Author

Topic: Safe E-Mail Provider (Read 2288 times)

full member
Activity: 139
Merit: 100
November 01, 2014, 07:52:30 AM
#18
It will see only encrypted messages anyway.

... and metadata.
True, that. It's a problem of most e-mail communications - you can encrypt the message body but not things like the recipient's address, the subject line, the date and so on. If having that stuff visible is a problem, there are solutions to it (anonymous remailers, etc.) but they are an even bigger hassle than simple e-mail encryption. So, to re-iterate, if you want transparent, secure e-mail that can be used by anybody easily, you are simply out of luck.

7) MyKolab does not provide encrypted e-mail. They suggest that you use Thunderbird+Enigmail:

https://en.wikipedia.org/wiki/MyKolab#Email_encryption

Encryption can not be provided by a remote server in a meaningfull way. What are you talking about here?

Somebody above suggested MyKolab as a solution to the OP problem. I explained why it is not. I fully agree that you must not trust the e-mail server to do the encryption for you and you should do it on your own machine. Once you do that, what e-mail service you use is irrelevant.

8) Posteo is some German-language crap without even an English user interface. My knowledge of German is limited but it seems to be yet another "trust me" service.

I like that you think something is crap when you dont understand a word about it, makes you look like a very intelligent person.

If you don't read carefully what other people write, that doesn't make you look like a very intelligent person. Wink Nowhere did I say that Posteo is crap because it is in German. I said that it is German-language crap.

To begin with, any site that aspires to international business must have an English-language interface. The fact that this site does not tells you how professional its owners are.

That aside, my knowledge of German, while limited, is not non-existent. I did skim through their description. Nowhere did I see a clear and unambiguous explanation of how exactly they ensure the security of the e-mail service they offer. It is certainly possible that I have missed it because of my limited knowledge of German. But if it is indeed absent, it tells you even more about how "trustworthy" the service is.

That said, I readily admit that my own requirements for e-mail security are probably too strict for the average person. For instance, it is well-known that Snowden used the now-defunct Lavabit - while I would have never trusted such a service.
hero member
Activity: 798
Merit: 1000
LIR Dev. www.letitride.io
November 01, 2014, 06:09:47 AM
#17
any thoughts on hushmail?

http://www.wired.com/2007/11/encrypted-e-mai/     Smiley

Would not use Hushmail, there are much better email providers out there.
full member
Activity: 199
Merit: 100
November 01, 2014, 05:43:22 AM
#16
any thoughts on hushmail?
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
November 01, 2014, 01:35:47 AM
#15
1) The suggestion to run your own SMPT server/domain is plain ridiculous. If you do the encryption on your own computer (as you should, if you want security), then it doesn't matter where the server is and who owns it. It will see only encrypted messages anyway.

... and metadata. It actually makes sense to choose a provider that at least tries to protect your privacy for a number of reasons.
#1 While no company can deny a judicial requested they should instist on one.
#2 Freemailproviders in general generate data on their own because thats their bussiness model. Thus it makes sense to pay for the service which gives your provider less incentive to profile you and sell it via the marketing department.
#3 not everyone you contact might use encryption
#4 while any mailprovider should use SSL, e.g. GMX did not for ages.

So, as I said, if you don't care about compatibility with PGP users, just use Thunderbird+Enigmail+GnuPG and any e-mail carrier. I know that it will work with Yahoo! Mail. Maybe it will work with GMail, too - I just never tried configuring Thunderbird to use GMail.

GnuPG (same as PGP) is independent of the provider you use. They might not support it on their website, but one should not do encryption on a remote server anyway.

2) Where the server resides is irrelevant. The Swiss cave in to US pressure and broke even their own bank secrecy laws - do you seriously think that a Swiss-based company will refuse to execute a man-in-the-middle attack (like Hushmail did) if the magic word "terrorism" is mentioned by men in suits? If you want security, choose a solution that does not require you to trust the server - not one that relies on the server being in a "trustworthy country". If you do your own encryption, it doesn't matter if the server is based in the USA or elsewhere. The worst the US authorities can do is cut your e-mail service.

While you are correct that the location may not be relevant in certain cases, for actual law enforcement (not those creating a surveilance state hunting "torrorists") juristiction does matter. Besides OP specifically asked for providers outside the US.

7) MyKolab does not provide encrypted e-mail. They suggest that you use Thunderbird+Enigmail:

https://en.wikipedia.org/wiki/MyKolab#Email_encryption

Encryption can not be provided by a remote server in a meaningfull way. What are you talking about here?

8) Posteo is some German-language crap without even an English user interface. My knowledge of German is limited but it seems to be yet another "trust me" service.

I like that you think something is crap when you dont understand a word about it, makes you look like a very intelligent person.

On a more serious note, I actually thought they had an english UI by now.
newbie
Activity: 43
Merit: 0
October 31, 2014, 08:39:15 PM
#14
Www.yandex.com dutch company servers located in a secret building in Moscow.No probs in 2 yrs
legendary
Activity: 2618
Merit: 1105
October 31, 2014, 07:13:48 PM
#13
gmx?
legendary
Activity: 4424
Merit: 4794
October 31, 2014, 05:43:33 PM
#12
.... bitmessage...

legendary
Activity: 1512
Merit: 1036
October 31, 2014, 05:35:24 PM
#11
The "good encryption" is encryption that is located on your computer. You also need to obtain the public encryption key of the recipient in a way that you can confirm that it has been unaltered.

Encryption is not hard to do, but finding other parties that also can send and receive encrypted email is the harder part. You also must communicate with people who have the sense to decrypt and read the message where it can't be intercepted.

You can send and receive encrypted email with any provider, but it is much easier if they have POP/IMAP access so you can run your own client software instead of cutting and pasting the message to decrypt. Also note that the "metadata" of email transit and the sender/receiver info that spy agencies claim to have the warrantless right to intercept cannot be masked.


https://securityinabox.org/thuderbird_encryption
legendary
Activity: 2226
Merit: 1052
October 31, 2014, 05:31:04 PM
#10
Hi,

I am currently looking for a new E-Mail Provider.
I have used G-Mail for a while now, which is dumb, I know, but I am just a really lazy person sometimes.

Is there anything out yet, with a good client side encryption? Preferable not located in the US?

Thanks

If u r looking for Disposable Temporary E-Mail Address, u might like to try guerrillamail.com.
full member
Activity: 139
Merit: 100
October 31, 2014, 05:26:33 PM
#9
1) The suggestion to run your own SMPT server/domain is plain ridiculous. If you do the encryption on your own computer (as you should, if you want security), then it doesn't matter where the server is and who owns it. It will see only encrypted messages anyway. So, as I said, if you don't care about compatibility with PGP users, just use Thunderbird+Enigmail+GnuPG and any e-mail carrier. I know that it will work with Yahoo! Mail. Maybe it will work with GMail, too - I just never tried configuring Thunderbird to use GMail.

2) Where the server resides is irrelevant. The Swiss cave in to US pressure and broke even their own bank secrecy laws - do you seriously think that a Swiss-based company will refuse to execute a man-in-the-middle attack (like Hushmail did) if the magic word "terrorism" is mentioned by men in suits? If you want security, choose a solution that does not require you to trust the server - not one that relies on the server being in a "trustworthy country". If you do your own encryption, it doesn't matter if the server is based in the USA or elsewhere. The worst the US authorities can do is cut your e-mail service.

3) Protonmail is a (bad) joke. It is even worse than Unseen.is.

4) I strongly advise you not to use BitMessage, unless you have bandwidth to burn and are willing to face ridiculous accusations like "carrying e-mail traffic for terrorists/child molesters". Establishing a good, secure e-mail communication line is a headache enough; you don't want the additional headache of carrying other people's encrypted communications.

5) GMX is just webmail; I couldn't find anything on their site that says the e-mail is encrypted on the client - or even on their server.

6) Tutanota doesn't work well with external recipients (i.e., who are not Tutanota users). You need a separate channel to convey them the encryption key, which is a hassle. But it is insecure even between Tutanota users. They keep your secret keys for you. Yet another "trust me" service.

7) MyKolab does not provide encrypted e-mail. They suggest that you use Thunderbird+Enigmail:

https://en.wikipedia.org/wiki/MyKolab#Email_encryption

8) Posteo is some German-language crap without even an English user interface. My knowledge of German is limited but it seems to be yet another "trust me" service.

As I said, the short answer to your question is "no". But maybe your requirements are less strict than mine.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
October 31, 2014, 12:52:08 PM
#8
You may wanna check out GMX eMail http://www.gmx.com/

Freemail = you are the product. GMX is no better than gmail in that regard.

Focus on small providers like mykolab [1] (take bitcoin, located in switzerland) or posteo [2] (based in germany, do not require any data, you can pay cash if you wanted to).




[1] https://mykolab.com/
[2] https://posteo.de/
sr. member
Activity: 410
Merit: 250
October 31, 2014, 12:11:44 PM
#7
you can host your own domain and setup email service on this
your own private email setup
full member
Activity: 532
Merit: 100
October 31, 2014, 12:06:01 PM
#6
Check out tutanota.de
sr. member
Activity: 309
Merit: 250
October 31, 2014, 08:19:41 AM
#5
You may wanna check out GMX eMail http://www.gmx.com/
sr. member
Activity: 378
Merit: 250
October 31, 2014, 08:14:53 AM
#4
Host your own mail & private smtp server (published externally of course)

This means you probably have to re-do the contract with your ISP though.
sr. member
Activity: 337
Merit: 250
October 31, 2014, 07:17:59 AM
#3
http://prxbx.com/email/

http://prism-break.org/en/categories/windows/#email-accounts

https://protonmail.ch/

I use countermail.com currently, but also have a protonmail account as well.

You can also use bitmessage, although it is experimental, and they are still working on problems with it.

https://bitmessage.org/wiki/Main_Page
full member
Activity: 139
Merit: 100
October 31, 2014, 06:44:21 AM
#2
The short answer is "no". But it depends what you want to do and what your needs are.

For me, it is utterly important that the message is secure (which means only encrypting it myself on a computer I fully control) and the communication is compatible with other people like me (which means using PGP and not GnuPG, for instance). But I'm just a dinosaur.

If you don't care about backwards compatibility with PGP users like me, you can use Thunderbird with the Enigmail plug-in (which uses GnuPG) and any conventional e-mail carrier.

If convenience is more important than security and compatibility, you can use a web-based service like www.unseen.is. This is not an endorsement. I've tried them. They are both incompatible (can't import my PGP key and have failed to resolve the problem for months; their customer support sucks) - and insecure (JavaScript-based encryption? Really?!).

You do realize that if you use client-based encryption, you'll be able to communicate only with people who also use that encryption, don't you?

If you are looking for transparent and secure encryption of your e-mail that even your old aunt can use and cannot be spoofed by the e-mail carrier, you are SOL.
hero member
Activity: 714
Merit: 500
October 31, 2014, 04:05:30 AM
#1
Hi,

I am currently looking for a new E-Mail Provider.
I have used G-Mail for a while now, which is dumb, I know, but I am just a really lazy person sometimes.

Is there anything out yet, with a good client side encryption? Preferable not located in the US?

Thanks
Jump to: