8 votes

Encrypted Mail Anyone?

Just wondering, what service and quality of mail.

Im thinking of signing up for proton mail but not sure yet. That's all hope everyone has a great day today!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

I'm a Beta Tester for

I'm a Beta Tester for StartMail, I really like it. They have not launched it for the general public yet. Sorry, mortals.

:)

But you can sign up, and they will let you know when it is ready.
https://beta.startmail.com/

Problen I found with encrypted email

is I had no one to send an encrypted email. Specifically private/public key encryption. I used PGP to sign messages more often. The person you are sending to has to have a public key and they can only read it with their private key and a passphrase. Most people are tech dumb and it is too much to wrap their brains around.

If I had a need to send secret messages I would use steganography. You can use programs such as Outreach and hide emails within an image file. The message can be plain text or encrypted with programs such as PGP. The recipient would just need a pass phrase to rip out the hidden message using the same program. Play around with it. I believe there are websites that demonstrate by allowing you upload an image and they will encode your text. I used outreach on a Linux box.

Also keep in mind that when using a web based email that receives post via Secure Socket Layer SSL it is now revealed that the NSA has already hacked that protocol. So unless the email is encrypted via a proprietary encryption algorithm prior to posting to the server you are not getting any protection.

I would think the NSA is sniffing all incoming and outgoing traffic to these email providers or they are playing man in the middle on the SSL.

Speaking of man in the middle, does anyone else here get SSL certificate warnings often on this site? I have had a number of them. That is a red flag that someone may be doing a man in the middle and passing on a bogus signed certificate.

How does one know when...

an encrypted email service gives in to threats from govt men-in-black who demand backdoors be added under threat of imprisonment?

Lavabit decided to just shut down their encrypted email service instead of add backdoors or be forced to keep quiet of the technical details. They decided to shut down so they could announce to the world what is going on.

How many encrypted email services would do what Lavabit did? And how many would play along. Supposedly, encrypted/secure digital communications services that play along with the FBI/NSA snooping get handsome ongoing Govt-funded compensation for cooperating.

Also, Europe puts the same kind of pressure on European hosted services so they can keep access to PRISM...

.
~wobbles but doesn't fall down~

Use snail mail. They'd never

Use snail mail. They'd never think to look there.

Author of Shades of Thomas Paine, a common sense blog with a Libertarian slant.

http://shadesofthomaspaine.blogexec.com

Also author of Stick it to the Man!

http://www.amazon.com/Stick-Man-Richard-Moyer/dp/1484036417

Here's what I use

https://runbox.com/ It's located in Norway and is highly secure.

I think we're gonna see more service providers entering

hopefully since I plan to be involved in same....

First off, if you want to have this discussion and you are still using gmail, yahoo mail, whatever one of these "free service" outfits just pick up your things and quietly leave.

I certainly find it nice to host my own mail services from domains I own and server space I contract for. Running PGP is a point-to-point method which requires the exchange of "keys" before hand. We also run SSL or TLS protocols when we interface with our mail server. This encrypts anything between us and that server inbound or outbound.

The Firebird mail client has pretty decent encryption options with the Enigmail extension and it's a fine starting point. For Android there's AGP and Openkeychain. However it doesn't replace the need for a mailserver that's secure or trust in vendors to provide one unless you PGP everything. And that's a pain. And it really does nothing for a hardware listening device such as NSA has deployed.

There's next-gen stuff in the works by outfits like Maidsafe that show promise as well as blockchain oriented solutions but I haven't tried any yet. I'm still concerned with how we know our present solutions aren't flawed which has been recently proven to be the case with OpenSSL and Truecrypt. Most of the planet has been merrily doing ecommerce for years on OpenSSL. That is truly the kind of thing that makes us lose sleep at night.

There's no way for us to assure you of security against all parties at all times at this time, period. Paradoxically some of this stuff can make you a target. Put up a VPN and people all over the world want to find out what's inside it that's worth the trouble.

There is nothing strange about having a bar of soap in your right pocket, it's just what's happening.

I think proton is still in beta-testing

I signed up for an Invitation, but have never heard a thing more about it.

I'd rather have a bottle in front o' me than a frontal lobotomy
www.tattoosbypaul.com
www.bijoustudio-atx.com

Gilligan's picture

I'm interested in encrypted mail also.

Not sure where to start.

I'd rather be a hungry patriot than a satisfied slave.

Mailvelope

Not sure about Proton, but I use the Google extension Mailvelope to encrypt and decrypt email. Just remember there are 4 parts. Your private and public key, your correspondent's private key and public key. Never give private keys, only public. Good luck.