Pages:
Author

Topic: Lavabit.com and Tormail Email Alternatives... - page 5. (Read 31158 times)

sr. member
Activity: 617
Merit: 250
I think running your own mail server for emails is a good Wink Huh

Yes I think that might be a good option. I'll duckduckgo some good tutorials on this.
legendary
Activity: 1400
Merit: 1013
What's the consensus on https://www.neomailbox.com ? It's expensive but is it good?
It's hard to be explain, but their web site is subtly wrong in a way that makes me not trust the site or the company behind it.
sr. member
Activity: 420
Merit: 250
★☆★777Coin★☆★
 I think running your own mail server for emails is a good Wink Huh
sr. member
Activity: 617
Merit: 250
Interesting discussion. What's the consensus on https://www.neomailbox.com ? It's expensive but is it good?
legendary
Activity: 1400
Merit: 1013
I see it as an incremental step. It's hard to get people to change at all, but it's less hard to convince them to add some protection to their existing communication medium than it is to convince them to adopt an entirely new platform.
sr. member
Activity: 279
Merit: 250

Yes. Note: Facebook will still log all the messages, and because it is OTR the encryption is fairly weak... even if the keys constantly change. Obviously the plausible deniability/log tampering argument might hold up in a court room, but please don't say anything on that platform you wouldn't want Facebook or LEA reading.  
sr. member
Activity: 279
Merit: 250
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place?

You'd have to negotiate that beforehand.
Isn't there something like OTR but for email?

With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
I mean something where the two ends negotiate an encryption over unsecure lines in a secure manner; while providing the option to fall back to plain text if the other side refuses to go secure.

Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
With GPG/PGP the email client has no clue whether the receiver has or hasn't means to read encrypted data until the user tells it...

Okay I see what you mean. Unfortunately building a system like you mentioned requires a 'failsafe' for decrypting the messege then sending plaintext if encrypted message can't be decrypted by the receiving party, an inherently insecure action.

OTR cannot do this either, so curious as to why you 'said similar to OTR for email' but then responded as you did?
Last i checked (not recently) OTR did indeed allow you the option of using plain-text if the other party didn't had OTR
Disabling your OTR or telling it to resort to plaintext if encryption is not available is a feature, yes. In the latter scenario OTR first sends a key message, and if they get no response the user can decide what the default option is (retry key exchange or send plaintext). This is dependent on immediate communication between the two recipients. This would only be possible via email if the person sending the email sent it encrypted, then got a response from the recipient that they don't accept said encryption and then a plain text message will be sent.

If you mean can the user send two messages at once, one encrypted, the other not, both in one larger encrypted container, the outter shell of which can be decrypted by the recipient without a special plugin and not seen by an attacker... I don't know if that is possible.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place?

You'd have to negotiate that beforehand.
Isn't there something like OTR but for email?

With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
I mean something where the two ends negotiate an encryption over unsecure lines in a secure manner; while providing the option to fall back to plain text if the other side refuses to go secure.

Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
With GPG/PGP the email client has no clue whether the receiver has or hasn't means to read encrypted data until the user tells it...

Okay I see what you mean. Unfortunately building a system like you mentioned requires a 'failsafe' for decrypting the messege then sending plaintext if encrypted message can't be decrypted by the receiving party, an inherently insecure action.

OTR cannot do this either, so curious as to why you 'said similar to OTR for email' but then responded as you did?
Last i checked (not recently) OTR did indeed allow you the option of using plain-text if the other party didn't had OTR
sr. member
Activity: 279
Merit: 250
Kim Dotcom of megaupload fame wants to get in on the act as well, starting an end-to-end encrypted email service:

http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail

This should be good ... he may come across sometimes like a big, funny guy (clownish) but you know what? ... He just goes ahead and does shit, he doesn't just talk about it.

Yea there is no doubt he is a doer more than a talker, but don't walk into his playpen willy nilly. If you are looking for secure encrypted mail storage the only person you can trust is yourself. Using open source software or at least auditable services is key.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
I assume someone has already mentioned bitmessage.org (even though it's not email) it could replace email someday as a secure alternative.
Unless it becomes possible to send and receive messages to non-bitmessage users I highly doubt it will gain much acceptance. There's too much network effect to overcome.

It is already possible to configure Thunderbird mail client to route mail through the bitmessage network ... it will become just another protocol layer option like POP, IMAP, SMTP, etc.

Is there a tutorial? If so, I would love to do this.

In fact, yes there is.

http://www.youtube.com/watch?v=ppk_zzjZRIg

no guarantees on what privacy leaks this opens up regards using the mail client both over bitmessage and normal channels. To begin with I would not use a Thunderbird client configured for bitmessage transport for regular mails or vice versa ... and I have no idea what other traffic Thunderbird may send/leak out, I know it can have lots of plugins etc ... so dyodd.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Kim Dotcom of megaupload fame wants to get in on the act as well, starting an end-to-end encrypted email service:

http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail

This should be good ... he may come across sometimes like a big, funny guy (clownish) but you know what? ... He just goes ahead and does shit, he doesn't just talk about it.
sr. member
Activity: 279
Merit: 250
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place?

You'd have to negotiate that beforehand.
Isn't there something like OTR but for email?

With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
I mean something where the two ends negotiate an encryption over unsecure lines in a secure manner; while providing the option to fall back to plain text if the other side refuses to go secure.

Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
With GPG/PGP the email client has no clue whether the receiver has or hasn't means to read encrypted data until the user tells it...

Okay I see what you mean. Unfortunately building a system like you mentioned requires a 'failsafe' for decrypting the messege then sending plaintext if encrypted message can't be decrypted by the receiving party, an inherently insecure action.

OTR cannot do this either, so curious as to why you 'said similar to OTR for email' but then responded as you did?
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place?
full member
Activity: 154
Merit: 100
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Isn't there something like OTR but for email?

With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
I mean something where the two ends negotiate an encryption over unsecure lines in a secure manner; while providing the option to fall back to plain text if the other side refuses to go secure.

Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
With GPG/PGP the email client has no clue whether the receiver has or hasn't means to read encrypted data until the user tells it...
sr. member
Activity: 279
Merit: 250
Isn't there something like OTR but for email?

With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
I mean something where the two ends negotiate an encryption over unsecure lines in a secure manner; while providing the option to fall back to plain text if the other side refuses to go secure.

Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP.
legendary
Activity: 916
Merit: 1003
Kim Dotcom of megaupload fame wants to get in on the act as well, starting an end-to-end encrypted email service:

http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Isn't there something like OTR but for email?

With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
I mean something where the two ends negotiate an encryption over unsecure lines in a secure manner; while providing the option to fall back to plain text if the other side refuses to go secure.
sr. member
Activity: 279
Merit: 250
Isn't there something like OTR but for email?

With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP?
Pages:
Jump to: