API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 13th, 2017
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.84 KB | None | 0 0
raw download clone embed print report
  1.  
  2. PRIVACY FRIENDLY EMAIL SERVICE PROVIDERS
  3.  
  4. These tables show a lot of email service providers that some measure respect for privacy of their users. THIS IS NOT AT ALL COMPLETE. For now, you should probably visit one of these lists instead:
  5.  
  6. Prxbx.com's Privacy-Conscious Email Services
  7. SSL-Tools.net SSL checked providers
  8. PrivacyTools.io Email Providers List
  9. The Hidden Wiki's Email Service Providers Page & clearnet version
  10.  
  11. Legend
  12.  
  13. Org. = Organization
  14. TOS = Terms of Service
  15. Loc. = Location - denoted by A2 (ISO) country codes, see: www.worldatlas.com/aatlas/ctycodes.htm
  16. Inc. = Incorporation / Company
  17. Min. = Minimum
  18. BTC = Bitcoin - see: https://bitcoin.org
  19. IP = Internet Protocol Address - see: https://en.wikipedia.org/wiki/IP_address
  20. Strips sender IP? = Do they take the email sender's IP address data out of the email header? Yes = good. No = bad.
  21. Logs login IP = Do they keep logs of the IP address from which a customer logs in to an email account?
  22. Encrypts data? = Do they encrypt customer account data? Yes = good.
  23. Can decrypt? = Can they decrypt customer data and read it if they want to? Yes = probably not good.
  24. EPT = https://EmailPrivacyTester.com
  25. Responds openly? = Did they respond openly to questions?
  26. JS req. = JavaScript required. JavaScript is undesirable.
  27. LE = Law Enforcement
  28. LEO = Law Enforcement Officer
  29. LEA = Law Enforcement Agency
  30.  
  31. Here are the email providers which offer webmail access via tor hidden services. They are roughly organized in order of most appealing to least appealing for general use in my opinion although they are not precisely organized. This list is an updated & adapted version of the original .Onion Email Providers topic. Basically organized by the most free, the most reliable uptime and the most anonymity allowing services. JavaScript being required to use email moves the provider toward the bottom of the list though other variables are kept in mind. Ranking is mostly about ease of secure and anonymous usability.
  32.  
  33. Hidden Webmail Services
  34.  
  35. Mail2Tor.com / http://mail2tor2zyjdctd.onion | Unreliable service sometimes. Was unable to connect April - May 2016. Offers free webmail with SMTP, POP & IMAP access. Jan 2017: new front-end servers up after their front-end servers in Sweden were seized by police.
  36. BitMessage.ch / http://bitmailendavkbec.onion | /u/AyrA_ch | Bitmessage support build-in. Forces clearnet HTTPS with Google scripts @ signup & requires a non-disposable email adddres to email your password to you; otherwise good. Onion site was under DoS attack and down Jan-June 2016.
  37. Cock.li / http://wwwcocklicdexedh.onion/ | Free email with SMTP, POP & IMAP access as well as (JavaScript required) RoundCube webmail | Many alt-domains! Under certain conditions, "Registration is limited to 5 accounts per 24 hours".
  38. secMail.pro [NO SSL!] / http://secmailw453j7piv.onion | /u/secMail_pro | 25MB Free .onion SquirrelMail webmail
  39. danwin1210.me / http://tt3j2x4k5ycaa5zt.onion | Free 25MB of email space, Squirrelmail Webmail, IMAP, POP & SMTP, and XMPP via clearnet & onion.
  40. RiseUp.net / http://nzh3fv6jc6jskki3.onion | For horizontal collectivists only. "We have your back so long as you are not pursuing exploitative, misogynist, racist, or bigoted agendas." Some servers seized in 2012 and 2016. Riseup's statement about 2016 FBI server seizures
  41. BitMai.la / http://oxicsiwet42jw4h4.onion | Very low-cost, paid accounts. /u/bitmaila
  42. ProtonMail.com / https://protonirockerxow.onion/ | /r/protonmail - Fully encrypted email hosted in Switzerland offering free accounts and ability to add custom domains and extra features/space for BTC. Requires clearnet HTTPS signup & JavaScript! Must pay or verify via previously existing email or SMS to get an account now!
  43. AnonInbox.net / http://ncikv3i4qfzwy2qy.onion | Paid accounts only, responsive support. Clearnet website down since at least March 2016. - Website down but clearnet emails works.
  44. AnonyMail.tech [NO SSL!] / http://fuacantanj2vhfpw.onion/landing.html | /u/syst3k | Paid .onion & clearnet Webmail, IMAP & SMTP
  45. RayServers.com / https://nmf6cg7tiyqlhsg3.onion | Paid accounts only, responsive, agorist-friendly, competent support. Somewhat difficult to pay.
  46. Lelantos.org / http://lelantoss7bcnwbv.onion | paid accounts only, lacking support, bad service
  47. SCRYPTMail.com / http://scryptmaildniwm6.onion | JavaScript required.
  48. VFEMail.net / https://344c6kbnjnljjzlz.onion | Free signup(w/ads) for Webmail/IMAP/POP/SMTP or low-cost paid (in BTC) plans w/ custom domains. Multiple free domains @ https-JS-required signup (for Google CAPTCHA) but not technically required for the Horde webmail offered. .Onion access back up as of April 2017.
  49. Autistici.org / http://wi7qkxyrdpu5cmvr.onion | For anti-capitalist activists only.
  50. Systemli.org / http://h2qkxasmmqdmyiov.onion | Onion access was not working for many months, but working now. Invite code or contacting them with "good reasons" required for signup.
  51. TorBox / http://torbox3uiot6wchz.onion | 100% tor, no clearnet
  52. GuerrillaMail.com / http://grrmailb3fxpjbwm.onion | Receiving addresses only (no sending) disposable email. JavaScript required.
  53.  
  54. Defunct Hidden Webmail Services
  55.  
  56. Sigaint.org / http://sigaintevyh2rzvw.onion | /u/sigaint / Why was Sigaint top-of-the-list for so long? Down & silent since February 6th, 2017.
  57. RuggedInbox.com / https://s4bysmmsnraf7eut.onion | /u/ruggedinbox & support thread - Service discontinued 18 March 2016.
  58. Innocence.se / http://inocncymyac2mufx.onion | Under DoS attack since Dec 2015. Unable to connect since then.
  59. MailTor.net / http://mailtoralnhyol5v.onion unable to connect since at least 10 Aug 2015
  60. Toremail.net / http://jmcz7xp2kszu6vba.onion web server down since at least 8 Aug 2015
  61. t0rmail.com / http://epjhlyfgxenf2q4o.onion unable to connect / account suspended since May? 2015
  62. OnionMail.in / http://iir4yomndw2dec7x.onion/ down since late December 2014?
  63. URSSMail / http://f3ljvgyyujmnfhvi.onion down since 2014?
  64. tormail.net / tormail.org / http://jhiwjjlqpyawmpjx.onion | Down since August 2013. Info snapshot from July 2013.
  65.  
  66. History Lesson
  67.  
  68. The first free .onion accessible email service that was widely used was tormail.net / tormail.org during 2011-2013. Tormail was taken down by the FBI because it happened to be hosted at FreedomHosting (a free .onion web host) whose server(s) the FBI seized because FH was allowing other things that were horrible & illegal (CP) to be hosted. The FBI now has full access to all the non-PGP encrypted information that was on the tormail server when they seized it, and they have used their access to that information in multiple investigations. Since January 2016, they've been sharing that data with the DEA. Remember this when using such email services.
  69.  
  70. More?
  71.  
  72. All known services are listed. If you know of any others that should be included in this list, submit a new post about them or new link to their site. We will try to keep this list updated as we can.
  73. Disposable Email Address Services
  74. No Pre-Registration Required
  75.  
  76. Discard.email / many alt domains | SSL! No JavaScript required! Some password protected accounts. Emails deleted after 30 days.
  77. FlashBox.5July.org | SSL! No JavaScript required! No pre-reg required! Emails "cleared" after 30 days.
  78. MailSac.com | SSL! JavaScript required. You can make inboxes private.
  79. Mailinator.com / DevNullMail.com / 100's of alt domains | SSL! JavaScript required.
  80. Harakirimail.com | SSL! JavaScript required. Logs kept for "a short time."
  81. Dispostable.com | NO SSL. No JavaScript required! Emails deleted after 72 hours.
  82. TempInbox.com / DingBone.com / FudgeRub.com / LookUgly.com / SmellFear.com | No SSL. No JavaScript required! No pre-reg. Emails kept for how long?
  83. MailGutter.com | No SSL. No JS required.
  84. Suggest another by messaging the moderators! Those which have no HTTPS and require JavaScript will not be listed.
  85.  
  86. Pre-Registration Required
  87.  
  88. Moakt.com / bareed.ws / tmail.ws | SSL! No JavaScript Required! Pre-reg. required. Account deleted in 1hr but can be extended.
  89. GuerrillaMail.com / SharkLasers.com / GuerrillaMailBlock.com / http://grrmailb3fxpjbwm.onion | SSL. No JavaScript required! Pre-reg. required (1 click), emails deleted in 1 hour!
  90. GetAirMail.com / abyssmail.com / tafmail.com / pwrby.com / other alt domains | NO SSL. No JavaScript required! Pre-reg. required. "we delete our logs and messages every 24 hours."
  91. Suggest another by messaging the moderators! Those which have no HTTPS and require JavaScript will not be listed.
  92.  
  93. Free Email Forwarding Services
  94.  
  95. Normal Email Forwarding
  96.  
  97. https://NotSharingMy.info | SSL. Unlimited free forwarding, custom usernames possible.
  98. http://www.MaskedMail.com | Site disabled. Reason: DDoS. Works with TorBox! No SSL. :(
  99. http://www.Jetable.org/en | No SSL. 1 hr - 1 month forwarding
  100. http://www.ShitMail.org / CrapMail.org | No SSL. 1 hr - 3 months forwarding.
  101. https://SecureMail.HideMyAss.com | SSL. Requires google.com JavaScript. 1 day - 1 year forwarding.
  102. http://Despammed.com | No SSL. Requires JavaScript to work?
  103. Suggest another by messaging the moderators!
  104.  
  105. Advanced Email Forwarding
  106.  
  107. https://MailNull.com | SSL! USA. No JavaScript required! Unlimited free forwarding, custom usernames possible.
  108. https://www.33mail.com | SSL! USA. Requires JavaScript to signup.
  109. https://www.SpamGourmet.com | SSL! USA. Some limited advanced features.
  110. https://www.volto.io | SSL! UK. JavaScript required. Some advanced features.
  111. https://e4ward.com | SSL! USA. Not easy to get an account here.
  112. Suggest another by messaging the moderators!
  113.  
  114.  
  115. OTHER MESSAGING SYSTEMS
  116.  
  117. There are other good (even better!) messaging systems than email which can be used for secure & private communications. For a quick overview of software that facilitates this, see EFF.org's Secure Messaging Scorecard.
  118. Pidgin & XMPP w/ OTR Setup Guide
  119.  
  120.  
  121. Using XMPP via Pidgin with OTR for free, encrypted instant messaging with open source software.
  122. How to Install Pidgin & OTR Plugin
  123.  
  124. Pidgin is an open source instant message (IM) program that lets you log in to all of your IM accounts at once and allows their management in one program. Your friends list from ICQ, AIM, MSN, Y!M, GoogleTalk and XMPP ("Jabber") and any others can all be displayed in Pidgin. IM windows are all handled by Pidgin as well.
  125.  
  126. 1. Go to https://www.pidgin.im and download the version required for your operating system. Install it. Many Linux distros will have Pidgin in the official repos.
  127.  
  128. 2. Go to https://otr.cypherpunks.ca and download the Off-the-Record (OTR) encryption plugin for Pidgin. Install it. This plugin encrypts your conversations if both parties have it installed, and it ensures the messages cannot be recovered by a third party because it uses Perfect Forward Secrecy (PFS). Pidgin-otr can be found in some Linux repos.
  129.  
  130. If you are security conscious, get a plugin so that Pidgin does not store your IM account passwords in plaintext. The only two available:
  131.  
  132. Windows Plugin: https://github.com/aebrahim/pidgin-wincred
  133. Linux (Gnome) Plugin: https://github.com/aebrahim/pidgin-gnome-keyring
  134.  
  135. 3. Run Pidgin, and configure the OTR plugin.
  136.  
  137. In Pidgin, go to Tools > Plugins
  138.  
  139. Find the Off-the-Record Messaging plugin on the list and check the box next to it. Select this plugin and click the button at the bottom of this box that says "Configure Plugin". Make sure your Default OTR Settings have checked the box which says "Don't log OTR conversations" otherwise basically the point of having this OTR plugin with "perfect forward secrecy" is voided. Also make sure these two boxes are checked:
  140.  
  141. [❌] Enable private messaging
  142. [❌] Automatically initiate private messaging
  143.  
  144. 4. If you don't use a proxy, ignore this step (Step 4). If you wish to use a proxy for any of your accounts' connections, go to:
  145.  
  146. Tools > Preferences > Proxy
  147.  
  148. You want to use remote DNS if you are using a proxy, otherwise you could have DNS leaks. So check the box which does that:
  149.  
  150. [❌] Use remote DNS with SOCKS4 proxies
  151.  
  152. For tor, these should be the settings:
  153.  
  154. Proxy type: tor/privacy SOCKS 5
  155. Host: 127.0.0.1
  156. Port: 9150 (or 9050 if you are still using Vidalia, which you should probably not be doing)
  157.  
  158. 5. You can now add your IM accounts! Go to:
  159.  
  160. Accounts > Manage Accounts
  161.  
  162. Click the "Add..." button.
  163.  
  164. Put in the account login details that you have and make sure your proxy settings are right for each account (it's the 3rd tab in this "Add Account" window). If you Use Global Proxy Settings, it will use whatever you put in under Step 4.
  165.  
  166. 6. Now log in and you can instantly message and talk with anyone that's in your buddy list. You can also add new friends to talk to by going to:
  167.  
  168. Buddies > Add Buddy...
  169. How do I get an IM account to talk with people?
  170.  
  171. That depends on which IM service you want to use. Many people use YahooIM, MSN, ICQ (in Russia), AIM (in USA) and now XMPP (a.k.a. "Jabber") is quite popular. XMPP is probably the best because there is no central server that can spy on everyone across the whole network like the others have. Contrast this with the other major IM networks.
  172.  
  173. Yahoo spies: http://www.wired.com/threatlevel/2009/12/yahoo-spy-prices/
  174. AOL spies: http://cryptome.org/isp-spy/aol-spy.pdf & http://cryptome.org/isp-spy/aol-spy2.pdf & http://cryptome.org/isp-spy/aol-spy3.pdf
  175. MSN spies: http://cryptome.org/isp-spy/msn-spy.pdf
  176. ICQ is owned by AOL and they spy on their userbase like most IM companies. They all also record connecting IP addresses which is not privacy friendly.
  177. Some XMPP servers do not log connecting IPs or greatly limit what they log. Policies are decided entirely by each individual XMPP server administrator.
  178.  
  179. How to Get a Free XMPP Account
  180.  
  181. 1. In Pidgin, go to: Accounts > Manage Accounts > Add...
  182.  
  183. 2. Use these settings:
  184.  
  185. Protocol: XMPP
  186. Username: YourDesiredName
  187. Domain: null.pm [or whatever jabber server you want to use, see list below]
  188. Resource: [Type anything you want or nothing at all. It indicates which device you are using. Not important.]
  189. Password: [make your password unique]
  190. Use this buddy icon for this account: [choose an avatar image from your computer if you want one]
  191. Check this box at the bottom: [❌] "Create this new account on the server"
  192.  
  193. 3. If you use a proxy to connect to this XMPP account, set it under the Proxy tab. You can choose "Use Global Proxy Settings" if you want to use the proxy which you set in Step 4 under "HOW TO INSTALL PIDGIN & OTR PLUGIN".
  194.  
  195. 4. Click the "Add" button. A box should pop up asking for your username and password once more, this is for XMPP account registration.
  196.  
  197. 5. After your new XMPP account is registered, make sure it is enabled in the Account Manager (check the box next to your XMPP account). Now you can add other XMPP users to your buddy list by going to: Buddies > Add Buddy...
  198.  
  199. Each new buddy you add must be authorized by them before their presence information will show up on your buddy list.
  200. Alternative XMPP Servers
  201.  
  202. Some jabber servers you can try:
  203.  
  204. null.pm (Netherlands)
  205. securejabber.me / giyvshdnojeivkom.onion (Germany)
  206. [https://jabber.ccc.de](jabber.ccc.de) (Germany)
  207. jabber.5july.org (Sweden)
  208. jabber.calyxinstitute.org (USA)
  209. jabber.otr.im
  210. swissjabber.ch (Switzerland)
  211. swissjabber.li (Liechtenstein)
  212. DuckGo.com (USA, DuckDuckGo's jabber server)
  213. jabb3r.net (Austria)
  214. jabber.cryptoparty.is (Romania, register @ https://jabber.cryptoparty.is:5288/register/)
  215. xmpp.rows.io
  216. jabber.no-sense.net
  217. crypt.am (hosted in France, register @ http://crypt.am)
  218. cock.li (or many diff domains with onion access @ https://cock.li/xmpp)
  219. xmpp.is (Iceland, register @ https://xmpp.is/register/)
  220. jabber.at (Austria, register @ https://register.jabber.at)
  221. jabber.no (Norway, register @ https://www.jabber.no)
  222. jabber.cz (Czech Republic, register @ https://secure.jabbim.com/reg/)
  223. jabber.se (Sweden)
  224. jabber.to
  225. jabber.ovpn.to (France net facing servers / German op'd?) |
  226. wallstreetjabber.biz / wallstreetjabber.com / securetalks.biz / methamphetamine.ru / wsjabberhzuots2e.onion
  227.  
  228. And many more can be found on these lists:
  229.  
  230. https://www.cryptoparty.in/connect/contact/jabber#need_an_account
  231. https://xmpp.net/directory.php
  232. https://list.jabber.at
  233. https://www.jabberes.org/servers
  234.  
  235. Some of the above require registering your account through their website (should be indicated) and cannot be registered through Pidgin. Registration is usually quick and easy in any event.
  236. Misc. XMPP topics:
  237.  
  238. List of XMPP servers running as hidden services too?
  239. I want to use Jabber(XMMP) through tor, How do I do it? whats a trustworthy, privacy perserving server to use?
  240. [OPSEC/Computer] What's the best XMPP server to use for your Jabber account?
  241.  
  242. Tor Messenger
  243.  
  244. https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
  245.  
  246. Self Destructing Message Services
  247.  
  248. https://OneTimeSecret.com - SSL, no JavaScript, encrypted, password optional. Deleted after 1st read or 7 days.
  249. https://Temp.pm - SSL, no JavaScript, encrypted, open source, password optional. Deleted on a timer (15 mins - 2 months) or @ first read, whichever comes first.
  250. https://www.ThisMessageWillSelfDestruct.com / https://TMWSD.sd / https://xn--uih.ws - SSL, no JavaScript, encrypted, password optional. Deleted after 1st read.
  251. https://NoPaste.me - SSL, no JavaScript. Timer to delete or "Burn on reading" option.
  252. https://QuickForget.com
  253. https://www.LockBin.com
  254. https://Privnote.com - SSL, JavaScript required.
  255. https://ReadThenBurn.com - SSL, JavaScript required, operated by BlackVPN.com
  256. https://NordVPN.com/es/secret-notes/ - SSL, JavaScript required.
  257. https://CloakMy.org - SSL, JavaScript required. Password, auto-destruct, timed destruct, & never expire options.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!