|
|
|||||||
| Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere. |
 |
|
|
Thread Tools |
4 Sep 2010, 09:31 AM
|
#1 |
|
The "e" in e-mail
Join Date: Sep 2005
Location: Macao
Posts: 2,418
Representative of:
tls-mail.com |
I seriously consider my email privacy
Recently I consider my email privacy seriously since I 'm living in a nation with worse privacy protection. For best privacy I may consider to host a separate server out of China and setup an email system on it. But that's maybe too expensive for me. So, for a privacy email provider which do you suggest for me? Even gmail is not secure enough since here the gov dispatch the spy working in it (don't doubt about it).
|
|
|
|
5 Sep 2010, 01:46 AM
|
#2 |
|
Registered User
Join Date: Oct 2006
Posts: 151
|
|
|
|
|
|
5 Sep 2010, 03:30 AM
|
#3 |
|
The "e" in e-mail
Join Date: Jun 2004
Location: in between the bright lights and the far unlit unknown
Posts: 2,527
|
Cotse.net had several technical issues discussed on this forum, so I'd be wary of that one.
Then novo-ordo.com ; never heard about it before and then I always wonder first: how long will the service survive? How reliable is it? I did check the website of Novo Ordo. Now the title speaks to me: "email for the truly paranoid". I suffer from anxiety disorder (being serious here, I am open about that as I see no reason to hide what is and remains a disorder) so I would consider myself as paranoid for sure when it comes to protecting my stuff (including virtual assets) However, I'm not really that convinced. Typing a whole message on a virtual keyboard sounds quite a bother when using to blind typing on a regular keyboard. Then they consider sending your credit card info etc as critical ; I simply don't do that, I'd never trust any email client with such info. Then they consider emails about subjects like crime and politics "deadly". Now even I, who has unfortunately to deal with panic attacks frequently, am not THAT paranoid. I often debate political issues by email with my friends and family (I am careful who to send such emails to though) ... I simply use my Gmail for it, my friends use Yahoo or Hotmail. I know one has to be careful but simply typing words as "socialist", "capitalism" or "Lenin" in an email wouldn't be classified as "deadly" by me. So even for me who panics over things way too easily, the info on novo-ordo.com sounds more frightening than the truth really is... And again: I wonder how long such services will last. They have to compete against big players on the market, and I never saw this service being discussed or debated before, neither here nor in other places. Anyways, as for the opening poster: privacy is an illusion really. We are under surveillance as we speak. People trust companies like Yahoo, Google and such with their email, not reading the terms and services which state that any police command can force the host to let them read your emails. Of course the chance they'd ever do that are slim, but if you're really paranoid ... I think the idea that western nations are less often supervising its citizens is basically a lie, so I don't really see why you would be cautious to use your familiar Chinese service. If you really care about privacy, then simply refrain from signing up for ANY service on the web. If you decide to do use email, then I wouldn't really be afraid of a Chinese one than one hosted elsewhere. I think by the way networking services are much more dangerous than email when we're discussing this subject. |
|
|
|
|
5 Sep 2010, 04:05 AM
|
#4 | |
|
Master of the @
Join Date: Dec 2007
Location: Hiding under my bed
Posts: 1,465
|
Quote:
I don't know. Just thinking outloud.....  |
|
|
|
|
|
5 Sep 2010, 01:32 PM
|
#5 |
|
Cornerstone of the Community
Join Date: Nov 2005
Posts: 622
|
Email privacy
Jeff, Hushmail does come to mind. It once touted itself as the most secure and private email utility on the internet, employing high bit multiple encryption, which it does, and a randomly generated account registration verification coding system. However, when the US federal government gave itself the power and authority to demand that such services hand over its encryption algorithms in the case of security concerns and "national emergencies" (whatever that means), this iron vault of guaranteed privacy went to the wayside. Of course this only applies to US definitions of law and foreign national signatories to these international internet security arrangements. I don't think China is among them. Hushmail's advantage always was that messages to recipients never went through the internet per se, but remained on their own servers until the recipient logged into his account and picked it up, saved it, or deleted it.
I'm beginning to believe that the only way to securely send information to a recipient without the government intercepting and reading it, is to write in code known only to the sender and the receiver or use a prearranged formula for selecting clear messages out of random or "innocent" text using time tested ciphering-deciphering techniques or using blocks of code that correspond to a shared code book. All of these can eventually be broken if enough time and resources are committed to doing it, with the exception of codes created by and known only to the sender and the receiver. These kinds of codes have never been broken since the Roman Empire and remain a mystery. Unfortunately, sending strange and/or overtly coded messages, while unreadable by outside parties, is likely to draw more attention, not less. I have been thinking about learning Klingon in order to communicate discreetly assuming my recipients also speak Klingon.  |
|
|
|
|
11 Sep 2010, 11:26 PM
|
#6 | |
|
Member
Join Date: Sep 2010
Posts: 51
|
Quote:
First of all, the following suggestions requires that your chinese internet provider hasn't blocked certain services (ie websites) on the internet. As people suggested, Hushmail is a good option, I myself is a Hushmail Premium user and I'm very happy with their service. Hushmail is very secure against any eavesdropping chinese agency and is one of the cheaper options in its premium version (there is a free option but its limited to 2MB and no IMAP/POP access). However, if you want top notch security in an email provider and price is not an issue, then I would recommend Countermail.com. It is a Swedish service which is quite different from Hushmail. First of all, Countermail has man in the middle protection which further prevents eavesdropping but it also encrypts all stored mail regardless if that mail was sent or received unencrypted. Countermail also lets you have the option of a USB key for access which means - no USB key - no access and Countermail also gives you the option of storing your private PGP key on the USB stick. Thats a major difference between Countermail and Hushmail, you have the option of storing your private encryption key yourself and the provider has no access to it. The FBI operation (google Hushmail steroid bust) in which Hushmail was forced to participate to steal some users passwords would have been infeasible with the Countermail setup. The USB stick also thwarts any keyloggers which also is a unique feature. I would consider Countermail the most secure option among all publicly known secure e-mail services if your'e looking for secure webmail. It is also the most expensive option I believe but their security solutions lack serious competitors when it comes to security. Hushmail has some features that are better than Countermail, one is probably the spam filter and another is the so called Hushmail Express which lets the user send a mail encrypted with a password to the recipient so the recipient does not need to be a Hushmail or PGP/GPG user. As I've heard this is something that Countermail wants to implement but it is yet to be seen. Countermail is based in Sweden and thus outside US jurisdiction. The laws in Sweden concerning revealing of private e-mails are quite strict. For such a order of revelation of e-mail is to be issued it requires that the penalty is at least 2 years imprisonment according to Swedish law. For such a minimum in penalty the crime must quite serious, we're talking grand fraud, serious cases of assault and battery, murder and manslaughter, serious possession or distribution of drugs and so on. But since Countermail, as opposed to Hushmail, does not log ip addresses at all there is nothing for them to give to authorities with a search and seize order but encrypted mails - as opposed to Hushmail which only stores incoming and outgoing encrypted e-mails in an encrypted format - all other mails are stored unencrypted. Another difference is that all deleted emails in Hushmail are saved one month after deletion whereas in Countermail they are deleted immediately. Hushmail also keep logs up to 30 months whereas Countermail does not log anything. The laws currently in Sweden does not require a e-mail provider to log or save anything. Another option you might consider in your situation to thwart eavesdropping is a VPN service. Such service encrypts all your traffic between you and the VPN provider so that your internet provider and anything in between you and the VPN service cannot see what websites you surf or what things you download or send/recieve etc. Using a VPN also renders any filtering by the Chinese internet provider useless. It also gives you another IP address which is anonymous and cannot be connected/traced back to you. That means with an VPN which gives you a American ip address you may watch certain streamed tv shows and so on. The service creates an encrypted tunnel between your computer and the VPN service servers thus routing your traffic in an encrypted format outside of China. If an American IP address is not something you require then you might want to look into the Swedish service Anonine.com which is very cheap, fast and reliable. They don't store any information about their users (except for your e-mailadress, username and password) or the usage of their service. With a VPN service your Chinese internet provider cannot see anything of your traffic except that you are connected to your VPN service. A VPN service takes about 10-15 seconds to setup the first time and its easy to configure it so that it is always on when you turn on your computer, a good VPN service does not slow down your traffic in a noticeable way. Do note that the encryption used with most VPN services is quite weak, a foreign intelligence agency might be able to eavesdrop on such a connection but I doubt they would try unless you are a high type of mark. Read a little bit on how VPN works here. Both Hushmail and Countermail secure their connections with AES 256 bit SSL which is considered very strong encryption. It is highly unlikely that those kind of connections might be eavesdropped. In any case, if your "only" concerns are eavesdropping from Chinese government and you are not a interesting mark for them (ie business, military) then you are well off with any of the secure e-mail providers available, you don't even need PGP encryption, SSL should be good enough. All secure e-mail providers use strong SSL as far as I know, pick the one you like. Hushmail gives a lot of space (1GB) for your money but their interface is like something from the middle of the nineties and its not as fast as Countermail but they have announced that they will come up with a new interface the next couple of months. My background: Worked as an e-mail administrator for one of Swedens biggest multinational companies, interested in cryptology with an minor academic background in criminal law. Potential biases: I'm Swedish but I'm in no way affilitated with Countermail, Hushmail or any VPN-services although I have tried many of them. I am a paying customer of Hushmail and happy with their service and I am a user of the VPN service Anonine.com and have American friends who also use it and are happy with it. Last edited by CarlS : 12 Sep 2010 at 10:33 AM. |
|
|
|
|
|
11 Sep 2010, 11:52 PM
|
#7 |
|
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Welcome to the forums Carl and thank you for the informative message.
|
|
|
|
|
12 Sep 2010, 01:16 AM
|
#8 |
|
Registered User
Join Date: Oct 2006
Posts: 151
|
Thanks https://countermail.com does seem really good.
|
|
|
|
|
12 Sep 2010, 09:42 AM
|
#9 | |
|
The "e" in e-mail
Join Date: Sep 2005
Location: Macao
Posts: 2,418
Representative of:
tls-mail.com |
Quote:
|
|
|
|
|
|
12 Sep 2010, 10:23 AM
|
#10 | |
|
Member
Join Date: Sep 2010
Posts: 51
|
Quote:
|
|
|
|
|
|
14 Sep 2010, 07:04 AM
|
#11 | |
|
Registered User
Join Date: Oct 2006
Posts: 151
|
Quote:
I see the problem being - if you get searched or arrested in a (foreign?) country and they find the USB key that means they can access your email? If its in your head that won't happen? Or is a type in password also required? |
|
|
|
|
|
14 Sep 2010, 10:50 AM
|
#12 |
|
Cornerstone of the Community
Join Date: Apr 2005
Location: NYC
Posts: 549
|
Gotta love something calling itself "Email for the Truly Paranoid!"
|
|
|
|
|
14 Sep 2010, 09:14 PM
|
#13 |
|
The "e" in e-mail
Join Date: Jun 2004
Location: in between the bright lights and the far unlit unknown
Posts: 2,527
|
Well, I would consider myself in that group of people, but to be honest the site sounds like it's built by people even more paranoid than I am myself. For example ranking political content in emails as "deadly" ; I discuss politics over email sometimes and while having asked now and then if I'm not taking risks by using certain terms, I always told myself to calm down and just send the email... Also, the Novo Ordo doesn't sound like it's that waterproof, so if they aim at the paranoid they should make sure their product is waterproof indeed.
Maybe I'm in a minority that doesn't mind government surveillance. If you got no criminal activities or so to hide, then why would you worry about some researcher who is unlikely to even be interested in your emails? I'd worry much more about cybercriminals than about government surveillance ; the latter is unlikely to happen whereas the cybercriminality is something few providers really focus on (Yahoo not even having HTTPS sessions being a good example from a quite long list) |
|
|
|
|
14 Sep 2010, 10:30 PM
|
#14 |
|
Cornerstone of the Community
Join Date: Nov 2005
Posts: 622
|
Secure messaging
I've been thinking about this ever since Jeff wrote the post. Registering and paying for a secure, encrypted email service that is known by its name and reputation for handling email that users do not want governments or prying eyes to see would seem to function as a glaring beacon to those who want to monitor email communications coming from such secure services and thus present a pretty big target for governments that have the ability and authority to trace and trap such communications.
Instead of being conspicuous and using a known secure service in order to communicate discreetly with others, why not just register an ordinary email account that has the ability to save drafts, write your message, save the draft, and share the account password with those you wish to communicate with so they can log in and read whatever you wrote, save it, delete it, or write another message. Therefore, the message never goes through the internet, and if this account is compromised, many others can be created to do the same thing. Another idea came to me as well. For email accounts that allow image insertions within email messages that are not separate attachments, a user could use his personal email account and use a cell phone with a camera to capture an image of a text message, insert it into the email, and send that. Going even further, one could insert or attach an ordinary picture with the intended message written on a note and attached to a cork board or wall in the far background, readable by magnifying the image resolution, that if taken with a 2 megapixel or higher camera, should be easily readable. |
|
|
|
|
14 Sep 2010, 10:52 PM
|
#15 | ||||
|
Member
Join Date: Sep 2010
Posts: 51
|
Quote:
Quote:
Quote:
Quote:
|
||||
|
|
|
