Best Online Privacy Email Services & How To Use PGP

Most of us here are pretty hard core geeks this isn't Grandma's Baking Forum...

My so now what meant to have a reply back on more of a technical level if there were some real world alternatives to this when someone isn't using encryption on their end, what we could do to minimize the risks, if anything possible.

 

OK, so I just created the Hushmail account "heresmypants@hushmail.com". Once I'd done that, I (as hierophant) got the public key from https://www.hushtools.com and sent heresmypants an encrypted email (via Thunderbird+Enigmail). It promptly arrived, and was transparently decrypted. Given that I'd already uploaded my (hierophant's) public key to https://www.hushtools.com, my (heresmypants') reply to hierophant was automatically encrypted.

At no point in that process did Hushmail trouble heresmypants with any questions about encryption. QED?

Of course, that does put heresmypants' private key under Hushmail's control. There's no free lunch, I guess

 

heresmypants, I guess you like that name you saw, LOL...

Well of course all that works, why wouldn't it?

But if you send from Hushmail to a Gmail account as an example the Gmail user can get the encrypted email and send it back, but it's coming back as plain text, so the encryption process was just a one way ticket...

 

I'm just messing with Ari

Right.

Well, I'm assuming here that the Gmail user is competent, uses (for example) Thunderbird with Enigmail, and has uploaded their public key via Hushtools. Then they invite a clueless friend to get a free Hushmail account. All email from that Hushmail account to said Gmail address will be automatically encrypted, with no action required by the Hushmail user. Actually, that's so for email from any Hushmail account to any email address with a public key that's been uploaded via Hushtools.

 

Well I was just talking about when you can forget the other end and all you can do is cover your own butt...

Not sure one way encryption is going to do much, maybe any bit helps...

 

Well, since heresmypants is an experienced user and has created a key pair just for this, in order to have secure communication with the clueless (but not for long) Hushmail user, this isn't a problem for heresmypants. It accomplishes some acceptable level of security when there was none, and allows heresmypants to then assess whether he needs to get the Hushmail user up to speed with pgp.

It is a nice communication bridge for two inexperienced Hushmail users as well, both of whom would otherwise be using nothing, and one of whom will eventually run into a heresmypants situation and begin to understand and use pgp, too.

And DasFox, let's not try to scare any hypothetical grandmas off by trying to be big bad DasWolf. Cause you might run into little Red Riding Hood out there in the Wilders.

 

You're missing my point, I think. Both ways -- from hierophant to heresmypants, and from heresmypants to hierophant, are encrypted. Messages from hierophant to heresmypants are encrypted because hierophant has downloaded heresmypants' public key via Hushtools. Messages from heresmypants to hierophant are encrypted because hierophant has uploaded hierophant's public key via Hushtools. That is, hierophant did most of the work, and heresmypants did nothing except create the Hushmail account.

 

Sorry, I'm talking more about if you have a Hushmail account and you send to someone that just uses Gmail or Yahoo, or an email address from some website
you want to send an email to, things like this are only going to be encrypted one way, from you to them. Coming back to you it's going to be plain text...

I'm also not talking about competence but convenience, which is the realm most of your average users live in that you will have email communication with, that most simply don't care.

 

OK, I get it. You're talking about Hushmail's question/answer message encryption option.

 

Well not just Hushmail but any online web based encrypted email, being a one way encryption from you and back from the end-user who cares less...

 

Link from Steve Topletz's twitter: Comparison of Anonymous Email Providers.

-- Tom

 

Thanks for the link. Countermail would look good on that list. I was on their site this morning and they have a free one month trial.

 

I need to go back to this. Your excellent analysis here in post #40 shows me that you are interested in the overall communication process and all of the elements of what constitutes more perfect theoretical security against the most able adversary. Why not separate the problem into degrees?

When I want to communicate with another lawyer about a sensitive matter which might span just a few hours or days, it is hard to convince him to download pgp "just to talk to me." If he knew why he should have it, he already would. We're talking about people at the top of their game who have absolutely no idea how to implement encryption. However, it is quite easy to give him a quick overview of encrypted webmail. We're not worried about NSA. I'm not going to be tutoring him in the geopolitical implications of encryption. But I can sure spin him a quick tale to get him to use webmail. Voila. We're encrypted and now he is interested in encryption.

And he will then consider pgp.

By the way chronomatic, after I asked you to open a Hushmail account on January 5, someone did, in fact, email me under your nym. After further consideration, I am going to assume that the chronomatic who emailed me is not the Wilders chronomatic. You may correct that perception or not, as you see fit.

Given recent events, I need to assume that the attribution problem has not just affected me, but everyone on Wilders. And for the record, I want to note that I have never used usenet. I will not appear anywhere that cannot be definitively linked back to my true identity, which I have established at my own website, and here. It's just not the way I work. But I think it's pretty interesting that someone is trying to make it seem otherwise. And, of course, not just for me.

 

Completely agree with this statement.

 

It wasn't me. The same guy also e-mailed heirophant under my name as well. I assume it's Ari Silverstein, who is a well known Usenet troll.

 

Yeah, the best I think we can hope for, for all email communication is getting users on encrypted Web services...

Now if I can figure out who I'd like to use for free, next problem...

And of course who we are going to recommend to others...

This encryption web based provider is going to have to come up to the level of the next Yahoo or Gmail...

In fact, I wonder why Yahoo, Gmail, Hotmail and the likes don't offer an encrypted option, hmm

 

Thank you for the clarification. I appreciate it.

 

That would make it impossible for them to scan your email for advertising purposes

 

And to hand it over to inquiring authorities. In other words, it ain't gonna happen.

 

Subject unrelated posts removed.

 

Bumping this up, found a service I don't see anyone mentioned before;

Sub Rosa
http://www.novo-ordo.com/

I like what they have to say --> Email for the Truly Paranoid!

 

Just use GPG on your own PC, its open source, no known backdoor, no third party involved in the encryption/decryption of the message, works with password only or with public/private keys.
When the text or the file is encrypted, you get it in the pure text format and just paste it to whatever software you are using to access your mail provider. No need to read the fine print and to search the internet for reports of providers services being breached.

Keep it simple.

 

It would be nice if you could break down the steps and explain it in simple terms the average computer can understand and how to accomplish.

I'm assuming we're talking about Enigmail for Thunderbird which seems the simplest approach...


THANKS

 

1. Download GPG (if you like to have only one file without all the stuff that comes with it, download gpg4usb and just copy gpg.exe to your folder of choice)
2. Use the GPG interface, i think if you know how to use webbrowser then that shouldn't be too hard.

If you want to go with just gpg.exe and are comfortable with command lines..
3. to encrypt file with password only use this command line: gpg -a -c "file_name"
4. or to encrypt with public/private key,
4a: generate your key pair with: gpg --gen-key
4b: get receivers public key (just ask him to send you over the email, public keys are meant to be sent around openly)
4c: encrypt file with command line: gpg -e -a -r "recipients_name" "file_name"
4d-z: check "gpg -?" for all the options there is a lot more if you need it.

If you need to know more, google it.

Security Comes By Education, Not Tons Of Software!
-one of the smartest things i have read here.

 

@ hugsy - did you even read this thread

How are we to

when the vast majority of the general public and i would guess the number to be well above 90%, can't be arsed to secure their email?

What I, Dasfox, Nix and others are looking for is a solution to securely and most importantly - "easily" communicate with those that can't be bothered with encryption!