[biomechanica]

As far as I can tell, the advantage of using tormail (the hidden service) coupled with GPG/PGP is simply the added layer of security (which is anonymity). Like I stated before, Tor isn't necessarily for privacy. It is all about anonymity. So if a person doesn't encrypt their messages there is a (slight?) chance of their messages being read. This could lead to compromising your anonymity and privacy.

With GPG/PGP encrypted messages, you will not have this problem as much.

If a person is only seeking privacy then GPG/PGP is more than enough to secure their messages (while keeping in mind the headers are visible - just alter it).

It think tormail is great for journalists etc. who need anonymity to protect themselves from dangerous times. That's about the only thing I would use it for.

[cookiecaper]

So, basically, the only benefit is that your IP is not exposed. I think there are much better alternatives than Tor for that, and I definitely don't think it really justifies using a custom "private" mail service that easily could be a honey pot.

I use PGP for as much mail as I can on my normal server. Even if you use PGP, it's still not a good idea to use a honeypot unless the risks at play have been carefully calculated aforehand. We want the available attack surface to be as small as possible, for lots of potential reasons: PGP mails can be encrypted incorrectly either by operator error or a bug in your crypto stack, recipients may be able to be divined from the crypted message, the government may have a secret weapon capable of decrypting certain messages, the government definitely can make an educated attempt if they determine your content is high-value, etc. etc.

Basically I think a good privacy setup shouldn't need to include anonymously-run services like tormail that are just as likely (if not more likely) to be honeypots as honestly run by a kind-hearted security enthusiast with impenetrable integrity.