Private Email Services

Discussion in 'privacy technology' started by RCGuy, Apr 4, 2013.

Thread Status:
Not open for further replies.
  1. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Well, since all free email services are allowed to read your email(and not just Gmail), I was wondering if anyone is using any private email services that don't read customers' emails. And if so, what is the name of the service that you are using?

    Plus, does anyone know of any other means to prevent one's email carrier from reading your email?
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Use end-to-end encryption ;)
     
  3. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I do two things:

    Run my own email server (can be free, but I payed about $100 for Ability Mail Server).

    And I use Countermail. 1 yr is around $50 IIRC.

    PD
     
  4. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    I use Countermail too, so far so good.
     
  5. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    This question seems to pop up so often that surely there is a level of agreement, yet there doesn't seem to be. I still feel a level of uncertainty about which is the best email provider. It's a shame that some of the better VPNs (Air, Boleh, Mullvad) don't offer an email account as well.

    As for the OP, I'd recommend Lavabit or maybe to apply for a Rise Up account. I've heard Neomailbox is decent but it's quite pricey. Hushmail should have been good but they only respect your privacy until the authorities want to look at your account, making it fairly pointless.


    Btw Countermail requires Java so worth bearing that in mind.
     
  6. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Needing Java isn't as good as not needing it, but it can be controlled pretty well. I run a separate portable browser just for CM, with the Java Plug-In enabled. All other browsers have Java disabled. I also control it with the firewall, disabling all communication for java.exe until I visit CM.

    RiseUp! would be good, nice call. You have to get "approved" though.

    PD
     
  7. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    I must admit I was a little nervous about applying for a RiseUp account but when I did fill out the application I was just honest without rambling rather than saying what I thought they wanted to hear. I was lucky enough to get an account but now I'm very cautious about how to use it as I don't want to link it too much if at all with any of my other accounts.

    Btw, a nice way of managing Java.
     
  8. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    +1 :thumb:
    Additionally is definitely one of the cheapest option (eg. GPG) which you can introduce to encrypt sent data.
     
  9. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Countermail + PGP encryption. Seriously you should all be using PGP it will come back to bite you ~ Snipped as per TOS ~ if you don't.
     
    Last edited by a moderator: Apr 7, 2013
  10. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    248

    unable to get others onboard....
     
    Last edited by a moderator: Apr 7, 2013
  11. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
  12. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    Only once for the initial sign up, you can use IMAP after that.
     
  13. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    The results are not surprising and make sense for private emails. PKI without a way to manage keys quickly breaks down when the need to use it exceeds your local group. In order to use PKI, both sender and receiver need each others public keys. It sounds simple for small groups, but now add several thousand, hundred-thousand, or more into the mix and you have a second full time job on your hands. Webmail services can protect the end user when accessing their email online, or provide local encryption at the server level, but once an email needs to be sent to someone outside their system, the security stops. You may have the best email setup in terms of security, but all that is useless the minute you need to send emails to individuals or groups who have no way to decrypt your data.

    In order for true private email encryption to take off, you would need to force (legally) a standard to all major providers and on a global level. Honestly Oracle has a better chance of going more than 30 days without a Java 0day then that happening in our life time.

    Encrypting emails in a work environment is easy, as everyone from Bob in Infosec to Sally in Sales has the same solution, same encryption algorithms available to them, the same tools (Smartcard, CAC), and a GAL to store their public keys. All thanks to standards,policy, and AU guidelines to keep their jobs.
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Have you downloaded Thunderbird to create your email account? You can create several pseudonyms. So you can create different identities and isolate the connections of each one. you can also delete them and create new ones at will.
     
  15. hidden

    hidden Registered Member

    Joined:
    Jun 1, 2010
    Posts:
    111
    Wonder why Hushmail sets cookies that expire in two months or even a year.

    And use Zendesk for 'help', with different privacy policies, and didn't Zen have a massive data leak not too long ago?
     
  16. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    Caspian, I do use Thunderbird but I've never done anything beyond using my email accounts in the way that it automatically sets up. Do I need to configure Thunderbird or is the default fine?


    @box750, that certainly takes Java out the equation but I'm still a little unsure about how IMAP works. Don't you have to log into your email via the webpage evey now just to show you're still using the account? Maybe it's different with a paid account or maybe I'm misunderstanding what IMAP does.

    As for a paid account, I'm really thinking Neomailbox looks very good. 1 gb of storage, unlimited disposable email accounts and your email kept on secure servers in Switzerland.
     
  17. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    You don't use your Internet browser, you use an email client like Sylpheed.
     
  18. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    I would suggest people review https://developer.mozilla.org/en-US/docs/Thunderbird/Autoconfiguration and probably test the behavior of their version of Thunderbird before deciding whether or not to allow Thunderbird to attempt autoconfiguration of account settings. Notice that it can, and in nearly all cases *will*, expose your full email address in an http request and possibly expose the domain portion to Mozilla in an https request.

    It is a very good idea to manually confirm account settings anyway, so you might as well prevent Thunderbird from using this autoconfiguration mechanism. I've read that putting Thunderbird in offline mode before creating a new account will accomplish this and at times I've worked around the problem by configuring Thunderbird when there is no active Internet connection.

    A critical decision is whether or not to allow messages to remain on the server. Downloading them and then deleting them from the server... the POP way if you will... is clearly the way to go from a security/privacy POV. In which case I'm not aware of any good reasons not to simply configure Thunderbird to use a POP server or rather access a POP server over SSL/TLS. There is also this info, which I haven't really studied: http://kb.mozillazine.org/Deleting_messages_in_IMAP_accounts

    Some if not all of these concepts would apply to other email client software too.
     
    Last edited: Apr 11, 2013
  19. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    Last edited: Apr 13, 2013
  20. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
  21. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    urs2.net

    It was my ISP when I had dialup; now, my web host and email service.

    It's a one-person operation here in southern California. Emails are not stored on his server unless I choose to leave them there.

    He offers both POP3 and web email.

    I've been with him since 1995.


    ----
    rich
     
  22. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Found the problem: psw too long.
    Signed up for the free account. No sense, only 1MB storage allowed.
    5GB for 120$/y.
    I leave it.

    Here some good info, this guy is also in Wilders (I forgot his username).

    http://www.thesimplecomputer.info/articles/email-for-privacy.html
     
  23. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    As others have mentioned Rise Up is a great service. Again, end-to-end encryption is a must...

    As far as the application process goes: In a lot of ways our security/anti big brother mentality meshes with their outlook quite nicely.
     
  24. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    167
    Location:
    Sweden
    Some questions you should ask your "private email" provider:

    -How do you protect incoming unencrypted email?
    -What kind of protection do you have if someone steals/seize the mail server?
    -How do you candle court orders, and pressure form the government to give them the users passwords?

    If they don't have any "good" answer on these questions, I would not call them "private" at all...
     
  25. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    Just to say, I wouldn't touch Neomailbox. Their disposable email isn't very good and their 30 day money back guarantee is a lie. If you pay up and ask for a refund they will just ignore you. It very much feels like Neomailbox has been abandoned, or that they don't care about their customers. Whatever it is, I would implore anyone even considering Neomailbox to look elsewhere.
     
Loading...
Thread Status:
Not open for further replies.