Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[byron mc]

after email provider Lavabit and “Silent Email” provider Silent Circle shut down secure email.

from a 2011 article:
Hunting for an email service with extreme wishlist for privacy and security?
http://www.networkworld.com/community/blog/hunting-email-service-extreme-wishlist-privac

Countermail is based in Sweden, but like other secure and anonymous yet offshore email services that encrypt such as AnonymousSpeech, MuteMail, NeoMailbox, Securenym, TrilightZone  - they are subscription-based and not free.

Privat DE Mail is a free offshore secure service that maximizes privacy while strongly opposing data retention. You need a client. "We recommend Mozilla Thunderbird, also plugin Enigmail so your mails remains "for your eyes only." For Enigmail you need also GnuPG." Remember, if you store email on your PC, you should also consider keeping it on a Truecrypt volume.

[Adventurer, Explorer, Inquiring Mind.]

Actually, pretty soon we'll have a northwestern hosted (with offshore backup servers, just in case) with low to zero log and data retention... I'll have more later.

Also, why does everyone want "free" data security?

People are willing to pay 1600 bucks for a two day gun class, + travel and ammo costs (where they learn about the same stuff they could learn from a book, "for free") and put themselves through grueling exercises that stress or destroy their bodies, but to keep their books safe or their connection private, they want it free, effortless and turnkey.

Anyone else see the fallacy there?

[LaughingBear]

Also, why does everyone want "free" data ?...

Anyone else see the fallacy there?

I agree Destin, but most associate the Internet with "free" I.e. music, apps etc so why should they have to pay for secure email, while a hard skill they do not have could not possibly be learned for free, after all, how good could it be if it's free?   

[Silver]

The capitulation of Google, Apple, Verizon (no surprise there), Facebook, and pretty much every large US corporation to the uber-government's cadre of spies means that there is really only one way to secure your email.

Encrypt it yourself.  On your PC.  Which you protect as best you can - not very easy to do, but you can at least make it (somewhat) more difficult.

Use PGP or GPG, and check the signatures on the downloads.  Make a very strong passphrase, and keep it secret, keep it safe. 

The truly paranoid among us (Are we paranoid when they really are out to get us?)  will buy a cheap computer for a few hundred dollars, install PGP or GPG, and NEVER, EVER connect it to the internet.  It's sole purpose is to write, encrypt, decrypt, and read messages that are transferred by sneakernet.  The entire machine is locked down as tight as possible.  No wifi.  No ethernet port.  The thumb drive used to transfer messages is wiped clean with Eraser after each use, and no files except ASCII ciphertext are ever allowed on that thumb drive.  Autorun is disabled, of course, on both the CD drive and the USB ports.

This will raise the bar so they would need to physically access your encryption PC to install a keylogger in order to read content of your mail, assuming you use good keys and passphrase.  They can do that, but it involves a major escalation of time and resources, even with a rubber stamp prostitute star chamber allowing anything at all.  Our main advantage is that there are a lot more of us than them.  Even with unlimited money printing on their side, they can't afford to send thieves into every basement on the planet, or even in the nation. 

We know that the NSA explicitly targets ALL encrypted communications, whether inside the US or otherwise, so understand that the very act of trying to protect your privacy is considered grounds for suspicion.

Relying on offshore servers and services, free or otherwise, strikes me as incredibly foolish.  Few are even questioning the vacuuming of ALL communications where one party is not a US citizen.  If you send traffic to Germany, or Iceland, or any other foreign server, you can count on it being monitored, recorded, and cataloged.  Whether they can break the encryption is not important.  Traffic analysis works, and by encrypting comms to an offshore entity, you start out with two strikes against you.

Remember that once they decide you are interesting, no amount of encryption will save you.

The nail that stands up gets pounded down.  Be careful.

Peace,

Silver

[Adventurer, Explorer, Inquiring Mind.]

Even Youtube is starting to encrypt everything.  That is creating a LOT more traffic for them to hoover up daily, a lot of it encrypted with certificate and session data (always changing key) so they get a lot to try to crack.

As I've said, however, why is everyone always obsessed with free of cost and free of effort for data stuff, but will kill themselves to learn to shoot a paper plate at an official school rather than on their own range?

As for nails standing up, that's the whole point, as you and I and others have said.  The more of us there are, the smaller the needle and bigger the haystack.

[straightshooter]

Nothing is secure. Nothing. If you don't want to repeat it in a courtroom, or have it read into evidence, don't email it, don't say it on the phone, don't say it on the street, don't even mumble it in your sleep. At this point I'm not even sure it's even safe to think it in a deep, dark forest by yourself.