# Secure email without an IP changer is useless



## OnPoint88 (Feb 10, 2012)

The busts from hushmail were because they record your ip address. Since I subscribed to this service it appears I'm from a country where steroids are legal lol. https://btguard.com/vpn_pptp_win7.php


----------



## LAM (Feb 10, 2012)

yep, ISP's have to hand over that IP info once LE gets a court order.  the feds are even trying to get anti-virus manufactures, etc. to open up a back door for them.  corporate fascism is on the rise in the US.  I say corp fascism since the lobbyists in DC pull the strings of the puppets in high office.


----------



## Vibrant (Feb 10, 2012)

so are there any good free secure emails left?


----------



## OfficerFarva (Feb 10, 2012)

Vibrant said:


> so are there any good free secure emails left?



Hotmail, there's so many spam accounts how could they ever find you lol.


----------



## LAM (Feb 10, 2012)

OfficerFarva said:


> Hotmail, there's so many spam accounts how could they ever find you lol.



it's bad but nothing compared to yahoo, which I stopped using years ago because of that.  I have crazy filters on my hotmail account, had that email addy since '94 and everybody has it.


----------



## ~RaZr~ (Feb 10, 2012)

Everyone thought that Hushmail wouldn't hand over emails. Well they did...about 12 CDs worth of plain-text emails....

Best bet is to not trust any email provider to secure you 100%. That's all I'm going to say about that...

http://m.wired.com/threatlevel/2007/11/encrypted-e-mai/


----------



## LAM (Feb 10, 2012)

djlance said:


> Everyone thought that Hushmail wouldn't hand over emails. Well they did...about 12 CDs worth of plain-text emails....
> 
> Best bet is to not trust any email provider to secure you 100%. That's all I'm going to say about that...
> 
> Encrypted E-Mail Company Hushmail Spills to Feds | Threat Level | Wired.com



nothing is truly secure when connected to the public network.  it was the DOD (aka DARPA) and packet switching protocols that laid the foundation for the Internet.

when doing shady things on the Internet best to get in and get out...


----------



## ~RaZr~ (Feb 10, 2012)

LAM said:


> nothing is truly secure when connected to the public network.  it was the DOD (aka DARPA) and packet switching protocols that laid the foundation for the Internet.
> 
> when doing shady things on the Internet best to get in and get out...



Yea you totally lost me with the DOD/DARPA/packet switching protocols words. I'll just go ahead and agree with what you said


----------



## KelJu (Feb 11, 2012)

LAM said:


> nothing is truly secure when connected to the public network.  it was the DOD (aka DARPA) and packet switching protocols that laid the foundation for the Internet.
> 
> when doing shady things on the Internet best to get in and get out...



I'm going to have to disagree with you there. Data is passed from the data-link layer to the transport layer and then back down again from one node to the next. There is absolutely no security what so ever built into that process. It was designed for efficiency at a time when modems were dog shit slow, and people just wanted to get their data to where it needed to go.

It was after the fact that people had to go back and design intelligent routers and firewalls to control the flow of data though the network. Nearly all security is built into more modern protocols like ssl and ssh. The problem is that these protocols are only secure if the server that issues the public key key is secure. 

Hushmail fails to do this, because they are the actual entity that issues the public key to initiate a secure channel. If the feds take over hushmail, they have the key, and therefore can unlock all secure data on their email system. 

As far as truly secure email, it does exist. There a lot of open source email clients that use PGP. You might have to send someone the shared key through the mail on a piece of paper or call them up and actually tell them the key. after that, no entity, even your isp can know what you are sending and receiving.


----------



## LAM (Feb 11, 2012)

the first protocols developed were connectionless at layer 2 like UDP and TCP, it's all that was needed for small local networks on campus.

SSL and SSH are at the transport layer, after the connection between endpoints has been made at layer 3.  security basically comes in two forms, for known data transmission paths (point-to-point, etc.) and others for un-known paths such as VPN's etc. over the cloud.

PTP connections require significantly less security since they can not be snooped like with T1/T3, SONET, etc.  once you add in a gateway or bridge to the Internet is when security becomes a crap shot.  true security (and QOS) are only guaranteed on a private network.

ever since WiFi came out in the 90's it's been a major headache as it was not designed for corporate/business use.  I have to tell people all the time to not tie WiFi devices into your network for hotspot Internet access, etc. into the private network.  a separate account using DSL, cable, etc. for publice WiFi access removes that whole issue.


----------



## KelJu (Feb 11, 2012)

You got so much stuff there wrong. TCP is not connectionless. TCP is a connection oriented protocol and the most used protocol in the transport layer. The internet is built on TCP/IP. Security does not come in two forms. Security can be and usually is implemented in every layer of the OSI model. SSL does not operate in the transport layer. It operates in the application layer. SSL piggybacks off of TCP most of the time, because it can't establish a point to point connection.  

I don't know much about PTP. I have never used it other than PPPoE bullshit for dsl. All PTP VPNs I have used and setup use IPsec.


----------



## LAM (Feb 11, 2012)

SSH

http://www.rfc-editor.org/rfc/pdfrfc/rfc4254.txt.pdf

TCP/IP

http://www.rfc-editor.org/rfc/pdfrfc/rfc1180.txt.pdf


----------



## KelJu (Feb 11, 2012)

LAM said:


> SSH
> 
> http://www.rfc-editor.org/rfc/pdfrfc/rfc4254.txt.pdf
> 
> ...



Dude, really? That is so fucking weak!

Why are you posting links to 30 page PDFs as a reply to my post? TCP is a connection oriented protocol, and SSH and SSL operate in the application layer and/or between the transport and application layer depending on which OSI or TCP/IP stack you are looking at. 90% of textbooks place it in the application layer because they use APIs not built into the transport layer. Others say in between because they are retarded, and there is no such thing as in between a layer. You have to put it somewhere, and it stretches across many. Authentication for SSL and SSH is performed in the application layer. That is why it can't possibly exist in the transport layer. 


Ninja edit: By the way. The models have changed about 3 times since I started college. It use to be 5 layers, and now its 7. Sorry if I am coming across as a dick, but I do this stupid shit for a living.


----------



## Dark Geared God (Feb 11, 2012)

KelJu said:


> Dude, really? That is so fucking weak!
> 
> Why are you posting links to 30 page PDFs as a reply to my post? TCP is a connection oriented protocol, and SSH and SSL operate in the application layer and/or between the transport and application layer depending on which OSI or TCP/IP stack you are looking at. 90% of textbooks place it in the application layer because they use APIs not built into the transport layer. Others say in between because they are retarded, and there is no such thing as in between a layer. You have to put it somewhere, and it stretches across many. Authentication for SSL and SSH is performed in the application layer. That is why it can't possibly exist in the transport layer.
> 
> ...


 
talkin to lam is like talking to the wall once links are posted your wrong in his eyes..

Ninja edit: your still a dick


----------



## OnPoint88 (Feb 11, 2012)

Vibrant said:


> so are there any good free secure emails left?



I use privacyharbor.com


----------



## LAM (Feb 12, 2012)

KelJu said:


> Others say in between because they are retarded, and there is no such thing as in between a layer. You have to put it somewhere, and it stretches across many. Authentication for SSL and SSH is performed in the application layer. That is why it can't possibly exist in the transport layer.
> 
> 
> Ninja edit: By the way. The models have changed about 3 times since I started college. It use to be 5 layers, and now its 7. Sorry if I am coming across as a dick, but I do this stupid shit for a living.



your answer is based off using the 7-layer OSI model, mine was off the 4-layer TCP/IP network model. I'm old school and only work with data at the datagram/packet level and below.  getting info to the desktop is not my problem...lol

you can hide a surprising amount of information in data packets but w/o sniffer software it can not be viewed.  back in the day we used to hide messages in packets to insure that certain testers were actually doing their job in the lab.

you can also use a hex editor to manipulate files and hide info 

It's not retarded to say they are in-between because certain protocols use lower level info only as a carrier of sorts.


----------



## Watson (Mar 16, 2012)

why dont u just set up ur own email server on and old pc? save to usb, store than in an old microwave that works, then wipe it daily with a good shredder!

u get raided u turn microwave on, put Darik’s Boot and Nuke CD in server, hit that, 
then they aint got a pot to piss in


----------



## ~RaZr~ (Mar 16, 2012)

Tall Paul said:


> why dont u just set up ur own email server on and old pc? save to usb, store than in an old microwave that works, then wipe it daily with a good shredder!
> 
> *u get raided *u turn microwave on, put Darik???s Boot and Nuke CD in server, hit that,
> *then they aint got a pot to piss in*



If you are that much of a "big fish" or making that much profit, it doesn't matter if you nuke your whole house...your f^cked


----------



## squigader (Mar 16, 2012)

Just use a regular email account (gmail, yahoo, hotmail)

I don't think most people using hushmail, safemail and the like are doing anything remotely legal with it. You're better off with something like gmail + PGP


----------



## OnPoint88 (Mar 19, 2012)

Ok so what is PGP and where is it? Is that what securenym.net uses? Everyone seems to be switching from that. Safemail is just as bad as hush mail fyi.


----------



## Ichigo (Mar 31, 2012)

squigader said:


> Just use a regular email account (gmail, yahoo, hotmail)
> 
> I don't think most people using hushmail, safemail and the like are doing anything remotely legal with it. You're better off with something like gmail + PGP



How do you set up PGP?


----------



## OnPoint88 (May 24, 2012)

My first sticky, thanks! You might want to change the thread name from IP Changer to the proper terminology which is VPN Client. Here's some links to reviews and Tor is the only free one but is a pain in the ass because it doesn't work unless you have mozilla and remember to toggle it on in the browser even if it's running already. 
Best VPN Reviews – Compare and find VPN account providers.
Best VPN Service | VPN Reviews | Top VPN Service Providers
Best Private VPN Service Reviews, Free trial & Coupons - 2012
VPN Reviews - VPN Service Reviews, Free Trials and Deals
Best VPN For Anonymity | BestVPNForYou


----------



## Ainanalu (Sep 20, 2012)

lam said:


> yep, isp's have to hand over that ip info once le gets a court order.  The feds are even trying to get anti-virus manufactures, etc. To open up a back door for them.  Corporate fascism is on the rise in the us.  I say corp fascism since the lobbyists in dc pull the strings of the puppets in high office.


agreed


----------



## ballerific (Aug 21, 2013)

OnPoint88 said:


> I use privacyharbor.com



Same, really good


----------



## Improving (Nov 22, 2013)

I've heard and remember seeing something but securenym.net the Feds asked them to hand over their info on some emails but they don't have the passwords or anyway of getting into the emails. And something that once the emails is deleted it's truly gone. I wish i could find what I read a few years back

anyone have any ideas?


----------



## GiGerman (Oct 28, 2014)

Yes Thanks a lot
great links


----------



## Jimmycrooks (Dec 3, 2015)

*Agreed*



GiGerman said:


> Yes Thanks a lot
> great links



Your email never be safe with out IP change, its great thought. i would highly recommend if you can use some cheap vpn service to that. 

Hope that helps


----------



## West713112 (Dec 7, 2015)

*Thanks bro!*

Thanks for your info!!!


----------



## SandyRoberts (Aug 6, 2016)

I use ExpressVPN it is the best for me so far but for cheaper option PureVPN and PIA are also good


----------



## thomaslsmith (Oct 19, 2016)

Yes, changing ip address are worthy for emailing but that is not enough. Use dedicated secured ips for  this purpose. Purevpn is one that provide dedicated ips that can not trace or hack. Transport Layer Security is another technique that ensures your connection to a website is encrypted as well as verifying the integrity of the server you are connecting to. TLS is also used to encrypt your connection to an email server and connections between email servers and express vpn servers provide tls to further enhance the security level.


----------



## Ocnbreeze (Oct 23, 2016)

How about using encription like on Safe-mail?


----------



## Pumper23 (Dec 22, 2016)

When it comes to vpn, check out perfect privacy


----------



## Bosinda (Jan 20, 2021)

I cannot personally recommend any specific service. Each has advantages and disadvantages depending on what you need. But keep in mind that no proxy server VPN like browser is totally safe and foolproof. They can make the source of the email difficult to locate, extremely difficult. These hidden email services are often very secure. But again, none are fool proof something like FineVPN. Good luck.


----------

