Unseen.is Opinions

Discussion in 'privacy technology' started by davemint, Feb 17, 2014.

Thread Status:
Not open for further replies.
  1. davemint

    davemint Registered Member

    Joined:
    Feb 17, 2014
    Posts:
    6
    Location:
    UK
    Hi all,

    Any opinions on unseen.is? I've used it for a few days and it looks promising. Only in beta so no apps yet apart from the desktop one which is working well. I had some slight trouble on Ubuntu Firefox though.

    Anyone else tried it?
     
    Last edited by a moderator: Feb 17, 2014
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Honestly, I read the website and have no clue what they are actually offering....

    I would rather just use PGP for emails, and Off The Record for IM's.
     
  3. davemint

    davemint Registered Member

    Joined:
    Feb 17, 2014
    Posts:
    6
    Location:
    UK
    From what I've seen its normal E-Mail but with a key manager for PGP. It has skype like audio/video and also It looks like their instant messenger is using OTR. Pretty good so far and according to the site your accounts encrypted so only your password can decrypt it stopping anyone seizing their data and getting to yours.

    As always I'm not yet using it for anything sensitive but its a step up it seems from Google and alternative E-Mail providers. I'm looking forward to seeing Start-Mail when that is out of beta too.
     
  4. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    I'd like to hear feedback from any Unseen.is users.
    I've read a good bit of Unseen's propaganda. Most sounds good on paper. But, is Unseen really a "better mouse trap?"
    I'd also be fine using PGP, but a lot of people won't use it. If I was doing "super secret" stuff, I might not send it to a 3rd party provider.

    The idea of them not storing the user password (used to generate encryption key) - so they can't be forced to hand it over is good - in theory. But, if the password used for generating encryption the same as users' login (always was / will be), it's conceivable SSL / TLS can be broken by state actors. In some cases, it reportedly has been.

    I'm sure the reason Unseen moved to Iceland was to escape the long arm of U.S. agencies & demand letters. That part's good. Stopping NS HEY! or GC** from capturing all in / out traffic, then cracking encryption, is another matter. As mentioned, it's probably a step up from Gmail, Yahoo, even GMX.

    But depending on WHY you want their "private" service, or what you expect to avoid, I'm not sure everyone would get their $49 worth. Depends.

    Avoiding a provider scanning email / selling data to advertisers, or delivering ads directly to you - yes, probably do that.
    Other thoughts?
     
  5. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    One reason I'm looking for a provider different from GMX is occasional problem w/ their server addresses being blocked by other providers (Net Zero, being one).

    A post / comment at http://beforeitsnews.com/alternativ...-so-the-elite-are-destroying-you-2795000.html
    discusses problem of Unseen.is being on spam lists (I can't confirm). The comment says it's "an attack" on Unseen. Whether blacklisting is deserved or not, is immaterial to sending / receiving msgs.

    If blacklisting is / becomes a problem for Unseen, unless you only send / receive from their users (or any other provider w/ blacklist problem), being "private" may be a moot point. True for any provider.

    Quick check on one? of Unseen's addresses 82.221.104.228 (hope that's correct), shows it NOT listed on any blacklist here (as of 2/24/2014): http://whatismyipaddress.com/blacklist-check
    If that's even a mail server address. They obviously have > one, but I don't have them. Don't know if data I'm looking at is complete or gives the real picture?
     
    Last edited: Feb 24, 2014
  6. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, that happens :(

    I compose in gedit with the spell-check plug-in, and enable highlighting of misspelled words.
     
  8. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    Thanks. I saw that - lots of good info.
    Question - on the linked page, what are the lacking features you mentioned in Firefox 24 ESR (in TorBrowser), needed for Unseens' chat & video?

    Also, you mentioned their "improved" encryption (which they detail on their site & in Unseen's Chris Kitze's blog) only applying to VOIP. I chatted w/ them today. Didn't ask specifically if the NEW encryption was now used on email. I got the impression reading some of their info, & maybe a session Chris did on some forum, that email already uses the beefed up encryption.
    Any idea if that's correct? Not sure when you gathered data for Unseen?

    For the getting logged out problem & (some sites, ahem, losing your typed text) - I use an Fx addon - Textarea Cache https://addons.mozilla.org/en-US/firefox/addon/textarea-cache/?src=ss
    So far, has worked well. Saves text you type in forms. Different "record" for each web page (or new form?). You can access what you typed at SiteA, from a drop list & use what Textarea Cache captured, to reenter into the form. Has a few options how long to keep the cache or clear when close Fx, etc.

    Though it has no formatting or editing, it's a bit faster than using another editor (every time), then copying to the site's form.
    Another similar one - "Lazarus" (get it - brought back from dead?). Don't remember why I chose the other - maybe time of last update?
     
  9. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    I don't know what Firefox 24 doesn't have concerning the audio/video end of Unseen. When I spoke with Chris, it wasn't with emphasis on the VoIP side of things since I was only looking for info on the email system. Even that is scheduled for changes so I'm waiting for the official release before I ask about anything more in-depth.

    Last week Chris told me specifically that the email is still only on conventional crypto but the NTRU upgrade across the board was happening in the VERY near future. Unseen's email will get the PGP/Roundcube integration around the time of official release (Spring 2014). When they make the change, they'll notify Unseen users and I'd imagine do a blog post & some PR on it.

    Got a link to the forum session you mentioned? Thanks.
     
  10. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    "Got a link...?"
    No - not saved. Seems like searches found a 1 or 2 forums where Chris (an Unseen leader) participated, or bloggers that were in contact w/ him? I could find it, but if you talked to Chris last week, your info is probably more up to date.

    IIRC, discussion by Chris of the XAES or NTRU encryption didn't mention if it was already in use. Or I may have missed that qualification.
    Either way, probably moot point if that's what he told you the last 1 or 2 wks. Just for grins, I may ask the question w/ their support / CS chat.

    Another thought: the "end to end email encryption between Unseen acct holders" (using encryption "better" than most sites use for SSL / TLS): Is that dependent on installing Unseen software / application? I assume it'd also apply to chat, video.
     
  11. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Now email encryption is only TLS 1.2, it will be NTRU very soon. The email is totally separate of the desktop software. If you want to access Unseen's email, you either log into unseen.is and click Email, at which point it opens a new tab & new domain to log in through Roundcube, or you use POP/IMAP. They'd like to integrate the two services into one at some point but you can currently use Unseen's email service without ever touching the desktop software.
     
  12. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    Today I tried chatting online w/ Unseen support. Unlike the other day, didn't go smoothly or fast. Waited 30 min for them to answer. Then as soon as they answered, said "hello," he went away for another 8 min or so. "Had to reset his browser."

    Damn, 8 min to restart a browser?
    Anyway, didn't get questions answered. One very important (why it's not in FAQ, dunno):
    On main page - Sign Up... what is the "primary email" they want?
    Does it mean an <ALTERNATE> email address, to receive confirmation and / or use to reset password? Never seen that word used in that context.

    I also read most all FAQs - none talk about the allowed password length & allowed (or excluded) characters.

    Seeing as how big they are on privacy / security, seems odd they don't mention a minimum length (way > 6 or 8 chars.), or give the max length. Don't know the exact algorithm used to create the encryption key, based on user selected password. Not sure if a MUCH longer, random PW would produce an even better key, or if irrelevant.
     
Thread Status:
Not open for further replies.