What can a Brit do to retain email privacy?

Discussion in 'privacy general' started by bubs, Jun 13, 2002.

Thread Status:
Not open for further replies.
  1. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    The problem is outlined here: http://www.wilderssecurity.com/showthread.php?t=1802

    Ok - so I want to protect my correspondance not because I have anything to hide, but as a point of political principle.

    Any suggestions as to a domain hoster (outside the UK!) who can provide me with SMTP email services CHEAP! and reliable?
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    IM me.
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    PGP (Pretty Good Privacy) could take care of email encryption - it's not 100% proof, but on average will do the trick.

    regards,

    paul
     
  4. snowman

    snowman Guest

    Did you folks notice that using enigmail you no longer need a plug in such as used with becky's to use pgp?

    snowman
     
  5. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    Thanks Paul and Snowman.

    I reckon Checkout is onto a good idea - an email encryption version of a web proxy.

    Just a matter of finding one...........
     
  6. snowy

    snowy Guest

    Buds

    you can check this out if you care to

    http://www.xint.com/


    snowy(snowman)
     
  7. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    Paul, could you expand a little on why you said PGP is not 100% proof. Thanks.
     
  8. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I'd also like to understand this better.
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Just from digging memory here.

    When Zimmermann left, and a "big security company" took full control over PGP, quality of new versions rapidly went downhill. I would have to perform some digging to find the specs. In essence, versions above v6.5.8 are not recommended for that reason.

    There should be several threads over here - including Zimmermann critizing later versions. A "search" over here could point you the way.

    regards.

    paul
     
  10. Helpin

    Helpin Guest

    If you wanna do it right http://www.mutemail.com/
    It is not cheap but it works.
    The company keeps no records at all on you. The billing is all done 3rd party or by anon. money order. No logs kept.
    It is POP not webmail. It is done right.
     
  11. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    Thanks Helpin and others.

    I'm going down the route of offshore hosting, and encryption.

    I don't want to be anonymous, just not to help some nosey civil servant who has no just cause to pry, and doesn't have to bother to go through 'due process' to get access to my ISP and phone logs.
     
  12. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Hear, hear. :doubt:
     
  13. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hello;

    A few lines which you might be interseted in to perhaps complement what Paul said earlier about Phil Zimmermann and PGP.

    Around January 2001, Phil Z. wrote a message entitled "A note to PGP users", in which he explained his reasons for leaving the company from then on owning the (quoting) "trademark and source code for the NAI implementation of PGP".

    He went on saying that "all versions produced by NAI, and PGP security, up and including the current (January 2001) release, PGP 7.0.3, are free of back doors".

    Again quoting, "[...] if NAI ever publishes the complete PGP 7.0.3 source code, I am confident that the public will be able to see that there are still no back doors. Until that time, I can offer only my own assurances that this version of PGP was developed on my watch, and has no back doors. In fact, I believe it to be the most secure version of PGP produced to date."

    This text I still have an exemplar of, but I have no idea which thread I followed to get my hands on it back then. It should not be that difficult for anyone interested to find it on the Web.

    Paul, did you know of this message by Phil Zimmermann ? What do you think about It ?

    Rgds, Crockett
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
  15. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    What about ZipLip? Could be useful. Good practical privacy policies. Here's the link. And, it's mostly free of charge.

    https://www.ziplip.com/services/index.html
     
  16. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi PS,

    A matter of personal choice. Personally I prefer a fairly secure email client (The Bat!) in conjunction with PGP.

    regards.

    paul
     
  17. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi Paul;

    Thanks for the thread to Phil Zimmermann's story. Sure he must be regretting some of his commercial choices...

    Do you have any specific comment about potential weaknesses in PGP versions which appeared later than 6.5.8.?!

    Sorry to ask, but it sure seems an important issue...;)

    BTW the thread to 'Full Story in The Register' is broken...

    Rgds, Crockett
     
  18. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Back online...

    Just checked at www.pgpi.org.

    PGP 7.0.3 was the last freeware international version of PGP.

    Phil Zimmermann's comments I was referring to earlier can be found at the same address.

    Paul, are there a lot of different addresses where PGP users's public keys can be found ?

    Crockett :cool:
     
  19. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    :)On further thought, I think it's better to ask any correspondent you might want to communicate with for his PGP public key directly, rather than trusting any list one may find on the Internet...

    Crockett
     
  20. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Crockett,

    Apologies for replying this late.

    Not that many servers around anymore to store a public key: one might give

    http://pgp.mit.edu a try.

    Posting the public key on a personal website and providing a link as a signature (using templates fe) on emails would be another possibility.

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.