One method we strongly advise for surfing the web anonymously is Tor, a network of virtual tunnels allowing people to browse the Web without revealing their identity.
To surf the net anonymously using Tor, you have to install Tor Browser (available for all operating systems): a browser configured for anonymous browsing.
You can find detailed instructions here.
Consider however that Tor by itself is not all you need to maintain your anonymity. There are risks you need to be aware of and adjustments you need to make, all listed here.
Accessing A/I via Tor Hidden Service
Most of our services are available as a Tor Hidden Service, at the following address: autinv5q6en4gpf4.onion
Currently the available services include the main site (webmail, WebDAV access, etc.), email (SMTP for deliveries and POP/IMAP), Jabber and IRC, all of which are available at the above address.
Since .onion addresses are not particularly mnemonic, it is possible to retrieve the Hidden Service address with a DNS query:
$ dig +dnssec +noauth +noquestion +nocmd +nostats onion.autistici.org TXT @22.214.171.124 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49449 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; ANSWER SECTION: onion.autistici.org. 9600 IN TXT "autinv5q6en4gpf4.onion" onion.autistici.org. 9600 IN RRSIG TXT 7 3 9600 20140110201148 20131211201148 24242 autistici.org. jshkdJJbHpxE0AzHcbQnr2mk75I/qawzLbObVX2A7lw79Sa5UEIjzHfl 75Vchn0095k9KTJqW2Y9yImxMTDuu3yXP1rmTzd9UXpEA7YFyPP5yOjU YUPS9BdzVOzYK9RsZSAOPom5fziDLzatcruI+/bPILbOOgR9vim/pZKr 0XI=
The thing to notice is the answer validated flag “ad” has been set. This example is using google public dns, however we recommend using a local validating resolver as explained here. Note: figuring out which .onion address to connect to is the subtle part of using an Hidden Service, we advise you to securely access this web page via SSL, verify the SSL certificate, and copy the .onion address to a local file or some other safe place.
If you feel more old-fashioned, you can also find a list of public proxies here:
Configuring Thunderbird to send and receive email via Tor
While this approach is not recommended by torproject, here we provide a few steps to use Tor to communicate with our mailservers. This might be a good option in situations where one is not able to access our mailservers directly (for example because of state censorship).
Disclaimer: this guide does not explain how to send anonymous emails (for that see how to use our anonymous remailer), nor these configurations enhance the anonymity of the messages you send. Connecting to our services through Tor is a way to obfuscate from the network provider you are using that you are connecting to our servers. This does neither make you more anonymous than you already are in our regards, because you have to authenticate to our servers to be able to use them, or shields you from unwillingly send identifying information to your correspondents through mail (i.e. in some mail header). If you have such needs, we suggest to either send the email via the webmail (via Tor, if you want to be anonymous in your navigation for your network provider) or to use Tails, configuring your email account in Thunderbird offered in that distribution.
Prerequisite 1: having a running Tor instance on your computer
Tor is a program that exposes a local proxy to connect to the internet (and also to the network of hidden services). Tor Browser is a modified flavour of Firefox, crafted to work better with the Tor proxy. It ships with a working Tor proxy. Whenever you turn on Tor Browser, a local instance of Tor proxy is started. Nevertheless, you can run Tor proxy independently from the Tor Browser. If you are able to do so, go ahead. Otherwise, to use Thunderbird through Tor, you will need to first start Tor Browser.
Prerequisite 2: configure the account
First of all, you need a working Autistici/Inventati email account (if you are not able to access directly our mailservers, and did not verify
if the account is working, just go ahead).
Let us add a new account, click on the main menu, then select
New, and then
Existing Mail Account...
Then you will be prompt with a box, where you can put the name you want to display, the email and the password.
Continue will trigger Thunderbird to search for the mailserver. In case of success the box will appear like this
If the mailservers are not retrieved, just insert these parameters
and modify the username to insert your full email, clicking on
Configure Thunderbird to use Tor as proxy
Now you should have configured Thunderbird with your A/I account.
Let’s modify how Thunderbird connects to the server. Rembember that this is a global configuration: every account you have on Thunderbird
will be used through Tor. Go to the menu, then select
Preferences, and then again
In the new windox, select
Advanced in the left column, then click on the
Network & Disk Space tab.
On that tab, click
Settings in the
Connection section. In the new window, select
Manual proxy configuration and enter
127.0.0.1 in the
SOCKS Host field and. Now, if you are using a local Tor proxy instance, insert
9050 on the same row in the
otherwise, if you are running Tor Browser, insert
Now, select also
SOCKS v5 below. Make also sure to tick the
Proxy DNS when using SOCKS v5 box.
Insert the A/I hidden service as mail server
This last step is not mandatory, but is recommended. Instead of using the aforementioned addresses to connect to the A/I mailservers, you should use the hidden service version. Indeed, this will connect you to the very same server, but because of how Tor works, its safer to use the hidden service instead of the ordinary one.
Let’s first modify the IMAP server address. Let’s right click on the A/I account in the left column. From the drop down menu, select
In the newly opened window, go to
Server Settings, second entry from above. There, replace
mail.autistici.org in the
Server Name field
autinv5q6en4gpf4.onion. Then, click
Ok in the bottom right.
To replace the SMTP server address, go to the very last voice in the left column,
Outgoing Server (SMTP).
There, select the
smtp.autistici.org entry in the box and click
In the new window, replace
smtp.autistici.org in the
Server Name field with
BEWARE: the next time you will retrieve the email from the webserver AND the very first time you will send an email using these new configurations, you will be prompted with an error message like these
THIS IS RIGHT, the mailservers still present to you a TLS certificate, but the name of such certificate DOES NOT MATCH the hidden service.
You can safely click on
Confirm Security Exception, having
Permanently store this exception flagged. If you want, you can verify that this certificates
bear the ordinary name (i.e.
mail.autistici.org for IMAP and
smtp.autistici.org for SMTP). If you do not accept these invalid certificates, you won’t
be able to use our email through Tor. You will need to repeat this operation about every 3 months (such is the validity span of our certificates: we renew
them with such frequency).