Lavabit alternative

Discussion in 'privacy technology' started by mattdocs12345, Aug 15, 2013.

Thread Status:
Not open for further replies.
  1. frank7

    frank7 Registered Member

    Joined:
    May 14, 2011
    Posts:
    130
  2. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
  3. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
    Lavabit did encrypt stored and incoming email, Runbox don't do that, personally I don't think they belong in this thread. But at least they are better than Gmail :)
     
  4. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,293
    Location:
    EU
  5. frank7

    frank7 Registered Member

    Joined:
    May 14, 2011
    Posts:
    130
    For normal everyday email that one gets Runbox should do the trick. Here I learned that there is nothing I can do to prevent people from reading order confirmation emails sent from companies in an unencrypted format to myself. Regardless of TLS even.

    Even if it is sent through TLS only one server in the row needs to not have it and the message is sent without TLS and therefore subject to exposure.

    So for my needs, even if I would go with a cmail account, there is nothing that can be offered that is better regarding transit of unencrypted email, or is there?

    Do you guys use ForceTLS and reject email from people not sending over TLS? I am not so much concerned about the email being stored securely as I am about it being sent over a secure connection start to end and most of all being received over a secure connection start to end. Can you force incoming email to be received start to end over TLS or over a secure encrypted connection, even though the content is not encrypted?
     
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    Thank you. This the same question that I have been hitting at in this thread:
    https://www.wilderssecurity.com/showthread.php?p=2271392#post2271392
     
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    There is nothing *anybody* can do to *guarantee* that unencrypted email is sent secure. Refusing it wouldn't help - your buddy still sent the nuke plans to *you*...doesn't matter that you didn't get them :D

    This is an unsolvable problem with email, unless a worldwide standard for TLS transport is mandated, and the old protocols cease to function. Very unlikely.

    You can't *guarantee* that a confirmation email from xyz company will be secure, end to end.

    But using a secure provider still protects from other methods (or running your own server).

    PD
     
  8. tlu

    tlu Guest

    One important aspect is if your email provider supports Perfect Forward Secrecy.

    I've just tested it for riseup.net - and the result is not "perfect", IMHO.

    If I execute

    Code:
    openssl s_client -cipher 'ECDH:DH' -connect mail.riseup.net:465
    the result is:

    This suggests that their SMTP server supports PFS.

    However, if I execute

    Code:
    openssl s_client -cipher 'ECDH:DH' -connect mail.riseup.net:995
    or

    Code:
    openssl s_client -cipher 'ECDH:DH' -connect mail.riseup.net:993
    the result is:

    This suggests that their pop3 and imap server does NOT support PFS.

    I've also tested Countermail:

    Code:
    openssl s_client -cipher 'ECDH:DH' -connect imap1.countermail.com:993
    and

    Code:
    openssl s_client -cipher 'ECDH:DH' -connect imap1.countermail.com:465
    yield:


    That's how it should be :thumb:
     
  9. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,531
    Location:
    British Columbia
    Just a headsup especially to android users:

    Cryptoheaven which is migrating to a new name called "SaluSafe", has finally offered "free accounts" though with some limitations. They seem to have grown tired of my many questions :) so maybe someone else could post what those limitations are in their entirety.
    The mobile app works very well (encryption,decryption,key storage all local!)
     
  10. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    What price did Lavabit charge their customers a year? I was just reading an article on them and they had 400,000 members when they closed down.
     
  11. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    507
    Location:
    UK
    I had just paid the £8 (about 10 Euro) for a year. I had been running it flawlessly for about 6 weeks and had made it my main email for everything when it just vanished off the face of the earth with no warning at all. Ok, it wasn't a massive amount of money but it was the inconvenience. If your electricity supplier did the same leaving you with suddenly with no electric you would be most unhappy.............and that's how Lavasoft left me feeling. I will not be trusting them or anyone similar in the future as the same could easily happen again in the current environment. I am now using outlook as they don't peak at your emails for advertising. That was the only reason I went with Lavasoft. Thank you so much Snowden! Hopefully Outlook won't do the same disappearing act :D
     
  12. Balthazar

    Balthazar Registered Member

    Joined:
    Nov 8, 2013
    Posts:
    166
    Location:
    Earth
    Did you ask for your money back? Don’t you think the “disappearance act” was not Lavabit’s fault? Did you at least retrieve your emails? Lavabit reopened for a short time in October “in order to give customers time to access their information”.
    Code:
    http://www.theguardian.com/world/2013/oct/15/lavabit-reopens-temporarily-customers-information
    I had that kind of a problem with a file hosting service and many people were complaining. I wrote an email, got my money back, end of story. Life goes on.

    I am waiting for the first impressions of Startmail.
     
  13. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    507
    Location:
    UK
    I wrote off the money as it was a small amount really, put it down to experience. By the time they got down to allowing access I had managed to retrieve important receipts etc from the sellers after changing my email address with them.
    These things happen, it was the suddenness of it all that caused the problem. I have learned my lesson and have all emails backed up these days. The disappearance act may not directly have been Lavabits fault, but the end result is the same who ever is to blame. As you say, life goes on and I have moved onto better things. Startmail sounds promising, but I wouldn't trust it as my main email address until it has been around for a while and has a proven track record. Once bitten..............
     
  14. guest

    guest Guest

    I would try arkOS in a raspberry pi or similar board
     
  15. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.