with other comon non-gmail free providers. RiseUp
is cool/important so I'd not use them unless I had to and could
donate.
If you do not use the invite method, please tell us about your
activism. Do not include acronyms or personally identifiable
information. This information will be destroyed as soon as your
account is approved.
wait for us to approve your request.
Thanks. Riseup says they don't store IP addresses or log emails. If
(for a company in U.S.) the gov't will even ALLOW that, then that's good
- as almost all provider say they log to some extent. BUT... considering
ISPs, wireless providers, Skype - on & on - are being "forced" into
either keeping records, that can be demanded w/ very little reason from
an LEA, or are being strong armed into providing backdoors, I at least *
question * whether one mail provider (onshore, in U.S.) can resist the
long arm of the law.

I may be wrong. But, as most know, just because a company makes claims,
doesn't mean they're true.

2nd, I can't find anywhere - w/o signing up - what Riseup's general
"starting" storage quota or max message and / or attachment size limits
are, even using search engines.
I understand IF they don't make $ off advertising, they need it from
other sources (donations). But, their suggested "individual" donation
of $5 - 15 / mo & for businesses, 1% of annual budget (Ex.: $100 for
$10K budget) seems lopsided. A business / organization will generate
way more traffic than (especially) me. But, I don't know what I'd get
for $5 / mo, even if I liked them, unless I sign up or another user
tells me.

Re: GMX & Tor address problem. GMX responded to request I sent about
not being able to sign up w/ Tor - at my organization (wink). They
request on their site to include the IP you're having problems
registering with, so I gave the (current) Tor IP. They said,
Post by grarpamp
Dear GMX Customer,
This IP address has been marked in a blacklist. Even if it changes we
recommend you to create an account from another computer or to contact
your internet provider.
So, big surprise, lots of people are using Tor addresses & then doing
crap to give it (certain addresses, anyway) a bad name & get blacklisted.
Question: was mentioned about using Tor to access Yahoo mail.
Certainly, you can't OPEN a Gmail acct w/ Tor w/o giving mobile #, 1st
born son, etc. Can't sign up for GMX w/ Tor.

Why would Yahoo allow using Tor? Or, is it that the acct was NOT
created using Tor, but later accessing it via Tor - * as antispam06
mentioned * ? (not sure exactly what he meant) What would that
accomplish, for anonymity? If you didn't create the acct w/ Tor (or
proxy), they know the real IP address of the owner. Thanks.
adrelanos
2012-08-02 21:55:46 UTC
Permalink
Post by Joe Btfsplk
Thanks. Riseup says they don't store IP addresses or log emails. If
(for a company in U.S.) the gov't will even ALLOW that, then that's good
- as almost all provider say they log to some extent. BUT... considering
ISPs, wireless providers, Skype - on & on - are being "forced" into
either keeping records, that can be demanded w/ very little reason from
an LEA, or are being strong armed into providing backdoors, I at least *
question * whether one mail provider (onshore, in U.S.) can resist the
long arm of the law.
I may be wrong. But, as most know, just because a company makes claims,
doesn't mean they're true.
2nd, I can't find anywhere - w/o signing up - what Riseup's general
"starting" storage quota or max message and / or attachment size limits
are, even using search engines.
I understand IF they don't make $ off advertising, they need it from
other sources (donations). But, their suggested "individual" donation
of $5 - 15 / mo & for businesses, 1% of annual budget (Ex.: $100 for
$10K budget) seems lopsided. A business / organization will generate
way more traffic than (especially) me.
Good points. Please mirror and redirect your feedback to riseup. Here it
may go unnoticed.
Post by Joe Btfsplk
But, I don't know what I'd get
for $5 / mo, even if I liked them, unless I sign up or another user
tells me.
Contact them over mail, ticket or irc.
irregulator
2012-08-03 07:08:19 UTC
Permalink
To the posts mentioning Riseup :

This thread has get offtopic, on purpose or not.I'm not member of Riseup
Collective, but a devoted supporter of what these people do. That's why
i felt the need to answer some previous emails to this list.

https://help.riseup.net/en/about-us says :

"The Riseup Collective is an autonomous body based in Seattle with
collective members world wide. Our purpose is to aid in the creation of
a free society, a world with freedom from want and freedom of
expression, a world without oppression or hierarchy, where power is
shared equally. We do this by providing communication and computer
resources to allies engaged in struggles against capitalism and other
forms of oppression."

People talking about tickets, quotas, company etc, you should probable
have checked the about-us of Riseup Collective. Especially those who
have already created an account. That conversation was getting a bit
silly, no offence.

Riseup is a collective of people, not another corporate business. And we
prefer the way it is. We don't seek for a "cool" gmail's alike
web-interface or some GB storage space. That's not Riseup. And hopefully
won't be.

Everything in life is about trust, on the Internet that applies too.
I trust Riseup and share their vision about a better world. You people,
who seek yet for another "free alternative mail provider" to "do the
job", you'd better consider some other solution than Riseup.

Autonomous radical tech collectives and projects are something very
important to people fighting around the world
(http://cryptome.org/2012/07/chile-comments.htm). Please don't abuse it.

Greetings and no offence
adrelanos
2012-08-02 21:58:13 UTC
Permalink
Post by Joe Btfsplk
Why would Yahoo allow using Tor? Or, is it that the acct was NOT
created using Tor, but later accessing it via Tor - * as antispam06
mentioned * ? (not sure exactly what he meant) What would that
accomplish, for anonymity? If you didn't create the acct w/ Tor (or
proxy), they know the real IP address of the owner. Thanks.
Maybe chain something not banned for registration behind Tor and
afterwards start using it over Tor.
antispam06
2012-08-03 08:39:43 UTC
Permalink
Post by Joe Btfsplk
So, big surprise, lots of people are using Tor addresses & then doing
crap to give it (certain addresses, anyway) a bad name & get blacklisted.
Question: was mentioned about using Tor to access Yahoo mail.
Certainly, you can't OPEN a Gmail acct w/ Tor w/o giving mobile #, 1st
born son, etc. Can't sign up for GMX w/ Tor.
I guess that is an example of taking things out of context. A lot of
people give ISPs a bad name. A lot of people give countries a bad name.
And so on. Anybody who's online has a share of it. Unpatched servers,
firewalls set up with defaults, faulty routers, anything for anybody.
You missing out on the latest OS patch could mean somebody would take
control of your box and give you a bad name. Do not single out Tor as a
source of problems. Most of the public wants to hear that to shift the
attention from their broken Symbians or old corporate Windows installs.

So I think its less about abuse and more about old filters
misunderstanding what's going on. After all, so many people get online
over NAT, yet most filters are set up in the usual, now stupid way, of
couting by IP connections. Yet given the subject more and more people
are reading this and giving it a try. Each individual just wants to see
for oneself. But as a whole it is an abuse: a couple of Tot exits asking
for new accounts every 5 minutes.

As for your certainty: I do have accounts from all mentioned services
(Gmail, Yahoo, Gmx) and everything was done over Tor.
Post by Joe Btfsplk
Why would Yahoo allow using Tor? Or, is it that the acct was NOT
created using Tor, but later accessing it via Tor - * as antispam06
mentioned * ? (not sure exactly what he meant) What would that
accomplish, for anonymity? If you didn't create the acct w/ Tor (or
proxy), they know the real IP address of the owner. Thanks.
Because they are still getting a lot of information. My Yahoo account
(accessed behind Tor) gives quite a few insides on my activities. Just
not linked with a certain geographical place. That makes my life easier,
as I am quite lazy, and helps them keep their userbase. The moment they
are going to block Tor users that is going to be marked somewhere
online. And me and others affected by that move would have to urge our
contacts to move to other equaly gratis sites. They are going to keep
the Yahoo mailbox as a storage for many / large attachments. Meaning
Yahoo would get to pay for the hard drive space and have less info to
use. Sure, it's not a big deal in the context of their millions of
users. But it's something to think about. They launched the unlimited
account and people were still switching to Gmail just for it being
cooler. Next time some idiot would make a webmail comparison on some
site it would throw in that blocking as one more reason to switch to the
company that paid him for the article.

And again. Tor is not the tool for the bad guys. It's slow. Tor exit
nodes are public and blocked in some cases. Why not go through an open
WiFi? That would reveal your geographic location at a certain instant in
time. Otherwise it's open. How about going through another computer? And
I don't mean using proxy software.

As for yahoo there other UFO-type mysteries. Why do they keep their
services out in the open. It was mentioned the Men in Black have their
harvesting machines in the Yahoo datacenters. As Skype they still get a
copy of everything that goes through their network. Why not add TLS to
every connection be it webmail, IM, or whatever? Or how come a new
account, once it gets over a certain level of trafic, even if it is with
a short list of trusted emails, it starts getting spam? A lot more spam
than any other webmail service I have used lately. Or you ask yourself
why would they allow Tor? Because they see everything you send and to
whom. But why they do not block PGP / GPG emails? They are very obvious.
And it's a pain to try to crack one only to find out a grocery list from
some geek to his programmer wife.
Joe Btfsplk
2012-08-03 14:31:40 UTC
Permalink
Thanks for all replies. I'm responding to antispam06's reply, only
because it was last of several. Because the issue is more complex than
I thought, GMX is no longer the sole focus. Overall, the info should
benefit *lots* of users, IMHO.
Post by antispam06
Post by Joe Btfsplk
So, big surprise, lots of people are using Tor addresses & then doing
crap to give it (certain addresses, anyway) a bad name & get blacklisted.
I guess that is an example of taking things out of context. A lot of
people give ISPs a bad name. A lot of people give countries a bad name.
Absolutely - never said or hinted Tor was only network or service being
abused. But I'm talking about using Tor to sign up for email.
GMX probably blacklisted (many?) Tor IP addresses simply because several
users tried signing up w/ same IP over time. I tried several - hrs /
days apart, after clearing everything in latest TBB, AFAIK; getting new
identity / IP address. RE-jected!
Post by antispam06
As for your certainty: I do have accounts from all mentioned services
(Gmail, Yahoo, Gmx) and everything was done over Tor.
Good to know, but how? How'd you create Gmail acct w/ Tor & not give
mobile #? How did you get GMX to accept a Tor address (got lucky?).
I'm not arguing. Obviously, I'm not as experienced / crafty / lucky as
some, so looking for HOW folks *recently* created email accts w/ various
providers, using Tor - or other "anonymous" ways. I haven't tried -
every - provider w/ Tor & would prefer not to spend days. I've learned
a lot from responses (as will others, not so experienced using Tor for
this).

How long ago did you (or others) create them; have providers since
changed methods; how long / how much effort did it take; what
techniques were used? Did some just get lucky on a couple of tries w/
NON blacklisted Tor IPs, or did it take days & dozens of Tor addresses,
using all techniques you mentioned?
Post by antispam06
Why not go through an open WiFi? ... How about going through another
computer? And I don't mean using proxy software.
I suppose WiFi is a possibility, but I don't frequent WiFi spots.
Correct me if wrong, but if logging on in the "clear" *vs* using Tor,
they can get more info about your machine, that can possibly identify it
later?
You mention using ANOTHER machine & so did GMX "support," after they
replied, that (one) Tor address I used was blacklisted.
Does that - possibly - mean that for any user in this scenario, even
using *Tor* for registering (& failing 1st few attempts), a provider
collected enough info to ID my PC again, even if use another address
(Tor or not)? This topic is no longer JUST about GMX.

Using others computers to create an acct that might be used for whistle
blowing (w/o Tor or proxy - or what DID you mean?) ... not sure about
that one.

I understand most providers will (certainly can) scan unencrypted
email. But, if sending whistle blower or msgs to neighbors w/ junk
cars, won't be sending encrypted ones.
I just don't want them to trace me. Not trying to outwit LEA here, even
though it'd be nice not to have mail scanned.
antispam06
2012-08-03 18:08:02 UTC
Permalink
Post by Joe Btfsplk
Thanks for all replies. I'm responding to antispam06's reply, only
because it was last of several. Because the issue is more complex than
I thought, GMX is no longer the sole focus. Overall, the info should
benefit *lots* of users, IMHO.
Only thing is that many people don't read the archives. Myself included.
Anyway, I changed the subject as it no longer has anything to do with
the initial post.
Post by Joe Btfsplk
Post by antispam06
Post by Joe Btfsplk
So, big surprise, lots of people are using Tor addresses & then doing
crap to give it (certain addresses, anyway) a bad name & get blacklisted.
I guess that is an example of taking things out of context. A lot of
people give ISPs a bad name. A lot of people give countries a bad name.
Absolutely - never said or hinted Tor was only network or service being
abused. But I'm talking about using Tor to sign up for email.
GMX probably blacklisted (many?) Tor IP addresses simply because several
users tried signing up w/ same IP over time. I tried several - hrs /
days apart, after clearing everything in latest TBB, AFAIK; getting new
identity / IP address. RE-jected!
Yes. You are right. Yet, a lot of people do read the arhives. And
lamenting about bad guys going over Tor might fuel some ill intentioned
positions. I'm not for censorship. Far from it. But I'd say to limit the
comments in that direction to the already existing warnings about entry
points, bridges and exit points. This is purely speculation and I have
no study to back me up, but I'm quite sure Tor is truly a pain in the
rear for those wrongdoers. Which paints a depressive picture, as people
in child pornography are only a few. And those few are enough of a scare
to confiscate hardware, close down servers and so on. Two centuries ago,
giving the evil eye to the local priest would lead to live evisceration
and other wonderful not so medical interventions. Today knees begin to
tremble to a question like ?so you don't want to protect the children??.
People have died in order to have enough freedom to have naturist
communities, yet two bit stars talk about the shame of a naked elbow at
17 and step by step the society goes back to those days of the Middle
Ages.

I'd say eagerness does not help in these situations. Try it 5 months
from now. Or forget it altogether. Because I've been in communities that
rejected anything other than say a gmail.com account. So, unless you
really need it, just mark it down on some webpage as unfriendly and
that's all. I just discovered a couple of hours ago that
opensubtitles.org is far from open and it blocks at least two Tor exits.
But in the last 6 months the only one service I stumbled upon who
blocked Tor was startpage.

As for the precise answer to your questions, sometimes even they don't
know. Automated scripts which go wild. And it's hard to teach them they
have to redo a configuration. They'd rather tweak it and tweak it some
more till it breaks for good.
Post by Joe Btfsplk
Post by antispam06
As for your certainty: I do have accounts from all mentioned services
(Gmail, Yahoo, Gmx) and everything was done over Tor.
Good to know, but how? How'd you create Gmail acct w/ Tor & not give
mobile #? How did you get GMX to accept a Tor address (got lucky?).
I'm not arguing. Obviously, I'm not as experienced / crafty / lucky as
some, so looking for HOW folks *recently* created email accts w/ various
providers, using Tor - or other "anonymous" ways. I haven't tried -
every - provider w/ Tor & would prefer not to spend days. I've learned
a lot from responses (as will others, not so experienced using Tor for
this).
Hahaha

Experience and craft have little in common with opening a free
web-something account. And I think luck it's hard to prove in real life.
Within the computer generated world luck has even less meaning. I see it
as not one's luck, but other one's carelessness.
Post by Joe Btfsplk
How long ago did you (or others) create them; have providers since
changed methods; how long / how much effort did it take; what
techniques were used? Did some just get lucky on a couple of tries w/
NON blacklisted Tor IPs, or did it take days & dozens of Tor addresses,
using all techniques you mentioned?
Just digging for a path to a server would simply lock other paths. You
and anyone with an issue should contact the administrators. After all
there is no right to have a Gmx account.

Anyway to satisfy your curiosity they were all made in the past 12
months or so when I needed. Apart from one issue with Lavabit solved
with two changes of exit nodes, everything went smooth. I still have
ergonomy issues. Even after tweaking Firefox, Wordpress gave me a long
time SSL timeout two out of three times roughly. Google services gave me
for a while failed logins. Never filed bug reports for those or wrote
the owners of a site as I could not pinpoint the origin of the problem.
In the last months Wordpress has been changing the interface to make it
more facebookish. Some of the issues were solved with less restrictive
NoScrip. Some, like the status or reader are unusable. If only I my
knowledge would allow me to do some forensics!

I'm pretty sure there is no technique involved. Although some sites are
really stupidly designed when it comes to error reporting. Just try to
use a 60 character password with spaces and signs like the slash. Some
even tell the two pasted password instances do not match! Others will
quietly reload.
Post by Joe Btfsplk
Post by antispam06
Why not go through an open WiFi? ... How about going through another
computer? And I don't mean using proxy software.
I suppose WiFi is a possibility, but I don't frequent WiFi spots.
Why? You have Tor. You know how to use TBB. Why not enjoy the free
stuff? See also that not only tor bridges are helpful to the community,
but also an open Wifi. From a paranoid point of view it's better to have
an open router with limited traffic, than an encrypted one. Routers are
easy to crack and a badly chosen password woud make the law catch you
with your pants down as the next porn downloader. An open router means
anybody could have done it.
Post by Joe Btfsplk
Correct me if wrong, but if logging on in the "clear" *vs* using Tor,
they can get more info about your machine, that can possibly identify it
later?
Anything that goes through radio is public. And anybody within the
radius can read the traffic. For that one uses VPN. Or HTTPS. Or Tor.
Actually, they are all SSL derivates in my case.

Second, who is they?

Third a firewall can block most fingerprinting.

Fourth: you are in a public place. Who cares about fingerprinting when a
security camera or a guy with a GPS enabled photo camera can take
pictures of you and your desktop?
Post by Joe Btfsplk
You mention using ANOTHER machine & so did GMX "support," after they
replied, that (one) Tor address I used was blacklisted.
Yes. But we don't mean the same. Gmx meant going online in another
place. I meant going through another place.
Post by Joe Btfsplk
Does that - possibly - mean that for any user in this scenario, even
using *Tor* for registering (& failing 1st few attempts), a provider
collected enough info to ID my PC again, even if use another address
(Tor or not)? This topic is no longer JUST about GMX.
If they are able to push software to run on your machine, most probably,
Tor or not. If using the same browser and enable than disable Tor
button, some traces might remain there even if there is a an active team
and community to look for this kind of issues.

If I get things right, right now the Tor team has a priority of getting
people to connect to their targets. Many governments today are actively
blocking Tor. And even more government agencies are doing their best to
track the activity of marked individuals. Keeping your privacy once you
get on the desired server is less of a concern to the Tor team. People
have been warned. Yet they want to see silly cat movies and the last
night TV show so they enable Flash. Or they go on Facebook and let
people in real life identify them. Or give their real phone number to
Google. And so on. In short: Tor helps you go to a net cafe or park and
publish data about the evil company. It does not protect you from using
the company email to give the link to your site.
Post by Joe Btfsplk
Using others computers to create an acct that might be used for whistle
blowing (w/o Tor or proxy - or what DID you mean?) ... not sure about
that one.
I don't understand that part.
Post by Joe Btfsplk
I understand most providers will (certainly can) scan unencrypted
email. But, if sending whistle blower or msgs to neighbors w/ junk
cars, won't be sending encrypted ones.
I just don't want them to trace me. Not trying to outwit LEA here, even
though it'd be nice not to have mail scanned.
Correction: they do not scan the email. They store it. For undisclosed
periods of time. That suggest as the closest date sometime near for ever
and ever.
Joe Btfsplk
2012-08-03 21:02:07 UTC
Permalink
Post by antispam06
Good to know, but how? How'd you create Gmail acct w/ Tor & not give mobile #? How did you get GMX to accept a Tor address (got lucky?).
Hahaha
Haha??? :(
Post by antispam06
how long / how much effort did it take; what techniques were used? Did some just get lucky on a couple of tries w/ NON blacklisted Tor IPs...
Anyway to satisfy your curiosity they were all made in the past 12 months or so when I needed. Apart from one issue with Lavabit solved
with two changes of exit nodes, everything went smooth.
It sounds like you did get "lucky" if the 1st exit IPs used worked the
1st time on most accounts you set up.
EITHER - in GMX case, I happened to randomly get multiple IP addresses,
over hrs & days, ALL blacklisted by GMX (& you *didn't*), or GMX has a
way to tell it's the same computer using a diff Tor address. It's one
or the other, or both. Somehow, I doubt that they have that ability -
not sure.

At this point, GMX is only an example. I won't be using this acct
often. Other than some other providers have much shorter acct
deactivation period if no login, which I WILL forget & then have to
create another "anonymous" acct. I don't blow whistles everyday &
*definitely* won't be storing those emails on server.
Post by antispam06
You mention using ANOTHER machine & so did GMX "support," after they replied, that (one) Tor address I used was blacklisted.
Yes. But we don't mean the same. Gmx meant going online in another place. I meant going through another place.
They said "another computer." Why they said it, or exactly what they
meant, don't know. I replied & asked to clarify.
By "going _through_ another place," you mean like WiFi w/o Tor, or
somewhere that they (email provider) can't link to ME (real ISP) & I
also don't have to use Tor to register?

You said, "_How about going through another computer._"
I meant, I question the wisdom, using another person's computer (_w/o
Tor or *some* anonymizing means_) to create email acct to be used for
whistle blowing. Don't want anything coming back on friends / family.
And if you meant, use another computer AND Tor, don't see the point. My
computer isn't the problem (unless sites like GMX, others can ID it),
even after clearing & closing TBB & getting new address. Maybe I should
check for super cookies. :D

Yes, Gmail does actively *scan* email, to deliver targeted ads. Says
exactly that in TOS and / or PP (least, it did short time ago).
Probably others as well, if read their docs carefully.
Joe Btfsplk
2012-08-03 22:58:33 UTC
Permalink
I guess GMX just has no interest in helping honest, hard-working whistle
blowers out. Their loss. They may just block many Tor exit nodes,
cause I'm pretty sure everything in Tor was perfect Even turned off
NoScript.

Another popular provider was happy to sign me up via Tor, anxious to get
that ad revenue. They'll starve if depending on this acct.
Can't say which one or it'll blow my "double naught spy" cover.
They were salivating so much, didn't care that the exit node country &
zip I entered didn't match. You'd think the name, Mork from Ork would
raise a flag. (kidding)
Nanu-nanu.
dumbnewbie
2012-08-04 10:11:04 UTC
Permalink
Post by Joe Btfsplk
Good to know, but how? How'd you create Gmail acct w/ Tor & not give
mobile #? How did you get GMX to accept a Tor address (got lucky?).
I'm not arguing. Obviously, I'm not as experienced / crafty / lucky as
some, so looking for HOW folks *recently* created email accts w/ various
providers, using Tor - or other "anonymous" ways. I haven't tried -
every - provider w/ Tor & would prefer not to spend days.
The only way I've been able to create a Gmail account recently was through an Android tablet. I installed Orbot and Orweb APKs so all traffic was through Tor at the time, then created the account through Settings > Acounts & Sync > Add Account. I was surprised it didn't want a phone number.
I've created accounts with hushmail but they block some exit nodes.
I saw http://safe-mail.net mentioned before and I can confirm that they don't reject Tor users. I use these guys the most. I've read some suspicions about them, though, because their NS is through barak.net.il but I don't know if that's a valid concern.

Cheers,
dn.
Moritz Bartl
2012-08-04 11:02:51 UTC
Permalink
Post by dumbnewbie
The only way I've been able to create a Gmail account recently was through an Android tablet.
I've noticed that behavior, too. Maybe it's just the User Agent, or they
use a different URL to sign up.
--
Moritz Bartl
https://www.torservers.net/
Joe Btfsplk
2012-08-04 15:00:15 UTC
Permalink
Post by dumbnewbie
The only way I've been able to create a Gmail account recently was through an Android tablet. I installed Orbot and Orweb APKs so all traffic was through Tor at the time, then created the account through Settings > Acounts & Sync > Add Account. I was surprised it didn't want a phone number.
I've created accounts with hushmail but they block some exit nodes.
I saw http://safe-mail.net mentioned before and I can confirm that they don't reject Tor users. I use these guys the most. I've read some suspicions about them, though, because their NS is through barak.net.il but I don't know if that's a valid concern.
Cheers,
dn.
It'd be hard to avg user to create anonymous Gmail acct. Maybe use a
throw away cell phone; use WiFi that's near pay phone? Google SAYS they
won't do anything w/ the phone # or SMS device, except to verify the
acct. But then, Google says a lot of things. It only deters "honest"
people from setting up anonymous accts - criminal types will use throw
away phones, etc.

In my search for providers to create accts using Tor, Safe-mail was
one. Yes - based in Israel. Don't know it's a big concern, except some
servers might filter email from foreign countries - but many don't.
They have long, 6 mo period before inactivating accts w/o login; Storage
of 3 MB is very low. Send a msg, then del, I guess.

Privatdemail.net is in Egypt & don't allow sending email to Israel. SAY
they don't log *any* files or IP addresses. Have decent 500 MB storage;
10 MB max message size; support POP / IMAP; 90 day deactivation if no
login. No idea how many servers would filter mail from Egypt.
Juan Garofalo
2012-08-04 19:00:27 UTC
Permalink
It'd be hard to avg user to create anonymous Gmail acct. Maybe use a throw away cell phone;
For what it's worth, I created a gmail account last week from my home, ordinary internet connection, argentina, and the phone # was not needed.

But maybe that was because my IP was 'legitimate'?
Joe Btfsplk
2012-08-05 18:38:23 UTC
Permalink
Post by Juan Garofalo
For what it's worth, I created a gmail account last week from my home,
ordinary internet connection, argentina, and the phone # was not
needed. But maybe that was because my IP was 'legitimate'?
That's a very interesting question / comment. Also points out, Tor
users from many countries are reading the U.S. list. I've no idea of
google policies / practices (or any other providers') for different
countries. It's hard enough to pin point what they are in US, as
different US users report different Google / Gmail experiences. Google
may "switch it up" to keep potential spammers off balance. Or, due to
differences in users' browser / OS / FW / privacy software, etc., that
diff users have / don't have, Google believes it already has enough info
on a machine / location, that they don't need to ask for a phone #.
Don't know.

Different countries have diff regulations for email providers, ISPs,
etc. That's fairly well documented. Some countries have more "pro user
privacy" laws or regulations than others.

And as others point out, it - seems - might be a big difference in using
Firefox /w several privacy addons vs using Android OS. I don't have
Android, but is it possible Google can already get enough info from an
Android device, that there's no need to ask for verifying phone #?
Google *funded* Android development - correct? Given Google's - proven -
privacy violation record, is it safe to assume they *may* be getting
more info than Android users would like, or are aware of?

Recent replies to the original topic have nothing to do w/ GMX, per se,
which is why another user & I changed the subject, but others
accidentally replied to an older post w/ original GMX subject. Still,
overall info of keeping anonymous when using various services is
obviously of great interest. Might take a team of people (or be
impossible), but given the constant interest in how to sign up / protect
anonymity using Tor w/ specific services, would be extremely helpful to
have reasonably *updated* documentation on how to sign up or use Tor w/
specific services.

Have the info posted on one web page (w/ links to specific topics),
rather than get lost in this list's archives. I appreciate earlier
efforts on torrifying apps, etc., but much is outdated. AFAIK, there's
not much in a central location on topics like, "how to sign up w/ ABC,
XYZ using Tor." Then instructions on how to *use* Tor & a service (like
webmail provider) w/o compromising anonymity. Yes, it would require
constant updating as providers' methods changed. I KNOW it's difficult
to write or compile such info, but I see lack of documentation for avg
users, as a huge limiting factor for getting more Tor users (thus, more
anonymity). Problem: if Tor / TBB become hugely popular, even many
"democratic" countries may ban it?

"We choose to make Tor easier to use, not because it is easy, but
because it is hard." :)

grarpamp
2012-08-04 19:08:45 UTC
Permalink
Post by dumbnewbie
The only way I've been able to create a Gmail account recently was through an Android tablet. I installed Orbot and Orweb APKs so all traffic was through Tor at the time, then created the account through Settings > Acounts & Sync > Add Account.
I'd be wary of that approach. It would be some work for me to verify
on such a semi-closed system that all traffic did go through Tor. Even
if it did, if any closed binaries/firmware on that system are involved
in the process, they could easily be sending your
MAC/UUID/serial/IMEI, etc over TLS as part of the signup process.
Which as you use further apps, services, and surfing would be linked
to that. I don't know much about Android hardware/software, but if
this is the case, I'd rather not spend that much money on what would
then necessarily become a one time use device.
Aaron
2012-08-04 20:04:53 UTC
Permalink
Post by grarpamp
Post by dumbnewbie
The only way I've been able to create a Gmail account recently was through an Android tablet. I installed Orbot and Orweb APKs so all traffic was through Tor at the time, then created the account through Settings > Acounts & Sync > Add Account.
I'd be wary of that approach. It would be some work for me to verify
on such a semi-closed system that all traffic did go through Tor. Even
if it did, if any closed binaries/firmware on that system are involved
in the process, they could easily be sending your
MAC/UUID/serial/IMEI, etc over TLS as part of the signup process.
Which as you use further apps, services, and surfing would be linked
to that. I don't know much about Android hardware/software, but if
this is the case, I'd rather not spend that much money on what would
then necessarily become a one time use device.
What you can do is use the android emulator (with Tor). You'll need to
figure out how to get a google apps into the emulator image though.

--Aaron
dumbnewbie
2012-08-05 04:15:24 UTC
Permalink
It'd be hard to avg user to create anonymous Gmail acct. Maybe use a throw away cell phone; use WiFi that's near pay phone? Google SAYS they won't do anything w/ the phone # or SMS device, except to verify the acct. But then, Google says a lot of things. It only deters "honest" people from setting up anonymous accts - criminal types will use throw away phones, etc.
In my country it's difficult (but not impossible!) to obtain "throw
away" SIM cards due to industry regulations that require telcos and
retailers to obtain proof of ID at the point of sale and registration
of SIM cards. AFAIK, this proof of ID and the SIM card information is
registered with a government agency.
I'd be wary of that approach. It would be some work for me to verify
on such a semi-closed system that all traffic did go through Tor. Even
if it did, if any closed binaries/firmware on that system are involved
in the process, they could easily be sending your
MAC/UUID/serial/IMEI, etc over TLS as part of the signup process.
Which as you use further apps, services, and surfing would be linked
to that. I don't know much about Android hardware/software, but if
this is the case, I'd rather not spend that much money on what would
then necessarily become a one time use device.
That's a valid concern. It's important for people to remember that,
although a Google/GMail account might not be used for personal email,
once it's associated to a personal Android device you've lost your
privacy/anonymity on that device.
antispam06
2012-08-05 12:16:55 UTC
Permalink
Post by dumbnewbie
In my country it's difficult (but not impossible!) to obtain "throw
away" SIM cards due to industry regulations that require telcos and
retailers to obtain proof of ID at the point of sale and registration
of SIM cards. AFAIK, this proof of ID and the SIM card information is
registered with a government agency.
Do not forget that as every SIM card comes embedded with a serial number
that does most of the identification and not the actual phone number
printed on the box, each telephone also has a serial number. Those two
strings are stored just like anything else, like location updates,
number you have called or have called you and so on. If Sony does have
years old registration data and credit card numbers in its possesion,
I'd say it's sane to assume the phone company stores this data for ever.
So giving that phone to your brother in law or lending it from a
highschool friend doesn't make much of a difference.
Joe Btfsplk
2012-08-02 12:45:35 UTC
Permalink
Post by adrelanos
Got it. Good point. There has been very few research done on that
subject. Always makes sense to use a trustworthy mail provider as an
activist instant of a non-trustworthy. Even if you use GPG. They can
still try a targeted attack on your browser of tell who is
communicating with whom and sell some metadata like when you logged in
etc. Riseup has been recommend by (imho) trustworthy and honest
people. Tormail is anonymously run, could be run by evil or honest
people. Who knows. 50/50 chance I'd say.
[...]
Post by adrelanos
If they are honest, they can not be forced into cooperating with an
adversary. In that case they were even better than Riseup. Or they are
already run by your adversary and then you are left with the
protections provided by Tor (and gpg). On the other hand riseup hosts
servers in US, thus they are subject to US laws. Other then using a
well motivated and known mail provider you could try a different
approach. If your whistleblow is about country X, use a mail provider
in country Y. Any countries (almost) in war with each other are are
good choice and unlikely to share any intelligence. And even then, it
could be pointless, if the server security in that country is poor.
Due to lack of theoretical research and practical tests or stories the
perfect decision for the best resistant mail provider is more than
difficult.
Thanks again everyone, for the helpful info. I read some of Safe-mail's
documents. Particularly, section "Abuse of the * FREE * accounts."
Post by adrelanos
While [free] SignUp is not available, you may request a new account by
sending an email message from an EXISTING Safe-mail.net account....
Apart from the Free SignUp that is not allways available, the system
is functioning well and existing users shouldn't experience any
problems or restrictions.
In last sentence, it's unclear if signing up for free acct ALWAYS must
come from an existing acct. "... is not always available," indicates
sometimes it is. Haven't tried registering for free acct /w Tor yet,
but I'm guessing they'll require an email from a * Safe-mail acct.* I
know no one w/ an acct.
Post by adrelanos
"There are two ways to have your account approved: you can either get
invite codes from existing users you know or wait for us to approve
your request. It is sometimes difficult for us to keep up with the
volume of requests, so it may take us up to a FEW WEEKS to get back to
you. If you know two different riseup.net users, you can use the
invite method, and your account will be created and be ready to use
immediately.
Mail2World may terminate your access to any part or all of the Service
and any related service(s) at any time, with or without cause, with or
without notice, effective immediately, for any reason whatsoever.
Sounds a little harsh. Any reason * whatsoever *? You email a
presidential candidate's site that they don't like? If using Tor, they
may not know your real IP / location, but (I assume) they can see
recipient addresses.
jed c
2012-08-01 19:16:38 UTC
Permalink
I guess the question is what exactly are you looking for? SSL?
I was able to setup an email account (at)mail2world.com (no fancy tricks) I made sure to document and verify plausibility of all my answers (time zone zip code match area). Password length is limited to 12 chars. The password length threw me had to use my other answers to change it. Also had to put address as https to make it work since the radio button didnt work.
I'm not married to idea of using GMX & Tor.? So if
others have suggestions for free email service that works w/
Tor or is actually reasonably anonymous (I'm not trying to
outwit NSA, here), I could go that route vs beating my head
against a GMX wall.
Juan / Jed, I tried running Tor through several well known
web proxies.? Even though proxies had options to allow
/ disable scripts," when I allowed scripts, GMX still showed
message, "Please enable JS & try again."?
NOTE:? I've used Tor / TBB & some of same proxies
directly w/ Firefox, & never gotten a "Please enable
javascript" message from any site, AFAIK.
Tried a few proxies - some SSL, some not.? Some proxies
showed (or allowed choosing) a U.S. location, so that wasn't
the issue.? Tor is also using US exits.
Also entered GMX.com & the proxy's domain on NoScript
white list.? No change after reloading GMX / proxy page
in TBB.? GMX still gave "enable javascript..."
Then as test, tried just Firefox 14 thru the proxies, that
HAD options to enable JS (I did).? Same result - GMX
still thinks JS is disabled.? It's really only page
I've gotten that message using proxies, but... never tried
creating an email acct - * in last few yrs * - using Tor or
a proxy .? Between each try, I deleted cookies, closed
pages, cleared cache, got new IP (when using Tor).
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Douglas Lucas
2012-08-02 23:04:06 UTC
Permalink
Hi Tor Talk,

Lurker and user of Tor here. Thanks y'all for your hard work making Tor
possible!
Post by Joe Btfsplk
2nd, I can't find anywhere - w/o signing up - what Riseup's general
"starting" storage quota or max message and / or attachment size
limits are, even using search engines.
I understand IF they don't make $ off advertising, they need it from
other sources (donations). But, their suggested "individual"
donation of $5 - 15 > / mo & for businesses, 1% of annual budget
(Ex.: $100 for $10K budget) seems lopsided. A business /
organization will generate way more traffic
than (especially) me.
But, I don't know what I'd get for $5 / mo, even if I liked them,
unless I sign up or another user tells me.
I use riseup. My current storage quota -- which I believe would be
yours, were you to sign up -- is 92 MB. Riseup says the storage
quota fluctuates a bit and might go up in the future. I think you
can also request a higher quota if you have good reasons. Since I
mostly POP everything out, the quota doesn't cause me trouble. Maybe
it would if I suddenly became famous/notorious while in an extended
coma, receiving a zillion Twitter auto-emails notifying me of new
followers. :) :(

My attachment limit is 2 MB, which is reckoned per email -- I assume
it'd be the same for you. The attachment limit presents something of
a difficulty for me, a freelance writer, since big .DOCs and .PDFs
can exceed 2 MB. But clients can deal with workarounds.

Never seen an ad on Riseup (of course, I use adblockers). I don't
know if there's a size limit for incoming attachments.

I don't think they offer premium services, but I could be wrong.
It's free with donations strongly encouraged.

One good way to donate to Riseup is through Flattr!
https://flattr.com/thing/523584/Donate-to-Riseup With Flattr you can
shoot Riseup a micro-donation via a flattr click, a recurring
subscription of flattr clicks, or just send a straightforward
donation up to your monthly Flattr donation limit, which as of this
May is EUR150.

:-Douglas
Joe Btfsplk
2012-08-03 00:42:26 UTC
Permalink
Post by Douglas Lucas
I use riseup. My current storage quota -- which I believe would be
yours, were you to sign up -- is 92 MB. Riseup says the storage
quota fluctuates a bit and might go up in the future. I think you
can also request a higher quota if you have good reasons. Since I
mostly POP everything out, the quota doesn't cause me trouble. Maybe
it would if I suddenly became famous/notorious while in an extended
coma, receiving a zillion Twitter auto-emails notifying me of new
followers. :) :(
My attachment limit is 2 MB, which is reckoned per email -- I assume
it'd be the same for you. The attachment limit presents something of
a difficulty for me, a freelance writer, since big .DOCs and .PDFs
can exceed 2 MB. But clients can deal with workarounds.
Never seen an ad on Riseup (of course, I use adblockers). I don't
know if there's a size limit for incoming attachments.
I don't think they offer premium services, but I could be wrong.
It's free with donations strongly encouraged.
One good way to donate to Riseup is through Flattr!
https://flattr.com/thing/523584/Donate-to-Riseup With Flattr you can
shoot Riseup a micro-donation via a flattr click, a recurring
subscription of flattr clicks, or just send a straightforward
donation up to your monthly Flattr donation limit, which as of this
May is EUR150.
Thanks Douglas, very helpful. The approx. 92 MB storage isn't much
problem. Yes, 2 MB is tiny. I suppose IF they really don't log IPs or
data, that's what you're paying for (if that's important), rather than
free providers that gather data & sell it. I just have a health
suspicion of a TINY % of companies in *any* industry that say, "/we're
different than all the rest/." Riseup may be, but usually in sum total,
most companies in an industry are similar. One will cut a little here,
but add it back somewhere else.

If the U.S. gov't allowed them not to keep ANY records, _every
terrorist_ in this country & many others would be flocking to Riseup.
Or maybe that's the plan. Since it's unlikely they'll allow that...
anymore than they'd allow 1 or 2 phone Co's. NOT to keep records or
build phone systems that couldn't be wire tapped.

BTW, did send Riseup support a question about their limits.
b.g. white
2012-08-03 02:31:32 UTC
Permalink
Riseup is not a company or corporation. https://help.riseup.net/en/about-us
That being said, I have no way to verify what they do and do not log.
Post by Joe Btfsplk
Post by Douglas Lucas
I use riseup. My current storage quota -- which I believe would be
yours, were you to sign up -- is 92 MB. Riseup says the storage
quota fluctuates a bit and might go up in the future. I think you
can also request a higher quota if you have good reasons. Since I
mostly POP everything out, the quota doesn't cause me trouble. Maybe
it would if I suddenly became famous/notorious while in an extended
coma, receiving a zillion Twitter auto-emails notifying me of new
followers. :) :(
My attachment limit is 2 MB, which is reckoned per email -- I assume
it'd be the same for you. The attachment limit presents something of
a difficulty for me, a freelance writer, since big .DOCs and .PDFs
can exceed 2 MB. But clients can deal with workarounds.
Never seen an ad on Riseup (of course, I use adblockers). I don't
know if there's a size limit for incoming attachments.
I don't think they offer premium services, but I could be wrong.
It's free with donations strongly encouraged.
One good way to donate to Riseup is through Flattr!
https://flattr.com/thing/**523584/Donate-to-Riseup<https://flattr.com/thing/523584/Donate-to-Riseup> With Flattr you can
shoot Riseup a micro-donation via a flattr click, a recurring
subscription of flattr clicks, or just send a straightforward
donation up to your monthly Flattr donation limit, which as of this
May is EUR150.
Thanks Douglas, very helpful. The approx. 92 MB storage isn't much
problem. Yes, 2 MB is tiny. I suppose IF they really don't log IPs or
data, that's what you're paying for (if that's important), rather than free
providers that gather data & sell it. I just have a health suspicion of a
TINY % of companies in *any* industry that say, "/we're different than all
the rest/." Riseup may be, but usually in sum total, most companies in an
industry are similar. One will cut a little here, but add it back somewhere
else.
If the U.S. gov't allowed them not to keep ANY records, _every terrorist_
in this country & many others would be flocking to Riseup. Or maybe that's
the plan. Since it's unlikely they'll allow that... anymore than they'd
allow 1 or 2 phone Co's. NOT to keep records or build phone systems that
couldn't be wire tapped.
BTW, did send Riseup support a question about their limits.
______________________________**_________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
grarpamp
2012-08-03 07:57:32 UTC
Permalink
Post by Joe Btfsplk
Sounds a little harsh. Any reason * whatsoever *?
It's called covering ass, and not having to debate with you who's
definition of 'abuse' is right. If you cause them problems, they
can drop you. Doesn't mean if you send death threats they drop
you, only that they can. This is actually a pretty honest policy,
as most other AUP's will just hide it behind a few pages of legal
loopholes and out's for themselves. And you're leeching their free
account.
Post by Joe Btfsplk
If the U.S. gov't allowed them not to keep ANY records, _every
terrorist_ in this country & many others would be flocking to Riseup.
My belief from study is that there are NO laws in the US that require
internet services to ask for or keep anything. In finance side yes,
certain things are legally or contractually required. But server
logs are not one of them. Server logs are generally kept for business
metrics by legitimate mega corps, they're in it for money, not soul.
And to look good or feel good when an incident comes in. Also, note
that having no logs will much faster result in lobbying for logs,
than taking a balanced approach.

Facilities based telephony is of course excluded... calea, etc.

Regardless, in the US, and the world, you should always assume all
your data is logged and act accordingly. TLA's, orders, warrants,
and plain old snooping are easily things go.
jed c
2012-08-03 01:12:17 UTC
Permalink
Last I checked encryption in yahoo mail is only available for login to your account. Everything else goes in the clear easily intercepted if an exit is logging. Easily intercepted over open wifi in a cafe.
Why would Yahoo allow using Tor?? Or, is it that the
acct was NOT created using Tor, but later accessing it via
Tor - * as antispam06 mentioned * ?? (not sure exactly
what he meant)? What would that accomplish, for
anonymity?? If you didn't create the acct w/ Tor (or
proxy), they know the real IP address of the owner.?
Thanks.
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
jed c
2012-08-04 14:03:47 UTC
Permalink
Of course Android is google's child... http://www.zdnet.com/blog/open-source/how-open-is-googles-android/9357
From: Moritz Bartl <moritz at torservers.net>
Subject: Re: [tor-talk] anyone created an acct on GMX using Tor?
To: tor-talk at lists.torproject.org
Date: Saturday, August 4, 2012, 4:02 AM
On 04.08.2012 12:11, dumbnewbie
Post by dumbnewbie
The only way I've been able to create a Gmail account
recently was through an Android tablet.
I've noticed that behavior, too. Maybe it's just the User
Agent, or they
use a different URL to sign up.
--
Moritz Bartl
https://www.torservers.net/
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Continue reading on narkive:
Loading...