Access over Tor

Reach your inbox over the Tor network

If your network is hostile, monitored or censored, the normal road to scrooglemail.com may be blocked - or watched. So we also run Scroogle Mail as a Tor onion service: a second front door that never touches the public internet's naming system at all.

Official v3 onion address
http://fzlbuw2nsusmrrl7cd577ohharpu2rnkmnspsedllju7ufgji5euctqd.onion

This is our only onion address. It serves the full webmail client and the API, so both the browser app and our open-source clients work over Tor. A v3 onion address is a long string of random-looking characters, not a word we can choose - so always compare the whole 56-character address, not just the start. Lookalike onions are a real phishing trick.

The short version

What is Tor, and why would you use it?

Tor bounces your connection through three volunteer-run relays around the world, each of which only knows the step before and the step after. The result: the website you visit doesn't learn where you are, and your local network doesn't learn what you're visiting.

Get past censorship

Where scrooglemail.com is blocked by a national firewall, a workplace or a hotel network, the onion service usually still works - there's no DNS lookup or public IP to blacklist.

Hide that you use us at all

Even encrypted traffic reveals who you're talking to. Over Tor, your ISP, employer or landlord's router can't see that you connect to Scroogle Mail - only that you use Tor.

Defence in depth

An onion connection is authenticated by the address itself and encrypted end to end inside Tor, on top of our own TLS and message encryption. More independent layers, fewer single points of failure.

Honestly: most of our customers never need this page. It exists for the people who do - journalists protecting sources, activists and NGO workers, and people living or travelling in countries where reading the wrong inbox is dangerous. If that's not your situation, the normal website with a good password and two-factor authentication is already a very strong setup.

Before you rely on it

Honest caveats

Tor is a tool, not a spell

  • It's slower, and sometimes flaky. Three extra hops around the planet cost latency, and busy relays drop connections now and then. That's the price of the design, not a fault we can fix.
  • It hides the connection, not the contents. Your messages are already end-to-end encrypted and stored zero-access whether or not you use Tor. Tor adds anonymity about where you're connecting from - nothing more, nothing less.
  • It doesn't fix a compromised device. Malware on your laptop reads your screen no matter how clever the routing is. Keep your devices updated and your recovery phrase offline.
  • Extreme threat models need more than a browser. If a serious adversary is specifically after you, combine Tor with your own operational security - separate identities, careful metadata habits, ideally advice from people who do this professionally. We'd rather say that plainly than sell you false comfort.
Getting connected

How to use it

  1. Install Tor Browser

    Download it free from torproject.org for Windows, macOS, Linux or Android. It's a modified Firefox with Tor built in - no configuration needed.

  2. Paste the onion address

    Copy the full address from the card above into Tor Browser's address bar. Bookmark it once you've checked it character for character - typing 56 characters by hand is how people get phished.

  3. Sign in as normal

    Your usual address, password and two-factor code work exactly as they do on the clearnet site. Same account, same mailbox, same everything - only the route is different.

  4. Verify it whenever you like

    We publish the onion address in our security.txt at https://scrooglemail.com/.well-known/security.txt, signed with the security team's PGP key, so you can confirm it out of band. If an address doesn't match what's published there, don't use it - and tell security@scrooglemail.com.

Same zero-access service, different road in.

The onion service is the same infrastructure in the same Swiss datacentres, with the same zero-access encryption - we can't read your mail whichever door you come through. Tor changes how your connection reaches us, never how your data is protected once it does.

Read the security model Check service status