I suggest you ...

Tor Hidden Service

Add access to your site through tor as a hidden service.

226 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Colin Arnott shared this idea  ·   ·  Admin →

    27 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • TA commented  · 

        Tor does NOT mean no Javascript. Having Javascript enabled when trying not to be recognised by the site you're visiting IS a bad idea. That's why the Tor browser disables it by default.

        However, the threat model here is different - accessing Tutanota as a Tor hidden-service is about not letting your ISP, nosy government, or the creepy guy in the corner at Starbucks know that you are a tutanota customer. It prevents dragnet style attacks. Given that .onion-addresses ARE the public key of the service, the security is rather higher than the TLS/SSL PKI infrastructure, meaning it's way harder for someone to fiddle with the Javascript code of the application. Since some nation states DO legitimately own certificate authorities, TLS/SSL does NOT currently protect against nation states.

        Accessing Tutanota via Tor exit nodes is only as secure as regular TLS/SSL (see above).

        Aside 1: Legal targeted surveillance will not be impeded by this, because once you're an identified target, they can always bug your devices or shoulder surf.

        Aside 2: I don't know enough about i2p to speak to it's security properties.

      • mailn commented  · 

        and .i2p +

      • mailn commented  · 

        .onion adress +

      • Anonymous commented  · 

        This. Protonmail is Tutanota's main competitor I'd say (I use both services, competitor is just a general term there's plenty of market share for both) and they recently created a hidden service (https://protonirockerxow.onion/) for use of their application. It would be great if Tutao did the same, as right now any Tor user who wants the strongest security for their email would probably use Protonmail's hidden service. The fact that one can register through Tor browser on Protonmail's hidden service is a huge boon to them as well.

      • Anonymous commented  · 

        @Ooo
        No JavaScript means no automatic crypto. You'd do all the crypto with your own tools. Unless Tutanota releases a standalone client.

        Tutanota has custom application of open algorithms to protect the entire inbox, so the inbox may not be accessible at all without an official client or until after the API is released.

      • Ooo commented  · 

        I think it would be best if tutanota could just provide a hidden service at whatever.onion address, it could perhaps be a stripped down version with no javascript.. There must be a way to do the key exchange to decrypt your inbox without java. Maybe I don't know what I'm talking about though?

      • Colin Arnott commented  · 

        Ole, thanks for the idea, but I think you over looked some details in your plan.

        Relative links aside, what you are suggesting will actually serve to deanonymize you, and is worse than accessing the service over tor. With tor, your connection would be like so:
        you → tor guard node → tor middle node → tor exit node → tutanota server

        But you are suggesting the following flow:
        you → tor client guard → tor client middle → tor client exit → tor onion exit → tor onion middle → tor onion guard → your server → tutanota server

        The only advantages you would see are if you and your server come from different locations, you do not trust the ISP/nation-state you are connecting to, but are fine giving up anonymity between your server and tutanota, because your server will connect directly to tutanota.

        As a general rule hidden services are most practical when run on the same host (or internal network for load-balanced servers) as the server that hosts the content.

      • Ole Tange commented  · 

        If the links in Tutanota's webmail are relative links, then it will be very easy to implement:

        Setup a hidden service on port 443.
        Redirect your port 443 to tutanota:443.

        Everyone can do this (if the links in the webmail are relative), but it will clearly be better if there is an official hidden service and not just one run by a random person like me.

        I find it important for the same reasons @Muhammed find unnecessary: We need more noncontroversial services on TOR so TOR can shed its reputation of only being used for shady activity. That said TOR-access should of course not be the only way of accessing Tutanota.

      • Anonymous commented  · 

        +1 for this.

        Facebook, DuckDuckGo, and even Blockchain all have hidden services.

        This would make it safer for users like myself who live in dangerous and oppressive countries to access and use Tutanota.

      • Colin Arnott commented  · 

        to clear up some misconceptions,

        0) tutanota accounts are pseudonymous; while they ask for a name, they do no kind of formal verification and would only have access to the ip logs and cleartext mail, as they cannot access the content of your encrypted of messages.

        1) tor encrypts traffic within its network but not as it leaves [technically it is exit node to tor client, but this is a minor distinction and I can discuss it further offline], as such an exit node operator can sniff as much as your telco provider or the nsa can. I much prefer having the exit node threat model as it reminds you that there could be a real person watching your traffic. any service that uses tls protects from malicious exit node operators

        2) tor hidden services encrypt from end to end, this is the reason that most do not use tls, [again this is really hidden server to tor client]. the network diagram is somewhat different, because the traffic never leaves the tor network, and this allows for a server to become anonymous, but also prevents the server from generating any ip logs as all connections to the hidden service show up with ip 127.0.0.1 finally hidden services do not need to rely on dns or dane: the address is a hash of the server's crypto public key, thus its name is already tied in with its crypto

        3) what you are describing with a "specific exit node" is an exit enclave, they sort of work in concept, but have large flaws because of how tor works

        4) to implement this tutanota would need to run the tor software, but need not operate a tor relay; internal, exit or guard. the tor hidden service code is completely separate from the relay code

      • Anonymous commented  · 

        What about having a specifix exit node inside of the tutanota network? all tor traffic can only enter the service trough the exit node inside the network so that it's impossible to snif passwords on exit nodes that you don't know.

        BUT is that even possible with tor?

      • Anonymous commented  · 

        I thought Tor was not meant for this. Afterall you need to be sure that the exit node is not sniffing for login passwords. And once you log in on a server trough tor then you already breach the very reason why you are using tor in the first place.

        I'm not against the idea but I try to make sense of it. Anonimity ends when you log in by using a PERSONAL account that can be linked TO YOU. Unless you also created the account when using tor and you NEVER EVER log in to the account without using tor. But I wonder what kind of people would do this. It only seems a feasable thing for people who are planning on commiting fraud. But yea, also people who need more then just basic anonimity might want this.

        So ok I answered my own question with a reason to ask a bigger question, but I'm not sure how to ask it. There is more to this then only the simple question.

      • Willem commented  · 

        A messaging service ?
        by the way, are attachments encrypted ?

      • d4rkm0nk commented  · 

        add tor lnk plz cuz reasons, and also things. :-D

      • Anonymous commented  · 

        If Tor Hidden Service is decided to be done,i2p service will be also appreciated to be implemented.

        i2p and Tutanota User :)

      • Téchne Digitus commented  · 

        I suggested this in a E-mail yesterday to Tutanota Team and I did not read this before!

        This is very important to TOR and Privacy... (Remember all of us: We are the resistence!)

        The more serious companies enjoy TOR, less power will have the bad reputation of "Deep Web Myth" (reference to Muhammed comment)...

        And... I wish to add here the following consideration:

        - Maybe Tutanota can be the first company to use DANE feature in a .onion domain!! This would be a kind of revolution! :)

        And, ofcourse, get TORProject Team envolved will help a lot!

      • Colin Arnott commented  · 

        If you would prefer to use tor for feedback, the underlying issue is that the https://tutanota.uservoice.com/* webpage is trying to fetch javascript, etc. from uvcdn.com . The same Cloudflare captcha that you see when you access tutanota.uservoice.com gets triggered when you try to fetch the content from uvcdn.com, and both needs to be submitted for you to load the page appropriately.

        tl;dr go to uvcdn.com first, submit the captcha solution; then load tutanota.uservoice.com, submit second captcha solution. Happy browsing over tor.

      ← Previous 1

      Feedback and Knowledge Base