Ixquick/Startpage launching new privacy-aware email service.
A long time ago there was a topic about recommending a privacy-aware mail service which became overloaded and no conclusions were drawn at the time, so I'm creating a new one.
TIL that the ixquick folks are launching a new email service called StartMail which is currently in closed beta. You can sign for beta testing at https://startmail.com/
Privacy policy follows startpage's: https://startpage.com/eng/privacy-policy.html
And an intro video I did not watch yet: https://www.youtube.com/watch?v=fleEOrMK-Ps
In the video, they say that it costs 5 $ a month; this is (for me, a poor student) really much money for an email account, but I definitely consider buying one.
On the other hand, there is no use buying this account and sending messages to my friends, who all have gmail or gmx or so on...
With this, I support an email-world with more privacy, but I don't gain more privacy here and now, and I really doubt that I can afford 5$ / month just for supporting this idea.
How do you know that this "Startpage" search engine and its mail service are really private?
Are you aware that:
1) The "Startpage" search engine is recommended by the EU?
2) That one of the main persons behind it is recommended by the US corporate media?
If you think that, by adhering to this "Startpage" phenomenon, you are escaping from (the Western) Big Brother and from the same interests behind Google, I recommend that you seriously start informing yourself about what's going on in the backstage of the Western corporate world and Western politics.
(Here goes a good place to start doing just that, and that won't be available for long: www.danielestulin.com)
You can't know that anything (especially on the server side) is actually private. OpenBSD had a FBI backdoor scandal years ago which turned into "_unlikely_". How does that leave any other thing out there?
I assumed their intentions are/were good as they built reputation among the privacy/freedom community including the Tor browser.
And no, I wasn't aware about the two items and can't find any reference to these specific statements. Startpage has long been the default engine in the Tor browser and I've never seen anybody complaining about it?
Je... I didn't know that even in "open source" (I don't like the term either) OS's had backdoors been discovered(!)... (And I will, definitely, inform myself about that OpenBSD episode...)
Concerning what I said, I can give you two references:
1) https://www.european-privacy-seal.eu/press-room/press-releases/20080714-europrise-press-release-en.html
2) http://www.katherinealbrecht.com/
(Which you can confirm, by reading the "about" and "contact" pages in Startpage.com.)
Concerning the "Tor" network (as I've previously said, in here - https://trisquel.info/en/forum/how-use-tor-trisquel#comment-26792) I don't trust it either (or find it a project credible enough to take any recommendations from). Since, (as I said in the previous link) it's a project that was developed by Big Brother itself...
"You can't know that anything (especially on the server side) is actually private."
That's just it...
Unless it's a service managed by people you (personally) know good enough or know that you can trust in, as long as there are governments and corporations out there wanting to violate your privacy, you can *never* be sure you can believe the "privacy statements" this corporations present to you.
Concerning the apparent good intentions and reputation, among the privacy community, that this "Startpage" project has built...
Read a book, that Richard Stallman sometimes mentions in his lectures, called "Nineteen Eighty-Four".
It's a book that was written by someone who worked for the same interests I was talking about, and a description of what was planned (at the time it was written) for the society we nowadays have - and also one that describes, very well, much of what we are already witnessing.
In that book, the main character also finds out about an organization that he thought was fighting the people who controlled the society he lived in - only to later find out that the whole organization was actually a trap, designed to catch people not going along with the "herd"...
That part of the story is an allegory for the construction of all sorts of different (fake) social movements (like many that we nowadays have) that are actually controlled by (and working for) the powers-that-be.
"The best way to control the opposition is to lead it ourselves."
--- Vladimir Ilyich Lenin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Although I appreciate these discussions about privacy and other subjects
somewhat connected to Trisquel, they are vastly off-topic here.
There many more forums and mailing lists to talk about this.
Could future off-topic messages be moved elsewhere or kept to a minimum,
and marked as such ("[OT] or else)?
Otherwise this becomes quite high-volume and not worth following by
email, specially for those of us only interested in reading about
Trisquel here.
Thanks for considering the main topic here when writing.
Cheers,
Fabian
- --
Fabián Rodríguez
http://trisquel.magicfab.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: PGP/Mime available upon request
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlGvJD0ACgkQfUcTXFrypNUwLACgn8QJctrLJPT6x8jU6n6QQnSj
XFcAn0M//pcjiEkwxVFwQCgLcccmNzpU
=I+H4
-----END PGP SIGNATURE-----
Seems that the most private way is to run your own email server, but it is probably a lot of work.
Another way is to use GNUPG. (I wish I knew how.)
I wonder why so many Free Software users (like me) are so privacy minded?
On 05/06/13 01:51, gameboyab wrote:
> Seems that the most private way is to run your own email server, but
> it is probably a lot of work.
>
> Another way is to use GNUPGP. (I wish I knew how.)
Do you use Thunderbird? If so:
sudo apt-get install enigmail
If you use Evolution then GnuPG should be included by default. I've
never used Evolution that much, so I can't help you there if that's the
case.
Then create a keypair, and upload it to some keyservers.
I've downloaded the GPG keys of most of the people who have them from
Trisquel (but they are set as "Untrusted" because I haven't verified
them properly yet). You can download people's keys from their webpages,
or alternatively you can get their key ID (e.g. 0x9657B073) and search
for it on a keyserver using the Enigmail GUI.
Also, Wikipedia is your friend when it comes to cryptography:
https://en.wikipedia.org/wiki/Public-key_cryptography
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
https://en.wikipedia.org/wiki/Trusted_third_party
https://en.wikipedia.org/wiki/Keysigning
https://en.wikipedia.org/wiki/Web_of_trust
Have fun. :-)
Andrew.
That's what I think also. (And what I've considered doing, in the past...) Since, I have a modem-router online 24h/day and can easily buy a cheap computer, with enough processing power and low energy consumption, just for that.
And the main reasons why I don't do it are, because there's always the possibility of having to turn the power off, for some reason, and the possibility of having to access the mailbox away from home - with all the inconvenient, and not very secure (in my opinion), operations that that would force me to do.
Anyway... Since, no one that I exchange messages with has a secure mailbox, all that effort is irrelevant...
Concerning GPG, I haven't learned to use it yet, also... But, it doesn't sound like that much big of an effort.
And, concerning the privacy issue, I think that its relation to Free Software usage is best seen from a different angle...
People who actually use their brain cells and that want to, among other things, protect (within possible) their privacy end up (for reasons also stated elsewhere - https://trisquel.info/en/forum/why-did-you-switch-or-use-free-software-0#comment-36227) joining the Free Software movement.
That's where I think the relation comes from.
The best is you do in your home.
Read the Jason Self (jxself here in the forum) article "Your own privacy-aware, personally controlled server" [0][1][2][3][4].
[0] http://jxself.org/your-own-server.shtml
[1] http://jxself.org/your-own-server-part2.shtml
[2] http://jxself.org/your-own-server-part3.shtml
[3] http://jxself.org/your-own-server-part4.shtml
[4] http://jxself.org/your-own-server-part5.shtml
The whole mail-encryption thing is rather inconvenient for me, because almost no one of the people I write to
has this encryption software installed.
But this is a requirement for this mechanism, isn't it?
Can't imagine how this should work other way.
Yes, of course... And, even that is not enough, if the person on the other side is using a OS with backdoors in it... (i.e. Windows and the likes...)
That's what I meant, in one of the above comments... All this type of efforts are irrelevant, unless the persons you are corresponding with also do a good job protecting their privacy.
On 05/06/13 03:36, shiretoko wrote:
> The whole mail-encryption thing is rather inconvenient for me,
> because almost no one of the people I write to has this encryption
> software installed.
> But this is a requirement for this mechanism, isn't it?
> Can't imagine how this should work other way.
This is what I always thought, which was why I never bothered with mail
encryption. But I figured that if we can be even just the geeks to
create a keypair (it doesn't take long) and backup the keypair, and take
the necessary precautions, it would make a major difference.
End-to-end encryption will only work if YOU and the other person have it
enabled. At least you can easily set up one of those! :-)
Andrew.
If you: are (like myself) all well-informed enough to know that the Russian government is nowhere near as corrupt and evil (to put it mildly) as our Western ones; are not willing to go through a lot of work because of this; and just want to choose the "lesser of (several) evils"...
You can always just start using a Mail.ru account (with the available interface in English) and the Yandex.com search engine (as often as possible) instead.
It won't help that much (since all your Internet traffic can still be intercepted) but, at least, you're not offering your data to Big Brother on a plate...
It's what I recently started doing.
Somethings you need to do is block javascript, cookies, ads, css and another files linking to other website. After you can use one proxy, change your IP and change the user-agent of web browser.
Have your own server at home for your blog and email. And encrypt your files in the net.
Probably it works.
[1] https://panopticlick.eff.org/
[2] http://browserspy.dk/
[3] https://trisquel.info/en/forum/i-can-easily-steal-your-privacy-data-even-disabled-cookies-and-javascripts
[4] https://trisquel.info/en/browser/addons/requestpolicy
[5] https://trisquel.info/en/browser/addons/noscript-0
A proxy might not be your friend
https://www.defcon.org/html/links/dc-archives/dc-20-archive.html#Alonso
I don't trust proxies either. Since, if I was the one who wanted to surveil other people, I would set up a whole bunch of false anonymizing alternatives, in order to catch people trying to escape from that same surveillance...
I've been using Riseup.net mail service for three years. According to the official site [1], they support users' privacy and such matters.
There are two ways to register, the first is by using two codes from two different, and trusted, Riseup.net users; and the second is by stating why you chose to use their services, beware that the reason must be plausible.
To create an account visit the user's page [2], when requested and accepted, you can log in using the "riseup.net" email suffix to adjust your email configuration in the user's page, or simply to check your email using the mail page [3], I recommend using the Squirrel Webmail within the mail page.
They have XMPP/Jabber support which means that you can chat with your contacts which use Gmail/Google Talk and many others.
[1] https://user.riseup.net
[2] https://riseup.net
[3] https://mail.riseup.net
Best regards, ADFENO.
Have a nice day.
Addendum: Google is constantly dropping XMPP/Jabber support.
Joke: Soon enough my contact list will be just me and me in another account. Do I deserve such thing? :(
On Tue, 4 Jun 2013 21:51:57 +0200 (CEST)
name at domain wrote:
> I've been using Riseup.net mail service for three years. According to
> the official site [1], they support users' privacy and such matters.
>
> There are two ways to register, the first is by using two codes from
> two different, and trusted, Riseup.net users; and the second is by
> stating why you chose to use their services, beware that the reason
> must be plausible.
>
> To create an account visit the user's page [2], when requested and
> accepted, you can log in using the "riseup.net" email suffix to
> adjust your email configuration in the user's page, or simply to
> check your email using the mail page [3], I recommend using the
> Squirrel Webmail within the mail page.
>
> They have XMPP/Jabber support which means that you can chat with
> your contacts which use Gmail/Google Talk and many others.
>
> [1] https://user.riseup.net
> [2] https://riseup.net
> [3] https://mail.riseup.net
>
>
> Best regards, ADFENO.
> Have a nice day.
>
> Addendum: Google is constantly dropping XMPP/Jabber support.
>
> Joke: Soon enough my contact list will be just me and me in another
> account. Do I deserve such thing? :(
I've been using riseup.net as well for over a year and you can use the
free VPN as well.
I don't know anything more about that "RiseUp.net" website, other than the fact that the people who decided to include my e-mail address, in the past, in a mailing-list that existed on that service, are easily fooled and infiltrated activists...
Thanks for the tip Horgeon. Checking it out.
WRT privacy: No online service is going to protect you 100% of the time. With enough money, or abused power, or both, you will get got, if "they" want you got. By court order, or by bribery, or by hacking, or multiple other vectors.
Best you can do is keep most of your info out of most of the greedy hands most of the time. So Riseup, or rolling your own, instead of Yahoo. Startpage or the Duck instead of Google.
Throwing up your hands and declaring privacy dead is stupid. Paranoia against everyone, all the time, equally so. Do the best you can wherever you can. It might not save you from everything in the end, but it's the most artful way to live.
PS: And if you do use riseup, SEND THEM MONEY. They deserve it, and they need it.
Depending on your needs I thought I'd mention another one:
http://jhiwjjlqpyawmpjx.onion/
It's tormail.org. They are probably the most resistant to law enforcement requests and while I can't really vouch for the privacy it's probably safe to assume they're going to respect it.
Um, no. Nobody knows who runs Tormail. Appelbaum once tweeted asking who's behind it as the domain seems "sketchy".
I knew RiseUp although it looks centralized on activism. Not sure if that is the kind of mail you'd use as your college login?
I've also tried BitMessage (https://bitmessage.org/wiki/Main_Page) when it was in alpha stage although I couldn't understand anything about its internals.
Tormail is not run by known people for a reason...
It depends on what your needs are.
I have two googlemail Accounts:
One with a false name, false adrress etc.
I use this one to communicate with my closest friends.
Unfortunately I have also one with my real name, which I use for the rest.
I think there is no use to change to a more privacy protecting mail host while sending messages to people with gmail Accounts...
The communication with false identities seems the best way possible to me, although not always applicable.
And there remains one problem: switching from gmail-realname-adress to gmail-falsename-adress can theoretical be tracked back by google in case one of your contacts has a gmail account.
But one has to keep in mind that there are much more users than observers. Although in special cases, it's almost impossible for big brother to read everyone's mail, though this can't be enough for the self-dominant citizen.
If you (at the moment) want to protect your privacy sufficiently, keep your data really safe, avoid all the dirty tricks like prop. javascript, then do one thing:
pull out your internet wire and say "no" to digital society.
Perhaps not the worst thing to do, but not possible for everyone nowadays.
(And, bear in mind that, if the powers-that-be consider you to be a person worthy of such, even if you use secure communications, the images displayed on your computer screen can still be reproduced from afar: http://cryptome.info/0001/tempest-fret.htm)
:)
(Let's hope that that changes, one day, but...) People who actually pose a danger to the establishment are usually a minority... And, I don't know which country you're writing from, but, at least in mine, (since, most people who are politically active just follow orders from their leaders, who do all the thinking) there are more people who surveill those who are actually a problem than the people who constitute the problem itself.
I don't think that using false names on Google accounts helps in anything... Since, I'm sure that Google/NSA/CIA (http://www.infowars.com/group-calls-for-hearings-into-googles-ties-to-cia-and-nsa/) keeps track of which IP addresses access which mailboxes.
Unplugging from the whole Internet doesn't seem, to me, to be a good idea, for now. Since, it's still an excellent source of information (if you know the best places to go to) and also an excellent source of software (like this distro).
(Although, nonetheless - and exactly because it's still an excellent source of information - the one as we know it will soon come to an end... - https://trisquel.info/en/forum/internet-censorship-authoritarian-countries#comment-30744)
What I recommend for everyone who doesn't use secure electronic communications to do is to refrain oneself from talking about (/revealing) personal, and important, stuff online and keep that for real conversations.
(Away from your phones, that is - http://www.youtube.com/watch?v=0G1fNjK9SXg) :)
"And, bear in mind that, if the powers-that-be consider you to be a person worthy of such, even if you use secure communications, the images displayed on your computer screen can still be reproduced from afar: http://cryptome.info/0001/tempest-fret.htm"
That article was from 2000, so I think that it only applies to CRT monitors, not the LCD kind. If you are worried about that, buy an LCD monitor, if you haven't already.
I know very little about the technical details... (And, the link that I left, was not the best one...)
But, one thing that I know is that, this is something about which (still today) all the secret services are worried about. And about which (still today) many governmental departments take counter-measures against.
Reading on the Internet, I can find statements like:
"all information processing machines send their secrets into the electromagnetic ether."
--- http://www.wired.com/threatlevel/2008/04/nsa-releases-se/
"Computers, PC screens and even data lines emit electromagnetic radiation. At a certain range from the emitting source, it is quite easy receiving and decoding this radiation and to re-construct its information."
--- http://www.faradaycages.com/index2.php?p=Content&id=129&nav=Eavesdropping&nav_grp=Espionage
Concerning LCD monitors, specifically, I can find, for example, this information: http://www.dslreports.com/forum/r27848275-TEMPEST-Attacks-LCD-Monitor-leaks-system-noise-to-FRS
And, for everyone who wants to make a (funny) test, using a Free Software program to that effect, here goes this link: http://www.erikyyy.de/tempest/
(And here goes a video demonstration of such program in action, on an LCD monitor: http://www.youtube.com/watch?v=hs3nU-63LEE)