Topic: Lavabit.com and Tormail Email Alternatives... - page 6. (Read 31109 times)
Isn't there something like OTR but for email?
Bitmessage or something similar, built from the ground up for privacy, seems like the only answer for anyone not wanting to be snooped on. I don't see any solution that lets you both guard your privacy and be able to send messages to your non-tech-savvy mom. It doesn't matter how secure your mail provider is if your mom uses Gmail - the NSA and whoever else has access will scrape all correspondence between the two of you from your mother's end.
If you actually want to remain anonymous it's even harder - you can use proxies and convince all your contacts to use PGP all you like, but as soon as one of the people you mailed leaks your identity one way or the other, your mail address is linked to you. So you'll have to use a myriad different, rotating addresses, keeping everyone up to date on what address you're using currently... It's not reasonable. The net is broken from a privacy point of view, and a real fix is going to be very difficult to push through.
If you actually want to remain anonymous it's even harder - you can use proxies and convince all your contacts to use PGP all you like, but as soon as one of the people you mailed leaks your identity one way or the other, your mail address is linked to you. So you'll have to use a myriad different, rotating addresses, keeping everyone up to date on what address you're using currently... It's not reasonable. The net is broken from a privacy point of view, and a real fix is going to be very difficult to push through.
bitmessage has the been the best for me so far, but its kind of a hassle for frequent use
They didn't get shut down by any federal agency. The owner chose to commit suicide (not literally of course) rather than to hand over private user data.
The fact that no one's data was compromised is a victory to all. Yeah they all suffered a loss but at least Lavabit kept it real to the end unlike other similar service providers
that make false promises.
The fact that no one's data was compromised is a victory to all. Yeah they all suffered a loss but at least Lavabit kept it real to the end unlike other similar service providers
that make false promises.
Well, the feds came calling and the provider shut down. It's a case of jump-or-be-pushed, however 'honorable'.
Quote
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
Such as Lavabit for example?
Quote
Levison stressed that he has complied with "upwards of two dozen court orders" for information in the past that were targeted at "specific users" and that "I never had a problem with that."
Where is your data now?
And I'm sure that's too much of a hassle for everyone to do.
Hassle? I suppose, if you need to put down Netflix for what, an hour.....?
That's why a service like Lavabit was perfect to the core.
On my list of 'perfect', getting shut down by a federal agency is nowhere near the core.
They didn't get shut down by any federal agency. The owner chose to commit suicide (not literally of course) rather than to hand over private user data.
The fact that no one's data was compromised is a victory to all. Yeah they all suffered a loss but at least Lavabit kept it real to the end unlike other similar service providers
that make false promises.
Edit: Typos.
Like Hushmail, safe-mail has a backdoor into their backend for LE. I know this for a fact, don't ask for sources 
Here's a source, also note this was a Canadian court and five years ago;
Quote
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer."
But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.
But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.
http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
Yea i was speaking RE safe-mail. but good looks on the source, thanks
And I'm sure that's too much of a hassle for everyone to do.
Hassle? I suppose, if you need to put down Netflix for what, an hour.....?
That's why a service like Lavabit was perfect to the core.
On my list of 'perfect', getting shut down by a federal agency is nowhere near the core.
ByteMail
Official project home: bytemailproject.org
Quote
ByteMail is a decentralized, P2P, communication protocol for sending messages over a secure connection on the internet. ByteMail was created in order to provide people with a way to send messages without worrying about a third party intercepting and reading these messages. ByteMail ships with a webUI as well as a command-line UI.
If you are a developer and would like to contribute to the ByteMail project, check out the project on Github here: http://github.com/ByteMail
If you are a developer and would like to contribute to the ByteMail project, check out the project on Github here: http://github.com/ByteMail
Official project home: bytemailproject.org
ByteMail seems interesting but the fact that the project seems to be at its infancy is a bit of let down.
It will definitely discourage many potential users from adopting it.
Correct me if I'm wrong but if you want to send an encrypted mail to person A, your have to use A's pubkey. How do you encrypt all your mail if not all of your correspondent have setup their pubkey/privkey GPG system?
It would be like calling someone who doesn't have a telephone. The solution? Encourage or force them to get one, or buy one for them and show them how to set it up.
And I'm sure that's too much of a hassle for everyone to do. That's why a service like Lavabit was perfect to the core.
Like Hushmail, safe-mail has a backdoor into their backend for LE. I know this for a fact, don't ask for sources
Here's a source, also note this was a Canadian court and five years ago;
Quote
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer."
But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.
But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.
http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
Has anyone used 'safe-mail.net' ??
Firstly, the company that provides Internet services for hosting the Safe-mail.net system is Barak.net.il, based on our review of the domain registration for Safe-mail.net. Barak.net.il is one of three companies with a license from the Israeli government for providing similar Internet services, according to the English-language version of their web site, as we understand it. Perhaps it is merely a coincidence that Ehud Barak was once head of the Israeli Defense Forces intelligence branch.
Secondly, Safe-mail.net makes the usual disclosure that they may disclose your account activity, stored e-mails, and other information upon court order or law enforcement request. They make the unusual variation of this disclosure by stating that they may disclose these things whenever it is in their interest to do so. This vague contract clause should scare anyone who thinks about it even briefly. Given that Barak.net.il is licensed by the Israeli government, it would seem quite likely that the Israeli government could command that the data from all Safe-mail.net accounts be provided to the government.
Thirdly, we found no details about the encryption algorithms used to provide for security with Safe-mail.net. An investigation of Israeli law suggests that there is a mandate that encryption have back doors or key escrow for use by Israeli authorities.
Like Hushmail, safe-mail has a backdoor into their backend for LE. I know this for a fact, don't ask for sources
Correct me if I'm wrong but if you want to send an encrypted mail to person A, your have to use A's pubkey. How do you encrypt all your mail if not all of your correspondent have setup their pubkey/privkey GPG system?
It would be like calling someone who doesn't have a telephone. The solution? Encourage or force them to get one, or buy one for them and show them how to set it up.
ByteMail
Official project home: bytemailproject.org
Quote
ByteMail is a decentralized, P2P, communication protocol for sending messages over a secure connection on the internet. ByteMail was created in order to provide people with a way to send messages without worrying about a third party intercepting and reading these messages. ByteMail ships with a webUI as well as a command-line UI.
If you are a developer and would like to contribute to the ByteMail project, check out the project on Github here: http://github.com/ByteMail
If you are a developer and would like to contribute to the ByteMail project, check out the project on Github here: http://github.com/ByteMail
Official project home: bytemailproject.org
Has anyone used 'safe-mail.net' ??
Firstly, the company that provides Internet services for hosting the Safe-mail.net system is Barak.net.il, based on our review of the domain registration for Safe-mail.net. Barak.net.il is one of three companies with a license from the Israeli government for providing similar Internet services, according to the English-language version of their web site, as we understand it. Perhaps it is merely a coincidence that Ehud Barak was once head of the Israeli Defense Forces intelligence branch.
Secondly, Safe-mail.net makes the usual disclosure that they may disclose your account activity, stored e-mails, and other information upon court order or law enforcement request. They make the unusual variation of this disclosure by stating that they may disclose these things whenever it is in their interest to do so. This vague contract clause should scare anyone who thinks about it even briefly. Given that Barak.net.il is licensed by the Israeli government, it would seem quite likely that the Israeli government could command that the data from all Safe-mail.net accounts be provided to the government.
Thirdly, we found no details about the encryption algorithms used to provide for security with Safe-mail.net. An investigation of Israeli law suggests that there is a mandate that encryption have back doors or key escrow for use by Israeli authorities.
https://www.penango.com/ is an option to have end-to-end encryption with gmail webmail. Not FOSS.
I'd suggest http://www.mailvelope.com/ which is open source and provides OpenGPG integration for multiple webmails
I wish we had something where the encryption of one messages didn't use the same keys as the encryption of the previous message. So if at some point in time, one of my PGP priv keys is obtained somehow, all my mail isn't then readable.
This is my biggest issue with PGP.
I'm watching bitmessage with interest, but no osx client yet ?
This is my biggest issue with PGP.
I'm watching bitmessage with interest, but no osx client yet ?
There not being support for OSX is a downer, but we can always install Windows on OSX just for Bitmessage
No thanks
I'm currently running it on a free level AWS EC2 instance, just remote in whenever i want to check my messages...though this probably eliminates any real sense of security.
I wish we had something where the encryption of one messages didn't use the same keys as the encryption of the previous message. So if at some point in time, one of my PGP priv keys is obtained somehow, all my mail isn't then readable.
This is my biggest issue with PGP.
I'm watching bitmessage with interest, but no osx client yet ?
This is my biggest issue with PGP.
I'm watching bitmessage with interest, but no osx client yet ?
There not being support for OSX is a downer, but we can always install Windows on OSX just for Bitmessage
I wish we had something where the encryption of one messages didn't use the same keys as the encryption of the previous message. So if at some point in time, one of my PGP priv keys is obtained somehow, all my mail isn't then readable.
This is my biggest issue with PGP.
I'm watching bitmessage with interest, but no osx client yet ?
This is my biggest issue with PGP.
I'm watching bitmessage with interest, but no osx client yet ?
Made in Switzerland: https://www.neomailbox.com/services/secure-email
High strength SSL encryption
IMAP, SMTP, POP3 and Webmail
Multi-level spam and virus protection
Unlimited disposable email addresses
OpenPGP encryption, digital signatures
IP hiding for enhanced privacy
RSS feeds delivered via email
Hosted in Switzerland
We have been increasingly concerned about the alarming erosion of online privacy rights in the USA over the past decade that we've offered Secure Email services hosted in the USA.
To offer our customers an alternative to hosting their email in the USA, in 2004 we began offering Offshore Secure Email service hosted in The Netherlands, and in 2010 we moved all Offshore Secure Email accounts to servers hosted in Switzerland, which affords some of the strongest legal privacy protections for customer email messages stored on our servers.
High strength SSL encryption
IMAP, SMTP, POP3 and Webmail
Multi-level spam and virus protection
Unlimited disposable email addresses
OpenPGP encryption, digital signatures
IP hiding for enhanced privacy
RSS feeds delivered via email
Hosted in Switzerland
We have been increasingly concerned about the alarming erosion of online privacy rights in the USA over the past decade that we've offered Secure Email services hosted in the USA.
To offer our customers an alternative to hosting their email in the USA, in 2004 we began offering Offshore Secure Email service hosted in The Netherlands, and in 2010 we moved all Offshore Secure Email accounts to servers hosted in Switzerland, which affords some of the strongest legal privacy protections for customer email messages stored on our servers.
Too pricy. Lavabit's service was extremely secure and had a few extra features and all I had to pay was $8 or $16 a year. Thanks a lot Snowden!
LOL! 
I assume someone has already mentioned bitmessage.org (even though it's not email) it could replace email someday as a secure alternative.
Unless it becomes possible to send and receive messages to non-bitmessage users I highly doubt it will gain much acceptance. There's too much network effect to overcome.It is already possible to configure Thunderbird mail client to route mail through the bitmessage network ... it will become just another protocol layer option like POP, IMAP, SMTP, etc.
Is there a tutorial? If so, I would love to do this.
Jump to: