If you know anything about Tor and exit nodes, papers and news articles have well documented the sniffing and logging activity of some sinister exit nodes, you'd know when using Tor *not* to use it for/with anything personal.
Bruce Schneier recently posted an entry to his blog about Tor OPSEC. I suggest anyone interested in using Tor, read it:
Tor Opsec: Good operational security guide to Tor.
http://www.schneier.com/blog/archives/2012/01/tor_opsec.html
http://cryptome.org/0005/tor-opsec.htm
I never suggested to use Tormail.net (which is not related to the official Tor project) or Tor for anything personal! If you know anything about Tor you know it's not to be used for personal activities. Tormail.net provides a more secure way, via an .onion hidden service for e-mail, which every party in the communication should use GPG:
- Windows:
http://www.gpg4win.org/
- *nix:
http://www.gnupg.org/
Compare it with other free e-mail services, many require cookies enabled, or flash, or javascript, contain advertisements, spyware, machines or people reading your mail, sessions not SSL all the way through, cookie spills even when you have an encrypted connection (Gmail, for one), and more attacks. I do not trust any of them and neither should you, nor should you trust *any* free e-mail provider for *anything*. You and your data *are* the product.
Anyone mentioning Hushmail should be laughed at at length.
Regarding personal e-mail, when you're *not* using Tor, unless you run your own mail server and encrypt everything, you're setting yourself up for possible compromise anyway, either through hackers, in-house disgruntled workers, "data dumps" which are usually blamed on hackers but not always the case (what better way to obtain information when you're a government than for an "accidental" database spill?).
In my opinion, If you're using a proprietary operating system (Windows/Mac OSX) you're not concerned about privacy and security anyway. Do you have access to the code? No. Windows XP alone had and continues to have dozens upon dozens of complete takeover, remote exploitable holes which were open for YEARS. Read the updates, it's all there in black and white, pre-SP1 all the way to this day, and Windows 7 has them, too, all of them do/have from my accounting.
If you're using Windows you're probably placing your trust in proprietary scanners and allowing them access to all of your files, some of the programs using the cloud to announce all of your files. In my opinion, programs and operating systems are closed source for one reason: to conceal backdoors. I believe many of these backdoors planted in software are eventually discovered by hackers and researchers and patched as "remote holes", but I say this with a tinfoil beanie.
Some good reading material:
"Reflections on Trusting Trust
Ken Thompson's Reflections on Trusting Trust, his Turing Award acceptance speech in 1984, was the first major paper to describe black box backdoor issues, and points out that trust is relative. It describes a very clever backdoor mechanism based on the fact that people only review source (human-written) code, and not compiled machine code. A program called a compiler is used to create the second from the first, and the compiler is usually trusted to do an honest job." -- continued at:
https://en.wikipedia.org/wiki/Reflections_on_Trusting_Trust#Reflections_on_Trusting_Trust
Use it or don't use it, but if you're Tor savvy you can appreciate it on some level, vs. the alternatives, many of which do not allow you to send e-mail but only receive it.
Show me a better and easier to use free e-mail service to use Tor with, I'm all eyes and ears.
Facebook
Twitter