If you had any faith left in anonymous email services, now would be the time to let that go. New court documents show that in chasing down associates of Freedom Hosting, the FBI managed to download the entire email database of TorMail. And now it's using that information to take on the Darknet.
Just over a month after reports of a malware attack on the anonymous Tor network, the FBI told an Irish court that it was behind the shenanigans. But âÃ¶ ReadâÃ¶
It's unknown exactly how many users or how much data is in the TorMail network, but we do know that the FBI has it all. The agency obtained a search warrant for a TorMail account connected to a Florida man accused of stealing credit card numbers in order to search its own copy of the database. It appears that the FBI acquired the database while using malware to investigate Freedom Hosting last year. As Wired put it:
The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later.
In the past six months, we've learned that the FBI's using malware to expose the anonymous internet and the NSA's been going after Tor for years. And now it seems that federal authorities have been successful in breaking down the wall of anonymity that kept the internet safe for a lot of users. We've also learned that despite his advisors' recommendations, President Obama is content continuing the bulk collection of data that drew scrutiny to the NSA in the first place, albeit in a different form. And so while Tor and its related services are still good for a lot of things, anonymity is apparently no longer one of them.
My TorMail test account’s password stopped working as soon as I had an email in it with some fake BitCoin info I created as a test. I concluded that TorMail is false security, part of a crime ring, perhaps even a government scam. The above story amounts to the same thing: The government get everything. The way around this is to create an email service that uses strong end to end encryption and does not store anything on any server. Google is working on a Chrome plugin to do just that: http://techcrunch.com/2014/12/17/googles-end-to-end-email-encryption-tool-gets-closer-to-launch/
If it does what it says, that’d be great. See https://www.mailvelope.com/