Does anyone actually use Countermail?

Even if you don't leave messages on your account's server, copies might remain on other servers. If such copies were retained, I wonder whether they would be considered abandoned after 6 months.

 

I'm still wondering, does the 6 month rule apply even to actively used accounts? Do six month old emails in my Yahoo inbox that I check and use every day count as abandoned, even though the account is in active use?

 

I'm surprised that you still don't understand the difference between Gmail+PGP and Countermail We have features that will make it almost impossible for an outsider to figure out who is talking to whom.

 

Yes, I run Windows Home Server 2011, and it is up 24/7.

PD

 

Must both parties have Countermail accounts for that? Must they use the Java applet?

Although I've never used Countermail, I have corresponded with people who did. They sent me their keys. I sent messages to <foo@countermail.net>. I received messages from that same address. Maybe they used Thunderbird+Enigmail with Countermail, rather than the Java applet.

 

Just to clarify one point made here; Countermail would "not" honor this ludicrous 6 month rule our country has cooked up, as it is more of a jurisdictional US type rule only, am I correct in this? Also, since I can as a paying customer maintain my own private keys, I see no way they could even if they wanted to.

~h

 

The user could use aliases to anonymize himself. Another way to let people contact you, without exposing your email, is to use forms: https://countermail.com/?p=secure_forms

 

Yes, I think that's correct. I believe I've read Countermail in other threads here saying that they would only respond to court orders from a Swedish court and Sweden has very strick privacy laws.

I'm wondering though, for email in the U.S. (like Gmail, Yahoo), how does the 6 month rule work? As I asked above, does it apply to all emails more than 6 months old even in an active daily used account? Or does it only apply to accounts that have not been accessed for more than 6 months?

 

It depends, I think. As I recall, at least some government documents containing personal information, such as medical records and income tax returns, are public under Swedish freedom of information law. Perhaps Countermail can comment on that.

 

In the Countermail FAQ it says:

See: https://countermail.com/?p=support

*

Also in other threads here, Countermail has said that Sweden is a good country for email services, because it has not implemented the EU's data retention law and does not require the logging of IP addresses (which I believe is required in the U.S.). Countermail also said that if the laws changed they have already prepared for moving their servers elsewhere.

See:

www.wilderssecurity.com/showpost.php?p=1726765&postcount=41
www.wilderssecurity.com/showpost.php?p=1992477&postcount=93
www.wilderssecurity.com/showpost.php?p=1521259&postcount=25

*

One thing I'm a little curious about is if an email is sent as plain text using Countermail's service, is it protected from any scanning the Swedish government does of internet traffic? This is discussed a little bit by Countermail here: www.wilderssecurity.com/showpost.php?p=1727625&postcount=56. But I'm not sure if Countermail has implemented a solution for this problem.

 

The 1986 Electronic Communications Privacy Act is what I am referring to.

 

I think cb474 means privacy laws that affect internet users. Medical records is not public, but income and tax is public.

Traffic is protected from your local computer to our server, after that it depends on the recipients email server, if the recipient server have TLS/SSL, then the traffic have a decent protection against government scanning, e.g traffic between CM ---> Gmail is encrypted because Google have TLS installed on most of their servers.

We have servers outside Sweden, but those are not public, they are used for other purposes. The problem with tunneling from country to country is that the speed becomes heavily reduced. But we might add a "route" for users that don't mind the speed drop.

 

What are they for? Reverse proxy? DNS? I'm curious.

BTW are you hosted with PRQ or Portlane?

 

They are backup servers, they will only be used if our primary server crashes. We are hosted by http://www.adminor.net/en/

 

Thanks for the explanation. Do you have a sense of how Sweden compares to the U.S. for the amount of this kind of scanning they do? I know in another thread you said that one difference between Sweden and the U.S. is that in Sweden they are upfront about the fact that they engage in government scanning, whereas the U.S. does not explicity acknowledge it, but it's a safe bet that the NSA is doing this sort of scanning. Still, I'm wondering which country is more intrustive.

I would be happy to accept such a speed drop to know that even my plain text emails are more protected from scanning. I imagine for short text only messages it wouldn't make that much of a difference. Or is that wrong?

 

Thanks for the heads up on the 1996 (geesh) treatment of emails in excess of 180 days in age. I have taken measures to remove all email on gmail accounts, that are beyond this age. In fact, I believe going forward, I will be more observant of this privacy violation, and act accordingly.

~h

 

I've used Countermail for about a year. I am thoroughly satisfied with the service. I took the USB key option. I don't really have any complain. I especially like all the great features and great customization options, it is miles beyond something like Hushmail. I also like that the team seems to have a lot of ambition. I also had to deal with the technical support and can attest that they respond fast and are thoroughly knowledgeable.

I'm not one who wants to remain anonymous at all costs, I just want as much security and privacy as possible. I like that Countermail encrypts all e-mail that comes to my inbox.

I only whitelist Java to Countermail, so I'm not concerned about installing Java to my system. I'm thinking of eventually installing Linux on an old laptop that will be used only for e-mail and online banking.

It's true, when you type Countermail in a search engine, you mostly get ads by drug dealers. Since people are used to free e-mail, most of those who will pay a fair amount for e-mail privacy will be those engaging in illicit activities, and thus have a monetary incentive to do so. However I do believe that it's the people who are at blame, not the whole system, and there's nothing wrong with granting a reliable way to attain e-mail privacy to anyone.

I didn't like the idea of paying for e-mail at first, but then I thought, e-mail is at the cornerstone of our lives nowadays. All our online accounts depend on it, and the big popular services like to do funny things with our inbox, and send our data God knows where. I just want e-mail to be my own private haven. To me it is well worth the fee. I know that if I have a problem with my account, I'll be able to talk to people who know their stuff and want to help me getting fixed.

 

Guys, I'm gonna be consolidating all my gmail/hotmail/etcs., which include random throwaways (for spam/spam-ish emails), main email addys I use for family/friends, and ones I use in business contexts (face to face meetings giving out name cards that now have a Gmail on it). I'll be replacing them all with ONE CM account, and a number of CM aliases. I work in a corporate environment and I'll be doing a ton of face-to-face meetings, giving out namecards, on which I want to have my CM main account OR a CM alias.

My plan is to use a CM alias for spam, for what is now some gmail/hotmail throwaway accounts, then delete/update new addresses as the old aliases collect spam. Now, since my Countermail account name will be set in stone, before signing up I'm trying to figure out if I should use first.lastname@countermail.com as my main account, or a random username and then first.lastname@countermail.com as my "alias."

Thoughts? Advantages/disadvantages?

For current CM users, how would you recommend utilizing aliases?

Finally, do you guys recommend using real or fake names/info for PGP certs? Advantages/disadvantages?

+1. I'm like others here, I just want a high degree of security, and not lose sleep at night wondering when the governments of the world are going to trample more freedoms. Gmail is already a sewer. People forget, but the internet itself is very, very young, and the tendency for psychopathic individuals to be attracted to government roles is as old as time.

EDIT: If user Countermail wants to chip in, please feel free

 

My offhand thought would be that perhaps there's some security/privacy benefit to using a non-personal term for you main account and then have your address with your actual name be one of your aliases. I would think that Countermail has to know what your login name is, so it's more private not to use your real name for that. And that way if you ever wanted to totally disassociate your real name from the account, you could just delete the alias. (Although on second thought, perhaps even the login ID is encrypted in way that Countermail administrators don't know it? I don't really know how that part works.)

That said, I did use a version of my real name for my Countermail login ID, because I guess I didn't think about the question when I created the account.

 

You can't change the name of your main account, so you may want to select a non personal, neutral name. But we are going to add the possibility to create separate keypair for each alias, then you don't need to add the alias to your main key (to be able to receive encrypted email). When this feature is ready, the main account name will be less important, basically you only need your account name when you login, and you can use aliases for everything else.

If you use aliases it will also be easier to create message filters that automatically sort your incoming email to different folders, for example:
-if "To:" contains "forum_reg_alias@" move to folder "Forum discussions"
-if "To:" contains "my_trash_alias@" move to folder "Unimportant"

 

data stored

i am interested on what information do you actually store.
Do you store IP ( as in 100% no IP logs/records)
do you store personal data (for credit card payments)

 

Re: data stored

1. No, we don't store any IP:s.
2. We store the payment info for 14 days, it's automatically deleted after this period, the reason for this is that most payment providers requires a 14 day refund period. The payment provider (VISA/Mastercard/Paypal) may store the payment info for a longer period. But if you use the "member-alias" when you do the payment, and delete that alias after the payment is fully processed, there is nothing left to connect the payment to a specific account. So, after the 14 days it will only be possible to see that a payment was done to our company, but not which account you bought.

 

with respect to legal aspects. Do you make correspondence with private investigators and government agencies. are you covered by US and European Jurisdiction. In case the government will subpoena you, what information or data may be taken from you.Thanks, I am very much interested on your servers, but the information on your website do not contain these answers. thanks again

 

I can recommend reading our FAQ:
https://countermail.com/?p=support#42

 

for how long do you store encrypted mail, can i delete any received and sent mail , without leaving any fingerprint?