Private Email Services

Well, since all free email services are allowed to read your email(and not just Gmail), I was wondering if anyone is using any private email services that don't read customers' emails. And if so, what is the name of the service that you are using?

Plus, does anyone know of any other means to prevent one's email carrier from reading your email?

 

Use end-to-end encryption

 

I do two things:

Run my own email server (can be free, but I payed about $100 for Ability Mail Server).

And I use Countermail. 1 yr is around $50 IIRC.

PD

 

I use Countermail too, so far so good.

 

This question seems to pop up so often that surely there is a level of agreement, yet there doesn't seem to be. I still feel a level of uncertainty about which is the best email provider. It's a shame that some of the better VPNs (Air, Boleh, Mullvad) don't offer an email account as well.

As for the OP, I'd recommend Lavabit or maybe to apply for a Rise Up account. I've heard Neomailbox is decent but it's quite pricey. Hushmail should have been good but they only respect your privacy until the authorities want to look at your account, making it fairly pointless.


Btw Countermail requires Java so worth bearing that in mind.

 

Needing Java isn't as good as not needing it, but it can be controlled pretty well. I run a separate portable browser just for CM, with the Java Plug-In enabled. All other browsers have Java disabled. I also control it with the firewall, disabling all communication for java.exe until I visit CM.

RiseUp! would be good, nice call. You have to get "approved" though.

PD

 

I must admit I was a little nervous about applying for a RiseUp account but when I did fill out the application I was just honest without rambling rather than saying what I thought they wanted to hear. I was lucky enough to get an account but now I'm very cautious about how to use it as I don't want to link it too much if at all with any of my other accounts.

Btw, a nice way of managing Java.

 

+1
Additionally is definitely one of the cheapest option (eg. GPG) which you can introduce to encrypt sent data.

 

Countermail + PGP encryption. Seriously you should all be using PGP it will come back to bite you ~ Snipped as per TOS ~ if you don't.

 

unable to get others onboard....

 

Yup, that's sad reality, see latest poll about it: https://www.wilderssecurity.com/showthread.php?t=344624

 

Only once for the initial sign up, you can use IMAP after that.

 

The results are not surprising and make sense for private emails. PKI without a way to manage keys quickly breaks down when the need to use it exceeds your local group. In order to use PKI, both sender and receiver need each others public keys. It sounds simple for small groups, but now add several thousand, hundred-thousand, or more into the mix and you have a second full time job on your hands. Webmail services can protect the end user when accessing their email online, or provide local encryption at the server level, but once an email needs to be sent to someone outside their system, the security stops. You may have the best email setup in terms of security, but all that is useless the minute you need to send emails to individuals or groups who have no way to decrypt your data.

In order for true private email encryption to take off, you would need to force (legally) a standard to all major providers and on a global level. Honestly Oracle has a better chance of going more than 30 days without a Java 0day then that happening in our life time.

Encrypting emails in a work environment is easy, as everyone from Bob in Infosec to Sally in Sales has the same solution, same encryption algorithms available to them, the same tools (Smartcard, CAC), and a GAL to store their public keys. All thanks to standards,policy, and AU guidelines to keep their jobs.

 

Have you downloaded Thunderbird to create your email account? You can create several pseudonyms. So you can create different identities and isolate the connections of each one. you can also delete them and create new ones at will.

 

Wonder why Hushmail sets cookies that expire in two months or even a year.

And use Zendesk for 'help', with different privacy policies, and didn't Zen have a massive data leak not too long ago?

 

Caspian, I do use Thunderbird but I've never done anything beyond using my email accounts in the way that it automatically sets up. Do I need to configure Thunderbird or is the default fine?


@box750, that certainly takes Java out the equation but I'm still a little unsure about how IMAP works. Don't you have to log into your email via the webpage evey now just to show you're still using the account? Maybe it's different with a paid account or maybe I'm misunderstanding what IMAP does.

As for a paid account, I'm really thinking Neomailbox looks very good. 1 gb of storage, unlimited disposable email accounts and your email kept on secure servers in Switzerland.

 

You don't use your Internet browser, you use an email client like Sylpheed.

 

I would suggest people review https://developer.mozilla.org/en-US/docs/Thunderbird/Autoconfiguration and probably test the behavior of their version of Thunderbird before deciding whether or not to allow Thunderbird to attempt autoconfiguration of account settings. Notice that it can, and in nearly all cases *will*, expose your full email address in an http request and possibly expose the domain portion to Mozilla in an https request.

It is a very good idea to manually confirm account settings anyway, so you might as well prevent Thunderbird from using this autoconfiguration mechanism. I've read that putting Thunderbird in offline mode before creating a new account will accomplish this and at times I've worked around the problem by configuring Thunderbird when there is no active Internet connection.

A critical decision is whether or not to allow messages to remain on the server. Downloading them and then deleting them from the server... the POP way if you will... is clearly the way to go from a security/privacy POV. In which case I'm not aware of any good reasons not to simply configure Thunderbird to use a POP server or rather access a POP server over SSL/TLS. There is also this info, which I haven't really studied: http://kb.mozillazine.org/Deleting_messages_in_IMAP_accounts

Some if not all of these concepts would apply to other email client software too.

 

Sub Rosa private email; great features and service; used them for several years and do recommend:

http://www.novo-ordo.com/sr_features.php


Found the following one recently; has options for paid and free; haven't tried yet, but looks good:

https://www.secure-email.org/index.php -- https://www.secure-email.org/index.php?action=faq


A freebie that looks good;

http://privatdemail.net/en/ -- http://privatdemail.net/en/faq.html


Best Regards to all.

__

 

This sounds interesting, however I could not sign up...strange.

 

urs2.net

It was my ISP when I had dialup; now, my web host and email service.

It's a one-person operation here in southern California. Emails are not stored on his server unless I choose to leave them there.

He offers both POP3 and web email.

I've been with him since 1995.


----
rich

 

Found the problem: psw too long.
Signed up for the free account. No sense, only 1MB storage allowed.
5GB for 120$/y.
I leave it.

Here some good info, this guy is also in Wilders (I forgot his username).

http://www.thesimplecomputer.info/articles/email-for-privacy.html

 

As others have mentioned Rise Up is a great service. Again, end-to-end encryption is a must...

As far as the application process goes: In a lot of ways our security/anti big brother mentality meshes with their outlook quite nicely.

 

Some questions you should ask your "private email" provider:

-How do you protect incoming unencrypted email?
-What kind of protection do you have if someone steals/seize the mail server?
-How do you candle court orders, and pressure form the government to give them the users passwords?

If they don't have any "good" answer on these questions, I would not call them "private" at all...

 

Just to say, I wouldn't touch Neomailbox. Their disposable email isn't very good and their 30 day money back guarantee is a lie. If you pay up and ask for a refund they will just ignore you. It very much feels like Neomailbox has been abandoned, or that they don't care about their customers. Whatever it is, I would implore anyone even considering Neomailbox to look elsewhere.