Best Online Privacy Email Services & How To Use PGP

well you will NEVER get secure email if you don't encrypt it yourself, all other "easy" solutions where you don't need to have a key, don't need to remember any password, don't need to do anything for yourself.... that is exactly what you are going to get, some third party that will know what is "good" for you, that will do all your thinking for you, that will protect your "best interest" , just like gov agencies. And then you will be at the start of the problem - how do i protect my email from third party viewers.
If you want something done right..... you know the rest.

When you only protect email on one end of communication, that is no protection at all (not any real one - obscurity is not protection). Its just like locking only front doors of your car, leaving rest open. :/

If i understand you right, you are looking for something like this:
-you want encryption without password and without keys, preferably without extra clicking
-you want email provider to encrypt your mail to prevent himself from reading the mail
-you want provider to have all the keys/passwords stored so that you don't have to remember anything
-you want provider to upon delivering the mail to decrypt it and in the same time not to read it (hm?)
-and if the provider gets bullied by some agency or whomever to decrypt mails, he won't give them the keys/password, regardless the fact that he has them.
Now that's a bit of a problem.

Anyway, i gave you an option that i think is most secure and simple... if you don't like it... move on to the next one.

 

By the way has there been any talk about Comodo's Secure Email?

This might be a simple solution for the end-user, but then again, what happens when you send an email to some 3rd party, again some general email, how is it being handled on the receiving end when they're not using Comodo Secure Email?

We're all making assumptions here this is all for Windows an no other OS. Many users run OSX, and Linux too, so this doesn't really help but gives the general idea of what you are talking about.

Also as I mentioned before, I'm wondering if there is a solution that A. we can trust, B. we don't have to worry about being in 3rd party hands, C. they are credible solution, so D. we don't need to go on about doing it yourself keeping yourself out of prying eyes, etc., because it is good and verifiable...

What I was talking about before was simple communication and keeping it secure and also everyone seems to be missing the point, so let me go over this again.

1. We're talking about GENERAL email communication. Email to some company to ask questions, tech support email to a company, email enquiring about a product or service. Or anything else general in nature you can think about, we are not talking about high level business hush hush email...

I'm talking about random email that a person might do every day for general things, and actually probably nothing that really needs to be encrypted but because people want their privacy they want to go this route.

So here we are, the average computer user that uses Gmail, Yahoo, Hotmail, etc., for all their random daily life emails that now doesn't trust them and wants to start doing things private and secure no matter what the emails are.

This is the problem I'm talking about, doing all this general email through some sort of a solution, that the receiving end is not going to be to bothered with dealing with it.

The simplest thing I've seen so far is Safe-Mail has what is called the SafeBox where you send an encrypted email the receiving end answers the question and they then read the email through their browser on web based email and can reply back with the web based client that will send the email back encrypted....

So now with all this in mind, what solution are we going to offer for general email?

At this point in time I haven't seen anything simpler then Safe-Mail, but then I haven't tried out everything under the sun too, so maybe we'll get some more input, hopefully now that everyone has a better understanding of what we are shooting for...

THANKS

 

That is the "most secure" way. In fact, i have the setup of "Thunderbird, GPG4Win and Enigmail" and wish i could use it for almost all my email. Unfortunately, my contacts are no different than the rest of the general public - meaning they can't be bothered with encryption. So your way/my way is impracticable at this present time.

So now those wanting to secure email communication need to look at other ways that while not perfect, is alot better and more secure that sending almost everything "plain text".

I rarely send anything i deem "important". But it's a privacy issue for me - important or not!

 

Both SafeMail and CSE use "certs" and are not compatible with PGP/GPG keys.

CryptoHeaven/HushMail/AnonMail (hushmail rebrand but better because the free version offers unlimited aliases /Trulymail all offer password encryption with the receiver being able to reply "encrypted". CH goes even further as everything on the server is encrypted and if you chose, your "private keys" are only stored on your computer meaning all decryption is clientside. Any non-secure email you receive to your CH account gets immediately encrypted with your public key when it hits the CH servers.

 

I don't think CryptoHeaven is a good option, again for the general/average users out there, or for the bulk of general email someone might do, because you need to deal with waiting on and running a java applet and I highly doubt you're going to get much good reception from the receiving end wanting to deal with java applets...

Web based solutions are what I think we need to be looking at since they are the popular realm for most people already, now to just extend that and again the best I've seen that is the simplest so far is Safe-Mail, but I'm checking on others as we speak....

This looks interesting;
http://www.penango.com/index.html

THANKS

 

GPG has "exe" for linux and Mac as well.

From whom are we then protecting email, from a snoopy brother who might want to read it. But wouldn't a simple log-in password do the trick here?

So we would just change one mail provider for another....


Any way.... if for the sake of the thread i go searching for "solution":
-If sender and receiver are using same provider, then you can only send and receive mail inside that provider, this won't work if you send message to some company but they are not using encryption. I guess that is not useful for general public.
-When sender and receiver are using different provider, therefor both providers MUST be using encryption/decryption method, and it would need to be some open source or general public thingy, because if each uses its own encryption method, people won't be able to communicate since their is no way to decrypt message if you use different algorithm. To achieve this is going to be very hard, since all major mail providers (with majority of users attached to them) are not interested (or are hardly starting to) in upholding basic privacy rights, yet alone encryption.
-Perhaps the combination of these two would be some browser plugin (like for firefox), but that is yet again hard work for general public to be bothered with (just like gpg/pgp)

I don't know of any that would enable encryption of message on "my secure provider" and then enable decryption of message on "general public's" provider with no enc/dec.

 

Until the masses embrace encryption, we users who wish to secure all of our email need to compromise and of the solutions discussed, you compromise "more" using Safe-Mail as the email is "not" decrypted client-side. And anyone with access to the "follow link" can read that email. It's not very secure at all!

 

Best Online Privacy Email Services part 2 thread?

Sorry Fox, I know you mentioned in one of these threads that there was no sense in starting another thread and they could of just bumped the thread and starting a new one, but I tried that and it told me the thread was too old to reply to.

Has there been a more recent thread started on this subject I am not seeing?

I was wondering if you guys have come to any conclusions about what you were looking for in the thread. It seemed to have been left a bit open IMO. I know some people have continued to recommend HushMail and AnonMail, but I was also under the impression they would hand over information without a problem, which you pointed out in your first post when discussing. If that is the case, that's as useful as using HMA.

Has anything more become of that specific topic? Are the considered OK to use now?

https://www.wilderssecurity.com/showthread.php?t=286828

https://www.wilderssecurity.com/showthread.php?t=299218&highlight=anonymous email

Any thoughts or recommendations all these months later?

Thanks

 

Re: Best Online Privacy Email Services part 2 thread?

While investigating this topic, I came across Countermail https://countermail.com/?p=start

I also hear that COTSE has a good rep, but they are US based.

I just went all in and run my own email server (Ability Mail Server) with a No-IP DynDNS and MX record. I'm currently using my ISP as a 'Smart Host' for sending (to many bounce backs when going direct, but that was expected), but I'm looking for a better one. If you set up a domain and can attach an SPF or Domain Key record, direct sending would work fine.

P

 

Re: Best Online Privacy Email Services part 2 thread?

Countermail requires a java applet to be run during sign up. in my opinion.

As far as being anonymous I say Tor Mail is the best. I would still recommend encrypting email communications as Im not sure how much you can trust tor mail server operators. But Tormail offers anonymous logging in as it is over the tor network. I would not recommend sending or receiving emails that would identify (unless they are encrpyted.) Nor would it be a good idea to get bank account emails etc on a Tor Mail account. That being said as far as providing anonymity and being very hard to trace Im not sure there is a better solution than tor mail that I am personally aware of. Check out Tor Mail here: http://tormail.net/

 

Re: Best Online Privacy Email Services part 2 thread?

Bummer, never went that far, thanks. I used Tormail when asking questions about VPN's worked great. Slow as hell though. But sending a PGP message through it would be great (with your 'anon' key of course).

P

 

Re: Best Online Privacy Email Services part 2 thread?

I use free accounts accessed with Thunderbird + Enigmail (gpg) over VPN chains. Gmail works, for example. I've also used webmail via Tor, but it's harder to find providers which permit that. Gmail doesn't, as far as I know. Tormail is probably more secure, because it's a hidden service. There are encryption extensions for webmail, but I've never used them. I've also never attempted POP and SMTP over Tor. If you want stronger anonymity, there's always alt.anonymous.messages (yes, it's still active!).

 

Re: Best Online Privacy Email Services part 2 thread?

After signup you can use our IMAP with your own client, like ThunderBird+Enigmail. And if someone is paranoid they can use a Virtual OS for the signup

If you want a web mail with end-to-end PGP-encryption, you must use Java. There is a pretty big security difference between end-to-end encryption and server-side encryption. SSL alone is far from secure today.

Yes, and that one of the weaknesses with Tor, you should never send unencrypted sensitive information through Tor.

We are one of the few providers that don't log IP-addresses, so you don't need VPN or TOR when using our services.

 

Re: Best Online Privacy Email Services part 2 thread?

Thanks for the response CM.

PD

 

Re: Best Online Privacy Email Services part 2 thread?

Thanks Counter for your response. I am still trying to understand many of the things you folks are talking about on the technology around this, so maybe you could help. Here are some questions:

I noticed on your site your address is:

Intergrid AB
Box 52
177 21 Jarfalla, Sweden

And you mention that your servers are in Sweden. Where is your "company headquarters" actually located out of? Doesn't matter where the mailing address is, but the actual headquarters of the company does matter. I guess I have been confused as to why people think they are completely safe from prying eyes just because they are in Sweden when they still have to follow EU law. Sweden doesn't separate itself from EU, therefor, fall victim to the same pressure of a government that is an ally of the EU. Maybe this is a misunderstanding on my part, but from my homework on this subject, Sweden is not exempt from anything.
__________________________________________________

Based off the fact that Sweden is under EU, then:

So instead of stealing the servers, they can just "steal" the disks? I would assume it would be much easier to steal some disks than a whole server that is encrypted no? So if EU was pressured by a foreign ally, and they kicked in the door in the middle of the night (so to speak), they can just walk out with a few disks than a server. Am I reading this right?
________________________________________________
Is your premium service just for "one" email account? Can you have multiple emails under the primary?
________________________________________________

What exactly does this mean?
________________________________________________
I noticed these two things on your website:

ETA? Anything you want to share or leak with us? I would be curious to hear anything you would like to share with us about this service. Is there a link to any further information regarding this? Will there be packages offered that couple your email with VPN?
_______________________________________________

- ETA? Can you discuss this some more?

Thanks

 

Re: Best Online Privacy Email Services part 2 thread?

It's located in Stockholm (the capital of Sweden).

Well you're wrong, I live in Sweden and I have pretty good knowledge of our laws. Sweden is one of the few countries in EU which have not implemented the data retenation law. Czech Republic is another.

Here is an overview:
http://wiki.vorratsdatenspeicherung.de/Transposition#Sweden
More info: (google translated)
http://translate.google.com/transla...//europaportalen.se/tema/datalagringsdirektiv

I suppose you are talking about our mail servers, sure, but they will not find any IP-addresses on the disks, and most of the email data is encrypted.
We are also working on a solution to encrypt the email headers, as far as I know there are no other provider that encrypts email headers on the stored email.

User sessions (and the web interface) is handled by our diskless web server so the connection between an account and an IP-address will be gone if someone power off (or open) the web server, and since there are no disk in the web server, there's nothing more to find there.

It's for one account and one login, but you can create up to 10 different aliases and use them on one account.

We had a link to Comodo on our start page, where users could post feedback about us (Usertrust ratings), but we don't have that link anymore, so we will remove that point.

It's hard to say when our VPN will be finished, I know it will be ready during 2012. It will be based on our diskless server (which boots from a CD-ROM), so no IP can leak to any hard drive. And of course we will only setup VPN-servers in countries that do not demand IP-logging. We want to follow the laws... VPN will be a separate service, since you don't need a vpn for using our email, no IP will be stored anyway.

One-time messaging is an option where you can select that a message will self destruct (securly overwritten) after the recipient read it. This feature is also technically related to our coming "time-delayed sending" feature, these features have pretty high priority so it will be finished first quarter of 2012.

Regards
Simon

 

Thank you, that was all very helpful TBO. I am sure that I am wrong about Sweden in some regards. I appreciate you taking the time out to explain it further. I wasn't aware of what you were saying until now. Those links were helpful thanks.

That is why it is also important for folks to ask specifically where the headquarters are located. Doesn't necessarily matter where the servers reside (in some regards) but it does matter where the corporate office resides (in other regards).

I think you have a good package, thanks for the info

 

Ixquick is planning on offering a private/secure email service, I can't wait, then bye bye Gmail for me!

https://www.ixquick.com/eng/company-faq.html#q3

 

Thanks for that link.

 

I just use gmail and sign every e-mail that I send. This way I can prove if I sent something or not. That way if some tried to say I said something in a court of law I could prove I didn't

I do send encrypted e-mails too. GPG is the best solution out there if you know what you are doing.