Pages:
Author

Topic: Lavabit.com and Tormail Email Alternatives... - page 6. (Read 31158 times)

hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Isn't there something like OTR but for email?
legendary
Activity: 1615
Merit: 1000
Bitmessage or something similar, built from the ground up for privacy, seems like the only answer for anyone not wanting to be snooped on. I don't see any solution that lets you both guard your privacy and be able to send messages to your non-tech-savvy mom. It doesn't matter how secure your mail provider is if your mom uses Gmail - the NSA and whoever else has access will scrape all correspondence between the two of you from your mother's end.

If you actually want to remain anonymous it's even harder - you can use proxies and convince all your contacts to use PGP all you like, but as soon as one of the people you mailed leaks your identity one way or the other, your mail address is linked to you. So you'll have to use a myriad different, rotating addresses, keeping everyone up to date on what address you're using currently... It's not reasonable. The net is broken from a privacy point of view, and a real fix is going to be very difficult to push through.
donator
Activity: 406
Merit: 252
Study the past, if you would divine the future.
bitmessage has the been the best for me so far, but its kind of a hassle for frequent use
full member
Activity: 154
Merit: 100
They didn't get shut down by any federal agency. The owner chose to commit suicide (not literally of course) rather than to hand over private user data.
The fact that no one's data was compromised is a victory to all. Yeah they all suffered a loss but at least Lavabit kept it real to the end unlike other similar service providers
that make false promises.

Well, the feds came calling and the provider shut down. It's a case of jump-or-be-pushed, however 'honorable'.

Quote
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC

Such as Lavabit for example?

Quote
Levison stressed that he has complied with "upwards of two dozen court orders" for information in the past that were targeted at "specific users" and that "I never had a problem with that."

Where is your data now?
hero member
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
And I'm sure that's too much of a hassle for everyone to do.

Hassle? I suppose, if you need to put down Netflix for what, an hour.....?

That's why a service like Lavabit was perfect to the core.

On my list of 'perfect', getting shut down by a federal agency is nowhere near the core.

They didn't get shut down by any federal agency. The owner chose to commit suicide (not literally of course) rather than to hand over private user data.
The fact that no one's data was compromised is a victory to all. Yeah they all suffered a loss but at least Lavabit kept it real to the end unlike other similar service providers
that make false promises.

Edit: Typos.
sr. member
Activity: 279
Merit: 250
Like Hushmail, safe-mail has a backdoor into their backend for LE. I know this for a fact, don't ask for sources Wink

Here's a source, also note this was a Canadian court and five years ago;

Quote
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer."

But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.

http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

Yea i was speaking RE safe-mail. but good looks on the source, thanks
full member
Activity: 154
Merit: 100
And I'm sure that's too much of a hassle for everyone to do.

Hassle? I suppose, if you need to put down Netflix for what, an hour.....?

That's why a service like Lavabit was perfect to the core.

On my list of 'perfect', getting shut down by a federal agency is nowhere near the core.
hero member
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
ByteMail

Quote
ByteMail is a decentralized, P2P, communication protocol for sending messages over a secure connection on the internet. ByteMail was created in order to provide people with a way to send messages without worrying about a third party intercepting and reading these messages. ByteMail ships with a webUI as well as a command-line UI.

If you are a developer and would like to contribute to the ByteMail project, check out the project on Github here: http://github.com/ByteMail

Official project home: bytemailproject.org

ByteMail seems interesting but the fact that the project seems to be at its infancy is a bit of let down.
It will definitely discourage many potential users from adopting it.
hero member
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
Correct me if I'm wrong but if you want to send an encrypted mail to person A, your have to use A's pubkey. How do you encrypt all your mail if not all of your correspondent have setup their pubkey/privkey  GPG system?

It would be like calling someone who doesn't have a telephone. The solution? Encourage or force them to get one, or buy one for them and show them how to set it up.

And I'm sure that's too much of a hassle for everyone to do. That's why a service like Lavabit was perfect to the core.
full member
Activity: 154
Merit: 100
Like Hushmail, safe-mail has a backdoor into their backend for LE. I know this for a fact, don't ask for sources Wink

Here's a source, also note this was a Canadian court and five years ago;

Quote
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer."

But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.

http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
sr. member
Activity: 279
Merit: 250
Has anyone used 'safe-mail.net' ??

Firstly, the company that provides Internet services for hosting the Safe-mail.net system is Barak.net.il, based on our review of the domain registration for Safe-mail.net. Barak.net.il is one of three companies with a license from the Israeli government for providing similar Internet services, according to the English-language version of their web site, as we understand it. Perhaps it is merely a coincidence that Ehud Barak was once head of the Israeli Defense Forces intelligence branch.

Secondly, Safe-mail.net makes the usual disclosure that they may disclose your account activity, stored e-mails, and other information upon court order or law enforcement request. They make the unusual variation of this disclosure by stating that they may disclose these things whenever it is in their interest to do so. This vague contract clause should scare anyone who thinks about it even briefly. Given that Barak.net.il is licensed by the Israeli government, it would seem quite likely that the Israeli government could command that the data from all Safe-mail.net accounts be provided to the government.

Thirdly, we found no details about the encryption algorithms used to provide for security with Safe-mail.net. An investigation of Israeli law suggests that there is a mandate that encryption have back doors or key escrow for use by Israeli authorities.

Like Hushmail, safe-mail has a backdoor into their backend for LE. I know this for a fact, don't ask for sources Wink
full member
Activity: 154
Merit: 100
Correct me if I'm wrong but if you want to send an encrypted mail to person A, your have to use A's pubkey. How do you encrypt all your mail if not all of your correspondent have setup their pubkey/privkey  GPG system?

It would be like calling someone who doesn't have a telephone. The solution? Encourage or force them to get one, or buy one for them and show them how to set it up.
hero member
Activity: 860
Merit: 1004
BTC OG and designer of the BitcoinMarket.com logo
ByteMail

Quote
ByteMail is a decentralized, P2P, communication protocol for sending messages over a secure connection on the internet. ByteMail was created in order to provide people with a way to send messages without worrying about a third party intercepting and reading these messages. ByteMail ships with a webUI as well as a command-line UI.

If you are a developer and would like to contribute to the ByteMail project, check out the project on Github here: http://github.com/ByteMail

Official project home: bytemailproject.org
member
Activity: 98
Merit: 10
Has anyone used 'safe-mail.net' ??

Firstly, the company that provides Internet services for hosting the Safe-mail.net system is Barak.net.il, based on our review of the domain registration for Safe-mail.net. Barak.net.il is one of three companies with a license from the Israeli government for providing similar Internet services, according to the English-language version of their web site, as we understand it. Perhaps it is merely a coincidence that Ehud Barak was once head of the Israeli Defense Forces intelligence branch.

Secondly, Safe-mail.net makes the usual disclosure that they may disclose your account activity, stored e-mails, and other information upon court order or law enforcement request. They make the unusual variation of this disclosure by stating that they may disclose these things whenever it is in their interest to do so. This vague contract clause should scare anyone who thinks about it even briefly. Given that Barak.net.il is licensed by the Israeli government, it would seem quite likely that the Israeli government could command that the data from all Safe-mail.net accounts be provided to the government.

Thirdly, we found no details about the encryption algorithms used to provide for security with Safe-mail.net. An investigation of Israeli law suggests that there is a mandate that encryption have back doors or key escrow for use by Israeli authorities.
hero member
Activity: 623
Merit: 500
CTO, Ledger
https://www.penango.com/ is an option to have end-to-end encryption with gmail webmail. Not FOSS.

I'd suggest http://www.mailvelope.com/ which is open source and provides OpenGPG integration for multiple webmails
hero member
Activity: 882
Merit: 501
Ching-Chang;Ding-Dong
I wish we had something where the encryption of one messages didn't use the same keys as the encryption of the previous message. So if at some point in time, one of my PGP priv keys is obtained somehow, all my mail isn't then readable.

This is my biggest issue with PGP.

I'm watching bitmessage with interest, but no osx client yet ?



There not being support for OSX is a downer, but we can always install Windows on OSX just for Bitmessage

No thanks Smiley

I'm currently running it on a free level AWS EC2 instance, just remote in whenever i want to check my messages...though this probably eliminates any real sense of security.

hero member
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
I wish we had something where the encryption of one messages didn't use the same keys as the encryption of the previous message. So if at some point in time, one of my PGP priv keys is obtained somehow, all my mail isn't then readable.

This is my biggest issue with PGP.

I'm watching bitmessage with interest, but no osx client yet ?



There not being support for OSX is a downer, but we can always install Windows on OSX just for Bitmessage
hero member
Activity: 882
Merit: 501
Ching-Chang;Ding-Dong
I wish we had something where the encryption of one messages didn't use the same keys as the encryption of the previous message. So if at some point in time, one of my PGP priv keys is obtained somehow, all my mail isn't then readable.

This is my biggest issue with PGP.

I'm watching bitmessage with interest, but no osx client yet ?

hero member
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
Made in Switzerland: https://www.neomailbox.com/services/secure-email


    High strength SSL encryption
    IMAP, SMTP, POP3 and Webmail
    Multi-level spam and virus protection
    Unlimited disposable email addresses
    OpenPGP encryption, digital signatures
    IP hiding for enhanced privacy
    RSS feeds delivered via email
    Hosted in Switzerland


We have been increasingly concerned about the alarming erosion of online privacy rights in the USA over the past decade that we've offered Secure Email services hosted in the USA.

To offer our customers an alternative to hosting their email in the USA, in 2004 we began offering Offshore Secure Email service hosted in The Netherlands, and in 2010 we moved all Offshore Secure Email accounts to servers hosted in Switzerland, which affords some of the strongest legal privacy protections for customer email messages stored on our servers.

Too pricy. Lavabit's service was extremely secure and had a few extra features and all I had to pay was $8 or $16 a year. Thanks a lot Snowden!  Angry LOL!
legendary
Activity: 858
Merit: 1000
I assume someone has already mentioned bitmessage.org (even though it's not email) it could replace email someday as a secure alternative.
Unless it becomes possible to send and receive messages to non-bitmessage users I highly doubt it will gain much acceptance. There's too much network effect to overcome.

It is already possible to configure Thunderbird mail client to route mail through the bitmessage network ... it will become just another protocol layer option like POP, IMAP, SMTP, etc.

Is there a tutorial? If so, I would love to do this.
Pages:
Jump to: