Secure email without an IP changer is useless

**OnPoint88** · 02-10-2012, 08:09 PM

The busts from hushmail were because they record your ip address. Since I subscribed to this service it appears I'm from a country where steroids are legal lol. https://btguard.com/vpn_pptp_win7.php

**LAM** · 02-10-2012, 08:22 PM

yep, ISP's have to hand over that IP info once LE gets a court order. the feds are even trying to get anti-virus manufactures, etc. to open up a back door for them. corporate fascism is on the rise in the US. I say corp fascism since the lobbyists in DC pull the strings of the puppets in high office.

**Vibrant** · 02-10-2012, 08:28 PM

so are there any good free secure emails left?

**OfficerFarva** · 02-10-2012, 08:35 PM

Originally Posted by Vibrant

so are there any good free secure emails left?

Hotmail, there's so many spam accounts how could they ever find you lol.

**LAM** · 02-10-2012, 09:00 PM

Originally Posted by OfficerFarva

Hotmail, there's so many spam accounts how could they ever find you lol.

it's bad but nothing compared to yahoo, which I stopped using years ago because of that. I have crazy filters on my hotmail account, had that email addy since '94 and everybody has it.

**~RaZr~** · 02-10-2012, 10:04 PM

Everyone thought that Hushmail wouldn't hand over emails. Well they did...about 12 CDs worth of plain-text emails....

Best bet is to not trust any email provider to secure you 100%. That's all I'm going to say about that...

http://m.wired.com/threatlevel/2007/11/encrypted-e-mai/

**LAM** · 02-10-2012, 10:24 PM

Originally Posted by djlance

Everyone thought that Hushmail wouldn't hand over emails. Well they did...about 12 CDs worth of plain-text emails....

Best bet is to not trust any email provider to secure you 100%. That's all I'm going to say about that...

Encrypted E-Mail Company Hushmail Spills to Feds | Threat Level | Wired.com

nothing is truly secure when connected to the public network. it was the DOD (aka DARPA) and packet switching protocols that laid the foundation for the Internet.

when doing shady things on the Internet best to get in and get out...

**~RaZr~** · 02-10-2012, 10:28 PM

Originally Posted by LAM

nothing is truly secure when connected to the public network. it was the DOD (aka DARPA) and packet switching protocols that laid the foundation for the Internet.

when doing shady things on the Internet best to get in and get out...

Yea you totally lost me with the DOD/DARPA/packet switching protocols words. I'll just go ahead and agree with what you said

**KelJu** · 02-11-2012, 03:01 AM

Originally Posted by LAM

nothing is truly secure when connected to the public network. it was the DOD (aka DARPA) and packet switching protocols that laid the foundation for the Internet.

when doing shady things on the Internet best to get in and get out...

I'm going to have to disagree with you there. Data is passed from the data-link layer to the transport layer and then back down again from one node to the next. There is absolutely no security what so ever built into that process. It was designed for efficiency at a time when modems were dog shit slow, and people just wanted to get their data to where it needed to go.

It was after the fact that people had to go back and design intelligent routers and firewalls to control the flow of data though the network. Nearly all security is built into more modern protocols like ssl and ssh. The problem is that these protocols are only secure if the server that issues the public key key is secure.

Hushmail fails to do this, because they are the actual entity that issues the public key to initiate a secure channel. If the feds take over hushmail, they have the key, and therefore can unlock all secure data on their email system.

As far as truly secure email, it does exist. There a lot of open source email clients that use PGP. You might have to send someone the shared key through the mail on a piece of paper or call them up and actually tell them the key. after that, no entity, even your isp can know what you are sending and receiving.

**LAM** · 02-11-2012, 04:39 AM

the first protocols developed were connectionless at layer 2 like UDP and TCP, it's all that was needed for small local networks on campus.

SSL and SSH are at the transport layer, after the connection between endpoints has been made at layer 3. security basically comes in two forms, for known data transmission paths (point-to-point, etc.) and others for un-known paths such as VPN's etc. over the cloud.

PTP connections require significantly less security since they can not be snooped like with T1/T3, SONET, etc. once you add in a gateway or bridge to the Internet is when security becomes a crap shot. true security (and QOS) are only guaranteed on a private network.

ever since WiFi came out in the 90's it's been a major headache as it was not designed for corporate/business use. I have to tell people all the time to not tie WiFi devices into your network for hotspot Internet access, etc. into the private network. a separate account using DSL, cable, etc. for publice WiFi access removes that whole issue.

**KelJu** · 02-11-2012, 09:13 AM

You got so much stuff there wrong. TCP is not connectionless. TCP is a connection oriented protocol and the most used protocol in the transport layer. The internet is built on TCP/IP. Security does not come in two forms. Security can be and usually is implemented in every layer of the OSI model. SSL does not operate in the transport layer. It operates in the application layer. SSL piggybacks off of TCP most of the time, because it can't establish a point to point connection.

I don't know much about PTP. I have never used it other than PPPoE bullshit for dsl. All PTP VPNs I have used and setup use IPsec.

**LAM** · 02-11-2012, 01:26 PM

SSH

http://www.rfc-editor.org/rfc/pdfrfc/rfc4254.txt.pdf

TCP/IP

http://www.rfc-editor.org/rfc/pdfrfc/rfc1180.txt.pdf

**KelJu** · 02-11-2012, 01:41 PM

Originally Posted by LAM

SSH

http://www.rfc-editor.org/rfc/pdfrfc/rfc4254.txt.pdf

TCP/IP

http://www.rfc-editor.org/rfc/pdfrfc/rfc1180.txt.pdf

Dude, really? That is so fucking weak!

Why are you posting links to 30 page PDFs as a reply to my post? TCP is a connection oriented protocol, and SSH and SSL operate in the application layer and/or between the transport and application layer depending on which OSI or TCP/IP stack you are looking at. 90% of textbooks place it in the application layer because they use APIs not built into the transport layer. Others say in between because they are retarded, and there is no such thing as in between a layer. You have to put it somewhere, and it stretches across many. Authentication for SSL and SSH is performed in the application layer. That is why it can't possibly exist in the transport layer.

Ninja edit: By the way. The models have changed about 3 times since I started college. It use to be 5 layers, and now its 7. Sorry if I am coming across as a dick, but I do this stupid shit for a living.

**Dark Geared God** · 02-11-2012, 05:11 PM

Originally Posted by KelJu

Dude, really? That is so fucking weak!

Why are you posting links to 30 page PDFs as a reply to my post? TCP is a connection oriented protocol, and SSH and SSL operate in the application layer and/or between the transport and application layer depending on which OSI or TCP/IP stack you are looking at. 90% of textbooks place it in the application layer because they use APIs not built into the transport layer. Others say in between because they are retarded, and there is no such thing as in between a layer. You have to put it somewhere, and it stretches across many. Authentication for SSL and SSH is performed in the application layer. That is why it can't possibly exist in the transport layer.

Ninja edit: By the way. The models have changed about 3 times since I started college. It use to be 5 layers, and now its 7. Sorry if I am coming across as a dick, but I do this stupid shit for a living.

talkin to lam is like talking to the wall once links are posted your wrong in his eyes..

Ninja edit: your still a dick

**OnPoint88** · 02-11-2012, 08:21 PM

Originally Posted by Vibrant

so are there any good free secure emails left?

I use privacyharbor.com

**LAM** · 02-12-2012, 01:07 AM

Originally Posted by KelJu

Others say in between because they are retarded, and there is no such thing as in between a layer. You have to put it somewhere, and it stretches across many. Authentication for SSL and SSH is performed in the application layer. That is why it can't possibly exist in the transport layer.

Ninja edit: By the way. The models have changed about 3 times since I started college. It use to be 5 layers, and now its 7. Sorry if I am coming across as a dick, but I do this stupid shit for a living.

your answer is based off using the 7-layer OSI model, mine was off the 4-layer TCP/IP network model. I'm old school and only work with data at the datagram/packet level and below. getting info to the desktop is not my problem...lol

you can hide a surprising amount of information in data packets but w/o sniffer software it can not be viewed. back in the day we used to hide messages in packets to insure that certain testers were actually doing their job in the lab.

you can also use a hex editor to manipulate files and hide info

It's not retarded to say they are in-between because certain protocols use lower level info only as a carrier of sorts.

**Griffith** · 03-16-2012, 07:49 AM

why dont u just set up ur own email server on and old pc? save to usb, store than in an old microwave that works, then wipe it daily with a good shredder!

u get raided u turn microwave on, put Darik’s Boot and Nuke CD in server, hit that,
then they aint got a pot to piss in

**~RaZr~** · 03-16-2012, 07:56 AM

Originally Posted by Tall Paul

why dont u just set up ur own email server on and old pc? save to usb, store than in an old microwave that works, then wipe it daily with a good shredder!

u get raided u turn microwave on, put Darik’s Boot and Nuke CD in server, hit that,
then they aint got a pot to piss in

If you are that much of a "big fish" or making that much profit, it doesn't matter if you nuke your whole house...your f^cked

**squigader** · 03-16-2012, 10:33 PM

Just use a regular email account (gmail, yahoo, hotmail)

I don't think most people using hushmail, safemail and the like are doing anything remotely legal with it. You're better off with something like gmail + PGP

**OnPoint88** · 03-19-2012, 12:36 PM

Ok so what is PGP and where is it? Is that what securenym.net uses? Everyone seems to be switching from that. Safemail is just as bad as hush mail fyi.

**Ichigo** · 03-31-2012, 11:26 PM

Originally Posted by squigader

Just use a regular email account (gmail, yahoo, hotmail)

I don't think most people using hushmail, safemail and the like are doing anything remotely legal with it. You're better off with something like gmail + PGP

How do you set up PGP?

**OnPoint88** · 05-24-2012, 10:04 AM

My first sticky, thanks! You might want to change the thread name from IP Changer to the proper terminology which is VPN Client. Here's some links to reviews and Tor is the only free one but is a pain in the ass because it doesn't work unless you have mozilla and remember to toggle it on in the browser even if it's running already.
Best VPN Reviews – Compare and find VPN account providers.
Best VPN Service | VPN Reviews | Top VPN Service Providers
Best Private VPN Service Reviews, Free trial & Coupons - 2012
VPN Reviews - VPN Service Reviews, Free Trials and Deals
Best VPN For Anonymity | BestVPNForYou

**Ainanalu** · 09-20-2012, 11:58 PM

Originally Posted by lam

yep, isp's have to hand over that ip info once le gets a court order. The feds are even trying to get anti-virus manufactures, etc. To open up a back door for them. Corporate fascism is on the rise in the us. I say corp fascism since the lobbyists in dc pull the strings of the puppets in high office.

agreed

Thread: Secure email without an IP changer is useless

Thread Tools

Display

Secure email without an IP changer is useless

Posting Permissions