since the server crash ate my last thread about how to create anonymous email users over Tor in the age of cuckflare, I decided to recreate my findings from it. the goal is simple: create an email with a host that is considered trustworthy in most places online, using Tor Browser
I assume you're on a Debian-like system, including Ubuntu or Linux Mint. use a password manager like
keepassx to generate unique passwords for all services.
DO NOT USE ANY PASSWORDS THAT YOU USE FOR ANY OTHER ACCOUNTS. avoid using any special characters in your passwords, because configuring
mutt with them seems to work poorly
for this exercise you will need Javascript enabled in Tor Browser. the middle "Safer" setting should work. perhaps in the future I will figure out a way with scripts disabled. the target of this guide is protonmail. in my experience it is considered trustworthy enough for signing up for various services
we will use a series of what I will call "springboards", where we move from a less trusted service to a more trusted one, until we get to protonmail which has rather strict standards for what it considers trustworthy for email verification
the guide below will go cock.li -> kolabnow.com -> proton.me
>level 0: cock.lirun by chvddie-adjacent people. uses colorful domain names like cock.li, loves.dicksinhisan.us and horsefucker.org, so it is generally considered untrustworthy by almost everyone. but it has the benefit of easy signup. it will therefore serve as our level 0 service. it has some hidden services:
rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion for web
xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion for email (IMAP, POP) and chat (XMPP)
the clearnet web service tends to work better for signup for some reason, so use
https://cock.li/ to sign up. using the cock.li domain for your email seems to work best - I tried using airmail.cc but had problems logging in
cock.li currently does not have a webmail. look further down for a short guide how to set up an IMAP client (mutt) that runs via Tor
you can solve the Proof-of-Work thing if you want, but it's not necessary for this guide since we only need to be able to
receive email on this account. solving the PoW took 20 minutes on my crappy machine. you need to set the "Standard" safety option in Tor Browser
>level 1: kolabnow.comregister a free account and use your cock.li account to verify it. after a while an email with a registration code should show up in your cock.li inbox. use it
>level 2: proton.methe Tor service works poorly, so use the clearnet one. click "Create a free account", then "use your current email" and enter your kolabnow email. go to kolabnow.com and check your webmail, copy-paste the code into proton. only now will you get to choose your username. a bit annoying but whatever. success! you now have a moderately trustworthy email address that you can use to sign up all over the place!
>how to set up cock.li with muttmutt is a command-line (ncurses) email client. you will also need
torify. it should come with the
tor package. install both using
aptsudo apt install mutt tor
next set up
mutt. you need to percent encode (%40) the at sign (@) in your username in the IMAP (and possibly SMTP) URLs. on a fresh user the following should work for an account like
[email protected]mkdir .mutt
export USERNAME=mycoolaccount
export DOMAIN=cock.li
export PASSWORD=YOUR_COCKLI_PASSWORD
cat > .mutt/muttrc <<EOF
# Based on https://www.riseup.net/en/mutt
# Account
set realname = 'Anonymous'
set from = ${USERNAME}@${DOMAIN}
# Send
set smtp_url = smtps://${USERNAME}%40${DOMAIN}@xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion/
set smtp_pass = $PASSWORD
# Connection
set ssl_force_tls = yes
set ssl_starttls = yes
# Receive
set imap_user = ${USERNAME}@${DOMAIN}
set imap_pass = $PASSWORD
set folder = imaps://${USERNAME}%40${DOMAIN}@xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion/
set imap_check_subscribed
# Folder
set spoolfile = +INBOX
set postponed = +Drafts
set record = +Sent
EOF
be aware that the password is stored in plaintext. if you're super paranoid then omit it from muttrc and copy-paste from keepassx into mutt every time
next run
mutt via
torifytorify mutt
hopefully you should see yourself logging in successfully. (a)ccept any certificate. hooray!
>future worktry more email services, document which ones work as springboards for each other. I'm working on a graphviz thing for this