best free email service privacy wise

Discussion in 'privacy technology' started by guest, Feb 24, 2012.

Thread Status:
Not open for further replies.
  1. wideglide36

    wideglide36 Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    207
    Location:
    Central PA
    After reading this thread, I thought I would try to sign up for an account at Riseup.net. After going through the typical sign up procedure, the last screen asked about what your "activism" included.

    I wasn't sure exactly what they wanted so I politely said that if they were asking about my political leaning, that I considered myself an Independent and that if that disqualified me from an account, so be it.

    Apparently it did disqualify me, as I rsceived an email the next day with the bad news. Oh well, like I need another email account.:D

    I would have like to tried it out though. Such is life.

    Apologies if anything I said violated the rules on here. I know political talk is a no no, I hope I didn't cross any lines.
     
  2. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    i dont think youve crossed any lines but yeah politics specific talk isnt something that should derail OP's thread so keep it OT ,peace ;)

    p.s: you couldve given them a regular reason like , i want to protect my privacy from the snooping government etc . lols , well maybe next time better luck ;)
     
  3. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185
    Safe-mail Overview
     
  4. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    registered in Israel and with offices in Israel, the UK, and Japan. not sure if this is a good thing lols xD
     
  5. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I started a post on this same subject going back a while;

    https://www.wilderssecurity.com/showthread.php?t=286828

    Still something that interests me, trying to find a nice private/secure free online provider...

    I hope by Countermail's quote, Cyber-rights might be the best of the bunch also for anyone out there free?

    One problem for me, I'm not using Java and I'd like to stay away from it if possible, so anything out there that's great without java for free?

    Well I tried out PointMX...

    http://completelyprivatefiles.blogspot.com/2010/08/send-encrypted-message-with-our-gmail.html

    For a moment there I was really excited, then when I tested this out, you had to load their site to read the email, then the excitement died, I was assuming this would all work inside Gmail, it doesn't... :(
     
    Last edited: Mar 8, 2012
  6. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
    Cyber-rights/Hushmail is pretty good, security wise, but not for anonymity, they log IP-adresses for 30 months, and they are based in Canada, which don't have as good privacy laws as some other "offshore" countries. We have a lot of customers who switched from Hushmail to our service because of their lack in anonymity.

    As I wrote earlier it's impossible to have automatic end-to-end encryption in a web browser, without Java. In a closed network where you have the mail server in the same network, server-side encryption works fine, but I would not recommend using only server-side encryption over internet, it has much more weaknesses.
     
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Realizing that they are business, and need to *stay* in business and follow the law...but no thank you to anything tagged with 'Hushmail':

    http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

    CM,

    In reference to a question you asked in another thread that I can't find at the moment, yes, my ISP allows port 25 and my email server is listening for StartTLS on 25 and 143 just fine. But I just want to use you to *send* mail...my box to yours on *your* 25, 465, or 587. That's the feature that would get me to purchase some sort of 'Smart Host' plan if you ever decide to offer it.

    PD
     
  8. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
    But that's not unique to Hushmail, every provider have to follow the laws where they have their jurisdiction. The other american-based email providers will face the same dilemma if the government force them, e.g. Riseup, Lavabit, Securenym, CryptoHeaven.

    I'm curious why you want this? The only thing I can think of right now is sending newsletters or other mass-emailing? Which we don't allow if its more than 50 recipients.
     
  9. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    that might be so but they dont rat out theyre members and i hadnt heard riseup ratting out anyone up till now so yeah ;)

    p.s: lavabit ? have you read theyre tos? lmfao i hope your joking, and yeah id stay away as far as i could from hushmail, id rather use gmail or hotmail instead even theyre more anonymous than hushmail roflmao ;)

    as said yet to come across a free email provider thats better in terms of tos and all around trustworthiness compared to riseup , id love to try something better and offshore is always a great thing in my book
     
  10. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
    It seems like you never understand what I'm writing so I rest my case o_O
     
  11. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    lols even mentioning hushmail is a joke in itself ;)

    what im saying is that every provider must follow its country laws and thats what youve been saying too so yes i do understand ok ;) , but that wont help if they dont keep logs or info from your email traffic aka riseup , unlike lavabit that rats out people the same as hushmail with any chance they get
     
    Last edited: Mar 9, 2012
  12. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
    No, you don't understand...
    1. ...that I don't recommend any american based provider for people who wants the highest privacy level
    2. ...that an american provider can be forced to start logging
    3. ...that a PGP-encrypted message is much better protected when a SSL-MITM attack happens
    4. ...that just because a provider have no public history of "ratting out" members, they are not automatically safe, if the provider has to face 10 years in prison or cooperate with the government, what do you think they select? :D As long as they operate in a country with "hard" privacy laws and long prison times, nothing is granted.
     
  13. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    No, none of that. Right now, having to use my ISP as a Smart Host, if I am ever a target (not that I do anything that would make me, but who knows these days right?) I assume there is a log or maybe even a cache of all emails I send, and to whom. Getting such information would be very easy from a US provider I would imagine. Using CM would be more private, correct? All that would be seen is an SMTP connection to Sweden, encrypted. Then they can play the international game...to no avail, because you don't log anything. Let me know if my thought process on this is incorrect. Thanks,

    PD
     
  14. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    CM is correct in regards to US providers. I trust Riseup, yes, but even if they log nothing, they can be served with an NSL (National Security Letter) and you would never know. Then the gov could just monitor and wait for a connection from you...which they would know about from your ISP connection logs. They (and guys like COTSE) are way better than Google, Microsoft, etc... but they are still US based and not as good as a foreign provider that takes privacy to heart. CM is right, no one will go to jail for you.

    PD
     
  15. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,531
    Location:
    British Columbia
    Not exactly free but CryptoHeaven does give you 3 month free accounts (unlimited times once they expire) and i do feel they are the best option. I will briefly explain how it works.

    Uses a "Java" client which can even be run in "portable" mode. If you wish to keep java off your machine, it will install it's "own" java in it's folder!

    CryptoHeaven is actually "webmail" however, everything stored online is "encrypted/decrypted" clientside through the java client. During the setup process, you have the option of storing your "key" clientside or serverside and your password always remains clientside.

    If you choose to accept "unencrypted" email, non-secure email is automatically encrypted (AES 256)with your public key when it hits the CH severs with the original permanently deleted within 10 minutes.

    I just don't see any complete free option this secure. Can anyone shoot holes in CH except for the ability to log ips??
     
  16. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    well nonetheless riseup is the safest US based provider , its not like i send out bomb threats or purchase atom bombs with my riseup account , i got a special email for that xD,as i was saying i would LOVE to try an offshore email provider thats similar to riseup , but until now nothing has been found , and id rather take them then any other US based provider , sure nobodys gona go to jail for you lols as if anybody expected that xD

    p.s: ive pmd riseup to see what they have to say about this ;)
     
    Last edited: Mar 10, 2012
  17. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    I just looked at this and it looks great! I have actually had a cryptohippie account for 2.5 years now and have never bother to set up my email with them. Just pure laziness. It will take me a while to figure it out. But vmail looks really cool. I'm going to give them a try. Thanks for the tip.
     
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    I use gmail a lot. I have an old account that I have used for years. I usually don't use a VPN when I login, unless I am already connected.. But with my newer accounts, I have never logged in without being connected. I use them for message boards and groups. But I always use a different gmail account for each message board. And I never use it to communicate outside of that group.
     
  19. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Do you use vmail Casperface? I've not been able to find any information on them. Their privacy policy is "being drafted" yet they've been around since 2010? Otherwise looks ideal, even has an on-screen keyboard for logins.
    https://www.vmail.me/en/privacyPolicy
     
  20. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,254
    Location:
    Texas
    Very interesting discussion...just a high "five" from an interested observer.Think I will look into vmail. :thumb:
     
    Last edited: Mar 11, 2012
  21. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
  22. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Well no need to worry about Hushmail, I was using Tor through a VPN...

    I also don't have java on my box and now it's all based on Hushmail, so that was nice...

    But still I don't like this IP logging...

    So who offers the security and anonymity in a free service?

    To bad you guys don't offer some small free accounts...

    THANKS


    I thought the data retention was only for the likes of an ISP, not a email service...
     
  23. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
    No, it applies to every company who provides "electronic communication" in any form. Below are the requirements for E-Mail:

    1. the user ID(s) allocated
    2. the user ID and telephone number allocated to any communication entering the public telephone network
    3. the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
    4. the name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication;
    5. the date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone;
    6. the Internet service used;
    7. the calling telephone number for dial-up access;
    8. the digital subscriber line (DSL) or other end point of the originator of the communication

    So it's important to know which country the provider is operating in ;)
     
  24. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    You are correct. In addition I am interested in how vmail generates revenue. Or who owns the service. Usually free services translate to the users that end up becoming the product that is sold.
     
  25. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    well ive already gotten a reply in advance from a riseup member this is what he had to say :

    "Hi,

    Just speaking as myself and not for the Riseup collective, I am not a lawyer, etc...

    Riseup exists to provide secure services for activists. We have fought (successfully) and will fight any attempt by anyone to try to get your data.

    http://www.nlg.org/news/press-releases/guild-attorneys-victorious-in-internet-free-speech-case/

    The case is still ongoing, we're fighting for our legal fees :) BTW- in the same case google gave up gmail user's info without a fight.

    1) All requests so far have been law enforcement requests (ignored) or in a few case subpoenas (fought in court).

    2) If served with an NSL I suspect we'd do what our friends at Calyx did and fight it,

    http://en.wikipedia.org/wiki/Nicholas_Merrill

    3) Something like "10 years in prison" would be the result of fighting in court and losing, and losing appeals, etc, and then still refusing to produce the data. We hope that it never has to come to that and if it does the answer might depend on the number of years and what we're fighting for (child porn? no ****ing way. free speech issue? hell yeah!)

    4) If they throw us in a secret cell and beat us with hoses and cut fingers off? Sorry but we'll break :( But if that happens it will be _very_ public.

    To address some other stuff in the forum thread that you listed:
    * If you need more protection than what I describe above, as suggested in the thread use GPG. Riseup is trying to make the default situation for most users much better than the hotmail/gmail/yahoo's who just give up the data. But if you need stronger protection, learn the tools and use them. Also nothing would make use happier when fighting a court order than to know that if, after fighting a long battle in the courts to protect a users data, we are finally compelled to give up the data or face prison we just hand them the GPG data :)
    * In the US we aren't (yet) required to log. For this reason and others like strong 1st amendment speech protection, we still feel that the US is the best place to house our servers. If laws pass that change that, we'll have to consider moving. The UK and EU are currently worse, Iceland might be interesting...

    What is really needed is this:
    * public key, client encrypted mail storage: the email arrives on the server and is encrypted with a users public key and put in their mail storage. Then to read it the end user has the private key on their client system. After the initial mail delivery, the provider can no longer give up the email.
    * distributed encrypted cloud storage of data: mailboxes would be stored in encrypted pieces split across many servers in many countries.

    Riseup (with some others) is working on these things and they will be Free Software for all providers (including Riseup) to use.

    I hope this helps,

    taggart"


    sounds good to me ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.