Advice on free secure email

Discussion in 'privacy technology' started by pidorasta, May 8, 2014.

Thread Status:
Not open for further replies.
  1. pidorasta

    pidorasta Registered Member

    Joined:
    Mar 2, 2014
    Posts:
    6
    Location:
    Norway
    dont advice on hush.com or safe-mail.net
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    Actually, <https://www.hushmail.com/> isn't bad. They allow connections via Tor. But you need to add your own end-to-end encryption, because you (of course) can't trust their message encryption.

    I also like <https://vfemail.net/>. They even have a Tor hidden service address: <https://344c6kbnjnljjzlz.onion>. You need to add end-to-end encryption, of course.
     
  3. rock_man

    rock_man Registered Member

    Joined:
    Feb 6, 2014
    Posts:
    55
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    I prefer to handle my own end-to-end encryption. That way, it's certain that no intermediaries can decrypt my messages, and I need not rely on their assurances. I can use standard email clients, with no proprietary hooks. If I end up using webmail, I just use command line gpg for encryption and decryption.
     
  5. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
  6. Carphedon

    Carphedon Registered Member

    Joined:
    May 9, 2014
    Posts:
    1
    It seems so: "ProtonMail has beaten over 300 competing MIT startups to secure a place in the MIT100K 2014 SemiFinals!"
     
  7. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Ah okay I'll try it out.:)
     
  8. pidorasta

    pidorasta Registered Member

    Joined:
    Mar 2, 2014
    Posts:
    6
    Location:
    Norway
  9. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
  10. rock_man

    rock_man Registered Member

    Joined:
    Feb 6, 2014
    Posts:
    55
    Of course, because you are a tech savvy power user! :D
    However, mere mortals cannot do this or choose not to because it is a "hassle". And I agree. PGP is unusable by the "normal" folks. Fortunately, there are new services emerging like the ones I posted to make standard SMTP-based email security and encryption easy for the masses and non-techie types. In ProtonMail, I like the fact that your mailbox remains encrypted at rest with your private key in a blob that is decrypted in the web browser using client-side JS. However, you need a new email address. With Virtru, they abstract key management as well, but you only need a browser add-on used with an existing compatible email address.
     
  11. rock_man

    rock_man Registered Member

    Joined:
    Feb 6, 2014
    Posts:
    55
    Yes, as far as I can tell. Your mail is always encrypted at rest, even when you exchange emails with non-ProtonMail accounts.
    Reliable? Well, they are still in beta, so we shall see...
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    :)

    Seriously, while naked PGP/GnuPG may be "unusable by the 'normal' folks", Enigmail is very easy to set up and use. It even scripts key generation.
     
  13. rock_man

    rock_man Registered Member

    Joined:
    Feb 6, 2014
    Posts:
    55
    True, but that is a lot of dependencies to install; plus you have to do key management yourself. A drag for formal folks, but more secure for the powa users.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    It's true that Enigmail could do a better job of helping new users with key management and use. I've used keys for so long that the basics are unconscious (like typing or whatever).

    There are no dependencies issues in Linux ;) Or, rather, they're all handled in the background by the package management system. I tend to forget how few people use Linux :(

    Someone should create an add-on for Thunderbird that does all of that (creating new key, key management, etc) in the background. Whenever you compose an email to a new correspondent, it would ask about encryption, and offer to check online keyservers. But then there's the issue that most people, if they use email at all, use webmail.

    Also, I guess that most people don't know enough to care about privacy. Or, even if they do know enough, they're afraid to stand out by using encryption. It's a tough issue.
     
  15. rock_man

    rock_man Registered Member

    Joined:
    Feb 6, 2014
    Posts:
    55
    <sigh> You might be onto something there...
     
  16. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Ah thanks. I'll wait till it comes out of beta.:)
     
  17. rock_man

    rock_man Registered Member

    Joined:
    Feb 6, 2014
    Posts:
    55
    Some folks are pessimistic about a third party services managing keys as a design for ease of use. I'm OK with that, compared to storage and transmission of my mail in plain text on third party servers like GMail or my web host. SMTP is still inherently insecure, at least until SMTP TLS connections are standard requirements for all implementations.

    My communications just aren't secret or worse, illegal. On the contrary, I just prefer to use technology to maintain my privacy. Even if LEA or USG really wants to read my boring emails, get a warrant! It our right to have privacy. :)
     
  18. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    You are not alone my friend, sometimes it just feels like it.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    Thanks :)

    I need to get out more ;)
     
Loading...
Thread Status:
Not open for further replies.