I think running your own mail server for emails is a good 
Yes I think that might be a good option. I'll duckduckgo some good tutorials on this.
Topic: Lavabit.com and Tormail Email Alternatives... - page 5. (Read 31109 times)
Yes I think that might be a good option. I'll duckduckgo some good tutorials on this.
What's the consensus on https://www.neomailbox.com ? It's expensive but is it good?
It's hard to be explain, but their web site is subtly wrong in a way that makes me not trust the site or the company behind it. 
I think running your own mail server for emails is a good
Interesting discussion. What's the consensus on https://www.neomailbox.com ? It's expensive but is it good?
I see it as an incremental step. It's hard to get people to change at all, but it's less hard to convince them to add some protection to their existing communication medium than it is to convince them to adopt an entirely new platform.
Yes. Note: Facebook will still log all the messages, and because it is OTR the encryption is fairly weak... even if the keys constantly change. Obviously the plausible deniability/log tampering argument might hold up in a court room, but please don't say anything on that platform you wouldn't want Facebook or LEA reading.
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place?You'd have to negotiate that beforehand.
Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
Okay I see what you mean. Unfortunately building a system like you mentioned requires a 'failsafe' for decrypting the messege then sending plaintext if encrypted message can't be decrypted by the receiving party, an inherently insecure action.
OTR cannot do this either, so curious as to why you 'said similar to OTR for email' but then responded as you did?
If you mean can the user send two messages at once, one encrypted, the other not, both in one larger encrypted container, the outter shell of which can be decrypted by the recipient without a special plugin and not seen by an attacker... I don't know if that is possible.
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place?You'd have to negotiate that beforehand.
Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
Okay I see what you mean. Unfortunately building a system like you mentioned requires a 'failsafe' for decrypting the messege then sending plaintext if encrypted message can't be decrypted by the receiving party, an inherently insecure action.
OTR cannot do this either, so curious as to why you 'said similar to OTR for email' but then responded as you did?
Kim Dotcom of megaupload fame wants to get in on the act as well, starting an end-to-end encrypted email service:
http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail
http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail
This should be good ... he may come across sometimes like a big, funny guy (clownish) but you know what? ... He just goes ahead and does shit, he doesn't just talk about it.
Yea there is no doubt he is a doer more than a talker, but don't walk into his playpen willy nilly. If you are looking for secure encrypted mail storage the only person you can trust is yourself. Using open source software or at least auditable services is key.
I assume someone has already mentioned bitmessage.org (even though it's not email) it could replace email someday as a secure alternative.
Unless it becomes possible to send and receive messages to non-bitmessage users I highly doubt it will gain much acceptance. There's too much network effect to overcome.It is already possible to configure Thunderbird mail client to route mail through the bitmessage network ... it will become just another protocol layer option like POP, IMAP, SMTP, etc.
Is there a tutorial? If so, I would love to do this.
In fact, yes there is.
http://www.youtube.com/watch?v=ppk_zzjZRIg
no guarantees on what privacy leaks this opens up regards using the mail client both over bitmessage and normal channels. To begin with I would not use a Thunderbird client configured for bitmessage transport for regular mails or vice versa ... and I have no idea what other traffic Thunderbird may send/leak out, I know it can have lots of plugins etc ... so dyodd.
Kim Dotcom of megaupload fame wants to get in on the act as well, starting an end-to-end encrypted email service:
http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail
http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail
This should be good ... he may come across sometimes like a big, funny guy (clownish) but you know what? ... He just goes ahead and does shit, he doesn't just talk about it.
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place?You'd have to negotiate that beforehand.
Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
Okay I see what you mean. Unfortunately building a system like you mentioned requires a 'failsafe' for decrypting the messege then sending plaintext if encrypted message can't be decrypted by the receiving party, an inherently insecure action.
OTR cannot do this either, so curious as to why you 'said similar to OTR for email' but then responded as you did?
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place? 
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
Kim Dotcom of megaupload fame wants to get in on the act as well, starting an end-to-end encrypted email service:
http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail
http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail
Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
Jump to: