Confidant Mail supports anonymous users via the TOR and I2P anonymous networks. Both client-to-server and server-to-server connections can run through TOR and I2P, allowing for several anonymity models. Public and anonymous users can exchange messages with each other.

TOR supports both hidden services and exit node connections to public services, while I2P supports only hidden services. Use of exit nodes should be avoided where possible, because they can and sometimes do tamper with traffic. If an exit node performs a man-in-the-middle attack, this will produce a "certificate has changed" log entry in the client's System Messages or sending server's log. Such an attack should not compromise message content, but it would allow for traffic analysis.

If the server provides both a public port and a TOR/I2P port, anonymous users connect via the hidden service and public users connect via the public port, and they can exchange emails even if the public user does not have a TOR/I2P client.

If the server provides only a public port, anonymous users can either send to it via a TOR exit node, or send via proxy, assuming the anonymous user's home server has TOR/I2P capability.

If the server provides only a TOR/I2P port (covert server), then public users can send to it only by installing TOR/I2P clients, or by proxy if the public user's home server has TOR/I2P capability.

Clandestine organizations may run covert servers. Since a covert server does not participate in the Entangled DHT, the only way to fetch keys for its users is to manually enter the server's hidden-service name and port into the address lookup. This is a feature rather than a bug for organizations which do not want to advertise their existence.

You can use an Entangled account anonymously for free, using any server or set of servers. If you want a server account, you will have to sign up with a service provider. Use Tor for the signup, and use Bitcoin or a prepaid debit card bought with cash to pay. The servers you use should have .onion addresses so you do not have to use an exit node to access them.

To access a server anonymously, you need to install the Tor client from [ http://www.torproject.org ] and configure the client to use it. First get Tor working and verify you can access websites through it.


Enter localhost and your Tor SOCKS port as shown, and check the proxy options shown. This causes outgoing messages to go via Tor exit nodes. If you have a paid account and an auth key, you can also check Proxy outgoing Direct IP to send your outgoing mail through the server rather than an exit node.

To give a server a Tor .onion address, set it up normally as explained here and then configure a hidden service in your torrc file pointing to your server's TCP port. A server that has only a .onion address (no public IP) is known as a covert server.

I2P works as a hidden server protocol only. It does not relay to public Internet servers. Use the b32 address assigned by the I2P Router Console. The addresses look like: gbcokpw7ehglomdema73dusvijfkdhwcgstf5vc7itbjdscshwza.b32.i2p:8082